|
 |
| Wi-Fi
Protected Access FAQ's |
|
|
|
| Adapters |
|
|
|
|
| Access
Points/Routers |
|
|
|
| General |
|
|
 |
When
will Wi-Fi Protected Access™ be available? |
|
 |
• Buffalo Inc. was the first vendor to offer a complete WPA solution on
June 6, 2003. Currently, all Buffalo Inc. G54 products support
some level of WPA (except the WLI2-TX1-G54).
• Drivers are immediately downloadable for the WBR-G54 here and for
the WLI-CB-G54 here. |
|
| BACK
TO TOP |
 |
|
|
What
is Wi-Fi Protected Access™ (WPA)? |
|
|
• The
Wi-Fi Alliance, working with the IEEE (Institute of Electrical and
Electronics Engineers) has developed an industry standard method of
offering incredible encryption techniques and enterprise style access
control in a clear, easy to implement customizable package.
• Stressing cross-vendor interoperability and backwards compatibility,
WPA protects the value of past WLAN investments and provides a guarantee
that future growth will not lock the user into a single brand of wireless
solutions. WPA was also developed in a fashion that will allow legacy
devices to be upgraded with Wi-Fi Protected Access™ without requiring
costly hardware upgrades.
• WPA offers dynamic rekeying by cycling multiple random keys that
are unique to each client, to overcome the techniques commonly used
to compromise WEP (Wired Equivalent Privacy).
• Enterprise networks can benefit from RADIUS access control solutions
by taking advantage of WPA’s support for 802.1X authentication. This
allows the administrator to control wireless sessions by individual
user credentials along with device access control. |
|
| BACK
TO TOP |
|
|
|
Why
choose Wi-Fi Protected Access™? |
|
|
• Previous
attempts to offer enhanced wireless securing required costly investments
into either third party solutions such as VPN or proprietary technologies
such as the now defunct LEAP.
• These solutions were not only cost-prohibitive to initially purchase,
but also included a high recurring cost of ownership by requiring
continuous maintenance by highly skilled wireless engineers.
• WPA comes as a free upgrade with 24/7 support that takes literally
only minutes to setup on both ends using Pre-shared Keys for authentication
and key management.
• When investing in a wireless infrastructure in either the home or
the enterprise, best practices always point to requiring Wi-Fi Certified
hardware and software solutions. WPA’s development was guided by the
Wi-Fi Alliance to ensure a nature of vendor interoperability and backward
compatibility with existing wireless solutions. |
|
| BACK
TO TOP |
|
|
|
What
does Wi-Fi Protected Access™ mean to customers? |
|
|
WPA provides
Wi-Fi wireless LAN users with a high level of assurance that their
data will remain safe and protected and that only authorized users
can access the network. WPA is especially attractive for enterprise
customers, satisfying the demanding security needs of large business
networks. We expect that the availability of WPA-enabled products
will increase enterprise adoption of Wi-Fi wireless LANs, and the
majority of existing customers will upgrade their wireless infrastructure
to support WPA as a standards-based solution. |
|
| BACK
TO TOP |
|
|
|
What
do I need to use Wi-Fi Protected Access™? |
|
|
• Buffalo
supports WPA with the 54Mbps Wireless Notebook Adapter driver version
53.6 or higher installed for use with the Buffalo 54Mbps Wireless
Notebook Adapters, WLI-CB-G54, WLI-CB-G54A and WLI-PCI-G54. Users
will also require the WPA firmware associated with their AirStation
Base Station as well as the software listed below.
Windows XP - Users can utilize Microsoft XP's Wireless Zero Configuration
Service with the Microsoft Windows XP with Service Pack 1 (SP1) and
the WPA client patch installed or by using CM2 software.
Windows 98SE/ME/2000 - Users can utilize WPA by downloading and installing
our Client Manager 2 software.
Users must update the wireless access card drivers and install the
Windows Windows Zero Configuration WPA patch or other wireless software
to support WPA. Be sure to download the needed drivers and Windows
patches before you update your AirStation or your internet connection
may become inaccessible with the AirStation! |
|
| BACK
TO TOP |
|
|
|
What
are the different ways that Wi-Fi Protected Access™ can be used? |
|
|
• WPA-PSK
(Pre-shared Key)
- WPA-PSK is ideal for use in the home, small office or public wireless
access zones where simple to setup security is vital.
