Home » Netgear Manuals » Wireless » Netgear WG602v2 » Manual Viewer

Netgear WG602v2 WG602v2 User Manual - Page 76

WPA Data Encryption Key Management, traffic. With WPA

Add to My Manuals
Save this manual to your list of manuals

Page 76 highlights

Reference Manual for the WG602 v2 54 Mbps Wireless Access Point 3. The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS). 4. The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type. 5. The authentication server will either send an accept or reject message to the access point. 6. The access point sends an EAP-success packet (or reject packet) to the client. 7. If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic. The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application "supplicant" software on the client devices. The access point acts as a "pass through" for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication or as newer types become available and your requirements for security change. WPA Data Encryption Key Management With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required. For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients. If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use. B-14 M-10181-03 Wireless Networking Basics

Section	Page
Trademarks	2
Statement of Conditions	2
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice	3
Canadian Department of Communications Compliance Statement	4
CE Declaration of Conformity	5
Contents	7
Chapter 1 About This Manual	13
Audience, Scope, Conventions	13
How to Use this Manual	14
How to Print this Manual	15
Chapter 2 Introduction	17
About the 54 Mbps Wireless Access Point WG602 v2	17
Support for Standards	17
Key Features	18
802.11g Standards-based Wireless Networking	18
Autosensing Ethernet Connections with Auto Uplink	19
Compatible and Related NETGEAR Products	19
System Requirements	19
What’s In the Box?	20
Hardware Description	21
WG602 v2 Wireless Access Point Front Panel	21
WG602 v2 Wireless Access Point Rear Panel	22
Power Socket	22
Reset and Restore to Factory Defaults Button	22
RJ-45 Ethernet Port	22
Detachable Antenna	22
Chapter 3 Basic Installation and Configuration	24
Observing Placement and Range Guidelines	24
Default Factory Settings	25
Understanding WG602 v2 Wireless Security Options	26
Installing the 54 Mbps Wireless Access Point WG602 v2	27
Two Ways to Log In to the WG602 v2	29
How to Log in Using the Default IP Address of the WG602 v2	30
How to Log In to the WG602 v2 Using Its Default NetBIOS Name	31
Using the Basic IP Settings Options	33
Understanding the Basic Wireless Settings	34
Understanding Wireless Security Options	36
Information to Gather Before Changing Basic Wireless Settings	37
How to Configure WEP Wireless Security	38
How to Configure WPA-PSK Wireless Security	39
How to Restrict Wireless Access by MAC Address	40
Chapter 4 Management	43
Viewing General Information	43
Viewing a List of Attached Devices	45
Upgrading the Wireless Access Point Software	45
Rebooting and Resetting Factory Default Options	47
Restoring the WG602 v2 to the Factory Default Settings	47
Using the Reset Button to Reboot or Restore Factory Defaults	47
Changing the Administrator Password	48
Chapter 5 Advanced Configuration	49
Configuring Wireless Bridge or Repeater Links	49
How to Select the Wireless Bridging Access Point Mode	50
How to Configure a WG602 v2 as a Point-to-Point Bridge	51
How to Configure Wireless Multi-Point Bridging	52
How to Configure a WG602 v2 as a Repeater	54
Understanding Advanced Wireless Settings	55
Chapter 6 Troubleshooting	57
Troubleshooting	57
No lights are lit on the access point.	57
The Ethernet LAN light is not lit.	57
The Wireless LAN activity light is not lit.	58
I cannot configure the wireless access point from a browser.	58
I cannot access the Internet or the LAN with a wireless capable computer.	58
When I enter a URL or IP address I get a timeout error.	59
Using the Reset Button to Restore Factory Default Settings	59
Appendix A Specifications	61
Specifications for the WG602 v2	61
Appendix B Wireless Networking Basics	63
Wireless Networking Overview	63
Infrastructure Mode	63
Ad Hoc Mode (Peer-to-Peer Workgroup)	64
Network Name: Extended Service Set Identification (ESSID)	64
Wireless Channels	64
WEP Wireless Security	66
WEP Authentication	66
WEP Open System Authentication	67
WEP Shared Key Authentication	68
Key Size and Configuration	69
How to Use WEP Parameters	70
WPA Wireless Security	70
How Does WPA Compare to WEP?	71
How Does WPA Compare to IEEE 802.11i?	72
What are the Key Features of WPA Security?	72
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	74
WPA Data Encryption Key Management	76
Temporal Key Integrity Protocol (TKIP)	77
Michael	77
AES Support	77
Is WPA Perfect?	78
Product Support for WPA	78
Supporting a Mixture of WPA and WEP Wireless Clients	78
Changes to Wireless Access Points	78
Changes to Wireless Network Adapters	79
Changes to Wireless Client Programs	80
Appendix C Network, Routing, Firewall, and Cabling Basics	81
Basic Router Concepts	81
What is a Router?	81
IP Addresses and the Internet	82
Netmask	84
Subnet Addressing	84
Private IP Addresses	87
Single IP Address Operation Using NAT	87
IP Configuration by DHCP	88
Domain Name Server	89
Routing Protocols	89
RIP	89
MAC Addresses and ARP	90
Internet Security and Firewalls	90
What is a Firewall?	91
Stateful Packet Inspection	91
Denial of Service Attack	91
Ethernet Cabling	91
Category 5 Cable Quality	92
Inside Twisted Pair Cables	93
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	94
Appendix D Preparing Your PCs for Network Access	97
Preparing Your Computers for TCP/IP Networking	97
Configuring Windows 98 and Me for TCP/IP Networking	98
Installing or Verifying Windows Networking Components	98
Enabling DHCP to Automatically Configure TCP/IP Settings	99
DHCP Configuration of TCP/IP in Windows 98 and Me	100
Selecting the Windows Internet Access Method	101
Verifying TCP/IP Properties for Windows 98 or Me	101
Configuring Windows 2000 or XP for TCP/IP Networking	102
Installing or Verifying Windows Networking Components	102
DHCP Configuration of TCP/IP in Windows XP	103
DHCP Configuration of TCP/IP in Windows 2000	105
Verifying TCP/IP Properties for Windows XP or 2000	107
Glossary	109
Numeric	109
A	110
B	110
C	111
D	111
E	112
G	112
I	112
L	114
M	114
N	115
P	116
Q	117
R	117
S	117
T	118
U	118
W	118

Match case Limit results 1 per page

Reference Manual for the WG602 v2 54 Mbps Wireless Access Point

B-14

Wireless Networking Basics

M-10181-03

The client sends an EAP-response packet containing the identity to the authentication server.

The access point responds by enabling a port for passing only EAP packets from the client to

an authentication server located on the wired side of the access point. The access point blocks

all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the

client's identity using an authentication server (e.g., RADIUS).

The authentication server uses a specific authentication algorithm to verify the client's identity.

This could be through the use of digital certificates or some other EAP authentication type.

The authentication server will either send an accept or reject message to the access point.

The access point sends an EAP-success packet (or reject packet) to the client.

If the authentication server accepts the client, then the access point will transition the client's

port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type

resides on the authentication server and within the operating system or application “supplicant”

software on the client devices. The access point acts as a “pass through” for 802.1x messages,

which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant

access point. As a result, you can update the EAP authentication type to such devices as token

cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication or

as newer types become available and your requirements for security change.

WPA Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x

provide no mechanism to change the global encryption key used for multicast and broadcast

traffic. With WPA, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for

every frame, and the change is synchronized between the wireless client and the wireless access

point (AP). For the global encryption key, WPA includes a facility (the Information Element) for

the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return

session keys to the access point along with the accept message. The access point uses the session

keys to build, sign and encrypt an EAP key message that is sent to the client immediately after

sending the success message. The client can then use contents of the key message to define

applicable encryption keys. In typical 802.1x implementations, the client can automatically change

encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough

time to crack the key in current use.