Home > Netgear > Router > Netgear Router WGT624 V2 User Manual

Netgear Router WGT624 V2 User Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Netgear Router WGT624 V2 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    Wireless Networking Basics D-3
    M-10153-01
    Authentication and WEP
    The absence of a physical connection between nodes makes the wireless links vulnerable to 
    eavesdropping and information theft. To provide a certain level of security, the IEEE 802.11 
    standard has defined two types of authentication methods, Open System and Shared Key. With 
    Open System authentication, a wireless PC can join any network and receive any messages that are 
    not encrypted. With Shared Key authentication, only those PCs that possess the correct 
    authentication key can join the network. By default, IEEE 802.11 wireless devices operate in an 
    Open System network. 
    Wired Equivalent Privacy (WEP) data encryption is used when the wireless devices are configured 
    to operate in Shared Key authentication mode. There are two shared key methods implemented in 
    most commercially available products, 64-bit and 128-bit WEP data encryption.
    802.11 Authentication
    The 802.11 standard defines several services that govern how two 802.11 devices communicate. 
    The following events must occur before an 802.11 Station can communicate with an Ethernet 
    network through an access point such as the one built in to the WGT624 v2:
    1.Turn on the wireless station.
    2.The station listens for messages from any access points that are in range.
    3.The station finds a message from an access point that has a matching SSID.
    4.The station sends an authentication request to the access point.
    5.The access point authenticates the station.
    6.The station sends an association request to the access point.
    7.The access point associates with the station.
    8.The station can now communicate with the Ethernet network through the access point.
    An access point must authenticate a station before the station can associate with the access point or 
    communicate with the network. The IEEE 802.11 standard defines two types of authentication: 
    Open System and Shared Key.
    • Open System Authentication allows any device to join the network, assuming that the device 
    SSID matches the access point SSID. Alternatively, the device can use the “ANY” SSID 
    option to associate with any available Access Point within range, regardless of its SSID.  
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    D-4 Wireless Networking Basics
    M-10153-01
    • Shared Key Authentication requires that the station and the access point have the same WEP 
    Key to authenticate. These two authentication procedures are described below.
    Open System Authentication
    The following steps occur when two devices use Open System Authentication:
    1.The station sends an authentication request to the access point.
    2.The access point authenticates the station.
    3.The station associates with the access point and joins the network.
    This process is illustrated in below.
    Figure 7-4:  Open system authentication
    Shared Key Authentication
    The following steps occur when two devices use Shared Key Authentication:
    1.The station sends an authentication request to the access point.
    2.The access point sends challenge text to the station.
    3.The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and 
    sends the encrypted text to the access point.
    4.The access point decrypts the encrypted text using its configured WEP Key that corresponds 
    to the station’s default key. The access point compares the decrypted text with the original 
    challenge text. If the decrypted text matches the original challenge text, then the access point 
    and the station share the same WEP Key and the access point authenticates the station. 
    IN TER N ET LO CA LACT
    12 3 4 5 678 LNK
    LNK/ACT 10 0Cable/DSLProSafe Wireless VPN Security FirewallMODELFVM318PWR TESTWLANEnable
    Access Point (AP) 1) Authentication request sent to AP
    2) AP authenticates
    3) Client connects to network
    Open System
    Authentication Steps
    Cable or
    DLS modem
    Client
    attempting
    to connect 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    Wireless Networking Basics D-5
    M-10153-01
    5.The station connects to the network.
    If the decrypted text does not match the original challenge text (i.e., the access point and station do 
    not share the same WEP Key), then the access point will refuse to authenticate the station and the 
    station will be unable to communicate with either the 802.11 network or Ethernet network.
    This process is illustrated in below.
    Figure 7-5:  Shared key authentication
    Overview of WEP Parameters
    Before enabling WEP on an 802.11 network, you must first consider what type of encryption you 
    require and the key size you want to use. Typically, there are three WEP Encryption options 
    available for 802.11 products:
    1. Do Not Use WEP: The 802.11 network does not encrypt data. For authentication purposes, the 
    network uses Open System Authentication.
    2. Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every 
    packet it sends using a configured WEP Key. The receiving device decrypts the data using the 
    same WEP Key. For authentication purposes, the wireless network uses Open System 
    Authentication.
    IN TER N ET LO CA LACT
    12 3 4 5 678 LNK
    LNK/ACT 10 0Cable/DSLProSafe Wireless VPN Security FirewallMODELFVM318PWR TESTWLANEnable
    Access Point 1) Authentication
    request sent to AP
    2) AP sends challenge text
    3) Client encrypts
    challenge text and
    sends it back to AP
    4) AP decrypts, and if correct,
    authenticates client
    5) Client connects to network
    Shared Key
    Authentication Steps
    Cable or
    DLS modem
    Client
    attempting
    to connect 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    D-6 Wireless Networking Basics
    M-10153-01
    3. Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data 
    portion of every packet it sends using a configured WEP Key. The receiving 802.11 device 
    decrypts the data using the same WEP Key. For authentication purposes, the 802.11 network uses 
    Shared Key Authentication.
    Note: Some 802.11 access points also support Use WEP for Authentication Only (Shared Key 
    Authentication without data encryption). 
    Key Size
    The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit.
    The 64-bit WEP data encryption method, allows for a five-character (40-bit) input. Additionally, 
    24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. (The 24 
    factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all 
    data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption 
    as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits 
    wide.
    The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the 
    forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user 
    configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal 
    characters to ease encryption key entry.
    128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available 
    outside of the United States due to U.S. export regulations.
    When configured for 40-bit encryption, 802.11 products typically support up to four WEP Keys. 
    Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). For 
    example, “12 34 56 78 90” is a 40-bit WEP Key.
    When configured for 128-bit encryption, wireless products typically support four WEP Keys but 
    some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of 
    two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90” 
    is a 128-bit WEP Key.
    Note: Typically, 802.11 access points can store up to four 128-bit WEP Keys but some 802.11 
    client adapters can only store one. Therefore, make sure that your 802.11 access and client 
    adapters configurations match. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    Wireless Networking Basics D-7
    M-10153-01
    WEP Configuration Options
    The WEP settings must match on all 802.11 devices that are within the same wireless network as 
    identified by the SSID. In general, if your mobile clients will roam between access points, then all 
    of the 802.11 access points and all of the 802.11 client adapters on the network must have the same 
    WEP settings. 
    Note: Whatever keys you enter for an AP, you must also enter the same keys for the client adapter 
    in the same order. In other words, WEP key 1 on the AP must match WEP key 1 on the client 
    adapter, WEP key 2 on the AP must match WEP key 2 on the client adapter, etc.
    Note: The AP and the client adapters can have different default WEP Keys as long as the keys are 
    in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a 
    client adapter can use WEP key 3 as its default key to transmit. The two devices will communicate 
    as long as the AP’s WEP key 2 is the same as the client’s WEP key 2 and the AP’s WEP key 3 is 
    the same as the client’s WEP key 3.
    Wireless Channels
    IEEE 802.11 wireless nodes communicate with each other using radio frequency signals in the 
    ISM (Industrial, Scientific, and Medical) band between 2.4 GHz and 2.5 GHz. Neighboring 
    channels are 5 MHz apart. However, due to spread spectrum effect of the signals, a node sending 
    signals using a particular channel will utilize frequency spectrum 12.5 MHz above and below the 
    center channel frequency. As a result, two separate wireless networks using neighboring channels 
    (for example, channel 1 and channel 2) in the same general vicinity will interfere with each other. 
    Applying two channels that allow the maximum channel separation will decrease the amount of 
    channel crosstalk, and provide a noticeable performance increase over networks with minimal 
    channel separation. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    D-8 Wireless Networking Basics
    M-10153-01
    The radio frequency channels used are listed in Ta b l e  7 - 1:
    Note: The available channels supported by the wireless products in various countries are different.
    The preferred channel separation between the channels in neighboring wireless networks is 25 
    MHz (5 channels). This means that you can apply up to three different channels within your 
    wireless network. There are only 11 usable wireless channels in the United States. It is 
    recommended that you start using channel 1 and grow to use channel 6, and 11 when necessary, as 
    these three channels do not overlap.
