Article ID: 5021 Configuring Wireless Security Settings on the RV130W Objective Wireless networking operates by sending information over radio waves, which can be more vulnerable to intruders than a traditional wired network. You can take the steps to keep your network secure by configuring the wireless security settings on the router. Examples of configuration includes adding a pass phrase to prevent unauthorized access, setting encryption types to prevent brute force authorization, and allowing the router to renew its keys at specific intervals to prevent decryption bots attempting to break the encryption key. The RV130W provides you with four default SSIDs with the same default password. To increase network security, the wireless Security Settings page allows you to choose an encryption method and configure the appropriate security mode for your network. More advanced encryption methods, such as WPA/WPA2, are often preferred over WEP encryption, as it has very weak authentication that is used mainly in older wireless equipment incapable of WPA or WPA2 encryption. The objective of this document is to show you how to configure wireless security settings on the RV130W. Applicable Devices RV130W
Configuring Security Mode Editing SSID Security Mode Step 1. Log in to the web configuration utility and choose Wireless > Basic Settings. The Basic Settings page opens: Step 2. Check the check box of the Service Set Identifier (SSID) that you want to edit. Click the Edit Security Mode button to edit the Security mode of an SSID.
The Security Settings page opens: Step 3. Choose an SSID from the Select SSID drop-down list. If you plan to assign elevated security privileges for different SSIDs later, be sure to refer back to this step to select a new SSID.
Step 4. Choose a security mode from the Security Mode drop-down list. The available options are defined as follows: Disabled No Security is enabled, and any device can connect. WEP Wired Equivalent Privacy (WEP) is widely used since it is the earliest security algorithm. However, it is more vulnerable than newer security modes, as the passcode can be easily compromised with increasing computing power. The WEP security protocol is outdated and not recommended when WPA and WPA2 are available with better security standards. WPA-Personal Wi-Fi Protected Access (WPA) is a security protocol designed to improve upon the security features of Wired Equivalent Privacy (WEP). WPA uses higher, 256-bit keys and improves upon WEP s data encryption and user authentication. The security mode allows you to use either the Temporal Key Integrity Protocol (TKIP) algorithm, or the latest, higher-level Advanced Encryption Security (AES) algorithm if the device is newer and supports it with WPA. Both options, however, implement stronger security standards than WEP. In Personal mode, authentication is based on a pre-shared key (PSK) that is an alphanumeric passphrase shared with the wireless peer. WPA-Enterprise In Enterprise mode, Wi-Fi Protected Access (WPA) is used with RADIUS server authentication. WPA2-Personal Wi-Fi Protected Access 2 (WPA2) is the recommended security mode, because it offers the latest wireless security standards. The
security mode implements stronger, government-approved levels of encryption that supersede its predecessor, WPA. In WPA2, the use of the Advanced Encryption Standard (AES) algorithm is mandatory, but allows for WPA interoperability through backwards compatibility with older devices that only support the Temporal Key Integrity Protocol (TKIP) algorithm. In Personal mode, the backwards compatibility feature is not enabled, and authentication is based on a pre-shared key (PSK) that is an alphanumeric passphrase shared with the wireless peer. WPA2-Personal Mixed In Personal Mixed mode, Wi-Fi Protected Access 2 (WPA2) allows for backwards compatibility with older devices only supporting the Temporal Key Integrity Protocol (TKIP) encryption algorithm. Both WPA and WPA2 clients are allowed to connect simultaneously using pre-shared key (PSK) authentication. WPA2-Enterprise In Enterprise mode, Wi-Fi Protected Access 2 (WPA2) is used with RADIUS server authentication. WPA2-Enterprise Mixed In Enterprise Mixed mode, Wi-Fi Protected Access 2 (WPA2) allows for backwards compatibility with older devices only supporting the Temporal Key Integrity Protocol (TKIP) encryption algorithm. Both WPA and WPA2 clients are allowed to connect simultaneously using RADIUS server authentication. Step 5. Navigate to the appropriate section within this document based on the Security Mode you chose in in Step 4. Disabled WEP WPA-Personal WPA-Enterprise WPA2-Personal WPA2-Personal Mixed WPA2-Enterprise WPA2-Enterprise Mixed Connect to your Wireless Network SSID
Disabled Security Mode Configuration Step 1. Choose Disabled from the Security Mode drop-down list. Step 2. Click Save to save your settings. You can access your wireless network without any security authentication. WEP Security Mode Configuration Wired Equivalent Privacy (WEP) is widely used since it is the earliest security algorithm. However, it is more vulnerable than newer security modes, as the passcode can be easily compromised with increasing computing power. The WEP security protocol is outdated and not recommended when WPA and WPA2 are available with better security standards. Step 1. Choose WEP from the Security Mode drop-down list.
