Home » Netgear Manuals » Wireless » Netgear WAC730-Business » Manual Viewer

Netgear WAC730-Business User Manual - Page 37

WiFi Data Security Options, Con the WiFi Features and Security

View all Netgear WAC730-Business manuals

Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

Dual-Band Wireless AC Access Point WAC720 and WAC730 User Manual WiFi Data Security Options Indoors, computers can connect over 802.11ac WiFi networks at a maximum range of 300 feet. Typically, a access point inside a building works best with devices within a 100-foot radius. Such distances can allow for others outside your immediate area to access your network. Unlike wired network data, your WiFi data transmissions can extend beyond your walls and can be received by anyone with a compatible WiFi device. For this reason, use the security features of your WiFi equipment. The access point provides highly effective security features that are covered in detail in this chapter. Deploy the security features appropriate to your needs. Figure 6. WiFi data security examples You can enhance the security of your WiFi network in several ways: • Use multiple BSSIDs combined with VLANs.You can configure combinations of VLANS and BSSIDs (security profiles) with stronger or less restrictive access security according to your requirements. For example, visitors could be given WiFi Internet access but be excluded from any access to your internal network. For information about how to configure BSSIDs, see Configure and Enable WiFi Security Profiles on page 39. • Restrict access based on MAC address. You can allow only trusted devices to connect so that unknown devices cannot connect over the WiFi to the access point. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the WiFi link is fully exposed. For information about how to restrict access by MAC address, see Manage MAC Address Filter Profiles in the Local MAC Address Database on page 50. • Turn off the broadcast of the WiFi network name (SSID). If you disable broadcast of the SSID, only devices with the correct SSID can connect. This nullifies the WiFi network discovery feature of some products, such as Windows XP, but the data is still exposed. For information about how to turn off broadcast of the SSID, see Configure and Enable WiFi Security Profiles on page 39. • WPA2-PSK (AES). Wi-Fi Protected Access version 2 (WPA2) provides the most reliable security with Advanced Encryption Standard (AES) encryption. This very strong authentication along with dynamic per-frame rekeying of WPA2 makes it virtually impossible to compromise.You can also use a combination of Temporal Key Integrity Protocol (TKIP) and AES encryption. WPA2-PSK uses a pre-shared key (PSK) for authentication. For more information, see Configure and Enable WiFi Security Profiles on page 39 and About WPA2-PSK and WPA-PSK & WPA2-PSK on page 46. Configure the WiFi Features and Security 37

Section	Page
Contents	4
1. Introduction and Hardware Overview	8
Unpack Your Access Point	9
Top Panel	9
Rear Panel	10
Access Point Label	11
2. Initial Setup	12
What You Need Before You Begin	13
System Requirements	13
WiFi Equipment Placement and Range Guidelines	13
Ethernet Cabling Requirements	14
LAN Configuration Requirements	14
Hardware Requirements for Computers on Your LAN	14
Operating Frequency Guidelines	14
Requirements for Entering IP Addresses	14
IPv4	14
IPv6	15
Install and Configure the Access Point	15
Connect the Access Point to a Computer	15
Log In to the Access Point	16
Log In to the Access Point When It Is Directly Connected to Your Computer	17
Log In to the Access Point When It Is Connected to a Network With a DHCP Server	18
Local Browser Interface	18
Disable Business Central Mode for a Standalone Access Point	19
Configure Basic General System Settings	20
Configure Time Settings	22
Configure the IPv4 Settings	23
Configure the Basic WiFi Settings	24
Configure 802.11bg/ng/bgn WiFi Settings	24
Configure 802.11a/a-na-ac WiFi Settings	27
Test Basic WiFi Connectivity	29
Mount the Access Point	30
Package Content of the Ceiling and Wall Installation Kit	30
Mount the Access Point to a Drop Ceiling	30
Mount the Access Point to a Wall	33
3. Configure the WiFi Features and Security	36
WiFi Data Security Options	37
WiFi Security Profiles	38
Configure and Enable WiFi Security Profiles	39
About WPA2-PSK and WPA-PSK & WPA2-PSK	46
About WPA2 With RADIUS and WPA & WPA2 With RADIUS	47
Change the QoS Policy for a WiFi Security Profile	47
Configure RADIUS Server Settings	48
Manage MAC Address Filter Profiles in the Local MAC Address Database	50
Add a MAC Address Filter Profile	51
Modify a MAC Address Filter Profile	52
Delete a MAC Address Filter Profile	53
Enable Rogue AP Detection and Monitor Rogue APs	53
Enable Rogue AP Detection	54
Monitor Rogue APs	55
Monitor Knows APs	56
Schedule the WiFi Radios to Be Turned Off	57
Configure Basic WiFi Quality of Service	59
4. Manage and Monitor the Access Point	61
Enable Remote Management	62
SNMP Management	62
Secure Shell and Telnet Management	63
Manage the Access Point over a Telnet Connection	64
Upgrade the Access Point Firmware	65
Upgrade the Firmware Over a Web Browser	65
Upgrade the Firmware Over a TFTP Server	66
Manage the Configuration File or Reset to Factory Defaults	67
Save the Configuration	68
Restore the Configuration	68
Restore the Access Point to the Factory Default Settings	69
Use the Local Browser Interface to Restore Factory Default Settings	70
Use the Reset Button to Restore Factory Default Settings	70
Reboot the Access Point Without Restoring the Default Configuration	71
Change the Administrator Password	72
Manage User Accounts	73
Add a New User Account	73
Change the Name for a User Account	74
Change the Privilege for a User Account	75
Reset the Password for a User Account	75
Delete a User Account	76
Enable the Syslog Server	76
Monitor the Access Point	77
View System Information	78
View Dashboard Information	80
View the Standalone Dashboard	80
View the Ensemble Dashboard	81
Monitor WiFi Clients	83
View the Activity Logs	85
View the Traffic Statistics	86
Set Up, Manage, and Monitor Ensembles	87
Configure Enable Ensemble Mode	88
Manage an Ensemble	88
Specify an Ensemble Management IP Address	89
Configure Ensemble Security With a Passphrase	89
Specify an Ensemble’s Channel Assignment Settings	90
Manage Automatic Channel Assignment for an Ensemble	91
Upgrade the Firmware of Ensemble Members From a Downloaded Firmware File	93
Upgrade the Firmware of Ensemble Members Over a TFTP Server	95
Monitor an Ensemble	96
Monitor the Status of the Ensemble	96
Monitor the Devices Connected to the Ensemble	97
Monitor the Access Points and Networks Neighboring the Ensemble	98
5. Configure Advanced Network and WiFi Features	100
Configure IPv6 Settings	101
Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol	102
Configure STP and VLANs	102
Configure Ethernet LLDP	104
Configure Bonjour	105
Configure Advanced WiFi Settings	106
Configure Advanced Quality of Service Settings	109
Configure and Manage Quality of Service Policies	112
Configure a New QoS Policy	112
Modify a QoS Policy	117
Delete a QoS Policy	118
Configure Load Balancing	118
Manage Captive Portals	120
Enable the Access Point to Register With Facebook	121
Specify Captive Portal Profile Settings and Enable the Captive Portal Instance	121
Set Up Facebook Wi-Fi for a Captive Portal Profile	124
Add User Accounts to the Local Database for Captive Portal Access	126
Upload a Custom Logo	128
Configure a Default or Custom Captive Portal Splash Page	129
Enable the Global Captive Portal Mode	131
Configure WiFi Bridging	132
Point-to-Point Bridge and Point-to-Multipoint Bridge	132
Configure a WiFi Bridge	133
6. Troubleshooting	136
Troubleshoot the Basic Functions	137
Verify the Correct Sequence of Events at Startup	137
No LEDs Are Lit on the Access Point	137
The Active LED or the LAN LED Is Not Lit	138
The WLAN LED Does Not Light	138
You Cannot Access the Internet or the LAN From a WiFi Computer	138
You Cannot Configure the Access Point From a Browser	139
When You Enter a URL or IP Address a Time-Out Error Occurs	140
Troubleshoot a TCP/IP Network Using the Ping Utility	140
Test the LAN Path to Your Access Point	140
Test the Path from Your Computer to a Remote Device	141
Problems With Date and Time	141
Use the Packet Capture Tool	142
A. Configure the Access Point in Business Central Mode	143
Enable Business Central Mode	144
Configure the IP and 802.1Q VLAN Settings in Business Central Mode	145
Reboot the Access Point in Business Central Mode	146
Reset the Access Point in Business Central Mode to Factory Default Settings	147
Upgrade Access Point Firmware in Business Central Mode	148
Configure MAC Authentication in Business Central Mode	148
Add a MAC Address Filter Profile on an Access Point in Business Central Mode	149
Assign a MAC Address Filter Profile on an Access Point in Business Central Mode	151
Modify a MAC Address Filter Profile on an Access Point in Business Central Mode	153
Delete a MAC Address Filter Profile on an Access Point in Business Central Mode	154
Monitor the Access Point in Business Central Mode	154
View the Activity Logs of an Access Point in Business Central Mode	155
View Basic Information About the Access Point In Business Central Mode	156
B. Supplemental Information	157
Technical Specifications	158

Match case Limit results 1 per page

WiFi Data Security Options

Indoors, computers can connect over 802.11ac WiFi networks at a maximum range of 300 feet.Typically,

a access point inside a building works best with devices within a 100-foot radius. Such distances can allow

for others outside your immediate area to access your network.

Unlike wired network data, your WiFi data transmissions can extend beyond your walls and can be received

by anyone with a compatible WiFi device. For this reason, use the security features of your WiFi equipment.

The access point provides highly effective security features that are covered in detail in this chapter. Deploy

the security features appropriate to your needs.

Figure 6. WiFi data security examples

You can enhance the security of your WiFi network in several ways:

•

Use multiple BSSIDs combined with VLANs

.You can configure combinations of VLANS and BSSIDs

(security profiles) with stronger or less restrictive access security according to your requirements. For

example, visitors could be given WiFi Internet access but be excluded from any access to your internal

network. For information about how to configure BSSIDs, see

Configure and Enable WiFi Security

Profiles

on page 39.

•

Restrict access based on MAC address

.You can allow only trusted devices to connect so that

unknown devices cannot connect over the WiFi to the access point. Restricting access by MAC address

adds an obstacle against unwanted access to your network, but the data broadcast over the WiFi link

is fully exposed. For information about how to restrict access by MAC address, see

Manage MAC

Address Filter Profiles in the Local MAC Address Database

on page 50.

•

Turn off the broadcast of the WiFi network name (SSID)

. If you disable broadcast of the SSID, only

devices with the correct SSID can connect. This nullifies the WiFi network discovery feature of some

products, such as Windows XP, but the data is still exposed. For information about how to turn off

broadcast of the SSID, see

Configure and Enable WiFi Security Profiles

on page 39.

•

WPA2-PSK (AES)

.Wi-Fi Protected Access version 2 (WPA2) provides the most reliable security with

Advanced Encryption Standard (AES) encryption. This very strong authentication along with dynamic

per-frame rekeying of WPA2 makes it virtually impossible to compromise.You can also use a combination

of Temporal Key Integrity Protocol (TKIP) and AES encryption.

WPA2-PSK uses a pre-shared key (PSK) for authentication. For more information, see

Configure and

Enable WiFi Security Profiles

on page 39 and

About WPA2-PSK and WPA-PSK & WPA2-PSK

on page

46.

Configure the WiFi Features and Security

Dual-Band Wireless AC Access Point WAC720 and WAC730 User Manual