- The router/AP is configured with a pre-shared key, consisting of
case-sensitive, alpha-numeric characters, including punctuation and
spaces, between 8 and 63 characters long.
- Wireless clients wishing to initiate a wireless session are only
required to enter in the pre-shared key.
- If the pre-shared keys match, a four-way handshake takes place and
generation of the base keys takes place and secure wireless communications
can begin to take place.
• 802.1X
- 802.1X supports legacy RADIUS environments for access control with
minimal encryption using WEP.
- This environment requires a RADIUS Server for authentication of
devices and individual users, and the router/AP is configured with
a WEP key to manage encrypted communications.
- Wireless clients wishing to initiate a wireless session are required
to provide device and user credentials with a proper WEP key.
- If all required authentication is verified by the RADIUS Server
and the WEP keys match between the client and Access Point, a wireless
session is established.
• WPA
- Not to be confused with WPA-PSK, WPA takes advantage of a RADIUS
Server for access control and uses TKIP instead of WEP to provide
enhanced encryption of wireless communications.
- This environment requires a RADIUS Server for authentication of
devices and individual users.
- Wireless clients wishing to initiate a wireless session are required
to provide the router/access point with RADIUS authentication, which
the router/access point forwards to the RADIUS Server.
- If the credentials are accepted the RADIUS Server notifies the router/access
point that the wireless client is acceptable to establish communications
with.
- The router/access point then sends a message to the client to indicate
that it wants to generate a new key along with a random value.
- The wireless client then sends back a generated set of keys signed
with MIC to prevent interception and encrypted with the EAPOL encryption
key.
- The access point then sends master keys, which the wireless client
uses to reply with a message that it is ready to begin secure connections. |
|
| BACK
TO TOP |
|
|
|
How
to take advantage of Wi-Fi Protected Access™ today? |
|
|
• Currently,
all Buffalo Inc. G54 products support some level of WPA (except
the WLI2-TX1-G54). These products are available by visiting www.buffalotech.com
or contacting sales@buffalotech.com.
• Existing owners of Buffalo Inc. AirStation G54 wireless products
can immediately download firmware and driver updates from our
downloads page with easy to follow upgrade instructions.
• Also provided, are Quick Setup Guides to allow any user to setup
WPA-PSK within minutes. |
|
| BACK
TO TOP |
|
|
|
How
does Wi-Fi Protected Access™ work? |
|
|
• In
the WPA-enabled network, the client first associates with the access
point. The access point blocks LAN access until the user can be authenticated.
If the client provides valid credentials to the authentication server,
the client is allowed to join the LAN. If not, the client stays blocked
from joining the LAN. Once the client joins the LAN, the authentication
server distributes a TKIP encryption key to both the client and the
access point. The client can then begin communicating on the LAN,
encrypting data back and forth with the access point. |
|
| BACK
TO TOP |
|
|
|
Will
Wi-Fi Protected Access™ work for home and small business users? |
|
|
• Yes.
Wi-Fi Protected Access has a special mode designed for home and small
business users who do not have access to network authentication servers.
