Home » Netgear Manuals » Wireless » Netgear ME103 » Manual Viewer

Netgear ME103 ME103 Reference Manual - Page 79

Understanding 802.1x Port Based Network Access Control

UPC - 606449026375

Add to My Manuals
Save this manual to your list of manuals

Page 79 highlights

Reference Manual for the ME103 802.11b ProSafe Wireless Access Point Understanding 802.1x Port Based Network Access Control 802.1x is well on its way to becoming an industry standard, and provides an effective wireless LAN security solution. Windows XP implements 802.1x natively, and the ME103 802.11b ProSafe Wireless Access Point supports 802.1x. The 802.11i committee is specifying the use of 802.1x to eventually become part of the 802.11 standard. With 802.11b WEP, all access points and client wireless adapters on a particular wireless LAN must use the same encryption key. Each sending station encrypts data with a WEP key before transmission, and the receiving station decrypts it using an identical key. This process reduces the risk of someone passively monitoring the transmission and gaining access to the data transmitted over the wireless connections. However, a major problem with the 802.11 standard is that the keys are cumbersome to change. If you don't update the WEP keys often, an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages. In order to use different keys, you must manually configure each access point and wireless adapter with new keys. Products based on the 802.11 standard alone offer system administrators no effective method to update the keys. This might not be too much of concern with a few users, but the job of renewing keys on larger networks can be a monumental task. As a result, companies either don't use WEP at all or maintain the same keys for weeks, months, and even years. Both cases significantly heighten the wireless LAN's vulnerability to eavesdroppers. IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1x ties a protocol called EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. For details on EAP specifically, refer to IETF's RFC 2284. Wireless Networking Basics B-9 August 2003

Section	Page
Trademarks	2
Statement of Conditions	2
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice	3
Canadian Department of Communications Compliance Statement	4
CE Declaration of Conformity	5
Contents	7
Chapter 1 About This Manual	11
Audience	11
Scope	11
Typographical Conventions	12
Special Message Formats	12
How to Use the HTML Version of this Manual	13
How to Print this Manual	14
Chapter 2 Introduction	15
About the ME103 802.11b ProSafe Wireless Access Point	15
Key Features	16
802.11b Standards-based Wireless Networking	17
Autosensing Ethernet Connections with Auto Uplink	18
Compatible and Related NETGEAR Products	18
System Requirements	18
What’s In the Box?	19
Hardware Description	19
ME103 Wireless Access Point Front Panel	20
ME103 Wireless Access Point Rear Panel	21
Left Side Primary and Right Side Secondary Detachable Antenna	21
Restore to Factory Defaults Button	21
RJ-45 Ethernet Port	21
Power Socket	21
Chapter 3 Basic Installation and Configuration	22
Observing Placement and Range Guidelines	22
Cabling Requirements	23
Default Factory Settings	24
Understanding ME103 Wireless Security Options	25
Installing the ME103 802.11b ProSafe Wireless Access Point	26
How to Log In to the ME103 Using Its Default NetBIOS Name	29
How to Log In to the ME103 Using Its Default IP Address	31
Understanding Basic Wireless Settings	32
Understanding Basic Wireless Security Options	33
Information to Gather Before Changing Basic Wireless Settings	35
How to Set Up and Test Basic Wireless Connectivity	36
How to Restrict Wireless Access by MAC Address	37
How to Configure WEP	38
Using the Basic IP Settings Options	39
Chapter 4 Maintenance	41
Viewing General, Log, Station, and Statistical Information	41
Statistics	43
Activity Log	45
Viewing a List of Attached Devices	46
Upgrading the Wireless Access Point Software	47
Configuration File Management	48
Saving and Retrieving the Configuration	49
Restoring the ME103 to the Factory Default Settings	49
Using the Reset Button to Restore Factory Default Settings	49
Changing the Administrator Password	50
Chapter 5 Advanced Configuration	51
Configuring Advanced Security 802.1x Options	51
Basic Requirements for 802.1x	51
How to Configure the 802.1x Key Exchange Option	52
Understanding Advanced Wireless Settings	58
Configuring Wireless Operating Modes	60
How to Configure a ME103 as a Point-to-Point Bridge	60
How to Configure Multi-Point Wireless Bridging	61
Antenna Installation	63
Blank Configuration Worksheet	64
Chapter 6 Troubleshooting	65
No lights are lit on the access point.	65
The Wireless LAN activity light does not light up.	66
The LAN light is not lit.	66
I cannot access the Internet or the LAN with a wireless capable computer.	66
I am using EAP-TLS security but get disconnected.	67
I cannot connect to the ME103 to configure it.	67
When I enter a URL or IP address I get a timeout error.	67
Using the Reset Button to Restore Factory Default Settings	68
Appendix A Specifications	69
Specifications for the ME103	69
Appendix B Wireless Networking Basics	71
Wireless Networking Overview	71
Infrastructure Mode	71
Ad Hoc Mode (Peer-to-Peer Workgroup)	72
Network Name: Extended Service Set Identification (ESSID)	72
Authentication, WEP, and WPA	72
802.11 Authentication	73
Open System Authentication	73
Shared Key Authentication	74
Overview of WEP Parameters	75
Key Size	76
WEP Configuration Options	77
Wireless Channels	77
Understanding 802.1x Port Based Network Access Control	79
Appendix C Network, Routing, Firewall, and Cabling Basics	83
Basic Router Concepts	83
What is a Router?	84
IP Addresses and the Internet	84
Netmask	86
Subnet Addressing	86
Private IP Addresses	89
Single IP Address Operation Using NAT	89
IP Configuration by DHCP	90
Domain Name Server	91
Routing Protocols	91
RIP	91
MAC Addresses and ARP	92
Internet Security and Firewalls	92
What is a Firewall?	93
Stateful Packet Inspection	93
Denial of Service Attack	93
Ethernet Cabling	94
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	94
Cable Quality	95
Appendix D Preparing Your PCs for Network Access	97
Preparing Your Computers for TCP/IP Networking	97
Configuring Windows 98 and Me for TCP/IP Networking	97
Install or Verify Windows Networking Components	97
Enabling DHCP to Automatically Configure TCP/IP Settings	99
Selecting Windows’ Internet Access Method	101
Verifying TCP/IP Properties	101
Configuring Windows 2000 or XP for TCP/IP Networking	102
Install or Verify Windows Networking Components	102
DHCP Configuration of TCP/IP in Windows XP	103
DHCP Configuration of TCP/IP in Windows 2000	105
Verifying TCP/IP Properties for Windows XP or 2000	107
Glossary	109

Match case Limit results 1 per page

Reference Manual for the ME103 802.11b ProSafe Wireless Access Point

Wireless Networking Basics

B-9

August 2003

Understanding 802.1x Port Based Network Access Control

802.1x is well on its way to becoming an industry standard, and provides an effective wireless

LAN security solution. Windows XP implements 802.1x natively, and the ME103 802.11b

ProSafe Wireless Access Point supports 802.1x. The 802.11i committee is specifying the use of

802.1x to eventually become part of the 802.11 standard.

With 802.11b WEP, all access points and client wireless adapters on a particular wireless LAN

must use the same encryption key. Each sending station encrypts data with a WEP key before

transmission, and the receiving station decrypts it using an identical key. This process reduces the

risk of someone passively monitoring the transmission and gaining access to the data transmitted

over the wireless connections.

However, a major problem with the 802.11 standard is that the keys are cumbersome to change. If

you don't update the WEP keys often, an unauthorized person with a sniffing tool can monitor your

network for less than a day and decode the encrypted messages. In order to use different keys, you

must manually configure each access point and wireless adapter with new keys.

Products based on the 802.11 standard alone offer system administrators no effective method to

update the keys. This might not be too much of concern with a few users, but the job of renewing

keys on larger networks can be a monumental task. As a result, companies either don't use WEP at

all or maintain the same keys for weeks, months, and even years. Both cases significantly heighten

the wireless LAN's vulnerability to eavesdroppers.

IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a

protected network, as well as dynamically varying encryption keys. 802.1x ties a protocol called

EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports

multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates,

and public key authentication. For details on EAP specifically, refer to IETF's RFC 2284.