Netgear WC7520 Reference Manual
Contents
1. page 72 For more information see Configure Alarm Notification Settings on 3 Click Apply to save your settings Advanced RF Management for Profile Groups You can configure centralized RF management for profile groups on the advanced RF Management screen To configure advanced RF management 1 Select Configuration gt Wireless gt Advanced gt RF Management The advanced RF Management screen displays System Monitor Maintenance Stacking Plans Security Profile WLAN Network Captive Portal Self 192 168 0 251 RF Management gt Basic v Advanced gt Radio On Off gt Wireless gt QoS Settings gt RF Management Group 1 Group 2 Group 3 TX Power Settings Full enable Default Tx Power v Automatic Tx Power Control O disable WLAN Healing Maximum Neighbours to participate in Self healing Self healing wait Time after AP Failure mins Coverage Hole Detection Periodic Coverage Hole Detection O disable major enable Alert Severity For Coverage Hole Critical Diagnostics Figure 48 Configuring Wireless and QoS Settings 104 ProSafe 20 AP Wireless Controller WC7520 2 Click a tab to select a profile group 3 Configure the settings as explained in the previous table 4 Click Apply to save your settings Configure QoS for Profile Groups Quality of Service QoS works by default Change QoS only if there is a reason such as device vendor spec2. Local Device IP The local IP address of a primary controller in a redundancy group This IP address remains assigned to the primary controller and is not transferred to the secondary controller if a failover occurs This allows the primary controller to be identified before and after a failover Controller Status The state of the wireless controller Up or Down Secondary IP The IP address of the secondary controller in a redundancy group Active Controller The active controller in a redundancy group Primary or Secondary Backup Status The status of the secondary controller in a redundancy group Reachable or Not reachable Sync Status The synchronization status between the wireless controllers in a redundancy group In Sync or Not in Sync Network Status section For each wireless controller access point and client the following information displays Total Up The total number of managed devices that are running correctly Down The total number of managed devices that cannot be pinged Alarms Critical The wireless controller can ping these managed devices but either cannot log in or has detected that these device are different from the ones that were configured Major The number of managed devices for which the configuration differs from the one that is set on the wireless controller This situation occurs most likely because the device runs outdated firmware or the wi
3. Troubleshooting 196 ProSafe 20 AP Wireless Controller WC7520 Troubleshoot a TCP IP Network Using the Ping Utility Most TCP IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device The device then responds with an echo reply You can easily troubleshooting a TCP IP network by using the ping utility in your computer Test the LAN Path to Your Wireless Controller You can ping the wireless controller from your PC to verify that the LAN path to your wireless controller is set up correctly gt To ping the wireless controller from a PC running Windows 95 or later 1 2 From the Windows toolbar click the Start button and select Run In the field provided type ping followed by the IP address of the wireless controller as in this example ping 192 168 0 250 Click OK You should see a message like this one Pinging lt IP address gt with 32 bytes of data If the path is working you see this message Reply from lt IP address gt bytes 32 time NN ms TTL xxx If the path is not working you see this message Request timed out If the path is not functioning correctly you could have one of the following problems Wrong physical connections Make sure that the LAN LED is on If the LED is off follow the instructions in LAN Port LEDs Not On on page 195 Check that the corresponding Link LEDs are on for your network interface card and for the hub ports if any
4. Step Configuration Web management interface path 1 Optional Create an RF plan Plans gt Layout 2 If you have not yet done so configure the system settings of the wireless controller 1 Configure the country code of operation Configuration gt System gt General 2 Configure the IP address of wireless controller Configuration gt System gt IP VLAN 3 Verify that VLAN 1 is set as the management VLAN and is marked as untagged which is the default setting 3 Configure up to 8 profiles and for each profile do at least the following 1 Configure an SSID for wireless access Configuration gt Profile gt Basic 2 Configure the network authentication and data encryption 3 Assign the VLAN If required configure the authentication server Configuration gt Security gt Basic gt Authentication Server 4 Run the Discovery Wizard and add the access points to the Access Point gt Discovery Wizard managed access point list System Planning and Deployment Scenarios 30 ProSafe 20 AP Wireless Controller WC7520 Single Controller Configuration with Advanced Profile Groups A more complex configuration consists of a single wireless controller that controls a collection of access points that are organized in access point profile groups and might use several profiles in each access point profile group gt To set up a single wireless controller system with advanced profile gro
5. Configure the following profiles and configure network authentication and data encryption for these profiles 1 A profile with SSID 1 and VLAN 10 2 Aprofile with SSID 2 and VLAN 20 Configuration gt Profile gt Basic Connect the wireless controller to the PoE switch Before you connect the access points to the PoE switch verify that the switch ports to which you intend to connect the access points are configured as access ports in management VLAN 100 7 Deploy the access points and connect them to the designated PoE switch ports 8 Wait until the access points are up and running run the Discovery Access Point gt Discovery Wizard Wizard specify the network layout by selecting the Same L2 network radio button and select the access points that you want to be managed by the wireless controller Note By adding the access points to managed list you enable them to receive an IP address from the DHCP server over management VLAN 100 System Planning and Deployment Scenarios 37 ProSafe 20 AP Wireless Controller WC7520 Step Configuration Web management interface path 9 For each access point on the managed list clear the Untagged Vlan check box and configure VLAN 100 as the management VLAN Doing so causes the access points to lose connectivity with the wireless controller 10 Restore connectivity between the access points and the wireless controller by
6. gt To trace a route to an access point 1 Select Diagnostics gt Trace Route The Trace Route screen displays see the following figure 2 From the Access Point drop down list select the access point for which you want to trace the route After you have made your selection the IP address of the access point displays in the IP Address field 3 Click Start The results are shown in the TraceRoute Result field Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Technical Support s Trace Route EG ECA TraceRoute Access Point netgear782488 Host IP Address Name 192 168 0 3 TraceRoute Result traceroute to 192 168 0 3 192 168 0 3 30 hops max 46 byte packe 1 192 168 0 3 192 168 0 3 0 752 ms 0 531 ms 0 426 ms CANCEL START Figure 120 Troubleshooting 201 Factory Default Settings and Technical Specifications You can restore the wireless controller to its factory default settings on the Reboot Reset Controllers screen see Reboot or Reset the Wireless Controller on page 139 or by using the Factory Defaults button on the rear panel see Use the Factory Default Button to Restore Default Settings on page 198 The wireless controller will return to the factory configuration settings shown in the following table Table 52 Factory default settings Feature Default Setting Login User login URL http 192 168 0 250 User name case sensitive admin Login pass
7. gt DHCP Lease 5 Redundancy Status Captive Portal Controller Mode Primary un Redundancy State Active Secondary Status Not Reachable Rogue AP current Sync Status Not in Syne Rogue AP count 24hrs Primary IP Address 192 168 0 250 Secondary IP Address 192 168 0 240 Virtual IP 192 168 0 255 Rogue Access Points Figure 6 Note The Network navigation menu tab displays under the Monitor main navigation tab only when you have configured stacking For information about the layout and general characteristics of the web management interface see Web Management Interface Layout on page 19 Introduction and Overview 21 ProSafe 20 AP Wireless Controller WC7520 For information about the network status and related information see View the Wireless Controller Summary Screen on page 180 3 Configure the wireless controller and your network a RF planning Follow instructions in Chapter 3 RF Planning to plan the number and location of the access points b Configure your network Follow the instructions in Chapter 4 through Chapter 10 to configure your network including the SSIDs security MAC ACLs captive portal QoS rate limiting and so on c Set up the wireless controller Follow the instructions in System Planning on page 27 to select the type of deployment for your network d Add the access points Follow the steps in Access Point Discovery and Discovery Guidelines on page 51 to discover your access po
8. Open WEP WPA WPA2 Redundancy Status o o o o Controller Mode Primary Redundancy State Active Rogue Access Points Secondary Status Not Reachable Rogue AP current 0 Sync Status Not in Syne Rogue AP count 24hrs 0 Primary IP Address 192 168 0 250 Secondary IP Address 192 168 0 240 Virtual IP 192 168 0 255 Clients Maintenance Stacking Plans Diagnostics REFRESH The following table explains the fields of the Network Status Wireless Clients Rogue Access Points Network Info and Redundancy Status tables on the Controller Summary screen Table 46 Controller summary information Item Description Network Status section For each access point and c lient the following information displays Total Up The total number of managed devices that are running correctly Down The total number of managed devices that cannot be pinged Alarms Critical The wireless controller can ping these managed devices but either cannot log in or has detected that these device are different from the ones that were configured Major The number of managed devices for which the configuration differs from the one that is set on the wireless controller This situation occurs most likely because the device runs outdated firmware or the wireless controller changed the configuration while the device was down or offline Wireless Clients section For each wireless client the follow
9. Statistics Device Unicast Packets Received Broadcast Packets Received Wired Ethernet 11242 5878 Wireless 11bg 878 144 Figure 100 Monitoring the Wireless Network and Components 174 ProSafe 20 AP Wireless Controller WC7520 The following table explains the fields of the AP Details window Table 42 Network access point details information Item Description AP Info section This information is self explanatory Profile Info section For each security profile that is configured on the selected access point the following information displays Type The type of profile 802 11b bg ng or 802 11a na SSID The wireless network SSID for the security profile Security The security mode Open WEP WPA WPA2 or WPA WPA2 for the security profile VLAN The VLAN ID or VLAN name for the security profile Client Info section The information that displays depends on the type and security of the connection that the client has to the access point For each wireless client that is connected to the selected access point some or all of the following information displays MAC The MAC address of the wireless client IP The IP address of the client Channel The channel that the wireless client is using to connect to the access point SSID The wireless network SSID that the wireless client is using to connect to the access point Security The security mode that
10. AES To configure WPA amp WPA2 authentication with a RADIUS server 1 Set up and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers and Authentication Server Groups on page 122 2 Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the drop down list Note The Data Encryption drop down list displays TKIP AES which is the only available option Both TKIP and AES are supported WPA PSK TKIP TKIP AES To configure WPA PSK authentication 1 From the Data Encryption drop down list select the type of encryption TKIP Supports TKIP only TKIP AES Supports both TKIP and AES Type a passphrase of at least 8 characters in the WPA Passphrase Network Key field WPA2 PSK AES TKIP AES To configure WPA2 PSK authentication 1 From the Data Encryption drop down list select the type of encryption AES Supports AES only TKIP AES Supports both TKIP and AES Type a passphrase of at least 8 characters in the WPA Passphrase Network Key field Managing Security Profiles and Profile Groups 83 ProSafe 20 AP Wireless Controller WC7520 Table 16 Network authentication and data encryption settings continued Network authentication Data encryption Configuration steps selection
11. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources For example you might place authorized employee users into one VLAN and itinerant users such as contractors or guests into a separate VLAN To use different VLANs you need to create different security profiles For information about how to configure regular VLANs see Manage Rogue Access Points on page 113 DHCP Server The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it You can add up to 64 DHCP server pools each assigned to a different VLAN Client Authentication and Data Encryption A user needs to authenticate to the WLAN to be able to access WLAN resources The wireless controller supports several types of security methods including those that require an external RADIUS or LDAP authentication server The encryption option that you can select depends upon the authentication method that you have selected The following table lists the authentication methods available with their corresponding encryption options Table 2 Authentication and encryption options Authentication method Encryption option Authentication server Open system 64 bit 12
12. Configuring Network Settings 64 ProSafe 20 AP Wireless Controller WC7520 2 Configure the settings as explained in the following table Table 9 Time settings Setting Description Time Zone From the drop down list select the local time zone for your country or region Current Time This is a nonconfigurable field that displays the current time at your location NTP Client Select the Enable radio button to use a Network Time Protocol NTP server to synchronize the clock of the wireless controller and managed access points Select the Disable radio button if you do not want to use an NTP server Use Custom NTP Server Select this check box if you want to use an alternate NTP server By default the NETGEAR NTP server is used Hostname IP Address Enter the host name or IP address of the NTP server if you are using a custom NTP server 3 Click Apply to save your settings Configure IP and VLAN Settings The IP Settings screen lets you configure the management IP address settings of the wireless controller gt To configure IP VLAN settings i Select Configuration gt System gt IP VLAN The IP Settings screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Wireless Security Profile WLAN Network Captive Portal AN IP Settings 4 gt Time IP Address 192 168 0 251 gt 1P VLAN IP Subnet Mask 255 255 255 0 gt DHCP Server D
13. Description Group The group to which the access point is assigned After the access point discovery process the access point is automatically assigned to the basic group If you have set up profile groups you can assign the access point to another profile group by selecting one from the drop down list You can also change the group assignment at a later time on the WLAN Group Assignment screen For more information see Manage Basic and Advanced Profile Groups in the WLAN on page 87 IP Settings These fields show the IP address and other IP settings of the access point By default these fields are populated during the access point discovery process These are the functions of the radio buttons e Enable By default the Enable radio button is selected allowing the access point to function as a DHCP client The IP settings fields are masked out preventing you from making changes e Disable Select the Disable radio button to disable the access point s DHCP client The IP settings fields become available allowing you to make changes including changes to the access point s IP address IP Address The IP address of the access point Subnet Mask The subnet mask of the access point Default Gateway The default gateway of the access point Primary DNS Server The primary DNS server of the access point Secondary DNS Server The secondary DNS server of the access point VLAN Set
14. For information see Manage Authentication Servers and Authentication Server Groups on page 122 From the Data Encryption drop down list select the type of encryption TKIP Supports Temporal Key Integrity Protocol TKIP only TKIP AES Supports both TKIP and Advanced Encryption Standard AES Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the drop down list Managing Security Profiles and Profile Groups 82 ProSafe 20 AP Wireless Controller WC7520 Table 16 Network authentication and data encryption settings continued Network authentication selection Data encryption options Configuration steps WPA2 with Radius AES TKIP AES To configure WPA2 authentication with a RADIUS server 1 Set up and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers and Authentication Server Groups on page 122 From the Data Encryption drop down list select the type of encryption AES Supports AES only TKIP AES Supports both TKIP and AES Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the drop down list WPA amp WPA2 with Radius Note Use this option if there are both WPA and WPA2 clients in the network TKIP
15. Restore saved settings from a file Figure 64 The Backup Restore screen lets you e Back up and save a copy of the current settings e Restore saved settings from the backed up file To back up the configuration file 1 On the Backup Restore Settings screen see the previous figure click the Backup button to save a copy of your current settings A dialog box displays showing the file name of the backup file The backup file has the following format backup tar gz 2 Follow the instructions of your browser to save the configuration file To restore the configuration file 1 On the Backup Restore Settings screen see the previous figure click the Browse button 2 Navigate to the saved configuration file 3 Click Apply to load the configuration file The wireless controller reboots A WARNING When you restore the configuration file do not try to go online turn off the wireless controller shut down the computer or do anything else to the wireless controller until the wireless controller finishes rebooting When the LED light turns off wait a few more seconds before you do anything Note Restore only settings that were backed up from the same software version Maintaining the Controller 136 ProSafe 20 AP Wireless Controller WC7520 Upgrade the Configuration File The wireless controller provides two methods for upgrading its firmware e Scheduled automatic update e Manual update There are two bo
16. T tagged VLANs 67 TCP IP network troubleshooting 197 technical specifications 202 technical support 2 temperatures and humidity 203 Temporal Key Integrity Protocol TKIP 82 Test LED 13 195 TFTP server firmware upgrade 138 time and time zone configuring 65 troubleshooting 198 TKIP Temporal Key Integrity Protocol 82 tracing a route 201 trademarks 2 transmission opportunity TXOP limit 107 transmission power controlling automatically 103 manually 96 98 trap port SNMP 143 troubleshooting access points 198 basic functioning 194 configuration settings using sniffer 196 connection problems 199 date 198 diagnostic tools 200 discovery problems 198 GUI 195 LAN path 197 LEDs 194 network performance 200 pinging access points 200 restoring factory default settings 198 TCP IP network 197 time and time zone 198 tracing an access point route 201 web management interface 195 Tx power controlling automatically 103 manually 96 98 TXOP transmission opportunity limit 107 U untagged VLANs 67 upgrading firmware 137 USB port 12 users managing 128 V VAR information licenses 152 video QoS queue 105 Virtual Router Redundancy Protocol VRRP 158 165 VLANs 66 client 29 32 DHOP server 68 management 28 32 security profiles 79 settings access points 61 untagged 67 voice QoS queue 105 VRRP Virtual Router Redundancy Protocol 158 165 W WC7510L licenses 18 149 web management interface troubleshooting 195 WE
17. Time gt IP LAN Syslog Settings gt DHCP Server Enable Syslog Certificates Syslog Server IP Address Alerts Server Port Number s Syslog Alarms gt Email Setup Figure 33 2 Configure the settings as explained in the following table Table 13 Syslog settings Setting Description Enable Syslog Enable the syslog settings if you have a syslog server on your network Syslog Server IP Address Enter the IP address to which the wireless controller and managed access points will send all syslogs if the Syslog check box is selected Server Port Number Enter the number of the port at which your syslog server is configured to listen to requests 3 Click Apply to save your settings Configuring Network Settings 71 ProSafe 20 AP Wireless Controller WC7520 Configure Alarm Notification Settings You can classify certain events as critical major normal or minor Some events you can classify only as critical or major For example on the RF Management screen you can specify whether a coverage hole should be classified as critical or major see Basic RF Management on page 102 gt To configure alarm actions 1 Select Configuration gt System gt Alerts gt Alarms The Alarm Actions screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Wireless Security Profile WLAN Network Captive Portal gt General Self 192 168 0 251 g
18. Unreachable NA REFRESH The Network Controllers screen lets you monitor the stacking configuration of the wireless controllers in the network The following table explains the fields of the Controllers table on the Network Controllers screen Table 40 Network controllers information Item Description Controller IP The IP address of the wireless controller Name The name of the wireless controller see Configure General Settings on page 63 Location The location of the wireless controller see Configure General Settings on page 63 Type The function of the wireless controller in a stack either Master or Slave Version The firmware version that the wireless controller is running Status The stacking status of the wireless controller for example Up or Unreachable Config Status The firmware configuration status of the wireless controller for example Update Successful Note This field is applicable only to a wireless controller that functions as a slave Config Sync Time The time that the wireless controller synchronized its firmware Note This field is applicable only to a wireless controller that functions as a slave Monitoring the Wireless Network and Components 171 ProSafe 20 AP Wireless Controller WC7520 View Managed Access Points in the Network Because the Network Access Point screen is a wide screen it is shown in the following two figures Access P
19. displays Managing Security Profiles and Profile Groups 85 N OT D ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics System Wireless Security WLAN Network Captive Portal gt Basic Edit Profile Group 4 v Advanced gt Radio gt Rate Limit 802 11b bg ng 802 1la na NG_119 0 Ae gt Profile Definition Click to add another profile Name NG_11g 0 Wireless Network Name SSID NG_11g 0 Broadcast Wireless Network Name SSID yes Ono Your selection from Select the Local radio the Network button to display the Client Authentication Authentication Local MAC ACL Network Authentication Open System lt drop down list Data Encryption None v Group drop down list i determines the Wireless Client Security Separation Disable information that is Select the External VLAN i radio button to display the External Authentication Settings we Radius Server MAC ACL Local O External drop down list Local MAC ACL Group basic Captive Portal o displayed onscreen Wireless QoS Wi Fi Multimedia WMM enable O disable WMM Powersave enable O disable Figure 39 Click a tab to select a radio Specify the settings as described in Table 15 on page 78 and Table 16 on page 81 Click Apply to save your settings To add another profile to the new profile group a Click a tab to select a radio b Click the butto
20. v1 0 March 2011 Added the following new information Support for the WNAP320 access point e New features Capability to specify use of an access point s internal or external antenna or antennas see Edit and Remove Access Point Information Capability to adjust the Tx power for all managed access points see Configure Channels Capability to adjust the channel and Tx power for individual access points see Configure Wireless Settings Capability to edit IP settings of individual access points see Manage the Access Point List Display of radio mode capabilities on the managed AP list see Manage the Access Point List Revised existing content and reorganized the manual Made changes to some monitoring screens see Chapter 11 Monitoring the Wireless Network and Components 202 10686 01 v1 4 October 2010 Made a minor revision to indicate the number of supported MAC addresses per SSID 202 10686 01 v1 3 September 2010 Added an index and made minor revisions to existing content 202 10686 01 v1 2 September 2010 Added new content and revised existing content in chapters 1 2 4 5 9 and 10 Added chapters 11 and 12 and appendix A 202 10686 01 v1 1 September 2010 Added new content to chapters 1 through 4 202 10686 01 v1 0 August 2010 Initial publication Table of Contents Chapter 1 Introduction and Overview Key Features and Ca
21. 0000 cece eee eee eens ProSafe 20 AP Wireless Controller WC7520 Chapter 10 Managing Stacking and Redundancy Manage Stacking 2 04045 case ve slaeceedahadeed east ooerbeeard 154 OUI SeN goatee daeaneekoud egeeamedaeenaeacou eds 155 Controller Selection List aia4 ocadeesnGuteees eek ge dake es 157 Manage Redundaty sane cided Ane baw ede Gaeeaddeeadaeweawees 158 Single Controller with Redundancy 0 000 cece eee eee 158 id PEO I eea dk phe e hee weeadhekunmiacns 160 Configure REQUNGANEY lt ncc lt ieiwecdvGedeeawedad tekadira 164 Chapter 11 Monitoring the Wireless Network and Components Monitor the NOIWOIK icccccccec ened teed dd eee eee dene eee Me 167 View the Network Summary Screen 00200 eee eee 168 View Network Usage ccasccccsvataves eevee derece tisarss 170 View Wireless Controllers in the Network 0000005 171 View Managed Access Points in the Network 172 View Clients in the Network 000 00 cece eee 176 View Security Profiles in the Network 000 0000e eee 178 Monitor the Wireless Controller 0000 cece eee eee eee 179 View the Wireless Controller Summary Screen 5 180 View Wireless Controller Usage 00000 cee eee eee ee 182 View Access Points Managed by the Wireless Controller 182 View Clients Managed by the Wireless Controller 184 View Neighboring Clients Detected by the Wire
22. 11 e Schedule channel allocation once a day at times when the fewest clients are expected to be connected This allows better management of available bandwidth during the day Note The allocated channels apply to all access points irrespective of whether they are managed in profiles of the basic profile group or profiles of an advanced profile group Note You can override the general channel allocation settings for individual access points on the Basic Wireless Settings screen and on the Advanced Wireless Settings screen For more information see Configure Wireless Settings on page 93 Configuring Wireless and QoS Settings 99 ProSafe 20 AP Wireless Controller WC7520 To change the channel allocation 1 Select Configuration gt Wireless gt Basic gt Channel Allocation The Channel Allocation screen displays APONTE Ac cess Point Configuration r Monitor P ann omia i CES es Pe ee ae n Maintenance Stacking Plans Diagnostics Ttocour System Security Profile WLAN Network Captive Portal PE Ba Eee gt Radio On Off gt Wireless Channel Allocation Channel Allacation gt RF Management Advanced Automatic channel allocation enable O disable Valid corporate channels 2 4Ghz 1 2 o of 3 o 36 40 4M O 4 5 6 8 9 10 OO0dodf8 OOD 44 48 52 56 60 64 100 104 108 112 116 120 o BHOHoeOSBBaaAaBRBAA BO B 132 136 149 153 157 161 165 a
23. 160 c4 3dic7 a1 06 60 WNDAP360 netgearAl0668 Connecting 192 168 0 161 c0 3fi0e 7b 26 d0 WNAP210 netgear7B26D8 Connecting 192 168 0 163 cO 3f 0e 7b 24 80 WNAP210 netgear782488 Connecting Figure 24 Left side of the Managed AP List screen Site Group Name basic basic basic Capability 2 4ghz Mode lt 802 11bg 802 11bq 802 11bg Remove i EDIT _ REFRESH Figure 25 Right side of the Managed AP List screen The Managed AP List shows the following entries for each access point that you added to the list Table 6 Managed AP list information Item Description IP The IP address of the access point MAC The MAC address of the access point Model The model of the access point Name The name of the access point Access Point Discovery and Management 58 ProSafe 20 AP Wireless Controller WC7520 Table 6 Managed AP list information continued Item Description Status Shows one of the following status options Authentication in progress This status can last several minutes Applying configurations e Firmware upgrade e AP is rebooting e Connecting e Connected This status indicates normal operation e Not Connected The wireless controller cannot communicate with the access point at the configured IP address The wireless controller tries to log in to managed access points each minute If the error is temporary the status automatically changes to c
24. 2010 Wed Aug 11 20 10 05 2010 7 Wed Aug 11 20 10 05 2010 Wed Aug 11 20 05 05 2010 Wed Aug 11 20 05 05 2010 Wed Aug 11 20 00 05 2010 Wed Aug 11 20 00 05 2010 Wed Aug 11 19 55 05 2010 Select Maintenance gt Logs amp Alerts gt Load Balancing The Load Balancing screen displays Access Point User Management gt System Alerts gt RF Events gt Load Balancing gt Rate Limit gt Redundancy gt Stacking Save Logs Figure 75 Configuration Upgrade Monitor Licensing Maintenance Stacking Plans Backup Restore Reboot Reset Self 192 168 0 30 Load Balancing Normal Normal Normal Normal Normal Normal Normal Normal Normal Normal Normal Normal Load Balancing Bad RSSI Event for Client 04 1e 64 Sl ed di Load Balancing Bad RSSI Event for Client 00 16 earbarch be Load Balancing Bad RSSI Event for Client 90 27 4 47 62 22 Load Balancing Bad RSSI Event for Client 90 27 4 47 b2 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 62 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 b2 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 62 22 Load Balancing Bad RSSI Event for Client 90 27 4 47 62 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 52 22 Load Balancing 6ad RSSI Event for Client 00 21 5c 03 39 0b Load Balancing Bad RSSI Event for Client 00 21 5 03 39 0b Load Balancing Bad RSSI Event for Client 00 21 5 03 39 0b gt
25. 22 22 00 00 11 11 22 23 00 00 11 12 22 24 Figure 55 As an option you can import a list of MAC addresses from a file For more information see the next section Next to Trust ACL as select one of the following radio buttons e Allow Network access is granted to the clients for which the MAC addresses are listed in the Selected Wireless Clients list Deny Network access is denied to the clients for which the MAC addresses are listed in the Selected Wireless Clients list Add a wireless client to the Selected Wireless Clients list through one of the following methods e Enter a MAC address in the MAC Address field and then click Add e Select a MAC address from the Available Wireless Clients list and then click Move The Available Wireless Clients list contains wireless stations that are present in the vicinity of the access point To delete a MAC address from the Selected Wireless Clients list select the corresponding check box and then click Delete Note The wireless controller supports a maximum of 256 MAC addresses per SSID Click Apply to save your settings Configuring Network Access and Security 119 ProSafe 20 AP Wireless Controller WC7520 Importing a MAC List from a File You can import a precompiled list of MAC address from a saved file This file needs to be a simple text file with one MAC address per line gt To import a MAC list from a file 1 5 6 Create a text file tha
26. 81 ProSafe 20 AP Wireless Controller WC7520 Table 16 Network authentication and data encryption settings continued Network authentication selection Data encryption options Configuration steps Shared Key 64 bit WEP 128 bit WEP 152 bit WEP To configure Shared Key authentication with WEP ik From the Data Encryption drop down list select a level of WEP encryption 64 bit WEP Uses 40 64 bit encryption 128 bit WEP Uses 104 128 bit encryption 152 bit WEP A proprietary mode that works only with other wireless devices that support this mode Select a key radio button Key1 Key2 Key3 or Key4 Enter a key in the corresponding field 64 bit WEP requires a key with 10 characters 128 bit WEP requires a key with 26 characters 152 bit WEP requires a key with 32 characters Legacy 802 1x None To configure legacy 802 1x authentication ili Set up and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers and Authentication Server Groups on page 122 2 Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the drop down list WPA with Radius TKIP TKIP AES To configure WPA authentication with a RADIUS server ie Set up and enable an internal or external RADIUS or LDAP authentication server
27. Configure RADIUS Authentication Server Groups on page 125 After you have configured authentication server settings you can then assign any authentication server to a security profile in a basic profile group or advanced profile group Note You can configure profiles to function with different authentication servers For example you could set up a guest profile with no authentication an engineering profile that uses external RADIUS authentication and a marketing profile that uses external LDAP authentication You can also use additional external RADIUS servers in other profiles e MAC authentication If you want to use a MAC access control list ACL to control access of wireless clients first create one or more MAC ACLs Configure the basic MAC ACL on the basic MAC Authentication screen see Configure Basic Local MAC Authentication Settings on page 118 For more complex networks configure additional MAC ACLs on the advanced MAC Authentication screen see Configure Local MAC Authentication Groups on page 120 Managing Security Profiles and Profile Groups 76 ProSafe 20 AP Wireless Controller WC7520 After you have configured one or more MAC ACLs you can then assign any MAC ACL to a security profile in a basic profile group or advanced profile group e Cloning profiles For faster setup you can clone a profile and rename it Cloning copies all settings except for the name and SSID Configure Security Profiles for the B
28. Hard Restore the factory default settings which are listed in Appendix A Factory Default Settings and Technical Specifications to the wireless controller Soft Clear all settings except for the IP addresses floor plans and managed access point list 3 Click Apply to save your settings If you selected a hard reset the wireless controller reboots Note Restoring the factory default settings of the wireless controller does not restore the settings of the access points that are managed by the wireless controller A WARNING If you perform a hard reset do not try to go online turn off the wireless controller shut down the computer or do anything else to the wireless controller until the wireless controller finishes rebooting When the LED light turns off wait a few more seconds before you do anything Maintaining the Controller 140 ProSafe 20 AP Wireless Controller WC7520 Reboot Access Points Under normal circumstances there is no reason to reboot an access point If there is a problem with an access point you can reboot it to see if this resolves the problem gt To reboot an access point 1 Select Maintenance gt Reboot Reset gt Access Points The Reboot Access Points screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LocouT User Management Upgrade Licensing Backup Restore Extended Storage Remote Management gt Controllers Ea EZELAN gt Access
29. IP Floors CO 3FIQE 70 24 92 NG_Aig 2 Open 192 169 0 250 00 40 F4 F4 70 C2 192 160 0 6 Orthopedics netgesr702400 192 160 0 3 Clinic FloorS CO 3F 0f 78 24 91 NG _IIg l1 Open 192 160 0 250 REFRESH LOCATE DETARS The Network Clients screen lets you monitor all clients that are connected to the network To view additional clients click Next to return to the previous clients click Previous The following table explains the fields of the Clients table on the Network Clients screen Table 43 Network clients information Item Description Select The radio button that lets you select the client When you click the Details button the corresponding Client Details pop up window displays see Figure 102 on page 177 You can also click the Locate button to see the location of the client on a floor map MAC The MAC address of the wireless client IP The IP address of the wireless client AP Location The location of the access point see Edit and Remove Access Point Information on page 59 to which the wireless client is connected AP Name The name of the access point see Edit and Remove Access Point Information on page 59 to which the wireless client is connected AP IP The IP address of the access point to which the wireless client is connected Building The building in which the wireless client is connected to the access point Floor The floor on which the wireless client is connected to the
30. IP and VLAN Settings 0000 0 cece eee eee Management VLANS 6c eccw bie eee ew ee ee eee ek ONG ies soca VLANS aia era gee er aati ere erreur at atari ome oe er at rae om oe era Manage the DHCP Server 00000 eee eee eee Manage Certificates 00 Configure Syslog and Alarm Notification Settings Configure Syslog SENGS 6 52o440eslarenedwteiiaiersouadadsd Configure Alarm Notification Settings anaua saasaa Configure the Email Notification Server 0 0000 aana Chapter 6 Managing Security Profiles and Profile Groups Manage Wireless Security Profiles 000 0c eee aeeaee Small WLAN RG ia aran ath ass lace ah See a act ind a Larger WLAN NGIWOrkS 200002000 ecneebdeke bedew hoes come Be Profile Naming Conventions 000 eee eee eee eee Considerations Before You Configure Profiles Configure Security Profiles for the Basic Profile Group Edit and Remove Profiles from the Basic Profile Group Network Authentication and Data Encryption Options Configure Security Profiles for Advanced Profile Groups Edit and Remove Profiles from an Advanced Profile Group Remove an Advanced Profile Group 00000e ee eaeee Manage Basic and Advanced Profile Groups inthe WLAN Chapter 7 Configuring Wireless and QoS Settings About Basic and Advanced Wireless and QoS C
31. Manage Guest Network Access Users with management admin credentials for example receptionists or hotel clerks can provision guests Guests need to provide their email address or both their email address and a password These latter guests are referred to as captive portal users for which you need to set up a Captive portal and captive portal user credentials Configure Captive Portal Settings Captive portal authentication is typically used for hotspot users and paying guests such as hotel guests who purchase access time for an Internet connection You can configure a single captive portal only per wireless controller When you configure a captive portal you can use either the wireless controller as a local authentication server for the captive portal clients or you can configure an external RADIUS server for authentication There are two types of portal settings e Guest portal Use this portal if all wireless users are allowed to access the network by supplying only their email address You do not need to define user names and passwords for these users e Captive portal Use this portal type if wireless users need to supply their login name and password before being allowing access the network You need to define user names and passwords for these users see Manage Users Accounts and Passwords on page 128 Note You cannot configure captive portal authentication if the network authentication uses an external RADIUS server That
32. Point Configuration Monitor Maintenance Stacking Plans Diagnostics System Wireless Profile WLAN Network Captive Portal gt Basic EQ Eee es Click to add another authentication group v Advanced Oa Authentication Server MAC ACL gt Authentication Server Auth 1 Auth 2 Auth 3 Group Name Auth 3 External RADIUS Server IP Address Port Shared Secret Primary Authentication Server 1812 eccccccccccs Secondary Authentication Server 1812 eecccccccece Primary Accounting Server F 1813 eeeeeeoosese Secondary Accounting Server 1813 eeeccccceccs Reauthentication Time Seconds m Update Global Key Every Seconds CANCEL DELETE APPLY Figure 58 2 Click the button to create an additional authentication group The new authentication group displays on the advanced Authentication Server screen and the tab for the new authentication is automatically selected to let you configure the new group Note By default authentication groups are named Auth 1 Auth 2 Auth 3 and so on You can change these authentication group names 3 In the Group Name field enter a unique name for the authentication group 4 Specify the settings as described in the External RADIUS Server section in the previous table 5 Click Apply to save your settings To delete an authentication group select its tab and then click Delete Configuring Network Access and Security 125 ProSafe 20 AP Wireless Controller WC7520
33. Stacking Plans Diagnostics Network Clients s Summary Neighboring Clients Usage Locate MAC Bssid Access Point Clients gt Neighboring Clients Rogue AP Profiles DHCP Lease Captive Portal Users Figure 109 00 26 6 87 91 32 4 0 44 64 F1 SdiSe 00 13 e8 09 b6 13 00 26 1c6 87 6a 6c 00 24 d7 ad 0e 28 00 26 c6 80 be 0c FEL PEL EFL EFL EFL EF 2b fd 0a 76 a7 0d c0 3f 0e 83 c6 71 PEL FFL EFL EFL EFL EF FF FF FF EF EFL EF c0 3f 0e 8S cc d0 109 86 12 16 90 REFRESH LOCATE DISCONNECT EXPORT Monitoring the Wireless Network and Components 184 ProSafe 20 AP Wireless Controller WC7520 The Controller Neighboring Clients screen lets you monitor clients that are attached to known or rogue access points and that were detected by the wireless controller To view additional neighboring clients click Next to return to the previous neighboring clients click Previous The following table explains the fields of the Neighboring Clients table on the Controller Neighboring Clients screen Table 47 Neighboring clients information Item Description Locate The radio button that lets you select the neighboring client to locate it on a floor map MAC The MAC address of the neighboring client BSSID The MAC address of the access point s radio to which the neighboring client is connected RSSI The received signal strength indicator RSSI of the neighboring
34. Unsecured Mon Mar 14 13 54 47 2011 Neighbor Unknown e0 91 fS Oa fb 54 weed gd as Unsecured Mon Mar 14 13 54 47 2011 Neighbor Unknown 00 18 f3 ef db 84 Customer ID Secured Mon Mar 14 13 54 47 2011 Neighbor Unknown 00 92 f5 0e f6 50 wer3 g0 ad Secured Mon Mar 14 13 54 47 2011 Neig bor Unknown O0 18 4d c3 farcd NETGEAR Unsecured Mon Mar 14 13 54 46 2011 Neighbor Unknown PREVIOUS NEXT oo o o o o o o o Move to KNOWN UNKNOWN Figure 54 The screen displays the Rogue List which shows all detected rogue access points with essential information including information about their last beacon To scroll through the Rogue List click Next or Previous As an option you can import a list of access points from a file For more information see the next section 2 Classify the access points in the Rogue List a Select one or more check boxes that correspond to the access points or select all access point in the Rogue List by selecting the check box at the top of the table b Click one of the following two buttons both of which are located below the Rogue List e Known Moves the selected access points to the known list As an option for each access point you can enter a name in the Name column so the access point is more easily identified e Unknown Moves the selected access points to the unknown list Configuring Network Access and Security 116 3 ProSafe 20 AP Wireless Controller WC7520 Click App
35. Wi Fi Multimedia WMM enable disable WMM Powersave enable disable CANCEL DELETE APPLY Figure 36 By default an NG_11g profile and an NG_11a profile are present in the basic profile group 2 Click a tab to select a radio Managing Security Profiles and Profile Groups 77 ProSafe 20 AP Wireless Controller WC7520 3 Click the button to add a profile to the basic profile group The Add Profiles pop up window displays ADD Profiles Clone an existing Profile Profiles NG_11g 2 CANCEL ADD Figure 37 4 Either click Add or if you want to clone an existing profile select the Clone an existing Profile check box select a profile from the Profiles drop down list and then click Add The newly created profile displays onscreen and the tab for the new profile is automatically selected to let you configure the new profile Note The selections that are available in the Network Authentication field are affected by the authentication server settings that you specify on the Authentication Server screen See Manage Authentication Servers and Authentication Server Groups on page 122 If the selection in the Network Authentication field requires authentication an additional field the corresponding Authentication Server field displays 5 Configure the settings as described in the following table Table 15 Basic security profile definition settings Setting Description Profile Definition sect
36. Wireless and QoS Settings 105 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocout System Security Profile WLAN Network Captive Portal Basic CorZa Advanced Radio On Off Advanced QoS Settings gt Wireless QoS Settings Group 1 Group 2 Group 3 gt RF Management 802 11b bo ng 802 11a na AP EDCA parameters Queue cwMin cwMax Max Burst Data 0 Best Effort Data 1 Background Data 2 Video Data 3 Voice Station EDCA parameters Queue cwMax Data 0 Best Effort Data 1 Background Data 2 Video Data 3 Voice CANCEL APPLY Figure 49 2 Click a tab to select a profile group 3 Click a tab to select a radio This screen lets you modify the QoS settings per profile group and per radio for upstream traffic flowing from the station that is the wireless client to managed access points and the downstream traffic flowing from managed access points to the station These settings are applied only to managed access points that are capable of supporting these settings Disabling WMM deactivates QoS control of station EDCA parameters for upstream traffic flowing from the client station to the access point You can change the settings for the station EDCA parameters but these settings do not take effect until you enable WMM However when WMM is disabled you can still set some parameters for downstream traffic flowing from the access
37. a group 152 bit WEP Hexadecimal 32 fixed See f Configure Fa IGK Edit WPA PSK TKIP Alphanumerics and Up to 63 Security 4 Select a profile special characters Profiles for 5 Make a selection from Us aa excluding quotes Advanced the Network WPA2 PSK AES Profile Authentication Groups on drop down list TKIP AES page 84 WPA PSK__ TKIP AES amp WPA2 PSK Configuration gt Security gt External Shared Secret Alphanumerics and Up to 127 See Manage Authentication Server RADIUS special characters Authentication Server Servers and Authentication External Domain Admin User Alphanumerics and Up to 32 Server LDAP special characters Groups on Server page 122 Factory Default Settings and Technical Specifications 204 Notification of Compliance NETGEAR Wired Products Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices Failure of the end user to comply with the applicable requirements may result in unlawful operation and adverse action against the end user by the applicable National regulatory authority This product s firmware limits operation to only the channels allowed in a particular Region or Country Therefore all options described in this user s guide may not be available in your version of the product FCC Requirements for Operat
38. access point BSSID The MAC address of the access point s radio to which the wireless client is connected SSID The wireless network SSID that the wireless client is using to connect to the access point Security The security mode Open WEP WPA WPA2 or WPA WPA2 that the wireless client is using to connect to the access point Controller IP The IP address of the wireless controller that manages the access point to which the wireless client is connected To see the location of the client on a floor map select the client s radio button in the Select column and then click the Locate button Monitoring the Wireless Network and Components 176 ProSafe 20 AP Wireless Controller WC7520 To export the list of clients click Export To see details about a client select its corresponding radio button in the Select column of the Client table and then click the Details button to display the Client Details pop up window Client Details MAC 00 40 F4 F4 7D C2 Access Point netgear7B2488 BSSID CO 3F 0E 78 24 81 SSID NG_11g 1 Frequency 2 412000 GHz Auth open Client Type 802 119 Cipher none AID 1 RSSI 16 Tx Power 14 dbm Tx Rate 54 00Mbps Tx Bytes 1698 Rx Rate 12 00Mbps Rx Bytes 12056 Tx Packets 11 Rx Packets 88 CANCEL Figure 102 To close the Client Details window click Cancel The following table explains the fields of the Client Details window Table 44 Network client details informati
39. access points the wireless controller could support a total of 128 profiles Each profile has its own SSID and can have its own VLAN to allow the profile to establish its own tunnel Profiles can also share the same VLAN In larger network deployments also you would assign guests to a separate VLAN because guests typically access only the Internet not the business network and do not have peer to peer access Managing Security Profiles and Profile Groups 75 ProSafe 20 AP Wireless Controller WC7520 Profile Naming Conventions You can use profile naming conventions that are based on user groups such as Marketing or based on VLANs such as VLAN4O or you can use other naming conventions such as CompanyName15 Note In the advanced configuration you cannot change the names of profile groups However you can change the group names of MAC ACLs and external RADIUS servers Considerations Before You Configure Profiles Before you create and configure profiles for the basic profile group or an advanced profile group consider the following Authentication servers If you want to use external LDAP or RADIUS authentication or both first create the authentication server settings Configure basic server settings on the basic Authentication Server screen see Configure Basic Authentication Server Settings on page 123 For more complex networks configure additional RADIUS servers on the advanced Authentication Server screen see
40. all controllers and then synchronize their access point configurations with the primary 154 ProSafe 20 AP Wireless Controller WC7520 controller When stacking is enabled the primary controller synchronizes the administrative user name and password and the firmware image with the secondary controllers The master controller can push all configuration changes to the individual access points through the secondary controllers For ease of management you can configure location based profiles on the master controller and assign a location to each secondary controller The stacking feature allows wireless clients to roam from an access point that is managed by one of the controllers in the stacking group to any access point managed by the other controllers in the same stacking group These are the capacities of the primary and secondary controllers in a stack e Primary controller You can perform the following tasks Manage the secondary controllers Perform RF planning for the secondary controllers Configure the entire network including access point discovery and license reinforcement Monitor the entire network Push new a firmware image to the secondary controllers e Secondary controller You can perform the following tasks Access the primary controller s web management interface all controllers share the same administrative user name and password Configure the subnetwork Monitor the subnetwork Upgrade t
41. and Secure Copy SCP for the transfer of software images and large configuration files and for the transfer over a tunnel UDP port 69 Used by TFTP for software image upgrades of standalone access points UDP port 123 Used by Network Time Protocol NTP UDP port 138 Used by NetBIOS to resolve names UDP port 161 Used by the SNMP discovery process Access Point Discovery and Management 52 ProSafe 20 AP Wireless Controller WC7520 UDP port 6650 Used by the control channel between the wireless controller and the remote access point UDP port 7890 Used by the multicast discovery process This port does not need to be unblocked in a configuration in which remote access points are located behind a NAT router Enable DHCP option 43 vendor specific information on the DHCP server Specify the wireless controller s IP address to allow the access points to receive the wireless controller s IP address and the DHCP server to assign IP addresses to the access points The DHCP server on the wireless controller automatically enables DHCP option 43 with its own IP address Access points behind a NAT router first need to be converted to managed access points and then be installed behind the NAT router Each access point needs to have an IP address All access points that are the same model ship with the same default IP address With the exception of access points in factory default state that are in the same Layer 2 network a
42. at access point level for fast processing and roamed Layer 3 traffic processing at controller level e RF planning and management RF planning tool to predict the number and placement of access points based on signal strength and the number of users per building floor and to display the predicted coverage Automatic control of access point transmit power and channel allocation to reduce interference Automatic load balancing of clients across access points Rate limiting per profile e Monitoring and reporting Access point heat maps by wireless band and signal strength for real time status view of the WLAN Monitoring of the status of the network wireless controllers WLANs and clients and network usage statistics Specific health monitoring of access points Logging and emailing of system events RF events load balancing events rate limiting events and redundancy failover events For a list of all features and capabilities of the wireless controller see the datasheet at http support netgear com app products model a_id 13060 Package Contents The ProSafe 20 AP Wireless Controller WC7520 product package contains the following items e ProSafe 20 AP Wireless Controller WC7520 appliance One AC power cable Rubber feet 4 with adhesive backing e One rack mount kit e Straight through Category 5 Ethernet cable e WC7520 ProSafe Wireless Controller Installation Guide e Resource CD Introdu
43. authentication with an external RADIUS server or network authentication with an external RADIUS server but not both That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 or you use Legacy 802 1X you cannot use external MAC authentication and the MAC ACL radio buttons do not display on screen You still can use internal MAC authentication Managing Security Profiles and Profile Groups 79 ProSafe 20 AP Wireless Controller WC7520 Table 15 Basic security profile definition settings continued Setting Description Open System Shared Key WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK continued Captive Portal Select this check box if you want to enable the captive portal For more information see Configure Captive Portal Settings on page 126 Note You cannot configure captive portal authentication if the network authentication uses an external RADIUS server That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 or if you use legacy 802 1X the Captive Portal check box is not shown onscreen WPA with Radius WPA2 with RAdius and WPA amp WPA2 with Radius Authentication Server Select one of the following radio buttons e Local Use the local authentication server e External Use an external authentication server Select an external authentication server from the Authentication Server drop down list Note Fo
44. client Rogue Shows whether or not Yes or No the neighboring client is connected to a rogue access point To see the location of the neighboring client on a floor map select the neighboring client s radio button in the Locate column and then click the Locate button To disconnect neighboring clients select one or more check boxes that correspond to the neighboring clients or select all neighboring clients in the Neighboring Clients table by selecting the check box at the top right of the table and then click Disconnect To export the list of neighboring clients click Export View Rogue Access Points Detected by the Wireless Controller Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Clients Network WLAN Rogue AP ic gt Summary gt Usage Select Channel Privacy Last Beacon Category Known UnKnown Name ose ae Co Cc gt Clients OS o c0 3f 0e b4 66 da 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown Clients 00 18 f3 efidbiS8 Customer IO 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown gt Rogue AP c0 3f 0e 85 c5 40 ngrian 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown gt Profiles c0 3f10e 85 cd 60 ngwian 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown gt DHCP Lease 0 3f 00 85 05 41 ngguest 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown gt Cope Portal lt O 3fi0e 8Sied 61 ng
45. default baud rate is 9600 K The configuration is 8 bits no parity and 1 stop bit Note The console port is for debugging under guidance of NETGEAR technical support only e Factory Defaults button Using a sharp object press and hold this button for about 10 seconds until the front panel LED flashes and the wireless controller returns to factory default settings Introduction and Overview 13 ProSafe 20 AP Wireless Controller WC7520 Note If you reset the wireless controller all configuration settings are lost and the default password is restored e Kensington lock Attach an optional Kensington lock to prevent unauthorized removal of the wireless controller e AC power socket Attach the power cord to this socket There is no separate on off power switch Bottom Panel with Product Label The product label on the bottom of the wireless controllers enclosure displays the default IP address default user name and default password as well as regulatory compliance input power and other information NETGEAR ProSafe 20 AP Wireless Controller WC7520 This device complies with part 15 of the FCC Rules and Canada ICES 003 Operation is subject to the following two conditions 1 this device moy not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation CORBIS PIAA HRRARECT CORBERRARACHATSE BRM NARoFoecMSVETY COMACIAEMADBVISH
46. down the following occurs The remote access point uses its last known configuration and functions as a standalone access point while continuously attempting to reconnect to the wireless controller If the access point uses WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK authentication it can continue to accept new clients If the access point uses RADIUS Access Point Discovery and Management 53 ProSafe 20 AP Wireless Controller WC7520 authentication with the local RADIUS server of the wireless controller instead of an external RADIUS server the access point can no longer accept new clients If the access point is rebooted it loses its configuration After the connection with the wireless controller is reestablished the remote access point functions once again as a managed access point Run the Discovery Wizard The Discovery Wizard finds access points that are not yet on the managed access point list gt Torun the Discovery Wizard 1 Select Access Point gt Discovery Wizard The Discovery Wizard screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Discovery weord BEU ERZEINEJ gt Last Discovered gt Managed AP List Discovery Wizard Step 1 of 3 Choose state of Access Points In simple steps WC7520 can discover your supported Access Points in the network Please select the state of the Access Points Factory default state Installed and working in Standalo
47. list ACL with MAC addresses of clients to either allow or deny the network access privilege of the specified clients with the wireless controller managed access point The settings are applied only to managed access points Note The wireless controller can support an aggregate number of 4096 MAC addresses for all its local ACLs Configuring Network Access and Security 117 ProSafe 20 AP Wireless Controller WC7520 Guidelines for External MAC Authentication gt To use an external ACL 1 Configure an ACL on an external RADIUS server 2 On an Edit Profile screen see Chapter 6 Managing Security Profiles and Profile Groups next to MAC ACL select the External radio button 3 From the External Radius Server drop down list select an external authentication server The wireless controller consults the MAC ACL at initial client authentication While a client roams the wireless controller uses cached authentication information After a client has disassociated from the access point and then attempts to reassociate again the wireless controller once again consults the MAC ACL Note the following external RADIUS server guidelines e For each MAC authentication client you need to configure a policy on the RADIUS server e During MAC authentication the wireless controller sends the following information to the RADIUS server MAC address in the format XX XX XX XX XX XX username calling station ID e The wireless con
48. methods 29 data rate 94 data sheet 203 date troubleshooting 198 default access point group 23 default settings 13 198 202 Delivery Traffic Indication Message DTIM interval 95 detecting rogue access points 114 DHOP client access points 61 DHCP leases viewing 188 DHCP option 43 52 DHCP server description 29 settings 68 diagnostic tools 200 discovering access points 51 discovery problems troubleshooting 198 DNS servers 66 DTIM Delivery Traffic Indication Message interval 95 dual band access points 15 16 23 74 109 E EAP Extensible Authentication Protocol 132 electrical specifications 202 email notification server 72 encryption methods supported 29 end user license agreement EULA 128 Extensible Authentication Protocol EAP 132 external antenna 61 external authentication MAC authentication 79 118 RADIUS and LDAP servers 82 122 124 128 external storage 141 F factory default settings wireless controller 13 198 202 factory default state access points 54 failover redundancy 158 161 features overview 9 16 firmware minimum version for access points 15 scheduling updates 138 upgrading 137 version 171 floors planning 44 209 ProSafe 20 AP Wireless Controller WC7520 fragmentation length 95 frequency band 46 FTP server firmware upgrade 138 G guard interval 94 guest access captive portal 126 GUI troubleshooting 195 H hard reset 139 198 heat map 48 high traffic loa
49. of the access point Model The model of the access point Name The name that you specified for the access point Building The building in which the access point is located For more information see Define and Edit Buildings and Floors on page 42 and Edit and Remove Access Point Information on page 59 Floor The floor on which the access point is located For more information see Define and Edit Buildings and Floors on page 42 and Edit and Remove Access Point Information on page 59 Status The access point connectivity status Authentication in progress This status can last several minutes Applying configurations Firmware upgrade AP is rebooting Connecting Connected This status indicates normal operation e Not Connected The wireless controller cannot communicate with the access point at the configured IP address The wireless controller tries to log in to managed access points each minute If the error is temporary the status automatically changes to connected If the error is prolonged verify the access point s IP address and network connectivity Note Make sure that there is a DHCP server enabled in the network otherwise the managed access points remain in the Connecting state and do not enter the Connected state Managing Security Profiles and Profile Groups 88 ProSafe 20 AP Wireless Controller WC7520 Table 18 WLAN group assignments continued Se
50. options WPA PSK amp WPA2 PSK_ AES To configure WPA PSK amp WPA2 PSK authentication type a TKIP AES passphrase of at least 8 characters in the WPA Passphrase Note Use this option if Network Key field there are both WPA PSK and WPA2 PSK clients in Note The Data Encryption drop down list displays TKIP AES the network which is the only available option Both TKIP and AES are supported Configure Security Profiles for Advanced Profile Groups The advanced Profile Group screen lets you create up to 8 profile groups For each profile group you can create and configure up to 8 security profiles per wireless radio 8 profiles for a single band access point 16 profiles for a dual band access point Separate profiles are applied to 802 11b bg ng mode and 802 11a na mode radios By default all access points are assigned to the basic profile group After you have created advanced profile groups you can use the WLAN Network screen to reassign access points to any of these advanced profile groups see Manage Basic and Advanced Profile Groups in the WLAN on page 87 gt To adda profile group configure a new profile and then add another profile 1 Select Configuration gt Profile gt Advanced gt Radio The Profile Groups screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tosourt System Wireless Security i WLAN Network Captive Portal Basic corra Click to add another
51. own SSID security settings MAC ACL rate limiting settings WMM and so on The wireless controller follows the same architecture A profile group on the wireless controller includes all the features that you can configure for an individual access point up to 8 profiles 16 for dual band access points each of which has its own SSID security MAC ACL rate limiting settings WMM settings and so on Basic Profile The basic profile includes all the settings that are required to configure a fully functional access point with up to 8 security profiles 16 for dual band access points After you have used the automatic discovery process and added access points to the managed AP list on the wireless controller the access points are assigned by default to the basic profile group If your network requires the wireless controller to manage multiple access points with different configurations use the advanced profile Introduction and Overview 23 ProSafe 20 AP Wireless Controller WC7520 Advanced Profile The advanced profile lets you configure up to 8 access point profile groups Each group includes all the settings that are required to configure a fully functional access point with up to 8 security profiles 16 for dual band access points For example if there are four buildings each with a completely different wireless network you simply create four profile groups You then assign all access points in one building to one profil
52. points Requirements for Autodiscovery of Local Access Points If the access points still have their factory default settings the autodiscovery process should work fine If you changed the access point configuration make sure that the configuration meets the following general guidelines General Guidelines e All standalone access points need to have SNMP and SSH enabled e UDP port number 7890 needs to be unblocked in the firewall e Each access point needs to have an IP address All access points that are the same model ship with the same default IP address With the exception of access points in factory default state that are in the same Layer 2 network if more than one access point has the same IP address then only one of them is discovered at a time You have to add the access point to the managed list change its IP address and then run discovery again to discover the next access point with that IP address 51 ProSafe 20 AP Wireless Controller WC7520 An access point needs to run at least its initial firmware release or a newer version There are no other firmware requirements for the access point to function with the wireless controller Guidelines for the Autodiscovery Process Across Layer 3 Networks In addition to the previous general guidelines for the autodiscovery process to work across Layer 3 networks enable either one of the following options Multicast routing for IP address 254 0 100 250 between the wirele
53. product s or circuit layout s described herein Revision History Publication Version Publish Date Comments Part Number 202 10686 04 v1 1 February 2012 Added hexadecimal address information to Guidelines for the Autodiscovery Process Across Layer 3 Networks on page 52 202 10686 04 v1 0 October 2011 Added the following new information e New features Discovery and management of remote access points see Requirements for Autodiscovery of Remote Access Points on page 52 and Add Access Points to the Managed List after Discovery on page 57 Support for sentry mode see Edit and Remove Access Point Information on page 59 Rogue AP mitigation see Configure Basic Rogue Detection Settings on page 114 Captive portal accounts see Manage Users Accounts and Passwords on page 128 e Changes and improvements to the monitoring screens e Additional troubleshooting information 202 10686 03 v1 0 ProSafe 20 AP Wireless Controller WC7520 July 2011 Added the following new information e Support for the WNDAP360 access point see NETGEAR ProSafe Access Points e New features N 1 redundancy see Manage Redundancy Monitoring stacking and redundancy see View the Network Summary Screen External RADIUS based MAC authentication see Guidelines for External MAC Authentication External RADIUS based captive portal authentication see Configure Captive Portal Settings 202 10686 02
54. profile group v Advanced Radio Profile Groups Rate Limit Group 1 Group 2 Group 3 Name Radio Authentication vlan30 802 11b bg ng Open System vlani0 802 11a n Open System Figure 38 Managing Security Profiles and Profile Groups 84 ProSafe 20 AP Wireless Controller WC7520 The following table describes the fields that are shown for each profile in a profile group Table 17 Profile group settings Setting Description Name The unique profile name Radio The wireless radio mode in which the profile is operating Authentication The authentication setting under which the profile is operating 2 Click the button to create an additional profile group The new profile group displays on the advanced Profile Groups screen By default an NG_11g 0 profile and an NG_11a 0 profile are present in a profile group Note By default profile groups are named Group 1 Group 2 Group 3 and so on You cannot change these profile group names 3 Click Edit The advanced Edit Profile screen displays Note The selections that are available In the Network Authentication field are affected by the authentication server settings that you specify on the Authentication Server screen See Manage Authentication Servers and Authentication Server Groups on page 122 If the selection in the Network Authentication field requires authentication an additional field the corresponding Authentication Server field
55. profile group Click a tab to select a radio For each profile on a wireless radio in the selected profile group specify the rate limit as a percentage You can use the slider bars to adjust the values in the rate limit fields to the right of the slider bars Make sure that the total percentages of all profiles on one wireless radio in the selected profile group do not exceed 100 percent Click Apply to save your settings Configuring Wireless and QoS Settings 111 Contiguring Network Access and Security This chapter includes the following sections About Basic and Advanced Security Configurations Manage Rogue Access Points Manage MAC Authentication and MAC Authentication Groups Manage Authentication Servers and Authentication Server Groups Manage Guest Network Access Manage Users Accounts and Passwords AN IMPORTANT A Before you use the wireless controller to push the configurations to your access points first determine which profiles and security you need configure authentication servers and MAC authentication as described in this chapter and then complete configuration of the profiles that you intend to use see Chapter 6 Managing Security Profiles and Profile Groups CAUTION If security is not set up or is set up incorrectly when the wireless controller pushes the configurations to the access points you could accidentally wipe out all security leaving your entire network open to access About Bas
56. redundant controller occurs The redundant controller then takes over all functions of the primary controller If you want to add a redundant controller to a stack of two or three controllers see N 1 Redundancy on page 160 Note When a redundancy failover occurs wireless clients might experience a service interruption of a few seconds Managing Stacking and Redundancy 158 ProSafe 20 AP Wireless Controller WC7520 Requirements and Restrictions for a Single Controller with Redundancy These are the requirements and restrictions for a single controller with redundancy to function correctly The primary controller and redundant controller need to be in the same management VLAN and IP subnet e The VRRP ID for the relationship between the primary controller and redundant controller needs to be unique also in relation to any other VRRP IDs that might be used for other purposes in the network e The primary controller and redundant controller need to run the same firmware version If the firmware versions do not match redundancy does not work The licenses on the redundant controller need to match those on the primary controller If the licenses do not match redundancy does not work e The primary controller and redundant controller need to have the same controller IP address at which they provide the service but each controller has its own unique local IP address Example of a Configuration with a Single Controller with
57. restarted Controller IP The IP address of the wireless controller that manages the access point To export the list of access points click Export To see details about an access point select its corresponding radio button in the Select column of the Access Point table and then click the Details button to display the AP Details pop up window Because of its seize an example of this window is shown in two figures To close the AP Details window click OK Monitoring the Wireless Network and Components 173 ProSafe 20 AP Wireless Controller WC7520 AP Details Access Point Details AP Info Access Point Name netgear7B2608 Model WNAP210 Group basic IP Address 192 168 0 2 Ethernet MAC Address c0 3f 0e 7b 26 d0 AP Site Local Sentry Mode Enabled No Configured 2 4 GHz Channel 1 2412Ghz Current Operating 2 4 GHz Channel 1 2412Ghz Load Balancing Max Clients 802 11b bg ng 38 Load Balancing Signal Quality 602 11b bg ng 0 Profile Info Type SSID Security 802 11b ba ng NG_l1g Open 802 11b bg ng NG_11g 1 Open 802 11b ba ng NG_11g 2 Open 802 11b ba ng NG_119 3 Open 802 11b bo ng NG_11g 4 Open Figure 99 AP Details 802 11b bo ng NG_11g 7 Client Info MAC IP Channel SSID Security 00 1E 4C 67 33 B2 192 168 0 5 1 2 412Ghz NG_119 2 Open 00 40 F4 F4 7D C2 192 168 0 6 17 2 412Ghz NG_1ig 1 Open Rogue AP Info Type Reported In Same Channel In Interfering Channel 802 11b bg ng O0 o o
58. the license update server Fill in the Server Address field Server Address Enter the IP address or FQDN of the server from which you import your licenses Use a Proxy Server to Connect to the Internet Select this check box if you use a proxy server to connect to the Internet Proxy Server Enter the IP address or FQDN of the proxy server Proxy Port Enter the port that the proxy server uses This Proxy Server Requires Authentication Select this check box if the proxy server requires authentication User Name Enter the user name to access the proxy server Password Enter the password to access the proxy server 3 Click Apply to save your settings Register Your Licenses gt To register your licenses 1 Make sure that the wireless controller is connected to the Internet 2 Select Maintenance gt License and then click the Registration tab The Registration screen displays Maintaining the Controller 151 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocour User Management Upgrade Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt License License Settings Inventory Server Settings Registration Registration Key Key Key Type Key Status NG2EO4 AOE2 9460 6929 83F7 2O07C FAO3 2542 EOES 10 49 Reguteres NG2804 1645 3780 C676 27 1A FOLE
59. the wireless controller 1 Disconnect the wireless controller from the computer and place it where you will deploy it If necessary you can now reconfigure the computer that you used in the configuration process back to its original TCP IP settings 2 Connect an Ethernet cable from your wireless controller to a LAN port on your network 3 Connect the power cord to the wireless controller and plug the power cord into a power outlet The Power Test and Ethernet LEDs should light up If any of these do not light up see Troubleshoot Basic Functioning on page 194 Introduction and Overview 26 System Planning and Deployment Scenarios This chapter includes the following sections e System Planning e Management VLAN and Data VLAN Strategies e Deployment Scenarios System Planning This section includes the following subsections e Preinstallation Planning e Before You Configure a Wireless Controller e Single Controller Configuration with Basic Profile Group e Single Controller Configuration with Advanced Profile Groups e Stacked Controller Configuration Preinstallation Planning Before you install any wireless controllers determine the following e Number of access points required to provide seamless coverage e Number of wireless controllers required e 802 11 frequency band and the channels that are optimal for Wi Fi usage NETGEAR recommends that you perform a site survey e Run a spectrum analysis of channels o
60. to the ones providing the highest performance For more information see Configure Channels on page 99 Tx Power From the drop down list select the transmission power of the access point Note By default the access point s transmission power is set to the configuration that is selected on the basic RF Management screen For more information see Basic RF Management on page 102 6 Click Apply to save your settings Advanced Wireless Configuration for Profile Groups NETGEAR recommends using the default wireless settings unless you have specific reasons to change them You can configure wireless settings for the basic profile group see the previous section or for advanced profile groups gt To configure wireless settings for profile groups 1 Select Configuration gt Wireless gt Advanced gt Wireless The Advanced Wireless Settings screen displays Configuring Wireless and QoS Settings 96 ProSafe 20 AP Wireless Controller WC7520 Configuration Monitor Maintenance Stacking Plans Diagnostics System Security Profile WLAN Network Captive Portal gt Basic Self 192 168 0 251 y Advanced Radio On Off Advanced Wireless Settings Wireless QoS Settings RF Management Group 1 Group 2 Group 3 802 11b bg ng 802 11a na Turn Radio On 2 Wireless Mode 802 1ing Data Rate Best v Channel Width 20 40 MHz Dynamic Guard Interval 800 ns RTS Threshold 0 2347 2347 Fragm
61. wireless controller 3 Verify that VLAN 1 is set as the management VLAN and is marked as untagged which is the default setting Configuration gt System gt IP VLAN Configure the following profiles and configure network authentication and data encryption for these profiles 1 A profile with SSID 1 and VLAN 10 2 A profile with SSID 2 and VLAN 20 3 A profile with SSID 2 and VLAN 30 4 A profile with SSID 3 and VLAN 40 Configuration gt Profile gt Basic Configure the following profile groups 1 A profile group with the name Building 1 to which you add the following profiles The profile with SSID 1 and VLAN 10 The profile with SSID 2 and VLAN 20 The profile with SSID 2 and VLAN 30 2 A profile group with the name Building 2 to which you add the following profiles The profile with SSID 1 and VLAN 10 The profile with SSID 2 and VLAN 30 The profile with SSID 3 and VLAN 40 Configuration gt Profile gt Advanced Deploy the access points and connect them to PoE switches Wait until the access points are up and running run the Discovery Wizard specify the network layout by selecting the Same L2 network radio button and select the access points that you want to be managed by the wireless controller Access Point gt Discovery Wizard Assign the access points to the access point profile groups also referred to as WLAN groups Configuration
62. 0 Authentication Failed ap1 8b2d80 192 168 0 30 veriWave g 49 3 Mon Sep 20 16 02 25 2010 Authentication Failed api 852 80 192 268 0 30 veriWave g 49 2 Mon Sep 20 18 02 10 2010 Figure 118 The Blacklisted Clients screen lets you monitor all clients that attempted to connect but were denied access because they provided incorrect authentication credentials or their MAC address is blocked in a MAC ACL To view additional clients click Next to return to the previous clients click Previous The following table explains the fields of the Blacklisted Clients table on the Blacklisted Clients screen Table 51 Blacklisted clients information Item Description Select The radio button that lets you select the blacklisted client to locate it on a floor map MAC The MAC address of the blacklisted client Type The type of offense such as failed authentication Authentication Failed or denied access because of a blocked MAC address Denied Client AP Name The name of the access point to which the blacklisted client attempted to connect AP IP The IP address of the access point to which the blacklisted client attempted to connect RSSI The received signal strength indicator RSSI of the blacklisted client SSID The wireless network SSID that the blacklisted client used to attempt to connect to the access point Count The number of times the client s authentication failed Last Seen The l
63. 00 on page 174 Name The name of the access point see Edit and Remove Access Point Information on page 59 Location The location of the access point see Edit and Remove Access Point Information on page 59 Monitoring the Wireless Network and Components 172 ProSafe 20 AP Wireless Controller WC7520 Table 41 Network access point information continued Item Description Status The status of the access point Healthy or Down MAC The MAC address of the access point IP The IP address of the access point Model The model of the access point WNAP210 WNAP320 WNDAP350 or WNDAP360 Remote Shows the site designation Local or Remote of the access point Sentry Shows whether or not Yes or No sentry mode is enabled Building The building to which you assigned the access point see Edit and Remove Access Point Information on page 59 Floor The floor to which you assigned the access point see Edit and Remove Access Point Information on page 59 2 4 GHz Channel The configured 2 4 GHz channel on the access point This information can change after initial configuration of the access point because of automatic channel allocation 5 GHz Channel The configured 5 GHz channel on the access point This information can change after initial configuration of the access point because of automatic channel allocation Uptime The period since the access point was last
64. 10 DOWN Access Point NAME netgear7B26D8 IP 192 168 0 2 MAC c013f 0e17b126 d0 MODEL WNAP210 DOWN System UP Access Point NAME netgear7B26D8 IP 192 168 0 2 MAC c0 3f10e 7b 26 d0 MODEL WNAP210 UP Access Point NAME netgear7B2488 IP 192 168 0 3 MAC c0 3f10e 7b 24 80 MODEL WNAP210 UP Access Point NAME netgear7B26D8 1P 192 168 0 2 MAC c013f10e17b1261d0 MODEL WNAP210 DOWN Access Point NAME netgear7B2488 IP 192 168 0 3 MAC c0 3f 0e 7b 24 80 MODEL WNAP210 DOWN Raised Time Lav Fri Sep 17 10 42 19 2010 Fri Sep 17 10142118 2010 Fri Sep 17 10 42 05 2010 Fri Sep 17 10 42 04 2010 Fri Sep 17 20 41 58 2020 Thu Sep 16 09 18 02 2010 Thu Sep 16 09 16 02 2010 Thu Sep 16 09 17 48 2010 Thu Sep 16 09 17 49 2010 Thu Sep 16 09 17 48 2010 Thu Sep 16 09 17 47 2010 Thu Sep 16 09 17 41 2010 Wed Sep 15 11 55 01 2010 Wed Sep 15 11 55 01 2010 Wed Sep 15 11 54 47 2010 Wed Sep 15 11 54 47 2010 PREVIOUS NEXT LOGOUT REFRESH CLEAR ALL To clear the existing log click Clear All Consider saving the contents before you clear the system alerts see Save the Logs on page 144 To view RF events Select Maintenance gt Logs amp Alerts gt RF Events The RF Events screen displays Maintaining the Controller 146 Access Point User Management gt System Alerts gt RF Events gt Load Balancing Rate Limit gt Redundancy gt Stacking gt Save Logs Figure 74 Configuration Upgrade
65. 2 Click a tab to select a radio 3 Select the Turn Radio On check box to enable configuration of the wireless settings Configuring Wireless and QoS Settings 93 ProSafe 20 AP Wireless Controller WC7520 Note If automatic channel allocation is enabled on the Channel Allocation screen see Configure Channels on page 99 you cannot configure the wireless settings on the Basic Wireless Settings screen You need to disable automatic channel allocation to be able to configure the wireless settings Note You cannot configure the wireless settings if there are no access points assigned to a radio in a profile group 4 Configure the settings as explained in the following table Table 20 Wireless settings Setting Description Wireless Mode The selections that are available depend on the selected radio mode From the drop down list select the wireless mode 802 11b bg ng mode 11ng This is the default setting 11bg 11b 802 11a na mode 11na This is the default setting 11a Note If you select 802 11bg or 802 11b mode both 802 11n and 802 11g compliant devices can connect to the access points However if you select 802 11ng mode 802 11b compliant devices cannot connect Data Rate From the drop down list select the available transmit data rates of the wireless network Channel Width 802 11n only From the drop down list select the available channel width A wider ch
66. 2 168 0 90 Primary DNS Server 192 168 40 1 192 168 40 1 192 168 40 1 192 168 40 1 Secondary DNS Server Management 192 168 10 0 192 168 20 0 192 168 30 0 192 168 0 0 192 168 40 1 gt Figure 30 The DHCP Server List shows the DHCP servers that are already configured on the wireless controller 2 Click Add The Add DHCP Server pop up window displays Add DHCP Server DHCP Settings Figure 31 Enable m Use LAN Interface ca LAN IP Network 192 168 0 0 Subnet Mask 255 255 255 0 Default Gateway 192 168 0 50 Start IP End IP Co Use Default DNS Server V Primary DNS Server 192 168 0 5 Secondary DNS Server Use Default WINS Server V WINS Server Lan CANCEL CLEAR ADD 3 Configure the settings as explained in the following table Table 11 DHCP settings Setting Description Enabled Select this check box to enable the DHCP server When the check box is cleared the DHCP server is disabled Use VLAN Interface Select this check box to allow the DHCP server to function with multiple VLANs VLAN Enter the DHCP server VLAN ID The range is between 1 and 4094 The DHCP server will service this VLAN IP Network Enter the IP address for the wireless controller in the VLAN that you have specified in the VLAN field If you have not selected the Use VLAN Interface check box the IP address of the wireless controller s management VLAN is used Conf
67. 4 You can add up to six floors in one building but will need external USB storage if you add more than three floor maps 8 Click Apply to save your settings 9 Click Back to return to the Layout Buildings screen gt To edit a building 1 Select the radio button in the Edit column that corresponds to the building that you want to edit 2 Click Edit RF Planning 44 ProSafe 20 AP Wireless Controller WC7520 gt To delete a building 1 Select the check box that corresponds to the building that you want to delete or select the check box at the top row of the table to delete all buildings 2 Click Delete Specify Access Point Requirements After you have defined the buildings and floors you need to specify the following RF requirements for each floor and each supported access point model WNAP210 WNAP320 WNDAP9350 and WNDAP360 e Frequency band The radio frequency to be used 802 11b bg ng or 802 11a na e Signal quality The signal strength that you expect for the WLAN This setting determines the automatic channel allocation and automatic transmission power of the access points see the explanation in the table later in this section e Number of client per access point The total number of clients that you expect to be supported on each access point Total number of clients per floor The total number of clients that you expect to be supported on each floor Along with the floor dimensions these
