User Manual
Table Of Contents
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- About the NETGEAR ProSafe 802.11g Wireless Access Point WG302
- Key Features
- AutoCell-The Self-Organizing Wireless Network
- 802.11g Standards-based Wireless Networking
- Autosensing Ethernet Connections with Auto Uplink
- Compatible and Related NETGEAR Products
- System Requirements
- What’s In the Box?
- Hardware Description
- Front Panel
- Rear Panel
- Chapter 3 Basic Installation and Configuration
- Wireless Equipment Placement and Range Guidelines
- Cabling Requirements
- Default Factory Settings
- Understanding WG302 Wireless Security Options
- Installing the WG302 Wireless Access Point
- Logging in to the WG302 Using Its Default IP Address
- Basic IP Settings
- Wireless Settings
- Security Profiles
- Before You Change the SSID and WEP Settings
- Setting up and Testing Basic Wireless Connectivity
- Configuring the Radius Server Settings
- Configuring Network Authentication
- Entering WEP Data Encryption Keys
- Restricting Wireless Access by MAC Address
- Chapter 4 Management
- Remote Management
- Using the Secure Telnet Interface
- How to Use the CLI via the Console Port
- CLI Commands
- SNMP Remote Management
- Viewing the Activity Log
- Viewing General Information
- Viewing Statistics
- Viewing the Available Wireless Station List
- Upgrading the Wireless Access Point Firmware
- Configuration File Management
- Backing up and Restoring the Configuration
- Erasing the Configuration
- Using the Reset Button to Restore Factory Default Settings
- Changing the Administrator Password
- AutoCell Rogue AP Detection
- AutoCell Rogue Station Detection
- Chapter 5 Advanced Configuration
- Understanding Advanced IP Settings for Wireless Clients
- Configuring Advanced Wireless LAN Settings
- AutoCell Overview
- AutoCell Configuration Options
- Auto RF Management
- Wi-Fi Multimedia (WMM) Setup
- Hotspot Settings
- Configuring Wireless LAN Parameters
- Wireless Bridging and Repeating
- Point-to-Point Bridge Configuration
- Multi-Point Bridge Configuration
- Repeater with Wireless Client Association
- Configuring NAT
- Configuring QoS Queues
- Setting up Guest Access
- Chapter 6 Troubleshooting
- No lights are lit on the access point.
- The Wireless LAN activity light does not light up.
- The LAN light is not lit.
- I cannot access the Internet or the LAN with a wireless capable computer.
- I cannot connect to the WG302 to configure it.
- When I enter a URL or IP address I get a timeout error.
- Using the Reset Button to Restore Factory Default Settings
- Appendix B Wireless Networking Basics
- Wireless Networking Overview
- Infrastructure Mode
- Ad Hoc Mode (Peer-to-Peer Workgroup)
- Network Name: Extended Service Set Identification (ESSID)
- Authentication and WEP Data Encryption
- 802.11 Authentication
- Open System Authentication
- Shared Key Authentication
- Overview of WEP Parameters
- Key Size
- WEP Configuration Options
- Wireless Channels
- WPA and WPA2 Wireless Security
- How Does WPA Compare to WEP?
- How Does WPA Compare to WPA2 (IEEE 802.11i)?
- What are the Key Features of WPA and WPA2 Security?
- Is WPA/WPA2 Perfect?
- Product Support for WPA/WPA2
- Appendix C Command Line Reference
Reference Manual for the NETGEAR ProSafe 802.11g Wireless Access Point WG302
Wireless Networking Basics B-13
v0.1, December 2005
The AP sends Beacon Frames with WPA/WPA2 information element to the stations in the service
set. Information elements include the required authentication method (802.1x or Pre-shared key)
and the preferred cipher suite (WEP, TKIP, or AES). Probe Responses (AP to station) and
Association Requests (station to AP) also contain WPA information elements.
1. Initial 802.1x communications begin with an unauthenticated supplicant (client device)
attempting to connect with an authenticator (802.11 access point). The client sends an
EAP-start message. This begins a series of message exchanges to authenticate the client.
2. The access point replies with an EAP-request identity message.
3. The client sends an EAP-response packet containing the identity to the authentication server.
The access point responds by enabling a port for passing only EAP packets from the client to
an authentication server located on the wired side of the access point. The access point blocks
all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the
client's identity using an authentication server (for example, RADIUS).
4. The authentication server uses a specific authentication algorithm to verify the client's identity.
This could be through the use of digital certificates or some other EAP authentication type.
5. The authentication server will either send an accept or reject message to the access point.
6. The access point sends an EAP-success packet (or reject packet) to the client.
7. If the authentication server accepts the client, then the access point will transition the client's
port to an authorized state and forward additional traffic.
The important part to know at this point is that the software supporting the specific EAP type
resides on the authentication server and within the operating system or application “supplicant”
software on the client devices. The access point acts as a “pass through” for 802.1x messages,
which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant
access point. As a result, you can update the EAP authentication type to such devices as token
cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication, or
as newer types become available and your requirements for security change.
WPA/WPA2 Data Encryption Key Management
With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x
provide no mechanism to change the global encryption key used for multicast and broadcast
traffic. With WPA/WPA2, rekeying of both unicast and global encryption keys is required.
For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for
every frame, and the change is synchronized between the wireless client and the wireless access
point (AP). For the global encryption key, WPA includes a facility (the Information Element) for
the wireless AP to advertise the changed key to the connected wireless clients.