User’s Guide for the WG602 v3 54 Mbps Wireless Access Point

3.The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS).

4.The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type.

5.The authentication server will either send an accept or reject message to the access point.

6.The access point sends an EAP-success packet (or reject packet) to the client.

7.If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application “supplicant” software on the client devices. The access point acts as a “pass through” for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication or as newer types become available and your requirements for security change.

WPA Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

B-14

Wireless Networking Basics

202-10060-01, September 2004

Page 73 Page 75
Page 74
Image 74
NETGEAR WG602NA manual WPA Data Encryption Key Management
Page 73 Page 75

WG602NA specifications

The NETGEAR WG602NA is a wireless access point that has garnered attention for its robust performance and reliability in various networking environments. Designed primarily for home and small office use, this device offers users an efficient way to expand their network's coverage, providing both flexibility and convenience in connectivity.

One of the standout features of the WG602NA is its adherence to the IEEE 802.11g standard, which allows it to deliver wireless connectivity speeds of up to 54 Mbps. This speed makes it suitable for a variety of online activities, including web browsing, streaming videos, and online gaming. The device also supports backward compatibility with 802.11b devices, ensuring that older devices can still connect seamlessly.

The WG602NA utilizes advanced wireless security protocols to protect users' data. It supports Wired Equivalent Privacy (WEP) for basic encryption, as well as Wi-Fi Protected Access (WPA and WPA2) for more robust security measures. This ensures that your network remains secure from unauthorized access and data breaches.

In terms of connectivity, the WG602NA offers a straightforward setup process that is user-friendly, even for those with minimal technological knowledge. The device features a simple web interface that guides users through the configuration process, allowing them to customize settings according to their needs. It also includes a variety of options for network configuration, such as DHCP and static IP addressing, which can accommodate different network setups.

For those looking to set up multiple access points, the WG602NA can be configured to operate in bridge mode, enabling seamless roaming across larger areas without losing connectivity. This feature is particularly beneficial in larger homes or office settings where consistent signal strength is essential.

The compact design of the WG602NA makes it an unobtrusive addition to any setting, and it is equipped with a power over Ethernet (PoE) option, allowing it to be powered through an Ethernet cable. This flexibility facilitates easier installations as there is no need for searching for an electrical outlet nearby.

Overall, the NETGEAR WG602NA is a reliable access point that combines speed, security, and ease of use. Its features make it an excellent choice for individuals or small businesses seeking to enhance their wireless network capabilities, ensuring consistent and secure connectivity for all connected devices.
Top Page Image Contents