    Table 7-1. 802.11 Radio Frequency Channels
    Channel Center Frequency Frequency Spread
    1 2412 MHz 2399.5 MHz - 2424.5 MHz
    2 2417 MHz 2404.5 MHz - 2429.5 MHz
    3 2422 MHz 2409.5 MHz - 2434.5 MHz
    4 2427 MHz 2414.5 MHz - 2439.5 MHz
    5 2432 MHz 2419.5 MHz - 2444.5 MHz
    6 2437 MHz 2424.5 MHz - 2449.5 MHz
    7 2442 MHz 2429.5 MHz - 2454.5 MHz
    8 2447 MHz 2434.5 MHz - 2459.5 MHz
    9 2452 MHz 2439.5 MHz - 2464.5 MHz
    10 2457 MHz 2444.5 MHz - 2469.5 MHz
    11 2462 MHz 2449.5 MHz - 2474.5 MHz
    12 2467 MHz 2454.5 MHz - 2479.5 MHz
    13 2472 MHz 2459.5 MHz - 2484.5 MHz 
    						
    							M-10153-01 Glossary
    1
    Glossary
    Use the list below to find definitions for technical terms used in this manual.
    List of Glossary Terms
    10BASE-T 
    IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring.
    100BASE-Tx 
    IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring.
    3DES
    3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three 
    different, unrelated keys.
    802.1x
    802.1x defines port-based, network access control used to provide authenticated network access and 
    automated data encryption key management. 
    The IEEE 802.1x draft standard offers an effective framework for authenticating and controlling user traffic 
    to a protected network, as well as dynamically varying encryption keys. 802.1x uses a protocol called EAP 
    (Extensible Authentication Protocol) and supports multiple authentication methods, such as token cards, 
    Kerberos, one-time passwords, certificates, and public key authentication. For details on EAP specifically, 
    refer to IETFs RFC 2284.
    802.11a
    IEEE specification for wireless networking at 54 Mbps operating in unlicensed radio bands over 5 GHz.
    802.11b
    IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) 
    technology and operating in the unlicensed radio spectrum at 2.5 GHz.
    802.11g
    A soon to be ratified IEEE specification for wireless networking at 54 Mbps using direct-sequence 
    spread-spectrum (DSSS) technology and operating in the unlicensed radio spectrum at 2.5 GHz. 802.11g is 
    backwards compatible with 802.11b. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    2Glossary
    M-10153-01
    ADSL
    Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper 
    telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and 
    from 16 to 640 Kbps when sending data (known as the upstream rate). 
    ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world 
    gain access. 
    AES
    Advanced Encryption Standard, a symmetric 128-bit block data encryption technique. 
    It is an iterated block cipher with a variable block length and a variable key length. The block length and the 
    key length can be independently specified to 128, 192 or 256 bits.The U.S government adopted the 
    algorithm as its encryption technique in October 2000, replacing the DES encryption it used. AES works at 
    multiple network layers simultaneously.
    AH
    Authentication Header.
    ARP
    Address Resolution Protocol, a TCP/IP protocol used to convert an IP address into a physical address (called 
    a DLC address), such as an Ethernet address. 
    A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host 
    on the network that has the IP address in the request then replies with its physical hardware address. There is 
    also Reverse ARP (RARP) which can be used by a host to discover its IP address. In this case, the host 
    broadcasts its physical address and a RARP server replies with the hosts IP address.
    Auto Uplink
    Auto UplinkTM technology (also called MDI/MDIX) eliminates the need to worry about crossover vs. 
    straight-through Ethernet cables. Auto UplinkTM will accommodate either type of cable to make the right 
    connection.
    CA
    A Certificate Authority is a trusted third-party organization or company that issues digital certificates used 
    to create digital signatures and public-private key pairs. 
    Cat 5
    Category 5 unshielded twisted pair (UTP) cabling. An Ethernet network operating at 10 Mbits/second 
    (10BASE-T) will often tolerate low quality cables, but at 100 Mbits/second (10BASE-Tx) the cable must be 
    rated as Category 5, or Cat 5 or Cat V, by the Electronic Industry Association (EIA). 
    This rating will be printed on the cable jacket. Cat 5 cable contains eight conductors, arranged in four 
    twisted pairs, and terminated with an RJ45 type connector. In addition, there are restrictions on maximum 
    cable length for both 10 and 100 Mbits/second networks.
    Certificate Authority 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    Glossary
    3
    M-10153-01
    A Certificate Authority is a trusted third-party organization or company that issues digital certificates used 
    to create digital signatures and public-private key pairs. 
    The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, 
    who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, 
    such as a credit card company, which provides it with information to confirm an individuals claimed 
    identity. CAs are a critical component in data security and electronic 
    commerce because they guarantee that 
    the two parties exchanging information are really who they claim to be.
    CRL
    Certificate Revocation List. Each Certificate Authority (CA) maintains a revoked certificates list. 
    Denial of Service attack
    DoS. A hacker attack designed to prevent your computer or network from operating or communicating.
    DHCP
    An Ethernet protocol specifying how a centralized DHCP server can assign network configuration 
    information to multiple DHCP clients. The assigned information includes IP addresses, DNS addresses, and 
    gateway (router) addresses.
    DMZ
    A Demilitarized Zone is used by a company that wants to host its own Internet services without sacrificing 
    unauthorized access to its private network. 
    The DMZ sits between the Internet and an internal networks line of defense, usually some combination of 
    firewalls and bastion hosts. Typically, the DMZ contains devices accessible to Internet traffic, such as web 
    (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers. 
    DNS
    Short for Domain Name System (or Service), an Internet service that translates domain names into IP 
    addresses. 
    Because domain names are alphabetic, theyre easier to remember. The Internet however, is really based on 
    IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the 
    corresponding IP address. For example, the domain name www.example.com might translate to 
    198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesnt know how to 
    translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. 
    Domain Name
    A descriptive name for an address or group of addresses on the Internet. Domain names are of the form of a 
    registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc. For 
    example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain.
    DoS
    A hacker attack designed to prevent your computer or network from operating or communicating. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v2
    4Glossary
    M-10153-01
    DSL
    Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this 
    technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5 
    to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data 
    (known as the upstream rate). 
    ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world 
    gain access. 
    DSLAM
    DSL Access Multiplexor. The piece of equipment at the telephone company central office that provides the 
    ADSL signal.
    Dynamic Host Configuration Protocol
    DHCP. An Ethernet protocol specifying how a centralized DHCP server can assign network configuration 
    information to multiple DHCP clients. The assigned information includes IP addresses, DNS addresses, and 
    gateway (router) addresses.
    EAP
    Extensible Authentication Protocol is a general protocol for authentication that supports multiple 
    authentication methods. 
    EAP, an extension to PPP, supports such authentication methods as token cards, Kerberos, one-time 
    passwords, certificates, public key authentication and smart cards. In wireless communications using EAP, a 
    user requests connection to a WLAN through an AP, which then requests the identity of the user and 
    transmits that identity to an authentication server such as RADIUS. The server asks the AP for proof of 
    identity, which the AP gets from the user and then sends back to the server to complete the authentication. 
    EAP is defined by RFC 2284.
    ESP
    Encapsulating Security Payload.
    ESSID
    The Extended Service Set Identification (ESSID) is a thirty-two character (maximum) alphanumeric key 
    identifying the wireless local area network. 
    Gateway
    A local device, usually a router, that connects hosts on a local network to other networks.
    IETF
    Internet Engineering Task Force. Working groups of the IETF propose standard protocols and procedures for 
    the Internet, which are published as RFCs (Request for Comment) at 
    www.ietf.org.
    An open international community of network designers, operators, vendors, and researchers concerned with 
    the evolution of the Internet architecture and the smooth operation of the Internet.  
    						
    All Netgear manuals Comments (0)

    Related Manuals for Netgear Router WGT624 V2 User Manual