ZyXEL Communications Corporation G-220F Manuel D’Utilisation

ZyXEL G-220F User’s Guide

29

Chapter 2 Wireless LAN Network

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only 
difference between the two is that WPA(2)-PSK uses a simple common password, instead of 
user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to 
brute-force password-guessing attacks but it's still an improvement over WEP as it employs an 
easier-to-use, consistent, single, alphanumeric password.

A WPA(2)s-PSK application looks as follows.

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key 

(PSK) must consist of between 8 and 63 ASCII characters (including spaces and 
symbols).

2 The AP checks each client's password and (only) allows it to join the network if it 

matches its password.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged 

between them.

Figure 11   WPA-PSK Authentication

You need the IP address of the RADIUS server, its port number (default is 1812), and the 
RADIUS shared secret. A WPA application example with an external RADIUS server looks as 
follows. "A" is the RADIUS server. "DS" is the distribution system.

1 The AP passes the wireless client's authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants 

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then 

sets up a key hierarchy and management system, using the pair-wise key to dynamically 
generate unique data encryption keys to encrypt every data packet that is wirelessly 
communicated between the AP and the wireless clients.