68. 49 Controller DHCP lease information Item Description Host Name The host name of the DHCP client IP The IP address that is allocated to the DHCP client End Time The DHCP lease end time for the DHCP client End Date The DHCP lease end date for the DHCP client MAC The MAC address of the DHCP client VLAN The VLAN that the DHCP server and DHCP client are using to connect To export the list of DHCP leases click Export View Captive Portal Guests and Users Managed by the Wireless Controller The Controller Captive Portal Users screen displays the current guests and users that are logged in to a captive portal on the access points that are managed by the wireless controller Monitoring the Wireless Network and Components 188 ProSafe 20 AP Wireless Controller WC7520 gt To view the guest list Click the Guest List tab The associated Guest List screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics WLAN Clients Captive Portal Users gt Summary gt Usage R Guest List User List Access Point gt Clients IP Email Address S NoonDori 192 168 0 191 guestuseri netgear com Clients gt Rogue AP gt Profiles gt DHCP Lease gt Captive Portal Users Figure 113 The Guest List table shows the IP addresses and email addresses of the logged in guests To view additional guests click Next to return to the previous guests
69. 7 5 37 BOEF FORE 10 AP Registered Customer Information Company Name First Name Last name Email Address Fax Number Phone Number Address Zip City State Country VAR Information Company Name First Name Last name Email Address Fax Number Phone Number Address zip City State Country Figure 81 3 Complete the Customer Information fields with the customer information that is associated with the key that you want to add and register These fields are self explanatory 4 Complete the VAR Information fields with the value added reseller VAR information that is associated with the key that you want to add and register These fields are self explanatory 5 In the Registration Key field enter the registration key for the license that you want to add and register 6 Click Add to add your license to the table The key details have the same meaning as those shown on the Inventory screen see the Key Details section in Table 33 on page 149 7 Click Apply to register your license To delete a license from the table select its radio button and then click Delete Maintaining the Controller 152 ProSafe 20 AP Wireless Controller WC7520 Retrieve Your Licenses If NETGEAR exchanged your wireless controller for another one your licenses no longer display on the Inventory and Registration screens You need to retrieve your licences from the license update server gt To retrieve licenses after you have recei
70. 8 bit or 152 bit WEP None Shared Key 64 bit 128 bit or 152 bit WEP None WPA PSK TKIP or TKIP AES None WPA2 PSK AES or TKIP AES None WPA PSK and WPA2 PSK TKIP AES None WPA TKIP or TKIP AES One of the following authentication servers e External RADIUS server e Internal authentication server External LDAP server System Planning and Deployment Scenarios 29 ProSafe 20 AP Wireless Controller WC7520 Table 2 Authentication and encryption options continued Authentication method Encryption option Authentication server WPA2 AES or TKIP AES One of the following authentication servers e External RADIUS server e Internal authentication server External LDAP server WPA and WPA2 TKIP AES One of the following authentication servers e External RADIUS server e Internal authentication server External LDAP server For information about how to configure client authentication and data encryption see Manage Rogue Access Points on page 113 For information about how to configure authentication servers see Manage Authentication Servers and Authentication Server Groups on page 122 Single Controller Configuration with Basic Profile Group A basic configuration consists of a single wireless controller that controls a collection of access points that are organized into the basic default group gt To set up a single wireless controller system with a basic profile group
71. C7520 Manage Authentication Servers and Authentication Server Groups You can specify three types of authentication servers internal external RADIUS and external LDAP Internal authentication server The wireless controller handles authentication If you use this setting set up Wi Fi clients on the User Management screen see Manage Users Accounts and Passwords on page 128 External RADIUS server You can define a basic external RADIUS server that you would typically use in the profiles of a basic profile group of a small scale network You need to specify its configuration on the basic Authentication Server screen see the next section so that you can select this authentication option during the configuration of a profile As part of the advanced authentication server settings you can define multiple external RADIUS servers that you would typically use in a more complex network with many profiles You can then assign different RADIUS servers to different profiles By default the external RADIUS server for the basic authentication group is called basic Auth You cannot change this name By default the external RADIUS authentication servers for the advanced authentication groups are called Auth1 through Auth8 and you can change these names You can assign the basic Auth server to an advanced profile group and you can assign a RADIUS server of an advanced authentication group to the basic profile group See the following configuratio
72. Click Add The wireless controller is added to the Stacking table which shows the following fields Managing Stacking and Redundancy 156 ProSafe 20 AP Wireless Controller WC7520 Table 36 Stacking table fields Setting Description Role The role or function that the wireless controller has in the stack either Master or Slave Controller The IP address of the wireless controller Local IP The local IP address of the wireless controller in a redundancy group If you have not configured redundancy the local IP address for the master controller is identical to its controller IP address and there is no local IP address for any slave controller Master IP The IP address of the master in the stack Status The status of the wireless controller either Up or Down 5 As an option click Sync on the master controller in the stack to synchronize the profiles captive portals and user management settings to the slave controller in the stack After synchronization the slave controller reboots Note On the slave controller in the stack if you add the master controller as a stack member the slave controller becomes the new master controller and the original master controller becomes the new slave controller Controller Selection List After you have added one or more wireless controllers to the stack most screens in the web management interface display a controller selection list that lets you select t
73. I self 192 168 0 30 RF Events Severity Monitor Licensing ProSafe 20 AP Wireless Controller WC7520 Maintenance Stacking Plans Diagnostics Backup Restore Reboot Reset Extended Storage Description Remote Management Coverage Hole detected around AP netgear782488 in 2 4GHz frequency band in building Clinic on Floor Floor 1 Major Coverage Hole detected around AP netgear782488 in 2 4GHz frequency band in building Clinic on Floor Floor 1 Coverage Hole detected around AP netgear782488 in 2 4GHz frequency band in building Clinic on Floor Floor 1 Major Coverage Hole detected around AP netgear7B26D8 in 2 4GHz frequency band in building Clinic on Floor 1 Coverage Hole detected around AP netgear782488 in 2 4GHz frequency band in building Clinic on Floor 1 Major Coverage Hole detected around AP netgear7826D8 in 2 4GHz frequency band in building Clinic on Floor 1 Coverage Hole detected around AP netgear782488 in 2 4GHz frequency band in building Clinic on Floor 1 Major Coverage Hole detected around AP netgear7B26D8 in 2 4GHz frequency band in building Clinic on Floor 1 Coverage Hole detected around AP netgear782488 in 2 4GHz frequency band in building Clinic on Floor 1 ae Coverage Hole detected around AP netgear7826D8 in 2 4GHz frequency band in building Clinic on Floor 1 gt To view load balancing events Raised Time Fri Sep 17 00 02 37 2010 Thu Sep 16 16 12 36 2010 Thu Sep 16 16 07 36
74. NETGEAR ProSafe 20 AP Wireless Controller WC7520 Reference Manual ProSafe 20 AP Wireless Controller WC7520 2010 2011 NETGEAR Inc All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the written permission of NETGEAR Inc Technical Support Thank you for choosing NETGEAR To register your product get the latest product updates get support online or for more information about the topics covered in this manual visit the Support website at http support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at http support netgear com app answers detail a_iq 984 Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice Other brand and product names are registered trademarks or trademarks of their respective holders 2011 NETGEAR Inc All rights reserved Statement of Conditions To improve internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application of the
75. P encryption 82 WEP key requirements 203 WINS servers 66 wired connection stacking 154 wireless band usage viewing in the network 170 on the wireless controller 182 wireless client separation 79 wireless clients maximum number 108 wireless clients viewing blacklisted in the network 192 in the network 169 176 191 neighboring in the network 185 on the access point 175 on the wireless controller 180 184 wireless controller viewing active SSIDs 191 captive portal accounts and users 188 DHCP leases 188 in the network 171 redundancy status 181 summary 180 usage 182 wireless modes 94 wireless network name SSID 78 wireless settings 93 wizard access point discovery 51 212 ProSafe 20 AP Wireless Controller WC7520 WMM Wi Fi multimedia 105 WNAP210 WNAP320 WNDAP350 and WNDAP360 15 WPA and WPA2 authentication 82 84 WPA passphrase requirements 203 213
76. Points Reboot Access Points Search Access Point by IP MAC Name List of Access Points a IP MAC Name Building Floor Location mabe JEE fiii ES aL o 192 168 0 3 c0 3f 0e 7b 24 80 netgear7B2488 Clinic o 192 168 0 4 c0 3f 0e 7b 26 d0 netgear7B82608 Clinic Figure 67 2 As an optional step enter the IP address MAC address or name of an access point in the Search Access Point by IP MAC Name field and click Search 3 From the List of Access Points which you can sort by building floor or location specify the access points that you want to reboot by selecting the check boxes corresponding to the access points or specify that you want to reboot all access points by selecting the check box in the heading of the list 4 Click Reboot Manage External Storage The Extended Storage screen displays information about an optionally attached external storage device such as a USB memory stick or external hard drive and lets you mount and dismount the storage device You can use an external storage device to store more floor heat maps and extended statistics history gt To mount an external storage device and view information about the device 1 Select Maintenance gt Extended Storage The Extended Storage screen displays As an example the screen shows information about an attached USB memory stick Maintaining the Controller 141 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenanc
77. ProSafe 20 AP Wireless Controller WC7520 _ _ Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocour System Wireless Profile WLAN Network Captive Portal s Basic Corer y Advanced gt Rogue AP MAC Authentication MAC ACL gt Authentication syncl sync2 synced Acl 4 Server Click to add another ACL group Group Name synel Import MAC List from a file Merge Treat ACL as Oallow Deny Selected Wireless Clients DELETE ADO Available Wireless Clients id MAC Address d MAC Address E o 00 00 00 00 00 01 CANCEL DELETE IMPORT APPLY Figure 56 2 Click the button to create an additional ACL group The new ACL group displays on the advanced MAC Authentication screen and the tab for the new ACL is automatically selected to let you configure the new group Note By default profile groups are named Acl 1 Acl 2 Acl 3 and so on You can change these ACL group names 3 Inthe Group Name field enter a unique name for the ACL group 4 Compile the Selected Wireless Clients list as explained in the previous section Configure Basic Local MAC Authentication Settings Note The wireless controller supports a maximum of 256 MAC addresses per SSID 5 Click Apply to save your settings To delete an ACL group select its tab and then click Delete Configuring Network Access and Security 121 ProSafe 20 AP Wireless Controller W
78. R EMTSLIBRENSOEMSHVET C VCCI A DEFAULT ACCESS https 192 168 0 250 g ici R e user name admin ITE E212778 10047 mm 10 password password Input Rating AC 100 240V 50 60Hz 1 0A max SERIAL MAC LAN Made in Chino 272 11018 02 Figure 3 WC7520 Wireless Controller System Components A WC7520 wireless controller system consists of one or more wireless controllers and a collection of access points that are organized into groups based on location or network access The wireless controller system can include a single wireless controller a single wireless controller with a backup wireless controller for N 1 redundancy or a group of up to three stacked wireless controllers with or without a redundant wireless controller Introduction and Overview 14 ProSafe 20 AP Wireless Controller WC7520 The WC7520 wireless controller system supports the following access point models e NETGEAR WNAP210 ProSafe wireless N access point e NETGEAR WNAP320 ProSafe wireless N access point e NETGEAR WNDAP350 ProSafe dual band wireless N access point e NETGEAR WNDAP 360 ProSafe dual band wireless N access point Future releases will support additional access point models NETGEAR ProSafe Access Points You can connect access points to the wireless controller either directly with an Ethernet cable through a router or switch or remotely through an IP network After you have used the automatic discovery process
79. Redundancy The following figure shows a configuration with a primary controller and a redundant controller before a failover has occurred Before failover Primary controller E YN controller IP 192 168 1 3 AP Cloud local IP 182 168 1 7 K E A eee Redundant controller local IP 192 168 1 6 Figure 87 The following figure shows the settings on the Stacking Redundancy screen before a failover has occurred Managing Stacking and Redundancy 159 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Berea Stacking Redundancy Stacking Role Controller IP l Local IP Master IP Status Master 192 168 1 3 192 168 1 7 192 168 1 3 Up ADD EDIT _ DELETE Redundancy Enable Redundancy Vv Secondary IP CS Controller Role gt Controller IP VRRP ID 1 255 Local IP Master 192 168 1 3 ET 192 168 1 7 P Figure 88 The following figure shows a configuration with a primary controller and a redundant controller after a failover has occurred After failover Down local IP 192 168 1 7 I i VRRP ID 1 I Active controller controller IP 192 168 1 3 local IP 192 168 1 6 wt Figure 89 N 1 Redundancy With N 1 redundancy you can add one redundant controller for up to three controllers that is a redundancy group can consist of four controllers one of which is a redundant controller In an N 1 redundancy group with thre
80. Regulations of the Canadian Department of Communications This Class B digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe B est conforme a la norme NMB 003 du Canada European Union The ProSafe 20 AP Wireless Controller WC7520 complies with essential requirements of EU EMC Directive 2004 108 EC and Low Voltage Directive 2006 95 EC as supported by applying the following test methods and standards e EN55022 2006 A1 2007 e EN55024 1998 A1 2001 A2 2003 e EN60950 1 2005 2nd Edition e EN 61000 3 2 2006 e EN 61000 3 3 1995 w A1 2001 A2 2005 Notification of Compliance 206 ProSafe 20 AP Wireless Controller WC7520 GPL License Agreement GPL may be included in this product to view the GPL license agreement go to ftp downloads netgear com files GPLnotice paf For GNU General Public License GPL related information please visit http support netgear com app answers detail a_id 2649 Notification of Compliance 207 Index Numerics 2 4 GHz and 5 GHz channels 100 802 11 wireless modes 94 802 1Q VLAN header 28 67 A AC power socket 14 access point groups assignment 87 basic or default 23 description 23 MAC authentication 120 QoS 105 radio turning on and off 92 rate limiting 110 RF management 104 security profiles 75 wireless settings 96 access points adding 57 antennas configuring 61 channel allocation automatic 99 101 manual 96 98 DHCP clie
81. Schedule On Select the check boxes for each day of the week that you want to schedule the radio to be either on or off Duration From the drop down lists specify the duration in hours and minutes that the radio should be either on or off 3 Click Apply to save your settings Advanced Radio Configuration for Profile Groups You can schedule the radio for specific groups to match their network usage For example during registration a school could leave the radios on for the main office or administration building and turn off radios in buildings that contain only classrooms that are not in use To schedule the radio for profile groups 1 Select Configuration gt Wireless gt Advanced gt Radio On Off The advanced Schedule screen displays M s z 5 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocou System Wi Security Profile WLAN Network Captive Portal Basic Self 192 168 0 251 v Advanced Radio Onor Schedule gt Wireless gt QoS Settings Group 1 Group 2 Group 3 gt RF Management Current Time Thu Jul 29 11 51 13 PDT 2010 Schedule Radio On Off on Oof Schedule at hr OM min mt weet f Schedule On e A Ei Duration hrs 24 mins Figure 43 2 Click a tab to select a profile group Configuring Wireless and QoS Settings 92 ProSafe 20 AP Wireless Controller WC7520 3 Configure the settings as explained in the previ
82. Sync in progress Firmware mismatch Secondary Status The status of the secondary controller in the redundancy group Reachable or Not reachable Sync Status The synchronization status between the wireless controllers in the redundancy group In Sync or Not in Sync Primary IP Address The IP address of the primary controller in the redundancy group Secondary IP Address The IP address of the secondary controller in the redundancy group Virtual IP The common IP address that is used by both the primary and secondary controller in the redundancy group and that always is owned by the active controller Monitoring the Wireless Network and Components 181 ProSafe 20 AP Wireless Controller WC7520 View Wireless Controller Usage Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT Network WLAN Clients a gt Summary Controller Usage gt Usage 2 4 GHz Band Usage 5 GHz Band Usage Network Usage gt Access Point gt Clients gt Neighboring Clients Controller Usage 2 4 GHz Band Usage gt Rogue AP Profil eae 25 00Kbps gt DHCP Lease Captive Portal sar aN 20 00Kbps 15 00Kbps 10 00Kbps 5 00Kbps 0 Hrs 4 Hrs 8 Hrs 12 Hrs 16 Hrs 20 Hrs 24 Hrs E Average Receive Rate Access Point Average Transmit Rate Access Point REFRESH Figure 105 The Controller Usage screen displays a graphic of the average rate of data traffic tha
83. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following methods e Reorient or relocate the receiving antenna e Increase the separation between the equipment and the receiver e Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected e Consult the dealer or an experienced radio TV technician for help Modifications made to the product unless expressly approved by NETGEAR Inc could void the user s right to operate the equipment Canadian Department of Communications Radio Interference Regulations This digital apparatus ProSafe 20 AP Wireless Controller WC7520 does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the Radio Interference
84. To view rate limit events Extended Storage Diagnostics Severity Description Raised Time Fri Mar 11 16 42 06 2011 Fri Mar 11 16 39 41 2011 Fri Mar 11 16 36 50 2011 Fri Mar 11 16 35 55 2011 Fri Mar 11 16 35 34 2011 Fri Mar 11 16 35 13 2011 Fri Mar 11 16 35 12 2011 Fri Mar 11 16 35 12 2011 Fri M r 11 16 33 18 2011 Fri Mar 11 16 25 18 2011 Fri Mar 11 16 25 18 2011 Fri Mar 11 16 25 01 2011 Remote Management Select Maintenance gt Logs amp Alerts gt Rate Limit The Rate Limit screen displays Maintaining the Controller 147 Access Point User Management gt System Alerts RF Events gt Load Balancing gt Rate Limit gt Redundancy gt Stacking gt Save Logs Figure 76 gt ProSafe 20 AP Wireless Controller WC7520 Configuration Monitor Upgrade Licensing Backup Restore self 192 168 0 30 Rate Limit Maintenance Plans Stacking Diagnostics Reboot Reset Extended Storage Remote Management Description Severity Ally To view redundancy events Raised Time Select Maintenance gt Logs amp Alerts gt Redundancy The Redundancy screen displays Access Point User Management gt System Alerts gt RF Events Load Balancing gt Rate Limit gt Redundancy gt Stacking gt Save Logs Figure 77 Configuration Monitor Upgrade Licensing Backup Restore Severity Description Switching to Active State To view stacking even
85. WPA PSK amp WPA2 PSK ldi _Lower_Floor 802 11b bg ng WPA PSK amp WPA2 PSK eldi _Ubrary 802 11a na Open System Figure 9 Choose a Location for the Wireless Controller The wireless controller is suitable for use in an office environment where it can be freestanding on its runner feet or mounted into a standard 19 inch equipment rack Alternatively you can rack mount the wireless controller in a wiring closet or equipment room A mounting kit containing two mounting brackets and screws is provided in the wireless controller package Consider the following when deciding where to position the wireless controller e The unit is accessible and cables can be connected easily e Cabling is away from sources of electrical noise These include lift shafts microwave ovens and air conditioning units e Water or moisture cannot enter the case of the unit Airflow around the unit and through the vents in the side of the case is not restricted Provide a minimum of 25 mm or 1 inch clearance e The air is as free of dust as possible e Temperature operating limits are not likely to be exceeded Install the unit in a clean air conditioned environment For information about the recommended operating temperatures for the wireless controller see Appendix A Factory Default Settings and Technical Specifications Introduction and Overview 25 ProSafe 20 AP Wireless Controller WC7520 Deploy the Wireless Controller gt To deploy
86. Wireless Controller WC7520 e When a failover occurs and the redundant controller takes over for a primary controller redundancy is no longer available for the other primary controllers in the redundancy group e When you upgrade from a firmware release before release 2 2 to release 2 2 you need to reconfigure redundancy Example of an N 1 Redundancy Configuration The following figure shows an N 1 configuration with three stacked controllers and one redundant controller before a failover has occurred N 1 Redundancy Before failover Primary controllers v wa o AP Cloud 1 AP Cloud 2 AP Cloud 3 gt al ti i aa ee el Master controller Slave controller Slave controller controller IP 192 168 1 3 controller IP 192 168 1 4 controller IP 192 168 1 5 local IP 192 168 1 7 local IP 192 168 1 8 local IP 192 168 1 9 master IP 192 168 1 3 master IP 192 168 1 3 master IP 192 168 1 3 n a gt eS Redundant controller local IP 192 168 1 6 Figure 90 The following figure shows the N 1 settings on the Stacking Redundancy screen before a failover has occurred Managing Stacking and Redundancy 162 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Stacking Redundancy Stacking Role Controller IP Local IP Master IP Status Master 192 168 1 3 192 168 1 7 192 168 1 3 Up O Slave 192 168 1 4 192 168 1 8 192 168 1 3 Up Slav
87. accommodate the traffic load of the trunk System Planning and Deployment Scenarios 33 ProSafe 20 AP Wireless Controller WC7520 Deployment Scenarios This section provides three deployment scenarios to illustrate how the wireless controller can function in a variety of network configurations e Scenario Example 1 Basic Network with Single VLAN e Scenario Example 2 Advanced Network with VLANs and SSIDs e Scenario Example 3 Advanced Network with Redundancy Scenario Example 1 Basic Network with Single VLAN The following sample scenario consists of a simple network with a wireless controller PoE switch Layer 3 switch or router and access points Management VLAN Ethernet traffic All client Ethernet traffic Printer y reins 4 Deploy the controller e O on a trunk port Backend L3 switch Wireless PoE or router Coils Sa AN Access Point WC7520 WNDAP350 _ e lt i Mij Finance Marketing computer computer Employee Employee computer computer Figure 11 System Planning and Deployment Scenarios 34 ProSafe 20 AP Wireless Controller WC7520 The access points and wireless controller are connected in the same subnet and use the same IP address range that is assigned for that subnet There are no routers between the access points and the wireless controller The access points are connected to a PoE switch which in turn is connected to the wireless controller The uplink of P
88. ackets The number of packets that the wireless client transmitted Rx Packets The number of packets that the wireless client received View Security Profiles in the Network Access Point Monitor Maintenance Plans Configuration Stacking Diagnostics Clients WLAN Controller gt Summary Profiles gt Usage Security Radio Mode Status Controller IP Group Name gt Controller NG_1lig Open 802 11ib bg ng Active 192 168 0 250 basic gt Access Point NG_11g 1 Open 802 11b bg ng Active 192 168 0 250 basic gt Clients NG_11g 2 Open 802 11b bg ng Active 192 168 0 250 basic gt Profiles NG_11g 3 Open 802 11b bg ng Active 192 168 0 250 basic eS NG_119 4 Open 802 11b bg ng Active 192 168 0 250 basic NG_11g 5 Open 802 11b bg ng Active 192 168 0 250 basic NG_1ig 7 Open 802 11b bg ng Active 192 168 0 250 basic NG ita Open 802 11a na Active 192 168 0 250 basic NG_ila 1 Open 802 11a na Active 192 168 0 250 basic NG_11g 0 Wpa Wpa2 802 11b bg ng Inactive 192 168 0 250 Group 1 NG_lilg 1 Wpa Wpa2 02 11b bg ng Inactive 192 168 0 250 Group 1 NG _11a 0 Open 02 11a na Inactive 192 168 0 250 Group 1 NG_11g 0 Open 02 11b bg ng inactive 192 168 0 250 Group 2 NG_11a 0 Open 802 11a na Inactive 192 168 0 250 Group 2 NG_iig 0 Open 802 11b bg ng Inactive 192 168 0 250 Group 3 NG_11 0 Open 802 11a na Inactive 192 168 0 250 Group 3 PREVIOUS NEXT REFRESH EXPORT Figu
89. ade Licensing Backup Restore Reboot Reset Extended Storage Remote Management Access Points Select an Access Point System Alerts gt RF Events Choose an Access Point to save the logs gt Load Balancing Rate Limit gt Redundancy v Save Logs AP Logs System Logs Figure 71 2 Select an access point from the drop down list 3 Click Save and follow the directions of you browser to save the logs to the selected access point The name of the zipped log file is ap_logs tgz To save system logs 1 Select Maintenance gt Logs amp Alerts gt Save Logs gt System Logs The System Logs screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management gt System Alerts Self 192 168 0 30 a RF Events Load Balancing System Logs Rate Limit Save Logs gt Redundancy v Save Logs gt AP Logs gt System Logs Save a copy of the WC7520 system logs to a file Figure 72 2 Click Save and follow the directions of you browser to save the logs to your computer The name of the zipped log file is wnc_logs tgz View Alerts and Events The wireless controller lets you view the following alerts and events e System Alerts System alerts such as an access point coming up or being shut down the wireless controller coming up or being shut down a
90. al with a field for entering an email address Guests do not need to provide a password and can have unlimited access to the network You do not need to configure guest accounts e Captive A captive portal with a field for entering a login user name and a field for entering a password If you select this option the Radius Server radio buttons and drop down list display For information about how to configure captive portal users and accounts see Manage Users Accounts and Passwords on page 128 Radius Server Select one of the following radio buttons e Local Use the local authentication server Note This setting is for External Select an external authentication server from the drop down list a Captive portal only Note For information about setting up and enabling internal and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 122 Select Placement Select Center Bottom or Top to specify the location of the login prompt on the login screen Load Background Image As an option click Browse to navigate to and select an image file to be used for the background of the login screen You can use a gif jog or omp image EULA section EULA Text Required Select this check box if you want to present the end user license agreement EULA on the guest login screen or captive portal login screen so users can view the EULA before they log in Enter the EULA
91. anaging Stacking and Redundancy Introduction and Overview 17 ProSafe 20 AP Wireless Controller WC7520 Monitor the Network and Its Components View heat maps View the real time heat maps for a deployed WLAN See the RF signal propagation per floor and identify coverage holes and weak signal spots Monitor the status of all wireless devices View the status the wireless controllers access points clients access point profiles and the entire network and view network usage statistics e Monitor network health See which access points are healthy and which ones are down or compromised For more information see Chapter 11 Monitoring the Wireless Network and Components Licenses The wireless controller includes an built in license to support up to 20 access points in 802 11a b g n mode You can purchase licenses in 10 access point increments WC7510L for support of up to 50 access points for a single wireless controller To support 50 access points you would need to purchase 3 WC7510L licenses if you have three wireless controllers in a stack and want to support the maximum number of 150 access points you would need to purchase 9 WC7510L licenses Adding a redundant wireless controller also requires you to purchase licenses to support the required number of access points on the redundant wireless controller Licenses are tied to the serial number of the wireless controller For more information see the License Co
92. and added access points to the managed access point list on the wireless controller the wireless controller converts the standard access points to dependent access points by pushing firmware to the access points From then on you can centrally manage and monitor the access points A WC7520 wireless controller system can support the following access points e WNAP210 ProSafe Wireless N Access Point Supports 802 11b 802 119 and 802 11n network devices Supports Power over Ethernet PoE with a power consumption of up to 5 8W Requires minimum firmware version WNAP210_ 2 0 8 or a newer version For product documentation and firmware see http support netgear com app products model a_id 8101 e WNAP320 ProSafe Wireless N Access Point Supports 802 11b 802 119 and 802 11n network devices Supports Power over Ethernet PoE with a power consumption of up to 5 8W Accepts optional antennas Requires minimum firmware version WNAP320_ 2 0 7 or a newer version For product documentation and firmware see http support netgear com app products model a_id 186071 e WNDAP350 ProSafe Dual Band Wireless N Access Point Supports 802 11a 802 116 802 119 and 802 11n network devices Supports PoE with a power consumption of up to 10 75W Concurrent operation in 2 4 GHz and 5 GHz radio band while in 802 11n mode Accepts optional antennas Requires minimum firmware version WNDAP350_V2 0 or a newer version For product documentation and fir
93. annel improves the performance but some legacy devices can operate only in either 20 MHz or 40 MHz Guard Interval 802 11n only From the drop down list select a value that protects transmissions from interference A shorter guard interval improves performance but some legacy devices can operate only with a long guard interval Configuring Wireless and QoS Settings 94 ProSafe 20 AP Wireless Controller WC7520 Table 20 Wireless settings continued Setting Description RTS Threshold 0 2347 Enter the size of the Request to Send RTS threshold packet The RTS threshold is related to the transmission mechanism CSMA CA or CSMA CD for the packets If the packet size is equal to or less than this threshold the data frame is transmitted immediately if the packet size is larger than the specified value the transmitting station needs to send an RTS threshold packet to the receiving station and then should wait for the receiving station to return a Clear to Send CTS packet before sending the actual packet data Fragmentation Length 256 2346 Enter the size that specifies the maximum fragmentation length for data packets Packets larger than the specified fragmentation length are broken up into smaller packets before being transmitted The fragmentation length needs to be an even number Beacon Interval 100 1000 Enter the time interval for each beacon transmission that allows the a
94. asic Profile Group The Edit Profile Basic screen lets you create and configure up to 8 security profiles per wireless radio 8 profiles for a single band access point 16 profiles for a dual band access point Separate profiles are applied to 802 11b bg ng mode and 802 11a na mode radios gt To add a security profile to the basic profile group 1 Select Configuration gt Profile gt Basic gt Radio The Edit Profile Basic screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT System Wireless Security WLAN Network Captive Portal Basic Self 192 168 0 251 gt Radio gt Load Balancing Edit Profile Basic Rate Limit mdvanced 802 11b bg ng 802 11a na Click to add another profile vianio vian20 NG_1 a Profile Definition Name vlan10 Wireless Network Name SSID vlan10 Broadcast Wireless Network Name SSID res Ono Your selection from Select the Local radio r the Network Client Authentication button to display the 7 5 fe Authentication Net Aut ticati Q Syst v r i Local MAC ACL p EASES ae e lt pri down bi j etermines tne Group drop down list Wireless Client Security Separation Disable w information that is Select the External lan 10 displayed onscreen radio button to display the External Authentication Settings Radius Server MAC ACL tocal External a Local MAC ACL Group basic w drop down list Captive Portal Wireless QoS
95. ast time that the blacklisted client attempted to log in Monitoring the Wireless Network and Components 192 ProSafe 20 AP Wireless Controller WC7520 To see the location of the blacklisted client on a floor map select the client s radio button in the Select column and then click the Locate button To export the list of blacklisted clients click Export Monitoring the Wireless Network and Components 193 Troubleshooting This chapter includes the following sections Troubleshoot Basic Functioning Troubleshoot the Web Management Interface Troubleshoot a TCP IP Network Using the Ping Utility Use the Factory Default Button to Restore Default Settings Problems with Date and Time Problems with Access Points Use the Diagnostic Tools on the Wireless Controller Troubleshoot Basic Functioning After you turn on power to the wireless controller the following sequence of events should occur 1 2 When power is first applied verify that the Power LED is on After approximately 2 minutes verify that a The Test LED is no longer lit b The left LAN port LEDs are lit for any local ports that are connected If a port s left LED is lit a link has been established to the connected device If a port is connected to a 1000 Mbps device verify that the port s right LED is green If the port functions at 100 Mbps the right LED is amber If the port functions at 10 Mbps the right LED is off If any of thes
96. ate that are in the same Layer 2 network if more than one access point has the same IP address then only one of them is discovered at a time You have to add the access point to the managed list change its IP address and then run discovery again to discover the next access point with that IP address e Make sure that the access points run at least their initial firmware release or a newer version For firmware requirements see NETGEAR ProSafe Access Points on page 15 For local access points that are installed across a Layer 3 network Make sure that either one of the following options is enabled e Multicast routing for IP address 254 0 100 250 between the wireless controller and the access point e DHCP option 43 vendor specific information on the DHCP server Specifying a DHCP server on the wireless controller automatically enables DHCP option 43 with its own IP address For remote access points e Make sure that DHCP option 43 vendor specific information is enabled on the DHCP server Specifying a DHCP server on the wireless controller automatically enables DHCP option 43 with its own IP address e Make sure that the following ports are unblocked in the firewall TCP port 22 UDP ports 69 123 138 161 and 6650 These ports are in addition to port 7890 e Make sure that access points behind a NAT router have been converted to managed access points before they are installed behind the NAT router Connection Probl
97. ayed in white against a blue background 2nd level Configuration menu tab The configuration menu tabs in the blue bar immediately below the main navigation menu bar change according to the main navigation menu tab that you select When you select a configuration menu tab the letters are displayed in orange against a blue background 3rd level Submenu link Each configuration menu tab has one or more submenu links that are listed on the left side of the screen in a gray box When you select a submenu link the text is displayed in orange against a gray background On many screens the submenus are divided into a basic submenu and an advanced submenu e Action buttons Action buttons change the configuration or allow you to make changes to the configuration These are the most common action buttons Apply Saves all configuration changes made on the current screen Saved settings are retained when the wireless controller is powered off or rebooted while unsaved configuration changes are lost Cancel Resets options on the current screen to the last applied or saved settings Add Adds a new item to the current screen Typically a pop up window opens that enables you to enter information in additional fields Edit Allows you to edit the configuration of the selected item Remove or Delete Removes the selected item from the table or screen configuration Introduction and Overview 19 ProSafe 20 AP Wireless Contr
98. below default level Select the Disable radio button to disable automatic Tx power control WLAN Healing section Maximum Neighbors to Participate From the drop down list select the maximum number of neighboring in Self healing access points that increase or decrease power to cover for a failing access point Selecting 0 zero disables this feature Use close neighbors not a distant access point and do not use all access points Self healing wait Time after AP From the drop down list select the number of minutes to validate that Failure is wait before confirming a failed access point and increasing transmit power to cover the area Enter a value greater than the access point reboot time which is usually 1 minute This allows for fluctuations in the power of nearby access points when access points are rebooted Configuring Wireless and QoS Settings 103 ProSafe 20 AP Wireless Controller WC7520 Table 24 RF management settings continued Setting Description Coverage Hole Detection section Periodic Coverage Hole Detection Select the Enable radio button to allow coverage hole detection to run in the background periodically Select the Disable radio button to disable this option Alert Severity for Coverage Hole Select a radio button to specify the type of alarm severity to be associated with a coverage hole detection event on the Logs amp Alerts screen e Critical e Major
99. bmenu links to display a wireless controller monitoring screen Summary See View the Wireless Controller Summary Screen Usage See View Wireless Controller Usage Access Points See View Access Points Managed by the Wireless Controller Clients See View Clients Managed by the Wireless Controller Neighboring Clients See View Neighboring Clients Detected by the Wireless Controller Rogue AP See View Rogue Access Points Detected by the Wireless Controller Profiles See View Security Profiles Managed by the Wireless Controller DHCP Lease See View DHCP Leases Provided by the Wireless Controller Captive Portal Users See View Captive Portal Guests and Users Managed by the Wireless Controller Monitoring the Wireless Network and Components 179 ProSafe 20 AP Wireless Controller WC7520 View the Wireless Controller Summary Screen Network gt Summary Usage Access Point gt Clients gt Neighboring Clients Rogue AP gt Profiles DHCP Lease Captive Portal Users Figure 104 Access Point Configuration Monitor WLAN Network Status Network Info Total Alarms Firmware ersion 2 1 0 21_Beta_2329 Device Up Down Critical Controller Uptime 14 mins 4 secs Access Points O o o 2 Last Reboot Wed Mar 23 03 29 17 2011 Clients o NA NA NA Last Configuration Change Wed Mar 23 03 43 15 2011 Last Channel Allocation Tue Mar 22 08 24 08 2011 Last Admin Login Wed Mar 23 03 29 42 2011 Wireless Clients
100. both ends 2 Log in to the wireless controller a Open your browser and type http 192 168 0 250 in the browser s address field Note You need to use a web browser such as Microsoft Internet Explorer 5 1 or later or Mozilla Firefox x or later with JavaScript cookies and SSL enabled Introduction and Overview 20 ProSafe 20 AP Wireless Controller WC7520 The wireless controller s login window displays NETGEAR WC7520 Connect with Innovation ProSafe Wireless LAN Controller Login User Name Password Figure 5 When prompted enter admin for the user name and password for the password both in lowercase letters Click Login The wireless controller s web management interface displays with the default status screen the path is Monitor gt Controller gt Summary which shows the network status and related information Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Network WLAN Clients gt Summary Network Status Network Info Usage i Total Alarms S Firmware Version 2 1 0 21_Beta_2329 gt Access Point Device Up Down Critical Major Controller Uptime 14 mins 4 secs gt Clients Access Points 0 Last Reboot Wed Mar 23 03 29 17 2011 gt Neighboring Clients o Last Configuration Change Wed Mar 23 03 43 15 2011 Clients Last Channel Allocation Tue Mar 22 08 24 08 2011 Rogue AP Wireless Clients Last Admin Login Wed Mar 23 03 29 42 2011 gt Profiles Open WEP
101. ccess point to synchronize the wireless network Aggregation Length 1024 65535 802 11n only Enter the maximum length of Aggregated MAC Protocol Data Unit AMPDU packets Larger aggregation lengths can lead to better network performance Aggregation is a mechanism used to achieve higher throughput AMPDU 802 11n only Select the On radio button to allow the aggregation of several MAC frames into a single large frame to achieve higher throughput Enabling AMPDU can lead to better network performance Select the Off radio button to disable this option RIFS Transmission 802 11n only Select the On radio button to enable the Reduced Interframe Space RIFS option to allow transmission of successive frames at different transmit powers Enabling RIFS can lead to better network performance Select the Off radio button to disable this option DTIM Interval 1 255 Enter the Delivery Traffic Indication Message DTIM or the data beacon rate that you want to use This sets the message period of the beacon delivery traffic indication in multiples of beacon intervals Preamble Type 802 11b bg only Select one of the following radio buttons to specify the preamble type e Auto Automatically handles both long and short preambles A short transmit preamble provides better performance Auto is the default setting e Long Enables a long transmit preamble to provide a more reliable connection or a slightly longe
102. cess point Radio type or types Desired data rates for access points Identify areas where you do not necessarily want coverage Identify areas where you cannot deploy an access point Use a worksheet similar to the following to collect your information Table 3 Building planning worksheet Building dimensions Height Width Number of floors User information Number of users Users per access point Radio types Access point desired signal rate 802 11 b bg ng 802 11a na Don t care don t deploy areas Define and Edit Buildings and Floors This section explains how you can define your buildings and floors and make modifications after you have defined them You can add a maximum of three local buildings and three remote buildings a total of six buildings To define a building 1 Select Plans gt Layout The Layout Buildings screen displays with the Local Building tab and associated screen in view To define a remote building click the Remote Building tab RF Planning 42 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT Planning Deployed gt Layout Self 192 168 0 30 Buildings Local Building Remote Building Edit Name Num Of Floors Clinic 2 0 MainOffice 3 oO DowntownOffice 1 Figure 14 The Buildings table shows the name
103. changing the PoE switch ports to which the access points are connected to tagged ports During the discovery process these switch ports were access ports in management VLAN 100 Scenario Example 3 Advanced Network with Redundancy The following sample scenario consists of an advanced network with one wireless controller one redundant wireless controller one core switch two PoE switches in different buildings access points and several VLANs and SSIDs These are the components in the wireless controller system e One wireless controller e 50 access points managed by the wireless controller through management VLAN 1 e One redundant wireless controller e Four VLANs VLAN 10 VLAN 20 VLAN 30 and VLAN 40 e Three SSIDs SSID 1 SSID 2 and SSID 3 In this scenario the VLANs and SSIDs are used to accommodate traffic for different user groups in a school that is spread out over two buildings e Building 1 SSID 1 in VLAN 10 for staff traffic SSID 2 in VLAN 20 for middle school students SSID 3 in VLAN 30 for guests e Building 2 SSID 1 in VLAN 10 for staff traffic SSID 2 in VLAN 40 for high school students SSID 3 in VLAN 30 for guests System Planning and Deployment Scenarios 38 ProSafe 20 AP Wireless Controller WC7520 Building 1 SSID 1 Staff VLAN 10 SSID 2 Middle school VLAN 20 SSID 3 Guest VLAN 30 ap eam l PoE switc Backend L3 switch if or router fit ty i i ii tii lt Bui
104. channel allocation including the option to skip auto channel allocation if there is a heavy traffic load or voice activity see Configure Channels on page 99 Automatic transmission power Automatically determines the optimum transmit power of an access point based on the coverage requirement The access point scans its neighborhood to determine the RF environment to minimize neighboring access point interference leakage across floors and coverage holes When you configure WLAN healing NETGEAR recommends the following Configure the WLAN self healing wait time to a value greater than the access point reboot time which is usually 1 minute This allows for fluctuations in the power of nearby access points when access points are rebooted The number of neighbors to participate in WLAN self healing should not be very large three to four usually suffices in most deployments This avoids too many access points increasing power for a single failed access point Note You can override the default transmission power settings for individual access points on the Basic Wireless Settings screen and on the Advanced Wireless Settings screen For more information see Configure Wireless Settings on page 93 Basic RF Management gt To configure basic RF management 1 Select Configuration gt Wireless gt Basic gt RF Management The basic RF Management screen displays Configuring Wireless and QoS Settings 102 ProSafe 20 AP Wirel
105. ches on your network have not yet been configured with the corresponding VLANs Manage the DHCP Server Note Make sure that a DHCP server is available otherwise the Discovery Wizard does not function correctly If you already have a DHCP server on your network do not enable the DHCP server on the wireless controller The wireless controller can function as a DHCP server Multiple DHCP server pools can be added for different VLANs This screen lets you enable and configure the DHCP server You can also add DHCP servers gt To adda DHCP server and configure its settings 1 Select Configuration gt System gt DHCP The DHCP Settings screen displays The following figure shows part of the DHCP Settings screen Configuring Network Settings 67 ProSafe 20 AP Wireless Controller WC7520 a S a e a T T Monitor Maintenance Stacking Plans Access Point Configuration Diagnostics Security Profile WLAN Network Captive Portal EE EC DHCP Server List Select Wireless gt General gt Time IP LAN gt DHCP Server gt Certificates O gt Alerts 10 IP Network 192 168 40 0 Subnet Mask 255 255 255 0 255 255 255 0 255 255 255 0 255 255 255 0 255 255 255 0 Default Gateway 192 168 40 1 192 168 10 1 192 168 20 1 192 168 30 1 192 168 0 1 Start IP 192 168 40 20 192 168 10 20 192 168 20 20 192 168 30 20 192 168 0 20 End IP 192 168 40 80 192 168 10 80 192 168 20 80 192 168 30 80 19
106. cing for each type of access point model Configure the Radio Radio On Off is a green feature that can be used during scheduled vacations or plant shutdowns on evenings or on weekends Basic Radio Configuration gt To schedule the radio 1 Select Configuration gt Wireless gt Basic gt Radio On Off The basic Schedule screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics toGout T System Security Profile WLAN Network Captive Portal v Basic Self 192 168 0 251 Radio On Off gt Wireless Schedule Channel Allocation gt RF Management gt Advanced Schedule Radio On Off on Oof Current Time Thu Jul 29 11 45 17 PDT 2010 Schedule at hr OM min 0 w m t w t f Schedule On 72 fe C2 ee 2 MMMMEMA Duration hrs 24 mins OY Figure 42 Configuring Wireless and QoS Settings 91 ProSafe 20 AP Wireless Controller WC7520 2 Configure the settings as explained in the following table Table 19 Schedule radio on off settings Setting Description Current Time This is a nonconfigurable field that displays the current time for the wireless controller Schedule Radio On Off You can specify either when the radio is on by selecting the On radio button or when it is off by selecting the Off radio button Schedule at From the drop down lists specify the time hours and minutes when you want to turn the radio either on or off
107. click Previous To clear all user information from the screen click Clear All To export the list of captive portal guests click Export gt To view the captive portal user list Click the User List tab The associated User List screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Network WLAN Clients gt Summary Captive Portal Users Usage Recars Point Guestlist User List gt Clients Neighboring Clients User Name Account Name User IP User MAC Login Time Expiry Time WBenson One_Day 192 168 0470 00 40 F4 F4 70 C2 Tue Oct 25 06 22 21 2011 Wed Oct 26 06 08 41 2011 gt Rogue AP Profiles gt DHCP Lease gt Captive Portal Users Figure 114 The Guest List table shows information about logged in captive portal users that are required to log in with a user name and password To view additional users click Next to return to the previous users click Previous Monitoring the Wireless Network and Components 189 ProSafe 20 AP Wireless Controller WC7520 The following table explains the fields of the User List table Table 50 Captive portal user information Item Description User Name The login name of the user Account Name The account name if any that is associated with the user User IP The IP address of the user User MAC The MAC address of the device with which the user is logged in Login Time The time tha
108. creen is almost identical to the Network Clients screen see Table 43 on page 176 for information about the fields Note The Local Client List screen shows all clients in the network that is all clients managed by all wireless controllers in the network whereas the Controller Clients screen see Figure 108 on page 184 shows only the clients that are managed by a single wireless controller To see the location of the client on a floor map select the client s radio button in the Select column and then click the Locate button Monitoring the Wireless Network and Components 191 ProSafe 20 AP Wireless Controller WC7520 To export the list of clients click Export To see details about a client select its corresponding radio button in the Select column of the Client table and then click the Details button to display the Client Details pop up window Because this screen is identical to the Client Details pop up window that you can access from the Network Clients screen see Table 44 on page 177 for information about the fields The Client Details pop up window is shown in Figure 102 on page 177 View Blacklisted Clients Access Point Maintenance Stacking Plans Diagnostics tocour Configuration gt Local Client List Blacklisted Clients gt Blacklisted Clients 00 02 02 02 00 00 Authentication Failed ap SD2d80 292 268 0 30 veriWave g lt 9 2 Mon Sep 20 17 55 25 2020 00 02 01 04 00 0
109. ction and Overview 11 ProSafe 20 AP Wireless Controller WC7520 If any of the parts are incorrect missing or damaged contact your NETGEAR dealer Keep the carton including the original packing materials in case you need to return the product for repair Hardware Features The front panel ports and LEDs rear panel components and bottom label of the wireless controller are described in this section Front Panel Ports and LEDs The following figure shows the front panel ports and status LEDs of the wireless controller NETGEAR Figure 1 From left to right the wireless controller s front panel shows the following ports and LEDs e Power LED Test LED e USB port for external storage for example for more floor heat maps and extended statistics history e Four 10 100 1000 Mbps LAN Ethernet ports with RJ 45 connectors left LEDs and right LEDs All Ethernet ports provide switched N way automatic speed negotiating auto MDI MDIX technology Note The four ports of the wireless controller function as a single switch The function of each LED is described in the following table Table 1 LED functions LED Status Description Power LED On The green Power LED should be lit when the wireless controller is on Off If the power LED is not lit when the wireless controller is on check the connections and check to see if the power outlet is controlled by a wall switch that is turned off see Power LED Not O
110. d preventing channel allocation 101 hotspot users 126 interference sources 27 internal antenna 61 internal authentication server 124 internal RADIUS server 122 interval rogue access point detection 115 inventory licenses 149 IP addresses access points 61 DHCP server assignment 69 license server 151 redundancy settings 164 165 SNMP manager 143 stacking settings 156 syslog server 71 TFTP and FTP servers 138 wireless controller 66 IP settings access points 61 wireless controller 66 IP subnets access points 55 56 LAN 66 troubleshooting 199 K Kensington lock 14 keys licenses 150 152 L label bottom 14 LAN path troubleshooting 197 LAN port LEDs 13 195 LAN ports 12 Layer 2 and 3 networks autodiscovery 55 LDAP server 82 122 124 128 LEDs front panel 12 troubleshooting 194 licenses number and types required 18 redundancy group 159 161 registering and managing 149 152 viewing 149 load balancing 107 load balancing logs viewing 147 local access points 51 57 59 local buildings 42 location placement 25 lock Kensington 14 logs downloading 144 saving 144 MAC authentication 117 managed AP list 57 managed status access points 59 management VLANs 28 32 66 master controller stacking 156 maximum burst length 107 maximum number wireless clients 108 memory partition 138 Minimum and Maximum Contention Window CwMin or CwMax 107 mitigating rogue access points 115 models access
111. d 802 11b bg ng 802 i1a na Profile Name SSID Rate Limit vlan10 vlan10 Sn 30 vlan20 vlan20 fu NG_iig 4 NG_iig 4 S 30 Figure 51 2 Click a tab to select a radio 3 For each profile on a wireless radio specify the rate limit as a percentage You can use the slider bars to adjust the values in the rate limit fields to the right of the slider bars Make sure that the total percentages of all profiles on one wireless radio do not exceed 100 percent 4 Click Apply to save your settings Advanced Rate Limiting for Profile Groups For each profile group and for each radio mode 802 11b bg ng mode and 802 11a na mode rate limiting per profile adds up to a maximum of 100 percent It can be less than 100 percent There is a tab for each group and for each wireless radio mode gt To configure advanced rate limiting 1 Select Configuration gt Profile gt Advanced gt Rate Limit The advanced Rate Limit screen displays Configuration Monitor Maintenance Stacking Plans Diagnostics System Wireless Security WLAN Network Captive Portal gt Basic EDU ECS v Advanced Radio Rate Limit gt Rate Limit Group 1 Group 2 Group 3 802 11b bg ng 802 11a na Profile Name SSID Rate Limit SIMAC_ACL SiMAC_ACL ae 80 NG_lig 1 NG_lig 1 3 __ 20 CANCEL APPLY Figure 52 Configuring Wireless and QoS Settings 110 ProSafe 20 AP Wireless Controller WC7520 Click a tab to select a
112. d for all SNMP and HTTP traffic to and from the wireless controller and managed access points For large deployments NETGEAR recommends that the wireless controller and access points are in separate VLANs to ensure uninterrupted connectivity between the wireless controller and the access points The wireless controller and access points share heartbeat messages to keep synchronized and share configurations and client key data to facilitate seamless roaming Configuring Network Settings 66 ProSafe 20 AP Wireless Controller WC7520 Untagged VLANs When the Untagged VLAN check box is selected one VLAN can be configured as an untagged VLAN e When the wireless controller sends frames associated with the untagged VLAN to the LAN Ethernet interface those frames do not carry an 802 1Q VLAN header e When the wireless controller receives untagged traffic from the LAN Ethernet interface those frames are assigned to the untagged VLAN If the Untagged VLAN check box is cleared the wireless controller tags all outgoing LAN Ethernet frames and accepts only incoming frames that are tagged with known VLAN IDs Note Clear the Untagged VLAN check box only if the hubs and switches on your LAN support the VLAN 802 1Q standard Likewise change the untagged VLAN value only if the hubs and switches on your LAN support the VLAN 802 1Q standard Changing either of these values will result in a loss of IP connectivity if the hubs and swit
113. d profile groups you can use the advanced RF Management screen to customize settings for each profile group RF management optimizes the channel allocation for access points based on clients user data traffic and the nearby RF environment of access points The wireless controller periodically checks the radio neighborhood maps and detects changes in the radio neighborhood maps or loss of connectivity to the controller by an access point When WLAN healing is used if an access point goes down or loses connectivity other access points share its load to avoid a coverage hole To do this the other access points increase their transmit power WLAN healing is configured per security profile group and runs between the access points sharing a common security configuration Configuring Wireless and QoS Settings 101 ProSafe 20 AP Wireless Controller WC7520 The wireless controller has the capacity for automatic WLAN healing through the following features Automatic channel allocation Allows an access point channel to be distributed automatically by the wireless controller across the access points on a floor to reduce interference Auto channel allocation takes into consideration the floor plan interference traffic load on the access point and neighborhood floor maps as well as the wireless mode and bandwidth also referred to as channel width to provide the best channel for the access point For information about how to configure auto
114. dancy screen expands to display the Redundancy table and the Secondary Controller Information pop up window displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics gt Stacking Stacking Re Redundancy Stacking Secondary Controller Information PT Role Master Controller IP p slae UserName admin O slae Password ADD Redundancy Enable Redundancy Secondary IP Master 192 168 0 250 i P Slave 192 168 0 30 Slave 192 168 0 75 Figure 93 3 Configure the settings as explained in the following table Table 37 Redundant or secondary controller settings Setting Description Controller IP Enter the local IP address of the redundant controller This IP address remains assigned to the redundant controller to allow it to be identified before and after a failover UserName The user name is a nonconfigurable field that displays the user name with which you logged in to the web management interface of the wireless controller Password Enter the password to access the redundant controller 4 Click Apply The local IP address of the redundant controller is displayed in the Secondary IP field above the Redundancy table Managing Stacking and Redundancy 164 ProSafe 20 AP Wireless Controller WC7520 5 Configure the VRRP IDs and local IP addresses of the controllers in the stack so they can become part of the redundancy group The settings including the nonc
115. ding and department for example one for guests one for management one for sales and so on Note Access point profile groups are also referred to as just profile groups Profiles security profiles and SSIDs that is SSIDs with associated security settings are terms that are interchangeable Introduction and Overview 22 ProSafe 20 AP Wireless Controller WC7520 To accommodate all types of networks almost all configuration menus of the web management interface are divided into basic and advanced submenus The following figure shows an example of the Security gt Wireless gt Basic submenu on the left and the Security gt Wireless gt Advanced submenu on the right Access Point Configuration Access Point Configuration System Wireless System Wireless Basic Rogue AP MAC ACL Authentication gt Basic v Advanced Rogue AP MAC ACL Authentication Server Server Figure 7 Before you start the configuration of your wireless controller decide whether you can use a basic configuration that is follow the basic submenus or need to use an advanced configuration that is follow the advanced submenus Once you have made your choice configuring the wireless controller should be fairly easy if you consistently follow either the basic submenus or the advanced submenus Profile Groups Each access point can support up to 8 security profiles 16 for dual band access points each with its
116. e 192 168 1 5 192 168 1 9 192 168 1 3 Up ADD EDIT DELETE Redundancy Enable Redundancy Vv Secondary IP 192 158 1 6 Controller Role Controller IP VRRP ID 1 255 Local IP Master 192 168 1 3 le r 192 168 1 7 r Slave 192 168 1 4 sf 192 168 1 8 CONT 192 168 1 5 6 192 168 1 9 r Figure 91 The following figure shows an N 1 configuration with three primary controllers and one redundant controller after a failover has occurred N 1 Redundancy After failover Primary controllers E l AP Cloud 2 AP Cloud 3 Down Slave controller Slave controller local IP 192 168 1 7 controller IP 192 168 1 4 controller IP 192 168 1 5 local IP 192 168 1 8 local IP 192 168 1 9 master IP 192 168 1 3 master IP 192 168 1 3 eee www www ween Master controller controller IP 192 168 1 3 localiP 192 168 1 6 AP Cloud 1 master IP 192 168 1 3 Figure 92 Managing Stacking and Redundancy 163 ProSafe 20 AP Wireless Controller WC7520 Configure Redundancy To enable redundancy configure the redundancy settings on both the primary and redundant controllers If you configure redundancy with two controllers there is a single primary controller if you configure N 1 redundancy there are two or three primary controllers To configure redundancy 1 Select Stacking gt Stacking Redundancy The Stacking Redundancy screen displays see Figure 83 on page 156 2 Select the Enable Redundancy check box The Stacking Redun
117. e Stacking Plans Diagnostics LoGouT J User Management Upgrade Licensing Backup Restore Reboot Reset Remote Management gt Extended Storage Eq 192 168 0 30 Extended Storage Storage Details Mount Status Ready Vendor Verbatim Model STORE Total Memory K6 3899424 Free Memory KB 3697152 Used Memory KB 202272 UNMOUNT Figure 68 2 Attach the external storage device to the USB port on the front panel of the wireless controller 3 Click Mount The storage details become visible on the Extended Storage screen Before you remove the external storage device from the USB port click Unmount Manage Remote Access Enable SNMP to allow SNMP network management software such as HP OpenView to monitor the wireless controller by using SNMPv1 or SNMPv2c protocol WIth the exception of the following features you can configure the wireless controller through SNMP e Heat maps e Guest access management e RF management e Stacking management gt To enable and configure SNMP 1 Select Maintenance gt Remote Management gt SNMP The SNMP screen displays Maintaining the Controller 142 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage gt SNMP ECOHEZEIEJ gt Session Timeout SNMP SNMP m Read Only Community Name public Read Wri
118. e conditions do not occur see to the appropriate following section Power LED Not On If the Power and other LEDs are off when your wireless controller is turned on make sure that the power cord is correctly connected to your wireless controller and that the power supply adapter is correctly connected to a functioning power outlet 194 ProSafe 20 AP Wireless Controller WC7520 If the error persists you have a hardware problem and should contact NETGEAR technical support Test LED Never Turns Off When the wireless controller is powered on the Test LED turns on for approximately 2 minutes and then turns off when the wireless controller has completed its initialization If the Test LED remains on there is a fault within the wireless controller If the Test LED is still on more than several minutes minute after power up e Turn the power off and then turn it on again to see if the wireless controller recovers e Reset the wireless controller s configuration to factory default settings Doing so sets the wireless controller s IP address to 192 168 0 250 This procedure is explained in Reboot or Reset the Wireless Controller on page 139 If the error persists you might have a hardware problem and should contact NETGEAR technical support LAN Port LEDs Not On If the LAN LEDs do not light when the Ethernet connection is made check the following e Make sure that the Ethernet cable connections are secure at the wireless cont
119. e group all access points in another building to a second profile group and so on For each profile group you can create an individual radio on off schedule RF management settings MAC ACL authentication and an authentication server For each radio in a profile group 2 4 GHz radio and 5 GHz radio you can create individual wireless settings WMM and rate limit settings The following figure shows the advanced profile group architecture The structure that is shown under Group 1 is implemented in all profile groups that is Group 2 through Group 8 fa ia nsf a ue Gua an a Security Profiles Security Profiles Figure 8 The following figure shows an example of three access point profile groups in which the first profile group Group 1 has three security profiles For each profile in this profile group the profile name radio mode and authentication setting are shown Group 1 is the default group in the advanced profile group configuration you need to create the other profiles groups Introduction and Overview 24 ProSafe 20 AP Wireless Controller WC7520 NETGEAR WC7520 vation Wireless LAN _ Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Connect with lan System Wireless Security WLAN Network Captive Portal Basic Ea 192 168 0 30 v Advanced gt Radio Profile Groups gt Rate Limit Group 1 Group 2 Group 3 Name Radio Authentication ldi Upper Floor 802 11b bg ng
120. e primary controllers and one redundant controller you could consider the redundant controller to consist of three virtual controllers each of which Managing Stacking and Redundancy 160 ProSafe 20 AP Wireless Controller WC7520 has a redundancy relationship with a primary controller You need a unique VRRP ID for each relationship Each controller in the redundancy group has a unique controller IP address and a unique local IP address Local addresses remain constant so a controller can always be identified before and after a failover If the primary controller fails or is disconnected from the network an automatic failover to the redundant controller occurs The redundant controller then takes ownership of the controller IP address of the primary controller and takes over all functions of the primary controller After a failover has occurred there is no longer any redundancy available for the other primary controllers in the redundancy group When the primary controller that went down and for which the redundant controller took over comes back up and is stable a switchback occurs automatically in which case ownership of the controller IP address is returned to the primary controller that came back up The redundant controller reassumes its passive position and redundancy is once again available for all primary controllers in the redundancy group Note When a redundancy failover occurs wireless clients might experience a service i
121. e to prevent associated wireless clients from communicating with each other or Enable to allow such communication Wireless client separation is intended for hotspots and other public access situations VLAN Enter the VLAN ID to be associated with this security profile This VLAN ID needs to match the VLAN ID that is used by other network devices list Authentication Settings section Note The options that display onscreen depend on the selection from Network Authentication drop down Open System Shared Key WPA PSK WPA2 PSK and WPA PSK amp WPA2 PSK MAC ACL Select one of the following radio buttons e Local Use local MAC authentication The Local MAC ACL Group drop down list displays so you can select a group For more information see Manage MAC Authentication and MAC Authentication Groups on page 117 External Use external MAC authentication The External Radius Server drop down list displays so you can select a server You can use either the basic Auth RADIUS server or a RADIUS server of an advanced authentication group You cannot use the external LDAP server For information about setting up and enabling internal and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 122 Note The MAC ACL radio buttons do not display onscreen if the network authentication uses an external RADIUS server The reason for this is that you can configure either MAC
122. efault Gateway 192 168 0 1 gt Certificates Primary DNS Server Alerts Secondary ONS Server WINS Server Management VLAN Settings Management VLAN 1 V Untagged VLAN Figure 29 Configuring Network Settings 65 ProSafe 20 AP Wireless Controller WC7520 2 Configure the settings as explained in the following table Table 10 IP and management VLAN settings Setting Description IP Settings section IP Address Enter the IP address of the wireless controller The default IP address is 192 168 0 250 To change it enter an available IP address from the address range used on your LAN IP Subnet Mask Enter the subnet mask value used on your LAN The default value is 255 255 255 0 Default Gateway Enter the IP address of the gateway for your LAN Primary DNS Server Enter the IP address of the primary Domain Name Server DNS that you want to use Secondary DNS Server Enter the IP address of the secondary DNS that you want to use WINS Server Enter the IP address of the Windows Internet Name Service WINS that you want to use Management VLAN Settings section Management VLAN Enter the management VLAN For information see Management VLANs following this table Untagged VLAN Select this check box if the configured VLAN is untagged For information see Untagged VLANs on this page 3 Click Apply to save your settings Management VLANs Management VLANs are use
123. ell rogue access points detected in the last 24 hours When external storage is present rogue access point information is saved for 72 hours To disable rogue AP detection select the Disable radio button Configuring Network Access and Security 114 ProSafe 20 AP Wireless Controller WC7520 Table 27 Basic rogue AP detection settings continued Setting Description Rogue AP Mitigation Select the Enable radio button to enable rogue AP mitigation Rogue mitigation does the following e Prevents wireless clients from associating with rogue access points in the network e Attempts to disconnect clients from rogue access points in the network e Performs denial of service DoS attacks against rogue access points in the network To disable rogue AP mitigation select the Disable radio button Note You can configure one or more access points to function in sentry mode to monitor the wireless network for faster detection and mitigation of rogue access points For information about sentry mode see Edit and Remove Access Point Information on page 59 Rogue Detection Interval If rogue AP detection is enabled select the detection interval from the drop down list e Low With the Low setting the access point goes off channel less frequently than with the Medium High or Aggressive setting NETGEAR recommends the Low setting which should work well in most network configurations e Medium e High e A
124. ems When an access point is converted from standalone AP mode to managed AP mode its static IP address is changed to an IP address that is issued by the DHCP server either one in the network or one that is configured on the wireless controller This occurs to ensure that each managed access point has a unique IP address If there is no DHCP server or if the access point cannot reach the DHCP server the access point remains in the Connecting state attempting to obtain an IP address If there is no DHCP server in the network configure one on the wireless controller see Manage the DHCP Troubleshooting 199 ProSafe 20 AP Wireless Controller WC7520 Server on page 67 When a DHCP server becomes available the access point can transition from the Connecting state to the Connected state Network Performance and Rogue Access Point Detection When rogue access point detection is enabled access points intermittently go off channel for short periods which can affect network performance If security concerns are more important than network performance you can temporarily select a high or aggressive rogue access point detection interval If network performance is more important than security concerns select a low or medium rogue access point detection interval in which case security is addressed but network performance is not compromised Under normal circumstances NETGEAR recommends a low rogue access point detection interval Use the Dia
125. enable update of the global key and Every seconds specify the interval in seconds after which the global key is updated for all wireless clients External Server IP Specify the IP address of the external active directory AD LDAP Server authentication server Server Port Specify the port of the external AD server The default is port 389 User Base DN Specify the user base distinguished name DN on the AD server Workgroup Name Specify the workgroup name on the AD server Admin Domain Specify the administrative domain on the AD server Domain Admin User Specify the user name for the administrative domain Domain Admin Specify the password for the administrative domain Password Note For information about password requirements see Table 54 on page 203 4 Click Apply to save your settings Configuring Network Access and Security 124 ProSafe 20 AP Wireless Controller WC7520 Configure RADIUS Authentication Server Groups For greater security flexibility you can create up to 8 external RADIUS servers to authenticate different groups of users After you have set up these authentication servers you can assign any of them including the basic RADIUS server to any profile whether in the basic profile group or in an advanced profile group gt To set up a RADIUS authentication group 1 Select Configuration gt Security gt Advanced gt Authentication Server The advanced Authentication Server screen displays Access
126. enance Stacking Plans Diagnostics Controller WLAN Clients gt Summary Stacking Redundancy Status gt Usage Role Service IP Local Device IP Controller Status Secondary IP Active Controller Backup Status Sync Status gt Controller Master 192 168 1 3 192 168 1 7 192 168 1 6 Primary Reachable In Sync Slave 2 192 158 1 4 192 168 1 8 192 168 1 6 Primary Reachable In Sync gt Access Point gt Clients gt Profiles Slave 292 368 2 5 192 168 1 9 392 168 1 6 Primary Reachable In Syne Network Status Wireless Clients Alarms Controller Device Critical 192 168 1 3 Controllers 3 0 0 0 192 168 1 4 Access Points i 192 168 1 5 Clients Rogue Access Points Rogue AP current Rogue AP count 24hrs REFRESH Figure 94 The following table explains the fields of the Stacking Redundancy Status Network Status Wireless Clients and Rogue Access Points tables on the Network Summary screen Table 39 Network summary information Item Description Stacking Redundancy Status section Role The role of the wireless controller in a stacking configuration Master or Slave Service IP The controller IP address This IP address is transferred to the secondary controller after a failover has occurred in a redundancy group Monitoring the Wireless Network and Components 168 ProSafe 20 AP Wireless Controller WC7520 Table 39 Network summary information continued Item Description
127. entation Length 256 2346 2346 Beacon Interval 100 1000 100 __ Aggregation Length 1024 65535 65535 AMPDU enable disable RIFS Transmission O enable disable DTIM Interval 1 255 3 Preamble Type auto O Long AP Name Access Point Channel Tx Power netgear7B26D8 1 2 412Ghz2 Half netgear7B2488 19 2 452Gh2 Half Figure 45 2 Click a tab to select a profile group 3 Click a tab to select a radio 4 Select the Turn Radio On check box to enable configuration of the wireless settings Note If automatic channel allocation is enabled on the Channel Allocation screen see Configure Channels on page 99 you cannot configure the wireless settings on the Advanced Wireless Settings screen You need to disable automatic channel allocation to be able to configure the wireless settings Note You cannot configure the wireless settings if there are no access points assigned to a radio in a profile group 5 Configure the settings as explained in Table 20 on page 94 Configuring Wireless and QoS Settings 97 ProSafe 20 AP Wireless Controller WC7520 6 Optionally you can override the channel and transmission power for individual access points Note If automatic Tx power control is enabled on the advanced RF Management screen see Advanced RF Management for Profile Groups on page 104 you cannot configure the transmission power on the Advanced Wireless Settings screen You need to disable automatic Tx power contr
128. ess Controller WC7520 Figure 26 Configure the settings as explained in the following table cannot be edited other fields are masked out but can be edited Table 7 Access point settings Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocour Discovery Wizard Edit Access Point Last Discovered Access Point Info gt Managed AP List Name netgearA10668 F Model WNDAP360 Group basic IP Settings DHCP O enable O disable IP Address 192 168 0 160 Subnet Mask 255 255 255 0 Default Gateway Primary DNS Server Secondary DNS Server VLAN Settings Management VLAN 1 E untagged VLAN 1 Sentry Mode Settings Sentry Mode o Wireless Settings Antenna Internal Plan Settings Site Local Building Building 1 Floor Floor 1 Location CANCEL BACK APPLY Some fields are masked out and Setting Description Access Point Info section discovery process and cannot be edited Name Enter a unique value that indicates the access point name By default the name is netgearxxxxxx where xxxxxx represents the last six hexadecimal digits of the access point s MAC address You can change the name to one that is meaningful to you Model The model of the access point This field is populated during the access point Access Point Discovery and Management 60 ProSafe 20 AP Wireless Controller WC7520 Table 7 Access point settings continued Setting
129. ess Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics System Security Profile WLAN Network Captive Portal v Basic KEZGAN gt Radio On Off Wireless gt Channel Allocation gt RF Management Advanced Automatic Tx Power Control enable O disable TX Power Settings Default Tx Power Half v WLAN Healing Maximum Neighbours to participate in Self healing 6 Self healing wait Time after AP Failure mins 4y Coverage Hole Detection Periodic Coverage Hole Detection enable disable Alert Severity For Coverage Hole Critical Major Figure 47 Configure the settings as explained in the following table Table 24 RF management settings Setting Description TX Power Settings section Default Tx Power Make a selection from the drop down list to specify how the transmission Tx power is configured on the access points Full Half Quarter Eighth or Minimum When automatic Tx power control is enabled the selection from the drop down list is used as the initial power level for the access points Automatic Tx Power Control Select the Enable radio button to enable automatic Tx power control e When a client attempts to connect to an access point at low power the access point s Tx power is automatically increased above the default level e When there are overlapping coverage areas the access point s Tx power is automatically decreased
130. ettings Configure Local MAC Authentication Groups Manage Authentication Servers and Authentication Server Groups Configure Basic Authentication Server Settings Configure RADIUS Authentication Server Groups Manage Guest Network AcCeSS 0000 cee eee eee Configure Captive Portal Settings 0 00 c eee eee eae Manage Users Accounts and Passwords 20055 Chapter 9 Maintaining the Controller Manage the Configuration Fil ciiencnne ecadgacuaredaeeeeaareys Back Up and Restore the Configuration File Upgrade the Configuration File 00 0c cee eee eee Reboot or Reset the Wireless Controller 0 0000020 eee Ropo Metres FOME birisidir eenwadee dee aews eee eee dees Manage External SODE consi sek davese de Siu vieeeevedts side den Manage Remote Access 0 0 60 cece teens Specify Session Time OutsS 0 0 000 cee eae View Alerts and Events and Save the Logs 00005 Save the LOg6 ccscicdu veces ceeds cheese bee ae kanpe REA View Alerts and Events ci 4ccc cone ed hawa de eda dn ead eos Manage LICENSES 25 0 ccccc cer ec err eaten eee reer eee Ras View Your LIGGNSES 24 400asobvddod caier eda ed deeded tage A os Configure the License Server Settings 0 00 000 Register Your Licenses o 2 46ak recedes as dvee ee eeseryees ssi Retrieve Your Licenses
131. f the site to determine the current RF behavior and detect both 802 11 and non 802 11 noise e Run an access point to client connectivity test to determine the maximum throughput achievable on the client e Identify potential RF obstructions and interference sources e Determine areas where denser coverage might be required because of heavier usage 27 ProSafe 20 AP Wireless Controller WC7520 After the survey is complete use the collected data to set up an RF plan For more information see RF Planning Overview on page 41 Before You Configure a Wireless Controller These sections assume that you have deployed at least one wireless controller in your network and are ready to configure the wireless controller For information about how to deploy the wireless controller in your network see the WC7520 ProSafe Wireless Controller Installation Guide that you can access from http kb netgear com app products model a_id 13060 For many configurations you can use the default wireless settings The IP address VLAN DHCP server client authentication and data encryption settings are specific to your environment Following are short sections that discuss these settings with the exception of IP address settings which are self explanatory For information about how to configure these settings see the relevant sections VLANs The management VLAN is the dedicated VLAN for access to the wireless controller All traffic that is directed t
132. files Profiles are sets of configurations that you can apply to an access point The configuration includes radio parameters load balancing parameters and rate limit parameters Each wireless radio on an access point is capable of supporting 8 profiles This means that the dual band WNDAP350 access point can support a total of 16 profiles Therefore in one profile group on the wireless controller you can configure up to 8 profiles for each radio that is up to 8 profiles for the 2 4 GHz radio and up to 8 profiles for the 5 GHz radio Setting up profiles allows you to configure the WLAN network offline Then when the WLAN network is up and running you can push the configuration onto managed access points You can configure profiles and profile groups without taking the state of the access points into consideration When the access points connect to the controller the profile configurations are pushed onto the access points 74 ProSafe 20 AP Wireless Controller WC7520 Note Note that if an access point is removed from its building someone takes it home or it is stolen the access point does not retain the configuration that it received from the wireless controller The configuration is not stored in memory on the access point Depending on your network needs you can either use the basic profile group that is the basic configuration or the advanced profile groups that is the advanced configuration The basic profile group works
133. firmware upgrade and so on RF Events Radio frequency events such as the detection of a coverage hole a change of channel or a managed access point going down e Load Balancing Load balancing events such as a bad RSSI for a client or the violation of a load balancing threshold Maintaining the Controller 145 gt gt ProSafe 20 AP Wireless Controller WC7520 Rate Limit Rate limit events such as the violation of a rate limit threshold e Redundancy Redundancy events such as the redundant wireless controller coming up or going down or a failover to another wireless controller e Stacking Stacking events such as a secondary wireless controller slave coming up or going down or the synchronization between two wireless controllers Each screen that displays alerts or events contains a table with three columns e Severity The alarm severity level All Minor Normal Major or Critical You can sort each table on severity level by using the Severity drop down list Description The description of the alert or event which is self explanatory e Raised Time The date and time that the alert or event was raised You can sort each table on the time that the alert or event was raised by using the Raised Time drop down list To view additional alerts or events click Next to return to the previous alerts or events click Previous To display the latest information onscreen click the Refresh button T
134. following radio buttons to specify from which location the upgrade should occur The screen adjusts to display the fields that are required for each upgrade location TFTP Upgrade from a TFTP server The Server IP and File Name server parameters fields display FTP Upgrade from an FTP server All of the server parameters fields display Local File Upgrade from a local file that you have downloaded The server parameter fields do not display but the Browse field becomes available Follow the directions of your browser to select the firmware upgrade file from your computer Server Parameters section TFTP and FTP only Server IP Enter the IP address of the TFTP or FTP server File Name Enter the file name of the firmware User Name FTP only Enter the user name to access the FTP server Password FTP only Enter the password to access the FTP server Boot Information section Active Partition This is an informational field that displays the active partition and the current firmware version Boot Partition to Upgrade Select the radio button for the partition to which the new firmware should be saved After upgrade boot from Select the radio button for the partition from which the wireless controller should reboot after the firmware has been upgraded Schedule section Schedule Update Status This is an informational field that displays when the firmware upgrade will occur If no update i
