Transcript 802.11b or g

NETGEAR Product Training
Home Wireless Products
Presented by Hien Ly
Level 3, Sr. Tech Support Engineer
September 2006
Agenda
» Part 1
• Introduction to NETGEAR Products Line
• Home Wireless Products Overview
» How to identify products by part numbers?
• Home Wireless Technologies
» IEEE Wireless Standards – 802.11a/b/g/n
» Product comparison
• Wireless Troubleshooting Tips & Techniques
» Configuration Assistant (CA) Bypass
» Maximizing Wireless Range
» Troubleshooting Flow overview
» Part 2
• Introduction to NETGEAR Storage Central
» SC101 Overview
» SC101 Troubleshooting Guide
» Part 3
• Brief introduction to NETGEAR Multimedia products
» EVA700
» Skype Phone
© .1996-2006 NETGEAR® . All rights reserved
2
NETGEAR Product Family
NETGEAR
Home
Carrier
Business
Wireless
Routers
Multimedia
Devices
Cable/DSL
Gateways
Switches
Ethernet
Adapters
VoIP
Broadband
Voice Adapter
Firewall/VPN
Routers
Print Servers
Storage
Central
Access Points
Powerlines
© .1996-2006 NETGEAR® . All rights reserved
3
NETGEAR Home Products
Storage
Central
Digital
Entertainer
Wireless
Adapter
Internet
VoIP
Skype
Phone
RangeMax
240
Wireless
Router
Wireless
Game Adapter
© .1996-2006 NETGEAR® . All rights reserved
Digital Music
Player
4
NETGEAR Home Wireless Routers
Product Description
Model No.
RangeMax NEXT 300Mbps Wireless Router Gigabit Edition
WNR854T
RangeMax NEXT 270Mbps Wireless Router
WNR834M
RangeMax NEXT 270Mbps Wireless Router
WNR834B
RangeMax 240 Wireless Router
WPNT834
RangeMax Wireless Router
WPN824
802.11g Cable/DSL Super G Wireless Firewall
WGT624
802.11g Cable/DSL Wireless Router with 4 Port Switch
WGR614
© .1996-2006 NETGEAR® . All rights reserved
5
NETGEAR Home Gateways
Product Description
Model No.
RangeMax Next 270Mbps Wireless ADSL2+ Modem Router w/ 4-port
10/100Mbps Switch
DG834N
RangeMax 108Mbps Wireless ADSL Modem Router w/ 4-port
10/100Mbps Switch
DG834PN
Super G™ 108 Mbps Wireless ADSL2+ Modem Router w/ 4-port
10/100Mbps Switch
DG834GT
802.11g 54Mbps Wireless ADSL2+ Modem Router
DG834G
ADSL2+ Modem Gateway with 4-port 10/100Mbps Switch
DG834
ADSL2+ Modem Gateway with 1.1 USB port
DG632
© .1996-2006 NETGEAR® . All rights reserved
6
NETGEAR Ethernet Adapters
© .1996-2006 NETGEAR® . All rights reserved
7
NETGEAR Ethernet Adapters
© .1996-2006 NETGEAR® . All rights reserved
8
NETGEAR Multimedia & VoIP
Product Description
Model No.
Digital Entertainer
EVA700
Skype WiFi Phone
SPH101
© .1996-2006 NETGEAR® . All rights reserved
9
NETGEAR Powerlines
Product Description
Model No.
