Home » Netgear Manuals » Wireless » Netgear WNDAP660 » Manual Viewer

Netgear WNDAP660 Reference Manual - Page 43

Use multiple BSSIDs combined with VLANs, Restrict access based by MAC address

Add to My Manuals
Save this manual to your list of manuals

Page 43 highlights

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660 Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of your wireless equipment. The wireless access point provides highly effective security features that are covered in detail in this chapter. Deploy the security features appropriate to your needs. Figure 17. There are several ways you can enhance the security of your wireless network: • Use multiple BSSIDs combined with VLANs. You can configure combinations of VLANS and BSSIDs (security profiles) with stronger or less restrictive access security according to your requirements. For example, visitors could be given wireless Internet access but be excluded from any access to your internal network. For information about how to configure BSSIDs, see Configure and Enable Security Profiles on page 48. • Restrict access based by MAC address. You can allow only trusted devices to connect so that unknown devices cannot wirelessly connect to the wireless access point. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed. For information about how to restrict access by MAC address, see Restrict Wireless Access by MAC Address on page 60. • Turn off the broadcast of the wireless network name (SSID). If you disable broadcast of the SSID, only devices that have the correct SSID can connect. This nullifies the wireless network discovery feature of some products, such as Windows XP, but the data is still exposed. For information about how to turn off broadcast of the SSID, see Configure and Enable Security Profiles on page 48. • WEP. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP shared key authentication and WEP data encryption block all but the most determined eavesdropper. This data encryption mode has been superseded by WPA-PSK and WPA2-PSK. For information about how to configure WEP, see Configure and Enable Security Profiles on page 48 and Configure an Open System with WEP or Shared Key with WEP on page 53. • Legacy 802.1X. Legacy 802.1X uses RADIUS-based 802.1x authentication but no data encryption. For information about how to configure Legacy 802.1X, see Configure and Enable Security Profiles on page 48 and Configure Legacy 802.1X on page 54. Wireless Configuration and Security 43

Section	Page
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660	1
Contents	3
1. Introduction	6
About the ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660	6
What Is in the Box?	7
System Requirements	8
Key Features and Standards	8
Supported Standards and Conventions	8
Key Features	9
802.11b/g/n and 802.11a/n Standards–Based Wireless Networking	11
Autosensing Ethernet Connections with Auto Uplink	11
Hardware Description	11
Top Panel	12
Rear Panel	13
Bottom Panel with Product Label	14
Register the Wireless Access Point	14
2. Installation and Basic Configuration	17
What You Need Before You Begin	17
Wireless Equipment Placement and Range Guidelines	17
Ethernet Cabling Requirements	18
LAN Configuration Requirements	18
Hardware Requirements for Computers on Your LAN	19
Operating Frequency (Channel) Guidelines	19
Requirements for Entering IP Addresses	19
Install and Configure the Wireless Access Point	20
Connect the Wireless Access Point to a Computer	20
Log In to the Wireless Access Point	22
Configure Basic General System Settings and Time Settings	23
Configure the IPv4 Settings	25
Configure the Optional DHCPv4 Server	27
Configure the Basic Wireless Settings	28
Test Basic Wireless Connectivity	34
Mount the Wireless Access Point	35
Ceiling Installation	35
Wall Installation	38
Desk Installation	41
3. Wireless Configuration and Security	42
Wireless Data Security Options	42
Security Profiles	44
Before You Change the SSID, WEP, and WPA Settings	46
Configure and Enable Security Profiles	48
Configure RADIUS Server Settings	57
Restrict Wireless Access by MAC Address	60
Schedule the Wireless Radios to Be Turned Off	61
Configure Basic Wireless Quality of Service	62
4. Management and Monitoring	64
Enable Remote Management	64
SNMP Management	64
Secure Shell and Telnet Management	66
Upgrade the Wireless Access Point Software	67
Web Browser Upgrade Procedure	68
TFTP Server Upgrade Procedure	69
Manage the Configuration File or Reset to Factory Defaults	70
Save the Configuration	70
Restore the Configuration	71
Restore the Wireless Access Point to the Factory Default Settings	71
Reboot the Wireless Access Point without Restoring the Default Configuration	73
Change the Administrator Password	74
Manage User Accounts	75
Enable the Syslog Server	76
Monitor the Wireless Access Point	77
View System Information	77
Monitor Wireless Stations	80
View the Activity Log	83
Traffic Statistics	83
Enable Rogue AP Detection and Monitor Access Points	85
Enable and Configure Rogue AP Detection	85
View and Save Access Point Lists	87
Configure Wireless Intrusion Detection and Prevention	89
Configure Wireless Intrusion Detection and Prevention Policy Settings	89
Configure Wireless Intrusion Detection and Prevention Mail Settings	95
Monitor Traps, Counters, and Ad Hoc Networks	96
5. Advanced Configuration	99
Configure IPv6 Settings and Optional DHCPv6 Server Settings	99
Configure the IPv6 Settings	99
Configure the Optional DHCPv6 Server	101
Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol	103
Configure STP and VLANs	103
Configure Ethernet LLDP	105
Configure Hotspot Settings	106
Configure Advanced Wireless Settings	107
Configure Advanced Quality of Service Settings	111
Configure Quality of Service Policies	113
Configure Wireless Bridging	119
Configure a Point-to-Point Wireless Network	119
Configure a Point-to-Multipoint Wireless Network	123
Configure the Wireless Access Point to Repeat the Wireless Signal Using Point-to-Multipoint Bridge Mode	127
6. Troubleshooting	132
Basic Functioning	133
Verify the Correct Sequence of Events at Startup	133
No LEDs Are Lit on the Wireless Access Point	133
The Active LED or the LAN LED Is Not Lit	134
The WLAN LED Does Not Light Up	134
You Cannot Access the Internet or the LAN from a Wireless-Capable Computer	135
You Cannot Configure the Wireless Access Point from a Browser	135
When You Enter a URL or IP Address a Time-Out Error Occurs	136
Troubleshoot a TCP/IP Network Using the Ping Utility	136
Test the LAN Path to Your Wireless Access Point	137
Test the Path from Your Computer to a Remote Device	138
Problems with Date and Time	138
Use the Packet Capture Tool	139
A. Supplemental Information	140
Technical Specifications	140
Factory Default Settings	143
B. Command-Line Reference	147
C. Notification of Compliance	163

