ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
User Manual
March 2016
202-11624-04
350 East Plumeria Drive
San Jose, CA 95134
USA
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Support
Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help,
access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR
support resources.
Conformity
For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621.
Compliance
For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
See the regulatory compliance document before connecting the power supply.
Trademarks
© NETGEAR, Inc., NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are
used for reference purposes only.
Revision History
Publication Part
Number
202-11624-04 March 2016 Revised Mount the Access Point to show the changes to the access point
202-11624-03 March 2016 Major revision with the following major changes:
Publish Date Comments
mounting bracket.
Changed firmware version 3.5.4.0 to version 3.5.6.0.
• Revised Log In to the Access Point.
• Added Disable the Cloud Mode for a Standalone Access Point.
• Added View Dashboard Information.
• Revised Configure and Enable WiFi Security Profiles.
• Added Configure Load Balancing.
• Revised Set Up and Manage Ensembles.
• Revised Manage Captive Portals.
• Removed the legacy 802.1x security option (RADIUS security option).
• Removed the WPA and WPA-PSK (TKIP) security options.
In addition, made many minor changes plus the following nontechnical
changes:
• Increased the quality of all screen shots.
• Replaced many screen shots.
• Converted all procedures to standalone procedures.
• Changed the name of the manual from Reference Manual to User
Manual.
202-11624-02 February 2016 Revised Configure WiFi Bridging.
202-11624-01 December 2015 Revised Mount the Access Point.
202-11607-01 October 2015 First publication.
2
Contents
Chapter 1 Hardware Setup
Chapter 2 Initial Setup
Unpack Your Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Hardware Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Top Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Rear Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Bottom Panel With Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
What You Need Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
WiFi Equipment Placement and Range Guidelines . . . . . . . . . . . . . . . . . . . . . . 11
Ethernet Cabling Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
LAN Configuration Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Hardware Requirements for Computers on Your LAN . . . . . . . . . . . . . . . . . . . 12
Operating Frequency Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Requirements for Entering IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Install and Configure the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Connect the Access Point to a Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Log In to the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Disable the Cloud Mode for a Standalone Access Point . . . . . . . . . . . . . . . . . 17
Configure Basic General System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Configure Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configure the IPv4 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configure the Basic WiFi Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Test Basic WiFi Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Mount the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Package Content of the Ceiling and Wall Installation Kit. . . . . . . . . . . . . . . . . 29
Drop Ceiling Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Wall Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 3 WiFi Configuration and Security
WiFi Data Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
WiFi Security Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configure and Enable WiFi Security Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
About WPA2 With RADIUS and WPA & WPA2 With RADIUS . . . . . . . . . . . . . 43
About WPA2-PSK and WPA-PSK & WPA2-PSK . . . . . . . . . . . . . . . . . . . . . . . . 44
Change the QoS Policy for a WiFi Security Profile. . . . . . . . . . . . . . . . . . . . . . 45
Configure RADIUS Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Restrict WiFi Access by MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Enable Rogue AP Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Schedule the WiFi Radios to Be Turned Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configure Basic WiFi Quality of Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Chapter 4 Management and Monitoring
Enable Remote Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
SNMP Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Secure Shell and Telnet Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Manage the Access Point over a Telnet Connection . . . . . . . . . . . . . . . . . . . . 57
Upgrade the Access Point Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Upgrade the Firmware Over a Web Browser . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Upgrade the Firmware Over a TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Manage the Configuration File or Reset to Factory Defaults . . . . . . . . . . . . . . . 60
Save the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Restore the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Restore the Access Point to the Factory Default Settings . . . . . . . . . . . . . . . 62
Reboot the Access Point Without Restoring the
Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Change the Administrator Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Manage User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Add a New User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Change the Name for a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Change the Privilege for a User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Reset the Password for a User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Delete a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Enable the Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Monitor the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
View System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
View Dashboard Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Monitor WiFi Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
View the Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
View the Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Set Up and Manage Ensembles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configure and Enable Ensemble Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Manage an Ensemble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Monitor an Ensemble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Chapter 5 Advanced Configuration
Configure IPv6 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configure Spanning Tree Protocol, 802.1Q VLAN, and
Link Layer Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Configure STP and VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Configure Ethernet LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Configure Bonjour. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Configure Advanced WiFi Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configure Advanced Quality of Service Settings . . . . . . . . . . . . . . . . . . . . . . . . 103
Configure and Manage Quality of Service Policies . . . . . . . . . . . . . . . . . . . . . . 106
4
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Configure a New QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Modify a QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Delete a QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Configure Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Manage Captive Portals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Specify Captive Portal Profile Settings and Enable the
Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Add User Accounts to the Local Database for Captive Portal Access . . . . . 117
Upload a Custom Logo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Configure a Default or Custom Captive Portal Splash Page. . . . . . . . . . . . . 119
Enable the Global Captive Portal Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Configure WiFi Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Point-to-Point Bridge and Point-to-Multipoint Bridge . . . . . . . . . . . . . . . . 122
Configure a WiFi Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Chapter 6 Troubleshooting
Troubleshoot the Basic Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Verify the Correct Sequence of Events at Startup . . . . . . . . . . . . . . . . . . . . 128
No LEDs Are Lit on the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
The Active LED or the LAN LED Is Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
The WLAN LED Does Not Light. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
You Cannot Access the Internet or the LAN From a WiFi Computer . . . . . . . . 129
You Cannot Configure the Access Point From a Browser . . . . . . . . . . . . . . . . .130
When You Enter a URL or IP Address a Time-Out Error Occurs . . . . . . . . . . . . 131
Troubleshoot a TCP/IP Network Using the Ping Utility . . . . . . . . . . . . . . . . . . . 131
Test the LAN Path to Your Access Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Test the Path from Your Computer to a Remote Device . . . . . . . . . . . . . . . . 132
Problems With Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Use the Packet Capture Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Appendix A Supplemental Information
Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
5
1. Hardware Setup
This chapter covers the following topics:
• Unpack Your Access Point
• Hardware Description
Note: For more information about the topics covered in this manual, visit the
support website at support.netgear.com.
Note: Firmware updates with new features and bug fixes are made
available from time to time at downloadcenter.netgear.com. Some
products can regularly check the site and download new firmware, or
you can check for and download new firmware manually. If the
features or behavior of your product does not match what is
described in this guide, you might need to update your firmware.
1
Note: In this manual, WiFi and wireless are interchangeable terms.
6
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Unpack Your Access Point
Your package contains the following items:
• ProSAFE Dual-Band Wireless AC Access Point
• Straight-through Category 5 Ethernet cable
• Ceiling and wall installation kit
• Installation guide
Contact your reseller or customer support in your area if any parts are missing or damaged.
Visit the NETGEAR website at support.netgear.com/general/contact/default.aspx for the
telephone number of customer support in your area.
Hardware Description
The following sections describe the top and rear hardware functions of the access point.
• Top Panel
• Rear Panel
• Bottom Panel With Product Label
Top Panel
The LEDs of the access point are described in the following figure and table:
1
Figure 1. Top panel
23
4
5
Hardware Setup
7
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Table 1. Top panel LEDs
Item LED Description
1 Power/Test Off Power is off.
On (green) Power is on.
Amber, then blinking
green
2 Active Off No Ethernet traffic is detected, or no link is detected.
On or blinking (green) Ethernet traffic is detected.
3 LAN Off A 10 Mbps or no link is detected on LAN port.
Amber A 100 Mbps link is detected on LAN port.
Green A 1000 Mbps link is detected on LAN port.
4 2.4
Ghz
5
5
Ghz
2.4 GHz
WLAN
5 GHz
WLAN
Off The WiFi 802.11b/g/n (2.4 GHz) LAN is not ready, or
On or blinking (green) The WiFi 802.11b/g/n (2.4 GHz) LAN is ready, or WiFi
Off The WiFi 802.11n/a (5 GHz) LAN is not ready, or no
On or blinking (green) The WiFi 802.11n/a (5 GHz) LAN is ready, or WiFi
A self-test is running or software is being loaded.
During startup, the LED is first steady amber, then
goes off, and then blinks green before turning steady
green after about 45 seconds. If after one minute the
LED remains amber or continues to blink green, it
indicates a system fault.
no WiFi activity is detected.
activity is detected.
WiFi activity is detected.
activity is detected.
Rear Panel
Figure 2. Rear panel
1
2
3
4
5
Hardware Setup
8
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The rear panel components of the access point, from left to right, are described in the
following list:
1. Cable security lock receptacle for an optional lock.
2. Console port for connecting to an optional console terminal. The port provides an RJ-45
connector and supports the following settings: 115200 K default baud rate, 8 data bits, no
(N) parity bit, and one (1) stop bit.
3. Factory default Reset button. Using a sharp object, press and hold this button for about
five seconds to reset the access point to factory defaults settings. All configuration settings
are lost, and the default password is restored. For more information, see Restore the Access
Point to the Factory Default Settings on page 62.
4. 10/100/1000BASE-T Gigabit Ethernet (RJ-45) port with Auto Uplink (Auto MDI-X) and
support for IEEE 802.3af Power over Ethernet (PoE) for connection to a switch or router that
can provide PoE.
5. Power socket for an optional 12 VDC, 2.5A power adapter.
Note: The WAC720 access point can support up to two optional
2.4 GHz/5 GHz dual-band antennas. The WAC730 access point can
support up to three optional 2.4 GHz/5 GHz dual-band antennas.
Bottom Panel With Product Label
The product label on the bottom of the access point’s enclosure displays factory default
settings, regulatory compliance, and other information.
产品型号: WAC730 ӗ૱〠ৼ仁⇥ᰐ㓯AC᧕ޕ⛩
FCC ID: PY315300321 IC: 4054A-15300321
This device complies with part 15 of the FCC Rules.
Operation is subject to the following two conditions:
(1) this device may not cause harmful interference,
and (2) this device must accept any interference
received, including interference that may cause
undesired operation.
272-12481-02 制造商: NETGEAR, INC.
ύ㡚ڋ!Made in China
产品型号: WAC720 ӗ૱〠ৼ仁⇥ᰐ㓯AC᧕ޕ⛩
FCC ID: PY315300320 IC: 4054A-15300320
This device complies with part 15 of the FCC Rules.
Operation is subject to the following two conditions:
(1) this device may not cause harmful interference,
and (2) this device must accept any interference
received, including interference that may cause
272-12480-02
ύ㡚ڋ!Made in China
undesired operation.
制造商: NETGEAR, INC.
CMIIT ID: XXXXXXXXXX
䗃ޕ: 12V 2.5A
W52/W53 Ȅቻ䲀ᇊ
XXX-XXXXXX
XXXXXXXXXX
䗃ޕ: 12V 2.5A
CMIIT ID: XXXXXXXXXX
序列号
序列号
Figure 3. Product labels
Hardware Setup
9
2. Initial Setup
This chapter covers the following topics:
• What You Need Before You Begin
• Install and Configure the Access Point
• Test Basic WiFi Connectivity
• Mount the Access Point
2
10
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
What You Need Before You Begin
You must consider the following guidelines and requirements before you can set up your
access point.
System Requirements
Before installing the access point, make sure that your system includes the following:
• A 10/100/1000 Mbps local area network device such as a hub or switch
• The Category 5 UTP straight-through Ethernet cable with RJ-45 connector included in the
package, or one like it
• A PoE switch or a 12V, 2.5 A, DC power source
• A web browser for configuration
• At least one computer with the TCP/IP protocol installed
• 802.11bg/ng/bgn-compliant or 802.11a/a-na-ac-compliant devices
WiFi Equipment Placement and Range Guidelines
The range of your WiFi connection can vary significantly based on the location of the access
point. The latency, data throughput performance, and power consumption of WiFi devices
also vary depending on your configuration choices.
Note: Failure to follow these guidelines can result in significant performance
degradation or inability to connect over WiFi to the access point. For
complete performance specifications, see Appendix A, Supplemental
Information.
Note: Before you position and mount the access point at its permanent
position, first configure the access point and test the computers on
your LAN for WiFi connectivity as described in this chapter.
For best results, place your access point according to the following general guidelines:
• Near the center of the area in which the WiFi devices will operate.
• In an elevated location such as a high shelf where the WiFi devices are in a line-of-sight
(even if through walls).
• Away from sources of interference, such as computers, microwaves ovens, and 2.4 GHz
cordless phones.
• Away from large metal surfaces or water.
Initial Setup
11
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
• Placing an external antenna in a vertical position provides best side-to-side coverage.
Placing an external antenna in a horizontal position provides best up-and-down
coverage. (An external antenna does not come standard with the access point.)
If you are using multiple access points, it is better if adjacent access points use different radio
frequency channels to reduce interference. The recommended channel spacing between
adjacent access points is five channels (for example, use Channels 1 and 6, or 6 and 1 1, or 1
and 11).
The time it takes to establish a WiFi connection can vary depending on both your security
settings and placement.
Ethernet Cabling Requirements
The access point connects to your LAN using twisted-pair Category 5 Ethernet cable with
RJ-45 connectors.