200Mbps Powerline HD Adapter
HDX101
85Mbps Powerline Adapter with 4-port switch
XE104
14Mbps Powerline Adapter
XE102
54Mbps Powerline Wireless Range Extender
WGX102
© .1996-2006 NETGEAR® . All rights reserved
10
Print Servers
WGPS606
PS110
PS121
Wireless Router
© .1996-2006 NETGEAR® . All rights reserved
11
NETGEAR Storage Central
© .1996-2006 NETGEAR® . All rights reserved
12
NETGEAR Access Points
© .1996-2006 NETGEAR® . All rights reserved
13
NETGEAR Access Points
» WAG302 ProSafe Wireless Access Point
•
•
•
•
IEEE 802.11a/b/g Dual Band – up to 108 Mbps in turbo mode
Integrated IEEE 802.3af Power over Ethernet
SNMP support
Wi-Fi Certified and Plenum-rated
» WG302 ProSafe Wireless Access Point
•
•
•
•
•
IEEE 802.11g 54 Mbps – up to 108 Mbps in turbo mode
Integrated IEEE 802.3af Power over Ethernet
SNMP support
Intel ™ “Verified with Centrino”
Wi-Fi Certified and Plenum-rated
» WG102 ProSafe Wireless Access Point
•
•
•
•
IEEE 802.11g 54 Mbps – up to 108 Mbps in turbo mode
Integrated IEEE 802.3af Power over Ethernet
SNMP support
Wi-Fi Certified and Plenum-rated
» Accessories (Antennas, Cables and clients)
•
•
•
5, 9 18 dBi antennas (2.4 GHz)
Cable lengths: 1.5m, 3m, 5m & 10m
802.11a/g PCI and cardbus
© .1996-2006 NETGEAR® . All rights reserved
14
NETGEAR AP Comparison
Feature
Avg DMR
US LIST PRICE
WG602
$79
$97
WG102
$129
$180
WG302
$249
$350
WAG302
$300+
$445
Form Factor
Antenna
Repeater & Bridge modes
Turbo 11g
Plastic Platinum Case
100-series case
300-series blue case
2 detachable 5 dBi, FCC
yes
yes
yes
no
yes
yes
300-series blue case
2 detachable 5 dBi, FCC
yes
yes
802.11i
802.1x RADIUS
SNMP 1, 2 & 802.11
WMM/11eSIP aware
WPA2-PSK only
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
Block SSID Broadcast
Transmit Power Control
Load Balancing
Rogue AP detection
no
no
no
no
yes
yes
yes, via controller
yes, via controller
yes
yes
yes
yes
yes
yes
yes
yes
Cross Subnet Roaming
Multiple SSID Support
Remote or Onsite Mangement via FTP
SSL/SSH
no
no
no
no
yes, via controller
yes, via controller
no
no
yes
yes
yes
yes
yes
yes
yes
yes
DHCP Server for WLAN Client
Any IP
Simultaneous AP&Bridge mode
MAC Address Auth/RADIUS
no
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
RADIUS Accounting
no
no
yes
yes
Single detachable 2dBi, no FCC Single detachable 5 dBi, FCC
© .1996-2006 NETGEAR® . All rights reserved
15
Tech Support Tip
» How to identify what type of adapter by its model number?
• 111 = USB (i.e.: WG111, WPN111)
» 111 + T = Super G 108Mbps (i.e.: WG111T)
• 121 = USB (new casing – MIMO, N-Draft)
» i.e.: WPNT121, WN121T
• 311 = PCI
» i.e.: WPN311, WN311T
• 511 = CardBus
© .1996-2006 NETGEAR® . All rights reserved
16
Home Wireless Technologies
© .1996-2006 NETGEAR® . All rights reserved
17
Wi-Fi Alliance
» Originally the Wireless Ethernet Compatibility Alliance, WECA
• Original members: 3Com, Aironet (now Cisco), Harris Semiconductor (now Intersil),
Lucent (now Agere), Nokia, and Symbol formed in 1999
» Renamed Wi-Fi Alliance in October 2002 is a nonprofit international
trade association that developed the Wi-Fi brand in 1999 to certify
interoperability of wireless local area network products based on IEEE
802.11 standards.
» Wi-Fi Alliance product certification began in March of 2000. The
primary mission of the Wi-Fi Alliance is to assure a positive user
experience through product interoperability.
© .1996-2006 NETGEAR® . All rights reserved
18
802.11 Variants
IEEE
Description
Status
802.11
2.4GHz. Using either Frequency Hopping
Spread Spectrum (FHSS) or Direct
Sequence Spread Spectrum (DSSS). 2Mbps
data rate.
Obsolete.
802.11b
2.4GHz. Current entry level wireless
standard based on DSSS. 11 Mbps data
rate.
