background image

Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3

Wireless Networking Basics

B-15

202-10060-02, February 2005

Temporal Key Integrity Protocol (TKIP)

WPA uses TKIP to provide important data encryption enhancements including a per-packet key 
mixing function, a message integrity check (MIC) named Michael, an extended initialization 
vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the 
following: 

The verification of the security configuration after the encryption keys are determined. 

The synchronized changing of the unicast encryption key for each frame. 

The determination of a unique starting unicast encryption key for each preshared key 
authentication.

Michael

With 802.11 and WEP, data integrity is provided by a 32-bit 

integrity check value

 (ICV) that is 

appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can 
use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without 
being detected by the receiver.

With WPA, a method known as 

Michael

 specifies a new algorithm that calculates an 8-byte 

message integrity check (MIC) using the calculation facilities available on existing wireless 
devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. 
The MIC field is encrypted together with the frame data and the ICV.

Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to 
prevent replay attacks.

AES Support for WPA2

One of the encryption methods supported by WPA2 is the advanced encryption standard (AES), 
although AES support will not be required initially for Wi-Fi certification. This is viewed as the 
optimal choice for security conscience organizations, but the problem with AES is that it requires a 
fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP is a 
pragmatic compromise that allows organizations to deploy better security while AES capable 
equipment is being designed, manufactured, and incrementally deployed.

Содержание WG602v3 - Wireless Access Point

Страница 1: ... 10060 02 February 2005 202 10060 02 February 2005 NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA Phone 1 888 NETGEAR Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 ...

Страница 2: ...technical support by telephone see the support information card for the correct telephone number for your country 2005 by NETGEAR Inc All rights reserved Trademarks NETGEAR is a registered trademark of NETGEAR INC Windows is a registered trademark of Microsoft Corporation Other brand and product names are trademarks or registered trademarks of their respective holders Information is subject to cha...

Страница 3: ...r television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the...

Страница 4: ...B respect les exigences du Regalement sur le material broilleur du Canada This device comples with Class B limits of Industry of Canada Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation The device is certified to the requirements of RSS 1...

Страница 5: ...ble and Related NETGEAR Products 2 3 System Requirements 2 4 What s In the Box 2 4 Hardware Description 2 5 WG602v3 Wireless Access Point Front Panel 2 5 WG602v3 Wireless Access Point Rear Panel 2 6 Power Socket 2 6 Reset and Restore to Factory Defaults Button 2 6 RJ 45 Ethernet Port 2 6 Detachable Antenna 2 6 Chapter 3 Basic Installation and Configuration Observing Placement and Range Guidelines ...

Страница 6: ...ess Point Software 4 3 Rebooting and Resetting Factory Default Options 4 5 Restoring the WG602v3 to the Factory Default Settings 4 5 Using the Reset Button to Reboot or Restore Factory Defaults 4 5 Changing the Administrator Password 4 6 Chapter 5 Advanced Configuration Understanding Advanced Wireless Settings 5 1 Configuring Wireless Distribution System Links 5 2 How to Configure Wireless Bridge ...

Страница 7: ...of WEP Parameters B 5 Key Size B 6 WEP Configuration Options B 7 Wireless Channels B 7 WPA and WPA2 Wireless Security B 8 How Does WPA Compare to WEP B 9 How Does WPA Compare to WPA2 IEEE 802 11i B 10 What are the Key Features of WPA and WPA2 Security B 10 WPA WPA2 Authentication Enterprise level User Authentication via 802 1x EAP and RADIUS B 12 WPA WPA2 Data Encryption Key Management B 14 Is WPA...

Страница 8: ...DI MDIX Switching B 14 Appendix D Preparing Your PCs for Network Access Preparing Your Computers for TCP IP Networking C 1 Configuring Windows 98 and Me for TCP IP Networking C 2 Installing or Verifying Windows Networking Components C 2 Enabling DHCP to Automatically Configure TCP IP Settings C 3 DHCP Configuration of TCP IP in Windows 98 and Me C 4 Selecting the Windows Internet Access Method C 5...

Страница 9: ...he following typographical conventions This guide uses the following formats to highlight special messages This manual is written for the WG602v3 Access Point according to these specifications Table 1 1 Typographical Conventions italics Emphasis books CDs URL names bold User input fixed Screen text file and server names extensions commands IP addresses Note This format is used to highlight informa...

Страница 10: ...and for browsing forwards or backwards through the manual one page at a time A button that displays the table of contents and an button Double click on a link in the table of contents or index to navigate directly to where the topic is described in the manual A button to access the full NETGEAR Inc online knowledge base for the product model Links to PDF versions of the full manual and individual ...

Страница 11: ...you were viewing opens in a browser window Note Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files The Acrobat reader is available on the Adobe Web site at http www adobe com Click the print icon in the upper left of the window Tip If your printer supports printing two pages on a single sheet of paper you can save paper and printer ink by selecting...

Страница 12: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 1 4 About This Manual 202 10060 02 February 2005 ...

Страница 13: ...imum connectivity area with about a 300 foot radius The NETGEAR WG602v3 54 Mbps Wireless Access Point can support a small group of users in a range of several hundred feet Most access points are rated for up to 32 users simultaneously The auto sensing capability of the NETGEAR WG602v3 54 Mbps Wireless Access Point allows packet transmission at up to 54 Mbps or at reduced speeds to compensate for d...

Страница 14: ...wser and can be upgraded remotely Access Control The Access Control MAC Address filtering feature can ensure that only trusted wireless stations can use the WG602v3 to gain access to your LAN Simple Configuration If the default settings are unsuitable they are easy to change Hidden Mode The SSID is not broadcast assuring only clients configured with the correct SSID can connect Autosensing Etherne...

Страница 15: ...s about crossover cables as Auto Uplink will accommodate either type of cable to make the right connection Wireless Multimedia WMM Support WMM Wireless Multimedia is a subset of the 802 11e standard WMM allows wireless traffic to have a range of priorities depending on the kind of data Time dependent information like video or audio will have a higher priority than normal traffic For WMM to functio...

Страница 16: ...items NETGEAR WG602v3 54 Mbps Wireless Access Point Power adapter and cord 12Vdc 1 2A Straight through Category 5 Ethernet cable 10 feet 3 04 m Printed WG602v3 54 Mbps Wireless Access Point Installation Guide Resource CD for the NETGEAR 54 Mbps Wireless Access Point WG602v3 Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 202 10060 02 this manual Windows TCP IP and Networking...

Страница 17: ...ccess Point provides three status LEDs Figure 2 1 WG602v3 front panel The following table explains the LED indicators LED DESCRIPTION Power Off On Power Indicator No power If this LED does not come on with the power adapter and cord correctly installed see Chapter 6 Troubleshooting Power is on Ethernet Ethernet LAN Link Activity Indicator Off Green On Indicates no Ethernet link detected 100 Mbps F...

Страница 18: ...esets the WG602v3 when pushed once or restores to the factory default settings when pushed and held for 10 seconds RJ 45 Ethernet Port Use the WG602v3 Ethernet RJ 45 port to connect to an Ethernet LAN through a device such as a hub switch or router Detachable Antenna The WG602v3 provides a detachable antenna Be sure the antenna is securely fastened Wireless Wireless LAN Link Activity Indicator Off...

Страница 19: ...wireless adapters Observing Placement and Range Guidelines The operating distance or range of your wireless connection can vary significantly based on the physical placement of the wireless access point The latency data throughput performance and notebook power consumption of wireless adapters also vary depending on your configuration choices Note Indoors computers can connect over wireless networ...

Страница 20: ...els for example use Channels 1 and 6 or 6 and 11 The time it takes to establish a wireless connection can vary depending on both your security settings and placement Default Factory Settings When you first receive your WG602v3 the default factory settings will be set as shown below To restore these defaults see WG602v3 Wireless Access Point Rear Panel on page 2 6 FEATURE FACTORY DEFAULT SETTINGS U...

Страница 21: ...ta broadcast over the wireless link is fully exposed Turn Off the Broadcast of the Wireless Network Name SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products such as Windows XP but the data is still fully exposed to a determined snoop using specialized test equipment like wireless sniffe...

Страница 22: ... Wireless Access Point you should make sure that your Ethernet network is up and working You will be connecting the access point to the Ethernet network so that computers with 802 11b or 802 11g wireless adapters will be able to communicate with computers on the Ethernet network In order for this to work correctly verify that you have met all of the system requirements shown on page 2 4 1 SET UP T...

Страница 23: ...s set by default to be a DHCP client So if the WG602v3 has not yet been installed and there is no DHCP server on the network you can log in to the WG602v3 using its default IP address 192 168 0 227 is the default IP address of your access point Note This procedure which uses a static IP configuration If WG602v3 has already been installed or it is connected to a network where there as a DHCP server...

Страница 24: ...ess coverage area b Lift the antenna side so that it is vertical c Connect an Ethernet cable from your WG602v3 Access Point to a LAN port on your router switch or hub Note By default WG602v3 is set to be a DHCP client If your network uses static IP addresses you will need to change this setting d Connect the power adapter to the wireless access point and plug the power adapter in to a power outlet...

Страница 25: ...IOS login described in How to Log In to the WG602v3 Using Its Default NetBIOS Name on page 3 9 or the procedure described in Set up the WG602v3 Access Point on page 3 4 which uses a static IP configuration Note The computer you are using to connect to the WG602v3 should be configured with an IP address that starts with 192 168 0 x and a Subnet Mask of 255 255 255 0 2 Open a Web browser such as Int...

Страница 26: ... then display the WG602v3 settings home page When the wireless access point is connected to the Internet click the Knowledge Base or the Documentation link under the Web Support menu to view support information or the documentation for the wireless access point If you do not click Logout the wireless access point will wait 5 minutes after there is no activity before it automatically logs you out ...

Страница 27: ...of your access point The access point NetBIOS name is formed from the word NETGEAR and last 6 digits of the access point s MAC address on the label on the bottom of the unit It is formatted like NETGEAR123456 with no spaces or delimiters Note If the computer you are using to connect to the WG602v3 is on a different subnet you will not be able to connect via its NetBIOS name unless there is a WINS ...

Страница 28: ...me of admin and the default password of password Using the Basic IP Settings Options The IP Settings page is under the Setup heading of the main menu Use this page to configure DHCP static IP and the access point NetBIOS name Figure 3 8 Basic IP Settings page Access Point Name NetBIOS You can change the access point name after the initial configuration Enter a new name for the wireless access poin...

Страница 29: ...55 255 0 Gateway 0 0 0 0 If your network has a requirement to use a different IP addressing scheme you can make those changes in this page Spanning Tree Protocol Spanning Tree Protocol in enabled by default for the wireless access point This provides network traffic optimization in settings with multiple WG602v3 Access Points Remember to click Apply to save your changes Understanding the Basic Wir...

Страница 30: ... to 11 Unless a region is selected the channel cannot be changed Channel Frequency This field identifies which operating frequency will be used It should not be necessary to change the wireless channel unless you notice interference problems or setting up the WG602v3 near another access point See Wireless Channels on page B 7 for more information on wireless channels Access points use a fixed chan...

Страница 31: ...n Open System If selected you have the option of using WEP encryption or no encryption This is the default Shared Key If selected you must use WEP at least one shared key must be entered Legacy 802 1x If selected you must configure the Radius Server Settings Screen WPA with Radius If selected you must configure the Radius Server Settings Screen WPA PSK If selected you must use TKIP encryption Ente...

Страница 32: ...AES with WPA but this is not part of the 802 11 standards and is not supported by this Access Point Passphrase To use the passphrase to generate the WEP keys enter a passphrase and click the Generate Keys button You can also enter the keys directly These keys must match the other wireless stations Key 1 Key 2 Key 3 Key 4 If using WEP select the key to be used as the default key Data transmissions ...

Страница 33: ... are set to Shared Key as well and are configured with the correct key WEP Encryption key size Choose one 64 bit or 128 bit Again the encryption key size must be the same for the wireless adapters and the wireless access point Data Encryption WEP Keys There are two methods for creating WEP data encryption keys Whichever method you use record the key values in the spaces below Passphrase method ___...

Страница 34: ...t WEP for the Security Type Figure 3 11 WEP Settings page 2 The Authentication Type is set to Any by default Change the Authentication Type to Shared Key to use WEP data encryption 3 For the Encryption Strength select 64 or 128 bit encryption 4 You can manually or automatically program the four data encryption keys These values must be identical on all PCs and access points in your network Note If...

Страница 35: ...tandard 5 Click Apply to save your settings How to Configure WPA PSK Wireless Security Note Not all wireless adapters support WPA Furthermore client software is required on the client Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA Nevertheless the wireless adapter hardware and driver must also support WPA Consult the product document for your wirel...

Страница 36: ...gs link in the Setup section of the main menu and select WPA2 PSK for the Security Type Figure 3 13 WPA2 Settings menu 2 Enter a word or group of 8 63 printable characters in the Password Phrase box 3 Click Apply to save your settings Note If you use a wireless PC to configure WPA settings you will be disconnected when you click Apply Reconfigure your wireless adapter to match the new settings or ...

Страница 37: ...ers support WPA2 Furthermore client software is required on the client Make sure your client card supports WPA2 Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings To configure WPA PSK and WPA2 PSK follow these steps 1 Click the Security Settings link in the Setup section of the main menu and select WPA PSK WPA2 PSK for the ...

Страница 38: ...sses follow these steps 1 From the Setup section of the main menu click Access Control to display the Wireless Access page shown below 2 Select the type of Access Control Disable Allow Block 3 Then enter the MAC address for a device you plan to use You can usually find the MAC address printed on the wireless adapter Note When configuring the WG602v3 from a wireless PC whose MAC address is not in t...

Страница 39: ...obtain a wireless link to the WG602v3 The PC should then appear in the Station List page 4 Click Add to add the wireless device to the access list Repeat these steps for each additional device you want to add to the list 5 Be sure to click Apply to save your wireless access control list settings Now only devices on this list will be allowed to wirelessly connect to the WG602v3 For blocking access ...

Страница 40: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 3 22 Basic Installation and Configuration 202 10060 02 February 2005 ...

Страница 41: ...ccess Point These features can be found under the Management heading in the main menu of the browser interface Viewing General Information The Information summarizes of the current WG602v3 configuration settings From the main menu of the browser interface click Information to view the system status screen shown below Figure 4 1 Wireless Access Point Status screen ...

Страница 42: ...ent IP Settings These parameters apply to the Local WG602v3 wireless access point IP Address The IP address of the wireless access point Subnet Mask The subnet mask for the wireless access point Default Gateway The default gateway for the wireless access point DHCP Client Enabled by default Enabled DHCP client indicates that the current IP address was obtained from a DHCP server on your network Wi...

Страница 43: ... the table data is lost until the wireless access point rediscovers the devices To force the wireless access point to look for associated devices click the Refresh button Note A wireless network can include multiple wireless access points all using the same network name SSID This enables extending the reach of the wireless network and allows users to roam from one access point to another providing...

Страница 44: ... file can be sent using your browser Note The Web browser used to upload new firmware into the WG602v3 must support HTTP uploads such as Microsoft Internet Explorer 5 0 or above or Netscape Navigator 4 78 or above 1 Download the new software file from NETGEAR save it to your hard disk and unzip it Figure 4 3 WG602v3 Upgrade Firmware page 2 From the main menu Management section click the Upgrade Fi...

Страница 45: ...he label on the bottom of the unit for example NETGEAR123456 On the Restore Factory Default Settings screen select Yes then click Apply to restore the factory default settings Using the Reset Button to Reboot or Restore Factory Defaults To restore the factory default configuration settings without knowing the login password or IP address you must use the Default Reset button on the rear panel of t...

Страница 46: ...sword Change this password to a more secure password You cannot change the administrator login name From the main menu of the browser interface under the Management heading click Change Password to bring up the page shown below Figure 4 4 Set Password page To change the password first enter the old password and then enter the new password twice Click Apply to save your change ...

Страница 47: ...s Settings to bring up the page shown below Figure 5 1 Advanced Wireless Settings menu The default advanced wireless settings usually work well These settings should not be changed unless you are sure it is necessary WMM support WMM Wireless Multimedia is a subset of the 802 11e standard WMM allows wireless traffic to have a range of priorities depending on the kind of data Time dependent informat...

Страница 48: ...rogrammed in this field will be fragmented The Fragment Threshold value must be larger than the RTS Threshold value The default is 2346 Beacon Interval The Beacon Interval specifies the interval time between 20ms and 1000ms for each beacon transmission The default is 100 DTIM Interval The DTIM Delivery Traffic Indication Message specifies the data beacon rate between 1 and 255 The default is 1 Pre...

Страница 49: ...ddress physical address of the other Bridge mode Wireless Station in the field provided WEP can and should be used to protect this communication Wireless Multi Point Bridging In this mode the WG602 will communicate with up to four bridge mode wireless access points And if you check the Enable Wireless Client Association checkbox wireless clients will also be serviced by this access point You must ...

Страница 50: ...mputers on Ethernet LAN segment 1 will use AP1 to communicate with AP2 2 Configure AP2 in Point to Point mode with the MAC address of AP1 and deploy it on LAN Segment 2 Use the same security and channel settings as AP1 If you check the Enable Wireless Client Association checkbox wireless clients will also be able to use AP2 If the Enable Wireless Client Association checkbox is not selected only co...

Страница 51: ... 3 in Point to Point Bridge mode with the Remote MAC Address of AP2 2 Verify the following parameters for all access points Verify that the LAN network configuration the WG602v3 Access Points are configured to operate in the same LAN network address range as the LAN devices Only one AP is configured in Wireless Multi Point Bridging mode and all the others are in Point to Point Bridge mode All APs ...

Страница 52: ...Ns If you check the Enable Wireless Client Association checkbox wireless clients will also be able to use the AP A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other PCs or servers connected to any of the three LAN segments If Access Control Lists are enabled on the APs only computers in the access control list will be able to use the A...

Страница 53: ...ll APs must be on the same LAN That is all the APs LAN IP address must be in the same network If using DHCP all WG602v3 Access Points should be set to Obtain an IP address automatically DHCP Client in the IP Address Source portion of the Basic IP Settings menu All WG602v3 Access Points use the same SSID Channel authentication mode if any and encryption in use 3 Verify connectivity across the LANs ...

Страница 54: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 5 8 Advanced Configuration 202 10060 02 February 2005 ...

Страница 55: ...3 4 I cannot remember the wireless access point s configuration password Go to Changing the Administrator Password on page 4 6 Troubleshooting If you have trouble setting up your WG602v3 check the tips below No lights are lit on the access point The access point has no power Make sure the power cord is connected to the access point and plugged in to a working power outlet or power strip Make sure ...

Страница 56: ...ns off I cannot configure the wireless access point from a browser Check these items The WG602v3 is properly installed LAN connections are OK and it is powered on Check that the LAN port LED is amber or green to verify that the Ethernet connection is OK If you are using the NetBIOS name of the WG602v3 to connect ensure that your PC and the WG602v3 are on the same network segment or that there is a...

Страница 57: ...nsure that your PCs TCP IP settings are correct If using a Fixed Static IP Address check the Subnet Mask Default Gateway DNS and IP Addresses If the PCs are configured correctly but still not working ensure that the WG602v3 is connected and turned on Connect to it and check its settings If you cannot connect to it check the LAN and power connections If the WG602v3 is configured correctly check you...

Страница 58: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 6 4 Troubleshooting 202 10060 02 February 2005 ...

Страница 59: ...ead Spectrum DSSS for 802 11b and Orthogonal Frequency Division Multiplexing OFDM for 802 11g Wireless Security WEP and WPA PSK Maximum Computers Per Wireless Network Limited by the amount of wireless network traffic generated by each node Typically 32 nodes Network Management Web based configuration and status monitoring Status LEDs Power Ethernet LAN Wireless LAN Dimensions 28 x 175 x 118 mm 1 1...

Страница 60: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 A 2 Specifications 202 10060 02 February 2005 ...

Страница 61: ... the Wireless Ethernet Compatibility Alliance WECA see http www wi fi net an industry standard group promoting interoperability among 802 11 devices The 802 11 standard offers two methods for configuring a wireless network ad hoc and infrastructure Infrastructure Mode With a wireless Access Point you can operate the wireless LAN in the infrastructure mode This mode provides wireless connectivity t...

Страница 62: ...cation SSID In an ad hoc wireless network with no access points the Basic Service Set Identification BSSID is used In an infrastructure wireless network that includes an access point the ESSID is used but may still be referred to as SSID An SSID is a thirty two character maximum alphanumeric key identifying the name of the wireless local area network Some vendors refer to the SSID as network name ...

Страница 63: ...SID 4 The station sends an authentication request to the access point 5 The access point authenticates the station 6 The station sends an association request to the access point 7 The access point associates with the station 8 The station can now communicate with the Ethernet network through the access point An access point must authenticate a station before the station can associate with the acce...

Страница 64: ...that corresponds to the station s default key The access point compares the decrypted text with the original challenge text If the decrypted text matches the original challenge text then the access point and the station share the same WEP Key and the access point authenticates the station 5 The station connects to the network If the decrypted text does not match the original challenge text the acc...

Страница 65: ... WEP Key For authentication purposes the network uses Open System Authentication 3 Use WEP for Authentication and Encryption A transmitting 802 11 device encrypts the data portion of every packet it sends using a configured WEP Key The receiving device decrypts the data using the same WEP Key For authentication purposes the wireless network uses Shared Key Authentication Note Some 802 11 access po...

Страница 66: ...ntered instead of the cryptic hexadecimal characters to ease encryption key entry 128 bit encryption is stronger than 40 bit encryption but 128 bit encryption may not be available outside of the United States due to U S export regulations When configured for 40 bit encryption 802 11 products typically support up to four WEP Keys Each 40 bit WEP Key is expressed as 5 sets of two hexadecimal digits ...

Страница 67: ... AP s WEP key 2 is the same as the client s WEP key 2 and the AP s WEP key 3 is the same as the client s WEP key 3 Wireless Channels The wireless frequencies used by 802 11b g networks are discussed below IEEE 802 11b g wireless nodes communicate with each other using radio frequency signals in the ISM Industrial Scientific and Medical band between 2 4 GHz and 2 5 GHz Neighboring channels are 5 MH...

Страница 68: ...e security enhancements that increase the level of data protection and access control for existing and future wireless LAN systems The IEEE introduced the WEP as an optional security measure to secure 802 11b Wi Fi WLANs but inherent weaknesses in the standard soon became obvious In response to this situation the Wi Fi Alliance announced a new security architecture in October 2002 that remedies th...

Страница 69: ...ally refer to IETF s RFC 2284 With 802 11 WEP all access points and client wireless adapters on a particular wireless LAN must use the same encryption key A major problem with the 802 11 standard is that the keys are cumbersome to change If you do not update the WEP keys often an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages...

Страница 70: ...dware support Support for a mixture of WPA WPA2 and WEP wireless clients to allow a migration strategy but mixing WEP and WPA WPA2 is discouraged These features are discussed below WPA WPA2 addresses most of the known WEP vulnerabilities and is primarily intended for wireless infrastructure networks as found in the enterprise This infrastructure includes stations access points and authentication s...

Страница 71: ... to those stations successfully authenticated The supplicant in the station uses the authentication and cipher suite information contained in the information elements to decide which authentication method and cipher suite to use For example if the access point is using the pre shared key method then the supplicant need not authenticate using full blown 802 1X Rather the supplicant must simply prov...

Страница 72: ... the EAP type such as Transport Layer Security EAP TLS or EAP Tunneled Transport Layer Security EAP TTLS defines how the authentication takes place Note For environments with a Remote Authentication Dial In User Service RADIUS infrastructure WPA supports Extensible Authentication Protocol EAP For environments without a RADIUS infrastructure WPA supports the use of a pre shared key Together these t...

Страница 73: ...or AES Probe Responses AP to station and Association Requests station to AP also contain WPA information elements 1 Initial 802 1x communications begin with an unauthenticated supplicant client device attempting to connect with an authenticator 802 11 access point The client sends an EAP start message This begins a series of message exchanges to authenticate the client 2 The access point replies w...

Страница 74: ...n specify any EAP type without needing to upgrade an 802 1x compliant access point As a result you can update the EAP authentication type to such devices as token cards Smart Cards Kerberos one time passwords certificates and public key authentication or as newer types become available and your requirements for security change WPA WPA2 Data Encryption Key Management With 802 1x the rekeying of uni...

Страница 75: ...e bits in the encrypted payload and update the encrypted ICV without being detected by the receiver With WPA a method known as Michael specifies a new algorithm that calculates an 8 byte message integrity check MIC using the calculation facilities available on existing wireless devices The MIC is placed between the data portion of the IEEE 802 11 frame and the 4 byte ICV The MIC field is encrypted...

