Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

2-10

Configuring Your Wireless Network and Security Settings

v1.0, July 2008

Manually Configuring Your Wireless Security

To set up wireless security, you can either manually configure it in the Wireless Settings screen, or

you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement

WPA/WPA2 security (see

“Using Push 'N' Connect (WPS) to Configure Your Wireless Network

and Security” on page 2-17

).

Security Options

(continued)

WPA2-PSK

WPA Pre-Shared-Key (Wi-Fi Protected Access 2 with Pre-

Shared Key) uses a pre-shared key to perform the

authentication and generate the initial data encryption keys.

Then, it dynamically varies the encryption key. WPA2-PSK

provides the best throughput with 802.11N because the

encryption is supported in the hardware. WPA2-PSK uses

AES (Advanced Encryption Standard) data encryption,

implements the full IEEE 802.11i standard, but does not

work with some older network cards. See

“Configuring

Mixed WPA-PSK+WPA2-PSK Security

.”

Mixed WPS-PSK+

WPA2-PSK

Mixed WPA-PSK + WPA2-PSK uses both WPA-PSK +

WPA2-PSK standard encryption. A high performance client

such as the NETGEAR WN511B should connect using

WPA2-PSK in order to achieve maximum performance.

Wireless clients that connect to this router using WPA-PSK

will run at reduced performance levels. See

“Configuring

Mixed WPA-PSK+WPA2-PSK Security

.”

WPA-802.1x

In WPA-802.1x mode, user authentication is implemented

using 802.1x and RADIUS servers. See

“Configuring WPA-

802.1x

.”

Note:

If you use a wireless computer to configure wireless security settings, you will be

disconnected when you click

Apply

. Reconfigure your wireless computer to match

the new settings, or access the modem router from a wired computer to make fur-

ther changes.

Table 2-1.

Wireless Settings (continued)

Settings

Description

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Configuring Your Wireless Network and Security Settings

2-11

v1.0, July 2008

Restricting Wireless Access to Your Network

By default, any wireless PC that is configured with the correct SSID can access your wireless

network. For increased security, the modem router provides several ways to restrict wireless access

to your network. You can do the following:

•

Turn off wireless connectivity completely.

•

Restrict access based on the wireless network name (SSID).

•

Restrict access based on the Wireless Card Access List.

These options are discussed in the following sections.

Turning off wireless connectivity completely

You can completely turn off the wireless connectivity of the modem router by pressing the

Wireless On/Off button on the side panel of the modem router. For example, if you use your

notebook computer to wirelessly connect to your modem router and you take a business trip, you

can turn off the wireless portion of the modem router while you are traveling. Other members of

your household who use computers connected to the modem router through Ethernet cables can

still use the modem router. To do this, clear the

Enable Wireless Access Point

check box on the

Wireless Settings screen, and then click

Apply

.

Hiding your wireless network name (SSID)

By default, the modem router is set to broadcast its wireless network name (SSID). You can

restrict wireless access to your network by not broadcasting the wireless network name (SSID). To

do this, clear the

Allow Broadcast of Name (SSID)

check box on the Wireless Settings screen,

and then click

Apply

. Wireless devices will not “see” your modem router. You must configure

your wireless devices to match the wireless network name (SSID) of the modem router.

Restricting access by MAC address

For increased security, you can restrict access to the wireless network to allow only specific PCs

based on their MAC addresses. You can restrict access to only trusted PCs so that unknown PCs

cannot wirelessly connect to the Amodem router. MAC address filtering adds an obstacle against

Warning:

The SSID of any wireless access adapters must match the SSID you specify in

the modem router. If they do not match, you will not get a wireless connection

to the modem router.

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

2-12

Configuring Your Wireless Network and Security Settings

v1.0, July 2008

unwanted access to your network, but the data broadcast over the wireless link is fully

exposed.The Wireless Station Access list determines which wireless hardware devices will be

allowed to connect to the modem router.

To restrict access based on MAC addresses:

1.

Log in to the modem router at its default LAN address of

with its default

user name of

admin

and default password of

password

, or using whatever LAN address and

password you have set up.

