Page 1
880022..1111gg W
Wiirreelleessss LLAANN
M
Miinnii
UUSSBB AAddaapptteerr
User Manu al
Page 2
Version: 1.32
(Ju ne 7, 2005)
COPYRIGHT
Copyright © 2005/2006 by this company. All rights reserv ed. No part of this
publication may be reproduced, transmitted, tr anscribed, stored in a retrieval
system, or translat ed into any language or computer language, in any form or
by any means, electronic, mechanical, magnet ic, optical, chemical, manual or
otherw ise, without the prio r writ ten permissi on of t hi s c ompany
This company makes no representations or warr anties, eit her expr essed or
implied, with respect t o t he cont ents hereof and specifically disclaims any
warranties, merchantability or fitness for any particular purpose. Any software
described in this manual is sold or licensed "as is". Should the programs
p ro ve de fective follow ing thei r purchas e , the buyer (a nd not this company, i ts
distr ibutor, or its dealer) assu mes the entire cost of all necessary serv icing,
repair , and any inci den tal o r consequential damages resulting from any de fect
in the so f tware. Fu r ther, this com pan y reser ves the righ t to re vis e this
pu blic ation and to m ake changes from tim e to time in the con tents he reo f
without obligation to notify any person of such rev ision or changes.
All brand and produc t names mentioned in this manual are trademar ks and/or registered
t rademarks of their re specti ve holders.
Page 3
Fe deral Communication Commission
Interference Statement
This equipment has been t ested and found to comply with the limits f or a
Class B digital device, pursuant t o Part 15 of FCC Rules. These limits are
designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with the
instru c tions, m a y cause ha rm ful inte r ference to radio com m unica tions .
Howev er, there is no guarantee that interference will not occur in a particular
installati on . If this equipm ent does caus e harm ful int er ferenc e to radio or
television reception, which can be determined by turning the equipment off
an d on , the us er is en cou raged to try to co rre c t the in terfe ren ce by one or
more of the foll owing meas ures:
1. Reorient or r elocate the receiving antenn a.
2. Inc r ease the separ ation betwe en the equipment and r eceiver.
3. Connect the equipment into an outlet on a circuit different from that to which the
receiver is connect ed.
4. Con su lt the dealer or an experienced radio technici an for help.
FC C Caut i on
This equipment must be inst alled and operated in accordance with prov ided
instr uctions and a minimum 5 cm spacing must be provided between
computer mounted antenna and person’s body (excluding extremities of
hands, wrist and feet) during wireless modes of operation.
This device complies wit h Pa rt 1 5 of the FCC R ules . Opera tion is subject to
the following two conditions: (1) this dev ice may not cause harmful
interference, and (2) this device must accept any interference receiv ed,
including int erference t hat may cause undesired operation.
Any changes or modif ications not expressly approv ed by the party responsible
fo r compliance c ould void the au tho ri ty to opera te equ ipm ent .
Federal Communication Commission (FCC) Radiation Exposure Statement
This equipment complies with FCC radiation exposure set forth for an
un con trolled environmen t . In orde r to a void the pos s ibilit y o f exceedi ng the
FCC radio frequency exposure limits, human proximity to the antenna shall
not be less than 20cm (8 inches) during normal operation.
Page 4
R&TTE Comp liance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/CE
OF THE EUROPEAN PARLIAMENT AND THE COUNCIL o f March 9, 1999 on
radio equipment and t elecommunication terminal Equipment and the mutual
recognition of their conformity (R&TTE)
The R&TTE Directive repeals and replaces in the directiv e 98/13/EEC
(Telecommunications Terminal Equipment and Satellite Earth Station
Equipment) A s of April 8, 2000.
Safety
This equipment is designed with the utmost care for the safety of those who
install and use it. However, special attention must be paid to the dangers of
electric shock and static electricity when working with electrical equipment. A ll
guidelines of this and of the computer manuf acture must therefore be allowed
at all times to ensure the safe use of the equipment.
EU Countries Intend ed for Use
The ETSI v ersion of this device is intended for home and office use in Austria,
Belgium, Denmark , Finland , France , Germ an y, G ree ce , Ireland, Ital y,
Lu xembourg , the Ne therlands , Por tugal, Spa in, Swed en , and the Unite d
Kingdom.
The ETSI v ersion of this device is also authorized for use in EFTA member
st ates : Iceland , Liech tenste in , Norway, and Swi t ze rlan d.
EU Coun t ries Not int end ed for use
No ne.
Page 5
CONTENTS
1 INTRODUCTION............................................................. 1
1.1 FEATURES........................................................................................ 1
1.2 SPECIFICATIONS................................................................................ 1
1.3 PACKAGE CONTENTS.......................................................................... 2
2 INSTALLATION PROCEDURE.......................................... 3
3 C ONFIG URA TIO N UTI LI TY ........................................... 11
3.1 WIR ELESS CONNECTION STATUS.........................................................11
3.2 PROFILE MANAGEMENT .................................................................... 12
3.3 DIAGNOSTICS ................................................................................. 13
3.4 SECURITY...................................................................................... 14
3.4.1 WPA S ecu rity S et tin gs .................................................................... 16
EA P-TL S Secu ri ty... ... .... ....... .... ... .... ... ........ ... .... ... ....... .... .... ... .... ....1 6
EAP-TTLS Security.........................................................................17
PEAP (EAP-GTC) Security..............................................................18
PEAP (EAP-MSCHAP V2) Security..................................................19
LEAP Security................................................................................21
3.4.2 Using WPA Passphrase S ecurity.........................................................23
3 . 4. 3 Pr e -S h ar ed Encrypti on Keys..............................................................24
OVERW RIT ING AN EXISTING STATIC WEP KEY .............................................. 25
DISABLING STATIC WEP .......................................................................... 25
4 TROUBLES HOOTING.................................................... 26
Page 6
1 Introduction
Thank you for purchasing the 802.11g Wireless L AN M ini USB Adapter. Thi s USB Adapter is
de sign ed to comply with IEEE 802.11g Wi rel e ss LA N standa rd and ea sy to c arry with the
Mini si ze. It is suitable for any Laptop or De sktop computer s.
Thi s adap te r sup port s 64/128/15 2-bit WEP da ta en cryption that p ro tects your wirele ss
net wo r k from ea vesdropping. It also supports WPA (Wi-Fi Pro tected Access) feature that
co m b ines IEEE 8 02.1x a n d TKIP (Temporal Ke y Integrity Protocol) technologies. Cli ent
users are required to authori ze before accessing to APs or AP Router s, a nd the data
t ran smitted in the netwo r k is encrypted/de crypted by a dynami call y cha nged secret ke y.
I t suppor ts the SuperG mode feature to enhance the data rate to rea ch t o 108M bps, it can
enhance the data ra te when it connect with Super G produ ct .
This adapte r is with the versatile feature s; it is the best solution for you to build your
wirel ess network.
1.1 Features
• Complies with the IEEE 802.11b and IEEE 802.11g 2.4GHz standards.
• Up to 54Mbps high data transfer rate. ( 108M : Super G mode enabled)
• Suppor t 64/12 8/1 52- bit WE P , W PA , IE EE 80 2. 1x high leve l of s ecurity.
• Complies with IEEE 802.11d country ro aming standard.
• Support the most popular operating system: Windows 98SE/Me/2000/XP.
• Supports USB 2.0/1.1/1.0 interface.
• Po r tab le and mini- size design.
• Suitable for Any Notebook or Desktop PC.
1.2 Specifications
• Standard: IEEE 802.11g/b
• Bu s T ype: USB 2.0 Type A
• Frequency Band: 2.4000~2.4835GHz (Industrial Sci entific Medical Band)
• Modula tion: OFDM with BPSK, QPSK, 16QAM, 64 QAM (11g)
BPSK, QPSK, CCK (11b)
• Data Rate: 54/48/36/24/18/12/11/9/6/5.5/2/1Mbps auto fallback (108Mbps: Super G enabled)
• Security: 64/128/152-bit WEP Data Encryption, WPA , IEEE 802.1x
• Antenna: Internal Antenna
• Drivers: Windows 98SE/Me/2000/XP
• LED: Link/Activity
• Transm it Power : 16 dB m ( Typ ical)
1
Page 7
• Dimension: 9(H) x 27(W) x 87(D)
• Temperature: 32~131°F (0 ~55°C)
• Humidity: 0-95% (NonCondensi ng)
• Cert ific ation: FCC, CE
1.3 Package Contents
Be fore you begi n the installati on, please chec k the items of y our package. The pac kage
shoul d include the foll owing i tems:
• One USB Adapter
• One USB 2.0 Ex tension C able ( 100 cm)
• One Qu ick Guide
• One CD (Driver/ Utilit y /M an ual)
I f a ny o f t he above items is m issing, contact y our supplier as soo n as p ossi ble.
2
Page 8
2 Installation Procedure
Be fore you procee d wi th the installa tion, pl ease re ad the follow ing c hapter !
Note1 : For Window s 98SE pl ease m ake sure your copy of w i ndows i s fully updated with the
la tes t hotfix es by going to http://wi ndowsupda te.microsoft.com
Note2 : For Window s X P or Windows XP SP1 , pleas e upda te your w i ndows with the fol l ow ing
hotfix http://support.mi crosoft.com/?sci d=kb%3Ben-us%3B822603&x=10&y=13
if your copy of Windows XP has been updated wi th Service Pack 2 (S P2), you do not
need to apply this hotfix.
Note3 : The fol l owing insta l lation was operated in Windows XP. (Procedur es are s imi lar for
Windows 98SE /M E/2000 )
Note4: If you have installed the Wireless PC Card driver & utility before, please uninstall the
old v ersion fir st.
Th is chap te r describ es us in g th e Ath e ro s insta lle r to in s ta ll th e Athero s U SB
wi reless network adapter driver.
Installation
Important No t e: (For Windows 2K/XP) Please ensure that the USB
adapte r is plugged in t o the computer before sta rting the installation
program!!! (For Windows 98SE, do not plug in the dev ic e bef ore s tarting
the ins tallation progr am)!!!
To install the ACU a nd USB dev ice driver:
1. Fo r Wi n dows 2 k/XP i n sert the USB d evi ce i n to the comp u ter, ( f or win do ws
98 SE do n ot inse r t the de vice ), and inse rt the in s ta llatio n CD.
2. Open the InstallShield Wizard (s e t up2k.e xe for Win dow s X P/2000 and
setup98.exe for Wi ndows98SE/ME).
3. T h e Ath e ro s C lien t In s ta llatio n in s ta ller o pen s . C lick Next.
3
Page 9
4. The Atheros license agreement window appears. Read and accept the
agreem ent to continue. Click Ne x t.
5. T h e I nstallati o n Prog ram win do w appears with thre e s etu p opti o ns.
To in s ta ll th e clie n t utilities an d d river, se le ct the appropr iate in s ta llatio n typ e
(se e Tab le (2 -1) a nd cli ck Next.
Table 2-1. I nstaller I nstallat ion Se lect ions
Rad io B utton Description
Install Client
Utilities and
Dri ver
(recommended)
Installs the driver an d client utilities. This is the recommend s
option .
In stall Driver Only Installs onl y the driver without installing the client utilitie s.
4
Page 10
Make Driver
Install a tio n
Di ske tte(s)
Creates driver installation diskettes.
6. A promp t a p pears warnin g that the in s ta ll req u ire s the sys tem to be re b oo te d
a t the en d of th e in s ta llatio n p ro ces s . C lick Y es to co n tinu e.
7. Choose the setup directory. The de fault is C:\Program Files \ Atheros.
Click Next.
8. Choose the program folder for the start menu. The default is Ather os. Click
Next.
9. Fo r a windo ws XP installation, the next screen defines the W indows Zero
Configuration. Windows XP Zero Configuration provides functiona lity to
a u toma tical ly t r y to con nect the statio n to a vai labl e wirel ess ne two rk s . For
comp lete in f o rma tio n o n Windows Zero C on f ig ura tio n , se e the M ic ros of t we b
site .
10 .I n this in s ta llation, s e lect the Atheros Clien t U tili ty a n d Su p p lican t.
C lick Next. T h e insta ller a u to ma tically ins ta lls the d ri ver.
11 .M a ke s u re that the USB device is in s e rted. I f it is not, in s ert it, th e n ca n cel
the fo und Ne w Hard ware Wizard if it appea rs. Proceed with the installation.
Cl ick OK .
12.Windows ma y display a W indows Logo error for the USB bootloader. Click
Continue Anyway.
5
Page 11
Th e in s ta ller con tinu es in s ta llatio n .
13 .Win d o ws may d is p lay a W in dows L o g o er ror fo r the W LAN dr ive r. C lick C lick
Continue Anyway.
Th e in s ta ller con tinu es in s ta llatio n .
14 . Click OK at the pro mp t to reboot and compl ete the i n s tallati o n.
6
Page 12
Insta lling the Atheros USB W ireless Network
Adapter
To in s ta ll th e U SB d r ive r a nd th e Athero s C lien t Utility, see “T o in s ta ll th e ACU
and USB de vice dri ver:” on page 2-1.
To in s ta ll the USB De vi ce Dr ive r sep ara te ly:
1. Insert the USB device into the computer: The Found Ne w Ha rd ware Wizard
opens. Choose advanced installation and click Next.
2. Ch oos e Sea rch for dri ve r in th ese lo ca tio ns. The driver is loca te d in the
Nd is 5 x \ 2KXP d ire c to ry. ( For W in d ows 9 8 SE/ME comp u ters, th e d river is lo cated
in the Nd is5x \98ME).
3. Windows m ay display a W indows Logo error for the bootloader. Click Continue
An ywa y. T he insta ller will continu e with the in stalla tion .
7
Page 13
4. Cl ick F inish to close the Found New Hardware Wiza rd and co m p l ete in s talla ti on
of the USB device bootloader.
5 . Th e F oun d Ne w Ha rdwa re Wiza rd opens to inst all so ftware for the US B dev i ce.
Click Nex t to continue.
6. Ch oos e Sea rch for dri ve r in th ese lo ca tio ns. The driver is loca te d in the
Nd is 5 x \ 2KXP d ire c to ry. ( For W in d ows 9 8 SE/ME comp u ters, th e d river is lo cated
in the Nd is5x \98ME).
8
Page 14
7. Windows m ay display a W indows Logo error for the WLAN drive r. Click
C o n tinu e An ywa y. T h e in s ta ller will contin ue the insta lla tio n .
8. Cl ick F inish to close the Found New Hardware Wiza rd and co m p l ete in s talla ti on
o f th e Ath eros U SB Ne two rk Adapter.
Use the ACU to configure the device driver. The ACU provides extensive online
help to aid in co nf i g u rin g th e de vice. Acce ss th e ACU b y r i g ht- c l icki n g th e tray
i co n and choo sin g Athero s Clie n t Utility.
III. Using the Configuration Utility
To setup the USB adapter, double- cli ck the icon in the sy stem tray.
9
Page 15
For Window s XP, the re is a “Windows Zero Configuration Tool ” b y def ault fo r you to setup
wireless clients. If you want to use the Utility of the USB adapter, please fol l ow one of the
ways as below.
A
. Double-clic k the icon.
B. Click “Ad van ce”.
C. U nchec k “Use Wind o w s t o
configure my wi reless
net wo rk se ttings”.
10
Page 16
3 Configuration Utility
The Client Utility is a user-mode utility de signed to edi t and add profil es for, as well as
display and diagno stics pe rtaini ng to a selected wirele ss USB adapte r.
3.1 Wirel ess C onnection S t at us
When you open the Confi gura tion Utility, the system will scan all the channels t o find all the
access poi nts/station s within the ac cessible ra nge of your card and automaticall y connect to
the wireless device with the hi ghest signal strength. F rom the sc reen , y ou m ay know all the
infomration about the wireless connecti on.
11
Page 17
3.2 Profile Management
Parameter Description
New To add a ne w configura ti on profile, click Ne w on the Pro fi le
Management tab. T o m odify a configura tion profil e, select the
configuration from the Profile list and click the Modi fy bu tto n.
Modify
In the Atheros Client Utility, access the General tab by clicking New or
Modify on the Profile M anagement tab.
Edit the fields in the General tab to configure the configuration
profile. Make sure to also edit the Securi ty and Advanced tabs.
Remove Select the profil e to remove from the list of configuration profiles.
Import
1. From the Pro fi l e M anagem ent tab , clic k the Import bu tto n.
The Import Profil e window ap pear s.
2. B ro wse to the directo r y whe re the profil e is located.
3. Highlight the pro file name.
4. Cli ck Open. The im ported profile appear s in the pro files
li st.
Export
1. From the Pro fi l e M anagem ent ta b, hi g h ligh t th e profi le to
export.
2. Cli ck the Export button. The Export Profile window
appea r s.
12
Page 18
3. B ro wse to the directo r y to expo rt the pro fi le to.
4. Cli ck Save. The profil e is exported to the specified
loca tion.
Order Pro file s
In cludi ng a profile in the auto selection feature allows the wireless
adapter to automaticall y selec t that profile from the l ist of profiles
and use it to connec t to the networ k.
3.3 Diagnostics
The client utility includes a number of tools to display current diagno stics and status
info rmation.
Parameter Description
Adapter Informatio n The Adapter Information button contains general i nformation
about the network inte rf ace ca rd (the wireless netwo r k adapte r )
and the network driver interface specification (NDIS) driver.
Ad vanced Statistics The Diagnostics tab of the Athero s Client Utility provide s buttons
used to re trieve re ceive and transmi t statistics. The Diagnostic s
tab does not require any configuration
13
Page 19
3.4 Security
Thi s Chapter describe s setting up se cu ri ty u si ng th e Athero s Client Utility (A CU).
Whil e usi ng the Athero s USB wireless netwo r k adapte r , encryption data can protect it s as it
i s t ransmitted th rough the wireless netwo rk.
While using the Atheros USB wirel ess network adapter, encrypting data can
protect its privacy as it is transmitted through the wireless network.
The ACU allows connection profiles of:
z No security (not recommended)
Link encryption/decryption i s disabled, no keys are installed.
z WPA security
Enables the use of Wi-Fi Protected Access (WPA). This opti on requires IT
admini stration. This option incl udes the EAP (with dynamic WEP keys)
security protocol s: EAP, PEAP, and LEAP.
WPA is a standard-based, interoperable security enhancement that
provides data protection and access control for wireless LAN systems. It
is derived from and is forward-compati ble with the upcoming IEEE
802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP)
and Michael m essage integrity check (MIC) for data protecti on, and
802.1X for authenticated key m anagement.
WPA supports two mutually exclusive key management types: WPA and
WPA passphrase (also known as WPA-Pre Shared Key (PSK)). Using
WPA, clients and the authenti cation server authenti cate to each other
usi ng an EAP authentication method, and the client and server generate a
pairwise master key (PMK). The server generates the PMK dynamically
and passes i t to the access point.
z WPA-PSK security
Enables WPA passphrase security (also known as WPA-Pre Shared Key
(PSK)).
z 802.1x security
Enables 802.1x se curity. Thi s option requi res IT admini stration. This
option includes the EAP (with dynamic WEP keys) security protocols:
EAP, PEA P, an d LEAP.
802.1x is the standard for wi reless LAN security defined by IEEE as 802.1x
for 802.11, or simply 802.1x. An access poi nt that supports 802.1x and its
protocol, Extensible Authentication Protocol (EAP), acts as the interface
between a wi reless client and an authentication server such as a RADIUS
server, to which the access point communicates over the wi red network.
z Pre-Shared Key security (Static WEP)
Static WEP enables the use of up to four pre-shared (static wired equivalent privacy
(WEP)) keys that are defined on both the access point and the client station.
These keys are stored in an encrypted format in the registry of the
Windows device. When the driver loads and reads the USB devi ce's
registry parameters, it also finds the static WEP keys, decrypts them , and
sto res them in vol a til e memory on the USB devi ce.
If a device receives a packet that is not encrypted with the appropriate key,
the device discards the packet and never delivers it to the intended recipient.
14
Page 20
This is because the WEP keys of all devi ces that are to communicate with each
o the r must ma tch.
Authentication Process
Enabling EAP on the access point and configuring the USB device to LEAP,
EAP-T LS, PEAP (EAP-GTC), or PEAP (EAP-MSCHAP V2) authenti cati on to
the network occurs in the following sequence:
1. The client associates to an access poi nt and begins authenticati on.
2. Communi cating through the access poi nt, the client and RADIUS server
complete authentication with the password (LEAP and PEAP) or
certi ficate (EAP-TLS). The password is never transm itted during the
process.
3. After successful authentication, the client and RADIUS server derive a
dynamic WEP key unique to the client.
4. The RADIUS server transmits the key to the access point using a secure
chan nel on the wir e d L AN .
5. For the length of a sessi on the access point and the client use this key to
encrypt or decrypt all unicast packets (and broadcast packets).
O ver view Of t he S ecurit y Configura tion Option s In ACU
Rad io B utton Descr ip tion
WPA
Enables the use of Wi-Fi Pro tecte d Acce ss (WPA).
Choosing WPA open s the WPA EAP drop-down menu. T he
options include:
EA P-TLS
EA P-TT L S
PE AP (EAP -GT C )
PE AP (EAP -MS C HAP V2 )
LEAP
WPA
Pass phrase
Enable s WPA Pa ssph ra se se curit y.
Clic k on th e Configure button and fill in the WPA Passphra se.
802.1x
Enables 802.1 x security. This option requires IT administration.
Choosing 802.1 x opens the 802.1x EAP typ e drop-down
menu. T he options include:
EA P-TLS
EA P-TT L S
PE AP (EAP -GT C )
PE AP (EAP -MS C HAP V2 )
LEAP
I f the ac ce ss point tha t the wirele ss adapter i s a sso ciating to has
WEP set to Optional and the cli ent ha s WEP en abled, ma ke sure
15
Page 21
that Al low A sso ciation to M ixed Cell s i s chec ked on the Security
Tab to allow association.
Pre-Shared
Key (Static
WEP)
Enable s the u se of p re -sha red keys tha t are defi ned on both th e
a cce ss p oint and the station.
To define pre-shared en cryption keys, choose the Pre -Sh ared Key
radio button and click the Configure button to fill in the De fine
P re -Sha red Keys window.
I f the ac ce ss point tha t the wirele ss adapter i s a sso ciating to has
WEP set to Optional and the cli ent ha s WEP en abled, ma ke sure
that Al low A sso ciation to M ixed Cell s i s chec ked on the Security
Tab to allow association.
None
No securit y (not recommended ).
3.4.1 WPA Security Settings
EAP Security
To use EAP sec urity, access the Security tab in Profile Management.
1. In t h e A C U, edit the securit y s ettin g s by clicking N ew or Mo dify on t h e
Profile Ma nagement tab.
2. Choose a profile to edit, or name the new profile in the Profile
Ma nag eme n t windo w. E n te r th e S SI D of th e acces s poin t the sta tio n
co nnects to.
3. On the Se cu rity tab , choose the WPA rad io button.
O R: O n th e S e cu rit y tab, c hoose th e 80 2.1 x ra di o butto n.
4. Choose EAP- TL S o r EAP-TTL S from the d rop-do wn menu
16
Page 22
Using EAP- TLS Secur ity
Imp ort a n t N ote : To use EAP-TTLS security, the machine must already ha ve the EAP-
TT LS certifi cates do wnloaded onto it from a Cer ti ficate Autho rity ( CA ). Pl ease check with
your IT adm i nist rator.
To use EAP-TLS security In the Athe ros Client Utility, access the Se cu ri ty tab in the P rofile
Management window.
1. On the Security tab, choose t he WPA radio button.
O R: On the Security tab, choo se the 802.1x radio button.
2. Choose EAP-TLS f rom the drop-do wn menu.
E nabling EAP-TLS security:
Imp ort a n t N ote : To use EAP-TTLS security, the machine must already ha ve the EAP-
TT LS certifi cates do wnloaded onto it from a Cer ti ficate Autho rity ( CA ). Pl ease check with
your IT adm i nist rator.
1. I f EAP-TLS is supported, choo se EAP -TLS from the drop -do wn menu on the right,
then click the Configure butt on.
2. Select the appropriate certificate authority from the list. T he server/domain name
and the logi n nam e are filled i n automati call y from the certificate information. Clic k
OK.
3. Cli ck OK.
4. Acti vate the pro file.
17
Page 23
Using EAP- TTLS Secur ity
Imp ort a n t N ote : To use EAP-TTLS security, the machine must already ha ve the EAP-
TT LS certifi cates do wnloaded onto it from a Cer ti ficate Autho rity ( CA ). Pl ease check with
your IT adm i nist rator.
To use EAP security In the Athero s Client Utility, acce ss the Se curity ta b in the Profile
Management window.
1. On the Security tab, choose t he WPA radio button.
O R: On the Security tab, choo se the 802.1x radio button.
2. Choose EAP-TTLS from the drop-down menu.
E nabling EAP-TTLS securi t y:
1. I f EAP-TTLS is supported, ch oose EAP-TT LS from the drop -do wn m enu on the right,
then click the Configure button.
2. Select the appropriate certificate from the drop-down list and cli ck OK.
3. Specify a user nam e for EAP authentication:
o Check Use Windows Use r Name to use the Windows user name as the EAP
user name.
o OR: Enter a EAP user name in the U ser Name fi e ld to use a separate user
name and password and start the EAP authe nti cation pro cess.
4. Cli ck Advanced and:
o Lea ve the server name field blank fo r the client to accept a certifi cate f rom
any ser ver with a ce rtificate signed by the authority listed in the Network
Certificate Authorit y drop-down list . (recommended)
o Enter the domain name of the server f rom which the client will accep t a
certificate .
o Change the logi n nam e if needed.
5. Cli ck OK.
6. Enable the p rofile.
18
Page 24
Using PEAP-GTC Se cu rity
I m p or ta n t No te ! To use PEAP (EAP -GTC) securi t y, the server must have WPA-PEAP
certificates, and the Ce rtificate Au thority (C A) server properties must alread y be set
up. Please check with your IT a dmin istrator.
To use PEAP securi ty, access the Security tab in the Profile Management
window.
1. In the ACU, edit the security settings by clicking New or Modify on the
Profile Management tab.
2. Choos e a prof i le to ed it, or nam e t he new pr of i le in th e Profil e
Management window. Enter the SSID of the access point the client com puter
connects to.
3. On the Security tab, choose the WPA radio button.
OR: On th e Security tab, choose th e 802.1x radio butto n .
4. Choose PEAP (EAP-GTC) or PEAP (EAP-MSCHAP V2) from the
dr op- d ow n me nu.
z PEAP (EAP-GTC) authentication is designed to support one-time Password (OTP), Windows
2000 domain, and L DAP user databases over a wireless LAN. It is based on EAP-TLS
authentication but uses a password instead of a client certificate for authentication. PEAP
(EAPGTC) uses a dynamic sessi on-based WEP key deri ved from the USB d evice and RADIUS
se rver to encrypt da ta.
Networks that use an OTP user database require enteri ng a hardware or software token
password to start the PEAP (EAP-GTC) authentication process and to gain access to the
network. Networks that use a Windows 2000 domai n user database or an L DAP user database
(such as NDS) require entering a username, password, and domain name in order to start the
PEAP (EAP-GTC) authentication process.
z The PEAP (EAP-MSCHAP V2) au thentication type is based on EAPTLS authenti catio n, but uses
password i nstead of a client certificate for authentication. PEAP (EAP-M SCHAP V2) use s a
dynamic session-based WEP key, which is derived from the USB device and RADIUS server, to
encr y pt da t a.
