Netgear WAX630 User Manual

Download

User Manual

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point

WAX630

NETGEAR, Inc.

350 E. Plumeria DriveJune 2021 San Jose, CA 95134, USA202-12194-01

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Support and Community

Visit netgear.com/support to get your questions answered and access the latest downloads.

You can also check out our NETGEAR Community for helpful advice at community.netgear.com.

Regulatory and Legal

Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/.

(If this product is sold in Canada, you can access this document in Canadian French at https://www.netgear.com/support/download/.)

For regulatory compliance information including the EU Declaration of Conformity, visit https://www.netgear.com/about/regulatory/.

See the regulatory compliance document before connecting the power supply.

For NETGEAR’s Privacy Policy, visit https://www.netgear.com/about/privacy-policy.

By using this device, you are agreeing to NETGEAR’s Terms and Conditions at https://www.netgear.com/about/terms-and-conditions. If you do not agree, return the device to your place of purchase within your return period.

Do not use this device outdoors. The PoE port is intended for intra building connection only.

Trademarks

Revision History

CommentsPublish DatePublication Part

Number

First publication.June 2021202-12194-01

Chapter 1 Introduction

Additional documentation...................................................................9

About NETGEAR Insight......................................................................9

Chapter 2 Hardware Overview

Unpack the access point....................................................................11

Top panel with LEDs...........................................................................11

Hardware interfaces...........................................................................14

Access point label..............................................................................15

Safety instructions and warnings for an indoor access point........16

Chapter 3 Install the Access Point in Your Network and Access It for Initial Configuration

Position your access point for best performance...........................19

Set up and connect the access point to your network...................20

Connect to the access point for initial configuration.....................22

Connect over WiFi using the NETGEAR Insight app.................22

Connect over the Internet using the NETGEAR Insight Cloud

portal...............................................................................................24

Connect over WiFi to the local browser UI for initial

configuration..................................................................................25

Connect over the LAN to the local browser UI for initial

configuration..................................................................................30

Configure the access point offline using a directly connected

computer.........................................................................................35

Dismiss a browser security warning.................................................42

Chapter 4 Install the Access Point in an Insight Instant Mesh WiFi Network

What are a root access point and an extender access point?......44

What is an Insight Instant Mesh WiFi network?...............................45

Requirements for placing an extender access point in a mesh WiFi

network................................................................................................46

Install the NETGEAR Insight app to manage an Insight Instant Mesh

WiFi network.......................................................................................47

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Connect the access point as an extender to a root access point..48 Connect over the Internet using the NETGEAR Insight Cloud

portal....................................................................................................51

Chapter 5 Manage the Basic WiFi Features for a WiFi network

Set up an open or secure WiFi network..........................................53

View or change the settings of a WiFi network...............................61

Remove a WiFi network.....................................................................62

Hide or broadcast the SSID for a WiFi network..............................63

Change the VLAN ID for a WiFi network.........................................64

Change the authentication and encryption for a WiFi network....65

Enable or disable PMF for a WiFi network......................................69

Disable or enable a WiFi network or set up a WiFi activity

schedule..............................................................................................70

Enable or disable band steering with 802.11k RRM and 802.11v

WiFi network management...............................................................72

Chapter 6 Manage the Basic Radio Features

Manage the basic WiFi settings for the radios................................75

Turn a radio on or off.........................................................................78

Change the WiFi mode for a radio...................................................79

Change the channel width for a radio.............................................81

Change the guard interval for a radio.............................................83

Change the output power for a radio..............................................84

Change the channel for a radio........................................................85

Manage Quality of Service for a WiFi radio.....................................86

Chapter 7 Set Up and Manage a Captive Portal

Set up a click-through captive portal for a WiFi network..............89

Set up an external captive portal for a WiFi network.....................92

Set up a Facebook Wi-Fi captive portal for a WiFi network..........97

Unregister the access point from Facebook Wi-Fi.........................98

Chapter 8 Manage Access and Security

Block specific URLs and keywords for Internet access................101

Manage user accounts.....................................................................103

Add a user account......................................................................103

Change the time-out period for a user session.......................104

Change the settings for a user account....................................105

Remove a user account...............................................................106

Manage local MAC access control lists.........................................107

Manually set up a MAC access control List...............................108

Import an existing MAC access control list..............................111

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Manage neighbor AP detection.....................................................114

Enable neighbor access point detection and move access points

to the Known AP List....................................................................115

Import an existing neighbor access point list in the Known AP

List..................................................................................................117

Set up RADIUS servers.....................................................................120

Chapter 9 Manage the Local Area Network and IP Settings

Disable the DHCP client and specify a fixed IP address..............124

Enable the DHCP client...................................................................125

Set the 802.1Q VLAN and management VLAN............................127

Set an existing domain name..........................................................129

Enable or disable Spanning Tree Protocol...................................130

Enable or disable the network integrity check function..............131

Enable or disable IGMP snooping.................................................132

Enable or disable Ethernet LLDP....................................................133

Enable or disable UPnP...................................................................134

Manage the link aggregation capability........................................135

Enable link aggregation for the LAN 2 port.............................136

Disable link aggregation for the LAN 2 port............................137

Chapter 10 Manage and Maintain the Access Point

Change the management mode to NETGEAR Insight or

Web-browser....................................................................................140

