Netgear WNDAP380Rv2 Reference Manual
Contents
1. 0 th security profile enable th security profile Access control enable Access control policy enable Wireless authentication type Select wireless 802 1x authentication type Select wireless open encryption authentication type Wireless shared key encryption Broadcast enable Dynamic VLAN id Profile name Disable associated wireless client communication Network name 1 32 chars VLAN id Wireless wep key type Wireless wpa passphrase 8th security profile enable 8th security profile Access control enable Access control policy enable Wireless authentication type Select wireless 802 1x authentication type Select wireless open encryption authentication type Wireless shared key encryption Broadcast enable Dynamic VLAN id Profile name Disable associated wireless client communication Network name 1 32 chars VLAN id Wireless wep key type Wireless wpa passphrase WMM settings WMM enable 00sS parameter CAP Queue Access point best effort voice data Command Line Reference 142 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R tt tol 1 2 Ld 1d 499 sta gt queue gt I d d Lg pe powersave radius gt primary leauth port eacct port auth secret acct secret auth server2. acct server secondary gt auth port gt leaoccutc port gt auth secret gt acct secret gt auth server gt acct server remote l ssh telnet snmp setting read community read write community snmp status etrap community trap server trap port spanning tree syslog gt Access point low priority data Access point video data Access point voice data Statron Queue Station best effort voice data Station low priority data Station video data Station voice data WMM power save enable Radius server settings Primary server Authenrication port hocounting port Authentication Shared secret Accounting server Authentication server Accounting Shared secret Secondary server Authentication port Aocounting port Authentication Shared secret Accounting Shared secret Authentication server Accounting Shared secret Remote access settings Enable remote access via SSH Enable remote access via Telnet SNMP settings SNMP Read Community SNMP Read Write Community ONMP status SNMP Trap Community SNMP Trap Server IP address SNMP Trap port Enable spanning tree protocol Syslog setting Command Line Reference 143 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Isport Syslog s
3. 5 GHz wireless LAN interface setting 802 11d enable Aggregated packet size Aggregated MAC Protocol Data Unit Wireless beacon period in TU 1024 us Wireless channel depends on country Command Line Reference 137 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R channel auto channel width client isolation data rate dtim fragmentation length guard interval macacl add macacl del macacl del all max client power preamble type l rifs trarnsmission and wireless mode Set wireless channel to auto mode Wireless channel width Client isolation status Wireless transmission date rate Wireless Wireless fragmentation threshold Interval transmissions Add wireless access control ACL Delete wireless access control Delete wireless access control Database Maximum client Output power Wireless preamble 802 11b rates only effect on Enable successive frame transmission at different transmit DTIM period in beacon interval from interference from other ACL ACL rogue ap detection rogue ap detection rogue ap detection rogue ap detection Enable rogue access point detection knownap add MAC all knownap del knownap del Add rogue access point detection Delete rogue access point detection Delete rogue access point detection
4. ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID LOGOUT System IP Wireless Security Bridging Edit Security Profile Profile Definition Profile Name HETGEAR VvDS 1 Remote MAC Address U 22 AD DD AZ BB Profile Definition Network Authentication WPA PSK v Data Encryption AES WPA Passphrase Network Key BEBEBEEBEEBES Link Test IP Address Link Test Link Test Process Status Uninitialized BACK CANCEL APPLY g Specify the settings as explained in the following table setting Description 000000 Profile Definition Profile Name Enter a profile name that is easy to remember The default names for the four security profiles are NETGEAR WDS 1 NETGEAR WDS 2 NETGEAR WDS 3 and NETGEAR WDS 4 Remote MAC Address Enter the MAC address of the remote wireless access point the MAC address of AP2 or AP 3 on LAN Segment 1 in Figure 19 on page 93 Authentication Settings Network Authentication From the Network Authentication drop down menu select Open System and Data Encryption WPA PSK or WPA2 PSK Your selection determines the options that the Data Encryption drop down menu provides and whether the WPA Passphrase Network Key field displays Advanced Configuration 95 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 0000000000000 Network Authentication Op
5. or you can select Long 800 ns Some legacy devices can operate only with a long guard interval Output Power From the drop down menu select the transmission power of the wireless access point Full Half Quarter Eighth Minimum The default is Full Note Increasing the power improves performance but if two or more wireless access points are operating in the same area and on the same channel interference can occur Note Make sure that you comply with the regulatory requirements for total radio frequency RF output power in your country Click Apply The selected wireless mode is now enabled Note For information about how to configure advanced wireless settings see Configure Advanced Wireless Settings on page 82 Test Basic Wireless Connectivity After you have configured the wireless access point as explained in the previous sections test the computers on your LAN for wireless connectivity before you position and mount the wireless access point at its permanent position Totest for wireless connectivity d Configure the 802 11b g n and 802 11a n wireless adapters of your computers so that they all have the same SSID and channel that you have configured on the wireless access point Verify that your computers have a wireless link to the wireless access point If you have enabled the DHCP server on the wireless access point verify that your computers are able to obtain an IP address through DHCP from the wireles
6. 2 0000 cee eee 67 TFTP Server Upgrade Procedure 000 eee eee eee 68 Manage the Configuration File or Reset to Factory Defaults 69 Save the Configiradigr au aedem ey Puer ben m ek OR Ron ed ed 2 69 Restore the Configuration llle 70 Restore the Wireless Access Point to the Factory Default Settings 70 Reboot the Wireless Access Point without Restoring the D fau lt Configuratii scs auo mart ded 9g otatneaeageceotceune canes 72 Change the Administrator Password 0000 eee eee 73 Enable the Syslog Server 0 0 eee ees 73 Enable Rogue AP Detection and Monitor Access Points 74 Enable and Configure Rogue AP Detection 05 74 View and Save Access Point ListS 0 00 00 ce eee eee 76 Chapter 5 Advanced Configuration Configure Spanning Tree Protocol and 802 1Q VLANs 80 Configure Hotspot Settings 2 0 0 ee eee 81 Configure Advanced Wireless Settings 0 000 e eee eee 82 Configure Advanced Quality of Service Settings 005 85 Configure Wireless Bridging 0 000 cece eee eee 88 Configure a Point to Point Wireless Network 88 Configure a Point to Multipoint Wireless Network 93 Configure the Wireless Access Point to Repeat the Wireless Signal Using Point to Multipoint Bridge Mode 98 Configure RFID Settings llle 103 Enable th
7. 2nd security profile Command Line Reference 145 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 3 3rd security profile 4 4th security profile of cL pes 5th security profile 1 76 6th security profile bog ee th security profile 4 x pee 8th security profile d wmm WMM settings radius gt Radius settings primary Primary server settings 6CcOngdary Secondary server settings remote Remote settings snmp settings SNMP settings software version Software version spanning tree Spanning tree settings syslog settings S5yslog settings system info System information time settings Time settings Command Line Reference 146 Index Numerics 11a and 11na wireless modes 29 11b 11bg and 11ng wireless modes 26 2 4 GHz or 5 GHz operation 9 2 4 GHz WLAN LED behavior startup procedure 18 described 12 troubleshooting 118 5 GHz WLAN LED behavior startup procedure 18 described 12 troubleshooting 118 64 bit 128 bit and 152 bit WEP 52 802 11b g n and 802 11a n wireless adapters 16 wireless settings 24 30 802 11d support 84 802 1Q VLAN 9 81 A access control wireless clients 51 access restricting by MAC address 41 57 accounting RADIUS servers 55 57 Active LED behavior startup procedure 18 described 12 troubleshooting 118 ActiveX 119 activity log 113 admin password changing or rest
8. Select Configuration Wireless Basic Wireless Settings 2 Click the 802 11a na tab The basic Wireless Settings screen displays the 802 11na settings Note The radio wave icon displays next to the selected radio mode a or na Configuration Monitoring Maintenance RFID Support System IP Security Wireless Bridge Basic Wireless Settings Wireless On Off QoS Settings Advanced Wireless Settings Wireless Settings H02 11b bg ng 802 11a na Wireless Mode SGHz Band 11a 9 iina Turn Radio On Wireless Network Name SSID NETGEAR lin amp Wireless On Off Status OFF Broadcast Wireless Network Name SSID 9 ves No Channel Frequency 3675 18 GHz v MCS Index Data Rate Best v Channel width 20 MHz w Guard Interval Auto Output Power Full Installation and Basic Configuration 28 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R oelect one of the following 5GHz Band radio buttons e 11a 802 11n compliant devices can connect to the access point because they are backward compatible e 11na This is the default setting If you keep the default setting go to Step 6 When you change the wireless mode the Turn Radio On check box is automatically cleared and all fields buttons and drop down menus onscreen are masked out Turn on the radio by selecting the Turn Radio On check box A pop up screen displays Note Under normal conditi
9. Wireless Security Wireless Bridge IP Settings DHCP Server Settings DHCP Server Setti ee DHCP Server Settings DHCP Server 9 Enable Disable DHCP Server VLAN ID 1 starting IP Address 192 168 0 2 Ending IP Address E 92 168 0 50 Subnet Mask 255 255 255 0 Gateway IP Address 132 158 0 1 Primary DNS Server Secondary DONS Server L Primary WINS Server Secondary WINS Server Lease days hours D minutes CANCEL APPLY Installation and Basic Configuration 23 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 2 Configure the settings as explained in the following table setting Description 000 Select the Enable radio button to enable the DHCP server Use the default settings or specify the pool of IP addresses to be assigned by setting the starting IP address and ending IP address These addresses should be part of the same IP address subnet as the wireless access point s LAN IP address DHCP Server VLAN ID Enter the VLAN ID for the DHCP server The VLAN ID range is from 1 to 4094 The default VLAN is 1 Starting IP Address Enter the first address in the range of IP addresses to be assigned to DHCP clients The default address is 192 168 1 02 Ending IP Address Enter the last address in the range of IP addresses to be assigned to DHCP clients The default address is 192 168 1 50 Subnet Mask En
10. and port numbers Toenable the RFID module and configure RFID servers 1 Select RFID Configuration The RFID configuration screen displays Configuration Monitoring Maintenance Support Enable Server Address Server Port Local Port 192 168 110 Advanced Configuration 103 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 2 Specify the settings as explained in the following table setting Description UU RFID Select the RFID check box to enable the RFID module to communicate with one or more RFID servers By default the check box is cleared Server Connection Type The server connection type applies to all RFID servers From the drop down menu select either TCP the default setting or UDP RFID server table Select or clear the Enable check box to enable or disable the associated RFID server Server IP Address The IP address of the RFID server which can be a LAN or WAN IP address Server Port The port number on the RFID server that is used for communication with the RFID module Local Port The port number on wireless access point that is used for communication with the RFID server You can configure the local port only when the server connection type is UDP 3 Click Apply Monitor the RFID Module Server and Traffic The RFID monitoring screen provides a summary of the RFID module configuration the RFID server connection status and the RFID traffic This information is read
11. clients can freely roam from one wireless access point to another and still maintain a seamless connection to the network The autosensing capability of the wireless access point allows packet transmission at up to 300 Mbps or at reduced speeds to compensate for distance or electromagnetic interference What Is in the Box The product package contains the following items e ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R e Straight through Category 5 Ethernet cable e Power adapter and cord 12V 1A e Wall mount kit e Installation guide If any parts are missing or damaged contact your reseller or customer support in your area Visit the NETGEAR website at hito support netgear com general contact default aspx for the telephone number of customer support in your area Keep the installation guide along with the original packing materials If you need to return the wireless access point for repair use the packing materials to repack the wireless access point Introduction 7 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R System Requirements Before installing the wireless access point make sure that your system meets these requirements A 10 100 1000 Mbps local area network device such as a hub or switch The Category 5 UTP straight through Ethernet cable with RJ 45 connector included in the package or one like it A 100 120V 50 60 Hz AC power source A computer w
12. including the following features Dual band The wireless access point can operate concurrently in the 2 4 GHz and 5 GHz bands Multiple operating modes Wireless access point The wireless access point operates as a standard 802 11b g n and 802 11a n access point for clients Point to point bridge The wireless access point communicates with another access point that functions in bridge mode You can use this mode with or without client association Point to multipoint bridge The wireless access point is the master for a group of access points that function in bridge mode that send all traffic to the master and that do not communicate directly with each other You can use this mode with or without client association Repeating the wireless signal The wireless access point does not function as an access point for clients but functions only in point to multipoint bridge mode to repeat the wireless signal and send all traffic to a remote access point WMM Wi Fi Multimedia WMM is a subset of the 802 11e standard WMM allows wireless traffic to have a range of priorities depending on the kind of data Time dependent information like video or audio has a higher priority than normal traffic For WMM to function correctly wireless clients also need to support WMM QoS Quality of Service QoS support lets you configure parameters that affect traffic flowing from the wireless access point to the client station and traffic f
13. network authentication and data encryption settings of the computer with the wireless adapter are the same as those of the wireless access point Ping the IP address of the wireless access point to verify that a wireless connection exists between the computer with the wireless adapter and the wireless access point If the ping fails check the network configuration for the wireless access point see Configure the IP Settings on page 21 Ping the default gateway to verify that a path exists from the computer with the wireless adapter to the default gateway If the ping fails check the network configuration or call the Internet service provider ISP You Cannot Configure the Wireless Access Point from a Browser gt Check these items The wireless access point is correctly installed it is powered on and LAN connections are okay Check that the Active LED and LAN LED are lit to verify that the Ethernet connection is okay lf your computer uses a fixed static IP address ensure that it is using an IP address in the range of the wireless access point The wireless access point s default IP address is 192 168 0 100 its subnet mask is 255 255 255 0 and the DHCP client is disabled Make sure that your network configuration settings are correct If you are using the NetBIOS name of the wireless access point to connect ensure that your computer and the wireless access point are on the same network segment or that your network includes a W
14. rogue ap detection knownap del MAC Heser DHCP server settings DNS1 server DNS2 server WINS1 server WINS1 server Radius server setting Primary server Authentication port Accountzng port Authentication server Accounting server Secondary server Authentication port Accounting port Authentication server Accounting server Wireless LAN interface setting 2 4 GHz wireless LAN status 2 4 GHz wireless LAN interface setting 802 11d enable Aggregated packet size Aggregated MAC Protocol Data Unit Wireless beacon period in TU 1024 us Wireless channel depends on country and wireless mode Set wireless channel to auto mode Wireless channel width Client isolation status Wireless transmission date rate Wireless DTIM period in beacon interval Wireless fragmentation threshold Interval from interference from other transmissions Add wireless access control ACL Delete wireless access control ACL Delete wireless access control ACL Database Maximum client Output power Wireless preamble only effect on 802 11b rates Enable successive frame transmission at different transmit Enable rogue access point detection Add rogue access point detection Delete rogue access point detection Command Line Reference 132 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R rogue a
15. security lock 13 security profiles creating and configuring 46 51 described 43 security wireless options 40 separating wireless clients 43 50 serial number 110 servers configuring DHCP 24 DNS 23 24 hotspot 82 NTP 21 RADIUS 55 syslog 73 service set identifiers See SSIDs shared key WEP 49 52 shared secrets RADIUS servers 56 signal to noise ratio SNR 113 SNMP Simple Network Management Protocol configuring 64 software backing up 69 factory defaults 70 restoring from backup file 70 RFID module version viewing 105 upgrading 67 wireless access point version viewing 110 Spanning Tree Protocol STP enabling 81 specifications technical 125 SSH Secure Shell enabling 65 SSIDs service set identifiers broadcasting 49 broadcasting and security 41 broadcasting for 802 11a na modes 29 broadcasting for 802 11b bg ng modes 27 matching 25 static and dynamic VLANs 50 station EDCA parameters 87 statistics traffic network 114 RFID packets 104 status monitoring RFID module server and traffic 104 system clients and network 108 115 STP Spanning Tree Protocol enabling 81 streaming media advanced QoS 85 151 WMM QoS 61 subnet mask default 127 DHCP clients 24 wireless access point 22 supported standards 8 syslog 73 system monitoring 109 system requirements 8 T tagged VLAN 80 tags RFID 103 TCP IP network troubleshooting 120 technical specifications 125 technical support 2 T
16. A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other computers or servers connected to any of the two LAN segments Configure a Point to Multipoint Wireless Network In a point to multipoint bridge the wireless access point is the master for a group of bridge mode wireless access points All traffic is sent to the master rather than to the other wireless access points Use wireless security to protect this communication For each wireless access point that you want the master to be able to connect to you need to configure a security profile with a unique name and the MAC address of the wireless access point You can configure up to four such security profiles NETGEAR WDS 1 NETGEAR WDS 2 and so on The following figure shows an example in which AP1 functions in point to multipoint bridge mode and AP2 and AP3 function in point to point bridge mode AP2 AP1 master Wireless client Cumt bridge mode bridge mode LAN segment 2 AL SES Hub or switch Houter Internet iim LAN segment 1 LALJ a a Figure 19 Point to multipoint wireless network Advanced Configuration 93 AP3 Point to point bridge mode Hub or switch LAN segment 3 x ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R To configure a point to multipoint wireless network with or without client association 1 Configure
17. Channel Rate State Type REFRESH 2 Optional Click Refresh to update the list If the wireless access point is rebooted the wireless client data is lost until the wireless access point rediscovers the devices When you click Refresh the wireless access point attempt to detect associated devices Monitoring 111 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The Available Wireless Stations table shows the MAC address BSSID SSID channel rate state type AID mode and status for each device For information about these and more fields see the table that follows the next figure To view details for a wireless client select the corresponding radio button and click Details The Wireless Stations Details screen displays Wireless Station Details MAC Address BSSID SSID Channel Rate State Type AID Made Status RSSI Idle Tire Tx Sequence Rx Sequence Capability Cipher SNR Racv Bytes Trans Bytes Assoc Time Stamp 20 d7 07 2c 72 7e 00 1A DD 00 28 01 NETGEAR 11ng 1 iM QOS ERP lig 1 open Associated 63 0 5 ESs none 53 1498 1098 00 00 19 IP Address 197 166 100 185 Channel Width 20 The following table explains the fields of the Wireless Stations Details screen PO e P The associated identifier AID of the wireless client The received signal strength indicator RSSI of the wireless client Monitoring 112 ProSAFE D
18. DHCP server Supplemental Information 128 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 6 Default configuration settings continued Description Radio and wireless settings Operating mode Access point infrastructure mode netgearxxxxxx where xxxxxx are the last 6 digits of the wireless access point MAC address Wireless access point name Country and region Varies by region 2 4 GHz radio enabled 5 GHz radio enabled Wireless communication Wireless modes 11na 2 Wireless network names SSIDs NETGEAR 11ng NETGEAR 11na Broadcast network names SSIDs Enabled Radio frequency channels 11ng Auto 11na Auto MCS index data rate transmission speed Best Note Maximum wireless signal rate derived from IEEE Standard 802 11 specifications Actual throughput will vary Network conditions and environmental factors including volume of network traffic building materials and construction and network overhead lower actual data throughput rate Channel width 11ng 20 MHz 11na Dynamic 20 40 MHz Guard interval Auto Output power Full Wireless on off radio scheduling Disabled RTS threshold 2347 Fragmentation length 2346 Beacon interval 100 Aggregation length 65535 A MPDU Enabled RIFS transmission Disabled DTIM interval Supplemental Information 129 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 6 Defau
19. Firmware Upgrade Backup Settings Select file Restore Settings CANCEL APPLY Click Browse and locate the image zip upgrade file Click Apply The upgrade process is initiated During the upgrade process the wireless access point automatically restarts The upgrade process typically takes several minutes When the Test LED turns off wait a few more seconds before doing anything with the wireless access point Verify that the new software file has been installed by selecting Monitoring System The System screen displays see View System Information on page 109 The firmware version is shown in the Access Point Information section of the screen Management 67 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R TFTP Server Upgrade Procedure To use this method you need to have a TFTP server set up To use a TFTP server to upgrade the wireless access point firmware 1 Download the new software file from the NETGEAR website and save it to your hard disk Place the software file in your TFTP server location You do not need to unzip the file If available read the release notes before upgrading the software Select Maintenance Upgrade Firmware Upgrade TFTP The Firmware Upgrade TFTP screen displays Configuration Monitoring Maintenance RFID Support weaceaut Password Reset Remote Management Upgrad gt Firmware x PETE Firmware Upgrade TFTP Ca i i delis
20. For WPA record the following settings for the primary and secondary RADIUS servers Server name or IP address Primary Secondary Port Shared secret WPA2 RADIUS settings For WPA2 record the following settings for the primary and secondary RADIUS servers Server name IP address Primary secondary Port Shared secret Wireless Configuration and Security 44 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Form for 802 11a an Modes Print the form and store the security information in a safe place SSID The service set identifier SSID identifies the wireless local area network You can customize it by using up to 32 alphanumeric characters Write your SSID on the line SSID The SSID in the wireless access point is the SSID you configure on the wireless adapter card All wireless nodes in the same network need to be configured with the same SSID WEP key size and authentication Choose the key size by circling one 64 128 or 152 bits Choose the authentication type by circling one open system or shared key Passphrase Note If you select shared key the other devices in the network cannot connect unless they are set to shared key and have the same keys in the same positions as those in the wireless access point WPA PSK pre shared key and WPA2 PSK Hecord the WPA PSK passphrase WPA PSK passphrase Record the WPA2 PSK passphrase WPA2 PSK passphrase WPA RADIUS settings For WPA reco
21. From the Network Authentication drop down menu select Open System and Data Encryption WPA PSK or WPA2 PSK Your selection determines the options that the Data Encryption drop down menu provides and whether the WPA Passphrase Network Key field displays Advanced Configuration 100 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 000000000 Network Authentication Open System _ Although you can use the bridge communication without any and Data Encryption authentication and encryption NETGEAR recommends that continued you use WEP if you do select an open system From the Data Encryption drop down menu select one of the following e None No authentication and encryption e 64 bit WEP Standard WEP encryption using 40 64 bit encryption e 128 bit WEP Standard WEP encryption using 104 128 bit encryption e 152 bit WEP Proprietary WEP encryption mode using 128424 bit encryption This mode functions only with other access points that support this mode To configure WEP 1 In the passphrase field enter a passphrase 2 Click Generate The key is generated and placed in the WEP Key field WPA PSK TKIP Temporal Key Integrity Protocol is the standard encryption method used with WPA PSK and the only selection possible from the Data Encryption drop down menu In the WPA Passphrase Network Key field enter a passphrase The passphrase length needs to be between 8 and 63 char
22. MC meRU CER 000 Data 1 Background z v 1023 023 rm a E v 3008 Em EE CANCEL APPLY Optional Click the 802 11a na tab The QoS Settings screen lets you configure advanced QoS for the 802 11a na modes Specify the settings as explained in the following table setting Description S AP EDCA parameters Enter the Arbitration Inter Frame Spacing AIFS interval that specifies the wait time in milliseconds between data frames A higher AIFS value means a higher priority for a queue Valid values for AIFS are 0 through 8 The default values are Data 0 3 Data 1 7 Data 2 1 Data 3 1 Enter the minimum contention window cwMin value that specifies the upper limit in milliseconds of a range from which the initial random back off wait time is determined Decreasing this value increases the priority of the queue The value for cwMin needs to be lower than the value for cwMax Valid values are 0 1 3 7 15 31 63 127 255 511 and 1023 The default values are Data 0 15 Data 1 15 Data 2 7 Data 3 3 Advanced Configuration 86 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 000000 Enter the maximum contention window cwMax value that specifies the upper limit in milliseconds for the doubling of the random back off value Decreasing this value increases the priority of the queue The value for cwMax needs to be higher than the value for c
