NETGEAR Wireless-N 300 Router WNR2000v2 User Manual

Safeguarding Your Network

2-9

v1.0, January 2010

Configuring WEP Wireless Security

WEP Shared Key authentication and WEP data encryption can be defeated by a determined

eavesdropper using publicly available tools.

WEP offers the following options:

•

Automatic

. With the Automatic option, the router will try both Open System and Shared Key

authentication. Normally this setting is suitable. If it fails, select

Open System

or

Shared Key

.

You can also refer to your wireless adapter’s documentation to see what method to use.

•

Open System

. With Open System authentication and 64 or 128 bit WEP data encryption, the

WNR2000v2 router

does

perform data encryption but

does not

perform any authentication.

Anyone can join the network. This setting provides very little practical wireless security.

•

Shared Key

. With Shared Key authentication, a wireless device must know the WEP key to

join the network. Select the encryption strength (64 or 128 bit data encryption). Manually

enter the key values, or enter a word or group of printable characters in the

Passphrase

field.

Manually entered keys

are not

case-sensitive, but passphrase characters

are

case-sensitive.

To configure WEP data encryption:

1.

Select

Wireless Settings

under Setup in the main menu.

2.

In the Security Options section, select

WEP

. The WEP options display.

Note:

If you use a wireless computer to configure WEP settings, you will be disconnected

when you click

Apply

. You must then either configure your wireless adapter to

match the wireless router WEP settings or access the wireless router from a wired

computer to make any further changes. Not all wireless adapter configuration

utilities support passphrase key generation.

NETGEAR Wireless-N 300 Router WNR2000v2 User Manual

Safeguarding Your Network

2-10

v1.0, January 2010

.

3.

Select the authentication type and encryption strength.

4.

You can manually or automatically program the four data encryption keys. These values must

be identical on all computers and access points in your network.

•

Automatic

. In the

Passphrase

field, enter a word or group of printable characters, and

click

Generate

. The passphrase is case-sensitive. For example, NETGEAR is not the

same as nETgear. The four key fields are automatically populated with key values.

•

Manual

. Enter 10 hexadecimal digits (any combination of 0–9, a–f, or A–F). These

entries are not case-sensitive. For example, AA is the same as aa.

Select which of the four keys to activate.

5.

Click

Apply

to save your settings.

Configuring WPA-PSK and WPA2-PSK Wireless Security

Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and WPA2-PSK) data encryption

provides extremely strong data security, very effectively blocking eavesdropping. Because WPA

and WPA2 are relatively new standards, older wireless adapters and devices might not support

them. Check whether newer drivers are available from the manufacturer. Also, you might be able

to use the Push 'N' Connect feature to configure this type of security if it is supported by your

wireless clients. See

“Using Push 'N' Connect (Wi-Fi Protected Setup)” on page 2-13

.

Figure 2-3

NETGEAR Wireless-N 300 Router WNR2000v2 User Manual

Safeguarding Your Network

2-11

v1.0, January 2010

WPA–Pre-Shared Key

does

perform authentication. WPA-PSK uses TKIP (Temporal Key

Integrity Protocol) data encryption, and WPA2-PSK uses AES (Advanced Encryption Standard)

data encryption. Both methods dynamically change the encryption keys making them nearly

impossible to circumvent.

Mixed mode allows clients using either WPA-PSK (TKIP) or WPA2-PSK (AES). This provides

the most reliable security, and is easiest to implement, but it might not be compatible with older

adapters.

To configure WPA-PSK, WPA2-PSK, or WPA-PSK+WPA2-PSK:

1.

Select

Wireless Settings

under Setup in the main menu. The Wireless Settings screen

displays.

2.

Select one of the WPA-PSK or WPA2-PSK options for the security type. The third option

(WPA-PSK [TKIP] + WP2-PSK [AES]) is the most flexible, since it allows clients using

either WPA-PSK or WPA2-PSK.

3.

In the

Passphrase

field, enter a word or group of 8–63 printable characters. The passphrase is

case-sensitive.

Note:

Not all wireless adapters support WPA. Furthermore, client software is also

required. Windows XP with Service Pack 2 does include WPA support.

Nevertheless, the wireless adapter hardware and driver must also support WPA.

For instructions on configuring wireless computers or PDAs (personal digital

assistants) for WPA-PSK security, consult the documentation for the product you

are using.

Figure 2-4

NETGEAR Wireless-N 300 Router WNR2000v2 User Manual

Safeguarding Your Network

2-12

v1.0, January 2010

4.

Click

Apply

to save your settings.

Viewing Advanced Wireless Settings

This section describes the wireless settings that you can view and specify in the Advanced

Wireless Settings screen, which you access under Advanced in the main menu.

To configure the advanced wireless security settings of your router:

1.

Log in to the router as described in

“Logging In To Your Wireless Router” on page 1-2

.

2.

Select

Wireless Settings

under Advanced in the main menu. The advanced Wireless Settings

screen displays

The available settings in this screen are:

•

Enable Wireless Router Radio

. If you disable the wireless router radio, wireless devices

cannot connect to the WNR2000v2 router. If you will not be using your wireless network

for a period of time, you can clear this check box and disable all wireless connectivity.

•

Enable SSID Broadcast

. Clear this check box to disable broadcast of the SSID, so that

only devices that know the correct SSID can connect. Disabling SSID broadcast nullifies

the wireless network discovery feature of some products such as Windows XP.

Figure 2-5

NETGEAR Wireless-N 300 Router WNR2000v2 User Manual

Safeguarding Your Network

2-13

v1.0, January 2010

•

Enable WMM

. Clear this check box to disable WMM. WMM (Wireless Multimedia), a

subset of the 802.11e standard, allows wireless traffic to have a range of priorities,

depending on the kind of data. Time-dependent information, like video or audio, will have

a higher priority than normal traffic. For WMM to function correctly, Wireless clients

must also support WMM.

•

Fragmentation Threshold

,

CTS/RTS Threshold

, and

Preamble Mode

. The

Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode options are reserved

for wireless testing and advanced configuration only. Do not change these settings.

•

WPS Settings

. For information about these settings, see the section,

“Using Push 'N'

Connect (Wi-Fi Protected Setup)” on page 2-13

.

•

Wireless Card Access List

. For information about this list, see

“Restricting Wireless

Access by MAC Address” on page 2-19

.

.

Using Push 'N' Connect (Wi-Fi Protected Setup)

If your wireless clients support Wi-Fi Protected Setup (WPS), you can use this feature to configure

the router’s network name (SSID) and security settings and, at the same time, connect a wireless

client securely and easily to the router. Look for the

symbol on your client device. WPS

automatically configures the network name (SSID) and wireless security settings for the router (if

the router is in its default state) and broadcasts these settings to the wireless client.

When you add wireless clients, whether or not they are WPS enabled, the added devices must

share the same network name (SSID) and security passphrase. For more information, see

“Connecting Additional Wireless Client Devices after WPS Setup” on page 2-18

.

The WNR2000v2 router provides two methods for connecting to a wireless client that supports

WPS, described in the following sections:

Note:

NETGEAR’s Push 'N' Connect feature is based on the Wi-Fi Protected Setup

(WPS) standard (for more information, see

). All other Wi-Fi-

certified and WPS-capable products should be compatible with NETGEAR

products that implement Push 'N' Connect.

Note:

If you choose to use WPS, the only security methods supported are WPA-PSK and

WPA2-PSK. WEP security is not supported by WPS.