Reference Manual for the RangeMax Wireless Router WPN824

3.The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (for example, RADIUS).

4.The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type.

5.The authentication server will either send an accept or reject message to the access point.

6.The access point sends an EAP-success packet (or reject packet) to the client.

7.If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application “supplicant” software on the client devices. The access point acts as a “pass through” for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication, or as newer types become available and your requirements for security change.

WPA/WPA2 Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA/WPA2, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

D-14

Wireless Networking Basics

202-10072-01, March 2005

Page 154
Image 154
NETGEAR WPN824 manual WPA/WPA2 Data Encryption Key Management

WPN824 specifications

The NETGEAR WPN824 is a versatile wireless router designed for home users looking to enhance their internet experience. Within its compact and stylish design, the WPN824 combines ease of use with advanced features that cater to a range of network demands.

One of the standout features of the WPN824 is its compatibility with wireless standards such as 802.11b and 802.11g, enabling users to connect to high-speed internet with remarkable ease. The device supports wireless speeds of up to 54 Mbps, making it suitable for everyday tasks, including web browsing, online gaming, and streaming media. Additionally, the router's built-in antennas ensure a robust wireless signal that can cover a significant area, allowing users to enjoy reliable connectivity throughout their homes.

Security is another key characteristic of the NETGEAR WPN824. It includes robust security protocols such as WPA2 and WPA-PSK, ensuring that users can secure their networks against unauthorized access. The router also features a built-in firewall which provides an additional layer of protection by monitoring incoming and outgoing traffic for potential threats.

The WPN824’s user-friendly interface allows for easy setup and management. NETGEAR provides a simple web-based setup wizard that guides users through the installation process, making it accessible even for those with limited technical expertise. Moreover, users can easily manage their network settings, including parental controls and guest access features, through a straightforward control panel.

Another essential aspect of the WPN824 is its QoS (Quality of Service) feature. This technology prioritizes bandwidth for specific devices and applications, ensuring that high-bandwidth tasks like video streaming or gaming are less likely to experience interruptions. This makes the WPN824 an ideal choice for households with multiple devices connected to the network simultaneously.

In conclusion, the NETGEAR WPN824 wireless router brings together essential features, advanced security technologies, and user-friendly management options. With its reliable performance and extensive coverage, it stands as a solid choice for home users seeking to improve their wireless connectivity and overall internet experience. Whether for casual browsing or demanding online activities, the WPN824 provides the necessary capabilities to meet various network needs.