Size:
2.73 Mb
Download

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

To configure WPA-PSK:

1.From the Network Authentication drop-downmenu, selectWPA-PSK.By default,Data Encryption will be set toTKIP.

2.Enter the preshared key passphrase (Network Key).

3.Wireless Client Security Separation is disabled by default. If enabled, associated wireless clients will not be able to communicate with each other. (This feature is intended for hotspots and other public access situations.

4.Click Apply to save your settings.

Configuring WPA2-PSK

Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Make sure your client card supports WPA2. Consult the product document for your wireless adapter and WPA2 client software for instructions on configuring WPA2 settings.

Figure 2-22ConfigureWPA2-PSK

To configure WPA2-PSK:

Basic Installation and Configuration

2-41

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

1.From the Network Authentication drop-downmenu, selectWPA2-PSK from the list. By default,Data Encryption will be set toAES.

2.Enter the preshared key passphrase (Network Key).

3.Wireless Client Security Separation is disabled by default. If enabled, associated wireless clients will not be able to communicate with each other. (This feature is intended for hotspots and other public access situations.

4.Click Apply to save your settings.

Configuring WPA-PSKandWPA2-PSK

Not all wireless adapters support WPA and WPA2. Client software is required on the client:

Windows XP and Windows 2000 with Service Pack 3 or above do include the client software that supports WPA. The wireless adapter hardware and driver must also support WPA.

Service Pack 3 does not include the client software that supports WPA2. Make sure your client card supports WPA2. The wireless adapter hardware and driver must also support WPA2.

Consult the product documentation for your wireless adapter; WPA client software for instructions on configuring WPA settings; and WPA2 client software for instructions on configuring WPA2 settings

2-42

Basic Installation and Configuration

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

.

Figure 2-23ConfigureWPA-PSKandWPA2-PSK

To configure WPA-PSKandWPA2-PSK:

1.From the Network Authenticationdrop-down menu, select WPA-PSK&WPA2-PSK. By default, Data Encryptionwill be set to TKIP+AES.

2.Enter the WPA Passphrase (Network Key).

3.Wireless Client Security Separation is disabled by default. If enabled, associated wireless clients will not be able to communicate with each other. (This feature is intended for hotspots and other public access situations.

4.Click Apply to save your settings.

Basic Installation and Configuration

2-43

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Restricting Wireless Access by MAC Address

The optional Access Control window lets you block the network access privilege of any specified stations through the WNDAP350 wirelss access point. When you enable access control, the access point only accepts connections from clients on the selected access control list. This provides an additional layer of security.

Note: If configuring the WNDAP350 from a wireless computer whose MAC address is not in the access control list, if you select Turn Access Control On, you will lose your wireless connection when you clickApply. You must then access the wireless access point from a wired computer or from a wireless computer that is on the access control list to make any further changes.

To restrict access based on MAC addresses:

1.Log in to the WNDAP350 using the default address of http://192.168.0.237, user name ofadmin and default password ofpassword, or whatever LAN address and password you have set up.

2.Under the Configuration tab, selectSecurity on the main menu, selectAdvanced from the left panel, and then selectMAC Authentication. The MAC Authentication screen displays.

2-44

Basic Installation and Configuration

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Figure 2-24Configure MAC authentication

3.Check the Turn Access Control On radio box to enable Access Control feature.

4.Select the desired Access Control Database options. The options are:

Local MAC Address Database – The Access Point will use the local MAC address table for Access Control. This is the default.

RADIUS MAC Address Database – The Access Point will use the MAC address table located on the external RADIUS server on the LAN for Access Control. If you choose this database, you must configure the RADIUS Server Settings first (see“Configuring the RADIUS Server Settings” on page 2-29).

5.The Trusted Wireless Stations list shows any wireless stations you have entered. If you have not entered any wireless stations this list will be empty. To delete an existing entry, select it and then clickDelete.

6.Click Refresh to refresh the Available Wireless Stations list found in your area.

7.Select the stations from the list of Available Wireless Stations found in your area, or enter the MAC address of a station to add a new station manually. (You can usually find the MAC address printed on the bottom of the wireless adapter.)

Basic Installation and Configuration

2-45

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

8.Click Add to add the wireless device to theTrusted Wireless Stations list. Repeat these steps for each additional device you want to add to the list.

