Netgear Router WGR614 V5 User Manual
Have a look at the manual Netgear Router WGR614 V5 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Wireless Networking Basics D-1 June 2004 202-10036-01 Appendix D Wireless Networking Basics Wireless Networking Overview The WGR614 v5 router conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs). On an 802.11 wireless link, data is encoded using direct-sequence spread-spectrum (DSSS) technology and is transmitted in the unlicensed radio spectrum at 2.5GHz. The maximum data rate for the 802.11g wireless link is 54 Mbps, but it will automatically back down from 54 Mbps when the radio signal is weak or when interference is detected. The 802.11 standard is also called Wireless Ethernet or Wi-Fi by the Wireless Ethernet Compatibility Alliance (WECA, see http://www.wi-fi.net), an industry standard group promoting interoperability among 802.11 devices. The 802.11 standard offers two methods for configuring a wireless network - ad hoc and infrastructure. Infrastructure Mode With a wireless access point, you can operate the wireless LAN in the infrastructure mode. This mode provides wireless connectivity to multiple wireless network devices within a fixed range or area of coverage, interacting with wireless nodes via an antenna. In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple access points via a wired Ethernet backbone can further extend the wireless network coverage. As a mobile computing device moves out of the range of one access point, it moves into the range of another. As a result, wireless clients can freely roam from one access point domain to another and still maintain seamless network connection.
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 D-2 Wireless Networking Basics June 2004 202-10036-01 Ad Hoc Mode (Peer-to-Peer Workgroup) In an ad hoc network, computers are brought together as needed; thus, there is no structure or fixed points to the network - each node can generally communicate with any other node. There is no access point involved in this configuration. This mode enables you to quickly set up a small wireless workgroup and allows workgroup members to exchange data or share printers as supported by Microsoft networking in the various Windows operating systems. Some vendors also refer to ad hoc networking as peer-to-peer group networking. In this configuration, network packets are directly sent and received by the intended transmitting and receiving stations. As long as the stations are within range of one another, this is the easiest and least expensive way to set up a wireless network. Network Name: Extended Service Set Identification (ESSID) The Extended Service Set Identification (ESSID) is one of two types of Service Set Identification (SSID). In an ad hoc wireless network with no access points, the Basic Service Set Identification (BSSID) is used. In an infrastructure wireless network that includes an access point, the ESSID is used, but may still be referred to as SSID. An SSID is a thirty-two character (maximum) alphanumeric key identifying the name of the wireless local area network. Some vendors refer to the SSID as network name. For the wireless devices in a network to communicate with each other, all devices must be configured with the same SSID. Wireless Channels IEEE 802.11g/b wireless nodes communicate with each other using radio frequency signals in the ISM (Industrial, Scientific, and Medical) band between 2.4 GHz and 2.5 GHz. Neighboring channels are 5 MHz apart. However, due to spread spectrum effect of the signals, a node sending signals using a particular channel will utilize frequency spectrum 12.5 MHz above and below the center channel frequency. As a result, two separate wireless networks using neighboring channels (for example, channel 1 and channel 2) in the same general vicinity will interfere with each other. Applying two channels that allow the maximum channel separation will decrease the amount of channel cross-talk, and provide a noticeable performance increase over networks with minimal channel separation.
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 Wireless Networking Basics D-3 June 2004 202-10036-01 The radio frequency channels used are listed in Ta b l e D - 1: Note: The available channels supported by the wireless products in various countries are different. The preferred channel separation between the channels in neighboring wireless networks is 25 MHz (5 channels). This means that you can apply up to three different channels within your wireless network. There are only 11 usable wireless channels in the United States. It is recommended that you start using channel 1 and grow to use channel 6, and 11 when necessary, as these three channels do not overlap. Table D-1. 802.11g Radio Frequency Channels Channel Center Frequency Frequency Spread 1 2412 MHz 2399.5 MHz - 2424.5 MHz 2 2417 MHz 2404.5 MHz - 2429.5 MHz 3 2422 MHz 2409.5 MHz - 2434.5 MHz 4 2427 MHz 2414.5 MHz - 2439.5 MHz 5 2432 MHz 2419.5 MHz - 2444.5 MHz 6 2437 MHz 2424.5 MHz - 2449.5 MHz 7 2442 MHz 2429.5 MHz - 2454.5 MHz 8 2447 MHz 2434.5 MHz - 2459.5 MHz 9 2452 MHz 2439.5 MHz - 2464.5 MHz 10 2457 MHz 2444.5 MHz - 2469.5 MHz 11 2462 MHz 2449.5 MHz - 2474.5 MHz 12 2467 MHz 2454.5 MHz - 2479.5 MHz 13 2472 MHz 2459.5 MHz - 2484.5 MHz
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 D-4 Wireless Networking Basics June 2004 202-10036-01 WEP Wireless Security The absence of a physical connection between nodes makes the wireless links vulnerable to eavesdropping and information theft. To provide a certain level of security, the IEEE 802.11 standard has defined two types of authentication methods, Open System and Shared Key. With Open System authentication, a wireless computer can join any network and receive any messages that are not encrypted. With Shared Key authentication, only those computers that possess the correct authentication key can join the network. By default, IEEE 802.11 wireless devices operate in an Open System network. Recently, Wi-Fi, the Wireless Ethernet Compatibility Alliance (http://www.wi-fi.net) developed the Wi-Fi Protected Access (WPA), a new strongly enhanced Wi-Fi security. WPA will soon be incorporated into the IEEE 802.11 standard. WEP and WPA are discussed below. WEP Authentication The 802.11 standard defines several services that govern how two 802.11 devices communicate. The following events must occur before an 802.11 Station can communicate with an Ethernet network through an access point such as the one built in to the WGR614 v5: 1.Turn on the wireless station. 2.The station listens for messages from any access points that are in range. 3.The station finds a message from an access point that has a matching SSID. 4.The station sends an authentication request to the access point. 5.The access point authenticates the station. 6.The station sends an association request to the access point. 7.The access point associates with the station. 8.The station can now communicate with the Ethernet network through the access point. An access point must authenticate a station before the station can associate with the access point or communicate with the network. The IEEE 802.11 standard defines two types of WEP authentication: Open System and Shared Key. • Open System Authentication allows any device to join the network, assuming that the device SSID matches the access point SSID. Alternatively, the device can use the “ANY” SSID option to associate with any available access point within range, regardless of its SSID.
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 Wireless Networking Basics D-5 June 2004 202-10036-01 • Shared Key Authentication requires that the station and the access point have the same WEP Key to authenticate. These two authentication procedures are described below. WEP Open System Authentication This process is illustrated in below. Figure D-1: 802.11 open system authentication The following steps occur when two devices use Open System Authentication: 1.The station sends an authentication request to the access point. 2.The access point authenticates the station. 3.The station associates with the access point and joins the network. IN TER N ET LO CA LACT 12 3 4 5 678 LNK LNK/ACT 10 0Cable/DSLProSafe Wireless VPN Security FirewallMODELFVM318PWR TESTWLANEnable Access Point (AP) 1) Authentication request sent to AP 2) AP authenticates 3) Client connects to network Open System Authentication Steps Cable or DLS modem Client attempting to connect
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 D-6 Wireless Networking Basics June 2004 202-10036-01 WEP Shared Key Authentication This process is illustrated in below. Figure D-2: 802.11 shared key authentication The following steps occur when two devices use Shared Key Authentication: 1.The station sends an authentication request to the access point. 2.The access point sends challenge text to the station. 3.The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and sends the encrypted text to the access point. 4.The access point decrypts the encrypted text using its configured WEP Key that corresponds to the station’s default key. The access point compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP Key and the access point authenticates the station. 5.The station connects to the network. If the decrypted text does not match the original challenge text (i.e., the access point and station do not share the same WEP Key), then the access point will refuse to authenticate the station and the station will be unable to communicate with either the 802.11 network or Ethernet network. IN TER N ET LO CA LACT 12 3 4 5 678 LNK LNK/ACT 10 0Cable/DSLProSafe Wireless VPN Security FirewallMODELFVM318PWR TESTWLANEnable Access Point 1) Authentication request sent to AP 2) AP sends challenge text 3) Client encrypts challenge text and sends it back to AP 4) AP decrypts, and if correct, authenticates client 5) Client connects to network Shared Key Authentication Steps Cable or DLS modem Client attempting to connect
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 Wireless Networking Basics D-7 June 2004 202-10036-01 Key Size and Configuration The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit. The 64-bit WEP data encryption method, allows for a five-character (40-bit) input. Additionally, 24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. (The 24 factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits wide. The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal characters to ease encryption key entry. 128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available outside of the United States due to U.S. export regulations. When configured for 40-bit encryption, 802.11 products typically support up to four WEP Keys. Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90” is a 40-bit WEP Key. When configured for 128-bit encryption, 802.11g products typically support four WEP Keys but some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90” is a 128-bit WEP Key. Typically, 802.11 access points can store up to four 128-bit WEP Keys but some 802.11 client adapters can only store one. Therefore, make sure that your 802.11 access and client adapters configurations match. Whatever keys you enter for an AP, you must also enter the same keys for the client adapter in the same order. In other words, WEP key 1 on the AP must match WEP key 1 on the client adapter, WEP key 2 on the AP must match WEP key 2 on the client adapter, etc. Note: The AP and the client adapters can have different default WEP Keys as long as the keys are in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a client adapter can use WEP key 3 as its default key to transmit. The two devices will communicate as long as the AP’s WEP key 2 is the same as the client’s WEP key 2 and the AP’s WEP key 3 is the same as the client’s WEP key 3.
