ZyXEL Communications 200 Series User Manual
Page 244
Chapter 10 Interface
ZyWALL USG 100/200 Series User’s Guide
244
The following table describes the WPA/WPA2-related wireless LAN security labels.
Table 70 Network > Interface > WLAN > Add (WPA/WPA2 Security)
LABEL
DESCRIPTION
Authentication
Type
Select what the ZyWALL uses to authenticate the wireless clients.
Select Auth Method to be able to specify an authentication method object that you
have already configured. The authentication method can have the ZyWALL check
a user’s user name and password against the ZyWALL’s local database, a remote
LDAP, RADIUS, a Active Directory server, or more than one of these. See
for how to create authentication method objects.
Select Auth Server to be able to manually specify a RADIUS server’s settings in
this screen instead of using an authentication method object.
Authentication
Method
This field displays if you set the Authentication Type field to Auth Method.
Select an authentication method object that defines how the ZyWALL authenticates
a wireless user. The ZyWALL’s default configuration also includes an
authentication method object named “default” that you can use. You can configure
the “default” authentication method object, but it’s default configuration uses the
ZyWALL’s local database for authentication.
TTLS Certificate
This field displays if you select Authentication Method. Select the certificate the
ZyWALL uses to authenticate itself to the wireless clients. The certificates you can
select from are the ones already configured in the My Certificates screen.
EAP-TTLS (Tunneled Transport Layer Service) is an extension of the EAP-TLS
authentication that uses certificates for only the server-side authentications to
establish a secure connection.
The wireless clients must use TTLS authentication protocol and PAP inside the
TTLS secure tunnel.
The following fields display if you set the Authentication Type field to Auth
Server.
RADIUS Server
IP Address
Enter the IP address of the external authentication server in dotted decimal
notation.
RADIUS Server
Port
Enter the RADIUS server’s listening port number (the default is 1812).
RADIUS Server
Secret
Enter a password (up to 31 alphanumeric characters) as the key to be shared
between the external authentication server and the ZyWALL. The key is not sent
over the network. This key must be the same on the external authentication server
and ZyWALL.
ReAuthentication
Timer
Specify how often wireless stations have to resend user names and passwords in
order to stay connected.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes). Alternatively, enter “0” to turn reauthentication off.
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server
has priority.
Idle Timeout
The ZyWALL automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the user name and
password again before access to the wired network is allowed.
The default time interval is 3600 seconds (or 1 hour).
Group Key
Update Timer
The Group Key Update Timer is the rate at which the AP sends a new group key
out to all clients. The re-keying process is the WPA equivalent of automatically
changing the group key for an AP and all stations in a WLAN on a periodic basis.
Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The
ZyWALL default is 1800 seconds (30 minutes).