YML9WMAXXN

ADSL2+ Wireless N300 Modem Router with VoIP User Guide

www.netcomm.com.au

31

NetComm Gateway

TM

Series - ADSL2+ Wireless N300 Modem Router with VoIP

Wireless

The Wireless dialog box allows you to enable the wireless capability, hide the access point, set the wireless network name and restrict the

channel set.

6.1 Setup

The Setup option allows you to configure basic features of the wireless LAN interface. You can enable or disable the wireless LAN interface,

hide the network from active scans, set the wireless network name (also known as SSID) and restrict the channel set based on country

requirements.

Click

Save/Apply

to configure the basic wireless options.

Option

Description

Enable Wireless

A checkbox that enables or disables the wireless LAN interface.

When selected, the Web UI displays Hide Access point, SSID, and County

settings.

The default is Enable Wireless.

Hide Access Point

Select Hide Access Point to protect

the access point from detection by wireless active scans.

If you do not want the access point to be

automatically detected by a wireless station, this checkbox should be de-selected.

The station will not discover this access point.

To connect a station to the available access points, the station must manually add this access

point name in its wireless configuration.

In Windows XP, go to the Network>Programs function to view all of the available access points.

You can also use other software programs

such as NetStumbler to view available access points.

Clients Isolation

1. Prevents clients PC from seeing one another in My Network Places or Network Neighborhood.

2. Prevents one wireless client communicating with another wireless client.

Disable WMM

Advertise

Stops the router from ‘advertising’ its Wireless Multimedia (WMM) functionality, which provides basic quality of service for time-sensitive

applications (e.g. VoIP, Video).

(wireless software version 3.10 and above)

SSID

Sets the wireless network name.

SSID stands for Service Set Identifier.

All stations must be configured with the correct SSID to access the

WLAN.

If the SSID does not match, that user will not be granted access.

The naming conventions are: Minimum is one character and maximum number of characters: 32 bytes.

BSSID

The BSSID is a 48bit identity used to identify a particular BSS (Basic Service Set) within an area. In Infrastructure BSS networks, the BSSID

is the MAC (Medium Access Control) address of the AP (Access Point) and in Independent BSS or ad hoc networks, the BSSID is generated

randomly.

Country

A drop-down menu that permits worldwide and specific national settings.

Each county listed in the menu enforces specific regulations

limiting channel range: US= worldwide, Japan=1-14, Jordan= 10-13, Israel= 1-13

Max Clients

The maximum number of clients that can access the router.

ADSL2+ Wireless N300 Modem Router with VoIP User Guide

YML9WMAXXN

32

www.netcomm.com.au

6.2 Wireless Security Quick Setup

Security settings are used to prevent unauthorised connection to your network.

This can be as basic as a neighbouring user who detects

and is able to connect through your wireless network, right through to actual malicious interference or ‘hacking’. Whatever the case, it is a

good practise to be aware of and to use wireless network security to safeguard your data and your network

Prior to considering the details of wireless security – provided later – the Quick Security Setup explains how to implement basic security on

your NB9WMAXXn wireless network.

Quick Security Setup 1: WEP Security

Your NB9WMAXXn has WEP (Wired Equivalent Privacy) encryption enabled by default. Your network will not be available to passer-by or

non-authorised users, and any workstation wishing to connect to your NB9WMAXXn must know the SSID (wireless network name) and

WEP key values.

Turn on wireless, and set the SSID or wireless network name in the Wireless Setup Screen:

Default SSID: wireless.

This can continue to be used or changed to the name of your choice.

Next, click on Wireless>Security.

You should see that WEP encryption is enabled by default.

This page will also allow you to change the Network Authentication and encryption key.

Default WEP Key:

a1b2c3d4e5

You are able to change these values however it is strongly recommended that security is not turned off.

It is also recommended that your

SSID or network name not advertise your actual name but be kept ‘generic’ or anonymous.

Note:

WEP Security is the appropriate choice if the network clients that wish to connect include 802.11b standard NICs.

YML9WMAXXN

ADSL2+ Wireless N300 Modem Router with VoIP User Guide

www.netcomm.com.au

33

NetComm Gateway

TM

Series - ADSL2+ Wireless N300 Modem Router with VoIP

Quick Security Setup 2 – WPA-PSK

If a stronger network security settings is required, go to Wireless>Security and select WPA-PSK from the Network Authentication drop-

down menu. Enter a network key of your choice in the WPA Pre-Shared Key field; this can be from 8 to 63 characters and contain special

characters and spaced. And change the WPA Group Rekey Interval to 3600.

Select TKIP for WPA Encryption and leave WEP Encryption as disabled.

Users wishing to connect to your network will need to know the SSID name and the WPA Pre-Shared Key.

Note:

Wireless client network cards must be WPA-compliant to connect to your network; if in doubt check the wireless client network card documentation, or use WEP security

(above).

6.3 Wireless Security in Detail

The following provides a detailed summary of wireless terms and acronyms and more in-depth explanations of the topic.

It assumes

little prior knowledge of wireless networking and is aimed at providing background for the terminology used in the NB9WMAXXn Wireless

Security screens.

Warning:

Wireless Networking is a technically challenging subject!

Authentication and Encryption

The two major aims of wireless network security are:

(1)

to prevent unauthorised persons from joining the network and

(2)

to prevent interception of network data or ‘eavesdropping’.

These aims are accomplished by:

•

Authentication: establishes the identity of those seeking to join the network

•

Encryption: ensures that data is protected in such a way that those outside the network cannot access it.

Network Keys

The term ‘network key’ is often used in the context of wireless networking. The Network Key can be a text string, although in some

systems network keys are generated from a ‘pass-phrase’ which is entered in one field from which up to four keys are derived in fields

underneath the entry field.

In all cases, the Wireless Router/Access Point and the workstations wishing to connect must use the same Network Key which needs to be

communicated to clients prior to connection.

‘Re-keying’ refers to the frequency with which network keys are changed; for security purposes, they need to be changed frequently in

case they re-occur frequently enough to identify them.

In some wireless systems, network keys are entered by a variety of means including:

•

ASCII – any letter, number, or punctuation mark but no special characters

•

Hex –

Letters A-F, Numbers 0-9 only

•

Pass phrase – enter a phrase in the top field of a set of fields, an algorithm then generates a series of keys based on the entered values.

These methods have been standardised in the later implementations of Wireless Security and are easier to use in WPA.

ADSL2+ Wireless N300 Modem Router with VoIP User Guide

YML9WMAXXN

34

www.netcomm.com.au

WEP and WPA

“WEP” stands for Wired Equivalent Privacy and was the original wireless security method.

Over time it was found to be vulnerable to

attacks based on de-coding the ‘keys’ used to encrypt the data.

While no longer recommended for enterprise-level security, WEP

is certainly secure from casual interception and will repel any non-specialised attempt to join the network or intercept data; it can be

penetrated with various kinds of software tools and techniques but these are beyond the capability of the average computer user.

In nearly all cases, the default security method, which is WEP, or WPA-PSK will provide adequate security for home wireless networks.

Other wireless security elements shall be explained in context below.

Network Authentication

Network Authentication specifies the type of network authentication. The default value is ‘Shared’.

Open:

Under Open System authentication, any wireless station can request authentication.

Shared:

Under Shared Key authentication, each wireless station is assumed to have received a secret shared key over a

secure channel that is independent from the 802.11 wireless network communications channel (i.e. verbally). To

use Shared Key authentication, you must have a network key assigned to the clients trying to connect to your

NB9WMAXXn.

802.1X

802.1X security requires the presence of a RADIUS server, and specification of the IP address of a RADIUS server, the port on which to

connect to it, and the Shared Key used to authenticate with it.

Disregard this security setting unless you are setting up or connecting to a RADIUS server.

WPA

WPA requires a RADIUS server to provide client authentication. WPA also requires specification of the ‘WPA Group Rekey Interval’ which

is the rate that the RADIUS server sends a new Group Key out to all clients. The Re-Keying process is part of WPA’s enhanced security.

This method also requires specification of the IP address of a RADIUS server, the port on which to connect to the RADIUS server, and the

shared key used to authenticate with the RADIUS server.

YML9WMAXXN

ADSL2+ Wireless N300 Modem Router with VoIP User Guide

www.netcomm.com.au

35

NetComm Gateway

TM

Series - ADSL2+ Wireless N300 Modem Router with VoIP

WPA-PSK

WPA-PSK is a special mode of WPA providing strong encryption without access to a RADIUS server.

In this mode encryption keys are automatically changed (rekeyed) and authentication re-established between devices after a specified

period referred to as the ‘WPA Group Rekey Interval’.

WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for two reasons: first, the process used to

generate the encryption key is very rigorous and second, the rekeying (or key changing) is done very quickly. This stops even the most

determined hacker from gathering enough data to identify the key and so break the encryption.

WEP is confusing because of the various types of ‘network keys’ vendors use (HEX, ASCII, or passphrase) and because home users mix

and match equipment from multiple vendors, all using different types of keys. But WPA-PSK employs a consistent, easy to use method to

secure your network. This method uses a passphrase (also called a shared secret) that must be entered in both the NB9WMAXXn and the

wireless clients. This shared secret can be between 8 and 63 characters and can include special characters and spaces. For maximum

security, the “WPA Pre-Shared Key” should be a random sequence of either keyboard characters (upper and lowercase letters, numbers,

and punctuation) at least 20 characters long, or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long.

Note:

The less obvious, longer and more ‘random’ your ‘WPA Pre-Shared Key’, the more secure your network.

Note the following ‘WPA Encryption’ options:

TKIP:

The Temporal Key Integrity Protocol (TKIP) takes over after the initial shared secret is

entered in your wireless devices and handles the encryption and automatic rekeying.

AES:

WPA defines the use of Advanced Encryption Standard (AES) as an additional

replacement for WEP encryption. Because you may not be able to add AES support

through a firmware update to your existing wireless clients / equipment, support for

AES is optional and is dependent on vendor driver support.

TKIP+AES:

This will allow either TKIP or AES wireless clients to connect to your NB9WMAXXn.

WPA2

‘WPA Pre-authentication’ support in WPA2 allows a client to pre-authenticate with the NB9WMAXXn toward which it is moving, while

maintaining a connection to the access point it’s moving away from.

This new capability allows the roaming to occur in less than 1/10th

of a second while a traditional roam without PMK caching and pre-authentication would take more than one second.

Time-sensitive

applications like Citrix, video, or VoIP will all break without fast roaming.

‘Network Re-Auth Interval’ is the interval specified (seconds) that the wireless client needs to re-authenticate with the NB9WMAXXn.

For the remainder of the fields required, see above.

WPA2-PSK:

Same as WPA-PSK, but you can only use AES with WPA2 and not WPA.

Mixed WPA2/WPA:

Enables WPA2 or WPA wireless clients to connect to the NB9WMAXXn.

Requires a RADIUS server to

authenticate the wireless clients.

Mixed WPA2/WPA-PSK:

Enables WPA2 and WPA clients to authenticate using a PSK (Pre-Shared Key) instead of a RADIUS

server.