Change the country or region of operation..................................142

Change the admin user account password..................................143

Change the system name................................................................144

Specify a custom NTP server...........................................................145

Set the time zone..............................................................................146

Manage the syslog settings.............................................................147

Manage the firmware of the access point.....................................148

Let the access point check for new firmware and update the

firmware........................................................................................149

Manually download firmware and update the access point...150

Revert to the backup firmware...................................................152

Use an SFTP server to update the access point.......................153

Manage the configuration file of the access point.......................155

Back up the access point configuration....................................155

Restore the access point configuration.....................................156

Reboot the access point from the local browser UI.....................158

Schedule the access point to reboot.............................................159

Return the access point to its factory default settings.................160

Use the Reset button to reset the access point........................160

Use the local browser UI to reset the access point..................161

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Enable SNMP and manage the SNMP settings............................162

Manage the LEDs.............................................................................164

Chapter 11 Monitor the Access Point and the Network

Display the access point Internet, IP, and system settings..........167

Display the WiFi radio settings.......................................................170

Display unknown and known neighbor access points................174

Display client distribution, connected clients, and client trends.175 View WiFi and Ethernet traffic, traffic and ARP statistics, and channel

utilization...........................................................................................179

View or download tracked URLs.....................................................181

View, save, download, or clear the logs........................................183

View a WiFi bridge connection.......................................................185

View alarms and notifications.........................................................186

Chapter 12 Manage the Advanced WiFiFeatures for a WiFi network

Enable or disable client isolation for a WiFi network...................189

Enable or disable URL tracking for a WiFi network......................191

Change the format of the DHCP offer messages in a WiFi

network..............................................................................................192

Select a MAC ACL for a WiFi network...........................................193

Set bandwidth rate limits for a WiFi network................................195

Configure advanced rate selection for a WiFi network...............196

Chapter 13 Set up a WiFi Bridge

WiFi base station, WiFi repeater, and WiFi bridge requirements.202

Set up a WiFi bridge between access points................................203

Chapter 14 Manage the Advanced Radio Features

Manage the advanced WiFi settings for the radios.....................208

Manage the maximum number of clients for a radio..................211

Manage the broadcast and multicast settings for a radio...........212

Manage load balancing for the radios..........................................214

Manage sticky clients.......................................................................216

Manage the ARP proxy....................................................................218

Manage the amount of broadcast traffic.......................................219

Chapter 15 Diagnostics and Troubleshooting

Perform a ping test...........................................................................222

Check the Internet speed................................................................223

Quick tips for WiFi troubleshooting...............................................224

Troubleshoot with the LEDs............................................................225

Power/Cloud LED remains off....................................................226

Power/Cloud LED remains solid amber...................................227

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Power/Cloud LED is blinking amber slowly, continuously.....227

The access point functions as a PoE PD and the Power/Cloud

LED remains solid amber............................................................228

Power/Cloud LED does not light blue in the NETGEAR Insight

management mode.....................................................................228

Power/Cloud LED does not stop blinking amber, green, and

blue................................................................................................229

2.4G or 5G WLAN LED is off.......................................................230

The extender access point and root access point cannot

connect..............................................................................................230

Troubleshoot WiFi connectivity for a WiFi client device.............232

Troubleshoot Internet browsing.....................................................233

You cannot log in to the access point over a LAN connection....233

Changes are not saved....................................................................234

You enter the wrong password and can no longer log in to the

access point.......................................................................................234

Troubleshoot your network using the ping utility........................235

Test the LAN path to your access point....................................236

Test the path from your computer to a remote device...........236

Appendix A Factory Default Settings and Technical Specifications

Factory default settings...................................................................239

Technical specifications...................................................................243

Appendix B Mount the Access Point to a Wall or Ceiling

Mounting parts.................................................................................246

Mount the access point on a wall...................................................247

Mount the access point to a T-bar..................................................248

Unmount the access point...............................................................251

Introduction

This manual is for the NETGEAR Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point model WAX630.

Model WAX630, in this manual referred to as the access point, supports IEEE 802.11ax, twelve (4+4+4) streams of WiFi 6, and tri-band concurrent operation at 2.4 GHz, 5 GHz low band, and 5 GHz high band. The combined throughput is 6000 Mbps: 1200 Mbps at 2.4 GHz, 2400 Mbps at 5 GHz low band, and 2400 Mbps at 5 GHz high band.

The access point functions as a Power over Ethernet plus (PoE++) powered device (PD) in an existing network connected to a PoE++ switch that provides 802.3bt power (60W PoE++ power on the port that is connected to the access point). The access point also supports a power adapter for connection to a regular switch. Model WAX630 ships without a power adapter, and model WAX630PA ships with a power adapter. If you ordered model WAX630 but prefer to use the access point without a PoE++ connection, you can order a power adapter separately.

The PoE++ Ethernet port supports a high speed up to 2.5 Gbps. A second Ethernet LAN port supports a speed of 1 Gbps for a link aggregation (LAG) connection.

This chapter contains the following sections:

• Additional documentation

• About NETGEAR Insight

Note: For more information about the topics that are covered in this manual, visit the support website at netgear.com/support/.

Note: Firmware updates with new features and bug fixes are made available from time to time at netgear.com/support/download/. You can check for and download new firmware manually. If the features or behavior of your product does not match what is described in this manual, you might need to update the firmware.

