User Manual
Table Of Contents
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- About the NETGEAR ProSafe 802.11g Wireless Access Point WG302
- Key Features
- AutoCell-The Self-Organizing Wireless Network
- 802.11g Standards-based Wireless Networking
- Autosensing Ethernet Connections with Auto Uplink
- Compatible and Related NETGEAR Products
- System Requirements
- What’s In the Box?
- Hardware Description
- Front Panel
- Rear Panel
- Chapter 3 Basic Installation and Configuration
- Wireless Equipment Placement and Range Guidelines
- Cabling Requirements
- Default Factory Settings
- Understanding WG302 Wireless Security Options
- Installing the WG302 Wireless Access Point
- Logging in to the WG302 Using Its Default IP Address
- Basic IP Settings
- Wireless Settings
- Security Profiles
- Before You Change the SSID and WEP Settings
- Setting up and Testing Basic Wireless Connectivity
- Configuring the Radius Server Settings
- Configuring Network Authentication
- Entering WEP Data Encryption Keys
- Restricting Wireless Access by MAC Address
- Chapter 4 Management
- Remote Management
- Using the Secure Telnet Interface
- How to Use the CLI via the Console Port
- CLI Commands
- SNMP Remote Management
- Viewing the Activity Log
- Viewing General Information
- Viewing Statistics
- Viewing the Available Wireless Station List
- Upgrading the Wireless Access Point Firmware
- Configuration File Management
- Backing up and Restoring the Configuration
- Erasing the Configuration
- Using the Reset Button to Restore Factory Default Settings
- Changing the Administrator Password
- AutoCell Rogue AP Detection
- AutoCell Rogue Station Detection
- Chapter 5 Advanced Configuration
- Understanding Advanced IP Settings for Wireless Clients
- Configuring Advanced Wireless LAN Settings
- AutoCell Overview
- AutoCell Configuration Options
- Auto RF Management
- Wi-Fi Multimedia (WMM) Setup
- Hotspot Settings
- Configuring Wireless LAN Parameters
- Wireless Bridging and Repeating
- Point-to-Point Bridge Configuration
- Multi-Point Bridge Configuration
- Repeater with Wireless Client Association
- Configuring NAT
- Configuring QoS Queues
- Setting up Guest Access
- Chapter 6 Troubleshooting
- No lights are lit on the access point.
- The Wireless LAN activity light does not light up.
- The LAN light is not lit.
- I cannot access the Internet or the LAN with a wireless capable computer.
- I cannot connect to the WG302 to configure it.
- When I enter a URL or IP address I get a timeout error.
- Using the Reset Button to Restore Factory Default Settings
- Appendix B Wireless Networking Basics
- Wireless Networking Overview
- Infrastructure Mode
- Ad Hoc Mode (Peer-to-Peer Workgroup)
- Network Name: Extended Service Set Identification (ESSID)
- Authentication and WEP Data Encryption
- 802.11 Authentication
- Open System Authentication
- Shared Key Authentication
- Overview of WEP Parameters
- Key Size
- WEP Configuration Options
- Wireless Channels
- WPA and WPA2 Wireless Security
- How Does WPA Compare to WEP?
- How Does WPA Compare to WPA2 (IEEE 802.11i)?
- What are the Key Features of WPA and WPA2 Security?
- Is WPA/WPA2 Perfect?
- Product Support for WPA/WPA2
- Appendix C Command Line Reference
Reference Manual for the NETGEAR ProSafe 802.11g Wireless Access Point WG302
B-10 Wireless Networking Basics
v0.1, December 2005
– Michael message integrity code (MIC)
– AES support (WPA2, requires hardware support)
• Support for a mixture of WPA, WPA2, and WEP wireless clients to allow a migration strategy,
but mixing WEP and WPA/WPA2 is discouraged
These features are discussed below.
WPA/WPA2 addresses most of the known WEP vulnerabilities and is primarily intended for
wireless infrastructure networks as found in the enterprise. This infrastructure includes stations,
access points, and authentication servers (typically RADIUS servers). The RADIUS server holds
(or has access to) user credentials (for example, user names and passwords) and authenticates
wireless users before they gain access to the network.
The strength of WPA/WPA2 comes from an integrated sequence of operations that encompass
802.1X/EAP authentication and sophisticated key management and encryption techniques. Its
major operations include:
• Network security capability determination. This occurs at the 802.11 level and is
communicated through WPA information elements in Beacon, Probe Response, and (Re)
Association Requests. Information in these elements includes the authentication method
(802.1X or Pre-shared key) and the preferred cipher suite (WEP, TKIP, or AES).
The primary information conveyed in the Beacon frames is the authentication method and the
cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared
key is an authentication method that uses a statically configured pass phrase on both the
stations and the access point. This obviates the need for an authentication server, which in
many home and small office environments will not be available nor desirable. Possible cipher
suites include: WEP, TKIP, and AES (Advanced Encryption Standard). We talk more about
TKIP and AES when addressing data privacy below.
• Authentication. EAP over 802.1X is used for authentication. Mutual authentication is gained
by choosing an EAP type supporting this feature and is required by WPA. 802.1X port access
control prevents full access to the network until authentication completes. 802.1X
EAPOL-Key packets are used by WPA to distribute per-session keys to those stations
successfully authenticated.
The supplicant in the station uses the authentication and cipher suite information contained in
the information elements to decide which authentication method and cipher suite to use. For
example, if the access point is using the pre-shared key method then the supplicant need not
authenticate using full-blown 802.1X. Rather, the supplicant must simply prove to the access
point that it is in possession of the pre-shared key. If the supplicant detects that the service set
does not contain a WPA information element then it knows it must use pre-WPA 802.1X
authentication and key management in order to access the network.