18 configuring radius – ZyXEL Communications Parental Control Gateway HS100/HS100W User Manual

HomeSafe User’s Guide

Wireless Security

7-21

7.17.1 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless
station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The HomeSafe
supports EAP-TLS, EAP-TTLS and DEAP with RADIUS. Refer to the Types of EAP
Authentication appendix for descriptions on the four common types.

Your HomeSafe supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database
and RADIUS.

The following figure shows an overview of authentication when you specify a RADIUS server on
your access point.

Figure 7-14 EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication works.
For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

¾

The wireless station sends a “start” message to the HomeSafe.

¾

The HomeSafe sends a “request identity” message to the wireless station for identity information.

¾

The wireless station replies with identity information, including username and password.

¾

The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.

7.18 Configuring RADIUS

Configure the RADIUS screen if you want to authenticate wireless users using an external server.

To specify a RADIUS server, click the WIRELESS link under ADVANCED and then the
RADIUS tab. The screen appears as shown.