User Manual
Table Of Contents
- NBG-418N v2
- User’s Guide
- Introduction
- The Web Configurator
- Connection Wizard
- Modes
- Tutorials
- 5.1 Overview
- 5.2 How to Connect to the Internet from an AP
- 5.3 Configure Wireless Security Using WPS on both your NBG-418N v2 and Wireless Client
- 5.4 Enable and Configure Wireless Security without WPS on your NBG-418N v2
- 5.5 Using Multiple SSIDs on the NBG-418N v2
- 5.6 Installing UPnP in Windows 7 Example
- 5.7 Using Bandwidth Management on the NBG-418N v2
- Technical Reference
- Wireless LAN
- WAN
- LAN
- DHCP Server
- Network Address Translation
- Dynamic DNS
- Static Route
- Firewall
- Content Filter
- Remote Management
- Universal Plug-and-Play (UPnP)
- Bandwidth MGMT
- System
- Logs
- Tools
- Sys OP Mode
- Language
- Troubleshooting
- Customer Support
- IP Addresses and Subnetting
- Pop-up Windows, JavaScripts and Java Permissions
- Setting Up Your Computer’s IP Address
- Wireless LANs
- Common Services
- Legal Information
- Index
Appendix E Wireless LANs
NBG-418N v2 User’s Guide
212
However, MD5 authentication has some weaknesses. Since the authentication server needs to get the
plaintext passwords, the passwords must be stored. Thus someone other than the authentication server
may access the password file. In addition, it is possible to impersonate an authentication server as MD5
authentication method does not perform mutual authentication. Finally, MD5 authentication method
does not support data encryption with dynamic session key. You must configure WEP encryption keys for
data encryption.
EAP- TLS (Tra nsport La ye r Se c urity)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for mutual
authentication. The server presents a certificate to the client. After validating the identity of the server,
the client sends a different certificate to the server. The exchange of certificates is done in the open
before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital
certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-
TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management
overhead.
EAP- TTLS (Tunne le d Transpo rt La ye r Se rvic e )
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side
authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP,
MS-CHAP and MS-CHAP v2.
PEAP (Prote c te d EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use
simple username and password methods through the secured connection to authenticate the clients,
thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by
Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Ke y Exc hange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless
connection times out, disconnects or re-authentication times out. A new WEP key is generated each
time re-authentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security
configuration screen. You may still configure and store keys, but they will not be used while dynamic
WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for
data encryption. They are often deployed in corporate environments, but for public deployment, a