ZyXEL Prestige 660HW-61 External 91-004-370001 Manuale Utente
Codici prodotto
91-004-370001
Prestige 660H/HW Series User’s Guide
89
Chapter 7 Wireless LAN Setup
Figure 27 EAP Authentication
The details below provide a general description of how IEEE 802.1x EAP authentication
works. For an example list of EAP-MD5 authentication steps, see the appendix about IEEE
802.1x.
works. For an example list of EAP-MD5 authentication steps, see the appendix about IEEE
802.1x.
1 The wireless station sends a "start" message to the Prestige.
2 The Prestige sends a "request identity" message to the wireless station for identity
information.
3 The wireless station replies with identity information, including username and password.
4 The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.
7.7 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.
Key differences between WPA and WEP are user authentication and improved data
encryption.
7.7.1 User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. You can’t use the Prestige’s Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.
wireless clients using an external RADIUS database. You can’t use the Prestige’s Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.
Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
7.7.2 Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.
Integrity Check (MIC) and IEEE 802.1x.