Wireless-G Router WGR614v9 Reference Manual

Safeguarding Your Network

2-7

v1.1, May 2008

•

Channel

. This field determines which operating frequency is used. It should not be necessary

to change the wireless channel unless you notice interference problems with another nearby

wireless network. The wireless router uses channel bonding technology to extend the

bandwidth for data transmission. For more information about the wireless channel

frequencies, see the online document that you can access from

“Wireless Networking Basics”

in Appendix B

.

•

Mode

. This field determines which data communications protocol is used. You can choose

from: b and g; or g only.

•

Security Options

. The selection of wireless security options can significantly affect your

network performance. The time it takes to establish a wireless connection can vary depending

on both your security settings and router placement.

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-

PSK encryption can consume more battery power on a notebook computer, and can cause

significant performance degradation with a slow computer. Instructions for configuring the

security options can be found in

“Choosing Appropriate Wireless Security” on page 2-1

. A full

explanation of wireless security standards is available in the online document that you can

access from

“Wireless Networking Basics” in Appendix B

.

3.

Click

Apply

to save your settings.

Configuring WEP Wireless Security

WEP Shared Key authentication and WEP data encryption can be defeated by a determined

eavesdropper using publicly available tools.

WEP offers the following options:

•

Open System

. With Open System authentication and 64 or 128 bit WEP data encryption, the

Wireless-G Router

does

perform data encryption but

does not

perform any authentication.

Anyone can join the network. This setting provides very little practical wireless security.

•

Shared Key

. With Shared Key authentication, a wireless device must know the WEP key to

join the network. Select the encryption strength (64 or 128 bit data encryption). Manually

enter the key values, or enter a word or group of printable characters in the

Passphrase

field.

Manually entered keys

are not

case-sensitive, but passphrase characters

are

case-sensitive.

Wireless-G Router WGR614v9 Reference Manual

2-8

Safeguarding Your Network

v1.1, May 2008

To configure WEP data encryption:

1.

Select

Wireless Settings

under Setup in the main menu.

2.

In the Security Options section, select

WEP

. The WEP options display.

.

3.

Select the authentication type and encryption strength.

4.

You can manually or automatically program the four data encryption keys. These values must

be identical on all computers and access points in your network.

•

Automatic

. In the

Passphrase

field, enter a word or group of printable characters, and

click

Generate

. The passphrase is case-sensitive. For example, NETGEAR is not the

same as nETgear. The four key fields are automatically populated with key values.

•

Manual

. Enter 10 hexadecimal digits (any combination of 0–9, a–f, or A–F). These

entries are not case-sensitive. For example, AA is the same as aa.

Select which of the four keys to activate.

5.

Click

Apply

to save your settings.

Note:

If you use a wireless computer to configure WEP settings, you will be disconnected

when you click

Apply

. You must then either configure your wireless adapter to

match the wireless router WEP settings or access the wireless router from a wired

computer to make any further changes. Not all wireless adapter configuration

utilities support passphrase key generation.

Figure 2-3

Wireless-G Router WGR614v9 Reference Manual

Safeguarding Your Network

2-9

v1.1, May 2008

Configuring WPA-PSK and WPA2-PSK Wireless Security

Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and WPA2-PSK) data encryption

provides extremely strong data security, very effectively blocking eavesdropping. Because WPA

and WPA2 are relatively new standards, older wireless adapters and devices might not support

them. Check whether newer drivers are available from the manufacturer. Also, you might be able

to use the Push 'N' Connect feature to configure this type of security if it is supported by your

wireless clients. See

“Restricting Wireless Access by MAC Address” on page 2-11

.

WPA–Pre-Shared Key

does

perform authentication. WPA-PSK uses TKIP (Temporal Key

Integrity Protocol) data encryption, and WPA2-PSK uses AES (Advanced Encryption Standard)

data encryption. Both methods dynamically change the encryption keys making them nearly

impossible to circumvent.

Mixed mode allows clients using either WPA-PSK (TKIP) or WPA2-PSK (AES). This provides

the most reliable security, and is easiest to implement, but it might not be compatible with older

adapters.

To configure WPA-PSK, WPA2-PSK, or WPA-PSK+WPA2-PSK:

1.

Select

Wireless Settings

under Setup in the main menu.

2.

Select one of the WPA-PSK or WPA2-PSK options for the security type. The third option

(WPA-PSK [TKIP] + WP2-PSK [AES]) is the most flexible, since it allows clients using

either WPA-PSK or WPA2-PSK.

3.

In the

Passphrase

field, enter a word or group of 8–63 printable characters. The passphrase is

case-sensitive.

Note:

Not all wireless adapters support WPA. Furthermore, client software is also

required. Windows XP with Service Pack 2 does include WPA support.

Nevertheless, the wireless adapter hardware and driver must also support WPA.

For instructions on configuring wireless computers or PDAs (personal digital

assistants) for WPA-PSK security, consult the documentation for the product you

are using.

Wireless-G Router WGR614v9 Reference Manual

2-10

Safeguarding Your Network

v1.1, May 2008

4.

Click

Apply

to save your settings.

Viewing Advanced Wireless Settings

This section describes the wireless settings that you can view and specify in the Advanced

Wireless Settings screen, which you access under Advanced in the main menu.

To configure the advanced wireless security settings of your router:

1.

Log in to the router as described in

“Logging In to Your Wireless Router” on page 1-2

.

2.

Select

Wireless Settings

under Advanced in the main menu.

Figure 2-4

Figure 2-5

Wireless-G Router WGR614v9 Reference Manual

Safeguarding Your Network

2-11

v1.1, May 2008

The available settings in this screen are:

•

Enable SSID Broadcast

. Clear this check box to disable broadcast of the SSID, so that

only devices that know the correct SSID can connect. Disabling SSID broadcast nullifies

the wireless network discovery feature of some products such as Windows XP.

•

Enable Wireless Router Radio

. If you disable the wireless router radio, wireless devices

cannot connect to the Wireless-G Router. If you will not be using your wireless network

for a period of time, you can clear this check box and disable all wireless connectivity.

•

Enable WMM

. Clear this check box to disable WMM. Disabling WMM turns off the

wireless prioritization scheme. Note that wireless clients must also support WMM to take

advantage of this feature.

•

Wireless Card Access List

. For information about this list, see

“Restricting Wireless

Access by MAC Address” on page 2-11

.

.

Restricting Wireless Access by MAC Address

When a Wireless Card Access List is configured and enabled, the router checks the MAC address

of any wireless device attempting a connection and allows only connections to computers

identified on the trusted computers list.

The Wireless Card Access List displays a list of wireless computers that you allow to connect to

the router based on their MAC addresses. These wireless computers must also have the correct

SSID and wireless security settings to access the wireless router.

The MAC address is a network device’s unique 12-character physical address, containing the

hexadecimal characters 0–9, a–f, or A–F only, and separated by colons (for example,

00:09:AB:CD:EF:01). It can usually be found on the bottom of the wireless card or network

interface device. If you do not have access to the physical label, you can display the MAC address

using the network configuration utilities of the computer. In WindowsXP, for example, typing the

ipconfig/all

command in an MSDOS command prompt window displays the MAC address as

Physical Address. You might also find the MAC addresses in the router’s Attached Devices screen.

To restrict access based on MAC addresses:

1.

Select

Wireless Settings

under Advanced in the main menu.

Note:

The Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode

options are reserved for wireless testing and advanced configuration only. Do

not change these settings.