36

3

3.

Wireless Settings

Protecting your wireless network

This chapter describes how to use the Wireless Settings screen to view and change (if needed)

your wireless network settings. Security features to prevent objectionable content from reaching

your PCs are covered in

Chapter 4, Security Settings

.

This chapter contains the following sections:

•

Wireless Security Requirements and Recommendations

•

Wireless Security Basics

•

Add Clients (Devices) to Your Network

•

Wireless Settings Screen

Note:

If you use the Internet for activities like purchases or banking, those

Internet sites use a highly secure data encryption protocol called

Secure Sockets Layer (SSL). If a website uses SSL, the address

begins with https instead of http. If you do not see https, it is more

secure to do your business in person or over the phone.

Downloaded from

www.Manualslib.com

manuals search engine

Wireless Settings

37

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

Wireless Security Requirements and Recommendations

You should set the following security:

•

Wi-Fi network name (SSID)

identifies your network so devices can find it.

-

The default SSID for the 2.4 GHz wireless network is NETGEAR.

-

The default SSID for the 5 GHz wireless is NETGEAR-5G.

•

Security option

is the type of security protocol applied to your wireless network. The

security protocol in force encrypts data transmissions and ensures that only trusted

devices receive authorization to connect to your network. The recommended security

option is WPA-PSK/WPA2-PSK mixed mode, described in

Wireless Security Options

on

page 38.

•

Passphrase

controls access to your network. Devices that know the SSID and the

passphrase can find your wireless network and connect.

-

Use a passphrase for the 2.4 GHz wireless network that is easy for you to remember,

but hard for others to guess.

-

For maximum security, use a different passphrase for the 5 GHz wireless network that

is easy for you to remember, but hard for others to guess.

Note:

Your network names (SSIDs) and passphrases are case-sensitive.

Your network name, security method, and passphrase has to be the

same for all the wireless devices connected to your router on a

network.

Wireless Security Basics

Unlike wired network data, wireless data transmissions extend beyond your walls and can be

received by any device with a compatible wireless adapter (radio). For this reason, it is very

important to maintain the preset security and understand the other security features available

to you. Besides the preset security settings described earlier, your wireless modem router

has the security features described here and in

Chapter 4, Security Settings

.

•

Turn off wireless connectivity

•

Disable SSID broadcast

•

Restrict access by MAC address

•

Wireless security options

Downloaded from

www.Manualslib.com

manuals search engine

Wireless Settings

38

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

Turn Off Wireless Connectivity

You can completely turn off the wireless connectivity of the wireless modem router by

pressing the Wireless On/Off button on its front panel

. For example, if you use your

notebook computer to wirelessly connect to your wireless modem router and you take a

business trip, you can turn off the wireless portion of the modem router while you are

traveling. Other members of your household who use computers connected to the wireless

modem router through Ethernet cables can still use the wireless modem router.

Disable SSID Broadcast

By default, the wireless modem router broadcasts its Wi-Fi network name (SSID) so devices

can find it. If you change this setting to not allow the broadcast, wireless devices will not find

your wireless modem router unless they are configured with the same SSID. See

Wireless

Access Point Settings

on page 44 for the procedure.

Note:

Turning off SSID broadcast nullifies the wireless network discovery

feature of some products such as Windows XP, but the data is still

fully exposed to a determined snoop using specialized test

equipment like wireless sniffers. If you allow the broadcast, be sure

to keep wireless security enabled.

Restrict Access by MAC Address

You can enhance your network security by allowing access to only specific PCs based on

their Media Access Control (MAC) addresses. You can restrict access to only trusted PCs so

that unknown PCs cannot wirelessly connect to the wireless modem router. MAC address

filtering adds an obstacle against unwanted access to your network, but the data broadcast

over the wireless link is fully exposed (unencrypted).The Wireless Station Access List

determines which wireless hardware devices are allowed to connect to the wireless modem

router by MAC address. See

Wireless Station Access List Settings

on page 44 for the

procedure.

Wireless Security Options

A security option is the type of security protocol applied to your wireless network. The

security protocol in force encrypts data transmissions and ensures that only trusted devices

receive authorization to connect to your network. There are two types of encryption: Wired

Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WPA has several options

including pre-shared key (PSK) encryption and 802.1x encryption for enterprises.

This section presents an overview of the security options and provides guidance on when to

use which option. Note that it is also possible to disable wireless security. NETGEAR does

not

recommend this.

Downloaded from

www.Manualslib.com

manuals search engine

Wireless Settings

39

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

WEP Encryption

WEP uses an old encryption method and can be easily decoded with today’s powerful

computers. Use this mode only when you have a very old legacy wireless client that does not

support WPA-PSK. The Wi-Fi alliance highly recommends against using WEP and plans to

make it obsolete. If you do decide to use WEP, see

Set WEP Encryption and Passphrase:

on

page 46 for the procedure.

WPA Encryption

WPA encryption is built into all hardware that has the Wi-Fi-certified seal. This seal means

the product is authorized by the Wi-Fi Alliance (

) because it complies with

the worldwide single standard for high-speed wireless local area networking. For information

about how to use the WPA home options, see

Change WPA Security Option and

Passphrase:

on page 46.

WPA-PSK uses a much stronger encryption algorithm than WEP so it is harder to decode.

This option uses a passphrase to perform the authentication and generate the initial data

encryption keys. Then it dynamically varies the encryption key. WPA-PSK uses Temporal Key

Integrity Protocol (TKIP) data encryption, implements most of the IEEE 802.11i standard, and

is designed to work with all wireless network interface cards, but not all wireless access

points. It is superseded by WPA2-PSK.

WPA2-PSK is the strongest. It is advertised to be theoretically indecipherable due to the

greater degree of randomness in encryption keys that it generates. WPA2-PSK gets higher

speed because it is usually implemented through hardware, while WPA-PSK is usually

implemented through software. WPA2-PSK uses a passphrase to authenticate and generate

the initial data encryption keys. Then it dynamically varies the encryption key.

WPS-PSK + WPA2-PSK mixed mode is the preconfigured security mode on the wireless

modem router. NETGEAR recommends mixed mode because it provides broader support for

all wireless clients. WPA2-PSK clients get higher speed and security, and WPA-PSK clients

get decent speed and security. The product documentation for your wireless adapter and

WPA client software should have instructions about configuring their WPA settings.

WPA-802.1x is enterprise-level security and requires an authentication server to recognize

and authorize client access. The authentication server is called Remote Authentication Dial

In User Service (RADIUS). Every wireless client has a user login on the RADIUS server, and

the wireless modem router has a client login on the RADIUS server. Data transmissions are

encrypted with an automatically generated key. For information about how to use the WPA

enterprise option, see

Set WPA-802.1x Server and Passphrase:

on page 46.

Downloaded from

www.Manualslib.com

manuals search engine

Wireless Settings

40

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

Add Clients (Devices) to Your Network

Choose either the manual or the WPS method to add wireless devices, including guest

devices, and other equipment to your wireless network.

Manual Method



To add clients (devices) to your network manually:

1.

Open the software that manages your wireless connections on the wireless device

(laptop computer, gaming device, iPhone) that you want to connect to your router. This

software scans for all wireless networks in your area.

2.

Look for your network and select it. If you did not change the name of your network during

the setup process, look for the default Wi-Fi network name (SSID) and select it. The default

Wi-Fi network name (SSID) is located on the product label on the bottom of the router.

3.

Enter the wireless modem router passphrase and click

Connect

. The default wireless

modem router passphrase is located on the product label on the bottom of the router.

4.

Repeat steps 1–3 to add other wireless devices.

Wi-Fi Protected Setup (WPS) Method

Wi-Fi Protected Setup (WPS) is a standard for easily adding computers and other devices to

a home network while maintaining security. To use WPS, make sure that all wireless devices

to be connected to the network are Wi-Fi certified and support WPS. During the connection

process, the client gets the security settings from the router so that every device in the

network has the same security settings.

Note:

However, if you find that the router is generating new security

settings for each added device, it means that the default value for

Keep Existing Wireless Settings has changed. See

WPS Settings

on

page 131 for more information about this setting.

All Wi-Fi-certified and WPS-capable products are compatible with the NETGEAR products

that have Push 'N' Connect, which is based on WPS.

1

For information about how to view a

list of all wireless and wired devices connected to your modem router, see

View Attached

Devices

on page 72.

Note:

WEP security does not support WPS. If you try to use WPS to

connect a WEP device to your network, it will not connect.

1. For a list of other Wi-Fi-certified products available from NETGEAR, go to

.

Downloaded from

www.Manualslib.com

manuals search engine