In this mode, known as Pre-Shared Key, the user manually enters the
starting password in their access point or gateway, as well as in
each PC on the wireless network. Wi-Fi Protected Access takes over
automatically from that point, keeping unauthorized users that don't
have the matching password from joining the network, while encrypting
the data traveling between authorized devices. |
|
| BACK
TO TOP |
|
|
|
How
does Wi-Fi Protected Access™ compare to WEP? |
|
|
• WEP
was fundamentally flawed, and eventually cracked by scientists and
hackers. WPA fixes the flaws of WEP. |
|
|
WEP |
WPA |
| Encryption |
40-bit
keys |
128-bit
keys |
| Static
Key: same key used by everyone on the network |
Dynamic
session keys. Per-user, per-session and per-packet keys |
| Manual
Distribution of keys — hand-typed into each device |
Automatic
distribution of keys
Authentication |
| Authentication |
Flawed;
uses WEP key itself for authentication |
Strong
user authentication, utilizing 802.1X and EAP |
|
|
| BACK
TO TOP |
|
|
|
What
is involved in upgrading existing product to support Wi-Fi Protected
Access™? |
|
|
• WPA
was designed to run on existing wireless access points and client
devices with a software upgrade. In addition to upgrading their network
interface card, PC users will also need to upgrade their client with
software called a "supplicant." With the help of Broadcom,
Microsoft developed a supplicant for Windows XP users, which is part
of the zero config. We now have WPA support for Windows 2000, Windows
98, ME in our client manager 2 software. |
|
| BACK
TO TOP |
|
|
|
How
do i differentiate between 16-bit vs. 32-bit PC Card slots. |
|
|
Some
Laptops with dual PC Card slots have both 16-bit and 32-bit PC Card
slots; these slots look very similar. The AirStation 54Mbps Wireless
Notebook Adapter is a 32-bit card and will not function in a 16-bit
PC Card slot. Please refer to your notebook computer’s documentation
to determine which of its PC slots are 32-bit. |
|
| BACK
TO TOP |
|
|
|
Can
Buffalo's Bridge Access Points repeat to other vendor's Bridge Access
Points? |
|
|
Usually
not. When the 802.11b/g standards were ratified, they did not include
standards for bridging or repeating. This aspect of wireless networking
was left up to manufacturers to implement as they saw fit. Because
of this, there is no general compatibility between the bridging/repeating
products of different vendors. At time of publication, the Apple Airport
Extreme does work in WDS with Buffalo G54 access points, but we can
only guarantee and support bridging/repeating with other Buffalo Products. |
|
| BACK
TO TOP |
|
|
 |
Internet
Connection Problems - DNS Related |
|
|
Problem:
No access to the internet.
Cause:
DNS resolution from the Buffalo AirStation cannot be passed through
to the Internet Service Provider.
Verification of problem:
Please follow the following steps to verify if this is the problem
that is being experienced.
1. On a Windows based PC that is connected to the AirStation, please
press the ‘Start’ menu.
2. Click on the ‘Run…’ selection.
3. The ‘Run’ dialog window will appear. Please enter ‘CMD’
(without the quotes) in the field, and then press ‘OK’.
[NOTE: If an error dialog comes up stating ’CMD’ cannot
be found, then please repeat step 3 using ‘COMMAND’ (without
the quotes) instead of ‘CMD’.]
4. A command prompt will appear on the screen. Please type ‘ping www.yahoo.com’
(without the quotes) and press the ENTER or RETURN key.
a. If you see dialog similar to the italicized text below, then your
computer and the AirStation are accessing the Internet properly and
reading this document further is not necessary.
Pinging www.yahoo.akadns.net [216.109.118.67] with 32 bytes of
data:
Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
Reply from 216.109.118.67: bytes=32 time=41ms TTL=50
Reply from 216.109.118.67: bytes=32 time=41ms TTL=50
Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
b. If you see dialog similar to the italicized text below, then your
computer and the AirStation are not accessing the Internet properly.
Please continue to step ‘5’.
Ping request could not find host www.yahoo.com. Please check the name
and try again.
5. In the same command prompt, please type ‘ping 216.109.118.67’ (without
the quotes) and press the ENTER or RETURN key.
a. If you see dialog similar to the italicized text below, then your
computer and the AirStation are accessing the Internet properly, but
your DNS services are not properly working. Please follow the ‘Solution’
steps below to resolve this problem.
Pinging 216.109.118.67 with 32 bytes of data:
Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
Reply from 216.109.118.67: bytes=32 time=41ms TTL=50
Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
b. If you see dialog similar to the italicized text below, then your
computer and AirStation are not properly accessing the Internet. Reading
this document will not solve your problem. Please refer to other connectivity
related Troubleshooting documents, or call our 24/7 technical support
line at 1-866-752-6210.
Pinging 216.109.118.67 with 32 bytes of data:
Request timed out.
Request timed out.
Destination host unreachable.
Destination host unreachable.
Solution:
Please follow the following steps:
1. Enter the AirStation’s Configuration Web Page (default: http://192.168.11.1).
2. Enter your username and password (default user name = root default
password = none (there is no password, leave the password field blank).
