ZyXEL Communications NBG6503 User Manual page 220

Simultaneous dual-band wireless ac750 home router

Hide thumbs Also See for NBG6503:

User manual (240 pages)

Quick start manual (4 pages)

Manual (12 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

Table of Contents

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-

side authentications to establish a secure connection. Client authentication is then done by sending

username and password through the secure connection, thus client identity is protected. For client

authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,

CHAP, MS-CHAP and MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then

use simple username and password methods through the secured connection to authenticate the

clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,

EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is

implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the

wireless connection times out, disconnects or reauthentication times out. A new WEP key is

generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the wireless

security configuration screen. You may still configure and store keys, but they will not be used while

dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic

keys for data encryption. They are often deployed in corporate environments, but for public

deployment, a simple user name and password pair is more practical. The following table is a

comparison of the features of authentication types.

Table 83 Comparison of EAP Authentication Types

Mutual Authentication

Certificate – Client

Certificate – Server

Dynamic Key Exchange

Credential Integrity

Deployment Difficulty

Client Identity Protection

Appendix D Wireless LANs

EAP-MD5

EAP-TLS

Yes

None

Strong

Easy

Hard

NBG6503 User's Guide

220

EAP-TTLS

PEAP

Yes

Optional

Yes

Strong

Moderate

Yes

LEAP

Yes

Moderate

Table of Contents

ZyXEL Communications NBG6503 User Manual page 220

Troubleshooting

Related Products for ZyXEL Communications NBG6503

ZyXEL Communications NBG6503 User Manual page 220

Troubleshooting

Related Manuals for ZyXEL Communications NBG6503

Related Products for ZyXEL Communications NBG6503

Table of Contents