LAN Configuration Requirements
For the initial configuration of your access point, you must connect a computer to the access
point.
Hardware Requirements for Computers on Your LAN
To connect to the access point on your network, your WiFi device must support 802.11b,
802.11g, 802.11n, 802.11a, or 802.11ac. If your computer does not include an internal WiFi
adapter, we recommend using the NETGEAR A6210 WiFi USB Adapter.
Operating Frequency Guidelines
You do not need to change the operating frequency (channel) unless you notice interference
problems or you place the access point near another access point. If you do change the
operating frequency, observe the following guidelines:
• Access points use a fixed channel. You can select a channel that provides the least
interference and best performance. In the United States and Canada, 11 channels are
available.
• If you use multiple access points, it is better if adjacent access points use different
channels to reduce interference. The recommended channel spacing between adjacent
access points is five channels (for example, use Channels 1 and 6, or 6 and 11).
• In infrastructure mode (which is the default mode for the access point), WiFi stations
normally scan all channels, looking for a access point. If more than one access point can
be used, the one with the strongest signal is used. This is possible only if the access
points use the same SSID.
Initial Setup
12
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Requirements for Entering IP Addresses
IP addresses assigned to the access points must follow the following requirements for IPv4
and IPv6 addresses.
IPv4
The fourth octet of an IP address must be between 0 and 255 (both inclusive). This
requirement applies to any IP address that you enter on the access point’s web management
interface.
IPv6
IPv6 addresses are denoted by eight groups of hexadecimal quartets that are separated by
colons. Any four-digit group of zeroes within an IPv6 address can be reduced to a single zero
or altogether omitted.
The following errors invalidate an IPv6 address:
• More than eight groups of hexadecimal quartets
• More than four hexadecimal characters in a quartet
• More than two colons in a row
Install and Configure the Access Point
Install and configure your access point in the order of the following sections:
1. Connect the Access Point to a Computer
2. Log In to the Access Point
3. Disable the Cloud Mode for a Standalone Access Point
4. Configure Basic General System Settings
5. Configure the IPv4 Settings
6. Configure the Basic WiFi Settings
Before installing the access point, make sure that your Ethernet network functions. After you
connect the access point to the Ethernet network, computers that support 802.11b/g/a/n/ac
are able to communicate with the Ethernet network.
For this to work correctly, verify that you meet all the system requirements, shown in
Hardware Description on page 7.
Initial Setup
13
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Connect the Access Point to a Computer
Tip: Before you place the access point in an elevated position that is
difficult to reach, first set up and test the access point to verify WiFi
network connectivity.
To set up the access point:
1. Unpack the box and verify the contents.
2. Prepare a computer with an Ethernet adapter.
If this computer is already part of your network, record its TCP/IP configuration settings.
Configure the computer with a static IP address of 192.168.0.210 and 255.255.255.0 as
the subnet mask.
3. Connect an Ethernet cable from the access point to the computer.
4. Securely insert the other end of the cable into the access point’s Ethernet port.
5. Turn on your computer.
6. Connect the access point to a PoE switch or power adapter.
Tip: The access point supports Power over Ethernet (PoE) with power
redundancy. If you are using a switch that provides PoE, you do not
need to use a power adapter to power the access point. Using PoE
can be especially convenient when the access point is installed in a
high location far away from a power outlet.
7. Verify the following:
Power/T est LED. The Power/Test LED blinks when the access point is first turned
on. (To be exact, during startup, the LED is first steady amber , then goes off, and
then blinks green.) After about 45 seconds, the LED stays lit
(steady green). If after one minute the Power/Test LED is not lit or is still blinking,
check the connections and see if the power outlet is controlled by a wall switch
that is turned off.
Active LED. The Active LED is lit or blinks green when Ethernet traffic is
detected.
LAN LED. The LAN LED indicates the LAN speed for LAN port 1: green for
1000 Mbps, amber for 100 Mbps, and no light for 10 Mbps. If the LAN LED is not
lit, make sure that the Ethernet cable is securely attached at both ends.
2.4
Ghz
5
Ghz
2.4 GHz WLAN LED. The 2.4 GHz WLAN LED is lit or blinks green when the WiFi
LAN (WLAN) is ready.
5 GHz WLAN LED. The 5 GHz WLAN LED is lit or blinks green when the WiFi
LAN (WLAN) is ready.
Initial Setup
14
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Log In to the Access Point
The default IP address of your access point is 192.168.0.100.
By default, the access point functions as a DHCP client. If the access point is installed in a
network that includes a DHCP server, the IP address of the access point is issued by the
DHCP server. You can find the IP address of the access point by accessing the DHCP server
or by using an IP address scanner utility. (Free IP address scanner utilities are available
online.)
If you must configure the access point with a static IPv4 address, see the steps in Log In to
the Access Point When It Is Directly Connected to Your Computer on page 15 and Configure
the IPv4 Settings on page 21.
Note: When the access point runs firmware version 3.5.6.0 or a later
version, by default, the access point is enabled for the cloud and
operates with a limited web management interface (only the
Configuration and Monitoring menu tabs display).
Log In to the Access Point When It Is Directly Connected to Your Computer
To log in to the access point when it is directly connected to your computer:
1. Change the IP address of your computer to an IP address in the 192.168.0.x subnet,
which is the subnet in which the access point’s default IP address is located.
For example, change the computer’s IP address to 192.168.0.210.
2. Connect your computer to the access point with an Ethernet cable.
3. Open a web browser on your computer.
4. In the address bar, enter http://192.168.0.100.
192.168.0.100 is the default IP address of the access point.
Initial Setup
15
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
6. Click the Login button.
The web browser displays the General page under the Configuration tab. If you are
using the access point as a standalone access point or as an access point with a wireless
controller, you must disable the cloud mode (see Disable the Cloud Mode for a
Standalone Access Point on page 17).
After you disable the cloud mode and you log in to the access point, the web browser
displays the Dashboard page under the Monitoring tab of the main menu. For more
information, see View Dashboard Information on page 73.
Log In to the Access Point When It Is Connected to a Network With a DHCP
Server
To log in to the access point when it is connected to a network with a DHCP server.
1. Open a web browser from a computer that is connected to the same network as the
access point.
2. In the address bar, enter the network IP address of the access point.
You can find the IP address of the access point by accessing the DHCP server or by
using an IP address scanner utility. (Free IP address scanner utilities are available
online.)
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Click the Login button.
Initial Setup
16
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The web browser displays the General page under the Configuration tab. If you are
using the access point as a standalone access point or as an access point with a wireless
controller, you must disable the cloud mode (see Disable the Cloud Mode for a
Standalone Access Point on page 17).
After you disable the cloud mode and you log in to the access point, the web browser
displays the Dashboard page under the Monitoring tab of the main menu. For more
information, see View Dashboard Information on page 73.
Web Management Interface
The navigation tabs across the top of the web management interface provide access to all
the configuration functions of the access point and remain constant. The menu items in the
blue bar change according to the navigation tab that is selected.
The top right corner of all pages that allow you to make configuration changes show the
Apply and Cancel buttons, and on several pages the Edit button.
These buttons provide the following functions:
• Edit. Allows you to edit the existing configuration.
• Cancel. Cancels all configuration changes that you made on the page.
• Apply. Saves and applies all configuration changes that you made on the page.
Disable the Cloud Mode for a Standalone Access Point
When the access point runs firmware version 3.5.6.0 or a later version, by default, the cloud
mode is enabled for the access point and the web management interface is a restricted
interface that shows only the Configuration and Monitoring menu tabs with limited
configuration options.
If you are using the access point as a standalone access point or as an access point with a
wireless controller, you must disable the cloud mode.
To disable the cloud mode:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
Initial Setup
17
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
4. Next to Cloud Enabled, select the No radio button.
5. Click the Apply button.
The access point restarts with factory default settings but retains its IP configuration and
management VLAN.
The access point is now ready for standalone operation with a full web management
interface.
Configure Basic General System Settings
To configure basic system settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Basic > General.
Initial Setup
18
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Configure the settings as described in the following table.
Setting Description
Access Point Name This unique name is the access point NetBIOS name. The name is printed on the
rear label of the access point. The default is netgearxxxxxx, in which xxxxxx
represents the last 6 digits of the access point MAC address. You can replace the
default name with a unique name up to 15 characters long. The access point name
can be retrieved through SNMP.
Country / Region From the Country / Region menu, select the country where the access point is
installed.
Note: It might not be legal to operate this access point in a region other than one of
those identified in this field.
Note: For information about enabling the access point for the cloud and using
the access point as a cloud-managed device, see the Business Central
Wireless Manager Application Quick Start Guide and Business Central
Wireless Manager Application User Manual, both of which you can
download from downloadcenter.netgear.com.
6. Click the Apply button.
Your settings are saved.
Configure Time Settings
To configure time settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
Initial Setup
19
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Basic > Time.
5. Configure the settings as described in the following table.
Setting Description
Time Zone Select the time zone to match your location.
Current Time This is a nonconfigurable field that displays the current date and time.
NTP Client Enable the Network Time Protocol (NTP) client to synchronize the time of the
access point with an NTP server. By default the Enable radio button is
selected.
Use Custom NTP Server Select this check box if you want to use a custom NTP server.
Note: You need an Internet connection to use an NTP server that is not on
your local network.
Hostname /
IP Address
Enter the host name or IP address of the custom NTP server.
The default is time-b.netgear.com.
Note: If you use a host name, make sure that you configured a
DNS server.
6. Click the Apply button.
Your settings are saved.
Initial Setup
20
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Configure the IPv4 Settings
Note: For information about how to configure the IPv6 settings, see
Configure IPv6 Settings on page 95.
WARNING:
If you enable the DHCP client, the IP address of the access point
changes when you click the Apply button, causing you to lose your
connection to the access point. Y ou must use the new IP address to
reconnect to the access point.
Tip: If you enable the DHCP client on the access point, you can discover
the new IP address of the access point by accessing the DHCP server
on your LAN, or by using a network IP address scanner utility.
To configure the IPv4 settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > IP > IP Settings.
Initial Setup
21
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Configure the IPv4 settings as described in the following table.
Setting Description
DHCP Client By default, the Dynamic Host Configuration Protocol (DHCP) client is enabled.
The access point receives its IP address, subnet mask, and default gateway
settings automatically from the DHCP server on your network when you connect
the access point to your LAN.
IP Address Enter the IP address of your access point. The default IP address is
192.168.0.100. To change the address, enter an unused IP address from the
address range used on your LAN, or enable DHCP the server.
IP Subnet Mask Enter the network number portion of an IP address. Unless you are
implementing subnetting, enter 255.255.0.0 as the subnet mask.
Default Gateway Enter the IP address of the ISP gateway to which the access point connects.
Primary DNS Server Enter the IP address of the primary and secondary DNS servers.
A DNS server is a host on the Internet that translates Internet names (such as
www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP
Secondary DNS Server
address of one or two DNS servers to your access point during login. If the ISP
does not transfer an address, you must obtain it from the ISP and enter it
manually in this field.
Network Integrity Check Select this check box to validate that the upstream link is active before allowing
WiFi associations. Ensure that the default gateway is configured.
6. Click the Apply button.
Your settings are saved.
Configure the Basic WiFi Settings
For proper compliance and compatibility between similar products in your coverage area, you
must configure the 802.11bg/ng/bgn and 802.11a/a-na-ac settings correctly, including the
operating channel and country. You also must configure the basic WiFi network settings so
that WiFi devices can connect to your network. For other WiFi features, including WiFi
security, see Chapter 3, WiFi Configuration and Security.
WARNING:
If you configure the access point from a WiFi computer and you
change the access point’s SSID, channel, or WiFi security settings,
you lose your WiFi connection when you click the Apply button.
You then must change the WiFi settings of your computer to match
the access point’s new settings.
Initial Setup
22
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Configure 802.11bg/ng/bgn WiFi Settings
To configure the 802.11bg/ng/bgn WiFi settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Wireless > Basic > Wireless Settings.
5. Select the WiFi mode in the 2.4 GHz band:
•
11bg. 802.11b-compliant devices and 802.11g-compliant devices can connect to the
access point.
• 11ng. 802.11n-compliant devices and 802.11g-compliant devices can connect to the
access point
• 11bgn. This is the default setting. 802.11b-compliant devices, 802.11n-compliant
devices and 802.11g-compliant devices can connect to the access point. If you keep
the default setting, go to Step 8.
Initial Setup
23
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
When you change the WiFi mode, the Turn Radio On check box is automatically cleared,
and all fields, buttons, and menus on the page are masked out.
6. Turn on the radio by selecting the Turn Radio On check box.
A pop-up window opens.
Note: Under normal conditions, you want the radio to be turned on. Turning off
the radio disables access through the access point, which can be helpful
for configuration, network tuning, or troubleshooting activities.
7. Click the OK button to confirm the change of WiFi mode.
The change does not take effect until you click the Apply button after you complete the
WiFi configuration.
