DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

3-4

Wireless Configuration

v1.0, April 2007

Wireless LANs

Configuring the Wireless settings for your LAN consists of the following categories:

•

Wireless Network.

Wireless Network Name (SSID). The SSID is also known as the wireless

network name. Enter a value of up to 32 alphanumeric characters. In a setting where there is

more than one wireless network, different wireless network names provide a means for

separating the traffic. Any device you want to participate in the 802.11b/g wireless network

will need to use this SSID for that network. The DGFV338 default SSID is:

NETGEAR

.

•

Country/Region.

Lists the various regions where the DGFV338 can be used. It may not be

legal to operate the wireless features of the wireless firewall in a region other than the one

specified for your area.

•

Operating Mode

. The various options are

:

–

g & b – Both 802.11g and 802.11b wireless stations can be used.

The default is “g & b” which allows both 802.11g and 802.11b wireless stations to access

this device. The 802.11b and 802.11g wireless networking protocols are configured in

exactly the same fashion. The DGFV338 will automatically adjust to the 802.11g or

802.11b protocol the device requires without compromising the speed of the other devices.

–

g only – Only 802.11g wireless stations can be used (data rate 54 Mbit/sec).

–

b only – All 802.11b wireless stations can be used (11 Mbit/sec). 802.11g wireless stations

can still be used if they can operate in 802.11b mode.

•

Operating Channel.

The default is Auto. This field determines which operating frequency

will be used. It should not be necessary to change the wireless channel unless you notice

interference problems with another nearby access point.

•

Wireless Access Point.

–

Enable

Wireless Access Point.

This checkbox should be enabled to turn on the wireless

radio. (The default is disabled.)

–

Enable A

llow Broadcast of Name

. The default setting is to enable SSID broadcast. If you

disable broadcast of the SSID, only devices that have the correct SSID can connect.

Disabling SSID broadcast somewhat hampers the wireless network “discovery” feature of

some products.

Note:

If your country or region is not listed, please check with your local

government agency or check the NETGEAR website for more

information on which channels to use.

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Wireless Configuration

3-5

v1.0, April 2007

•

Wireless Security Type.

A number of security options are available to use on your Wireless

Network:

–

None.

No data encryption is used.

–

WEP

. Enables WEP (Wired Equivalent Privacy) data encryption (64-, or 128-, or 152-bit)

and requires at least one shared key and a WEP passphrase. When selecting WEP, you can

also select:

•

Open System

. No data encryption is used.

•

Shared Key

. Enables WEP data encryption (64-, 128-, or 152-bit) and requires at least

one shared key and a WEP passphrase.

–

WPA with PSK

(Wi-Fi Protected Access Pre-Shared Key). WPA-PSK can use TKIP or

AES standard encryption.

–

WPA2 with PSK

. WPA2 is a later version of WPA. Only select this if all clients support

WPA2. If selected, you must use AES encryption, and enter the WPA passphrase

(Network key).

–

WPA-PSK and WPA2-PSK

. This selection allows clients to use either WPA (with AES

encryption) or WPA2 (with TKIP encryption). If selected, encryption must be TKIP +

AES.

–

WPA with Radius

. This version of WPA requires the use of a Radius server for

authentication. Each user (Wireless Client) must have a “user” login on the Radius

Server— normally done via a digital certificate. Also, this device must have a “client”

login on the Radius server. Data transmissions are encrypted using a key which is

automatically generated.

–

WPA2 with RADIUS

. WPA2 is a later version of WPA. Only select this if all clients

support WPA2. If selected, you must use AES encryption, and configure the RADIUS

Server Settings. Each user (Wireless Client) must have a “user” login on the Radius

Server—normally done via a digital certificate. Also, this device must have a “client”

login on the RADIUS server. Data transmissions are encrypted using a key which is

automatically generated.

–

WPA and WPA2 with RADIUS

. This selection allows clients to use either WPA (with

AES encryption) or WPA2 (with TKIP encryption). If selected, encryption must be

TKIP+AES. You must also configure the RADIUS Server Settings.

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

3-6

Wireless Configuration

v1.0, April 2007

Access Control List

The Access Control List enables the restriction of wireless PCs by their MAC addresses. Click the

Setup Access List

link at the top of the Wireless Settings screen to configure your trusted wireless

stations.

•

Available Wireless Stations

. The Available Wireless Stations list displays any available

wireless PCs and their MAC addresses.

If the wireless PC appears in the

Available Wireless Cards

list, you can click on the radio

button of that PC to capture its MAC address. If your wireless PC is not displayed, make sure

that the PC is configured correctly.

•

Trusted Wireless Stations

. Lets you restrict wireless connections according to a list of

Trusted Wireless Stations based on the PC MAC addresses. When the Trusted PCs Only radio

button is selected, the DGFV338 checks the MAC address of the wireless station and only

allows connections to PCs identified on the trusted PCs list.

