beautypg.com

6 dynamic wep key exchange, 7 introduction to wpa, 1 user authentication – ZyXEL Communications ZyXEL ZyWALL 5 User Manual

Page 107: 6 dynamic wep key exchange 6.7 introduction to wpa

background image

ZyWALL 5 User’s Guide

106

Chapter 6 Wireless LAN

• The wireless station replies with identity information, including username and password.
• The RADIUS server checks the user information against its user profile database and

determines whether or not to authenticate the wireless station.

6.6 Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.

To use Dynamic WEP, enable and configure dynamic WEP key exchange in the Wireless
screen (see

Section 6.11.4 on page 115

) and configure RADIUS server settings in the AUTH

SERVER RADIUS screen

(see

Section 16.5 on page 281

). Ensure that the wireless station's

EAP type is configured to one of the following:

• EAP-TLS
• EAP-TTLS
• PEAP

Note: EAP-MD5 cannot be used with dynamic WEP key exchange.

6.7 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.

6.7.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. You can't use the ZyWALL's Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.

Therefore, if you don't have an external RADIUS server you should use WPA-PSK (WPA -
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.

See also other documents in the category ZyXEL Communications Hardware: