User's Manual
Table Of Contents
- Trademarks
- Statement of Conditions
- Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
- Canadian Department of Communications Compliance Statement
- CE Declaration of Conformity
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Basic Installation and Configuration
- Observing Placement and Range Guidelines
- Default Factory Settings
- Understanding WG602 v2 Wireless Security Options
- Installing the 54 Mbps Wireless Access Point WG602 v2
- Two Ways to Log In to the WG602 v2
- Using the Basic IP Settings Options
- Understanding the Basic Wireless Settings
- Understanding Wireless Security Options
- How to Configure WEP Wireless Security
- How to Configure WPA-PSK Wireless Security
- How to Restrict Wireless Access by MAC Address
- Chapter 4 Management
- Chapter 5 Advanced Configuration
- Chapter 6 Troubleshooting
- Troubleshooting
- No lights are lit on the access point.
- The Ethernet LAN light is not lit.
- The Wireless LAN activity light is not lit.
- I cannot configure the wireless access point from a browser.
- I cannot access the Internet or the LAN with a wireless capable computer.
- When I enter a URL or IP address I get a timeout error.
- Using the Reset Button to Restore Factory Default Settings
- Troubleshooting
- Appendix A Specifications
- Appendix B Wireless Networking Basics
- Appendix C Network, Routing, Firewall, and Cabling Basics
- Appendix D Preparing Your PCs for Network Access
- Glossary
- Index
User’s Guide for the WG602 54 Mbps Wireless Access Point
B-14 Wireless Networking Basics
3. The client sends an EAP-response packet containing the identity to the authentication server.
The access point responds by enabling a port for passing only EAP packets from the client to
an authentication server located on the wired side of the access point. The access point blocks
all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the
client's identity using an authentication server (e.g., RADIUS).
4. The authentication server uses a specific authentication algorithm to verify the client's identity.
This could be through the use of digital certificates or some other EAP authentication type.
5. The authentication server will either send an accept or reject message to the access point.
6. The access point sends an EAP-success packet (or reject packet) to the client.
7. If the authentication server accepts the client, then the access point will transition the client's
port to an authorized state and forward additional traffic.
The important part to know at this point is that the software supporting the specific EAP type
resides on the authentication server and within the operating system or application “supplicant”
software on the client devices. The access point acts as a “pass through” for 802.1x messages,
which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant
access point. As a result, you can update the EAP authentication type to such devices as token
cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication or
as newer types become available and your requirements for security change.
WPA DAta Encryption Key Management
With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x
provide no mechanism to change the global encryption key used for multicast and broadcast
traffic. With WPA, rekeying of both unicast and global encryption keys is required.
For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for
every frame, and the change is synchronized between the wireless client and the wireless access
point (AP). For the global encryption key, WPA includes a facility (the Information Element) for
the wireless AP to advertise the changed key to the connected wireless clients.
If configured to implement dynamic key exchange, the 802.1x authentication server can return
session keys to the access point along with the accept message. The access point uses the session
keys to build, sign and encrypt an EAP key message that is sent to the client immediately after
sending the success message. The client can then use contents of the key message to define
applicable encryption keys. In typical 802.1x implementations, the client can automatically change
encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough
time to crack the key in current use.