ZyXEL Communications 5 Series User Manual
Chapter 12 Wireless Screens
ZyWALL 5/35/70 Series User’s Guide
231
• An optional network RADIUS server for remote user authentication and accounting.
EAP Authentication
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a
wireless station and a RADIUS server perform authentication.
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server or the AP.
Your ZyWALL supports EAP-MD5 (Message-Digest Algorithm 5) with the local user
database.
database.
RADIUS
A RADIUS (Remote Authentication Dial In User Service) server enables user authentication,
authorization and accounting. RADIUS is based on a client-sever model that supports
authentication and accounting, where the access point is the client and the server is the
RADIUS server. The RADIUS server handles the following tasks among others:
authorization and accounting. RADIUS is based on a client-sever model that supports
authentication and accounting, where the access point is the client and the server is the
RADIUS server. The RADIUS server handles the following tasks among others:
• Authentication
Determines the identity of the users.
• Accounting
Keeps track of the client’s network activity.
WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.
between WPA and WEP are user authentication and improved data encryption.
Choosing an Encryption Method
• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA
has user authentication and improved data encryption over WEP.
• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.
• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit
key offers better security at a throughput trade-off. You can use Passphrase to
automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or
256-bit WEP keys.
automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or
256-bit WEP keys.
Choosing an Authentication Method
• Use RADIUS authentication if you have a RADIUS server.
• Use the Local User Database if you have less than 32 wireless clients in your network.
You can't use the ZyWALL's Local User Database for WPA authentication purposes since
the Local User Database uses EAP-MD5 which cannot be used to generate keys.
the Local User Database uses EAP-MD5 which cannot be used to generate keys.
• If you don't have an external RADIUS server you should use WPA-PSK (WPA-Pre-
Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will
be granted access to a WLAN.
point, wireless gateway and wireless client. As long as the passwords match, a client will
be granted access to a WLAN.