Netgear WAC720 Reference Manual - Page 32

WPA and WPA-PSK TKIP, Legacy 802.1X

Get Netgear WAC720 PDF manuals and user guides View all Netgear WAC720 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 32 highlights

ProSAFE Dual-Band Wireless AC Access Point WAC720 WAC730 100-foot radius. Such distances can allow for others outside your immediate area to access your network. Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of your wireless equipment. The wireless access point provides highly effective security features that are covered in detail in this chapter. Deploy the security features appropriate to your needs. Figure 4. You can enhance the security of your wireless network in several ways: • Use multiple BSSIDs combined with VLANs. You can configure combinations of VLANS and BSSIDs (security profiles) with stronger or less restrictive access security according to your requirements. For example, visitors could be given wireless Internet access but be excluded from any access to your internal network. For information about how to configure BSSIDs, see Configure and Enable Security Profiles on page 35. • Restrict access based on MAC address. You can allow only trusted devices to connect so that unknown devices cannot wirelessly connect to the wireless access point. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed. For information about how to restrict access by MAC address, see Restrict Wireless Access by MAC Address on page 44. • Turn off the broadcast of the wireless network name (SSID). If you disable broadcast of the SSID, only devices with the correct SSID can connect. This nullifies the wireless network discovery feature of some products, such as Windows XP, but the data is still exposed. For information about how to turn off broadcast of the SSID, see Configure and Enable Security Profiles on page 35. • Legacy 802.1X. Legacy 802.1X uses RADIUS-based 802.1x authentication but no data encryption. For information about how to configure Legacy 802.1X, see Configure and Enable Security Profiles on page 35 and Configure Legacy 802.1X on page 39. • WPA and WPA-PSK (TKIP). Wi-Fi Protected Access (WPA) data encryption provides strong data security with Temporal Key Integrity Protocol (TKIP) encryption. The very strong authentication along with dynamic per-frame rekeying of WPA makes it virtually impossible to compromise. Wireless Configuration and Security 32

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
Wireless Configuration and Security
32
ProSAFE Dual-Band Wireless AC Access Point WAC720 WAC730
100-foot radius. Such distances can allow for others outside your immediate area to access
your network.
Unlike wired network data, your wireless data transmissions can extend beyond your walls
and can be received by anyone with a compatible adapter. For this reason, use the security
features of your wireless equipment. The wireless access point provides highly effective
security features that are covered in detail in this chapter. Deploy the security features
appropriate to your needs.
Figure 4.
You can enhance the security of your wireless network in several ways:
Use multiple BSSIDs combined with VLANs
. You can configure combinations of
VLANS and BSSIDs (security profiles) with stronger or less restrictive access security
according to your requirements. For example, visitors could be given wireless Internet
access but be excluded from any access to your internal network. For information about
how to configure BSSIDs, see
Configure and Enable Security Profiles
on page
35.
Restrict access based on MAC address
. You can allow only trusted devices to connect
so that unknown devices cannot wirelessly connect to the wireless access point.
Restricting access by MAC address adds an obstacle against unwanted access to your
network, but the data broadcast over the wireless link is fully exposed. For information
about how to restrict access by MAC address, see
Restrict Wireless Access by MAC
Address
on page
44.
Turn off the broadcast of the wireless network name (SSID)
. If you disable broadcast
of the SSID, only devices with the correct SSID can connect. This nullifies the wireless
network discovery feature of some products, such as Windows XP, but the data is still
exposed. For information about how to turn off broadcast of the SSID, see
Configure and
Enable Security Profiles
on page
35.
Legacy 802.1X
. Legacy 802.1X uses RADIUS-based 802.1x authentication but no data
encryption. For information about how to configure Legacy 802.1X, see
Configure and
Enable Security Profiles
on page
35 and
Configure Legacy 802.1X
on page
39.
WPA and WPA-PSK (TKIP)
. Wi-Fi Protected Access (WPA) data encryption provides
strong data security with Temporal Key Integrity Protocol (TKIP) encryption. The very
strong authentication along with dynamic per-frame rekeying of WPA makes it virtually
impossible to compromise.