Справочник Пользователя для ZyXEL Communications G-2000 Plus

ZyAIR G-2000 Plus User’s Guide

101 

Chapter 7 Wireless Security

The following types of RADIUS messages are exchanged between the access point and the 
RADIUS server for user accounting:

Sent by the access point requesting accounting.

Sent by the RADIUS server to indicate that it has started or stopped accounting. 

In order to ensure network security, the access point and the RADIUS server use a shared 
secret key, which is a password, they both know. The key is not sent over the network. In 
addition to the shared key, password information exchanged is also encrypted to protect the 
wired network from unauthorized access. 

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the 
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By 
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a 
wireless station and a RADIUS server perform authentication. 

The type of authentication you use depends on the RADIUS server or the AP. The ZyAIR 
supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the Types of EAP 
Authentication appendix for descriptions on the common types. 

Your ZyAIR supports PEAP with the Internal RADIUS Server.

The following figure shows an overview of authentication when you specify a RADIUS server 
on your access point.

Figure 36   EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication 
works. For an example list of PEAP authentication steps, see the IEEE 802.1x appendix. 

1 The wireless station sends a “start” message to the ZyAIR. 

2 The ZyAIR sends a “request identity” message to the wireless station for identity 

information.

3 The wireless station replies with identity information, including username and password.