8. Specify the remaining WiFi settings as described the following table.
Setting Descriptions
Wireless Network Name
(SSID)
Broadcast Wireless
Network Name (SSID)
Channel / Frequency From the menu, select the channel that you want to use for your WiFi LAN. The
Enter a 32-character (maximum) service set identifier (SSID); the characters are
case-sensitive. The default is NETGEAR_11ng. The SSID assigned to a WiFi
device must match the access point’s SSID for the WiFi device to communicate
with the access point. If the SSIDs do not match, you do not get a WiFi
connection to the access point.
Select the Yes radio button to enable the access point to broadcast its SSID,
allowing WiFi stations with a null (blank) SSID to adopt the access point’s SSID.
Yes is the default setting. To prevent the SSID from being broadcast, select the
No radio button.
available WiFi channels and frequencies depend on the country and WiFi mode.
The default setting is Auto, which enables the access point to automatically
select the most suitable channel.
Note: You do not need to change the WiFi channel unless you experience
interference (indicated by lost connections or slow data transfers). If this happens,
you might want to experiment with different channels to see which is the best. For
more information, see Operating Frequency Guidelines on page 12.
Note: For more information about available channels and frequencies, see
Technical Specifications on page 136.
Note: If the access point is a member of an ensemble for which automatic
channel assignment is enabled (see Manage Automatic Channel Assignment for
an Ensemble on page 85), Auto is not available as a selection from the
Channel / Frequency menu.
Initial Setup
24
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Descriptions
11ng and 11bgn modes
only
Note: For most
networks, the default
settings work fine.
11bg modes only Data Rate From the menu, select the transmit data rate of the WiFi
Output Power From the menu, select the transmission power of the access point: Full, Half,
MCS Index / Data
Rate
Channel Width From the menu, select a channel width. The options are 20
Guard Interval From the menu, select the guard interval to protect
Quarter, Eighth, Minimum. The default is Full.
Note: Increasing the power improves performance, but if two or more access
points are operating in the same area and on the same channel, interference can
occur.
Note: Make sure that you comply with the regulatory requirements for total radio
frequency (RF) output power in your country.
From the menu, select a Modulation and Coding Scheme
(MCS) index and transmit data rate for the WiFi network. The
default setting is Best. For a list of all options that you can
select from in 11ng and 11bgn modes, see Factory Default
Settings on page 138.
MHz and 40 MHz. The default is 40 MHz.
transmissions from interference. The default is Auto, or you
can select Long - 800 ns. Some legacy devices can operate
only with a long guard interval.
network. The default setting is Best. For a list of all options
that you can select from in 11bg mode, see Factory Default
Settings on page 138.
9. Click the Apply button.
Your settings are saved.
Note: For information about how to configure advanced WiFi settings, see
Configure Advanced WiFi Settings on page 100.
Configure 802.11a/a-na-ac WiFi Settings
To configure the 802.11a/a-na-ac WiFi settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
Initial Setup
25
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
4. Select Configuration > Wireless > Basic > Wireless Settings.
5. Select the WiFi mode in the 5 GHz band:
• 11a. 802.11n-compliant devices can connect to the access point because they are
backward compatible.
• 11a-na-ac. This is the default setting. If you keep the default setting, go to Step 8.
When you change the WiFi mode, the Turn Radio On check box is automatically cleared,
and all fields, buttons, and menus on the page are masked out.
6. Turn on the radio by selecting the Turn Radio On check box.
A pop-up window opens.
Note: Under normal conditions, you want the radio to be turned on. Turning
off the radio disables access through the access point, which can be
helpful for configuration, network tuning, or troubleshooting activities.
7. Click the OK button to confirm the change of WiFi mode.
The change does not take effect until you click the Apply button after you complete the
WiFi configuration.
Initial Setup
26
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
8. Specify the remaining WiFi settings as described the following table.
Setting Descriptions
Wireless Network Name
(SSID)
Broadcast Wireless
Network Name (SSID)
Channel / Frequency From the menu, select the channel that you want to use for your WiFi LAN. The
Enter a 32-character (maximum) service set identifier (SSID); the characters are
case-sensitive. The default is NETGEAR_11ac. The SSID assigned to a WiFi
device must match the access point’s SSID for the WiFi device to communicate
with the access point. If the SSIDs do not match, you do not get a WiFi
connection to the access point.
Select the Yes radio button to enable the access point to broadcast its SSID,
allowing WiFi stations with a null (blank) SSID to adopt the access point’s SSID.
Yes is the default setting. To prevent the SSID from being broadcast, select the
No radio button.
available WiFi channels and frequencies depend on the country and WiFi mode.
The default setting is Auto, which enables the access point to automatically
select the most suitable channel.
Note: You do not need to change the WiFi channel unless you experience
interference (indicated by lost connections or slow data transfers). If this happens,
you might want to experiment with different channels to see which is the best. For
more information, see Operating Frequency Guidelines on page 12.
Note: For more information about available channels and frequencies, see
Technical Specifications on page 136.
Note: If the access point is a member of an ensemble for which automatic
channel assignment is enabled (see Manage Automatic Channel Assignment for
an Ensemble on page 85), Auto is not available as a selection from the
Channel / Frequency menu.
11a-na-ac mode only
Note: For most
networks, the default
settings work fine.
11a mode only Data Rate From the menu, select the transmit data rate of the WiFi
MCS Index / Data
Rate
Channel Width From the menu, select a channel width. The options are 20
Guard Interval From the menu, select the guard interval to protect
From the menu, select a Modulation and Coding Scheme
(MCS) index and transmit data rate for the WiFi network. The
default setting is Best. For a list of all options that you can
select from in 11a-na-ac mode, see Factory Default Settings
on page 138.
MHz, 40 MHz, and 80 MHz. The default is 80 MHz.
transmissions from interference. The default is Auto, or you
can select Long - 800 ns. Some legacy devices can operate
only with a long guard interval.
network. The default setting is Best. For a list of all options
that you can select from in 11a mode, see Factory Default
Settings on page 138.
Initial Setup
27
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Descriptions
Output Power From the menu, select the transmission power of the access point: Full, Half,
Quarter, Eighth, Minimum. The default is Full.
Note: Increasing the power improves performance, but if two or more access
points are operating in the same area and on the same channel, interference can
occur.
Note: Make sure that you comply with the regulatory requirements for total radio
frequency (RF) output power in your country.
9. Click the Apply button.
Your settings are saved.
Note: For information about how to configure advanced WiFi settings, see
Configure Advanced WiFi Settings on page 100.
Test Basic WiFi Connectivity
After you configure the access point, make sure that WiFi devices can connect to the access
point before you position and mount the access point at its permanent position.
To test for WiFi connectivity:
1. Configure your WiFi devices so that they can connect to a WiFI network that you
configured on the access point.
2. Verify that your WiFi devices acquired a WiFi link to the access point.
3. Verify network connectivity by using a browser to connect to the Internet, or check for file
and printer access on your network.
Note: If you experience trouble connecting to the access point, see
Chapter 6, Troubleshooting.
We recommend that you complete the following tasks before you deploy the access point in
your network:
• Configure WiFi security and other WiFi features as described in Chapter 3, WiFi
Configuration and Security.
• Configure any additional features that you might need as described in Chapter 4,
Management and Monitoring, and Chapter 5, Advanced Configuration.
After you complete the configuration of the access point, you can reconfigure the computer
that you used for this process back to its original TCP/IP settings.
Initial Setup
28
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Mount the Access Point
The following sections explain how to mount your access point. We recommend that you
review the information in WiFi Equipment Placement and Range Guidelines on page 11
before you mount the access point at its permanent position.
• Package Content of the Ceiling and Wall Installation Kit
• Drop Ceiling Installation
• Wall Installation
Package Content of the Ceiling and Wall Installation Kit
3
6
2
1
Figure 4. Ceiling and wall installation kit
The ceiling and wall installation kit contains the following components:
• One access point mounting bracket (1)
• One wall mounting bracket (2)
• Four mounting screws with integrated washers for the access point mounting bracket (3)
• One T-bar screw for the access point mounting bracket (4)
• Four wall screws for the wall mounting bracket (5)
• Four wall anchors for the wall mounting bracket (6)
5
4
Drop Ceiling Installation
The best location for ceiling installation is at the center of your WiFi coverage area, and
within line of sight of all mobile devices. Make sure that the top (the dome side) of the access
point is directed toward the users and not the ceiling.
Initial Setup
29
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Before mounting the access point in a high location, first set up and test the access point to
verify WiFi network connectivity.
If you are mounting the access point on a hard ceiling, use the wall installation instructions.
Note: Do not place the access point in a false ceiling space facing up.
To mount your access point to a drop ceiling:
1. Attach the access point mounting bracket to the access point using the four mounting
screws.
2. Place the access point so that the ceiling rail is between the two tabs on the access point
mounting bracket.
Initial Setup
30
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
3. Twist the access point to hang it from the ceiling rail.
4. Secure the access point to the ceiling rail using the T-bar screw.
Initial Setup
31
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Wall Installation
The best location for wall installation is at the center of your WiFi coverage area, and within
line of sight of all mobile devices. Make sure that the top (the dome side) of the access point
is directed toward the users and not the wall.
To mount your access point to a wall:
1. Place the wall mounting bracket on the wall where you want to mount the access point.
2. Mark the wall where the two mounting holes are (see the figure in Step 5).
3. Attach the access point mounting bracket to the access point using the four mounting
screws as shown.
4. So you can see how the brackets fit together, attach the wall mounting bracket to the access
point mounting bracket as shown in the following figure. The three hooks on the wall
mounting bracket fit into the three holes on the access point mounting bracket. The handle
on the wall mounting bracket also fits into a hole on the access point bracket. Release the
wall mounting bracket by moving the handle.
Initial Setup
32
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Using the wall anchors and screws, attach the wall mounting bracket to the wall where you
previously marked. The following figures show a side view of the wall. The left figure
includes a schematic view of the wall mounting bracket.
Mounting hole
Mounting hole
Before
attachment
After
attachment
Initial Setup
33
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Note: Although the product package includes four wall anchors and screws,
two screws are sufficient to attach the wall mounting bracket as shown
in the previous figure. However, if you prefer, you can use four screws
and insert them through the mounting holes in the corners of the wall
mounting bracket.
6. Align the three holes on the access point bracket with the three hooks on the wall mounting
bracket and slide the access point down until it click-attaches to the wall mounting bracket
and is secured. The following figures show a side view of the wall.
Before clickattachment
After clickattachment
Initial Setup
34
3. WiFi Configuration and Security
This chapter describes how to configure the WiFi features of the access point. The chapter
includes the following sections:
• WiFi Data Security Options
• WiFi Security Profiles
• Configure and Enable WiFi Security Profiles
• Configure RADIUS Server Settings
• Restrict WiFi Access by MAC Address
• Enable Rogue AP Detection
• Schedule the WiFi Radios to Be Turned Off
• Configure Basic WiFi Quality of Service
Before you set up WiFi security and additional WiFi features that are described in this chapter,
connect the access point, get the Internet connection working, and configure the
802.1 1bg/ng/bgn and 802.11a/a-na-ac WiFi settings as described in Chapter 2, Initial Setup. The
access point functions with an Ethernet LAN connection. Make sure that you verify WiFi
connectivity before you set up WiFi security and additional WiFi features.
3
WARNING:
If you are configuring the access point from a WiFi computer and
you change the access point’s SSID, channel, or WiFi security
settings, you lose your WiFi connection when you click the Apply
button. You must then change the WiFi settings of your computer
to match the access point’s new settings.
35
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
WiFi Data Security Options
Indoors, computers can connect over 802.11ac WiFi networks at a maximum range of
300 feet. Typically, a access point inside a building works best with devices within a 100-foot
radius. Such distances can allow for others outside your immediate area to access your
network.
Unlike wired network data, your WiFi data transmissions can extend beyond your walls and
can be received by anyone with a compatible WiFi device. For this reason, use the security
features of your WiFi equipment. The access point provides highly effective security features
that are covered in detail in this chapter. Deploy the security features appropriate to your
needs.
Figure 5. WiFi data security examples
You can enhance the security of your WiFi network in several ways:
• Use multiple BSSIDs combined with VLANs. You can configure combinations of
VLANS and BSSIDs (security profiles) with stronger or less restrictive access security
according to your requirements. For example, visitors could be given WiFi Internet access
but be excluded from any access to your internal network. For information about how to
configure BSSIDs, see Configure and Enable WiFi Security Profiles on page 38.
• Restrict access based on MAC address. You can allow only trusted devices to connect
so that unknown devices cannot connect over the WiFi to the access point. Restricting
access by MAC address adds an obstacle against unwanted access to your network, but
the data broadcast over the WiFi link is fully exposed. For information about how to
restrict access by MAC address, see Restrict WiFi Access by MAC Address on page 47.
