NETGEAR WG302 - 802.11g ProSafe Wireless Access Point, Reference Manual

Page 1: ...July 2005 v3 0 202 10008 03 July 2005 NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA Phone 1 888 NETGEAR Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 ...

Page 2: ...5 by NETGEAR Inc All rights reserved Trademarks NETGEAR is a registered trademark of NETGEAR INC Windows is a registered trademark of Microsoft Corporation Other brand and product names are trademarks or registered trademarks of their respective holders Information is subject to change without notice All rights reserved Statement of Conditions In the interest of improving internal design operation...

Page 3: ...int For best results identify a location for your wireless access point according to these guidelines Away from potential sources of interference such as PCs large metal surfaces microwaves and 2 4 GHz cordless phones In an elevated location such as a high shelf that is near the center of the wireless coverage area for all mobile devices Failure to follow these guidelines can result in significant...

Page 4: ... tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to rad...

Page 5: ...na gain Please go to www netgear com go wg302_fcc for an updated list of wireless accessories approved to be used with the WG302 in North America and Australia Industry Canada Compliance Statement This Class B Digital apparatus meets all the requirements of the Canadian Interference Causing Equipment Regulations ICES 003 Cet appareil numerique de classe B respecte les exigences du reglement du Can...

Page 6: ...t your local Industry Canada office Product and Publication Details Model Number WG302 Publication Date July 2005 Product Family wireless access point Product Name NETGEAR ProSafe Wireless Access Point 802 11g WG302 Home or Business Product Business Language English Publication Part Number 202 10008 03 ...

Page 7: ...em Requirements 2 5 What s In the Box 2 6 Hardware Description 2 6 Chapter 3 Basic Installation and Configuration Observing Placement and Range Guidelines 3 1 Cabling Requirements 3 2 Default Factory Settings 3 3 Understanding WG302 Wireless Security Options 3 4 Installing the WG302 Access Point 3 5 How to Log In to the WG302 Using Its Default IP Address 3 11 Using the Basic IP Settings Options 3 ...

Page 8: ...ireless Stations 4 8 Detecting a Rogue Access Point 4 9 Upgrading the Wireless Access Point Software 4 10 Configuration File Management 4 11 Saving and Retrieving the Configuration 4 11 Restoring the WG302 to the Factory Default Settings 4 12 Using the Reset Button to Restore Factory Default Settings 4 12 Changing the Administrator Password 4 12 Chapter 5 Advanced Configuration Understanding Advan...

Page 9: ...ndix A Specifications Specifications for the WG302 A 1 Appendix B Wireless Networking Basics Wireless Networking Overview B 1 Infrastructure Mode B 1 Ad Hoc Mode Peer to Peer Workgroup B 2 Network Name Extended Service Set Identification ESSID B 2 Authentication and WEP Data Encryption B 2 802 11 Authentication B 3 Open System Authentication B 3 Shared Key Authentication B 4 Overview of WEP Parame...

Page 10: ...WPA WPA2 B 16 Supporting a Mixture of WPA WPA2 and WEP Wireless Clients is Discouraged B 16 Changes to Wireless Access Points B 17 Changes to Wireless Network Adapters B 17 Changes to Wireless Client Programs B 18 Appendix C Command Line Reference Command Sets C 1 Glossary ...

Page 11: ...llowing typographical conventions This guide uses the following formats to highlight special messages This manual is written for the WG302 Access Point according to these specifications Table 1 1 Typographical Conventions italics Emphasis books CDs URL names bold User input fixed Screen text file and server names extensions commands IP addresses Note This format is used to highlight information of...

Page 12: ... for browsing forwards or backwards through the manual one page at a time A button that displays the table of contents and an button Double click on a link in the table of contents or index to navigate directly to where the topic is described in the manual A button to access the full NETGEAR Inc online knowledge base for the product model Links to PDF versions of the full manual and individual cha...

Page 13: ... were viewing opens in a browser window Note Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files The Acrobat reader is available on the Adobe Web site at http www adobe com Click the print icon in the upper left of the window Tip If your printer supports printing two pages on a single sheet of paper you can save paper and printer ink by selecting th...

Page 14: ...Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 1 4 About This Manual July 2005 v3 0 ...

Page 15: ...al in building access point provides a maximum connectivity area with about a 300 foot radius The NETGEAR ProSafe Wireless Access Point 802 11g WG302 can support a small group of users in a range of several hundred feet Most access points are rated between 30 70 users simultaneously The NETGEAR ProSafe Wireless Access Point 802 11g WG302 acts as a bridge between the wired LAN and wireless clients ...

Page 16: ...act as a client and obtain information from your DHPC server SNMP Support Support for Simple Network Management Protocol SNMP Management Information Base MIB management Key Features The NETGEAR WG302 provides solid functionality including these features AutoCell RF Management AutoCell provides advanced automated RF management that improves performance and enhances security Multiple Operating Modes...

Page 17: ...re can ensure that only trusted wireless stations can use the WG302 to gain access to your LAN Simple Configuration If the default settings are unsuitable they are easy to change Hidden Mode The SSID is not broadcast assuring only clients configured with the correct SSID can connect Secure Telnet Command Line Interface The Telnet command line interface enables direct access over the serial port an...

