Note: Some wireless cards have "Infrastructure" and "Ad-hoc" modes. These modes are also called "Access Point" and "Peer to Peer". On the wireless client, choose the "Infrastructure" or "Access Point" mode.
You can set the wireless cards to either "Long Preamble" or "Short Preamble".

Wireless Settings

Network Name (SSID)

Type the network name (SSID) that identifies your wireless network. This name will be visible to wireless stations passing near your access point, unless you enable the Hide the Network Name (SSID) option.

It can be up to 32 alphanumeric characters long and is case-sensitive.

Country

Select the country where you are located.

Warning: Choosing an incorrect country may result in the violation of government regulations.

This field only appears when configuring the primary WLAN, and it is inherited by all VAPs and WDS links.

Operation Mode

Select an operation mode:

• 802.11b (11 Mbps). Operates in the 2.4 GHz range and offers a maximum theoretical rate of 11 Mbps. When using this mode, only 802.11b stations will be able to connect.
• 802.11g (54 Mbps). Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. When using this mode, only 802.11g stations will be able to connect.
• 802.11b/g (11/54 Mbps). Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 54 Mbps. When using this mode, both 802.11b stations and 802.11g stations will be able to connect.
• 802.11g Super (54/108 Mbps). Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 108 Mbps. When using this mode, 802.1g stations and 802.11g Super stations will be able to connect.
  This mode is not available in Safe@Office 1000NW.
• 802.11g Super (11/54/108). Operates in the 2.4 GHz range, and offers a maximum theoretical rate of 108 Mbps. When using this mode, 802.11b stations, 802.11g stations, and 802.11g Super stations will be able to connect.
  This mode is not available in Safe@Office 1000NW.
• 802.11n. Operates in the 5 GHz or 2.4 GHz range, and offers a maximum theoretical rate of 300 Mbps. When using this mode, only 802.11n stations will be able to connect.
  This mode is only available in Safe@Office 1000NW.
• 802.11ng. Operates in the 5 GHz or 2.4 GHz range, and offers a maximum theoretical rate of 300 Mbps. When using this mode, 802.11g stations and 802.11n stations will be able to connect.
  This mode is only available in Safe@Office 1000NW.

The list of modes is dependent on the selected country.

You can prevent older wireless stations from slowing down your network, by choosing an operation mode that restricts access to newer wireless stations.

Note: The actual data transfer speed is usually significantly lower than the maximum theoretical bandwidth and degrades with distance.

Important: The station wireless cards must support the selected operation mode. For a list of cards supporting 802.11g Super, refer to http://www.super-ag.com.

This field only appears when configuring the primary WLAN, and it is inherited by all VAPs and WDS links.

Channel

Select the radio frequency to use for the wireless connection:

• Automatic. The Safe@Office appliance automatically selects a channel. This is the default.
• A specific channel. The list of channels is dependent on the selected country and operation mode.

Note: If there is another wireless network in the vicinity, the two networks may interfere with one another. To avoid this problem, the networks should be assigned channels that are at least 25 MHz (5 channels) apart. Alternatively, you can reduce the transmission power.

This field only appears when configuring the primary WLAN, and it is inherited by all VAPs and WDS links.

Channel Width

Select the desired channel width:

• Auto (20/40 Mhz). The Safe@Office automatically selects the channel width: 20Mhz or 40Mhz.
• 20Mhz

Selecting Auto can increase wireless performance, if a 40Mhz channel is available. However, in some cases it may interfere with other access points or wireless equipment in the area.

This field is only available in Safe@Office 1000NW.

Security

Select the security protocol to use. For information on the supported security protocols, see Wireless Security Protocols.

If you select WEP encryption, the WEP Keys area opens.

If you select 802.1x, the Authentication Server field appears.

If you select WPA-Enterprise, the Authentication Server, Require WPA2 (802.11i), and WPA Encryption fields appear.

If you select WPA-Personal, the Passphrase, Require WPA2 (802.11i), and WPA Encryption fields appear.

Note: When configuring a WDS link, 802.1x is not supported.

Authentication Server

Specify which authentication server to use, by selecting one of the following:

• RADIUS. A RADIUS server.
• Internal User Database. The Safe@Office EAP authenticator.

Passphrase

Type the passphrase for accessing the network, or click Random to randomly generate a passphrase.

This must be between 8 and 63 characters. It can contain spaces and special characters, and is case-sensitive.

For the highest security, choose a long passphrase that is hard to guess, or use the Random button.

Note: The wireless stations must be configured with this passphrase as well.

Require WPA2 (802.11i)

Specify whether you want to require wireless stations to connect using WPA2, by selecting one of the following:

• Enabled. Only wireless stations using WPA2 can access the wireless network.
• Disabled. Wireless stations using either WPA or WPA2 can access the wireless network. This is the default.

WPA Encryption

Select the encryption method to use for authenticating and encrypting wireless data:

• Auto. The Safe@Office appliance automatically selects the cipher used by the wireless client. This is the default.
• AES. Advanced Encryption Standard
• TKIP. Temporal Key Integrity Protocol

Note: AES is more secure than TKIP; however, some devices do not support AES.

WEP Keys

If you selected WEP encryption, you must configure at least one WEP key. The wireless stations must be configured with the same key, as well.

Key 1, 2, 3, 4 radio button

Click the radio button next to the WEP key that this gateway should use for transmission.

The selected key must be entered in the same key slot (1-4) on the station devices, but the key need not be selected as the transmit key on the stations.

Note: You can use all four keys to receive data.

