ZyXEL Communications G-470 Network Card User Manual


 
G-470 User’s Guide
34 Chapter 3 Wireless LAN Network
3.2.1.3 IEEE 802.1x
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using an
external RADIUS server.
3.2.1.3.1 EAP Authentication
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x. The ZyXEL Device supports EAP-TLS, EAP-TTLS and EAP-
PEAP. Refer to the Wireless Security appendix for descriptions.
For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called a digital ID)
can be used to authenticate users, and a CA issues certificates and guarantees the identity of
each certificate owner.
3.2.1.4 WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard.
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard
(AES) in the Counter mode with Cipher block chaining Message authentication code Protocol
(CCMP) to offer stronger encryption than TKIP.
Select WEP only when the AP does not support WPA. WEP is less secure than WPA.
3.2.1.5 WPA2
WPA 2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption,
authentication and key management than WPA.