9.Click Apply to save your wireless access control list settings.

Now, only devices on this list will be allowed to wirelessly connect to the WNDAP350.

2-46

Basic Installation and Configuration

v1.1, November 2009

Chapter 3

Management

This chapter describes how to use the management features of your ProSafe Dual Band Wireless- N Access Point WNDAP350. To access these features, connect to the WNDAP350 as described in “Logging In Using the Default IP Address” on page 2-12.Then select the category under either theMonitoring orMaintenance headings in the main menu of the browser interface.

This chapter contains the following sections:

1.“Remote Management

2.“Remote Console

3.“Upgrading the Wireless Access Point Software

4.“Configuration File Management

5.“Restoring the WNDAP350 to the Factory Default Settings

6.“Changing the Administrator Password

7.“Enabling the SysLog Server

8.“Using Activity Log Information

9.“Viewing General Summary Information

10.“Viewing Network Traffic Statistics

11.“Viewing Available Wireless Station Statistics

12.“Enabling Rogue AP Detection

13.“Viewing Rogue AP Statistics

14.“Packet Capture

Remote Management

Both the SNMP and Remote Console are enabled by default, which allows for remote management of the WNDAP350 from a client running SNMP management software, as well as from a secure Telnet console.

3-1

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

To set up an SNMP management interface:

1.Under the Maintenance tab, selectRemote Management, and then selectSNMP from the left sidebar. The SNMP screen displays, as shown inFigure 3-1 below:

Figure 3-1Configure SNMP settings

2.Enter the following information in the SNMP fields:

SNMP: Enable SNMP to allow the SNMP network management software, such as HP OpenView, to manage the wireless access point via SNMPv1/v2 protocol.

Read-Only Community Name: The community string to allow the SNMP manager to read the wireless access point's MIB objects. The default is Public.

Read-Write Community Name: The community string to allow the SNMP manager to read and write the wireless access point's MIB objects. The default is Private.

Trap Community Name: The community string to allow the SNMP manager to send traps. The default is trap.

IP address to Receive Traps: The IP address of the SNMP manager to receive traps sent from the wireless access point.

Trap Port: The port number on which the SNMP Manager will receive traps. The default is 162/UDP.

3-2

Management

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Remote Console

The Remote Console configuration features are located under the Maintenance tab,Remote Management, and then underRemote Console. Enter the following information in the Remote Console screen, as shown inFigure 3-2:

Secure Shell (SSH): If set to Enable, the Wireless Access Point will only allow remote access via Secure Shell and Secure Telnet. The default isEnable.

Telnet: If set to Enable, the Wireless Access Point will only allow remote access via Telnet. The default isDisable.

Figure 3-2Configure Remote Console

Using the Secure Telnet Interface

The WNDAP350 includes a secure Telnet command line interface (CLI). You can access the CLI from a secure Telnet client over the Ethernet port or over the serial console port.

Note: You must use a secure Telnet client such as Absolute Telnet. Also, when you configure the client, use the SSH1, 3DES option. If you use the Telnet client to connect over the Ethernet port, use the IP address of the WNDAP350 as the host name.

Management

3-3

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

To use the CLI from a Console Port:

1.Using the null-modemcable, connect a VT100/ANSI terminal or a workstation to the port labeled Console.

If you attached a PC, Apple Macintosh, or UNIX workstation, start a secure terminalemulation program.

2.Configure the terminal-emulationprogram to use the following settings:

Baud rate: 9600 bps

Data bits: 8

Parity: none

Stop bit: 1

Flow control: none

These settings appear below the connector on the back panel.

3. PressEnter. The screen shown below inFigure 3-3 should appear.

Figure 3-3

4.Enter the login name and password (admin andpassword are the defaults).

After successful login, the <Access Point Name> prompt should appear. In this example, the prompt isnetgear74F35E.

5.Enter help to display the CLI command help.

CLI Commands

The CLI commands are listed in Appendix C, “Command Line Reference.”

3-4

Management

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Upgrading the Wireless Access Point Software

The software of the WNDAP350 wirelss access point is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from Netgear's Web site. The upgrade file can be sent to the wireless access point using your browser.

Note: The Web browser used to upload new firmware into the WNDAP350 must support HTTP uploads, such as Microsoft Internet Explorer 6.0 or above or Mozilla 1.5 or above.