3. Click on the ‘Advanced’ button.
4. Click on the ’Management’ link on the left hand side.
5. The System Information page will be visible. Under the WAN section
of the table you will see DNS1(Primary) and DNS2(Secondary fields).
Please copy the numbers that reference DNS1 and DNS2 down on a piece
of paper so they can be recalled later.
6. Click on the ‘LAN settings’ link on the left hand side.
7. Click on the ‘DHCP server’ link on the left hand side.
8. Locate the section in the table that is called ‘DNS server’.
The default option is “AirStation’s IP address”. Please change this
to “Specified IP address” by selecting the bullet. Enter
the corresponding addresses that were copied onto the piece of paper
on step 5 [DNS1(Primary) and DNS2(Secondary)].
9. Press the ‘Set’ button towards the bottom of the page.
Verification of solution:
Please follow the following steps to verify if this is problem has
been fixed.
1. On a Windows based PC that is connected to the AirStation, please
press the ‘Start’ menu.
2. Click on the ‘Run…’ selection.
3. The ‘Run’ dialog window will appear. Please enter ‘CMD’
(without the quotes) in the field, and then press ‘OK’.
[NOTE: If an error dialog comes up stating ’CMD’ cannot
be found, then please repeat step 3 using ‘COMMAND’ (without
the quotes) instead of ‘CMD’.]
4. A command prompt will appear on the screen. Please type ‘ping www.yahoo.com’
(without the quotes) and press the ENTER or RETURN key.
a. If you see dialog similar to the italicized text below, then your
computer and the AirStation are accessing the Internet properly and
the problem has been resolved.
Pinging www.yahoo.akadns.net [216.109.118.67] with 32 bytes of
data:
i. Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
ii. Reply from 216.109.118.67: bytes=32 time=41ms TTL=50
iii. Reply from 216.109.118.67: bytes=32 time=41ms TTL=50
iv. Reply from 216.109.118.67: bytes=32 time=42ms TTL=50
b. If you see dialog similar to the italicized text below, then your
computer and the AirStation are still not accessing the Internet properly.
Please verify the DNS address numbers that were collected in Step
5 of the ‘Solution’ section. If you are still having trouble, please
call our 24/7 technical support line at 1-866-752-6210.
Ping request could not find host www.yahoo.com. Please check the name
and try again. |
|
| BACK
TO TOP |
|
|
|
How
do I configure the AirStation to support VPN pass-through? |
|
|
In the
AirStation configuration screen, click Advanced Settings -> Network
settings -> Address Translation.
1. Select NAT table settings, then click the Manual radio button under
Protocol (WAN). Enter 47 in the Protocol number field. Select Manual
setting under IP Address of LAN and enter the destination LAN side
IP address in the Manual setting field. Click Add to NAT table.
2. Select NAT table settings, then click the TCP/UDP radio button
under Protocol (WAN). Select Manual setting of TCP port. Enter 1723
in the Port number field. Select Manual setting of TCP port under
IP Address of LAN and enter the destination LAN side IP address in
the Manual setting field. Click Add to NAT table.” |
|
| BACK
TO TOP |
|
|
|
Are
the AirStation 54Mbps products compatible with Apple Macintosh Computers? |
|
|
Yes.
On 6-19-2003, Apple released Airport Software version 3.1 for OS 10.2.6.
This update provided support for third-party 54Mbps 802.11g client
adapters using the Broadcom chipset.
Buffalo U.S.A. provides support for our AirStation 54Mbps Notebook
Adapter (WLI-CB-G54A) and AirStation 54Mbps Desktop PCI Adapter
(WLI-PCI-G54) with this update. Appletalk is supported.
The AirStation 54Mbps Notebook Adapter (WLI-CB-G54A) is compatible
with Apple Powerbooks with an available CardBus slot.
The AirStation 54Mbps Desktop PCI Adapter (WLI-PCI-G54) is
compatible with Apple G3 or G4 Tower computers with an available PCI
slot.
The AirStation 54Mbps Wireless Router (WBR2-G54, WBR2-G54S and
WHR3-G54) and AirStation 54Mbps Wireless Bridge (WLA-G54, WLA-G54C)
are configured via a web browser and are supported with Macintosh
as well.
OS 10.2.6 is required. iBooks and iMacs are not supported.