Page 18: ...efficient and cost effective 802 11g Standards based Wireless Networking The NETGEAR ProSafe Wireless Access Point 802 11g WG302 provides a bridge between Ethernet wired LANs and 802 11g compatible wireless LAN networks It provides connectivity between Ethernet wired networks and radio equipped wireless notebook systems desktop systems print servers and other devices Additionally the WG302 support...

Page 19: ...ance Web site WECA see http www wi fi net The following NETGEAR products work with the WG302 Access Point WAG511 ProSafe 108 Mbps Dual Band PC Card WAG311 ProSafe 108 Mbps Dual Band PCI Card WG311T 802 11g 108 Mbps Wireless PCI Card WG511T 802 11g 108 Mbps Wireless CardBus Adapter WG511 802 11g 54 Mbps Wireless CardBus Adapter WG111 801 11g 54 Mbps Wireless Bridge System Requirements Before instal...

Page 20: ...his manual Support Registration card Contact your reseller or customer support in your area if there are any missing or damaged parts You can refer to the Support Information Card for the telephone number of customer support in your area You should keep the Support Information card along with the original packing materials and use the packing materials to repack the WG302 if you need to return it ...

Page 21: ...ore going off 100 Ethernet LAN Speed Indicator Off Indicates 10 Mbps Ethernet link detected Green On 100 Mbps Fast Ethernet link detected LINK ACT LAN Ethernet LAN Link Activity Indicator Off Indicates no Ethernet link detected Green On 100 Mbps Fast Ethernet link detected no activity Green Blink Indicates data traffic on the 100Mbps Ethernet LAN Amber 0n 10 Mbps Ethernet link detected no activity...

Page 22: ... restore to default button located between the Ethernet RJ 45 connector and the power socket restores the WG302 to the factory default settings Serial Console Port Male DB 9 serial port for serial DTE connections RJ 45 Ethernet Port Use the WG302 Ethernet RJ 45 port to connect to an Ethernet LAN through a device such as a hub switch router or POE switch Power Socket This socket connects to the WG3...

Page 23: ...or Cable DSL gateway One or more computers with properly configured 802 11b or 802 11g wireless adapters Observing Placement and Range Guidelines The operating distance or range of your wireless connection can vary significantly based on the physical placement of the wireless access point The latency data throughput performance and notebook power consumption of wireless adapters also vary dependin...

Page 24: ...rage If using multiple access points it is better if adjacent access points use different radio frequency Channels to reduce interference The recommended Channel spacing between adjacent access points is 5 Channels for example use Channels 1 and 6 or 6 and 11 The time it takes to establish a wireless connection can vary depending on both your security settings and placement WEP connections can tak...

Page 25: ...xxxxx are the last six digits of the wireless access point s MAC address Built in DHCP client Built in DHCP server DHCP client disabled DHCP server disabled IP Configuration if DHCP server is unavailable IP Address 192 168 0 228 Subnet Mask 255 255 255 0 Gateway 0 0 0 0 Network Name SSID NETGEAR Broadcast Network Name SSID Enabled 802 11g Radio Frequency Channel 11 AutoCell RF Management AutoCell ...

Page 26: ...annot wirelessly connect to the WG302 MAC address filtering adds an obstacle against unwanted access to your network but the data broadcast over the wireless link is fully exposed Turn Off the Broadcast of the Wireless Network Name SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products suc...

Page 27: ...NETGEAR WAG511 are highly recommended for Enhanced RF Security Installing the WG302 Access Point Before installing the NETGEAR ProSafe Wireless Access Point 802 11g WG302 you should make sure that your Ethernet network is up and working You will be connecting the access point to the Ethernet network so that computers with 802 11b or 802 11g wireless adapters will be able to communicate with comput...

Page 28: ...E LAN AND WIRELESS ACCESS a Configure the WG302 Ethernet port for LAN access Connect to the WG302 by opening your browser and entering http 192 168 0 228 in the address field A login window like the one shown below opens Figure 3 2 Login window When prompted enter admin for the user name and password for the password both in lower case letters ...

Page 29: ...al for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 Basic Installation and Configuration 3 7 July 2005 v3 0 The Web browser will then display the WG302 settings page Figure 3 3 Login result WG302 home page ...

Page 30: ...se or the Documentation link under the Web Support menu to view support information or the documentation for the wireless access point If you do not click Logout the wireless access point will wait 5 minutes after there is no activity before it automatically logs you out Click the Basic Settings link to view the Basic Settings menu Figure 3 4 Basic Settings menu Configure the settings appropriate ...

Page 31: ...entified in this field Now that you have finished the setup steps you are ready to deploy the WG302 in your network If needed you can now reconfigure the computer you used in step 1 back to its original TCP IP settings 3 DEPLOY THE WG302 ACCESS POINT a Disconnect the WG302 and position it where you will deploy it The best location is elevated such as wall mounted or on the top of a cubicle at the ...