You cannot perform the software upgrade from a computer that is connected to the WNDAP350 wirelss access point with a wireless link. You must use a computer that is connected to the WNDAP350 wirelss access point with a Ethernet cable.

Warning: When uploading software to the WNDAP350 wirelss access point, it is important not to interrupt the Web browser by closing the window, clicking a link, or loading a new page. If the browser is interrupted, the upload may fail, corrupt the software, and render the WNDAP350 completely inoperable.

Management

3-5

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

The Web browser used to upload new firmware into the WNDAP350 must support HTTP uploads, such as Microsoft Internet Explorer 6.0 or above, or Firefox 1.5 or above.

Figure 3-4Firmware upgrade screen

To upgrade the WNDAP350 firmware:

1.Download the new software file from the NETGEAR website, save it to your hard disk.

2.Under the Maintenance tab, selectUpgrade from the main menu, and then selectFirmware Upgrade. The Firmware Upgrade screen displays as shown inFigure 3-4 above.

3.Click Browse and browse to the location of the upgrade file.

4.Click Apply.

When the upload completes, your wireless access point will automatically restart. The upgrade process typically takes about 2 minutes.

Configuration File Management

The WNDAP350 wirelss access point settings are stored in the wireless access point in a configuration file. This file can be saved (backed up) to a user’s computer, retrieved (restored) from the user’s computer, or cleared to factory default settings.

3-6

Management

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Saving Your Configuration Settings

To backup your configuration settings:

Under the Maintenance tab on the main menu, selectUpgrade, then selectBackup Settings from the left sidebar to back up your current settings. The following screen displays:

Figure 3-5Backup configuration settings

1.Click Backup. Your browser will extract the configuration settings from the wireless access point and prompt you for a location on your computer to store the file.

2.Give the file a meaningful name, such as WNDAP350.cfg, and clickSave.

Restoring Saved Settings

To restore your settings from a saved configuration file:

Management

3-7

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Under the Maintenance tab on the main menu, selectUpgrade, then selectRestore Settings from the sidebar to back up your current settings. The following screen displays:

Figure 3-6Restore Configuration settings from file

1.Enter the full path to the file on your computer or click the Browse button to locate the file.

2.When you have located the file, click Restore to upload the file. After completing the upload, the WNDAP350 will reboot automatically.

Restoring the WNDAP350 to the Factory Default Settings

It is sometimes desirable to restore the wireless access point to the factory default settings. This can be done by using the Restore Defaults option, which restores all factory settings.

To access this function:

1.Under the Maintenance tab on the main menu, selectReset, and then selectRestore Defaults from the sidebar. The Restore Defaults screen displays, as shown inFigure 3-7 below.

3-8

Management

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Figure 3-7Restore to factory defaults

2.On the Restore Defaults screen, enable the Restore to factory default settings option by selecting theYes radio button.

3.Click Apply to reset to the factory default settings.

After a restore, the wireless access point password will be password, the default LAN IP address will be192.168.0.237, and the access point name will reset to the name printed on the label on the bottom of the unit.

To restore the factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the rear panel of the wireless access point (see Figure 1-1 on page 1-7).The reset button has two functions:

Reboot. When pressed and released, the Wireless Access Point will reboot (restart).

Reset to Factory Defaults. This button can also be used to clear all data and restore all settings to the factory default values.

To clear all data and restore the factory default values: 1. Power off the WNDAP350.

Management

3-9

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

2.Use something with a small point, such as a pen, hold the Reset button for 5 seconds while you Power On the WNDAP350.

3.Continue holding the Reset Button until the LEDs blink twice.

4.Release the Reset Button.

The factory default configuration has now been restored and the WNDAP350 is ready for use.

Changing the Administrator Password

The default password is password. You should change this password to a more secure password, since you cannot change the administrator login name.

To change the Administrator password:

1.Under the Maintenance tab on the main menu, selectPassword, and then selectChange Password. The Change Password screen displays as shown inFigure 3-8 below.

Figure 3-8Change administrator password

2. First enter the old password in theCurrent Password field.

3-10

Management

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

3.Then enter the new password twice, once in the New Password field and again in theRepeat New Password field.

4.Click Apply to save your change.

Enabling the SysLog Server

The SysLog screen allows you to enable the SysLog option if you have a SysLog server on your LAN.