Step 2. Choose the authentication type from the Authentication Type drop-down list. The default authentication type is Open System.
The available options are defined as follows: Open System During Open System authentication, the wireless client does not need to provide its credentials to the parent during the authentication phase. Any client can therefore provide authentication with the Access Point and then attempt to gain access to the WEP network. Shared Key In Shared Key authentication, the WEP key is authenticated via a four step handshake between the client and the access point. The client sends a request to the access point, and the access point sends a challenge message in plaintext back to the client. The client encrypts the challenge message using a user generated WEP key and sends another authentication request to the access point. Finally, the access point decrypts the request and if it matches the challenge message, it will authenticate the client.
Note: If privacy is a concern, Open System authentication is the most secure option during WEP authentication, because Shared Key authentication can be more easily intercepted and decrypted. It is important to note that both authentication methods are weak, as WEP is less secure and deprecated in comparison to WPA/WPA2 authentication. Step 3. Choose the encryption from the Encryption drop-down list. The available options are as follows: 10/64-bit(10 hex digits) 26/128-bit(26 hex digits) Note: Higher-bit encryption increases security strength and is recommended. Step 4. Enter a desired passphrase in the Passphrase field. The passphrase will be used to generate the transmit (TX) key.
Step 5. Click Generate to generate the respective keys. You will need these keys to log into your wireless network. The fields for Keys 1 through 4 are generated.
Step 6. Choose the key that you want to use from the TX Key drop-down list. The Transmit (TX) Key is the key that will be used to encrypt your data. Although four keys can be created, only one key is used for encrypting data. Step 7. Check the check box in the Unmask Password field to view in plaintext the keys generated for Keys 1-4. Be sure to write down the key as you will need it to access your wireless network.
Step 8. Click Save to save your settings. Step 9. A warning message will appear stating that WPS will be disabled. Click Yes to continue.
Step 10. A second warning message will appear stating that WEP authentication are very weak, and should only be used if required for compatibility with older, wireless equipment incapable of WPA or WPA2 encryption. Click Yes to proceed. Step 11. (Optional) Skip to Connect to your Wireless Network SSID if you want to connect to your network. WPA-Personal Security Mode Configuration Wi-Fi Protected Access (WPA) is a security protocol designed to improve upon the security features of Wired Equivalent Privacy (WEP). WPA uses higher, 256-bit keys and improves upon WEP s data encryption and user authentication. The security mode allows you to use either the Temporal Key Integrity Protocol (TKIP) algorithm, or the latest, higher-level Advanced Encryption Security (AES) algorithm if the device is newer and supports it with WPA. Both options, however, implement stronger security standards than WEP.
Step 1. Choose WPA-Personal from the Security Mode drop-down list. In Personal mode, authentication is based on a pre-shared key (PSK) that is an alphanumeric passphrase shared with the wireless peer. Step 2. Choose the encryption method from the Encryption drop-down list.
The available options are defined as follows: TKIP/AES Uses Advanced Encryption Standard (AES) high-level encryption and falls back to Temporal Key Integrity Protocol (TKIP) encryption when AES is not supported for older wireless devices. Choose TKIP/AES if you want to ensure a higher level of compatibility, but less guaranteed security in the case TKIP is used for lower-level encryption. AES Uses only the Advanced Encryption Standard (AES) to add security to the network. Choose AES if you want an encryption method with less compatibility, but more security. Step 3. Enter a password for your SSID in the Security Key field.
