Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602v3

3.The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (for example, RADIUS).

4.The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type.

5.The authentication server will either send an accept or reject message to the access point.

6.The access point sends an EAP-success packet (or reject packet) to the client.

7.If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application “supplicant” software on the client devices. The access point acts as a “pass through” for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication, or as newer types become available and your requirements for security change.

WPA/WPA2 Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA/WPA2, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

B-14

Wireless Networking Basics

202-10060-02, February 2005

Page 73 Page 75
Page 74
Image 74
NETGEAR WG602v3 manual WPA/WPA2 Data Encryption Key Management
Page 73 Page 75

WG602v3 specifications

The NETGEAR WG602v3 is a wireless access point designed primarily for home and small office environments. As part of the NETGEAR family of networking devices, the WG602v3 ensures reliable and secure wireless connectivity, making it an essential component for users who require a seamless internet experience.

One of the main features of the NETGEAR WG602v3 is its support for the IEEE 802.11g wireless standard, which allows for data transfer rates of up to 54 Mbps. This standard ensures compatibility with older 802.11b devices while providing enhanced performance for newer wireless devices. The WG602v3 operates in the 2.4 GHz frequency band, ensuring widespread coverage and the ability to penetrate walls and barriers, making it suitable for diverse environments.

Another significant characteristic of this access point is its user-friendly setup process. The WG602v3 includes an intuitive web-based user interface that allows users to configure settings with ease. This simplifies the installation process and enables users, even those with limited technical knowledge, to quickly establish a robust wireless network.

Security is paramount in today’s interconnected world, and NETGEAR has incorporated several security features into the WG602v3. The device supports Wi-Fi Protected Access (WPA and WPA2) encryption protocols, ensuring that users can secure their data and prevent unauthorized access. Additionally, the WG602v3 includes a MAC address filtering feature that further enhances network security by allowing only designated devices to connect to the network.

The WG602v3 is also equipped with a detachable antenna, allowing users to customize their wireless coverage based on their specific needs. This adaptability makes it easier to optimize the access point’s performance in different physical layouts. Furthermore, it supports Power over Ethernet (PoE), enabling installation in locations without an accessible power outlet, which is particularly useful in unconventional setups.

In summary, the NETGEAR WG602v3 wireless access point combines ease of use, robust security features, and flexibility in installation to provide reliable connectivity. Its compatibility with both 802.11g and b devices, combined with user-friendly configuration options, ensures that it meets the needs of various users, from casual home users to small office setups, making it a versatile solution for enhancing wireless networks.
Top Page Image Contents