Page 32: ...s access point and plug the power adapter in to a power outlet The PWR LAN and Wireless LAN lights and should light up 4 VERIFY WIRELESS CONNECTIVITY Using a computer with an 802 11b or 802 11g wireless adapter with the correct wireless settings needed to connect to the WG302 SSID WEP WPA MAC ACL etc verify connectivity by using a browser such as Netscape or Internet Explorer to browse the Interne...

Page 33: ...eb browser such as Internet Explorer or Netscape Navigator 3 Connect to the WG302 by entering its default address of http 192 168 0 228 into your browser 4 A login window like the one shown below opens Figure 3 6 Login window Log in use the default user name of admin and default password of password Once you have entered your access point name your Web browser should automatically find the WG302 A...

Page 34: ...s The wireless access point is shipped preconfigured with its DHCP client disabled and with the following private static IP addresses IP Address 192 168 0 228 IP Subnet Mask 255 255 255 0 Gateway 0 0 0 0 Primary and Secondary DNS Servers 0 0 0 0 If your network has a requirement to use a different IP addressing scheme you can make those changes in this menu These settings are only required if the ...

Page 35: ...ttings To configure the wireless settings of your wireless access point click the Wireless Settings link in the Basic section of the main menu of the browser interface The Basic Wireless Settings menu will appear as shown below Figure 3 8 Basic Wireless Settings menu The Basic Wireless Settings menu options are discussed below Country Region This field identifies the region where the WG302 can be ...

Page 36: ...access points all using the same ID ESSID form an Extended Service Set ESS Different access points within an ESS can use different channels To reduce interference it is recommended that adjacent access points should use different channels As wireless stations physically move through the area covered by an ESS they will automatically change to the access point which has the least interference or be...

Page 37: ...ended channel spacing between adjacent access points is 5 channels for example use channels 1 and 6 or 6 and 11 In Infrastructure mode wireless stations normally scan all channels looking for an access point If more than one access point can be used the one with the strongest signal is used This can only happen when the various access points are using the same SSID Data Rate Shows the available tr...

Page 38: ...hentication type used The default is Open System Select the desired option Open System If selected you have the option of using WEP encryption or no encryption Shared Key If selected you must use WEP at least one shared key must be entered Legacy 802 1x If selected you must configure the Radius Server Settings Screen WPA PSK If selected you must use TKIP encryption and enter the WPA passphrase Net...

Page 39: ...EP encryption using 104 128 bit encryption 152 bits WEP Proprietary mode that will only work with other wireless devices that support this mode TKIP This is the standard encryption method used with WPA AES This is the standard encryption method for WPA2 Some clients may support AES with WPA but this is not supported by this Access Point TKIP AES This setting allows both WPA and WPA2 to be supporte...

Page 40: ...ct shared key the other devices in the network will not connect unless they are set to Shared Key and have the same keys in the same positions as those in the WG302 WEP Encryption Keys For all four 802 11b keys choose the Key Size Circle one 64 128 or 152 bits Key 1 ___________________________________ Key 2 ___________________________________ Key 3 ___________________________________ Key 4 _______...

Page 41: ...t the Country Region in which the wireless interface will operate 5 Set the Channel It should not be necessary to change the wireless channel unless you notice interference problems or are near another wireless access point Select a channel that is not being used by any other wireless networks within several hundred feet of your wireless access point For more information on the wireless channel fr...

Page 42: ...ord of password or whatever LAN address and password you have set up 2 From the Security menu click the Access Control link to display the Access Control List menu shown below Figure 3 10 Access Control List menu 3 Select the Turn Access Control On check box Note When configuring the WG302 from a wireless computer whose MAC address is not in the access control list if you select Turn Access Contro...

Page 43: ...on the wireless adapter 6 Click Add to add the wireless device to the access list Repeat these steps for each additional device you want to add to the list 7 Be sure to click Apply to save your wireless access control list settings Now only devices on this list will be allowed to wirelessly connect to the WG302 How to Configure WEP To configure WEP data encryption follow these steps 1 Log in to th...

Page 44: ...on standard 6 Click Apply to save your settings How to Configure WPA with Radius Note Not all wireless adapters support WPA Furthermore client software is required on the client Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA Nevertheless the wireless adapter hardware and driver must also support WPA Consult the product document for your wireless ad...

Page 45: ...ettings Authentication Access Control Radius Server Configuration This configuration is required for authentication using Radius IP Address Port No and Shared Secret is required for communication with Radius Server A Secondary Radius Server can be configured which is used on failure on Primary Radius Server IP Address The IP address of the Radius Server The default is 0 0 0 0 Port Number Port numb...

Page 46: ...efault is 3600 seconds Update if any station disassociates Check on this option to refresh global key when any stations disassociated with wireless Access Point Accounting Radius Server Configuration This configuration is required for accounting using Radius Server IP Address Port No and Shared Secret is required for communication with Radius Server A Secondary Radius Server can be configured whic...

Page 47: ...PA Nevertheless the wireless adapter hardware and driver must also support WPA Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings To configure WPA PSK follow these steps 1 Log in at the default LAN address of http 192 168 0 228 with the default user name of admin and default password of password or using whatever LAN address ...

Page 48: ...re your client card supports WPA2 Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings To configure WPA2 follow these steps 1 Log in at the default LAN address of http 192 168 0 229 with the default user name of admin and default password of password or using whatever LAN address and password you have set up 2 Click Radius Se...

