ProSafe Dual Band Wireless-N Access Point WNDAP360
Reference Manual
350 East Plumeria Drive
San Jose, CA 95134
USA
May 4, 2011
202-10826-01
v1.0
ProSafe Dual Band Wireless-N Access Point WNDAP360
©2011 NETGEAR, Inc. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. T o register your product, get the latest product updates, get support online, or
for more information about the topics covered in this manual, visit the support website at
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): Check the li
http://support.netgear.com/app/answers/detail/a_id/984.
st of phone numbers at
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. Other brand and product names are registered trademarks or trademarks of their respective
holders. © 2011 NETGEAR, Inc. All rights reserved.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication Part Number Version Publish Date Comments
202-10826-01 v1.0 May 4, 2011 First publication
2
Contents
Chapter 1 Introduction
Chapter 2 Installation and Basic Configuration
About the ProSafe Dual Band Wireless-N Access Point WNDAP360 . . . . .6
What Is In the Box? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
System Requirements . . . . . . . .
Key Features and Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Supported Standards and Conventions . . . . . . . . . . . . . . . . . . . . . . . . . .8
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
802.11b/g/n and 802.11a/n Standards–Based W
Autosensing Ethernet Connections with Auto Uplink
Hardware Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Top Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Bottom Panel with Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
What You Need before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Wireless Equipment Placement and Range G
Ethernet Cabling Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
LAN Configuration Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Computer Hardware Requirements
Install and Configure the Wireless Access Point . . . . . . . . . . . . . . . . . . . .15
Connect the Wireless Access Point
Log In to the Wireless Access Point
Configure Basic General System Settings
Configure IP Settings and Optional DHCP
Configure Basic Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Operating Frequency (Channel) Guidelines. . .
Test Basic Wireless Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Mount the Wireless Access Point. . . . . . . . .
Ceiling Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Wall Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Desk Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
ireless Networking . . .10
. . . . . . . . . . . . . . .10
uidelines. . . . . . . . . . . . .14
. . . . . . . . . . . . . . . . . . . . . . . . . . . .15
to Computer. . . . . . . . . . . . . . . . . .16
. . . . . . . . . . . . . . . . . . . . . . . . . . . .17
and Time Settings . . . . . . . .19
Server Settings . . . . . . . . . .21
. . . . . . . . . . . . . . . . . . .29
. . . . . . . . . . . . . . . . . . . . . . .30
Chapter 3 Wireless Configuration and Security
Wireless Data Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Security Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Before You Change the SSID, WEP, and WPA Settings . . . . . . . . . . . .39
Configure and Enable Security Profiles . . . .
Configure RADIUS Server Settings . . . . . . . . .
3
. . . . . . . . . . . . . . . . . . . . .42
. . . . . . . . . . . . . . . . . . . . .51
ProSafe Dual Band Wireless-N Access Point WNDAP360
Restrict Wireless Access by MAC Address . . . . . . . . . . . . . . . . . . . . . . . .53
Schedule the Wireless Radio to Be Turned Off . . . . . . . . . . . . . . . . . . . . . 55
Configure Basic Wireless Quality of Service . . . . . . . . . . . . . . . . . . . . . . . 56
Chapter 4 Management
Enable Remote Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
SNMP Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Secure Shell and Telnet Management. . . . . . . . . . . . . . . . . . . . . . . . . .60
Upgrade the Wireless Access Point
Manage the Configuration File or Reset to Factory
Save the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Restore the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Restore the Wireless Access Point to the
Reboot the Wireless Access Point without Restoring
Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Change the Administrator Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Enable the Syslog Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Monitor the Wireless Access Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
View System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Monitor Wireless Stations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
View the Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Enable Rogue AP Detection and Monitor Access
Enable and Configure Rogue AP Detection. . .
View and Save Access Point Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Software . . . . . . . . . . . . . . . . . . . . . .61
Defaults . . . . . . . . . . .64
Factory Default Settings. . . .66
the
Points. . . . . . . . . . . . . .77
. . . . . . . . . . . . . . . . . . . 77
Chapter 5 Advanced Configuration
Spanning Tree Protocol and 802.1Q VLAN . . . . . . . . . . . . . . . . . . . . . . . .81
Hotspot Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configure Advanced Wireless Settings . . . . . .
Configure Advanced QoS Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configure Wireless Bridging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Configure a Point-to-Point Wireless Network. . . . . . . . . . . . . . . . . . . . .90
Configure a Point-to-Multipoint Wireless Net
Configure the Wireless Access Point to Repeat the Wireless
Signal Using Point-to-Multipoint
Bridge Mode . . . . . . . . . . . . . . . . . . . .98
. . . . . . . . . . . . . . . . . . . . .84
work . . . . . . . . . . . . . . . . .93
Chapter 6 Troubleshooting
Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
No LEDs Are Lit on the Wireless Access Point
The Active LED or the LAN LED Is Not Lit . . . . . . . . . . . . . . . . . . . . . .105
The WLAN LED Does Not Light Up . . . . . . . . . . . . . . . . . . . . . . . . . . .105
You Cannot Access the Internet or the LAN from a
Wireless-Capable Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
You Cannot Configure the Wireless Access Point from a Browser . . . . .106
When You Enter a URL or IP Address a Time-O
. . . . . . . . . . . . . . . . . . 104
ut Error Occurs. . . . . . .107
4
ProSafe Dual Band Wireless-N Access Point WNDAP360
Troubleshooting a TCP/IP Network Using the Ping Utility . . . . . . . . . . . .107
Testing the LAN Path to Your Wireless Access Point . . . . . . . . . . . . .107
Testing the Path from Your
Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Use the Packet Capture Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Computer to a Remote Device . . . . . . . . .108
Appendix A Supplemental Information
Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Appendix B Command-Line Reference
Appendix C Notification of Compliance
Index
5
1. Introduction
This chapter introduces the NETGEAR® ProSafe™ Dual Band Wireless-N Access Point
WNAP360 and describes some of the key features. This chapter includes the following se ctions:
• About the ProSafe Dual Band Wireless-N Access Point WNDAP360
• What Is In the Box?
• System Requirements
• Key Features and Standards
• Hardware Description
Note: For more information about the topics covered in this manual, visit
the support website at http://support.netgear.com.
1
About the ProSafe Dual Band Wireless-N Access Point WNDAP360
The ProSafe Dual Band Wireless-N Access Point WNDAP360 is the basic b uilding block of a
wireless LAN infrastructure. It provides 2.4 GHz 802.11b/g/n and 5 GHz 802.11a/n
connectivity between wired Ethernet networks and radio-equipped wireless notebook
systems, desktop systems, print servers, and other devices.
The wireless access point provides wireless connectivity
within a fixed range or area of coverage—interacting with a wireless network interface card
(NIC) through an antenna. Typically, an individual in-building wireless access point provides
a maximum connectivity area of about a 500-foot radius. The ProSafe Dual Ba nd Wireless-N
Access Point WNDAP360 can support a small group of users—typically 10 to 32 users per
radio—in a range of several hundred feet, with a maximum of 64 supported clients.
The ProSafe Dual Band Wireless-N Access Point WNDAP360 acts as a bridge between the
wired LAN an
Ethernet backbone can further increase the wireless network coverage. As a mobile
computing device moves out of the range of one wireless access point, it moves into the
d wireless clients. Connecting multiple wireless access points through a wired
to multiple wireless network devices
6
ProSafe Dual Band Wireless-N Access Point WNDAP360
range of another . As a result, wireless client s can freely roam from one wireless access point
to another and still maintain seamless connection to the network.
The autosensing capability of the ProSafe Dual Band Wireless-N Access Point WNDAP360
llows packet transmission at up to 300 Mbps, or at reduced speeds to compensate for
a
distance or electromagnetic interference.
What Is In the Box?
The product package should contain the following items:
• ProSafe Dua
• Power ada
• S
traight-through Category 5 Ethernet cable
• ProSafe Dua
• Resou
• W
Contact your reseller or customer support in your a
parts.
Refer to the NETGEAR website at http://kbserver.netgear
number of customer support in your area. You should keep the Inst
the original packing materials, and use the packing materials to repack the wireless access
point if you need to return it for repair.
To qualify for product updates and product warranty
on the NETGEAR website at http://my.netgear.com/r
rce CD, which includes this manual
all-mount kit made up of brackets and hardware
l Band Wireless-N Access Point WNDAP360
pter and cord (12 VCD, 1.0A)
l Band Wireless-N Access Point WNDAP360 Installation Guide
rea if there are any missing or damaged
.com/main.asp for the telephone
allation Guide, along with
, NETGEAR encourages you to register
egistration/login.aspx.
System Requirements
Before installing the wireless access point, make sure that your system meets these
requirements:
• A 10/10
• The Cate
package, or one like it
• A 100–
• A W
Mozilla 1.5 or later
• At lea
• An 802
Wireless-N Dual Band USB Adapter WNDA3100v2.
0/1000 Mbps local area network device such as a hub or switch
gory 5 UTP straight-through Ethernet cable with RJ-45 connector included in the
120V, 50–60 Hz AC power source
eb browser for configuration, such as Microsoft Internet Explorer 6.0 or later, or
st one computer with the TCP/IP protocol installed
.11a/n or 802.11b/g/n-compliant device, such as the NETGEAR® RangeMax™
Introduction
7
ProSafe Dual Band Wireless-N Access Point WNDAP360
Key Features and Standards
The ProSafe Dual Band Wireless-N Access Point WNDAP360 is easy to use and provides
solid wireless and networking support. It also offers a wide range of security options.
Supported Standards and Conventions
The ProSafe Dual Band Wireless-N Access Point WNDAP360 supports the following
standards and conventions:
tandards compliance. The wireless access point complies with the IEEE 802.11a/b/g
• S
standards for wireless LANs, and is Wi-Fi certified for 802.11n standard.
• Ful
• Multiple
l WPA and WPA2 support. The wireless access point provides WPA and WPA2
enterprise-class strong security with RADIUS and certificate authentication as well as
dynamic encryption key generation. The WPA-PSK and WPA2-PSK preshared key
authentication is without the overhead of RADIUS servers but with all of the strong
security of WPA.
BSSIDs. The wireless access point supports multiple BSSIDs. When a wireless
access point is connected to a wired network and a set of wireless stations, it is called a
basic service set (BSS). The basic service set identifier (BSSID) is a unique identifier
attached to the header of packets sent over a WLAN that differentiates one WLAN from
another when a mobile device tries to connect to the network.
The multiple BSSID feature allows you to configure up to eight SSIDs on your wireless
access point an
SSIDs are active, and the network devices can connect to the wireless access point by
using any of these SSIDs.
• DHCP client
upon request. The wireless access point can act as a client and obtain information from
your DHCP server; it can also act as a DHCP server and provide network information for
wireless clients.
• SNMP Supp
Management Information Base (MIB) management.
• 802.1
Q VLAN (virtual LAN) support. A network of computers that behave as if they are
connected to the same network even though they might actually be physically located on
different segments of a LAN. VLANs are configured through software rather than
hardware, which makes them extremely flexible. VLANs are very useful for user and host
management, bandwidth allocation, and resource optimization.
d assign different configuration settings to each SSID. All the configured
support. DHCP provides a dynamic IP address to PCs and other devices
ort. Support for Simple Network Management Protocol (SNMP)
Introduction
8
ProSafe Dual Band Wireless-N Access Point WNDAP360
Key Features
The ProSafe Dual Band Wireless-N Access Point WNDAP360 provides solid functionality,
including the following features:
• Dual Band
and the 5 GHz band concurrently.
The choice of bands is reflected in the protocol standard supported, as well as the
dministration screens that are displayed.
a
• Mul
• Hot
• Upg
• Rogue AP detectio
• Ac
• Security profil
• Hidden m
• Secure T
• Configuration
tiple operating modes:
- W
access point.
- Point-to-point bridge. In th
with another bridge-mode wireless station or wireless access point. Network
authentication should be used to protect this communication.
- Point-to-multipoint bridge. Sele
for a group of bridge-mode wireless stations. The other bridge-mode wireless station s
send all traffic to this master, and do not communicate directly with each other.
Network authentication should be used to protect this traffic.
- Rep
function as an access point for clients but functions only in point-to-multip oint bridg e
mode to repeat the wireless signal and send all traffic to a remote access point.
Network authentication should be used to protect this communication.
spot settings. You can allow all HTTP (TCP, port 80) requests to be captured and
redirected to the URL you specify.
radeable firmware. Firmware is stored in a flash memory. You can upgrade it easily,
using only your Web browser, and you can upgrade it remotely. You can also use the
command-line interface.
given access to any part of the LAN.
cess control. The Access Control MAC address filtering feature can ensure that only
trusted wireless stations can use the wireless access point to gain access to your LAN.
settings (encryption, SSID, and so on) for each BSSID.
correct SSID can connect.
(CLI) enables direct secure access over the serial port and easy scripting of configuration
of multiple wireless access points across an extensive network via the Ethernet interface.
A Secure Shell (SSH) client is required.
Concurrent. The wireless access point can operate in both the 2 .4 GHz band
ireless access point. Operates as a standard 802.11b/g/n or 802.11a/n wireless
is mode, the wireless access point communicates only
ct this only if this wireless access point is the master
eating the wireless signal. In this mode, the wireless access point does not
n. The Rogue AP filtering feature ensures that unknown APs are not
es. When using multiple BSSIDs, you can configure unique security
ode. The SSID is not broadcast, assuring only clients configured with the
elnet command-line Interface. The secure Telnet command-line interface
backup. Configuration settings can be backed up to a file and restored.
• Secure an
economical operation.
d economical operation. Adjustable power output allows more secure or
Introduction
9
ProSafe Dual Band Wireless-N Access Point WNDAP360
• Power over Ethernet. Power can be supplied to the wireless access point over the
Ethernet port from any 802.3af-compliant midspan or end-span source.
• Autose
10/100/1000 Mbps IEEE 802.3 Ethernet networks.
• LED indi
identified.
• W
allows wireless traffic to have a range of priorities, depending on the kind of data.
Time-dependent information, like video or audio, has a higher priority than normal traffic.
For WMM to function correctly, wireless clients also need to support WMM.
• Quality
flowing from the wireless access point to the client station and traffic flowing from the
client station to the wireless access point. The QoS feature allows you to prioritize traffic,
such as voice and video traffic, so that packets do not get dropped.
nsing Ethernet connection with Auto Uplink™ interface. Connects to
cators. Power/Test, Active, LAN, and WLAN for each radio mode are easily
i-FI Multimedia (WMM) support. WMM is a subset of the 802.11e standard. WMM
of Service (QoS) support. You can configure parameters that affect traffic
• VLAN security
the security profile is modified.
profiles. Each security profile is automatically allocated a VLAN ID when
802.11b/g/n and 802.11a/n Standards–Based Wireless Networking
The ProSafe Dual Band Wireless-N Access Point WNDAP360 provides a bridge between
wired Ethernet LANs and 802.11b/g/n and 802.11a/n-compatible wireless LAN networks. It
provides connectivity between wired Ethernet networks and radio-equipped wireless
notebook systems, desktop systems, print servers, and other devices. Additionally, the
wireless access point supports the following wireless features:
• Aggre
• Redu
• Multiple input
• Distribu
retransmission of unacknowledged frames)
• R
• Beacon g
• Packet
gation support
ced InterFrame spacing support
, multiple output (MIMO) support
ted coordinated function (CSMA/CA, back-off procedure, ACK procedure,
TS/CTS handshake
eneration
fragmentation and reassembly
• Auto
• Roaming
or long preamble
among wireless access points on the same subnet
Autosensing Ethernet Connections with Auto Uplink
The ProSafe Dual Band Wireless-N Access Point WNDAP360 can connect to a standard
Ethernet network. The LAN interface is autosensing and capable of full-dup lex or h alf-duplex
operation.
Introduction
10
ProSafe Dual Band Wireless-N Access Point WNDAP360
1
2
3
4
5
The wireless access point incorporates Auto UplinkTM technology. The Ethernet port
automatically senses whether the Ethernet cable plugged into the port should have a
“normal” connection such as to a computer or an “uplink” connection such as to a switch or
hub. That port then configures itself correctly. This feature also eliminates any concerns
about crossover cables, as Auto Uplink accommodates either type of cable to make the right
connection.
Hardware Description
This section describes the top and rear hardware functions of the ProSafe Dual Band
Wireless-N Access Point WNDAP360.
Top Pa n el
The ProSafe Dual Band Wireless-N Access Point WNDAP360 LEDs are described in the
following figure and table:
Figure 1.
Introduction
11
ProSafe Dual Band Wireless-N Access Point WNDAP360
1
23 4
567
Table 1. Top Panel LEDs
Item LED Description
1 Power/Test Off Power is off.
On (green) Power is on.
Amber, then blinking
n
gree
2 Active Off No Ethernet traffic is detected or no link is detected.
On or blinking (green) Ethernet traffic is detected.
3 LAN Off 10 Mbps or no link is detected.
Amber 10/100 Mbps link is detected.
Green 1000 Mbps link is detected.
2.4 GHz WLAN Off Wireless 802.11b/g/n (2.4 GHz) LAN is not ready or
4
On or blinking (green) Wireless 802.11b/g/n (2.4 GHz) LAN is ready or
5 GHz WLAN Off Wireless 802.11n/a (5 GHz) LAN is not ready or no
5
On or blinking (green) Wireless 802.11n/a (5 GHz) LAN is ready or wireless
A self-test is running or software is being loaded.
During startup, the LED is first steady amber, then
goes off, and then blinks green before turning steady
green after about 45 seconds. If after 1 minute the
ED remains amber or continues to blink green, it
L
indicates a system fault.
no wireless activity is detected.
wireless activity is detected.
wireless activity is detected.
tivity is detected.
ac
Rear Panel
Figure 2.
Introduction
12
ProSafe Dual Band Wireless-N Access Point WNDAP360
The rear panel functions of the ProSafe Dual Band Wireless-N Access Point WNDAP360 are
described in the following list:
1. Reverse
2. Factory def
SMA connector for an optional 2.4-GHz antenna.
ault Reset button. Using a sharp object, press and hold this button for about
5 seconds to reset the wireless access point to factory defaults settings. All configuration
ttings are lost, and the default password is restored. For more information, see Restore
se
the Wireless Access Point to the Factory Default Settings on p
3. Console
port for connecting to an optional console terminal. The port has an RJ-45
age 66.
connector and supports the following settings: 9600 K default baud rate, (8) data bits, no (N)
parity bit, and one (1) stop bit.
4. 10/100
/1000BASE-T Gigabit Ethernet (RJ-45) port with Auto Uplink (Auto MDI-X) with
IEEE 802.3af Power over Ethernet (PoE) support for connection to a switch or router.
5. Cable
6. Power socket for a 12 VDC,
7. Reverse
security lock receptacle for an optional lock.
1A power adapter.
SMA connector for an optional 2.4-GHz antenna.
Bottom Panel with Product Label
The product label on the bottom of the wireless access point’s enclosure displays factory
default settings, regulatory compliance, and other information:
Figure 3.
Introduction
13
2. Installation and Basic Configuration
This chapter describes how to install and configure your access point for wireless connectivity to
your LAN. This basic configuration will enable computers with 2.4 GHz 802.11b/g/n or 5 GHz
802.1 1 a/n wireless adapters to connect to the Internet, or access printers and f iles on your LAN.
In planning your wireless network, consider the level of security required. Chapter 3, Wireless
Configuration and Security, describes how to set up wireless security for your ne
chapter includes the following sections:
• What You Need before You Begin
• Install and Configure the Wireless Access Point
• Test Basic Wireless Connectivity
• Mount the Wireless Access Point
Note: In this chapter and in all further chapters, the WNDAP360 is
referred to as the wireless access point.
twork. This
2
What You Need before You Begin
You need to consider the following guidelines and requirements before you can set up your
wireless access point. See also System Requirements on p
Wireless Equipment Placement and Range Guidelines
The range of your wireless connection can vary significantly based on the location of the
wireless access point. The latency, data throughput performance, and notebook power
consumption of wireless adapters also vary depending on your configuration choices.
Note: Failure to follow these guidelines can result in significant
performance degradation or inability to wirelessly connect to the
wireless access point. For complete performance specifications,
see Appendix A, Supplemental Information.
14
age 7.
ProSafe Dual Band Wireless-N Access Point WNDAP360
For best results, place your wireless access point according to the following general
guidelines:
• Near the
• In an
line-of-sight access (even if through walls).
• A
way from sources of interference, such as PCs, microwaves ovens, and 2.4-GHz
cordless phones.
• A
way from large metal surfaces or water.
• Placing
Placing an external antenna in a horizontal position provides best up-and-down
coverage. (An external antenna does not come standard with the WNDAP360 wireless
access point.)
• If you are
points use different radio frequency channels to reduce interference. The recommended
channel spacing between adjacent wireless access points is five channels (for example,
use channels 1 and 6, or 6 and 11, or 1 and 11).
The time it takes to establish a wireless connection can vary depending on both you r security
settings
encryption can consume more battery power on a notebook computer.
center of the area in which your PCs will operate.
elevated location such as a high shelf where the wirelessly connected PCs have
an external antenna in a vertical position provides best side-to-side coverage.
using multiple wireless access points, it is better if adjacent wireless access
and placement. WEP connections can take slightly longer to establish. Also, WEP
Ethernet Cabling Requirements
The wireless access point connects to your LAN using twisted-pair Catego ry 5 Ethernet cable
with RJ-45 connectors.
LAN Configuration Requirements
For the initial configuration of your wireless access point, you need to co nnect a computer to
the wireless access point.
Computer Hardware Requirements
To connect to the wireless access point on your network, each computer needs to have an
802.11b/g/n or 802.11a/n wireless adapter installed.
Install and Configure the Wireless Access Point
Before installing the wireless access point, make sure that your Ethernet network is up and
working. You will be connecting the wireless access point to the Ethernet network. Then
computers with 802.11b/g/n or 802.11a/n wireless adapters will be able to communicate with
the Ethernet network.
Installation and Basic Configuration
15
ProSafe Dual Band Wireless-N Access Point WNDAP360
A
B
Ethernet cable
Ethernet port
WNDAP360
In order for this to work correctly, verify that you have met all of the system requirements,
shown in System Requirements on p
age 7.
Install and configure your wireless access point in
1. Connect the Wireless Access Point to Computer
2. Log In to the Wireless Access Point
3. Configure Basic General System Settings
4. Configure IP Settings and Optional DHCP Server Settings
5. Configure Basic Wireless Settings
the order of the following sections:
and Time Settings
Connect the Wireless Access Point to Computer
Tip: Before you place the wireless access point in an elevated position that is
difficult to reach, first set up and test the wireless access point to verify
wireless network connectivity.
To set up the wireless access point:
1. Unp
2. Prep
3. Connect an Ethern
4. Securely insert
.
ack the box and verify the contents.
are a computer with an Ethernet adapter. If this computer is already part of your
network, record its TCP/IP configuration settings. Configure the computer with a static IP
address of 192.168.0.210 and 255.255.255.0 as the sub net mask.
et cable from the wireless access point to the computer (point A in the
following figure).
the other end of the cable into the wireless access point’s Ethernet port
(point B in the following figure).
Figure 4.
Installation and Basic Configuration
16
ProSafe Dual Band Wireless-N Access Point WNDAP360
2.4 GHz
5 GHz
5. Turn on your computer.
6. Conn
ect the power adapter to the wireless access point.
Tip: Th
e wireless access point supports Power over Ethernet (PoE). If you
have a switch that provides PoE, you will not need to use the power
adapter to power the wireless access point. This can be especially
convenient when the wireless access point is installed in a high location
far away from a power outlet.
7. V
erify the following:
Power/T est LED.
The Power/Test LED blinks when the wireless access point is
first turned on. (To be exact, during startup, the LED is first steady amber, then
g
oes off, and then blinks green.) After about 45 seconds, the LED should stay lit
(steady green). If after 1 minute the Power/Test LED is not lit or is still blinking,
check the connections and see if the power outlet is controlled by a wall switch
that is turned off.
Active LED.
LAN LED. The L
The Active LED is lit or blinks green when there is Ethernet traffic.
AN LED indicates the LAN speed: green for 1000 Mbps, amber
for 100 Mbps, and no light for 10 Mbps. If the LAN LED is not lit, make sure that
he Ethernet cable is securely attached at both ends.
t
WLAN LED.
The 2.4 GHz WLAN LED is lit or blinks green when the wireless LAN
(WLAN) is ready.
WLAN LED.
The 5 GHz WLAN LED is lit or blinks green when the wireless LAN
(WLAN) is ready.
Log In to the Wireless Access Point
The default IP address of your wireless access point is http://192.168.0.100. The wireless
access point is set, by default, for the DHCP client to be disabled.
To log in to the wireless access point:
1. Open
2. Conn
a Web browser such as Microsoft Internet Explorer 6.0 or later, or Mozilla Firefox
1.5 or later.
ect to the wireless access point by entering its default address of http://192.168.0.100
into your browser. The Login screen opens:
Installation and Basic Configuration
17
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 5.
3. Enter the default user name of admin and the default password of password.
4. Click Lo
Configuration tab of the main menu as shown in Figure 8 on p
gin. The Web browser displays the basic General system settings screen under the
age 19.
Web Management Interface
The navigation tabs across the top of the web management interface provide access to all
the configuration functions of the wireless access point, and remain constant. The menu
items in the blue bar change according to the navigation tab that is selected.
Figure 6.
The bottom right corner of all screens that allow you to make configuration changes show the
Apply and Cancel buttons, and on several screens the Edit button.
Figure 7.
These buttons have the following functions:
• Edit.
• Can
• Ap
ply . Saves and applies all configuration changes that you made on the screen.
Allows you to edit the existing configuration.
cel. Cancels all configuration changes that you made on the screen.
Installation and Basic Configuration
18
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure Basic General System Settings and Time Settings
Note: After you have successfully logged in to the wireless access point,
the basic General system settings screen displays.
To configure basic system settings:
1. Select Configurati
on > System > Basic > Gen er al. The basic General system settings
screen displays:
Figure 8.
2. Specify the fields as explained in the following table:
Table 2. Basic General System Settings
Field Description
Access Point Name This unique name is the wireless access point NetBIOS name. The name is printed
the rear label of the wireless access point. The default is netgearxxxxxx, where
on
xxxxxxx represents the last 6 digits of the wireless access point MAC address. You
can replace the default name with a unique name up to 15 characters long. The
access point name can be retrieved through SNMP.
Country/Region From the Country/Region drop-down list, sele
access point is installed.
Note: It might not be legal to operate this wirele
one of those identified in this field.
3. Click App
ly to save your settings.
Installation and Basic Configuration
19
ct the country where the wireless
ss access point in a region other than
ProSafe Dual Band Wireless-N Access Point WNDAP360
To configure time settings:
1. Select Configuratio n > System > Basic > Tim e. The Time screen displays:
Figure 9.
2. Specify the fields as explained in the following table:
Table 3. Time System Settings
Field Description
Time Zone Select the time zone to match your location.
Current Time This is a nonconfigurable field that
NTP Client Enable the Network Time Protocol (NTP) client to synchronize the time of the
wireless access point with an NTP server. By default the Enable radio button is
selected.
Use Custom NTP Server Select this check box to If you wan
Note: You need to have an Internet connection to use an NTP server that is
on your local network.
not
3. Click Apply
Hostname /
IP Address
to save your settings.
Enter the host name or IP address of
The default is time-b.netgear.com.
Note: If you use a host name, make sure that you have
red a DNS server. For more information, see the next
configu
section.
displays the current date and time.
t to use a custom NTP server.
the custom NTP server.
Installation and Basic Configuration
20
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure IP Settings and Optional DHCP Server Settings
To configure the IP settings:
1. Select Con
figuration > IP > IP Settings. The IP Settings screen displays:
Figure 10.
2. Specify the fields as explained in the following table:
Table 4. IP Settings
Field Description
DHCP Client By default, the Dynamic Host Configuration Protocol (DHCP) client is disabled. If
you have a DHCP server on your LAN and you select the Enable check box, the
wireless access point will receive its IP address, subnet mask, and default
gateway settings automatically from the DHCP server on your network when you
connect the wireless access point to your LAN.
IP Address Enter the IP address of your wireless access poi
192.168.0.100. To change the address, enter an unused IP address from the
address range used on your LAN, or enable DHCP the server.
IP Subnet Mask Enter the network number portion of an IP address. Unless you are
menting subnetting, enter 255.255.0.0 as the subnet mask.
imple
Default Gateway Enter the IP address of the ISP’s router to
connect.
Primary DNS Server
Secondary DNS Server
Network Integrity Check Select this check box to vali
Enter the IP address of the primary and secondary DNS servers.
A DNS server is a host on the Internet that
www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP
address of one or two DNS servers to your wireless access point during login. If
the ISP does not transfer an address, you need to obtain it from the ISP and
enter it manually in this field.
date that the upstream link is active before allowing
wireless associations. Ensure that the default gateway is configured.
nt. The default IP address is
which the wireless access point will
translates Internet names (such as
Installation and Basic Configuration
21
ProSafe Dual Band Wireless-N Access Point WNDAP360
3. Click Apply to save your settings.
The wireless access point provides a built-in DHCP serve
r for wireless clients only, which can
be especially useful in small networks. When the DHCP server is enabled, the wireless
access point provides preconfigured TCP/IP configurations to all connected wireless stations.
To configure DHCP server settings:
1. Select Confi
guration > IP > DHCP Server Settings. The DHCP Server Settings screen
displays:
Figure 11.
2. Specify the fields as explained in the following table:
Table 5. DHCP Server Settings
Field Description
Select the DHCP Serv
of IP addresses to be assigned by setting the starting IP address and ending IP address. These addresses
should be part of the same IP address subnet as the wireless access point’s LAN IP address.
DHCP Server VLAN ID Enter the DHCP server VLAN ID. The VLAN ID range is between 1 and 4094.
Starting IP Address Enter the first address in the range of IP addresses to be assigned to DHCP
Ending IP Address Enter the last address in the range of IP addresses to be assigned to DHCP
Subnet Mask Enter the subnet mask to be used by DHCP clie
Gateway IP Address Enter the IP address of the default routing gateway to be used by DHCP clients.
er check box to enable the DHCP server. Use the default settings or specify the pool
ients. The default address is 192.168.1.02.
cl
cl
ients. The default address is 192.168.1.50.
nts. The default mask is
255.255.255.0.
he default address is 192.168.0.1.
T
Installation and Basic Configuration
22
ProSafe Dual Band Wireless-N Access Point WNDAP360
WARNING!
Table 5. DHCP Server Settings (Continued)
Field Description
Primary DNS Address Enter the IP address of the primary Domain Name Server (DNS) server
available to DHCP clients.
Secondary DNS Address Enter the IP address of the secondary DNS server available to DHCP clients.
Primary WINS Server Enter the IP address of the primary WINS server for the network.
Secondary WINS Server Enter the IP address of the secondary WINS server for the network.
Lease Enter the period that the DHCP server grants to DHCP clients to use the
ed IP addresses. The default time is 1 day.
assign
3. Click Apply to save your settings.
Configure Basic Wireless Settings
For proper compliance and compatibility between similar pro ducts in your coverage area, you
need to correctly configure the 802.11b/g/n and 802.11a/n wireless adapter settings,
including the operating channel and country. You also need to correctly configure the basic
wireless network settings for wireless devices to connect to your network. For other wireless
features, including wireless security, see Chapter 3, Wireless Configuration and Security.
If you configure the wireless access point from a wireless
computer and you change the wireless access point’s SSID,
channel, or wireless security settings, you will lose your wireless
connection when you click Apply. You then need to change the
wireless settings of your computer to match the wireless access
point’s new settings.
Configure 802.11b/bg/ng Wireless Settings
To configure the 802.11b/g/n wireless settings:
1. Select Con
Settings screen displays. (The following figure shows the 11ng settings.)
figuration > Wireless > Basic > Wireless Settings. The basic Wireless
Installation and Basic Configuration
23
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 12.
2. Specify the wireless mode in the 2.4-GHz band by selecting one of the following radio
buttons:
• 11
b. Both 802.11n- and 802.11g-compliant devices can connect to the access point
because they are backward compatible.
•
11bg. 802.11n-compliant devices can connect to the access point because they are
backward compatible.
• 11
ng. This is the default setting. 802.11b-compliant devices cannot connect to the
access point. If you keep the default setting, go to step 5.
When you change the wireless mode, the Turn Radio On check box is automatically
cleared, a
3. T
urn on the radio by selecting the Turn Radio On c he ck bo x . A popup screen displays.
nd all fields, button, and drop-down list onscreen are masked out.
Note: Under normal conditions you want the radio to be turned on. Turning off
the ra
dio disables access through the wireless access point, which can be
helpful for configuration, network tuning, or troubleshooting activities.
4. Click OK to confirm t
he change of wireless mode. The change does not take effect until you
click the Apply button after you have completed the wireless configuration.
Installation and Basic Configuration
24
ProSafe Dual Band Wireless-N Access Point WNDAP360
5. Specify the remaining wireless settings as explained the following table:
Table 6. Basic 2.4-GHz Band Wireless Settings
Field Descriptions
Wireless Network Name
(SSID)
Scheduler Status This is a nonconfigurable field that show th
Broadcast Wireless
Network Name (SSID)
Channel / Frequency From the drop-down list, select the channel you wish to use on your wireless
Enter a 32-character (maximum) service set identifier (SSID); the characters are
case-sensitive. The default is NETGEAR_11ng. The SSID assigned to a wireless
device needs to match the wireless access point’s SSID for the wireless device
to communicate with the wireless access point. If the SSIDs do not match, you
will not get a wireless connection to the wireless access point.
e status of the wireless scheduler. For
more information, see Schedule the Wireless Radio to Be Turned Off on
page 55.
Select the Ye
SSID, allowing wireless stations that have a null (blank) SSID to adopt the
wireless access point’s SSID. Yes is the default setting. To prevent the SSID
from being broadcast, select the No radio button.
LAN. The
wireless mode. The default setting is Auto.
Note: It should not be necessary to change the wireless channel unless you
expe
Should this happen, you might want to experiment with different channels to see
which is the best. For more information, see Operating Frequency (Channel)
Guidelines on
Note: For more information about available channels and frequencies, see
Technical Specifications in Appendix A.
s radio button to enable the wireless access point to broadcasts its
wireless channels and frequencies depend on the country and
rience interference (indicated by lost connections or slow data transfers).
page 29.
11ng mode only
Note: For most
networks, the
settings will work fine.
default
MCS Index / Data
Rate
Channel Width From the drop-down list, select a channel width. The options
Ext Protection
acing
Sp
From the drop-down list, select a Modulation and Coding
Scheme (MCS) in
network. The default setting is Best. For a list of all options
that you can select from in 11ng mode, see Factory Default
Settings in Appendix A.
are Dynami
channel improves the performance, but some legacy devices
can operate only in either 20 MHz or 40 MHz.
When you select a channel width of Dynamic 20/40 MHz or
40 MHz, you also need to select protection spacing for the
extension channel from the Ext Protection Spacing
drop-down list. In addition to the default value Auto, you can
also select a value of 20 or 25.
Note: This field is not applicable when the channel width is
to 20 MHz.
set
dex and transmit data rate for the wireless
c 20/40 MHz, 20 MHz, or 40 MHz. A wider
Installation and Basic Configuration
25
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 6. Basic 2.4-GHz Band Wireless Settings (Continued)
Field Descriptions
11ng mode only
(continued)
11b and 11bg modes
ly
on
Output Power From the drop-down list, select the transmission power of the wireless access
Ext Channel
Offset
Guard Interval From the drop-down list, select the guard interval to protect
Data Rate From the drop-down list, select the transmit data rate of the
int: Full, Half, Quarter, Eighth, Minimum. The default is Full.
po
Note: Increasing the power improves performance, but if two or more wireless
ccess points are operating in the same area and on the same channel,
a
interference can occur.
Note: Make sure that you comply with the regul
frequency (RF) output power in your country.
When you select a channel width of Dynamic 20/40 MHz or
40 MHz, you also need to select the offset for the extension
channel from the Ext Channel Offset drop-down list. In
addition to the default value Auto, you can also select Upper
or Lower.
Note: This field is not applicable when the channel width is
t to 20 MHz.
se
transmissio
value Auto, you can also select Long - 800 ns. Some legacy
devices can operate only with a long guard interval.
wireless network. The default setting is Best. For a list of all
options that you can select from in 11b mode and 11bg mode,
see Factory Default Settings in Appendix A.
ns from interference. In addition to the default
atory requirements for total radio
6. Click Apply to save your settings and enable the selected wireless mode.
Note: The radio wave icon ( ) displays next to the enabled wireless
mode.
Installation and Basic Configuration
26
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure 802.11a/na Wireless Settings
To configure the 802.11a/na wireless settings:
1. Select Con
figuration > Wireless > Basic > Wireless Settings. The basic Wireless
Settings screen displays. (The following figure shows the 802.11na settings.)
Figure 13.
2. Specify the wireless mode in the 5-GHz band by selecting one of the following radio buttons:
• 11
a. 802.11n-compliant devices can connect to the access point because they are
backward compatible.
• 1
1na. This is the default setting. If you keep the default setting, go to step 5.
When you change the wireless mode, the Turn Radio On check box is automatically
ared, and all fields, button, and drop-down list onscreen are masked out.
cle
urn on the radio by selecting the Tu rn R ad io O n c hec k bo x. A popup screen displays.
3. T
Note: Under normal conditions you want the radio to be turned on. Turning off
he radio disables access through the wireless access point, which can be
t
helpful for configuration, network tuning, or troubleshooting activities.
4. Click OK
to confirm the change of wireless mode. The change does not take effect until you
click the Apply button after you have completed the wireless configuration.
Installation and Basic Configuration
27
ProSafe Dual Band Wireless-N Access Point WNDAP360
5. Specify the remaining wireless settings as explained the following table:
Table 7. Basic 5-GHz Band Wireless Settings
Field Descriptions
Wireless Network Name
(SSID)
Scheduler Status This is a nonconfigurable field that show the
Broadcast Wireless
twork Name (SSID)
Ne
Channel / Frequency From the drop-down list, select the channel you wish to use on your wireless
11na mode only
Note: For most
tworks, the default
ne
settings will work fine.
Enter a 32-character (maximum) service set i
case-sensitive. The default is NETGEAR_11na. The SSID assigned to a wireless
device needs to match the wireless access point’s SSID for the wireless device
to communicate with the wireless access point. If the SSIDs do not match, you
will not get a wireless connection to the wireless access point.
more information, see Schedule the Wireless Radio to Be Turned Off on
page 55.
Select the Yes radio button to enable the wireless access point to broadcasts its
SSID, allowing wireless stations that have a null (blank) SSID to adopt the
wireless access point’s SSID. Yes is the default setting. To prevent the SSID
from being broadcast, select the No radio button.
AN. The wireless channels and frequencies depend on the country and
L
wireless mode. The default setting is Auto.
Note: It should not be necessary to change the wireless channel unless you
xperience interference (indicated by lost connections or slow data transfers).
e
Should this happen, you might want to experiment with different channels to see
which is the best. For more information, see the guidelines following this table.
Note: For more information about available channels and frequencies, see
Technical Specifications in Appendix A.
MCS Index / Data
Rate
From the drop-down list, select a Modulation and Coding
Scheme (MCS) index and transmit data rate for the wireless
network. The default setting is Best. For a list of all options
that you can select from in 11na mode, see Factory Default
Settings in Appendix A.
dentifier (SSID); the characters are
status of the wireless scheduler. For
Channel Width From the drop-down list, select a channel width. The options
re Dynamic 20/40 MHz, 20 MHz, or 40 MHz. A wider
a
channel improves the performance, but some legacy devices
can operate only in either 20 MHz or 40 MHz.
Guard Interval From the drop-down list, select the guard interval to protect
transmissio
value Auto, you can also select Long - 800 ns. Some legacy
devices can operate only with a long guard interval.
ns from interference. In addition to the default
Installation and Basic Configuration
28
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 7. Basic 5-GHz Band Wireless Settings (Continued)
Field Descriptions
11a mode only Data Rate From the drop-down list, select the transmit data rate of the
wireless network. The default setting is Best. For a list of all
options that you can select from in 11a mode, see Factory
Default Settings in Appendix A.
Output Power From the drop-down list, select the transmission power of the wireless access
nt: Full, Half, Quarter, Eighth, Minimum. The default is Full.
poi
Note: Increasing the power improves performance
access points are operating in the same area and on the same channel,
interference can occur.
Note: Make sure that you comply with the regu
frequency (RF) output power in your country.
, but if two or more wireless
latory requirements for total radio
6. Click Apply to save your settings and enable the selected wireless mode.
Note: The radio wave icon ( ) displays next to the selected radio mode.
Operating Frequency (Channel) Guidelines
You should not need to change the operating frequency (channel) unless you notice
interference problems, or are setting up the wireless access point near another wireless
access point. Observe the following guidelines:
• Wire
• If you are
less access points use a fixed channel. You can select a channel that provides the
least interference and best performance. In the United States and Canada, 11 channels
a
re available.
using multiple wireless access points, it is better if adjacent wireless access
points use different channels to reduce interference. The recommended channel sp acing
between adjacent wireless access points is 5 channels (for example, use channels 1 and
6, or 6 and 11).
infrastructure mode, wireless stations normally scan all channels, looking for a wireless
• In
access point. If more than one wireless access point can be used, the one with the
strongest signal is used. This can happen only when the wireless access points use the
same SSID. The WNDAP360 wireless access point functions in infrastructure mode by
default.
Note: For information about how to configure advanced wireless settings,
see Configure Advanced Wireless Settings on page 84.
Installation and Basic Configuration
29
ProSafe Dual Band Wireless-N Access Point WNDAP360
WARNING!
Test Basic Wireless Connectivity
After you have configured the wireless access point as explained in the previous sections,
test your computers for wireless connectivity before you position and mount the wireless
access point at its permanent position.
To test for wireless connectivity:
1. Config
they all have the same SSID and channel that you have configured on the wireless
access point.
2. V
enabled the DHCP server on the wireless access point, verify that your computers are able
to obtain an IP address through DHCP from the wire le s s ac c es s p oi nt .
3. V
Mozilla Firefox 1.5 or later to browse the Internet, or check for file and printer access on your
network.
In addition to wireless security and other wireless featu
access point in your network, configure any additional features as described in Chapter 4,
Management and Chapter 5, Advanced Configuration.
ure the 802.11b/g/n and 802.11a/n wireless adapters of your computers so that
eri f y t h a t y o u r c o m p u t e r s h a v e a w i r e l e s s l i n k t o t h e wireless access point, and if yo u h a v e
erify network connectivity by using a browser such as Internet Explorer 6.0 or later or
Note: If you have trouble connecting to the wireless access point, see
Chapter 6, Troubleshooting.
Before you deploy the wireless access point in your network, set
up wireless security and other wireless features as described in
Chapter 3, Wireless Configuration and Security.
res, before you deploy the wireless
After you have completed the configuration of the wire
the computer that you used for this process back to its original TCP/IP settings.
less access point, you can reconfigure
Mount the Wireless Access Point
This section includes the following subsections:
• Ceiling Installation on this page
• Wall Installation
• Desk Installation
Installation and Basic Configuration
30
ProSafe Dual Band Wireless-N Access Point WNDAP360
Mounting plate
Clamp with screws
Ceiling Installation
To install the wireless access point using the ceiling installation kit:
1. V
erify the package content of the ceiling installation kit.
2. Det
3. Att
ach the mounting plate from the wireless access point.
ach the clamp to the ceiling rail.
Installation and Basic Configuration
31
ProSafe Dual Band Wireless-N Access Point WNDAP360
4. Attach the mounting plate to the clamp.
5. Connect th
6. Att
ach the wireless access point to the mounting plate.
e cables to the wireless access point.
Installation and Basic Configuration
32
ProSafe Dual Band Wireless-N Access Point WNDAP360
Mounting plate
Screws and
wall supports
7. Attach the cover to the wireless access point.
Wall Installation
To install the wireless access point using the wall installation kit:
1. V
erify the package content of the wall installation kit.
2. Det
ach the mounting plate from the wireless access point.
Installation and Basic Configuration
33
ProSafe Dual Band Wireless-N Access Point WNDAP360
3. Attach the mounting plate to the wall.
4. Connect th
5. Att
ach the wireless access point to the mounting plate.
e cables to the wireless access point.
Installation and Basic Configuration
34
ProSafe Dual Band Wireless-N Access Point WNDAP360
Rubber feet
6. Attach the cover to the wireless access point.
Desk Installation
To install the wireless access point on a desk:
Attach the rubber feet to the holes in the bottom of the wireless access point.
Installation and Basic Configuration
35
3. Wireless Configuration and Security
WARNING!
This chapter describes how to configure the wireless features of your ProSafe Dual Band
Wireless-N Access Point WNDAP360. This chapter includes the following sections:
• Wireless Data Security Options
• Security Profiles
• Configure RADIUS Server Settings
• Restrict Wireless Access by MAC Address
• Schedule the Wireless Radio to Be Turned Off
• Configure Basic Wireless Quality of Service
3
Before you set up wireless security and additional wireless featu
chapter, connect the wireless access point, get the Internet connection working, and
configure the 802.11b , 11bg, or 11ng wireless settings and the 802.11a or 11na wireless
settings as described in Chapter 2, Installation and Basic Configuration. The wireless access
point should work with an Ethernet LAN connection, a
been verified before you set up wireless security and additional wireless features. In planning
your wireless network, consider the level of security required.
If you are configuring the wireless access point from a wireless
computer and you change the wireless access point’s SSID,
channel, or wireless security settings, you will lose your wireless
connection when you click Apply. You then need to change the
wireless settings of your computer to match the wireless access
point’s new settings.
nd wireless connectivity should have
res that are described in this
Wireless Data Security Options
Indoors, computers can connect over 802.11n wireless networks at a maximum range of
300 feet. Typ ically, a wireless access point inside a bu
100 foot radius. Such distances can allow for others outside your immediate area to access
your network.
ilding works best with devices within a
36
ProSafe Dual Band Wireless-N Access Point WNDAP360
Unlike wired network data, your wireless data transmissions can extend beyond your walls
and can be received by anyone with a compatible adapter. For this reason, use the security
features of your wireless equipment. The wireless access point provides highly effective
security features that are covered in detail in this chapter. Deploy the security features
appropriate to your needs.
Figure 14.
There are several ways you can enhance the security of your wireless network:
• Use mul
tiple BSSIDs combined with VLANs. You can configure combinations of
VLANS and BSSIDs (security profiles) with stronger or less restrictive access security
according to your requirements. For example, visitors could be given wireless Internet
access but be excluded from any access to your internal network. For information about
how to configure BSSIDs, see Configure and Enable Security Profiles o
• Restrict acces
s based by MAC address. You can allow only trusted PCs to connect so
n page 42.
that unknown PCs cannot wirelessly connect to the wireless access point. Restricting
access by MAC address adds an obstacle against unwante d access to your netwo rk, but
the data broadcast over the wireless link is fully exposed. For information about how to
restrict access by MAC address, see Restrict Wireless Access by MAC Address on
page 53.
urn off the broadcast of the wireless network name (SSID). If you disable broadcast
• T
of the SSID, only devices that have the correct SSID can connect. This nullifies the
wireless network discovery feature of some products, such as Windows XP, but the data
is still exposed. For information about how to turn of broadcast of the SSID, see
Configure and Enable Security Profiles on p
• WEP. Wire
d Equivalent Privacy (WEP) data encryption provides data security. WEP
age 42.
shared key authentication and WEP data encryption block all but the most determined
eavesdropper. This data encryption mode has been superseded by WPA-PSK and
WPA2-PSK.
For information about how to configure WEP, see Configure and Enable Security Profiles
on page 42 and Configure an Open System with WEP or Shared Key with WEP on
page 47.
• Legac
y 802.1X. Legacy 80.1X uses RADIUS-based 802.1x authentication but no data
encryption.
Wireless Configuration and Security
37
ProSafe Dual Band Wireless-N Access Point WNDAP360
• WPA and WPA-PSK (TKIP). Wi-Fi Protected Access (WPA) data encryption provides
strong data security with Temporal Key Integrity Protocol (TKIP) encryption. The very
strong authentication along with dynamic per frame rekeying of WPA make it virtually
impossible to compromise.
WPA uses RADIUS-based 802.1x authentication; for more information, see Configure
and Enable Security Profiles on p
RADIUS, and WPA & WPA2 with RADIUS on p
WPA-PSK uses a pre-shared key (PSK) for authentication; for more information, see
Configure and Enable Security Profiles on
WPA2-PSK, and WPA-PSK & WPA2-PSK on
age 42 and Configure WPA with RADIUS, WPA2 with
age 49.
page 42 and Configure WPA-PSK,
page 50.
• WP
• WP
A2 and WP A2-PSK (AES). Wi-Fi Protected Access version 2 (WPA2) data encryption
provides strong data security with Advanced Encryption Standard (AES) encryption. The
very strong authentication along with dynamic per frame rekeying of WPA2 make it
virtually impossible to compromise.
WPA2 uses RADIUS-based 802.1x authentication; for more information, see Configure
and Enable Security Profiles on p
RADIUS, and WPA & WPA2 with RADIUS on p
WPA2-PSK uses a pre-shared key (PSK) for authentication; for more information, see
Configure and Enable Security Profiles on
WPA2-PSK, and WPA-PSK & WPA2-PSK on
A & WP A2 and WPA-PSK & WP A2-PSK mixed modes. These modes support data
encryption either with both WPA and WPA2 clients or with both WPA-PSK and
WPA2-PSK clients and provide the most reliable security.
WPA & WPA2 uses RADIUS-based 802.1x authentication; for more information, see
Configure and Enable Security Profiles on
WPA2 with RADIUS, and WPA & WPA2 with RADIUS on p
WPA-PSK & WPA2-PSK uses a pre-shared key (PSK
information, see Configure and Enable Security Profiles on p
WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK on p
age 42 and Configure WPA with RADIUS, WPA2 with
age 49.
page 42 and Configure WPA-PSK,
page 50.
page 42 and Configure WPA with RADIUS,
age 49.
) for authentication; for more
age 42 and Configure
age 50.
