6.6 802.1x Overview
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using the local
user database internal to the ZyWALL (authenticate up to 32 users) or an external RADIUS
server for an unlimited number of users.
6.7 Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.
To use Dynamic WEP, enable and configure the RADIUS server
RADIUS
section) and enable Dynamic WEP Key Exchange in the 802.1x screen. Ensure that
the wireless station's EAP type is configured to one of the following:
• EAP-TLS
• EAP-TTLS
• PEAP
6.8 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.
6.8.1 User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. You can't use the ZyWALL's Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.
Chapter 6 Wireless LAN and Authentication Server
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange.
ZyWALL 35 User's Guide
(see the Introduction to
117