23. Optional Click the 802 11a na tab The Bridging screen lets you configure a point to point wireless network for the 802 11a na modes c Select the Enable Wireless Bridging check box The Local MAC Address field is a nonconfigurable field that shows the MAC address of the wireless access point d Select the Wireless Point to Point Bridge radio button Advanced Configuration 89 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Monitoring Maintenance RFID Support Configuration System IP Wireless Security Sems Bridging Bridging 802 11b bg ng B02 11a na Enable Wireless Bridging E Local MAC Address 00 00 00 00 00 00 9 wireless Point to Point Bridge Enable Wireless Client Association 5 Wireless Point to Multi Point Bridge NETGEAR WOS 1 Open System Click Edit to configure the security profile settings The Edit Security Profile screen displays Configuration Monitoring Maintenance RFID System IP Wireless Security Bridging Edit Security Profile Profile Definition Profile Name NETGEAR WOS 1 Remote MAC Address Profile Definition Network Authentication Data Encryption Link Test IP Address lj m Uninitialized Link Test Process Status Advanced Configuration 90 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R f Specify the settings as explained in the following table Setting Description o O O P
24. Unicast Packets o EMITE EM Client Association B02 11ng Radio B 02 11na Radio REFRESH To update the statistics information click Refresh Monitoring 114 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The following table explains the fields of the Statistics screen setting Description 000000000000 Wired Ethernet Packets The number of packets received and transmitted over the Ethernet connection since the wireless access point was restarted Bytes The number of bytes received and transmitted over the Ethernet connection since the wireless access point was restarted Wireless 802 11b Wireless 802 11bg or Wireless 801 11ng and Wireless 802 11a or Wireless 802 11na Note The section heading depends on the configured wireless mode Unicast Packets The number of unicast packets received and transmitted over the wireless connection since the wireless access point was restarted Broadcast Packets The number of broadcast packets received and transmitted over the wireless connection since the wireless access point was restarted Multicast Packets The number of multicast packets received and transmitted over the wireless connection since the wireless access point was restarted Total Packets The total number of packets received and transmitted over the wireless connection since the wireless access point was restarted Total Bytes The total number of bytes received and tra
25. VLANs DHCP server VLAN ID 24 dynamic and static 50 identifiers IDs 43 51 tagged untagged and management enabling 80 VoIP Voice over IP traffic advanced QoS 85 WMM QoS 61 W web browsers recommended 18 web management interface described 19 troubleshooting 119 WEP wired equivalent privacy configuring 49 52 types of encryption 41 WEP legacy 802 1X configuring 49 52 Wi Fi Multimedia WMM 9 60 62 Wi Fi Protected Access WPA WPA2 and mixed mode adapter restrictions 46 PSK pre shared key configuring with 50 54 152 RADIUS configuring with 49 53 types of encryption 41 WINS servers 24 wired equivalent privacy WEP configuring 49 52 types of encryption 41 wireless adapters 802 11b g n and 802 11a n 16 wireless bridging modes 88 wireless client association 92 97 102 wireless clients access control 51 associated number of 115 monitoring 111 separating 43 50 trusted 58 wireless connection losing 59 wireless equipment placement and range 15 wireless location 20 wireless modes 2 4 GHz band 26 5 GHz band 29 monitoring 110 wireless network name SSID broadcasting 49 broadcasting and security 41 broadcasting for 802 11a na modes 29 broadcasting for 802 11b bg ng modes 27 matching 25 wireless packets and bytes transmitted and received 115 wireless radio turning off 2 4 GHz radio 26 5 GHz radio 29 scheduling 60 wireless security options 40 wireless signal repeating 98 wireless sp
26. WPA Passphrase Network Key field enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive Advanced Configuration 91 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 0000000000000 Network Authentication WPA2 PSK AES Advanced Encryption Standard is the standard and Data Encryption encryption method used with WPA2 PSK and the only continued selection possible from the Data Encryption drop down menu In the WPA Passphrase Network Key field enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive Note If you want to use the 11n rates and speed NETGEAR recommends WPA2 PSK authentication with AES encryption Link Test The link test lets you validate the bridge configuration by testing whether an IP address behind the remote access point is reachable IP Address Enter an IP address that can be reached through the remote access point for which you are setting up a bridge configuration Click Link Test Link Test Process Status After one minute or less the link test returns one of the following results Success The link can be established using the bridge configuration and the IP address behind the remote access point is reachable You can click Apply to save the bridge configuration Failure The link cannot be established using the bridge configuration Either the remote access point is not conf
27. What You Need Before You Begin You need to consider the guidelines and requirements in the following sections before you can set up your wireless access point oee also System Requirements on page 8 e Wireless Equipment Placement and Range Guidelines e Ethernet Cabling Requirements e LAN Configuration Requirements e Hardware Requirements for Computers on Your LAN e Requirements for Entering IP Addresses Wireless Equipment Placement and Range Guidelines The range of your wireless connection can vary significantly based on the location of the wireless access point The latency data throughput performance and power consumption of wireless adapters also vary depending on your configuration choices Note Failure to follow these guidelines can result in significant performance degradation or inability to connect wirelessly to the wireless access point For complete performance specifications see Appendix A Supplemental Information For best results place your wireless access point according to the following general guidelines e Near the center of the area in which the wireless devices will operate e nan elevated location such as a high shelf where the wirelessly connected devices have line of sight access even if through walls e Away from sources of interference such as computers microwaves ovens and 2 4 GHz cordless phones e Away from large metal surfaces or water The time it takes to establish a wireless connectio
28. Write Community Name Enter the community string to allow the SNMP manager to read and write the wireless access point s MIB objects The default is private Trap Community Name Enter the community string to allow the SNMP manager to send traps The default is trap IP Address to Receive Traps Enter the IP address of the SNMP manager to receive traps sent from the wireless access point Trap Port Enter the number of the SNMP manager port to receive traps sent from the wireless access point The default is 162 3 Click Apply Secure Shell and Telnet Management By default Secure Shell SSH is enabled and Telnet is disabled To configure remote console features 1 Select Maintenance Remote Management Remote Console The Remote Console screen displays Configuration Monitoring Maintenance RFID Support LOGOUT Upgrade SNMP Remote Console Remote Console Remote Console Secure Shell SSH Enable Disable Telnet O Enable Disable CANCEL APPLY 2 Enable or disable the remote console features e Secure Shell SSH To enable this feature select the Enable radio button which is the default setting Select the Disable button to disable the feature e Telnet To enable this feature select the Enable radio button Select the Disable button to disable the feature which is the default setting 3 Click Apply To manage the wireless access point over an SSH or Telnet connection 1 Start
29. access point If the SSIDs do not match you do not get a wireless connection to the wireless access point This field is not configurable It shows the status of the wireless scheduler For more information see Schedule the Wireless Radios to Be Turned Off on page 60 Select the Yes radio button to enable the wireless access point to broadcast its SSID allowing wireless clients that have a null blank SSID to adopt the wireless access point s SSID Yes is the default setting To prevent the SSID from being broadcast select the No radio button From the drop down menu select the channel you wish to use for your wireless LAN The wireless channels and frequencies depend on the country and wireless mode The default setting is Auto Note It should not be necessary to change the wireless channel unless you experience interference indicated by lost connections or slow data transfers If this happens you might want to experiment with different channels to see which is the best For more information see Operating Frequency Channel Guidelines on page 25 Note For more information about available channels and frequencies see Technical Specifications on page 125 From the drop down menu select a Modulation and Coding Scheme MCS index and transmit data rate for the wireless network The default setting is Best For a list of all options that you can select see Factory Default Settings on page 127 Channel Width From the drop dow
30. access point and you want it to capture and redirect all HTTP requests over TCP port 80 set up a hotspot server to redirect the requests to the specified URL and manage the clients For example you can redirect HTTP requests to a web server for authentication timing control or advertising A hotel might want all wireless connections to go to its server to start a billing transaction Advanced Configuration 81 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Note The redirection occurs only the first time that a wireless client opens a web browser gt To set up a hotspot server 1 Select Configuration gt System gt Advanced gt Hotspot The Hotspot screen displays Configuration Monitoring Maintenance RFID Support LOGOUT IP Wireless Security Wireless Bridge Basic Hotspot Advanced General Hotspot Settings Hotspot Syslog HTTP Redirect Enable 9 Disable Redirect URL hitp j www netgear com 2 Select the Enable radio button to enable HTTP redirection By default HTTP redirection is disabled 3 In the Redirect URL field enter the URL of the web server to which you wish to redirect HTTP requests 4 Click Apply All HTTP requests are now redirected to the specified URL Configure Advanced Wireless Settings Use the advanced Wireless Settings screen to configure and enable various WLAN settings for the 802 11b bg ng and 802 11a na modes Band steering is
31. accounting The secondary RADIUS server is used when the primary RADIUS server is not available Port Enter the number of the UDP port on the wireless access point that is used to access the secondary RADIUS server for accounting The default port number is 1813 Shared Secret Enter the shared key that is used between the wireless access point and the secondary RADIUS server during the accounting process Authentication Settings Reauthentication The interval in seconds after which the supplicant is reauthenticated with the Time Seconds RADIUS server The default interval is 3600 seconds one hour Enter 0 to disable reauthentication Update Global Key Select the check box to allow the global key update and enter the interval in Every Seconds seconds The check box is selected by default and the default interval is 1800 seconds 30 minutes Clear the check box to prevent the global key update 3 Click Apply Restrict Wireless Access by MAC Address For increased security you can restrict access to a wireless network by allowing access to only specific computers or wireless clients based on their MAC addresses You can restrict access to only trusted computers so that unknown computers cannot connect wirelessly to the wireless access point MAC address filtering adds an obstacle against unwanted access to your network but the data broadcast over the wireless link is fully exposed Note For wireless adapters you can usuall
32. authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynsemic v lan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication Command Line Reference 140 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 5th security profile enable B5 b5rh security profile access control A ccess control enable access control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 6 6th security profile enable 6 gt 6th security profile access control Acoess control enable access control policy Access control policy enable authentication Wireless authe
33. concurrent 9 dynamic and static VLANs 50 Dynamic Host Configuration Protocol DHCP client and server 22 24 E EDCA Enhanced Distributed Channel Access parameters 85 87 electromagnetic compliance 127 encryption WEP 52 WPA and WPA2 55 environmental specifications 127 ESS extended service set 43 Ethernet cabling requirements 16 Ethernet packets and bytes received and transmitted 115 extended service set ESS 43 E factory default settings list of 127 130 restoring 70 firmware backing up 69 factory defaults 70 restoring from backup file 70 RFID module version viewing 105 upgrading 67 wireless access point version viewing 110 flash memory 66 fragmentation length 84 frequencies and channels defaults 125 selecting for 802 11a na modes 29 selecting for 802 11b bg ng modes 27 FTP traffic advanced QoS 85 WMM QoS 61 G gateways ISP and DHCP 22 24 generating keys WEP 52 Gigabit Ethernet RJ 45 port 13 graphical user interface GUI described 19 troubleshooting 119 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R guard interval 802 11na 30 802 11ng 27 H hardware version RFID module 105 hotspot server 82 idle time 113 importing known access points 76 infrastructure mode 25 installation kits 31 installation order 16 interference 15 Internet browsing troubleshooting 118 IP addresses default 18 22 110 127 DHCP and DNS servers 22 24 DHCP WINS servers 24
34. correct cable is used Use a standard straight through Category 5 Ethernet cable such as the one that came with the wireless access point If the network device has Auto Uplink MDI MDIX ports you can use either a crossover cable or a normal straight through cable The WLAN LED Is Not Light The wireless access point s antenna is not working If the WLAN LED remains off either disconnect the cables to the PoE switches and then reconnect them again or disconnect the adapter from its power source and then plug it in again Contact NETGEAR technical support if the WLAN LED remains off You Cannot Access the Internet or the LAN from a Wireless Capable Computer There is a configuration problem gt Check these items You might not have restarted the computer with the wireless adapter to allow TCP IP changes take effect Restart the computer The computer with the wireless adapter might not have the correct TCP IP settings to communicate with the network Restart the computer and check that TCP IP is set up correctly for that network In Windows the usual setting for Network Properties is to obtain an IP address automatically Troubleshooting 118 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The wireless access point s default values might not work with your network Check the wireless access point s default configuration against the configuration of other devices in your network Make sure that the SSID
35. defaults 125 selecting for 802 11a na modes 29 selecting for 802 11b bg ng modes 27 channels wireless spacing 25 Clear to Send CTS packets 83 CLI command line interface commands 131 clients associated number of 115 DHCP enabling 22 isolation enabling 84 maximum number 85 monitoring 111 NTP enabling 21 trusted 58 wireless separation enabling 43 50 collision detection and collision avoidance CSMA 83 command line interface CLI commands 131 community names and traps SNMP 65 compliance electromagnetic 127 configuration file backing up or restoring 69 connectors and ports rear panel 12 country wireless location 20 CSMA Carrier Sense Multiple Access 83 CTS Clear to Send packets 83 cwMin minimum contention window and cwMax maximum contention window values 86 D data encryption WEP 52 WPA and WPA2 55 data rates 802 11a mode 30 802 11b bg modes 27 specifications for all modes 125 126 date and time troubleshooting 122 defaults channels and frequencies 125 DHCP gateway 24 factory settings list of 127 130 factory settings restoring 70 IP address 18 127 ISP gateway 22 login password 18 127 SNMP 64 subnet mask 22 127 user name 18 127 delivery traffic indication message DTIM interval 84 DHCP Dynamic Host Configuration Protocol client and server 22 24 DNS Domain Name System servers 22 24 148 DTIM delivery traffic indication message interval 84 dual band support
36. enabled 0 means disabled The channel that the unknown AP is using The transmit data rate in Mbps of the unknown the AP The interval for each beacon transmission in ms of Beacons The number of beacons transmitted by the unknown AP that the wireless access point has detected The time stamp that indicates the time when the most recent beacon was detected 3 Click Save Export the list of unknown APs to a file A window opens so you can browse to the location where you want to save the file The default file name is macList txt 4 Optionally After you have reviewed the list import the saved list into the Known AP List on the Rogue AP screen see Enable and Configure Rogue AP Detection on page 74 gt To view the Known AP Lists and save it to a file 1 Select Monitoring gt Rogue AP gt Known AP List The Known AP List screen displays Configuration Monitoring Maintenance RFID Support LOGOUT System Wireless Stations Logs Statistics Unknown AP List Known AP List Known AP List Known AP List 802 11ng MAC Address Channel OO 241 B261 sb 2 NG 1193 1 00 17 31 23 09 0A Wireless Q00 1F 33 D2 AD 82 EVA2000 mixed COISFIDE rBSICBIDO ngwlan O iS8 FX EFi DB zd Customer ID Known AP List 802 11n MAC Address SSID Channel REFRESH AWE 2 Optionally Click Refresh Management 77 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The wireless access poin
37. errors 16 NTP servers 21 requirements 16 SNMP manager 65 static for management computer 127 syslog server 74 TFTP server 68 isolating clients 84 J Java and Javascript 119 K key generation WEP 52 key update RADIUS servers 57 L LAN configuration requirements 16 IP addresses 127 troubleshooting 118 LAN LED behavior startup procedure 18 described 12 troubleshooting 118 LAN path troubleshooting 120 lease period DHCP 24 149 LEDs behavior startup procedure 17 described 12 troubleshooting 117 legacy 802 1X wireless security 49 52 link test wireless bridging 92 96 101 local MAC addresses 58 location country and region 20 logging activities 113 logging in 18 login URL name and password 127 losing wireless connection 59 MAC addresses default wireless access point 20 Ethernet port 110 known access points 78 restricting access by 41 57 unknown access points 77 wireless card 110 management VLAN 80 management remote options 64 maximum burst value 87 maximum contention window cwMax value 87 maximum number of clients 85 MCS Modulation and Coding Scheme index and data rate 802 11na 30 index and data rate 802 11ng 27 minimum contention window cwMin value 86 Modulation and Coding Scheme MCS 27 30 mounting plate ceiling 32 wall 35 multicast packets transmitted and received 115 N names firmware file 68 NTP server 21 profiles 49 SNMP communities 64 wireless access point 20 w
38. for any other security profile that you want to edit For example first configure security profile NETGEAR WDS 1 with the MAC address of AP1 and then configure security profile NETGEAR WDS 2 with the MAC address of AP3 see Figure 20 on page 98 2 Activate repeater mode on the wireless access point AP2 in Figure 20 on page 98 a b C On the Bridging screen select the Enable Wireless Bridging check box Select the Wireless Point to Multi Point Bridge radio button Clear the Enable Wireless Client Association check box Wireless client association is disabled No wireless clients can associate with the wireless access point Note If you do not clear the Enable Wireless Client Association check box the wireless access point functions in regular point to multipoint bridge mode If the correct profile names and security options are displayed in the table select the check boxes in the Enable column for all security profiles that you want to enable On the Bridging screen click Apply The repeater settings are activated 3 Configure AP1 on LAN Segment 1 see Figure 20 on page 98 in repeater mode with the remote MAC address of AP2 Configure AP3 on LAN Segment 3 see Figure 20 on page 98 in repeater mode with the remote MAC address of AP2 Verify the following 4 AP1 has AP2 s MAC address in its Remote MAC Address field AP3 has AP2 s MAC address in its Remote MAC Address field All APs are configured to
39. lit or blinks green when the WLAN is ready Log In to the Wireless Access Point The default IP address of your wireless access point is 192 168 0 100 By default the DHCP client on the wireless access point is disabled so you can log in using the default IP address gt To log in to the wireless access point 1 Open a web browser such as Microsoft Internet Explorer 8 0 or later or Mozilla Firefox 18 0 or later 2 Connect to the wireless access point by entering its default address of 192 168 0 100 into your browser use http and not https The Login screen displays WNDAP380Rv2 ProSafe Dual Band Wireless N Access Point Enter the default user name of admin and the default password of password Click Login The web browser displays the basic General system settings screen under the Configuration tab of the main menu Installation and Basic Configuration 18 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID Support IP Wireless Security Wireless Bridge Basic General General Time General Advanced AP Name netgearl02605 Country Region China wv CANCEL APPLY Web Management Interface The navigation tabs across the top of the web management interface provide access to all the configuration functions of the wireless access point and remain constant The menu items in the blue bar change according to the navigation tab
40. passphrase and select TKIP or TKIP AES encryption See Configure WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK on page 54 WPA2 PSK Enter a WPA passphrase and select AES or TKIP AES encryption See Configure WPA PSK WPA2 PSk and WPA PSK amp WPA2 PSK on page 54 Note Select this setting only if all clients support WPA2 Enter a WPA passphrase TKIP AES encryption is the default encryption See Configure WPA PSK WPA2 PSk and WPA PSK amp WPA2 PSK on page 54 Note This setting allows clients to connect through either WPA with TKIP or WPA2 with AES Wireless Client Security If you enable wireless client security separation by selecting Enable from the Separation drop down menu the associated wireless clients cannot communicate with each other By default Disable is selected from the drop down menu This feature is intended for hotspots and other public access situations Dynamic VLAN From the drop down menu select how VLANs operate by making one of the following selections Disable Disables dynamic VLANs and enables static VLANs This is the default setting Optional Enables dynamic VLANs but if a RADIUS server does not return a VLAN ID the wireless client is still allowed to connect to the wireless access point Required Enables dynamic VLANs If a RADIUS server does not return a VLAN ID the wireless client is not authenticated and cannot connect to the wireless access point For dynamic VLANs to opera
41. seconds and check the Power LED status on the wireless access point If the wireless access point has no power gt If you use one or more PoE switches to provide power to the wireless access point check these items e Make sure that the Ethernet cables between the wireless access point and the PoE switches are correctly connected at both ends e Make sure that the power cords of the PoE switches are plugged into working power outlets or power strips e Make sure that the PoE switches are functioning normally Troubleshooting 117 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R gt If you use a power cord to provide power to the wireless access point check these items Make sure that the power cord is connected to the wireless access point Make sure that the power adapter is connected to a functioning power outlet If it is in a power strip make sure that the power strip is turned on If it is plugged directly into the wall verify that it is not a switched outlet Make sure that you are using the correct NETGEAR power adapter that is supplied with your wireless access point The Active LED or the LAN LED Is Not Lit There is a hardware connection problem gt Check these items Make sure that the cable connectors are securely plugged in at the wireless access point and the network device hub PoE switches or router Make sure that the connected device is turned on Make sure that the
42. that are in the Trusted Wireless Stations table are replaced with the MAC addresses that are in the file e Click the Merge radio button The MAC addresses from the file are added to the MAC addresses that are in the Trusted Wireless Stations table 7 Click Apply Now only devices in the Trusted Wireless Stations table are allowed to connect to the wireless access point over a wireless connection A WARNING When configuring the wireless access point from a wireless computer whose MAC address is not on the access control list you lose your wireless connection when you click Apply You then need to access the wireless access point from a wired computer or from a wireless computer that is on the access control list to make any further changes gt To delete selected or all MAC address from the Trusted Wireless Stations table 1 Select check boxes for individual MAC addresses 2 Optional Select the check box in the heading to select all MAC addresses 3 Click Delete Wireless Configuration and Security 59 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Schedule the Wireless Radios to Be Turned Off Scheduling the wireless radios to be turned off is a green feature that allows you to turn off the wireless radios during scheduled vacations office shutdowns on evenings or on weekends To schedule the radios to be turned on and off 1 Select Configuration Wireless Basic Wireless On O
43. that is selected IP Wireless Security Wireless Bridge Figure 4 Navigation tabs and menu items The bottom right corner on all screens that allow you to make configuration changes show the Apply and Cancel buttons CANCEL APPLY Figure 5 Buttons These buttons have the following functions e Cancel Cancels all configuration changes that you made on the screen e Apply Saves and applies all configuration changes that you made on the screen The following buttons can be displayed e Edit Lets you edit the existing configuration e Save or Save As Lets you save the information that is displayed onscreen to a file e Details Provides more details for the information that is displayed in the table onscreen e Proceed Confirms the action e Send Sends a test command e Refresh Refreshes the information that is displayed onscreen e Clear Clears the information that is displayed onscreen Installation and Basic Configuration 19 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configure Basic General System Settings and Time Settings After you have successfully logged in to the wireless access point the basic General system settings screen displays To configure basic system settings 1 Select Configuration System Basic General The basic General system settings screen displays Configuration Monitoring Maintenance RFID Support IP Wireless Security Wire
44. the security profiles on the wireless access point AP1 on LAN Segment 1 in the previous figure a Select Configuration Wireless Bridge The Bridging screen displays see the following figure b Optional Click the 802 11a na tab The Bridging screen lets you configure a point to point wireless network for the 802 11a na modes c Select the Enable Wireless Bridging check box The Local MAC Address field is a nonconfigurable field that shows the MAC address of the wireless access point d Select the Wireless Point to Multi Point Bridge radio button The screen adjusts The profile table shows four security profiles Contiguration Monitoring Maintenance RFID Support System IP Wireless Security Bridging Bridging Bridging 802 11b bg ng 802 11a na Enable Wireless Bridging Local MAC Address 00 00 00 00 00 00 Wireless Point to Point Bridge 9 wireless Point to Multi Point Bridge Enable Wireless Client Association HETGEAR WDS5 1 Open System METGEAR WDS Z Open System HETGEAFR WDS 3 open System LT D IT amp HETGEAR WDS 4 Open System EDIT CANCEL APPLY e Select a security profile to edit by selecting the corresponding radio button to the left of the profile f Click Edit to configure the selected security profile settings The Edit Security Profile screen displays for the selected security profile The following figure contains some examples Advanced Configuration 94