Current industry baseline
standard for WLANs.
802.11g
2.4GHz. Most commonly accepted
protocol utilizing OFDM and DSSS. 54
Mbps data rate.
Current industry standard.
Price point pushing out
802.11b.
802.11a
5GHz. Utilizes OFDM. 54 Mbps data rate.
Some acceptance in corporate
environments. Current resurge
in dual a/g interest.
Pre-N
Various vendors working on candidates for
802.11n with 100+ Mbps speeds. However,
none have been ratified yet. Airgo and
RangeMax. NO GUARANTEE OF 802.11N
UPGRADEABILITY.
IEEE has not ratified any of
these competing protocols. All
are using some form of MIMO.
802.11n
Proposed 100+ Mbps IEEE standard.
Products with this standard should be
software upgradeable when it’s finalized.
802.11n Draft v1.0 has been
approved in Jan. 2006 between
Atheros, Broadcom & Marvell
© .1996-2006 NETGEAR® . All rights reserved
19
802.11 Extended Protocol Layer
IEEE
Description
Status
802.11i
Security: WiFi Certified - WPA2, adds
hardware-based AES encryption
Ratified in June 2005.
802.11e
Quality of Service (QoS) standard for data,
voice, and video applications.
Ratified and expected in some
Netgear products (WG302,
WAG302)
802.11s
Mesh Networking
Not yet official, estimated
ratification: Jan ‘07
» Wi-Fi news
• WMM – Wi-Fi Multimedia
» Subset of the 802.11e QoS protocol
• WPA2 (AES support)
» Update to WPA for the ratified 802.11i security protocol. Certifications
began in September 2004.
• WEP
» Considered being dropped from Wi-Fi Certification requirements
© .1996-2006 NETGEAR® . All rights reserved
20
Wi-Fi Multimedia -- WMM
Voice over Internet Protocol (VoIP), video streaming, and interactive gaming are
highly sensitive to latency increases and throughput reductions, and require
QoS.
To meet this need, the Wi-Fi Alliance started interoperability certification for
WMM (Wi-Fi Multimedia) as a profile of the upcoming IEEE 802.11e QoS
extensions for 802.11 networks. WMM prioritizes traffic demands from different
applications and extends Wi-Fi’s high quality end-user experience from data
connectivity to voice, music, and video applications under a wide variety of
environment and traffic conditions. WMM defines four access categories (voice,
video, best effort, and background) that are used to prioritize traffic so that these
applications have access to the necessary network resources. Additionally,
WMM-enabled Wi-Fi networks concurrently support legacy devices that lack
WMM functionality. The WMM best effort access category and legacy devices
transmit with the same priority.
From http://www.wi-fi.org/membersonly/getfile.asp?f=WMM_QoS_whitepaper.pdf
© .1996-2006 NETGEAR® . All rights reserved
21
IEEE, 802.11, and Technology
» The Institute of Electrical and Electronics Engineers (IEEE)
ratified the original 802.11 specification in 1997 as the the first
internationally sanctioned standard for wireless LANs. That
version of 802.11 provided for 1 Mbps and 2 Mbps data rates and
a set of fundamental signaling methods and other services.
» The 802.11 standards focus on the bottom two levels of the ISO
model, the physical layer and data link layer. Most LAN
applications, network operating system, or protocol, including
TCP/IP and Novell NetWare, will run on an 802.11-compliant
WLAN as easily as they run over Ethernet (IEEE 802.3)
© .1996-2006 NETGEAR® . All rights reserved
22
The 802.11b Standard
» The basic architecture, features, and services of 802.11b are
defined by the original 802.11 standard. The 802.11b specification
affects only the physical layer, adding higher data rates and more
robust connectivity.
» IEEE ratified the 802.11b standard (also known as 802.11 High
Rate) for transmissions of up to 11 Mbps.
» 802.11b cards can operate at 11 Mbit/s, but will scale back to 5.5,
then 2, then 1 Mbit/s. Since the lower data rates use less complex
and more redundant methods of encoding the data, they are less
susceptible to corruption due to interference and signal
attenuation.
© .1996-2006 NETGEAR® . All rights reserved
23
802.11b+
» Extensions have been made to the 802.11b protocol (e.g., channel
bonding and burst transmission techniques) in order to increase
speed to 22, 33, and 44 Mbit/s, but the extensions are proprietary
and have not been endorsed by the IEEE. Many companies call
enhanced versions "802.11b+". These extensions have been
largely obviated by the development of 802.11g, which has data
rates up to 54 Mbit/s and is backwards-compatible with 802.11b.
© .1996-2006 NETGEAR® . All rights reserved
24
The 802.11a Standard
» Another extension to 802.11 that provides up to 54 Mbps in the
5GHz band.
» Uses an Orthogonal Frequency Division Multiplexing (OFDM)
encoding scheme rather than FHSS or DSSS.
» Not widely accepted due to being released in the same timeframe
as 802.11g, and unlike 802.11g, 802.11a is NOT compatible with
802.11b
» Good alternative for areas with a high number of 802.11g devices.
5GHz band is well above the 2.4GHz range and less prone to
interference.
• 5.8GHz cordless phones may cause some interference.
© .1996-2006 NETGEAR® . All rights reserved
25
802.11a
» Since the 2.4 GHz band is heavily used, using the 5 GHz band
gives 802.11a the advantage of less interference.
» 5GHz (802.11a) cannot penetrate as far as 2.4GHz (802.11b or g)
since it is absorbed more readily by obstructions, other things
(such as power) being equal.
» 5Ghz restricts the use of 802.11a to almost line of sight,
necessitating the use of more access points
© .1996-2006 NETGEAR® . All rights reserved
26
The 802.11g Standard
» In June 2003, a third modulation standard was ratified: 802.11g
» Uses the 2.4 GHz band (like 802.11b)
» Maximum raw data rate of 54 Mbit/s, or about 24.7 Mbit/s net
throughput like 802.11a.
» It is fully backwards compatible with b and uses the same
frequencies.
» Note:The presence of an 802.11b participant significantly reduces
the speed of an 802.11g network.
© .1996-2006 NETGEAR® . All rights reserved
27
802.11g
» While 802.11g held the promise of higher throughput, actual
results were mitigated by a number of factors:
• Conflict with 802.11b-only devices
• Exposure to the same interference sources as 802.11b,
• Limited channelization (only 3 fully non-overlapping channels like
802.11b)
• Higher data rates of 802.11g are often more susceptible to
interference than 802.11b, causing the 802.11g device to reduce
the data rate to effectively the same rates used by 802.11b
© .1996-2006 NETGEAR® . All rights reserved
28
802.11g – Super G
» Boost network speeds up to 108 Mbit/s by using channel
bonding.
• Requires specific hardware
• May not be interoperable between vendors at 108 Mbps speeds,
but 54 Mbps works
• Even more susceptible to interference in the 2.4GHz range
• Wi-Fi Certification now requires removal of the Static 108 feature,
but still allows for Auto 108.
© .1996-2006 NETGEAR® . All rights reserved
29
What is Pre-N? 802.11n Candidates
» MIMO technology has become the widely accepted technology to
drive future innovation in the future.
•
Nearly all Wi-Fi companies have committed MIMO to their roadmap
• A new task group (802.11n) has formed to improve Wi-Fi performance
and enable new applications
• The key element of all the main proposals is MIMO
» The 802.11 standards process will take several years. In the
meantime many OEMs and virtually all major chipset companies
intend to develop pre-standard “Pre-N” versions of MIMO
products.
» As with “Pre-G”, companies who take the lead in the “Pre-N”
market segment will lead in the 802.11n market
© .1996-2006 NETGEAR® . All rights reserved
30
The 802.11n Standard – N-Draft v1.0
» 802.11n draft v1.0 approved in January 2006
• Allows interoperability between different vendors to support 100+Mbps
• NETGEAR Products with Broadcom and Marvell chipsets are compatible
with other vendor 802.11n products to support up to 270Mbps
» Software upgradeability to IEEE ratified 802.11n is now possible
» Backward compatibility with 802.11b/g
• Adaptive Channel Expansion to dynamically expand to 40Mhz channel
instead of 20Mhz for higher speeds
» 20Mhz – 145 / 130 / 116 / 87 /58 / 43 / 29 / 22 / 14 / 7Mbps
» 40Mhz – 300 / 270 / 240 / 180 / 150 / 135 / 120 /90 / 60 / 45 / 30 / 15Mbps
» Many competing vendors
• Currently: Atheros, Broadcom and Marvell
» Still based on MIMO (Multiple In, Multiple Out) technologies.
© .1996-2006 NETGEAR® . All rights reserved
31
What is MIMO?
» MIMO is an acronym for Multiple In Multiple Out/
» Multiple data streams are simultaneously sent and received
wirelessly across a single 20 Mhz channel
© .1996-2006 NETGEAR® . All rights reserved
32
MIMO vs Traditional 802.11g
© .1996-2006 NETGEAR® . All rights reserved
33
What is RangeMax™?
» RangeMax™ is an advanced Smart MIMO (Multi-In, Multi-Out)
technology that uses seven internal antennas.
» RangeMax™ constantly surveys your home environment for
physical barriers and interference and adjusts the wireless signal
to compensate
» RangeMax™ automatically senses changes in the network and
selects from 126 possible antenna configurations to deliver the
best throughput at range
© .1996-2006 NETGEAR® . All rights reserved
34
What is RangeMax™ NEXT?
© .1996-2006 NETGEAR® . All rights reserved
35
What is Smart Internal Antennas?
» Smart antennas are factory tuned and configured for optimal
performance
» Internal antennas are protected from damage and mis-alignment
» Smart internal antennas take the guesswork out of set-up
» MIMO based technology
• MIMO (Multiple-In, Multiple-Out), which has been used
interchangeably with "Smart Antenna", is a broad term that
describes an approach that uses multiple antennas and advanced
signal processing to manage multipath interference to increase
performance and range in a wireless environment.
© .1996-2006 NETGEAR® . All rights reserved
36
Adapts to Interferences on-the-fly
© .1996-2006 NETGEAR® . All rights reserved
37
Speed and Range Compared to 802.11g
© .1996-2006 NETGEAR® . All rights reserved
38
Home Wireless Technology Summary
© .1996-2006 NETGEAR® . All rights reserved
39
802.11 Standard Summary
» 802.11b
• Maximum rate = 11Mbps (typical 6Mbps)
• 2.4Ghz Frequency using DSSS Modulation
• Maximum range = ~100ft @ 11Mbps, ~300ft @ 1Mbps
• 3 non-overlapping channels
» 802.11g
• Maximum rate = 54Mbps (typical 25Mbps)
• 2.4Ghz Frequency using OFDM Modulation
• Maximum range = ~100ft @ 54Mbps, ~300ft @ 6Mbps
• 3 non-overlapping channels
» 802.11a
• Maximum rate = 54Mbps (typical 25Mbps)
• 5Ghz Frequency using OFDM Modulation
• Maximum range = ~80ft @ 54Mbps, ~250ft @ 6Mbps
• 8 non-overlapping channels
» 802.11n (Draft v1.0)
• Maximum rate = 300Mbps (typical 97Mbps – NETGEAR WNR854T)
• 2.4Ghz or 5Ghz using OFDM Modulation
• Maximum range = ~100ft @ 300Mbps, ~200ft @ 7Mbps
• 3 non-overlapping channels
© .1996-2006 NETGEAR® . All rights reserved
40
Wireless Routers Troubleshooting Tips
» How to bypass Configuration Assistant (CA)?
» Factors Affecting Wireless
• Range
» Locations & Distances
» How to Maximize Range?
•
Powerline Wireless Range Extender
• Speed
» Interferers
» How to improve performance?
» Understanding Data Rate vs. Throughput
» Maximizing Interoperability
» Security
• SSID
• MAC Address Control List (ACL)
• Encryption
» How to use a router as an AP?
