ZyXEL Communications Corporation G-220F Manuel D’Utilisation
ZyXEL G-220F User’s Guide
Chapter 2 Wireless LAN Network
28
2.2.3 WPA(2)
Wi-Fi Protected Access (WPA) is a
subset of the IEEE 802.11i standard. Key differences
between WPA(2) and WEP are user authentication and improved data encryption.
Note: At the time of writing, the ZyXEL Utility does not support WPA2. You must use
either Funk Odyssey Client Manager or WZC to configure WPA2 on the ZyXEL
G-220F.
G-220F.
2.2.3.1 User Authentication
WPA(2) applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database.
wireless clients using an external RADIUS database.
Therefore, if you don't have an external RADIUS server, you should use WPA(2)-PSK (WPA -
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
2.2.3.2 Encryption
WPA(2) improves data encryption by using Temporal Key Integrity Protocol (TKIP) or
Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.
Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP
that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.
never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP
that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.
AES (Advanced Encryption Standard) is a newer method of data encryption that also uses a
secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data.
secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.