Security Profiles
Security profiles let you configure unique security settings for each SSID on each radio of the
wireless access point. For each radio, the wireless access point supports up to eight security
profiles (BSSIDs) that you can configure on the individual Edit Wireless Network screens that
are accessible from the Edit Security Profile screen (see Configure and Enable Security
Profiles o
To set up a security profile, select its network a
client security separation, and VLAN ID:
• Network authe
n page 42).
ntication
The wireless access point is set by default a
Wireless Configuration and Security
38
uthentication type, data encryption, wireless
s an open system with no authentication.
ProSafe Dual Band Wireless-N Access Point WNDAP360
When you configure network authentication, bear in mind that not all wireless adapters
support WPA or WPA2. Windows XP, Windows 2000 with Service Pack 3, and Windows
Vista do include the client software that supports WPA. However, client software is
required on the client. Consult the product documentation for your wireless adapter and
WPA or WPA2 client software for instructions on configuring WPA2 settings.
For information about the types of network authe
supports, see Configure and Enable Security Profiles on
• Dat
• W
• VLAN ID
Some concepts and guidelines regarding the SSID a
• A basic
• An extended
• Dif
• Roaming is the
a encryption
Select the data encryption that you want to use. The available options depend on the
etwork authentication setting described earlier (otherwise, the default is None). The data
n
encryption settings are explained in Configure and Enable Security Profiles on p
ireless client security separation
If enabled, the associated wireless clients (u
communicate with each other. This feature is useful for hotspots and other public access
situations. By default, wireless client separation is disabled. For more information, see
Configure and Enable Security Profiles on p
If enabled and if the network devices (hubs and switches) on you
(802.1Q) standard, the default VLAN ID for the wireless access point will be associated
with each profile. The default VLAN ID needs to match the IDs that are used by the other
network devices. For more information, see Configure and Enable Security Profiles on
page 42.
service set (BSS) is a group of wireless stations and a single wireless access
point, all using the same security profile or service set identifier (BSSID). The actual
identifier in the BSSID is the MAC address of the wireless radio. (A wireless radio can
have multiple MAC addresses, one for each security profile.)
service set (ESS) is a group of wireless stations and multiple wireless
access points, all using the same identifier (ESSID).
ferent wireless access points within an ESS can use different channels. To reduce
interference, adjacent wireless access points should use different channels.
ability of wireless stations to connect wirelessly when they physically
move from one BSS to another one within the same ESS. The wireless station
automatically changes to the wireless access point with the least interference or best
performance.
ntication that the wireless access point
page 42.
sing the same SSID) will not be able to
age 42.
r LAN support the VLAN
re explained in the following list:
age 42.
Before You Change the SSID, WEP, and WPA Settings
For a new wireless network, print or copy the following form and fill in the settings. For an
existing wireless network, the network administrator can provide this information. Be sure to
set the Country/Region correctly as the first step.
Wireless Configuration and Security
39
ProSafe Dual Band Wireless-N Access Point WNDAP360
_________________________________________________________________________
Form for 802.11b/bg/ng modes
Store this information in a safe place:
• SS
ID: The service set identification (SSID) identifies the wireless local area network. You
can customize it by using up to 32 alphanumeric characters. Write your SSID on the line.
SSID:
___________________________________
The SSID in the wireless access point is the SSID you configure on the wireless adapter
. All wireless nodes in the same network need to be configured with the same SSID.
card
• WEP Key Size, Key
Format Passphrase, and Authentication
Choose the key size by circling one: 64, 128, or 152 bits.
Choose the key format by circling one: ASCII or HEX.
Choose the authentication type by circling one: Open or Shared.
Passphrase:
Note: If you sele
___________________________________
ct shared key, the other devices in the network will not connect unless
they are set to shared key and have the same keys in the same positions as those in the
wireless access point.
• WP
A-PSK (Pre-Shared Key) and WP A2-PSK
Record the WPA-PSK passphrase:
WPA-PSK Passphrase:
________________________________
Record the WPA2-PSK passphrase:
WPA2-PSK Passphrase:
________________________________
• WP A RADIUS Settings
For WPA, record the following settings for the p
Server Name/IP Address: Primary
Port:
Shared Secret:
• WP
A2 RADIUS Settings
___________________________________
___________________________________
________________ Secondary _________________
For WPA2, record the following settings for the
Server Name/IP Address: Primary
Port:
Shared Secret:
___________________________________
___________________________________
________________ Secondary _________________
rimary and secondary RADIUS servers:
primary and secondary RADIUS servers:
_________________________________________________________________________
Wireless Configuration and Security
40
ProSafe Dual Band Wireless-N Access Point WNDAP360
_________________________________________________________________________
Form for 802.11a/an modes
Store this information in a safe place:
• SSID: The
service set identification (SSID) identifies the wireless local area network. You
can customize it by using up to 32 alphanumeric characters. Write your SSID on the line.
SSID:
The SSID in the wireless access point is the SSID you configure on
___________________________________
the wireless adapter
card. All wireless nodes in the same network need to be configured with the same SSID.
• WEP Key Size,
Key Format Passphrase, and Authentication
Choose the key size by circling one: 64, 128, or 152 bits.
Choose the key format by circling one: ASCII or HEX.
Choose the authentication type by circling on
Passphrase:
Note: If yo
___________________________________
u select shared key, the other devices in the network will not connect unless
e: Open or Shared.
they are set to shared key and have the same keys in the same positions as those in the
wireless access point.
• WP
A-PSK (Pre-Shared Key) and WPA2-PSK
Record the WPA-PSK passphrase:
WPA-PSK Passphrase:
________________________________
Record the WPA2-PSK passphrase:
WPA2-PSK Passphrase:
________________________________
• WP A RA DIUS Settings
For WPA, record the following settings for the primary and secondary RADIUS servers:
Server Name/IP Address: Primary
Port:
Shared Secret:
• WP
A2 RADIUS Settings
___________________________________
___________________________________
________________ Secondary _________________
For WPA2, record the following settings for the primary and secondary RADIUS servers:
Server Name/IP Address: Primary
Port:
Shared Secret:
___________________________________
___________________________________
________________ Secondary _________________
_________________________________________________________________________
Wireless Configuration and Security
41
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure and Enable Security Profiles
To configure and enable a security profile:
1. Select Config
uration > Security > Profile Settings. The Profile Settings screen for the
802.11b/bg/ng modes displays, showing eight wireless security profiles:
Figure 15.
2. Optionally: To display the Profile Settings screen for the 802.11a/na modes, click the
802.11a/na tab. This screen also shows eight wireless security profiles:
Figure 16.
Wireless Configuration and Security
42
ProSafe Dual Band Wireless-N Access Point WNDAP360
The following table explains the fields of the Profile Settings screen:
Table 8. Profile Settings Screen
Field Description
Profile Name The unique name of the wireless security profile that makes it easy to
recognize the profile.
SSID The wireless network name (SSID) for the wireless security profile.
Security The configured wireless authentication method for the wireless security
file.
pro
VLAN The default VLAN ID that is associated with the wireless security profile.
Enable The check box that lets you select the wireless security profile so you can
able it by clicking Apply.
en
o configure a wireless security profile, select the corresponding radio button to the left of
3. T
the wireless security profile. The Edit Security Profile screen opens for the selected wireless
security profile (see the following figure). The first section on the screen is the Profile
Definition section; the second section is the Authentication Settings section. These sections
are explained separately.
Figure 17.
Wireless Configuration and Security
43
ProSafe Dual Band Wireless-N Access Point WNDAP360
4. Specify the settings of the Profile Definition section of the Edit Security Profile screen as
explained in the following table:
Table 9. Profile Definition Settings of the Edit Security Profile Screen
Field Description
Profile Name Enter a unique name of the wireless security profile
recognize the profile. The default names are NETGEAR, NETGEAR-1,
NETGEAR-2, and so on through NETGEAR-7. You can enter a value of up
to 32 alphanumeric characters.
Wireless Network Name
(SSID)
Broadcast Wireless
twork Name (SSID)
Ne
5. S
pecify the settings of the Authentication Settings section of the Edit Security Profile screen
The wireless network name (SSID) for the wirel
default names depend on the selected radio band:
.11b/bg/ng. The default names are NETGEAR_11ng,
• 802
NETGEAR_11ng-1, NETGEAR_11ng-2, and so on through
NETGEAR_11ng-7 for the eighth profile.
.11a/na. The default names are NETGEAR_11na,
• 802
NETGEAR_11na-1, NETGEAR_11na-2, and so on through
NETGEAR_11na-7 for the eighth profile.
Select the Yes radio button to enable the wireless access point to
broadcasts its SSID, allowing wireless stations that have a null (blank)
SSID to adopt the wireless access point’s SSID. Yes is the default setting.
To prevent the SSID from being broadcast, select the No radio button.
that makes it easy to
ess security profile. The
as explained in the following table.
The wireless access point is set by default a
s an open system with no authentication.
When you configure network authentication, bear in mind the following:
• If you a
re using access point mode (which is the default mode if you did not enable
wireless bridging), then all options are available. In other modes such as bridge
mode, some options might be unavailable.
• Not a
ll wireless adapters support WPA or WPA2. Windows XP, Windows 2000 with
Service Pack 3, and Windows Vista do include the clie nt sof tware that suppo rt s WPA.
However, clien t software is required on the client. Consult the product documentation
for your wireless adapter and WPA or WPA2 client software for instructions on
configuring WPA2 settings.
Wireless Configuration and Security
44
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 10. Authentication Settings of the Edit Security Profile Screen
Field Description
Network Authentication
and
Data Encryption
Note: The data
encryption
are displayed on screen
depend on you selection
from the Network
Authentication
drop-down list.
fields that
Open System This is the default setting. You can use an open system
t any encryption or with WEP encryption.
withou
See Configure an Open System with W
with WEP on page 47.
Shared Key You need to use WEP encryption and enter at least one
shared key
See Configure an Open System with WEP or Shared Key
with WEP on p
Legacy 802.1X You need to configure the RADIUS server settings to use
this option.
See Configure Legacy 802.1X on
WPA with Radius You need to configure the RADIUS server settings to use
this option.
See Configure WPA with RADIUS, WPA2 with RADIUS,
and WPA & WPA2 with RADIUS o
WPA2 with Radius Select this setting only if a
selected, you need to use AES encryption and configure
the RADIUS server settings.
See Configure WPA with RADIUS, WPA2 with RADIUS,
and WPA & WPA2 with RADIUS o
WPA & WPA2 with
Radius
Select this setting to allow clients to use either WPA (with
TKIP) or WPA2 (with AES). If selected, you need to use
TKIP + AES encryption and configure the RADIUS server
settings.
See Configure WPA with RADIUS, WPA2 with RADIUS,
and WPA & WPA2 with RADIUS o
.
age 47.
ll clients support WPA2. If
EP or Shared Key
page 48.
n page 49.
n page 49.
n page 49.
WPA-PSK Y ou need to use TKIP or TKIP + AES encryption and enter
a WPA passphrase (network key).
See Configure WPA-PSK, WPA2-
WPA2-PSK on p
WPA2-PSK Select this only if all clients support WPA2. If selected, you
to use AES and TKIP + AES encryption and enter a
need
WPA passphrase (network key).
See Configure WPA-PSK, WPA2-
WPA2-PSK on page 50.
WPA-PSK &
WP
A2-PSK
Select this setting to allow clients to use either WPA (with
TKIP) or WPA2 (with AES). If selected, you need to use
TKIP + AES encryption and enter a WPA passphrase
(network key).
See Configure WPA-PSK, WPA2-
WPA2-PSK on page 50.
age 50.
PSK, and WPA-PSK &
PSK, and WPA-PSK &
PSK, and WPA-PSK &
Wireless Configuration and Security
45
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 10. Authentication Settings of the Edit Security Profile Screen (Continued)
Field Description
Wireless Client Security
Separation
Dynamic VLAN From the drop-down list, select how VLANs
VLAN ID Enter the default VLAN ID that needs to be associated with this wireless security
Access Control
If you enable wireless client security separation by selecting Enable from the
drop-down list, the associated wireless clients are not be able to communicate
with each other. By default, Disable is selected from the drop-down list. This
feature is intended for hotspots and other public access situations.
operate by making one of the
following selections:
able. Disables dynamic VLANs, and enables static VLANs. This is the
• Dis
default setting.
tional. Enables dynamic VLANs but if a RADIUS server does not return a
• Op
VLAN ID, the wireless station is still allowed to connect to the wireless access
point.
• Require
VLAN ID, the wireless station is not authenticated and cannot connect to the
wireless access point.
For dynamic VLANs to operate (that is, the sele
the following is required:
• The hubs and switches on your LAN ne
standard.
• The authentication is set to any RADIUS
network authentication in the wireless security profile or the remote MAC
address database authentication for the MAC Authentication feature can be
used.
profile
is used by the other devices in your network.
Note: Access control functions only when static
select Disable from the Dynamic VLAN drop-down list.
d. Enables dynamic VLANs. If a RADIUS server does not return a
ction is Optional or Required),
ed to support the VLAN (802.1Q)
type authentication: either the
. The default VLAN ID is 1. The VLAN ID needs to match the VLAN ID that
VLANs are enabled, that is, you
The Access Control radio buttons let you enable or disable access control
rough a RADIUS server to ensure that clients are connected to the wireless
th
access point through the correct VLAN.
able. Access control is disabled. This is the default setting.
• Dis
able. Access control is enabled. Clients are authenticated through a
• En
RADIUS server.
Access Control Policy When access control is enabled, the access
whether or not a client can access the wireless access point when the client is
not authenticated because the VLAN ID is incorrect.
Select a radio button to enable or disable access:
• Disab
• Enable. If th
le. If the RADIUS server does not authenticate the client, the clie nt is
still allowed to connect to the wireless access point through th e default VLAN
(which is specified in the VLAN ID field) instead of through the VLAN to which
the client is assigned in the RADIUS server.
e RADIUS server does not authenticate the client, the client is not
allowed to connect to the wireless access point.
6. Click Apply to save your settings.
Wireless Configuration and Security
46
control policy lets you specify
ProSafe Dual Band Wireless-N Access Point WNDAP360
WARNING!
If you use a wireless computer to configure wireless security
settings, you will be disconnected when you click Apply.
Reconfigure your wireless computer to match the new settings, or
access the wireless access point from a wired computer to make
further changes.
Configure an Open System with WEP or Shared Key with WEP
Wether you use an open system with WEP or shared key with WEP, specify the fields that are
explained in the following table.
• Ope
n System with WEP
An open system can function without any encryption or with pre-shared WEP key
ncryption without RADIUS authentication. The security level of static WEP is not very
e
strong.
When you select Open System
from the Network Authentication drop-down list and any
selection other than None from the Data Encryption drop-d own list, the screen expands to
display the WEP fields:
Figure 18.
• Shared Key with WEP
Shared key provides pre-shared WEP key encryption without RADIUS authentication.
he security level of static WEP is not very strong. When you select Shared Key from the
T
Network Authentication drop-down list, the screen expands to display the WEP fields:
Figure 19.
Wireless Configuration and Security
47
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 11. WEP Encryption Settings
Field Descriptions
Data Encryption Select the encryption key size from the drop-down list:
it WEP. Standard WEP encryption, using 40/64-bit encryption.
• 64-b
• 128-b
• 152-bit WEP. Proprietary WEP encryption mode, using 128+24 bits encryption. This
it WEP. Standard WEP encryption, using 104/128-bit encryption.
mode functions only with other wireless station that support this mode.
Passphrase Enter a passphrase. The passphrase length needs to
(inclusive). The secret passphrase allows you to automatically generate the keys by
clicking Generate Keys. The default passphrase is sharedsecret.
You can display the actual passphrase by selecting the Sh
radio button.
Encryption Key
(Key1–Key4)
Show Passphrase in
ear Text
Cl
Either manually enter a key or allow the key to
Generate Key.
• For ASCII format, depending on the key size selected, the manually entered encryption
eds to have a length of 5 (64-bit WEP), 13 (128-bit WEP), or 16 (152-b it WEP)
key ne
characters.
• For HEX format, depending on the key size selected, the manually entered or
automatical
26 (128-bit WEP), or 32 (152-bit WEP) characters.
Note: Wireless stations need to use the key
Note: Not all wireless adapters support passphrase key generation.
Select the Yes radio button to display the actual passphrase in the Passphrase field. The
default setting is No.
ly generated encryption key needs to ha ve a length of 10 (64-bit WEP),
to access the wireless access point.
be between 8 and 63 characters
ow Passphrase in Clear Text
be automatically generated by clicking
Configure Legacy 802.1X
To use legacy 802.1X security, you need to define RADIUS server settings. For information
about RADIUS servers, see Configure RADIUS Server Settings on p
age 51.
When you select Le
gacy 802.1X from the Network Authentication drop-down list, the Data
Encryption drop-down list becomes nonoperational (it shows None only). You need to define
the RADIUS servers only to use legacy 802.1X security.
