User`s guide
Table Of Contents
- About This User's Guide
- Document Conventions
- Safety Warnings
- Table of Contents
- Part I: Introduction
- 1. Getting to Know Your MWR222
- 2.
- 2. Introducing the Web Configurator
- 3. Monitor
- 4.
- 4.
- 4. MWR222 Modes
- 5. Router Mode
- 6. Access Point Mode
- 5.
- 5.
- 7. WISP Mode
- 7
- 7
- 8 Tutorials
- 8.3 Connecting to Internet from an Access Point
- 8.4 Configuring Wireless Security Using WPS
- 9 Wireless LAN
- 9.1 Overview
- 9.2 What You Can Do
- Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode.
- 9.3 What You Should Know
- 9.4 General Wireless LAN Screen
- 9.5 Security
- 9.6 MAC Filter
- 9.7 Wireless LAN Advanced Screen
- 9.8 Quality of Service (QoS) Screen
- 9.9 WPS Screen
- 9.10 WPS Station Screen
- 9.11 Scheduling Screen
- 9.12 WDS Screen
- 10.1 Overview
- 10.2 What You Can Do
- 10.3 What You Need To Know
- 10.2
- 10.3
- 10.4 Internet Connection
- 10.5 Mobile WAN
- 10.7 IGMP Snooping Screen
- 11 LAN
- 12 DHCP Server
- 13. Network Address Translation (NAT)
- 14 Dynamic DNS
- 15. OpenDNS
- 16 Static Route
- 17.
- 17.
- 17. Routing Information Protocol
- Part III
- Part V
- Maintenance and Troubleshooting
- Part VI
- Appendices and Index
- Appendix A
- Pop-up Windows, JavaScripts and Java Permissions
- End-User License Agreement for “MWR222”
- NOTE: Some components of this product incorporate free software programs covered under the open source code licenses which allows you to freely copy, modify and redistribute the software. For at least three (3) years from the date of distribution of t...
- Notice
- Information herein is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any p...
- Notice
- GNU GENERAL PUBLIC LICENSE
- GNU LESSER GENERAL PUBLIC LICENSE
MWR211 User’s Guide
270
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The
authentication server sends a challenge to the wireless station. The wireless
station ‘proves’ that it knows the password by encrypting the password with the
challenge and sends back the information. Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication
server needs to get the plaintext passwords, the passwords must be stored. Thus
someone other than the authentication server may access the password file. In
addition, it is possible to impersonate an authentication server as MD5
authentication method does not perform mutual authentication. Finally, MD5
authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the
wireless stations for mutual authentication. The server presents a certificate to
the client. After validating the identity of the server, the client sends a different
certificate to the server. The exchange of certificates is done in the open before a
secured tunnel is created. This makes user identity vulnerable to passive attacks.
A digital certificate is an electronic ID card that authenticates the sender’s
identity. However, to implement EAP-TLS, you need a Certificate Authority (CA)
to handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for
only the server-side authentications to establish a secure connection. Client
authentication is then done by sending username and password through the
secure connection, thus client identity is protected. For client authentication, EAP-
TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure
connection, then use simple username and password methods through the
secured connection to authenticate the clients, thus hiding client identity.
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation
of IEEE 802.1x.