ZyXEL Communications G-170S 用户手册

ZyXEL G-170S User’s Guide

Chapter 2 Wireless LAN Network

31

You need the IP address of the RADIUS server, its port number (default is 1812), and the 
RADIUS shared secret. A WPA(2)-RADIUS application example with an external RADIUS 
server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.

1 The AP passes the wireless client's authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants 

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then 

sets up a key hierarchy and management system, using the pair-wise key to dynamically 
generate unique data encryption keys to encrypt every data packet that is wirelessly 
communicated between the AP and the wireless clients.

Figure 11   WPA(2) with RADIUS Application Example

The IEEE 802.11b/g standard describes a simple authentication method between the wireless 
stations and AP. Three authentication types are defined: Auto Switch, an Open system mode 
and a Shared key mode.

•  Open system mode is implemented for ease-of-use and when security is not an issue. 

The wireless station and the AP do not share a secret key. Thus the wireless stations can 
associate with any AP and listen to any data transmitted plaintext.

•  Shared key mode involves a shared secret key to authenticate the wireless station to the 

AP. This requires you to enable the wireless LAN security and use same settings on both 
the wireless station and the AP. 

•  Auto Switch authentication mode allows the G-170S to switch between the open system 

and shared key modes automatically. Use the auto mode if you do not know the 
authentication mode of the other wireless stations.