Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

4-8

Wireless Configuration

M-10153-01

Wireless Mode.

This field determines which data communications protocols will be used:

•

g & b — both 802.11g and 802.11b wireless stations can be used.

•

g only — only 802.11g wireless stations can be used.

•

b only — all 802.11b wireless stations can be used. 802.11g wireless stations can still be

used if they can operate in 802.11b mode.

•

108 Mbps only — only compatible 802.11g wireless stations that support 108 Mbps can

connect.

•

Auto 108 Mbps — all 802.11g, 802.11b and NETGEAR 108 Mbps wireless stations can

be used.

Note:

If you select 108 Mbps mode, the router will only use channel 6.

The default is “g and b”, which allows both “g” and “b” wireless stations to access this device.

Security Mode:

•

Open System — allows any device to join the network, assuming that the device SSID

matches the router SSID. Alternatively, the device can use the “ANY” SSID option to

associate with any available router within range, regardless of its SSID.

•

Shared Key — only those computers that possess the correct authentication key can join

the network.

•

802.1x — defines port-based, network access control used to provide authenticated

network access and automated data encryption key management. 802.1x uses a protocol

called EAP (Extensible Authentication Protocol).

•

WPA-PSK — (Wi-Fi Protected Access Pre-Shared Key) — use WPA standard encryption.

•

WPA — (Wi-Fi Protected Access) — use WPA-PSK standard encryption.

Cipher Type:

•

Disable — no data encryption

•

WEP (Wired Equivalent Privacy) — use WEP 64, 128 or 152 bit data encryption.

•

AES — Advanced Encryption Standard, a symmetric 128-bit block data encryption

technique. It is an iterated block cipher with a variable block length and a variable key

length.

•

TKIP — the Temporal Key Integrity Protocol mechanism shares a starting key between

devices. Each device then changes its encryption key for every packet.

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

Wireless Configuration

4-9

M-10153-01

Wireless Security Settings

The following table shows the 11a and 11g security mode and cipher type options:

Instructions on how to configure the security settings are provided in the following sections.

WEP Authentication and Encryption

Restricting wireless access to your network prevents intruders from connecting to your network.

However, the wireless data transmissions are still vulnerable to snooping. Using the WEP data

encryption settings described below will prevent a determined intruder from eavesdropping on

your wireless data communications. Also, if you are using the Internet for such activities as

purchases or banking, those Internet sites use another level of highly secure encryption called SSL.

You can tell if a Web site is using SSL because the Web address begins with HTTPS rather than

HTTP.

Table 4-3.

Wireless Security Settings

Security Mode

Cipher Type

Open System

WEP — 64, 128, or 152 bit encryption

Shared Key

WEP — 64, 128, or 152 bit encryption

802.1x

none

WPA-PSK

AES or TKIP

WPA

AES or TKIP

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

4-10

Wireless Configuration

M-10153-01

Security Mode Selection

Figure 4-4:

Encryption Strength

The WGU624 lets you select the following wireless security modes with the WEP Cypher Type:

•

Open System

. With Open Network Authentication and 64-, 128-, or 152- bit WEP data

encryption, the WGU624 performs data encryption, but does not perform any authentication.

•

Shared Key.

Encrypts the SSID and data. Choose the Encryption Strength (64-, 128-, or

152-bit data encryption). Manually enter the key values or enter a word or group of printable

characters in the Passphrase box. Manually entered keys are case sensitive but Passphrase

characters are not case sensitive.

Note:

Not all wireless adapter configuration utilities support Passphrase key generation.

Be sure to set your wireless adapter according to the authentication scheme you choose for the

WGU624 wireless router. Please refer to

“Authentication and WEP” on page D-3

for a full

explanation of each of these options, as defined by the IEEE 802.11 wireless communication

standard.

Cipher Type Choices

Choose the encryption strength from the drop-down list. Please refer to

“Overview of WEP

Parameters” on page D-5

for a full explanation of each of these options, as defined by the IEEE

802.11 wireless communication standard.

Note:

The security mode is separate from the data encryption cipher type. You

can choose the Shared Key security mode, but still leave the data transmissions

unencrypted. If you require strong security, use both the Shared Key and WEP

encryption settings

.

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

Wireless Configuration

4-11

M-10153-01

•

Disable.

No encryption will be applied. This setting is useful for troubleshooting your wireless

connection, but leaves your wireless data fully exposed.

•

64-bit, 128-bit, or 152-bit WEP.

When selected, WEP encryption will be applied. If

encryption strength is set to 128 bit or 152 bit, then only the selected WEP key box will

automatically be populated with key values.

If WEP is enabled, you can manually or automatically program the four data encryption keys.

These values must be identical on all PCs and access points in your network.

There are two methods for creating WEP encryption keys:

•

Passphrase

. Enter a word or group of printable characters in the Passphrase box and click the

Generate button. These characters

are

case sensitive.

•

Manual

. For 64-bit WEP, enter 10 hexadecimal digits (any combination of 0-9, a-f, or A-F).

For 128-bit WEP, enter 26 hexadecimal digits (any combination of 0-9, a-f, or A-F). For

152-bit WEP, enter 32 hexadecimal digits (any combination of 0-9, a-f, or A-F). These values

are not

case sensitive.

WPA Encryption

You can select WPA-PSK or WPA for the Security Mode. The default is WPA-PSK.

WPA-Pre-shared Key performs authentication, uses 128-bit data encryption and dynamically

changes the encryption keys, making it nearly impossible to circumvent.

You must use the same wireless security settings on the client adapters to properly implement

WPA security.

Figure 4-5:

Security Modes

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

4-12

Wireless Configuration

M-10153-01

Cipher Type Choices

•

AES.

Advanced Encryption Standard, a symmetric 128-bit block data encryption technique. It

is an iterated block cipher with a variable block length and a variable key length. The block

length and the key length can be independently specified to 128, 192 or 256 bits.The U.S

government adopted the algorithm as its encryption technique in October 2000, replacing the

DES encryption it used. AES works at multiple network layers simultaneously.

•

TKIP

. The Temporal Key Integrity Protocol mechanism shares a starting key between devices.

Each device then changes their encryption key for every packet. It is extremely difficult for

hackers to read messages — even if they have intercepted the data.

Passphrase

The Passphrase must be identical on all PCs and access points in your network. Enter a word or

group of printable characters in the Passphrase box. These characters are case sensitive.

Key Update

The default Key Update is 0 for unlimited updates. You can change this to a value between 15 and

1800.

Radius Server Settings

•

Enter the Radius Server IP address.

•

The Radius Port number is 1812 by default.

•

Enter a Radius Secret, which can be up to 32 alphanumeric characters

Note:

Not all wireless adapter configuration utilities support WPA. Furthermore, client software is

required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client

software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also

support WPA.