To use PEAP-GTC security In the Atheros Client Utility, access the Se cu ri ty tab in th e
P rofile Managem ent window.
1. On the Security tab, choose t he WPA radio button.
2. O R: On the Security tab, choo se the 802.1x radio button.
3. Choose PEAP (EAP-GTC ) from the d rop-d own m enu.
4. Cli ck the Configure bu tton.
5. Select the appropriate network cer ti ficate authority from the dro p-d own list.
6. Specify a user nam e for inner PEAP tunnel authen ti cation:
– Check U se Window s Use r Name to use the Windows user name as the PEAP
user name.
– OR: Enter a PEAP user name in the User Name fiel d to use a separate user
name a nd start the PEAP a uthentication pro cess.
19
Page 25
7. Choose T oken or Static Password, depending on the user database.
Note that Token uses a hardware token device or the Secure Computing SofToken
program (version 1.3 or l ater) to obtain and enter a one - ti m e password during
auth entication .
8. Cli ck Advanced and:
– Lea ve the server name field blank fo r the client to accept a certifi cate f rom
any ser ver with a ce rtificate signed by the authority listed in the Network
Certificate Authorit y drop-down list . (recommended)
– Enter the domain name of the server f rom which the client will accep t a
certificate .
9. The login nam e used for PEAP tunnel authentica ti on, fil ls in automati call y as PEAP-
xxxxxxxxxxxx, where xxxxxxxxxxxx is the computer's MAC addre ss. Change the
login nam e if needed.
10. Cli ck OK.
11. Enable the p rofile.
Using PEAP-MSCHAP V2 Security
Imp ort a n t N ote ! To use PEAP (E AP-MSCHAP V2) security, the server must have WPA-
PE AP c er ti ficates, and the server pro per ties m ust already be set. Check with the IT
manager.
To use PEAP-MS CHAP V2 security In the Atheros Client Utility, access the S e curit y tab in
the Profile M anagem ent window.
1. On the Security tab, choose t he WPA radio button.
O R: On the Security tab, choo se the 802.1x radio button.
2. Choose PEAP (EAP-MSCHAP V2) from the drop-down menu.
3. Cli ck the Configure bu tton.
4. Select the appropriate certificate from the drop-down list.
20
Page 26
5. Specify a user nam e for inner PEAP tunnel authen ti cation:
– Check U se Window s Use r Name to use the Windows user name as the PEAP
user name.
– OR: Enter a PEAP user name in the User Name fiel d to use a separate user
name a nd start the PEAP a uthentication pro cess.
6. Cli ck Advanced and:
– Lea ve the server name field blank fo r the client to accept a certifi cate f rom
any ser ver with a ce rtificate signed by the authority listed in the Network
Certificate Authorit y drop-down list . (recommended)
– Enter the domain name of the server f rom which the client will accep t a
certificate .
– The login nam e used for PEAP tunnel authentica ti on, fil ls in automatically a s
PE AP-xxxxxxxxxxxx, whe re xxxxxxxxxxxx is the compu ter's MAC
address. Change t he l ogin name i f needed.
7. Cli ck OK.
8. Enable the p rofile.
21
Page 27
Using LEAP Secur ity
Imp ort a n t N ote ! LEAP securi ty requires that al l infrastructu re de vices (e.g. acce ss
points and se rvers) are configured for L EAP authenticati on. Chec k wi th the IT manager.
To use security In the Athero s Client Utility, access the S e curit y tab in the Profile
Management window.
Confi guring LEAP:
The LEAP authentication type uses Cisco Key Integrity Protocol (CKIP) and MMH message integrity
check (MIC) for data protecti on. The USB device uses the username and password to perform mutual
authentication wi th the RADIUS server through the access point. T o use LEAP security, access the
Security tab in Profile Management.
1. In the ACU, edit the security settings by clicking New or Modify on the
Profile Management tab.
2. Choos e a prof i le to ed it, or nam e t he new pr of i le in th e Profil e
Management window. Enter the SSID of the access point the station
connects to.
3. On the Security tab, choose the WPA radio button.
OR: On th e Security tab, choose th e 802.1x radio butto n .
4. Choose LEAP from the drop-down menu.
1. Cli ck the Configure bu tton.
2. Spe cify a user name and password:
Sel ect to U se Tem porary U ser Nam e and Password b y choo si ng the radi o bu tton:
22
Page 28
o Check Use Windows Use r Name to use the Windows user name as the L EAP
user name.
o OR: Check Manually Prompt for LEAP U ser Name and Password to manually
login and start the LEAP authentica ti on proce ss.
Sel ect to U se Saved User N am e and Password b y choosing the radio bu tton:
o Specify the LEAP user name, p assword, and domain to save and use.
3. En ter the user name an d password.
4. Confirm the password .
5. Spe cify a dom ain name:
o Check the Include Windows Logon Domai n with U ser Name setting to pass
the Window s logi n dom ain and user name to the RADIUS ser ver. ( default)
o OR: Enter a specific domain name.
6. I f desired, che ck No Ne twor k Conne ction Unless User Is Logged In to force the
wireless adapter to disassociate af ter logging off.
7. Enter the LEAP authentication tim eout time (between 30 and 500 seconds) to specify
how long LEAP should wait befo re declaring authentication fai l ed, and sending an
erro r message. The defaul t is 90 seconds.
8. Cli ck OK.
9. Enable the p rofile.
3 .4.2 Using WPA Pass p hrase Sec ur ity
To use WPA Pa ssphrase security In the Atheros Client Utility, access the Security tab in the
P rofile Managem ent window.
