User`s guide
Table Of Contents
- VMG8924-B10A and VMG8924- B30A Series
- User’s Guide
- Technical Reference
- Network Map and Status Screens
- Broadband
- Wireless
- Home Networking
- 7.1 Overview
- 7.2 The LAN Setup Screen
- 7.3 The Static DHCP Screen
- 7.4 The UPnP Screen
- 7.5 Installing UPnP in Windows Example
- 7.6 Using UPnP in Windows XP Example
- 7.7 The Additional Subnet Screen
- 7.8 The STB Vendor ID Screen
- 7.9 The 5th Ethernet Port Screen
- 7.10 The LAN VLAN Screen
- 7.11 The Wake on LAN Screen
- 7.12 Technical Reference
- Routing
- Quality of Service (QoS)
- Network Address Translation (NAT)
- Dynamic DNS Setup
- Interface Group
- USB Service
- Power Management
- Firewall
- MAC Filter
- Parental Control
- Scheduler Rule
- Certificates
- VPN
- Voice
- Log
- Traffic Status
- VoIP Status
- ARP Table
- Routing Table
- IGMP/MLD Status
- xDSL Statistics
- 3G Statistics
- User Account
- Remote Management
- TR-069 Client
- TR-064
- SNMP
- Time Settings
- E-mail Notification
- Logs Setting
- Firmware Upgrade
- Configuration
- Diagnostic
- Troubleshooting
- Customer Support
- Setting up Your Computer’s IP Address
- IP Addresses and Subnetting
- Pop-up Windows, JavaScripts and Java Permissions
- Wireless LANs
- IPv6
- Services
- Legal Information
- Index
Appendix E Wireless LANs
VMG8924-B10A and VMG8924-B30A Series User’s Guide
381
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret
key, which is a password, they both know. The key is not sent over the network. In addition to the
shared key, password information exchanged is also encrypted to protect the network from
unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE
802.1x transport mechanism in order to support multiple types of user authentication. By using EAP
to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a
RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x.
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain
the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used
to authenticate users and a CA issues certificates and guarantees the identity of each certificate
owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by
encrypting the password with the challenge and sends back the information. Password is not sent in
plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get
the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session key. You
must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the identity of
the server, the client sends a different certificate to the server. The exchange of certificates is done
in the open before a secured tunnel is created. This makes user identity vulnerable to passive
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which
imposes a management overhead.