Figure 20.
Wireless Configuration and Security
48
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure WPA with RADIUS, WPA2 with RADIUS, and WPA & WPA2 with
RADIUS
WPA, WPA2, and WPA & WPA2 security requires RADIUS-based 802.1x authentication, so
you also need to define RADIUS server settings. For information about RADIUS servers, see
Configure RADIUS Server Settings o
n page 51.
The selections that are available from the Da
ta Encryption drop-down list depend on the type
of WP A authentication that you select from the Network Authentication drop-down list and are
shown in the following table.
• WP
A with RADIUS
Figure 21.
• WPA2 with RADIUS
Figure 22.
• WPA & WPA2 with RADIUS
Figure 23.
Table 12. WPA with RADIUS, WPA2 with RADIUS, and WPA & WPA2 with RADIUS Settings
Field Descriptions
TKIP Temporal Key Integrity Protocol (TKIP) is the st
can also use TKIP with WPA2.
Note: TKIP provides only legacy (slower) rates
authentication with AES encryption if you want to use the 11n rates and speed.
AES Advanced Encryption Standard
Note: Although some wireless clients might support AES
access point does not support WPA with AES.
TKIP + AES The TKIP + AES encryption method is supported both for WPA and WPA2. Broadcast packets
use
TKIP. For unicast (point-to-point) transmissions, WPA clients use TKIP, and WPA2 clients
use AES. For the WPA & WPA2 mixed mode, TKIP + AES is the only supported data encryption
method.
Wireless Configuration and Security
(AES) is the standard encryption method used with WPA2.
49
andard encryption method used with WPA. You
of operation. NETGEAR recommends WPA2
with WPA, the WNDAP360 wireless
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK
WPA-PSK, WPA-PSK, and WPA-PSK & WPA2-PSK authentication use a pre-shared key
(PSK, also called a passphrase or a network key) and do not require authentication from a
RADIUS server.
The selections that are available from the Dat
a Encryption drop-down list depend on the type
of WPA-PSK authentication that you select from the Network Authentication drop-down list
and are shown in the following table.
• WP
A-PSK
Figure 24.
• WPA2-PSK
Figure 25.
• WPA-PSK & WPA2-PSK
Figure 26.
Wireless Configuration and Security
50
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 13. WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK Settings
Field Descriptions
Data Encryption TKIP Temporal Key Integrity Protocol (TKIP) is th
used with WPA. You can also use TKIP with WPA2.
Note: TKIP provides only legacy (slower) rates of operation. NETGEAR
recommends
11n rates and speed.
AES Advanced Encryption Standard (AES) is the st
with WPA2.
Note: Although some wireless clients might support AES with WPA, the
WNDAP360 wireless
TKIP + AES TKIP + AES supports both WPA and WPA2. Broadcast packets use TKIP. For
unicast (point-to-point) transmissions, WPA clients use TKIP, and WPA2
clients use AES.
For the WPA & WPA2 mixed mode, TKIP
encryption method.
Passphrase Enter a passphrase. The passphrase length needs to be between 8 and 63 characters
(inclusive). The default passphrase is sharedsecret.
You can display the actual passphrase by selecting the Sho
radio button.
Show Passphrase
r Text
in Clea
Select the Yes radio button to display the actual passphrase in the Passphrase field. The
default setting is No.
WPA2 authentication with AES encryption if you want to use the
access point does not support WPA with AES.
e standard encryption method
andard encryption method used
+ AES is the only supported data
w Passphrase in Clear Text
Configure RADIUS Server Settings
For authentication, accounting, or both authentication and accounting using RADIUS, you
need to configure primary servers and optional secondary servers. These RADIUS server
settings can apply to all devices that are connected to the wireless access point.
To configure the RADIUS server settings:
1. Select Config
Server Settings screen displays. (The following figure shows some examples.)
uration > Security > Advanced > Radius Server Settings. The Radius
Wireless Configuration and Security
51
Figure 27.
ProSafe Dual Band Wireless-N Access Point WNDAP360
2. Specify the settings as explained in the following table:
Table 14. RADIUS Server Settings
Field Descriptions
RADIUS Server Settings
Primary
Authentication Server
Secondary
Authentication Server
IP Address Enter the IP address of the primary RADIUS server for
authentication.
Authentication
Port
Secret Enter the shared key that is used between the wireless access point
IP Address Enter the IP address of the secondary RADIUS server for
Authentication
Port
Secret Enter the shared key that is used between the wireless access point
Enter the UDP port number of the wireless access point that is used
access the primary RADIUS server for authentication. The
to
default port number is 1812.
the primary RADIUS server during authentication.
and
ntication. The secondary RADIUS server is used when the
authe
primary RADIUS server is not available.
Enter the UDP port number of the wireless access point that is used
ess the secondary RADIUS server for authentication. The
to acc
default port number is 1812.
the secondary RADIUS server during authentication.
and
Primary
Accounting Server
IP Address Enter the IP address of the primary RADIUS server for accounting.
Authentication
Port
Secret Enter the shared key that is used between the wireless access point
Enter the UDP port number of the wireless access point that is used
access the primary RADIUS server for accounting. The default
to
port number is 1813.
the primary RADIUS server during the accounting process.
and
Wireless Configuration and Security
52
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 14. RADIUS Server Settings (Continued)
Field Descriptions
Secondary
Accounting Server
Authentication Settings
Reauthentication
ime (Seconds)
T
Update Global Key
ry (Seconds)
Eve
IP Address Enter th e IP address of the secondary RADIUS server for
accounting. The secondary RADIUS server is used when the
primary RADIUS server is not available.
Authentication
Port
Secret Enter the shared key that is used between the wireless access point
The interval in seconds after which the supplicant is reauthenticated with the
RADIUS server. The default interval is 3600 seconds (1 hour). Enter 0 to disable
reauthentication.
Select the check box to allow the global key update, and enter the interval in
seconds. The check box is selected by default, and the default interval is
1800 seconds (30 minutes). Clear the check box to prevent the global key update.
Enter the UDP port number of the wireless access point that is used
to access
port number is 1813.
an
the secondary RADIUS server for accounting. The default
d the secondary RADIUS server during the accounting process.
3. Click Apply to save your settings.
Restrict Wireless Access by MAC Address
For increased security , you can restrict access to an SSID by allowing access to only specific
computers or wireless stations based on their MAC addresses. You can restrict access to
only trusted computers so that unknown computers cannot wirelessly connect to the wireless
access point. MAC address filtering adds an obstacle against unwanted access to your
network, but the data broadcast over the wireless link is fully exposed.
Note: For wireless adapters, you can usually find the MAC address printed
on the wireless adapter.
To restrict access based on MAC addresses:
1. Select Con
figuration > Security > Advanced > MAC Authentication. The MAC
Authentication screen displays. (The following figure shows one example.)
Wireless Configuration and Security
53
Figure 28.
ProSafe Dual Band Wireless-N Access Point WNDAP360
2. Optionally: To display the MAC Authentication screen for the 802.11a/na modes, click the
802.11a/na tab.
3. Select the T
4. From
urn Access Control On check box to enable the access control feature.
the Select Access Control Database drop-down list, select one of the following
database options:
• Loc
al MAC Address Database. The wireless access point uses the local MAC
address database for access control. This is the default setting.
• Remote
MAC Address Database. The wireless access point uses the MAC address
database on an external RADIUS server on the LAN for access control. If you select
this database, you first need to configure the RADIUS server settings (see Configure
RADIUS Server Settings o
5. Click Refresh to ref
resh the Available Wireless Stations table. The wir el e ss ac ce s s p oi nt
n page 51).
places the MAC addresses of the attached wireless stations in this table.
6. Populate
• Select MAC addresse
the Trusted Wireless Stations table by one of the following methods:
s from the Available Wireless Stations table:
a. S
elect individual check boxes for MAC addresses, or select all MAC addresses by
selecting the check box in the heading.
b. Click Move to tran
sfer the MAC addresses from the Available Wireless Stations
table to the Trusted Wireless Stations table.
• Ente
r MAC addresses manually:
a. E
nte r a M AC a ddr es s di rec tl y in the Trusted Wireless Stations table.
b. Click Add.
To delete a MAC address from the Trusted Wireless Stations table, se l e ct in d ividu al ch e ck
s for MAC addresses, or select all MAC addresses by selecting the check box in the
boxe
heading, and then click Delete.
7. Click Apply to save
your settings.
Wireless Configuration and Security
54
ProSafe Dual Band Wireless-N Access Point WNDAP360
WARNING!
Now, only devices in the Trusted Wireless Stations table are allowed to wirelessly connect
to the wireless access point.
When configuring the wireless access point from a wireless
computer whose MAC address is not in the access control list,
you will lose your wireless connection when you click Apply. You
then need to access the wireless access point from a wired
computer or from a wireless computer which is on the access
control list to make any further changes.
Schedule the Wireless Radio to Be Turned Off
The capability to schedule the wireless radio to be turned off is a green feature that allows
you to turn off the wireless radio during scheduled vacations, of fice shut downs, on evenings,
or on weekends.
To schedule the radio to be turned on and off:
1. Select Con
figuration > Wireless > Basic > Wireless On-Off. The Wireless On-Off
screen displays:
Figure 29.
2. Specify the settings as explained in the following table:
Table 15. Wireless Radio On/Off Settings
Field Description
Wireless on-off Select the On radio button to enable the timer. By default, the Off radio button is
Radio off schedule Select check boxes to specify the days when you want to schedule the radio to
selected.
rned off. By default, Saturday and Sunday are selected.
be tu
Wireless Configuration and Security
55
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 15. Wireless Radio On/Off Settings (Continued)
Field Description
Radio ON Time Fill in the time that you want the radio to be turned back on. Use 24-hour time
format.
Radio OFF Time Fill in the time that you want the radio to be turned off. Use 24-hour time format.
3. Click Apply to save your settings.
Configure Basic Wireless Quality of Service
Wi-Fi Multimedia (WMM) is a subset of the 802.11e standard. WMM allows wireless traffic to
have a range of priorities, depending on the type of data. Time-dependent information, such
as video or audio, has a higher priority than normal traffic. For WMM to function correctly,
wireless clients also need to support WMM.
By enabling WMM, you allow Quality of Service
(QoS) control for upstream traffic flowing
from a wireless station to the wireless access point and for downstream traffic flowing from
the wireless access point to a wireless station.
WMM defines the following four queues in decreasing or
• Vo
ice. The highest priority queue with minimum delay, which makes it ideal for
der of priority:
applications like VoIP and streaming media.
• Vi
deo. The second highest priority queue with low delay is given to this queue. Video
applications are routed to this queue.
• Best Effo
rt. The medium priority queue with medium delay is given to this queue. Most
standard IP application use this queue.
• Back
ground. Low priority queue with high throughput. Applications, such as FTP, that
are not time-sensitive but require high throughput can use this queue.
The WMM Powersave feature saves power for battery-powered equipment by increasing the
ficiency and flexibility of data transmission.
ef
Note: For information about how to configure advanced wireless QoS, that
is, to configure specific Enhanced Distributed Channel Access
(EDCA) settings, see
Configure Advanced QoS Settings on
page 86.
Wireless Configuration and Security
56
ProSafe Dual Band Wireless-N Access Point WNDAP360
To configure basic wireless QoS:
1. Select Configuration > Wireless > Basic > QoS Settings. The basic QoS Settings
screen displays:
Figure 30.
2. Optionally: To display the basic QoS Se tt i ng s screen for the 802.11a/na modes, click the
802.11a/na tab.
3. Enable
• Enable W
or disable the WMM features:
i-Fi Multimedia (WMM). To enable this feature, select the Enable radio
button, which is the default setting. Select the Disable button to disable the feature.
• WMM Powersave. T
o enable this feature, select the Enable radio button, which is the
default setting. Select the Disable button to disable the feature.
4. Click App
ly to save your settings.
Wireless Configuration and Security
57
4. Management
This chapter describes how to use the management and monitoring features of your ProSafe
Dual Band Wireless-N Access Point WNDAP360. This chapter includes the following sections:
• Enable Remote Management
• Upgrade the Wireless Access Point Software
• Manage the Configuration File or Reset to Factory Defaults
• Change the Administrator Password
• Enable the Syslog Server
• Monitor the Wireless Access Point
• Enable Rogue AP Detection and Monitor Access Points
Enable Remote Management
4
Both Simple Network Management Protocol (SNMP) and the remote console Secure Shell
(SSH) are enabled by default, which allows for remote management of the wireless access
point from a client running SNMP management software, as well as from a SSH client. The
Telnet console is disabled by default.
58
ProSafe Dual Band Wireless-N Access Point WNDAP360
SNMP Management
To set up an SNMP management interface:
1. Select Mainte
nance > Remote Management > SNMP. The SNMP screen displays:
Figure 31.
2. Specify the settings as explained in the following table:
Table 16. SNMP Settings
Field Description
SNMP Select the Enable radio button to allow the SNMP network management
software, such as HP OpenView, to manage the wireless access point
through SNMPv1/v2 protocol. By default, the Disable radio button is
selected.
Read-Only Community Name Enter the community string to allow the
wireless access point’s Management Information Base (MIB) objects. The
default is public.
Read-Write Community Name Enter the community string to allow the SNMP manager to read and write
e wireless access point’s MIB objects. The default is private.
th
Trap Community Name The community string to allow the SNMP manag
default is trap.
IP Address to Receive Traps The IP address of the SNMP manager to
wireless access point.
Trap Port The port number of the SNMP manager
wireless access point. The default is 162.
3. Click App
ly to save your settings.
SNMP manager to read the
er to send traps. The
receive traps sent from the
to receive traps sent from the
Management
59
ProSafe Dual Band Wireless-N Access Point WNDAP360
Secure Shell and Telnet Management
To configure remote console features:
1. Select Ma
intenance > Remote Management > Remote Console. The Remote
Console screen displays:
Figure 32.
2. Enable or disable the remote console features:
• Secu
re Shell (SSH). To enable this feature, select the Enable radio button, which is
the default setting. Select the Disable button to disable the feature.
• T
elnet. To enable this feature, select the Enable radio button. Select the Disable
button to disable the feature, which is the default setting.
3. Click Apply to save
your settings.
To manage the wireless access point over a Telnet connection:
1. Connect an Ethern
2. Connect th
e other end of the cable to a VT100/ANSI terminal or a workstation.
et cable to the console port of the wireless access point.
If you attach a PC, Apple Macintosh, or UNIX workstation, start a secure
terminal-emu
lation program, and configure the terminal-emulation program to use the
following settings:
• Baud
• Dat
• Parity: n
• S
• Flow con
3. S
tart a secure Telnet session from the terminal or workstation to the wireless access point. A
rate: 9600 bps
a bits: 8
one
top bit: 1
trol: none
screen similar to the following should display:
Management
60
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 33.
4. Enter the login name and password (admin and password are the defaults).
After successful login, the >
access point. In this example, the prompt is netgear334408.
5. Ente
r the CLI commands that you want to use. You can enter show configuration to
display the available CLI commands. The CLI commands are also listed in Appendix B,
Command-Line Reference.
Note: You can also access the wireless access point remotely over a
Telnet or SSH session using an application such as PuTTY, if such
an encryption application is allowed by law in your country. After you
have connected to the wireless access point, enter the login name
and password to access the CLI.
prompt should appear preceded by the name of the wireless
Upgrade the Wireless Access Point Software
The software of the wireless access point is stored in flash memory and can be upgraded as
NETGEAR releases new software. You can download upgrade files from the NETGEAR
website. If the upgrade file is compressed (.zip file), you first need to extract the image (.rmt)
file before sending it to the wireless access point. You can send the upgrade file using your
browser. There are two methods to perform a software upgrade that are described in the
following sections:
• Web Browser Upgrade Procedure
• TFTP Server Upgrade Procedure
Management
61
ProSafe Dual Band Wireless-N Access Point WNDAP360
WARNING!
IMPORTANT:
Note: The Web browser that you use to upload new firmware into the
wireless access point needs to support HTTP uploads. Use a
browser such as Microsoft Internet Explorer 6.0 or later or Mozilla
1.5 or later.
Note: You cannot perform the software upgrade from a computer that is
connected to the wireless access point over a wireless link. You
need to use a computer that is connected to the wireless access
point over an Ethernet cable.
When uploading software to the wireless access point, do not
interrupt the Web browser by closing the window, clicking a link,
or loading a new page. If the browser is interrupted, the upload
might fail, corrupt the software, and render the wireless access
point completely inoperable.
In some cases, such as a major upgrade, you might need to erase
the configuration and manually reconfigure your wireless access
point after upgrading it. See the release notes included with the
software to find out if you need to reconfigure the wireless access
point.
Web Browser Upgrade Procedure
To use a Web browser to upgrade the wireless access point firmware:
1. Downloa
disk.
necessary, unzip the new so ftwa re f il e.
2. If
3. If
available, read the release notes before upgrading the software.
