Prosafe single band 802.11n wireless access point wn203 (133 pages)
Summary of Contents for NETGEAR ProSafe Premium WNDAP620
Page 1
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Reference M anua l 350 East Plumeria Drive San Jose, CA 95134 October 2012 202-10983-02 v2.0...
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. Other brand and product names are registered trademarks or trademarks of their respective holders.
Introduction This chapter introduces the NETGEAR® ProSafe® Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 and describes some of the key features. The chapter includes the following sections: • About the ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 •...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 chains and three receive radio chains, also referred to as 3x3 multiple input, multiple output (MIMO), can increase wireless throughput considerably. The wireless access point provides wireless connectivity to multiple wireless network devices within a fixed range or area of coverage—interacting with a wireless network interface card...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 System Requirements Before installing the wireless access point, make sure that your system meets these requirements: • A 10/100/1000 Mbps local area network device such as a hub or switch •...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • DHCP server and client. The DHCP server of the wireless access point can provide a dynamic IPv4 or IPv6 address to wireless clients. The wireless access point can also act as a client and obtain an IPv4 or IPv6 address from a DHCP server on the LAN.
Page 10
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • QoS. Quality of Service (QoS) support lets you configure parameters that affect traffic flowing from the wireless access point to the client station and traffic flowing from the client station to the wireless access point: The QoS settings let you prioritize traffic, such as voice and video traffic, so that packets do not get dropped.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 802.11b/g/n and 802.11a/n Standards–Based Wireless Networking The wireless access point provides a bridge between wired Ethernet LANs and 802.11b/g/n- and 802.11a/n-compatible wireless LAN networks. It provides connectivity between wired Ethernet networks and radio-equipped wireless notebook systems, desktop systems, print servers, and other devices.
Page 12
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 1. Table 1. Top panel LEDs Item Description Power/Test Off Power is off. On (green) Power is on. Amber, then blinking A self-test is running or software is being loaded.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Rear Panel Figure 2. The rear panel components of the wireless access point, from left to right, are described in the following list: First reverse SMA connector for an optional 2.4 GHz antenna.
The first time that you connect to the wireless access point while it is connected to the Internet, you have the option to register your product. At any time, you can register your product from the web management interface, or you can go to the NETGEAR website for registration at https://my.netgear.com/registration/login.aspx.
Page 15
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 5. Enter the information in the blank fields. The serial number, model number, and date of purchase are entered automatically. Click Register. The registration web page displays: Introduction...
Page 16
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 6. Complete the registration form. Click submit. Introduction...
Installation and Basic Configuration This chapter describes how to install and configure the wireless access point for wireless connectivity to your LAN. This basic configuration enables computers with either 2.4 GHz 802.11b/g/n or 5 GHz 802.11a/n wireless adapters to connect to the Internet or access printers and files on your LAN.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: Failure to follow these guidelines can result in significant performance degradation or inability to connect wirelessly to the wireless access point. For complete performance specifications, see Appendix A, Supplemental Information.
To connect to the wireless access point on your network, each computer needs to have an 802.11b/g/n or 802.11a/n wireless adapter installed. NETGEAR recommends using the wireless access point with computers that have the NETGEAR N600 Wireless Dual Band USB Adapter (WNDA3100) installed.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Install and Configure the Wireless Access Point Install and configure your wireless access point in the order of the following sections: Connect the Wireless Access Point to a Computer Log In to the Wireless Access Point...
Page 21
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Ethernet cable Ethernet port Figure 7. Turn on your computer. Connect the power adapter to the wireless access point. Tip: The wireless access point supports Power over Ethernet (PoE). If you have a switch that provides PoE, you do not need to use the power adapter to power the wireless access point.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Log In to the Wireless Access Point The default IP address of your wireless access point is 192.168.0.100. By default, the DHCP client on the wireless access point is disabled so you can log in using the default IP address.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 10. These buttons have the following functions: • Edit. Allows you to edit the existing configuration. • Cancel. Cancels all configuration changes that you made on the screen. •...
Page 24
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Configure the settings as explained in the following table: Table 2. Basic general system settings Setting Description Access Point Name This unique name is the wireless access point NetBIOS name. The name is printed on the rear label of the wireless access point.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 3. Time system settings (continued) Setting Description NTP Client Enable the Network Time Protocol (NTP) client to synchronize the time of the wireless access point with an NTP server. By default the Enable radio button is selected.
Page 26
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 13. Configure the IPv4 settings as explained in the following table: Table 4. IPv4 settings Setting Description DHCP Client By default, the Dynamic Host Configuration Protocol (DHCP) client is disabled. If...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Configure the Optional DHCPv4 Server The wireless access point provides a built-in DHCPv4 server for wireless clients only, which can be especially useful in small networks. When the DHCP server is enabled, the wireless access point provides preconfigured TCP/IP configurations to all connected wireless stations.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 5. DHCP server settings for IPv4 (continued) Setting Description Ending IPv4 Address Enter the last address in the range of IPv4 addresses to be assigned to DHCP clients. The default address is 192.168.1.50.
Page 29
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: The radio wave icon ( ) displays next to the enabled wireless mode. Figure 15. Specify the wireless mode in the 2.4 GHz band by selecting one of the following radio buttons: •...
Page 30
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Specify the remaining wireless settings as explained the following table: Table 6. Basic 2.4 GHz band wireless settings Setting Descriptions Wireless Network Name Enter a 32-character (maximum) service set identifier (SSID); the characters are (SSID) case-sensitive.
Page 31
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 6. Basic 2.4 GHz band wireless settings (continued) Setting Descriptions 11b and 11bg modes Data Rate From the drop-down list, select the transmit data rate of the only wireless network. The default setting is Best. For a list of all...
Page 32
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 16. Specify the wireless mode in the 5 GHz band by selecting one of the following radio buttons: • 11a. 802.11n-compliant devices can connect to the access point because they are backward compatible.
Page 33
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Specify the remaining wireless settings as explained the following table: Table 7. Basic 5 GHz band wireless settings Setting Descriptions Wireless Network Name Enter a 32-character (maximum) service set identifier (SSID); the characters are (SSID) case-sensitive.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 7. Basic 5 GHz band wireless settings (continued) Setting Descriptions 11a mode only Data Rate From the drop-down list, select the transmit data rate of the wireless network. The default setting is Best. For a list of all...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 NETGEAR recommends that you complete the following tasks before you deploy the wireless access point in your network: • Configure wireless security and other wireless features as described in Chapter 3, Wireless Configuration and Security.
Page 36
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: wireless access point Do not place the in a false ceiling space facing up. To install the wireless access point using the ceiling installation kit: Verify the package contents of the ceiling installation kit.
Page 37
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Attach the mounting plate to the clamp. Connect the cables to the wireless access point. Attach the wireless access point to the mounting plate. Installation and Basic Configuration...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Attach the cover to the wireless access point. Wall Installation The best location for wall installation is at the center of your wireless coverage area, and within line of sight of all mobile devices. Make sure the top (the dome side) of the wireless access point is directed toward the users and not the wall.
Page 39
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Screws and wall supports Mounting plate Detach the mounting plate from the wireless access point. Attach the mounting plate to the wall. Connect the cables to the wireless access point.
Page 40
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Attach the wireless access point to the mounting plate. Attach the cover to the wireless access point. Installation and Basic Configuration...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Desk Installation To install the wireless access point on a desk: Attach the rubber feet to the holes in the bottom of the wireless access point. Rubber feet Installation and Basic Configuration...
Wireless Configuration and Security This chapter describes how to configure the wireless features of the wireless access point. The chapter includes the following sections: • Wireless Data Security Options • Security Profiles • Configure RADIUS Server Settings • Restrict Wireless Access by MAC Address •...
Page 43
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Unlike wired network data, your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter. For this reason, use the security features of your wireless equipment. The wireless access point provides highly effective security features that are covered in detail in this chapter.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • WPA and WPA-PSK (TKIP). Wi-Fi Protected Access (WPA) data encryption provides strong data security with Temporal Key Integrity Protocol (TKIP) encryption. The very strong authentication along with dynamic per-frame rekeying of WPA makes it virtually impossible to compromise.
