User's Manual
Table Of Contents
- Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router
- Contents
- Chapter 1 About This Guide
- Chapter 2 Introduction
- Chapter 3 Connecting the Router to the Internet
- What You Need Before You Begin
- Connecting the DG834GT to Your LAN
- Auto-Detecting Your Internet Connection Type
- Testing Your Internet Connection
- Manually Configuring Your Internet Connection
- Chapter 4 Wireless Configuration
- Chapter 5 Protecting Your Network
- Chapter 6 Managing Your Network
- Chapter 7 Advanced Configuration
- Chapter 8 Troubleshooting
- Appendix A Technical Specifications
- Appendix B Network and Routing Basics
- Appendix C Preparing Your Network
- Preparing Your Computers for TCP/IP Networking
- Configuring Windows 95, 98, and Me for TCP/IP Networking
- Configuring Windows NT4, 2000 or XP for IP Networking
- DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4
- Configuring the Macintosh for TCP/IP Networking
- Verifying the Readiness of Your Internet Account
- Restarting the Network
- Appendix D Wireless Networking Basics
- Glossary
Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router
D-14 Wireless Networking Basics
August 2004
3. The client sends an EAP-response packet containing the identity to the authentication server.
The access point responds by enabling a port for passing only EAP packets from the client to
an authentication server located on the wired side of the access point. The access point blocks
all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the
client's identity using an authentication server (for example, RADIUS).
4. The authentication server uses a specific authentication algorithm to verify the client's identity.
This could be through the use of digital certificates or some other EAP authentication type.
5. The authentication server will either send an accept or reject message to the access point.
6. The access point sends an EAP-success packet (or reject packet) to the client.
7. If the authentication server accepts the client, then the access point will transition the client's
port to an authorized state and forward additional traffic.
The important part to know at this point is that the software supporting the specific EAP type
resides on the authentication server and within the operating system or application “supplicant”
software on the client devices. The access point acts as a “pass through” for 802.1x messages,
which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant
access point. As a result, you can update the EAP authentication type to such devices as token
cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication, or
as newer types become available and your requirements for security change.
WPA Data Encryption Key Management
With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x
provide no mechanism to change the global encryption key used for multicast and broadcast
traffic. With WPA, rekeying of both unicast and global encryption keys is required.
For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for
every frame, and the change is synchronized between the wireless client and the wireless access
point (AP). For the global encryption key, WPA includes a facility (the Information Element) for
the wireless AP to advertise the changed key to the connected wireless clients.
If configured to implement dynamic key exchange, the 802.1x authentication server can return
session keys to the access point along with the accept message. The access point uses the session
keys to build, sign and encrypt an EAP key message that is sent to the client immediately after
sending the success message. The client can then use contents of the key message to define
applicable encryption keys. In typical 802.1x implementations, the client can automatically change
encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough
time to crack the key in current use.