66

NBG-416N User’s Guide

67

C

HAPTER

7

Wireless LAN

7.1

Overview

This chapter discusses how to configure the wireless network settings in your

NBG-416N. See the appendices for more detailed information about wireless

networks.

The following figure provides an example of a wireless network.

Figure 38

Example of a Wireless Network

The wireless network is the part in the blue circle. In this wireless network,

devices

A

and

B

are called wireless clients. The wireless clients use the access

point (

AP

) to interact with other devices (such as the printer) or with the Internet.

Your NBG-416N is the AP.

Chapter 7 Wireless LAN

NBG-416N User’s Guide

68

7.2

What You Can Do

•

Use the

General

screen to enable the Wireless LAN, enter the SSID and select

the wireless security mode (

Section 7.4 on page 71

).

•

Use the

MAC Filter

screen to allow or deny wireless stations based on their

MAC addresses from connecting to the NBG-416N (

Section 7.5 on page 76

).

•

Use the

Advanced

screen to allow intra-BSS networking and set the RTS/CTS

Threshold (

Section 7.6 on page 77

).

•

Use the

QoS

screen to enable Wifi MultiMedia Quality of Service (WMMQoS).

This allows the NBG-416N to automatically set priority levels to services, such

as e-mail, VoIP, chat, and so on (

Section 7.7 on page 79

).

•

Use the

WPS

screen to quickly set up a wireless network with strong security,

without having to configure security settings manually (

Section 7.8 on page 80

).

•

Use the

WPS Station

screen to add a wireless station using WPS (

Section 7.9

on page 81

).

•

Use the

Scheduling

screen to set the times your wireless LAN is turned on and

off (

Section 7.10 on page 81

).

7.3

What You Should Know

Every wireless network must follow these basic guidelines.

•

Every wireless client in the same wireless network must use the same SSID.

The SSID is the name of the wireless network. It stands for Service Set IDentity.

•

If two wireless networks overlap, they should use different channels.

Like radio stations or television channels, each wireless network uses a specific

channel, or frequency, to send and receive information.

•

Every wireless client in the same wireless network must use security compatible

with the AP.

Security stops unauthorized devices from using the wireless network. It can also

protect the information that is sent in the wireless network.

7.3.1

Wireless Security Overview

The following sections introduce different types of wireless security you can set up

in the wireless network.

7.3.1.1

SSID

Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area.

You can hide the SSID instead, in which case the AP does not broadcast the SSID.

Chapter 7 Wireless LAN

NBG-416N User’s Guide

69

In addition, you should change the default SSID to something that is difficult to

guess.

This type of security is fairly weak, however, because there are ways for

unauthorized devices to get the SSID. In addition, unauthorized devices can still

see the information that is sent in the wireless network.

7.3.1.2

MAC Address Filter

Every wireless client has a unique identification number, called a MAC address.

1

A

MAC address is usually written using twelve hexadecimal characters

2

; for

example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each

wireless client, see the appropriate User’s Guide or other documentation.

You can use the MAC address filter to tell the AP which wireless clients are allowed

or not allowed to use the wireless network. If a wireless client is allowed to use the

wireless network, it still has to have the correct settings (SSID, channel, and

security). If a wireless client is not allowed to use the wireless network, it does not

matter if it has the correct settings.

This type of security does not protect the information that is sent in the wireless

network. Furthermore, there are ways for unauthorized devices to get the MAC

address of an authorized wireless client. Then, they can use that MAC address to

use the wireless network.

7.3.1.3

User Authentication

You can make every user log in to the wireless network before they can use it.

This is called user authentication. However, every wireless client in the wireless

network has to support IEEE 802.1x to do this.

For wireless networks, there are two typical places to store the user names and

passwords for each user.

•

In the AP: this feature is called a local user database or a local database.

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS

server, you cannot set up user names and passwords for your users.

Unauthorized devices can still see the information that is sent in the wireless

network, even if they cannot use the wireless network. Furthermore, there are

ways for unauthorized wireless users to get a valid user name and password.

Then, they can use that user name and password to use the wireless network.

1.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.

These kinds of wireless devices might not have MAC addresses.

2.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Chapter 7 Wireless LAN

NBG-416N User’s Guide

70

Local user databases also have an additional limitation that is explained in the

next section.

7.3.1.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the

wireless network. Encryption is like a secret code. If you do not know the secret

code, you cannot understand the message.

The types of encryption you can choose depend on the type of user

authentication. (See

Section 7.3.1.3 on page 69

for information.)

For example, if users do not log in to the wireless network, you can choose no

encryption,

Static WEP

,

WPA-PSK

, or

WPA2-PSK

.

Usually, you should set up the strongest encryption that every wireless client in

the wireless network supports. Suppose the wireless network has two wireless

clients. Device A only supports WEP, and device B supports WEP and WPA.

Therefore, you should set up

Static WEP

in the wireless network.

Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger

encryption. IEEE 802.1x and WEP encryption are better than none at all, but it

is still possible for unauthorized devices to figure out the original information

pretty quickly.

Note: It is not possible to use WPA-PSK, WPA or stronger encryption with a local user

database. In this case, it is better to set up stronger encryption with no

authentication than to set up weaker encryption with the local user database.

When you select

WPA2

or

WPA2-PSK

in your NBG-416N, you can also select an

option (

WPA Compatible

) to support WPA as well. In this case, if some wireless

clients support WPA and some support WPA2, you should set up

WPA2-PSK

or

WPA2

(depending on the type of wireless network login) and select the

WPA

Compatible

option in the NBG-416N.

Many types of encryption use a key to protect the information in the wireless

network. The longer the key, the stronger the encryption. Every wireless client in

the wireless network must have the same key.

Table 22

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

Weakest

No Security

Static WEP

WPA-PSK

Strongest

WPA2-PSK