Page 49: ...thenticated again with the Radius Server The default is 3600 seconds Global key Re Key Time Check on this option to enable Re keying of Global Key The Global Key Re Key can be done based on time interval in seconds or number of packets exchanged using the global key The default is 3600 seconds Update if any station disassociates Check on this option to refresh global key when any stations disassoc...

Page 50: ...ure WPA2 PSK Note Not all wireless adapters support WPA2 Furthermore client software is required on the client Make sure your client card supports WPA2 Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings To configure WPA2 PSK follow these steps 1 Log in at the default LAN address of http 192 168 0 229 with the default user n...

Page 51: ...A Furthermore client software is required on the client Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA Nevertheless the wireless adapter hardware and driver must also support WPA Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings Note Not all wireless adapters support WPA2 Fur...

Page 52: ...5 v3 0 To configure WPA and WPA2 follow these steps 1 Log in at the default LAN address of http 192 168 0 229 with the default user name of admin and default password of password or using whatever LAN address and password you have set up 2 Click Radius Server Settings in the Security menu Figure 3 18 Radius Server Settings menu ...

Page 53: ...thenticated again with the Radius Server The default is 3600 seconds Global key Re Key Time Check on this option to enable Re keying of Global Key The Global Key Re Key can be done based on time interval in seconds or number of packets exchanged using the global key The default is 3600 seconds Update if any station disassociates Check on this option to refresh global key when any stations disassoc...

Page 54: ...t supports WPA Nevertheless the wireless adapter hardware and driver must also support WPA Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings Note Not all wireless adapters support WPA2 Furthermore client software is required on the client Make sure your client card supports WPA2 Consult the product document for your wireless...

Page 55: ...WG302 Basic Installation and Configuration 3 33 July 2005 v3 0 2 Click WEP WPA Settings in the Security menu of the WG302 Figure 3 20 WEP WPA Settings menu 3 Choose WPA PSK and WPA2 PSK from the list 4 Enter the pre shared key passphrase 5 Click Apply to save your settings ...

Page 56: ...Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 3 34 Basic Installation and Configuration July 2005 v3 0 ...

Page 57: ...gement under Management on the main menu Figure 4 1 Remote Management screen Enter the Remote Management information Remote Console Secure Shell SSH If set to Enable the Wireless Access Point will only allow remote access via Secure Shell and Secure Telnet The default is Enable SNMP Enable SNMP to allow the SNMP network management software such as HP OpenView to manage the wireless access point vi...

Page 58: ...nt over the Ethernet port or over the serial console port How to Use the CLI via the Console Port 1 Using the null modem cable connect a VT100 ANSI terminal or a workstation to the port labeled Console If you attached a PC Apple Macintosh or UNIX workstation start a secure terminal emulation program 2 Configure the terminal emulation program to use the following settings Baud rate 9 600 bps Data b...

Page 59: ...ow should appear Figure 4 2 Secure Telnet Client The login name is admin and password is the default password After successful login the screen should show the Access Point Name prompt In this example the prompt is netgear74F35E Enter help to display the CLI command help CLI Commands The CLI commands are listed in Appendix C Command Line Reference ...

Page 60: ...og information Enable the SysLog option if you have a SysLog server on your LAN If enabled you must enter the IP address of your SysLog server and the port number your SysLog server is configured to use SysLog Server IP address The access point will send all the SysLog to the specified IP address if SysLog option is enabled Default 0 0 0 0 Port The port number configured in the SysLog server on yo...

Page 61: ...v3 0 Viewing General Log Station and Statistical Information The General information screen provides a summary of the current WG302 configuration settings From the main Menu of the browser interface click General to view the System Status screen shown below Figure 4 4 Wireless Access Point Status screen ...

Page 62: ...he WG302 Access Point Point to point bridge Multi point bridge or Repeater Current IP Settings IP Address The IP address of the wireless access point Subnet Mask The subnet mask for the wireless access point Default Gateway The default gateway for the wireless access point communication DHCP Client Enabled indicates that the current IP address was obtained from a DHCP server on your network Disabl...

Page 63: ... since the WG302 was restarted Bytes The number of bytes sent since the WG302 was restarted Wireless Received Transmitted Unicast Packets The Unicast packets sent since the WG302 was restarted Broadcast Packets The Broadcast packets sent since the WG302 was restarted Multicast Packets The Multicast packets sent since the WG302 was restarted Total Packets The Wireless packets sent since the WG302 w...

Page 64: ... address IP Address and Status whether the device is allowed to communicate with the wireless access point or not Note that if the wireless access point is rebooted the table data is lost until the wireless access point rediscovers the devices To force the wireless access point to look for associated devices click the Refresh button Note A wireless network can include multiple wireless access poin...

Page 65: ... the SSID of a legitimate network can present a serious security threat Figure 4 6 Rogue AP Detection menu Once you turn on Rogue AP Detection in the WG302 the AutoCell Enabled AP continuously scans the wireless network and collects information about all APs heard on their channel The information collected includes SSID MAC Address Channel and AutoCell Enabled The user can Grant authorization to a...

