ZyXEL nbg-5715 Guia Do Utilizador
Chapter 11 Wireless LAN
NBG5715 User’s Guide
81
You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to
use the wireless network. If a wireless client is allowed to use the wireless network, it still has to
have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the
wireless network, it does not matter if it has the correct settings.
use the wireless network. If a wireless client is allowed to use the wireless network, it still has to
have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the
wireless network, it does not matter if it has the correct settings.
This type of security does not protect the information that is sent in the wireless network.
Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized
wireless client. Then, they can use that MAC address to use the wireless network.
Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized
wireless client. Then, they can use that MAC address to use the wireless network.
User Authentication
You can make every user log in to the wireless network before they can use it. This is called user
authentication. However, every wireless client in the wireless network has to support IEEE 802.1x
to do this.
authentication. However, every wireless client in the wireless network has to support IEEE 802.1x
to do this.
For wireless networks, there are two typical places to store the user names and passwords for each
user.
user.
• In the AP: this feature is called a local user database or a local database.
• In a RADIUS server: this is a server used in businesses more than in homes.
• In a RADIUS server: this is a server used in businesses more than in homes.
If your AP does not provide a local user database and if you do not have a RADIUS server, you
cannot set up user names and passwords for your users.
cannot set up user names and passwords for your users.
Unauthorized devices can still see the information that is sent in the wireless network, even if they
cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to
get a valid user name and password. Then, they can use that user name and password to use the
wireless network.
cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to
get a valid user name and password. Then, they can use that user name and password to use the
wireless network.
Local user databases also have an additional limitation that is explained in the next section.
Encryption
Wireless networks can use encryption to protect the information that is sent in the wireless
network. Encryption is like a secret code. If you do not know the secret code, you cannot
understand the message.
network. Encryption is like a secret code. If you do not know the secret code, you cannot
understand the message.
The types of encryption you can choose depend on the type of user authentication. (See
for information about this.)
For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users
do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or
WPA2-PSK.
do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or
WPA2-PSK.
Table 26
Types of Encryption for Each Type of Authentication
NO AUTHENTICATION
RADIUS SERVER
Weakest
No Security
WPA
Static WEP
WPA-PSK
Strongest
WPA2-PSK
WPA2