Netcomm gateway – NetComm N300 User Manual

YML9WMAXXN

ADSL2+ Wireless N300 Modem Router with VoIP User Guide

www.netcomm.com.au

35

NetComm Gateway

TM

Series - ADSL2+ Wireless N300 Modem Router with VoIP

WPA-PSK

WPA-PSK is a special mode of WPA providing strong encryption without access to a RADIUS server.

In this mode encryption keys are automatically changed (rekeyed) and authentication re-established between devices after a specified
period referred to as the ‘WPA Group Rekey Interval’.

WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for two reasons: first, the process used to
generate the encryption key is very rigorous and second, the rekeying (or key changing) is done very quickly. This stops even the most
determined hacker from gathering enough data to identify the key and so break the encryption.

WEP is confusing because of the various types of ‘network keys’ vendors use (HEX, ASCII, or passphrase) and because home users mix
and match equipment from multiple vendors, all using different types of keys. But WPA-PSK employs a consistent, easy to use method to
secure your network. This method uses a passphrase (also called a shared secret) that must be entered in both the NB9WMAXXn and the
wireless clients. This shared secret can be between 8 and 63 characters and can include special characters and spaces. For maximum
security, the “WPA Pre-Shared Key” should be a random sequence of either keyboard characters (upper and lowercase letters, numbers,
and punctuation) at least 20 characters long, or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long.

Note:

The less obvious, longer and more ‘random’ your ‘WPA Pre-Shared Key’, the more secure your network.

Note the following ‘WPA Encryption’ options:

TKIP:

The Temporal Key Integrity Protocol (TKIP) takes over after the initial shared secret is

entered in your wireless devices and handles the encryption and automatic rekeying.

AES:

WPA defines the use of Advanced Encryption Standard (AES) as an additional

replacement for WEP encryption. Because you may not be able to add AES support

through a firmware update to your existing wireless clients / equipment, support for

AES is optional and is dependent on vendor driver support.

TKIP+AES:

This will allow either TKIP or AES wireless clients to connect to your NB9WMAXXn.

WPA2

‘WPA Pre-authentication’ support in WPA2 allows a client to pre-authenticate with the NB9WMAXXn toward which it is moving, while
maintaining a connection to the access point it’s moving away from. This new capability allows the roaming to occur in less than 1/10th
of a second while a traditional roam without PMK caching and pre-authentication would take more than one second. Time-sensitive
applications like Citrix, video, or VoIP will all break without fast roaming.

‘Network Re-Auth Interval’ is the interval specified (seconds) that the wireless client needs to re-authenticate with the NB9WMAXXn.

For the remainder of the fields required, see above.

WPA2-PSK:

Same as WPA-PSK, but you can only use AES with WPA2 and not WPA.

Mixed WPA2/WPA:

Enables WPA2 or WPA wireless clients to connect to the NB9WMAXXn. Requires a RADIUS server to
authenticate the wireless clients.

Mixed WPA2/WPA-PSK:

Enables WPA2 and WPA clients to authenticate using a PSK (Pre-Shared Key) instead of a RADIUS
server.