ZyXEL Communications ZyXEL ZyAIR G-1000 User Manual page 116

G-1000 User's Guide
Table 49 Menu 23.4 System Security: IEEE802.1x
FIELD
Dynamic WEP Key
Exchange
PSK
WPA Mixed Mode
WPA Broadcast/
Multicast Key Update
Timer
Authentication
Databases
When you have completed this menu, press [ENTER] at the prompt "Press ENTER to confirm or ESC
to cancel" to save your configuration or press [ESC] to cancel and go back to the previous screen.
Once you enable user authentication, you need to specify an external RADIUS server or create
local user accounts on the G-1000 for authentication
116
DESCRIPTION
This field is activated only when you select Authentication Required in the
Wireless Port Control field. Also set the Authentication Databases field to
RADIUS Only. Local user database may not be used.
Select Disable to allow wireless stations to communicate with the access
points without using dynamic WEP key exchange.
Select 64-bit WEP or 128-bit WEP to enable data encryption.
Up to 32 stations can access the G-1000 when you configure dynamic WEP
key exchange.
Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
spaces and symbols) when you select WPA-PSK in the Key Management
Protocol field.
Select Enable to activate WPA mixed mode. Otherwise, select Disable and
configure Data Privacy for Broadcast/Multicast packets field.
The WPA Broadcast/Multicast Key Update Timer is the rate at which the AP
(if using WPA-PSK key management) or RADIUS server (if using WPA key
management) sends a new group key out to all clients. The re-keying process
is the WPA equivalent of automatically changing the WEP key for an AP and all
stations in a WLAN on a periodic basis. Setting of the WPA Broadcast/
Multicast Key Update Timer is also supported in WPA-PSK mode. The G-
1000 default is 1800 seconds (30 minutes).
The authentication database contains wireless station login information. The
local user database is the built-in database on the G-1000. The RADIUS is an
external server. Use this field to decide which database the G-1000 should use
(first) to authenticate a wireless station.
Before you specify the priority, make sure you have set up the corresponding
database correctly first.
When you configure Key Management Protocol to WPA, the Authentication
Databases must be RADIUS Only. You can only use the Local User
Database with 802.1x Key Management Protocol.
Select Local User Database Only to have the G-1000 just check the built-in
user database on the G-1000 for a wireless station's username and password.
Select RADIUS Only to have the G-1000 just check the user database on the
specified RADIUS server for a wireless station's username and password.
Select Local first, then RADIUS to have the G-1000 first check the user
database on the G-1000 for a wireless station's username and password. If the
user name is not found, the G-1000 then checks the user database on the
specified RADIUS server.
Select RADIUS first, then Local to have the G-1000 first check the user
database on the specified RADIUS server for a wireless station's username and
password. If the G-1000 cannot reach the RADIUS server, the G-1000 then
checks the local user database on the G-1000. When the user name is not
found or password does not match in the RADIUS server, the G-1000 will not
check the local user database and the authentication fails.
Chapter 16 System Security