Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

3.The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS).

4.The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type.

5.The authentication server will either send an accept or reject message to the access point.

6.The access point sends an EAP-success packet (or reject packet) to the client.

7.If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application “supplicant” software on the client devices. The access point acts as a “pass through” for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication or as newer types become available and your requirements for security change.

WPA Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

B-14

Wireless Networking Basics

202-10083-01

Page 54
Image 54
NETGEAR WGPS606 manual WPA Data Encryption Key Management

WGPS606 specifications

The NETGEAR WGT624SC, GS608, GS605, XE103, and WGPS606 are key components in the networking ecosystem designed for various connectivity needs, offering reliable performance and innovative features.

The NETGEAR WGT624SC is a wireless router that operates on both the 2.4 GHz and 5 GHz bands. This dual-band capability allows for increased flexibility and speed, making it suitable for households with multiple devices. It supports 802.11g wireless technology, providing robust performance and ensuring a range that covers average-sized homes. With features like WPA2 security, users can enjoy safe wireless connections. The router also includes four LAN ports for wired connections, ensuring that devices like gaming consoles and desktop computers can connect seamlessly.

Moving to the NETGEAR GS608 and GS605, these unmanaged switches are designed for small to medium-sized networks. The GS608 is an 8-port Gigabit Ethernet switch, while the GS605 has five ports. Both models offer plug-and-play functionality, making them ideal for users who require easy setup without extensive configuration. The switches support auto-negotiation for optimal speed, as well as energy-efficient Ethernet technology to reduce power consumption during low traffic periods.

The NETGEAR XE103 is a unique solution in the realm of powerline networking. Utilizing existing electrical wiring, this powerline adapter allows users to extend their network without the need for long cable runs. It supports data rates suitable for streaming and online gaming, providing a reliable alternative for reaching difficult areas of a home where Wi-Fi signals may be weak.

Finally, the NETGEAR WGPS606 is a wireless print server that facilitates the connection of multiple printers to a wireless network. Ideal for small office setups or home environments, it supports various printer types and enables remote printing from any connected device.

Overall, these NETGEAR products exemplify a commitment to providing varied networking solutions that cater to different user requirements while maintaining high-quality performance and reliability.