Step 4. (Optional) Check the check box in the Unmask Password field if you want to view in plaintext the security key for your SSID before saving. Step 5. Enter the number of seconds until your security key is replaced with a newly generated key in the Key Renewal field. The default is 3600 seconds.
Step 6. Click Save to save your settings. Step 7. (Optional) Skip to the Connect to your Wireless Network SSID section if you want to connect to your network. WPA-Enterprise Security Mode Configuration Wi-Fi Protected Access (WPA) is a security protocol designed to improve upon the security features of Wired Equivalent Privacy (WEP). WPA uses higher, 256-bit keys and improves upon WEP s data encryption and user authentication. The security mode allows you to use either the Temporal Key Integrity Protocol (TKIP) algorithm, or the latest, higher-level Advanced Encryption Security (AES) algorithm if the device is newer and supports it with WPA. Both options, however, implement stronger security standards than WEP.
Step 1. Choose WPA-Enterprise from the Security Mode drop-down list. In Enterprise mode, Wi-Fi Protected Access (WPA) is used with RADIUS server authentication. Step 2. Choose the encryption method from the Encryption drop-down list.
The available options are defined as follows: TKIP/AES Uses Advanced Encryption Standard (AES) high-level encryption and falls back to Temporal Key Integrity Protocol (TKIP) encryption when AES is not supported for older wireless devices. Choose TKIP/AES if you want to ensure a higher level of compatibility, but less guaranteed security in the case TKIP is used for lower-level encryption. AES Uses only the Advanced Encryption Standard (AES) algorithm to add security to the network. Choose AES if you want an encryption method with less compatibility, but more security. Step 3. Enter the IP address of the RADIUS Server you want to gain access to in the RADIUS Server field.
Step 4. Enter the port used to access the RADIUS server in the RADIUS Port field. The default port is 1812. Step 5. Enter a shared key for authentication to gain access to the remote network in the Shared Key field.
Step 6. Enter the number of seconds until your security key is replaced with a newly generated key in the Key Renewal field. The default is 3600 seconds. Step 7. Click Save to save your settings. Step 8. (Optional) Skip to Connect to your Wireless Network SSID if you want to connect to your network.
WPA2-Personal Security Mode Configuration Wi-Fi Protected Access 2 (WPA2) is the recommended security mode, because it offers the latest wireless security standards. The security mode implements stronger, government-approved levels of encryption that supersede its predecessor, WPA. In WPA2, the use of the Advanced Encryption Standard (AES) algorithm is mandatory, but allows for WPA interoperability through backwards compatibility with older devices that only support the Temporal Key Integrity Protocol (TKIP) algorithm. Step 1. Choose WPA2-Personal from the Security Mode drop-down list. In Personal mode, the backwards compatibility feature is not enabled, and authentication is based on a pre-shared key (PSK) that is an alphanumeric passphrase shared with the wireless peer.
Step 2. Enter a password for your SSID in the Security Key field. Step 3. (Optional) Check the check box in the Unmask Password field if you want to view in plaintext the security key for your SSID.
Step 4. Enter the number of seconds until your security key is replaced with a newly generated key in the Key Renewal field. The default is 3600 seconds. Step 5. Click Save to save your settings. Step 6. (Optional) Skip to Connect to your Wireless Network SSID if you want to connect to your network.
WPA2-Personal Mixed Security Mode Configuration Wi-Fi Protected Access 2 (WPA2) is the recommended security mode, because it offers the latest wireless security standards. The security mode implements stronger, government-approved levels of encryption that supersede its predecessor, WPA. In WPA2, the use of the Advanced Encryption Standard (AES) algorithm is mandatory, but allows for WPA interoperability through backwards compatibility with older devices that only support the Temporal Key Integrity Protocol (TKIP) algorithm. Step 1. Choose WPA2-Personal Mixed from the Security Mode drop-down list. In Personal Mixed mode, Wi-Fi Protected Access 2 (WPA2) allows for backwards compatibility with older devices only supporting the Temporal Key Integrity Protocol (TKIP) encryption algorithm. Both WPA and WPA2 clients are allowed to connect simultaneously using pre-shared key (PSK) authentication.