© .1996-2006 NETGEAR® . All rights reserved
41
Wireless Routers Troubleshooting Tips
» Useful DOS troubleshooting commands
• ipconfig/all
• Tracert
» Find out where a packet stopped on the network
• netstat –a
» Displays active TCP session on your PC
• netstat –rn / route print
» Displays all the routes from point A to point B
• arp -a
• ping
» ping –l
» ping –t
» ping time / TTL
© .1996-2006 NETGEAR® . All rights reserved
42
NETGEAR Standard Login
» http://www.routerlogin.com
» http://www.routerlogin.net
» http://192.168.1.1 or http://192.168.0.1
Username: admin
Password: password
© .1996-2006 NETGEAR® . All rights reserved
43
Avoiding the Browser Hi-jack
» Older routers (i.e.: MR814v2, WGR614v5)
• http://www.routerlogin.com/basicsetting.htm
• Click Apply
• Wireless radio will not be enabled if Apply is not checked, even if
no settings are changed
» Newer routers (i.e.: WGR614v6, WGT624v3, WPN824, etc…)
• http://www.routerlogin.com/CA_HiddenPage.htm
• Select “Disable”
© .1996-2006 NETGEAR® . All rights reserved
44
© .1996-2006 NETGEAR® . All rights reserved
45
Factors that Affect Range
» Distance between connections
• Antenna power is radiated in 3 dimensions – in order to double the range,
you must cube the power or use directional antennas.
• 100mW range = 1000 ft, 200mW, 1,260 ft
» Clear Channel Selection
» Antenna Size & Location
» Signal Absorbing Materials
• Buildings with metal construction, or foil back insulation
• Metal studs in walls
• Live foliage (trees)
• Humid Air/Fog
• Anything with metal, water or other conductive material
» Transmit power
» Receiver Sensitivity
• The more sensitive, the more it will pick up background signals on the
same frequency
© .1996-2006 NETGEAR® . All rights reserved
46
How to Maximize Wireless Range
»
»
»
»
»
Place the router high to avoid people traffic
Keep away from cordless phones -- base and handsets
Avoid flat metal surfaces
Keep away from Cathode Ray Tubes -- CRT monitors, televisions
Avoid the kitchen
• Microwaves, refrigerators, reflective surfaces
» Use “G-Only” or “N Only” setting if possible
• Mixed B+G WLANs have reduced performance
» WPN824
• Raise the router 3-5” using cardboard -- some surfaces may
reduce the range
© .1996-2006 NETGEAR® . All rights reserved
47
Universal Wireless Range Extender
Works with any vendors’ wireless or wired router & home network!
Internet
kitchen
home office
Wall Plug
Ethernet Bridge (XE102)
Wall-Plugged Wireless Range Extender Kit
Any11b
vendors
Any brand’s
or 11g Wireless (WGXB102 = WGX102 + XE102)
or or
Wired
Router
HomePlug Powerline +
wired
wireless
router!
family
54 Mbps 11g Wireless AP
kid’s room
room
Wall Plug
+ 54Mbps 11g Access Point
(WGX102)
Digital Entertainer
(EVA700)
Wireless anywhere for existing Home Networks
© .1996-2006 NETGEAR® . All rights reserved
48
Factors that Affect Performance
» Multiple factors affect RF performance Path Loss
• Diverse floor plans
• Different building materials
• No control over antenna placements
• In-band interferers
• Microwaves, cordless phones (Channels 1,6,11)
• Multi-path
» Traffic patterns
» AC Units, Ceiling fans, ETC
© .1996-2006 NETGEAR® . All rights reserved
49
VPN Passthrough
Some basic VPN issues can be resolved with the following settings:
Note: Each PC must access a different VPN server
» Router Settings
• MTU 1458
• Disable SPI firewall
• Static DNS – router and PC
• DMZ – only good for one PC
» PC/VPN Client
• Check the client log
• Lower MTU 1400-1458
• Disable PFS (Perfect Forward Secrecy) in the VPN Client
© .1996-2006 NETGEAR® . All rights reserved
50
Data Rate vs. Throughput
Data Rate
» 1 Mbps
» 2 Mbps
» 5.5 Mbps
» 11 Mbps
» 54 Mbps
» 108 Mbps
» 270 Mbps
© .1996-2006 NETGEAR® . All rights reserved
Actual Throughput
<500KBps
1 Mbps
2-3 Mbps
4-5 Mbps
16-25 Mbps
50-60 Mbps
80-90 Mbps
51
Maximize Wireless Interoperability
» If an incompatibility between another vendor’s wireless device is
suspected:
• Does it work with another wireless router or AP?