Note: In this manual, WiFi network means the same as SSID (service set identifier or WiFi network name) or VAP (virtual access point). That is, when we refer to a WiFi network we mean an individual SSID or VAP.

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Additional documentation

The following documents are available at netgear.com/support/download/:

Installation guide

•

Data sheet

•

For information about the NETGEAR Insight app and the Insight Cloud portal, visit insight.netgear.com and see the NETGEAR knowledge base at netgear.com/support/product/insight.aspx.

About NETGEAR Insight

For NETGEAR Insight Premium and Insight Pro subscribers, the access point supports the NETGEAR Insight Cloud portal and Insight app:

Insight Cloud portal: Lets you configure and manage the access point through the

• portal of the Insight cloud-based management platform.

Insight app: Lets you configure and manage the access point from your iOS or

• Android mobile device and connects to the Insight cloud-based management

platform.

This user manual describes the local browser user interface (UI). For more information about NETGEAR Insight, visit insight.netgear.com and see the NETGEAR knowledge base at netgear.com/support/product/insight.aspx.

If you install the access point as a NETGEAR Insight managed device, the settings for features that you can manage through the Insight Cloud portal and Insight app are masked out in the local browser UI. However, using the local browser UI, you can still manage the settings for certain features that might not yet be supported in Insight. For more information, visit the NETGEAR knowledge base at netgear.com/support/product/insight.aspx and search for What is Hybrid Management Mode.

User Manual9Introduction

Hardware Overview

The NETGEAR Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point model WAX630 is an indoor access point.

The chapter contains the following sections:

• Unpack the access point

• Top panel with LEDs

• Hardware interfaces

• Access point label

• Safety instructions and warnings for an indoor access point

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Unpack the access point

The package contains the following items:

NETGEAR WAX630 access point

•

Mounting plate

•

Metal bracket with T-bar, lock screw, and 4 short screws

•

3 tall screws and anchors for wall mounting

•

Installation guide

•

Note: Model WAX630 ships without a power adapter. Model WAX630PA ships with a power adapter (the type of power adapter varies by region). If you ordered model WAX630 but prefer to use the access point without a PoE++ connection, you can order a power adapter separately.

For information about the mounting options, see Mount the Access Point to a Wall or Ceiling on page 245.

Top panel with LEDs

The LEDs that provide the status of the access point are located on the top panel of the access point.

Figure 1. Top panel with LEDs

User Manual11Hardware Overview

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Table 1. LED descriptions

DescriptionColorLED Icon

Power/Cloud LED

Solid amber initially and then blinking amber slowly: The access point is starting or in the process of getting an IP address.

Solid green: The access point started up and functions either as a standalone access point or as an Insight discovered access point that is not connected to the Insight cloud-based management platform.

Solid blue: The access point functions in Insight mode and is connected to the Insight cloud-based management platform.

Blinking amber fast: The access point is updating firmware or is being reset to factory default settings.

Blinking multicolor: The access point is functioning in extender mode and the mesh setup is in progress.

Solid amber during operation: The PoE power that the access point received is not at the 802.3bt (PoE++) level.

Off: No power is supplied to the access point.

Solid green: A 2.5 Gbps Ethernet link is detected on the LAN 1 port.LAN 1 LED

Blinking green: 2.5 Gbps traffic activity is detected on the LAN 1

port.

Solid amber: An Ethernet link at a speed lower than 2.5 Gbps is detected on the LAN 1 port.

Blinking amber: Traffic activity at a speed lower than 2.5 Gbps is detected on the LAN 1 port.

Off: Either no Ethernet device is connected to the LAN 1 port or no Ethernet link is detected.

Solid green: A 1 Gbps Ethernet link is detected on the LAN 2 port.LAN 2 LED

Blinking green: 1 Gbps traffic activity is detected on the LAN 2 port.

Solid amber: An Ethernet link at a speed lower than 1 Gbps is

detected on the LAN 2 port.

Blinking amber: Traffic activity at a speed lower than 1 Gbps is detected on the LAN 2 port.

Off: Either no Ethernet device is connected to the LAN 1 port or no Ethernet link is detected.

User Manual12Hardware Overview

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Table 1. LED descriptions (Continued)

DescriptionColorLED Icon

2.4G WLAN LED

5G H WLAN LED

5G L WLAN LED

Solid green: The 2.4 GHz WiFi radio is on but no clients are connected.

Solid blue: One or more WLAN clients are connected to the 2.4 GHz WiFi radio.

Blinking blue: Traffic is detected on the 2.4 GHz WiFi radio.

Off: The 2.4 GHz WiFi radio is off.

Solid green: The 5 GHz high band WiFi radio is on but no clients are

connected.

Solid blue: One or more WLAN clients are connected to the 5 GHz high band WiFi radio.

Blinking blue: Traffic is detected on the 5 GHz high band WiFi radio.

Off: The 5 GHz high band WiFi radio is off.

Solid green: The 5 GHz low band WiFi radio is on but no clients are

connected.

Solid blue: One or more WLAN clients are connected to the 5 GHz low band WiFi radio.

Blinking blue: Traffic is detected on the 5 GHz low band WiFi radio.

Off: The 5 GHz low band WiFi radio is off.

Note: For information about troubleshooting with the LEDs, see Troubleshoot with the

LEDs on page 225.

