Manual ZyXEL XMG3927-B50A (page 403 of 434) (English)

796878

403

Zoom out

Zoom in

1/434

Appendix B Wireless LANs

VMG/XMG Series User’s Guide

403

wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted

access to a WLAN.

If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether

you have an external RADIUS server or not.

Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure

than WPA or WPA2.

Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check

(MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but offers stronger

encryption than TKIP with Advanced Encryption Standard (AES) in the Counter mode with Cipher block

chaining Message authentication code Protocol (CCMP).

TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES

(Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called

Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named

Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is

never used twice.

The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy

and management system, using the PMK to dynamically generate unique data encryption keys to

encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This

all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,

altering them and resending them. The MIC provides a strong mathematical function in which the

receiver and the transmitter each compute and then compare the MIC. If they do not match, it is

assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity

checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a WiFi network than

WEP and difficult for an intruder to break into the network.

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference

between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific

credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-

guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric

password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all

wireless devices sharing the same encryption keys. (a weakness of WEP)

User Authentication

WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless

clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from

six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other

WPA2 authentication features that are different from WPA include key caching and pre-authentication.

These two features are optional and may not be supported in all wireless devices.

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of ZyXEL XMG3927-B50A in the language / languages: English as an attachment in your email.

The manual is 13.81 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

ZyXEL XMG3927-B50A Manual

Product: