ZyXEL Communications NBG6515 User Manual page 212

Ac750 dual-band wireless gigabit router

Hide thumbs Also See for NBG6515:

User manual (239 pages)

Quick start manual (4 pages)

User manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

Table of Contents

authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP,

MS-CHAP and MS-CHAP v2.

PEAP (Pro te c te d EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use

simple username and password methods through the secured connection to authenticate the clients,

thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2

and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by

Cisco.

L EAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.

Dyna m ic WEP Ke y Exc ha ng e

The AP maps a unique key that is generated with the RADIUS server. This key expires when the WiFi

connection times out, disconnects or reauthentication times out. A new WEP key is generated each

time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the WiFi security

configuration screen. You may still configure and store keys, but they will not be used while dynamic

WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for

data encryption. They are often deployed in corporate environments, but for public deployment, a

simple user name and password pair is more practical. The following table is a comparison of the

features of authentication types.

Table 91 Comparison of EAP Authentication Types

Mutual Authentication

Certificate – Client

Certificate – Server

Dynamic Key Exchange

Credential Integrity

Deployment Difficulty

Client Identity Protection

Enc ryptio n

The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy

and management system, using the PMK to dynamically generate unique data encryption keys to

encrypt every data packet that is wirelessly communicated between the AP and the WiFi clients. This all

happens in the background automatically.

WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-

password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it's still

Appendix C Wireless LANs

EAP- MD5

EAP- T L S

Yes

None

Strong

Easy

Hard

NBG6515 User's Guide

212

EAP- T T L S

PEAP

Yes

Optional

Yes

Strong

Moderate

Yes

L EAP

Yes

Moderate

Table of Contents

ZyXEL Communications NBG6515 User Manual page 212

Troubleshooting

Related Products for ZyXEL Communications NBG6515

ZyXEL Communications NBG6515 User Manual page 212

Troubleshooting

Related Manuals for ZyXEL Communications NBG6515

Related Products for ZyXEL Communications NBG6515

Table of Contents