NETGEAR ProSafe 802.11g Wireless Access Point WG302v2 Reference Manual

2-14

Basic Installation and Configuration

v1.0, May 2006

3.

Select the Security Profile to configure and click Edit.

The Security Profile Configuration page appears, as shown below.

4.

Enter the settings for the Security Profile, which are described on the following page.

5.

To update the settings, click Apply.

Figure 2-7

Note:

If you use a wireless computer to configure Security Profile settings, and if

your computer uses the Security Profile that you change, you will be

disconnected when you click Apply. Reconfigure your wireless adapter to

match the new settings or access the wireless access point from a wired

computer to make any further changes.

NETGEAR ProSafe 802.11g Wireless Access Point WG302v2 Reference Manual

Basic Installation and Configuration

2-15

v1.0, May 2006

After the configuration changes are applied, the main Security Profile page displays.

6.

If the Security Profile you configured is not already enabled, click the Enable check box

associated with the Security Profile, and then click Apply.

By default, only the first Security Profile (default name: NETGEAR) is enabled. To disable

this Security Profile, you must disable the radio on the Wireless Settings page.

Profile Definition

The following settings are in the Profile Definition section on the Security Profile Configuration

screen:

•

Security Profile Name.

Use a name that makes it easy to recognize the profile, and to tell

profiles apart.

•

Wireless Network Name (SSID).

The SSID is also known as the wireless network name. The

SSID separates network traffic from different wireless networks. For more information about

the SSID, see

Wireless Network Name (SSID)

on page

2-11

.

•

Broadcast Wireless Network Name (SSID).

This field lets you turn off the SSID broadcast.

If you do so, then only stations that know the SSID can connect. Disabling the SSID broadcast

might interfere with the wireless network “discovery” feature of some products. The default is

to enable SSID broadcast.

Network Authentication

The ProSafe 802.11g

is set by default as an open system with no authentication. When setting up

Network Authentication, note the following information:

•

If you are using Access Point mode, then all options are available. In other modes such as

Repeater or Bridge, some options might be unavailable.

•

Not all wireless adapters support WPA or WPA2. Windows XP and Windows 2000 with

Service Pack 3 do include the client software that supports WPA. However, client software is

required on the client. Consult the product documentation for your wireless adapter and WPA

or WPA2 client software for instructions about configuring WPA2 settings.

You can configure the WG302v2 to use the types of network authentication shown in the table

below in

Table 2-1

.

NETGEAR ProSafe 802.11g Wireless Access Point WG302v2 Reference Manual

2-16

Basic Installation and Configuration

v1.0, May 2006

.

Data Encryption

Select the data encryption that you want to use. The available options depend on the Network

Authentication setting above (otherwise, the default is None). The Data Encryption settings are

explained below:

Table 2-1

Network Authentication Types

Authentication

Description

Open System

Can be used with WEP encryption or no encryption.

Shared Key

You must use WEP encryption and enter at least one shared key.

Legacy 802.1x

You must configure the RADIUS Server Settings to use this option.

WPA with RADIUS

You must configure the RADIUS Server Settings to use this option.

WPA2 with RADIUS

WPA2 is a later version of WPA. Only select this if all clients support

WPA2. If selected, you must use AES encryption and configure the

RADIUS Server Settings.

WPA and WPA2 with

RADIUS

This selection allows clients to use either WPA (with TKIP) or WPA2

(with AES). If selected, you must use TKIP + AES encryption and

configure the RADIUS Server Settings.

WPA-PSK

You must use TKIP encryption and enter the WPA passphrase

(Network key).

WPA2-PSK

WPA2 is a later version of WPA. Only select this if all clients support

WPA2. If selected, you must use AES encryption and enter the WPA

passphrase (Network key).

WPA-PSK and

WPA2-PSK

This selection allows clients to use either WPA (with TKIP) or WPA2

(with AES). If selected, you must use TKIP + AES encryption and enter

the WPA passphrase (Network key).

Table 2-2

Data Encryption Settings

Settings

Description

None

No encryption is used.

64 bits WEP

Standard WEP encryption, using 40/64 bit encryption.

128 bits WEP

Standard WEP encryption, using 104/128 bit encryption.

152 bits WEP

Proprietary mode that will only work with other wireless devices that

support this mode.

TKIP

This is the standard encryption method used with WPA.

NETGEAR ProSafe 802.11g Wireless Access Point WG302v2 Reference Manual

Basic Installation and Configuration

2-17

v1.0, May 2006

The Passphrases and Keys are explained below:

•

Passphrase.

To use the Passphrase to generate the WEP keys, enter a passphrase and click the

Generate Keys button. You can also enter the keys directly. These keys must match the other

wireless stations.

•

Key 1, Key 2, Key 3, Key 4.

If using WEP, select the key to be used as the default key. Data

transmissions are always encrypted using the default key. The other keys can only be used to

decrypt received data.

•

WPA Pre-Shared Key.

If using WPA-PSK, enter the passphrase here. All wireless stations

must use the same passphrase (network key). The network key must be from 8 to 63 characters

in length.

Wireless Client Security Separation

If enabled, the associated wireless clients will not be able to communicate with each other. This

feature is used for hotspots and other public access situations. The default is disabled.

VLAN ID

Enter a VLAN ID from 1-4094 to assign traffic from wireless clients to a VLAN. When a wireless

client uses this Security Profile, the traffic is tagged with the VLAN ID you specify. To assign

multiple Security Profiles to the same VLAN, enter the same VLAN ID for each profile. The

default VLAN ID is 1. If you enter a VLAN ID that is not the default, make sure the VLAN ID

matches the VLAN ID that switches and other network devices use on the LAN.

AES

This is the standard encryption method for WPA2. Some clients may

support AES with WPA, but this is not supported by this Access Point.

TKIP + AES

This setting supports both WPA and WPA2. Broadcast packets use

TKIP. For unicast (point-to-point) transmissions, WPA clients use TKIP,

and WPA2 clients use AES.

Note:

Security Profiles that share the same type of network authentication must share

the same passphrase or keys. Security Profiles that use WEP must share the

same four keys, but they do not need to use the same default key.

Table 2-2

Data Encryption Settings (continued)

Settings

Description

NETGEAR ProSafe 802.11g Wireless Access Point WG302v2 Reference Manual

2-18

Basic Installation and Configuration

v1.0, May 2006

The VLAN assigned to the first Security Profile (default name: NETGEAR) is the management

VLAN. By default all traffic on the WG302v2 uses VLAN 1, which is the default untagged

VLAN. Therefore, all traffic is untagged until you change the untagged traffic VLAN ID on the

Basic Settings page or assign a different VLAN ID to the Security Profile.