45. use the same SSID wireless channel and encryption mode All access points need to be on the same LAN IP subnet That is all the access point LAN IP addresses are in the same network All LAN devices wired and wireless computers need to be configured to operate in the same LAN network address range as the access points The channel selection on the access points cannot be Auto see Configure the Basic Wireless Settings on page 24 Configure a Point to Point Wireless Network In point to point bridge mode the wireless access point communicates with another bridge mode wireless station Use wireless security to protect this communication The following figure shows an example in which two wireless access points APs function in point to point bridge mode with client association Advanced Configuration 88 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R AP1 NN AP2 PEE Wireless client Wireless client Point to point bridge mode Point to point bridge mode Jl Hub or switch n uml A LAN segment 1 LAN segment 2 Figure 18 Point to point wireless network To configure a point to point wireless network with or without client association 1 Configure the wireless access point AP1 on LAN Segment 1 in the previous figure as a point to point bridge a Select Configuration Wireless Bridge The Bridging screen displays see the following figure b
46. wireless client automatically changes to the wireless access point with the least interference or best performance Wireless Configuration and Security 43 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Write Down Your Wireless Network Settings For a new wireless network print or copy the following two forms and fill in the settings For an existing wireless network the network administrator can provide this information Form for 802 11b bg ng Modes Print the form and store the security information in a safe place SSID The service set identifier SSID identifies the wireless local area network You can customize it by using up to 32 alphanumeric characters Write your SSID on the line SSID The SSID in the wireless access point is the SSID you configure on the wireless adapter card All wireless nodes in the same network need to be configured with the same SSID WEP key size and authentication Choose the key size by circling one 64 128 or 152 bits Choose the authentication type by circling one open system or shared key Passphrase Note If you select shared key the other devices in the network cannot connect unless they are set to shared key and have the same keys in the same positions as those in the wireless access point WPA PSK pre shared key and WPA2 PSK Hecord the WPA PSK passphrase WPA PSK passphrase Record the WPA2 PSK passphrase WPA2 PSK passphrase WPA RADIUS settings
47. 0 Mbps and auto rate capable referred to as Best Data rates for a 40 MHz channel width and an automatic guard interval 0 15 Mbps 1 30 Mbps 2 45 Mbps 3 60 Mbps 4 90 Mbps 5 120 Mbps 6 135 Mbps 7 150 Mbps 8 30 Mbps 9 60 Mbps 10 90 Mbps 11 120 Mbps 12 180 Mbps 13 240 Mbps 14 270 Mbps 15 300 Mbps and auto rate capable referred to as Best Data rates for a 40 MHz channel width and a long guard interval 800 ms 0 13 5 Mbps 1 27 Mbps 2 40 5 Mbps 3 54 Mbps 4 81 Mbps 5 108 Mbps 6 121 5 Mbps 7 135 Mbps 8 27 Mbps 9 54 Mbps 10 81 Mbps 11 108 Mbps 12 162 Mbps 13 216 Mbps 14 243 Mbps 15 270 Mbps and auto rate capable referred to as Best 802 11a na 5 745 5 825 GHz operating frequencies 802 11 a na encryption Status LEDs 64 bit 128 bit and 52 bit WEP AES TKIP Remote configuration and management through the web management interface through SNMP or through Telnet or SSH with the command line interface CLI SNMP management supports SNMP MIB I MIB II 802 11 MIB and proprietary configuration MIB Power Test LED Active LED LAN LED WLAN LED 2 4 GHz and 5 GHz Supplemental Information 126 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 5 Technical specifications continued Feature Description 000 Electrical and Physical Specifications Power adapter 12 VDC 1A plug is localized to country of sale Physical spec
48. 0000000000 Profile Name The unique name of the wireless security profile that makes it easy to recognize the profile SSID The wireless network name SSID for the wireless security profile The configured wireless authentication method for the wireless security profile VLAN The default VLAN ID that is associated with the wireless security profile Enable The check box that lets you select the wireless security profile so you can enable it by clicking Apply 3 Select the radio button to the left of the wireless security profile that you want to configure and click Edit The Edit Security Profile screen opens for the selected wireless security profile see the following figure The screen has two sections e Profile Definition see Step 4 e Authentication Settings see Step 5 Configuration Monitoring Maintenance RFID Support LOGOUT System IP Wireless Bridge Profile Settings Edit Security Profile Advanced Profile Definition Profile Name i I GEA SSID NETGEAR 11ng Broadcast Wireless Network Name SSID yas No Authentication Settings Network Authentication Open System Data Encryption Mone v Wireless Client Security Separation Disable v Dynamic VLAN Disable VLAN ID 1 Access Control Disable Enable Access Control Policy 9 Disable Enable Wireless Configuration and Security 48 ProSAFE Dual Band Wireless N Access Point with RFID Suppo
49. 02 11a na Enable Wi Fi Multimedia WMM 9 Enable Disable WHM Powersave O Enable Disable 2 Optional Click the 802 11a na tab The basic QoS Settings screen for the 802 11a na modes displays Wireless Configuration and Security 61 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 3 Enable or disable the WMM features e Enable Wi Fi Multimedia WMM To enable this feature select the Enable radio button By default this feature is enabled Select the Disable radio button to disable the feature e WMM Powersave To enable this feature select the Enable radio button which is the default setting By default this feature is enabled Select the Disable radio button to disable the feature 4 Click Apply Wireless Configuration and Security 62 Management This chapter describes how to use the management of the wireless access point The chapter includes the following sections Enable Hemote Management Upgrade the Wireless Access Point Software Manage the Configuration File or Reset to Factory Defaults Change the Administrator Password Enable the Syslog Server Enable Rogue AP Detection and Monitor Access Points 63 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Enable Remote Management This section describes the different options for remote management e SNMP Management e Secure Shell and Telnet Management Both Simple Network Management Protoco
50. 2 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Security profiles let you configure unique security settings for each SSID on each radio of the wireless access point For each radio the wireless access point supports up to eight security profiles BSSIDs that you can configure on the individual Edit Wireless Network screens that are accessible from the Edit Security Profile screen see Configure and Enable Security Profiles on page 46 Security Profile Concepts Security profiles include the following main components Network authentication The wireless access point is set by default as an open system with no authentication When you configure network authentication bear in mind that not all wireless adapters support WPA or WPA2 Consult the product documentation for your wireless adapter and WPA or WPA2 client software for instructions about how to configure WPA or WPA2 settings For information about the types of network authentication that the wireless access point supports see Configure and Enable Security Profiles on page 46 Data encryption The available data encryption options depend on the network authentication setting that you select the default is no encryption The data encryption settings are explained in Configure and Enable Security Profiles on page 46 Wireless client security separation If this feature is enabled the associated wireless clients using the same SSID are not able to comm
51. 2 11bg modes 802 11d Note This setting does not apply to the 802 11a na modes Client Isolation Enter the maximum packet size that is used for the fragmentation of data packets Packets that are larger than the specified fragmentation length are broken up into smaller packets before being transmitted The fragmentation length needs to be an even number The default setting is 2346 Enter the interval between 100 ms and 1000 ms for each beacon transmission which allows the wireless access point to synchronize the wireless network The default setting is 100 Enter the maximum length of aggregated MAC protocol data unit A MPDU packets Larger aggregation lengths could lead to better network performance Aggregation is a mechanism used to achieve higher throughput The default setting is 65535 Select the Enable radio button to allow the aggregation of several MAC frames into a single large frame to achieve higher throughput Enabling the aggregated MAC protocol data unit A MPDU could lead to better network performance By default the Enable radio button is selected Select the Enable radio button to allow transmission of successive frames at different transmit powers Enabling reduced interframe space RIFS could lead to better network performance By default the Disable radio button is selected Enter the delivery traffic indication message DTIM interval also referred to as the data beacon rate which indicates the beaco
52. 3 240 Mbps 14 270 Mbps 15 300 Mbps and auto rate capable referred to as Best Data rates for a 40 MHz channel width and a long guard interval 800 ms 0 13 5 Mbps 1 27 Mbps 2 40 5 Mbps 3 54 Mbps 4 81 Mbps 5 108 Mbps 6 121 5 Mbps 7 135 Mbps 8 27 Mbps 9 54 Mbps 10 81 Mbps 11 108 Mbps 12 162 Mbps 13 216 Mbps 14 243 Mbps 15 270 Mbps and auto rate capable referred to as Best 2 412 2 472 GHz 64 bit 128 bit and 52 bit WEP AES TKIP Supplemental Information 125 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 5 Technical specifications continued Feature Description 000000000000 802 11a na wireless specifications 802 11a data rates 6 9 12 18 24 36 48 54 Mbps and auto rate capable referred to as Best 802 11na data rates Data rates for a 20 MHz channel width and an automatic guard interval 0 7 2 Mbps 1 14 4 Mbps 2 21 7 Mbps 3 28 9 Mbps 4 43 3 Mbps 5 57 8 Mbps 6 65 Mbps 7 72 2 Mbps 8 14 44 Mbps 9 28 88 Mbps 10 43 33 Mbps 11 57 77 Mbps 12 86 66 Mbps 13 115 56 Mbps 14 130 Mbps 15 144 44 Mbps and auto rate capable referred to as Best Data rates for a 20 MHz channel width and a long guard interval 800 ms 0 6 5 Mbps 1 13 Mbps 2 19 5 Mbps 3 26 Mbps 4 39 Mbps 5 52 Mbps 6 58 5 Mbps 7 65 Mbps 8 13 Mbps 9 26 Mbps 10 39 Mbps 11 52 Mbps 12 78 Mbps 13 104 Mbps 14 117 Mbps 15 13
53. 9 23 config Store updated configuration file onto flash Jan 13 04 50 27 config No update in configuration file to store anto flash Jan 13 04 59 33 webadmin User logged in Jan 13 05 01 17 syslog Client dO df 3a ed 6b 41 associated to SSID NETGEAR 11ng Jan 13 05 02 12 syslog Client 20 d6 07 2c 70 7 amp 8 disassociated from SSID NETGEAR 11ng Jan 13 05 03 35 syslog Client dO df 9a ed 6b 41 disassociated from SSID NETGEAR 11ng Jan 13 05 27 26 webadmin User logged in Jan 13 05 32 36 webadmin User logged in REFRESH CLEAR SAVE AG 2 Optional Click Refresh Monitoring 113 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The information onscreen is updated 3 Optional Click Save As The log contents is saved to a file on your computer or to a disk drive 4 Optional Click Clear The log contents are cleared Traffic Statistics The Statistics screen displays information for both wired LAN and wireless WLAN network traffic To display the Statistics screen Select Monitoring Statistics Configuration MCh Maintenance RFID Support System Wireless Stations Rogue AP Logs _ Statistics Statistics Wired Ethernet Received Transmitted 20032 16524 Bytes 11514072 2473103 Wireless 802 11ng Received Transmitted Unicast Packets 5 y 3 1259 Broadcast Packets E eis atte 150279 313952 Wireless 802 11na Received Transmitted
54. ANs 1 Select Configuration gt System gt Advanced gt General The advanced General system settings screen displays Advanced Configuration 80 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID Support IP Wireless Security Wireless Bridge Basic General Advanced General Spanning Tree Protocol Hotspot Syslog Spanning Tree Protocol Enable 9 Disable 802 10 VLAN Untagged VLAN Management LAN CANCEL APPLY 2 Specify the settings as explained in the following table setting Description 000000000 Spanning Tree Protocol Spanning Tree Protocol Select the Enable radio button to enable STP to prevent path redundancy By default the Disable radio button is selected 802 1Q VLAN Untagged VLAN Select the Untagged VLAN check box to configure one VLAN as an untagged VLAN By default the Untagged VLAN check box is selected Specify a VLAN ID The default VLAN ID is 1 Management VLAN Specify an ID for the VLAN from which the wireless access point can be managed The default VLAN ID is 1 Note If you configure the management VLAN ID as 0 zero the wireless access point can be managed over any VLAN and frames that belong to the management VLAN are not tagged with an 802 1Q header when sent over the trunk 3 Click Apply Configure Hotspot Settings If the wireless access point functions as a public
55. AP2 Multipoint UL AP3 bridge mode repeating only pide ae repeating only Multipoint bridge mode repeating only mea LDOEMESE LAN segment 1 Hub or switch A nma j LAN segment 2 Figure 20 Repeating the wireless signal in point to multipoint bridge mode gt To configure the wireless access point to repeat the wireless signal 1 Configure the security profiles on the wireless access point AP2 on LAN Segment 2 in the previous figure a Select Configuration gt Wireless Bridge Advanced Configuration 98 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The Bridging screen displays see the following figure Optional Click the 802 11a na tab The Bridging screen lets you configure a point to point wireless network for the 802 11a na modes Select the Enable Wireless Bridging check box The Local MAC Address field is a nonconfigurable field that shows the MAC address of the wireless access point Select the Wireless Point to Multi Point Bridge radio button The screen agjusts The profile table shows four security profiles Configuration Monitoring Maintenance RFID Support System IP Wireless Security Bridging Bridging Bridging B02 11b bg ng 802 11a na Enable Wireless Bridging Local MAC Address 00 00 00 00 00 00 Wireless Point to Point Bridge wireless Point to Multi Point Bridge Enable Wireless Client Association Profile Na
56. Bridging screen select the Enable Wireless Bridging check box b Select the Wireless Point to Multi Point Bridge radio button By default the Enable Wireless Client Association is selected Keep the check box selected to enable wireless client association Note If you clear the Enable Wireless Client Association check box the wireless access point does not function in point to multipoint bridge but in repeater mode c If the correct profile names and security options are displayed in the table select the check boxes in the Enable column for all security profiles that you want to enable d On the Bridging screen click Apply The point to multipoint bridge settings are activated Configure AP2 on LAN Segment 2 see Figure 19 on page 93 in point to point bridge mode with the remote MAC address of AP1 Configure AP3 on LAN Segment 3 see Figure 19 on page 93 in point to point bridge mode with the remote MAC address of AP1 Verify the following e Only AP1 on LAN Segment 1 is configured in point to multipoint bridge mode and all others wireless access points are configured in point to point bridge mode e AP2 and AP3 the point to point APs have AP1 s MAC address in their Remote MAC Address field e All APs are configured to operate in the same LAN network address range as the LAN devices e f you use DHCP all APs can obtain an IP address automatically as a DHCP client For more information see Configure the IP S
57. Default Gateway Enter the IP address of the ISP gateway to which the wireless access point connects Installation and Basic Configuration 22 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Deseripton 0000000000000 Primary DNS Server Enter the IP addresses of the primary and secondary DNS servers A DNS server is a host on the Internet that translates Internet names such as www netgear com to numeric IP addresses Typically your ISP transfers the IP address of one or two DNS servers to your wireless access point during login If Secondary DNS Server the ISP does not transfer addresses you need to obtain them from the ISP and enter them manually in these fields Network Integrity Check Select this check box to validate that the upstream link is active before allowing wireless associations Ensure that the default gateway is configured 3 Click Apply Configure the Optional DHCP Server The wireless access point provides a built in DHCP server for wireless clients only which can be especially useful in small networks By default the DHCP server is disabled When the DHCP server is enabled the wireless access point provides preconfigured TCP IP configurations to all connected wireless clients To configure DHCP server settings 1 Select Configuration IP DHCP Server Settings The DHCP Server Settings screen displays Configuration Monitoring Maintenance RFID Support System
58. Em Firmware Upgrade TFTP Backup Settings Restore Settings Firmware File Name TFTP Server IP Specify the following information e Firmware File Name The name of the unzipped software file e TFTP Server IP The IP address of your TFTP server Click Apply The upgrade process is initiated During the upgrade process the wireless access point automatically restarts The upgrade process typically takes several minutes When the Test LED turns off wait a few more seconds before doing anything with the wireless access point Verify that the new software file has been installed by selecting Monitoring System The System screen displays see View System Information on page 109 The firmware version is shown in the Access Point Information section of the screen Management 68 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Manage the Configuration File or Reset to Factory Defaults The wireless access point settings are stored in the configuration file You can save this file back it up to a computer restore it from a computer or reset it to factory default settings Save the Configuration Restore the Configuration Restore the Wireless Access Point to the Factory Default Settings Reboot the Wireless Access Point without Restoring the Default Configuration Save the Configuration NETGEAR recommends that you back up your configuration after you have made changes
59. INS server If your computer is set to obtain an IP address automatically DHCP client restart it Make sure that your browser has Java JavaScript or ActiveX enabled If you are using Internet Explorer click Refresh to be sure that the Java applet is loaded Try quitting the browser clearing the cache deleting the cookies and launching the browser again Make sure that you are using the correct login information The factory default login name is admin and the password is password Make sure that Caps Lock is off when entering this information If the wireless access point does not save changes you have made in the web management interface check the following When entering configuration settings be sure to click the Apply button before moving to another screen or tab or your changes are lost Click the Refresh or Reload button in the web browser The changes might have occurred but the web browser might be caching the old configuration Troubleshooting 119 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R When You Enter a URL or IP Address a Time Out Error Occurs A number of things could be causing this gt Try the following troubleshooting steps Check whether other computers on the LAN work correctly If they do ensure that your computer s TCP IP settings are correct If you use a fixed static IP address check the subnet mask default gateway DNS and IP addresses of the wireless a
60. If you enable rogue AP detection the wireless access point continuously scans the wireless network and collects information about all access points on its channel gt To enable and configure rogue AP detection 1 Select Configuration gt Security gt Advanced gt Rogue AP The Rogue AP screen displays The following figure shows examples in the Known AP List and Unknown AP List Configuration Manitarinig Maintenance RFID Suppor System TP Wireless Wireless Bridge Profile Settings Rogue AP Advanced Rogue AP Rogue AP Authantication Radius Server Settings B02 11b bg ng 802 11a na Turn Rogue AP Detection On v Import AP List from a file e Replace C Merge Be Known AP List Unknown AP List MAC Address Channel a MAC Address Channel 0 24 B2 61 94 21 H 113 1 0 26 FZz F8 14 n H iig 00 17 31 23 059 04 Wireless O0 1F 33 C4 F7 Fa EVaZ000 WERE O0 1F 32 D2 4D 82 EVAZ O mixed C 3F D E B B T A7 FULLRoATEB 72 CO S3F 0E BS TB OD ngwlan U 22 3F C3 amp A CB HETGEAR Ol rid Fl EF D amp H4 Curtamer ID QO 17 3i1 23 0 DE Wirelarr D 0 i8 F3 EF DB BC Wiraleis REFRESH CAPELL APPLY po Optional Click the 802 11a na tab The Rogue AP screen lets you enable and configure rogue AP detection for the 802 11a na modes Select the Turn Rogue AP Detection On check box Optional Click Refresh The wireless access point detects unknown access points and populates the U
61. N Access Point with RFID Support WNDAP380R 8 gt access control access control policy authentication authentication 8021x authentication authentication open encryption shared key encryption broadcast dynamic vlan name security separation l ssid vlan wep key wpa passphrase wmm gt enable parameter gt Apo queue gt 0 0 1 2 powersave 25021Id aggregation length ampdu beacon interval channel 8th security profile Access control enable Access control policy enable Wireless authentication type Select wireless 802 1x authentication type Select wireless open encryption authentication type Wireless shared key encryption Broadcast enable Dynamic VLAN id Profile name pisable associated wireless client Network name communication 1 32 chars VLAN id Wireless wep key type Wireless wpa passphrase WMM settings WMM enable 00S parameter mi Queue Access point Access Access Access best effort voice data point low priority data point video data point voice data Station Queue Station best Station Station Station effort voice data low priority data video data voice data WMM power save enable 5 GHz wireless LAN status
62. NETGEAR ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Reference Manual May 2013 202 11230 01 350 East Plumeria Drive San Jose CA 95134 USA ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Support Thank you for selecting NETGEAR products After installing your device locate the serial number on the label of your product and use it to register your product at hitps my netgear com You must register your product before you can use NETGEAR telephone support NETGEAR recommends registering your product through the NETGEAR website For product updates and web support visit httpz support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at htto support netgear com general contact default aspx Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice NETGEAR Inc All rights reserved Revision History Publication Publish Date Comments Part Number 202 11230 01 May 2013 First publication Contents Chapter 1 Introduction About the ProSAFE Dual Band Wireless N Access Point with RFID Support WINDAP SOUR 15 24h dcc ai dedii dcm ae DS c dido cV CCCo eR we Kc os 7 Whati IIIS BOSE uii ceeeniebt do TPSqaSraRCSRREETQR
63. Ps and wireless clients and maintains them in a list You can use this list to prevent them from connecting to the wireless access point gt To view the Unknown AP List and save it to a file 1 Select Monitoring gt Rogue AP gt Unknown AP List The Unknown AP List screen displays Configuration Monitoring Maintenance RFID Support System gt Wireless Stations Rogue AP Logs Statistics Unknown AP List Unknown AP List Known AP List Unknow n AP List H02 11ng MAC Address SSID Privacy Channel Rate ODriF 33 CA4 F7 FB EVAZODD WEPb4 i COISFIOE BO B7 A2 FULLRATEB 7A2 40 46 90 85109158 xCES3700 1 COISFIDE 9S CSi01 ngguest i OD r24 B2 5A8 1F 27 CES37U3 1 Unknown AP List 802 11ina MAC Address SSID Privacy Channelr Rate Ho Neighbor AP Optionally Click Refresh Management 76 B EACAN Int i00 200 100 100 10g Beacon Int amp of Beacons Last Seen 745115 744307 T30218 TJZT 36 745037 of Beacons Last Seen REFRESH SAVE ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The wireless access point detects the access points and populates the Unknown AP List for the configured wireless modes The following table explains the fields of the Unknown AP List screen setting Description S MAC Address The MAC address of the unknown AP SSID The SSID that the unknown AP is using Privacy Indicates whether security is enabled 1 means
64. R Configuration Monitoring Maintenance Configuration Monitor Diagnostics Reboot Reset RFID Module Reset Reset RFID Module Reset RFID Module ves No 2 Select the Yes radio button By default the No radio button is selected 3 Click Apply Advanced Configuration 107 Monitoring This chapter describes how to monitor the wireless access point and its network traffic The chapter includes the following sections e View System Information e Monitor Wireless Clients e View the Activity Log e Traffic Statistics 108 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R View System Information The System screen provides a summary of the current wireless access point configuration settings including current IP settings and current wireless settings This information is read only so any changes need to be made on other screens gt To view the System screen Select Monitoring System Configuration Monitoring Maintenance RFID Support Wireless Stations Rogue AP Logs Statistics System Access Point Information Access Point Name Ethernet MAC Address Wireless HAC Address for 2 4GHz Wireless MAC Address for 5GHz Country Region Firmware Version Serial Number Current Time Current IP Settings IP Address Subnet Mask Default Gateway DHCP Client Current Wireless Settings for 802 11ng Access Point Mode Channel Frequency Rogue AP Detection Cu
65. R Technical Specifications The following table lists the technical specifications of the wireless access point Table 5 Technical specifications Feature Description 000 802 11b bg ng wireless specifications 802 11b data rates 802 11bg data rates 1 2 5 5 and 11 Mbps and auto rate capable referred to as Best 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps and auto rate capable referred to as Best 802 11ng MCS index and Data rates for a 20 MHz channel width and an automatic guard interval 0 7 2 Mbps 1 14 4 Mbps 2 21 7 Mbps 3 28 9 Mbps 4 43 3 Mbps 5 57 8 Mbps 6 65 Mbps 7 72 2 Mbps 8 14 44 Mbps 9 28 88 Mbps 10 43 33 Mbps 11 57 77 Mbps 12 86 66 Mbps 13 115 56 Mbps 14 130 Mbps 15 144 44 Mbps and auto rate capable referred to as Best data rates 802 11b bg ng operating frequencies 802 11 b bg ng encryption Data rates for a 20 MHz channel width and a long guard interval 800 ms 0 6 5 Mbps 1 13 Mbps 2 19 5 Mbps 3 26 Mbps 4 39 Mbps 5 52 Mbps 6 58 5 Mbps 7 65 Mbps 8 13 Mbps 9 26 Mbps 10 39 Mbps 11 52 Mbps 12 78 Mbps 13 104 Mbps 14 117 Mbps 15 130 Mbps and auto rate capable referred to as Best Data rates for a 40 MHz channel width and an automatic guard interval 0 15 Mbps 1 30 Mbps 2 45 Mbps 3 60 Mbps 4 90 Mbps 5 120 Mbps 6 135 Mbps 7 150 Mbps 8 30 Mbps 9 60 Mbps 10 90 Mbps 11 120 Mbps 12 180 Mbps 1