• Turn off the broadcast of the WiFi network name (SSID). If you disable broadcast of
the SSID, only devices with the correct SSID can connect. This nullifies the WiFi network
discovery feature of some products, such as Windows XP, but the data is still exposed.
For information about how to turn off broadcast of the SSID, see Configure and Enable
WiFi Security Profiles on page 38.
• WPA2-PSK (AES). Wi-Fi Protected Access version 2 (WPA2) provides the most reliable
security with Advanced Encryption Standard (AES) encryption. This very strong
authentication along with dynamic per-frame rekeying of WPA2 makes it virtually
WiFi Configuration and Security
36
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
impossible to compromise. You can also use a combination of Temporal Key Integrity
Protocol (TKIP) and AES encryption.
WPA2-PSK uses a pre-shared key (PSK) for authentication. For more information, see
Configure and Enable WiFi Security Profiles on page 38 and About WPA2-PSK and
WPA-PSK & WPA2-PSK on page 44.
• WPA2 with RADIUS. Wi-Fi Protected Access version 2 (WPA2) with a RADIUS server
provides the most reliable security with Advanced Encryption Standard (AES) encryption.
This very strong authentication along with dynamic per-frame rekeying of WP A2 makes it
virtually impossible to compromise.
WPA2 uses RADIUS-based 802.1x authentication. For more information, see Configure
and Enable WiFi Security Profiles on page 38 and About WPA2 With RADIUS and WPA
& WPA2 With RADIUS on page 43.
• WP A-PSK & WPA2-PSK mixed mode. This mode provides reliable security for both
WPA-PSK and WPA2-PSK clients. Encryption is supported with the TKIP + AES mode.
WPA-PSK & WPA2-PSK uses a pre-shared key (PSK) for authentication; for more
information, see Configure and Enable WiFi Security Profiles on page 38 and About
WPA2-PSK and WPA-PSK & WPA2-PSK on page 44.
• WP A & WPA2 mixed mode with RADIUS. This mode provides reliable security for both
WPA and WPA2 clients and a RADIUS server. Encryption is supported with the TKIP +
AES mode.
WPA & WPA2 uses RADIUS-based 802.1x authentication. For more information, see
Configure and Enable WiFi Security Profiles on page 38 and About WPA2 With RADIUS
and WPA & WPA2 With RADIUS on page 43.
WiFi Security Profiles
WiFi security profiles, simply referred to as security profiles, let you configure unique security
settings for each SSID on each radio of the access point. For each radio, the access point
supports up to 8 WiFi security profiles (BSSIDs). That means that you can configure
16 security profiles with custom settings (see Configure and Enable WiFi Security Profiles on
page 38).
To set up a security profile, select its network authentication type, data encryption, WiFi client
security separation, and VLAN ID:
• Network authentication
The access point is set by default as an open system with no authentication. When you
configure network authentication, bear in mind that some legacy WiFi devices do not
support WPA2. If your network includes computers with legacy WiFi devices, configure
WPA & WPA2 mixed mode.
For information about the types of network authentication that the access point supports,
see Configure and Enable WiFi Security Profiles on page 38.
WiFi Configuration and Security
37
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
• Data encryption
Select the data encryption that you want to use. The available options depend on the
network authentication setting (otherwise, the default is None). The data encryption
settings are explained in Configure and Enable WiFi Security Profiles on page 38.
• WiFi client security separation
If this feature is enabled, the associated WiFi clients (using the same SSID) are not able
to communicate with each other. This feature is useful for hotspots and other public
access situations. By default, WiFi client separation is disabled. For more information,
see Configure Advanced WiFi Settings on page 100.
• VLAN ID
If this feature is enabled and if the network devices (hubs and switches) on your LAN
support the VLAN (802.1Q) standard, the default VLAN ID for the access point is
associated with each profile. The default VLAN ID must match the IDs that are used by
the other network devices. For more information, see Configure and Enable WiFi Security
Profiles on page 38.
Some concepts and guidelines regarding the SSID are explained in the following list:
• A basic service set (BSS) is a group of WiFi stations and a single access point, all using
the same security profile or service set identifier (BSSID). The actual identifier in the
BSSID is the MAC address of the WiFi radio. (A WiFi radio can be assigned multiple MAC
addresses, one for each security profile.)
• An extended service set (ESS) is a group of WiFi stations and multiple access points, all
using the same identifier (ESSID).
• Different access points within an ESS can use different channels. To reduce interference,
specify that adjacent access points use different channels.
• Roaming is the ability of WiFi stations to connect over WiFi when they physically move
from one BSS to another one within the same ESS. The WiFi station automatically
changes to the access point with the least interference or best performance.
Configure and Enable WiFi Security Profiles
To configure and enable a WiFi security profile, you must enable the associated radio:
• For 802.11bg/ng/bgn modes, the 2.4 GHz radio must be enabled (see Configure
802.11bg/ng/bgn WiFi Settings on page 23).
• For 802.11a/a-na-ac modes, the 5 GHz radio must be enabled. (see Configure
802.11a/a-na-ac WiFi Settings on page 25).
Both radios can function concurrently and both radios are enabled by default.
To configure and enable a WiFi security profile:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
WiFi Configuration and Security
38
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Security > Profile Settings.
The Profile Settings page for the 802.11bg/ng/bgn and 802.11a/a-na-ac modes shows
eight WiFi security profiles for each mode. (If the 2.4 GHz radio is disabled, the Enable
column is masked out.)
The following table explains the fields of the Profile Settings page.
Setting Description
Profile Name The unique name of the security profile that makes it easy to recognize the
profile.
SSID The WiFi network name (SSID) for the security profile.
Security The configured WiFi authentication method for the security profile.
VLAN The default VLAN ID that is associated with the security profile.
WiFi Configuration and Security
39
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Enable The check box that specifies whether the security profile is enabled. If you
select the check box and click the Apply button, the security profile is
enabled.
Note: You cannot disable security profile #0 (NETGEAR) for either radio
band. T o disable this security profile, turn of f the radio for the radio band (see
Configure 802.11bg/ng/bgn WiFi Settings on page 23 and Configure
802.11a/a-na-ac WiFi Settings on page 25).
WMF-Enable The check box that specifies whether Wireless Multicast Forwarding (WMF)
is enabled. If you select the check box and click the Apply button, WMF is
enabled.
WMF is required for applications that use multicasting, such as VLC
streaming applications. When WMF is enabled, the access point converts
multicast traffic to unicast traffic. WMF improves the overall performance
because the access points transmits data according to the capability of
each WiFi client.
5. To configure a security profile, select the corresponding radio button to the left of the security
profile.
6. Click the Edit button.
The Edit Security Profile page displays. This page contains four sections:
• Profile Definition (see Step 7)
• Authentication Settings (see Step 8)
• QoS Policies (see Step 9)
• Captive Portal (see Step 10)
WiFi Configuration and Security
40
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
7. Specify the settings of the Profile Definition section as described in the following table.
Setting Description
Profile Name Enter a unique name of the security profile that makes it easy to recognize the
profile. The default names are NETGEAR, NETGEAR-1, NETGEAR-2, and so
on, through NETGEAR-7. You can enter a value of up to 32 alphanumeric
characters.
Wireless Network Name
(SSID)
Broadcast Wireless
Network Name (SSID)
Band Steering to 5GHz
Note: This setting does
not apply to
802.11a/a-na-ac profiles.
Rssi Threshold 5GHz
(-100 to -10)
Note: This setting does
not apply to
802.11a/a-na-ac profiles.
The WiFi network name (SSID) for the security profile. The default names
depend on the selected radio band:
• 802.11 bg/ng/bgn. The default names are NETGEAR_11ng,
NETGEAR_11ng-1, NETGEAR_11ng-2, and so on, through
NETGEAR_11ng-7 for the eighth profile.
• 802.11 a/a-na-ac. The default names are NETGEAR_11ac,
NETGEAR_11ac-1, NETGEAR_11ac-2, and so on, through
NETGEAR_11ac-7 for the eighth profile.
Select the Yes radio button to enable the access point to broadcast its SSID,
allowing WiFi stations with a null (blank) SSID to adopt the access point’s
SSID. Yes is the default setting. To prevent the SSID from being broadcast,
select the No radio button.
Select the Enable radio button to enable band steering from the 2.4 GHz band
to the 5 GHz band. Band steering can reduce the client density in the 2.4 GHz
band by steering dual-band-capable clients to the 5 GHz band, thereby
increasing the WiFi network capacity . By default, the Disable button is selected
and band steering is disabled.
If you enable band steering, you can set the RSSI threshold.
The received signal strength indicator (RSSI) threshold applies only if you
enable band steering.
Enter the minimum RSSI value that a dual-band-capable client must be able to
receive from a 5 GHz radio before the client is steered from a 2.4 GHz radio to
the 5 GHz radio.
You can enter a value from –100 to –10. The default value is –70.
802.11K (RRM) Select the 802.11K(RRM) check box to allow the access point to support
802.1 1K radio resource management (RRM). 802.11K RRM allows for a better
utilization of access points in a network. If some access points are underutilized
because their signal is not as strong as that of other access points in the
network and those other access points are used to their maximum capacity,
802.11K RRM can steer clients to the underutilized access points. By default,
the 802.11K(RRM) check box is cleared and 802.11K RRM is disabled.
8. Specify the settings of the Authentication Settings section as described in the following table.
Note: The access point is set by default as an open system with no
authentication. However, we recommend that you configure security.
WiFi Configuration and Security
41
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Network Authentication
and Data Encryption
Note: The data
encryption fields that
display on the page
depend on your selection
from the Network
Authentication menu.
Open System This is the default setting. An open system does not provide
any security or encryption.
WPA2 with
RADIUS
WP A & WP A2 with
RADIUS
WPA2-PSK Enter a WPA passphrase and select AES or TKIP + AES
Configure the RADIUS server settings and select AES or
TKIP + AES encryption. For more information, see the
following sections:
• About WPA2 With RADIUS and WPA & WPA2 With
RADIUS on page 43
• Configure RADIUS Server Settings on page 45
Note: Select this setting only if all clients support WPA2.
Configure the RADIUS server setting. TKIP + AES
encryption is the default encryption. For more information,
see the following sections:
• About WPA2 With RADIUS and WPA & WPA2 With
RADIUS on page 43
• Configure RADIUS Server Settings on page 45
Note: This setting allows clients to connect through either
WPA with TKIP or WPA2 with AES.
encryption.
For more information, see About WPA2-PSK and
WPA-PSK & WPA2-PSK on page 44.
Note: Select this setting only if all clients support WPA2.
WPA-PSK &
WPA2-PSK
VLAN ID Enter the VLAN ID to be associated with this security profile. The range for the
VLAN ID is 1–4094. The default VLAN ID is 1.
The VLAN ID must match the VLAN ID that is used by the other devices in your
network.
Enter a WPA passphrase. TKIP + AES encryption is the
default encryption.
For more information, see About WPA2-PSK and
WPA-PSK & WPA2-PSK on page 44.
Note: This setting allows clients to connect through either
WPA with TKIP or WPA2 with AES.
9. Specify the settings of the QoS Policy section as described in the following table.
Note: To be able to select a QoS policy, you must first configure one or more
policies (see Configure and Manage Quality of Service Policies on
page 106).
WiFi Configuration and Security
42
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Mode Select the Mode check box to enable the selection of QoS policies and
bandwidth limits.
Policy Details Select a QoS policy from the Incoming menu, Outgoing menu, or both menus.
Depending on your selection, the policy is applied to incoming packets, outgoing
packets, or both incoming and outgoing packets, and is displayed in the Policy
Details fields.
Bandwidth Limit (bits per
second)
As an option, specify the bandwidth limits in bits per second (bps) for incoming
traffic, outgoing traffic, or both traffic streams. For example, to set a limit of
1 Mbps, enter 1048576 (or round down to 1000000).
10. To assign a captive portal profile to the security profile, select a captive portal instance from
the Profile Name menu (NETGEAR or NETGEAR-1).
Note: To be able to select a captive portal instance, you must configure and
enable at least one captive portal instance and globally enable captive
portals (see Manage Captive Portals on page 113).
11. Click the Apply button.
Your settings are saved.
12. Click the Back button.
The Profile Settings page displays again.
13. To enable the security profile that you just configured, make sure that the Enable check box
for the profile is selected.
14. To enable Wireless Multicast Forwarding (WMF) for the security profile that you just
configured, make sure that the WMF-Enable check box is enabled.
15. If you made any changes, click the Apply button again.
Your settings are saved.
WARNING:
If you use a WiFi computer to configure WiFi security settings, you
are disconnected when you click the Apply button. Reconfigure
your WiFi computer to match the new settings, or access the
access point from a wired computer to make further changes.
About WPA2 With RADIUS and WPA & WPA2 With RADIUS
WP A2 and WPA & WPA2 security require RADIUS-based 802.1x authentication, so you also
must define RADIUS server settings. For information about RADIUS servers, see Configure
RADIUS Server Settings on page 45.
