2 user authentication, 12 wpa(2)-psk application example, 13 wpa(2) with radius application example – ZyXEL Communications 802.11g Wireless Access Point ZyXEL G-560 User Manual

ZyXEL G-560 User’s Guide

72

Chapter 6 Wireless Screens

6.11.2 User Authentication

WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database.

6.12 WPA(2)-PSK Application Example

A WPA(2)-PSK application looks as follows.

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).

2 The AP checks each client’s password and (only) allows it to join the network if it

matches its password.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data

exchanged between them.

Figure 39 WPA(2)-PSK Authentication

6.13 WPA(2) with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. “A” is the RADIUS server. “DS” is the distribution system.

1 The AP passes the wireless client’s authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically