Home » Netgear Manuals » Wireless » Netgear WNDAP620 » Manual Viewer

Netgear WNDAP620 Reference Manual - Page 92

Attack, Result, Solution, Detection, Policy, Description, Policy Rule

Add to My Manuals
Save this manual to your list of manuals

Page 92 highlights

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification RF jamming attack • Attack. Multiple RF transmissions (100 or more) are sent to the 100 wireless access point, jamming the radio frequency. • Result. Wireless service is disrupted. Trap Note: The IDS detects this attack, but the IPS does not take action against this attack. Virtual carrier attack • • • Attack. Multiple frames (60 or more) with a large duration value 60 are sent to the wireless access point. Result. Wireless service is disrupted. Solution. The wireless access point sends a channel change frame to the legitimate clients and uses automatic channel selection to switch to a new clear channel. MAC spoofing • Attack. Several frames (3 or more) that contain the spoofed 3 MAC address of the wireless access point itself or the spoofed MAC address of a legitimate client are sent to the wireless access point. • Result. Wireless security might be compromised. Trap Trap Note: The IDS detects MAC spoofing, but the IPS does not take action against MAC spoofing. Rogue AP detection • • Detection. A wireless access point is not in the managed AP 0 list (see View and Save Access Point Lists on page 87) and is not connected to the secured wireless or wired network. Result. Wireless security might be compromised. Trap Ad-hoc network detected Note: The IDS detects rogue APs, but the IPS does not take action against rogue APs. For information about how to exclude rogue APs from your network, see Enable Rogue AP Detection and Monitor Access Points on page 85. • Detection. A group of wireless access points are part of an 0 ad hoc network that might broadcast the same SSID as the secured wireless network. • Result. Wireless security might be compromised. Trap Note: The IDS detects ad hoc networks, but the IPS does not take action against ad hoc networks. Ad-hoc network with • Detection. A group of wireless access points are part of an 0 wired connectivity ad hoc network that has a wired connection and that might broadcast the same SSID as the secured wireless network. • Result. Wireless security might be compromised. Trap Note: The IDS detects ad hoc networks, but the IPS does not take action against ad hoc networks. Management and Monitoring 92

Section	Page
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620	1
Contents	3
1. Introduction	6
About the ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620	6
What Is in the Box?	7
System Requirements	8
Key Features and Standards	8
Supported Standards and Conventions	8
Key Features	9
802.11b/g/n and 802.11a/n Standards–Based Wireless Networking	11
Autosensing Ethernet Connections with Auto Uplink	11
Hardware Description	11
Top Panel	11
Rear Panel	13
Bottom Panel with Product Label	13
Register the Wireless Access Point	14
2. Installation and Basic Configuration	17
What You Need Before You Begin	17
Wireless Equipment Placement and Range Guidelines	17
Ethernet Cabling Requirements	18
LAN Configuration Requirements	18
Hardware Requirements for Computers on Your LAN	19
Operating Frequency (Channel) Guidelines	19
Requirements for Entering IP Addresses	19
Install and Configure the Wireless Access Point	20
Connect the Wireless Access Point to a Computer	20
Log In to the Wireless Access Point	22
Configure Basic General System Settings and Time Settings	23
Configure the IPv4 Settings	25
Configure the Optional DHCPv4 Server	27
Configure the Basic Wireless Settings	28
Test Basic Wireless Connectivity	34
Mount the Wireless Access Point	35
Ceiling Installation	35
Wall Installation	38
Desk Installation	41
3. Wireless Configuration and Security	42
Wireless Data Security Options	42
Security Profiles	44
Before You Change the SSID, WEP, and WPA Settings	46
Configure and Enable Security Profiles	48
Configure RADIUS Server Settings	57
Restrict Wireless Access by MAC Address	60
Schedule the Wireless Radio to Be Turned Off	61
Configure Basic Wireless Quality of Service	62
4. Management and Monitoring	64
Enable Remote Management	64
SNMP Management	64
Secure Shell and Telnet Management	66
Upgrade the Wireless Access Point Software	67
Web Browser Upgrade Procedure	68
TFTP Server Upgrade Procedure	69
Manage the Configuration File or Reset to Factory Defaults	70
Save the Configuration	70
Restore the Configuration	71
Restore the Wireless Access Point to the Factory Default Settings	71
Reboot the Wireless Access Point without Restoring the Default Configuration	73
Change the Administrator Password	74
Manage User Accounts	75
Enable the Syslog Server	76
Monitor the Wireless Access Point	77
View System Information	77
Monitor Wireless Stations	80
View the Activity Log	83
Traffic Statistics	83
Enable Rogue AP Detection and Monitor Access Points	85
Enable and Configure Rogue AP Detection	85
View and Save Access Point Lists	87
Configure Wireless Intrusion Detection and Prevention	89
Configure Wireless Intrusion Detection and Prevention Policy Settings	89
Configure Wireless Intrusion Detection and Prevention Mail Settings	95
Monitor Traps, Counters, and Ad Hoc Networks	96
5. Advanced Configuration	99
Configure IPv6 Settings and Optional DHCPv6 Server Settings	99
Configure the IPv6 Settings	99
Configure the Optional DHCPv6 Server	101
Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol	103
Configure STP and VLANs	103
Configure Ethernet LLDP	105
Configure Hotspot Settings	106
Configure Advanced Wireless Settings	107
Configure Advanced Quality of Service Settings	110
Configure Quality of Service Policies	112
Configure Wireless Bridging	118
Configure a Point-to-Point Wireless Network	118
Configure a Point-to-Multipoint Wireless Network	122
Configure the Wireless Access Point to Repeat the Wireless Signal Using Point-to-Multipoint Bridge Mode	126
6. Troubleshooting	131
Basic Functioning	132
Verify the Correct Sequence of Events at Startup	132
No LEDs Are Lit on the Wireless Access Point	132
The Active LED or the LAN LED Is Not Lit	133
The WLAN LED Does Not Light Up	133
You Cannot Access the Internet or the LAN from a Wireless-Capable Computer	134
You Cannot Configure the Wireless Access Point from a Browser	134
When You Enter a URL or IP Address a Time-Out Error Occurs	135
Troubleshoot a TCP/IP Network Using the Ping Utility	135
Test the LAN Path to Your Wireless Access Point	136
Test the Path from Your Computer to a Remote Device	137
Problems with Date and Time	137
Use the Packet Capture Tool	138
A. Supplemental Information	139
Technical Specifications	139
Factory Default Settings	142
B. Command-Line Reference	146
C. Notification of Compliance	161

Match case Limit results 1 per page

Management and Monitoring

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620

RF jamming attack

•

Attack

. Multiple RF transmissions (100 or more) are sent to the

wireless access point, jamming the radio frequency.

•

Result

. Wireless service is disrupted.

Note:

The IDS detects this attack, but the IPS does not take action

against this attack.

100

Trap

Virtual carrier attack

•

Attack

. Multiple frames (60 or more) with a large duration value

are sent to the wireless access point.

•

Result

. Wireless service is disrupted.

•

Solution

. The wireless access point sends a channel change

frame to the legitimate clients and uses automatic channel

selection to switch to a new clear channel.

Trap

MAC spoofing

•

Attack

. Several frames (3 or more) that contain the spoofed

MAC address of the wireless access point itself or the spoofed

MAC address of a legitimate client are sent to the wireless

access point.

•

Result

. Wireless security might be compromised.

Note:

The IDS detects MAC spoofing, but the IPS does not take

action against MAC spoofing.

Trap

Rogue AP detection

•

Detection

. A wireless access point is not in the managed AP

list (see

View and Save Access Point Lists

on page 87) and is

not connected to the secured wireless or wired network.

•

Result

. Wireless security might be compromised.

Note:

The IDS detects rogue APs, but the IPS does not take action

against rogue APs. For information about how to exclude rogue APs

from your network, see

Enable Rogue AP Detection and Monitor

Access Points

on page 85.

Trap

Ad-hoc network

detected

•

Detection

. A group of wireless access points are part of an

ad hoc network that might broadcast the same SSID as the

secured wireless network.

•

Result

. Wireless security might be compromised.

Note:

The IDS detects ad hoc networks, but the IPS does not take

action against ad hoc networks.

Trap

Ad-hoc network with

wired connectivity

•

Detection

. A group of wireless access points are part of an

ad hoc network that has a wired connection and that might

broadcast the same SSID as the secured wireless network.

•

Result

. Wireless security might be compromised.

Note:

The IDS detects ad hoc networks, but the IPS does not take

action against ad hoc networks.

Trap

Table 24.

IDS/IPS policies and policy rules (continued)

Policy

Description

Policy Rule

Threshold

Notification