WiFi Configuration and Security
43
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The selections that are available from the Data Encryption menu depend on the type of
WPA authentication that you select from the Network Authentication menu and are shown
in the following table.
Table 2. Encryption options for WPA with RADIUS and WPA & WPA2 with RADIUS
Setting Descriptions
AES Advanced Encryption Standard (AES) is the standard encryption method used with WPA2.
Note: Although some WiFi clients might support AES with WPA, the WAC720 and WAC730
access points do not support WPA with AES.
TKIP + AES The TKIP + AES encryption method is supported both for WPA and WPA2. Broadcast packets
use TKIP. For unicast (point-to-point) transmissions, WPA clients use TKIP, and WPA2 clients
use AES. For the WPA & WPA2 mixed mode, TKIP + AES is the only supported data encryption
method.
About WPA2-PSK and WPA-PSK & WPA2-PSK
WPA2-PSK and WPA-PSK & WPA2-PSK authentication use a pre-shared key (PSK, also
called a passphrase or a network key) and do not require authentication from a RADIUS
server.
The selections that are available from the Data Encryption menu depend on the type of
WPA-PSK authentication that you select from the Network Authentication menu and are
shown in the following table.
Table 3. Security and encryption options for WPA2-PSK and WPA-PSK & WPA2-PSK
Setting Descriptions
Data Encryption AES Advanced Encryption Standard (AES) is the standard encryption method used
with WPA2.
Note: Although some WiFi clients might support AES with WPA, the WAC720
and WAC730 access points do not support WPA with AES.
TKIP + AES TKIP + AES supports both WPA and WPA2. Broadcast packets use TKIP. For
unicast (point-to-point) transmissions, WPA clients use TKIP, and WPA2
clients use AES.
For the WPA & WPA2 mixed mode, TKIP + AES is the only supported data
encryption method.
Passphrase Enter a passphrase. The passphrase length must be between 8 and 63 characters
(inclusive). The default passphrase is sharedsecret.
You can display the actual passphrase by selecting the Show Passphrase in Clear Text
Yes radio button.
Show Passphrase
in Clear Text
Select the Yes radio button to display the actual passphrase in the Passphrase field. The
default setting is No.
WiFi Configuration and Security
44
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Change the QoS Policy for a WiFi Security Profile
To change the QoS policy for a WiFi security profile:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Security > Profile Settings.
The Profile Settings page displays.
5. Select the radio button the left of the security profile.
6. Click the Edit button.
The Edit Security Profile page displays.
7. From the menu from which you can select another QoS policy, select None.
8. Click the Apply button.
The old policy is removed from the security profile.
9. Select the new QoS policy from the same menu.
10. Click the Apply button.
Your settings are saved.
Configure RADIUS Server Settings
For authentication, accounting, or both authentication and accounting using RADIUS, you
must configure primary servers and optional secondary servers. These RADIUS server
settings can apply to all devices that are connected to the access point.
You can configure both IPv4 and IPv6 servers. In the IPv4 RADIUS Server Settings section,
enter IPv4 addresses only. In the IPv6 RADIUS Server Settings section, enter IPv6
addresses only.
To configure the RADIUS server settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
WiFi Configuration and Security
45
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Security > Advanced > RADIUS Server Settings.
5. Specify the settings as described in the following table.
Setting Descriptions
RADIUS Server Settings
Primary
Authentication Server
Secondary
Authentication Server
IPv4 Address or
IPv6 Address
Port Enter the number of the UDP port on the access point that is used
Shared Secret Enter the shared key that is used between the access point and
IPv4 Address or
IPv6 Address
Port Enter the number of the UDP port on the access point that is used
Shared Secret Enter the shared key that is used between the access point and
Enter the IP address of the primary RADIUS server for
authentication.
to access the primary RADIUS server for authentication. The
default port number is 1812.
the primary RADIUS server during authentication.
Enter the IP address of the secondary RADIUS server for
authentication. The secondary RADIUS server is used when the
primary RADIUS server is not available.
to access the secondary RADIUS server for authentication. The
default port number is 1812.
the secondary RADIUS server during authentication.
WiFi Configuration and Security
46
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Descriptions
Primary
Accounting Server
Secondary
Accounting Server
Authentication Settings
Reauthentication
Time (secs)
Update Global Key
Every (secs)
IPv4 Address or
IPv6 Address
Port Enter the number of the UDP port on the access point that is used
Shared Secret Enter the shared key that is used between the access point and
IPv4 Address or
IPv6 Address
Port Enter the number of the UDP port on the access point that is used
Shared Secret Enter the shared key that is used between the access point and
The interval in seconds after which the supplicant is reauthenticated with the
RADIUS server. The default interval is 3600 seconds (1 hour). Enter 0 to disable
reauthentication.
Select the check box to allow the global key update, and enter the interval in
seconds. The check box is selected by default, and the default interval is
1800 seconds (30 minutes). Clear the check box to prevent the global key update.
Enter the IP address of the primary RADIUS server for
accounting.
to access the primary RADIUS server for accounting. The default
port number is 1813.
the primary RADIUS server during the accounting process.
Enter the IP address of the secondary RADIUS server for
accounting. The secondary RADIUS server is used when the
primary RADIUS server is not available.
to access the secondary RADIUS server for accounting. The
default port number is 1813.
the secondary RADIUS server during the accounting process.
6. Click the Apply button.
Your settings are saved.
Restrict WiFi Access by MAC Address
For increased security , you can restrict access to an SSID by allowing access to only specific
computers or WiFi stations based on their MAC addresses. You can restrict access to only
trusted computers so that unknown computers cannot connect over WiFi to the access point.
MAC address filtering adds an obstacle against unwanted access to your network, but the
data broadcast over the WiFi link is fully exposed.
To restrict access based on MAC addresses:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
WiFi Configuration and Security
47
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Security > Advanced > MAC Authentication.
You can configure access control for 802.11 bg/ng/bgn devices, 802.11 a/a-na-ac
devices, or both types of devices.
5. Select the Turn Access Control On check box to enable the access control feature.
6. From the Select Access Control Database menu, select a database option:
• Local MAC Address Database. The access point uses the local MAC address
database for access control. This is the default setting.
• Remote MAC Address Database. The access point uses the MAC address
database on an external RADIUS server on the LAN for access control. If you select
this database, you first must configure the RADIUS server settings (see Configure
RADIUS Server Settings on page 45).
7. Click the Refresh button to refresh the Available Wireless Stations table.
The access point places the MAC addresses of the attached WiFi stations in this table.
8. Populate the Trusted Wireless Stations table by one of the following methods or by a
combination of the following methods:
• Select MAC addresses from the Available Wireless Stations table by doing the following:
a. Select individual check boxes for MAC addresses, or select all MAC addresses by
selecting the check box in the heading.
b. Click the Move button to transfer the MAC addresses from the Available Wireless
Stations table to the Trusted Wireless Stations table.
WiFi Configuration and Security
48
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
• Enter MAC addresses manually by doing the following:
a. Enter a MAC address directly in the Trusted Wireless Stations table.
b. Click the Add button.
• Import a list of trusted MAC addresses by doing the following:
a. Click the Replace or Merge button.
The imported list either replaces the Trusted Wireless Stations table or merges
with the Trusted Wireless Stations table.
b. Click the Choose File button and navigate to and select the file with MAC
addresses.
The file that you import must be a plain-text file with a .txt or .cfg extension.
Entries in the file must be MAC addresses in hexadecimal format with each octet
separated by colons, for example 00:11:22:33:44:55. Separate entries with a
single space. For the file to be accepted, it must contain only MAC addresses.
9. To fine-tune the Trusted Wireless Stations table and delete one or more MAC address from
the Trusted Wireless Stations table, select individual check boxes for the MAC addresses
and click the Delete button.
10. Click the Apply button.
Your settings are saved.
Now, only devices in the Trusted Wireless Stations table are allowed to connect to the
access point over a WiFi connection.
WARNING:
When configuring the access point from a WiFi computer whose
MAC address is not on the access control list, you lose your WiFi
connection when you click the Apply button. You then must access
the access point from a wired computer or from a WiFi computer
that is on the access control list to make any further changes.
Enable Rogue AP Detection
Unidentified access points that use the SSID of a legitimate network can present a serious
security threat. Detecting rogue access points involves scanning the WiFi environment on all
available channels, looking for unidentified access points.
When rogue AP detection is enabled, the access point interacts only with devices in the
Known AP list.
WiFi Configuration and Security
49
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
To enable rogue AP detection:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Security > Advanced > Rogue AP.
You can configure rogue AP detection for 802.11 bg/ng/bgn devices, 802.11 a/a-na-ac
devices, or both types of devices.
5. Select the Turn Rogue AP Detection On check box.
6. Select a detection policy from the Rogue AP Detection Policy menu:
• Mild. The AP scans for unknown APs every 180 seconds.
• Moderate. The AP scans for unknown APs every 60 seconds.
• Aggressive. The AP scans for unknown APs every 10 seconds.
Detected rogue APs are placed in the Unknown AP List.
7. To move APs from the Unknown AP List to the Known AP List, do the following:
a. Select individual check boxes for MAC addresses, or select all MAC addresses by
selecting the check box in the heading.
WiFi Configuration and Security
50
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
b. Click the Move button to transfer the MAC addresses from the Unknown AP List to
the Known AP List.
8. To import a list of known APs, do the following:
a. Click the Replace or Merge button.
The imported list either replaces the Known AP List or merges with the Known AP
List.
b. Click the Choose File button and navigate to and select the file with access points.
The file that you import must be a plain-text file with a .txt or .cfg extension.
Entries in the file must be MAC addresses in hexadecimal format with each octet
separated by colons, for example 00:11:22:33:44:55. Separate entries with a single
space. For the file to be accepted, it must contain only MAC addresses.
9. To fine-tune the Known AP List and delete one or more MAC address from the Known AP
List, select individual check boxes for the MAC addresses and click the Delete button.
10. Click the Apply button.
Your settings are saved.
Schedule the WiFi Radios to Be Turned Off
Scheduling the WiFi radios to be turned off is a green feature that allows you to turn off the
WiFi radios during scheduled vacations, office shutdowns, on evenings, or on weekends.
To schedule the radios to be turned on and off:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Wireless > Basic > Wireless Scheduling.
WiFi Configuration and Security
51
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Specify the settings as described in the following table.
Setting Description
Wireless Scheduling Select the Enable radio button to enable the timer. By default, the Disable radio
button is selected.
Radio Off Schedule Select check boxes to specify the days when you want to schedule the radios to
be turned off. By default, Saturday and Sunday are selected.
Radio On Time Enter the time that you want the radios to be turned back on. Use 24-hour time
format.
Radio Off Time Enter the time that you want the radios to be turned off. Use 24-hour time
format.
6. Click the Apply button.
Your settings are saved.
Configure Basic WiFi Quality of Service
Wi-Fi Multimedia (WMM) is a subset of the 802.11e standard. WMM allows you to specify a
range of priorities, depending on the type of data. Time-dependent information, such as video
or audio, is given a higher priority than normal traffic. For WMM to function correctly, WiFi
clients must also support WMM.
By enabling WMM, you allow Quality of Service (QoS) control for upstream traffic flowing
from a WiFi station to the access point and for downstream traffic flowing from the access
point to a WiFi station.
WMM defines the following four queues in decreasing order of priority:
• Voice. The highest priority queue with minimum delay, which makes it ideal for
applications like VoIP and streaming media.
• Video. The second highest priority queue with low delay is given to this queue. Video
applications are routed to this queue.
• Best Effort. The medium priority queue with medium delay is given to this queue. Most
standard IP applications use this queue.
• Background. Low priority queue with high throughput. Applications, such as FTP, that
are not time-sensitive but require high throughput can use this queue.
The WMM Powersave feature saves power for battery-powered equipment by increasing the
efficiency and flexibility of data transmission.
Note: For information about how to configure advanced WiFi QoS, that is, to
configure specific Enhanced Distributed Channel Access (EDCA) settings,
see Configure Advanced Quality of Service Settings on page 103.
WiFi Configuration and Security
52
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
To configure basic WiFi QoS:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Wireless > Basic > QoS Settings.
5. To turn on QoS globally, next to Mode, select the Enable button.
6. Enable or disable individual WMM features for 802.11 bg/ng/bgn devices, 802.11
a/a-na-ac devices, or both types of devices:
• Enable Wi-Fi Multimedia (WMM). To enable this feature, select the Enable radio
button, which is the default setting. Select the Disable radio button to disable the
feature.
• WMM Powersave. To enable this feature, select the Enable radio button, which is
the default setting. Select the Disable radio button to disable the feature.
7. Click the Apply button.
Your settings are saved.
WiFi Configuration and Security
53
4. Management and Monitoring
4
This chapter describes how to use the management and monitoring features of the access point.
The chapter includes the following sections:
• Enable Remote Management
• Upgrade the Access Point Software
• Manage the Configuration File or Reset to Factory Defaults
• Change the Administrator Password
• Manage User Accounts
• Enable the Syslog Server
• Monitor the Access Point
• View the Activity Log
• View the Traffic Statistics
• Set Up and Manage Ensembles
54
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Enable Remote Management
Both Simple Network Management Protocol (SNMP) and the remote console Secure Shell
(SSH) are enabled by default, which allows for remote management of the access point from
a client running SNMP management software, as well as from an SSH client. The Telnet
console is disabled by default.
The following sections describe the remote management options:
• SNMP Management
• Secure Shell and Telnet Management
SNMP Management
To set up an SNMP management interface:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Remote Management > SNMP.
5. Specify the settings as described in the following table.
Setting Description
SNMP Select the Enable radio button to allow the SNMP network management software,
such as HP OpenView , to manage the access point through SNMPv1/v2 protocol.
By default, the Disable radio button is selected.
Read-Only Community
Name
Enter the community string to allow the SNMP manager to read the access point’s
Management Information Base (MIB) objects. The default is public.
Management and Monitoring
55
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Read-Write
Community Name
Trap Community
Name
IP Address to Receive
Traps
Trap Port Enter the number of the SNMP manager port to receive traps sent from the access
Enter the community string to allow the SNMP manager to read and write the
access point’s MIB objects. The default is private.
Enter the community string to allow the SNMP manager to send traps. The default
is trap.
Enter the IP address of the SNMP manager to receive traps sent from the access
point.
point. The default is 162.
6. Click the Apply button.
Your settings are saved.
Secure Shell and Telnet Management
To configure remote console features:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Remote Management > Remote Console.
5. Enable or disable the remote console features:
• Secure Shell (SSH). To enable this feature, select the Enable radio button, which is
the default setting. Select the Disable button to disable the feature.
• Telnet. To enable this feature, select the Enable radio button. Select the Disable
button to disable the feature, which is the default setting.
6. Click the Apply button.
Management and Monitoring
56
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Your settings are saved.
Manage the Access Point over a Telnet Connection
To manage the access point over a Telnet connection:
1. Connect an Ethernet cable to the console port of the access point.
2. Connect the other end of the cable to a VT100/ANSI terminal or a computer.
If you attach a computer that is running a Windows, Apple, or Linux operating system,
start a secure terminal emulation program, and configure the terminal emulation program
to use the following settings:
• Baud rate. 9600 bps
• Data bits. 8
• Parity. None
• Stop bit. 1
• Flow control. None
3. Start a secure Telnet session from the terminal or workstation to the access point. A page
similar to the following displays:
4. Enter the login name and password.
The default login name is admin and the default password is password.
After successful login, the > prompt appears, preceded by the name of the access point.
In this example, the prompt is netgear334408.
5. Enter the CLI commands that you want to use.
You can enter show configuration to display the available CLI commands.
Note: You can also access the access point remotely over a Telnet or SSH
session using an application such as PuTTY, if such an encryption
application is allowed by law in your country. After you connect to the
access point, enter the login name and password to access the CLI.
Management and Monitoring
57
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Upgrade the Access Point Software
The software of the access point is stored in flash memory and can be upgraded as
NETGEAR releases new software. You can download upgrade files from the NETGEAR
website. If the upgrade file is compressed (.zip file), you first must extract the image (.rmt)
file before sending it to the access point. You can send the upgrade file using your browser.
Two methods are available to perform a software upgrade, which are described in the
following sections:
• Upgrade the Firmware Over a Web Browser
• Upgrade the Firmware Over a TFTP Server
Note: The web browser that you use to upload new firmware into the access
point must support HTTP uploads. Use a browser such as Microsoft
Internet Explorer, Mozilla Firefox, or Google Chrome.
Note: You cannot perform the software upgrade from a computer that is
connected to the access point over a WiFi link. You must use a computer
that is connected to the access point over an Ethernet cable.
WARNING:
When uploading software to the access point, do not interrupt the
web browser by closing the page, clicking a link, or loading a new
page. If the browser is interrupted, the upload might fail, corrupt the
software, and render the access point inoperable.
IMPORTANT:
In some cases, such as a major upgrade, you might need to erase
the configuration and manually reconfigure your access point after
upgrading it. See the release notes included with the software to
find out if you must reconfigure the access point.
Upgrade the Firmware Over a Web Browser
To use a web browser to upgrade the access point firmware:
1. Download the new software file from the NETGEAR website and save it to your hard
disk.
2. If necessary, unzip the new software file.
Management and Monitoring
58
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
3. If available, read the release notes before upgrading the software.
4. Open a web browser from a computer that is connected to the same network as the access
point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
5. In the address bar, enter the IP address of the access point.
A login window opens.
6. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
7. Select Maintenance > Upgrade > Firmware Upgrade.
8. Click the Choose File button and locate and select the image upgrade file.
The image upgrade file is a .tar file.
9. Click the Apply button to initiate the upgrade process.
During the upgrade process, the access point automatically restarts. The upgrade
process typically takes several minutes. When the Test LED turns off, wait a few more
seconds before doing anything with the access point.
10. Verify that the new software file was installed by selecting Monitoring > System.
The System page displays. The firmware version is shown in the Access Point
Information section of the page.
Upgrade the Firmware Over a TFTP Server
To use this method, you need access to a TFTP server.
To use a TFTP server to upgrade the access point firmware:
1. Download the new software file from the NETGEAR website and save it to your hard
disk.
2. Place the software file in your TFTP server location.
3. If available, read the release notes before upgrading the software.
4. Open a web browser from a computer that is connected to the same network as the access
point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
Management and Monitoring
59
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. In the address bar, enter the IP address of the access point.
A login window opens.
6. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
7. Select Maintenance > Upgrade > Firmware Upgrade TFTP.
8. Specify the following information:
• Firmware File Name. The name of the software file.
• TFTP Server IP. The IP address of your TFTP server.
9. Click the Apply button to initiate the upgrade process.
During the upgrade process, the access point automatically restarts. The upgrade
process typically takes several minutes. When the Test LED turns off, wait a few more
seconds before doing anything with the access point.
10. Verify that the new software file was installed by selecting Monitoring > System.
The System page displays. The firmware version is shown in the Access Point
Information section of the page.
Manage the Configuration File or Reset to Factory Defaults
The access point settings are stored in the configuration file. You can save this file (back it
up) to a computer, restore it from a computer, or reset it to factory default settings, as
described in the following sections:
• Save the Configuration
• Restore the Configuration
• Restore the Access Point to the Factory Default Settings
• Reboot the Access Point Without Restoring the Default Configuration
Management and Monitoring
60
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Save the Configuration
To save your settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Upgrade > Backup Settings.
5. Click the Backup button.
Your browser extracts the configuration file (the file name is config) from the access
point and prompts you for a location on your computer to store the file.
6. Follow the instructions of your browser to save the file.
Restore the Configuration
To restore your settings from a saved configuration file:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Upgrade > Restore Settings.
Management and Monitoring
61
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Click the Choose File button and locate and select the backup configuration file (the file
name is config).
IMPORTANT:
During the restoration process, do not try to go online, turn off the
access point, shut down the computer, or do anything else to the
access point until it finishes restarting!
6. Click the Apply button to initiate the restoration process.
During the restoration process, the access point automatically restarts. The restoration
process typically takes about one minute. When the Test LED turns off, wait a few more
seconds before doing anything with the access point.
Restore the Access Point to the Factory Default Settings
You can restore the access point to the factory default settings by two methods that are
described in the following sections:
• Use the Web Management Interface to Restore Factory Default Settings
• Use the Reset Button to Restore Factory Default Settings
Note: After you restore the factory default settings on the access point, the
following occurs:
* All custom configurations are lost.
* The login password is password.
* The default LAN IP address is 192.168.0.100.
* The DHCP client is enabled.
* The Access Point Name field is reset to the name printed on
the label on the bottom of the unit.
Management and Monitoring
62
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Use the Web Management Interface to Restore Factory Default Settings
To restore the factory default settings using the web management interface:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Reset > Restore Defaults.
5. Select the Yes radio button.
By default, the No radio button is selected.
IMPORTANT:
During the restoration process, do not try to go online, turn off the
access point, shut down the computer, or do anything else to the
access point until it finishes restarting!
6. Click the Apply button.
The access point is reset to the factory default settings.
During the restoration process, the access point automatically restarts. The restoration
process typically takes about one minute. When the Test LED turns off, wait a few more
seconds before doing anything with the access point.
Use the Reset Button to Restore Factory Default Settings
To restore the factory default settings when you do not know the login user name, login
password, or IP address, you must use the Reset button on the rear panel of the access
point (see Figure 2 on page 8).
Management and Monitoring
63
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
To restore the factory default settings using the Reset button:
1. Using a sharp object, press and hold the Reset button for about five seconds (until the Test
LED blinks rapidly) to reset the access point to factory defaults settings.
Pressing the Reset button for a shorter time simply causes the access point to reboot.
2. Release the Reset button.
During the restoration process, the access point automatically restarts. The restoration
process typically takes about one minute. When the Test LED turns off, wait a few more
seconds before doing anything with the access point.
Reboot the Access Point Without Restoring the Default Configuration
If you cannot physically access the access point to turn it off and on again, you can use the
software to reboot the access point.
To reboot the access point:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Reset > Reboot AP.
5. Select the Yes radio button.
By default, the No radio button is selected.
6. Click the Apply button to reboot the access point.
The reboot process typically takes about one minute. When the Test LED turns off, wait a
few more seconds before doing anything with the access point.
Management and Monitoring
64
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Change the Administrator Password
The default password is password. We recommend that you change this password to a
more secure password. You cannot change the administrator login name (admin).
The ideal password contains no dictionary words from any language and is a mixture of
letters (both uppercase and lowercase), numbers, and symbols. Your password can be up to
30 characters.
To change the administrator password:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Maintenance > Password > Change Password.
5. Take one of the following actions:
• Enter a new password twice, once in the New Password field and again in the
Repeat New Password field.
• Next to Restore Default Password, select the Yes radio button to restore the default
password.
By default, the No radio button is selected.
6. Click the Apply button.
Your settings are saved.
If you restored the default password, the login password is password. If you configured a
new password, write it down in a secure place.
Management and Monitoring
65
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Manage User Accounts
The admin user account is the default user account, which you cannot delete. However, you
can add other user accounts, modify them, and delete them. Users for whom you set up an
account can access the web management interface with read-only or read/write privileges.
Note: Only the administrator can create, change, and delete user accounts.
Add a New User Account
To add a new user account:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > User Accounts.
Management and Monitoring
66
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Configure the settings in the upper part of the page as described in the following table.
Setting Description
User Name Enter a new user name.
Password Enter a password between 4 and 12 characters in length.
Privilege From the Privilege menu, select Read Write or Read Only.
6. Click the Add button.
The user account is added.
7. Click the Apply button.
Your settings are saved.
Change the Name for a User Account
To change the name for a user account:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > User Accounts.
The User Accounts page displays.
5. In the Update User Accounts section, select a user from the Existing Users menu.
6. In the User Name field, modify the name.
7. Click the Modify button.
The user name is changed.
8. Click the Apply button.
Your settings are saved.
Management and Monitoring
67
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Change the Privilege for a User Account
To change the privilege for a user account:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > User Accounts.
The User Accounts page displays.
5. In the Update User Accounts section, select a user from the Existing Users menu.
6. From the Privilege menu, select another privilege.
7. Click the Reset Password button.
The password is reset to the default password, which is password.
8. Click the Apply button.
Your settings are saved.
Reset the Password for a User Account
To reset the password for a user account:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > User Accounts.
The User Accounts page displays.
5. In the Update User Accounts section, select a user from the Existing Users menu.
6. Click the Reset Password button.
Management and Monitoring
68
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The password is reset to the default password, which is password.
7. Click the Apply button.
Your settings are saved.
Note: If you want to modify a password, delete the user account, and then
recreate the user account with the password of your choice.
Delete a User Account
To delete a user account:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > User Accounts.
The User Accounts page displays.
5. In the Update User Accounts section, select a user from the Existing Users menu.
6. Click the Delete button.
7. Click the Apply button.
Your settings are saved.
Enable the Syslog Server
You can enable the syslog option if your LAN includes a syslog server. If syslog is enabled,
the access point sends its syslog files to the syslog server.
To enable a syslog server:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
Management and Monitoring
69
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > Syslog.
Specify the settings as described in the following table.
Setting Description
Enable Syslog Select the check box to enable the syslog option. By default, the syslog option
is disabled.
Syslog Server IP Address Enter the IP address of the syslog server to which the access point sends the
syslog files.
Port Number Enter the port number that is configured on the syslog server. The default port
number is 514.
5. Click the Apply button.
Your settings are saved.
Monitor the Access Point
The following sections describe how you can monitor the access point:
• View System Information
• View Dashboard Information
• Monitor WiFi Clients
• View the Activity Log
• View the Traffic Statistics
View System Information
You can view a summary of the current access point configuration settings, including current
IP settings and current WiFi settings. This information is read only, so any changes must be
made on other pages.
