Reference Manual for the NETGEAR WG102 ProSafe 802.11g Wireless Access Point

3.The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (for example, RADIUS).

4.The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type.

5.The authentication server will either send an accept or reject message to the access point.

6.The access point sends an EAP-success packet (or reject packet) to the client.

7.If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application “supplicant” software on the client devices. The access point acts as a “pass through” for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication, or as newer types become available and your requirements for security change.

WPA Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

B-14

Wireless Networking Basics

October 2004

Page 88
Image 88
NETGEAR WG102 manual WPA Data Encryption Key Management

WG102 specifications

The NETGEAR WG102 is a robust and versatile wireless access point designed to enhance network connectivity in a variety of environments, from small businesses to larger enterprise settings. This device is well-regarded for its ease of use, reliable performance, and a feature set that caters to both basic and advanced networking needs.

One of the key features of the WG102 is its support for the IEEE 802.11g standard, which provides data rates of up to 54 Mbps. This makes it suitable for high-speed internet access and seamless data transfer for users connected to the network. Additionally, the WG102 is backward compatible with the 802.11b devices, ensuring that existing hardware can be integrated into the network without issues, thereby protecting investment in older technology.

The WG102 also excels in its deployment flexibility. With Power over Ethernet (PoE) support, installation becomes significantly easier, as the access point can receive power through the Ethernet cable, eliminating the need for additional power outlets. This feature is particularly advantageous in locations where power supply access is limited or where aesthetic considerations are key.

Security is a vital aspect of any network, and the WG102 does not disappoint. It supports Wi-Fi Protected Access (WPA and WPA2) for secure wireless communications, ensuring that user data is encrypted and protected from potential threats. The device also features WEP encryption, allowing users to implement various security measures based on their specific needs.

The WG102's management capabilities include a web-based interface, enabling administrators to configure settings easily and monitor network performance. The device supports VLAN tagging, which can help in segmenting network traffic for better performance and security. The ability to manage multiple access points through a single interface also streamlines network management.

In terms of physical characteristics, the NETGEAR WG102 is designed for durability and reliability. Its compact form factor allows for discreet installation, whether mounted on a ceiling, wall, or placed on surfaces.

Overall, the NETGEAR WG102 is a dependable access point that offers a combination of speed, security, and ease of management, making it an excellent choice for those looking to enhance their wireless networking capabilities.