135. ge your wireless network from a central point implement security features centrally support Layer 2 and Layer 3 fast roaming configure a guest access captive portal and support Voice over Wi Fi VoWi Fi ProSafe 20 AP Wireless Controller WC7520 The wireless controller provides the following key features and capabilities e Scalable architecture with stacking and redundancy Support for 20 access points on a single wireless controller with no additional license Purchased licenses WC7510L in increments of 10 access points allow for support of up to a maximum number of 50 access points on a single wireless controller A maximum of three stacked wireless controllers allows for up to 150 access points in a single network Support of N 1 redundancy Support of 802 11a 802 11b 802 119 and 802 11n modes e Autodiscovery of access points Autodiscovery of access points in the same Layer 2 domain Autodiscovery of access points across a Layer 3 domain Autodiscovery of remote access points over a site to site VPN connection or behind a NAT router Automatic download of wireless controller based firmware to discovered access points that are added to the managed access point list Centralized management Single point of management for the entire wireless network Visualization of live coverage and heat maps for the wireless network Automatic firmware upgrade to all managed access points DHCP server for IP address provisio
136. gement Management WiFi Clients Captive Portal Account Captive Portal Users Username Account Name Expiry WBenson One_Day Never Used O Behnson Default 10 14 2011 at 15 28 O One_Week Never Used Figure 63 Configuring Network Access and Security 130 ProSafe 20 AP Wireless Controller WC7520 Click Add to add a new user or account A pop up window displays The pop up windows are shown in the following table Configure the users or account settings as described in the following table Table 30 User and account settings Setting Description Management Add User User Name User Type Administrator v Password Confirm Password CANCEL APPLY RESET User Name Enter a unique user name Only alphanumerical characters and underscore characters _ are supported User Type From the drop down list select the type of user which determines their access to the wireless controllers web management interface e Administrator Full access with read and write capabilities e Read Only Read only access that is restricted to the Monitor and Help main navigation tabs e Guest Provisioning Access that is restricted to the User Management configuration menu tab under the Maintenance main navigation tab e License Management Only Access that is restricted to the License configuration menu tab under the Maintenance main navigation tab Password Enter a password in the Passwo
137. ggressive If you have security concerns select the Aggressive setting to allow frequent scanning Alert Severity If rogue AP detection is enabled specify the severity of the alarm when a rogue access point is detected Either select the Major or the Minor radio button 3 Click Apply to save your settings Because the neighbor and rogue access points are detected during off channel scans it typically takes about 10 minutes after the rogue AP detection is enabled for the neighbor and rogue access points to be detected and the known list that is the database with known access points and unknown list that is the database with unknown access points on the wireless controller to be populated Note When rogue access point detection is enabled access points intermittently go off channel for short periods which can affect network performance If security concerns are more important than network performance you can temporarily select a high or aggressive rogue access point detection interval If network performance is more important than security concerns select a low or medium rogue access point detection interval in which case security is addressed but network performance is not compromised Under normal circumstances NETGEAR recommends a low rogue access point detection interval Configuring Network Access and Security 115 ProSafe 20 AP Wireless Controller WC7520 Configure Advanced Rogue Detection Settings T
138. gnostic Tools on the Wireless Controller As part of the diagnostics functions on the wireless controller you can ping a managed access point from the wireless controller or trace its route from the wireless controller gt To ping an access point 1 Select Diagnostics gt Ping The Ping screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Trace Route Technical Support Te seir 192 168 0 30 Ping Ping Count 4 J Access Point netgear782488 v IP Address 192 168 0 3 Ping Result PING 192 168 0 3 192 64 bytes from 192 168 16 0 64 bytes from 192 168 0 0 0 8 0 3 56 84 bytes of data 3 icmp_seq 1 ttl 64 time 0 374 ms 3 icmp_seq 2 ttl 64 time 0 402 ms 3 icmp_seq 3 ttl 64 time 0 375 ms 3 icmp_seq 4 ttl 64 time 0 384 ms 64 bytes from 192 168 0 64 bytes from 192 168 0 192 168 0 3 ping statistics 4 packets transmitted 4 received 0 packet loss time 2997ms rtt min avg max mdev 0 374 0 383 0 402 0 026 ms CANCEL START Figure 119 2 Inthe Ping Count field enter the number of ping packets to be sent The default number is 10 Troubleshooting 200 ProSafe 20 AP Wireless Controller WC7520 3 From the Access Point drop down list select the access point to be pinged After you have made your selection the IP address of the access point displays in the IP Address field 4 Click Start The results are shown in the Ping Result field
139. gnostics Controller WLAN Clients gt Summary gt Usage gt Controller gt Access Point s Clients gt Profiles Figure 95 Network Usage 2 4 GHz Band Usage 5 GHz Band Usage Network Usage Controller Usage Network Usage 5 00Kbps 4 00Kbps 3 00Kbps 2 00Kbps 1 00Kbps 0 Hrs 20 Hrs 24 Hrs Ei Average Receive Rate Access Point fa Average Transmit Rate Access Point REFRESH The Network Usage screen displays a graphic of the average data traffic rate that was received and transmitted over the last 24 hours by all access points in the network Select the type of usage you want to display by clicking one of the following tabs e 2 4 GHz Band Usage Displays combined 802 11b 802 11bg and 802 11ng mode usage e 5 GHz Band Usage Displays combined 802 11a and 802 11na mode usage e Network Usage Displays Ethernet usage shown in the previous figure Monitoring the Wireless Network and Components 170 ProSafe 20 AP Wireless Controller WC7520 View Wireless Controllers in the Network Access Point Configuration Controller gt Summary gt Usage gt Controller gt Access Point gt Clients gt Profiles Figure 96 WLAN Clients Controllers Controller IP 192 168 0 250 192 168 0 30 Monitor Maintenance Stacking Plans Diagnostics tocout Name Location Type Version Status Config Status Config Sync Time vcB50102 Master 2 0 11 0_1944 Up NA NA
140. gt WLAN Network System Planning and Deployment Scenarios 40 RF Planning This chapter includes the following sections RF Planning Overview Define and Edit Buildings and Floors Specify Access Point Requirements View and Manage Heat Maps for Deployed Plans RF Planning Overview You can do the following with RF planning Define WLAN coverage Estimate the number of access points required based on signal quality and number of clients per access point Optimize the placement of access points for the best coverage Monitor WLAN coverage rogue access points and blacklisted clients for a plan that is in deployment Identify weak signal spots and dead spots from the coverage hole and add additional access points to mitigate the situation RF planning provides a view of each floor allowing you to specify how Wi Fi coverage should be provided It then provides coverage maps and access point placement locations Real time calibration lets you visualize the indoor propagation of RF signals to identify areas with weak signal or dead spots and add additional access points in the right location to mitigate the weak signal or dead spots Planning Requirements Collect the following information before using RF planning to expedite your planning efforts Building dimensions Number of floors Distance between floors 41 ProSafe 20 AP Wireless Controller WC7520 Total number of users and number of users per ac
141. guest 1 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown 00 14 6 08 Se fe TMOHSSEFF 6 Unsecured Tue Sep 21 15 55 28 2010 Neighbor Unknown 00 24 b2 64 8e 70 TS350 2G 6 Secured Tue Sep 21 15 54 28 2010 Neighbor Unknown 06 24 b2 51 b0 d9 FrysDemo 44 Unsecured Tue Sep 21 15 55 28 2010 Neighbor Unknown c0 3f 0e b4 66 d6 Bell6606 1 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown 00 18 f3 f db 8 Wireless 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown 00 24 b2 Sc 81 d6 NTOR24GR 9 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown 00 18 f3 efidaisa Customer ID 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown c0 3f 00 85 c5 50 ngrian 48 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown c0 3f 10e 83 cd 70 ngwlan 36 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown c0 3f 00 b4 66 11 Secured Tue Sep 21 15 55 28 2010 Neighbor Unknown REFRESH Figure 110 Monitoring the Wireless Network and Components 185 ProSafe 20 AP Wireless Controller WC7520 The Controller Rogue AP screen lets you monitor all rogue access points that were detected by the wireless controller To view additional rogue access points click Next to return to the previous rogue access points click Previous The following table explains the fields of the Rogue AP table on the Controller Rogue AP screen Table 48 Controller rogue AP information Item Description Select The radio button that lets you select the rogue acce
142. gure the wireless controller Reboot or Reset the Wireless Controller The Reboot Reset Controllers screen lets you reboot or reset the wireless controller There are two types of reset Hard reset The settings of the wireless controller are restored to factory default settings This reset has the same function as the Factory Defaults button on the rear panel Soft reset Saves the IP addresses floor plans and managed access point list but clears all other settings such as profiles profile groups authentication servers and so on To display the Reboot Reset Controllers screen select Maintenance gt Reboot Reset gt Controllers Maintaining the Controller 139 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgrade Licensing Backup Restore Extended Storage Remote Management gt Controllers EEG Ear gt Access Points Reboot Reset Controllers Reset Reboot reboot Oreset Reset type hard soft Figure 66 gt To reboot the wireless controller 1 Select the Reboot radio button 2 Click Apply to save your settings The wireless controller reboots The reboot process is complete after several minutes when the Test LED on the front panel goes off gt To reset the wireless controller 1 Select the Reset radio button 2 Select one of the following radio buttons to specify a hard reset or soft reset
143. he advanced Rogue AP screen allows you to identify what could be an access point from a neighboring business that is known As you identify them mark them as known or unknown so that the wireless controller does not keep finding them and flagging them This will help you to identify your own equipment that should be managed and the rogue access points that should be detected A rogue access point has both a wireless and LAN connection A neighbor is an access point with only a wireless connection not a LAN connection gt To configure advanced rogue access point detection 1 Select Configuration gt Security gt Advanced gt Rogue AP The advanced Rogue AP screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocout System Wireless Profile WLAN Network Captive Portal gt Basic Rogue AP v Advanced Import Known List O merge Replace gt Rogue AP gt MAC ACL Authentication d MAC Address SSID Channel Privacy Last Beacon Rogue Type Name Server T T i t 1 Rogue List 40 91 f5 0 fc 50 NG_11a Unsecured Mon Mar 14 13 54 47 2011 Neighbor Unknown 0 91 f5 06 24 f0 IMSTR_ _wpa2 Secured Mon Mar 14 13 54 47 2011 Neighbor Known 0 91 f5 08 f0 60 we 2 g0 g0 Secured Mon Mar 14 13 49 46 2011 Neighbor Known 00 22 3f 95 33 90 NETGEAR 3G Unsecured Mon M r 14 13 54 46 2011 Neighbor Unknown lt O 3f 0e b4 66 de Bell66DA Secured Mon Mar 14 13 54 47 2011 Neighbor Unknown 0 91 f5 Oa ef 10 NG_iie
144. he firmware image on the secondary controller only Perform access point discovery for the subnetwork Reinforce licenses for the subnetwork Configure Stacking gt To configure stacking 1 Select Stacking gt Stacking Redundancy The Stacking Redundancy screen displays Managing Stacking and Redundancy 155 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Plans Diagnostics V Stacking Stacking Redundancy Redundancy Stacking Role Controller IP Local IP Master IP Status Master 192 168 0 250 192 168 0 250 192 168 0 250 Up Slave 192 168 0 30 192 168 0 250 Slave 192 168 0 75 192 168 0 250 ADO EDIT DELETE Redundancy Enable Redundancy Figure 83 The Stacking table shows all wireless controllers in the stack with their IP address and role Master or Slave Click Add to add a wireless controller to the stack The Add Settings pop up window displays ADD Settings Controller IP UserName admin Password Figure 84 Configure the settings as explained in the following table Table 35 Stacking settings Setting Description Controller IP Enter the IP address of the controller UserName The user name is a nonconfigurable field that displays the user name with which you logged in to the web management interface of the wireless controller Password Enter the password to access the controller
145. he four profiles that use the 802 11b bg ng mode cannot exceed 100 percent similarly the combined percentages of the two profiles that use the 802 11a na mode cannot exceed 100 percent On each managed access point or on each radio in a managed dual band access point the available bandwidth is distributed in the specified percentages among the profiles in a profile group The percentage that is configured for a single profile is shared among all the clients connected to it If you do not want to configure rate limiting for a profile configure rate limiting as 0 zero percent This effectively disables rate limiting for that profile A setting of 0 zero percent can work well profiles that are used for management administration or testing Basic Rate Limiting In the basic profile group for each radio mode 802 11b bg ng mode and 802 11a na mode rate limiting per profile adds up to a maximum of 100 percent It can be less than 100 percent There is a tab for each wireless radio mode gt To configure basic rate limiting 1 Select Configuration gt Profile gt Basic gt Rate Limit The basic Rate Limit screen displays Configuring Wireless and QoS Settings 109 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics System Wireless Security WLAN Network Captive Portal Basic BEES Radio gt Load Balancing Rate Limit Rate Limit Advance
146. he list of access points click Export To see details about an access point select its corresponding radio button in the Select column of the Access Point table and then click the Details button to display the AP Details pop up window Because this screen is identical to the AP Details pop up window that you can access from the Network Access Point screen see Table 42 on page 175 for information about the fields The AP Details pop up window is shown in Figure 99 on page 174 and Figure 100 on page 174 Monitor the Clients gt To monitor the clients in the network 1 Select Monitor gt Clients 2 Select one of the following submenu links to display a network monitoring screen e Local Clients List e Blacklisted Clients These screens are explained in the following sections View Local Clients gt Local Client List Local Client List gt Blacklisted 40 67593 82 192 160 0 5 00 40 F4 F4 70 C2 192 160 0 6 Orthopedics netgear7b2400 192 160 0 3 CO IF 0t 78 24 00 Clinic 20 06 07 2C 70 7E 0 0 0 0 Surgery natgear7B2608 192 168 0 2 COMSFIOE7BI2100 Clinic Floor CO 3FIOE 78126102 NG_iig 2 Open Moor 2 COr3100 78 24 02 NGllg 2 Open LOCATE OETAAS DIORI Figure 117 The Local Client List screen lets you monitor all clients that were locally authenticated and that are connected to access points managed by the wireless controller To view additional clients click Next to return to the previous clients click Previous Because this s
147. he wireless controller that you want to configure Self 192 168 0 251 192 168 0 252 Figure 85 Click Self to configure the wireless controller that you have accessed through the web management interface in the previous figure the controller with IP address 192 168 0 251 click another IP address in the previous figure IP address 192 168 0 252 to configure that controller in the stack The following figure provides an example of a screen that shows the controller selection list Managing Stacking and Redundancy 157 ProSafe 20 AP Wireless Controller WC7520 System Wireless Security WLAN Network Captive Portal Self 192 168 0 251 192 168 0 252 I v Advanced Radio Profile Groups Rate Limit Monitor Maintenance Stacking Plans Diagnostics Group 1 Group 2 Group 3 Name Radio Authentication vian30 802 11b bg ng Open System vianio 802 11a na Open System Figure 86 Manage Redundancy The wireless controller supports N 1 redundancy with failover Redundancy is implemented through the use of the Virtual Router Redundancy Protocol VRRP Single Controller with Redundancy You can configure two controllers to form a redundancy group You then designate one controller in the redundancy group as the primary controller and the other wireless controller as the redundant controller If the primary controller fails or is disconnected from the network an automatic failover to the
148. ic and Advanced Security Configurations The basic security configuration model Configuration gt Security gt Basic does not apply strictly to the basic profile group nor does the advanced security configuration model Configuration gt Security gt Advanced apply strictly to advanced profile groups The reason is that you apply an authentication server and a MAC ACL to an individual profile and not to a profile group 112 ProSafe 20 AP Wireless Controller WC7520 Basic security settings You can apply the following security settings to any profile whether in the basic profile group or in an advanced profile group Basic MAC authentication the MAC ACL group that is called basic Basic authentication server the RADIUS server that is called basic Auth or the LDAP server that is called basic LDAP Advanced security settings You can apply the following security settings to any profile whether in the basic profile group or in an advanced profile group Advanced MAC authentication the MAC ACLs that are by default called Acl 1 Acl 2 Acl 3 and so on you can change these default names Advanced authentication server the RADIUS servers that are by default called Auth 1 Auth 2 Auth 3 and so on you can change these default names Global security settings The following security settings apply to all profiles whether in the basic profile group or in any of the advanced profile groups Basic rogue AP detect
149. ifications that require you to use different settings Using QoS Wi Fi MultiMedia WMM ensures that the applications that require better throughput and performance are provided special queues with higher priority For example video and audio applications are given higher priority over applications such as FTP WMM defines the following four queues in decreasing order of priority e Voice The highest priority queue with minimum delay which makes it ideal for applications such as voice over IP VoIP and streaming media e Video The second highest priority queue with low delay is given to this queue Video applications are routed to this queue Best Effort The medium priority queue with medium delay is given to this queue Most standard IP applications use this queue e Background Low priority queue with high throughput Applications such as FTP that are not time sensitive but require high throughput can use this queue QoS prioritization and coordination of wireless medium access is on QoS settings on the access point control downstream traffic flowing from the access point to the client station AP Enhanced Distributed Channel Access EDCA parameters and the upstream traffic flowing from the client station to the access point Station EDCA parameters gt To configure the QoS settings for profile groups 1 Select Configuration gt Wireless gt Advanced gt QoS The Advanced QoS Settings screen displays Configuring
150. iguring Network Settings 68 ProSafe 20 AP Wireless Controller WC7520 Table 11 DHCP settings continued Setting Description Subnet Mask Enter the subnet mask that is assigned to the wireless clients by the DHCP server Default Gateway Enter the IP address of the default network gateway for all traffic beyond the local network Start IP Enter the starting IP address of the range that can be assigned by the DHCP server End IP Enter the ending IP address of the range that can be assigned by the DHCP server Use Default DNS Server Select this check box to allow the DHCP server to use the wireless controller s default DNS servers The Primary DNS Server and Secondary DNS Server fields are masked out Primary DNS Server Enter the IP address of the primary DNS server for the network Secondary DNS Server Enter the IP address of the secondary DNS server for the network Use Default WINS Server Select this check box to allow the DHCP server to use the wireless controller s default WINS server The WINS Server field is masked out WINS Server Enter the IP address of the WINS Server for the network 4 Click Add to save your settings and add the new DHCP server to the DHCP Server List gt To edit a DHCP server 1 2 3 4 On the DHCP Server List select the radio button in the Edit Remove column that corresponds to the DHCP server that you wan
151. ildings Local Building Remote Building Clinic MainOffice Down Floor 1 Floor 2 Floor 3 Floor Length 100m Floor Width 100 m Figure 18 The Deployed Buildings screen shows a tab for each building that you previously defined For each building the screens shows the floors that you previously defined RF Planning 48 ProSafe 20 AP Wireless Controller WC7520 Select the building and floor for which you want to view the heat map by clicking the corresponding tabs Click Heat Map The heat map for the selected floor displays oss Pi Configuration Monitor Maintenanc e Stacking Plans Diagnostics Buiiding 1 Floor 1 C ea Frequency band 802 11b bg ng m Zoom Figure 19 The first time you view the heat map the access points need to be manually placed on the heat map to closely match their actual physical locations Click Apply to save the locations Doing so regenerates the complete heat map of the floor The spectrum bar at the top of the screen indicates how the colors correspond to the signal strength and wireless coverage To view information about an access point or client on the heat map place your pointer over the icon The following information becomes available IP address e MAC address Name e Model e Status e Power per channel e Configured and operating channel bandwidth To select another wireless frequency band make a selection from the Frequency band drop down
152. ily affect traffic on the managed access points in the network 6 Click Apply to save your settings Note After you have configured redundancy click Refresh on the Network monitoring screens to display redundancy information see Monitor the Network on page 167 Managing Stacking and Redundancy 165 ProSafe 20 AP Wireless Controller WC7520 gt To modify the redundant controller after you have configured redundancy 1 Click Replace The Replacing Controller Information pop up window displays Note The Replace button displays onscreen only after a redundancy configuration has become active The button is shown on Figure 91 on page 163 Replacing Controller Information Local IP UserName Password CANCEL APPLY 2 Modify the settings as explained in Table 37 on page 164 3 Click Apply The modified local IP address of the redundant controller is displayed above the Redundancy table gt To delete a redundancy group Clear the Enable Redundancy check box Doing so causes the redundant controllers in the redundancy group to reboot and return to the factory default state except for their IP address Managing Stacking and Redundancy 166 Monitoring the Wireless Network and 11 Components This chapter includes the following sections e Monitor the Network Monitor the Wireless Controller e Monitor the SSIDs e Monitor the Clients The monitoring screens display read only status information of the
153. ing Buildings screen without savings changes to the location map Note For each floor you can save one location map only When you modify and save the location map the previously saved location map is overwritten RF Planning 47 ProSafe 20 AP Wireless Controller WC7520 View and Manage Heat Maps for Deployed Plans A heat map lets you view in real time by wireless frequency band the signal strength and wireless coverage for a building floor The heat map shows the actual signal strengths that each access point is detecting from neighbor access points Note For the heat maps to work correctly the access point placement on the floor plan needs to closely match the actual physical location of the access points The heat map shows the following information e Signal strength and wireless coverage including coverage holes e Known access points that are managed by the wireless controller e Location of rogue access points e Location of clients associated with the access points e Location of blacklisted clients gt To view the heat map for a building floor and to adjust access points 1 Select Plans gt Deployed The Deployed Buildings screen displays with the Local Building tab and associated screen in view To view the information for a remote building click the Remote Building tab Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocour Planning gt Deployed 192 168 0 30 Bu
154. ing information displays Open The number of wireless clients that are connected to managed access points using security profiles configured with open mode WEP The number of wireless clients that are connected to managed access points using security profiles configured with WEP Monitoring the Wireless Network and Components 180 ProSafe 20 AP Wireless Controller WC7520 Table 46 Controller summary information continued Item Description WPA The number of wireless clients that are connected to managed access points using security profiles configured with WPA WPA2 The number of wireless clients that are connected to managed access points using security profiles configured with WPA2 Rogue Access Points sect ion Rogue AP current The total number of unique rogue and unmanaged neighboring access points that are detected now by the wireless controller Rogue AP count 24hrs The total number of unique rogue and unmanaged neighboring access points that were detected over the last 24 hours by the wireless controller Network Info section This information is self explanatory Redundancy Status sectio n This information displays only if wireless controller redundancy is configured Controller Mode The redundancy mode in which the wireless controller functions Primary or Secondary Redundancy State The state of the redundancy group Active Down
155. ining the Controller 143 ProSafe 20 AP Wireless Controller WC7520 Specify Session Time Outs If an HTTP session times out the user is redirected to the login window for password verification gt To specify the length of the HTTP session time out for the wireless controller 1 Select Maintenance gt Remote Management gt Session Timeout The Session Timeout screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage SNMP Self 192 168 0 30 gt Session Timeout Session Timeout Timeout minutes Figure 70 2 Inthe Timeout minutes field specify number of minutes before an active HTTP login session expires 3 Click Apply to save your settings View Alerts and Events and Save the Logs You can view system alerts and save system logs that are collected on the wireless controller You can also save logs of individual access points In the event of a problem or failure these logs along with backed up configuration settings could help determine the cause Save the Logs gt To save access point logs 1 Select Maintenance gt Logs amp Alerts gt Save Logs gt AP Logs The Access Points screen displays Maintaining the Controller 144 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgr
156. ints and add them to wireless controllers managed access point list Basic and Advanced Settings You can deploy the wireless controller in a small wireless network with 10 or 20 access points or in a large wireless network with up to 150 access points Small networks require a basic configuration but large networks can become very complex and require you to configure the advanced features of the wireless controller Depending on your network configuration use basic settings or advanced settings to manage your access points Basic settings for a typical network The basic settings work with most common network configurations For example all access points on the WLAN are for the same organization or business and therefore adhere to the same policies and use a small number of service set identifiers SSIDs or network names Advanced settings for access point profile groups If you have a large wireless network or if completely separate networks share a single WLAN use the advanced settings to set up multiple access point profile groups with multiple security profiles SSIDs with associated security settings For example a shopping mall might need several access point profile groups if several businesses share a WLAN but each business has its own network Larger networks could require multiple access point profile groups to allow different policies per building or department The access points could have different security profiles per buil
157. ion Name Enter a unique name to identify the profile This value can be up to 32 alphanumeric characters Use meaningful profile names instead of the default names The default profile names are Profile1 Profile2 and so on through Profiles Wireless Network Name Enter a unique name for the wireless network associated with this profile SSID Broadcast Wireless Select the Yes radio button to enable broadcast of the SSID This is the default Network Name setting Select the No radio button to disable broadcast of the SSID in which case only devices that have the correct SSID can connect to the access point Managing Security Profiles and Profile Groups 78 ProSafe 20 AP Wireless Controller WC7520 Table 15 Basic security profile definition settings continued Setting Description list Client Authentication section Note The options that display onscreen depend on the selection from Network Authentication drop down Network Authentication From the drop down list select the authentication type to be used see Table 16 on page 81 Data Encryption From the drop down list select the data encryption type to be used The options available for data encryption as well as other requirements such as entering a key or passphrase depend on the network authentication settings see Table 16 on page 81 Wireless Client Security Separation From the drop down list select Disabl
158. ion Advanced rogue AP detection Manage Rogue Access Points Rogue access point detection is disabled by default on the wireless controller If you want to detect rogue access points you need to enable rogue access point detection and specify how aggressively access points should scan for rogue access points Scanning affects the service availability of the access point If rogue access point detection is set up as aggressive the access point scans often at which time it is unavailable for clients to associate to it An access point is defined as rogue if The access point s radio basic service set identifier BSSID is observed by any of the managed access points The access point is seen transmitting on the Ethernet side on the same Layer 2 as the managed access points At least one client is connected to the access point Any unmanaged access point not meeting all these conditions is classified as a neighbor The access points transmit broadcast frames on the Ethernet during the time access point radios are off channel and scanning Note For the triangulation of the rogue access points to work ensure that the access points are positioned correctly in the floor plan See View and Manage Heat Maps for Deployed Plans on page 48 Configuring Network Access and Security 113 ProSafe 20 AP Wireless Controller WC7520 Configure Basic Rogue Detection Settings In a basic setup you can set up one detection server In an ad
159. ion in the United States FCC Information to User This product does not contain any user serviceable components and is to be used with approved antennas only Any product changes or modifications will invalidate all applicable regulatory certifications and approvals This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter FCC Declaration Of Conformity We NETGEAR Inc 350 East Plumeria Drive San Jose CA 95134 declare under our sole responsibility that the ProSafe 20 AP Wireless Controller WC7520 complies with Part 15 of FCC Rules 205 ProSafe 20 AP Wireless Controller WC7520 Operation is subject to the following two conditions e This device may not cause harmful interference and e This device must accept any interference received including interference that may cause undesired operation FCC Radio Frequency Interference Warnings amp Instructions
160. iption Max Client Use the slider to specify or enter the maximum number of wireless clients that can connect to each radio of an access point at one time You can select a value of 64 to allow the maximum number that is supported by an access point RSSI Use the slider to specify or enter the minimum signal quality in percentage 0 to 100 percent expected from the wireless clients that connect to the access points A value of 0 means this check is not enforced and load balancing is disabled 4 Click Apply to save your settings Configuring Wireless and QoS Settings 108 ProSafe 20 AP Wireless Controller WC7520 Configure Rate Limiting The available bandwidth is determined by the number of errors during transmission and the time that a packet spends in the transmission queues Within a profile group including the basic profile group you configure rate limiting separately for each wireless radio 2 4 GHz and 5 GHz Within a profile group for each wireless radio rate limiting needs to add up to a maximum of 100 percent It can be less than 100 percent For example within one profile group if there are four profiles that use the 802 11b bg ng mode and two profiles that use the 802 11a na mode you create one rate limiting configuration for the four profiles that use the 802 11b bg ng mode and another rate limiting configuration for the two profiles that use the 802 11a na mode The combined percentages of t
161. is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 or if you use legacy 802 1X you cannot configure captive portal authentication the network authentication needs to be Open System Shared Key WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK see Network Authentication and Data Encryption Options on page 81 Note these guidelines for captive portal user authentication and accounting through an external RADIUS server e You can use either the basic Auth RADIUS server or a RADIUS server of an advanced authentication group You cannot use the external LDAP server e The wireless controller uses CHAP or MS CHAP as the authentication protocol with the authentication server e The following RADIUS authentication variables are supported on the wireless controller User Name User Password Configuring Network Access and Security 126 ProSafe 20 AP Wireless Controller WC7520 WISPr Session Terminate Time Session Timeout If you change the values for any of these variables before the wireless client disassociates from the access point the new values are not updated on the wireless controller A managed access point can send accounting information to the external RADIUS server because the wireless controller functions as a proxy RADIUS client for the managed access point The following RADIUS accounting variables are supported on the wireless controller Acct Input Octets Acct Output Octets Acct In
162. is manual data encryption Allowed Length characters Maintenance gt User Management gt e Administrator Alphanumerics and Up to 31 Management tab Read Only special characters Guest Provisioning Seb Manage e License Management Users Only Accounts and Maintenance gt User Management gt Captive portal user Alphanumerics and Up to 31 e ree Captive Portal tab special characters pag Maintenance gt User Management gt Wi Fi user Alphanumerics Up to 31 WiFi Clients tab only Basic Profile Shared Key 64 bit WEP Hexadecimal 10 fixed ts Configur tion Prote gt 128 bit WEP Hexadecimal 26 fixed Basic gt Radio 2 Select a profile 152 bit WEP Hexadecimal 32 fixed See 3 Make a selection from WpA PSK TKIP Alphanumerics and Up to 63 Configure the Network special characters Security Authentication TKIP AES excluding quotes Profiles for drop down list the Basic WPA2 PSK AES Profile Group on page 77 TKIP AES WPA PSK TKIP AES amp WPA2 PSK Factory Default Settings and Technical Specifications 203 ProSafe 20 AP Wireless Controller WC7520 Table 54 Password requirements continued Web management interface path User type Restrictions Section in or this manual data encryption Allowed Length characters Advanced Profile Shared Key 64 bit WEP Hexadecimal 10 fixed Come e rele elles 128 bit WEP Hexadecimal 26 fixed Advanced gt Radio 2 Select
163. l Clinic Floor t 6 2 437Ghz NA 20 mins 18 secs Local Clinic Floor 1 11 2 462Ghz NA 20 mins 20 secs REFRESH DETAILS EXPORT Figure 107 Right side of the Controller Access Point screen The Controller Access Point screen lets you monitor all access points that are managed by the wireless controller To view additional access points click Next to return to the previous access points click Previous Because this screen is almost identical to the Network Access Point screen see Table 41 on page 172 for information about the fields To export the list of access points click Export To see details about an access point select its corresponding radio button in the Select column of the Access Point table and then click the Details button to display the AP Details pop up window Because this screen is identical to the AP Details pop up window that you can access from the Network Access Point screen see Table 42 on page 175 for information about the fields The AP Details pop up window is shown in Figure 99 on page 174 and Figure 100 on page 174 Monitoring the Wireless Network and Components 183 ProSafe 20 AP Wireless Controller WC7520 View Clients Managed by the Wireless Controller Access Point Configuration Monitor Maintenance WLAN Clients Stacking Plans Diagnostics Network Clients Select MAC AP Name AP IP Building Floor Bssid SSID 00 11E14C167 33182 192 168 0 5 Orthopedics metgear7B248S 192 168 0 3 Clinic Floo
164. lays the current date and time of day see Time Management on page 64 The wireless controller uses the Network Time Protocol NTP to obtain the current time from one of several network time servers on the Internet Each entry in the log is stamped with the date and time of day When the date shown is January 1 2000 the wireless controller has not yet successfully reached a network time server Verify that the wireless controller can reach the Internet If you have just completed configuring the wireless controller wait at least 5 minutes and check the date and time again Problems with Access Points Discovery Problems If the wireless controller does not discover any or all access points check the following For all access points local and remote e Make sure that the wireless controller is connected to the LAN see LAN Port LEDs Not On on page 195 Troubleshooting 198 ProSafe 20 AP Wireless Controller WC7520 e Make sure that you have entered the correct IP range if the access points function in different VLANs are behind an IP subnet or are already installed and working in standalone mode see Access Point Discovery and Discovery Guidelines on page 51 e Verify that access points that are already installed and working in standalone mode have SSH and SNMP enabled which is the default setting e Make sure that UDP port number 7890 is unblocked in the firewall e With the exception of access points in factory default st
165. lding 2 SSID 1 Staff VLAN 10 SSID 2 High school VLAN 40 SSID 3 Guest VLAN 30 7 1 1 Redundant WC7520 1 i Staf VLAN 10 Ethernet traffic Middle school VLAN 20 Ethernet traffic High school VLAN 40 Ethernet traffic Guest VLAN 30 Ethernet traffic Figure 13 The access points and wireless controllers are connected in the same subnet and same VLAN and use the same IP address range that is assigned for that subnet The core switch is located between the wireless controllers and the PoE switches to which the access points are connected The core switch provides Internet access Prerequisites This network configuration has the following prerequisites e VLAN 1 is configured on the wireless controllers core switch and PoE switches This VLAN is untagged e VLANs 10 20 and 30 are configured on the wireless controllers core switch and the PoE switch in Building 1 These VLANs are tagged e VLANs 1 10 20 30 and 40 are configured on the wireless controllers core switch and PoE switches Except for VLAN 1 these VLANs are tagged System Planning and Deployment Scenarios 39 ProSafe 20 AP Wireless Controller WC7520 Provisioning the Wireless Controller Step Configuration Web management interface path 1 Configure the basic system settings 1 Configure the country code of operation Configuration gt System gt General 2 Configure the IP address of
166. less Controller 184 View Rogue Access Points Detected by the Wireless Controller 185 View Security Profiles Managed by the Wireless Controller 187 View DHCP Leases Provided by the Wireless Controller 188 View Captive Portal Guests and Users Managed by the Wireless Controller cere cee ee cree seer ee eee ween edene es 188 Montor te SSDS os Larraina dda ie aed Saas eh nd A a lata ae 190 Monko Te GONGIMS lt i anGt ean pheeaddies eave paedeseheeutewss 191 View Local Gema saoirsi iyati tate epedetedereedwausaeie 191 View Blacklisted Clients ananunua aaea 192 Chapter 12 Troubleshooting Troubleshoot Basic Functioning 20 0c eee eee eee eee 194 Power LED NOTON sie 006ei ree ei den cea eRA CORA ERA WR EES 194 Test LED Never Turns Off n ic dcciadncdadenaediadd duane ees 195 LAN Port LEDS NoPOn crkcadaeee cee ew debee CRW Ree Read 195 Troubleshoot the Web Management Interface 195 Etheatnet Cabling cccctcntetaneseneisa taeandeweteeeeneehe x 195 IP Address ContigurahO sss ee a a ear er ean ae 195 Internet BrOWSEl cece die kin deeeee dee ier eee eee Cee eee 196 Troubleshoot a TCP IP Network Using the Ping Utility 197 Test the LAN Path to Your Wireless Controller 197 Use the Factory Default Button to Restore Default Settings 198 Problems with Date and TIME lt 4rcccaaedindendedeenpAgewragey y 198 ProSafe 20 AP Wireless Con
167. list above the heat map Use the Zoom slider to increase or decrease the size of the map Make adjustments to the wireless signal strength and coverage in real time by dragging the access point icons to new locations RF Planning 49 ProSafe 20 AP Wireless Controller WC7520 The colors disappear from the heat map until you click Apply again When you apply the new position the heat map is refreshed based on the new location and the RF data collected from the access points Click Apply to view how your changes affect the heat map Depending on the size of your WLAN it might take several minutes before the heat map is updated If you do not want to apply the changes click Close to return to the Deployed Buildings screen RF Planning 50 Access Point Discovery and Management This chapter includes the following sections e Access Point Discovery and Discovery Guidelines e Run the Discovery Wizard e Discovery Results Manage the Access Point List Access Point Discovery and Discovery Guidelines You need to run the Discovery Wizard for the wireless controller to discover supported NETGEAR access points on the LAN or WAN The wireless controller can discover access points that are still in their factory default state and access points that are deployed and running After the access points are discovered you can add them to the Managed AP List The wireless controller can configure manage and monitor the managed access