1. In the ACU, edit the security settings by clicking New or Modify on the Profile Management
tab.
2. Choos e a prof i le to ed it, or nam e t he new pr of i le in th e Profil e Man agemen t wi nd ow . E nter
the SSID of the access point the client computer connects to.
3. On the Security tab, choose WPA Passphrase.
4. Click o n the Security ta b, and choose the WPA-PSK radi o button. Click the
Configure button.
.
23
Page 29
5. Enter the WPA passphrase (for ASC II text, enter 8 -63 characte r s, fo r he xadecimal ,
ente r 64 characters). Clic k OK.
6. Click O K and enabl e the p rofile.
3.4.3 Pre-Shared Encryption Keys
To use Pre-Sha red Key (stati c WEP ) se curity In th e Atheros Client Uti li ty, access th e S e curity tab in
the Pr ofile Ma na ge me nt w in dow .
1. In the ACU, edit the security settings by clicking New or Modify on the Profile Management tab.
2. Choose a profile to edit, or name the new profile in the Profile Management window. Enter the SSID
of the access poi nt the client computer connects to.
3. On the Security tab, choose Pre-Shared Key (Static WEP).
Defining pre-shared encryption keys:
1. Cli ck the Define Pre-Sha red Keys radio button on the Se curity tab.
2. Cli ck on Configu re.
3. Fill in the fields in the WEP Encryption keys dialog box:
Ke y Button Descr ipti on
Ke y Entry Determines the entry method for an encryption key:
he xadecimal (0 -9, A -F ), o r ASCII text (all keyb oard cha ra cte rs
except spaces).
En cryption Keys Selects the defaul t encryption key s used. Onl y all ows the
sele ction for a shared First, Second , T hird, or Fourth key
whose corre sponding field has been completed.
W EP Keys (1-4)
Defines a set of shared encr yption keys fo r ne two r k
24
Page 30
configuration security. At least one Shared Key fiel d m ust be
populated to enabl e security using a shared key .
Clic k on the radio button to set the key as the defaul t
en cr ypt io n key .
WEP Key Size
Defines the size for each encr yption key . T he options include:
o 64- bit (e nter 10 digits for hexadecimal , 5 ASCII
char acter s)
o 128- bit ( enter 26 digits for hexadecimal , 13
digits for ASCII)
o 152-bit (en ter 32 digits hexa decimal, 16 digi ts
fo r ASCII )
4. Click OK for the changes to take effect.
Overwriting an Existing Static WEP Key
1. Cli ck the Define Pre-Sha red Keys radio button on the Se curity tab.
2. Cli ck on Configu re.
3. In the windo w, all existin g st atic WEP keys are disp laye d as asterisks f or se curi t y
reasons. Click in the fiel d of the existing static WEP key t o overw rite.
4. D ele t e the asterisks in t ha t f ield .
5. En ter a new key.
6. M a ke su re t o s e l e c t t h e Transmit Key button to the left of this key is selecte d for th e
key t o transmit pa ckets.
7. Cli ck OK.
D isabl in g Stat ic WEP
To disabl e static WEP for a par ticular profil e, choose None on the Profile
Management tab and cli ck OK.
OR: Select any other security option on the Profil e M anagem ent tab to automati call y
di sabl e sta tic WEP .
25
Page 31
4 Troubleshooting
This chapter pro vides solutions to problems usually encountered during the install ati on and
operation of the adapter.
1. Fo r Wi ndow s 98SE c omp uters, if the Atheros Cli ent Utility fails to loa d
after properly installation, click on the windows “Start” button on your
t oolbar, s el ect the “run” button, and ente r
“C :\ Window s\s ys tem\aegis2.exe ” i nto the dia log box, then press ente r, a
dialog box w ill p op up, please select “ins tall” t hen press “enter”.
2. Fo r Wi ndow s XP or Window s XP SP1, p lease upda te your w ind ow s w i th
the follow ing h otfix http://suppor t.micros oft.com/?scid=k b%3 Ben-
us%3B822603 &x=10&y =13 if y o ur c o p y of Win d ow s XP ha s be en u pda te d
w ith S ervice Pack 2 ( SP2), you do not need t o apply this hotfix.
3. Be fore Un ins tal ling the Athe ros Clie nt Ut ili ty a nd the Dev ice Driv ers,
please make sure t he At her os S uper-G US B dongle is u nplugged from
the computer.
4. To Unins tall the Ather os Clie nt Utilit y, please dou ble c lick on “set up” on
you r driv er i nstalla tion CD, then select the uni ns tal l o ption, then press
enter.
5. I n the dev ice mana ge r, i f “A theros US B Wireless Ada pter Fi rmware
Downl oa der” s how s up unde r US B Controlle rs, please right click o n the
item a nd s elect “unins ta l l ” to unins ta ll t he dev i ce. It is re commended
that yo u uninstall the Atheros Client Uti lity, rebo ot your comp uter and
reinstall the Atheros Client U tility s houl d this situation e ver occur.
6. In Windows ME, if you receiv e an err or abo ut IPHLPAPI. DLL, pl ease
logoff your acc ount, and re-login your account.
7. In Windows 98SE/ME, Errors may be enc ountered when the d rivers are
installe d thr ough the “Found New Hardware Wiza rd” by choosing “Don’t
search. I w ill cho ose the driv er to install”. To p revent this err or , please
fo ll ow pag e 7 o f this user’s manua l.
Frequently Asked Questions (FAQ)
1. What is the IEEE 802.11g standard?
802. 11g is the new IEEE standa rd for high-speed wireless LAN communi cations that
provides for up to 54 M bps data rate in the 2.4 GH z band. 802.11 g is quickly becoming
the next mai nstream wireless LAN technology for the home, office and publ i c networ ks.