4. Select Maintenance
displays:
d the new software file from the NETGEAR website and save it to your hard
> Upgrade > Firmware Upgrade. The Firmware Upgrade screen
Management
62
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 34.
5. Click Browse and locate the image (.zip) upgrade file.
6. Click App
ly to initiate the upgrade process.
During the upgrade process, the wireless access point auto
matically restarts. The
upgrade process typically takes several minutes. When the Test LED turns off, wait a few
more seconds before doing anything with the wireless access point.
erify that the new software file has been installed by selecting Monitorin g > System. The
7. V
System screen displays (see Figure 42 on p
age 70). The firmware version is shown in the
Access Point Information section of the screen.
TFTP Server Upgrade Procedure
To use this method, you need to have a TFTP server set up.
To use a TFTP server to upgrade the wireless access point firmware:
1. Download th
disk.
2. Place the sof
3. If available,
4. Select Main
screen displays:
e new software file from the NETGEAR website and save it to your hard
tware file in your TFTP server location. (You do not need to unzip the file.)
read the release notes before upgrading the software.
tenance > Upgrade > Firmware Upgrade TFTP. The Firmware Upgrade TFTP
Management
63
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 35.
5. Specify the following information:
• Firmware File
• TFT
P Server IP. The IP address of your TFTP server.
Name. The name of the unzipped software file.
6. Click Apply
During the upgrade process, the wireless access point automatically restarts. The
upgra
de process typically takes several minutes. When the Test LED turns off, wait a few
more seconds before doing anything with the wireless access point.
erify that the new software file has been installed by selecting Monitoring > System. The
7. V
System screen displays (see Figure 42 on p
Access Point Information section of the screen.
to initiate the upgrade process.
age 70). The firmware version is shown in the
Manage the Configuration File or Reset to Factory Defaults
The wireless access point settings are stored in the configuration file. You can save this file
(back it up) to a computer, restore it from a computer, or reset it to factory default settings.
Save the Configuration
To save your settings:
1. Select M
displays (see the following figure).
2. Click Backup. Y
wir el es s a c ce ss po i nt and prompts you for a location on your computer to store the file.
3. Fo
aintenance > Upgrade > Backup Settings. The Backup Settings screen
our browser extracts the configuration file (the file name is config) from the
llow the instructions of your browser to save the file.
Management
64
ProSafe Dual Band Wireless-N Access Point WNDAP360
IMPORTANT:
Figure 36.
Restore the Configuration
During the restoration process, do not try to go online, turn off the
wireless access point, shut down the computer , or do anything else
to the wireless access point until it finishes restarting!
To restore your settings from a saved configuration file:
1. Select M
aintenance > Upgrade > Restore Settings. The Restore Settings screen
displays:
Figure 37.
2. Click Browse and locate the saved configuration file (the file name is config).
3. Click App
ly to initiate the restoration process. During the restoration process, the wireless
access point automatically restarts. The restoration process typically takes about 1 minute.
When the Test LED turns off, wait a few more seconds before doing anything with the
wireless access point.
Management
65
ProSafe Dual Band Wireless-N Access Point WNDAP360
IMPORTANT:
Restore the Wireless Access Point to the Factory Default Settings
You can restore the wireless access point to the factory default settings by two methods that
are described in the following sections:
• Use the Web Management Interface to Restore Factory Default Settings
• Use the Reset Button to Restore Factory Default Settings
Note: After you have restored the factory default settings on the wireless
access point:
* All custo
* The login
* The de
* The DHCP
* The Access Point Name
the label on the bottom of the unit.
m configurations will be lost.
password will be password.
fault LAN IP address will be 192.168.0.100.
client will be disabled.
field will be reset to the name printed on
Use the Web Management Interface to Restore Factory Default Settings
During the restoration process, do not try to go online, turn off the
wireless access point, shut down the computer , or do anything else
to the wireless access point until it finishes restarting!
To restore the factory default settings using the web management interface:
1. Select Ma
displays:
intenance > Reset > Restore Defaults. The Restore Defaults screen
Figure 38.
Management
66
ProSafe Dual Band Wireless-N Access Point WNDAP360
2. Select the Yes radio button. (By default, the No radio button is selected.)
3. Click App
During the restoration process, the wireless a
restoration process typically takes about 1 minute. When the Test LED turns off, wait a
few more seconds before doing anything with the wireless access point.
ly to reset the w i re l es s ac c es s p oi n t to the factory default settings.
ccess point automatically restarts. The
Use the Reset Button to Restore Factory Default Settings
To restore the factory default settings when you do not know the login user name, login
password, or IP address, you need to use the Reset button on the rear panel of the wireless
access point (see Figure 2 on
To restore the factory default settings using the Reset button:
1. Using a sharp obje
LED b li n ks ra pi d ly ) to reset the wireless access point to factory def aults settings.
Note: Pressing the Reset button for a shorter period of time simply causes
the wireless access point to reboot.
2. Release the Reset button.
During the restoration process, the wireless a
restoration process typically takes about 1 minute. When the Test LED turns off, wait a
few more seconds before doing anything with the wireless access point.
ct, press and hold the Reset button for about 5 seconds (un ti l t he Test
page 12).
ccess point automatically restarts. The
Reboot the Wireless Access Point without Restoring the Default Configuration
If you do not have physical access to the wireless access point to switch it off and on again,
you can use the software to reboot the wireless access point.
To reboot the wireless access point:
1. Select Mainte
Figure 39.
nance > Reset > Reboot AP. The Reboot AP screen displays:
Management
67
ProSafe Dual Band Wireless-N Access Point WNDAP360
2. Select the Yes radio button. (By default, the No radio button is selected.)
3. Click Apply
The reboot process typically takes about 1 minute. When the Test LED turns off, wait a
few mo
to reboot th e wi r e le s s ac c es s po i n t .
re seconds before doing anything with the wireless access point.
Change the Administrator Password
The default password is password. You should change this password to a more secure
password. You cannot change the administrator login name (admin).
The ideal password should co
mixture of letters (both uppercase and lowercase), numbers, and symbols. Your password
can be up to 30 characters.
To change the administrator password:
1. Select Ma
displays:
Figure 40.
intenance > Password > Change Password. The Change Password screen
ntain no dictionary words from any language, and should be a
2. Take one of the following actions:
• En
• Next to Restore Defau
3. Click Apply to save
If you have restored the default password, the login password will be p
have configured a new password, write it down in a secure place.
ter a new password twice: once in the New Password field and again in the Repeat
New Password field.
lt Password, select the Yes radio button to restore the default
password. By default, the No radio button is selected.
your settings.
Management
68
assword. If you
ProSafe Dual Band Wireless-N Access Point WNDAP360
Enable the Syslog Server
The Syslog screen allows you to enable the syslog option if you have a syslog serve r on your
LAN. If syslog is enabled, the wireless access point sends its syslog files to the syslog server.
To enable a syslog server:
1. Select Con
Figure 41.
figuration > System > Advanced > Syslog. The Syslog screen displays:
Specify the settings as explained in the following table:
Table 17. Syslog Settings
Field Description
Enable Syslog Select the check box to enable the syslog option. By default, the syslog option
s disabled.
i
Syslog Server IP Address Enter the IP address of the syslog server to which the wireless access point
sends the syslog files.
Port Number Enter the port number that is
number is 514.
2. . Click Appl
y to save your se ttings.
configured on the syslog server. The default port
Monitor the Wireless Access Point
The wireless access point provides a variety of status and usage information that is
discussed in the following sections:
• View System Information
• Monitor Wireless Stations
• View the Activity Log
• Traffic Statistics
Management
69
ProSafe Dual Band Wireless-N Access Point WNDAP360
View System Information
The System screen provides a summary of the current wireless access point configuration
settings, including current IP settings and current wireless settings. This information is read
only, so any changes need to be made on other screens.
To view the System screen:
Select Monitoring > Sys
tem.
Figure 42.
Management
70
ProSafe Dual Band Wireless-N Access Point WNDAP360
The following table explains the fields of the System screen:
Table 18. System Screen Fields
Field Description
Access Point Information
Access Point Name The NetBIOS name. For information about how to change the default name, see
Configure Basic General System Settings and Time Settings o
Ethernet MAC Address The MAC address of the wireless access point’s Ethernet port.
Wireless MAC Address The MAC address of the wireless access point’s wireless card.
n page 19.
Country/Region The country or region for which the wireless a
information about how to change the country or region, see Configure Basic General
System Settings and Time Settings on
Note: It might not be legal to operate this wireless access point in a country or region
other than one of those identified in this field.
Firmware Version The version of the firmware that is currently installed.
Current Time The current time. For information
Configure Basic General System Settings and Time Settings o
Current IP Settings
For information about how to change any of these IP settings, see Configure IP Settings and Optional DHCP
Server Settings on
IP Address The IP address of the wireless access point.
Subnet Mask The subnet mask for the
Default Gateway The default gateway for the wireless access point communication.
DHCP Client Enabled indicates that the current IP address was obtained from a DHCP server on
Current Wireless Settings for 802.11n/g
Access Point Mode The operating mode of the wireless access
page 21.
wireless access point.
your LAN network. Disabled indicates a static IP configuration.
indicated:
• Access Point
• Point-to-Point Bridge
• Point-to-Point Bridge with Access Point
• Multi-Point Bridge with/without client association
For information about how to change the mode, see Configure Wireless Bridging on
page 89.
about how to change the time settings, see
ccess point is licensed for use. For
page 19.
n page 19.
point. One of the following modes is
Channel / Frequency The channel the wireless port is using. For information about how to change the
annel and frequency, see Configure 802.11b/bg/ng Wireless Settings on page 23.
ch
Rogue AP Detection Enabled indicates that rogue AP detection is e
nabled; Disabled indicates that it is not.
Management
71
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 18. System Screen Fields (Continued)
Field Description
Current Wireless Settings for 802.11n/a
Access Point Mode The operating mode of the wireless access point. One of the following modes is
indicated:
• Access Point
• Point-to-Point Bridge
• Point-to-Point Bridge with Access Point
• Multi-Point Bridge with/without client association
For information about how to change the mode, see Configure Wireless Bridging on
page 89.
Channel / Frequency The channel the wireless port is using. For information about how to change the
nnel and frequency, see Configure 802.11a/na Wireless Settings on page 27.
cha
Rogue AP Detection Enabled in dicates tha t rogue AP dete ction is enabled; Disabled indicates that it is not.
Monitor Wireless Stations
The Wireless St ations screen contains the Ava ilable Wireless S tations table. This t able shows
all IP devices that are associated with the wireless access point in the wireless network that
is defined by the wireless network name (SSID). The table heading indicates the wireless
mode (802.11b, 802.11bg, or 802.11ng and 802.11a or 802.11na).
Note: A wireless network can include multiple wireless access points, all
using the same network name (SSID). This extends the reach of the
wireless network and allows users to roam from one wireless access
point to another, providing seamless network connectivity. Under
these circumstances, be aware that the Available Wireless Stations
table includes only the stations associated with this wireless access
point.
To view the attached wireless stations, and to view details for a wireless station:
1. Select Mon
itoring > Wireless Stations. The Wireless Stations screen displays:
Management
72
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 43.
To update the list, click Refresh. If the wireless access point is rebooted, the wireless
station data is lost until the wireless access point rediscovers the devices. To force the
wireless access point to look for associated devices, click Refresh.
There is an Available Wireless Stations table for each selected 2.4-GHz and 5-GHz radio
mode.
For each radio mode, the Available Wireless Stations table shows for each device
the MAC address, BSSID, SSID, channel, rate, state, type, AID, mode, and status. For
information about these and more fields, see the following table.
2. T
o view details of a wireless station, select the corresponding radio button, and then click
Details. The Wireless Stations Details screen displays:
Figure 44.
Management
73
ProSafe Dual Band Wireless-N Access Point WNDAP360
The following table explains the fields of the Wireless Stations Details screen:
Table 19. Wireless Stations Details Fields
Field Description
MAC Address The MAC address of the wireless station.
BSSID The BSSID that the wireless
SSID The SSID that the wireless station is using.
Channel The channel that the wireless station is using.
Rate The transmit data rate in Mbps of the wireless station.
State The features that are enabled on the wireless station.
Type The authentication and encryption type th
AID The associated identifier (AID) of the wireless station.
Mode The wireless mode in which the
Status The wireless status of the wireless station (Associated).
RSSI The received signal strength indicator (RSSI) of the wireless station.
Idle Time The time since the last frame was received from the wireless station.
Tx Sequence The sequence number of the last frame that wa
Rx Sequence The sequence number of the last frame that was received from the wireless station.
Capability The capability summary of the wireless station that was detected during association.
Cipher The cipher that is used by the wireless station
station is using.
at the wireless station is using.
wireless station is operating.
s transmitted to the wireless station.
and that defines the type of encryption.
SNR The signal-to-noise ratio (SNR) that indicates how much the signal of the wireless
station has been corrupted by noise.
Recv. Bytes The number of bytes received on the wireless st
Trans. bytes The number of bytes transmitted by the wireless station since it last started up.
Assoc. Time S tamp The time when these details of the wireless station were retrieved.
IP Address The IP address of the wireless station.
Channel Width The channel width at which the
wireless station operates.
ation since it last started up.
Management
74
ProSafe Dual Band Wireless-N Access Point WNDAP360
View the Activity Log
You can view the wireless access point’s activity log onscreen and save the logs.
To display the activity log and save it:
1. Select Monitoring
Figure 45.
2. Click Save As to save the log contents to a f ile on your computer or to a disk drive.
To update the display on screen, click Refresh; to clear
> Logs. The Logs screen displays:
the log content, click Clear.
Traffic Statistics
The St atistics screen disp lays information for both wire d (LAN) and wireless (WLAN) network
traffic.
To display the Statistics screen:
Select Monit
oring > Statistics.
Management
75
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 46.
To update the statistics information, click Refresh.
The following table explains the fields of the
Table 20. Statistics Fields
Field Description
Wired Ethernet
Packets The number of packets received and transmitted over the Ethernet
connection since the wireless access point was restarted.
Bytes The number of bytes received and transmi
since the wireless access point was restarted.
Statistics screen:
tted over the Ethernet connection
Management
76
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 20. Statistics Fields (Continued)
Field Description
Wireless 802.11b, Wireless 802.11bg, or Wireless 801.11ng
The section heading depends on the configured wireless mode.
Unicast Packets The number of unicast packets received an
connection since the wireless access point was restarted.
Broadcast Packets The number of broadcast packets received and transmitted over the
ss connection since the wireless access point was restarted.
wirele
Multicast Packets The number of multicast packets received and transmitted over the wireless
connection since the wireless access point was restarted.
Total Packets The total number of packets received and transmitt ed ove r th e w ire l e ss
ction since the wireless access point was restarted.
conne
Total Bytes The total number of bytes received and transmitted over the wireless
ction since the wireless access point was restarted.
conne
Wireless 802.11a or Wireless 801.11na
The section heading depends on the configured wireless mode.
The fields that are displayed are the same as the on
Client Association
802.11b Radio,
802.11bg Radio, or
802.11ng Radio
802.11na Radio or
802.11a Radio
The number of associated clients connected to the
wireless modes.
es for the 2.4 GHz modes (see the previous rows).
d transmitted over the wireless
radio in the configured
Enable Rogue AP Detection and Monitor Access Points
Enable and Configure Rogue AP Detection
The wireless access point can detect rogue access point s and prevent them from connecting
to the wireless access point. The wireless access point maintains a list of access points it
detects in the area. Initially all detected access points are displayed in the Unknown AP List.
You restrict communication to approved access points by adding them to the Known AP List
and enabling the rogue AP detection feature.
If you enable rogue AP detection, the wireless access point continuously scans the wireless
etwork and collects information about all access point on its channel.
n
To enable and configure rogue AP detection:
1. Select Con
displays. (The following figure shows examples in the Known AP List and Unknown AP
List.)
figuration > Security > Advanced > Rogue AP. The Rogue AP screen
Management
77
Figure 47.
ProSafe Dual Band Wireless-N Access Point WNDAP360
2. Optionally: To enable and configure rogue AP detection for the 802.11a/na modes, click the
802.11a/na tab.
3. Click Refresh to let the
wireless access point discover the access points and populate the
Unknown AP List.
the Unknown AP List, select individual check boxes for access points, or select all access
4. In
points by selecting the check box in the column heading.
5. Click Move to
6. Select the T
7. Click Apply to save
To remove APs from the Known AP List and return them to the Unknown AP List:
1. In the Kno
transfer the access points from the Unknown AP List to the Known AP List.
urn Rogue AP Detection On check box to enable rogue AP dete ction.
your settings.
wn AP List, select individual check boxes for access points, or select all
access points by selecting the check box in the column heading.
2. Click Delete.
To import a file with a precompiled list of access points into the Known AP List:
ake one of the following actions:
1. T
• Se
lect the Replace radio button to let the imported list with access points replace the
existing Known AP List.
