Chapter 10 WLAN
ZyWALL 5/35/70 Series User’s Guide
225
• The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.
10.10 Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless Card screen (see Section 10.16.4 on page 234). You may still configure and store
keys here, but they will not be used while dynamic WEP is enabled.
To use dynamic WEP, enable and configure dynamic WEP key exchange in the Wireless
Card screen and configure RADIUS server settings in the AUTH SERVER RADIUS screen
(see Section 20.3 on page 427). Ensure that the wireless station's EAP type is configured to
one of the following:
•EAP-TLS
•EAP-TTLS
• PEAP
" EAP-MD5 cannot be used with dynamic WEP key exchange.
10.11 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.
10.11.1 User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. You can't use the ZyWALL's Local User
Database for WPA authentication purposes since the Local User Database uses EAP-MD5
which cannot be used to generate keys. See later in this chapter and the appendices for more
information on IEEE 802.1x, RADIUS and EAP.
If you don't have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared
Key) that only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a client will be granted access to
a WLAN.
10.11.2 Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.
To Next Page
Loading...