168. ly to save your settings Importing a List of Known Access Points from a File You can import a list of known access points from a saved file To do this create a text file that includes the MAC address of each access point This file needs to be a simple text file with one MAC address per line The wireless controller can support a total of up to 512 access points from the known and unknown lists combined gt To importa list of known access points from a file 1 5 6 Create a text file that includes a list of MAC addresses for the access points Each MAC address should be on a separate line with hard returns between lines as shown in the following example 00 00 11 11 22 29 00 00 11 11 22 28 00 00 11 11 22 27 00 00 11 11 22 26 000071111122425 Select Configuration gt Security gt Advanced gt Rogue AP to access the Rogue AP screen Click Browse navigate to the file containing the list of known access points and select it Next to Import Known List select one of the following radio buttons e Merge Merges the list of access points that you intend to import with those that are already present in the Rogue List e Replace Replaces the access points that are present in the Rogue List with those in the file that you intend to import Click Import Click Apply to save your settings Manage MAC Authentication and MAC Authentication Groups MAC authentication lets you set up an external or a local access control
169. mware see http support netgear com app products model a_id 12823 Introduction and Overview 15 ProSafe 20 AP Wireless Controller WC7520 WNDAP360 ProSafe Dual Band Wireless N Access Point Supports 802 11a 802 11b 802 119 and 802 11n network devices Supports PoE with a power consumption of up to 10 51W Concurrent operation in 2 4 GHz and 5 GHz radio band while in 802 11n mode Accepts optional antennas Requires minimum firmware version WNDAP360_ 2 0 3 or a newer version For product documentation and firmware see http support netgear com app products model a_id 19189 What Can You Do with the WC7520 Wireless Controller These are some of the tasks that you can perform with a WC7520 wireless controller Plan a Wireless Network Design a WLAN Design an efficient WLAN with building and floor dimensions for your specific environment Estimate the number of required access points and their approximate locations Estimate how many access points you need for your wireless coverage and determine their optimum location for best coverage and performance For more information see Chapter 3 RF Planning Discover Access Points in the Network and Provision IP Addresses and Firmware Discover access points in the network The access points can be in factory default state or functioning in standalone mode but after discovery by the wireless controller and addition to the managed access point list the access points bec
170. n The Add Profiles pop up window displays ADD Profiles Clone an existing Profile C Profiles NG_11g 0 CANCEL ADD Figure 40 c Either click Add or if you want to clone an existing profile select the Clone an existing Profile check box select a profile from the Profiles drop down list and then click Add The newly created profile displays onscreen and the tab for the new profile is automatically selected to let you configure the new profile Specify the settings as described in Table 15 on page 78 and Table 16 on page 81 Managing Security Profiles and Profile Groups 86 ProSafe 20 AP Wireless Controller WC7520 9 Click Apply to save your settings Edit and Remove Profiles from an Advanced Profile Group gt To edit an existing profile to an advanced profile group On the Profile Groups screen click a tab to select a profile group Click Edit The Edit Profile screen displays Click a tab to select a radio Click a tab to select a profile Change the settings as explained in the Table 15 on page 78 and Table 16 on page 81 Click Apply to save your settings eo PrP PSY gt To remove an existing profile from an advanced profile group 1 On the Profile Groups screen click a tab to select a profile group 2 Click Edit The Edit Profile screen displays 3 Click a tab to select a radio 4 Click a tab to select a profile 5 Click Delete and then confirm that you want to delete the profile Rem
171. n configure only licenses that is they can access only the License configuration menu tab under the Maintenance main navigation tab for more information see Manage Licenses on page 149 Captive portal users Users with credentials to access the captive portal and who are granted temporary access or access without expiration Wi Fi clients Users with credentials to access the wireless network These users do not need to use the captive portal or the guest portal to access the wireless network nor is their access subject to expiration In addition to the users you can also configure captive portal accounts that you use in combination with captive portal users Accounts specify the period during which wireless access is available and the amount that is charged for it gt To add auser or an account 1 2 Select Maintenance gt User Management The User Management screen displays with the Management tab and associated screen in view Select one of the following tabs to display the associated screen Management The Management screen displays This is the default screen that displays when you select Maintenance gt User Management Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management gt User Management Eq 192 168 0 251 User Management Management WiFi Clients Captive Po
172. n guidelines for external RADIUS servers For configuration guidelines for external MAC authentication see Guidelines for External MAC Authentication on page 118 For configuration guidelines for external authentication of captive portal users see Configure Captive Portal Settings on page 126 External LDAP server You can define one external LDAP server commonly referred to as an Active Directory AD server You need to specify its configuration on the basic Authentication Server screen see the next section so that you can select this authentication option during the configuration of a profile By default the external LDAP server for the basic authentication group is called basic LDAP You cannot change this name and you cannot configure any LDAP servers for the advanced authentication groups You can assign the basic LDAP server to both the basic profile group and to advanced profile groups All three servers can be active so that the profiles that you set up can be configured to work with different authentication servers For example you could set up a guest profile with no authentication an engineering profile that uses external RADIUS authentication and a marketing profile that uses external LDAP authentication The settings that you specify on the Authentication Server screen affect the selections available in the Network Authentication drop down list and the corresponding Authentication Server field on the Edit Profile screen
173. n on page 194 Introduction and Overview 12 ProSafe 20 AP Wireless Controller WC7520 Table 1 LED functions continued LED Status Description Test LED On The wireless controller is initializing After approximately 2 minutes when the wireless controller has completed its initialization the Test LED turns off If the Test LED remains on the initialization has failed see Test LED Never Turns Off on page 195 Off The wireless controller has completed its initialization successfully The Test LED should be off during normal operation Blinking Firmware is being upgraded Left LAN Off The port has no physical link that is no Ethernet cable is plugged into the port LED wireless controller see also LAN Port LEDs Not On on page 195 one for each port On green The port has detected a link with a connected Ethernet device Blinking green Data is being transmitted or received by the port Right LAN Off The port is operating at 10 Mbps port LED one for On amber The port is operating at 100 Mbps each port part On green The port is operating at 1000 Mbps Rear Panel Features The following figure shows the rear panel components of the wireless controller Figure 2 From left to right the wireless controller s rear panel components are e Console port RS232 port for connecting to an optional console terminal The port has a DB9 male connector The
174. nage Certificates e Configure Syslog and Alarm Notification Settings Configure General Settings Note You need to select the correct country or region of operation It might not be legal to operate the access points in a country or region not shown here If your location is not listed check with your local government agency or check the NETGEAR website for more information about which channels to use The General Settings screen lets you configure the basic settings of your wireless controller gt To configure general settings 1 Select Configuration gt System gt General The General Settings screen displays n Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocout Wireless Security Profile WLAN Network Captive Portal 5 Geeerel Ea ECT gt IP LAN General Settings gt DHCP Server Name gt Certificates Country Region United States gt Alerts Controller Location Code warehouseWC7520 Figure 27 63 ProSafe 20 AP Wireless Controller WC7520 2 Configure the settings as explained in the following table Table 8 General settings Setting Description Name Enter a unique value as the wireless controller name NETGEAR recommends changing the name as soon as possible after setting up The name needs to contain only alphabetical characters numbers and hyphens and needs to be 31 characters or less Country Region Fr
175. ne Mode 1am not sure Figure 20 2 Select the radio button to specify the state of the access points that you want to discover e Factory default state The access points have not been configured Installed and working in Standalone Mode The access points have been configured or deployed but they are not yet on the Managed AP List e lam not sure Select this radio button to display documentation 3 Click Next The next Discovery Wizard screen displays Access Point Discovery and Management 54 4 5 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics gt Discovery Wizard BEE gt Last Discovered Discovery Wizard gt Managed AP List Step 2 of 3 Choose Network Layout Select how the Access Points are connected to the controller Same L2 network directly or via backend L2 switch Different L3 networks different VLANs or behind IP subnets CANCEL Figure 21 Select the radio button that specifies the network layout of the access points and click Next e Same L2 network directly or via backend L2 switch Discover all access points on the LAN that are in the same IP subnet and are connected to the wireless controller either directly or through a back end Layer 2 switch Different L3 networks different VLANs or behind IP subnets Discover access points that are in different IP subnets and that are connected to
176. network and its various components Most screens have a Refresh button clicking this button displays the most recent information Note In tables with many entries you can select how many entries are displayed onscreen by selecting a number from the Entry Per Page drop down list in the lower left of the table Note There is no consistency of information among the screens that are shown in this chapter Monitor the Network Note The Network configuration menu tab displays under the Monitor main navigation menu tab only when you have configured stacking If you have not configured stacking go to Monitor the Wireless Controller on page 179 Note After you have configured redundancy click Refresh on the Network monitoring screens to display redundancy information 167 ProSafe 20 AP Wireless Controller WC7520 gt To monitor the network 1 Select Monitor gt Network 2 Select one of the following submenu links to display a network monitoring screen e Summary See View the Network Summary Screen e Usage See View Network Usage e Controller See View Wireless Controllers in the Network e Access Points See View Managed Access Points in the Network e Clients See View Clients in the Network e Profiles See View Security Profiles in the Network View the Network Summary Screen The following figure shows the Network Summary screen when both stacking and redundancy are configured Access Point Configuration Monitor Maint
177. nfiguration section in the datasheet at http support netgear com app products model a_id 13060 For information about how to manage your licenses see Manage Licenses on page 149 Maintenance and Support NETGEAR offers technical support seven days a week 24 hours a day Information about support is available on the NETGEAR ProSupport website at htto kb netgear com app answers detail a_id 212 Introduction and Overview 18 ProSafe 20 AP Wireless Controller WC7520 Web Management Interface Layout The following figure shows the menu at the top and the left of the wireless controller s web management interface the screen s content has been removed for more clarity Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT System Securit Profile WLAN Network Captive Portal v Basic lt a Controller selection list Radio On Off Wireless Channel Allocation RF Management pyadvenced 1st level Main navigation menu tab Action buttons 2nd level Configuration menu tab 3rd level Submenu link Figure 4 A web management interface screen can include the following components e 1st level Main navigation menu tab The main navigation menu tabs in the light gray bar across the top of the web management interface provide access to all configuration menu tabs of the wireless controller and remain constant When you select a main navigation menu tab the letters are displ
178. nfigurations It is important to know how to configure your network and decide which configuration model better fits your needs basic or advanced Once you follow one it is easy to use the same configuration model for the wireless and Quality of Service QoS settings Before you configure the wireless settings read Basic and Advanced Settings on page 22 Basic wireless settings If you use the basic configuration model the following wireless and QoS settings apply to all profiles in the basic profile group Basic radio on off schedule Basic wireless settings for each radio in the basic profile Basic RF management Basic rate limiting for each radio in the basic profile 90 ProSafe 20 AP Wireless Controller WC7520 e Advanced wireless settings If you use the advanced configuration model you can configure the following wireless and QoS settings separately for each profile group that you have created Advanced radio on off schedules for up to 8 profile groups Advanced wireless settings for each radio in up to 8 profile groups Advanced QoS settings for each radio in up to 8 profile groups Advanced RF management for up to 8 profile groups Advanced rate limiting for each radio in up to 8 profile groups e Global wireless settings The following wireless and QoS settings apply to all profiles whether in the basic profile group or in any of the advanced profile groups Basic channel allocation Basic load balan
179. ng Plans Diagnostics oscovey word ERENT Depending on your selections this screen might show Step 4 of 4 Last Discovered Managed AP List Discovery Wizard Step 3 of 3 Select Access Points to manage a Model IP MAC Name Site o WNAP210 192 168 0 161 0 3f 0e 7b 26 d0 netgear7B26D8 Local E WNAP210 192 168 0 162 c0 3f10e 7b 24 80 netgear782488 Local oO WNDAP360 192 168 0 160 c4 3d c7 a1 06 60 netgear1i0668 Remote v CANCEL BACK ADD Figure 23 Check the discovery results to make sure that all the access points are listed See the following section Discovery Results Select the site designation and add the access points as described in Add Access Points to the Managed List after Discovery on page 57 Discovery Results The effectiveness of autodiscovery depends in part on how the access points on your LAN are set up If each access point is configured with a unique IP address and is running current firmware then discovery is usually simple If the discovery results are not what you expect check the following Access points already managed by the wireless controller are not in the discovery list To view the Managed AP List select Access Point gt Managed AP List The access points might be in a different IP subnet Verify that you can ping the access point s IP address from the wireless controller s ping utility see Use the Diagnostic Tools on the Wireless Controller on page 200 If the access poi
180. ning Configurable management VLAN e Security Identity based security authentication with an external RADIUS or LDAP Active Directory server or with an internal authentication server Up to 8 profiles per profile group and 8 profiles per radio therefore dual band access points can support up to 16 profiles in one profile group Support for up to 128 access point profiles per wireless controller 8 profiles per group and 8 groups per radio Each access point profile supports settings for SSID network authentication data encryption client separation VLAN MAC ACL and wireless QoS Support for up 8 access point profile groups per wireless controller Rogue access point detection classification and mitigation Guest access and captive portal access with cost and expiration accounting Scheduled wireless on off times 1 Number of profiles depends on the access point model used with the wireless controller 2 Number of profile groups depends on the access point model used with the wireless controller Introduction and Overview 10 ProSafe 20 AP Wireless Controller WC7520 Wi Fi Multimedia Quality of Service and advanced wireless features Wi Fi Multimedia WMM support for video audio and Voice over Wi Fi VoWi Fi WMM power save option Automatic WLAN healing mechanism ensures seamless coverage for wireless users Layer 2 and Layer 3 seamless roaming support FRS Local Layer 2 traffic switching
181. nt disabling 61 discovery 51 discovery results 56 dual band 15 16 23 74 109 editing settings 60 factory default state 54 firmware minimum version 15 floor and building settings 62 IP addresses 61 IP subnet 55 56 known and unknown 116 local 51 57 59 managed status 59 models supported 15 pinging 200 rebooting 141 remote 52 57 59 rogue detecting managing and mitigating 113 viewing in the network 170 viewing on the managed access point 175 viewing on the wireless controller 186 sentry mode 61 standalone mode 54 62 supported models 15 tracing a route 201 troubleshooting 198 TX power controlling automatically 103 manually 96 98 viewing in the network 172 on the wireless controller 183 security profiles 175 statistics 175 VLAN settings 61 access remote 142 accounts captive portal 128 active SSIDs viewing 191 active voice calls preventing channel allocation 101 Advanced Encryption Standard AES 82 advanced settings description 22 74 AES Advanced Encryption Standard 82 Aggregated Mac Protocol Data Unit AMPDU 95 aggregation length 95 AIFS Arbitration Inter Frame Space 107 alarms settings 72 viewing in the network 169 viewing on the wireless controller 180 alerts viewing 146 AMPDU Aggregated Mac Protocol Data Unit 95 antenna 61 Arbitration Inter Frame Space AIFS 107 authentication certificates 70 external MAC authentication 79 118 RADIUS and LDAP servers 82 122 124 128 internal 124 me
182. nterruption of a few seconds Requirements and Restrictions for N 1 Redundancy These are the requirements and restrictions for N 1 redundancy to function correctly e All controllers in a redundancy group need to be in the same management VLAN and IP subnet The primary controllers need to be stacked e If three or four controllers are in the same redundancy group you need to configure one controller as the redundant controller and all other controllers as primary controllers All controllers in the redundancy group need to run the same firmware version If the firmware versions do not match redundancy does not work e The licenses on the redundant controller need to match those on the primary controller that has the largest number of licenses For example in a redundancy group with two primary controllers if one primary controller has a license for 20 access points and the other primary controller has a license for 50 access point the redundant controller needs to have a license for 50 access point If the licenses do not match redundancy does not work e For the relationship of each primary controller with the redundant controller you need to configure a unique VRRP ID also in relation to any other VRRP IDs that might be used for other purposes in the network You also need to configure a unique local controller IP address for each controller in the redundancy group Managing Stacking and Redundancy 161 ProSafe 20 AP
183. ntroller configuration Step Configuration Web management interface path 1 On each individual wireless controller that you intend to make a stack member follow the configuration steps as explained in one of the previous sections See Single Controller Configuration with Basic Profile Group on page 30 or Single Controller Configuration with Note If the stack members will be on different floors or in different buildings you can configure a separate access point profile group for each building or floor 2 Configure the primary wireless controller and deploy it in the Advanced Profile Groups on page 31 network 3 Configure the secondary wireless controllers and deploy them in the network 4 Interconnect the wireless controllers that you intend to make members of the stack The connection needs to be a wired connection but does not need to be a direct connection that is a switch or router can be located in between the wireless controllers that are part of a stack 5 Configure the stacking group on the wireless controller that you Stacking gt Stacking intend as the primary controller 6 Synchronize all wireless controllers that are members of the stack Management VLAN and Data VLAN Strategies If your network includes 10 or more access points NETGEAR recommends that you set up at least two VLAN groups a management VLAN group and a data VLAN group If your network is large y
184. ntroller is connected to the PoE switch through default VLAN 1 You manage the wireless controller from a computer over VLAN 1 through the PoE switch e The DHCP server on the wireless controller is configured in management VLAN 100 to enable the access points to receive an IP address through VLAN 100 e The PoE switch port to which the wireless controller is connected is configured as a tagged port to allow tagged traffic from VLAN 100 System Planning and Deployment Scenarios 36 ProSafe 20 AP Wireless Controller WC7520 Provisioning the Wireless Controller Step Configuration Web management interface path 1 For initial discovery and configuration of the access points temporarily configure management VLAN 100 as an untagged management VLAN on both the wireless controller and the PoE switch Configuration gt System gt IP VLAN Configure the basic system settings 1 Configure the country code of operation Configuration gt System gt General 2 Configure the IP address of wireless controller 3 Configure the management VLAN as VLAN 100 Configuration gt System gt IP VLAN 4 Clear the Untagged Vlan check box This changes VLAN 1 to a tagged VLAN Add a DHCP server that uses VLAN 100 1 Configure the IP address range for VLAN 100 2 Configure the other DHCP server fields including the gateway and DNS servers Configuration gt System gt DHCP Server
185. nts are in factory default mode and across a router they are not detected With the exception of access points in factory default state that are in the same layer network if more than one access point has the same IP address then only one of them is Access Point Discovery and Management 56 ProSafe 20 AP Wireless Controller WC7520 discovered at a time You have to add the access point to the managed list change its IP address and then run discovery again to discover the next access point with that IP address Make sure that a DHCP server is available in the network or on the wireless controller Note For troubleshooting information see Problems with Access Points on page 198 Manage the Access Point List Add Access Points to the Managed List after Discovery After the wireless controller autodiscovers the access points as explained in Access Point Discovery and Discovery Guidelines on page 51 select the site designation and then add the access points to the managed list so that the wireless controller can manage them gt To select the site designation and add discovered access points to the managed list 1 On the last Discovery Wizard screen Step 3 of X Select Access Points to manage see Figure 23 on page 56 that displays the discovered access points select an access point that you want to designate as a remote access point From the Site drop down list select Remote The default is Local All access points f
186. o 4MoOoOowa oOo Prevent channel change during Active voice call High Traffic Load enable O disable enable O disable Schedule channel allocation Run channel allocation at Run channel allocation every Figure 46 2 Configure the settings as explained in the following table Table 23 Channel allocation settings Setting Description Automatic channel allocation Ensure that the Enable radio button is selected during normal operation Automatic channel allocation distributes channels across the managed access points to reduce interference To disable automatic channel allocation select the Disable radio button Valid corporate channels Specify the wireless band by selecting the 2 4 GHz or 5 GHz check box For each wireless band the following applies e You can remove one or more channels from the list of available channels by clearing its check box This is a good way to avoid interference with competing equipment such as in a medical setting where medical devices use a specific channel e You cannot add channels The wireless controller determines available channels based on the country or region that you specified on the General Settings screen see Configure General Settings on page 63 Configuring Wireless and QoS Settings 100 ProSafe 20 AP Wireless Controller WC7520 Table 23 Channel allocation settings continued Setting Description P
187. o clear all information from the screen and from memory click the Clear All button To view system alerts Select Maintenance gt Logs amp Alerts gt System Alerts The System Alerts screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management gt System Alerts gt RF Events gt Load Balancing gt Rate Limit gt Redundancy gt Stacking gt Save Logs Severity Figure 73 Self 192 168 0 30 System Alerts Description Access Point NAME netgear7826D8 1P 192 168 0 2 MAC c0 3f10e 7b1261d0 MODEL WNAP210 UP Access Point NAME netgear7B2488 IP 192 168 0 3 MAC c0 3f10e17b 24 80 MODEL WNAP210 UP Access Point NAME netgear7B2488 IP 192 168 0 3 MAC c0 3f10e 7b 24 80 MODEL WNAP210 DOWN Access Point NAME netgear7B26D8 1P 192 168 0 2 MAC c0 3f10e 7b 26 d0 MODEL WNAP210 DOWN System UP Access Point HAME netgear7B2488 IP 192 168 0 3 MAC c0 3f10e 7b 24 80 MODEL WNAP210 UP Access Point NAME netgear7B26D8 1P 192 168 0 2 MAC cO 3f 0e 7b1261d0 MODEL WNAP210 UP Access Point NAME netgear7B2488 IP 192 168 0 3 MAC c0 3f10e 7b 24 80 MODEL WNAP210 DOWN Access Point NAME netgear7B26D8 1P 192 168 0 2 MAC c0 3f 0e 7b 26 d0 MODEL WNAP210 DOWN Access Point NAME netgear782486 IP 192 168 0 3 MAC c013f10e 7b 24 80 MODEL WNAP2
188. o the wireless controller including HTTP HTTPS SNMP and SSH traffic is carried over the management VLAN If the management VLAN is also configured as a tagged VLAN the most common configuration the packets to and from the wireless controller carry the 802 1Q VLAN header with the assigned VLAN number If the management VLAN is marked as untagged the packets that are sent from the wireless controller do not carry the 802 1Q header and all untagged packets that are sent to the wireless controller are treated as management VLAN traffic Note Use a tagged VLAN or change the tagged VLAN ID only if the hubs and switches on your LAN support 802 1Q If they do not and you have not specifically configured a tagged VLAN with the same VLAN ID on the hubs and switches in your network IP connectivity might be lost The wireless controller needs to have IP connectivity with the access points through the management VLAN If the wireless controller and the access points are on different management VLANs external VLAN routing needs to allow IP connectivity between the wireless controller and the access points For information about how to configure management VLANs see Configure IP and VLAN Settings on page 65 System Planning and Deployment Scenarios 28 ProSafe 20 AP Wireless Controller WC7520 Client VLANs Each authenticated wireless user is placed into a VLAN that determines the user s DHCP server IP address and Layer 2 connection
189. oE switch connects to a Layer 3 switch or router that provides Internet access Provisioning the Wireless Controller Step Configuration Web management interface path 1 Configure the basic system settings 1 Configure the country code of operation Configuration gt System gt General 2 Configure the IP address of wireless controller Configuration gt System gt IP VLAN 3 Verify that VLAN 1 is set as the management VLAN and is marked as untagged which is the default setting 2 Configure the basic wireless settings and security 1 Configure an SSID for wireless access Configuration gt Profile gt Basic 2 Configure the network authentication and data encryption 3 Configure the encryption 3 Use any port of the wireless controller to connect the wireless PoE switch 4 Deploy the access points and connect them to the same wireless PoE switch 5 Run the Discovery Wizard select the network layout and select Access Point gt Discovery Wizard the access points that you want to be managed by the wireless controller Note By default all access points are added to the basic group and all settings from the basic group profile definition client authentication authentication settings and wireless QoS are applied to the access points Scenario Example 2 Advanced Network with VLANs and SSIDs The following sample scenario consists of an advanced network
190. oint Configuration Monitor Maintenance Stacking Plans Diagnostics Controller WLAN Clients Summary Access Point Select Name Location Status Model Remote netgearAl0668 Administration healthy 4 3d 7 91 06 60 192 168 0 168 WNDAP360 Remote 5 Access Point netgear768248S Orthopedics healthy O 3f 0e 7b 24 80 192 168 0 163 WNAP210 Local netgear782608 Surgery healthy O 3f 0e 7b 26 d0 192 168 0 162 WNAP210 Local gt Usage gt Controller gt Clients gt Profiles Figure 97 Left side of the Network Access Point screen Sentry Building 2 4 GHz Channel 5 GHz Channel Uptime Controller IP Building Remote 1 Floor 2 1 2 412Ghz 36 S 180Ghz 20 mins 16 secs 192 168 0 250 Clinic Floor 1 6 2 437Ghz NA 20 mins 18 secs 192 168 0 250 Clinic Floor 1 11 2 462Ghz NA 20 mins 20 secs 192 168 0 250 REFRESH DETAILS EXPORT Figure 98 Right side of the Network Access Point screen The Network Access Point screen lets you monitor all managed access points in the network To view additional access points click Next to return to the previous access points click Previous The following table explains the fields of the Access Point table on the Network Access Point screen Table 41 Network access point information Item Description Select The radio button that lets you select the access point When you click the Details button the corresponding AP Details pop up window displays see Figure 99 on page 174 and Figure 1
191. ol to enable the Tx Power drop down list on the Advanced Wireless Settings screen The table on the Advanced Wireless Settings screen shows the access points that are managed in the profiles of the selected profile group and to which the channel allocation and advanced RF management settings apply Use the drop down lists to change channel or transmission power settings Table 22 Advanced profile groups channel and transmission power settings Setting Description AP Name The name of the access point Access Point Channel Override these settings only if there is a specific need From the drop down list select a channel and frequency for the access point to operate in Note Changing a channel might temporarily affect the traffic on the access point Note By default the access point s channel and frequency are set to the ones that are enabled for the radio and profile group If the channel and frequency are not available on the access point then the channel and frequency are set to the ones providing the highest performance For more information see Configure Channels on page 99 Tx Power From the drop down list select the transmission power of the access point Note By default the access point s transmission power is set to the configuration that is selected on the basic RF Management screen For more information see Advanced RF Management for Profile Groups on page 104 7 Click Apply to save y
192. oller WC7520 Back Return to the previous screen Next Advance to the next screen Controller selection list In a stacked configuration the controller selection list lets you select the wireless controller to configure Initial Connection and Configuration Follow the steps in this section to set up the wireless controller For additional information see the WC7520 ProSafe Wireless Controller Installation Guide that you can access from http kb netgear com app products model a_id 13060 gt To set up configure and deploy the wireless controller 1 Connect the wireless controller to your computer a Configure a computer with a static IP address of 192 168 0 210 and 255 255 255 0 as the subnet mask b Connect the wireless controller to the computer through the network or directly to one of the wireless controller s ports c Connect the power cord from the wireless controller to an AC power outlet d Check the lights on the front of the wireless controller e Power The green Power LED should be lit If the Power LED is not lit check the connections and check to see if the power outlet is controlled by a wall switch that is turned off e Test The Test LED is on briefly when the controller is first turned on e LAN The Ethernet LAN LED should be lit amber for 10 100 Mbps and green for 1000 Mbps indicating that a connection has been made If it is not make sure that the Ethernet cable is securely attached at
193. ollowing table shows the data encryption options based on network authentication and the required configuration steps to implement a selected network authentication Note On the Edit Profile Basic or Edit Profile Group X screen for any selection from the Network Authentication drop down list that requires a RADIUS server note that authentication is actually not restricted to a RADIUS server you can also use an internal authentication server or an external LDAP server Note For information about requirements for WEP keys and WPA passphrases see Table 54 on page 203 Note You can configure either MAC authentication with an external RADIUS server or network authentication with an external RADIUS server but not both That is if you configure external MAC authentication you cannot use an external RADIUS server with WPA WPA2 or WPA amp WPA2 Table 16 Network authentication and data encryption settings Network authentication selection Data encryption options Configuration steps Open None WEP You can use an open system without any encryption or with WEP encryption e No encryption An open system without encryption is the default setting No further authentication and encryption configuration is required WEP encryption To configure an open system with WEP encryption see the Shared Key and WEP information further down in this table Managing Security Profiles and Profile Groups
194. om the drop down list select the region of operation for the wireless controller and the access points managed by the wireless controller This setting is crucial for optimal performance of the wireless controller The wireless controller uses the country code to determine the best wireless settings for your access points In the United States the country is preset and cannot be changed on the access points If the country or region is not set up correctly the wireless controller might not be able to access the access points Controller Optionally enter a code to identify the physical location of the wireless controller This Location Code is especially useful if you use more than one wireless controller 3 Click Apply to save your settings Time Management This screen lets you configure the time related settings of your wireless controller and managed access points gt To configure time settings 1 Select Configuration gt System gt Time The Time Settings screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT Wireless Security Profile WLAN Network Captive Portal gt General Self 192 168 0 251 Time s IP LAN Time Settings gt DHCP Server Time Zone USA Paciic Certificates Current Time Thu Jul 29 11 38 26 PDT 2010 Alerts NTP Client enable disable Use Custom NTP Server ic Hostname IP Address 192 168 0 9 Figure 28
195. ome dependent managed access points Provision IP addresses to the access points Use the internal DHCP server to provision IP addresses to all or selected managed access points in the network Upgrade access point firmware Update and synchronize new firmware versions to all managed access points in the network For more information see Chapter 4 Access Point Discovery and Management Organize the Network Create access point profiles Organize access points in profiles to differentiate between SSIDs client authentication authentication settings and wireless QoS settings Create access point profile groups Organize access point profiles in access point profile groups to differentiate between buildings floors businesses or business divisions Introduction and Overview 16 ProSafe 20 AP Wireless Controller WC7520 and so on Easily assign access points to profile groups or make changes to assignments For more information see Chapter 6 Managing Security Profiles and Profile Groups Centrally Manage the Wireless Settings for the Network Schedule the radios Schedule the entire network to go offline or schedule access point profile groups to go offline Manage wireless settings and channel allocation Manage the wireless settings such as wireless mode data rate channel width and so on for the entire network or for access point profile groups and manage channel allocation for the entire network Manage QoS setting
196. omplete the procedure Configuring Network Access and Security 134 Maintaining the Controller This chapter includes the following sections Manage the Configuration File Reboot or Reset the Wireless Controller Reboot Access Points Manage External Storage Manage Remote Access View Alerts and Events and Save the Logs Manage Licenses Manage the Configuration File This section includes the following subsections Back Up and Restore the Configuration File Upgrade the Configuration File The configuration settings of the wireless controller are stored in a configuration file on the wireless controller This file can be saved backed up to a computer retrieved restored from the computer or cleared to factory default settings Once the wireless controller is installed and works correctly make a backup of the configuration file to a computer If necessary you can later restore the wireless controller settings from this file Back Up and Restore the Configuration File To display the Backup Restore screen select Maintenance gt Backup Restore 135 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics i LOGOUT User Management Upgrade Licensing Reboot Reset Extended Storage Remote Management Logs amp Alerts cockup eestore EA EERECERETY Backup Restore Backup Backup a copy of the current settings to a file BACKUP Restore
197. on Item Description MAC The MAC address of the wireless client Access Point The name of the access point to which the wireless client is connected BSSID The MAC address of the access point s radio to which the wireless client is connected SSID The wireless network SSID that the wireless client is using to connect to the access point Frequency The channel frequency that the wireless client is using to connect to the access point Auth The security mode that the wireless client is using to connect to the access point Open WEP WPA WPA2 or WPA WPA2 Client Type The wireless mode that the wireless client is using to connect to the access point 802 114 b g or n Monitoring the Wireless Network and Components 177 ProSafe 20 AP Wireless Controller WC7520 Table 44 Network client details information continued Item Description Cipher The type of encryption that the wireless client is using WEP AES TKIP or TKIP AES AID The association ID of the client RSSI The received signal strength indicator RSSI of the wireless client Tx Power The transmit power of the wireless client Tx Rate The transmit rate in Mbps of the wireless client Tx Bytes The number of bytes that the wireless client transmitted Rx Rate The receive rate in Mbps of the wireless client Rx Bytes The number of bytes that the wireless client received Tx p
198. on n se aaua aaee 32 Management VLAN and Data VLAN Strategies 32 Deployment Scenario 1 4 4 2creeieievaineeataneatavaeueeesas 34 Scenario Example 1 Basic Network with Single VLAN 34 Scenario Example 2 Advanced Network with VLANs and SSIDs 35 Scenario Example 3 Advanced Network with Redundancy 38 Chapter 3 RF Planning RF Planning OVC is eh heed a eee a a 41 Planning Reguiremernis ers srerrrrsrsocsriaiere a Ew we 41 Define and Edit Buildings and Floors 2 2 02 02050 20 cee eee ee 42 Specify Access Point Requirements 00 cece eee eae 45 View and Manage Heat Maps for Deployed Plans 48 Table of Contents 4 ProSafe 20 AP Wireless Controller WC7520 Chapter 4 Access Point Discovery and Management Access Point Discovery and Discovery Guidelines Requirements for Autodiscovery of Local Access Points Requirements for Autodiscovery of Remote Access Points Run the Discovery Wizard 6 ices creed ind oinee he ddee dneae diin Eik Discovery ase ee ee ee ee ee eee Manage ihe Access Point Ist ciceenddnde deco tanee ve beerae eau Add Access Points to the Managed List after Discovery Edit and Remove Access Point Information 04 Chapter 5 Configuring Network Settings Configure General Settings 00 0 eee eee Time Manageme ereraa M eG PRE RTRE Re SRS A eS HH Configure
199. on Opportunity TXOP limit The TXOP limit applies only to station AP EDCA parameters and specifies the maximum period during which the client station client can initiate transmissions 5 Click Apply to save your settings Configure Load Balancing Load balancing allows the wireless controller to distribute access point clients equally among access points You configure load balancing per type of access point model and per radio There are two criteria the maximum number of clients and the signal strength e Maximum number of clients If more than the maximum number of clients per access points try to associate they are pushed to another access point e Signal strength Signal strength determines speed If many clients are close and one client is far there is too much air time for the distant client That client would have to wait while sending and receiving You can give a threshold for signal strength which is specified as a percentage such as 50 percent Note The load balancing settings apply to all profiles whether they are in the basic profile group or in advanced profile groups The controller supports balancing of load on the access points it manages This is based on the number of clients connected to access points as well as signal quality of clients When a client discovers access points using probe requests or sends association frames the Configuring Wireless and QoS Settings 107 ProSafe 20 AP Wireless Con
200. onfigurable fields are explained in the following table Table 38 Redundancy settings Setting Description Controller Role This is a nonconfigurable field that shows if the primary controller functions as a master or slave controller in the stack for which you are configuring redundancy Note For a single controller with redundancy the primary controller role is always master Controller IP This is a nonconfigurable field that shows the IP address of the primary controller This IP address is transferred to the redundant controller if a failover occurs VRRP ID 1 255 For each primary controller in the redundancy group enter a number from 1 through 255 as the VRRP ID This enables each primary controller to have a unique relationship with the redundant controller Note For a single controller with redundancy there is a single primary controller and therefore a single VRRP ID Local IP For each primary controller in the redundancy group enter a local IP address This IP address remains assigned to the primary controller and is not transferred to the redundant controller if a failover occurs This allows each primary controller to be identified before and after a failover Note For a single controller with redundancy there is a single primary controller for which you need to enter a local IP address A WARNING Enabling redundancy causes the wireless controller to reboot which might temporar
