Complete PDF manual Table of Contents Previous Next Index Search Knowledge Base
PDF of this chapter

Configuring Your Wireless Security
This section discusses how to restrict wireless access to your network and how to configure wireless security such as Mixed WPA-PSK+WPA2-PSK, WEP, and WPA-802.1x.
Note:
If you use a wireless computer to configure wireless security settings, you will be disconnected when you click Apply. Reconfigure your wireless computer to match the new settings, or access the modem router from a wired computer to make further changes.
Restricting Wireless Access to Your Network
By default, any wireless PC that is configured with the correct SSID can access your wireless network. For increased security, the modem router provides several ways to restrict wireless access to your network. You can do the following:
These options are discussed in the following sections.
Turning off wireless connectivity completely
You can completely turn off the wireless portion of the modem router. For example, if you use your notebook computer to wirelessly connect to your modem router and you take a business trip, you can turn off the wireless portion of the modem router while you are traveling. Other members of your household who use computers connected to the modem router through Ethernet cables can still use the modem router. To do this, clear the Enable Wireless Access Point check box on the Wireless Settings screen, and then click Apply.
Hiding your wireless network name (SSID)
By default, the modem router is set to broadcast its wireless network name (SSID). You can restrict wireless access to your network by not broadcasting the wireless network name (SSID). To do this, clear the Allow Broadcast of Name (SSID) check box on the Wireless Settings screen, and then click Apply. Wireless devices will not “see” your modem router. You must configure your wireless devices to match the wireless network name (SSID) of the modem router.
Warning:
The SSID of any wireless access adapters must match the SSID you specify in the modem router. If they do not match, you will not get a wireless connection to the modem router.
 
Restricting access by MAC address
For increased security, you can restrict access to the wireless network to allow only specific PCs based on their MAC addresses. You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the Amodem router. MAC address filtering adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.The Wireless Station Access list determines which wireless hardware devices will be allowed to connect to the modem router.
To restrict access based on MAC addresses:
1.
Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up.
Note:
If you configure the modem router from a wireless computer, add your computer’s MAC address to the access list. Otherwise you will lose your wireless connection when you click Apply. You must then access the modem router from a wired computer, or from a wireless computer that is on the access control list, to make any further changes.
2.
In the Wireless Settings screen, under the Wireless Station Access List section, click the Setup Access List button to display the Wireless Station Access List.
 
Figure 2-3 
3.
Select the Turn Access Control On check box to enable the restricting of wireless computers by their MAC addresses.
4.
If the wireless station is currently connected to the network, you can select it from the Available Wireless Stations list. Click Add to add the station to the Trusted Wireless Stations list.
5.
If the wireless station is not currently connected, you can enter its address manually. Enter the MAC address of the authorized computer. The MAC address is usually printed on the wireless card, or it might appear in the modem router’s DHCP table. The MAC address is 12 hexadecimal digits.
Click Add to add your entry. You can add several stations to the list. When you are finished adding stations, click Apply.
Note:
You can copy and paste the MAC addresses from the modem router’s Attached Devices screen into the MAC Address field of this screen. To do this, configure each wireless computer to obtain a wireless link to the modem router. The computer should then appear in the Attached Devices screen.
Note:
If you are configuring the modem router from a wireless computer whose MAC address is not in the Trusted Wireless Stations list, and you select trusted wireless stations only, you will lose your wireless connection when you click Apply. You must then access the modem router from a wired computer to make any further changes.
 
6.
Make sure the Turn Access Control On check box is selected, and then click Apply.
Now, only devices on this list will be allowed to wirelessly connect to the modem router. This prevents unauthorized access to your network.
Configuring Mixed WPA-PSK+WPA2-PSK Security
A high-performance client such as the NETGEAR WN511B must connect to the modem router using WPA2-PSK to achieve maximum performance. Wireless clients that connect to the modem router using WPA-PSK run at no more than 802.11g speed. This option allows wireless clients to use either encryption method.
Note:
Not all wireless adapters support WPA or WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA. Consult the product document for your wireless adapter and WPA client software for instructions on configuring WPA settings.
To configure Mixed WPA-PSK+WPA2-PSK:
1.
Log in at the default LAN address of http://192.168.0.1, with the default user name of admin and default password of password, or using whatever LAN address and password you have set up.
2.
Select Wireless Settings below Setup in the main menu of the modem router.
3.
Select the Mixed WPA-PSK+WPA2-PSK radio button. The Wireless Settings screen expands to include the WPA2-PSK security encryption.
4.
Enter the pre-shared key in the Network Key field using between 8 and 63 characters.
5.
Click Save to save your settings or click Apply to allow your changes to take effect immediately.
Note:
The procedures to configure WPA-PSK and WPA2-PSK are identical to the procedure to configure Mixed WPA-PSK+WPA2-PSK. The only difference is that you select either the WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) or
WPA2-PSK (Wi-Fi Protected Access 2 with Pre-Shared Key) radio button in step 3.
For details about WPA-802.1x authentication options, see Configuring WPA-802.1x.
Choosing Alternative Authentication and Encryption Methods
 
Restricting wireless access prevents intruders from connecting to your network. However, the wireless data transmissions are still vulnerable to snooping. Using the data encryption settings described in this section will prevent a determined intruder from eavesdropping on your wireless data communications. Also, if you are using the Internet for such activities as purchases or banking, those Internet sites use another level of highly secure encryption called SSL. You can tell if a web site is using SSL because the Web address begins with HTTPS rather than HTTP.
 
 
Configuring WEP
Wired Equivalent Privacy (WEP) security is the most basic and simplest form of wireless security. It is the most often used, but least secure of the available options. WEP Shared Key authentication and WEP data encryption block all but the most determined eavesdropper. This data encryption mode has been superseded by WPA-PSK and WPA2-PSK.
To configure WEP data encryption:
1.
Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up.
2.
Select Wireless Settings in the main menu.
3.
In the Security Options section of the screen, select WEP (Wired Equivalent Privacy). The WEP Security Encryption section displays.
 
 
 
Figure 2-4 
4.
Automatic.This is the default setting.
5.
6.
Enter the encryption keys. You can manually or automatically program the four data encryption keys. These values must be identical on all computers and access points in your network.
Automatic. Enter a word or group of printable characters in the Passphrase field and click Generate. The four key boxes are automatically populated with key values.
7.
Be sure that you clearly understand how the WEP key settings are configured in your wireless adapter. Wireless adapter configuration utilities such as the one included in Windows XP allow entry of only one key, which must match the default key you set in the modem router.
8.
Click Save to save your settings or click Apply to allow your changes to take effect immediately.
Note:
When configuring the modem router from a wireless computer, if you specify WEP settings, you will lose your wireless connection when you click Apply. You must then either configure your wireless adapter to match the modem router WEP settings or access the modem router from a wired computer to make any further changes.
 
Configuring WPA-802.1x
This version of WPA requires the use of a RADIUS server for authentication. Each user (wireless client) must have a user login on the RADIUS server, and the modem router must have a client login on the RADIUS server. Data transmissions are encrypted using a key that is automatically generated.
1.
Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up.
2.
Select Wireless Settings in the main menu.
3.
4.
In the Radius Server Name/IP Address field, enter the name or IP address of the RADIUS server on your LAN. This is a required field.
5.
In the Radius Port field, enter the port number used for connections to the RADIUS server. The default port is 1812.
6.
In the Shared Key field, enter the value that you want to use for the RADIUS shared key. This key enables the modem router to log in to the RADIUS server and must match the client login value used on the RADIUS server.

Table of Contents Previous Next Index Search Knowledge Base
NETGEAR, Inc.
http://www.netgear.com