NETGEAR WAG302 manual How Does WPA Compare to WEP?

Page 99

Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302

The Wi-Fi Alliance is now performing interoperability certification testing on Wi-Fi Protected Access products. Starting August of 2003, all new Wi-Fi certified products will have to support WPA. NETGEAR will implement WPA on client and access point products and make this available in the second half of 2003. Existing Wi-Fi certified products will have one year to add WPA support or they will lose their Wi-Fi certification.

The 802.11i standard is currently in draft form, with ratification due at the end of 2003. While the new IEEE 802.11i standard is being ratified, wireless vendors have agreed on WPA as an interoperable interim standard.

How Does WPA Compare to WEP?

WEP is a data encryption method and is not intended as a user authentication mechanism. WPA user authentication is implemented using 802.1x and the Extensible Authentication Protocol (EAP). Support for 802.1x authentication is required in WPA. In the 802.11 standard, 802.1x authentication was optional. For details on EAP specifically, refer to IETF's RFC 2284.

With 802.11 WEP, all access points and client wireless adapters on a particular wireless LAN must use the same encryption key. A major problem with the 802.11 standard is that the keys are cumbersome to change. If you do not update the WEP keys often, an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages. Products based on the 802.11 standard alone offer system administrators no effective method to update the keys.

For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices to perform encryption operations. TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all of known WEP vulnerabilities.

Wireless Networking Basics

B-11

202-10078-01

Image 99

Contents NETGEAR, Inc Technical Support Tested to Comply with FCC Standards WAG302 ProSafe Dual Band Wireless Access PointDeclaration of Conformity Industry Canada Compliance Statement Product and Publication Details Contents Chapter Management Appendix a Specifications Appendix C Command Line Reference Chapter About This Manual Audience, Scope, Conventions, and FormatsBold How to Use This Manual Printing a Page in the Html View How to Print this ManualAbout This Manual Chapter Introduction About the WAG302 ProSafe Dual Band Wireless Access PointSupported Standards and Conventions Key FeaturesAutoCell-The Self-Organizing Wireless Network 802.11a/g Standards-based Wireless Networking Compatible and Related Netgear ProductsAutosensing Ethernet Connections with Auto Uplink What’s In the Box? System RequirementsHardware Description Front Panel100 Rear Panel 802.11a Wlan802.11g Wlan Serial Console Port Observing Placement and Range Guidelines Chapter Basic Installation and ConfigurationCabling Requirements Secure Telnet Enabled Default Factory SettingsTime Zone Adjust for Daylight Saving TIme Disabled Enabled but Trap forwarding is disabledLUHOHVVDWD 6HFXULW\2SWLRQV Understanding WAG302 Wireless Security OptionsSET UP the WAG302 Access Point Installing the WAG302 Access PointLogin window Web browser will then display the WAG302 General information Basic Settings menu Basic Installation and Configuration Wireless Settings 11a menu Deploy the WAG302 Access Point How to Log In to the WAG302 Using Its Default IP Address Wireless Settings 11a Understanding Basic Wireless SettingsBasic Installation and Configuration Wireless Settings 11b/g Basic Installation and Configuration Basic Installation and Configuration Understanding WEP/WPA Security Options 10 WEP/WPA Settings menus for 11a and 11b/gBasic Installation and Configuration 802.11a Configuration Before You Change the Ssid and WEP Settings802.11b/g Configuration How to Set Up and Test Basic Wireless Connectivity Access Control 11a menu Access Control 11b/g menu How to Restrict Wireless Access by MAC AddressHow to Configure WEP Click Apply to save your settings How to Configure WPA with Radius 13 Radius Server Settings menu 14 WEP/WPA Settings menus for 11a and 11bg 15 WEP/WPA Settings menus for 11a and 11bg How to Configure WPA-PSKIP Address Using the Basic IP Settings OptionsSpanning Tree Protocol Basic Installation and Configuration Remote Management Chapter ManagementHow to Use the CLI via the Console Port Using the Secure Telnet InterfaceSecure Telnet Client CLI CommandsSyslog and Activity Log information Using Syslog and Activity Log InformationGeneral Information Viewing General and Statistical InformationField Description Access Point Information Current IP SettingsCurrent Wireless Settings 11a Field Description Current Wireless Settings 11b/g Field Description Wired Ethernet Received/Transmitted Wireless 11a Received/TransmittedStatistics Field Description Wireless 11b/g Received/Transmitted Viewing a List of Attached DevicesRefresh button Configuration File Management Upgrading the Wireless Access Point SoftwareRestoring the WAG302 to the Factory Default Settings Saving and Retrieving the ConfigurationRebooting the Access Point Using the Reset Button to Restore Factory Default SettingsSet Password menu Changing the Administrator PasswordManagement Understanding Advanced IP Settings for Wireless Clients Chapter Advanced ConfigurationAdvanced IP Settings for Wireless Clients screen Understanding Advanced Wireless Settings AutoCell RF Management Problem AutoCell SettingsEnhance RF Privacy -- Default Disable Auto RF Management -- Default EnableAuto RF Management Enhanced RF Security ‘Stealth Mode’ Additional AutoCell View Management Options Advanced Wireless Settings screen Configuring Wireless LAN ParametersEnabling Wireless Bridging and Repeating Point-to-Point Bridge How to Configure a WAG302 as a Point-to-Point BridgeManual Advanced Configuration Multi-Point bridging How to Configure Wireless RepeatingAdvanced Configuration No lights are lit on the access point Chapter TroubleshootingLAN light is not lit Wireless LAN activity light does not light upWhen I enter a URL or IP address I get a timeout error Cannot connect to the WAG302 to configure itUsing the Reset Button to Restore Factory Default Settings Appendix a Specifications Specifications for the WAG302Parameter WAG302 ProSafe Dual Band Wireless Access Point Specifications Appendix B Wireless Networking Basics Wireless Networking OverviewInfrastructure Mode Network Name Extended Service Set Identification Essid Ad Hoc Mode Peer-to-Peer WorkgroupAuthentication Authentication and WEP Data Encryption802.11b Authentication Open System Steps 802.11b Authentication Shared Key Steps Key Size Wireless Channels WEP Configuration Options802.11b/g Wireless Channels Channel Center Frequency Frequency Spread Table B-2 802.11b/g Radio Frequency ChannelsChannel Frequency 802.11a Wireless ChannelsWAG302 user can use five channels in turbo mode WPA Wireless SecurityHow Does WPA Compare to WEP? How Does WPA Compare to Ieee 802.11i? What are the Key Features of WPA Security?Wireless Networking Basics Radius Server Figure B-3 WPA OverviewAccess point replies with an EAP-request identity message WPA Data Encryption Key Management Temporal Key Integrity Protocol Tkip Product Support for WPA Is WPA Perfect?Changes to Wireless Access Points Changes to Wireless Client Programs Command Sets Appendix C Command Line ReferenceCommand Line Reference Command Line Reference Command Line Reference 802.11b 100BASE-Tx802.1x 802.11aAuto Uplink CatCertificate Authority Domain Name Dynamic Host Configuration ProtocolMbps Internet ProtocolLocal area network MAC addressPacket NetBIOSNetmask Network Address TranslationWide area network Wi-Fi Windows Internet Naming ServiceWireless Network Name Ssid Glossary

Related manuals

Manual 2 pages 4.37 Kb