796872
403
Zoom out
Zoom in
Previous page
1/434
Next page
Appendix B Wireless LANs
VMG/XMG Series User’s Guide
403
wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted
access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether
you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure
than WPA or WPA2.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check
(MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but offers stronger
encryption than TKIP with Advanced Encryption Standard (AES) in the Counter mode with Cipher block
chaining Message authentication code Protocol (CCMP).
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES
(Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called
Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named
Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy
and management system, using the PMK to dynamically generate unique data encryption keys to
encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This
all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,
altering them and resending them. The MIC provides a strong mathematical function in which the
receiver and the transmitter each compute and then compare the MIC. If they do not match, it is
assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a WiFi network than
WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-
guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric
password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all
wireless devices sharing the same encryption keys. (a weakness of WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless
clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from
six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other
WPA2 authentication features that are different from WPA include key caching and pre-authentication.
These two features are optional and may not be supported in all wireless devices.
403


Need help? Post your question in this forum.

Forumrules


Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

For example, Anti-Semitic content, racist content, or material that could result in a violent physical act.

For example, a credit card number, a personal identification number, or an unlisted home address. Note that email addresses and full names are not considered private information.

Forumrules

To achieve meaningful questions, we apply the following rules:

Register

Register getting emails for ZyXEL VMG1312-B10D at:


You will receive an email to register for one or both of the options.


Get your user manual by e-mail

Enter your email address to receive the manual of ZyXEL VMG1312-B10D in the language / languages: English as an attachment in your email.

The manual is 13.81 mb in size.

 

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.



Info