ZyXEL Communications WAP6405 User Manual page 136

5ghz ac1750 gigabit wireless bridge

Hide thumbs Also See for WAP6405:

Quick start manual (2 pages)

Quick start manual (3 pages)

Quick start manual (3 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic

keys for data encryption. They are often deployed in corporate environments, but for public

deployment, a simple user name and password pair is more practical. The following table is a

comparison of the features of authentication types.

Table 42 Comparison of EAP Authentication Types

Mutual Authentication

Certificate – Client

Certificate – Server

Dynamic Key Exchange

Credential Integrity

Deployment Difficulty

Client Identity Protection

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a

wireless security standard that defines stronger encryption, authentication and key management

than WPA.

Key differences between WPA or WPA2 and WEP are improved data encryption and user

authentication.

If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use

WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use

WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into

each access point, wireless gateway and wireless client. As long as the passwords match, a wireless

client will be granted access to a WLAN.

If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on

whether you have an external RADIUS server or not.

Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less

secure than WPA or WPA2.

Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity

Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but

offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter

mode with Cipher block chaining Message authentication code Protocol (CCMP).

TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.

AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm

called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check

(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying

mechanism.

WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is

never used twice.

Appendix D Wireless LANs

EAP-MD5

EAP-TLS

Yes

None

Strong

Easy

Hard

WAP6405 User's Guide

136

EAP-TTLS

PEAP

Yes

Optional

Yes

Strong

Moderate

Yes

LEAP

Yes

Moderate

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

ZyXEL Communications WAP6405 User Manual page 136

Hide quick links:

Troubleshooting

Related Products for ZyXEL Communications WAP6405

ZyXEL Communications WAP6405 User Manual page 136

Hide quick links:

Troubleshooting

Related Manuals for ZyXEL Communications WAP6405

Related Products for ZyXEL Communications WAP6405

Table of Contents