Dynamic wep key exchange, 7 dynamic wep key exchange – ZyXEL Communications ZyXEL ZyAIR B-1000 User Manual

ZyAIR Access Point Series User’s Guide

Wireless Security

6-9

Ethernet

AP

RADIUS Server

Wireless Station

Figure 6-5 EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication works. For an
example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

• The wireless station sends a “start” message to the ZyAIR.
• The ZyAIR sends a “request identity” message to the wireless station for identity information.
• The wireless station replies with identity information, including username and password.
• The RADIUS server checks the user information against its user profile database and determines

whether or not to authenticate the wireless station.

6.7 Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless
connection times out, disconnects or reauthentication times out. A new WEP key is generated each time
reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default WEP encryption key in the Wireless
screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is
enabled.
To use Dynamic WEP, enable and configure the RADIUS server (see section 6.11) and enable Dynamic
WEP Key Exchange in the 802.1x screen. Ensure that the wireless station’s EAP type is configured to one of
the following:

• EAP-TLS
• EAP-TTLS
• PEAP

EAP-MD5 cannot be used with Dynamic WEP Key Exchange.