ZyXEL Communications G-162 User Manual 2

ZyXEL G-162

802.11g Wireless CardBus Card

User's Guide

Version 2.0

January 2005

ZyXEL G-162 User’s Guide

Copyright

Copyright ©2005 by ZyXEL Communications Corporation

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.

Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software
described herein. Neither does it convey any license under its patent rights nor the patents' rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice. This
publication is subject to change without notice.

Trademarks

Trademarks mentioned in this publication are used for identification purposes only and may be properties
of their respective owners.

ii Copyright

ZyXEL G-162 User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials
or workmanship for a period of up to two (2) years from the date of purchase. During the warranty period
and upon proof of purchase, should the product have indications of failure due to faulty workmanship
and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components
without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product
or components to proper operating condition. Any replacement will consist of a new or re-manufactured
functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected
to abnormal working conditions.

NOTE

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for
indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization (RMA) number. Products must be returned Postage Prepaid. It is recommended that the unit
be insured when shipped. Any returned products without proof of purchase or those with an out-dated
warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts
and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address,
Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary
from country to country.

Online Registration

Register online at www.zyxel.com for free future product updates and information.

ZyXEL Limited Warranty iii

ZyXEL G-162 User’s Guide

Information for Canadian Users

The Industry Canada label identifies certified equipment. This certification means that the equipment meets
certain telecommunications network protective operation and safety requirements. The Industry Canada
does not guarantee that the equipment will operate to a user's satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities
of the local telecommunications company. The equipment must also be installed using an acceptable
method of connection. In some cases, the company's inside wiring associated with a single line individual
service may be extended by means of a certified connector assembly. The customer should be aware that
compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated
by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions,
may give the telecommunications company cause to request the user to disconnect the equipment.

For their own protection, users should ensure that the electrical ground connections of the power utility,
telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution
may be particularly important in rural areas.

Caution

Users should not attempt to make such connections themselves, but should contact the appropriate
electrical inspection authority, or electrician, as appropriate.

Note

This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus
set out in the radio interference regulations of Industry.

iv Information for Canadian Users

ZyXEL G-162 User’s Guide

Federal Communications Commission

1

(FCC) Interference Statement

The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired

operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:

1. Reorient or relocate the receiving antenna.

2. Increase the separation between the equipment and the receiver.

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4. Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment.

This product has been designed for the WLAN 2.4 GHz network throughout the EC region and
Switzerland, with restrictions in France.

Caution

1. This Transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter.

Certifications

Refer to the product page at www.zyxel.com.

1

Refer to the Quick Start Guide for model specific FCC statement(s) and the procedure to view the

product’s certification(s).

FCC Statement v

ZyXEL G-162 User’s Guide

Customer Support

When contacting your Customer Support Representative, please have the following information ready:

 Product model and serial number.

 Warranty Information.

 Date you received your product.
 Brief description of the problem and the steps you took to solve it.

LOCATION

WORLDWIDE

AMERICA

SUPPORT E-MAIL TELEPHONE2 WEB SITE METHOD

SALES E-MAIL FAX2 FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

ZyXEL Communications

sales@zyxel.com.tw

support@zyxel.com +1-800-255-4101

sales@zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY

sales@zyxel.de

support@zyxel.es +34 902 195 420 SPAIN

sales@zyxel.es

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk DENMARK

sales@zyxel.dk

support@zyxel.no +47 22 80 61 80 www.zyxel.no NORWAY

sales@zyxel.no

+886-3-578-2439 ftp.europe.zyxel.com

+1-714-632-0882

+1-714-632-0858 ftp.us.zyxel.com

+49-2405-6909-99

+33 (0)4 72 52 97 97 FRANCE info@zyxel.fr

+33 (0)4 72 52 19 20

+34 913 005 345

+45 39 55 07 07

+47 22 80 61 81

www.europe.zyxel.com
ftp.zyxel.com

www.us.zyxel.com NORTH

www.zyxel.fr ZyXEL France

www.zyxel.es

REGULAR MAIL

ZyXEL Communications Corp.
6 Innovation Road II
Science Park
Hsinchu 300
Taiwan

ZyXEL Communications Inc.
1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.

ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany

1 rue des Vergers
Bat. 1 / C
69760 Limonest
France

Alejandro Villegas 33
1º, 28043 Madrid
Spain

ZyXEL Communications A/S
Columbusvej 5
2860 Soeborg
Denmark

ZyXEL Communications A/S
Nils Hansens vei 13
0667 Oslo
Norway

2

“+” is the (prefix) number you enter to make an international telephone call.

vi Customer Support

ZyXEL G-162 User’s Guide

SUPPORT E-MAIL TELEPHONE2 WEB SITE METHOD

LOCATION

FINLAND support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

SALES E-MAIL FAX2 FTP SITE

support@zyxel.se +46 31 744 7700 www.zyxel.se SWEDEN

sales@zyxel.se

+46 31 744 7701

REGULAR MAIL

ZyXEL Communications A/S
Sjöporten 4, 41764 Göteborg
Sweden

Malminkaari 10
00700 Helsinki
Finland

Customer Support vii

ZyXEL G-162 User’s Guide

Table of Contents

Copyright.......................................................................................................................................................ii

ZyXEL Limited Warranty ..........................................................................................................................iii

Information for Canadian Users.................................................................................................................iv

Federal Communications Commission (FCC) Interference Statement....................................................v

Customer Support........................................................................................................................................vi

List of Figures...............................................................................................................................................xi

List of Tables ...............................................................................................................................................xii

Preface.........................................................................................................................................................xiii

Chapter 1 Getting Started.........................................................................................................................1-1

1.1 About Your G-162 ........................................................................................................................1-1

1.2 G-162 Hardware and Utility Installation.....................................................................................1-1

1.3 Configuration Methods ................................................................................................................1-1

1.4 Windows XP Users Only ..............................................................................................................1-2

1.5 Accessing the ZyXEL Utility.........................................................................................................1-2

Chapter 2 Wireless LAN Network............................................................................................................2-1

2.1 Overview ......................................................................................................................................2-1

2.1.1 SSID.....................................................................................................................................2-1

2.1.2 Channel ................................................................................................................................2-1

2.1.3 Transmission Rate (Transfer Rate).......................................................................................2-1

2.1.4 Wireless Network Application .............................................................................................2-1

2.1.5 Roaming ...............................................................................................................................2-3

2.2 Wireless LAN Security..................................................................................................................2-4

2.2.1 Data Encryption with WEP ..................................................................................................2-5

2.2.2 IEEE 802.1x .........................................................................................................................2-5

2.2.3 WPA.....................................................................................................................................2-5

2.2.4 WPA-PSK Application Example .........................................................................................2-6

2.2.5 WPA with RADIUS Application Example..........................................................................2-7

2.3 Fragmentation Threshold.............................................................................................................2-8

2.4 RTS/CTS Threshold......................................................................................................................2-8

2.5 Authentication Type .....................................................................................................................2-9

2.6 OTIST (One-Touch Intelligent Security Technology).................................................................2-10

Chapter 3 Using the ZyXEL Utility..........................................................................................................3-1

3.1 The Link Info Screen ....................................................................................................................3-1

3.1.1 Trend Chart ..........................................................................................................................3-3

3.2 The Site Survey Screen.................................................................................................................3-3

3.2.1 Connecting to a Network......................................................................................................3-5

3.2.2 Security Settings...................................................................................................................3-6

3.3 The Profile Screen......................................................................................................................3-12

3.3.1 Adding a New Profile.........................................................................................................3-14

Table of Contents ix

ZyXEL G-162 User’s Guide

3.4 The Adapter Screen.................................................................................................................... 3-21

Chapter 4 Maintenance.............................................................................................................................4-1

4.1 The About Screen ......................................................................................................................... 4-1

4.2 Uninstalling the ZyXEL Utility ....................................................................................................4-2

4.3 Upgrading the ZyXEL Utility....................................................................................................... 4-2

Chapter 5 Troubleshooting.......................................................................................................................5-1

5.1 Problems Starting the ZyXEL Utility Program............................................................................ 5-1

5.2 Problem with the Link Status .......................................................................................................5-2

5.3 Problems Communicating With Other Computers.......................................................................5-2

Appendix A Disable Windows XP Wireless LAN Configuration Tool ................................................... A

Appendix B Management with Wireless Zero Configuration ...................................................................I

Appendix C Product Specifications............................................................................................................ Y

Appendix D Types of EAP Authentication............................................................................................. AA

Appendix E Index ..................................................................................................................................... CC

x Table of Contents

ZyXEL G-162 User’s Guide

List of Figures

Figure 1-1 ZyXEL Utility: System Tray Icon ..............................................................................................1-2

