beautypg.com

Table 270 comparison of eap authentication types, 683 dynamic wep key exchange, Wpa and wpa2 – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Page 683

background image

Appendix G Wireless LANs

ZyWALL 2WG User’s Guide

683

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.

"

EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending
on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is
less secure than WPA or WPA2.

Table 270 Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

No

Yes

Yes

Yes

Yes

Certificate – Client

No

Yes

Optional

Optional

No

Certificate – Server

No

Yes

Yes

Yes

No

Dynamic Key Exchange

No

Yes

Yes

Yes

Yes

Credential Integrity

None

Strong

Strong

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Moderate

Moderate

Client Identity Protection

No

No

Yes

Yes

No

See also other documents in the category ZyXEL Communications Hardware: