NETGEAR WNDAP620 - page 91

Management and Monitoring

91

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620

EAPOL-start attack •Attack. Multiple EAPOL start frames (5 or more) are sent to the

wireless access point to initiate the RADIUS authentication

process for clients.

•Result. Wireless service is disrupted.

•Solution. The wireless access point determines if the legitimate

clients have already been authenticated before processing

EAPOL start frames.

5Trap

EAPOL-logoff attack •Attack. Several EAPOL logoff frames (2 or more) that use the

spoofed MAC address of a legitimate client are sent to the

wireless access point to terminate a RADIUS-authenticated

session.

•Result. The client is disconnected from the wireless access

point.

•Solution. The wireless access point determines if it still

receives traffic from the client before disconnecting the client.

2Trap

Premature EAP

failure attack •Attack. Several premature EAP failure frames (2 or more) are

sent to a legitimate client to suggest RADIUS authentication

failure.

•Result. The client cannot be authenticated and cannot connect

to the wireless access point.

Note: The IDS detects this attack, but the IPS does not take action

against this attack.

2Trap

Premature EAP

success attack •Attack. Several premature EAP success frames (2 or more) are

sent to a legitimate client to suggest RADIUS authentication

success.

•Result. The client cannot be authenticated and cannot connect

to the wireless access point.

Note: The IDS detects this attack, but the IPS does not take action

against this attack.

2Trap

CTS flood •Attack. Multiple clear-to-send (CTS) frames (60 or more) are

sent to the wireless access point.

•Result. Wireless service is disrupted.

•Solution. The wireless access point sends a channel change

frame to the legitimate clients and uses automatic channel

selection to switch to a new clear channel.

60 Trap

RTS flood •Attack. Multiple request-to-send (RTS) frames (60 or more) are

sent to the wireless access point.

•Result. Wireless service is disrupted.

•Solution. The wireless access point sends a channel change

frame to the legitimate clients and uses automatic channel

selection to switch to a new clear channel.

60 Trap

Table 24. IDS/IPS policies and policy rules (continued)

Policy Description Policy Rule

Threshold Notification

Contents

Main ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Support Trademarks Revision History Contents Chapter 1 Introduction Chapter 2 Installation and Basic Configuration Chapter 3 Wireless Configuration and Security Chapter 4 Management and Monitoring Chapter 5 Advanced Configuration Chapter 6 Troubleshooting Appendix A Supplemental Information Appendix B Command-Line Reference Appendix C Notification of Compliance Index About the ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 What Is in the Box? System Requirements Key Features and Standards Supported Standards and Conventions Key Featur es Page 802.11b/g/n and 802.11a/n StandardsBased Wireless Networking Autosensing Ethernet Connections with Auto Uplink Hardware Description Top Pan el Introduction ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Ghz WLAN Off Wireless 802.11b/g/n (2.4 GHz) LAN is not ready, or Figure 1. Table 1. Top panel LEDs Ghz WLAN Off Wireless 802.11n/a (5 GHz) LAN is not ready, or no 123 4 5 Rear Panel Bottom Panel with Product Label Register the Wireless Access Point Page Page What You Need Before You Begin Wireless Equipment Placement and Range Guidelines Ethernet Cabling Requirements LAN Configuration Requirements Hardware Requirements for Computers on Your LAN Operating Frequency (Channel) Guidelines Requirements for Entering IP Addresses IPv4 IPv6 Install and Configure the Wireless Access Point Connect the Wireless Access Point to a Computer A B Log In to the Wireless Access Point Web Management Interface Configure Basic General System Settings and Time Settings Page Configure the IPv4 Settings Figure 13. 2. Configure the IPv4 settings as explained in the following table: Table 4. IPv4 settings Configure the Optional DHCPv4 Server Configure the Basic Wireless Settings Configure 802.11b/bg/ng Wireless Settings Page 5. Specify the remaining wireless settings as explained the following table: Table 6. Basic 2.4 GHz band wireless settings Configure 802.11a/na Wireless Settings Page 5. Specify the remaining wireless settings as explained the following table: Table 7. Basic 5 GHz band wireless settings Test Basic Wireless Connectivity Mount the Wireless Access Point Ceiling Installation Page Page Wall Installation Page Page Page Wireless Data Security Options Page Security Profiles Page Before You Change the SSID, WEP, and WPA Settings Form for 802.11b/bg/ng Modes Form for 802.11a/an Modes Configure and Enable Security Profiles Page Figure 20. Table 9. Profile definition settings Page Table 10. Profile authentication settings (continued) Configure an Open System with WEP or Shared Key with WEP Figure 22. Configure Legacy 802.1X Table 11. WEP encryption settings Configure WPA with RADIUS, WPA2 with RADIUS, and WPA & WPA2 with RADIUS Configure WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK Configure RADIUS Server Settings Page Table 14. RADIUS server settings for IPv4 and IPv6 (continued) Restrict Wireless Access by MAC Address Schedule the Wireless Radio to Be Turned Off Configure Basic Wireless Quality of Service Page Enable Remote Management SNMP Management Figure 34. 2. Specify the settings as explained in the following table: Table 16. SNMP settings Secure Shell and Telnet Management Upgrade the Wireless Access Point Software Web Browser Upgrade Procedure TFTP Server Upgrade Procedure Manage the Configuration File or Reset to Factory Defaults Save the Configuration Restore the Configuration Restore the Wireless Access Point to the Factory Default Use the Web Management Interface to Restore Factory Default Settings Use the Reset Button to Restore Factory Default Settings Reboot the Wireless Access Point without Restoring the Default Configuration Change the Administrator Password Manage User Accounts Enable the Syslog Server Monitor the Wireless Access Point View System Information Page The following table explains the fields of the System screen: Table 19. System screen fields Monitor Wireless Stations Page The following table explains the fields of the Wireless Stations Details screen: Table 20. Wireless stations details fields View the Activity Log Traffic Statistics Figure 50. Table 21. Statistics fields Enable Rogue AP Detection and Monitor Access Points Enable and Configure Rogue AP Detection Page View and Save Access Point Lists Page Configure Wireless Intrusion Detection and Prevention Configure Wireless Intrusion Detection and Prevention Policy Page Page Page Page Page Configure Wireless Intrusion Detection and Prevention Mail Monitor Traps, Counters, and Ad Hoc Networks Most Recent Attacks Attack Counter Page Figure 58. Table 27. Ad hoc network fields Configure IPv6 Settings and Optional DHCPv6 Server Settings Configure the IPv6 Settings Page Configure the Optional DHCPv6 Server Figure 60. 2. Configure the settings as explained in the following table: Table 29. DHCP server settings for IPv6 Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol Configure STP and VLANs Page Configure Ethernet LLDP Configure Hotspot Settings Configure Advanced Wireless Settings Figure 64. Table 31. Advanced wireless settings Table 31. Advanced wireless settings (continued) Configure Advanced Quality of Service Settings Figure 65. Table 32. EDCA settings Configure Quality of Service Policies Page Table 33. QoS classification settings Table 33. QoS classification settings (continued) 6. Optional: Specify rate limiting for the classification as explained in the following table: Table 34. Classification rate limiting settings Table 33. QoS classification settings (continued) Page Configure Wireless Bridging Configure a Point-to-Point Wireless Network Page Page Page Configure a Point-to-Multipoint Wireless Network Page g. Specify the settings as explained in the following table: Table 37. Point-to-multipoint bridge profile and authentication settings Page Page Page Figure 75. g. Specify the settings as explained in the following table: Table 38. Wireless signal repeating profile and authentication settings Page Page Page Basic Functioning Verify the Correct Sequence of Events at Startup No LEDs Are Lit on the Wireless Access Point The Active LED or the LAN LED Is Not Lit The WLAN LED Does Not Light Up You Cannot Access the Internet or the LAN from a Wireless-Capable Computer You Cannot Configure the Wireless Access Point from a Browser When You Enter a URL or IP Address a Time-Out Error Occurs Troubleshoot a TCP/IP Network Using the Ping Utility Test the LAN Path to Your Wireless Access Point Test the Path from Your Computer to a Remote Device Problems with Date and Time Use the Packet Capture Tool A A. Supplemental Information Technical Specifications Table 39. Technical specifications Page Table 39. Technical specifications (continued) Factory Default Settings Page Page Page B B. Command-Line Reference Page Page Page Page Page Page Page Page Page Page Page Page Page Page C C. Notification of Compliance NETGEAR Dual Band - Wireless Regulatory Compliance Information Europe - EU Declaration of Conformity EDOC in Languages of the European Community Page FCC Requirements for Operation in the United States FCC Information to User FCC Guidelines for Human Exposure (Radiation Exposure Statement) FCC Declaration of Conformity FCC Radio Frequency Interference Warnings & Instructions Radiation Exposure Statement: Industry Canada IMPORTANT NOTE: Radiation Exposure Statement Caution Industrie Canada Avertissement Detachable Antenna Usage Index Numerics A B C D E F G H I J M N O P Q R S T U V W