• Select t
he Merge radio button to add the imported list with access points to the
existing Known AP List.
2. Click Br
owse and locate the file that contains the list w it h a c c e s s p o i nt s . This file needs to
be a simple text file with one MAC address per line.
3. Select the file,
4. Click Apply
and click Open.
to upload the lis t w it h a cc es s p o in ts to the Known AP List.
Management
78
ProSafe Dual Band Wireless-N Access Point WNDAP360
View and Save Access Point Lists
The wireless access point detects nearby APs and wireless st ations and maint ains them in a
list. You can use this list to prevent them from connecting to the wireless access point.
To view the Unknown AP List and save it to a file:
1. Select Monitoring
> Rogue AP > Unknown AP List. The Unknown AP List screen
displays:
Figure 48.
2. Click Refresh to let the wireless access point discover the access points and populate the
Unknown AP List for the selected 2.4-GHz and 5-GHz modes.
The following table explains the fields of the Unknown AP List screen:
Table 21. Unknown AP List Fields
Field Description
MAC Address The MAC address of the unknown AP.
SSID The SSID that the unknown AP is using.
Privacy Indicates whether or not security is enabled (1 means enabled; 0 means
led).
disab
Channel The channel that the unknown AP is using.
Rate The transmit data rate in Mbps of the unknown the AP.
Beacon Int. The interval for each beacon transmission in ms.
# of Beacons The number of beacons transmitted by th
access point has detected.
Last Beacon The timestamp that indicates the time
detected.
3. Click Sav
e to export the list of unknown or known APs to a file. A window opens so you can
e unknown AP that the wireless
when the most recent beacon was
browse to the location where you want to save the file. The default file name is macList.txt.
Management
79
ProSafe Dual Band Wireless-N Access Point WNDAP360
If you wish, you can now import the saved list into the Known AP List on the Rogue AP
screen (see Enable and Configure Rogue AP Detection o
To view the Known AP Lists and save it to a file:
n page 77).
1. Select Mon
2. Click Refresh to let the
itoring > Rogue AP > Known AP List. The Known AP List screen displays:
wireless access point discover the access points and populate the
Known AP List for the selected 2.4-GHz and 5-GHz modes.
The following table explains the fields
of the Known AP List screen:
Table 22. Known AP List Fields
Field Description
MAC Address The MAC address of the known AP.
SSID The SSID that the known AP is using.
Channel The channel that the known AP is using.
3. Click Save to export
the list of known access points to a file. A window opens so you can
browse to the location where you want to save the file. The default file name is macList.txt.
You can now import the saved list into the Known AP List on the Rogue AP screen (see
Enable and Configure Rogue AP Detection on p
age 77).
Management
80
5. Advanced Configuration
This chapter describes how to configure the advanced features of your ProSafe Dual Band
Wireless-N Access Point WNDAP360. This chapter includes the following sections:
• Spanning Tree Protocol and 802.1Q VLAN
• Hotspot Settings
• Configure Advanced Wireless Settings
• Configure Advanced QoS Settings
• Configure Wireless Bridging
Spanning Tree Protocol and 802.1Q VLAN
The advanced General system settings screen allows you to enable the Spanning Tree
Protocol (STP) and configure the VLANs.
5
STP provides network traffic optimization in locations wh
are active.
The 802.1Q VLAN protocol on the wireless access point logically separates traffic on the
sam
e physical network:
• Unt
agged VLAN. When the wireless access point sends frames that are associated with
the untagged VLAN from its Ethernet interface, those frames are untagged. When the
wireless access point receives untagged frames over its Ethernet interface, t hose frames
are assigned to the untagged VLAN.
Note: Select the Untagged VLAN check box only if the hubs and switches
on your LAN support the 802.1Q VLAN protocol. Likewise, change
the untagged VLAN value only if the hubs a nd switches on your LAN
support the 802.1Q VLAN protocol. Selecting the Untagged VLAN
check box or changing the untagged VLAN value will result in a loss
of IP connectivity if the hubs and switches on your LAN have not yet
been configured with the corresponding VLAN.
ere multiple wireless access points
81
ProSafe Dual Band Wireless-N Access Point WNDAP360
• T agged VL AN. When you clear the Untagged VL AN check box, the wireless access point
tags all frames that are sent from its Ethernet interface. Only incoming frames that are
tagged with known VLAN IDs are accepted.
• Managem
ent VLAN. The management VLAN can be active only when the wireless
access point functions as a point-to-point or point-to-multipoint bridge (see Configure
Wireless Bridging on
page 89). The management VLAN is used for managing traffic
(Telnet, SNMP, and HTTP) to and from the wireless access point.
Frames belonging to the management VLAN a
are sent over the trunk. If a port is in a single VLAN, it can be untagged. However, if the
port is a member of multiple VLANs, it needs to be tagged.
To configure STP and VLANs:
1. Select Configuring > Sys
settings screen displays:
re not given any 802.1Q header when they
tem > Advanced > General. The advanced General system
Figure 49.
2. Specify the settings as explained in the following table:
Table 23. STP and VLAN Settings
Field Description
Spanning Tree Protocol
Spa nn ing Tree Protocol Select the Enable radio
default, the Disable radio button is selected.
802.1Q VLAN
Untagged VLAN Select the Un
VLAN. By default, the Untagged VLAN check box is selected.
Specify a VLAN ID. The default VLAN ID is 1.
tagged VLAN check box to configure one VLAN as an untagged
Advanced Configuration
button to enable STP to prevent path redundancy. By
82
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 23. STP and VLAN Settings (Continued)
Field Description
Management VLAN Specify an ID for the VLAN from which the wireless access point can be
managed. The default VLAN ID is 1.
Note: If you configure the VLAN ID as 0 (zero), the wireless access point can be
aged over any VLAN, and frames that belong to the management VLAN are
man
not tagged with an 802.1Q header when sent over the trunk.
3. Click Apply to save your settings.
Hotspot Settings
If the wireless access point functions as a public access point and you want it to ca pture and
redirect all HTTP requests (over TCP, port 80), set up a hotspot server to redirect the
requests to the specified URL and manage the clients. For example, you can redirect HTTP
requests to a Web server for authentication, timing control, or advertising. A hotel might want
all wireless connections to go to its server to start a billing transaction.
Note: The redirection occurs only the first time that a wireless client opens
a Web browser.
To set up a hotspot server:
1. Select Con
Figure 50.
figuration > System > Advanced > Hotspot. The Hotspot screen displays:
2. To enable HTTP redirection, select the Enable radio button. By default, the Disable radio
button is selected.
3. In the Re
direct URL field, enter the URL of the Web server to which you wish to redirect
HTTP requests.
4. Click App
URL.
ly to save your settings. All HTTP requests are now redirected to the specified
Advanced Configuration
83
ProSafe Dual Band Wireless-N Access Point WNDAP360
Configure Advanced Wireless Settings
You use the advanced Wireless Settings screen to configure and enable various WLAN
settings for 802.11b, 802.11bg, or 802.11ng wireless mode. The active wireless mode is
indicated on screen. (For information about how to change the wireless mode, see Configure
Basic Wireless Settings on p
age 23.)
The default WLAN settings normally work well. Ho
fine-tune the overall performance of your wireless access point for your environment.
To configure advanced wireless settings:
1. Select Configuration
Wireless Settings screen displays. (The following figure shows the 11ng settings—see
the wireless icon that is displayed next to ng.)
> Wireless > Advanced > Wireless Settings. The advanced
wever, you can use these settings to
Figure 51.
2. Optionally: To configure advanced wireless settings for the 802.11a/na modes, click the
802.11a/na tab.
Advanced Configuration
84
ProSafe Dual Band Wireless-N Access Point WNDAP360
3. Specify the settings as explained in the following table:
Table 24. Advanced Wireless Settings
Field Description
RTS Threshold (0–2347) Enter the Request to Send (RTS) threshold. The default setting is
2347.
If the packet size is equal to or less than the RTS threshold, the
wireless access
Collision Detection (CSMA/CD) mechanism, and the data frame is
transmitted immediately after the silence period.
If the packet size is larger than the RTS threshold, the wireless access
int uses the CSMA with Collision Avoidance (CSMA/CA)
po
mechanism. In this situation, the transmitting station sends an RTS
packet to the receiving station, and waits for the receiving station to
return a Clear to Send (CTS) packet before sending the actual packet
data.
Fragmentation Length (256–2346) Enter the maximum packet size that is used for the fragmentation of
ta packets. Packets that are larger than the specified fragmentation
da
length are broken up into smaller packets before being transmitted.
The fragmentation length needs to be an even number. The default
setting is 2346.
point uses the Carrier Sense Multiple Access with
Beacon Interval (100–1000) Enter the interval between 100 ms and 1000 ms for each beacon
nsmission, which allows the wireless access point to synchronize
tra
the wireless network. The default setting is 100.
Aggregation Length (1024–65535)
Note: This setting does not apply
to the 80
AMPDU
Note: This setting does not apply
to the 80
802.11a mode.
RIFS Transmission
Note: This setting does not apply
to the 80
802.11a mode.
DTIM Interval (1–255) Enter the Delivery Traffic Indication Message (DTIM) interval, also
2.11a mode.
2.11b/bg modes and the
2.11b/bg modes and the
Enter the maximum length of Aggregated MAC Protocol Data Unit
(AMPDU) packets. Larger aggregation lengths could lead to better
network performance. Aggregation is a mechanism used to achieve
higher throughput. The default setting is 65535.
Select the Enable rad
frames into a single large frame to achieve higher throughput. Enabling
Aggregated MAC Protocol Data Unit (AMPDU) could lead to better
network performance. By default, the Enable radio button is selected.
Select the Enable radio button to allow transmission of successive
frames at different transmit powers. Enabling Reduced Interframe
Space (RIFS) could lead to better network performance. By default, the
Disable radio button is selected.
referred
delivery traffic indication message period in multiples of beacon
intervals. This value needs to be between 1 and 255. The default
setting is 3.
to as the data beacon rate, which indicates the beacon
io button to allow the aggregation of several MAC
Advanced Configuration
85
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 24. Advanced Wireless Settings (Continued)
Field Description
Preamble Type
Note: This setting does not apply
e 802.11a/na modes.
to th
Antenna
Note: This setting does not apply
e 802.11a/na modes.
to th
802.11d
Note: This setting does not apply
e 802.11a/na modes.
to th
Client Isolation From the drop-down list, select one of the following options:
Max. Wireless Clients Enter the maximum number of wireless clients that can simultaneously
Select one of the following radio buttons to specify the preamble type:
• Lon
g. A long transmit preamble might provide a more reliable
connection or a slightly longer range. A short transmit preamble
gives better performance.
• Auto. The
preambles. The default setting is Auto.
Select one of the following radio buttons to specify the antenna:
• Internal. Enables the internal antenna. This is the default setting.
• External.
Select this check box to enable support for additional regulatory
domain
addition of a country information element to beacons, probe requests,
and probe responses. This check box is selected by default.
• Enable. Commun
to different virtual access points (VAPs) is blocked.
sable. Communication between wireless clients that are
• Di
associated to different VAPs is allowed. This is the defau lt setting.
nnect to the wireless access point at one time. The default setting is
co
64 clients.
Auto settings automatically handles both long and short
Enables an optional external antenna.
s that are not in the current standard; support includes the
ication between wireless clients that are associated
4. Click Apply to save your settings.
Configure Advanced QoS Settings
For most networks, the default Quality of Service (QoS) queue settings work well. For
information about how to configure basic QoS, see Configure Basic Wireless Quality of
Service o
You can specify the settings on multiple queues for increased throughput and better
perfo
audio, video, and streaming media, as well as traditional IP data.
The advanced QoS options on the wireless access point are as follows:
• AP EDC
• S
n page 56.
rmance of differentiated wireless traffic such as Voice-over-IP (VoIP), other types of
A parameters. Specify the access point (AP) Enhanced Distributed Channel
Access (EDCA) settings for different types of data transmitted from the wireless access
point to wireless clients.
tation EDCA parameters. Specify the station EDCA parameters for different types of
data transmitted from the wireless clients to the wireless access point. If WMM is
disabled, you cannot configure the S tation EDCA pa rameters. (For information about how
to enable WMM, see Configure Basic Wireless Quality of Service on p
age 56.)
Advanced Configuration
86
ProSafe Dual Band Wireless-N Access Point WNDAP360
When you configure the EDCA settings, the wireless access point can leverage existing
information in the IP packet header that is related to the Type of Service (ToS). The wireless
access point examines the ToS field in the headers of all packets that it processes. Based on
the value in a packet’s ToS field, the wireless access point prioritizes the packet for
transmission by assigning it to one of the queues. A different type of data is associated with
each queue. You can configure how the wireless access point treats each queue.
The queues defined for different types of data transmitted from AP-to-station and
ation-to-AP are:
st
• Dat
a 0 (Best Effort). Medium priority queue, medium throughput and delay. Most
traditional IP data is sent to this queue.
• Dat
a 1 (Background). Lowest priority queue, high throughput. Bulk data that requires
maximum throughput and is not time-sensitive is sent to this queue (FTP data, for
example).
• Dat
a 2 (Video). Highest priority queue, minimum delay. Time-sensitive video data is
automatically sent to this queue.
• Dat
a 3 (Voice). Highest priority queue, minimum delay. Time-sensitive dat a such a s VoIP
and streaming media are automatically sent to this queue.
To configure advanced QoS:
1. Select Con
figuration > Wireless > Advanced > QoS Settings. The advanced QoS
Settings screen displays:
Figure 52.
2. Optionally: To configure advanced QoS for the 802.11a/na modes, click the 802.11a/na tab.
Advanced Configuration
87
ProSafe Dual Band Wireless-N Access Point WNDAP360
3. Specify the settings as explained in the following table:
Table 25. EDCA Settings
Field Description
AP EDCA parameters
AIFS Enter the Arbitration Inter-Frame Spacing (AIFS) int
milliseconds) between data frames. A higher AIFS value means a higher priority for a
queue. Valid values for AIFS are 0 through 8.
The default values are: Data 0: 3; Dat
cwMin Enter the Minimum Contention Window (cwMin) value that specifies the upper limit (in
milliseconds) of a range from which the initial random back-off wait time is determined.
Decreasing this value increases the priority of the queue. The value for cwMin needs to be
lower than the value for cwMax. Valid values are 0, 1, 3, 7, 15, 31, 63, 127, 255, 511, or
1023.
The default values are: Data 0: 15; Data 1: 15; Data 2: 7; Data 3: 3.
cwMax Enter the Maximum Contention Window (cwMax)
milliseconds) for the doubling of the random back-off value. Decreasing this value
increases the priority of the queue. The value for cwMax needs to be higher than the value
for cwMin. Valid values are 0, 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023.
The default values are: Data 0: 63; Data 1: 1023; Data 2: 15; Data 3: 7.
Max. Burst Enter the maximum burst value that specifies the maximum burst
allowed for packet bursts on the wireless network. A packet burst is a collection of multiple
frames transmitted without header information. Decreasing this value increases the priority
of the queue. Valid values for maximum burst length are all multiples of 32 between 0 and
8192, inclusive of 0 and 8192.
The default values are: Data 0: 0; Data 1: 0; Data 2: 3008; Data 3: 1504.
Station EDCA parameters
a 1: 7; Data 2: 1; Data 3: 1.
erval that specifies the wait time (in
value that specifies the upper limit (in
length (in microseconds)
AIFS Enter the Arbitration Inter-Frame Spacing (AIFS) int
milliseconds) between data frames. A higher AIFS value means a higher priority for a
queue. Valid values for AIFS are 0 through 8.
The default values are: Data 0: 3; Dat
cwMin Enter the Minimum Contention Window (cwMin) value that specifies the upper limit (in
liseconds) of a range from which the initial random back-off wait time is determined.
mil
Decreasing this value increases the priority of the queue. The value for cwMin needs to be
lower than the value for cwMax. Valid values are 0, 1, 3, 7, 15, 31, 63, 127, 255, 511, or
1023.
The default values are: Data 0: 15; Data 1: 15; Data 2: 7; Data 3: 3.
a 1: 7; Data 2: 2; Data 3: 2.
erval that specifies the wait time (in
Advanced Configuration
88
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 25. EDCA Settings (Continued)
Field Description
cwMax Enter the Maximum Contention Window (cwMax) value that specifies the upper limit (in
milliseconds) for the doubling of the random back-off value. Decreasing this value
increases the priority of the queue. The value for cwMax needs to be higher than the value
for cwMin. Valid values are 0, 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023.
The default values are: Data 0: 1023; Data 1: 1023; Data 2: 15; Data 3: 7.
TXOP Limit Enter the Transmission Opportunity (TXOP) valu
microseconds) in which a client station can initiate transmissions on the wireless medium
(WM). Decreasing this value increases the priority of the queue. Valid values for TXOP
Limit are all multiples of 32 between 0 and 8192, inclusive of 0 and 8192.