Key 1, 2, 3, 4 length

Select the WEP key length from the drop-down list.

The possible key lengths are:

• 64 Bits. The key length is 10 characters.
• 128 Bits. The key length is 26 characters.
• 152 Bits. The key length is 32 characters.

Note: Some wireless card vendors call these lengths 40/104/128, respectively.

Note: WEP is generally considered to be insecure, regardless of the selected key length.

Key 1, 2, 3, 4 text box

Type the WEP key, or click Random to randomly generate a key matching the selected length. The key is composed of hexadecimal characters 0-9 and A-F, and is not case-sensitive.

Advanced Security

Hide the Network Name (SSID)

Specify whether you want to hide your network's SSID, by selecting one of the following:

• Yes. Hide the SSID.
  Only devices to which your SSID is known can connect to your network.
• No. Do not hide the SSID.
  Any device within range can detect your network name and attempt to connect to your network. This is the default.

Note: Hiding the SSID does not provide strong security, because a determined attacker can still discover your SSID. Therefore, it is not recommended to rely on this setting alone for security.

MAC Address Filtering

Specify whether you want to enable MAC address filtering, by selecting one of the following:

• Yes. Enable MAC address filtering.
  Only MAC addresses that you added as network objects can connect to your network.
  For information on network objects, see Using Network Objects.
• No. Disable MAC address filtering. This is the default.

Note: MAC address filtering does not provide strong security, since MAC addresses can be spoofed by a determined attacker. Therefore, it is not recommended to rely on this setting alone for security.

Station-to-Station Traffic

Specify whether you want to allow wireless stations on this network to communicate with each other, by selecting one of the following:

• Allow. Allow stations to communicate with each other. This is the default.
• Block. Block traffic between wireless stations.

Wireless Transmitter

Transmission Rate

Select the transmission rate:

• Automatic. The Safe@Office appliance automatically selects a rate. This is the default.
• A specific rate

This field only appears when configuring the primary WLAN, and it is inherited by all VAPs and WDS links.

Transmitter Power

Select the transmitter power.

Setting a higher transmitter power increases the access point's range. A lower power reduces interference with other access points in the vicinity.

The default value is Full. It is not necessary to change this value, unless there are other access points in the vicinity.

This field only appears when configuring the primary WLAN, and it is inherited by all VAPs and WDS links.

Guard Interval

Select the guard interval, which is the amount of time between symbol transmissions (in nanoseconds). The guard interval allows reflections from the previous data transmission to settle before transmitting a new symbol. This can have the following values:

• Normal. 800ns
• Short. 400ns

Selecting Short can increase throughput. However, in some cases it can also increase error rate, due to increased sensitivity to RF reflections.

This field appears only for Safe@Office 1000NW.

Antenna Selection

Multipath distortion is caused by the reflection of Radio Frequency (RF) signals traveling from the transmitter to the receiver along more than one path. Signals that were reflected by some surface reach the receiver after non-reflected signals and distort them.

Safe@Office appliances avoid the problems of multipath distortion by using an antenna diversity system. To provide antenna diversity, each wireless security appliance has two antennas.

Specify which antenna to use for communicating with wireless stations:

• Automatic. The Safe@Office appliance receives signals through both antennas and automatically selects the antenna with the lowest distortion signal to use for communicating. The selection is made on a per-station basis. This is the default.
• ANT 1. The ANT 1antenna is always used for communicating.
• ANT 2. The ANT 2 antenna is always used for communicating.

Use manual diversity control (ANT 1 or ANT 2), if there is only one antenna connected to the appliance.

This field only appears when configuring the primary WLAN, and it is inherited by all VAPs and WDS links.

This field does not appear for Safe@Office 1000NW.

Fragmentation Threshold

Type the smallest IP packet size (in bytes) that requires that the IP packet be split into smaller fragments.

If you are experiencing significant radio interference, set the threshold to a low value (around 1000), to reduce error penalty and increase overall throughput.

Otherwise, set the threshold to a high value (around 2000), to reduce overhead.

The default value is 2346.

RTS Threshold

Type the smallest IP packet size for which a station must send an RTS (Request To Send) before sending the IP packet.

If multiple wireless stations are in range of the access point, but not in range of each other, they might send data to the access point simultaneously, thereby causing data collisions and failures. RTS ensures that the channel is clear before the each packet is sent.

If your network is congested, and the users are distant from one another, set the RTS threshold to a low value (around 500).

Setting a value equal to the fragmentation threshold effectively disables RTS.

The default value is 2346.

Extended Range Mode (XR)

Specify whether to use Extended Range (XR) mode:

• Disabled. XR mode is disabled.
• Enabled. XR mode is enabled. XR will be automatically negotiated with XR-enabled wireless stations and used as needed. This is the default.

This field does not appear for Safe@Office 1000NW.

Multimedia QoS (WMM)

Specify whether to use the Wireless Multimedia (WMM) standard to prioritize traffic from WMM-compliant multimedia applications. This can have the following values:

• Disabled. WMM is disabled. This is the default.
• Enabled. WMM is enabled. The Safe@Office appliance will prioritize multimedia traffic according to four access categories (Voice, Video, Best Effort, and Background). This allows for smoother streaming of voice and video when using WMM aware applications.

WDS

Specify whether to enable WDS links:

• Disabled. WDS links are disabled.
• Enabled. WDS links are enabled. For information on configuring WDS links, see Configuring Wireless Distribution System Links.

This field appears only for Safe@Office 1000NW.