The ZyAIR's wireless setup (Figure 11) features include the ability to disable the radio, set the ESSID (and also "hide", or disable broadcast of it).
Figure 11: The ZyAIR supports WEP, ESSID hiding, and easy entry for WEP keys
You can see the other setup parameters in Figure 11, most of which you've seen before. Note that the G-2000 doesn't support any form of 802.11g throughput enhancement.
The ZyAIR implements several security features that help keep wireless communications secure, such as supporting Wi-Fi Protected Access (WPA), 802.1x authentication and MAC address filtering.
TIP: For more information about WPA, see our Wi-Fi Protected Access (WPA) NeedToKnow - Part II.
WPA support includes both Pre-Shared Key (PSK) and "enterprise" (RADIUS) modes with TKIP. The optional AES encryption supported by some competitive products is not an option on the G-2000.
802.1x authentication uses a client-sever model that supports centralized user authentication and accounting - usually via a RADIUS server. The RADIUS server provides a single point of authentication, which is more robust and flexible than using static passwords or having to rely on MAC addresses. RADIUS also allows the use of several authentication schemes, including two-factor authentication and using tokens.
While the ZyAIR does not have an onboard RADIUS server, it is capable of passing on authentication requests to an external RADIUS server, which handles the authentication and accounting tasks.
Figure 12: The RADIUS configuration tab - enter the IP of the RADIUS server and the shared secret key
In order to ensure network security, the access point and the RADIUS server use a shared secret key, i.e. password, that both know. The key itself is never sent over the network, but rather an MD5 hash. The ZyAIR supports EAPTLS, EAP-TTLS and PEAP authentication protocols with RADIUS.