• Disable any encryption
• Disable Access Control List
• Enable SSID broadcast
• Set Router/AP for B+G
© .1996-2006 NETGEAR® . All rights reserved
52
Optional: Recommended Security Options
» Change the default router login password
• Have the customer write it on the router
• Do this at the end of the call
» Change the default SSID
• Confirm wireless network works first
» Disable SSID broadcast
• Confirm wireless network works with broadcast ENABLED first
» Use WPA-PSK encryption if possible
• Easier to configure than WEP and more secure
• Slight performance hit, but most people won’t notice
• Easiest for Macintosh Airport Extreme users
» Access List / MAC address filtering
• MAC address filtering
» Disable Remote Management
© .1996-2006 NETGEAR® . All rights reserved
53
Wireless Security - Encryption
» 802.11 standard has several security flaws • Lack of central key management
• Wired Equivalent Privacy (WEP) has vulnerabilities (collision,
weak key, MAC spoofing, vulnerable to DoS)
» Current alternatives • 802.1x – focused more on enterprise level business
» Central key management and authentication, but requires a RADIUS
server
• Temporal Key Integrity Protocol (TKIP) introduced to fix current
WEP vulnerabilities
• WPA-PSK – no external authentication server required
• WPA2 and Advanced Encryption Standard (AES)
» Stronger and more secure encryption schemes
© .1996-2006 NETGEAR® . All rights reserved
54
802.1x
» 802.1x is not a single authentication method; rather it utilizes EAP as its authentication
framework. This means that 802.1x-enabled switches and access points can support a wide
variety of authentication methods, including certificate-based authentication, smart cards,
token cards, one-time passwords, and so on. 802.1x supports open standards for
authentication, authorization, and accounting (including RADIUS and LDAP), so it works with
existing infrastructure for managing remote and mobile users. Combined with an
authentication protocol,such as EAP-TLS, LEAP, or EAP-TTLS, 802.1x provides port-based
access control and mutual authentication between clients and access points via an
authentication server.
© .1996-2006 NETGEAR® . All rights reserved
55
Wi-Fi Protected Access, Pre-shared Key (WPA-PSK)
»
»
»
»
»
»
Subset of the 802.11i security standard
RC4 Cipher
MIC – Message
TKIP – Temporal Key Interchange Protocol
IV – Initialization Vector
Extremely simple to configure compared to WEP and WPA. WPA2PSK also available
» Only a passphrase needs to be configured (case sensitive)
» Some routers have a “rekey” timer: usually 1 hour
• TKIP changes the key based on this timer.
• Hackers must be able to break the key within this time period
which is extremely difficult to do given the 256-bit key length
© .1996-2006 NETGEAR® . All rights reserved
56
Wi-Fi Protected Access v2, Pre-shared Key (WPA2PSK)
» WiFi Alliance Certified Implementation of 802.11i
» WPA2 (Wi-Fi Protected Access 2) puts the industry two generations
beyond WEP
» RC4 Cipher
» Advanced Encryption Standard (AES)
• Hardware based offers better performance than TKIP
• Older hardware may not be able to upgrade to WPA2
» WPA2 provides government grade security by implementing the
National Institute of Standards and Technology (NIST) FIPS 140-2
compliant AES encryption algorithm
» WPA2 is backwards compatible with WPA
» The primary difference between WPA and WPA2 is the type of
encryption used – TKIP and AES respectively
© .1996-2006 NETGEAR® . All rights reserved
57
Wireless Router as Access Point Configuration
© .1996-2006 NETGEAR® . All rights reserved
58
Questions and Answers Session