Dynamic Wep Key Exchange; Introduction To Wpa; User Authentication; Encryption - ZyXEL Communications G-560 User Manual

802.11g wireless access point

Hide thumbs Also See for G-560:

Quick start manual (9 pages)

User manual (144 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

Table of Contents

6.8

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless

connection times out, disconnects or reauthentication times out. A new WEP key is generated each time

reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default WEP encryption key in the Wireless

screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is

enabled.

To use Dynamic WEP, enable and configure Dynamic WEP Key Exchange in the Wireless Security 802.1x

screen (see section 6.14.5). Ensure that the wireless station's EAP type is configured to one of the following:

•

EAP-TLS

•

EAP-TTLS

•

PEAP

6.9

Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences

between WPA and WEP are user authentication and improved data encryption.

6.9.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients

using an external RADIUS database. You can't use the G-560's Local User Database for WPA

authentication purposes since the Local User Database uses EAP-MD5 which cannot be used to generate

keys. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS and EAP.

Therefore, if you don't have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key)

that only requires a single (identical) password entered into each access point, wireless gateway and wireless

client. As long as the passwords match, a client will be granted access to a WLAN.

6.9.2 Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check

(MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by

the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC)

named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice.

The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy

and management system, using the pair-wise key to dynamically generate unique data encryption keys to

encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all

happens in the background automatically.

Wireless Screens

ZyXEL G-560 User's Guide

6-13

Table of Contents

Show Quick Links

Quick Links:
Resetting the G-560

Hide quick links:

Table of Contents

Dynamic Wep Key Exchange; Introduction To Wpa; User Authentication; Encryption - ZyXEL Communications G-560 User Manual

Dynamic WEP Key Exchange

Introduction to WPA

6.9.1 User Authentication

6.9.2 Encryption

Hide quick links:

Related Manuals for ZyXEL Communications G-560

Related Content for ZyXEL Communications G-560

Table of Contents