Step 2. Enter a password for your SSID in the Security Key field. Step 3. (Optional) Check the check box in the Unmask Password field if you want to view in plaintext the security key for your SSID.
Step 4. Enter the number of seconds until your security key is replaced with a newly generated key in the Key Renewal field. The default is 3600 seconds. Step 5. Click Save to save your settings. Step 6. (Optional) Skip to Connect to your Wireless Network SSID if you want to connect to your network.
WPA2-Enterprise Security Mode Configuration Wi-Fi Protected Access 2 (WPA2) is the recommended security mode, because it offers the latest wireless security standards. The security mode implements stronger, government-approved levels of encryption that supersede its predecessor, WPA. In WPA2, the use of the Advanced Encryption Standard (AES) algorithm is mandatory, but allows for WPA interoperability through backwards compatibility with older devices that only support the Temporal Key Integrity Protocol (TKIP) algorithm. Step 1. Choose WPA2-Enterprise from the Security Mode drop-down list. In Enterprise mode, Wi-Fi Protected Access 2 (WPA2) is used with RADIUS server authentication.
Step 2. Enter the IP address of the RADIUS Server you want to gain access to in the RADIUS Server field. Step 3. Enter the port used to access the RADIUS server in the RADIUS Port field. The default port is 1812.
Step 4. Enter a shared key for authentication to gain access to the remote network in the Shared Key field. Step 5. Enter the number of seconds until your security key is replaced with a newly generated key in the Key Renewal field. The default is 3600 seconds.
Step 6. Click Save to save your settings. Step 7. (Optional) Skip to Connect to your Wireless Network SSID if you want to connect to your network. WPA2-Enterprise Mixed Security Mode Configuration Wi-Fi Protected Access 2 (WPA2) is the recommended security mode, because it offers the latest wireless security standards. The security mode implements stronger, government-approved levels of encryption that supersede its predecessor, WPA. In WPA2, the use of the Advanced Encryption Standard (AES) algorithm is mandatory, but allows for WPA interoperability through backwards compatibility with older devices that only support the Temporal Key Integrity Protocol (TKIP) algorithm. Step 1. Choose WPA2-Enterprise Mixed from the Security Mode drop-down list. In Enterprise Mixed mode, Wi-Fi Protected Access 2 (WPA2) allows for backwards compatibility with older devices only supporting the Temporal Key Integrity Protocol (TKIP) encryption algorithm. Both WPA and WPA2 clients are allowed to connect simultaneously using RADIUS server authentication.
Step 2. Enter the IP address of the RADIUS Server you want to gain access to in the RADIUS Server field. Step 3. Enter the port used to access the RADIUS server in the RADIUS Port field. The default port is 1812.
Step 4. Enter a shared key for authentication to gain access to the remote network in the Shared Key field. Step 5. Enter the number of seconds until your security key is replaced with a newly generated key in the Key Renewal field. The default is 3600 seconds.
Step 6. Click Save to save your settings. Step 7. (Optional) Skip to Connect to your Wireless Network SSID if you want to connect to your network.
Connect to your Wireless Network SSID Note: The following steps assume your wireless SSID has the Broadcast SSID checkbox enabled. Refer to Configuring Basic Wireless Settings on the RV130W for more information. Step 1. On the Windows Operating System, open the Network Connections window to choose your wireless network and click Connect. The Network Connections window can be found under Control Panel > Network and Internet > Network and Sharing Center > Connect to a Network.
Step 2. Enter the Security Key for your network. If you have chosen WEP authentication, enter your configured TX Key when you are prompted for a security key to connect to the network. If you have chosen WPA/WPA2 authentication, enter your configured key and click OK. You are now connected to your network. 2015 Cisco Systems, Inc. All rights reserved.