201. onfigurations Configure th GING ain casie wou ac den med as do dap madi a a albod Basic Radio COnigquren ccccrcccatincextaiovesn teva ceebad os Advanced Radio Configuration for Profile Groups Configure Wireless SettingS 0 0 eee eee Basic Wireless Configuration 00 ccc cee eee eee Advanced Wireless Configuration for Profile Groups ProSafe 20 AP Wireless Controller WC7520 Configure Channels yay oc eed eueedwehee yer di dedas Sede auead ee Specify RF Management 0 00 cece eee eee Basic RF Nanagement acc0ceds00ocnesdtseeeareseinee dine Advanced RF Management for Profile Groups Configure QoS for Profile Groups 0000e eee eee eee Configure Load Balanting cca icxneews boda hoe dd dee oe Configure Rate LIMIN cccrcceneteat eons deketadeeweeumee a Basi Raio LIMUN ere sed de doce th cee da A ae ea dated oe Advanced Rate Limiting for Profile Groups Chapter 8 Configuring Network Access and Security About Basic and Advanced Security Configurations Manage Rogue Access Points 0000 ce eee eee eae Configure Basic Rogue Detection Settings 005 Configure Advanced Rogue Detection Settings Manage MAC Authentication and MAC Authentication Groups Guidelines for External MAC Authentication Configure Basic Local MAC Authentication S
202. onnected If the error is prolonged verify the access points IP address and network connectivity Note Make sure that there is a DHCP server enabled in the network otherwise the managed access points remain in the Connecting state and do not enter the Connected state Site Shows whether the access point is a local or remote one e Local The AP is deployed at the local site e Remote The AP is deployed at a remote site Group Name The default group is basic Capability The wireless modes that are supported by the access point Note Capability information lets you determine which access points are 802 11n mode capable but function in 802 119 mode 2 4ghz Mode The access point s wireless modes that function in the 2 4 GHz band 5ghz Mode The access point s wireless modes that function in the 5 GHz band Sentry Shows whether or not sentry mode is enabled e No Sentry mode is disabled e Yes Sentry mode is enabled Edit and Remove Access Point Information gt To edit an access point in the Managed AP List Select Access Point gt Managed AP List to view the Managed AP List see Figure 24 on page 58 and Figure 25 on page 58 Select the access point that you want to edit by selecting its radio button in the Edit column of the Managed AP List Click Edit The Edit Access Point screen displays 1 2 Access Point Discovery and Management 59 ProSafe 20 AP Wirel
203. or which you do not change the site designation to Remote are designated as Local Repeat step 1 and step 2 for each access point that you want to designate as a remote access point Select the check boxes for individual access points or select the check box on the upper left to select all access points Click Add Depending on the type of access points that have been discovered a screen that lets you enter or ignore a login name and password might display The access points are added to the Managed AP List and the wireless controller upgrades the firmware of the access points to the latest firmware that is loaded on the wireless controller e If you want to wait until later to add the discovered access points you can select Access Point gt Last Discovered to view the most recently discovered access points From this screen you can add the access points to the Managed AP List e After you have added the access points to the Managed AP List they are removed from the discovery results and the Last Discovered screen Select Access Point gt Managed AP List The Managed AP List screen displays Because this is a wide screen it is shown in the following two figures Access Point Discovery and Management 57 ProSafe 20 AP Wireless Controller WC7520 Configuration Monitor Maintenance Stacking Plans Diagnostics gt Discovery Wizard gt Last Discovered gt Managed AP List _Managed AP List __ Name Status 192 168 0
204. ot partitions to allow you to switch the wireless controller from one firmware version to another gt To upgrade the firmware 1 Go to the NETGEAR support page for the WC7520 wireless controller at http kb netgear com app products model a_id 13060 or to a TFTP or FTP server 2 If you intend use a local file for the upgrade download the firmware from the NETGEAR support page for the WC7520 wireless controller and save it to your computer 3 Select Maintenance gt Upgrade The Firmware Upgrade screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt Firmware Ea 192 168 0 30 Upgrade Firmware Upgrade Otere rre Otocal File Server Parameters Server IP File Name User Name Password Boot Information Active Partition Partition 1 Firmware version 2 1 0_1747 Boot Partition to Upgrade Partition Partition 2 After upgrade boot from Partition Partition 2 Schedule Scheduled Upgrade Status None When to Upgrade O ater hr 124 mins 214 Month 8 Date 174 Year 20104 now Figure 65 Maintaining the Controller 137 ProSafe 20 AP Wireless Controller WC7520 4 Configure the settings as explained in the following table Table 31 Firmware upgrade settings Setting Description TFTP FTP or Local File Select one of the
205. ou should create a number of data VLAN groups Setting up data VLANs for clients allows you to e Segregate traffic by user category e Create different policies such as access policies that are based on user category The following illustration shows a simplified view of how you can use VLANs to segregate traffic by user category System Planning and Deployment Scenarios 32 ProSafe 20 AP Wireless Controller WC7520 Management VLAN 100 Ethernet traffic Finance VLAN 10 Ethernet traffic Employees VLAN 20 Ethernet traffic E m Deploy the controller TRAE on a trunk port j Wireless PoE or router switch LLII tt Controller Access Point WC7520 WNDAP350 eee Finance Finance computer computer Employee Employee computer computer Figure 10 The wireless controller uses the management VLAN to continually exchange packets with the access points For large networks if all traffic uses a single VLAN the client traffic could potentially flood the network If this happens and the wireless controller is not able to exchange packets with the access points it can cause network performance to slow down and the access points can lose their connectivity with the wireless controller You should deploy the wireless controller on a trunk port on your switch The trunk port should have access to all VLANs Use a high speed port on your switch as the trunk port to
206. our settings Configuring Wireless and QoS Settings 98 ProSafe 20 AP Wireless Controller WC7520 Configure Channels CAUTION Do not disable channel allocation unless you are debugging or there is an extreme situation that affects the channels Automatic channel allocation distributes channels across the managed access points to reduce interference Each wireless controller allocates channels for its managed access points regardless of their configured security profiles The wireless controller detects interference traffic load on the access point and neighborhood maps to determine the best channel for an access point This information collected over the previous 24 hours is used by the controller to determine the best possible channel for the access point You can configure channel allocation to allow allocation of only the specified channels when channel allocation is scheduled to run This ensures that the access points use only the channels allowed according to administration policies Note Click the Run Now button to immediately allocate channels when circumstances warrant such as when you add a new access point or change your network Running channel allocation might temporarily affect traffic on the managed access points in the network To adhere to best practices when adjusting channel allocation NETGEAR recommends the following e Select channels that do not overlap For example for 2 4 GHz use channels 1 6 and
207. ous table 4 Click Apply to save your settings Configure Wireless Settings Typically the default wireless settings do not need adjustment Override the wireless settings only if there is a specific need such as a phone vendor that specifies a setting different from the default You can configure wireless settings for the basic profile group and for advanced profile groups see Advanced Wireless Configuration for Profile Groups on page 96 Basic Wireless Configuration gt To configure basic wireless settings 1 Select Configuration gt Wireless gt Basic gt Wireless The Basic Wireless Settings screen displays System Monitor Security Profile WLAN Network Self 192 168 0 251 Basic Wireless Settings Basic Radio On Off gt Wireless Channel Allocation RF Management A Rivan ad 802 1 1b bg ng 802 1 1a na Turn Radio On Wireless Mode Data Rate Channel Width Guard Interval RTS Threshold 0 2347 Fragmentation Length 256 2346 Beacon Interval 100 1000 Aggregation Length 1024 65535 AMPDU RIFS Transmission DTIM Interval 1 255 Preamble Type AP Name netgear782608 netgear782488 1 2412Ghz vv Maintenance Access Point Channel Stacking Plans Diagnostics Captive Portal 602 11ng Best v 20 40 MHz Dynamic 800 ns 2347 2346 100 65535 enable O enable 3 auto O disable disable oO Long Tx Power Half v hat w Figure 44
208. ove an Advanced Profile Group gt To remove an advanced profile group 1 On the Profile Groups screen click a tab to select a profile group 2 Click Delete Note You edit profile groups by adding removing or changing profiles Manage Basic and Advanced Profile Groups in the WLAN By default all access points are automatically assigned to the basic profile group You can use this screen to assign access points to other profile groups gt To assign access points to a profile group 1 Select Configuration gt WLAN Network The WLAN Group Assignment screen displays Managing Security Profiles and Profile Groups 87 ProSafe 20 AP Wireless Controller WC7520 System Wireless Monitor Maintenance Stacking Plans Diagnostics Security Profile Captive Portal gt Basic Self 192 168 0 251 WLAN Group Assignment IP MAC Model Name Building Floor Status Remote Sentry Group Name 192 168 0 167 c4 3d e7 01 06 60 WNDAP360 netgesrA106689 Building Remote 1 Floor i Connected Remote No basic 192 168 0163 cO 3f10e 7b 124 80 WNAP210 netgear7B2489 Clinic Floor 1 Connected Local No basic 192 169 0 162 cOs3fiOer7bi26id0 9 WNAP2I0 netgear7B2608 Clinic Floor a Connected Local No Group 2 Figure 41 The displayed settings are explained in the following table Table 18 WLAN group assignments Setting Description IP The IP address of the access point MAC The MAC address
209. p down list e Hour s The expiration period is measured in one or more hours Day s The expiration period is measured in one or more days e Week s The expiration period is measured in one or more weeks e Month s The expiration period is measured in one or more months Print Message As an option enter a message for the captive portal user Configuring Network Access and Security 132 ProSafe 20 AP Wireless Controller WC7520 Table 30 User and account settings continued Setting Description Captive Portal Users Note This selection is disabled if the portal setting is a guest portal instead of a captive portal Add User User Name Password Expiry GENERATE Confirm Password Account One_Day v No Expiry gt O c 2 Expiresin 1 Y mins Expires at hr 19 mins 5 Month 10 Date 26 Y Year 2011 v CANCEL APPLY User Name Enter a unique user name Only alphanumerical characters and underscore characters _ are supported Password Enter a password in the Password field and confirm the password in the Confirm Password field As an alternate method to entering a password in both the Password and Confirm Password fields click Generate Expiry Select one of the following radio buttons to specify the expiration of the wireless access e Account Select an account from the drop down list Wireless access expire
210. pabilities 0 0 0 0 0 eee 9 Package COMES lt 5ccateredcaeanieeed EEE EE 11 Hardware Features aa anaana anana eee eee es 12 Front Panel Ports and LEDS cci0cccaae bape eee ew bebe ee eawe ds 12 Rear Panel Features 0 0 0 cece eee eee 13 Bottom Panel with Product Label 0 0000 e ewes 14 WC7520 Wireless Controller System Components 14 NETGEAR ProSafe Access Points 00000 cece eee 15 What Can You Do with the WC7520 Wireless Controller 16 LICBNGBS snuck cade db Ree Ri E S E EE eKS ALLELE RES BERS 18 Maintenance and Support 0 0 c cee eee 18 Web Management Interface Layout 000 cee eee eee 19 Initial Connection and Configuration 20000 cece 20 Basic and Advanced Settings 0 00 0c cece eee 22 Prone GOUDE 2 ince Sede ae cag ee ieian Sega eth ad eaeeadeee ae 23 Choose a Location for the Wireless Controller 0 0 25 Deploy the Wireless Controller 0 0 0 0 0 0 cee eee eens 26 Chapter 2 System Planning and Deployment Scenarios Sree PWN cc adaacsunes da eesoudess tease dee baeeenaeceus 27 Preinstallation Planning i6 6d45 dade s4ee dr eads oda vy Ede s v8 27 Before You Configure a Wireless Controller 0200 28 Single Controller Configuration with Basic Profile Group 30 Single Controller Configuration with Advanced Profile Groups 31 Stacked Controller Configurati
211. point to the client station AP EDCA parameters and these settings do take affect even when WMM is disabled 4 Configure the settings as explained in the following table Configuring Wireless and QoS Settings 106 ProSafe 20 AP Wireless Controller WC7520 Table 25 QoS settings Setting Description AIFS Specify a wait time in milliseconds for data frames Valid values for Arbitration Inter Frame Space AIFS are 1 through 255 CwMin Specify an upper limit in milliseconds of a range from which the initial random backoff wait time is determined Valid values for this field are 1 3 7 15 31 63 127 255 511 or 1024 The value for the Minimum Contention Window CwMin needs to be lower than the value for the Maximum Contention Window CwMax CwMax Specify an upper limit in milliseconds for the doubling of the random backoff value Valid values for this field are 1 3 7 15 31 63 127 255 511 or 1024 The value for the Maximum Contention Window CwMax needs to be higher than the value for Minimum Contention Window CwMin Max Burst Specify in milliseconds the maximum burst length allowed for packet bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information Valid values for maximum burst length are 0 0 through 999 9 The maximum burst length applies only to AP EDCA parameters TXOP Limit Specify the Transmissi
212. points supported 15 multicast routing 52 N neighboring clients viewing 185 network authentication 79 network performance troubleshooting 200 network status viewing summary 169 network usage viewing 170 notification server emails 72 N to 1 redundancy 160 NTP Network Time Protocol client and server 65 number of clients per radio 46 210 ProSafe 20 AP Wireless Controller WC7520 P package contents 11 partition memory 138 password requirements 203 passwords restoring default 198 users 128 physical specifications 202 pinging access points 200 PoE Power over Ethernet access points 15 ports 12 13 Power LED 12 194 power socket AC 14 preamble type 95 preventing channel allocation 101 primary controller stacking 155 product label 14 profile groups See access point groups profiles See security profiles Q QoS quality of service 105 R rack mounting 25 radio turning on and off 91 RADIUS servers 82 122 124 128 rate limit logs viewing 147 rate limiting 109 rebooting access points 141 wireless controller 139 198 received signal strength indication RSSI 47 108 reduced interframe space RIFS transmission 95 redundancy logs viewing 148 redundancy status viewing 168 redundancy managing 158 redundant controller 164 registration keys licenses 150 152 remote access 142 remote access points 52 57 59 remote buildings 42 requirements autodiscovery 51
213. put Gigawords Acct Input Gigawords gt To configure a captive portal 1 Monitor Maintenance Stacking System Wireless Security Profile WLAN Network Portal Settings Portal Type gt Basic Guest Local Radius Server Select Placement O Center O Bottom Load Background Image gif jpg bmp EULA Eula Text Required 4 Select Configuration gt Captive Portal The Portal Settings screen displays Plans Diagnostics Captive External basic Auth Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User EULA Enter the End User License Agreement End User License Agreement EULA Enter the Agreement EULA Enter the End User License EULA Enter the End User License Agreement End User License Agreement EULA Enter the Agreement EULA Enter the End User License EULA Enter the End User License Agreement End User License Agreement EULA License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the F igure 59 Configuring Network Access and Security 127 ProSafe 20 AP Wireless Controller WC7520 2 Configure the settings as described in the following table Table 29 Portal settings Setting Description Portal Settings section Portal Type Select one of the following radio buttons e Guest A guest port
214. r 1 CONSFIOE 7B124 82 NG_iig 2 Open 00 40 F4 F4 70 C2 192 168 0 6 Orthopedics metgear7B2488 192 168 0 3 Clinic Floor 2 CO 3F 0E 7B 24 81 NG_iig 1 Open gt Summary gt Usage gt Access Point gt Clients Oo gt Neighboring Location Security Clients gt Rogue AP gt Profiles gt DHCP Lease gt Captive Portal sers REFRESH LOCATE DETAILS EXPORT Figure 108 The Controller Clients screen lets you monitor all clients that are connected to access points that are managed by the wireless controller To view additional clients click Next to return to the previous clients click Previous Because this screen is almost identical to the Network Clients screen see Table 43 on page 176 for information about the fields To see the location of the client on a floor map select the client s radio button in the Select column and then click the Locate button To export the list of clients click Export To see details about a client select its corresponding radio button in the Select column of the Client table and then click the Details button to display the Client Details pop up window Because this screen is identical to the Client Details pop up window that you can access from the Network Clients screen see Table 44 on page 177 for information about the fields The Client Details pop up window is shown in Figure 102 on page 177 View Neighboring Clients Detected by the Wireless Controller Monitor WLAN Maintenance
215. r information about setting up and enabling internal and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 122 Wireless QoS section Wi Fi Multimedia WMM To enable Wi Fi Multimedia WMM select the Enable radio button which is the default setting Select the Disable button to disable the feature For more information see Configure QoS for Profile Groups on page 105 WMM Powersave The WMM Powersave feature saves power for battery powered equipment by increasing the efficiency and flexibility of data transmission To enable this feature select the Enable radio button which is the default setting Select the Disable button to disable the feature 6 Click Apply to save your settings Edit and Remove Profiles from the Basic Profile Group gt To edit an existing profile 1 2 3 4 On the Basic Profile screen click a tab to select a profile Click a tab to select a radio Change the settings as explained in the previous table and the following table Click Apply to save your settings gt To remove an existing profile On the Basic Profile screen click a tab to select a profile Click a tab to select a radio 5 Click Delete and then confirm that you want to delete the profile Managing Security Profiles and Profile Groups 80 ProSafe 20 AP Wireless Controller WC7520 Network Authentication and Data Encryption Options The f
216. r range points 5 Optionally you can override the channel and transmission power for individual access Configuring Wireless and QoS Settings 95 ProSafe 20 AP Wireless Controller WC7520 Note If automatic Tx power control is enabled on the basic RF Management screen see Basic RF Management on page 102 you cannot configure the transmission power on the Basic Wireless Settings screen You need to disable automatic Tx power control to enable the Tx Power drop down list on the Basic Wireless Settings screen The table on the Basic Wireless Settings screen shows the access points that are managed in the profiles of the basic profile group and to which the channel allocation and basic RF management settings apply Use the drop down lists to change channel or transmission power settings Table 21 Basic profile group channel and transmission power settings Setting Description AP Name The name of the access point Access Point Channel Override these settings only if there is a specific need From the drop down list select a channel and frequency for the access point to operate in Note Changing a channel might temporarily affect the traffic on the access point Note By default the access point s channel and frequency are set to the ones that are enabled for the radio and profile group If the channel and frequency are not available on the access point then the channel and frequency are set
217. rd Alarms gt Email Setup Figure 35 2 Configure the settings as explained in the following table Table 14 Email configuration settings Setting Description Server Address Enter the IP address of the server from which email notifications are sent Port Enter the port number of the server from which email notifications are sent The default is port number 25 Sender Email Address Enter the email address from which email notifications are sent Authentication Required Select this check box if the email server requires authentication and complete the User Name and Password fields User Name Enter the user name that is associated with the email server Password Enter the password that is associated with the email server 3 Click Apply to save your settings Configuring Network Settings 73 Managing Security Protiles and Profile Groups This chapter includes the following sections e Manage Wireless Security Profiles e Configure Security Profiles for the Basic Profile Group e Configure Security Profiles for Advanced Profile Groups Manage Basic and Advanced Profile Groups in the WLAN Note In this chapter and in the following chapters access point profile groups are referred to as just profile groups Profiles security profiles and SSIDs that is SSIDs with associated security settings are terms that are interchangeable Manage Wireless Security Pro
218. rd field and confirm the password in the Confirm Password field Configuring Network Access and Security 131 ProSafe 20 AP Wireless Controller WC7520 Table 30 User and account settings continued Setting Description WiFi Clients Add User User Name Password Confirm Password Authentication Type EAP v CANCEL APPLY RESET User Name Enter a unique user name Only alphanumerical characters and underscore characters _ are supported Password Enter a password in the Password field and confirm the password in the Confirm Password field Authentication Type From the drop down list select one of the following protocols EAP Extensible Authentication Protocol PEAP Protected EAP Captive Portal Accounts Note This selectionis disabled if the portal setting is a guest portal instead of a captive portal Amount Expiry Add Account Account Name Currency Sign Hours s Print Message CANCEL APPLY RESET Account Name Enter a unique account name Only alphanumerical characters and underscore characters _ are supported Amount Enter the total amount that is charged for the period during which access is available Currency Sign Enter the currency that is associated with the amount Expiry From the drop down list select one of the following periods and then enter a valid number in the field to the left of the dro
219. re 103 The Network Profiles screen lets you monitor all security profiles in the network To view additional profiles click Next to return to the previous profiles click Previous Monitoring the Wireless Network and Components 178 ProSafe 20 AP Wireless Controller WC7520 The following table explains the fields of the Profiles table on the Network Profiles screen Table 45 Network security profiles information Item Description SSID The wireless network SSID for the security profile Security The security mode Open WEP WPA WPA2 or WPA WPA2 for the security profile Radio Mode The wireless mode for the security profile 802 11b bg ng or 802 11a na Status The status of the security profile Active or Inactive Controller IP The IP address of the wireless controller on which the security profile is configured Group Name The name of the group of which the security profile is a member To export the list of profiles click Export Monitor the Wireless Controller To monitor a specific wireless controller log in to its web management interface and use the Monitor Controller screens described in this section Note If you stack wireless controllers you can view similar information about the stack by using the network monitor screens see Monitor the Network on page 167 gt To monitor the wireless controller 1 Select Monitor gt Controller 2 Select one of the following su
220. redundancy 159 RF planning access points 45 overview 41 resetting Factory Default button 13 passwords 198 wireless controller 139 restoring the configuration 135 RF logs viewing 146 management 101 obstructions 27 RIFS reduced interframe space transmission 95 rogue access points detecting managing and mitigating 113 viewing in the network 170 on the managed access point 175 on the wireless controller 181 186 RSSI received signal strength indication 47 108 RTS threshold 95 S scheduling channel allocation 101 firmware updates 138 secondary controller stacking 155 security profiles configuring 77 84 managing 74 viewing in the network 179 viewing on the access point 175 viewing on the wireless controller 187 self controller selection 157 self healing 103 sentry mode 61 server licenses 150 service set ID SSID 78 session time out 144 shared key requirements RADIUS 203 signal quality 46 signal strength 107 slave controller stacking 156 sniffer 196 SNMP 142 soft reset 139 spectrum analysis 27 SSID service set ID or wireless network name 78 stacking logs viewing 148 stacking status viewing 168 stacking managing 154 standalone mode access points 54 62 storage external 141 ProSafe 20 AP Wireless Controller WC7520 subnet masks access point 61 DHCP server 69 wireless controller 66 support NETGEAR 18 syslog server 71 system alerts viewing 146 system logs saving 144
221. reless controller changed the configuration while the device was down or offline Wireless Clients section For each wireless controller and wireless client the following information displays Controller The IP address of the wireless controller that manages the access points to which the wireless clients are connected Open The number of wireless clients that are connected to managed access points using security profiles configured with open mode WEP The number of wireless clients that are connected to managed access points using security profiles configured with WEP WPA The number of wireless clients that are connected to managed access points using security profiles configured with WPA WPA2 The number of wireless clients that are connected to managed access points using security profiles configured with WPA2 Monitoring the Wireless Network and Components 169 ProSafe 20 AP Wireless Controller WC7520 Table 39 Network summary information continued Item Description Rogue Access Points section Rogue AP current The total number of unique rogue and unmanaged neighboring access points that are detected now in the network Rogue AP count 24hrs The total number of unique rogue and unmanaged neighboring access points that were detected over the last 24 hours in the network View Network Usage Access Point Configuration Monitor Maintenance Stacking Plans Dia
222. revent channel change during Note If the wireless controller is prevented from reallocating a channel because it is in use the wireless controller checks again at the next scheduled channel allocation Active voice call Select the Enable radio button to prevent channel changes during voice calls Select the Disable radio button to allow channel changes during voice calls High Traffic Load Select the Enable radio button to prevent channel changes during a high traffic load Select the Disable radio button to allow channel changes during a high traffic load Schedule channel allocation Note NETGEAR recommends that you schedule channel allocation once a day at times when the fewest clients are expected to be connected Run channel From the drop down lists select the hour and allocation at minutes when the channel allocation should run Run channel Select the check boxes to specify the day or allocation every days when the channel allocation should run 3 Optionally click the Run Now button to run the channel allocation immediately and apply the selected channels to connected managed access points IMPORTANT Changing channels might temporarily affect traffic on the managed access points in the network 4 Click Apply to save your settings Specify RF Management You can configure centralized RF management for the basic profile group on the basic RF Management screen If you use advance
223. rity Profile WLAN Network Captive Portal gt General Eau 192 168 0 251 gt Time IP VLAN gt DHCP Server gt Certificates gt Alerts Figure 32 Add Certificates Password eeccccce Controller Key Controller Certificate CA Certificate 2 Configure the settings as explained in the following table Table 12 Certificates settings Setting Description Password The password for wireless controller certificates Controller Key Click Browse and select the controller key Controller Certificate Click Browse and select the controller certificate CA Certificate Click Browse and select the CA certificate 3 Click Apply to save your settings Configuring Network Settings 70 ProSafe 20 AP Wireless Controller WC7520 Configure Syslog and Alarm Notification Settings From the Alerts menu you can configure the syslog and the alarms and specify the email address from which alerts originate Configure Syslog Settings This screen lets you configure the settings to connect to a syslog server if you have one configured in your network gt To configure Syslog settings 1 Select Configuration gt System gt Alerts gt Syslog The Syslog Settings screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Wireless Security Profile WLAN Network Captive Portal gt General Self 192 168 0 251 gt
224. rocedure is explained in Reboot or Reset the Wireless Controller on page 139 Note If you do not want to revert to the factory default settings and lose your configuration settings you can reboot the wireless controller and use a sniffer to capture packets sent during the reboot Look at the ARP packets to locate the wireless controller s LAN interface address Internet Browser Make sure that you are using the http address login rather than the https address login Make sure that your browser has Java JavaScript or ActiveX enabled If you are using Internet Explorer click Refresh to be sure that the Java applet is loaded Try quitting the browser and launching it again Make sure that you are using the correct login information The factory default login name is admin and the password is password Make sure that Caps Lock is off when entering this information If the wireless controller does not save changes you have made in the web management interface check the following When entering configuration settings be sure to click the Apply button before moving to another tab or screen or your changes are lost Click the Refresh or Reload button in your web browser The changes might have occurred but the web browser might be caching the old configuration After you have upgraded the firmware if the browser does not display the latest features of the web management interface clear the browser s cache and refresh the screen
225. roller and at the hub switch or router e Make sure that power is turned on to the connected hub switch or router e Be sure that you are using the correct cables Troubleshoot the Web Management Interface If you are unable to access the wireless controller s web management interface from a PC on your local network try to isolate the problem It is most likely one of the following Ethernet Cabling Check the Ethernet connection between the PC and the wireless controller as described in the previous section see LAN Port LEDs Not On IP Address Configuration e Make sure your PC s IP address is on the same subnet as the wireless controller If you are using the recommended addressing scheme make sure your PC has a static IP address of 192 168 0 210 and a subnet of 255 255 255 0 Troubleshooting 195 ProSafe 20 AP Wireless Controller WC7520 Note If your PC s IP address is shown as 169 254 x x Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server These autogenerated addresses are in the range of 169 254 x x If your IP address is in this range check the connection from the PC to the wireless controller and reboot your PC If the wireless controller s IP address has been changed and you do not know the current IP address reset the wireless controller s configuration to factory default settings This sets the wireless controller s IP address to 192 168 0 250 This p
226. rtal Account Captive Portal Users User Name User Type admin Administrator quest Read Only O license admin License Management Only O guest_admin Guest Provisioning Figure 60 Configuring Network Access and Security 129 ProSafe 20 AP Wireless Controller WC7520 WiFi Clients The WiFi Client screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management User Management if 192 168 0 251 User Management Management _ WiFi Clients f Captive Portal Account Captive Portal Users Username Type Johnd_445 EAP o Mary _446 PEAP Figure 61 Captive Portal Account The Captive Portal Account screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management User Management EE ECs User Management Management WiFi Clients Captive Portal Account _ Captive Portal Users Account Name Expiry Amount One_Day 24 Hours s 11 One Week 7 Days s 55 PremiumCustomers 1 Days s 0 Figure 62 Captive Portal Users The Captive Portal Users screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management gt User Management RI ERRETEREY User Mana
227. s see Figure 36 on page 77 and Figure 39 on page 86 Configuring Network Access and Security 122 ProSafe 20 AP Wireless Controller WC7520 Configure Basic Authentication Server Settings Use the basic Authentication Server screen to set up the internal authentication server the basic external RADIUS server which is called Auth basic and the external LDAP server which is called Auth LDAP After you have set up these authentication servers you can assign any of them to any profile whether in the basic profile group or in an advanced profile group gt To configure a basic authentication server 1 Select Configuration gt Security gt Basic gt Authentication Server The basic Authentication Server screen displays ESS E Soa Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocour System Wireless Profile WLAN Network Captive Portal y Basic Self 192 168 0 251 Roque AP MAC ACL Choose Authentication Server Type Authentication eT Server Authentication Server gt Advanced External RADIUS Server a Internal Authentication Server External LDAP Server External LDAP Server Server IP 1 1 1 1 Server Port 389 User Base DN OU ldapusers CN var Workgroup Name varsalesdomain Admin Domain VARSALESDOMAIN LO Domain Admin User admin Domain Admin Password COTTI CANCEL APPLY Figure 57 2 Select the radio button that corresponds to
228. s Manage QoS queue settings for data background video and voice traffic for access point profile groups Configure RF management settings Configure WLAN healing and wireless coverage hole detection for the entire network or for access point profile groups For more information see Chapter 7 Configuring Wireless and QoS Settings Centrally Manage Security in the Network Manage secure access to the network and secure data transmission Manage client authentication encryption wireless client security separation and MAC authentication in access point profiles Manage authentication servers for the network Manage all internal and external authentication servers for the entire network or for access point profile groups Manage MAC authentication Specify trusted and untrusted MAC addresses for the entire network Manage rogue access points Manage rogue access points and their associated clients in the network Manage guest access Manage guest access and captive portal access to the network For more information see Chapter 8 Configuring Network Access and Security Manage Other Wireless Controllers in the Network Manage stacking Specify the primary and secondary wireless controllers in a stack and synchronize information between the wireless controller Manage redundancy groups Specify the primary and secondary wireless controllers in redundancy group and enable failover protection For more information see Chapter 10 M
229. s according to the expiration item that is specified in the selected account e No Expiry Wireless access does not expire e Expires in Wireless access expires within 1 hour From the mins drop down list select in how many minutes access expires e Expires at Wireless access expires at a date and time that you specify by making selections from the following drop down lists hr mins Month Date and Year 5 Click Apply to save your changes 6 Click Close to close the pop up window Note For information about password requirements see Table 54 on page 203 Configuring Network Access and Security 133 ProSafe 20 AP Wireless Controller WC7520 gt To edit or remove a user or an account 1 Click a tab Management WiFi Clients Captive Portal Account or Captive Portal Users 2 Select a radio button that corresponds to a user or an account 3 Click one of the following buttons e Edit Opens a pop up window that lets you change the user settings as described in the previous table You cannot change the user name and user type or the account name e Remove Removes the user from the user table gt To export a list of users or accounts 1 Click a tab Management WiFi Clients Captive Portal Account or Captive Portal Users 2 Click Export The selected list is saved or opened as a zipped comma separated values CSV file to a location that you specify 3 Follow the directions of your browser to c
230. s of the previously defined buildings and their number of floors To add a building click Add The Add Building pop up window displays Enter a name for your building in the Building Name field and then click Add The new building is added to the Buildings table The name is an alphanumeric string up to 64 characters in length To define the floors of the building select the radio button that corresponds to the building and then click Edit The Layout Floors screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics cocour Planning Deployed gt Layout Building DonwtownOffice Building Name DonwtownOffice Floors Floor 1 Floor Name Floor 1 Floor Dimensions Length m 40 Width m 40 Existing Floor Map No Floor Map Uploaded New Floor Map L Browse Figure 15 RF Planning 43 ProSafe 20 AP Wireless Controller WC7520 6 Define the floors as explained in the following table Table 4 Building name and floors Setting Description Building Building Name You can modify the previously defined building name which is an alphanumeric string up to 64 characters in length Floors Floor Names The floor name is an alphanumeric string up to 64 characters in length Floor Dimensions Enter the floor length in meters in the Length field enter the floor width in meters in Width field The default measurements for both are 40 meters Exi
231. s scheduled the field displays None When to Upgrade Select when the firmware upgrade should occur e Later Make selections from the drop down lists to specify the date and time when the upgrade should occur e Now The upgrade occurs immediately after you click Apply 5 Click Apply to save your settings If you selected the Now radio button to upgrade the firmware immediately the wireless controller reboots Maintaining the Controller 138 ProSafe 20 AP Wireless Controller WC7520 A WARNING During a firmware upgrade do not try to go online turn off the wireless controller shut down the computer or do anything else to the wireless controller until the wireless controller finishes rebooting When the LED light turns off wait a few more seconds before you do anything 6 To verify that the wireless controller is running the latest firmware select Monitor gt Network gt Controller to display the Controllers screen and look at the firmware version in the Version column Note After you have upgraded the firmware if the browser does not display the latest features of the web management interface clear the browser s cache and refresh the screen Note In some cases such as a major firmware upgrade you might need to erase the configuration and manually reconfigure the wireless controller after the firmware upgrade Refer to the Release Notes for the firmware version to find out if you need to reconfi
232. settings determine the estimated number of access points A screen lets you visually optimize the access point locations for best coverage gt To specify the WLAN requirements for a floor estimate the number of access points required and view their suggested locations 1 Select Plans gt Planning The Planning Buildings screen displays with the Local Building tab and associated screen in view To specify the information for a remote building click the Remote Building tab Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT Layout Deployed Planning EXPAT E Buildings Local Building Remote Building Clinic Main Down Floor 1 Floor 2 Access Point Model wNDAP 350 O wNap 210 Ownap320 WNDAP 360 Frequency Band 802 11b bg 802 11a Signal Quality 25 100 50 Client Per Radio 6 4 64 16 1024 64 Total Clients 8 ANCEL ESTIMATE A VIEW MAP Figure 16 RF Planning 45 ProSafe 20 AP Wireless Controller WC7520 The Planning Buildings screen shows a tab for each building that you previously defined For each building the screen shows the floors that you previously defined Select the building and floor that you want to configure by clicking the corresponding tabs Specify the WLAN requirements for the floor as explained in the following table Table 5 Floor WLAN requirements Setting Description Access Point Model Specify the acce
233. ss controller and the access points DHCP option 43 vendor specific information on the DHCP server Specify the wireless controllers IP address in hexadecimal format to allow the access points to receive the wireless controller s IP address and to allow the DHCP server to assign IP addresses to the access points The hexadecimal address needs to be preceded by the vendor specific octets 02 04 To compose the address start with 02 04 and then add each of the four address octets in hexadecimal format separated by colons For example 192 168 33 27 in decimal format equals c0 a8 21 1b in hexadecimal format After you have added the vendor specific octets the complete address is 02 04 c0 a8 21 1b The DHCP server on the wireless controller automatically enables DHCP option 43 with its own IP address Requirements for Autodiscovery of Remote Access Points The wireless controller can autodiscover remote access point over a site to site VPN connection or behind a remote NAT router without a VPN connection Make sure that the configuration meets the following general guidelines Guidelines for the Autodiscovery Process of Remote Access Points All standalone access points need to have SNMP and SSH enabled The following ports need to be unblocked in the firewall at the site where the wireless controller is located in order for the remote access points to communicate with the wireless controller TCP port 22 Used by Secure Shell SSH
234. ss point model that you will use on the floor by selecting the WNDAP 350 WNAP 210 WNAP 320 or WNDAP 360 radio button Frequency Band Select one of the following radio buttons to specify the frequency band that the access points will function in e 802 11b bg ng 802 11a na Signal Quality Specify the required signal quality by moving the slider or by entering a percentage in the field to the right of the slider The minimum signal quality is 25 percent the maximum is 100 percent Client Per Radio Specify the expected maximum number of clients per access point by moving the slider or by entering a number in the field to the right of the slider The maximum number of clients that you can configure per access point is 64 Total Clients Specify the expected total number of clients on the floor by moving the slider or by entering a number in the field to the right of the slider The maximum number of total clients that you can configure on the floor is 1024 Click Estimate to view the number of access points required for the settings that you entered The number of access points displays in a pop up window Access points that you want to deploy in sentry mode are not included in this number For information about sentry mode see Edit and Remove Access Point Information on page 59 After you have closed the pop up window the Estimated Access Points row is added to the Planning Buildings screen Click View Map to