User Manual13Hardware Overview

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Hardware interfaces

The bottom panel of the access point provides the DC power connector for an optional power adapter, LAN 1/PoE++ port, LAN 2 port, and Reset button.

Figure 2. Hardware interfaces

The bottom panel contains the following components:

DC power connector: If you do not use a PoE++ switch to provide power to the

• access point, connect an optional power adapter to the DC power connector.

LAN 1/PoE++ port: Use the LAN 1/PoE++ Gigabit Ethernet RJ-45 LAN port to

• connect the access point to a PoE++ switch, or if you use an optional power adapter, to a non-PoE switch. You must use the LAN 1/PoE++ port for the access point network connection. (Do not use the LAN 2 port for the network connection.) The LAN 1/PoE++ port supports Ethernet speeds up to 2.5 Gbps when connected to 2.5 Gbps equipment. Your Internet connection, modem, and switch all need to support a speed of 2.5 Gbps. If one of these components supports only 1 Gbps (which is a common speed), the access point LAN 1/PoE++ connection functions at 1 Gbps. For more information about the LAN 1/PoE++ port connection, see Set up and connect the access point to your network on page 20.

LAN 2 port: The LAN 2 port is a Gigabit Ethernet RJ-45 port that you can use to

• connect the access point to the same switch as the LAN 1 port for a link aggregation

(LAG) connection. The switch must be capable of supporting a LAG connection, which you must configure on the switch. For more information about setting up and enabling a LAG on the access point, see Manage the link aggregation capability on page 135.

Reset button: You can use the Reset button to restart the access point or to reset

• the access point to its factory default settings. To restart the access point, press the

Reset button for about two seconds. To reset the access point to factory default settings, press the Reset button for 10 seconds or longer.

User Manual14Hardware Overview

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Note: If you added the access point to a NETGEAR Insight network location, you

must first use the Insight app or Insight Cloud portal to remove the access point from your Insight network location before the factory default settings function of the Reset button is available. For more information, see Use the Reset button to reset the access point on page 160.

Access point label

The access point label on the bottom panel shows the QR code, serial number, MAC address, default WiFi network name (SSID), and network key (password) of the access point.

Figure 3. Access point label location

Figure 4. Access point label

User Manual15Hardware Overview

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Safety instructions and warnings for an indoor access point

Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage.

To reduce the risk of bodily injury, electrical shock, fire, and damage to the equipment, observe the following precautions:

This product is designed for indoor use only in a temperature-controlled and

• humidity-controlled environment. Note the following:

For more information about the environment in which this product must operate, see the environmental specifications in the appendix or the data sheet.

If you want to connect the product over an Ethernet cable to a device located outdoors, the outdoor device must be properly grounded and surge protected, and you must install an Ethernet surge protector inline between the indoor product and the outdoor device. Failure to do so can damage the product.

Before connecting the product to outdoor cables or wired outdoor devices, see https://kb.netgear.com/000057103 for additional safety and warranty information.

Failure to follow these guidelines can result in damage to your NETGEAR product, which might not be covered by NETGEAR’s warranty, to the extent permissible by applicable law.

Do not service the product except as explained in your product documentation.

• Some devices should never be opened.

If any of the following conditions occur, unplug the product from its power source,

• and then replace the part or contact your trained service provider:

- Depending on your product, the power adapter, power adapter cable, power

adapter plug, or PoE Ethernet cable is damaged.

An object fell into the product.

- The product was exposed to water.

- The product was dropped or damaged.

The product does not operate correctly when you follow the operating instructions.

Keep the product away from radiators and heat sources. Also, do not block cooling

• vents.

User Manual16Hardware Overview

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Do not spill food or liquids on your product components, and never operate the

• product in a wet environment. If the product gets wet, see the appropriate section in your troubleshooting guide, or contact your trained service provider.

Do not push any objects into the openings of your product. Doing so can cause fire

• or electric shock by shorting out interior components.

Use the product only with approved equipment.

•

If applicable to your product, allow the product to cool before removing covers or

• touching internal components.

Be sure that devices that are attached over Ethernet cables are electrically rated to

• operate with the power available in your location.

Depending on your product, use only the supplied power adapter or an Ethernet

• cable that provides PoE.

If your product uses a power adapter:

If you were not provided with a power adapter, contact your local NETGEAR reseller.

The power adapter must be rated for the product and for the voltage and current marked on the product electrical ratings label.

To help prevent electric shock, plug any system and peripheral power cables into

• properly grounded power outlets.

If applicable to your product, the peripheral power cables are equipped with

• three-prong plugs to help ensure proper grounding. Do not use adapter plugs or

remove the grounding prong from a cable. If you must use an extension cable, use a three-wire cable with properly grounded plugs.

Observe extension cable and power strip ratings. Make sure that the total ampere

• rating of all products plugged into the extension cable or power strip does not

exceed 80 percent of the ampere ratings limit for the extension cable or power strip.

To help protect your system from sudden, transient increases and decreases in

• electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).

Position system cables, power adapter cables, and PoE Ethernet cables carefully.

• Route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.

Do not modify power adapters, power adapter cables, or plugs. Consult a licensed

• electrician or your power company for site modifications.

Always follow your local and national wiring rules.

•

User Manual17Hardware Overview

Install the Access Point in Your Network and Access It for Initial Configuration

This chapter describes how you can install and access the access point in your network.

