iconnect625w Enabling Basic Wireless Security Copyright Copyright 2006 OPEN Networks Pty Ltd. All rights reserved. The content of this manual is subject to change without notice. The information and messages contained herein are proprietary to OPEN Networks Pty Ltd. No part of this manual may be translated, transcribed, reproduced, in any form, or by any means without prior written permission by OPEN Networks Pty Ltd. Disclaimer For content and procedures available in this document, OPEN Networks Pty Ltd does not warrant or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed. Version: 3.0 Release Date: December 2006.
Table Of Contents iconnect22625w...1 Introduction...3 Purpose...3 Audience...3 Requirements...3 Connecting To And Logging Into The 625W...4 Changing And Hiding Your SSID...5 Saving your Changes...6 Enable WEP Wireless Security...7 Enable WPA Wireless Security...9 MAC Access Lists...11 To Locate The MAC Address Of Your Computer Wireless Card:...11 Disabling The Access Point...14 Connecting XP to a Wireless Connection...15 Testing the Wireless Connection....17 Connecting XP to a Hidden Wireless Network...19 Page 2
Introduction Purpose The purpose of this Application Note is to provide step-by-step instructions to set up the basic security features available for Wireless Networking on the iconnect625w for firmware version R07-xx. The procedures cover the following: Renaming and hiding the SSID Implementing WEP Implementing WPA or WPA2 Creating MAC-based access lists Disabling the Access Point functionality Setting up Windows XP Zero Configuration NOTE Implement either WEP or WPA. It is not possible to implement both encryption methods. Check your PCs Wireless Card as some cards only support one of these encryption methods.. Audience This Application Note is intended for the person responsible for setting up the 625W s basic security features. Requirements The customer must be able to connect to the iconnect625w from the LAN PC web browser. When implementing wireless security, we recommend you connect your computer via the Ethernet rather than using the wireless connection to avoid connection issues as wireless security features are activated. Wireless security settings need to be exact, otherwise you risk locking your wireless connection out of the access point. Should this happen either connect via the wired ethernet or factory reset the 625W. NOTE Before implementing any wireless security features ensure you have a wired ethernet connection to the 625W. Page 3
Application Note: iconnect625w Wireless Security Connecting To And Logging Into The 625W step 1 Connect your computer to any one of the 625W Ethernet LAN ports. The computer should automatically connect to the 625W if it is set to receive an IP address automatically (DHCP). step 2 Open a web browser and enter http://192.168.1.254 in the address bar. The following screen appears: step 3 In the Username field enter root and in the Password field, enter ØP3N and click Log In Page 4
Changing And Hiding Your SSID The SSID is a unique name for the wireless network, and the 625W Access Point (AP) advertises this name every few seconds in beacon frames. This makes it easy for authorised users to find the correct network but also allows unauthorised users to find the network simply by running the scan option on their wireless client. step 1 Select the Wireless tab from the menu option across the top of the screen. Next select Setup from the menu on the left. The following screen appears: step 2 In the Wireless Setup screen: Check the Enable AP checkbox (the default setting is Enable); In the SSID field, enter a unique name for your wireless network. It is recommended that you use a name that will not be guessed easily; Check the Hidden SSID checkbox. Selecting this option means the network name will NOT be displayed when scanning for wireless networks. You will need to specify the name of the network to connect to it. Click Apply. Then Save and restart as shown in Saving your Changes Page 5
Saving your Changes step 1 Click Save/Restart Menu from the menu list. step 2 step 3 From the Save/Restart screen, click Save All. Click OK to the SAVE ALL warning message. step 4 AP must be restarted for new settings to be activated. Select Restart Access Point from the Save/Restart screen. step 5 Click OK to the RESTART AP warning message. Page 6
Enable WEP Wireless Security WEP encrypts the data before transmission across the wireless network. This provides some protection against unauthorised users reading your data. For this encryption to work, both ends of the wireless connection must have the same encryption keys. The following procedure demonstrates setting up a 64-bit WEP key. NOTE step 1 We recommend that changes to the WEP security be made via the wired Ethernet, as connection to the unit will be lost when new wireless settings are saved and the unit restarted. From the Wireless tab, click Security, click the WEP check box. The following screen appears: step 2 In the Wireless Security screen: Check the Enable WEP Wireless Security checkbox; Leave the Authentication Type as Open; Highlight the first Select radio button and using the following table add an Encryption Key and select the Cipher Strength Encryption Key Table Key Length Character Length. Hexadecimal characters include numbers 0-9 and letters A-F. No other characters are valid. 64-bits 10 hexadecimal characters 128-bits 26 hexadecimal characters 256-bits 58 hexadecimal characters Example 10 character HEX Key.. 46 EA 19 5C 65 Page 7
step 3 The picture below shows how to enter a 10 digit hexadecimal key in the Encryption Key field. step 4 NOTE Your wireless computer network card and software must support the same encryption levels you select on the 625W. Once complete click Apply down the bottom and OK on the following dialogue box. Error message: If the WEP key is invalid for any reason, an error message will appear as follows. If you see this message your settings have NOT been accepted and you will need to reenter the HEX value step 5 If your settings have been accepted (they are still displayed after entering apply) Save and restart the 625W as shown in Saving your Changes Page 8
