ZyXEL Communications Corporation NBG417N Manuel D’Utilisation
Chapter 7 Wireless LAN
User
’s Guide
83
This type of security is fairly weak, however, because there are ways for
unauthorized devices to get the SSID. In addition, unauthorized devices can still
see the information that is sent in the wireless network.
unauthorized devices to get the SSID. In addition, unauthorized devices can still
see the information that is sent in the wireless network.
MAC Address Filter
Every wireless client has a unique identification number, called a MAC address.
1
A
MAC address is usually written using twelve hexadecimal characters
2
; for
example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each
wireless client, see the appropriate User’s Guide or other documentation.
wireless client, see the appropriate User’s Guide or other documentation.
You can use the MAC address filter to tell the AP which wireless clients are allowed
or not allowed to use the wireless network. If a wireless client is allowed to use the
wireless network, it still has to have the correct settings (SSID, channel, and
security). If a wireless client is not allowed to use the wireless network, it does not
matter if it has the correct settings.
or not allowed to use the wireless network. If a wireless client is allowed to use the
wireless network, it still has to have the correct settings (SSID, channel, and
security). If a wireless client is not allowed to use the wireless network, it does not
matter if it has the correct settings.
This type of security does not protect the information that is sent in the wireless
network. Furthermore, there are ways for unauthorized devices to get the MAC
address of an authorized wireless client. Then, they can use that MAC address to
use the wireless network.
network. Furthermore, there are ways for unauthorized devices to get the MAC
address of an authorized wireless client. Then, they can use that MAC address to
use the wireless network.
User Authentication
You can make every user log in to the wireless network before they can use it.
This is called user authentication. However, every wireless client in the wireless
network has to support IEEE 802.1x to do this.
This is called user authentication. However, every wireless client in the wireless
network has to support IEEE 802.1x to do this.
For wireless networks, there are two typical places to store the user names and
passwords for each user.
passwords for each user.
• In the AP: this feature is called a local user database or a local database.
• In a RADIUS server: this is a server used in businesses more than in homes.
• In a RADIUS server: this is a server used in businesses more than in homes.
If your AP does not provide a local user database and if you do not have a RADIUS
server, you cannot set up user names and passwords for your users.
server, you cannot set up user names and passwords for your users.
Unauthorized devices can still see the information that is sent in the wireless
network, even if they cannot use the wireless network. Furthermore, there are
ways for unauthorized wireless users to get a valid user name and password.
Then, they can use that user name and password to use the wireless network.
network, even if they cannot use the wireless network. Furthermore, there are
ways for unauthorized wireless users to get a valid user name and password.
Then, they can use that user name and password to use the wireless network.
1.
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.
These kinds of wireless devices might not have MAC addresses.
These kinds of wireless devices might not have MAC addresses.
2.
Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
om
pan
y
on
fiden
tial