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 D-8 Wireless Networking Basics June 2004 202-10036-01 How to Use WEP Parameters Wired Equivalent Privacy (WEP) data encryption is used when the wireless devices are configured to operate in Shared Key authentication mode. There are two shared key methods implemented in most commercially available products, 64-bit and 128-bit WEP data encryption. Before enabling WEP on an 802.11 network, you must first consider what type of encryption you require and the key size you want to use. Typically, there are three WEP Encryption options available for 802.11 products: 1. Do Not Use WEP: The 802.11 network does not encrypt data. For authentication purposes, the network uses Open System Authentication. 2. Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving 802.11g device decrypts the data using the same WEP Key. For authentication purposes, the 802.11g network uses Open System Authentication. 3. Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving 802.11 device decrypts the data using the same WEP Key. For authentication purposes, the 802.11 network uses Shared Key Authentication. Note: Some 802.11 access points also support Use WEP for Authentication Only (Shared Key Authentication without data encryption). However, the WGR614 v5 does not offer this option. WPA Wireless Security Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security enhancements that increase the level of data protection and access control for existing and future wireless LAN systems. The IEEE introduced the WEP as an optional security measure to secure 802.11g (Wi-Fi) WLANs, but inherent weaknesses in the standard soon became obvious. In response to this situation, the Wi-Fi Alliance announced a new security architecture in October 2002 that remedies the short comings of WEP. This standard, formerly known as Safe Secure Network (SSN), is designed to work with existing 802.11 products and offers forward compatibility with 802.11i, the new wireless security architecture being defined in the IEEE. WPA offers the following benefits:
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 Wireless Networking Basics D-9 June 2004 202-10036-01 • Enhanced data privacy • Robust key management • Data origin authentication • Data integrity protection The Wi-Fi Alliance is now performing interoperability certification testing on Wi-Fi Protected Access products. Starting August of 2003, all new Wi-Fi certified products will have to support WPA. NETGEAR will implement WPA on client and access point products and make this available in the second half of 2003. Existing Wi-Fi certified products will have one year to add WPA support or they will loose their Wi-Fi certification. The 802.11i standard is currently in draft form, with ratification due at the end of 2003. While the new IEEE 802.11i standard is being ratified, wireless vendors have agreed on WPA as an interoperable interim standard. How Does WPA Compare to WEP? WEP is a data encryption method and is not intended as a user authentication mechanism. WPA user authentication is implemented using 802.1x and the Extensible Authentication Protocol (EAP). Support for 802.1x authentication is required in WPA. In the 802.11 standard, 802.1x authentication was optional. For details on EAP specifically, refer to IETFs RFC 2284. With 802.11 WEP, all access points and client wireless adapters on a particular wireless LAN must use the same encryption key. A major problem with the 802.11 standard is that the keys are cumbersome to change. If you dont update the WEP keys often, an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages. Products based on the 802.11 standard alone offer system administrators no effective method to update the keys. For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices to perform encryption operations. TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all of known WEP vulnerabilities.
Reference Manual for the 54 Mbps Wireless Router WGR614 v5 D-10 Wireless Networking Basics June 2004 202-10036-01 How Does WPA Compare to IEEE 802.11i? WPA will be forward compatible with the IEEE 802.11i security specification currently under development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the 802.11i draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 802.11 VoIP phones), as well as enhanced encryption protocols such as AES-CCMP. These features are either not yet ready for market or will require hardware upgrades to implement. What are the Key Features of WPA Security? The following security features are included in the WPA standard: • WPA Authentication • WPA Encryption Key Management – Temporal Key Integrity Protocol (TKIP) –Michael message integrity code (MIC) – AES Support • Support for a Mixture of WPA and WEP Wireless Clients These features are discussed below. WPA addresses most of the known WEP vulnerabilities and is primarily intended for wireless infrastructure networks as found in the enterprise. This infrastructure includes stations, access points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has access to) user credentials (e.g., user names and passwords) and authenticates wireless users before they gain access to the network. The strength WPA comes from an integrated sequence of operations that encompass 802.1X/EAP authentication and sophisticated key management and encryption techniques. Its major operations include: • Network security capability determination. This occurs at the 802.11 level and is communicated through WPA information elements in Beacon, Probe Response, and (Re) Association Requests. Information in these elements includes the authentication method (802.1X or Pre-shared key) and the preferred cipher suite (WEP, TKIP, or AES).