Page 45
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 To set up a security profile, select its network authentication type, data encryption, wireless client security separation, and VLAN ID: • Network authentication The wireless access point is set by default as an open system with no authentication.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Before You Change the SSID, WEP , and WPA Settings For a new wireless network, print or copy one of the following forms and fill in the settings. For an existing wireless network, the network administrator can provide this information. Be sure to set the country or region correctly as the first step.
Page 47
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Form for 802.11a/an Modes Print this page and store the security information in a safe place: • SSID: The service set identifier (SSID) identifies the wireless local area network. You can customize it by using up to 32 alphanumeric characters.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Configure and Enable Security Profiles To configure and enable a security profile, you need to enable the associated radio: • For 802.11b/bg/ng modes, the 2.4 GHz radio needs to be enabled (see Configure 802.11b/bg/ng Wireless Settings...
Page 49
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 19. The following table explains the fields of the Profile Settings screen: Table 8. Profile settings Setting Description Profile Name The unique name of the wireless security profile that makes it easy to recognize the profile.
Page 50
Enter a unique name of the wireless security profile that makes it easy to recognize the profile. The default names are NETGEAR, NETGEAR-1, NETGEAR-2, and so on, through NETGEAR-7. You can enter a value of up to 32 alphanumeric characters.
Page 51
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 9. Profile definition settings (continued) Setting Description Broadcast Wireless Select the Yes radio button to enable the wireless access point to broadcast its Network Name (SSID) SSID, allowing wireless stations that have a null (blank) SSID to adopt the wireless access point’s SSID.
Page 52
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 10. Profile authentication settings (continued) Setting Description Network Authentication WPA & WPA2 with Configure the RADIUS server setting. TKIP + AES and Data Encryption Radius encryption is the default encryption.
Page 53
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 WARNING: If you use a wireless computer to configure wireless security settings, you are disconnected when you click Apply. Reconfigure your wireless computer to match the new settings, or access the wireless access point from a wired computer to make further changes.
Page 54
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 22. Table 11. WEP encryption settings Setting Descriptions Data Encryption Select the encryption key size from the drop-down list: • 64-bit WEP. Standard WEP encryption, using 40/64-bit encryption. •...
Page 55
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 23. Configure WPA with RADIUS, WPA2 with RADIUS, and WPA & WPA2 with RADIUS WPA, WPA2, and WPA & WPA2 security requires RADIUS-based 802.1x authentication, so you also need to define RADIUS server settings. For information about RADIUS servers, see Configure RADIUS Server Settings on page 57.
Page 56
AES encryption if you want to use the 11n rates and speed. Advanced Encryption Standard (AES) is the standard encryption method used with WPA2. Note: Although some wireless clients might support AES with WPA, the WNDAP620 wireless access point does not support WPA with AES. TKIP + AES The TKIP + AES encryption method is supported both for WPA and WPA2.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • WPA-PSK & WPA2-PSK Figure 29. Table 13. Settings for WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK Setting Descriptions Data Encryption TKIP Temporal Key Integrity Protocol (TKIP) is the standard encryption method used with WPA.
Page 58
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 To configure the RADIUS server settings: Select Configuration > Security > Advanced > Radius Server Settings. The Radius Server Settings screen displays. Figure 30. Specify the settings as explained in the following table: Table 14.
Page 59
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 14. RADIUS server settings for IPv4 and IPv6 (continued) Setting Descriptions Secondary IPv4 Address or Enter the IP address of the secondary RADIUS server for Authentication Server IPv6 Address authentication.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Restrict Wireless Access by MAC Address For increased security, you can restrict access to an SSID by allowing access to only specific computers or wireless stations based on their MAC addresses. You can restrict access to only trusted computers so that unknown computers cannot connect wirelessly to the wireless access point.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Click Refresh to refresh the Available Wireless Stations table. The wireless access point places the MAC addresses of the attached wireless stations in this table. Populate the Trusted Wireless Stations table by one of the following methods: •...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 32. Specify the settings as explained in the following table: Table 15. Wireless radio on/off settings Setting Description Wireless On-Off Select the On radio button to enable the timer. By default, the Off radio button is selected.
Page 63
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • Video. The second highest priority queue with low delay is given to this queue. Video applications are routed to this queue. • Best Effort. The medium priority queue with medium delay is given to this queue. Most standard IP applications use this queue.
Management and Monitoring This chapter describes how to use the management and monitoring features of the wireless access point. The chapter includes the following sections: • Enable Remote Management • Upgrade the Wireless Access Point Software • Manage the Configuration File or Reset to Factory Defaults •...
Page 65
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 34. Specify the settings as explained in the following table: Table 16. SNMP settings Setting Description SNMP Select the Enable radio button to allow the SNMP network management software, such as HP OpenView, to manage the wireless access point through SNMPv1/v2 protocol.
The software of the wireless access point is stored in flash memory and can be upgraded as NETGEAR releases new software. You can download upgrade files from the NETGEAR website. If the upgrade file is compressed (.zip file), you first need to extract the image (.rmt) file before sending it to the wireless access point.
Web Browser Upgrade Procedure To use a web browser to upgrade the wireless access point firmware: Download the new software file from the NETGEAR website and save it to your hard disk. If necessary, unzip the new software file.
To use a TFTP server to upgrade the wireless access point firmware: Download the new software file from the NETGEAR website and save it to your hard disk. Place the software file in your TFTP server location. (You do not need to unzip the file.) If available, read the release notes before upgrading the software.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Verify that the new software file has been installed by selecting Monitoring > System. The System screen displays (see Figure 46 on page 78). The firmware version is shown in the Access Point Information section of the screen.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Restore the Configuration IMPORTANT: During the restoration process, do not try to go online, turn off the wireless access point, shut down the computer, or do anything else to the wireless access point until it finishes restarting! ...
Page 72
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: After you have restored the factory default settings on the wireless access point: * All custom configurations are lost. * The login password is password. * The default LAN IP address is 192.168.0.100.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Use the Reset Button to Restore Factory Default Settings To restore the factory default settings when you do not know the login user name, login password, or IP address, you need to use the Reset button on the rear panel of the wireless...
Change the Administrator Password The default password is password. NETGEAR recommends that you change this password to a more secure password. You cannot change the administrator login name (admin).
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Manage User Accounts The admin user account is the default user account, which you cannot delete. However, you can add other user accounts, modify them, and delete them. Users for whom you set up an account can access the web management interface with read-only or read-write privileges.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 To change the name for a user account: On the User Accounts screen, in the lower part of the screen, select the user from the Existing Users drop-down list.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 45. Specify the settings as explained in the following table: Table 18. Syslog settings Setting Description Enable Syslog Select the check box to enable the syslog option. By default, the syslog option is disabled.
Page 78
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 To view the System screen: Select Monitoring > System. Figure 46. Management and Monitoring...
Page 79
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 The following table explains the fields of the System screen: Table 19. System screen fields Setting Description Access Point Information Access Point Name The NetBIOS name. For information about how to change the default name, see Configure Basic General System Settings and Time Settings on page 23.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 19. System screen fields (continued) Setting Description DHCP Client Enabled indicates that the current IP address was obtained from a DHCPv6 server on your LAN network. Disabled indicates a static IP configuration.
Page 81
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 47. To update the list, click Refresh. If the wireless access point is rebooted, the wireless station data is lost until the wireless access point rediscovers the devices. To force the wireless access point to look for associated devices, click Refresh.
Page 82
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 The following table explains the fields of the Wireless Stations Details screen: Table 20. Wireless stations details fields Setting Description MAC Address The MAC address of the wireless station. BSSID The BSSID that the wireless station is using.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 View the Activity Log You can view the wireless access point’s activity logs onscreen and save the logs. To display the activity log and save it: Select Monitoring > Logs. The Logs screen displays: Figure 49.
Page 84
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 50. To update the statistics information, click Refresh. The following table explains the fields of the Statistics screen: Table 21. Statistics fields Setting Description Wired Ethernet Packets The number of packets received and transmitted over the Ethernet connection since the wireless access point was restarted.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 21. Statistics fields (continued) Setting Description Broadcast Packets The number of broadcast packets received and transmitted over the wireless connection since the wireless access point was restarted. Multicast Packets The number of multicast packets received and transmitted over the wireless connection since the wireless access point was restarted.