Management and Monitoring
70
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
To view the System page:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitoring > System.
The following table explains the fields of the System page:
Setting Description
Access Point Information
Access Point Name The NetBIOS name. For information about how to change the default name, see
Configure Basic General System Settings on page 18.
Ethernet MAC Address The MAC address of the access point’s Ethernet port.
Management and Monitoring
71
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Wireless MAC Address
for 2.4 GHz
Wireless MAC Address
for 5 GHz
Ethernet LLDP Enabled indicates that LLDP is enabled. Disabled indicates that it is not.
Country/Region The country or region for which the access point is licensed for use. For
Firmware Version The version of the firmware that is currently installed.
Serial Number The serial number of the access point.
Current Time The current time. For information about how to change the time settings, see
AP Uptime The length of time since the access point became active.
Current IPv4 Settings
For information about how to change any of these IP settings, see Configure the IPv4 Settings on page 21.
IP Address The IPv4 address of the access point.
The MAC address of the access point’s 2.4 GHz WiFi radio.
The MAC address of the access point’s 5 GHz WiFi radio.
information about how to change the country or region, see Configure Basic
General System Settings on page 18.
Note: It might not be legal to operate this access point in a country or region
other than one of those identified in this field.
Configure Basic General System Settings on page 18.
Subnet Mask The subnet mask for the address of the access point.
Default Gateway The default IPv4 gateway for the access point communication.
DHCP Client Enabled indicates that the current IP address was obtained from a DHCPv4
server on your LAN network. Disabled indicates a static IP configuration.
Current IPv6 Settings
For information about how to change any of these IP settings, see Configure IPv6 Settings on page 95.
IPv6 Address The default IPv6 address of the access point.
Prefix Length The prefix length for the address of the access point.
Dynamic IPv6 Address The dynamically assigned IPbv6 address if the DHCPv6 server has the stateful
option enabled.
Default Gateway The default IPv6 gateway for the access point communication.
LAN IPv6 Link-Local
Address
DHCP Client Enabled indicates that the current IP address was obtained from a DHCPv6
This is an automatically generated IPv6 address that uses the IPv4 address in
the interface portion of its address.
server on your LAN network. Disabled indicates a static IP configuration.
Management and Monitoring
72
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Current Wireless Settings for 802.11 bg/ng/bgn
and
Current Wireless Settings for 802.11 a/a-na-ac
Access Point Mode The WiFi operation mode of the access point for the radio band. By default, the
mode is 11bgn for the 2.4 GHz radio band and 11a-na-ac for the 5 GHz radio
band.
Channel / Frequency The channel that the WiFi port is using. For information about how to change the
channel and frequency, see Configure 802.11bg/ng/bgn WiFi Settings on
page 23 and Configure 802.11a/a-na-ac WiFi Settings on page 25.
Rogue AP Detection Enabled indicates that rogue AP detection is enabled. Disabled indicates that it
is not.
View Dashboard Information
The Dashboard pages provide general information about the access point in standalone
mode or ensemble mode. In addition, the pages provide real-time and historical information
about client distribution, traffic distribution and WLAN utilization.
View the Standalone Dashboard
The Dashboard page for a standalone access point provides read-only information, so any
changes must be made on other pages.
To view the standalone Dashboard:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitoring > Dashboard.
The Dashboard page displays.
5. Click the Stand-Alone button.
The Dashboard page displays information for the standalone access point.
Management and Monitoring
73
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
6. To view more information, point to a graph.
7. To view real-time information for 5 GHz clients and traffic, click the 5 GHz button.
By default, the 2.4 GHz button is selected.
8. To view historical traffic information, click the Traffic button.
By default, the Clients button is selected.
9. To view historical information for another period, select the period from the menu below the
Clients and Traffic buttons.
View the Ensemble Dashboard
The Dashboard page for an access point in ensemble mode provides read-only information,
so any changes must be made on other pages.
To view the ensemble Dashboard:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
Management and Monitoring
74
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
4. Select Monitoring > Dashboard.
The Dashboard page displays.
5. Click the Ensemble button.
The Dashboard page displays information for the access point in ensemble mode. The
upper figure shows the left and middle of the page. The lower figure shows the right of the
page.
6. To view more information, point to a graph.
Management and Monitoring
75
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
7. To view historical traffic information for the past 24 hours, click the Traffic button in the lower
right of the page.
By default, the Clients button is selected and the page shows historical client
information.
8. To view details about access point in the ensemble, click the Access Points box on the left.
By default, the Wireless Networks box is selected.
9. To view details about active clients in the ensemble, click the Active Clients box on the left.
Monitor WiFi Clients
You can view all WiFi devices that are associated with a WiFi network name (SSID) on the
access point.
Note: A WiFi network can include multiple access points, all using the same
SSID. This uniformity extends the reach of the WiFi network and
allows users to roam from one access point to another, providing
seamless network connectivity . Under these circumstances, be aware
that the WiFi clients that you can monitor as described in the following
procedure are the clients that are associated with this access point.
To view the attached WiFi clients and details for an individual WiFi client:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitoring > Wireless Stations.
Management and Monitoring
76
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The Wireless Stations table shows the information for each device. For information about
these and more fields, see the following table.
5. To update the list, click the Refresh button.
If the access point is rebooted, the WiFi station data is lost until the access point
rediscovers the devices. To force the access point to look for associated devices, click
the Refresh button.
6. To view details of a WiFi station, select the corresponding radio button, and then click the
Details button.
The Wireless Stations Details pop-up window opens.
The following table explains the fields of the Wireless Stations Details pop-up window.
Setting Description
MAC Address The MAC address of the WiFi station.
BSSID The BSSID that the WiFi station is using.
SSID The SSID that the WiFi station is using.
Channel The channel that the WiFi station is using.
Rate The transmit data rate in Mbps of the WiFi station.
Type The authentication and encryption type that the WiFi station is using.
Mode The WiFi mode in which the WiFi station is operating.
Status The WiFi status of the WiFi station (Associated).
RSSI The received signal strength indicator (RSSI) of the WiFi station.
Idle Time The time since the last frame was received from the WiFi station.
Management and Monitoring
77
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Setting Description
Recv. Bytes The number of bytes received on the WiFi station since it last started.
Trans. bytes The number of bytes transmitted by the WiFi station since it last started.
Assoc. Time Stamp The time when these details of the WiFi station were retrieved.
IP Address The IP address of the WiFi station.
Channel Width The channel width at which the WiFi station operates.
View the Activity Log
You can view the access point’s activity logs and save the logs.
To display the activity log and save it:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitoring > Logs.
5. Click the Save As button to save the log contents to a file on your computer or to a disk
drive.
6. To update the display, click the Refresh button.
7. To clear the log content, click the Clear button.
Management and Monitoring
78
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
View the Traffic Statistics
The Statistics page displays information for both wired (LAN) and WiFi (WLAN) network
traffic.
To display the Statistics page:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitoring > Statistics.
5. To update the statistics information, click the Refresh button.
Management and Monitoring
79
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The following table explains the fields of the Statistics page:
Setting Description
Wired Ethernet
Packets The number of packets received and transmitted over the Ethernet connection
since the access point was restarted.
Bytes The number of bytes received and transmitted over the Ethernet connection since
the access point was restarted.
Wireless 802.11bgn
and
Wireless 802.11a-na-ac
Note: The section heading depends on the configured WiFi mode.
Unicast Packets The number of unicast packets received and transmitted over the WiFi connection
since the access point was restarted.
Broadcast Packets The number of broadcast packets received and transmitted over the WiFi
connection since the access point was restarted.
Multicast Packets The number of multicast packets received and transmitted over the WiFi
connection since the access point was restarted.
Total Packets The total number of packets received and transmitted over the WiFi connection
since the access point was restarted.
Total Bytes The total number of bytes received and transmitted over the WiFi connection since
the access point was restarted.
Client Association
802.11bgn Radio,
802.11a-na-ac Radio
The number of associated clients connected to the radio in the configured WiFi
modes.
Set Up and Manage Ensembles
An access point (AP) ensemble is a dynamic, configuration-aware group of APs in the same
subnet of a network. Each ensemble can include up to 10 members, which must be of the
same model. Only one ensemble per WiFi network is supported. However, a network subnet
can include multiple ensembles. Ensembles allow APs to share various configuration
information, such as virtual AP (VAP) settings and QoS queue parameters. Ensemble
members share the configuration of the master AP (also referred to as the dominant AP).
With ensemble mode enabled, you can initiate common firmware updates and use a
centralized ensemble dashboard to monitor client connectivity and share of traffic across the
ensemble members. If an ensemble member fails, the ensemble automatically makes
adjustments to ensure that the remaining members work cooperatively.
Management and Monitoring
80
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
An ensemble can be formed between two more APs if the following conditions are met:
• The APs are of the same model.
• The APs use the same country or region settings and the same radio mode.
• The APs are connected on the same bridged segment.
• The ensemble names of the APs that are joining are the same.
• Ensemble mode is enabled on all APs.
Configure and Enable Ensemble Mode
To configure and enable ensemble mode on the access point:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Ensemble > Basic > General.
5. In the Ensemble Name field, enter the ensemble name.
6. In the AP Name field, enter a custom name for the access point or use the default name.
7. In the Priority (0 - 255) field, enter the access point’s priority in the ensemble.
The lowest-numbered AP becomes the master AP.
8. To enable ensemble mode, select the Start radio button.
9. Click the Apply button.
Your settings are saved.
Management and Monitoring
81
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Manage an Ensemble
Y ou can manage an ensemble through the master access point’ s web management interface
or you can specify a computer with an IP address in the same subnet as the management IP
address. Through the master access point or management IP address you can run an
ensemble’s channel assignment, manage an ensemble’s channel assignment settings,
manage the firmware upgrade settings, and manage security settings.
Specify an Ensemble Management IP Address
To specify an ensemble management IP address:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Ensemble > Basic > Management.
The Ensemble Status field displays the status of the ensemble (Started or Stopped).
5. In the IP Address to Manage Ensemble (IPv4) field, enter the IP address of the computer
that must function as the management IP address for the ensemble.
The management IP address and members of the ensemble must be on the same
subnet.
6. Click the Apply button.
Your settings are saved.
Management and Monitoring
82
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Configure Ensemble Security With a Passphrase
By default, access points can become members of an ensemble without using
authentication. That is, when access points form an ensemble, they do not authenticate each
other. However, you can enable security for an ensemble by configuring the same
passphrase on each access point that must become a member of the ensemble. When
access points form an ensemble, they use the passphrase to authenticate each other. An
access point for which you do not configure the ensemble passphrase cannot join the
ensemble.
Using ensemble security allows you to set up more than one ensemble in the same subnet
by specifying a different passphrase for each ensemble. Implementing ensemble security
also prevents an access point from accidently joining an ensemble if the ensemble mode is
enabled on the access point.
In addition to the ensemble passphrase, you can specify the reauthentication time-out period,
which is the time after which members of an ensemble must reauthenticate each other.
To configure security settings with a passphrase for an ensemble:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Ensemble > Basic > Secured Ensemble.
5. Select the Enabled radio button.
6. Enter a passphrase between 8 and 63 characters in the passphrase field.
7. Enter a time-out period between 300 and 86400 seconds.
The default is 300 seconds.
8. Click the Apply button.
Your settings are saved.
Management and Monitoring
83
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Specify an Ensemble’s Channel Assignment Settings
Before you enable automatic channel assignment for an ensemble (see Manage Automatic
Channel Assignment for an Ensemble on page 85), you might want to specify a custom
channel interference limit, which triggers channel reassignment. You can also specify the
channel selection interval, which determines the schedule at which automatic channel
assignment occurs.
The defaults are as follows:
• Channel interference limit. 75 percent (the range is from 5 percent to 75 percent).
• Channel selection interval. 1 day (the range is from 30 minutes to 6 months).
To manage an ensemble’s channel assignment settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Ensemble > Advanced > Channel Assignment Settings.
5. From the Channel Interference Limit menu, select an interference limit percentage.
6. From the Channel Selection Interval menu, select a channel selection interval.
7. Click the Apply button.
Your settings are saved.
Management and Monitoring
84
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Manage Automatic Channel Assignment for an Ensemble
Y ou can enable automatic channel assignment for an ensemble. The assignment is based on
the channel assignment settings (see Specify an Ensemble’s Channel Assignment Settings
on page 84).
Automatic channel assignment reduces both mutual interference between the access points
in an ensemble and interference with other access points outside the ensemble. It also
maximizes WiFi bandwidth to help maintain efficient communication over the WiFi network.
Note: When automatic channel assignment is enabled, the channel policy
for the radios is automatically set to the static mode. That is, Auto is
not available as a selection from the Channel / Frequency menu on
the Wireless Settings page. For more information, see Configure the
Basic WiFi Settings on page 22.
