ZyXEL Communications ZyWALL5UTM 4.0 User Manual
ZyWALL 5/35/70 Series User’s Guide
183
Chapter 9 Wireless LAN
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless Card screen (see
Wireless Card screen (see
). You may still configure and store
keys here, but they will not be used while dynamic WEP is enabled.
To use dynamic WEP, enable and configure dynamic WEP key exchange in the Wireless
Card screen and configure RADIUS server settings in the AUTH SERVER RADIUS screen
(see
Card screen and configure RADIUS server settings in the AUTH SERVER RADIUS screen
(see
). Ensure that the wireless station's EAP type is configured to
one of the following:
• EAP-TLS
• EAP-TTLS
• PEAP
• EAP-TTLS
• PEAP
Note: EAP-MD5 cannot be used with dynamic WEP key exchange.
9.11 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.
between WPA and WEP are user authentication and improved data encryption.
9.11.1 User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. You can't use the ZyWALL's Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.
wireless clients using an external RADIUS database. You can't use the ZyWALL's Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.
If you don't have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared
Key) that only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a client will be granted access to
a WLAN.
Key) that only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a client will be granted access to
a WLAN.
9.11.2 Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.
Integrity Check (MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.