2.

In the Wireless Settings screen, under the Wireless Station Access List section, click the

Setup

Access List

button to display the list.

3.

Select the

Turn Access Control On

check box to enable the restricting of wireless computers

by their MAC addresses.

Note:

If you configure the modem router from a wireless computer, add your com-

puter’s MAC address to the access list. Otherwise you will lose your wireless

connection when you click Apply. You must then access the modem router

from a wired computer, or from a wireless computer that is on the access con-

trol list, to make any further changes.

Figure 2-3

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Configuring Your Wireless Network and Security Settings

2-13

v1.0, July 2008

4.

If the wireless station is currently connected to the network, you can select it from the

Available Wireless Stations list. Click

Add

to add the station to the Trusted Wireless Stations

list.

5.

If the wireless station is not currently connected, you can enter its address manually. Enter the

MAC address of the authorized computer. The MAC address is usually printed on the wireless

card, or it might appear in the modem router’s DHCP table. The MAC address is

12 hexadecimal digits.

Click

Add

to add your entry. You can add several stations to the list. When you are finished

adding stations, click

Apply

.

6.

Make sure the

Turn Access Control On

check box is selected, and then click

Apply

.

Now, only devices on this list will be allowed to wirelessly connect to the modem router. This

prevents unauthorized access to your network.

Configuring Mixed WPA-PSK+WPA2-PSK Security

A high-performance client such as the NETGEAR WN511B must connect to the modem router

using WPA2-PSK to achieve maximum performance. Wireless clients that connect to the modem

router using WPA-PSK run at no more than 802.11g speed. This option allows wireless clients to

use either encryption method.

Note:

You can copy and paste the MAC addresses from the modem router’s Attached

Devices screen into the MAC Address field of this screen. To do this, configure

each wireless computer to obtain a wireless link to the modem router. The

computer should then appear in the Attached Devices screen.

Note:

If you are configuring the modem router from a wireless computer whose

MAC address is not in the Trusted Wireless Stations list, and you select trusted

wireless stations only, you will lose your wireless connection when you click

Apply

. You must then access the modem router from a wired computer to

make any further changes.

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

2-14

Configuring Your Wireless Network and Security Settings

v1.0, July 2008

To configure Mixed WPA-PSK+WPA2-PSK:

1.

Log in at the default LAN address of

,

with the default user name of

admin

and default password of

password

, or using whatever LAN address and password you have

set up.

2.

Select

Wireless Settings

below Setup in the main menu of the modem router.

3.

Select the

Mixed WPA-PSK+WPA2-PSK

radio button. The Wireless Settings screen

expands to include the WPA-PSK.

4.

Enter the pre-shared key in the

Network Key

field using between 8 and 63 characters.

Click

Save

to save your settings or click

Apply

to allow your changes to take effect

immediately.

For details about WPA-802.1x authentication options, see

“Configuring WPA-802.1x” on

page 2-16

.

Choosing Alternative Authentication and Encryption Methods

Restricting wireless access prevents intruders from connecting to your network. However, the

wireless data transmissions are still vulnerable to snooping. Using the data encryption settings

described in this section will prevent a determined intruder from eavesdropping on your wireless

data communications. Also, if you are using the Internet for such activities as purchases or

banking, those Internet sites use another level of highly secure encryption called SSL. You can tell

if a web site is using SSL because the Web address begins with HTTPS rather than HTTP.

Note:

Not all wireless adapters support WPA or WPA2. Furthermore, client software is

required on the client. Windows XP and Windows 2000 with Service Pack 3 do

include the client software that supports WPA. Nevertheless, the wireless adapter

hardware and driver must also support WPA. Consult the product document for

your wireless adapter and WPA client software for instructions on configuring

WPA settings.

Note:

The procedures to configure WPA-PSK and WPA2-PSK are identical to the

procedure to configure Mixed WPA-PSK+WPA2-PSK. The only difference is that

you select either the

WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)

or

WPA2-PSK (Wi-Fi Protected Access 2 with Pre-Shared Key)

radio button in

step 3

.