ZyXEL Communications G-3000H Manuel D’Utilisation

G-3000H User’s Guide

Chapter 6 Wireless Security Configuration

75

The following figure shows an overview of authentication when you specify a RADIUS server 
on your access point.

The details below provide a general description of how IEEE 802.1x EAP authentication 
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 

1 The wireless station sends a “start” message to the ZyAIR. 

2 The ZyAIR sends a “request identity” message to the wireless station for identity 

information.

3 The wireless station replies with identity information, including username and password. 

4 The RADIUS server checks the user information against its user profile database and 

determines whether or not to authenticate the wireless station.

The AP maps a unique key that is generated with the RADIUS server. This key expires when 
the wireless connection times out, disconnects or reauthentication times out. A new WEP key 
is generated each time reauthentication is performed.

To use Dynamic WEP, enable and configure the RADIUS server and enable one of the 
Dynamic WEP Security Modes in the Security screen. Ensure that the wireless station’s EAP 
type is configured to one of the following: 

• EAP-TLS
• EAP-TTLS
• PEAP

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange.

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences 
between WPA and WEP are user authentication and improved data encryption.