66. S US P EE EE 7 System Requirements 0 00 cee ees 8 Key Features and Standards 0 ccc a eee 8 Supported Standards and Conventions 0000 c eee eee 8 KOy Pele uar a cake behets hye ew acd e doy dew dear d edad ee es 9 802 11b g n and 802 11a n Standards Based Wireless Networking 10 Autosensing Ethernet Connections with Auto Uplink 11 Hardware Description a adaca 04464 Reo DOR eR ERR ede bdo dodo ode 11 e oda a 6 25 ca STETERIT TETAS ESETET EET PS 11 PEP earannan CL o E a oe aA a ee ees a 12 Bottom Panel with Product Label nnana aana aaa aaaea 13 Chapter 2 Installation and Basic Configuration What You Need Before You Begin 2 00 ce ee eee 15 Wireless Equipment Placement and Range Guidelines 15 Ethernet Cabling Requirements a na anaana anaana 16 LAN Configuration Requirements 00 cece eee eee eee 16 Hardware Requirements for Computers on Your LAN 16 Requirements for Entering IP Addresses 000005 16 Install and Configure the Wireless Access Point 5 16 Connect the Wireless Access Point to a Computer 17 Log In to the Wireless Access Point n n nannan aaan aaa 18 Configure Basic General System Settings and Time Settings 20 Configure the P Sette ssschapaedkekr d dere sirdeRer 4 000008008 21 Configure the Optional DHCP Server lllllllllllesn 23 Configure th
67. STS12FFFFA54C696E6B303031FE080000000013FF0135 dSeSTSl12FFFF454C696EG6B303031FE050000000013FF2DBO ZSTS1ZFFFFA54 5696E6B303031FE020000000013FF0135 SoSTSI2FFFF454C686EGB303031FE080000000013FF2DBO SSTS12FFFFA54L696E6B303031FE050000000013FF0135 TeSTSl2FFFFA54C696EOB303031FEUDO000000013FF2DBO Network Test Server 132158 1 1D M Command Broadcast 45T512FFFF454C695E58303031FE090000000013FF0135 Broadcast 5TS12FFFF454C695E5B303031FE090000000013FF0135 Broadcast S5TS12FFFF454C695E5B303031FE090000000013FF0135 Broadcast STS12FFFF454C686E8B303031FE090000000013FF0135 Broadcast 25TS12FFFF454C695E5B303031FED090000000013FF0135 2 n the Module Test section or the Network Test section select an RFID server from the drop down menu 3 In the Command field of the Module Test section or the Network Test section enter a debug command in hexadecimal format 4 Click Send The Module Test section displays the messages that the RFID module sends to the RFID server The Network Test section displays the messages that the RFID server sends to the RFID module Troubleshooting 123 Supplemental Information This appendix provides factory default settings and technical specifications for the ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The appendix includes the following sections e Technical Specifications e Factory Default Settings 124 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380
68. US setting Descriptions 0000 Advanced Encryption Standard AES is the standard encryption method used with WPA2 Note Although some wireless clients might support AES with WPA the WNDAP380R wireless access point does not support WPA with AES TKIP AES The TKIP AES encryption method is supported both for WPA and WPA2 Broadcast packets use TKIP For unicast point to point transmissions WPA clients use TKIP and WPA2 clients use AES For the WPA amp WPA2 mixed mode TKIP AES is the only supported data encryption method Configure WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK WPA PSK WPA PSK and WPA PSK amp WPA2 PSK authentication use a pre shared key PSK also called a passphrase or a network key and do not require authentication from a RADIUS server The selections that are available from the Data Encryption drop down menu depend on the type of WPA PSK authentication that you select from the Network Authentication drop down menu and are shown in the table that follows the figures e WPA PSK Authentication Settings Network Authentication Data Encryption WPA Passphrase Network Key HIITIITT Shaw Passphrase in Clear Text 9 wo ves Figure 15 WPA PSK e WPA2 PSK Authentication Settings Network Authentication WFPA PSK Data Encryption AES WPA Passphrase Network Key T Show Passphrase in Clear Text o Ha O Yes Figure 16 WPA2 PSK e WPA PSK amp WPA2 PSK Authentication Settin
69. WMM QoS 61 profiles security creating and configuring 46 51 described 43 PSK pre shared key WPA WPA2 and mixed mode 42 55 Q QoS Quality of Service advanced settings 85 87 basic settings WMM 61 62 R radio scheduling to turn off 60 turning off 2 4 GHz 26 turning off 5 GHz 29 radio frequency identification RFID module and server 103 RADIUS servers configuring 55 range guidelines wireless equipment 15 read only name read write name SNMP 64 rear panel 12 reauthentication time RADIUS servers 57 rebooting from web management interface RFID module 106 wireless access point 72 received signal strength indicator RSSI 112 redirecting HTTP requests 81 Reduced Interframe Space RIFS transmission 84 region wireless location 20 remote devices troubleshooting 121 remote MAC addresses 58 remote management options 64 repeating wireless signal 98 Request to Send RTS threshold 83 Reset button 13 72 127 restoring factory defaults 70 password 73 settings from backup file 70 restricting access by MAC address 41 57 RFID radio frequency identification module and server 103 RIFS Reduced Interframe Space transmission 84 roaming 43 rogue access point detection 74 78 RSSI received signal strength indicator 112 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R RTS Request to Send threshold 83 Rx sequence 113 S Secure Shell SSH enabling 65
70. acters inclusive WPA2 PSK AES Advanced Encryption Standard is the standard encryption method used with WPA2 PSK and the only selection possible from the Data Encryption drop down menu In the WPA Passphrase Network Key field enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive Note If you want to use the 11n rates and speed NETGEAR recommends WPA2 PSK authentication with AES encryption Link Test The link test lets you validate the bridge configuration by testing whether an IP address behind the remote access point is reachable IP Address Enter an IP address that can be reached through the remote access point for which you are setting up a bridge configuration Click Link Test Link Test Process After one minute or less the link test returns one of the following results Status Success The link can be established using the bridge configuration and the IP address behind the remote access point is reachable You can click Apply to save the bridge configuration Failure The link cannot be established using the bridge configuration Either the remote access point is not configured correctly or the IP address behind the remote access point is reachable Advanced Configuration 101 h ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Click Apply The bridge configuration is saved The Bridging screen displays again Repeat Step e through Step h
71. agement interface 1 Select Maintenance Reset Restore Defaults The Restore Defaults screen displays Configuration Monitoring Maintenance RFID Support AoGOU Password Res Remote Management Upgrade Reboot AP Restore Defaults Restore Defaults Restore Defaults Restore to factory default settings 9 ves O No 2 Select the Yes radio button By default the No radio button is selected 3 Click Proceed The wireless access point resets to the factory default settings During the restoration process the wireless access point automatically restarts The restoration process typically takes about one minute When the Test LED turns off wait a few more seconds before doing anything with the wireless access point Management 71 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Use the Reset Button to Restore Factory Default Settings To restore the factory default settings when you do not know the login user name login password or IP address you need to use the Reset button on the rear panel of the wireless access point see Figure 2 on page 12 Torestore the factory default settings using the Reset button 1 Using a sharp object press and hold the Reset button for about 10 seconds until the Test LED blinks rapidly to reset the wireless access point to factory defaults settings Note Pressing the Reset button for less than 10 seconds simply causes the wireless access point to r
72. an SSH or Telnet session to the wireless access point using an application such as PuTTY if such an encryption application is allowed by law in your country 2 Enter the login name and password admin and password are the defaults Management 65 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R After successful login the prompt displays preceded by the name of the wireless access point 3 Enter the CLI commands that you want to use You can enter to display the available CLI commands The CLI commands are also listed in Appendix B Command Line Reference Upgrade the Wireless Access Point Software The software of the wireless access point is stored in flash memory and can be upgraded as NETGEAR releases new software You can download upgrade files from the NETGEAR website If the upgrade file is compressed zip file you first need to extract the image rmt file before sending it to the wireless access point You can send the upgrade file using your browser The following sections describe the two methods that are available to perform a software upgrade e Web Browser Upgrade Procedure e TFTP Server Upgrade Procedure Note The web browser that you use to upload new firmware into the wireless access point needs to support HTTP uploads Use a browser such as Microsoft Internet Explorer 6 0 or later or Mozilla 1 5 or later Note You cannot perform the software upgrade from a computer that is conn
73. an advanced wireless feature that reduces the client density in the 2 4 GHz band and increases the wireless network capacity The default WLAN settings normally work well However you can use the advanced settings to fine tune the overall performance of the wireless access point for your specific environment If a radio is turned off you cannot configure the advanced wireless settings Make sure that the radio is turned on Advanced Configuration 82 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R To configure advanced wireless settings 1 Select Configuration Wireless Advanced Wireless Settings The advanced Wireless Settings screen displays The following figure shows the 11ng settings as indicated by the radio wave icon that is displayed next to ng Configuration Monitoring Maintenance RFID Support System IP i Security Wireless Bridge DEL Wireless Settings Advanced Wireless Settings Wireless Settings QoS Settings 802 11b bg ng 802 11a na RTS Threshold 0 2347 2347 Fragmentation Length 256 2346 2346 Beacon Interval 100 vj Aggregation Length 1024 65535 65535 AMPDU 9 Enable Disable RIFS Transmission 9 Enable Disable DTIM Interval 1 15 a Preamble Type 9 Auto Long 802 11d e Client Isolation Disable v Max Wireless Clients 54 CANCEL APPLY 2 Optional Click the 802 11a na tab The Wireless Settings scre
74. ation and Basic Configuration 38 Wireless Configuration and Security This chapter describes how to configure the wireless features of the wireless access point The chapter includes the following sections Before You Configure Wireless Security Wireless Data Security Options Security Profiles Configure RADIUS Server Settings Restrict Wireless Access by MAC Address Schedule the Wireless Radios to Be Turned Off Configure Basic Wireless Quality of Service 39 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Before You Configure Wireless Security Before you set up wireless security and additional wireless features that are described in this chapter connect the wireless access point get the Internet connection working set the country or region correctly and configure the 802 11b 11bg or 11ng wireless settings and the 802 11a or 11na wireless settings as described in Chapter 2 Installation and Basic Configuration The wireless access point functions with an Ethernet LAN connection Make sure that you have verified wireless connectivity before you set up wireless security and additional wireless features AA WARNING If you are configuring the wireless access point from a wireless computer and you change the wireless access point s SSID channel or wireless security settings you lose your wireless connection when you click Apply You then need to change the wireless settings of your computer to matc
75. ber or continues to blink green it indicates a system fault Active EN No Ethernet traffic is detected or no link is detected On or blinking green Ethernet traffic is detected on No link is detected on the LAN port 100 Mbps or 10 Mbps link is detected on the LAN port 1000 Mbps link is detected on the LAN port WLAN Off Wireless 802 11b g n 2 4 GHz LAN is not ready or no wireless activity is detected On or blinking green Wireless 802 11b g n 2 4 GHz LAN is ready or wireless activity is detected WLAN Off Wireless 802 11n a 5 GHz LAN is not ready or no wireless activity is detected On or blinking green Wireless 802 11n a 5 GHz LAN is ready or wireless activity is detected Rear Panel aln p ef Dies aA C e Figure 2 Rear panel Introduction 12 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The rear panel components of the wireless access point from left to right are described in the following list 1 Factory default Reset button Using a sharp object press and hold this button for about 10 seconds to reset the wireless access point to factory defaults settings All configuration settings are lost and the default password is restored For more information see Restore the Wireless Access Point to the Factory Default Settings on page 70 2 10 100 1000BASE T Gigabit Ethernet RJ 45 port with Auto Uplink Auto MDI X with IEEE 802 3af Power over Ethernet PoE
76. c VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase e 3rd security profile enable wo 3rd security profile access control hocess control enable uccoss DOnLeol polesev Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption Command Line Reference 134 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 4 4th security profile enable 4 4th security profile l docess ocontrol Access control enable access control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encry
77. cally generated by clicking Generate Keys e For ASCII format depending on the key size selected the manually entered encryption key needs to have a length of 5 64 bit WEP 13 128 bit WEP or 16 characters 152 bit WEP For HEX format depending on the key size selected the manually entered or automatically generated encryption key needs to have a length of 10 64 bit WEP 26 128 bit WEP or 32 152 bit WEP characters Note wireless clients need to use the key to access the wireless access point Show Passphrase in Select the Yes radio button to display the actual passphrase in the Passphrase field The Clear Text default setting is No Configure Legacy 802 1X To use legacy 802 1X security you need to define RADIUS server settings For information about RADIUS servers see Configure RADIUS Server Settings on page 55 When you select Legacy 802 1X from the Network Authentication drop down menu the Data Encryption drop down menu is automatically set to None To use legacy 802 1X security you need to define the RADIUS servers only Wireless Configuration and Security 52 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Authentication Settings Network Authentication Legacy 802 1 Data Encryption None v Figure 11 Legacy 802 1X Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS WPA WPA2 and WPA amp WPA2 security requires RADIUS based 802 1x authenti
78. cation so you also need to define RADIUS server settings For information about RADIUS servers see Configure RADIUS Server Settings on page 55 The selections that are available from the Data Encryption drop down menu depend on the type of WPA authentication that you select from the Network Authentication drop down menu and are shown in the table that follows the figures e WPA with RADIUS Authentication Settings Network Authentication WPA with Radius Data Encryption TRIP kj Figure 12 WPA with RADIUS e WPA2 with RADIUS Authentication Settings Network Authentication WPA with Radius Data Encryption AES v Figure 13 WPA2 with RADIUS e WPA amp WPA2 with RADIUS Authentication Settings Network Authentication WPA amp WPA2 with Radius v Data Encryption TKIP AES v Figure 14 WPA amp WPA2 with RADIUS Table 3 Settings for WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS Setting Descriptions 00000 Temporal Key Integrity Protocol TKIP is the standard encryption method used with WPA You can also use TKIP with WPA2 Note TKIP provides only legacy slower rates of operation If you want to use the 11n rates and speed NETGEAR recommends WPA2 authentication with AES encryption Wireless Configuration and Security 53 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 3 Settings for WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADI
79. ccess point see Configure the IP Settings on page 21 If the computer is configured correctly but still not working ensure that the wireless access point is connected and turned on Access it and check its settings If you cannot connect to the wireless access point check the LAN and power connections If the wireless access point is configured correctly check your Internet connection for example your cable modem to make sure that it is working correctly Troubleshoot a TCP IP Network Using the Ping Utility Most TCP IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device The device then responds with an echo reply You can easily troubleshoot a TCP IP network by using the ping utility in your computer Test the LAN Path to Your Wireless Access Point Test the Path from Your Computer to a Remote Device Test the LAN Path to Your Wireless Access Point You can ping the wireless access point from your computer to verify that the LAN path to your wireless access point is set up correctly gt To ping the wireless access point from a computer running Windows 95 or later 1 2 From the Windows toolbar click the Start button and select Run In the field provided type ping followed by the IP address of the wireless access point as in this example ping 192 168 0 100 Click OK You should see a message like this one Pinging lt IP address gt with 32 bytes of data I
80. connect to the access point If you keep the default setting go to Step 5 When you change the wireless mode the Turn Radio On check box is automatically cleared and all fields buttons and drop down menus onscreen are masked out Turn on the radio by selecting the Turn Radio On check box A pop up screen displays Note Under normal conditions you want the radio to be turned on Turning off the radio disables access through the wireless access point which can be helpful for configuration network tuning or troubleshooting activities Click OK to confirm the change of wireless mode The change does not take effect until you click the Apply button after you have completed the wireless configuration Installation and Basic Configuration 26 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 5 Specify the remaining wireless settings as explained the following table setting Descriptions 0000000000000 Wireless Network Name SSID Wireless On Off Status Broadcast Wireless Network Name SSID Channel Frequency MCS Index Data Rate 11ng mode only Note For most networks the default settings work fine Output Power Enter a 32 character maximum service set identifier SSID the characters are case sensitive The default is NETGEAR 11ng The SSID assigned to a wireless device needs to match the wireless access point s SSID for the wireless device to communicate with the wireless
81. ddress list rogue ap detection gt Rogue ap detection known gt Known Command Line Reference 144 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R scanned Scanned list config Config list unknown Unknown list station list Station list statistics Interface statistics wds gt Wireless bridge settings i 1st security profile 72 2nd security profile 1 9 3rd security profile 4 4th security profile wlan VAP settings i 1st security profile 4 2nd security profile 3 3rd security profile 74 4th security profile io 5th security profile 6 6th security profile 7 th security profile 1 8 8th security profile wmm WMM settings 5 Show 5GHz wlan interface settings gt 5GHz wlan interface settings associated client Associated client s macaci1 Wireless access control ACL mac address list rogue ap detection gt Rogue ap detection known Known scanned Scanned list config Config list unknown Unknown list station list Station list statistics Interface statistics wds gt Wireless bridge settings es 1st security profile jee 2nd security profile is 3rd security profile 74 4th security profile wlan VAP settings L pe 1st security profile 4 2
82. e The current time For information about how to change the time settings see Configure Basic General System Settings and Time Settings on page 20 Current Settings For information about how to change any of these IP settings see Configure the IP Settings on page 21 Enabled indicates that the current IP address was obtained from a DHCP server on your LAN network Disabled indicates a static IP configuration Current Wireless Settings for 802 11b 802 119 or 802 11ng and Current Wireless Settings for 802 11a or 802 11na Note The section heading depends on the configured wireless mode Access Point Mode The operating mode of the wireless access point One of the following modes is indicated e Access Point e Point to Point Bridge e Point to Point Bridge with Access Point e Multi Point Bridge with without client association For information about how to change the mode see Configure Wireless Bridging on page 88 Monitoring 110 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 000000000 Channel Frequency The channel that the wireless port is using For information about how to change the channel and frequency see Configure 802 11b bg ng Wireless Settings on page 25 and Configure 802 11a na Wireless Settings on page 28 Rogue AP Detection Enabled indicates that rogue AP detection is enabled Disabled indicates that it is not Monitor Wireless Clients The W
83. e IP Address time e netgear com CANCEL APPLY 2 Configure the settings as explained in the following table setting Description U Select the time zone to match your location This is a nonconfigurable field that displays the current date and time NTP Client Enable the Network Time Protocol NTP client to synchronize the time of the wireless access point with an NTP server By default the Enable radio button is selected Use Custom NTP Server Select this check box if you want to use a custom NTP server Note You need to have an Internet connection to use an NTP server that is not on your local network Hostname Enter the host name or IP address of the custom NTP server IP Address The default NTP server depends on the selected time zone For example for China the default is time e netgear com Note If you use a host name make sure that you have configured a DNS server For more information see the next section 3 Click Apply Configure the IP Settings AN WARNING If you enable the DHCP client the IP address of the wireless access point changes when you click Apply causing you to lose your connection to the wireless access point You then need to use the new IP address to reconnect to the wireless access point Installation and Basic Configuration 21 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Tip If you enable the DHCP client on the wireless access point you can disc
84. e Basic Wireless SettingS 00 000 eee 24 Test Basic Wireless Connectivity cece eee eee eee 30 Mount the Wireless Access Point 0 0000 cece eee eee 31 Ceiling Installation llle ee eee 31 Wall installalo face bot ou ae ete hee eae oe Bos ree UN Eo dd oe A 30 Desk Installation aa uum diio cac ded mh dC exped m Eanes Gdn du 38 Chapter 3 Wireless Configuration and Security Before You Configure Wireless Security lllllllL 40 Wireless Data Security Options llle 40 Security PITOINOB lt 5 4 dope ROS ae COE aan Ri e SO e OR es pc s 42 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Security Profile Concepts ep rcv acd aded Ded loe te eed 43 Write Down Your Wireless Network Settings 44 Configure and Enable Security Profiles llle 46 Configure RADIUS Server Settings 0 00 c eee eee 95 Restrict Wireless Access by MAC Address 0000 eee euee 57 Schedule the Wireless Radios to Be Turned Off 0 60 Configure Basic Wireless Quality of Service slll 60 Chapter 4 Management Enable Remote Management llle 64 SNMP Management 0 000 cc n 64 Secure Shell and Telnet Management cee ees 65 Upgrade the Wireless Access Point Software 005 66 Web Browser Upgrade Procedure
85. e PoE support Using Power over Ethernet PoE any 802 3af compliant midspan or end span sources can supply power to the wireless access point over the Ethernet port The wireless access point can receive all required power on one Ethernet port from a single PoE source e Autosensing Ethernet connection with Auto Uplink interface Connects to 10 100 1000 Mbps IEEE 802 3 Ethernet networks e LED indicators Power Test Active LAN and WLAN for each radio mode are easily identified e VLAN security profiles Each security profile is automatically allocated a VLAN ID when the security profile is modified 802 11b g n and 802 11a n Standards Based Wireless Networking The wireless access point provides a bridge between wired Ethernet LANs and 802 11b g n and 802 11a n compatible wireless LAN networks It provides connectivity between wired Ethernet networks and radio equipped wireless notebook systems desktop systems print servers RFID tags and other devices In addition the wireless access point supports the following wireless features e Aggregation support e Reduced InterFrame spacing support e 2x2 multiple input multiple output MIMO support e Distributed coordinated function CSMA CA back off procedure ACK procedure retransmission of unacknowledged frames e RTS CTS handshake e Beacon generation Introduction 10 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R e Packet fragmentation and r
86. e RFID Module and Configure the RFID Server 103 Monitor the RFID Module Server and Traffic 104 Reboot or Reset the RFID Module 0 00008 106 Chapter 6 Monitoring View System Information llle 109 Monitor Wireless Clients lll IIR 111 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R View Ine Activily LOQ scis dosing dre dede d dab ded rd ded tiea ia kii dog 113 Traffic Statistics Lai edo erroe once doe ok ed do died dede oy desk d 114 Chapter 7 Troubleshooting Basic FUDCIORIFP oii accede oe deo hath chek Se adem eth eo ts de ok rsh oh he cae 117 Verify the Correct Sequence of Events at Startup 117 No LEDs Are Lit on the Wireless Access Point 117 The Active LED or the LAN LED Is Not Lit 118 The WLAN LED Is Not Light 0 0c cece eee ees 118 You Cannot Access the Internet or the LAN from a Wireless Capable Computer 0 0 cc eee ee eens 118 You Cannot Configure the Wireless Access Point from a Browser 119 When You Enter a URL or IP Address a Time Out Error Occurs 120 Troubleshoot a TCP IP Network Using the Ping Utility 120 Test the LAN Path to Your Wireless Access Point 120 Test the Path from Your Computer to a Remote Device 121 Problems with Date and Time 0 0 cece ee ee 122 Troubleshoot
87. e a Point to Point Wireless Network on page 88 Wireless point to multipoint bridge In this mode the wireless access point is the master for a group of up to four access points that function in bridge mode You can use point to multipoint bridge mode with or without client association The other access points in the group need to be set to point to point bridge mode using the MAC address of the master wireless access point Rather than communicating directly with each other all other bridge mode access points send their traffic to the master wireless access point Whether or not you enable client association use WEP WPA PSK or WPA2 PSK to secure the communication For information about how to configure this mode see Configure a Point to Multipoint Wireless Network on page 93 Repeating the wireless signal In this mode this wireless access point repeats the wireless signal does not support communication with wireless clients and sends all traffic to a remote access point In this mode wireless clients cannot associate with the wireless access point Use WEP WPA PSK or WPA2 PSK to secure the communication with the remote access point For information about how to configure this mode see Configure the Wireless Access Point to Repeat the Wireless Signal Using Point to Multipoint Bridge Mode on page 98 For you to set up a wireless network in a WDS the following conditions need to be met for all access points All access points need to
