Page 121 / 331 Scroll up to view Page 116 - 120
Chapter 7 Wireless
VMG1312-B Series User’s Guide
121
Figure 48
How WPS works
The roles of registrar and enrollee last only as long as the WPS setup process is active (two
minutes). The next time you use WPS, a different device can be the registrar if necessary.
The WPS connection process is like a handshake; only two devices participate in each WPS
transaction. If you want to add more devices you should repeat the process with one of the existing
networked devices and the new device.
Note that the access point (AP) is not always the registrar, and the wireless client is not always the
enrollee. All WPS-certified APs can be a registrar, and so can some WPS-enabled wireless clients.
By default, a WPS devices is “unconfigured”. This means that it is not part of an existing network
and can act as either enrollee or registrar (if it supports both functions). If the registrar is
unconfigured, the security settings it transmits to the enrollee are randomly-generated. Once a
WPS-enabled device has connected to another device using WPS, it becomes “configured”. A
configured wireless client can still act as enrollee or registrar in subsequent WPS connections, but a
configured access point can no longer act as enrollee. It will be the registrar in all subsequent WPS
connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset
it to its factory defaults.
7.10.9.4
Example WPS Network Setup
This section shows how security settings are distributed in an example WPS setup.
The following figure shows an example network. In step
1
, both
AP1
and
Client 1
are
unconfigured. When WPS is activated on both, they perform the handshake. In this example,
AP1
is the registrar, and
Client 1
is the enrollee. The registrar randomly generates the security
information to set up the network, since it is unconfigured and has no existing information.
SECURE TUNNEL
SECURITY INFO
WITHIN 2 MINUTES
COMMUNICATION
ACTIVATE
WPS
ACTIVATE
WPS
WPS HANDSHAKE
REGISTRAR
ENROLLEE
Page 122 / 331
Chapter 7 Wireless
VMG1312-B Series User’s Guide
122
Figure 49
WPS: Example Network Step 1
In step
2
, you add another wireless client to the network. You know that
Client 1
supports registrar
mode, but it is better to use
AP1
for the WPS handshake with the new client since you must
connect to the access point anyway in order to use the network. In this case,
AP1
must be the
registrar, since it is configured (it already has security information for the network).
AP1
supplies
the existing security information to
Client 2
.
Figure 50
WPS: Example Network Step 2
In step 3, you add another access point (
AP2
) to your network.
AP2
is out of range of
AP1
, so you
cannot use
AP1
for the WPS handshake with the new access point. However, you know that
Client
2
supports the registrar function, so you use it to perform the WPS handshake instead.
REGISTRAR
ENROLLEE
SECURITY INFO
CLIENT 1
AP1
REGISTRAR
CLIENT 1
AP1
ENROLLEE
CLIENT 2
EXISTING CONNECTION
SECURITY INFO
Page 123 / 331
Chapter 7 Wireless
VMG1312-B Series User’s Guide
123
Figure 51
WPS: Example Network Step 3
7.10.9.5
Limitations of WPS
WPS has some limitations of which you should be aware.
WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It
does not work in Ad-Hoc networks (where there is no AP).
When you use WPS, it works between two devices only. You cannot enroll multiple devices
simultaneously, you must enroll one after the other.
For instance, if you have two enrollees and one registrar you must set up the first enrollee (by
pressing the WPS button on the registrar and the first enrollee, for example), then check that it
successfully enrolled, then set up the second device in the same way.
WPS works only with other WPS-enabled devices. However, you can still add non-WPS devices to
a network you already set up using WPS.
WPS works by automatically issuing a randomly-generated WPA-PSK or WPA2-PSK pre-shared
key from the registrar device to the enrollee devices. Whether the network uses WPA-PSK or
WPA2-PSK depends on the device. You can check the configuration interface of the registrar
device to discover the key the network is using (if the device supports this feature). Then, you
can enter the key into the non-WPS device and join the network as normal (the non-WPS device
must also support WPA-PSK or WPA2-PSK).
When you use the PBC method, there is a short period (from the moment you press the button
on one device to the moment you press the button on the other device) when any WPS-enabled
device could join the network. This is because the registrar has no way of identifying the
“correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a
possible way for a hacker to gain access to a network.
You can easily check to see if this has happened. WPS works between only two devices
simultaneously, so if another device has enrolled your device will be unable to enroll, and will not
have access to the network. If this happens, open the access point’s configuration interface and
look at the list of associated clients (usually displayed by MAC address). It does not matter if the
CLIENT 1
AP1
REGISTRAR
CLIENT 2
EXISTING CONNECTION
SECURITY INFO
ENROLLEE
AP2
EXISTING CONNECTION
Page 124 / 331
Chapter 7 Wireless
VMG1312-B Series User’s Guide
124
access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a
rogue device must still associate with the access point to gain access to the network. Check the
MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If
there is an unknown MAC address you can remove it or reset the AP.
Page 125 / 331
VMG1312-B Series User’s Guide
125
C
HAPTER
8
Home Networking
8.1
Overview
A Local Area Network (LAN) is a shared communication system to which many networking devices
are connected. It is usually located in one immediate area such as a building or floor of a building.
Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
8.1.1
What You Can Do in this Chapter
Use the
LAN Setup
screen to set the LAN IP address, subnet mask, and DHCP settings of your
Device (
Section 8.2 on page 127
).
Use the
Static DHCP
screen to assign IP addresses on the LAN to specific individual computers
based on their MAC Addresses (
Section 8.3 on page 131
).
Use the
UPnP
screen to enable UPnP and UPnP NAT traversal on the Device (
Section 8.4 on page
132
).
Use the
Additional Subnet
screen to configure IP alias and public static IP (
Section 8.5 on page
135
).
Use the
STB Vendor ID
screen to have the Device automatically create static DHCP entries for
Set Top Box (STB) devices when they request IP addresses (
Section 8.6 on page 136
)
Use the
TFTP Server
screen to identify a TFTP server for configuration file download using DHCP
option 66. (
Section 8.7 on page 137
).
DSL
LAN

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top