Enable WPA Wireless Security WPA encrypts the data before transmission across the wireless network. This provides some protection against unauthorised users reading your data. For this encryption to work, both ends of the wireless connection must have the same encryption keys. The following procedure demonstrates setting up WPA. NOTE step 1 We recommend that changes to the WPA security be made via the wired Ethernet, as connection to the unit will be lost when new wireless settings are saved and the unit restarted. From the Wireless tab, click Security, click the WPA check box. The following screen appears: step 2 Highlight the Pre-Shared Key radio button and enter a password in the PSK String field. The password must be at least 8 characters. Page 9
Error message: If the WPA key is invalid for any reason, the error message will appear as follows. If you see this message your settings have NOT been accepted and you will need to reenter. step 4 Save settings and restart the 625W as shown in Saving your Changes Page 10
MAC Access Lists The MAC address of a network card is a 12 digit hexadecimal number that is unique to each and every network card in the world. Because each network card has its own individual address, you can limit access to the 625W AP to only MAC addresses of authorised devices. In order to locate the MAC Address of your computer s wireless card, you will firstly need to ensure that the wireless card is installed on your computer. NOTE We recommend that changes to the MAC access control be made via the wired Ethernet, as connection to the unit will be lost when new wireless settings are saved and the unit restarted. To Locate The MAC Address Of Your Computer Wireless Card: From your Windows desktop, step 1 Click Start > Run. The following appears: step 2 Type cmd and click OK. A command prompt window opens: Page 11
step 3 At the command prompt, type ipconfig /all and press the Enter key step 4 step 5 Make a note of the of the wireless LAN card Physical Address. In this example the MAC Address is 00-0A-E9-0A-D6-F5. Type exit and Enter to close this window. step 6 Log into the 625W as per Connecting To And Logging Into The 625W. From the Wireless tab, click Management. The following screen appears: Page 12
step 7 In the Access List area of the screen: Check the Enable Access List checkbox. Highlight the Allow radio button (This is enabled by default). In the MAC Address field, enter the MAC Address you noted in step 4. Click Add. NOTE step 8 The format of the MAC Address is 12 hexadecimal characters with " " between each pair hex values. The MAC Address is added to the Access List Table as shown below. step 9 Click Apply, then Save and restart the 625W as shown in Saving your Changes Page 13
Disabling The Access Point If you are not intending to use wireless networking on the 625W, we recommend that you disable the Access Point. step 1 From the Wireless tab, click Setup. The following screen appears: step 2 In the Wireless Setup screen, uncheck the Enable AP checkbox and click Apply. step 3 Save and restart the 625W as shown in Saving your Changes Page 14
Connecting XP to a Wireless Connection Install your computer wireless network card as per the supplier's instructions. NOTE: step 1 If using another utility to manage your wireless connection. Please refer to manuals and guides supplied with your wireless card as the following instructions will not apply. From your wireless connection on the System Tray right click and select View Available Wireless Networks. If the wireless icon is not displayed the wireless card may not be installed correctly.. step 2 From the list select your wireless network (SSID) and press Connect Page 15
step 3! If encryption has not been enabled the following screen may appear. Select Connect Anyway.! If encryption has been enabled the following screen will appear. WEP encryption requires the exact hex key that was entered in Enable WEP Wireless Security step 3 WITHOUT the spaces between the hex characters. WPA encryption requires the PSK String that was entered in Enable WPA Wireless Security step 2. The computer will connect to the 625W The following will display when the connection is successful. Page 16
Testing the Wireless Connection. From your Windows desktop, step 1 Click Start > Run. The following appears: step 2 Type cmd and click OK. A command prompt window opens: step 3 At the command prompt, type ping 192.168.1.254 and press the Enter key. A successful connection will result in 0% packet loss as shown. Page 17
An unsuccessful connection will result in 100% packet loss. If the connection is unsuccessful check the IP address on the wireless card is set to Obtain an IP address automatically. This is found in the Internet Protocol Properties tab of the Wireless Connection. Page 18
Connecting XP to a Hidden Wireless Network If you have hidden your SSID and may need to manually enter the SSID in the Wireless Network configuration to connect. step 1 The SSID will not be displayed in the Windows Wireless connections. Select Change advanced setting to manually add the wireless network.. step 2 Select Wireless Networks and then Add. Page 19
step 3 In the Network name (SSID) field, enter the same name as the SSID set on your 625W in Changing And Hiding Your SSID option A: If NOT using encryption; Select Disabled in the Data encryption drop down box and select OK option B: If using WEP encryption. Select: WEP in the Data Encryption drop down box. Uncheck "The key is provided for me automatically". In Network key enter the same hex value you enter in Enable WEP Wireless Security step 2 WITHOUT the spaces between the hex characters. Re-enter this value in the Confirm network key field and select OK. Page 20
option C: If using WPA encryption. Select: WPA-PSK in the Network Authentication drop down box. Select: TKIP in the Data encryption drop down box. In Network key enter the same hex value you enter in Enable WPA Wireless Security step 2. Re-enter this value in the Confirm network key field and select OK. step 3 The network SSID will appear in the Preferred networks box. Ensure the SSID is highlighted and select OK. step 4 The PC should now connect to the 625W. A notification displays in the System Tray when connected. If you do not connect, check all your security settings. Ensure you can connect without any security, and then implement security. Page 21