Page 66: ...o upload new firmware into the WG302 must support HTTP uploads such as Microsoft Internet Explorer 6 0 or above or Netscape Navigator 4 78 or above 1 Download the new software file from NETGEAR save it to your hard disk and unzip it 2 From the main menu Management section click the Upgrade Firmware link to display the screen above 3 In the Upgrade Firmware menu click the Browse button and browse t...

Page 67: ...g click the Backup Restore Settings link to bring up the menu shown below Figure 4 7 Settings Backup menu The three options displayed are described in the following sections Saving and Retrieving the Configuration The Backup Restore Settings menu allows you to save or retrieve a file containing your wireless access point s configuration settings To save your settings click the Save button Your bro...

Page 68: ...l on the bottom of the unit Using the Reset Button to Restore Factory Default Settings To restore the factory default configuration settings without knowing the login password or IP address you must use the Default Reset button on the rear panel of the wireless access point see WG302 rear panel on page 2 7 The reset button has two functions Reboot When pressed and released the Wireless Access Poin...

Page 69: ... July 2005 v3 0 From the main menu of the browser interface under the Management heading click Change Password to bring up the menu shown below Figure 4 8 Set Password menu To change the password first enter the old password and then enter the new password twice Click Apply to save your change ...

Page 70: ...Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 4 14 Management July 2005 v3 0 ...

Page 71: ... and configure advanced wireless LAN parameters Access Point Settings Enable wireless bridging and repeating These features can be found under the Advanced heading in the main menu Understanding Advanced IP Settings for Wireless Clients The default advanced IP wireless settings usually work well If you want the AP to act as a DHCP server gateway for wireless clients use this feature The AP can acc...

Page 72: ...elf organizing micro cells provide an additional level of privacy for enterprises AutoCell clients are highly recommended for Enhanced RF Security Problem AutoCell Settings Erosion of privacy Optional setting allows Wi Fi network to be nearly undetectable by neighbors and hackers Enhance RF Privacy Default Disable Diminishing performance from multiple APs installed in one area APs and clients load...

Page 73: ...der utilized APs This mode avoids interference from neighbors clients and APs and other unexpected sources Enhanced RF Security Stealth Mode In this mode AutoCell shrinks the size of coverage to the minimum to reach clients but also shrinks the size of the beacons that access points use to announce their presence This mode makes an enterprise wireless LAN nearly invisible to users outside an offic...

Page 74: ...e with other clients and APs on the same frequency and improves overall throughput and performance Requires AutoCell enabled AP Automatic Load Balancing An AutoCell enabled client will seek out and associate to the lightest loaded AutoCell enabled AP available Requires AutoCell enabled AP Rapid Roaming An AutoCell enabled client will accurately and rapidly detect movement as distinguished from RF ...

Page 75: ...etwork and enables managing the wireless communications easily from a simple console Wi Fi Multimedia WMM Setup WMM is a subset of the 802 11e standard WMM allows wireless traffic to have a range of priorities depending on the kind of data Time dependent information such as video or audio will have a higher priority than normal traffic For WMM to function correctly wireless clients must also suppo...

Page 76: ... Sense Multiple Access with Collision Detection or the CSMA CA Carrier Sense Multiple Access with Collision Avoidance mechanism for packet transmission Fragmentation Length This is the maximum packet size used for fragmentation Packets larger than the size programmed in this field will be fragmented The Fragment Threshold value must be larger than the RTS Threshold value Beacon Interval Specifies ...

Page 77: ...ou can allow all HTTP TCP port 80 requests to be captured and re directed to the URL you specify Figure 5 5 Hotspot Settings screen Enable HTTP Redirect Enable this if you want all HTTP TCP port 80 requests to be captured and re directed to the URL you specify URL Enter the URL of the Web Server you wish HTTP requests to be redirected to ...

Page 78: ...R ProSafe Wireless Access Point 802 11g WG302 lets you build large bridged wireless networks Figure 5 6 Advanced Wireless Settings Access Point Mode settings Examples of wireless bridged configurations are Client Access Point to Access Point the default Point to Point Bridge Multi Point Bridge Repeater with Wireless Client Association These features are discussed below ...

Page 79: ...ing parameters for both access points Verify that the LAN network configuration of the WG302 Access Points both are configured to operate in the same LAN network address range as the LAN devices Both use the same ESSID Channel authentication mode if any and security settings if security is in use 4 Verify connectivity across the LAN 1 and LAN 2 A computer on either LAN segment should be able to co...

Page 80: ... access points Verify that the LAN network configuration the WG302 Access Points are configured to operate in the same LAN network address range as the LAN devices Only one AP is configured in Point to Multi Point Bridge mode and all the others are in Point to Point Bridge mode All APs must be on the same LAN That is all the APs LAN IP address must be in the same network If using DHCP all WG302 Ac...

Page 81: ...ccess Point mode to any LAN segment Note You can extend this multi point bridging by adding additional WG302s configured in Point to Point mode for each additional LAN segment Furthermore you can extend the range of the wireless network with NETGEAR wireless antenna accessories How to Configure Wireless Repeating Figure 5 9 Multi Point bridging 1 Configure the Operating Mode of the WG302 Access Po...