Match case Limit results 1 per page

Wireless Configuration and Security

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660

Unlike wired network data, your wireless data transmissions can extend beyond your walls

and can be received by anyone with a compatible adapter. For this reason, use the security

features of your wireless equipment. The wireless access point provides highly effective

security features that are covered in detail in this chapter. Deploy the security features

appropriate to your needs.

Figure 17.

There are several ways you can enhance the security of your wireless network:

•

Use multiple BSSIDs combined with VLANs

. You can configure combinations of

VLANS and BSSIDs (security profiles) with stronger or less restrictive access security

according to your requirements. For example, visitors could be given wireless Internet

access but be excluded from any access to your internal network. For information about

how to configure BSSIDs, see

Configure and Enable Security Profiles

on page 48.

•

Restrict access based by MAC address

. You can allow only trusted devices to connect

so that unknown devices cannot wirelessly connect to the wireless access point.

Restricting access by MAC address adds an obstacle against unwanted access to your

network, but the data broadcast over the wireless link is fully exposed. For information

about how to restrict access by MAC address, see

Restrict Wireless Access by MAC

Address

on page 60.

•

Turn off the broadcast of the wireless network name (SSID)

. If you disable broadcast

of the SSID, only devices that have the correct SSID can connect. This nullifies the

wireless network discovery feature of some products, such as Windows XP, but the data

is still exposed. For information about how to turn off broadcast of the SSID, see

Configure and Enable Security Profiles

on page 48.

•

WEP

. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP

shared key authentication and WEP data encryption block all but the most determined

eavesdropper. This data encryption mode has been superseded by WPA-PSK and

WPA2-PSK. For information about how to configure WEP, see

Configure and Enable

Security Profiles

on page 48 and

Configure an Open System with WEP or Shared Key

with WEP

on page 53.

•

Legacy 802.1X

. Legacy 802.1X uses RADIUS-based 802.1x authentication but no data

encryption. For information about how to configure Legacy 802.1X, see

Configure and

Enable Security Profiles

on page 48 and

Configure Legacy 802.1X

on page 54.