Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG102

3-24

Basic Installation and Configuration

v1.0, September 2005

Once your PCs have basic wireless connectivity to the WAG102, you can configure the advanced

wireless security functions.

How to Restrict Wireless Access by MAC Address

To restrict access based on MAC addresses, follow these steps:

1.

Log in to the WAG102 using its default address of

or at whatever IP

address the unit is currently configured. Use the default user name of

admin

and default

password of

password

, or whatever LAN address and password you have set up.

2.

From the Security menu, click the Access Control 11a and 11bg links to display the Access

Control menus shown below.

Note:

When configuring the WAG102 from a wireless computer whose MAC address

is not in the access control list, if you select Turn Access Control On, you will

lose your wireless connection when you click Apply. You must then access the

wireless access point from a wired computer or from a wireless computer

which is on the access control list to make any further changes.

Figure 3-11

Access Control 11a menu

Access Control 11b/g menu

Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG102

Basic Installation and Configuration

3-25

v1.0, September 2005

3.

The optional Access Control window lets you block the network access privilege of the

specified stations through the WAG102 Access Point. When you enable access control, the

access point only accepts connections from clients on the selected access control list. This

provides an additional layer of security.

a.

Choose the Turn Access Control On to enable Access Control feature.

b.

Select the desired Access Control Database options. The options are:

•

Local MAC Address Database – The Access Point will use the local MAC address

table for Access Control. This is the default.

•

RADIUS MAC Address Database – The Access Point will use the MAC address table

located on the external Radius server on the LAN for Access Control.

c.

Trusted Wireless Stations

: This lists any wireless stations you have entered. If you have

not entered any wireless stations this list will be empty. To delete an existing entry, select

it and then click the "Delete" button.

d.

Available Wireless Stations

: Select the stations from the wireless station list and click

Add button to add to the Trusted Wireless Stations list.

e.

Add new Station Manually

: Use this to add the MAC address of the wireless stations to

the Trusted Wireless Stations list.

Now, only devices on this list will be allowed to wirelessly connect to the WAG102.

How to Configure WEP

To configure WEP data encryption, follow these steps:

1.

Log in to the WAG102 using its default address of

or at whatever IP

address the unit is currently configured Use the default user name of

admin

and default

password of

password

, or whatever LAN address and password you have set up.

2.

Click the WEP/WPA Settings link in the main menu of the WAG102.

Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG102

3-26

Basic Installation and Configuration

v1.0, September 2005

3.

Choose Open System or Shared Key authentication.

4.

Select Data Encryption.

5.

You can manually or automatically program the four data encryption keys. These values must

be identical on all PCs and Access Points in your network.

—

Automatic - enter a word or group of printable characters in the Passphrase box and click

the Generate button. The four key boxes will be automatically populated with key values.

—

Manual - enter ten hexadecimal digits (any combination of 0-9, a-f, or A-F)

Select which of the four keys will be the default.

See

“Wireless Communications:” in Appendix B

for a full explanation of each of these

options, as defined by the IEEE 802.11 wireless communication standard.

6.

Click

Apply

to save your settings.

Figure 3-12

Note:

If you use a wireless computer to configure WEP settings, you will be disconnected

when you click Apply. Reconfigure your wireless adapter to match the new settings

or access the wireless access point from a wired computer to make any further

changes.

Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG102

Basic Installation and Configuration

3-27

v1.0, September 2005

How to Configure WPA and/or WPA2 with Radius

To configure WPA, follow these steps:

1.

Log in at the default LAN address of

with the default user name of

admin

and default password of

password

, or using whatever LAN address and password you

have set up.

2.

From the Security menu, click Radius Server Settings link to display the Radius Server

Settings menu shown below.

Note:

Not all wireless adapters support WPA. Furthermore, client software is required on

the client. Windows XP and Windows 2000 with Service Pack 3 or above do

include the client software that supports WPA. Nevertheless, the wireless adapter

hardware and driver must also support WPA. Consult the product document for

your wireless adapter and WPA client software for instructions on configuring

WPA settings.

Figure 3-13

Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG102

3-28

Basic Installation and Configuration

v1.0, September 2005

3.

Authentication/Access Control Radius Server Configuration

: This configuration is

required for authentication using Radius. IP Address, Port No. and Shared Secret is required

for communication with a Radius Server. A Secondary Radius Server for use if the Primary

Radius Server fails.

•

IP Address

: The IP address of the Radius Server. The default is 0.0.0.0

•

Port Number

: Port number of the Radius Server. The default is 1812.

•

Shared Secret

: This is shared between the Wireless Access Point and the Radius Server

while authenticating the supplicant.

4.

Accounting Radius Server Configuration

: This configuration is required for accounting

using a Radius Server. IP Address, Port No. and Shared Secret is required for communication

with the Radius Server. A Secondary Radius Server can be configured for use if the Primary

Radius Server fails.

•

IP Address

: The IP address of the Radius Server. The default is 0.0.0.0

•

Port Number

: Port number of the Radius Server. The default is 1813.

•

Shared Secret

: This is shared between the Wireless Access Point and the Radius Server

while authenticating the supplicant.

5.

Click

Apply

to save your settings.