The AirStation 54Mbps CardBus Card (WLI-CB-G54/WLI-CB-G54S)
is not supported. |
|
| BACK
TO TOP |
|
|
|
MAC
Access Filtering with the Ethernet Converter |
|
|
Problem:
Using an Ethernet converter (TX1, T1) with MAC Address Restriction
does not communicate.
Cause:
The Ethernet converter passes through the MAC address of the network
interface card in the device.
Problem Solving:
Enter the MAC address of the network interface card of the PC or device
that is using the Ethernet Converter. In a Window’s based system this
can be found by opening the command prompt and running the command:
ipconfig /all
A list of information will appear, including ‘Physical Address’ information.
Copy down the ‘Physical Address’, and use that as the MAC address
used in the MAC Restriction table of your router or access point.
NOTE: Buffalo AirStation’s require the MAC addresses to be
inputted using a colon to separate every two digits. The ‘Physical
Address’ being reported from Windows uses dashes. Please enter the
MAC address into your router or Access Point using the proper input
method, refer to the documentation of your router or Access Point
if necessary.
If there are still problems with the TX1 configuration on the network,
then please call our 24/7 technical support line at 1-866-752-6210. |
|
| BACK
TO TOP |
|
|
|
WDS
Troubleshooting |
|
|
*
NOTE: The most common issue with WDS installations is using the wrong
MAC address. The proper MAC Address for the access points is the ‘Wireless
MAC Address’. The best place to document this is under the ‘System
Information’ section of the configuration web page. For proper setup,
please continue reading this document. **
Problem:
Communication problems with WDS (wireless bridging/repeating).
Cause:
WDS is a very complex bridging system, and it is not part of the 802.11b
or 802.11g standard.
Restrictions:
Please verify that the following conditions are met (if just one condition
is not satisfied, then WDS cannot be used on the wireless network):
1. All wireless access points in the wireless bridge need to be from
the same vendor (e.g. all Buffalo access points).
(NOTE: At time of publication, the Apple Airport Extreme WILL
work in WDS with Buffalo G54 access points.)
2. No single access point can communicate with more then six other
access points in the wireless bridge. Good Practices:
The following is a list of good practices with WDS:
1. Start the wireless bridge system with only two access points and
then add more access points.
2. Setup all access points in the wireless bridge in close proximity
before they are deployed to their proper location.
3. Only one access point in the wireless bridge should be serving
DHCP and routing services unless a routed wired network exists.
Proper Setup:
Please follow the following steps to properly setup WDS.
1. It is recommended that all access points in the bridge are reset
to their factory default settings. This is done by holding the INIT
button on the rear of the access point down for 5-10 seconds.
2. Login to the first access point in the wireless bridge (this should
be the DHCP server enabled access point if there is not already a
routed wired network).
3. Click on the ‘Advanced’ button.
4. The wireless settings page will appear. Select the proper settings
for the wireless network. Record all settings on a piece of paper.
All settings except for the ESS-ID need to be identical amongst all
access points in the bridge.
(NOTE: If roaming is desired, then make sure the ESS-ID settings
need to be identical as well). Press the ‘Set’ button if any
changes are made.
(NOTE: If the IP address was changed, then reconnecting to
the access point for configuration will require accessing it via its
new IP address in a web browser (e.g. http://NEW_IP_ADDRESS).
5. Click on the ‘LAN port’ link on the left.
6. Check that the ‘LAN side IP address’ values are correct
for your network, or leave them as default. Record the ‘LAN side
IP address’. Press the ‘Set’ button if any settings on
this page have been set.
7. Click on the ‘Management’ link on the left.
8. The System Information page will appear. In the Wireless section
of the table record the MAC address (including the :’s). Please make
sure the MAC address is recorded from the Wireless section and not
the other sections.
9. Logout of the access point by clicking on the ‘Logout’ link
on the left. Close the browser window.
10. Login to the second access point in the wireless bridge.
11. Click on the ‘Advanced’ button.
12. The wireless settings page will appear. Select the proper
settings for the wireless network. Refer to the settings recorded
from the first access point. All settings except for the ESS-ID need
to be identical amongst all access points in the bridge.