Page 82: ... to Obtain an IP address automatically DHCP Client in the IP Address Source portion of the Basic IP Settings menu All WG302 Access Points use the same SSID Channel authentication mode if any and encryption in use 3 Verify connectivity across the LANs A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other PCs or servers connected to any of...

Page 83: ...on page 4 12 If you have trouble setting up your WG302 check the tips below No lights are lit on the access point It takes a few seconds for the power indicator to light up Wait a minute and check the power light status on the access point If the access point has no power Make sure the power cord is connected to the access point Make sure the power adapter is connected to a functioning power outle...

Page 84: ...oadband modem Make sure the connected device is turned on Be sure the correct cable is used Use a standard Category 5 Ethernet patch cable If the network device has Auto Uplink MDI MDIX ports you can use either a crossover cable or a normal patch cable I cannot access the Internet or the LAN with a wireless capable computer There is a configuration problem Check these items You may not have restar...

Page 85: ... If your computer uses a Fixed Static IP address ensure that it is using an IP Address in the range of the WG302 The WG302 default IP Address is 192 168 0 228 and the default Subnet Mask is 255 255 255 0 If you are not sure about these settings follow the instructions for Installing the WG302 Access Point on page 3 5 When I enter a URL or IP address I get a timeout error A number of things could b...

Page 86: ... WG302 will reboot restart Reset to Factory Defaults This button can also be used to clear ALL data and restore ALL settings to the factory default values To clear all data and restore the factory default values 1 Power off the WG302 and power it back on 2 Use something with a small point such as a pen to press the Reset button in and hold it in for at least 5 seconds 3 Release the Reset button Th...

Page 87: ...ing Frequencies 2 412 2 462 GHz US 2 457 2 462 GHz Spain 2 412 2 484 GHz Japan 2 457 2 472 GHz France 2 412 2 472 GHz Europe ETSI 802 11g Encryption 40 bits also called 64 bits 128 and 152 bits WEP data encryption Network Management Web based configuration and status monitoring Maximum Clients Limited by the amount of wireless network traffic generated by each node typically 15 to 20 nodes Status ...

Page 88: ...Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 A 2 Specifications July 2005 v3 0 ...

Page 89: ...reless Ethernet Compatibility Alliance WECA see http www wi fi net an industry standard group promoting interoperability among 802 11 devices The 802 11 standard offers two methods for configuring a wireless network ad hoc and infrastructure Infrastructure Mode With a wireless Access Point you can operate the wireless LAN in the infrastructure mode This mode provides wireless connectivity to multi...

Page 90: ...ion SSID In an ad hoc wireless network with no access points the Basic Service Set Identification BSSID is used In an infrastructure wireless network that includes an access point the ESSID is used but may still be referred to as SSID An SSID is a thirty two character maximum alphanumeric key identifying the name of the wireless local area network Some vendors refer to the SSID as network name For...

Page 91: ...4 The station sends an authentication request to the access point 5 The access point authenticates the station 6 The station sends an association request to the access point 7 The access point associates with the station 8 The station can now communicate with the Ethernet network through the access point An access point must authenticate a station before the station can associate with the access p...

Page 92: ...WEP Key that corresponds to the station s default key The access point compares the decrypted text with the original challenge text If the decrypted text matches the original challenge text then the access point and the station share the same WEP Key and the access point authenticates the station 5 The station connects to the network If the decrypted text does not match the original challenge text...

Page 93: ...the same WEP Key For authentication purposes the network uses Open System Authentication 3 Use WEP for Authentication and Encryption A transmitting 802 11 device encrypts the data portion of every packet it sends using a configured WEP Key The receiving device decrypts the data using the same WEP Key For authentication purposes the wireless network uses Shared Key Authentication Note Some 802 11 a...

Page 94: ...red instead of the cryptic hexadecimal characters to ease encryption key entry 128 bit encryption is stronger than 40 bit encryption but 128 bit encryption may not be available outside of the United States due to U S export regulations When configured for 40 bit encryption 802 11 products typically support up to four WEP Keys Each 40 bit WEP Key is expressed as 5 sets of two hexadecimal digits 0 9...

Page 95: ... s WEP key 2 is the same as the client s WEP key 2 and the AP s WEP key 3 is the same as the client s WEP key 3 Wireless Channels The wireless frequencies used by 802 11b g networks are discussed below IEEE 802 11b g wireless nodes communicate with each other using radio frequency signals in the ISM Industrial Scientific and Medical band between 2 4 GHz and 2 5 GHz Neighboring channels are 5 MHz a...

Page 96: ...ecurity enhancements that increase the level of data protection and access control for existing and future wireless LAN systems The IEEE introduced the WEP as an optional security measure to secure 802 11b Wi Fi WLANs but inherent weaknesses in the standard soon became obvious In response to this situation the Wi Fi Alliance announced a new security architecture in October 2002 that remedies the s...

Page 97: ...y refer to IETF s RFC 2284 With 802 11 WEP all access points and client wireless adapters on a particular wireless LAN must use the same encryption key A major problem with the 802 11 standard is that the keys are cumbersome to change If you do not update the WEP keys often an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages Pr...