The default values are: Data 0: 0; Data 1: 0; Data 2: 3008; Data 3: 1504.
e that specifies the time interval (in
4. Click Apply to save your settings.
Configure Wireless Bridging
The wireless access point supports a wireless distributing system (WDS) that lets you build
large bridged wireless networks. You can select from the following wireless access point
modes:
• W
ireless point-to-point bridge. In this mode, the wireless access point can
communicate with another bridge-mode wireless station and, as an option, also with
wireless clients. Use WEP, WPA-PSK, or WPA2-PSK to secure the communication. For
information about how to configure this mode, see Configure a Point-to-Point Wireless
Network on p
• W
ireless point-to-multipoint bridge. In this mode, the wireless access point is the
master for a group of bridge-mode wireless stations. As an option, the wireless access
point can also communicate with wireless clients. You can configure up to four profiles.
age 90.
The other bridge-mode wireless stations need t
o be set to point-to-point bridge mode,
using the MAC address of the master wireless access point. Rather than communicating
directly with each other, all other bridge-mode wireless stations send their traffic to the
master wireless access point. Use WEP, WPA-PSK, or WPA2-PSK to secure the
communication. For information about how to configure this mode, see Configure a
Point-to-Multipoint Wireless Network on p
• Repeatin
g the wireless signal. In this mode, this wireless access point repeats the
age 93.
wireless signal, does not support communication with wireless clients, and sends all
traffic to a remote access point. In this mode, wireless clients cannot associate with the
wireless access point. Use WEP, WPA-PSK, or WPA2-PSK to secure the communication.
For information about how to configure this mode, see Configure the Wireless Access
Point to Repeat the Wireless Signal Using Point-to-Multipoint Bridge Mode on p
Advanced Configuration
89
age 98.
ProSafe Dual Band Wireless-N Access Point WNDAP360
Wireless PC card
in a notebook computer
Wireless PC card
in a notebook computer
Point-to-point
bridge mode
Point-to-point
bridge mode
Router
Hub or switch
Note: You cannot configure wireless bridging when automatic channel
selection is enabled. On the basic Wireless Settings screen, make
sure that Auto is not selected from the Channel / Frequency
drop-down list (see Configure Basic Wireless Settings on page 23).
Configure a Point-to-Point Wireless Network
In point-to-point bridge mode, the wireless access point communicates with another
bridge-mode wireless station. Use wireless security to protect this communication. The
following figure shows an example in which two wireless access points (APs) function in
point-to-point bridge mode:
Figure 53.
To configure a point-to-point wireless network:
1. Select the 80
2. Configu
2.11b/bg/ng or 802.11a/na tab.
re the wireless access point (AP1 on LAN Segment 1 in the previous figure) as a
point-to-point bridge:
a. Select Configuratio
n > Wireless Bridge. The Bridging screen displays (see the
following figure).
b. Select the Enab
le Wireless Bridging check box. The Local MAC Address field is a
nonconfigurable field that shows the MAC address of the wireless access point.
c. Select the W
ireless Point-to-Point Bridge radio button. The screen adjusts.
Advanced Configuration
90
Figure 54.
ProSafe Dual Band Wireless-N Access Point WNDAP360
d. If you want to enable wireless client association while the wireless access point
functions as a point-to-point bridge, select the Enable Wireless Client Association
check box.
e. Click Edit to co
nfigure the security profile settings. The Edit Security Profile screen
displays:
Figure 55.
Advanced Configuration
91
ProSafe Dual Band Wireless-N Access Point WNDAP360
f. Specify the settings as explained in the following table:
Table 26. Point-to-Point Bridge Profile and Authentication Settings
Field Description
Profile Definition
Profile Name Enter a profile name that is easy to remember. The default name is
NETGEA
Remote MAC Address Enter the MAC address of the remote wireless access point (the MAC address
of AP2 on LAN Seg
Authentication Settings
R-WDS-1.
ment 1 in Figure 53 on page 90).
Network
Authentication and
Data Encryption
From the Network Authentication drop-down list, select Op
WPA-PSK, or WPA2-PSK. Your selection determines the options that the Data
Encryption drop-down list provides, and whether or not the WPA Passphrase
(Network Key) field displays.
Open System Although you can use the bridge communication without any
uthentication and encryption, NETGEAR recommends that
a
you use WEP if you do select an open system. From the Data
Encryption drop-down list, select one of the following:
• None. No authen
-bit WEP. Standard WEP encryption, using 40/64-bit
• 64
encryption.
-bit WEP. Standard WEP encryption, using 104/128-bit
• 128
encryption.
2-bit WEP. Proprietary WEP encryption mode, using
• 15
128+24 bits encryption. This mode functions only with other
wireless station that support this mode.
WPA-PSK TKIP (T
encryption method used with WPA-PSK and the only
selection possible from the Data Encryption drop-down list.
In the WPA Passphrase (Network
passphrase. The passphrase length needs to be between
8 and 63 characters (inclusive).
WPA2-PSK AES (Advance
encryption method used with WPA2-PSK and the only
selection possible from the Data Encryption drop-down list.
In the WPA Passphrase (Network
passphrase. The passphrase length needs to be between
8 and 63 characters (inclusive).
emporal Key Integrity Protocol) is the standard
tication and encryption.
Key) field, enter a
d Encryption Standard) is the standard
Key) field, enter a
en System,
Note: NETGEAR recommends WPA2-PSK authentication
th AES encryption if you want to use the 11n rates and
wi
speed.
Advanced Configuration
92
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 26. Point-to-Point Bridge Profile and Authentication Settings (Continued)
Field Description
Link Test
IP Address T o verify the connection between the access point and the wireless station that
you intend to build a bridge with, enter the IP address of the wireless station,
and then click Link Test. The Link Test Process Status field displays the
results of the test (Uninitialized, In Process, Success, Timed Out, or Failure).
Note: You should be able to ping the IP address of both APs from a connected
nt. Failure to ping one of the APs means that the wireless signal is not
clie
traversing the bridge. Failure to ping both IP addresses means that the clients
is not connected correctly.
g. Click Apply to save your security profile settings. The Bridging screen displays
again.
f the correct profile name and security option are displayed in the table, select the
h. I
check box in the Enable column.
i. Click Apply in th
3. Conf
igure a second wir el es s a cc e ss p o in t (AP2) on LAN Segment 2 (see Figure 53 on
e Bridging screen to save your point-to-point bridge settings.
page 90) in point-to-point bridge mode.
AP1 needs to have AP2’s MAC address in its Remote MAC Address field, and AP2
n
eeds to have AP1’s MAC address in its Remote MAC Address field.
4. Conf
igure and verify the following settings for both wir el es s a c ce ss po i nt s :
• V
erify the LAN network configuration of the wireless access points. Both need to be
configured to operate in the same LAN network address range as the LAN devices.
• Both wireless a
ccess points need to use the same channel, authentication mode, and
security settings.
5. V
erify connectivity across the LAN 1 and LAN 2.
A computer on either LAN segment should be able to connect to th
e Internet or share
files and printers of any other computers or servers connected to LAN Segment 1 or LAN
Segment 2.
Configure a Point-to-Multipoint Wireless Network
In a point-to-multipoint bridge, the wireless access point is the master for a group of
bridge-mode wireless access points. All traffic is sent to the master rather than to the other
wireless access points. Use wireless security to protect this communication.
For each wireless access point that you want the ma
configure a security profile with a unique name and the MAC address of the wireless access
point. You can configure up to four such security profiles (NETGEAR-WDS-1,
NETGEAR-WDS-2, and so on).
ster to be able to connect to, you need to
The following figure shows an example in which AP1 functions in point-to-mul
mode and AP2 and AP3 function in point-to-point bridge mode:
Advanced Configuration
93
tipoint bridge
ProSafe Dual Band Wireless-N Access Point WNDAP360
Wireless PC card
in a notebook computer
Point-to-point
bridge mode
Multipoint
bridge mode
Point-to-point
bridge mode
Router
Hub or switch
Hub or switch
Figure 56.
To configure a point-to-multipoint wireless network:
1. Select the 80
2. Configu
2.11b/bg/ng or 802.11a/na tab.
re the security profiles on the wireless access point (AP1 on LAN Segment 1 in the
previous figure):
a. Select Configuratio
n > Wireless Bridge. The Bridging screen displays. (The
following figure shows the screen after you have completed step c.)
Figure 57.
Advanced Configuration
94
ProSafe Dual Band Wireless-N Access Point WNDAP360
b. Select the Enable Wireless Bridging check box. The Local MAC Address field is a
nonconfigurable field that shows the MAC address of the wireless access point.
c. Select
d. T
the Wireless Point-to-Multi-Point Bridge radio button. The screen adjusts.
he profile table shows four security profiles. Choose a security profile to edit by
selecting the corresponding radio button to the left of the profile.
e. Click Edit to con
figure the selected security profile settings. The Edit Security Profile
screen displays for the selected security profile. (The following figure contains some
examples.)
Figure 58.
f. Specify the settings as explained in the following table:
Table 27. Point-to-Multipoint Bridge Profile and Authentication Settings
Field Description
Profile Definition
Profile Name Enter a profile name that is easy to reme
security profiles are NETGEAR-WDS-1, NETGEAR-WDS-2,
NETGEAR-WDS-3, and NETGEAR-WDS-4.
Remote MAC Address Enter the MAC address of the remote wireless access point (the MAC
ss of AP2 or AP 3 on LAN Segment 1 in Figure 56 on page 94).
addre
Advanced Configuration
95
mber. The default names for the four
ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 27. Point-to-Multipoint Bridge Profile and Authentication Settings (Continued)
Field Description
Authentication Settings
Network Authentication
and
Data Encryption
From the Network Authentication drop-down list, select Open System,
WPA-PSK, or WPA2-PSK. Your selection determines the options that the
Data Encryption drop-down list provides, and whether or not the WPA
Passphrase (Network Key) field displays.
Open System Although you can use the bridge co
authentication and encryption, NETGEAR recommends that
you use WEP if you do select an open system. From the
Data Encryption drop-down list, select one of the following:
• None. No
• 64-b
encryption.
8-bit WEP. Standard WEP encryption, using 104/128-bit
• 12
encryption.
• 152
128+24 bits encryption. This mode functions only with
other wireless station that support this mode.
WPA-PSK TKIP (T
encryption method used with WPA-PSK and the only
selection possible from the Data Encryption drop-down list.
In the WPA Passphrase (Network Key) field, enter a
assphrase. The passphrase length needs to be between
p
8 and 63 characters (inclusive).
WPA2-PSK AES (Adva
encryption method used with WPA2-PSK and the only
selection possible from the Data Encryption drop-down list.
In the WPA Passphrase (Network Key) field, enter a
assphrase. The passphrase length needs to be between
p
8 and 63 characters (inclusive).
authentication and encryption.
it WEP. Standard WEP encryption, using 40/64-bit
-bit WEP. Proprietary WEP encryption mode, using
emporal Key Integrity Protocol) is the standard
nced Encryption Standard) is the standard
mmunication without any
Note: NETGEAR recommends WPA2-PSK authentication
with AES en
speed.
Link Test
IP Address To verify the connection between the access point and the wireless station
that you inten
station, and then click Link Test. The Link Test Process Status field displays
the results of the test (Uninitialized, In Process, Success, Timed Out, or
Failure).
Note: You should be able to ping the IP address of both APs from a
nected client. Failure to ping one of the APs means that the wireless signal
con
is not traversing the bridge. Failure to ping both IP addresses means that the
clients is not connected correctly.
d to build a bridge with, enter the IP address of the wireless
cryption if you want to use the 11n rates and
Advanced Configuration
96
ProSafe Dual Band Wireless-N Access Point WNDAP360
g. Click Apply to save your security profile settings. The Bridging screen displays
again.
h. Rep
eat step b through step g for any other security profile that you want to edit.
For example, first configure security profile NETGEAR-WDS-1 with the
MAC address
of AP2, and then configure security profile NETGEAR-WDS-2 with the MAC address
of AP3 (see Figure 56 on p
3. Activate the wireless access
age 94).
point (AP1 on LAN Segment 1 in Figure 56 on page 94) as
a point-to-multipoint bridge (that is, it is the master in the wireless network):
a. On th
b. Select
c. Select the Ena
e Bridging screen, select the Enable Wireless Bridging check box.
the Wireless Point-to-Multi-Point Bridge radio button.
ble Wireless Client Association check box to enable wireless client
association.
Note: If you do not select the Enable Wireless Client Association check
box, the wireless access point will not function in point-to-multipoint
bridge but in repeater mode.
d. If the correct profile names and security options are displayed in the table, select the
check boxes in the Enable column for all security profiles that you want to enable.
e. Click Apply in th
e Bridging screen to activate your point-to-multipoint bridge
settings.
4. Conf
igure AP2 on LAN Segment 2 (see Figure 56 on page 94) in point-to-point bridge mode
with the remote MAC address of AP1.
5. Conf
igure AP3 on LAN Segment 3 (see Figure 56 on page 94) in point-to-point bridge mode
with the remote MAC address of AP1.
6. V
erify the following for all wireless access points:
• On
ly AP1 on LAN Segment 1 is configured in point-to-multipoint bridge mode, and all
others APs are configured in point-to-point bridge mode.
• AP2 and
AP3 (the point-to-point APs) needs to have AP1’s MAC address in their
Remote MAC Address field.
• All
APs need to be on the same LAN, that is, the LAN IP addresses of all APs need to
be in the same network as the LAN devices.
• If you use DHCP
, all wireless access points need to obtain an IP address
automatically (as a DHCP client). For more information, see Configure IP Settings
and Optional DHCP Server Settings on p
age 21.
• All wireless a
ccess points need to use the same channel, authentication mode, and
security settings.
7. V
erify connectivity across the LANs:
• A compute
r on any LAN segment should be able to connect to the Internet or share
files and printers with any other PCs or servers connected to any of the three LAN
segments.
Advanced Configuration
97
ProSafe Dual Band Wireless-N Access Point WNDAP360
Multipoint
Router
Hub or switch
bridge mode
repeating only
Multipoint
bridge mode
repeating only
Multipoint
bridge mode
repeating only
Note: You can extend this multipoint bridging configuration by adding
additional wireless access points that are configured in point-to-point
mode for each additional LAN segment. Furthermore, you can
extend the range of the wireless network with NETGEAR wireless
antenna accessories.
Configure the Wireless Access Point to Repeat the Wireless Signal Using Point-to-Multipoint Bridge Mode
You can configure the wireless access point to repeat the wireless signal, without
communication with other wireless clients. All traffic is sent to the remote or downstream
wireless access point. You can configure up to four security profiles to enable the wireless
access point to repeat the wireless signal for four remote wireless access points. Each
security profile requires a unique name and needs to include the MAC address of the remote
wireless access point. You can configure up to four such security profiles
(NETGEAR-WDS-1, NETGEAR-WDS-2, and so on).
The following figure shows an example in
which AP1, AP2, and AP3 repeat the wireless
signal in point-to-multipoint bridge mode. AP2 requires a security profile for AP1 and anoth er
one for AP3:
Figure 59.
Advanced Configuration
98
ProSafe Dual Band Wireless-N Access Point WNDAP360
To configure the wireless access point to repeat the wireless signal:
1. Select the 802.11b/bg/ng or 802.11a/na tab.
2. Conf
igure the security profiles on the wireless access point (AP2 in the previous figure):
a. Select Co
nfiguration > Wireless Bridge. The Bridging screen displays (see the
following figure).
b. Select
the Enable Wireless Bridging check box. The Local MAC Address field is a
nonconfigurable field that shows the MAC address of the wireless access point.
c. Select
Figure 60.
the Wireless Point-to-Multi-Point Bridge radio button. The screen adjusts.
d. The profile table shows four security profiles. Choose a security profile to edit by
selecting the corresponding radio button to the left of the profile.
e. Click Edit to con
figure the selected security profile settings. The Edit Security Profile
screen displays for the selected security profile. (The following figure contains some
examples.)
Advanced Configuration
99
ProSafe Dual Band Wireless-N Access Point WNDAP360
Figure 61.
f. Specify the settings as explained in the following table:
Table 28. Wireless Signal Repeating Profile and Authentication Settings
Field Description
Profile Definition
Profile Name Enter a profile name that is easy to remember . The default names for the four
rity profiles are NETGEAR-WDS-1, NETGEAR-WDS-2,
secu
NETGEAR-WDS-3, and NETGEAR-WDS-4.
Remote MAC Address Enter the MAC address of the remote wireless access point (the MAC
dress of AP1 or AP3 in Figure 59 on page 98).
ad
Authentication Settings
Network Authentication
d
an
Data Encryption
From the Network Authentication drop-down list, select Open System,
WPA-PSK, or WPA2-PSK. Your selection determines the options that the
Data Encryption drop-down list provides, and whether or not the WPA
Passphrase (Network Key) field displays.
Advanced Configuration
100
Loading...