88. e set identifier BSSID is a unique identifier attached to the header of packets sent over a WLAN that differentiates one WLAN from another when a mobile device tries to connect to the network The multiple BSSID feature allows you to configure up to 16 SSIDs 8 per radio on your wireless access point and assign different configuration settings to each SSID All the Introduction 8 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R configured SSIDs are active and the network devices can connect to the wireless access point by using any of these SSIDs DHCP server and client The DHCP server of the wireless access point can provide a dynamic IP address to wireless clients The wireless access point can also act as a client and obtain an IP address from a DHCP server on the LAN SNMP The wireless access point supports Simple Network Management Protocol SNMP for Management Information Base MIB management STP The wireless access point supports Spanning Tree Protocol STP 802 1Q VLAN A network of computers can behave as if they are connected to the same network even though they might actually be physically on different segments of a LAN Virtual LANs VLANs are configured through software rather than hardware which makes them very flexible VLANs are very useful for user and host management bandwidth allocation and resource optimization Key Features The wireless access point provides solid functionality
89. eassembly e Auto or long preamble e Roaming among wireless access points on the same subnet Autosensing Ethernet Connections with Auto Uplink The wireless access point can connect to a standard Ethernet network The LAN interface is autosensing and capable of full duplex or half duplex operation The wireless access point incorporates Auto Uplink technology The Ethernet port automatically senses whether the Ethernet cable plugged into the port should have a normal connection such as to a computer or an uplink connection such as to a switch or hub That port then configures itself correctly This feature also eliminates any concerns about crossover cables as Auto Uplink accommodates either type of cable to make the right connection Hardware Description This section describes the top and rear hardware functions of the wireless access point e op Panel e Hear Panel e Bottom Panel with Product Label Top Panel The LEDs of the wireless access point are described in the following figure and table 1 2 3 4 5 Figure 1 Top panel with LEDs Introduction 11 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 1 Top panel LEDs Description 00 Amber then blinking A self test is running or software is being loaded During startup the LED is first steady amber then goes off and then blinks green before turning steady green after about 45 seconds If after one minute the LED remains am
90. eboot 2 Helease the Reset button During the restoration process the wireless access point automatically restarts The restoration process typically takes about one minute When the Test LED turns off wait a few more seconds before doing anything with the wireless access point Reboot the Wireless Access Point without Restoring the Default Configuration If you do not have physical access to the wireless access point to switch it off and on again you can use the software to reboot the wireless access point gt To reboot the wireless access point 1 Select Maintenance Reset Reboot AP The Reboot AP screen displays Configuration Monitoring Maintenance RFID Support Password Remote Management Upgrade Reboot AP Reboot AP Restore Defaults Reboot AP Reboot 9 ves No 2 Select the Yes radio button By default the No radio button is selected 3 Click Apply Management 72 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The wireless access point reboots The reboot process typically takes about one minute When the Test LED turns off wait a few more seconds before doing anything with the wireless access point Change the Administrator Password The default password is password NETGEAR recommends that you change this password to a more secure password You cannot change the administrator login name admin The ideal password contains no dictionary words from any langua
91. ecifications 125 wireless stations access control 51 associated number of 115 monitoring 111 separating 43 50 trusted 58 WLAN LEDs behavior startup procedure 18 described 12 troubleshooting 118 WMM Wi Fi Multimedia 9 60 62 WPA Wi Fi Protected Access WPA2 and mixed mode adapter restrictions 46 PSK pre shared key configuring with 50 54 RADIUS configuring with 49 53 types of encryption 41
92. ected to the wireless access point over a wireless link You need to use a computer that is connected to the wireless access point over an Ethernet cable A WARNING When uploading software to the wireless access point do not interrupt the web browser by closing the window clicking a link or loading a new page If the browser is interrupted the upload might fail corrupt the software and render the wireless access point inoperable Management 66 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R IMPORTANT In some cases such as a major upgrade you might need to erase the configuration and manually reconfigure your wireless access point after upgrading it To find out if you need to reconfigure the wireless access point see the release notes included with the software Web Browser Upgrade Procedure Upgrading firmware through a web browser is the most common upgrade method To use a web browser to upgrade the wireless access point firmware 1 Download the new software file from the NETGEAR website and save it to your hard disk If necessary unzip the new software file If available read the release notes before upgrading the software Select Maintenance Upgrade Firmware Upgrade The Firmware Upgrade screen displays Configuration Monitoring Maintenance RFID Support Password Reset Remote Management Upgrad Firmware wW i aradi Firmware Upgrade Firmware z Upgrade TFTP
93. ection Status The connection status between the RFID module and the RFID server The options are Connected and Disconnected Advanced Configuration 105 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Setting Description O O OoOO O Traffic Meter Server IP The IP address of the RFID server Received Pkts bytes The number of packets and the number of bytes that are received by the RFID module Transmitted Pkts bytes The number of packets and the number of bytes that are transmitted by the RFID module Connection Duration The period that the connection between the RFID module and the RFID server has been established Reboot or Reset the RFID Module You can reboot or reset the RFID module on the wireless access point Resetting the RFID module restores the defaults setting of the RFID module gt To reboot the RFID module 1 Select RFID gt Maintenance gt Reboot The Reboot RFID Module screen displays Locour Configuration Monitoring Maintenance Configuration Monitor Hainlenai Diagnostics Reboot RFID Module Reboot RFID Module Reboot RFID Module ves No 2 Select the Yes radio button By default the No radio button is selected 3 Click Apply gt To reset the RFID module 1 Select RFID gt Maintenance gt Reset The Reboot RFID Module screen displays Advanced Configuration 106 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380
94. eless shared key encryption broadcast Broadcast enable dymamro vlam Dynamic VLAN id name Profile name security separation Disable associated wireless client communication 288531 Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase EU 3rd security profile enable e 3rd security profile access control Access control enable uccoss DONLPOol polsev Access control policy enable authentication Wireless authentication type Select wireless 802 1x authentication type authentication open encryption authentication 8021x Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 4 4nd security profile enable 4 4th security profile access control Acocess control enable access control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption
95. elnet enabling 65 Temporal Key Integrity Protocol TKIP 41 53 55 TFTP server upgrade procedure 68 time and time zone configuring 21 troubleshooting 122 time out error 120 TKIP Temporal Key Integrity Protocol 41 53 55 TKIP AES WPA amp WPA2 mixed mode 54 55 top panel 11 trademarks 2 traffic advanced QoS configuring 85 network viewing 114 RFID packets viewing 104 WMM QoS configuring 61 transmission opportunity TXOP limit 87 transmission output power 2 4 GHz radio 27 5 GHz radio 30 traps SNMP 65 troubleshooting basic functioning 117 browser configuration 119 date 122 Internet and LAN connection 118 IP addresses requirements 16 LAN path 120 LEDs 117 network configuration 121 path to remote device 121 physical connections 121 pinging 119 120 PoE connection 117 power cord 118 TCP IP settings 118 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R time and time zone 122 time out error 120 trusted wireless stations 58 turning off 2 4 GHz radio 26 5 GHz radio 29 scheduling wireless radio 60 Tx sequence 113 TXOP transmission opportunity limit 87 U unicast packets encryption methods 54 transmitted and received 115 untagged VLAN 80 upgrading software 67 URLs redirecting 81 user name default 18 127 V VAPs virtual access points 84 version software RFID module 105 wireless access point 110 video traffic advanced QoS 85 WMM QoS 61 virtual access points VAPs 84
96. en System _ Although you can use the bridge communication without any and Data Encryption authentication and encryption NETGEAR recommends that continued you use WEP if you do select an open system From the Data Encryption drop down menu select one of the following e None No authentication and encryption e 64 bit WEP Standard WEP encryption using 40 64 bit encryption e 128 bit WEP Standard WEP encryption using 104 128 bit encryption e 152 bit WEP Proprietary WEP encryption mode using 128424 bit encryption This mode functions only with other access points that support this mode To configure WEP 1 In the passphrase field enter a passphrase 2 Click Generate The key is generated and placed in the WEP Key field WPA PSK TKIP Temporal Key Integrity Protocol is the standard encryption method used with WPA PSK and the only selection possible from the Data Encryption drop down menu In the WPA Passphrase Network Key field enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive WPA2 PSK AES Advanced Encryption Standard is the standard encryption method used with WPA2 PSK and the only selection possible from the Data Encryption drop down menu In the WPA Passphrase Network Key field enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive Note If you want to use the 11n rates and speed NETGEAR recommends WPA2 PSK authentication w
97. en lets you configure advanced wireless settings for the 802 11a na modes 3 Specify the settings as explained in the following table setting Description 00000000000 RTS Threshold 0 2347 Enter the Request to Send RTS threshold The default setting is 2347 If the packet size is equal to or less than the RTS threshold the wireless access point uses the Carrier Sense Multiple Access with Collision Detection CSMA CD mechanism and the data frame is transmitted immediately after the silence period If the packet size is larger than the RTS threshold the wireless access point uses the CSMA with Collision Avoidance CSMA CA mechanism In this situation the transmitting station sends an RTS packet to the receiving station and waits for the receiving station to return a Clear to Send CTS packet before sending the actual packet data Advanced Configuration 83 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description S Fragmentation Length 256 2346 Beacon Interval 100 1000 Aggregation Length 1024 65535 Note This setting does not apply to the 802 11b bg modes or the 802 11a mode AMPDU Note This setting does not apply to the 802 11b bg modes or the 802 11a mode RIFS Transmission Note This setting does not apply to the 802 11b bg modes or the 802 11a mode DTIM Interval 1 255 Preamble Type Note This setting applies only to the 802 11b and 80
98. erver port number e9sSes5ver Syslog server IP address status Enable syslog client time settings I1me Setting ntp NTP sever settings jeelient Client enable ecustom server Custom server enable server Server host name timezone Time zone 2vlan VLAN settings management vlan VLAN management id untagged vlan id Untagged VLAN id untagged vlan status Untagged vlan status exit Logout from CLI firmware upgrade Upload new system firmware file fromftp Server firmware upgrade tftp Upload new system firmware file fromtftp server reset ap Beser the ap restore configuration Restore system configuration restore default password Restore default system password restore factory default Restore default system configurations save and activate Save and activate configuration show Show system settings country 5now Country dhcp Show DHCP settings ethernet Ethernet interface Statisties Show ethernet statistics hotspot Show hotspot settings npe IP settings config Show IP configurations erectus Show IP status log Show system logs name Show ap name radio qe2 4 Show 2 4GHz wlan interface settings je4 34 2 4GHz wlan interface settings associated client Associated client s macacl Wireless access control ACL mac a
99. ettings on page 21 e All APs use the same channel authentication mode and security settings Verify connectivity across the LANs A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other computers or servers connected to any of the three LAN segments Advanced Configuration 97 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Note You can extend this multipoint bridging configuration by adding more wireless access points that are configured in point to point mode for each additional LAN segment Configure the Wireless Access Point to Repeat the Wireless Signal Using Point to Multipoint Bridge Mode You can configure the wireless access point to repeat the wireless signal without communication with other wireless clients All traffic is sent to the remote or downstream wireless access point You can configure up to four security profiles to enable the wireless access point to repeat the wireless signal for four remote wireless access points Each security profile requires a unique name and needs to include the MAC address of the remote wireless access point You can configure up to four such security profiles NETGEAR WDS 1 NETGEAR WDS 2 and so on The following figure shows an example in which AP1 AP2 and AP3 repeat the wireless signal in point to multipoint bridge mode AP2 requires a security profile for AP1 and another one for AP3 AP1 c S
100. f the path is working you see this message Reply from IP address gt bytes 32 time NN ms TTL xxx Troubleshooting 120 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R If the path is not working you see this message Request timed out If the path is not functioning correctly you could have one of the following problems e Wrong physical connections Make sure that the Active LED and LAN LED are lit If one or both of these LEDs are off follow the instructions in The Active LED or the LAN LED Is Not Lit on page 118 Check that the corresponding link LEDs are lit on the hub switch or router ports that are connected to your computer and the wireless access point e Wrong network configuration Verify that the Ethernet card driver software and TCP IP software are both installed and configured on your computer Verify that the IP address for your wireless access point and your workstation are correct and that the addresses are on the same subnet Test the Path from Your Computer to a Remote Device After verifying that the LAN path works correctly test the path from your computer to a remote device 1 2 From the Windows toolbar click the Start button and select Run In the Windows Run window type ping n 10 lt P address gt where lt P address gt is the IP address of a remote device such as the DNS server of your ISP If the path is functioning correctly replies as in
101. ff The Wireless On Off screen displays Configuration Monitoring Maintenance RFID Support System IP i Security Wireless Bridge Basic Wireless On Off Wireless Settings Wireless On Off Wireless On Off QoS Settings Advanced Wireless on off Radio off schedule Radio ON Time Radio OFF Time 2 Specify the settings as explained in the following table setting Description S o Wireless on off Select the On radio button to enable the timer By default the Off radio button is selected Radio off schedule Select check boxes to specify the days when you want to schedule the radios to be turned off By default Saturday and Sunday are selected Radio ON Time Enter the time that you want the radios to be turned back on Use 24 hour time format Radio OFF Time Enter the time that you want the radios to be turned off Use 24 hour time format 3 Click Apply Configure Basic Wireless Quality of Service Wi Fi Multimedia WMM is a subset of the 802 11e standard WMM allows wireless traffic to have a range of priorities depending on the type of data Time dependent information such as video or audio has a higher priority than normal traffic For WMM to function correctly wireless clients also need to support WMM Wireless Configuration and Security 60 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R By enabling WMM you allow Quality of Service QoS control for upstream traffic flowing
102. frits Lhreshold wds wds fod jede ez e authentication xd 3 authentication authentication authentication open encryption name remote mac Wwep key wpa passphrase authentication open encryption name remote mac wep key wpa passphrase Database Wireless RTS CTS threshold Wireless Bridge status Wireless Bridge setting 1st WDS security profile status 1st security profile Authentication type pata encryption Profile name Remote MAC Wireless wep key Wireless wpa passphrase 2nd WDS security profile status 2nd security profile Authentication type pata encryption Profile name Remote MAC Wireless wep key Wireless wpa passphrase 3rd WDS security profile status 3rd security profile Authentication type Command Line Reference 138 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R authentication open encryption pata encryption name Profile name remote mac Remote MAC wep key Wireless wep key wpa passphrase Wireless wpa passphrase 4 4th WDS security profile status 4 4th security profile authentication Authentication type authentication open encryption pata encryption name Profile name remote mac Remote MAC wep key Wireless wep
103. from a wireless client to the wireless access point and for downstream traffic flowing from the wireless access point to a wireless client WMM defines the following four queues in decreasing order of priority e Voice The highest priority queue with minimum delay which makes it ideal for applications like VoIP and streaming media e Video The second highest priority queue with low delay is given to this queue Video applications are routed to this queue e Best Effort The medium priority queue with medium delay is given to this queue Most standard IP applications use this queue e Background Low priority queue with high throughput Applications such as FTP that are not time sensitive but require high throughput can use this queue The WMM Powersave feature saves power for battery powered equipment by increasing the efficiency and flexibility of data transmission Note For information about how to configure advanced wireless QoS that is to configure specific Enhanced Distributed Channel Access EDCA settings see Configure Advanced Quality of Service Settings on page 85 To configure basic wireless QoS 1 Select Configuration Wireless Basic QoS Settings The basic QoS Settings screen displays Configuration Monitoring Maintenance RFID Support System IP i Security Wireless Bridge Basic QoS Settings Wireless Settings Wireless On Off QoS Settings QoS Settings a Jose 802 11b bg ng B
104. g country dhcp gt dire f ane2Z gateway lease Stet Status stop subnet l w lan winsl wins2 address dhcp client dns gateway subnet 131 Backup configuration Configuration setting Country region DHCP server setting DNS1 server DNS2 server default gateway Lease time Start IP address Status Stop IP address subnet mask Vlan id WINS1 server WINS1 server Hotspot setting Hotspot redirection URL HOLSDOL status set host IP Host IP address Enable dhcp client IP address of DNS server IP address of default gateway IP address of Subnet mask Access point name ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R no gt dhcp gt dns1 dns2 winsl wins2 l radius primary gt auth port acoct port auth server acct server secondary auth port leacct Dort auth server acct server radio 2 4 2 4 gt 29021ld aggregation length ampdu beacon interval channel channel auto channel width client isolation data rate dtim fragmentation length guard interval macacl add macacl del macacl del all max client power preamble type rifs transmission rogue ap detection rogue ap detection knownap add
105. ge and is a mixture of letters both uppercase and lowercase numbers and symbols Your password can be up to 30 characters gt To change the administrator password 1 Select Maintenance Password Change Password The Change Password screen displays Configuration Monitoring Maintenance RFID Support i Reset Remote Management Upgrade Change Password Change Password Change Password Current Password rT ET Tit New Password Repeat New Password Restore Default Password OQ vee No 2 Take one of the following actions e Enter a new password twice once in the New Password field and again in the Repeat New Password field e Next to Restore Default Password select the Yes radio button to restore the default password By default the No radio button is selected 3 Click Apply If you have restored the default password the login password is password If you have configured a new password write it down in a secure place Enable the Syslog Server If you have a syslog server on your LAN the Syslog screen allows you to enable the syslog option If syslog is enabled the wireless access point sends its syslog files to the syslog Server Management 73 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R gt To enable a syslog server 1 Select Configuration gt System gt Advanced gt Syslog The Syslog screen displays Configuration Monitoring Maintena
106. gs Metwork Authentication WPA PSK amp WPA2 PSK Data Encryption TEIP AES WPA Passphrase Network Key EITTIE Show Passphrase in Clear Text 9 No vas Figure 17 WPA PSK amp WPA2 PSK Wireless Configuration and Security 54 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 4 Settings for WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK Setting Descriptions Data Encryption Temporal Key Integrity Protocol TKIP is the standard encryption method used with WPA You can also use TKIP with WPA2 Note TKIP provides only legacy slower rates of operation If you want to use the 11n rates and speed NETGEAR recommends WPA2 authentication with AES encryption Advanced Encryption Standard AES is the standard encryption method used with WPA2 Note Although some wireless clients might support AES with WPA the WNDAP380R wireless access point does not support WPA with AES TKIP AES TKIP AES supports both WPA and WPA2 Broadcast packets use TKIP For unicast point to point transmissions WPA clients use TKIP and WPA2 clients use AES For the WPA amp WPA2 mixed mode TKIP AES is the only supported data encryption method Passphrase Enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive The default passphrase is sharedsecret You can display the actual passphrase by selecting the Show Passphrase in Clear Text Yes radio button Show Pas
107. h the wireless access point s new settings Wireless Data Security Options Indoors computers can connect over 802 11n wireless networks at a maximum range of 300 feet Typically a wireless access point inside a building works best with devices within a 100 foot radius Such distances can allow for others outside your immediate area to access your network Unlike wired network data your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter For this reason use the security features of your wireless equipment The wireless access point provides highly effective security features that are covered in detail in this chapter Deploy the security features appropriate to your needs Wireless data security options Range Up to 300 feet radius r d a a at Wap 5 T 1 No security Easy but no security at all 2 MAC access list No data security 3 WEP Secure but vulnerable 4 WPA or WPA PSK Strong security 5 WPA2 or WPA2 PSK Very strong M N Figure 8 Wireless data security options Wireless Configuration and Security 40 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R There are many ways in which you can enhance the security of your wireless network Use multiple BSSIDs combined with VLANs You can configure combinations of VLANS and BSSIDs security profiles with stronger or less restrictive access security according to yo
108. ifications e Dimensions h x w x d 253 75 x 253 75 x 54 76 mm 10 0 x 10 0 x 2 16 in e Weight 1 5 kg 3 31 Ib Environmental Operating temperature 0 to 55 C 32 to 131 F specifications Operating humidity 10 996 noncondensing Electromagnetic CCC and SRRC compliance Factory Default Settings You can use the Reset button located on the rear of the wireless access point to reset all settings to their factory defaults This is called a hard reset To perform a hard reset use a sharp object to press and hold the Reset button for approximately 10 seconds until the Test LED blinks rapidly This returns the wireless access point to the factory configuration settings that are shown in the following table Note Pressing the Reset button for less than 10 seconds simply causes the wireless access point to reboot Table 6 Default configuration settings Login for management and configuration LAN management address 192 168 0 100 Subnet mask for management address 255 255 255 0 Required static address for management computer 192 168 0 210 and 255 255 255 0 Supplemental Information 127 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Table 6 Default configuration settings continued Feature Description O LAN and management features Disabled Enabled VLAN ID 1 VLAN ID Disabled Disabled Disabled Enable Disabled Disabled USA Paci Enable Disabled 1071001000 See bottom abel
109. igured correctly or the IP address behind the remote access point is reachable g Click Apply The bridge configuration is saved The Bridging screen displays again h Optional Clear the Enable Wireless Client Association check box to disable wireless client association while the wireless access point functions as a point to point bridge By default the Enable Wireless Client Association check box is selected and wireless client association is enabled i If the correct profile name and security option are displayed in the table select the check box in the Enable column j Click Apply The point to point bridge settings are saved 2 Configure a second wireless access point AP2 on LAN Segment 2 see Figure 18 on page 89 in point to point bridge mode AP1 needs to have AP2 s MAC address in its Remote MAC Address field and AP2 needs to have AP1 s MAC address in its Remote MAC Address field Advanced Configuration 92 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 3 Verify the following settings for both wireless access points e Both APs are configured to operate in the same LAN network address range as the LAN devices e f you use DHCP both APs can obtain an IP address automatically as a DHCP client For more information see Configure the IP Settings on page 21 e Both APs use the same channel authentication mode and security settings 4 Verify connectivity across the LANs
110. include the following e Date and time shown is Thu Jan 1 08 00 41 CST 1970 or a similar incorrect date and time Cause The wireless access point has not yet successfully reached the network time server Check that your Internet access settings are configured correctly If you have just completed configuring the wireless access point wait at least five minutes and check the date and time again e The day is correct or one day ahead or behind and the hours are ahead or behind Cause You have selected an incorrect time zone for your area Specify the correct time zone on the Time screen see Configure Basic General System Settings and Time Settings on page 20 Troubleshoot the RFID Module If problems occur with the RFID module or the RFID network you can use the Advanced Management screen to perform tests using debug commands in hexadecimal format and view the test results onscreen Totest the RFID module or RFID network 1 Select RFID gt Diagnostics The Advanced Management screen displays Troubleshooting 122 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance Configuration Monitor Maintenance Advanced Management Ma dule Test Server 132 168 110 Command zSTS12FFFF454C596E6B303031FE090000000013FF0135 S6STS12FFFF454C6986E6B303031FE0850000000013FF2DBO ZSTS12FFFFA540696E6B303031FE000000000013FF0135 OSSTSI2FFFF454C696E6B303031FE090000000013FF2DB0 Z amp