The chapter contains the following sections:

• Position your access point for best performance

• Set up and connect the access point to your network

• Connect to the access point for initial configuration

• Log in to the access point after initial setup

• Dismiss a browser security warning

IMPORTANT: This device must be professionally installed. It is the installer’s responsibility to follow local country regulations, including operations within legal frequency channels, output power, and DFS requirements. The vendor, reseller, or distributor is not responsible for illegal wireless operations. For more details, see the device’s terms and conditions.

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Position your access point for best performance

Before you install and mount your access point as described in the installation guide or an appendix to this manual, consider how you can position the access point for best performance.

If you are within the access point WiFi range, you can connect any of your WiFi devices to your WiFi network. The WiFi range can vary significantly depending on the physical placement of your access point. For example, the thickness and number of walls the WiFi signal passes through can limit the range.

Additionally, other WiFi devices in and around your office, home, yard, or campus, might affect your access point’s signal. WiFi devices can be other access point, routers, repeaters, WiFi range extenders, and any other devices that emit WiFi signals for network access.

Tips for positioning your access point:

Place your access point near the center of the area where your computers and other

• devices operate.

A line of sight between the access point and your WiFi devices is not required for good performance.

If you use a power adapter, make sure that the access point is within reach of an AC

• power outlet.

Place the access point in an elevated location, minimizing the number walls and

• ceilings between the access point and your other devices.

Place the access point away from electrical devices such as these:

•

Ceiling fans

- Home security systems

- Microwaves

- Computers

Bases of cordless phones

- 2.4 GHz and 5.8 GHz cordless phones

Place the access point away from large metal surfaces, large glass surfaces, insulated

• walls, and items such as these:

- Solid metal doors

- Aluminum studs

User Manual19Install the Access Point in Your Network and Access It for Initial Configuration

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

- Fish tanks

- Mirrors

- Brick

- Concrete

If you are using adjacent access points, use different radio frequency channels to reduce interference.

Set up and connect the access point to your network

You can connect the access point to a Power over Ethernet plus (PoE++) switch in your network. The switch must be connected to a network router that is connected to the Internet. If you use a PoE++ connection, the access point does not require a power adapter.

Note: Depending on the product ordered, the package might not include a power adapter. You power up the access point by connecting it to a PoE++ switch. If you ordered a package without a power adapter but do not want to use a PoE++ connection, you can still order a power adapter as an option.

The access point LAN 1/PoE++ port supports Ethernet speeds up to 2.5 Gbps. The following figure shows a NETGEAR MS510TXUP switch, which supports speeds of

2.5 Gbps and higher and can supply PoE++. To allow for this speed, your Internet connection, modem, and switch all need to support a speed of 2.5 Gbps. If one of these components supports only 1 Gbps (which is a common speed), the LAN connection functions also at 1 Gbps.

Network and Access It for Initial Configuration

User Manual20Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Figure 5. Set up the access point with a PoE++ connection to your network

To set up the access point with an Ethernet connection to your network:

1. Connect an Ethernet cable to the LAN 1/PoE++ port on the access point.

Connect the other end of the Ethernet cable to a port on a switch that is connected to your network and to the Internet.

If you use a PoE++ switch, the switch port that is connected to access point must be able to supply 60W PoE++ power. The access point requires 802.3bt (PoE++) input.

Note: For optimal functioning, make sure that you use an 802.3bt (PoE++) switch and not an 802.3at (PoE+) or 802.3af (PoE) switch. If the Power LED remains solid amber after the access point started up, the access point might receive insufficient PoE power. For more information, see The access point functions as a PoE PD and the Power/Cloud LED remains solid amber on page 228.

While the access point is starting or in the process of getting an IP address from a DHCP server (or router functioning as a DHCP server) in your network, the Power/Cloud LED initially lights solid amber and then blinks amber slowly. After about two minutes, the Power/Cloud LED turns solid green or solid blue and the access point is ready for you to perform the initial configuration.

For information about accessing the access point for initial configuration, see Connect to the access point for initial configuration on page 22.

Network and Access It for Initial Configuration

User Manual21Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Connect to the access point for initial configuration

After you set up the access point, you can use several methods to connect to it for initial configuration.

You can use the NETGEAR Insight app on an iOS or Android mobile device, or use the Insight Cloud portal or the local browser UI.

The Insight app and the Insight Cloud portal provide ease of access and let you configure most features that are available on the access point. The local browser UI lets you configure all features.

For information about using the Insight app or the Insight Cloud portal, see one of the following sections:

Connect over WiFi using the NETGEAR Insight app on page 22

•

Connect over the Internet using the NETGEAR Insight Cloud portal on page 24

•

For information about using the local browser UI, see one of the following sections:

Connect over WiFi to the local browser UI for initial configuration on page 25

•

Connect over the LAN to the local browser UI for initial configuration on page 30

•

Note: If your network does not include a DHCP server (or a router that functions as a DHCP server) and you do not perform the initial configuration of the access point as described in one of these sections, you can connect only five clients to the access point and the access point can provide an IP address to only five clients. To prevent this situation, make sure that you perform the initial configuration of the access point.

Connect over WiFi using the NETGEAR Insight app

You can install the NETGEAR Insight app on an iOS or Android mobile device and set up the access point (and perform many other tasks as well).