Figure 2-1 IBSS Example ............................................................................................................................2-2

Figure 2-2 BSS Example..............................................................................................................................2-2

Figure 2-3 Infrastructure Network Example ................................................................................................2-3

Figure 2-4 Roaming Example......................................................................................................................2-4

Figure 2-5 Wireless LAN Security Levels ...................................................................................................2-4

Figure 2-6 WPA-PSK Authentication ..........................................................................................................2-7

Figure 2-7 WPA with RADIUS Application Example .................................................................................2-8

Figure 2-8 RTS Threshold............................................................................................................................2-9

Figure 3-1 Link Info.....................................................................................................................................3-1

Figure 3-2 Link Info: Trend Chart ...............................................................................................................3-3

Figure 3-3 Site Survey .................................................................................................................................3-4

Figure 3-4 Site Survey: Security Settings: WEP..........................................................................................3-6

Figure 3-5 Site Survey: Security Settings: WPA-PSK .................................................................................3-8

Figure 3-6 Site Survey: Security Settings: WPA..........................................................................................3-9

Figure 3-7 Site Survey: Security Settings: 802.1x .....................................................................................3-11

Figure 3-8 Profile.......................................................................................................................................3-13

Figure 3-9 Profile: Add New Profile ..........................................................................................................3-15

Figure 3-10 Profile: Select a Channel ........................................................................................................3-17

Figure 3-11 Profile: Wireless Settings........................................................................................................3-18

Figure 3-12 Profile: Security Settings........................................................................................................3-19

Figure 3-13 Profile: Confirm New Settings ...............................................................................................3-20

Figure 3-14 Profile: Activate the Profile....................................................................................................3-21

Figure 3-15 Adapter ...................................................................................................................................3-22

Figure 4-1 About ..........................................................................................................................................4-1

Figure 4-2 Confirm Uninstall.......................................................................................................................4-2

List of Figures xi

ZyXEL G-162 User’s Guide

List of Tables

Table 1-1 ZyXEL Utility: System Tray Icon................................................................................................1-2

Table 3-1 Link Info ......................................................................................................................................3-2

Table 3-2 Link Info: Trend Chart................................................................................................................. 3-3

Table 3-3 Site Survey...................................................................................................................................3-4

Table 3-4 Site Survey: Security Settings: WEP ...........................................................................................3-6

Table 3-5 Site Survey: Security Settings: WPA-PSK ..................................................................................3-8

Table 3-6 Site Survey: Security Settings: WPA...........................................................................................3-9

Table 3-7 Site Survey: Security Settings: 802.1x....................................................................................... 3-11

Table 3-8 Profile ........................................................................................................................................3-13

Table 3-9 Profile: Add New Profile ...........................................................................................................3-15

Table 3-10 Profile: Select a Channel.......................................................................................................... 3-17

Table 3-11 Adapter.....................................................................................................................................3-22

Table 4-1 About ...........................................................................................................................................4-1

Table 5-1 Troubleshooting Starting ZyXEL Utility Program.......................................................................5-1

Table 5-2 Troubleshooting Link Quality...................................................................................................... 5-2

Table 5-3 Troubleshooting Communication Problems ................................................................................5-2

xii List of Tables

ZyXEL G-162 User’s Guide

Preface

Congratulations on the purchase of your new G-162!

About This User's Guide

This manual provides information about the ZyXEL Wireless LAN Utility.

Syntax Conventions

• “Type” or “Enter” means for you to type one or more characters. "Select" or "Choose" means for

you to use one of the predefined choices.

• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control

Panels and then Modem” means first click the Apple icon, then point your mouse pointer to
Control Panels and then click Modem.

• Window and command choices are in Bold Times New Roman font. Predefined field choices are

in Bold Arial font.

• The ZyXEL G-162 802.11g Wireless CardBus Card is referred to as the G-162 in this guide.

• The ZyXEL Wireless LAN Utility may be referred to as the ZyXEL WLAN Utility or, simply, as

the ZyXEL Utility in this guide.

Related Documentation

 Support Disk

Refer to the included CD for support documents and device drivers.

 Quick Start Guide

Our Quick Start Guide is designed to help you get your G-162 up and running right away. It
contains a detailed easy-to-follow connection diagram and information on installing your G-162.

 ZyXEL Glossary and Web Site

Please refer to www.zyxel.com
documentation.

for an online glossary of networking terms and additional support

User Guide Feedback

Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to
techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications
Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.