111. int sends frames that are associated with the untagged VLAN from its Ethernet interface those frames are untagged When the wireless access point receives untagged frames over its Ethernet interface those frames are assigned to the untagged VLAN Note Use an untagged VLAN only if the hubs and switches on your LAN support the 802 1Q VLAN protocol Likewise change the untagged VLAN value only if the hubs and switches on your LAN support the 802 1Q VLAN protocol e Tagged VLAN When you clear the Untagged VLAN check box the wireless access point tags all frames that are sent from its Ethernet interface Only incoming frames that are tagged with known VLAN IDs are accepted e Management VLAN The management VLAN can be active only when the wireless access point functions as a point to point or point to multipoint bridge see Configure Wireless Bridging on page 88 The management VLAN is used for managing traffic Telnet SNMP and HTTP to and from the wireless access point Frames belonging to the management VLAN are not given any 802 1Q header when they are sent over the trunk If a port is in a single VLAN it can be untagged However if the port is a member of multiple VLANs it needs to be tagged A WARNING Selecting the Untagged VLAN check box or changing the untagged VLAN value causes loss of IP connectivity if the hubs and switches on your LAN have not yet been configured with the corresponding VLAN gt To configure STP and VL
112. ireless Stations screen contains the Available Wireless Stations table This table shows all IP devices that are associated with the wireless access point in the wireless network that is defined by the wireless network name SSID The table headings indicate the wireless modes 802 11b 802 11bg or 802 11ng for the 2 4 GHz band and 802 11a or 802 11na for the 5 GHz band Note A wireless network can include multiple wireless access points all using the same network name SSID This uniformity extends the reach of the wireless network and allows users to roam from one wireless access point to another providing seamless network connectivity Under these circumstances be aware that the Available Wireless Stations table includes only the stations associated with this wireless access point gt To view the attached wireless clients and to view details for a wireless client 1 Select Monitoring gt Wireless Stations The Wireless Stations screen displays Configuration Monitoring Maintenance RFID Support 5y sb rm Rogue AP Logs Statistics Wireless Stations Wireless Stations Available Wireless Stations H02 11ng L1 MAC Address Channel Rate en J dT 07 2 72 7 amp OD iA DD D0 28 01 METGEAR Iing 1 iM FOSTRE nane i iig Arrociated 3 d id isd adi66 41 DOO 1A DD 0O0 28 01 NETGEAR iing i 130M QOS ERP HT none z iing Aiisciatad Available Wireless Stations 802 11na q MAC Address BSSID SSID
113. ireless network SSID for 802 11a na modes 29 wireless network SSID for 802 11b bg ng modes 27 NetBIOS name 20 network authentication 43 configuration troubleshooting 121 integrity check 23 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R traffic statistics viewing 114 Network Time Protocol NTP client and server 21 O open system no security 49 51 operating frequencies 125 operating modes 9 order of installation and configuration 16 output power 2 4 GHz transmission 27 5 GHz transmission 30 P package contents 7 packets received and transmitted RFID module 104 wireless access point 115 passphrase WEP 52 WPA WPA2 and mixed mode 42 55 password changing or restoring 73 default 18 login 127 physical connections troubleshooting 121 physical specifications 127 pinging wireless access point 119 120 placement wireless equipment 15 PoE Power over Ethernet 10 17 point to multipoint bridge regular mode 93 repeating wireless signal 98 point to point bridge 88 policy access control 51 port and connectors rear panel 12 ports RADIUS servers 56 SNMP manager traps 65 syslog server 74 power adapter specifications 127 power redundancy 17 power socket 13 Power Test LED behavior startup procedure 17 described 12 troubleshooting 117 powersaving WMM 62 preamble type 84 pre shared key PSK WPA WPA2 and mixed mode 42 55 150 priority queues advanced QoS 85
114. it in milliseconds for the doubling of the random back off value Decreasing this value increases the priority of the queue The value for cwMax needs to be higher than the value for cwMin Valid values are 0 1 3 7 15 31 63 127 255 511 and 1023 The default values are Data 0 1023 Data 1 1023 Data 2 15 Data 3 7 TXOP Limit Enter the transmission opportunity TXOP value that specifies the time interval in microseconds in which a client station can initiate transmissions on the wireless medium WM Decreasing this value increases the priority of the queue Valid values for TXOP Limit are all multiples of 32 between 0 and 8192 inclusive of 0 and 8192 The default values are Data 0 0 Data 1 0 Data 2 3008 Data 3 1504 4 Click Apply Advanced Configuration 87 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configure Wireless Bridging The wireless access point supports a wireless distributing system WDS that lets you build large bridged wireless networks You can select from the following wireless access point modes Wireless point to point bridge In this mode the wireless access point can communicate with another access point that also functions in bridge mode You can use this mode with or without client association Whether or not you enable client association use WEP WPA PSK or WPA2 PSK to secure the communication For information about how to configure this mode see Configur
115. ith AES encryption Link Test The link test lets you validate the bridge configuration by testing whether an IP address behind the remote access point is reachable IP Address Enter an IP address that can be reached through the remote access point for which you are setting up a bridge configuration Click Link Test Link Test Process After one minute or less the link test returns one of the following results Status Success The link can be established using the bridge configuration and the IP address behind the remote access point is reachable You can click Apply to save the bridge configuration Failure The link cannot be established using the bridge configuration Either the remote access point is not configured correctly or the IP address behind the remote access point is reachable Advanced Configuration 96 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R h Click Apply The bridge configuration is saved The Bridging screen displays again i Repeat Step e through Step h for any other security profile that you want to edit For example first configure security profile NETGEAR WDS 1 with the MAC address of AP2 and then configure security profile NETGEAR WDS 2 with the MAC address of AP3 see Figure 19 on page 93 Activate the wireless access point AP1 on LAN Segment 1 in Figure 19 on page 93 as a point to multipoint bridge that is as the master in the wireless network a On the
116. ith the TCP IP protocol installed and a web browser for configuration such as Microsoft Internet Explorer 8 0 or later or Mozilla Firefox 18 0 or later If you use radio frequency identification RFID tags and devices a computer that functions as an RFID server Key Features and Standards This section includes the following subsections Supported Standards and Conventions Key Features 802 11b g n and 802 11a n Standards Based Wireless Networking Autosensing Ethernet Connections with Auto Uplink The wireless access point is easy to use and provides solid wireless and networking support It also offers a wide range of security options Supported Standards and Conventions The wireless access point supports the following standards and conventions Standards compliance The wireless access point complies with the IEEE 802 11a b g standards for wireless LANs and is Wi Fi certified for 802 11n standard WPA and WPA2 The wireless access point provides WPA and WPA2 enterprise class strong security with RADIUS and certificate authentication as well as dynamic encryption key generation The WPA PSK and WPA2 PSK pre shared key authentication does not have the overhead of RADIUS servers but provides the strong security of WPA Multiple BSSIDs The wireless access point supports multiple BSSIDs When a wireless access point is connected to a wired network and a set of wireless clients it is called a basic service set BSS The basic servic
117. key wpa passphrase Wireless wpa passphrase allow sta Enable wireless client association wlan Create security profile 1st security profile enable ped l1st Security profile aecess cont rol Access control enable eaccess control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption ebroadcast Broadcast enable dynamic vlan pynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 2 2nd security profile enable 22 2nd security profile access control Acoess control enable access control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type Command Line Reference 139 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R authentication shared key encryption Wir
118. l SNMP and the remote console Secure Shell SSH are enabled by default which allows for remote management of the wireless access point from a client running SNMP management software as well as from an SSH client The Telnet console is disabled by default SNMP Management The SNMP screen lets you configure the IP address of the SNMP manager the community names and the trap information gt To set up an SNMP management interface 1 Select Maintenance Remote Management SNMP The SNMP screen displays Configuration Monitoring Maintenance RFID Support Password Reset i Upgrade SNMP SNMP Remote Console SNMP Settings SNMP 9 Enable Disable Read Only Community Name public Read Write Community Name private Trap Community Name trap IP Address to Receive Traps Trap Port 152 CANCEL APPLY 2 Specify the settings as explained in the following table setting Description 0000000000000 Select the Enable radio button to allow the SNMP network management software such as HP OpenView to manage the wireless access point through SNMPv1 v2 protocol By default the Disable radio button is selected Read Only Community Name Enter the community string to allow the SNMP manager to read the wireless access point s Management Information Base MIB objects The default is public Management 64 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting beseription U Read
119. less Access Point Configure Basic General System Settings and Time Settings Configure the IP Settings Configure the Optional DHCP Server 6 Configure the Basic Wireless Settings EE E E a Before installing the wireless access point make sure that your Ethernet network functions After you have connected the wireless access point to the Ethernet network computers with 802 11b g n and 802 11a n wireless adapters are able to communicate with the Ethernet network For this to work correctly verify that you have met all the system requirements shown in System Requirements on page 8 Installation and Basic Configuration 16 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Connect the Wireless Access Point to a Computer Tip Before you place the wireless access point in an elevated position that is difficult to reach first set up and test the wireless access point to verify wireless network connectivity Tosetup the wireless access point 1 2 Unpack the box and verify the contents Prepare a computer with an Ethernet adapter If this computer is already part of your network record its TCP IP configuration settings Configure the computer with a static IP address of 192 168 0 210 and 255 255 255 0 as the subnet mask Connect an Ethernet cable to the Ethernet port A of the computer Securely insert the other end of the Ethernet cable into the wireless access point s Ethernet port B Turn
120. less Bridge Basic General General Time General Advanced AP Name netgearl02808 Country Region China 2 Configure the settings as explained in the following table setting Description 0000000000000 Access Point Name This unique name is the wireless access point NetBIOS name The name is printed on the rear label of the wireless access point The default is netgearxxxxxx in which XXXXxx represents the last six digits of the wireless access point MAC address You can replace the default name with a unique name up to 15 characters long The access point name can be retrieved through SNMP Country Region From the Country Region drop down menu select the country where the wireless access point is installed Note It might not be legal to operate this wireless access point in a region other than one of the regions that you can select from the drop down menu 3 Click Apply gt To configure time settings 1 Select Configuration System Basic Time The Time screen displays Installation and Basic Configuration 20 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID Support IP Wireless Security Wireless Bridge Basic Time General Time Time Settings Advanced Time zone China Current Time Sun Jan 13 04 51 41 CST 2013 NTP Client 9 Enable Disable Use Custom NTP Server El Hostnam
121. llation is at the center of your wireless coverage area and within line of sight of all mobile devices Make sure the top the dome side of the wireless access point is directed toward the users and not the ceiling Installation and Basic Configuration 31 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Figure 6 Best location for ceiling installation Note Do not place the wireless access point in a false ceiling space facing up To install the wireless access point using the ceiling installation kit 1 Verify the package contents of the ceiling installation kit Mounting plate UZ SC Ww m a n a mr Tr XN aa ITAN lt C OM f ML P 1 Lett A GP v p J Ne g5 IZ Ls NN CM n aa a i p B E S ENN utt I S ae CL n c gt a a SS o i ES d a we a A KA ev Clamp with screws gt F a PA a Se i t3 5 Installation and Basic Configuration 32 HE e ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 2 Detach the mounting plate from the wireless access point 3 Attach the clamp to the ceiling rail 4 Attach the mounting plate to the clamp Installation and Basic Configuration 33 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 5 Connect the cables to the wireless access point eet St nt PEDRO a es s s a 6 A
122. low sta Enable wireless client association wlan gt Create security profile Jp 1st security enable a 1st security profile a ecess control Access control enable eacoess conLrol poliecy Access control policy enable Command Line Reference 133 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ess Td Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 2 2nd security profile enable 7 gt 2nd security profile access control Access control enable access control polrcy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamrc vlam Dynami
123. lowing from the client station to the wireless access point Hotspot support You can allow all HTTP TCP port 80 requests to be captured and redirected to the URL you specify Rogue AP detection Rogue AP filtering ensures that unknown APs are not given access to any part of the secured wireless and wired LAN Introduction 9 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R e Access control MAC address filtering can ensure that only trusted wireless clients can use the wireless access point to gain access to the wireless and wired LAN e Security profiles When using multiple BSSIDs you can configure unique security settings encryption SSID and so on for each BSSID e Hidden mode The SSID is not broadcast assuring that only clients configured with the correct SSID can connect e Telnet and SSH command line Interface Using an application such as PuTTY you can access the wireless access point over a Telnet or Secure Shell SSH connection and use the command line interface CLI to configure the wireless access point e Upgradeable firmware Firmware is stored in flash memory You can upgrade it easily using only your web browser and you can upgrade it remotely You can also use the command line interface e Configuration backup Configuration settings can be backed up to a file and restored e Secure and economical operation Adjustable power output allows more secure or economical operation
124. lt configuration settings continued Description Preamble type Auto Internal 802 11d Enabled Client isolation Disabled NO Co Maximum wireless clients gt 2 mp D 2 RV Wi Fi Multimedia WMM Enabled Enabled WMM powersave AP EDCA parameters QoS settings See the table in Configure Advanced Quality of Service Settings on page 85 Station EDCA parameters QoS settings Wireless bridging Disabled Default wireless profile and profile security Profile name NETGEAR Profile state Enabled Wireless network names SSIDs NETGEAR 11ng NETGEAR 11na Broadcast wireless network names SSIDs Enabled Network authentication Open system no authentication Data encryption None Wireless client security separation Disabled VLAN ID Wireless security features Rogue AP detection Disabled MAC authentication Disabled RADIUS servers None RADIUS authentication port number 1812 RADIUS shared secret sharedsecret RADIUS accounting port number 1813 RADIUS reauthentication time 3600 seconds RADIUS update of the global key 1800 seconds Supplemental Information 130 Command Line Reference The wireless access point can be configured through either the command line interface CLI a web browser or a MIB browser The CLI allows viewing and modification of the configuration from a terminal or computer through a Telnet or SSH connection Keyword Description backup configuration confi
125. me Security METGEAR WDS 1 Open System HETGEAR WD S 2 Open System HETGEAR WDS 3 Open System NETGEAR WOS 4 Open Systern EDIT CANCEL APPLY e Select a security profile to edit by selecting the corresponding radio button to the left f of the profile Edit to configure the selected security profile settings The Edit Security Profile screen displays for the selected security profile The following figure contains some examples Advanced Configuration 99 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID System IP Wireless Security Bridging Edit Security Profile Profile Definition Profile Name NETGEAR WDS 1 Remote MAC Address DUZZADIDD AZBB Profile Definition Network Authentication WPAZ PSK v Data Encryption AES WPA Passphrase Network Key BEBBBEESEBES Link Test IP Address Link Test Process Status Uninitialized BACK CANCEL APPLY g Specify the settings as explained in the following table setting Description 0000000000 Profile Definition Profile Name Enter a profile name that is easy to remember The default names for the four security profiles are NETGEAR WDS 1 NETGEAR WDS 2 NETGEAR WDS 3 and NETGEAR WDS 4 Remote MAC Address Enter the MAC address of the remote wireless access point the MAC address of AP1 or AP3 in Figure 20 on page 98 Authentication Settings Network Authentication
126. n delivery traffic indication message period in multiples of beacon intervals This value needs to be between 1 and 255 The default setting is 3 Select one of the following radio buttons to specify the preamble type for the 802 11b mode or 802 11bg mode e Long A long transmit preamble might provide a more reliable connection or a slightly longer range A short transmit preamble gives better performance Auto The Auto setting enables the wireless access point to handle both long and short preambles The default setting is Auto Select this check box to enable support for additional regulatory domains that are not in the current standard support includes the addition of a country information element to beacons probe requests and probe responses This check box is selected by default From the drop down menu select one of the following options e Enable Communication between wireless clients that are associated to different virtual access points VAPs is blocked Disable Communication between wireless clients that are associated to different VAPs is allowed This is the default setting Advanced Configuration 84 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 000000000000 Max Wireless Clients Enter the maximum number of wireless clients that can simultaneously connect to the wireless access point at one time The default setting is 128 clients 4 Click Apply Configu
127. n can vary depending on both your security settings and placement WEP connections can take slightly longer to establish Also WEP encryption can consume more battery power on a notebook computer Note Before you position and mount the wireless access point at its permanent position first configure the wireless access point and test the computers on your LAN for wireless connectivity as explained in this chapter Installation and Basic Configuration 15 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Ethernet Cabling Requirements The wireless access point connects to your LAN using twisted pair Category 5 Ethernet cable with RJ 45 connectors LAN Configuration Requirements For the initial configuration of your wireless access point you need to connect a computer to the wireless access point Hardware Requirements for Computers on Your LAN To connect to the wireless access point on your network each computer needs to have an 802 11b g n or 802 11a n wireless adapter installed Requirements for Entering IP Addresses The fourth octet of an IP address needs to be between 0 and 255 both inclusive This requirement applies to any IP address that you enter on a screen of the web management interface Install and Configure the Wireless Access Point Install and configure your wireless access point in the order of the following sections Connect the Wireless Access Point to a Computer Log In to the Wire
128. n menu select a channel width The options are Dynamic 20 40 MHz 20 MHz and 40 MHz The default is 20 MHz A wider channel improves the performance but some legacy devices can operate only in either 20 MHz or 40 MHz Guard Interval From the drop down menu select the guard interval to protect transmissions from interference The default is Auto or you can select Long 800 ns Some legacy devices can operate only with a long guard interval From the drop down menu select the transmission power of the wireless access point Full Half Quarter Eighth Minimum The default is Full Note Increasing the power improves performance but if two or more wireless access points are operating in the same area and on the same channel interference can occur Note Make sure that you comply with the regulatory requirements for total radio frequency RF output power in your country Installation and Basic Configuration 27 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 6 Click Apply The selected wireless mode is now enabled Note For information about how to configure advanced wireless settings see Configure Advanced Wireless Settings on page 82 Configure 802 11a na Wireless Settings If you click the 802 11a na tab on the basic Wireless Settings screen you can configure the 802 11a or 802 11na wireless mode the SSID and other wireless settings To configure the 802 11a na wireless settings 1
129. nce RFID Support IP Wireless Security Wireless Bridge Basic Syslo Advanced 3 General Syslog Settings Hotspot Syslog Enable Syslog Syslog Server IP Address Port Number CANCEL APPLY 2 Specify the settings as explained in the following table setting Description S Enable Syslog Select the check box to enable the syslog option By default the syslog option is disabled Syslog Server IP Address Enter the IP address of the syslog server to which the wireless access point sends the syslog files Port Number Enter the port number that is configured on the syslog server The default port number is 514 3 Click Apply Enable Rogue AP Detection and Monitor Access Points This section describes how to use the Rogue AP detection feature to provide more security in your wireless network e Enable and Configure Rogue AP Detection e View and Save Access Point Lists Enable and Configure Rogue AP Detection The wireless access point can detect rogue access points and prevent them from connecting to the wireless access point The wireless access point maintains a list of access points it detects in the area Initially all detected access points are displayed in the Unknown AP List You restrict communication to approved access points by adding them to the Known AP List and enabling the rogue AP detection feature Management 74 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R
130. ncryption or with WEP encryption See Configure an Open System with WEP or Shared Key Note The data with WEP on page 51 encryption fields that display onscreen Shared Key Use WEP encryption and enter at least one shared key depend on your See Configure an Open System with WEP or Shared Key selection from the with WEP on page 51 Network Authentication drop down menu Legacy 802 1X Configure the RADIUS server settings Encryption is not supported See Configure Legacy 802 1X on page 52 WPA with Radius Configure the RADIUS server settings and select TKIP or TKIP AES encryption See Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS on page 53 WPA2 with Radius Configure the RADIUS server settings and select AES or TKIP AES encryption See Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS on page 53 Note Select this setting only if all clients support WPA2 Wireless Configuration and Security 49 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Setting Description Network Authentication WPA amp WPA2 with Configure the RADIUS server setting TKIP AES and Data Encryption Radius encryption is the default encryption continued See Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS on page 53 Note This setting allows clients to connect through either WPA with TKIP or WPA2 with AES Enter a WPA
131. ne of the queues A different type of data is associated with each queue You can configure how the wireless access point treats each queue The queues defined for different types of data transmitted from AP to station and station to AP are e Data 0 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue e Data 1 Background Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for example e Data 2 Video Highest priority queue minimum delay Time sensitive video data is automatically sent to this queue e Data 3 Voice Highest priority queue minimum delay Time sensitive data such as VoIP and streaming media are automatically sent to this queue Advanced Configuration 85 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R gt To configure advanced QoS 1 2 oelect Configuration Wireless Advanced QoS Settings The advanced QoS Settings screen displays Configuration System IP Basic Advanced Monitoring Maintenance RFID Support Security Wireless Bridge QoS Settings Wireless Settings QoS Settings QoS Settings 802 11b bg ng B02 11a na AP EDCA parameters beers wow e 03 Bac aia l Data 27 Video 1 7 v 15 Data 3 Voice iM Station EDCA parameters Data O Best Effort PRE
132. ng information in Chapter 4 Management cannot remember the wireless access point s configuration password Go to Change the Administrator Password on page 73 want to clear the configuration and start over again Go to Restore the Wireless Access Point to the Factory Default Settings on page 70 116 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Basic Functioning This section describes how you can use the LEDs to troubleshoot the wireless access point e Verify the Correct Sequence of Events at Startup e No LEDs Are Lit on the Wireless Access Point e he Active LED or the LAN LED Is Not Lit e The WLAN LED Is Not Light Note For descriptions of the LEDs see Top Panel on page 11 Verify the Correct Sequence of Events at Startup gt After you turn on power to the wireless access point check that the following sequence of events occurs e he Power Test LED is first steady amber then goes off and then blinks green before turning steady green after about 45 seconds e he Active LED is lit or blinks green when there is Ethernet traffic e The LAN LED indicates the LAN speed green for 1000 Mbps and amber for 100 Mbps or 10 Mbps e he WLAN LED is lit or blinks green when the wireless LAN WLAN is ready If any of these conditions does not occur see the appropriate following section No LEDs Are Lit on the Wireless Access Point It takes a few seconds for the Power LED to light Wait 30
133. nknown AP List In the Unknown AP List select individual check boxes for access points Optional Select the check box in the column heading to select all access points 7 Click Move Access points are transferred from the Unknown AP List to the Known AP List 8 Click Apply gt To remove APs from the Known AP List and return them to the Unknown AP List on 1 In the Known AP List select individual check boxes for access points 2 Optional Select the check box in the column heading to select all access points 3 Click Delete 4 Click Refresh Management 75 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Unknown AP List The wireless access point detects the removed access points and repopulates the gt To import a file with a precompiled list of access points into the Known AP List 1 p ae 4 5 Take one of the following actions e Select the Replace radio button The imported list of access points replaces the existing Known AP List e Select the Merge radio button The imported list of access points is added to the existing Known AP List Click Browse Locate the file that contains the list of access points This file needs to be a simple text file with one MAC address per line Select the file and click Open Click Apply The list of access points is uploaded to the Known AP List View and Save Access Point Lists The wireless access point detects nearby A