Network and Access It for Initial Configuration

User Manual22Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

IMPORTANT: If you add the access point to a NETGEAR Insight network location and

manage the access point through the Insight app or Insight Cloud portal, the admin password for the access point changes. That is, the Insight network password for that location replaces the admin password. To access the local browser UI, you must then enter the Insight network password and not the admin password. If you later decide to remove the access point from the Insight network location or change the management mode to Web-browser mode (see Change the management mode to NETGEAR Insight or Web-browser on page 140), you must continue to use the Insight network password to access the local browser UI until you manually change the admin password on the access point.

For more information about the Insight app, visit insight.netgear.com and see the NETGEAR knowledge base at netgear.com/support/product/insight.aspx.

To connect to the access point over WiFi using an iOS or Android mobile device:

On your mobile device, go to the app store, search for NETGEAR Insight, and download the Insight app.

Connect your mobile device to the WiFi network of the access point. The default SSID is on the access point label on the bottom of the access point and

is shown in the format NETGEARxxxxxx-SETUP, where xxxxxx is the last six hexadecimal digits of the access point’s MAC address. The default password is sharedsecret.

3. Launch the Insight app.

If you do not have a NETGEAR account, tap Create NETGEAR Account and follow the onscreen instructions.

Enter the email address and password for your account and tap LOG IN. After you log in to your account, the IP address of the access point displays in the

device list.

Write down the access point IP address and save it for later use.

To use the Insight app to configure and manage the access point, tap the access point and follow the prompts to register the access point and add it to an Insight network location.

Network and Access It for Initial Configuration

User Manual23Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Connect over the Internet using the NETGEAR Insight Cloud portal

The Insight Cloud portal is available for Insight Premium or Insight Pro subscribers. To use the NETGEAR Insight Cloud portal to configure and manage the access point, the access point must already be connected to the Internet.

IMPORTANT: If you add the access point to a NETGEAR Insight network location and manage the access point through the Insight app or Insight Cloud portal, the admin password for the access point changes. That is, after you add the access point to an Insight network location, the Insight network password for that location replaces the admin password. To access the local browser UI, you must then enter the Insight network password and not the admin password. If you later decide to remove the access point from the Insight network location or change the management mode to Web-browser mode (see Change the management mode to NETGEAR Insight or Web-browser on page 140), you must continue to use the Insight network password to access the local browser UI until you manually change the admin password on the access point.

For more information about the Insight Cloud portal and the configuration and management options that are available through the Insight Cloud portal, visit insight.netgear.com and see the NETGEAR knowledge base at netgear.com/support/product/insight.aspx.

To connect to the access point over the Internet through the Insight Cloud portal:

1. Visit insight.netgear.com.

The NETGEAR Account Login page displays.

2. Enter your Insight email address and password.

If you do have an Insight account, you can create one.

3. Click the Login button.

You can now add the access point to an Insight network location so that you can configure and manage the access point.

Network and Access It for Initial Configuration

User Manual24Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Connect over WiFi to the local browser UI for initial configuration

This section describes how to connect to the access point for the first time over WiFi using a WiFi-enabled computer or mobile device (without using the NETGEAR Insight app) and complete the initial configuration.

To connect over WiFi to the local browser UI for initial configuration:

From your computer or mobile device, connect over WiFi to the access point’s default WiFi network.

The default SSID is on the access point label on the bottom of the access point and is shown in the format NETGEARxxxxxx-SETUP, where xxxxxx is the last six hexadecimal digits of the access point’s MAC address. The default password is sharedsecret.

2. On the computer or mobile device, launch a web browser and, in the address bar,

enter http://aplogin.net.

Note: You can use http://aplogin.net only during initial setup of the access point.

IMPORTANT: If your browser does not display the Day Zero login page, see the

following step.

If your browser displays a security warning, dismiss the warning by doing one of the following:

Google Chrome: Click the ADVANCED link. Then, click the Proceed to x.x.x.x

• (unsafe) link, in which x.x.x.x represents the domain name or IP address of the device.

Apple Safari: Click the Show Details button. Then, click the visit this website

• link. If a warning pop-up window displays, click the Visit Website button. If another pop-up window displays to let you confirm changes to your certificate trust settings, enter your Mac user name and password and click the Update Setting button.

Network and Access It for Initial Configuration

User Manual25Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Mozilla Firefox: Click the ADVANCED button. Then, click the Add Exception

• button. In the pop-up window that displays, click the Confirm Security Exception button.

Microsoft Edge: Select Details > Go on to the webpage.

•

Microsoft Internet Explorer: Click the Continue to this website (not

• recommended) link.

Enter the access point user name and default password. The user name is admin. The default password is password. The user name and

password are case-sensitive.

5. Select the Web-browser radio button.

Note: After you save the basic settings that are shown on the page, the Day Zero Easy Setup page no longer displays when you log in. Instead, a login window displays. After you log in, the Dashboard page displays.

Enter the settings that are described in the following table.

Network and Access It for Initial Configuration

User Manual26Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

DescriptionSetting

Country/Region

Time Zone

DHCP Client

AP Name

From the menu, select the country and region in which the access point is operating.

Note: Make sure that the country is set to the location where the device is operating. You

are responsible for complying with the local, regional, and national regulations that are

set for channels, power levels, and frequency ranges.