Page 98: ...re support Support for a mixture of WPA WPA2 and WEP wireless clients to allow a migration strategy but mixing WEP and WPA WPA2 is discouraged These features are discussed below WPA WPA2 addresses most of the known WEP vulnerabilities and is primarily intended for wireless infrastructure networks as found in the enterprise This infrastructure includes stations access points and authentication serv...

Page 99: ... those stations successfully authenticated The supplicant in the station uses the authentication and cipher suite information contained in the information elements to decide which authentication method and cipher suite to use For example if the access point is using the pre shared key method then the supplicant need not authenticate using full blown 802 1X Rather the supplicant must simply prove t...

Page 100: ...e EAP type such as Transport Layer Security EAP TLS or EAP Tunneled Transport Layer Security EAP TTLS defines how the authentication takes place Note For environments with a Remote Authentication Dial In User Service RADIUS infrastructure WPA supports Extensible Authentication Protocol EAP For environments without a RADIUS infrastructure WPA supports the use of a pre shared key Together these tech...

Page 101: ...AES Probe Responses AP to station and Association Requests station to AP also contain WPA information elements 1 Initial 802 1x communications begin with an unauthenticated supplicant client device attempting to connect with an authenticator 802 11 access point The client sends an EAP start message This begins a series of message exchanges to authenticate the client 2 The access point replies with...

Page 102: ...pecify any EAP type without needing to upgrade an 802 1x compliant access point As a result you can update the EAP authentication type to such devices as token cards Smart Cards Kerberos one time passwords certificates and public key authentication or as newer types become available and your requirements for security change WPA WPA2 Data Encryption Key Management With 802 1x the rekeying of unicas...

Page 103: ...its in the encrypted payload and update the encrypted ICV without being detected by the receiver With WPA a method known as Michael specifies a new algorithm that calculates an 8 byte message integrity check MIC using the calculation facilities available on existing wireless devices The MIC is placed between the data portion of the IEEE 802 11 frame and the 4 byte ICV The MIC field is encrypted to...

Page 104: ...r WPA WPA2 Starting in August 2003 NETGEAR Inc wireless Wi Fi certified products will support the WPA standard NETGEAR Inc wireless products that had their Wi Fi certification approved before August 2003 will have one year to add WPA so as to maintain their Wi Fi certification WPA WPA2 requires software changes to the following Wireless access points Wireless network adapters Wireless client progr...

Page 105: ...s AP Changes to Wireless Network Adapters Wireless networking software in the adapter and possibly in the OS or client application must be updated to support the following The new WPA WPA2 information element Wireless clients must be able to process the WPA WPA2 information element and respond with a specific security configuration The WPA WPA2 two phase authentication Open system then 802 1x supp...

Page 106: ...our Microsoft Windows wireless client all you have to do is obtain the new WPA WPA2 compatible driver and install the driver Changes to Wireless Client Programs Wireless client programs must be updated to permit the configuration of WPA WPA2 authentication and preshared key and the new WPA WPA2 encryption algorithms TKIP and AES To obtain the Microsoft WPA client program visit the Microsoft Web si...

Page 107: ...ght saving daylight saving X X system system setting X version system firmware version X X apname system name X macaddr system MAC address X X country country region X X dhcpclient system dhcp client X X ipaddr system IP address X X netmask system network mask X X gateway system gateway X X dns system dns X X primary primary system DNS server X X secondary secondary system DNS server X X stp enabl...

Page 108: ...mber X X secret radius secret string X X account account radius setting X X primary primary X X ipaddr radius IP address X X port radius port number X X secret radius secret string X X secondary secondary X X ipaddr radius IP address X X port radius port number X X secret radius secret string X X ssh enable remote SSH access X X snmp SNMP setting X X server enable SNMP agent X X trap server SNMP T...

Page 109: ...CTS threshold X X beaconinterval wireless beacon period in TU 1024 us X X dtim wireless DTIM period in beacon interval X X preamble wireless preamble only effect on 802 11b rates X X super enable wireless super A G mode X X wirelessisolate wireless isolate communication between clients X X operationmode wireless operation mode X X X remoteap wireless remote AP s depends on operationmode X X X p2p ...

Page 110: ...s X X authentication wireless authentication type X X encryption wireless data encryption X X X key wireless wep key setting X X type wireless wep key type X X default wireless wep default key index X X X passphrase wireless wep passphrase key X X X 1 wireless wep key 1 X X X 2 wireless wep key 2 X X X 3 wireless wep key 3 X X X 4 wireless wep key 4 X X X wpa wireless WPA setting X X X psk wireles...

Page 111: ...r the NETGEAR ProSafe Wireless Access Point 802 11g WG302 Command Line Reference C 5 July 2005 v3 0 get set del keyword Description X password system password X reboot reboot system X exit logout from CLI X quit quit CLI ...

Page 112: ...Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 C 6 Command Line Reference July 2005 v3 0 ...