Preface xiii

ZyXEL G-162 User’s Guide

Graphics Icons Key

Wireless Access Point

Server

Telephone

Computer

Modem

Switch

Notebook computer

Wireless Signal

Router

xiv Preface

ZyXEL G-162 User’s Guide

Chapter 1

Getting Started

This chapter introduces the G-162 and prepares you to use the ZyXEL Utility.

1.1 About Your G-162

The G-162 is an IEEE 802.11g compliant wireless LAN adapter. With the G-162, you can enjoy the
wireless mobility within the coverage area.

The following lists the main features of your G-162.

• Your G-162 can communicate with other IEEE 802.11b/g compliant wireless devices.

• Automatic rate selection.

• Proprietary transmission rates of 22Mbps for 802.11b standard and up to 125 Mbps for 802.11g

standard when connected to the ZyXEL g+ access point or wireless router

• 64-bit, 128-bit and 256-bit WEP (Wired Equivalent Privacy) data encryption for network security

• Supports IEEE802.1x and WPA (Wi-Fi Protected Access)

• Low CPU utilization allowing more computer system resources for other programs

• A built-in antenna

• Driver support for Windows 98 Second Edition, Windows Me, Windows 2000 and Windows XP

Actual speeds attained also depend on the distance from the AP, noise, etc.

1.2 G-162 Hardware and Utility Installation

Follow the instructions in the Quick Start Guide to install the ZyXEL Utility and make hardware
connections.

1.3 Configuration Methods

To configure your G-162, use one of the following applications:

 Wireless Zero Configuration (WZC) (recommended for Windows XP)

 ZyXEL Utility
 Odyssey Client Manager

DO NOT use the Windows XP configuration tool or the Odyssey Client Manager

and the ZyXEL Utility at the same time.

Refer to the Funk Odyssey Client documentation for more information.

Getting Started 1-1

ZyXEL G-162 User’s Guide

1.4 Windows XP Users Only

You must disable WZC if you want to use the ZyXEL utility. Refer to the appendices on how to deactivate
WZC or how to use WZC to manage the G-162.

1.5 Accessing the ZyXEL Utility

After you install and start the ZyXEL Utility, an icon for the ZyXEL Utility appears in the system tray.

When the ZyXEL Utility system tray icon displays, the G-162 is installed properly.

Figure 1-1 ZyXEL Utility: System Tray Icon

The color of the ZyXEL Utility system tray icon indicates the status of the G-162. Refer to the following
table for details.

Table 1-1 ZyXEL Utility: System Tray Icon

COLOR DESCRIPTION

Red The G-162 is not connected to a wireless network or is searching for an available wireless

network.

Green The G-162 is connected to a wireless network.

Double click on the ZyXEL Wireless LAN Utility icon in the system tray to open the ZyXEL Utility. The
ZyXEL Utility screens are similar in all supported Microsoft Windows operating systems. Screens for
Windows 2000 are shown.

Click the icon (located in the top right corner) to display the on-line help

window.

1-2 Getting Started

ZyXEL G-162 User’s Guide

Chapter 2

Wireless LAN Network

This chapter provides background information on wireless LAN network.

2.1 Overview

This section describes the wireless LAN network terms and applications.

2.1.1 SSID

The SSID (Service Set Identity) is a unique name shared among all wireless devices in a wireless network.
Wireless devices must have the same SSID to communicate with each other.

2.1.2 Channel

A radio frequency used by a wireless device is called a channel.

2.1.3 Transmission Rate (Transfer Rate)

The G-162 provides various transmission (data) rate options for you to select. Options include Fully Auto,
1 Mbps, 2 Mbps, 5.5 Mbps, 11 Mbps, 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 22 Mbps, 24 Mbps, 36
Mbps, 48 Mbps, 54 Mbps and 125 Mbps. In most networking scenarios, the factory default Fully Auto

setting proves the most efficient. This setting allows your G-162 to operate at the maximum transmission
(data) rate. When the communication quality drops below a certain level, the G-162 automatically switches
to a lower transmission (data) rate. Transmission at lower data speeds is usually more reliable. However,
when the communication quality improves again, the G-162 gradually increases the transmission (data) rate
again until it reaches the highest available transmission rate.

You can select any of the above options. If you wish to balance speed versus reliability, select 54 Mbps in
a networking environment where you are certain that all wireless devices can communicate at the highest
transmission (data) rate. 1 Mbps or 2 Mbps are used often in networking environments where the range of
the wireless connection is more important than speed.