To enable a SysLog server:

1.Under the Configuration tab on the main menu, selectSystem, then select theAdvanced option, and selectSysLog to view the screen shown inFigure 3-9.

Figure 3-9Enable SysLog server

2.Enable SysLog – Enable this option if you have a SysLog server on your LAN. If enabled, you must enter the IP address of your SysLog server and the port number your SysLog server is configured to use. The default is Disabled.

3.SysLog Server IP Address – The access point will send all the SysLog to the specified IP address if SysLog option is enabled.

4.Port Number – The port number configured in the SysLog server on your LAN. Default is 514.

Management

3-11

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

5. ClickApply to save your SysLog settings.

Using Activity Log Information

The Activity Log screen displays the Access Point system activity.

To view the Activity Log, under the Monitoring tab on the main menu, clickLogs. The Activity Logs screen displays as shown inFigure 3-10 below.

Figure 3-10View activity logs

The Activity Log Window displays the Access Point system activity.

Click Refresh to update the display, clickClear to clear the log content, or clickSave As to save the log contents into a file on a disk drive.

Viewing General Summary Information

The System screen, under the Monitoring tab provides a summary of the current WNDAP350 configuration settings, including current IP settings and current Wireless settings. This information is read only, so any changes must be made on other pages.

To access the System screen:

3-12

Management

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Under the Monitoring tab on the main menu, selectSystem to view the System screen, shown inFigure 3-11 below. This screen shows the parameters listed inTable 3-1:

Table 3-1.System Information Fields

Field

Description

 

 

Access Point Information

 

 

 

Access Point Name

Indicates the NetBIOS name. The default name may be changed, if desired.

 

 

Ethernet MAC Address

Displays the Media Access Control address (MAC address) of the wireless

 

access point’s Ethernet port.

 

 

Wireless MAC address for

Displays the Media Access Control address (MAC address) of the wireless

2.4GHz

access point’s wireless card when operating at 2.4GHz

 

 

Wireless MAC address for

Displays the Media Access Control address (MAC address) of the wireless

5GHz

access point’s wireless card when operating at 5GHz

 

 

Country/Region

Displays the domain or region for which the wireless access point is

 

licensed for use. It may not be legal to operate this wireless access point in

 

a region other than one of those identified in this field.

 

 

Firmware Version

The version of the firmware currently installed.

 

 

Current Time

Displays the current system time of the access point.

 

 

Current IP Settings

 

 

 

IP Address

The IP address of the wireless access point.

 

 

Subnet Mask

The subnet mask for IP address of the wireless access point.

 

 

Default Gateway

The default gateway for the wireless access point communication.

 

 

DHCP Client

Enabled indicates that the current IP address of the AP was obtained from a

 

DHCP server on your network. Disabled indicated a static IP configuration.

 

 

Current Wireless Settings for 802.11b/bg/ng

 

 

Operating Mode

Identifies the 802.11 operating mode of the WNDAP350.

 

 

Channel/Frequency

Identifies the channel the wireless port is using. ‘Auto’ is the default channel

 

setting. (Channel frequencies used on each channel can be found in “Wire-

 

less Communications”; a link to this article is in Appendix B, “Related

 

Documents.).

Rogue AP Detection

Identifies whether the Rogue AP detection feature is enabled or disabled.

 

 

Current Wireless Settings for 802.11n/na

 

 

Operating Mode

Identifies the 802.11 operating mode of the WNDAP350.

 

 

Management

3-13

v1.1, November 2009

ProSafe Dual Band Wireless-NAccess Point WNDAP350 Reference Manual

Table 3-1.System Information Fields (continued)

Field

Description

 

 

Channel/Frequency

Identifies the channel the wireless port is using. 11 is the default channel

 

setting. (Channel frequencies used on each channel can be found in “Wire-

 

less Communications”; a link to this article is in Appendix B, “Related

 

Documents.).

Rogue AP Detection

Identifies whether the Rogue AP detection feature is enabled or disabled.

 

 

Figure 3-11View system information

Viewing Network Traffic Statistics

The Statistics screen displays information for both wired (LAN) and wireless (WLAN) interface network traffic.

To access Statistics information:

1.Under the Monitoring tab on the main menu, selectStatistics. The Statistics screen displays, as shown inFigure 3-12 below.

3-14

Management

v1.1, November 2009