Support User Manuals

ZyXEL Communications 660HW Series Network Router User Manual

Open as PDF

of 460

Prestige 660H/HW Series User’s Guide

401 Splitters and Microfilters

Shared key authentication involves a four-message procedure. A wireless station sends a

shared key authentication request to the AP, which will then reply with a challenge text

message. The wireless station must then use the AP’s default WEP key to encrypt the

challenge text and return it to the AP, which attempts to decrypt the message using the AP’s

default WEP key. If the decrypted message matches the challenge text, the wireless station is

authenticated.

When your device authentication method is set to open system, it will only accept open system

authentication requests. The same is true for shared key authentication. However, when it is

set to auto authentication, the device will accept either type of authentication request and the

device will fall back to use open authentication if the shared key does not match.

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when

the wireless connection times out, disconnects or reauthentication times out. A new WEP key

is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the

Wireless screen. You may still configure and store keys here, but they will not be used while

Dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use

dynamic keys for data encryption. They are often deployed in corporate environments, but for

public deployment, a simple user name and password pair is more practical. The following

table is a comparison of the features of authentication types.

Table 142 Comparison of EAP Authentication Types

EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP

Mutual Authentication No Yes Yes Yes Yes

Certificate – Client No Yes Optional Optional No

Certificate – Server No Yes Yes Yes No

Dynamic Key Exchange No Yes Yes Yes Yes

Credential Integrity None Strong Strong Strong Moderate

Deployment Difficulty Easy Hard Moderate Moderate Moderate

Client Identity Protection No No Yes Yes No

previous next