(NOTE: If roaming is desired, then the ESS-ID (SSID) should
be set identically in each access point as well).
13. Click on the ‘LAN port’ link on the left.
14. Make sure that the ‘LAN side IP address’ ‘IP address’ setting
is different from that of the first access point. The IP addresses
cannot be the same, but they should be on the same network. It is
recommended that the IP address of the second access point is one
higher then that of the first access point. Thus, if access point
one’s address is 1.1.1.1, then access point two’s address should be
1.1.1.2. If there is a ‘DHCP server function’ setting on this
page, then make sure to set it to ‘Do not use’ or to ‘Disabled’.
Press the ‘Set’ button when finished.
(NOTE: If the IP address was changed, then reconnecting to
the access point for configuration will require accessing it via its
new IP address in a web browser (e.g. http://NEW_IP_ADDRESS).
15. Click on the ‘Wireless bridge (WDS)’ link on the left.
16. Enable the WDS function and press the ‘Set’ button.
17. Enter the Wireless MAC Address of the first access point (which
was recorded on Step 8) into the field that say ‘MAC Address of
AirStation(Wireless)’ (include the :’s). Press the ‘Add’
button.
18. The Wireless MAC address inputted on the step above will appear
in the ‘Connected AirStation’ table. Please check that the
checkbox under enable is checked, and then press the ‘Enable
marked item’ button.
19. At the top of the page, press the ‘Apply’ button.
20. Once the router has rebooted, click on the ‘Management’
tab on the left.
21. The System Information page will appear. In the Wireless section
of the table record the MAC address (including the :’s). Please make
sure the MAC address is recorded from the Wireless section and not
the other sections.
22. Logout of the access point by clicking on the ‘Logout’
link on the left. Close the browser window.
23. Login to access point one again.
24. Click on the ‘Advanced’ button.
25. Click on the ‘Wireless bridge (WDS)’ link on the left.
26. Enable the WDS function and press the ‘Set’ button.
27. Enter the Wireless MAC Address of the first access point (which
was recorded on Step 21) into the field that say ‘MAC Address of
AirStation(Wireless)’ (include the :’s). Press the ‘Add’
button.
28. The Wireless MAC address inputted on the step above will appear
in the ‘Connected AirStation' table. Please check that the
checkbox under enable is checked, and then press the ‘Enable marked
item’ button.
29. At the top of the page, press the ‘Apply’ button.
30. Once the router has rebooted, click on the ‘Management’
tab on the left.
31. Click on the ‘PING test’ link on the left.
32. In the ‘Destination’ field enter the IP address of the
second access point and press the ‘OK’ button.
a. If the ‘Result’ section of the table reports information
like, “1st: 64 bytes from IP_ADDRESS” then the WDS bridge is effectively
working.
b. If the ‘Result’ section of the table reports “Destination
Host Unreachable”, then an error has occurred during the setup.
WDS is a complicated bridging system with a lot of variables. If there
are still problems with WDS configuration on the network, then please
call our 24/7 technical support line at 1-866-752-6210. |
|
| BACK
TO TOP |
|
|
|
What
is 802.11i? |
|
|
This
supplemental draft standard is intended to improve WLAN security.
It describes the encrypted transmission of data between systems of
802.11a and 802.11b WLANs. It defines new encryption key protocols
including the Temporal Key Integrity Protocol (TKIP) and the Advanced
Encryption Standard (AES).
Buffalo products already support most standards in 802.11i, including
WPA (Tkip,AES and Radius). |
|
| BACK
TO TOP |
|
|
|
Does
the print server on the LinkStation support multi-function printers? |
|
|
No, many
multi-function printer drivers need a direct connection to the printer
to function correctly. Often the printer and fax will work fine in
such a configuration, but other functions such as scanning do not. |
|
| BACK
TO TOP |
|
|
|
Does
an attached USB hard drive have to be formatted to use with the LinkStation? |
|
|
When
attaching an external USB hard drive to the LinkStation, please remember
that the external drive has to be formatted using the Format utility
in the LinkStation Admin section. If the external drive is not formatted
in this manner, it will be visible as an additional shared folder
under the Linkstation, and users will be able to access the data on
it, but no one will be able to write anything to it. |
|
| BACK
TO TOP |
|
|
|
