2 ieee 802.1x, 3 wpa, 2 ieee 802.1x 3.2.1.3 wpa – ZyXEL Communications M-302 User Manual

M-302 User’s Guide

Chapter 3 Wireless LAN Network

33

3.2.1.1.2 Authentication Type

The IEEE 802.11b/g standard describes a simple authentication method between the wireless
stations and AP. Three authentication types are defined: Auto, Open System and Shared Key.

• Open System mode is implemented for ease-of-use and when security is not an issue.

The wireless station and the AP or peer computer do not share a secret key (WEP key).
Thus the wireless stations can associate with any AP or peer computer and listen to any
transmitted data that is not encrypted.

• Shared Key mode involves a shared secret key (WEP key) to authenticate the wireless

station to the AP or peer computer. This requires you to enable the wireless LAN security
and use same settings on both the wireless station and the AP or peer computer.

• Auto authentication mode allows the M-302 to switch between the open system and

shared key modes automatically. Use the auto mode if you do not know the authentication
mode of the other wireless stations.

3.2.1.2 IEEE 802.1x

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using an
external RADIUS server.

3.2.1.2.1 EAP Authentication

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x. The M-302 supports EAP-TLS, EAP-TTLS and EAP-PEAP. Refer
to the appendix on wireless security for more details.

For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called a digital ID)
can be used to authenticate users, and a CA issues certificates and guarantees the identity of
each certificate owner.

3.2.1.3 WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard.

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x. WPA uses Advanced Encryption Standard (AES) in
the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP)
to offer stronger encryption than TKIP. Refer to the appendix on wireless security for more
details.