ZyXEL Communications ZyXEL ZyWALL 2WE, Компактное руководство

Страница: 20 / 42

ZyWALL 2WE
20
The following table describes the fields in this screen.
LABEL DESCRIPTION
Authentication
Type Select Authentication Required to authenticate all wireless clients before they can
access the wired network.
Select No Authentication Required to allow all wireless clients to access your wired
network without authentication.
Select No Access to deny all wireless clients access to your wired network.
Reauthentication
Period
Specify the time interval between the RADIUS server’s authentication checks of
wireless users connected to the network.
This field is activated only when you select Authentication Required in the
Authentication Type field.
5.6 Local User Database and RADIUS Overview
EAP is an authentication protocol designed originally to run over PPP (Point-to-Point Protocol)
frame in order to support multiple types of user authentication. RADIUS is based on a client-sever
model that supports authentication, authorization and accounting. The access point (ZyWALL) is
the client and the server is the RADIUS server. RADIUS is a simple package exchange in which
your ZyWALL acts as a message relay between the wireless client and the network RADIUS server.
In order to ensure network security, the access point and the RADIUS server use a shared secret
key, which is a password, they both know. The key is not sent over the network. In addition to the
shared key, password information exchanged is also encrypted to protect the network from
unauthorized access. By using EAP to interact with an EAP-compatible RADIUS server, the access
point helps a wireless client and a RADIUS server to perform mutual authentication.
To authenticate wireless users without interacting with a network RADIUS server, you can store
user profiles locally. The ZyWALL first checks the local user database, then use the user database
on the RADIUS server to authenticate wireless clients. To change your ZyWALL’s Local User list,
click
WIRELESS LAN , then the Local User Database tab.
If you do enable the EAP authentication, you need to specify the local user database or the external
sever for remote user authentication. To set up your ZyWALL’s Local User Database, click
WIRELESS LAN , then the Local User Database tab. To set up your ZyWALL’s RADIUS Server
settings, click WIRELESS LAN , then the RADIUS tab.
5.7 Firewall Overview
The ZyWALL firewall is a stateful inspection firewall and is designed to protect against Denial of
Service attacks when activated. The ZyWALL’s purpose is to allow a private Local Area Network
(LAN) to be securely connected to the Internet. The ZyWALL can be used to prevent theft,
destruction and modification of data, as well as log events, which may be important to the security
of your network. The ZyWALL also has packet-filtering capabilities.