Reference Manual for the NETGEAR RangeMax™ Wireless Access Point WPN802

B-2

Wireless Networking Basics

202-10101-01, May 2005

Ad Hoc Mode (Peer-to-Peer Workgroup)

In an ad hoc network, computers are brought together as needed; thus, there is no structure or fixed

points to the network - each node can generally communicate with any other node. There is no

Access Point involved in this configuration. This mode enables you to quickly set up a small

wireless workgroup and allows workgroup members to exchange data or share printers as

supported by Microsoft networking in the various Windows operating systems. Some vendors also

refer to ad hoc networking as peer-to-peer group networking.

In this configuration, network packets are directly sent and received by the intended transmitting

and receiving stations. As long as the stations are within range of one another, this is the easiest

and least expensive way to set up a wireless network.

Network Name: Extended Service Set Identification (ESSID)

The Extended Service Set Identification (ESSID) is one of two types of Service Set Identification

(SSID). In an ad hoc wireless network with no access points, the Basic Service Set Identification

(BSSID) is used. In an infrastructure wireless network that includes an access point, the ESSID is

used, but may still be referred to as SSID.

An SSID is a thirty-two character (maximum) alphanumeric key identifying the name of the

wireless local area network. Some vendors refer to the SSID as network name. For the wireless

devices in a network to communicate with each other, all devices must be configured with the

same SSID.

The ESSID is usually broadcast in the air from an access point. The wireless station sometimes can

be configured with the ESSID

ANY.

This means the wireless station will try to associate with

whichever access point has the stronger radio frequency (RF) signal, providing that both the access

point and wireless station use Open System authentication.

Authentication and WEP Data Encryption

The absence of a physical connection between nodes makes the wireless links vulnerable to

eavesdropping and information theft. To provide a certain level of security, the IEEE 802.11

standard has defined these two types of authentication methods:

•

Open System

. With Open System authentication, a wireless computer can join any network

and receive any messages that are not encrypted.

Reference Manual for the NETGEAR RangeMax™ Wireless Access Point WPN802

Wireless Networking Basics

B-3

202-10101-01, May 2005

•

Shared Key

. With Shared Key authentication, only those PCs that possess the correct

authentication key can join the network. By default, IEEE 802.11 wireless devices operate in

an Open System network.

Wired Equivalent Privacy (WEP) data encryption is used when the wireless devices are configured

to operate in Shared Key authentication mode.

802.11 Authentication

The 802.11 standard defines several services that govern how two 802.11 devices communicate.

The following events must occur before an 802.11 Station can communicate with an Ethernet

network through an access point, such as the one built in to the WPN802:

1.

Turn on the wireless station.

2.

The station listens for messages from any access points that are in range.

3.

The station finds a message from an access point that has a matching SSID.

4.

The station sends an authentication request to the access point.

5.

The access point authenticates the station.

6.

The station sends an association request to the access point.

7.

The access point associates with the station.

8.

The station can now communicate with the Ethernet network through the access point.

An access point must authenticate a station before the station can associate with the access point or

communicate with the network. The IEEE 802.11 standard defines two types of authentication:

Open System and Shared Key.

•

Open System Authentication

allows any device to join the network, assuming that the device

SSID matches the access point SSID. Alternatively, the device can use the “ANY” SSID

option to associate with any available Access Point within range, regardless of its SSID.

•

Shared Key Authentication

requires that the station and the access point have the same WEP

Key to authenticate. These two authentication procedures are described below.

Open System Authentication

The following steps occur when two devices use Open System Authentication:

1.

The station sends an authentication request to the access point.

Reference Manual for the NETGEAR RangeMax™ Wireless Access Point WPN802

B-4

Wireless Networking Basics

202-10101-01, May 2005

2.

The access point authenticates the station.

3.

The station associates with the access point and joins the network.

This process is illustrated below.

Figure B-1:

Open system authentication

Shared Key Authentication

The following steps occur when two devices use Shared Key Authentication:

1.

The station sends an authentication request to the access point.

2.

The access point sends challenge text to the station.

3.

The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and

sends the encrypted text to the access point.

4.

The access point decrypts the encrypted text using its configured WEP Key that corresponds

to the station’s default key. The access point compares the decrypted text with the original

challenge text. If the decrypted text matches the original challenge text, then the access point

and the station share the same WEP Key and the access point authenticates the station.

5.

The station connects to the network.

If the decrypted text does not match the original challenge text (the access point and station do not

share the same WEP Key), then the access point will refuse to authenticate the station and the

station will be unable to communicate with either the 802.11 network or Ethernet network.

FVM318

Access Point

1) Authentication request sent to AP

2) AP authenticates

3) Client connects to network

802.11b Authentication

Open System Steps

Cable or

DLS modem

Client

attempting

to connect

Reference Manual for the NETGEAR RangeMax™ Wireless Access Point WPN802

Wireless Networking Basics

B-5

202-10101-01, May 2005

This process is illustrated below.

Figure B-2:

Shared key authentication

Overview of WEP Parameters

Before enabling WEP on an 802.11 network, you must first consider what type of encryption you

require and the key size you want to use. Typically, there are three WEP Encryption options

available for 802.11 products:

1.

Do Not Use WEP:

The 802.11 network does not encrypt data. For authentication purposes, the

network uses Open System Authentication.

2.

Use WEP for Encryption:

A transmitting 802.11 device encrypts the data portion of every

packet it sends using a configured WEP Key. The receiving device decrypts the data using the

same WEP Key. For authentication purposes, the network uses Open System Authentication.

3.

Use WEP for Authentication and Encryption:

A transmitting 802.11 device encrypts the data

portion of every packet it sends using a configured WEP Key. The receiving device decrypts the

data using the same WEP Key. For authentication purposes, the wireless network uses Shared Key

Authentication.

Note:

Some 802.11 access points also support

Use WEP for Authentication Only

(Shared Key

Authentication without data encryption).

FVM318

Access Point

1) Authentication

request sent to AP

2) AP sends challenge text

3) Client encrypts

challenge text and

sends it back to AP

4) AP decrypts,and if correct,

authenticates client

5) Client connects to network

802.11b Authentication

Shared Key Steps

Cable or

DLS modem

Client

attempting

to connect

Reference Manual for the NETGEAR RangeMax™ Wireless Access Point WPN802

B-6

Wireless Networking Basics

202-10101-01, May 2005

Key Size

The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit.

The 64-bit WEP data encryption method allows for a five-character (40-bit) input. Additionally, 24

factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. The 24

factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all

data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption

as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits

wide.

The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the

forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user

configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal

characters to ease encryption key entry.

128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available

outside of the United States due to U.S. export regulations.

When configured for 40-bit encryption, 802.11 products typically support up to four WEP Keys.

Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). For

example, “12 34 56 78 90” is a 40-bit WEP Key.

When configured for 128-bit encryption, 802.11 products typically support four WEP Keys but

some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of

two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90”

is a 128-bit WEP Key.

Table B-1:

Encryption Key Sizes

Note:

Typically, 802.11 access points can store up to four 128-bit WEP Keys but some 802.11

client adapters can only store one. Therefore, make sure that your 802.11 access and client

adapters’ configurations match.

Encryption Key Size

# of Hexadecimal Digits

Example of Hexadecimal Key Content

64-bit (24+40)

10

4C72F08AE1

128-bit (24+104)

26

4C72F08AE19D57A3FF6B260037