To manage automatic channel assignment for an ensemble:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Ensemble > Advanced > Channel Assignment.
The Channel Assignment page displays. By default, automatic channel assignment is
disabled.
5. Click the Start button.
Automatic channel assignment is enabled. The access point detects the channels that
the access points in the ensemble are using.
Management and Monitoring
85
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
6. To select channels that must remain static, do the following:
a. For each channel that must remain static, select the check box in the Assign to Static
column.
b. Click the Apply button.
The selected channels are not changed during the automatic channel assignment
process.
When automatic channel assignment is running, the Channel Assignment page shows
the proposed channels a the bottom. The following figure shows only part of the table
with proposed channels.
Management and Monitoring
86
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
At any time, you can disable automatic channel assignment by clicking the Stop button.
Upgrade the Firmware of Ensemble Members From a Downloaded Image
You can upgrade the firmware on all access points in an ensemble from the master access
point. If you do not use a TFTP server, download the firmware to a computer and upload it to
the master access point. Then, from the master access point, initiate the firmware for all or
selected access points in the ensemble, including, if you want, the master access point.
To upgrade firmware of ensemble members from a downloaded image:
1. Download the new software file from the NETGEAR website and save it to your hard
disk.
2. If necessary, unzip the new software file.
3. If available, read the release notes before upgrading the software.
4. Open a web browser from a computer that is connected to the same network as the access
point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
5. In the address bar, enter the IP address of the access point.
A login window opens.
6. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
7. Select Maintenance > Ensemble Upgrade > Firmware Upgrade.
Management and Monitoring
87
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The Member Selection table shows the members of the ensemble, including the firmware
versions of the members.
8. Click the Browse button.
A pop-up window opens.
9. Navigate to and select a firmware file to upload.
10. Click the Upgrade button.
An Alert pop-up window opens.
The firmware is uploaded to the master access point’s memory.
Note: The firmware is uploaded to but not upgraded on the master access point.
However, in Step 14 you can select the firmware to be upgraded on the
master access point.
11. In the Alert pop-up window, click the OK button.
The pop-up window closes. In the Upload Firmware section, a status bar shows the
progress of the upload process. After the upload process is complete, the master access
point restarts.
12. Log back in to the access point.
13. Select Maintenance > Ensemble Upgrade > Firmware Upgrade.
14. In the Member Selection table, select the check boxes for the members of the ensemble
that you want to upgrade, including, if you want, the master access point.
If you want to upgrade firmware on all members of the ensemble, select the check box in
the table heading.
15. Click the Apply button.
The firmware upgrade process starts.
The Firmware-transfer-status field in the table shows whether the firmware download to
and validation in the member is successful.
Management and Monitoring
88
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Upgrade the Firmware of Ensemble Members Over a TFTP Server
You can upgrade the firmware on all access points in an ensemble from the master access
point. If you use a TFTP server, download the firmware from the TFTP server directly to the
master access point. Then, from the master access point, initiate the firmware for all or
selected access points in the ensemble, including, if you want, the master access point.
To upgrade firmware of ensemble members using a TFTP server:
1. Download the new software file from the NETGEAR website and save it to your hard
disk.
2. Place the software file in your TFTP server location.
3. If available, read the release notes before upgrading the software.
4. Open a web browser from a computer that is connected to the same network as the access
point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
5. In the address bar, enter the IP address of the access point.
A login window opens.
6. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
7. Select Maintenance > Ensemble Upgrade > Firmware Upgrade TFTP.
The Member Selection section shows the members of the ensemble, including the
firmware versions of the members.
8. Specify the following information:
• New Firmware Image. The name of the software file.
• Server IP. The IP address of your TFTP server.
9. Click the Upgrade button.
Management and Monitoring
89
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
An Alert pop-up window opens.
The firmware is uploaded to the master access point’s memory.
Note: The firmware is uploaded to but not upgraded on the master access point.
However, in Step 13 you can select the firmware to be upgraded on the
master access point.
10. In the Alert pop-up window, click the OK button.
The pop-up window closes. In the Upload Firmware section, a status bar shows the
progress of the upload process. After the upload process is complete, the master access
point restarts.
11. Log back in to the access point.
12. Select Maintenance > Ensemble Upgrade > Firmware Upgrade.
13. In the Member Selection table, select the check boxes for the members of the ensemble
that you want to upgrade, including, if you want, the master access point.
If you want to upgrade firmware on all members of the ensemble, select the check box in
the table heading.
14. Click the Apply button.
The firmware upgrade process starts.
The Firmware-transfer-status field in the table shows whether the firmware download to
and validation in the member is successful.
Monitor an Ensemble
You can monitor the status of an ensemble from the ensemble dashboard. You can also
monitor the devices connected to members of the ensemble as well as monitor networks
neighboring the ensemble.
Monitor the Status of the Ensemble
You can monitor the status of the access point as member of the ensemble, including the
access point’s priority in the ensemble and whether the access point is the master AP in the
ensemble.
To monitor the status of the ensemble:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
Management and Monitoring
90
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitor > Ensemble > Access Point.
5. Click the Refresh button.
The information on the page refreshes.
Monitor the Devices Connected to the Ensemble
You can monitor the WiFi clients that are connected to all members of the ensemble. For
each access point that is a member of the ensemble, up to 20 WiFi clients per radio can be
displayed (although a radio can support more than 20 clients).
To monitor the devices connected to the ensemble:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitor > Ensemble > Wireless Stations.
Management and Monitoring
91
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Click the Refresh button.
The devices connected to the ensemble display, listed by MAC address.
Monitor the Access Points and Networks Neighboring the Ensemble
You can display the access points (and their associated WiFi networks) that are the
neighbors of the ensemble.
To monitor the networks neighboring the ensemble:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Monitor > Ensemble > Wireless Neighborhood.
The Wireless Neighborhood page displays.
5. From the Neighbor APs menu, select one of the following options:
• Not in Ensemble. The access points that are not in the ensemble are displayed.
• In Ensemble. The access points that are in the ensemble are displayed.
Management and Monitoring
92
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
• Both. Both the access points that are in the ensemble and that are not in the
ensemble are displayed. (The following figure shows this option.)
Management and Monitoring
93
5. Advanced Configuration
5
This chapter describes how to configure the advanced features of the access point. The chapter
includes the following sections:
• Configure IPv6 Settings
• Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol
• Configure Bonjour
• Configure Advanced WiFi Settings
• Configure Advanced Quality of Service Settings
• Configure and Manage Quality of Service Policies
• Configure Load Balancing
• Manage Captive Portals
• Configure WiFi Bridging
94
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
Configure IPv6 Settings
The access point supports IPv6. You can manage the access point from an IPv6 address.
The access point can also function as an IPv6 DHCP client.
Note: For information about how to configure the IPv4 settings, see
Configure the IPv4 Settings on page 21.
WARNING:
If you enable the DHCP client, the IP address of the access point
changes when you click the Apply button, causing you to lose your
connection to the access point. You then must use the new IP
address to reconnect to the access point.
Tip: If you enable the DHCP client on the access point, you can discover
the new IP address of the access point by accessing the DHCP server
on your LAN, or by using a network IP address scanner application.
To configure the IPv6 settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > IP > IPv6 Settings.
Advanced Configuration
95
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Configure the IPv6 settings as described in the following table.
Setting Description
DHCP Client By default, the Dynamic Host Configuration Protocol (DHCP) client is disabled. If
your LAN includes a DHCPv6 server and you select the Enable radio button, the
access point receives its dynamic IPv6 address, prefix length, and default
gateway settings automatically from the DHCPv6 server on your network when
you connect the access point to your LAN.
IPv6 Address Enter the IP address of your access point. The default IP address is
2001::21c:c0ff:fe69. To change the address, enter an unused IPv6 address
from the address range used on your LAN.
Prefix Length Enter the prefix length for the IPv6 address. The default prefix length us 64.
Default Gateway Enter the IPv6 address of the ISP gateway to which the access point connects.
Dynamic IPv6 Address The dynamic IPv6 address that is assigned by the DHCPv6 server on your
network. This address does not overwrite the address in the IPv6 Address field.
Primary DNS Server Enter the IP address of the primary and secondary DNS servers.
A DNS server is a host on the Internet that translates Internet names (such as
www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP
Secondary DNS Server
address of one or two DNS servers to your access point during login. If the ISP
does not transfer an address, you must obtain it from the ISP and enter it
manually in this field.
Network Integrity Check Select this check box to validate that the upstream link is active before allowing
WiFi associations. Ensure that the default gateway is configured.
6. Click the Apply button.
Your settings are saved.
Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol
As part of the advanced system configuration, you can enable the Spanning Tree Protocol
(STP), configure the VLANs, and enable Ethernet Link Layer Discovery Protocol (LLDP) as
described in the following sections:
• Configure STP and VLANs
• Configure Ethernet LLDP
Configure STP and VLANs
STP provides network traffic optimization in locations where multiple access points are active
by preventing path redundancy. If your location includes more than one active access point,
we recommend that you enable STP.
Advanced Configuration
96
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The 802.1Q VLAN protocol on the access point logically separates traffic on the same
physical network. The access point supports the following types of VLANs:
• Untagged VLAN. When the access point sends frames that are associated with the
untagged VLAN from its Ethernet interface, those frames are untagged. When the access
point receives untagged frames over its Ethernet interface, those frames are assigned to
the untagged VLAN.
Note: Select the Untagged VLAN check box only if the hubs and switches
on your LAN support the 802.1Q VLAN protocol. Likewise, change the
untagged VLAN value only if the hubs and switches on your LAN
support the 802.1Q VLAN protocol.
• T agged VLAN. When you clear the Untagged VLAN check box, the access point tags all
frames that are sent from its Ethernet interface. Only incoming frames that are tagged
with known VLAN IDs are accepted.
• Management VLAN. The management VLAN can be active only when the access point
functions as a point-to-point or point-to-multipoint bridge (see Configure WiFi Bridging on
page 122). The management VLAN is used for managing traffic (Telnet, SNMP, and
HTTP) to and from the access point.
Frames belonging to the management VLAN are not given any 802.1Q header when they
are sent over the trunk. If a port is in a single VLAN, it can be untagged. However, if the
port is a member of multiple VLANs, it must be tagged.
To configure STP and VLANs:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuring > System > Advanced > General.
Advanced Configuration
97
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
5. Specify the settings as described in the following table.
Setting Description
Spanning Tree Protocol
Spanning Tree Protocol Select the Enable radio button to enable STP to prevent path redundancy. By
default, the Disable radio button is selected.
802.1Q VLAN
Untagged VLAN Select the Untagged VLAN check box to configure one VLAN as an untagged
VLAN. By default, the Untagged VLAN check box is selected.
Specify a VLAN ID. The default VLAN ID is 1.
Management VLAN Specify an ID for the VLAN from which the access point can be managed. The
default VLAN ID is 1.
If you configure the management VLAN ID as 0 (zero), the access point can be
managed over any VLAN, and frames that belong to the management VLAN are
not tagged with an 802.1Q header when sent over the trunk.
WARNING:
Selecting the Untagged VLAN check box or changing the untagged
VLAN value causes loss of IP connectivity if the hubs and switches
on your LAN are not yet configured with the corresponding VLAN.
6. Click the Apply button.
Your settings are saved.
Configure Ethernet LLDP
Link Layer Discovery Protocol (LLDP), IEEE 802.1ab, is a management tool that delivers
link-layer messages to adjacent network devices. For example, LLDP messages enable
networking devices such as switches and management tools to discover the access point in
the network, and might indicate whether the access point receives power through a PoE
connection. LLDP is inter-vendor compatible. By default, LLDP is enabled on the access
point.
Advanced Configuration
98
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
To turn off LLDP:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuring > System > Advanced > Ethernet LLDP.
5. Select the Disable radio button.
By default, the Enable radio button is selected.
6. Click the Apply button.
Your settings are saved.
Configure Bonjour
Bonjour allows computers on the network to discover the access point more easily after it
connects to a LAN that includes a DHCP server.
By default, Bonjour is enabled on the access point.
To disable Bonjour:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
Advanced Configuration
99
ProSAFE Dual-Band Wireless AC Access Points WAC720 and WAC730
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > System > Advanced > Bonjour.
5. Select the Disable radio button.
6. Click the Apply button.
Your settings are saved.
Configure Advanced WiFi Settings
You can enable various WLAN features and configure WLAN settings for the 802.11b/bg/ng
and 802.11a/na modes.
The default WLAN settings normally work well. However, you can use the advanced settings
to fine-tune the overall performance of the access point for your specific environment.
To configure advanced WiFi settings:
1. Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable.
For more information, see Log In to the Access Point on page 15.
2. In the address bar, enter the IP address of the access point.
A login window opens.
3. Enter the user name and password.
The user name is admin. The default password is password. The user name and
password are case-sensitive.
4. Select Configuration > Wireless > Advanced > Wireless Settings.
Advanced Configuration
100
Loading...