134. nsmitted over the wireless connection since the wireless access point was restarted Client Association 802 11b Radio 802 11bg Radio or 802 11ng Radio The number of associated clients that are connected to the radio in the and configured wireless modes 802 11na Radio or 802 11a Radio Monitoring 115 Troubleshooting This chapter provides information about troubleshooting the wireless access point After each problem description instructions are given to help you diagnose and solve the problem For the common problems listed go to the section indicated Is the wireless access point on Go to Basic Functioning on page 117 Have connected the wireless access point correctly Go to Basic Functioning on page 117 cannot access the Internet or the LAN Go to You Cannot Access the Internet or the LAN from a Wireless Capable Computer on page 118 cannot access the wireless access point from a browser Go to You Cannot Configure the Wireless Access Point from a Browser on page 119 A time out occurs Go to When You Enter a URL or IP Address a Time Out Error Occurs on page 120 have problems with the LAN connection Go to Troubleshoot a TCP IP Network Using the Ping Utility on page 120 The date or time is not correct Go to Problems with Date and Time on page 122 have problems with the RFID module or RFID connection Go to Troubleshoot the RFID Module on page 122 You can find the following troubleshooti
135. nt is a powerful building block of a wireless LAN infrastructure It provides concurrent 2 4 GHz 802 11b g n and 5 GHz 802 11a n connectivity between wired Ethernet networks and radio equipped wireless notebook systems desktop systems print servers and other devices Support for two transmit radio chains and two receive radio chains also referred to as 2x2 multiple input multiple output MIMO can increase wireless throughput considerably The wireless access point provides wireless connectivity to multiple wireless network devices within a fixed range or area of coverage including multiple radio frequency identification RFID tags and devices Typically an individual in building wireless access point provides a maximum connectivity area with about a 500 foot radius The wireless access point can support a maximum of 128 clients 64 for the 2 4 GHz radio and 64 for the 5 GHz radio in a range of several hundred feet The throughput is shared between all clients To meet the required coverage throughput and quality of your wireless network install a sufficient number of wireless access points The wireless access point acts as a bridge between the wired LAN and wireless clients Connecting multiple wireless access points through a wired Ethernet backbone can further increase the wireless network coverage As a mobile computing device moves out of the range of one wireless access point it moves into the range of another As a result wireless
136. ntication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase th security profile enable 7 gt th security profile access contro l Access control enable access control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dpynamic VLAN id name Profile name security separation Disable associated wireless client communication 285813 Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 9 8th security profile enable Command Line Reference 136 5 29 gt ProSAFE Dual Band Wireless
137. ntication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase Command Line Reference 141 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 53 ew access control access cOHLPol polioy authentication authentication 8021x authentication authentication open encryption shared key encryption broadcast dynamtc vlan name security separation Ss1id v Lati Wwep key wpa passphrase B 2 access control access control policy authentication authentication 8021x authentication open encryption authentication shared key encryption broadcast dynamic vlan name security separation ssgsid vlan wep key wpa passphrase wmm enable parameter gt ap gt queue
138. ntrol Policy Access control policy functions only when static VLANs are enabled that is you select Disable from the Dynamic VLAN drop down menu and you select the Enable Access Control radio button The Access Control Policy radio buttons let you enable or disable the access control policy for wireless clients e Disable If a RADIUS server does not return a static VLAN ID the wireless client is still allowed to connect to the wireless access point This is the default setting Enable If a RADIUS server does not return a static VLAN ID the wireless client is not authenticated and cannot connect to the wireless access point 6 Click Apply Configure an Open System with WEP or Shared Key with WEP Whether you use an open system with WEP or shared key with WEP configure the settings that are explained in Table 2 on page 52 e Open system with WEP An open system can function without any encryption or with pre shared WEP key encryption without RADIUS authentication The security level of static WEP is not very strong When you select Open System from the Network Authentication drop down menu and any selection other than None from the Data Encryption drop down menu the screen expands to display the WEP fields Authentication Settings Network Authentication Open sysler Data Encryption B4bitWEP m Passphrase Fr Key 44a224bccc Show Passphrase in Clear Text No ves Figure 9 Open system with WEP Wireless C
139. on your computer Connect the power adapter to the wireless access point Tip The wireless access point supports Power over Ethernet PoE with power redundancy Both Ethernet ports can provide power If you have a switch that provides PoE you do not need to use the power adapter to power the wireless access point Using PoE can be especially convenient when the wireless access point is installed in a high location far away from a power outlet Verify the following b Power Test LED The Power Test LED blinks when the wireless access point is first turned on To be exact during startup the LED is first steady amber then goes off and then blinks green After about 45 seconds the LED should stay lit steady green If after one minute the Power Test LED is not lit or is still blinking check the connections and see if the power outlet is controlled by a wall switch that is turned off Installation and Basic Configuration 17 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Active LED The Active LED is lit or blinks green when there is Ethernet traffic LAN LED The LAN LED indicates the LAN speed for the LAN port green for UI 1000 Mbps and amber for 100 Mbps or 10 Mbps If the LAN LED is not lit make sure that the Ethernet cable is securely attached at both ends 2 4 GHz WLAN LED The 2 4 GHz WLAN LED is lit or blinks green when the wireless LAN WLAN is ready 5GHz WLANLED The 5 GHz WLAN LED is
140. onfiguration and Security 51 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R e Shared key with WEP Shared key provides pre shared WEP key encryption without RADIUS authentication The security level of static WEP is not very strong When you select Shared Key from the Network Authentication drop down menu the screen expands to display the WEP fields Authentication Settings Network Authentication shared Key Data Encryption 54 bit WEP v Passp hrase aaBEBERBERBERBRA Key 2 803f8ab4 Show Passphrase in Clear Text Ho Yes Figure 10 Shared key with WEP Table 2 WEP encryption settings setting Descriptions 0000000 Data Encryption Select the encryption key size from the drop down menu e 64 bit WEP Standard WEP encryption using 40 64 bit encryption e 128 bit WEP Standard WEP encryption using 104 128 bit encryption e 152 bit WEP Proprietary WEP encryption mode using 128 24 bit encryption This mode functions only with other wireless clients that support this mode Passphrase Enter a passphrase The passphrase length needs to be between 8 and 63 characters inclusive The secret passphrase allows you to generate the keys automatically by clicking Generate Keys The default passphrase is sharedsecret You can display the actual passphrase by selecting the Show Passphrase in Clear Text Yes radio button Encryption Key Either enter a key manually or allow the key to be automati
141. only gt To view the RFID monitoring screen Select RFID gt Monitor Advanced Configuration 104 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance Support Configuration Maintenance Diagnostics Monitor RFID RFID Status 1 Unique ID 45406595E5B303031 Module ID FFFF Module Name AP3ia3U0 Firmware Version 12020301 Hardware Version 12020201 Connection Status Server Connection Type UDP 192 168 1 10 7001 192 168 090 180 7001 Connected Traffic Meter m Server IP Received Pkts bytes Transmitted Pkts bytes 361 160350 iz hrs min 42 pecs The following table explains the fields of the RFID monitoring screen setting Description 0000000000000 The status is either 1 or 0 preinstalled and Module ID A unique number preconfigured You cannot Module Name The name that is assigned to the RFID module configure these Firmware Version The firmware version of the RFID module settings Hardware Version The hardware version of the RFID module Connection Status Server Connection Type The server connection type applies to all RFID servers and is either TCP or UDP Server IP The IP address of the RFID server Server Port The port number on the RFID server Local IP The IP address of the RFID module which is normally the same as the IP address of the wireless access point Local Port The port number on the RFID module Conn
142. ons you want the radio to be turned on Turning off the radio disables access through the wireless access point which can be helpful for configuration network tuning or troubleshooting activities Click OK to confirm the change of wireless mode The change does not take effect until you click the Apply button after you have completed the wireless configuration opecify the remaining wireless settings as explained the following table setting Descriptions 0000000000000 Wireless Network Name Enter a 32 character maximum service set identifier SSID the characters are case sensitive The default is NETGEAR 11na The SSID assigned to a wireless device needs to match the wireless access point s SSID for the wireless device to communicate with the wireless access point If the SSIDs do not match you do not get a wireless connection to the wireless access point Wireless On Off Status This field is not configurable It shows the status of the wireless scheduler For more information see Schedule the Wireless Radios to Be Turned Off on page 60 Broadcast Wireless Select the Yes radio button to enable the wireless access point to broadcast its Network Name SSID SSID allowing wireless clients that have a null blank SSID to adopt the wireless access point s SSID Yes is the default setting To prevent the SSID from being broadcast select the No radio button Channel Frequency From the drop down menu select the channel you
143. operate in the same LAN network address range as the LAN devices If you use DHCP all APs can obtain an IP address automatically as a DHCP client For more information see Configure the IP Settings on page 21 All APs use the same channel authentication mode and security settings Verify connectivity across the LANs A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other computers or servers connected to any of the two LAN segments Advanced Configuration 102 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Note Between each LAN segment you can extend repetition of the wireless signal by adding up to two more wireless access points that are configured in point to multipoint bridge mode without client association Configure RFID Settings The wireless access point integrates a radio frequency identification RFID module This RFID module can collect data from RFID tags and devices and forward the data to an RFID server a computer that is running RFID software Note The wireless access point and integrated RFID module cannot configure the RFID tags and devices The RFID module passes on traffic from the RFID tags and devices to the RFID server Enable the RFID Module and Configure the RFID Server For the integrated RFID module to communicate with one or more RFID servers you need to configure the RFID server connection type IP addresses
144. oring 73 default 127 AES Advanced Encryption Standard 42 54 55 Aggregated MAC Protocol Data Unit A MPDU frames 84 aggregation length 84 AID associated identifier 112 AIFS Arbitration Inter Frame Spacing interval 86 A MPDU Aggregated MAC Protocol Data Unit frames 84 Arbitration Inter Frame Spacing AIFS interval 86 associated identifier AID 112 associations wireless clients 115 authentication network 43 RADIUS servers 55 56 autosensing over Ethernet 10 B background traffic advanced QoS 85 WMM QoS 61 backing up 69 basic service set BSS 43 basic service set identifier BSSID configuring 46 55 described 8 41 43 monitoring 112 beacon interval 84 beacons unknown access points 77 best effort traffic advanced QoS 85 WMM QoS 61 bridging modes wireless 88 broadcast packets transmitted and received 115 broadcasting wireless network names SSIDs 802 11a na modes 29 802 11b bg ng modes 27 security 41 browsers recommended 18 BSS basic service set 43 BSSID basic service set identifier configuring 46 55 described 8 41 43 monitoring 112 bytes received and transmitted Ethernet connection 115 wireless connection 113 C Carrier Sense Multiple Access CSMA 83 Category 5 Ethernet cable 7 channel width 802 11na 30 channel width and offset 802 11ng 27 147 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R channels and frequencies
145. over the new IP address of the wireless access point by accessing the DHCP server on your LAN or by using a network IP address scanner application To configure the IP settings 1 Select Configuration gt IP gt IP Settings The IP Settings screen displays Configuration Monitoring Maintenance RFID System Security Wireless Bridge IP Settings IP Settings DHCP Server Setti sis IP Settings DHCP Client Enable 9 Disable IP Address 132 1868 0 106 IP Subnet Mask 255 255 255 0 Default Gateway Primary DNS Server Secondary DONS Server Network Integrity Check 2 Configure the IP settings as explained in the following table setting Deseripton 0000000000 DHCP Client By default the Dynamic Host Configuration Protocol DHCP client is disabled If you have a DHCP server on your LAN and you select the Enable radio button the wireless access point receives its IP address subnet mask and default gateway settings automatically from the DHCP server on your network when you connect the wireless access point to your LAN IP Address Enter the IP address of your wireless access point The default IP address is 192 168 0 100 To change the address enter an unused IP address from the address range used on your LAN or enable DHCP the server IP Subnet Mask Enter the network number portion of an IP address Unless you are implementing subnetting enter 255 255 0 0 as the subnet mask
146. p detection knownap del all Delete rogue access point detection Database rts threshold Wireless RTS CTS threshold wds Wireless Bridge status wds gt Wireless Bridge setting aM Ami 1st WDS security profile status ee 1st security profile authentication Authentication type authentication open encryption pata encryption name Profile name remote mac Remote MAC wep key Wireless wep key wpa passphrase Wireless wpa passphrase EE 2nd WDS security profile status Jem 2nd security profile authentication Authentication type authentication open encryption pata encryption name Profile name remote mac Remote MAC wep key Wireless wep key wpa passphrase Wireless wpa passphrase ld 959 3rd WDS security profile status 32 3rd security profile authentication Authentication type authentication open encryption pata encryption name Profile name remote mac Remote MAC wep key Wireless wep key wpa passphrase Wireless wpa passphrase 4th 4th WDS security profile status 4 gt 4th security profile authentication Authentication type authentication open encryption pata encryption name Profile name remote mac Remote MAC wep key Wireless wep key wpa passphrase Wireless wpa passphrase al
147. ption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan Dynamic VLAN id name Profile name security separation Disable associated wireless client communication ssid Network name 1 32 chars 2wvlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase 5 5th security profile enable 0 gt 5th security profile access control Access control enable access control policy Access control policy enable authentication Wireless authentication type authentication 8021x Select wireless 802 1x authentication type authentication open encryption Select wireless open encryption authentication type authentication shared key encryption Wireless shared key encryption broadcast Broadcast enable dynamic vlan pynamic VLAN id name Profile name security separation pDisable associated wireless client communication sd Network name 1 32 chars Command Line Reference 135 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R vlan VLAN id wep key Wireless wep key type wpa passphrase Wireless wpa passphrase D 6th security profile enable 07 6th security profile access control Access control enable access control policy Access control policy enable authe
148. rd the following settings for the primary and secondary RADIUS servers Server name or IP address Primary Secondary Port Shared secret WPA2 RADIUS settings For WPA2 record the following settings for the primary and secondary RADIUS servers server name IP address Primary oecondary Port Shared secret Wireless Configuration and Security 45 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configure and Enable Security Profiles To configure and enable a security profile you need to enable the associated radio e For 802 11b bg ng modes the 2 4 GHz radio needs to be enabled see Configure 802 11b bg ng Wireless Settings on page 25 e For 802 11a na modes the 5 GHz radio needs to be enabled see Configure 802 11a na Wireless Settings on page 28 Both radios can function concurrently The wireless access point is set by default as an open system with no authentication When you configure network authentication bear in mind the following e f you are using access point mode which is the default mode if you did not enable wireless bridging all options are available In other modes such as bridge mode some options might be unavailable e Not all wireless adapters support WPA or WPA2 Consult the product documentation for your wireless adapter and WPA or WPA2 client software for instructions about how to configure WPA or WPA2 settings A WARNING If you use a wireless computer to configure
149. re Advanced Quality of Service Settings For most networks the default Quality of Service QoS queue settings work well For information about how to configure basic QoS see Configure Basic Wireless Quality of Service on page 60 You can specify the settings on multiple queues for increased throughput and better performance of differentiated wireless traffic such as Voice over IP VoIP other types of audio video and streaming media as well as traditional IP data The advanced QoS options on the wireless access point are as follows e AP EDCA parameters Specify the access point AP Enhanced Distributed Channel Access EDCA settings for different types of data transmitted from the wireless access point to wireless clients e Station EDCA parameters Specify the station EDCA parameters for different types of data transmitted from the wireless clients to the wireless access point If WMM is disabled you cannot configure the Station EDCA parameters For information about how to enable WMM see Configure Basic Wireless Quality of Service on page 60 When you configure the EDCA settings the wireless access point can leverage existing information in the IP packet header that is related to the Type of Service ToS The wireless access point examines the ToS field in the headers of all packets that it processes Based on the value in a packet s ToS field the wireless access point prioritizes the packet for transmission by assigning it to o
150. rofile Definition Profile Name Enter a profile name that is easy to remember The default name is NETGEAR WDS 1 Remote MAC Address Enter the MAC address of the remote wireless access point the MAC address of AP2 on LAN Segment 1 in Figure 18 on page 89 Authentication Settings Network Authentication From the Network Authentication drop down menu select Open System and Data Encryption WPA PSK or WPA2 PSK Your selection determines the options that the Data Encryption drop down menu provides and whether the WPA Passphrase Network Key field displays Open System Although you can use the bridge communication without any authentication and encryption NETGEAR recommends that you use WEP if you do select an open system From the Data Encryption drop down menu select one of the following e None No authentication and encryption e 64 bit WEP Standard WEP encryption using 40 64 bit encryption e 128 bit WEP Standard WEP encryption using 104 128 bit encryption e 152 bit WEP Proprietary WEP encryption mode using 128424 bit encryption This mode functions only with other access points that support this mode To configure WEP 1 In the passphrase field enter a passphrase 2 Click Generate The key is generated and placed in the WEP Key field TKIP Temporal Key Integrity Protocol is the standard encryption method used with WPA PSK and the only selection possible from the Data Encryption drop down menu In the
151. rrent Wireless Settings for 802 11na Access Point Mode Channel Frequency Rogue AP Detection Monitoring 109 netgear 02808 00 14A DD 00 28 08 g 1A DD 00 28 00 00 1A DD 00 28 10 China 1 0 6 sun Jan 13 04 50 30 CST 2013 192 168 100 224 255 255 255 0 192 168 100 1 Enabled Access Point 1 Disabled Access Point 149 Disabled ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The following table explains the fields of the System screen Access Point Information Access Point Name The NetBIOS name For information about how to change the default name see Configure Basic General System Settings and Time Settings on page 20 Ethernet MAC Address The MAC address of the wireless access points Ethernet port Wireless MAC Address The MAC address of the wireless access point s 2 4 GHz radio for 2 4GHz Wireless MAC Address The MAC address of the wireless access point s 5 GHz radio for 5GHz Country Region The country or region for which the wireless access point is licensed for use For information about how to change the country or region see Configure Basic General System Settings and Time Settings on page 20 Note It might not be legal to operate this wireless access point in a country or region other than one of those identified in this field Firmware Version The version of the firmware that is installed Serial Number The serial number of the wireless access point Current Tim
152. rt WNDAP380R 4 Specify the settings of the Profile Definition section of the Edit Security Profile screen as explained in the following table setting Description S Profile Name Enter a unique name of the wireless security profile that makes it easy to recognize the profile The default names are NETGEAR NETGEAR 1 NETGEAR 2 and so on through NETGEAR 7 You can enter a value of up to 32 alphanumeric characters Wireless Network Name The wireless network name SSID for the wireless security profile The default SSID names depend on the selected radio band e 802 11b bg ng The default names are NETGEAR_11ng NETGEAR_11ng 1 NETGEAR_11ng 2 and so on through NETGEAR_11ng 7 for the eighth profile 802 11a na The default names are NETGEAR 11na NETGEAR_11na 1 NETGEAR 11na 2 and so on through NETGEAR 11na 7 for the eighth profile Broadcast Wireless Select the Yes radio button to enable the wireless access point to broadcast its Network Name SSID SSID allowing wireless clients that have a null blank SSID to adopt the wireless access point s SSID Yes is the default setting To prevent the SSID from being broadcast select the No radio button 5 Specify the settings of the Authentication Settings section of the Edit Security Profile screen as explained in the following table Setting Description Network Authentication Open System This is the default setting Use an open system without any and Data Encryption e
153. s access point Installation and Basic Configuration 30 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 3 Verify network connectivity by using a browser such as Internet Explorer 6 0 or later or Mozilla Firefox 1 5 or later to browse the Internet or check for file and printer access on your network Note If you have trouble connecting to the wireless access point see Chapter 7 Troubleshooting NETGEAR recommends that you complete the following tasks before you deploy the wireless access point in your network e Configure wireless security and other wireless features as described in Chapter 3 Wireless Configuration and Security e Configure any additional features that you might need as described in Chapter 4 Management and Chapter 5 Advanced Configuration After you have completed the configuration of the wireless access point you can reconfigure the computer that you used for this process back to its original TCP IP settings Mount the Wireless Access Point This section describes the different options to mount the wireless access point e Ceiling Installation e Wall Installation e Desk Installation Note NETGEAR recommends that you review the information in Wireless Equipment Placement and Range Guidelines on page 15 and configure and test the wireless access point before you mount the wireless access point at its permanent position Ceiling Installation The best location for ceiling insta
154. sphrase Select the Yes radio button to display the actual passphrase in the Passphrase field The in Clear Text default setting is No Configure RADIUS Server Settings For authentication accounting or both authentication and accounting using RADIUS you need to configure primary servers and optional secondary servers These RADIUS server settings can apply to all devices that are connected to the wireless access point To configure the RADIUS server settings 1 Select Configuration Security Advanced Radius Server Settings The Radius Server Settings screen displays Wireless Configuration and Security 55 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID Support System IP Wireless B Wireless Bridge Profile Settings Advanced Rogue AP MAC Radius Server Settings Radius Server erver Settings d Radius Server Settings Primary Authentication Server 1812 Secondary Authentication Server JL 1812 Primary Accounting Server 1813 Secondary Accounting Server 1813 Authentication Settings Reauthentication Time Seconds 3600 update Global Key Every Seconds 1800 2 Specify the settings as explained in the following table setting Descriptions Radius Server Settings Primary IP Address Enter the IP address of the primary RADIUS server for Authentication Server authentication Port En
155. ss computer and you change the wireless access point s SSID channel or wireless security settings you lose your wireless connection when you click Apply You then need to change the wireless settings of your computer to match the wireless access point s new settings Operating Frequency Channel Guidelines You do not need to change the operating frequency channel unless you notice interference problems or you place the wireless access point near another wireless access point If you do change the operating frequency observe the following guidelines e Wireless access points use a fixed channel You can select a channel that provides the least interference and best performance In the United States and Canada 11 channels are available e f you are using multiple wireless access points it is better if adjacent wireless access points use different radio frequency channels to reduce interference The recommended channel spacing between adjacent wireless access points is five channels for example use Channels 1 and 6 or 6 and 11 or 1 and 11 e In infrastructure mode which is the default mode for the wireless access point wireless clients normally scan all channels looking for a wireless access point If more than one wireless access point can be used the one with the strongest signal is used This is possible only if the wireless access points use the same SSID Configure 802 11b bg ng Wireless Settings The basic Wireless Set
