ZyXEL P-336M 802.11g Wireless MIMO Firewall Router 191000G0336M 사용자 설명서
제품 코드
191000G0336M
ZyXEL P-336M User’s Guide
Chapter 3 Basic
36
• Open mode is implemented for ease-of-use and when security is not an issue. The
wireless station and the AP do not share a secret key. Thus the wireless stations can
associate with any AP and listen to any data transmitted plaintext.
associate with any AP and listen to any data transmitted plaintext.
• Shared Key mode involves a shared secret key to authenticate the wireless station to the
AP. This requires you to enable the WEP encryption and specify a WEP key on both the
wireless station and the AP.
wireless station and the AP.
3.7.2 IEEE 802.1x
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using an
external RADIUS server.
wireless stations and encryption key management. Authentication can be done using an
external RADIUS server.
3.7.2.1 EAP Authentication
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x.
that supports IEEE 802.1x.
3.7.3 WPA(2)
Wi-Fi Protected Access (WPA) is a
subset of the IEEE 802.11i standard. Key differences
between WPA(2) and WEP are user authentication and improved data encryption.
3.7.3.1 User Authentication
WPA(2) applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database.
wireless clients using an external RADIUS database.
Therefore, if you don't have an external RADIUS server, you should use WPA(2)-PSK (WPA -
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
3.7.3.2 Encryption
WPA(2) improves data encryption by using Temporal Key Integrity Protocol (TKIP) or
Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.
Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.