Note: It might not be legal to operate the access point in a region other than the regions

listed in the menu. If your country or region is not listed, check with your local government

agency.

From the menu, select the time zone for the country and region in which the access point

is operating.

By default, the DHCP client of the access point allows the access point to receive an IP

address from a DHCP server (or router that functions as a DHCP server) in your network.

To set up the access point with a static (fixed) IP address, do the following:

a. Select the Disable radio button.

Additional fields display.

b. Specify the IP address, IP subnet mask, IP address of the default gateway, and IP address

of the DNS server.

As an option, enter a new name for the access point. The name must contain alphanumeric

characters, must contain at least one alphabetical character, cannot be longer than 15

characters, and can contain hyphens but cannot start or end with a hyphen.

By default, the access point name is Netgearxxxxxx, in which xxxxxx represents the last six

hexadecimal digits of the access point’s MAC address.

AP Login New

Password

Enter a new admin password. This is the password that you must use to log in to the access

point’s local browser UI. (It is not the password that you use for WiFi access.)

The password must be 8 to 63 characters in length and must contain at least one uppercase

letter, one lowercase letter, and one number. The following special characters are allowed:

! @ # $ % ^ & * ( )

Save the password for future use.

Network and Access It for Initial Configuration

User Manual27Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

(Continued)

DescriptionSetting

Enter exactly the same password that you entered in the AP Login New Password field.Confirm New

Password

SSID

From the Authentication menu, select one of the following authentication types for

You cannot use the default SSID for regular operation. The default SSID is for setup only.

Enter a new name with a maximum of 32 characters. You can use a combination of

alphanumeric and special characters, except for quotation marks (") and a backslash (\).

the WiFi network, and, if applicable, set a new passphrase (network key or WiFi password) for the WiFi network:

Open: Clients are not authenticated, traffic is not encrypted, and 802.11w (PMF)

• is automatically disabled. This setting does not provide any security and is not

appropriate for most situations. If you select Open from the menu, the Enhanced Open check box displays and the Allow Devices to Connect with Open check box can display:

Enhanced Open: If you select the Enhanced Open check box, the WiFi enhanced open feature is enabled. This feature is based on opportunistic wireless encryption (OWE). The encryption is set to CCM mode protocol (CCMP) and 802.11w (PMF) is automatically set to mandatory.

- Allow Clients to Authenticate using Legacy Open (OWE Transition Mode):

If you select the Enhanced Open check box, the Allow Clients to Authenticate using Legacy Open (OWE Transition Mode) check box displays. If you select this check box, the WiFi network can accept both clients that support the WiFi enhanced open feature and clients that do not. For clients that do not support the WiFi open enhanced feature, traffic is not encrypted. If you do not select this check box, the WiFi network can only accept clients that support the WiFi enhanced open feature.

WPA2 Personal: This option allows only WiFi clients that support WPA2 to

• connect to the SSID. Select this option if all WiFi clients are capable of supporting

WPA2. This option uses AES encryption. In the Passphrase field, enter a new passphrase for the WiFi network.

WPA2/WPA Personal: This option allows both WPA and WPA2 WiFi clients to

• connect to the SSID. This option uses TKIP and AES encryption. Broadcast packets use TKIP. For unicast (that is, point-to-point) transmissions, WPA clients use TKIP

and WPA2 clients use AES. In the Passphrase field, enter a new passphrase for the WiFi network.

Network and Access It for Initial Configuration

User Manual28Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

WPA3 Personal: This option allows only WiFi clients that support WPA3 to

• connect to the SSID. Select this option if all WiFi clients are capable of supporting

WPA3. This option uses SAE encryption. In the Passphrase field, enter a new passphrase for the WiFi network.

WPA3/WPA2 Personal: This option allows both WPA2 and WPA3 WiFi clients

• to connect to the SSID. This option uses AES and SAE encryption. WPA2 clients

use AES and WPA3 clients use SAE. In the Passphrase field, enter a new passphrase for the WiFi network.

Note: After you complete the setup process, you can set up WPA2 Enterprise or WPA3 Enterprise security with RADIUS servers. For more information, see Change the authentication and encryption for a WiFi network on page 65.

8. Click the Apply button. Your settings are saved. A pop-up window displays the IP address and the new WiFi

network and password (passphrase).

If you specified a static IP address, save the IP address information because you must enter the IP address when you log in again.

You are disconnected from the access point. If you changed the default country, the access point restarts.

9. Reconnect over WiFi to the access point’s WiFi network using the new SSID and passphrase that you just defined on the Day Zero Easy Setup page.

10.

Enter the access point IP address in the address bar of your browser. If you changed the IP address, enter the IP address that you specified in Step 6.

A login window displays.

11.

If your browser displays a security warning, dismiss the warning. For more information, see Step 3.

12. Enter the access point user name and password. The user name is admin. The password is the one that you just defined on the Day

Zero Easy Setup page. The user name and password are case-sensitive.

The Dashboard page displays. You can now customize the access point settings for your network environment.

Network and Access It for Initial Configuration

User Manual29Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Connect over the LAN to the local browser UI for initial configuration

The following procedure assumes that your network includes a DHCP server (or router that functions as a DHCP server) and that the access point and your computer are on the same LAN. By default, the access point functions as a DHCP client.

To connect over the LAN to the local browser UI for initial configuration:

1. To determine the IP address that the DHCP server assigned to the access point, access the DHCP server or use an IP network scanner.

If you use a Windows-based computer, launch File Explorer (or Windows Explorer), select Network from the Navigation pane, right-click the access point device icon, and select Properties to display the IP address.

Note: You can also use the NETGEAR Insight app to discover the IP address that is assigned to the access point. For more information, see Connect over WiFi using the NETGEAR Insight app on page 22.

2. On the computer, launch a web browser and, in the address bar, enter the IP address that is assigned to the access point.

IMPORTANT: If your browser does not display the Day Zero login page, see the following step.

If your browser displays a security warning, dismiss the warning by doing one of the following:

Google Chrome: Click the ADVANCED link. Then, click the Proceed to x.x.x.x

•

(unsafe) link, in which x.x.x.x represents the domain name or IP address of the device.

Apple Safari: Click the Show Details button. Then, click the visit this website

•

link. If a warning pop-up window displays, click the Visit Website button. If another pop-up window displays to let you confirm changes to your certificate trust settings, enter your Mac user name and password and click the Update Setting button.

Network and Access It for Initial Configuration

User Manual30Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

Mozilla Firefox: Click the ADVANCED button. Then, click the Add Exception

•

button. In the pop-up window that displays, click the Confirm Security Exception button.

Microsoft Edge: Select Details > Go on to the webpage.

•

Microsoft Internet Explorer: Click the Continue to this website (not

•

recommended) link.

Enter the access point user name and default password. The user name is admin. The default password is password. The user name and

password are case-sensitive.

5. Select the Web-browser radio button.

Enter the settings that are described in the following table.

Network and Access It for Initial Configuration

User Manual31Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

DescriptionSetting

Country/Region

Time Zone

DHCP Client

AP Name

From the menu, select the country and region in which the access point is operating.

Note: Make sure that the country is set to the location where the device is operating. You

are responsible for complying with the local, regional, and national regulations that are

set for channels, power levels, and frequency ranges.

Note: It might not be legal to operate the access point in a region other than the regions

listed in the menu. If your country or region is not listed, check with your local government

agency.

From the menu, select the time zone for the country and region in which the access point

is operating.

By default, the DHCP client of the access point allows the access point to receive an IP

address from a DHCP server (or router that functions as a DHCP server) in your network.

To set up the access point with a static (fixed) IP address, do the following:

a. Select the Disable radio button.

Additional fields display.

b. Specify the IP address, IP subnet mask, IP address of the default gateway, and IP address

of the DNS server.

As an option, enter a new name for the access point. The name must contain alphanumeric

characters, must contain at least one alphabetical character, cannot be longer than 15

characters, and can contain hyphens but cannot start or end with a hyphen.

By default, the access point name is Netgearxxxxxx, in which xxxxxx represents the last six

hexadecimal digits of the access point’s MAC address.

AP Login New

Password

Enter a new admin password. This is the password that you must use to log in to the access

point’s local browser UI. (It is not the password that you use for WiFi access.)

The password must be 8 to 63 characters in length and must contain at least one uppercase

letter, one lowercase letter, and one number. The following special characters are allowed:

! @ # $ % ^ & * ( )

Save the password for future use.

Network and Access It for Initial Configuration

User Manual32Install the Access Point in Your

Insight Managed WiFi 6 AX6000 Tri-band Multi-Gig Access Point Model WAX630

(Continued)

DescriptionSetting

Enter exactly the same password that you entered in the AP Login New Password field.Confirm New

Password

SSID

From the Authentication menu, select one of the following authentication types for

You cannot use the default SSID for regular operation. The default SSID is for setup only.

Enter a new name with a maximum of 32 characters. You can use a combination of

alphanumeric and special characters, except for quotation marks (") and a backslash (\).

the WiFi network, and, if applicable, set a new passphrase (network key or WiFi password) for the WiFi network:

Open: Clients are not authenticated, traffic is not encrypted, and 802.11w (PMF)

•

is automatically disabled. This setting does not provide any security and is not appropriate for most situations. If you select Open from the menu, the Enhanced Open check box displays and the Allow Devices to Connect with Open check box can display:

- Allow Clients to Authenticate using Legacy Open (OWE Transition Mode): If you select the Enhanced Open check box, the Allow Clients to Authenticate using Legacy Open (OWE Transition Mode) check box displays. If you select this check box, the WiFi network can accept both clients that support the WiFi enhanced open feature and clients that do not. For clients that do not support the WiFi open enhanced feature, traffic is not encrypted. If you do not select this check box, the WiFi network can only accept clients that support the WiFi enhanced open feature.

WPA2 Personal: This option allows only WiFi clients that support WPA2 to

• connect to the SSID. Select this option if all WiFi clients are capable of supporting

WPA2. This option uses AES encryption. In the Passphrase field, enter a new passphrase for the WiFi network.

WPA2/WPA Personal: This option allows both WPA and WPA2 WiFi clients to

• connect to the SSID. This option uses TKIP and AES encryption. Broadcast packets use TKIP. For unicast (that is, point-to-point) transmissions, WPA clients use TKIP

and WPA2 clients use AES. In the Passphrase field, enter a new passphrase for the WiFi network.

Network and Access It for Initial Configuration

User Manual33Install the Access Point in Your