Справочник Пользователя для ZyXEL Communications NWA3160
Chapter 9 Wireless Security Configuration
ZyXEL NWA-3160 Series User’s Guide
122
Your ZyXEL Device allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys
but only one key can be enabled at any one time.
but only one key can be enabled at any one time.
9.2 802.1x Overview
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using a
RADIUS server.
wireless stations and encryption key management. Authentication can be done using a
RADIUS server.
9.3 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server or the AP. The ZyXEL
Device supports EAP-TLS, EAP-TTLS, EAP-MD5 and PEAP with RADIUS. Refer to the
Types of EAP Authentication appendix for descriptions on the common types.
The following figure shows an overview of authentication when you specify a RADIUS server
on your access point.
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server or the AP. The ZyXEL
Device supports EAP-TLS, EAP-TTLS, EAP-MD5 and PEAP with RADIUS. Refer to the
Types of EAP Authentication appendix for descriptions on the common types.
The following figure shows an overview of authentication when you specify a RADIUS server
on your access point.
Figure 71 EAP Authentication
The details below provide a general description of how IEEE 802.1x EAP authentication
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.
1 The wireless station sends a “start” message to the ZyXEL Device.
2 The ZyXEL Device sends a “request identity” message to the wireless station for
2 The ZyXEL Device sends a “request identity” message to the wireless station for
identity information.
3 The wireless station replies with identity information, including username and password.
4 The RADIUS server checks the user information against its user profile database and
4 The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.
9.4 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.
between WPA and WEP are user authentication and improved data encryption.