ZyXEL g-2000 plusv2 Nota De Lançamento
ZyXEL Confidential
ZyXEL ZyAIR G-2000PLUS v2 Standard Version
release 3.60(AAF.1)C0
Release Note
Date: June 15, 2006
Supported Platforms:
ZyXEL ZyAIR G-2000PLUS v2
Versions:
ZyNOS Version: V3.60(AAF.1) | 06/15/2006 10:10:00
BootBase : V1.05 | 04/20/2004 10:36:26
BootBase : V1.05 | 04/20/2004 10:36:26
Notes:
1. If Wireless Port Control (SMT Menu 23.4) is “Authentication Required”, G-2000PLUS v2 will enable
802.1x/WPA/WPA-PSK user authentication mechanism, a wireless user must associate G-2000PLUS v2
successfully before accessing network service. If Wireless Port Control is “No Authentication Required”,
G-2000PLUS v2 will allow all wireless users to access network service. If Wireless Port Control is “No
Access Allowed”, G-2000PLUS v2 will not allow wireless user to access network service.
successfully before accessing network service. If Wireless Port Control is “No Authentication Required”,
G-2000PLUS v2 will allow all wireless users to access network service. If Wireless Port Control is “No
Access Allowed”, G-2000PLUS v2 will not allow wireless user to access network service.
2. If the Key Management Protocol is “WPA/WPA2”, then you have to configure RADIUS server and the
Authentication Databases will be “RADIUS only”.
3. G-2000PLUS v2 supports external and internal RADIUS server, both of them use the same setting page
(SMT Menu 23.2). The internal RADIUS server use EAP-PEAP/MS-CHAP-V2 to authenticate the client.
If internal RADIUS server is desired, the server address is “127.0.0.1”, and shared secret is “don’t care”.
“Don’t care” means whatever user key in, if server address is “127.0.0.1”, G-2000PLUS v2 will use
default shared secret “1234”. But leave blank is exception.
If internal RADIUS server is desired, the server address is “127.0.0.1”, and shared secret is “don’t care”.
“Don’t care” means whatever user key in, if server address is “127.0.0.1”, G-2000PLUS v2 will use
default shared secret “1234”. But leave blank is exception.
4. The Local User Database does not support key generation for 802.1x dynamic web key and WPA
pairwise/group key.
5. As a wireless client roams from one wireless AP to another, it must perform a full 802.1X authentication
with each wireless AP. WPA2 allows the wireless client and the wireless AP to cache the results of a full
802.1X authentication so that if a client roams back to a wireless AP with which it has previously
authenticated, the wireless client needs to perform only the 4-way handshake and determine new pairwise
transient keys. In the Association Request frame, the wireless client includes a PMK identifier that was
determined during the initial authentication and stored with both the wireless client and wireless AP's
PMK cache entries. PMK cache entries are stored for a finite amount of time, as configured on the
wireless client and the wireless AP. So wireless client may reconnect to AP with error user name or
password.
802.1X authentication so that if a client roams back to a wireless AP with which it has previously
authenticated, the wireless client needs to perform only the 4-way handshake and determine new pairwise
transient keys. In the Association Request frame, the wireless client includes a PMK identifier that was
determined during the initial authentication and stored with both the wireless client and wireless AP's
PMK cache entries. PMK cache entries are stored for a finite amount of time, as configured on the
wireless client and the wireless AP. So wireless client may reconnect to AP with error user name or
password.
Known Issues:
360AAF1C0.RTF
2/10