156. stem with WEP or Shared Key with WEP on page 51 Legacy 802 1X Legacy 802 1X uses RADIUS based 802 1x authentication but no data encryption For information about how to configure Legacy 802 1X see the following sections Configure and Enable Security Profiles on page 46 Configure Legacy 802 1X on page 52 WPA and WPA PSK TKIP Wi Fi Protected Access WPA data encryption provides strong data security with Temporal Key Integrity Protocol TKIP encryption The very strong authentication along with dynamic per frame rekeying of WPA makes it virtually impossible to compromise WPA uses RADIUS based 802 1x authentication for more information see the following sections Configure and Enable Security Profiles on page 46 Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS on page 53 Wireless Configuration and Security 41 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R WPA PSK uses a pre shared key PSK for authentication for more information see the following sections Configure and Enable Security Profiles on page 46 Configure WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK on page 54 WPA2 and WPA2 PSK AES Wi Fi Protected Access version 2 WPA2 data encryption provides strong data security with Advanced Encryption Standard AES encryption The very strong authentication along with dynamic per frame rekeying of WPA2 makes it virtually impossible to compromise WPA
157. support for connection to a switch or router 3 Cable security lock receptacle for an optional lock 4 Power socket for a 12VDC 1 5A power adapter Bottom Panel with Product Label The product label on the bottom of the wireless access point s enclosure displays factory default settings regulatory compliance and other information ProSafe Dual Band Wireless N D ih 24a 5o Access Point with RFID support Power ACTIVE LAN Model WNDAP380R DEFAULT ACCESS SERIAL Po IP http 192 168 0 100 Ww User Name admin CMIIT ID 2012AJ0314 MC password password Made inChina 272 11854 01 Figure 3 Product label on the bottom Introduction 13 Installation and Basic Configuration This chapter describes how to install and configure the wireless access point for wireless connectivity to your LAN This basic configuration enables computers with 2 4 GHz 802 11b g n and 5 GHz 802 11a n wireless adapters to connect to the Internet or access printers and files on your LAN In planning your wireless network consider the level of security required Chapter 3 Wireless Configuration and Security describes how to set up wireless security for your network This chapter includes the following sections e What You Need Before You Begin e Install and Configure the Wireless Access Point e Test Basic Wireless Connectivity e Mount the Wireless Access Point 14 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R
158. t detects the access points and populates the Known AP List for the configured wireless modes The following table explains the fields of the Known AP List screen Setting Description Oo MAC Address The MAC address of the known AP SSID The SSID that the known AP is using The channel that the known AP is using Click Save Export the list of known APs to a file A window opens so you can browse to the location where you want to save the file The default file name is macList txt Management 78 Advanced Configuration This chapter describes how to configure the advanced features of the wireless access point The chapter includes the following sections Configure Spanning Tree Protocol and 802 1Q VLANs Configure Hotspot Settings Configure Advanced Wireless Settings Configure Advanced Quality of Service Settings Configure Wireless Bridging Configure RFID Settings 79 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configure Spanning Tree Protocol and 802 1Q VLANs opanning Tree Protocol STP provides network traffic optimization in locations where multiple wireless access points are active by preventing path redundancy If you have more than one active wireless access point at your location NETGEAR recommends that you enable STP The 802 1Q VLAN protocol on the wireless access point logically separates traffic on the same physical network e Untagged VLAN When the wireless access po
159. te that is the selection is Optional or Required the following is required e The hubs and switches on your LAN must support the VLAN 802 1Q standard The authentication is set to any RADIUS type authentication either the network authentication in the wireless security profile or the remote MAC address database authentication for the MAC Authentication feature can be used Wireless Configuration and Security 50 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Description 0000000000000 VLAN ID Enter the VLAN ID to be associated with this wireless security profile The default VLAN ID is 1 The VLAN ID needs to match the VLAN ID that is used by the other devices in your network Access Control Access control functions only when static VLANs are enabled that is you select Disable from the Dynamic VLAN drop down menu The Access Control radio buttons let you enable or disable access control through a RADIUS server for the wireless security the profile Disable Access control is disabled This is the default setting e Enable Access control is enabled and wireless clients are authenticated through a RADIUS server Either the network authentication in the wireless security profile or the remote MAC address database authentication for the MAC Authentication feature must be enabled Note You can use access control even when you do not configure WPA with RADIUS or WPA2 with RADIUS Access Co
160. te the backup configuration file the file name is config 4 Click Apply The restoration process is initiated During the restoration process the wireless access point automatically restarts The restoration process typically takes about one minute When the Test LED turns off wait a few more seconds before doing anything with the wireless access point Restore the Wireless Access Point to the Factory Default Settings You can restore the wireless access point to the factory default settings by two methods that are described in the following sections e Use the Web Management Interface to Restore Factory Default Settings e Use the Reset Button to Restore Factory Default Settings Management 70 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Note After you have restored the factory default settings on the wireless access point All custom configurations are lost The login password is password The default LAN IP address is 192 168 0 100 The DHCP client is disabled The Access Point Name field is reset to the name printed on the label on the bottom of the unit Use the Web Management Interface to Restore Factory Default Settings IMPORTANT During the restoration process do not try to go online turn off the wireless access point shut down the computer or do anything else to the wireless access point until it finishes restarting Torestore the factory default settings using the web man
161. ter the number of the UDP port on the wireless access point that is used to access the primary RADIUS server for authentication The default port number is 1812 Shared Secret Enter the shared key that is used between the wireless access point and the primary RADIUS server during authentication Secondary IP Address Enter the IP address of the secondary RADIUS server for Authentication Server authentication The secondary RADIUS server is used when the primary RADIUS server is not available Port Enter the number of the UDP port on the wireless access point that is used to access the secondary RADIUS server for authentication The default port number is 1812 Shared Secret Enter the shared key that is used between the wireless access point and the secondary RADIUS server during authentication Wireless Configuration and Security 56 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R setting Descriptions Primary IP Address Enter the IP address of the primary RADIUS server for Accounting Server accounting Port Enter the number of the UDP port on the wireless access point that is used to access the primary RADIUS server for accounting The default port number is 1813 Shared Secret Enter the shared key that is used between the wireless access point and the primary RADIUS server during the accounting process Secondary IP Address Enter the IP address of the secondary RADIUS server for Accounting Server
162. ter the subnet mask to be used by DHCP clients The default mask is 255 255 255 0 Gateway IP Address Enter the IP address of the default routing gateway to be used by DHCP clients The default address is 192 168 0 1 Primary DNS Address Enter the IP address of the primary Domain Name System DNS server available to DHCP clients Secondary DNS Address Enter the IP address of the secondary DNS server available to DHCP clients Primary WINS Server Enter the IP address of the primary WINS server for the network if there is any Secondary WINS Server Enter the IP address of the secondary WINS server for the network if there is any Lease Enter the period that the DHCP server grants to DHCP clients to use the assigned IP addresses The default time is one day 3 Click Apply Configure the Basic Wireless Settings For proper compliance and compatibility between similar products in your coverage area you need to configure the 802 11b g n and 802 11a n wireless adapter settings correctly including the operating channel and country You also need to configure the basic wireless network settings for wireless devices to connect to your network For other wireless features including wireless security see Chapter 3 Wireless Configuration and Security Installation and Basic Configuration 24 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R A WARNING If you configure the wireless access point from a wirele
163. the RFID Module 0 ccc ee ees 122 Appendix A Supplemental Information Technical Specifications ee eee 125 Factory Default Settings n nonna dae de oan See PR oe Poe need 127 Appendix B Command Line Reference Index Introduction This chapter introduces the NETGEAR ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R and describes some of the key features The chapter includes the following sections e About the ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAPS80H e What Is in the Box e System Requirements e Key Features and Standards e Hardware Description Note For more information about the topics covered in this manual visit the support website at http support netgear com Note Firmware updates with new features and bug fixes are made available from time to time at downloadcenter netgear com Some products can regularly check the site and download new firmware or you can check for and download new firmware manually If the features or behavior of your product do not match what is described in this guide you might need to update your firmware ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R About the ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R going forward in this manual referred to as the wireless access poi
164. the previous section display If you do not receive replies Check that your computer has the IP address of your router listed as the default wireless access point If the IP configuration of your computer is assigned by DHCP this information is not visible in your computer s Network Control Panel Verify that the IP address of the router is listed as the default wireless access point Check to see that the network address of your computer the portion of the IP address specified by the netmask is different from the network address of the remote device Check that your cable or DSL modem is connected and functioning If your ISP assigned a host name to your computer enter that host name as the account name in the basis General system settings screen see Configure Basic General System Settings and Time Settings on page 20 Troubleshooting 121 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Problems with Date and Time The Time screen that is accessible through the Configuration System Basic Time menu choices displays the current date and time of day The wireless access point uses the Network Time Protocol NTP to obtain the current time from a network time server on the Internet that you specify in the Time screen see Configure Basic General System Settings and Time Settings on page 20 Each entry on the Logs screen is stamped with the date and time of day Problems with the date and time function can
165. ting e Remote MAC Address Database The wireless access point uses the MAC address database on an external RADIUS server on the LAN for access control If you select this database you first need to configure the RADIUS server settings see Configure RADIUS Server Settings on page 55 Click Refresh The Available Wireless Stations table is refreshed The wireless access point places the MAC addresses of the attached wireless clients in this table Populate the Trusted Wireless Stations table with MAC addresses Wireless Configuration and Security 58 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Depending on your network configuration use one of the following three methods e Select MAC addresses from the Available Wireless Stations table a Select check boxes for individual MAC addresses b Optional Select the check box in the heading to select all MAC addresses c Click Move The MAC addresses are transferred from the Available Wireless Stations table to the Trusted Wireless Stations table e Enter MAC addresses manually a Enter a MAC address directly in the Trusted Wireless Stations table b Click Add e Import MAC addresses from a file a Click Browse b Navigate to the file with MAC addresses This file needs to be a simple text file with one MAC address per line c Select the file and click Open d Use one of the following methods e Click the Replace radio button All MAC addresses
166. tings screen lets you configure the 802 11b 802 11bg or 802 11ng wireless mode the SSID and other wireless settings gt To configure the 802 11b g n wireless settings 1 Select Configuration gt Wireless gt Basic gt Wireless Settings The basic Wireless Settings screen displays the 11ng settings Note The radio wave icon displays next to the enabled wireless mode b bg or ng Installation and Basic Configuration 25 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration System IP Basic Wireless Settings Wireless On Off QoS Settings Advanced Monitoring Maintenance RFID Support Security Wireless Bridge Wireless Settings Wireless Settings 80 1i1b bg ng 8 02 11a na Wireless Mode 2 4GHz Band 11b 11bg 9 11ng Turn Radio On Wireless Network Name SSID NETGEAR 11ng zu Wireless On Off Status OFF Broadcast Wireless Network Name 5510 ves O No Channel Frequency 1 2 412 GHz v MCS Index Data Rate Best v Channel Width 20 MHz Guard Interval Auto Output Power Full 2 Select one of the following 2 4GHz Band radio buttons 11b Both 802 11n and 802 11g compliant devices can connect to the access point because they are backward compatible 11bg 802 11n compliant devices can connect to the access point because they are backward compatible 11ng This is the default setting 802 11b compliant devices cannot
167. to the configuration To save your settings h Select Maintenance Upgrade Backup Settings The Backup Settings screen displays Configuration Monitoring Maintenance RFID Support Password Reset Remote Management Firmware Upgrade Backup Settings gt Firmware Upgrade TFTP Backup Settings Backup Settings Backup a copy of the current settings to a BACKUP gt Restore Settings file KUP Click Backup Your browser extracts the configuration file the file name is config from the wireless access point and prompts you for a location on your computer to store the file Follow the instructions of your browser to save the file Management 69 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Restore the Configuration IMPORTANT During the restoration process do not try to go online turn off the wireless access point shut down the computer or do anything else to the wireless access point until it finishes restarting gt To restore your settings from a saved configuration file 1 Select Maintenance Upgrade Restore Settings The Restore Settings screen displays Configuration Monitoring Maintenance RFID Support Password Reset Remote Management Firmware Restore Settings Upgrade Firmware Upgrade TFTP Restore Settings FJ RD Lane Restore saved settigns from a file Browse Restore Settings CANCEL APPLY 2 Click Browse 3 Loca
168. ttach the wireless access point to the mounting plate 7 Attach the cover to the wireless access point Installation and Basic Configuration 34 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Wall Installation The best location for wall installation is at the center of your wireless coverage area and within line of sight of all mobile devices Make sure the top the dome side of the wireless access point is directed toward the users and not the wall Figure 7 Best location for wall installation Toinstall the wireless access point using the wall installation kit 1 Verify the package contents of the wall installation kit Mounting plate L H l Screws and wall supports e Ve Installation and Basic Configuration 35 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 2 Detach the mounting plate from the wireless access point Installation and Basic Configuration 36 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 4 Connect the cables to the wireless access point Installation and Basic Configuration 37 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R 6 Attach the cover to the wireless access point Desk Installation Toinstall the wireless access point on a desk Attach the rubber feet to the holes in the bottom of the wireless access point Rubber feet A c Por Install
169. ual Band Wireless N Access Point with RFID Support WNDAP380R Setting Description 0 O Idle Time The time since the last frame was received from the wireless client Tx Sequence The sequence number of the last frame that was transmitted to the wireless client Rx Sequence The sequence number of the last frame that was received from the wireless client Capability The summary of the capability of the wireless client that was detected during association Cipher The cipher that the wireless client is using and that defines the type of encryption SNR The signal to noise ratio SNR that indicates how much the signal of the wireless client has been corrupted by noise Rev Byes Trans bytes Assoc Time Siamp P Adress Channel Wi View the Activity Log You can view the wireless access points activity logs onscreen and save the logs gt To display the activity log and save it 1 Select Monitoring gt Logs The Logs screen displays Configuration Monitoring Maintenance RFID Support LoGour System Wireless Stations Rogue AP Statistics Logs Dec 31 16 08 33 IP Device IP changes from 0 0 0 0 to 192 168 100 224 Dec 31 16 08 52 syslog Client 00 1e 4c 67 33 b2 associated to SSID NETGEAR 11ng Jan 12 12 27 40 root System clock updated Jan 12 12 33 30 webadmin User logged in Jan 12 12 47 54 webadmin User logged in s Jan 12 12 48 19 config Store updated configuration file onto flash Jan 13 04 4
170. unicate with each other This feature is useful for hotspots and other public access situations By default wireless client separation is disabled For more information see Configure and Enable Security Profiles on page 46 VLAN ID If this feature is enabled and if the network devices hubs and switches on your LAN support the VLAN 802 1Q standard the default VLAN ID for the wireless access point is associated with each profile The default VLAN ID needs to match the IDs that are used by the other network devices For more information see Configure and Enable Security Profiles on page 46 Some concepts and guidelines regarding the SSID are explained in the following list A basic service set BSS consists of a group of wireless clients and a single wireless access point that use the same security profile or service set identifier BSSID The actual identifier in the BSSID is the MAC address of the wireless radio A wireless radio can have multiple MAC addresses one for each security profile An extended service set ESS consists of a group of wireless clients and multiple wireless access points that use the same identifier ESSID Different wireless access points within an ESS can use different channels To reduce interference adjacent wireless access points should use different channels Roaming is the ability of wireless clients to connect wirelessly when they physically move from one BSS to another one within the same ESS The
171. ur requirements For example visitors could be given wireless Internet access but be excluded from any access to your internal network For information about how to configure BSSIDs see Configure and Enable Security Profiles on page 46 Restrict access based by MAC address You can allow only trusted devices to connect so that unknown devices cannot wirelessly connect to the wireless access point Restricting access by MAC address adds an obstacle against unwanted access to your network but the data broadcast over the wireless link is fully exposed For information about how to restrict access by MAC address see Restrict Wireless Access by MAC Adaress on page 57 Turn off the broadcast of the wireless network name SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products such as Windows XP but the data is still exposed For information about how to turn off broadcast of the SSID see Configure and Enable Security Profiles on page 46 WEP Wired Equivalent Privacy WEP data encryption provides data security WEP shared key authentication and WEP data encryption block all but the most determined eavesdropper This data encryption mode has been superseded by WPA PSK and WPA2 PSK For information about how to configure WEP see the following sections Configure and Enable Security Profiles on page 46 Configure an Open Sy
172. uses RADIUS based 802 1x authentication for more information see the following sections Configure and Enable Security Profiles on page 46 Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS on page 53 WPA2 PSK uses a pre shared key PSK for authentication for more information see the following sections Configure and Enable Security Profiles on page 46 Configure WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK on page 54 WPA amp WPA2 and WPA PSK amp WPA2 PSK mixed modes These modes support data encryption either with both WPA and WPA2 clients or with both WPA PSK and WPA2 PSK clients and provide the most reliable security WPA amp WPA2 uses RADIUS based 802 1x authentication for more information see the following sections Configure and Enable Security Profiles on page 46 Configure WPA with RADIUS WPA2 with RADIUS and WPA amp WPA2 with RADIUS on page 53 WPA PSK amp WPA2 PSK uses a pre shared key PSK for authentication for more information see the following sections Configure and Enable Security Profiles on page 46 Configure WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK on page 54 Security Profiles This section describes the main components of security profiles and explains how to configure and enable security profiles Security Profile Concepts Write Down Your Wireless Network Settings Configure and Enable Security Profiles Wireless Configuration and Security 4
173. wMin Valid values are 0 1 3 7 15 31 63 127 255 511 and 1023 The default values are Data 0 63 Data 1 1023 Data 2 15 Data 3 7 Max Burst Enter the maximum burst value that specifies the maximum burst length in microseconds allowed for packet bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information Decreasing this value increases the priority of the queue Valid values for maximum burst length are all multiples of 32 between 0 and 8192 inclusive of 0 and 8192 The default values are Data 0 0 Data 1 0 Data 2 3008 Data 3 1504 Station EDCA parameters AIFS Enter the Arbitration Inter Frame Spacing AIFS interval that specifies the wait time in milliseconds between data frames A higher AIFS value means a higher priority for a queue Valid values for AIFS are 0 through 8 The default values are Data 0 3 Data 1 7 Data 2 2 Data 3 2 cwMin Enter the minimum contention window cwMin value that specifies the upper limit in milliseconds of a range from which the initial random back off wait time is determined Decreasing this value increases the priority of the queue The value for cwMin needs to be lower than the value for cwMax Valid values are 0 1 3 7 15 31 63 127 255 511 and 1023 The default values are Data 0 15 Data 1 15 Data 2 7 Data 3 3 cwMax Enter the maximum contention window cwMax value that specifies the upper lim
174. wireless security settings you are disconnected when you click Apply Reconfigure your wireless computer to match the new settings or access the wireless access point from a wired computer to make further changes gt To configure and enable a security profile 1 Select Configuration gt Security gt Profile Settings The Profile Settings screen for the 802 11b bg ng modes displays eight wireless security profiles If the 2 4 GHz radio is disabled the Enable column is masked out Wireless Configuration and Security 46 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Configuration Monitoring Maintenance RFID Support System IP Wireless Wireless Bridge Profile Settings Profile Settings 2 Optional Click the 802 11a na tab The Profile Settings screen for the 802 11a na modes also shows eight wireless security profiles If the 5 GHz radio is disabled the Enable column is masked out Configuration Monitoring Maintenance RFID Support System IP Wireless yi Wireless Bridge Profile Settings Profile Settings te LLU Oginga Profile Name ma EE pe ai a tA ENIM mene Late E eec NETGEAR 1ina 2 C Ser NETGEAR E hae Open System Wireless Configuration and Security 47 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The following table explains the fields of the Profile Settings screen setting Description 000
175. wish to use on your wireless LAN The wireless channels and frequencies depend on the country and wireless mode The default setting is Auto Note It should not be necessary to change the wireless channel unless you experience interference indicated by lost connections or slow data transfers If this happens you might want to experiment with different channels to see which is the best For more information see Operating Frequency Channel Guidelines on page 25 Note For more information about available channels and frequencies see Technical Specifications on page 125 Installation and Basic Configuration 29 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R Setting Descriptions MCS Index Data Rate From the drop down menu select a Modulation and Coding Scheme MCS 11na mode only index and transmit data rate for the wireless network The default setting is Best For a list of all options that you can select see Factory Default Settings on Note For most page 127 networks the default settings work fine Channel Width From the drop down menu select a channel width The options are Dynamic 20 40 MHz 20 MHz and 40 MHz The default is Dynamic 20 40 MHz A wider channel improves the performance but some legacy devices can operate only in either 20 MHz or 40 MHz Guard Interval From the drop down menu select the guard interval to protect transmissions from interference The default is Auto
176. y find the MAC address printed on the wireless adapter gt Torestrict access based on MAC addresses 1 Select Configuration gt Security gt Advanced gt MAC Authentication Wireless Configuration and Security 57 ProSAFE Dual Band Wireless N Access Point with RFID Support WNDAP380R The MAC Authentication screen displays The following figure shows some examples Configuration Monitoring Maintenance RFID Support System IP gt Wireless Wireless Bridge ile S j Erofils setings MAC Authentication Advanced Rogue AP MAC Authentication MAT Authentication Radiug Server 802 11b bg ng 802 11la na gt Settings Turn Access Control On e Import MAC Address List from a file Replace 9 Merge Browse Select Access Control Database Local MAC Address Database v Trusted Wireless Available Wireless Stations Stations a MAC Address E Station ID MAC Address Dai E33 i Ej 10 1 22 a5 23 02 20 c5 02 2D 60 5E Z 0 rC3 01 245 54 3E REFRESH CANCEL APPLY Optional Click the 802 11a na tab The MAC Authentication screen for the 802 11a na modes displays Select the Turn Access Control On check box The access control feature is enabled From the Select Access Control Database drop down menu select one of the following database options e Local MAC Address Database The wireless access point uses the local MAC address database for access control This is the default set
Download Pdf Manuals
Related Search