26
Page 32
802. 11g defines the use of the same OFDM modulation technique specified in IE EE
802. 11a for the 5 GH z f requenc y band and appl i es i t in the same 2.4 GHz frequency
band as IEEE 80 2.11b. The 802.11g standard require s backward compatibility with
802. 11b.
The standa rd specifi cally call s fo r:
A. A new physical l ayer for the 802.11 Medi um Access Control (MAC) in the 2.4 GHz
f requen cy band, known a s the extended rate PHY (ERP ). The E RP adds OFDM as
a mandatory new coding scheme for 6, 12 and 24 Mbps (mandatory speeds), and
18, 36, 48 and 54 Mbps (opti onal speeds). The E RP includes the modul ati on
schemes found in 802.11b including CCK for 11 and 5.5 M bps and Ba r ker code
modulation for 2 and 1 Mbps.
B. A protec tion m echanism called RTS/CTS that governs how 802.11g devices and
802. 11b devices interoperate.
2. What is the IEEE 802.11b standard?
The IEEE 802.11b Wireless LAN standard subcommittee, which formulate s the
standard for the i ndustry. The objective is to enable wireless LAN ha rd ware from
diffe ren t manufacture s to communicate.
3. What does IEEE 802.11 feat ure support?
The product supports the following I EEE 80 2.11 functions:
z CSMA/CA plus Acknowledge Protocol
z M ulti-Channel Roaming
z A u tomati c Rate Selecti on
z RTS/CTS Fe a ture
z F ra gm entation
z Power Management
4. What is Ad-hoc?
An Ad-hoc integrated wirel ess LAN i s a group of compute r s, each ha s a Wireless LAN
adapter, Connected as an independent wirele ss LAN. Ad hoc wireless LAN is
applicable at a depa r tmental scale for a branch or SOHO operation.
5. What is Infrastructure?
An integrated wirele ss and wirele ss and wired LAN is called an In frastructu re
configuration. Infrastructu re is appli cable to enterp rise scale fo r wirel ess ac cess to
central database, or wireless applica tion for mobile worke r s.
6. What is BSS ID?
A specific Ad hoc LAN is called a Basic Service Set (BSS). Compute r s in a BSS m ust
be configured with the same BSS I D.
7. What is WEP?
WEP is Wi red Equival ent Priva cy, a data privacy mechanism based on a 40 bit shared
key algorithm, as desc ribed in the IEEE 802 .11 standa rd .
27
Page 33
8. What is TKIP?
TKIP is a quic k-fix method to quickly o vercome the inherent weaknesses in WEP
security, especially t he reuse of encryption keys. TKIP is involved i n the IEEE 802.11i
WLAN secu rit y standa rd, and the specification m ight be official l y released by ea rly
2003 .
9. What is AES?
AE S (Advanced Enc ryption Standard ) , a chip-based security, has been developed to
ensu re the highest degree of secu rity and authenticity for digital information, whe re ver
and however comm uni cated or sto red , while m aki ng m ore efficient use of hardware
and/ or software than pre vious encry pti on standards. It is also included in IEEE 802.11i
standa rd. Compa re with AES, TKIP is a tem porary protocol for replaci ng WEP secu rity
until manufacture r s implement AES a t the hardware level .
10. C an Wire less produc ts s up port pri nter sha ri ng?
Wireless products pe rform the same function as LAN product s. Therefo re, Wireless
product s can wo r k with Netware, Window s 2000, o r other LAN opera ti ng systems to
support printer or file sharing.
1 1. Would the i nform a ti on be i nte rce pted wh ile tran s mitting on ai r ?
WLAN features two-fold protection in secu rit y. On the hard ware side, as with Direct
Sequen ce Spread Spectrum technology, it has the i nhere nt secu rity feature of
scrambl ing. On the software side, WLAN series offe r the encryption function (WEP) to
enhance secu rit y and Access Control. U ser s can se t i t up depending upon their needs.
12. What is DSS S? What is FHSS? And what are t hei r di f ferences?
Frequenc y-hopping sp read- spec trum (FHSS) u se s a nar ro wband carri e r that change s
f requen cy in a pattern that is known to both transmitter and receiver. Properly
synchronized, the net effect is to m ai ntai n a si ngl e logical channel. To an unintended
receiver, FHSS appears to be short-duration impulse noise. Direct - sequence spread spect rum (DSSS) generates a redundant bit pattern for each bit to be tran smi tted. This
bit pattern i s called a chip (or chippi ng code). T he longer the chip is, the gre ater the
p robability that the original data can be recovered. Even if one or more bits in the chip
are damaged during tran smission, statistical techniques embedded i n the radio can
reco ver the original data without-the need for retransmission. T o an unintended
receiver, DSSS appears a s low powe r wideband noise and is rejected (ignored ) by
most na r ro wband receivers.
13. What is Spread Spec t rum?
Sp read Spectrum technology is a wideband radio f requ ency te chnique developed by
the military for use in reliable, secure, mission-critical communication systems. It is
designed to trade off bandwidth efficienc y for reli abi lity, i ntegrity, and secu rit y. I n other
word s, mor e bandwidth is consumed than i n the case of narrowband tran smission, but
the trade o ff produces a signal that is, in effect, louder and thus easier to detect,
p rovided that the re ceiver knows the pa ramete rs of the spread-spect rum si gnal being
broadcast . If a receiver is not tuned to the right frequency, a spread –spectrum signal
28
Page 34
looks like background noise . T her e are two main alternati ves, Direct Sequence Spread
Spe ctrum ( DSSS) and Frequency Hopping Spread Spectrum (FHSS).
29
Loading...