Страница 76: ... for WPA WPA2 Starting in August 2003 NETGEAR Inc wireless Wi Fi certified products will support the WPA standard NETGEAR Inc wireless products that had their Wi Fi certification approved before August 2003 will have one year to add WPA so as to maintain their Wi Fi certification WPA WPA2 requires software changes to the following Wireless access points Wireless network adapters Wireless client pr...

Страница 77: ...less AP Changes to Wireless Network Adapters Wireless networking software in the adapter and possibly in the OS or client application must be updated to support the following The new WPA WPA2 information element Wireless clients must be able to process the WPA WPA2 information element and respond with a specific security configuration The WPA WPA2 two phase authentication Open system then 802 1x s...

Страница 78: ...e your Microsoft Windows wireless client all you have to do is obtain the new WPA WPA2 compatible driver and install the driver Changes to Wireless Client Programs Wireless client programs must be updated to permit the configuration of WPA WPA2 authentication and preshared key and the new WPA WPA2 encryption algorithms TKIP and AES To obtain the Microsoft WPA client program visit the Microsoft Web...

Страница 79: ...e Internet can be very expensive Because of this expense Internet access is usually provided by a slower speed wide area network WAN link such as a cable or DSL modem In order to make the best use of the slower WAN link a mechanism must be in place for selecting and transmitting only the data traffic meant for the Internet The function of selecting and forwarding this data is performed by a router...

Страница 80: ... decimal points For example the following binary address 11000011 00100010 00001100 00000111 is normally written as 195 34 12 7 The latter version is easier to remember and easier to enter into your computer In addition the 32 bits of the address are subdivided into two parts The first part of the address identifies the network and the second part identifies the host node or station on the network...

Страница 81: ...esses can have up to 65 354 hosts on a network A Class B address uses a 16 bit network number and a 16 bit node number Class B addresses are in this range 128 1 x x to 191 254 x x Class C Class C addresses can have 254 hosts on a network Class C addresses use 24 bits for the network address and eight bits for the node They are in this range 192 0 1 x to 223 255 254 x Class D Class D addresses are ...

Страница 82: ...ks for Class A B and C addresses are 255 0 0 0 255 255 0 0 and 255 255 255 0 respectively For example the address 192 168 170 237 is a Class C IP address whose network portion is the upper 24 bits When combined using an AND operator with the Class C netmask as shown here only the network portion of the address remains 11000000 10101000 10101010 11101101 192 168 170 237 combined with 11111111 11111...

Страница 83: ...n addition to extending the number of addresses available subnet addressing provides other benefits Subnet addressing allows a network manager to construct an address scheme for the network by using different subnets for other geographical locations in the network or for other departments in the organization Although the preceding example uses the entire third octet for a subnet address note that ...

Страница 84: ...nto 16 subnets 4 bits the new subnet mask becomes 255 255 255 240 The following table displays several common netmask values in both the dotted decimal and the masklength formats Configure all hosts on a LAN segment to use the same netmask for the following reasons Table C 1 Netmask Notation Translation Table for One Octet Number of Bits Dotted Decimal Value 1 128 2 192 3 224 4 240 5 248 6 252 7 2...

Страница 85: ... situation do not create an arbitrary IP address always follow the guidelines explained here For more information about address assignment refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space The Internet Engineering Task Force IETF publishes RFCs on its Web site at www ietf org Single IP Address Operation Using NAT In the past if mu...

Страница 86: ...on about IP address translation refer to RFC 1631 The IP Network Address Translator NAT IP Configuration by DHCP When an IP based local area network is installed each PC must be configured with an IP address If the PCs need to access the Internet they should also be configured with a gateway address and one or more DNS server addresses As an alternative to manual configuration there is a method by...

Страница 87: ... a domain name system DNS server maps descriptive names of network resources to IP addresses When a PC accesses a resource by its descriptive name it first contacts a DNS server to obtain the IP address of the resource The PC sends the desired message using the IP address Many large organizations such as ISPs maintain their own DNS servers and allow their customers to use the servers to look up ad...

Страница 88: ...ion with this IP address responds to the ARP request All other stations discard the request The station with the correct IP address responds with its own MAC address directly to the sending device The receiving station provides the transmitting station with the required destination MAC address The IP address data and MAC address data for each station are held in an ARP table The next time data is ...

Страница 89: ...ary for the firewall to analyze groups of network connection states Using Stateful Packet Inspection an incoming packet is intercepted at the network layer and then analyzed for state related information associated with all network connections A central cache within the firewall keeps track of the state information associated with all network connections All traffic passing through the firewall is...

Страница 90: ...ps operation Category 5 Only 0 5 inch 1 5 cm of untwist in the wire pair is allowed at any termination point A twisted pair Ethernet network operating at 10 Mbits second 10BASE T will often tolerate low quality cables but at 100 Mbits second 10BASE Tx the cable must be rated as Category 5 or Cat 5 by the Electronic Industry Association EIA This rating will be printed on the cable jacket A Category...

Страница 91: ...in the device Computers and workstation adapter cards are usually media dependent interface ports called MDI or uplink ports Most repeaters and switch ports are configured as media dependent interfaces with built in crossover ports called MDI X or normal ports Auto Uplink technology automatically senses which connection MDI or MDI X is needed and makes the right connection Figure C 4 illustrates s...

Страница 92: ...ing is referred to as Media Dependant Interface Crossover MDI X When connecting a PC to a PC or a hub port to another hub port the transmit pair must be exchanged with the receive pair This exchange is done by one of two mechanisms Most hubs provide an Uplink switch which will exchange the pairs on one port allowing that port to be connected to another hub using a normal Ethernet cable The second ...

Страница 93: ...h LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection e g connecting to a PC or an uplink connection e g connecting to a router switch or hub That port will then configure itself to the correct configuration This feature also eliminates the need to worry about crossover cables as Auto UplinkTM will accommodate either type of...

Страница 94: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 C 16 Network Routing Firewall and Cabling Basics 202 10060 02 February 2005 ...

Страница 95: ... on your network must have TCP IP installed and selected as its networking protocol If a Network Interface Card NIC is already installed in your PC then TCP IP is probably already installed as well Most operating systems include the software components you need for networking with TCP IP Windows 95 or later includes the software components for establishing a TCP IP network In your TCP IP network e...

Страница 96: ...ss Installing or Verifying Windows Networking Components To install or verify the necessary components for IP networking 1 On the Windows taskbar click the Start button point to Settings and then click Control Panel 2 Double click the Network icon The Network window opens which displays a list of installed components You must have an Ethernet adapter or an WG602v3 the TCP IP protocol and the Clien...

Страница 97: ...ton b Select Client and then click Add c Select Microsoft d Select File and Print Sharing for Microsoft Networks and then click OK 3 Restart your PC for the changes to take effect Enabling DHCP to Automatically Configure TCP IP Settings After the TCP IP protocol components are installed each PC must be assigned specific information about itself and resources that are available on its network The s...

Страница 98: ... pointer over it and right click your mouse button If the icon is not on the desktop Click Start on the task bar located at the bottom left of the window Choose Settings and then Control Panel Locate the Network Neighborhood icon and click it This will open the Network panel as shown below Verify the following settings as shown Client for Microsoft Network exists Ethernet adapter is present TCP IP...

Страница 99: ...check boxes in the LAN Internet Configuration screen and click Next 6 Proceed to the end of the Wizard Verifying TCP IP Properties for Windows 98 or Me After your PC is configured and has rebooted you can check the TCP IP configuration using the utility winipcfg exe 1 On the Windows taskbar click the Start button and then click Run By default the IP Address tab is open on this window Verify the fo...

Страница 100: ...e PC preparation process you may need to install and configure TCP IP on each networked PC Before starting locate your Windows CD you may need to insert it during the TCP IP installation process Installing or Verifying Windows Networking Components To install or verify the necessary components for IP networking 1 On the Windows taskbar click the Start button point to Settings and then click Contro...

Страница 101: ... steps will walk you through the configuration process for each of these versions of Windows In Windows XP and 2000 systems locate your Network Neighborhood icon Select Control Panel from the Windows XP Start Menu Select the Network Connections icon on the Control Panel This will take you to the next step Now the Network Connection window displays The Connections List shows all the network connect...

Страница 102: ...twork Connection Status window This box displays the connection status duration speed and activity statistics Administrator logon access rights are needed to use this window Click the Properties button to view details about the connection The TCP IP details are presented on the Support tab page Select Internet Protocol and click Properties to view the configuration information ...

Страница 103: ...ollow the steps below to configure TCP IP with DHCP for Windows 2000 Verify that Obtain an IP address automatically radio button is selected and that the Obtain DNS server address automatically radio button is selected Click the OK button This completes the DHCP configuration in Windows XP Repeat these steps for each PC with this version of Windows on your network Click My Network Places icon on t...

Страница 104: ...ox of Components checked are used by this connection Client for Microsoft Networks and Internet Protocol TCP IP Click OK With Internet Protocol TCP IP selected click Properties to open the Internet Protocol TCP IP Properties dialogue box Verify that Obtain an IP address automatically is selected Obtain DNS server address automatically is selected Click OK to return to Local Area Connection Propert...

Страница 105: ...ck the Start button and then click Run The Run window opens 2 Type cmd and then click OK A command window opens 3 Type ipconfig all Your IP Configuration information will be listed and should match the values below if you are using the default TCP IP settings that NETGEAR recommends for connecting through a router or gateway The IP address is between 192 168 0 2 and 192 168 0 254 The subnet mask i...

Страница 106: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 D 12 Preparing Your PCs for Network Access 202 10060 02 February 2005 ...

Страница 107: ...less LANs and pertains to systems operating in the 5 GHz frequency range with a bandwidth of 54 Mbps Another standard 802 11g is for WLANS operating in the 2 4 GHz frequency but with a bandwidth of 54 Mbps 802 11a Standard An IEEE specification for wireless networking that operates in the 5 GHz frequency range 5 15 GHz to 5 85 GHz with a maximum 54 Mbps data transfer rate The 5 GHz frequency band ...

Страница 108: ...hat defines software patches to WEP to provide a minimally adequate level of data privacy AES or AES OCB Advanced Encryption Standard and Offset Codebook is a robust data privacy scheme and is a longer term solution Security Association Management is addressed by a RSN Negotiation Procedures b IEEE 802 1x Authentication and c IEEE 802 1x Key management The standards are being defined to naturally ...

Страница 109: ...onal capabilities such as NAT routing DHCP firewalls security etc Ad Hoc mode A client setting that provides independent peer to peer connectivity in a wireless LAN An alternative set up is one where PCs communicate with each other through an AP See access point and Infrastructure mode Bandwidth The amount of transmission capacity that is available on a network at any point in time Available bandw...

Страница 110: ...o a wireless gateway or access point Instead of the signals transferring in parallel paths from one set of plugs to another the signals crossover If an eight wire cable was being used for instance the signal would start on pin one at one end of the cable and end up on pin eight at the other end They cross over from one side to the other CSMA CA Carrier Sense Multiple Action CSMA CA is the principl...

Страница 111: ... a series of numbers like 107 22 55 26 Every website has its own specific IP address on the Internet Encryption Key An alphanumeric letters and or numbers series that enables data to be encrypted and then decrypted so it can be safely shared among members of a network WEP uses an encryption key that automatically encrypts outgoing wireless data On the receiving side the same encryption key enables...

Страница 112: ...ways may also provide VPN support roaming firewalls various levels of security etc Hot Spot also referred to as Public Access Location A place where you can access Wi Fi service This can be for free or for a fee HotSpots can be inside a coffee shop airport lounge train station convention center hotel or any other public meeting area Corporations and campuses are also implementing HotSpots to provi...

Страница 113: ... point AP As compared to Ad Hoc mode whereby PCs communicate directly with each other clients set in Infrastructure Mode all pass data through a central AP The AP not only mediates wireless network traffic in the immediate neighborhood but also provides communication with the wired network See Ad Hoc and AP IP Internet Protocol address A 32 bit number that identifies each sender or receiver of inf...

Страница 114: ...each of the spheres below represent a mesh router Corporate servers and printers may be shared by attaching to each mesh router For wireless access to the mesh an access point must be attached to any one of the mesh routers Multiple Input Multiple Output MIMO MIMO refers to radio links with multiple antennas at the transmitter and the receiver side to improve the performance of the wireless link N...

Страница 115: ...o server or central hub or router All the networked PCs are equally able to act as a network server or client and each client computer can talk to all the other wireless computers without having to go through an access point or hub However since there is no central base station to monitor traffic or provide Internet access the various signals can collide with each other reducing overall performanc...

Страница 116: ... stand alone mode in a parking lot or in a neighbor s building Rogue APs by definition are not under the management of network administrators and do not conform to network security policies and may present a severe security risk Ideally it is best to have some type of WLAN system that does not allow rogue access points to easily be added to an existing WLAN Router A device that forwards data packe...

Страница 117: ...k to the server in order to have a secret key exchange for that session Subnetwork or Subnet Found in larger networks these smaller networks are used to simplify addressing between numerous computers Subnets connect to the central network through a router hub or gateway Each individual wireless LAN will probably use the same subnet for all the local computers it talks to Switch A type of hub that ...

Страница 118: ...a bandwidth of up to 400 Mbps VoIP Voice over IP Voice transmission using Internet Protocol to create digital packets distributed over the Internet VoIP can be less expensive than voice transmission using standard analog packets over POTS Plain Old Telephone Service VPN Virtual Private Network A type of technology designed to increase the security of information transferred over the Internet VPN c...

Страница 119: ...home or small business user needs to protect wireless data WEP is available in 40 bit also called 64 bit or in 108 bit also called 128 bit encryption modes As 108 bit encryption provides a longer algorithm that takes longer to decode it can provide better security than basic 40 bit 64 bit encryption Wi Fi Wireless Fidelity Another name for IEEE 802 11b Products certified as Wi Fi are interoperable...

Страница 120: ...s AES CCMP These features are either not yet ready for market or will require hardware upgrades to implement Wi Fi Protected Access for the Enterprise Wi Fi Protected Access effectively addresses the WLAN security requirements for the enterprise and provides a strong encryption and authentication solution prior to the ratification of the IEEE 802 11i standard In an enterprise with IT resources Wi ...

Страница 121: ... Access for all Wi Fi clients and access points WiMAX An IEEE 802 16 Task Group that provides a specification for fixed broadband wireless access systems employing a point to multipoint PMP architecture Task Group 1 of IEEE 802 16 developed a point to multipoint broadband wireless access standard for systems in the frequency range 10 66 GHz The standard covers both the Media Access Control MAC and...

Страница 122: ...Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3 16 Glossary 202 10060 02 February 2005 ...

Отзывы: