Management and Monitoring | NETGEAR WNDAP620 specs

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620

Table 24. IDS/IPS policies and policy rules (continued)

Policy		Description			Policy Rule
					Threshold	Notification

Known client		•	Detection. Clients that should be connected to the secured		0	Trap
associating with			wireless network are instead connected to wireless access
ad-hoc network			points that are part of an ad hoc network.
		•	Result. Wireless security might be compromised.
		•	Solution. The clients are disconnected from the ad hoc
			network.
AP property		•	Detection. Unauthorized changes such as a change of SSID,		0	Trap
changed			security settings, or channel are made on a known wireless
			access point in the network.
		•	Result. Wireless security is compromised and clients cannot
			connect to the wireless access point.
		Note: The IDS detects that the properties of a known wireless
		access point in the network are changed, but the IPS does not take
		action.
		The changes that the IDS detects are listed in a table. The affected
		wireless access point is identified by its MAC address. To correct
		the situation, access the web management interface of the affected
		wireless access point, and reverse the changes.


		To remove the detected changes from the table:
	1.		Select the check box to the left of the wireless access point for
			which you want to remove the changes from the table.
	2.		Above the table, click Delete.

Device probing for		•	Detection. Multiple probe requests (30 or more) are sent to		30	Trap
access points			collect information about the wireless access point for possible
			future attacks. For example, it is suspect when there are too
			many probe requests with a different SSID from same MAC
			address.
		•	Result. An attack might occur, or wireless security might
			become compromised.
		•	Solution. The wireless access point does not respond to probe
			requests that do not contain its SSID.
PS poll flood attack		•	Attack. Multiple power save (PS)–Poll frames (50 or more) are		50	Trap
			sent to the wireless access point from an address that has a
			spoofed MAC address of a legitimate client.
		•	Result. Traffic that is intended for the legitimate client is sent to
			the attacking address and is lost.
		•	Solution. PS-Poll frames without a corresponding traffic
			indication map (TIM) are rejected.

Management and Monitoring

93

Image 93

NETGEAR WNDAP620 manual Management and Monitoring

Contents

Reference Manual Trademarks SupportRevision History Publication Version Publish Date Comments Part Number Contents Wireless Configuration and Security Appendix a Supplemental Information Introduction Introduction What Is in the Box? Key Features and Standards System RequirementsSupported Standards and Conventions Multiple operating modes Key Features Introduction Hardware Description Autosensing Ethernet Connections with Auto UplinkTop Panel Active Description Power/Test Bottom Panel with Product Label Rear Panel  To register the wireless access point with Netgear Register the Wireless Access Point Introduction Complete the registration form Click submit What You Need Before You Begin Wireless Equipment Placement and Range Guidelines LAN Configuration Requirements Installation and Basic ConfigurationEthernet Cabling Requirements Hardware Requirements for Computers on Your LAN Operating Frequency Channel GuidelinesRequirements for Entering IP Addresses Install and Configure the Wireless Access Point Connect the Wireless Access Point to a Computer To set up the wireless access point Ghz Ethernet cable Ethernet port  To log in to the wireless access point Log In to the Wireless Access Point  To configure basic system settings Configure Basic General System Settings and Time Settings Basic general system settings Time system settingsSetting Description  To configure the IPv4 settings Configure the IPv4 Settings IPv4 settings Configure the Optional DHCPv4 Server  To configure DHCPv4 server settingsDhcp server settings for IPv4  To configure the 802.11b/g/n wireless settings Configure the Basic Wireless Settings Installation and Basic Configuration Basic 2.4 GHz band wireless settings Setting DescriptionsSsid See Factory Default Settings on  To configure the 802.11a/na wireless settings Installation and Basic Configuration Basic 5 GHz band wireless settings  To test for wireless connectivity Test Basic Wireless Connectivity Ceiling Installation Mount the Wireless Access Point Mounting plate Clamp with screws Installation and Basic Configuration Wall Installation Screws and wall supports Mounting plate Installation and Basic Configuration Desk Installation  To install the wireless access point on a deskRubber feet Wireless Data Security Options Wireless Configuration and Security Wireless Configuration and Security Security Profiles Network authentication Wireless client security separationData encryption WEP key size and authentication Before You Change the SSID, WEP, and WPA SettingsWPA Radius settings WPA2 Radius settings Form for 802.11a/an Modes  To configure and enable a security profile Configure and Enable Security Profiles Vlan Profile settings Profile definition settings See Configure an Open System with WEP or Shared Key Profile authentication settings WPA-PSK WPA2-PSKVlan ID Shared key with WEP Open system with WEP 26 128-bit WEP, or 32 152-bit WEP characters Generate Keys WPA with Radius WPA2 with Radius WPA & WPA2 with Radius Radius Tkip AESTkip + AES Settings for WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK Configure Radius Server Settings  To configure the Radius server settings Radius server settings for IPv4 and IPv6Setting Descriptions Radius Server Settings Authentication Settings  To restrict access based on MAC addresses Restrict Wireless Access by MAC Address  To schedule the radio to be turned on and off Schedule the Wireless Radio to Be Turned Off Wireless radio on/off settings Configure Basic Wireless Quality of Service  To configure basic wireless QoS Snmp Management Enable Remote Management Snmp settings Management and MonitoringSnmp Secure Shell and Telnet Management  To configure remote console features Upgrade the Wireless Access Point Software Web Browser Upgrade Procedure Tftp Server Upgrade Procedure Manage the Configuration File or Reset to Factory Defaults Save the Configuration To save your settings Restore the Configuration Management and Monitoring  To reboot the wireless access point Use the Reset Button to Restore Factory Default Settings  To change the administrator password Change the Administrator Password Add user account settings Manage User Accounts To add a new user account  To reset the password for a user account Enable the Syslog Server To change the name for a user account  To change the privilege for a user account Monitor the Wireless Access Point Syslog settingsView System Information  To view the System screen Select Monitoring System Current IPv4 Settings Setting Description Access Point InformationCurrent IPv6 Settings System screen fields Setting Description Dhcp Client Monitor Wireless Stations Management and Monitoring Bssid Wireless stations details fieldsAID Rssi View the Activity Log Traffic Statistics To display the activity log and save it Statistics fields Setting Description Wired Ethernet Enable and Configure Rogue AP Detection Enable Rogue AP Detection and Monitor Access Points To enable and configure rogue AP detection Client Association Management and Monitoring View and Save Access Point Lists  To view the Unknown AP List and save it to a fileUnknown AP List fields Known AP List fields  To view the Known AP Lists and save it to a file Configure Wireless Intrusion Detection and Prevention IDS/IPS policies and policy rulesPolicy Description Policy Rule Spoofed MAC address of the wireless access point are sent Management and Monitoring List see View and Save Access Point Lists on page 87 and is Management and Monitoring  To enable and configure the IDS/IPS  To configure IDS/IPS email settings IDS/IPS mail settingsISP  To display the number of occurrences per attacks Monitor Traps, Counters, and Ad Hoc NetworksTraps fields IPS Ad Hoc Networks Ad hoc network fields Configure the IPv6 Settings Configure IPv6 Settings and Optional DHCPv6 Server Settings IPv6 settings  To configure the IPv6 settingsAdvanced Configuration 100 Configure the Optional DHCPv6 Server  To configure DHCPv6 server settings101 102 Dhcp server settings for IPv6 103 Configure STP and VLANs 104  To configure STP and VLANs STP and Vlan settings Configure Ethernet Lldp To turn off Lldp 105 106 Configure Hotspot Settings Configure Advanced Wireless Settings  To configure advanced wireless settings107 108 Advanced wireless settings Ampdu 109 Configure Advanced Quality of Service Settings  To configure advanced QoS110 Setting Description AP Edca parameters Edca settings111 Aifs Configure Quality of Service Policies 112Station Edca parameters 113  To configure a new QoS policy 114 Setting Description Match Frame MAC 115 116 Classification rate limiting settingsBest Effort0 Background1  To modify a QoS policy  To specify rate limiting for the wireless interface To delete a QoS policy Click Delete Policy Configure Wireless Bridging Configure a Point-to-Point Wireless Network118  To configure a point-to-point wireless network Point-to-point Bridge mode Router Hub or switch119 Setting Description Profile Definition Point-to-point bridge profile and authentication settings120 NETGEAR-WDS-1 121  To configure a point-to-multipoint wireless network Configure a Point-to-Multipoint Wireless NetworkBridge mode Router Multipoint Hub or switch 122 123 124 125 Select the Wireless Point-to-Multi-Point Bridge radio button 126 127 128 129 130 131 Troubleshooting Troubleshooting No LEDs Are Lit on the Wireless Access PointBasic Functioning Verify the Correct Sequence of Events at Startup Wlan LED Does Not Light Up Active LED or the LAN LED Is Not Lit Check these items 133 134 Troubleshoot a TCP/IP Network Using the Ping Utility When You Enter a URL or IP Address a Time-Out Error Occurs Try the following troubleshooting steps 135 136 Test the LAN Path to Your Wireless Access Point Problems with Date and Time Test the Path from Your Computer to a Remote Device137 Use the Packet Capture Tool  To capture packets138 Technical specifications Technical SpecificationsFeature Description 802.11b/bg/ng wireless specifications 139 802.11a/na wireless specifications Feature DescriptionSupplemental Information 140 Electrical and Physical Specifications Management and Other Specifications141 Compliance Default configuration settings Factory Default SettingsFeature Description Login for management and configuration LAN and management features Radio and wireless settings 143Dhcp server 144 Wireless security features Default wireless profile and profile security145 Netgear 146 Command-Line Reference 147 Command-Line Reference 148 149 150 151 152 153 154 155 156 157 158 159 160 Regulatory Compliance Information Netgear Dual Band WirelessEurope EU Declaration of Conformity Edoc in Languages of the European Community 162 Notification of Compliance 163 FCC Requirements for Operation in the United States Industry Canada Radiation Exposure StatementIndustrie Canada Important Note Radiation Exposure Statement 165 Detachable Antenna Usage 166 Index IPv6 167 LAN 168 169 170 171 172