Your G-162 can transmit at the proprietary transmission rates of 22Mbps or up to

125 Mbps when connected to the ZyXEL g+ AP or wireless router. Actual speeds

attained also depend on the distance from the AP, noise, etc.

2.1.4 Wireless Network Application

Wireless LAN works in either of the two modes: ad-hoc and infrastructure.

Wireless LAN Network 2-1

ZyXEL G-162 User’s Guide

To connect to a wired network within a coverage area using Access Points (APs), set the G-162 operation
mode to Infrastructure (BSS). An AP acts as a bridge between the wireless stations and the wired
network. In case you do not wish to connect to a wired network, but prefer to set up a small independent
wireless workgroup without an AP, use the Ad-hoc (IBSS) (Independent Basic Service Set) mode.

Ad-Hoc (IBSS)

Ad-hoc mode does not require an AP or a wired network. Two or more wireless stations communicate
directly to each other. An ad-hoc network may sometimes be referred to as an Independent Basic Service
Set (IBSS).

Figure 2-1 IBSS Example

To set up an ad-hoc network, configure all wireless stations in ad-hoc network

type and use the same SSID and channel.

Infrastructure (BSS)

When a number of wireless stations are connected using a single AP, you have a Basic Service Set (BSS).

Figure 2-2 BSS Example

A series of overlapping BSS and a network medium, such as an Ethernet forms an Extended Service Set
(ESS) or infrastructure network. All communication is done through the AP, which relays data packets to

2-2 Wireless LAN Network

ZyXEL G-162 User’s Guide

other wireless stations or devices connected to the wired network. Wireless stations can then access
resource, such as the printer, on the wired network.

Figure 2-3 Infrastructure Network Example

2.1.5 Roaming

In an infrastructure network, wireless stations are able to switch from one BSS to another as they move
between the coverage areas. During this period, the wireless stations maintain uninterrupted connection to
the network. This is roaming. As the wireless station moves from place to place, it is responsible for
choosing the most appropriate AP depending on the signal strength, network utilization or other factors.

The following figure depicts a roaming example. When wireless station B moves to position X, the G-162
in wireless station B automatically switches the channel to the one used by access point 2 in order to stay
connected to the network.

Wireless LAN Network 2-3

ZyXEL G-162 User’s Guide

Figure 2-4 Roaming Example

2.2 Wireless LAN Security

Wireless LAN security is vital to your network to protect wireless communication between wireless
stations and the wired network.

The figure below shows the possible wireless security levels on your G-162. EAP (Extensible
Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange. It requires
interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the WAN or
your LAN to provide authentication service for wireless stations.

Figure 2-5 Wireless LAN Security Levels

2-4 Wireless LAN Network

ZyXEL G-162 User’s Guide

Configure the wireless LAN security using the Profile Security Settings screen. If you do not enable any
wireless security on your G-162, the G-162’s wireless communications are accessible to any wireless
networking device that is in the coverage area.

2.2.1 Data Encryption with WEP

WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the G-162 and
the AP or other wireless stations to keep network communications private. Both the wireless stations and
the access points must use the same WEP key for data encryption and decryption.

There are two ways to create WEP keys in your G-162.

• Automatic WEP key generation based on a “password phrase” called a passphrase. The passphrase

is case sensitive. You must use the same passphrase for all WLAN adapters with this feature in the
same WLAN.
For WLAN adapters without the passphrase feature, you can still take advantage of this feature by
writing down the four automatically generated WEP keys from the Security Settings screen of the
ZyXEL Utility and entering them manually as the WEP keys in the other WLAN adapter(s).

• Enter the WEP keys manually.

Your G-162 allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys and only one key is
used as the default key at any one time.

2.2.2 IEEE 802.1x

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless
stations and encryption key management. Authentication can be done using an external RADIUS server.

EAP Authentication

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server
perform authentication.

The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports
IEEE802.1x. The G-162 supports EAP-TLS, EAP-TTLS and EAP-PEAP. Refer to the Types of EAP
Authentication appendix for descriptions.

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the
certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to
authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

2.2.3 WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences
between WPA and WEP are user authentication and improved data encryption.

Wireless LAN Network 2-5

ZyXEL G-162 User’s Guide

User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients
using an external RADIUS database.