Page 113: ...s LANs and pertains to systems operating in the 5 GHz frequency range with a bandwidth of 54 Mbps Another standard 802 11g is for WLANS operating in the 2 4 GHz frequency but with a bandwidth of 54 Mbps 802 11a Standard An IEEE specification for wireless networking that operates in the 5 GHz frequency range 5 15 GHz to 5 85 GHz with a maximum 54 Mbps data transfer rate The 5 GHz frequency band is ...

Page 114: ... defines software patches to WEP to provide a minimally adequate level of data privacy AES or AES OCB Advanced Encryption Standard and Offset Codebook is a robust data privacy scheme and is a longer term solution Security Association Management is addressed by a RSN Negotiation Procedures b IEEE 802 1x Authentication and c IEEE 802 1x Key management The standards are being defined to naturally co ...

Page 115: ...l capabilities such as NAT routing DHCP firewalls security etc Ad Hoc mode A client setting that provides independent peer to peer connectivity in a wireless LAN An alternative set up is one where PCs communicate with each other through an AP See access point and Infrastructure mode Bandwidth The amount of transmission capacity that is available on a network at any point in time Available bandwidt...

Page 116: ... wireless gateway or access point Instead of the signals transferring in parallel paths from one set of plugs to another the signals crossover If an eight wire cable was being used for instance the signal would start on pin one at one end of the cable and end up on pin eight at the other end They cross over from one side to the other CSMA CA Carrier Sense Multiple Action CSMA CA is the principle m...

Page 117: ...series of numbers like 107 22 55 26 Every website has its own specific IP address on the Internet Encryption Key An alphanumeric letters and or numbers series that enables data to be encrypted and then decrypted so it can be safely shared among members of a network WEP uses an encryption key that automatically encrypts outgoing wireless data On the receiving side the same encryption key enables th...

Page 118: ...s may also provide VPN support roaming firewalls various levels of security etc Hot Spot also referred to as Public Access Location A place where you can access Wi Fi service This can be for free or for a fee HotSpots can be inside a coffee shop airport lounge train station convention center hotel or any other public meeting area Corporations and campuses are also implementing HotSpots to provide ...

Page 119: ...int AP As compared to Ad Hoc mode whereby PCs communicate directly with each other clients set in Infrastructure Mode all pass data through a central AP The AP not only mediates wireless network traffic in the immediate neighborhood but also provides communication with the wired network See Ad Hoc and AP IP Internet Protocol address A 32 bit number that identifies each sender or receiver of inform...

Page 120: ...h of the spheres below represent a mesh router Corporate servers and printers may be shared by attaching to each mesh router For wireless access to the mesh an access point must be attached to any one of the mesh routers Multiple Input Multiple Output MIMO MIMO refers to radio links with multiple antennas at the transmitter and the receiver side to improve the performance of the wireless link NAT ...

Page 121: ...erver or central hub or router All the networked PCs are equally able to act as a network server or client and each client computer can talk to all the other wireless computers without having to go through an access point or hub However since there is no central base station to monitor traffic or provide Internet access the various signals can collide with each other reducing overall performance P...

Page 122: ...and alone mode in a parking lot or in a neighbor s building Rogue APs by definition are not under the management of network administrators and do not conform to network security policies and may present a severe security risk Ideally it is best to have some type of WLAN system that does not allow rogue access points to easily be added to an existing WLAN Router A device that forwards data packets ...

Page 123: ...o the server in order to have a secret key exchange for that session Subnetwork or Subnet Found in larger networks these smaller networks are used to simplify addressing between numerous computers Subnets connect to the central network through a router hub or gateway Each individual wireless LAN will probably use the same subnet for all the local computers it talks to Switch A type of hub that eff...

Page 124: ...andwidth of up to 400 Mbps VoIP Voice over IP Voice transmission using Internet Protocol to create digital packets distributed over the Internet VoIP can be less expensive than voice transmission using standard analog packets over POTS Plain Old Telephone Service VPN Virtual Private Network A type of technology designed to increase the security of information transferred over the Internet VPN can ...

Page 125: ...e or small business user needs to protect wireless data WEP is available in 40 bit also called 64 bit or in 108 bit also called 128 bit encryption modes As 108 bit encryption provides a longer algorithm that takes longer to decode it can provide better security than basic 40 bit 64 bit encryption Wi Fi Wireless Fidelity Another name for IEEE 802 11b Products certified as Wi Fi are interoperable wi...

Page 126: ...ES CCMP These features are either not yet ready for market or will require hardware upgrades to implement Wi Fi Protected Access for the Enterprise Wi Fi Protected Access effectively addresses the WLAN security requirements for the enterprise and provides a strong encryption and authentication solution prior to the ratification of the IEEE 802 11i standard In an enterprise with IT resources Wi Fi ...

Page 127: ...cess for all Wi Fi clients and access points WiMAX An IEEE 802 16 Task Group that provides a specification for fixed broadband wireless access systems employing a point to multipoint PMP architecture Task Group 1 of IEEE 802 16 developed a point to multipoint broadband wireless access standard for systems in the frequency range 10 66 GHz The standard covers both the Media Access Control MAC and th...

Page 128: ...Reference Manual for the NETGEAR ProSafe Wireless Access Point 802 11g WG302 16 Glossary July 2005 v3 0 ...