•

To restrict access based on MAC addresses, the

Set up Access List radio button must be

selected and the MAC Access Control List must be updated to include a listed of restricted

PCs based on MAC address

.

•

Add New Stations Manually

. If no wireless PCs appears in the Available Wireless Cards list,

you can manually enter the Device Name and MAC address of the authorized wireless PC.

The MAC address is a 12-character key that can usually be found on the bottom of the wireless

device.

Note:

Not all wireless adapters support WPA and WPA2. Client software is

required on the client. Windows XP and Windows 2000 with Service Pack

3 do include the client software that supports WPA and WPA2. However,

the wireless adapter hardware

and

driver must also support WPA and

WPA2. Consult the product document for your wireless adapter and WPA

and WPA2 client software for instructions on configuring WPA and WPA2

settings.

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Wireless Configuration

3-7

v1.0, April 2007

Wireless Advanced Options

Advanced Wireless Router Settings

The

Wireless Advanced Options

settings are intended for administrator use—and should be used

with caution and only as directed by NETGEAR. The Advanced Settings menu controls the

following:

•

RTS Threshold

(Default: 2346). The Request to Send Threshold is the packet size that

determines if the CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

mechanism or the CSMA/CA mechanism should be used for packet transmission. With the

CSMA/CD transmission mechanism, the transmitting station sends out the actual packet as

soon as it has waited for the silence period. With the CSMA/CA transmission mechanism, the

transmitting station sends out an RTS packet to the receiving station, and waits for the

receiving station to send back a CTS (Clear to Send) packet before sending the actual packet

data.

•

Fragmentation Length

(Default: 2346). This is the maximum packet size used for

fragmentation. Packets larger than the size programmed in this field will be fragmented. The

Fragment Threshold value must be larger than the RTS Threshold value.

•

Beacon Interval

(Default: 100). The Beacon Interval specifies the interval time (between

20ms and 1000ms) for each beacon transmission.

•

DTIM

(Default: 1). The DTIM (Delivery Traffic Indication Message) specifies the data

beacon rate between 1 and 255.

•

Preamble Type

(Default: Auto). A long transmit preamble may provide a more reliable

connection or a slightly longer range. A short transmit preamble gives better performance.

Auto will automatically handle both long and short preambles.

•

SuperG Mode

. If enabled, the Wireless Router will enable data compression, packet bursting

and large frame support. This feature is available only for SuperG compatible wireless

devices.

–

If you

Enable 108Mbps Features,

the throughput of the 802.11g connection will be

doubled (typically 54 Mbps) to 108 Mbps and the wireless gateway will be SuperG

enabled. SuperG can be used only on Channel 6.

Warning:

The ProSafe DGFV338 is already configured with the optimum settings. Do

not alter these settings unless directed by NETGEAR support. Incorrect

settings may disable the wireless firewall unexpectedly.

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

3-8

Wireless Configuration

v1.0, April 2007

–

If you

Enable eXtended Range (XR) Feature,

significantly longer range connections

than basic 802.11 are maintained through dense barriers (walls, floors, etc.). Faint

connections will maintain connectivity due to improved error correction and lowered

noise vulnerability.

WEP and WPA/WPA2 Wireless Security Check List Form

For a new wireless network, print or copy this form and fill in the configuration parameters. For an

existing wireless network, the person who set up or is responsible for the network will be able to

provide this information. Be sure to set the Regulatory Domain correctly as the first step.

•

SSID

.

The Service Set Identification (SSID) identifies the wireless local area network.

NETGEAR

is the default DGFV338 SSID. However, you may customize it by using up to 32

alphanumeric characters. Write your customized SSID on the line below.

________________________________________________

Note:

All wireless nodes in the same network must be configured with the same SSID:

•

Authentication.

Choose “Shared Key” or above for more security. Circle one:

Open System, Shared Key, Legacy 802.1X, WPA with Radius, WPA2 with Radius, WPA and

WPA2 with Radius, WPA-PSK, WPA2-PSK, or WPA-PSK and WPA2-PSK with Radius.

Note:

If you selected any of the secure settings—Shared Key or above—the other devices in

the network will not connect unless they are set to same Authentication type and have the

other required mandatory fields correctly enabled as described previously.

•

WEP Encryption Keys.

For all four 802.11b keys, choose the Key Size. Circle one: 64, 128,

or 152 bits

Key 1: ___________________________________

Key 2: ___________________________________

Key 3: ___________________________________

Key 4: ___________________________________

•

WPA-PSK or WPA2-PSK (Pre-Shared Key)

Record the WPA-PSK or WPA2-PSK key. Key: ___________________________________

•

WPA or WPA2 RADIUS Settings.

For WPA or WPA2, record the following RADIUS

settings:

Server Name/IP Address: Primary _________________

Secondary __________________