Page 86
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 51. Optional: To enable and configure rogue AP detection for the 802.11a/na modes, click the 802.11a/na tab. Select the Turn Rogue AP Detection On check box to enable rogue AP detection.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • Select the Merge radio button to add the imported list of access points to the existing Known AP List. Click Browse and locate the file that contains the list of access points. This file needs to be a simple text file with one MAC address per line.
Page 88
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 22. Unknown AP List fields (continued) Setting Description # of Beacons The number of beacons transmitted by the unknown AP that the wireless access point has detected. Last Beacon The time stamp that indicates the time when the most recent beacon was detected.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Configure Wireless Intrusion Detection and Prevention • Configure Wireless Intrusion Detection and Prevention Policy Settings • Configure Wireless Intrusion Detection and Prevention Mail Settings • Monitor Traps, Counters, and Ad Hoc Networks...
Page 90
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification Unauthenticated • Attack. Multiple unauthenticated association requests (5 or Trap association more) that use spoofed MAC addresses of legitimate clients are sent to the wireless access point.
Page 91
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification EAPOL-start attack • Attack. Multiple EAPOL start frames (5 or more) are sent to the Trap wireless access point to initiate the RADIUS authentication process for clients.
Page 92
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification RF jamming attack • Attack. Multiple RF transmissions (100 or more) are sent to the Trap wireless access point, jamming the radio frequency.
Page 93
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification Known client • Detection. Clients that should be connected to the secured Trap associating with wireless network are instead connected to wireless access ad-hoc network points that are part of an ad hoc network.
Page 94
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 To enable and configure the IDS/IPS: Select Configuration > IDS/IPS. The IDS/IPS screen displays: Figure 54. Select the Enable radio button. By default, the IDS/IPS is disabled. Specify the detection policy by making a selection from the IDS/IPS Detection Policy drop-down list: •...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Configure Wireless Intrusion Detection and Prevention Mail Settings For the IDS/IPS to send a notification according to the policy rule, you need to configure the email settings. To configure IDS/IPS email settings: Select Configuration >...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Monitor Traps, Counters, and Ad Hoc Networks The IDS/IPS monitoring screens provide information about the most recent attacks, the number of occurrences per attack, and ad hoc networks. This information is read only.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 57. To update the information onscreen, click Refresh. Ad Hoc Networks To display the ad hoc networks and their associated clients: Select Monitoring > IPS/IDS > Adhoc Networks. The Adhoc Network screen displays.
Page 98
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 58. To update the information onscreen, click Refresh. The following table explains the fields of the Adhoc Networks screen: Table 27. Ad hoc network fields Setting Description Client MAC Address The MAC address of the client that is connected to the ad hoc network.
Advanced Configuration This chapter describes how to configure the advanced features of the wireless access point. The chapter includes the following sections: • Configure IPv6 Settings and Optional DHCPv6 Server Settings • Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol •...
Page 100
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 WARNING: If you enable the DHCP client, the IP address of the wireless access point changes when you click Apply, causing you to lose your connection to the wireless access point. You then need to use the new IP address to reconnect to the wireless access point.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 28. IPv6 settings (continued) Setting Description Default Gateway Enter the IPv6 address of the ISP gateway to which the wireless access point connects. Dynamic IPv6 Address The dynamic IPv6 address that is assigned by the DHCPv6 server on your network.
Page 102
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 60. Configure the settings as explained in the following table: Table 29. DHCP server settings for IPv6 Setting Description Select the DHCPv6 Server Enable radio button to enable the DHCP server. Use the default settings or specify the pool of IPv6 addresses to be assigned by setting the starting IPv6 address and ending IPv6 address.
Configure STP and VLANs STP provides network traffic optimization in locations where multiple wireless access points are active by preventing path redundancy. NETGEAR recommends that you enable STP if you have more than one active wireless access point at your location.
Page 104
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: Select the Untagged VLAN check box only if the hubs and switches on your LAN support the 802.1Q VLAN protocol. Likewise, change the untagged VLAN value only if the hubs and switches on your LAN support the 802.1Q VLAN protocol.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Specify the settings as explained in the following table: Table 30. STP and VLAN settings Setting Description Spanning Tree Protocol Spanning Tree Protocol Select the Enable radio button to enable STP to prevent path redundancy. By default, the Disable radio button is selected.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 62. Select the Disable radio button. By default, the Enable radio button is selected. Click Apply to save your settings. Configure Hotspot Settings If the wireless access point functions as a public access point and you want it to capture and redirect all HTTP requests (over TCP, port 80), set up a hotspot server to redirect the requests to the specified URL and manage the clients.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 63. To enable HTTP redirection, select the Enable radio button. By default, the Disable radio button is selected. In the Redirect URL field, enter the URL of the web server to which you wish to redirect HTTP requests.
Page 108
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 64. Optional: To configure advanced wireless settings for the 802.11a/na modes, click the 802.11a/na tab. Specify the settings as explained in the following table: Table 31. Advanced wireless settings...
Page 109
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 31. Advanced wireless settings (continued) Setting Description Beacon Interval (100–1000) Enter the interval between 100 ms and 1000 ms for each beacon transmission, which allows the wireless access point to synchronize the wireless network.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Click Apply to save your settings. Configure Advanced Quality of Service Settings For most networks, the default Quality of Service (QoS) queue settings work well. For information about how to configure basic QoS, see...
Page 111
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 65. Optional: To configure advanced QoS for the 802.11a/na modes, click the 802.11a/na tab. Specify the settings as explained in the following table: Table 32. EDCA settings Setting Description...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 32. EDCA settings (continued) Setting Description Max. Burst Enter the maximum burst value that specifies the maximum burst length (in microseconds) allowed for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information.
Page 113
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • EtherType. Indicates the EtherType field in Ethernet-II frame header. • Source MAC. Indicates the source MAC address in Ethernet-II frame header. • Destination MAC. Indicates the destination MAC address in Ethernet-II frame header.
Page 114
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: Depending on your selection from the Match Frame Fields drop-down list, Match Classifications appears either as a drop-down list from which you need to make a selection or a field in which you need to enter information.
Page 115
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 33. QoS classification settings (continued) Setting Description Match Frame 802.1P From the Match Classifications drop-down list, select the CoS priority Fields and Match value against which the information in the IP header needs to be...
Page 116
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 33. QoS classification settings (continued) Setting Description Match Frame Source IP In the Match Classifications field, enter the source IP address against Fields and Match which the information in the IP header needs to be matched.
Page 117
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: Rate limiting for the wireless interface is an optional setting that applies to all traffic on the wireless interface. Unlike classification rate limiting, which you can specify for each classification, rate limiting for the wireless interface needs to be specified only once.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Configure Wireless Bridging • Configure a Point-to-Point Wireless Network • Configure a Point-to-Multipoint Wireless Network • Configure the Wireless Access Point to Repeat the Wireless Signal Using Point-to-Multipoint Bridge Mode The wireless access point supports a wireless distributing system (WDS) that lets you build large bridged wireless networks.
Page 119
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Wireless PC card in a notebook computer Wireless PC card in a notebook computer Point-to-point Point-to-point bridge mode bridge mode Router Hub or switch Figure 67. To configure a point-to-point wireless network:...
Page 120
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 e. If you want to enable wireless client association while the wireless access point functions as a point-to-point bridge, select the Enable Wireless Client Association check box. f. Click Edit to configure the security profile settings. The Edit Security Profile screen displays: Figure 69.
Page 121
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 36. Point-to-point bridge profile and authentication settings (continued) Setting Description Network Open System Although you can use the bridge communication without any Authentication and authentication and encryption, NETGEAR recommends that Data Encryption you use WEP if you do select an open system.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 A computer on either LAN segment should be able to connect to the Internet or share files and printers of any other computers or servers connected to LAN Segment 1 or LAN Segment 2.
Page 123
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 71. b. Optional: To display the Bridging screen for the 802.11a/na modes, click the 802.11a/na tab. c. Select the Enable Wireless Bridging check box. The Local MAC Address field is a nonconfigurable field that shows the MAC address of the wireless access point.
