ZyXEL Communications ZyAIR B-500 Network Router User Manual


 
ZyAIR B-500 Wireless Access Point User’s Guide
Wireless LAN with IEEE 802.1x E-1
Appendix E
Wireless LAN With IEEE 802.1x
As wireless networks become popular for both portable computing and corporate networks, security is now
a priority.
Security Flaws with IEEE 802.11
Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b
wireless access standard, first published in 1999, was based on the MAC address. As the MAC address is
sent across the wireless link in clear text, it is easy to spoof and fake. Even the WEP (Wire Equivalent
Privacy) data encryption is unreliable as it can be easily decrypted with current computer speed
Deployment Issues with IEEE 802.11
User account management has become a network administrator’s nightmare in a corporate environment, as
the IEEE 802.11b standard does not provide any central user account management. User access control is
done through manual modification of the MAC address table on the access point. Although WEP data
encryption offers a form of data security, you have to reset the WEP key on the clients each time you
change your WEP key on the access point.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support
extended authentication as well as providing additional accounting and control features. It is supported by
Windows XP and a number of network devices.
Advantages of the IEEE 802.1x
User based identification that allows for roaming.
Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless stations.