Therefore, if you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared
Key) that only requires a single (identical) password entered into each access point, wireless gateway and
wireless client. As long as the passwords match, a client will be granted access to a WLAN.

Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity
Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed
by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used
twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key
hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption
keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
This all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering
them and resending them. The MIC provides a strong mathematical function in which the receiver and the
transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has
been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity checking
mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP,
making it difficult for an intruder to break into the network.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the
two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common­password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an
improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password.

2.2.4 WPA-PSK Application Example

A WPA-PSK application looks as follows.
Step 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK)

must consist of between 8 and 63 ASCII characters (including spaces and symbols).

Step 2. The AP checks each client’s password and (only) allows it to join the network if it matches its

password.

Step 3. The AP derives and distributes keys to the wireless clients.

2-6 Wireless LAN Network

ZyXEL G-162 User’s Guide

Step 4. The AP and wireless clients use the TKIP encryption process to encrypt data exchanged

between them.

Figure 2-6

WPA-PSK Authentication

2.2.5 WPA with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared
secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS
server. “DS” is the distribution system.

Step 1. The AP passes the wireless client’s authentication request to the RADIUS server.
Step 2. The RADIUS server then checks the user's identification against its database and grants or

denies network access accordingly.

Step 3. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a

key hierarchy and management system, using the pair-wise key to dynamically generate unique
data encryption keys to encrypt every data packet that is wirelessly communicated between the
AP and the wireless clients.

Wireless LAN Network 2-7

ZyXEL G-162 User’s Guide

Figure 2-7 WPA with RADIUS Application Example

2.3 Fragmentation Threshold

A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the G-162 will fragment the packet into smaller data frames.

A large Fragmentation Threshold is recommended for networks not prone to interference while you
should set a smaller threshold for busy networks or networks that are prone to interference.

If the Fragmentation Threshold value is smaller than the RTS/CTS Threshold value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS Threshold size.

2.4 RTS/CTS Threshold

A hidden node occurs when two stations are within range of the same access point, but are not within range
of each other. The following figure illustrates a hidden node. Both stations are within range of the access
point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear” each other, that is
they do not know if the channel is currently being used. Therefore, they are considered hidden from each
other.

2-8 Wireless LAN Network

ZyXEL G-162 User’s Guide

Figure 2-8 RTS Threshold

When station A sends data to the AP, it might not know that the station B is already using the channel. If
these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP
at the same time, resulting in a loss of messages for both stations.

RTS/CTS Threshold is designed to prevent collisions due to hidden nodes. An RTS/CTS Threshold
defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.

When a data frame exceeds the RTS/CTS Threshold value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for
permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within
its range to notify them to defer their transmission. It also reserves and confirms with the requesting station
the time frame for the requested transmission.

Stations can send frames smaller than the specified RTS/CTS Threshold directly to the AP without the
RTS (Request To Send)/CTS (Clear to Send) handshake.

You should only configure RTS/CTS Threshold if the possibility of hidden nodes exists on your network
and the “cost” of resending large frames is more than the extra network overhead involved in the RTS
(Request To Send)/CTS (Clear to Send) handshake.

If the RTS/CTS Threshold value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented
before they reach RTS/CTS Threshold size.

Enabling the RTS Threshold causes redundant network overhead that could

negatively affect the throughput performance.

2.5 Authentication Type

The IEEE 802.11b standard describes a simple authentication method between the wireless stations and
AP. Two authentication modes are defined: Open and Share.

Wireless LAN Network 2-9

ZyXEL G-162 User’s Guide

Open authentication mode is implemented for ease-of-use and when security is not an issue. The wireless
station and the AP do not share a secret key. Thus the wireless stations can associate with any AP and listen
to any data transmitted plaintext.

Share authentication mode involves a shared secret key to authenticate the wireless station to the AP. This
requires you to enable the wireless LAN security and use same settings on both the wireless station and the
AP.

2.6 OTIST (One-Touch Intelligent Security Technology)

OTIST allows your ZyXEL g+ access point (AP) or wireless router to set the wireless adapter to use the
same wireless settings as the ZyXEL g+ AP or wireless router.

The wireless adapter must also support OTIST and have OTIST enabled.

The following are the wireless settings that the ZyXEL g+ AP or wireless router assigns to the wireless
adapter if OTIST is enabled on both devices and the OTIST setup keys are the same.

 SSID

 Security (WEP or WPA-PSK)

2-10 Wireless LAN Network