Page 124
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 g. Specify the settings as explained in the following table: Table 37. Point-to-multipoint bridge profile and authentication settings Setting Description Profile Definition Profile Name Enter a profile name that is easy to remember. The default names for the four security profiles are NETGEAR-WDS-1, NETGEAR-WDS-2, NETGEAR-WDS-3, and NETGEAR-WDS-4.
Page 125
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 For example, first configure security profile NETGEAR-WDS-1 with the MAC address of AP2, and then configure security profile NETGEAR-WDS-2 with the MAC address of AP3 (see Figure 70 on page 122).
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Note: You can extend this multipoint bridging configuration by adding additional wireless access points that are configured in point-to-point mode for each additional LAN segment. Furthermore, you can extend the range of the wireless network with NETGEAR wireless antenna accessories.
Page 127
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 To configure the wireless access point to repeat the wireless signal: Configure the security profiles on the wireless access point (AP2 in the previous figure): a. Select Configuration > Wireless Bridge. The Bridging screen displays (see the following figure).
Page 128
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Figure 75. g. Specify the settings as explained in the following table: Table 38. Wireless signal repeating profile and authentication settings Setting Description Profile Definition Profile Name Enter a profile name that is easy to remember. The default names for the four security profiles are NETGEAR-WDS-1, NETGEAR-WDS-2, NETGEAR-WDS-3, and NETGEAR-WDS-4.
Page 129
Step h for any other security profile that you want to edit. For example, first configure security profile NETGEAR-WDS-1 with the MAC address of AP1, and then configure security profile NETGEAR-WDS-2 with the MAC address of AP3 (see Figure 73 on page 126).
Page 130
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Verify the following for all wireless access points: • All APs are on the same LAN, that is, the LAN IP addresses of all APs are in the same network as the LAN devices.
Troubleshooting This chapter provides information about troubleshooting the wireless access point. After each problem description, instructions are given to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the wireless access point on? Go to Basic Functioning on page 132.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Basic Functioning • Verify the Correct Sequence of Events at Startup • No LEDs Are Lit on the Wireless Access Point • The Active LED or the LAN LED Is Not Lit •...
If it is plugged directly into the wall, verify that it is not a switched outlet. • Make sure that you are using the correct NETGEAR power adapter that is supplied with your wireless access point. The Active LED or the LAN LED Is Not Lit There is a hardware connection problem.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 You Cannot Access the Internet or the LAN from a Wireless-Capable Computer There is a configuration problem. Check these items: • You might not have restarted the computer with the wireless adapter to allow TCP/IP changes take effect.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • Make sure that your browser has Java, JavaScript, or ActiveX enabled. If you are using Internet Explorer, click Refresh to be sure that the Java applet is loaded. •...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Test the LAN Path to Your Wireless Access Point You can ping the wireless access point from your computer to verify that the LAN path to your wireless access point is set up correctly.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Test the Path from Your Computer to a Remote Device After verifying that the LAN path works correctly, test the path from your computer to a remote device. From the Windows toolbar, click the Start button, and select Run.
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Use the Packet Capture Tool You can capture wireless packets to analyze traffic patterns with a network traffic analyzer tool. The captured packet flow can show if traffic is flowing correctly to its destinations or if packets are dropped.
Supplemental Information This appendix provides factory default settings and technical specifications for the ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620. The appendix includes the following sections: • Technical Specifications • Factory Default Settings Technical Specifications Table 39. Technical specifications...
Page 140
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 39. Technical specifications (continued) Feature Description 802.11ng MCS index and Data rates for a 40 MHz channel width and a long guard interval (800 ms): data rates 0 / 13.5 Mbps, 1 / 27 Mbps, 2 / 40.5 Mbps, 3 / 54 Mbps, 4 / 81 Mbps, 5 / 108 Mbps, (continued) 6 / 121.5 Mbps, 7 / 135 Mbps, 8 / 27 Mbps, 9 / 54 Mbps, 10 / 81 Mbps,...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Factory Default Settings You can use the Reset button located on the rear of the wireless access point to reset all settings to their factory defaults. This is called a hard reset.
Page 143
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 40. Default configuration settings (continued) Feature Description Hotspot Disabled Secure Telnet Disabled Time zone USA-Pacific NTP client Enabled Custom NTP server Disabled Port speed 10/100/1000 Ethernet MAC address See bottom label...
