ZyXEL Communications M-102 Guia do Utilizador descarregar pdf (Página 34)

ZyXEL M-102 User’s Guide

2.2.2 IEEE 802.1x

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless

stations and encryption key management. Authentication can be done using an external RADIUS server.

EAP Authentication

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x

transport mechanism in order to support multiple types of user authentication. By using EAP to interact

with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server

perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports

IEEE802.1x. The ZyXEL M-102 supports EAP-TLS, EAP-TTLS and EAP-PEAP.

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the

certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to

authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

2.2.3 WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences

between WPA and WEP are user authentication and improved data encryption.

2.2.4 WPA2

Improvements upon the WPA security standards were made and implemented with WPA2. Backwards

compatible with WPA and WEP, WPA2 capable devices can freely operate among all security protocols

on any wireless network.

User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients

using an external RADIUS database.

Therefore, if you don’t have an external RADIUS server, you should use WPA-PSK/WPA2-PSK

(WPA/WPA2 -Pre-Shared Key) that only requires a single (identical) password entered into each access

point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access

to a WLAN.

Encryption

WPA improves data encryption by using either Temporal Key Integrity Protocol (TKIP) or Advanced

Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x. WPA2 improves upon

WPA by adding better encryption methodology.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed

by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check

2-6 WLAN Networking

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 57 58

Sem comentários

ZyXEL Communications M-102 Guia do Utilizador Página 34