235. ss point to locate it on a floor map MAC The MAC address of the rogue access point SSID The wireless network SSID that the rogue access point is using Channel The channel that the rogue access point is using Privacy The security of the rogue access point Secured or Unsecured Last Beacon The last beacon that the rogue access point transmitted Category The category that the rogue access point belongs to From the drop down list you can select to display Neighbor Rogue or All access points Known Unknown The status of the rogue access point From the drop down list you can select to display Known or Unknown access points Name The name of the rogue access point if you assigned a name To see the location of the rogue access point on a floor map select the access point s radio button in the Select column and then click the Locate button To export the list of rogue access points click Export Monitoring the Wireless Network and Components 186 ProSafe 20 AP Wireless Controller WC7520 View Security Profiles Managed by the Wireless Controller Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Network WLAN Clients gt Summary Profiles gt Usage SSID Security Radio Mode Status Group Name gt Access Point NG_1lig Open 802 11b ba ng Active basic gt Clients NG_1ig 2 Open 802 11b bg ng Active basic gt Neighboring NG_11g 2 Open 802 11b bg ng Ac
236. sting Floor Map If you have imported a floor map a very small image of the floor map is shown Click Preview to enlarge the map If you did not import a floor map the Preview button is not displayed New Floor Map If you have an existing floor map import the map into the RF planning tool by clicking Browse and navigating to the location where you have stored the map Follow the directions of your browser to import the map Note Background images need to be in JPEG format and cannot exceed 2048 x 2048 pixels in size If you attempt to import a file with a larger pixel footprint the image will not scale to fit the image area in the floor display area Note Images are scaled stretched to fit the display area The display area aspect ratio is determined by the floor dimensions Note The internal flash memory of the wireless controller supports up to three floor maps If you want to define additional floors use external USB storage see Manage External Storage on page 141 Note Because background images for your floors are embedded in the XML file that defines your building minimize the file size of the JPEGs that you use for your backgrounds You can minimize the file size by selecting maximum compression lowest quality in most graphics programs 7 To add another floor click the tab next to the Floor 1 name or whatever name you have given the first floor and define the floors as explained in Table 4 on page 4
237. t License and then click the Inventory tab The Inventory screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgrade Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts License Settings Inventory Server Settings Registration Summary Total AP License 40 Nmode License Status Available Used License Count 37 Available License Count 3 Key Details Key Key Type Key Status NG2E04 ADB2 9460 8929 83F7 207C FAD3 1541 EDES 10 AP Registered NG2E04 2E45 3760 C676 27 1A FOLE 7337 B0BF FOEE 10 AP Registered Figure 79 The following table explains the fields of the screen Table 33 License inventory settings Setting Description Summary section Total AP License The number of access points that your licenses support Maintaining the Controller 149 ProSafe 20 AP Wireless Controller WC7520 Table 33 License inventory settings continued Setting Description Nmode License Status Availability of the 802 11n mode license This license is available by default indicated by either Pre installed or Available Used License Count Number of access points used from the total number that is supported by your licenses Available License Count Number of access points still available from the total number that is supported by your licenses Key Details section Key The value of the key tha
238. t Time gt IP LAN Alarm Actions gt DHCP Server Severity l Action Email Address Certificates Minor Add To Syslog Alerts Normal Add To Syslog Syslog Major Add To Syslog gt Alarms Critical Add To Syslog gt Email Setup Figure 34 2 For each alarm severity Minor Normal Major and Critical select the desired action from its corresponding Action drop down list e No Action When the alarm occurs no action is taken e Add To Syslog When the alarm occurs the wireless controller adds an entry to the syslog e Send Email When the alarm occurs the wireless controller sends an email 3 For each alarm severity for which you have selected the Send Email option in the previous step enter an email address 4 Click Apply to save your settings Configure the Email Notification Server The email notification server is the location from which the email alerts originate gt To configure email settings 1 Select Configuration gt System gt Alerts gt Email The Email Configuration screen displays Configuring Network Settings 72 ProSafe 20 AP Wireless Controller WC7520 Access Point Monitor Maintenance Stacking Plans Diagnostics Wireless Security Profile WLAN Network Captive Portal Email Configuration gt General s Time Server Address IP LAN Port gt DHCP Server Sender E Mail Address gt Certificates Authentication Required Alerts User Name Syslog Passwo
239. t includes a list of MAC addresses Each MAC address should be on a separate line with hard returns between lines as shown in the following example 00 00 11 11 22 29 00 00 11 11222 28 00200811211 22227 00 00 11 11 22 26 00200 211311322 25 Select Configuration gt Security gt Basic gt MAC ACL to access the MAC Authentication screen Click Browse navigate to the file containing the list of MAC addresses and select it Make one of the following selections from the Import MAC List from a file drop down list e Merge Merges the list of MAC addresses that you intend to import with those that are already present in the Selected Wireless Clients list e Replace Replaces the MAC addresses that are present in the Selected Wireless Clients list with those in the file that you intend to import Click Import Click Apply to save your settings Configure Local MAC Authentication Groups For greater security flexibility you can create up to 8 MAC authentication groups MAC ACLs to block or allow network access privilege of different clients You can assign any MAC authentication group including the basic MAC authentication group to any profile whether in the basic profile group or in an advanced profile group gt To set up a MAC authentication group 1 Select Configuration gt Security gt Advanced gt MAC Authentication The advanced MAC Authentication screen displays Configuring Network Access and Security 120
240. t the remote site if more than one access point has the same IP address then only one of them is discovered at a time You have to add the access point to the managed list change its IP address and then run discovery again to discover the next access point with that IP address An access point needs to run at least its initial firmware release or a newer version There are no other firmware requirements for the access point to function with the wireless controller Tip For management and monitoring purposes make sure that you give the remote access points at one site the same location name and that you create and assign meaningful building and floor names For information about creating building and floor names see Define and Edit Buildings and Floors on page 42 for information about assigning location building and floor names see Edit and Remove Access Point Information on page 59 Limitations after Discovery The following limitations apply after remote access points have been discovered Seamless Layer 2 roaming is supported for the clients of a remote access points but seamless Layer 3 roaming is not supported for the clients across remote access points When clients move from one IP subnet to another at the remote site they are disconnected from their access point and need to reconnect to another access point If a remote access point is disconnected from the wireless controller for example because the VPN connection goes
241. t the user has logged in Expiry Time The time when the login access will expire To export the list of captive portal users click Export Monitor the SSIDs gt To monitor the active SSIDs in the network 1 Select Monitor gt WLAN The SSID Mapping screen displays Monitor Maintenance Stacking Plans Diagnostics Network Controller Clients gt SSID Mapping SSID Mapping Active SSID present Select an SSID DETAILS EXPORT Figure 115 2 From the Active SSID present drop down list select an SSID The Active SSID table for the selected SSID displays SSID Mapping Active SSID present Active SSID NG_lig S Select Name atus M 2 Building Floor 2 4 GHz Chanmel 5 GHz Channel hatgear b2488 Orthopedics healthy Or iOerTbi240 19216809 WHAPTIO Ginie fleet 1 2 412Ghe Oo natgear b2408 Surgery healthy OrMiOer hi26d0 192 148 0 2 WHAPTIO Clink Pleo 2 11 24620 13 hours S1 mins 28 secs OETARS i DEOR Figure 116 The Active SSID table on the WLAN SSID Mapping screen lets you monitor all access points that function in an SSID To view additional access points click Next to return to the previous access points click Previous Monitoring the Wireless Network and Components 190 ProSafe 20 AP Wireless Controller WC7520 Because this table is almost identical to the Access Point table on the Network Access Point screen see Table 41 on page 172 for information about the fields To export t
242. t to edit Click Edit The Edit DHCP Server pop up window displays This window is identical to the Add DHCP Server window see the previous figure Make your changes see the previous table Click Apply to save your changes gt To delete a DHCP server 1 2 On the DHCP Server List select the radio button in the Edit Remove column that corresponds to the DHCP server that you want to remove Click Remove Configuring Network Settings 69 ProSafe 20 AP Wireless Controller WC7520 Manage Certificates The internal authentication server for certificate based authentication requires you to install a certificate on the wireless controller There is a default self signed server certificate installed on the wireless controller However NETGEAR strongly recommends that you replace this default certificate with a custom certificate issued for your site or domain by a trusted Certificate Authority CA To obtain a security certificate for the wireless controller generate and submit a certificate signing request CSR to the CA of your choice Upon receiving the CA signed server certificate install the certificate from your PC as described in this section Certificates need to be in X 509 PEM format gt To add certificates 1 Select Configuration gt System gt Certificates The Add Certificates screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics tocour Wireless Secu
243. t unlocks the license Key Type The type of the key that determines the number of access points that are supported and the mode that is supported Key Status The status of the key Registering key with server or Registered To refresh your license information click Refresh Configure the License Server Settings To configure the license server settings 1 Select Maintenance gt License and then click the Server Settings tab The Server Settings screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics User Management Upgrade Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt License License Settings Inventory Server Settings Registration Update From Default Update Server Specify Update Server Server Address updatel eng netgear cc O usea Proxy Server to Connect to the Internet Proxy Server Proxy Port 0 This Proxy Server Requires Authentication User Name Password CANCEL REFRESH Figure 80 Maintaining the Controller 150 ProSafe 20 AP Wireless Controller WC7520 2 Configure the settings as explained in the following table Table 34 License server settings Setting Description Update From Select one of the following radio buttons to specify the license update server Default Update Server The default license update server is used e Specify Update Server You need to specify
244. t was received and transmitted over the last 24 hours by all access points that are managed by the wireless controller and by the rogue access points that were detected by the wireless controller Select the type of usage you want to display by clicking one of the following tabs e 2 4 GHz Band Usage Displays combined 802 11b 802 11bg and 802 11ng mode usage shown in the previous figure e 5 GHz Band Usage Displays combined 802 11a and 802 11na mode usage e Network Usage Displays Ethernet usage View Access Points Managed by the Wireless Controller Because the Controller Access Point screen is a wide screen it is shown in the following two figures Monitoring the Wireless Network and Components 182 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Network WLAN Clients Summary Access Point gt Access Point netgearAl0668 Administration healthy 4 3d c7 31 06 60 192 168 0 168 WNDAP360 Clients a netgear7B2488 Orthopedics healthy c0 3f 0e 7b 24 80 192 168 0 163 WNAP210 gt Neighboring O netgear7B2608 Surgery healthy c0 3f 0e 7b 26 d0 192 168 0 162 WNAP210 Clients Rogue AP gt Profiles DHCP Lease gt Captive Portal Users Figure 106 Left side of the Controller Access Point screen Remote Sentry Building Floor 2 4 GHz Channel 5 GHz Channel Uptime Remote Building Remote 1 Floor 1 1 2 412Ghz 36 5 180Ghz 20 mins 16 secs Loca
245. te MAC VLAN gt Access Point 7 i as Unknown 192 168 0 29 09 55 17 2010 09 22 00 26 f2 9a 1b a0 Management Clients VWC 0004 MAC 000201040000 192 168 0 20 17 43 02 2010 09 21 00 02 01 04 00 00 Management gt Neighboring Clients VWC 0002 MAC 000201020000 192 168 0 22 17 43 02 2020 09 21 00 02 01 02 00 00 Management gt Rogue AP Unknown 192 168 0 30 11 37 02 2010 09 22 00 26 f2 8b 2d 80 Management gt Profiles VWC 0001 MAC 000201010000 192 168 0 22 17 43 02 2010 09 21 00 02 01 01 00 00 Management gt DHCP Lease VWC 0003 MAC 000201030000 192 168 0 23 17 43 02 2010 09 21 00 02 01 03 00 00 Management gt cope Portal VWC 000S MAC 000201050000 192 168 0 24 17 42 52 2020 08 21 00 02 01 05 00 00 Management VWC 0001 MAC 000101060000 192 168 0 25 17 43 02 2010 09 21 00 01 01 06 00 00 Management VWC 0001 MAC 001f33e98044 192 168 0 26 14 25 26 2020 09 22 00 1f 33 e9 80 44 Management VWC 0002 MAC 001f33e9804b 192 168 0 27 14 25 26 2010 09 22 00 1f 33 e9 80 4b Management VWC 0001 MAC 000101010000 192 168 0 28 14 25 27 2010 09 22 00 01 01 01 00 00 Management REFRESH EXPORT Figure 112 The DHCP Leases screen displays the current DHCP clients that have been allocated IP addresses by the DHCP server on the wireless controller To view additional DHCP leases click Next to return to the previous DHCP leases click Previous The following table explains the fields of the DHCP Leases table on the Controller DHCP Leases screen Table
246. te Community Name private Trap Community Name trap IP Address to Receive Traps Trap Port 162 SNMP Manager IP Figure 69 Enable SNMP and configure the settings as explained in the following table Table 32 SNMP settings Setting Description SNMP Select this check box to enable SNMP for the wireless controller Read Only Community Name Enter the community string that allows the SNMP manager to read the wireless controller s MIB objects The default setting is public Read Write Community Name Enter the community string that allows the SNMP manager to read and write the wireless controller s MIB objects The default setting is private Trap Community Name Enter the community name that is associated with the IP address to receive traps The default setting is trap IP Address to Receive Traps Enter the IP address at which the SNMP manager receives traps sent from the wireless controller Trap Port Enter the port on which the SNMP manager receives traps sent from the wireless controller The default setting is port 162 SNMP Manager IP Enter the IP address of the SNMP manager Note To allow any SNMP manager to access the wireless controller keep this field blank Click Apply to save your settings Note The wireless controller supports Telnet and SSH through the console port However the console port is for debugging under guidance of NETGEAR technical support only Mainta
247. text in the text field 3 Click Apply to save your settings 4 Click Preview to display the portal settings that you have configured The default URL for the captive portal is http 192 168 0 250 guest_access index php Manage Users Accounts and Passwords The wireless controller supports three types of users management users captive portal users and Wi Fi clients A of these users need to provide their login name and password to be authenticated by the wireless controller s internal authentication server and to access the wireless controller s web management interface or wireless network e Management users These users have access to the wireless controllers web management interface There are four groups Administrators Administrative users admins with read and write capabilities These users can change the configuration of the wireless controller Configuring Network Access and Security 128 ProSafe 20 AP Wireless Controller WC7520 Read only These users have access to the wireless controllers web management interface but can access only the Monitor main navigation tab and the Help main navigation tab These users cannot change the configuration of the wireless controller Guest provisioning These users can configure only captive portals users that is they can access only the User Management configuration menu tab under the Maintenance main navigation tab License management only These users ca
248. that are connected to your computer and wireless controller Wrong network configuration Verify that the Ethernet card driver software and TCP IP software are both installed and configured on your computer Verify that the IP address for your wireless controller and your computer are correct and that the addresses are on the same subnet Troubleshooting 197 ProSafe 20 AP Wireless Controller WC7520 Use the Factory Default Button to Restore Default Settings If you can access the wireless controller you can use the Reboot Reset Controllers screen select Maintenance gt Backup Restore to perform a soft or hard reset see Reboot or Reset the Wireless Controller on page 139 If you can no longer access the wireless controller press the Factory Default button on the rear panel see Rear Panel Features on page 13 to restore the factory default settings gt To clear all data and restore the factory default values 1 Press and hold the Factory Default button for about 8 seconds until the Test LED turns on and begins to blink 2 Release the Factory Default button The reboot process is complete after several minutes when the Test LED on the front panel goes off Note After restoring the factory default configuration the wireless controller s default LAN IP address is 192 168 0 250 the default login user name is admin and the default login password is password Problems with Date and Time The Time Settings screen disp
249. the authentication server that you want to set up e External RADIUS Server e Internal Authentication Server e External LDAP Server Configuring Network Access and Security 123 ProSafe 20 AP Wireless Controller WC7520 3 Configure the settings that correspond to the selected authentication server as described in the following table Table 28 Authentication server settings Setting Description External Primary Authentication Specify the IP address port default RADIUS Server 1812 and shared secret Server Secondary Specify the IP address port default For information about Authentication Server 1812 and shared secret shared secret requirements see Primary Accounting Specify the IP address port default Pee 54 on page 203 Server 1813 and shared secret i Secondary Accounting Specify the IP address port default Server 1813 and shared secret Reauthentication time Specify the time after which reauthentication occurs for all Seconds wireless clients Update Global Key Select the check box to enable update of the global key and Every Seconds specify the interval in seconds after which the global key is updated for all wireless clients Internal Reauthentication Time Specify the reauthentication time in seconds after which Authentication seconds reauthentication occurs for all wireless clients Server Update Global Key Select the check box to
250. the wireless client is using to connect to the access point Open WEP WPA WPA2 or WPA WPA2 Rogue AP Info section For all rogue and unmanaged neighboring access points combined that are detected by the selected managed access point the following information displays Type The type of profile that the rogue access point is using to connect to the access point 802 11b bg ng or 802 11a na Reported The total number of detected rogue access points in the wireless mode In Same Channel The total number of detected rogue access points in the same channel In Interfering Channel The total number of detected rogue access points in the interfering channel Statistics For each type of usage Ethernet 802 11b bg ng or 802 11a na statistics about transmitted and received packets and bytes displays for the selected access point The actual statistics are self explanatory Note To see all fields of the table on the AP Details window scroll to the right Monitoring the Wireless Network and Components 175 ProSafe 20 AP Wireless Controller WC7520 View Clients in the Network Monitor Controller WLAN Clients Clients tocout Summary gt Usage gt Controller gt Access Point gt Clients gt Profiles Figure 101 67 32 82 192 169 0 5 Orthopedics netgear782409 192 168 0 3 Chn AP Location AP Name AP IP Building Floor Bssid SSID Security Controller
251. the wireless controller through a router If prompted fill in the Start IP and End IP fields to specify a range of IP addresses in which the wireless controller should discover access points Configuration Monitor Maintenance Stacking Plans Diagnostics Depending on your selections this screen might gt Discovery Wizard Self 192 168 0 30 show Siep 3 of 3 gt Last Discovered gt Managed AP List Discovery Step 3 of 4 Specify IP Range Range 1 Start IP End IP Figure 22 Optional step Click Add to add an additional IP address range for the wireless controller to search in You can add a maximum of three IP ranges You can search a maximum of 255 IP addresses at a time Do several searches if you have access points in several networks Access Point Discovery and Management 55 7 ProSafe 20 AP Wireless Controller WC7520 Click Next to continue The following occurs e The wireless controller searches for NETGEAR products on the LAN based on MAC address and then identifies which products are supported access point models e When discovery is finished the table shows the access points that were located for each access point the table includes the model number IP address MAC address and name The next Discovery Wizard Select Access Points to Manage screen displays The following figure shows the screen after the access points have been discovered Configuration Monitor Maintenance Stacki
252. thods supported 29 servers 122 automatic channel allocation 102 automatic transmission power 102 208 ProSafe 20 AP Wireless Controller WC7520 background QoS queue 105 backing up the configuration 135 basic access point group 23 basic service set identifier BSSID 113 basic settings description 22 74 beacon interval 95 best effort QoS queue 105 blacklisted clients viewing 192 bottom label 14 broadcasting SSID 78 BSSID basic service set identifier 113 buildings planning 44 C cabling troubleshooting 195 captive portal accounts and users viewing 188 captive portal configuring 126 certificates authentication 70 channel allocation automatic 99 101 manual 96 98 channel width 94 client separation 79 client VLANs 29 32 clients DHCP 61 clients viewing blacklisted in the network 192 in the network 169 176 191 neighboring in the network 185 on the access point 175 on the wireless controller 180 184 clients wireless maximum number 108 community names SNMP 143 compliance 205 configuration backing up and restoring 135 upgrading 137 connection problems troubleshooting 199 connectivity test 27 console port 13 contents package 11 controller selection stacking 157 country and region of operation 64 coverage area 47 coverage hole detection 104 customer information licenses 152 CwMin and CwMax Minimum or Maximum Contention Window 107 D data encryption configuring 79 supported
253. tings continued Setting Description Plan Settings section Site The site designation that you have selected see Add Access Points to the Managed List after Discovery on page 57 Building After you have configured buildings see Define and Edit Buildings and Floors on page 42 select the building in which the access point is located from the drop down list Floor After you have configured floors see Define and Edit Buildings and Floors on page 42 select the floor on which the access point is located from the drop down list Location Enter a name that is meaningful to you 5 Click Apply to save your settings 6 Click Back to return to the Managed AP List gt To remove an access point from the Managed AP List 1 On the Managed AP List select the check box to the right of the access point that you want to remove 2 Click Remove Note To restore a managed access point to its original firmware and use it once again as a standalone access point remove the access point from the Managed AP List Log in to the access point s web management interface upgrade the firmware to the standalone AP firmware version and then reboot the access point Access Point Discovery and Management 62 Contiguring Network Settings This chapter includes the following sections e Configure General Settings e Time Management e Configure IP and VLAN Settings Manage the DHCP Server e Ma
254. tings section Untagged VLAN Enter a VLAN ID or leave the default ID By default the untagged VLAN is 1 and the Untagged VLAN check box is selected When the wireless controller sends frames associated with the untagged VLAN to the LAN Ethernet interface those frames are untagged When the wireless controller receives untagged traffic from the LAN Ethernet interface those frames are assigned to the untagged VLAN Managed VLAN Enter a VLAN ID or leave the default ID By default the management VLAN is 1 For more information about management VLANs see VLANs on page 28 and Management VLANs on page 66 Seniry Mode Settings section Sentry Mode Select this check box to configure the access point to function in sentry mode In sentry mode the access point monitors the wireless network for faster detection and mitigation of rogue access points but cannot serve wireless clients Note The WNAP210 access point does not support sentry mode Wireless Settings section Antenna You can specify which antenna the access point uses by making a selection from the drop down list e Internal The access point uses its internal antenna e External The access point uses its external antenna or antennas External antennas are optional antennas that do not come standard with an access point Access Point Discovery and Management 61 ProSafe 20 AP Wireless Controller WC7520 Table 7 Access point set
255. tive basic Clients NG_11g 3 Open 802 11b bg ng Active basic gt Rogue AP NG_119 4 Open 802 11b bg ng Active basic gt Profiles NG_iig 5 Open 802 11b bg ng Active basic DHCP Lease NG_119 7 Open 802 11b bg ng Active basic gt Captive Portal NG_ita Open 802 11a na Active basic oars NG iia 1 Open 802 11a na Active basic NG 119 0 Wpa Wpa2 802 11b bg ng Inactive Group 1 NG_11g 1 WpafWpa2 802 11b bg ng_ Inactive Group 1 NG 113 0 Open 802 11a na Inactive Group 1 NG_119 0 Open 802 11b bg ng Inactive Group 2 NG_ila 0 Open 802 11a na Inactive Group 2 NG_119 0 Open 802 11b ba ng Inactive Group 3 NG_11a 0 Open 802 11a na Inactive Group 3 PREVIOUS NEXT REFRESH EXPORT Figure 111 The Controller Profiles screen lets you monitor all security profiles on the access points that are managed by the wireless controller To view additional profiles click Next to return to the previous profiles click Previous Because this screen is almost identical to the Network Profiles screen see Table 45 on page 179 for information about the fields To export the list of profiles click Export Monitoring the Wireless Network and Components 187 ProSafe 20 AP Wireless Controller WC7520 View DHCP Leases Provided by the Wireless Controller Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics Clients Network WLAN gt Summary DHCP Leases D gt Usage Host Name IP End Time gt End Da
256. troller WC7520 Problems with Access Points 2 s0440s h5 uses encase eueeenes 198 Discovery FroblemMS c ctsceo dare deeeedaReee eth daaew asaka 198 Connection PORES 644404 tiene eng dia ee Rede RA wee ES 199 Network Performance and Rogue Access Point Detection 200 Use the Diagnostic Tools on the Wireless Controller 200 Appendix A Factory Default Settings and Technical Specifications Appendix B Notification of Compliance Index Introduction and Overview This chapter includes the following sections Key Features and Capabilities Package Contents Hardware Features WC7520 Wireless Controller System Components What Can You Do with the WC7520 Wireless Controller Licenses Maintenance and Support Web Management Interface Layout Initial Connection and Configuration Basic and Advanced Settings Choose a Location for the Wireless Controller Deploy the Wireless Controller Note For more information about the topics covered in this manual visit the support website at htto support netgear com Key Features and Capabilities The ProSafe 20 AP Wireless Controller WC7520 is intended for medium sized businesses schools and hospitals In a stacked configuration and with the appropriate licenses a wireless controller can support up to 150 access points APs with up to 1 500 users or more The wireless controller supports the IEEE 802 11a b g n protocols The wireless controller allows you to mana
257. troller WC7520 access point determines whether or not to accept a client based on the number of clients already connected or the signal strength of the clients e Number of clients When there are several access points and you want a good distribution of clients between the access points set the maximum number of clients to a low value compared to the total number of clients in an office or on a floor e RSSI When you want only clients near access points to associate to the access point in situations where the throughput expectation is high set the received signal strength indication RSSI to a high percentage In situations in which the clients can be expected to be far away or there are fewer access points set the RSSI to a lower value To configure load balancing 1 Select Configuration gt Profile gt Basic gt Load Balancing The Load Balancing screen displays Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics System Wireless Security rf WLAN Network Captive Portal v Basic Ea 192 168 0 251 gt Radio Load Balanong Load Balancing gt Rate Limit Advanced WNAP210 WNDAP350 Radio Max Client 802 11b ba ng 32 802 11a na 32 Figure 50 2 If there are different access point models managed by the wireless controller select a tab that represents a model 3 Configure the settings as explained in the following table Table 26 Load balancing settings Setting Descr
258. troller uses CHAP as the authentication protocol with the RADIUS server e You can configure either MAC authentication with an external RADIUS server or network authentication with an external RADIUS server see Network Authentication and Data Encryption Options on page 81 but not both That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 you cannot use external MAC authentication but are limited to internal MAC authentication Configure Basic Local MAC Authentication Settings You would typically use the basic MAC authentication group in the profiles of a basic profile group of a small scale network However you can assign the basic MAC authentication group to any profile whether in the basic profile group or in an advanced profile group gt To set up basic MAC authentication 1 Select Configuration gt Security gt Basic gt MAC ACL The basic MAC Authentication screen displays Configuring Network Access and Security 118 ProSafe 20 AP Wireless Controller WC7520 r SS a Access Point Configuration Monitor Maintenance Stacking Plans Diagnostics LOGOUT System Wireless t Profile WLAN Network Captive Portal Basic Eg Ee Rogue AP MAC ACL MAC Authentication Authentication Server Import MAC List from a file Merge gt Advanced Treat ACL as Oallow Deny Selected Wireless Clients DELETE ADO Available Wireless Clients MAC Address e MAC Address 00 00 11 11
259. ts Maintenance Stacking Plans Diagnostics Reboot Reset Extended Storage Remote Management Raised Time Mon Sep 20 17 32 16 2010 Select Maintenance gt Logs amp Alerts gt Stacking The Stacking screen displays Access Point User Management gt System Alerts gt RF Events gt Load Balancing gt Rate Limit gt Redundancy gt Stacking gt Save Logs Figure 78 Configuration Monitor Upgrade Licensing Backup Restore 192 168 0 30 E Stacking Severity Major Description Peer 192 168 0 251 is UP Maintenance Stacking Plans Diagnostics Reboot Reset Extended Storage Remote Management Raised Time Tue Sep 21 15 25 24 2010 Maintaining the Controller 148 ProSafe 20 AP Wireless Controller WC7520 Manage Licenses The License screen allows you to import register and view the licenses that you require for your network For more information about licenses see Licenses on page 18 The License screen consists of four separate screens e Inventory screen Provides an overview of your licenses e Server Settings screen Allows you to configure the server settings to import your licenses e Registration screen Allows to register your licenses e Advanced screen Lets you retrieve your licenses This screen displays relevant information only if you have received a replacement unit from NETGEAR View Your Licenses gt To view your licenses Select Maintenance g
260. tting Description Remote AP Shows whether the access point is a local or remote one e Local The AP is deployed at the local site Remote The AP is deployed at a remote site Sentry Shows whether or not sentry mode is enabled e No Sentry mode is disabled e Yes Sentry mode is enabled To assign an access point to a profile group select the profile group name from the Group Name drop down list For information about adding and specifying groups see the previous section Click Apply to save your settings Managing Security Profiles and Profile Groups 89 Configuring Wireless and QoS Settings This chapter includes the following sections About Basic and Advanced Wireless and QoS Configurations Configure the Radio Configure Wireless Settings Configure Channels Specify RF Management Configure QoS for Profile Groups Configure Load Balancing Configure Rate Limiting During initial setup enter your country and region in the General Settings screen Configure General Settings on page 63 Based on your location and environment the wireless controller determines the recommended wireless settings for your access points and establishes these settings the defaults that will be sent to your managed access points When you are ready to configure your access points NETGEAR recommends using the default settings as they are unless you have specific reasons to change them About Basic and Advanced Wireless and QoS Co
261. ups Step Configuration Web management interface path 1 Optional Create an RF plan Plans gt Layout 2 If you have not yet done so configure the system settings of the wireless controller 1 Configure the country code of operation Configuration gt System gt General 2 Configure the IP address of wireless controller Configuration gt System gt IP VLAN 3 Verify that VLAN 1 is set as the management VLAN and is marked as untagged which is the default setting 3 Configure up to 8 access point profile groups and for each access point profile in a group do at least the following 1 Configure an SSID for wireless access Configuration gt Profile gt Advanced 2 Configure the network authentication and data encryption 3 Assign the VLAN 4 If required configure the authentication server Configuration gt Security gt Advanced gt Authentication Server 5 Run the Discovery Wizard and add the access points to the Access Point gt Discovery Wizard managed access point list 6 Assign the access points to the access point profile groups also Configuration gt WLAN Network referred to as WLAN groups System Planning and Deployment Scenarios 31 ProSafe 20 AP Wireless Controller WC7520 Stacked Controller Configuration A stacked controller configuration can consist of up to three wireless controllers and up to 150 access points gt To set up a stacked co
262. vanced setup you can create multiple detection servers for more information see Configure Advanced Rogue Detection Settings on page 116 Note If there are long delays in the network or clients are unexpectedly disconnected from access points disable rogue access point detection and mitigation gt To set up a server to detect rogue access points 1 Select Configuration gt Security gt Basic gt Rogue AP The basic Rogue AP screen displays System Wireless Profile WLAN Network Captive Portal Monitor Maintenance Stacking Plans Diagnostics v Basic Self 192 168 0 251 Rogue AP MAC ACL Rogue AP Authentication Rogue AP Detection enable disable Server meee O l gt Advanced Rogue AP Mitigation Enable Disable Rogue Detection Interval Low v Alert Severity Major O minor Figure 53 The wireless controller can support a total of up to 512 access points from the known and unknown lists combined 2 Configure the settings as explained in the following table Table 27 Basic rogue AP detection settings Setting Description Rogue AP Detection Select the Enable radio button to enable rogue AP detection and to allow all neighbor as well as rogue access points to be displayed A maximum of 512 access points both neighbor and rogue can be detected and maintained on the controller The controller also maintains current count of the rogue access points as w
263. ved a replacement unit from NETGEAR 1 Make sure that the wireless controller is connected to the Internet 2 Select Maintenance gt License and then click the Advanced tab The Advanced screen displays 3 Click Replace The wireless controller connects to the license update server and retrieves your licenses Maintaining the Controller 153 Managing Stacking and Redundancy 10 This chapter includes the following sections e Manage Stacking e Manage Redundancy Manage Stacking The wireless controller supports stacking of up to three units for management of up to 150 access points through purchased licensing see Licenses on page 18 One wireless controller functions as the primary controller also Known as the master and the other two wireless controllers function as secondary controllers also known as slaves The following figure shows a stacked configuration that is licensed to manage up to 120 access points e Two controllers 1 and 2 each support up to 50 access points e One controller 3 supports up to 20 access points WC7520 3 x WC7510L WC7520 3 x WC7510L stack WC7520 Figure 82 The wireless controllers that you intend to make members of the stack need to be connected over a wired connection A switch or router can be located between the wireless controllers that are part of a stack You configure the primary and secondary controllers individually enable stacking on
264. view and optimize the suggested approximate access point locations for the settings that you entered RF Planning 46 ProSafe 20 AP Wireless Controller WC7520 Access Point Configuration Monitor Maintenance Stacking ann Diagnostics 1os0ut gt Planning Floor Map of Clinic Floor 2 Total number of Access Points 4 Figure 17 Note that the planning tool provides only default placement and shows the coverage area for each access point Move the access points to optimize coverage in desired areas and avoid coverage in unwanted areas based on the floor plan Colored circles around the access point symbols indicate the expected approximate coverage of the individual access point The color of the circle represents the expected quality of the signal strength a darker color indicates signal overlap with nearby access points Note A red color indicates the strongest coverage area better than 50 dBm RSSI an orange color better than 60 dBm a yellow color better than 70 dBm and so on Moderate overlap is required for seamless roaming No overlap will lead to disconnections and dead spots You can click an access point icon and drag it to manually reposition it to see how the new location would affect the coverage Click Cancel to undo any access point repositioning changes Use the Zoom slider to increase or decrease the size of the map Click Save to save the location map or click Back to return to the Plann
265. well for small scale WLAN networks advanced profile groups are useful for larger deployments Note For more information about basic and advanced profile groups see Basic and Advanced Settings on page 22 Small WLAN Networks For small WLAN networks you can use the basic configuration with the basic profile group All access points belong to the same group and use the same wireless security and QoS configurations The basic profile group can contain up to 16 profiles for a dual band access point or 8 profiles for a single band access point Each profile has its own SSID and can have its own VLAN to allow the profile to establish its own tunnel Profiles can also share the same VLAN For example in an enterprise network in which all access points managed by the wireless controller serve the same wireless networks and have the same settings you can use the basic configuration Larger WLAN Networks For larger network deployments that consist of different sets of WLAN networks consider using the advanced configuration to create multiple profile groups The access points that belong to the same profile group use the same wireless security and QoS configurations The wireless controller supports up to 8 profile groups Each profile group can have its own wireless security and QoS configurations Each profile group can contain up to 16 profiles for a dual band access point or 8 profiles for a single band access point Using dual band
266. with a wireless controller PoE switch Layer 3 switch or router access points and several VLANs and SSIDs These are the VLANs in the wireless controller system e VLAN 1 the default untagged VLAN to access the wireless controller e VLAN 10 a tagged client VLAN e VLAN 20 another tagged client VLAN e VLAN 100 a tagged management VLAN System Planning and Deployment Scenarios 35 ProSafe 20 AP Wireless Controller WC7520 Management VLAN 100 Ethernet traffic E Client VLAN 10 Ethernet traffic aad Client VLAN 20 Ethernet traffic SSID 1 a Client VLAN 10 1 WC7520 PoE switch l 1 l l 1 a T A l TT e 7 l Backend L3 switch l or router l I l g l L zi SSID 1 Staff VLAN 10 WNDAP350 i SSID 2 x Client VLAN 20 lt Figure 12 The access points and wireless controller are connected in the same subnet and same VLAN and use the same IP address range that is assigned for that subnet There are no routers between the access points and the wireless controller The access points are connected to a PoE switch which in turn is connected to the wireless controller The uplink of the PoE switch connects to a Layer 3 switch or router that provides Internet access Prerequisites This network configuration has the following prerequisites e VLANs 10 20 and 100 are tagged VLANs and are configured on both the wireless controller and the PoE switch e The wireless co
267. word case sensitive password LAN LAN IP 192 168 0 250 Subnet mask 255 255 255 0 Default gateway 192 168 0 1 Time zone PST for North America GMT for other locations Time zone adjusted for daylight Enabled savings time SNMP Disabled The following table lists the technical and physical specifications Table 53 Technical and physical specifications Feature Default Setting Electrical specifications 100 240V AC 50 60 Hz universal input DC 5V 8A internal power supply Dimensions W x H x D cm 26 1 x 4 3 x 44 in 10 3 x 1 7 x 17 3 Weight kb 2 912 lb 6 4 202 ProSafe 20 AP Wireless Controller WC7520 Table 53 Technical and physical specifications continued Feature Default Setting Operating temperatures and humidity 0 to 45 C 32 to 113 F 90 maximum relative humidity Storage temperatures and humidity 20 to 70 C 4 to 58 F 95 maximum relative humidity Major regulatory compliance FCC Class A CE WEEE RoHS Note For more information see the ProSafe 20 AP Wireless Controller WC7520 data sheet at htto support netgear com app products model a_id 13060 The following table lists the password requirements Table 54 Password requirements Web management interface path User type Restrictions Section in or th
Download Pdf Manuals
Related Search