Page 144
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 40. Default configuration settings (continued) Feature Description Wireless mode 11ng Wireless network name (SSID) NETGEAR_11ng Broadcast network name SSID Enabled 802.11ng radio frequency channel Auto MCS index/data rate (transmission speed)
Page 145
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 40. Default configuration settings (continued) Feature Description QoS policies None Wireless bridging Disabled Default wireless profile and profile security Profile name NETGEAR Profile state Enabled Wireless network name (SSID)
Command-Line Reference The wireless access point can be configured through either the command-line interface (CLI), a web browser, or a MIB browser. The CLI allows viewing and modification of the configuration from a terminal or computer through a Telnet or SSH connection. Keyword Description ------------------------------------------------------------------------------...
Page 147
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 | | |-send-notifications --Administrator/superuser mail address | |-interface> --Select wireless lan interface | | |-wlan> --Wireless LAN interface setting | | | |-2.4GHz> --2.4 GHz wireless LAN interface setting | | | | |-aggregation-length...
European Union (1999/5/EC). This equipment meets the following conformance standards: EN300 328 (2.4 GHz), EN301 489-17, EN301 893 (5 GHz), EN60950-1 For complete DoC please visit the NETGEAR EU Declarations of Conformity website at http://support.netgear.com/app/answers/detail/a_id/11621/. EDOC in Languages of the European Community...
Page 162
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Español [Spanish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE. Ελληνική [Greek] ΜΕ...
Page 163
We, NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 complies with Part 15 Subpart B of FCC CFR47 Rules. Operation is subject to the following two conditions: •...
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 • This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. • For operation within 5.15 ~ 5.25GHz frequency range, it is restricted to indoor environment. This device meets all the other requirements specified in Part 15E, Section 15.407 of the FCC Rules.
Page 165
(p.i.r.e.) ne depasse pas l'intensite necessaire al'etablissement d'une communication satisfaisante. Le present emetteur radio (IC: 4054A-12200202 / Model: WNDAP620) a ete approuve par Industrie Canada pour fonctionner avec les types d'antenne enumeres ci-dessous et ayant un gain admissible maximal et l'impedance requise pour chaque type d'antenne.
Index Numerics Arbitration Inter-Frame Spacing (AIFS) interval associated identifier (AID) 11a and 11na wireless modes – association flood and table overflow 11b, 11bg, and 11ng wireless modes associations, wireless clients 2.4 GHz antenna, connectors for attacks 2.4 GHz or 5 GHz operation detecting and preventing 64-bit, 128-bit, and 152-bit WEP monitoring...
Page 167
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 – burst rate, QoS policies data rates 802.11a mode bytes, received and transmitted 802.11b/bg modes Ethernet connection – specifications for all modes wireless connection date and time, troubleshooting deauthentication broadcast attack...
Page 168
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Ethernet packets and bytes, received and transmitted installation order extended service set (ESS) interface rate limiting and burst rate Extensible Authentication Protocol EAPOL) attacks interference external antennas internal antenna, disabling...
Page 169
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 lease mail sender DHCPv4 NTP server DHCPv6 profiles QoS policies LEDs SNMP communities behavior users described wireless access point troubleshooting wireless network (SSID for 802.11a/na modes) legacy 802.1X (wireless security) wireless network (SSID for 802.11b/bg/ng modes)
Page 170
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 RADIUS servers redirecting HTTP requests SNMP manager, traps Reduced Interframe Space (RIFS) transmission syslog server region, wireless location power adapter specifications registering product power socket remote devices, troubleshooting Power/Test LED...
Page 171
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 software statistics backing up WMM QoS factory defaults traffic classes, QoS policies restoring from backup file transmission opportunity (TXOP) limit upgrading transmission output power version, viewing 2.4 GHz radio source port, QoS policies 5.4 GHz radio...
Page 172
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 video traffic monitoring advanced QoS wireless network name (SSID) WMM QoS broadcasting virtual access points (VAPs) broadcasting and security broadcasting for 802.11a/na modes virtual carrier attack broadcasting for 802.11b/bg/ng modes...