Netgear WC7520 Reference Manual

ProSafe 20-AP Wireless Controller WC7520

350 East Plumeria Drive San Jose, CA 95134 USA
February 20, 2012 202-10686-04
1.1
ProSafe 20-AP Wireless Controller WC7520
©2010–2011 NETGEAR, Inc. All rights reserved No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Su p p o r t
Thank you for choosing NETGEAR. T o register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR Phone (Other Countries): Check the list of phone numbers at
http://support.netgear.com/app
/answers/detail/a_id/984.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. Other brand and product names are registered trademarks or trademarks of their respective holders. © 2011 NETGEAR, Inc. All rights reserved.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication Part Number
202-10686-04 v1.1 February 2012 Added hexadecimal address information to Guidelines for the
202-10686-04 v1.0 October, 2011 Added the following new information:
Version Publish Date Comments
Autodiscovery Process Across
• New features:
- Discovery and management of remote access points (see
Requirements for Autodiscovery of Remote Access Point
on page 52) and Add Access Points to the Managed List
after Discovery on page 57
- Support for sentry mode (see Edit and
Point Information on page 59)
- Rogue AP mitigation (see Co
Detection Settings on page 114)
- Captive portal accounts (see Manag
and Passwords on page 128)
• Changes and improvements to the monitoring screens
• Additional troubleshooting information
Layer 3 Networks on page 52.
Remove Access
nfigure Basic Rogue
e Users, Accounts,
s
2
ProSafe 20-AP Wireless Controller WC7520
202-10686-03 v1.0 July, 2011 Added the following new information:
• Support for the WNDAP360 access point (see NETGEAR
ProSafe Access Points)
• New features:
- N:1 redundancy (see Man
- Monitoring stacking and redundancy (see Vi
Network Summary Screen)
- External RADIUS-based MAC authentication (see
Guidelines for External MAC Authentication)
- External RADIUS-based captive
Configure Captive Portal Settings)
202-10686-02 v1.0 March 201 1 Added the following new information:
• Support for the WNAP320 access point.
• New features:
- Capability to specify use of an access point’s internal or external
Access Point Information).
- