Home » Netgear Manuals » Wireless » Netgear WAX620 » Manual Viewer

Netgear WAX620 User Manual - Page 61

WPA2 Enterprise, Encryption, TKIP + AES, Dynamic VLAN, Enable, Disable, WPA3 Personal, Passphrase

Add to My Manuals
Save this manual to your list of manuals

Page 61 highlights

Insight Cloud Managed WiFi 6 AX3600 Access Point Model WAX620 • WPA2 Enterprise: This enterprise-level security uses RADIUS for centralized Authentication, Authorization, and Accounting (AAA) management. For WPA2 Enterprise security to function, you must set up RADIUS servers (see Set up RADIUS servers on page 129). From the Encryption menu, select the data encryption mode: - TKIP + AES. This type of data encryption enables WiFi devices that support either WPA or WPA2 to join the access point's WiFi network. This is the default mode. - AES. This type of data encryption provides a secure connection but some older WiFi devices do not detect WPA2 and support only WPA. Therefore, if your network includes such older devices, select TKIP + AES encryption. When you select WPA2 Enterprise authentication, the Dynamic VLAN radio buttons display: - Enable: The RADIUS server can assign a VLAN ID to clients. If the RADIUS server does not do so, the clients are automatically assigned the VLAN ID that you configured for the SSID. - Disable: The clients are assigned the VLAN ID that you configured for the SSID. This is the default setting. • WPA3 Personal: This option is the most secure personal authentication option. WPA3 uses SAE encryption and enables only WiFi devices that support WPA3 to join the VAP. If you select this option, 802.11w (PMF) is automatically set to mandatory (see Step 8). WPA3 provides a secure connection but some legacy WiFi devices do not detect WPA3 and support only WPA2. If your network also includes WPA2 devices, select WPA3/WPA2 Personal authentication. In the Passphrase field, enter a phrase of 8 to 63 characters. To join the VAP, a user must enter this passphrase. To view the passphrase in clear text, click the eye icon. • WPA3/WPA2 Personal: This option, which is the same as WPA3/WPA2-PSK, enables WiFi devices that support either WPA3 or WPA2 to join the VAP. This option uses SAE and AES encryption. WPA2-PSK (which uses AES) is less secure than WPA3 (which uses SAE). In the Passphrase field, enter a phrase of 8 to 63 characters. To join the VAP, a user must enter this passphrase. To view the passphrase in clear text, click the eye icon. • WPA3 Enterprise: This enterprise-level security uses RADIUS for centralized Authentication, Authorization, and Accounting (AAA) management. For WPA3 Enterprise security to function, you must set up RADIUS servers (see Set up RADIUS Manage the Basic WiFi Features 61 for a WiFi network User Manual

Section	Page
Contents	5
1. Introduction	10
About the local browser user interface and NETGEAR Insight	11
Additional documentation	11
2. Hardware Overview	12
Unpack the access point	13
Top panel with LEDs	13
Hardware interfaces	15
Product label	16
Safety instructions and warnings for an indoor access point	17
3. Install the Access Point in Your Network and Access It for Initial Configuration	19
Position your access point for best performance	20
Set up and connect the access point to your network	21
Connect to the access point for initial configuration	22
Connect over the Internet using the NETGEAR Insight Cloud Portal	23
Connect over WiFi using the NETGEAR Insight app	25
Connect over WiFi to the local browser UI for initial configuration	27
Connect over the LAN to the local browser UI for initial configuration	32
Configure the access point offline using a directly connected computer	36
Log in to the access point after initial setup	42
What to do if you get a browser security warning	43
4. Install the Access Point in an Insight Instant Mesh WiFi Network	44
What are a root and a node?	45
What is an Insight Instant Mesh WiFi network?	46
Requirements for placing a node in a mesh WiFi network	47
Access the NETGEAR Insight Cloud Portal to set up or manage an Insight Instant Mesh WiFi network	48
Connect the access point as a node to a root using the Cloud Portal	49
Install the NETGEAR Insight app to manage an Insight Instant Mesh WiFi network	52
Connect the access point as a node to a root using the Insight app	53
5. Manage the Basic WiFi Features for a WiFi network	57
Set up an open or secure WiFi network	58
View or change the settings of a WiFi network	67
Remove a WiFi network	68
Hide or broadcast the SSID for a WiFi network	69
Change the VLAN ID for a WiFi network	70
Change the authentication and encryption for a WiFi network	71
Enable or disable PMF for a WiFi network	75
Set up Multi PSK for a WiFi network	76
Disable or enable a WiFi network or set up a WiFi activity schedule	79
Enable or disable band steering with 802.11k RRM and 802.11v WiFi network management	81
6. Manage the Basic Radio Features	83
Manage the basic WiFi settings for the radios	84
Turn a radio on or off	87
Change the WiFi mode for a radio	88
Change the channel width for a radio	89
Change the guard interval for a radio	91
Change the output power for a radio	92
Change the channel for a radio	93
Manage Quality of Service for a WiFi radio	94
7. Set Up and Manage a Captive Portal	97
Set up a click-through captive portal for a WiFi network	98
Set up an external captive portal for a WiFi network	101
Register and configure Facebook Wi-Fi for the access point	104
Set up a Facebook Wi-Fi captive portal for a WiFi network	106
Unregister the access point from Facebook Wi-Fi	107
8. Manage Access and Security	109
Block specific URLs and keywords for Internet access	110
Manage user accounts	112
Add a user account	112
Change the time-out period for a user session	113
Change the settings for a user account	114
Remove a user account	115
Manage local MAC access control lists	116
Manually set up a MAC access control List	117
Import an existing MAC access control list	120
Manage neighbor AP detection	123
Enable neighbor access point detection and move access points to the Known AP List	124
Import an existing neighbor access point list in the Known AP List	126
Set up RADIUS servers	129
Enable L2 security	131
9. Manage the Local Area Network and IP Settings	133
Disable the DHCP client and specify a fixed IP address	134
Enable the DHCP client	135
Set the 802.1Q VLAN and management VLAN	137
Set an existing domain name	139
Enable or disable Spanning Tree Protocol	140
Enable or disable the network integrity check function	141
Enable or disable IGMP snooping	142
Enable or disable Ethernet LLDP	143
Enable or disable UPnP	144
Manage the multicast DNS gateway	145
Enable the multicast DNS gateway and add a policy	146
Change or remove a multicast DNS policy	147
10. Manage and Maintain the Access Point	149
Change the management mode to NETGEAR Insight or Web-browser	150
Change the country or region of operation	152
Change the admin user account password	153
Change the system name	154
Specify a custom NTP server	155
Set the time zone	156
Manage the syslog settings	157
Manage the firmware of the access point	158
Let the access point check for new firmware and update the firmware	159
Manually download firmware and update the access point	160
Revert to the backup firmware	162
Use an SFTP server to update the access point	163
Manage the configuration file of the access point	165
Back up the access point configuration	165
Restore the access point configuration	166
Reboot the access point from the local browser UI	168
Schedule the access point to reboot	169
Return the access point to its factory default settings	170
Use the Reset button to reset the access point	170
Use the local browser UI to reset the access point	172
Enable SNMP and manage the SNMP settings	173
Manage the LEDs	174
Manage the Energy Efficiency Mode	175
11. Monitor the Access Point and the Network	178
Display the access point Internet, IP, and system settings	179
Display the WiFi radio settings	182
Display unknown and known neighbor access points	185
Display client distribution, connected clients, and client trends	187
View WiFi and Ethernet traffic, traffic and ARP statistics, and channel utilization	190
View or download tracked URLs	192
View, save, download, or clear the logs	194
View a WiFi bridge connection	196
View alarms and notifications	197
12. Manage the Advanced WiFi Features for a WiFi network	199
Set NAT mode or Bridge mode for addressing and traffic	200
Enable or disable client isolation for a WiFi network	201
Enable or disable URL tracking for a WiFi network	203
Change the format of the DHCP offer messages in a WiFi network	205
Select a MAC ACL for a WiFi network	206
Set bandwidth rate limits for a WiFi network	208
Configure advanced rate selection for a WiFi network	209
13. Set up a WiFi Bridge	214
WiFi base station, WiFi repeater, and WiFi bridge requirements	215
Set up a WiFi bridge between access points	216
14. Manage the Advanced Radio Features	220
Manage the advanced WiFi settings for the radios	221
Manage the maximum number of clients for a radio	224
Manage the broadcast and multicast settings for a radio	225
Manage load balancing for the radios	227
Manage sticky clients	229
Manage the ARP proxy	231
Manage the amount of broadcast traffic	232
15. Diagnostics and Troubleshooting	234
Perform a ping test	235
Capture WiFi and Ethernet packets	236
Check the Internet speed	239
Quick tips for WiFi troubleshooting	240
Troubleshoot with the LEDs	241
Power/Cloud LED remains off	242
Power/Cloud LED remains solid amber	242
Power/Cloud LED is blinking amber slowly, continuously	243
The access point functions as a PoE PD and the Power/Cloud LED remains solid amber	243
Power/Cloud LED does not light blue in the NETGEAR Insight management mode	244
Power/Cloud LED does not stop blinking amber, green, and blue	245
2.4G or 5G WLAN LED is off	245
The node and root cannot connect	246
Troubleshoot WiFi connectivity for a WiFi client device	247
Troubleshoot Internet browsing	248
You cannot log in to the access point over a LAN connection	249
Changes are not saved	250
You enter the wrong password and can no longer log in to the access point	250
Troubleshoot your network using the ping utility	251
Test the LAN path to your access point	251
Test the path from your computer to a remote device	252
A. Factory Default Settings and Technical Specifications	253
Factory default settings	254
Technical specifications	258
B. Mount the Access Point to a Wall or Ceiling	260
Mount the access point to a wall	261
Mount the access point to a solid ceiling	263

Match case Limit results 1 per page

•

WPA2 Enterprise

: This enterprise-level security uses RADIUS for centralized

Authentication, Authorization, and Accounting (AAA) management. For WPA2

Enterprise security to function, you must set up RADIUS servers (see Set

RADIUS

servers

on page 129).

From the

Encryption

menu, select the data encryption mode:

TKIP + AES

. This type of data encryption enables WiFi devices that support

either WPA or WPA2 to join the access point’s WiFi network. This is the default

mode.

AES

. This type of data encryption provides a secure connection but some

older WiFi devices do not detect WPA2 and support only WPA. Therefore, if

your network includes such older devices, select

TKIP + AES

encryption.

When you select

WPA2 Enterprise

authentication, the

Dynamic VLAN

radio

buttons display:

Enable

: The RADIUS server can assign a VLAN ID to clients. If the RADIUS

server does not do so, the clients are automatically assigned the VLAN ID that

you configured for the SSID.

Disable

: The clients are assigned the VLAN ID that you configured for the

SSID. This is the default setting.

•

WPA3 Personal

: This option is the most secure personal authentication option.

WPA3 uses SAE encryption and enables only WiFi devices that support WPA3

to join the VAP. If you select this option, 802.11w (PMF) is automatically set to

mandatory (see Step

WPA3 provides a secure connection but some legacy WiFi devices do not detect

WPA3 and support only WPA2. If your network also includes WPA2 devices,

select

WPA3/WPA2 Personal

authentication.

In the

Passphrase

field, enter a phrase of 8 to 63 characters. To join the VAP, a

user must enter this passphrase. To view the passphrase in clear text, click the

eye icon.

•

WPA3/WPA2 Personal

: This option, which is the same as WPA3/WPA2-PSK,

enables WiFi devices that support either WPA3 or WPA2 to join the VAP. This

option uses SAE and AES encryption.

WPA2-PSK (which uses AES) is less secure than WPA3 (which uses SAE).

In the

Passphrase

field, enter a phrase of 8 to 63 characters. To join the VAP, a

user must enter this passphrase. To view the passphrase in clear text, click the

eye icon.

•

WPA3 Enterprise

: This enterprise-level security uses RADIUS for centralized

Authentication, Authorization, and Accounting (AAA) management. For WPA3

Enterprise security to function, you must set up RADIUS servers (see Set

RADIUS

User Manual

Manage the Basic WiFi Features

for a WiFi network

Insight Cloud Managed WiFi 6 AX3600 Access Point Model WAX620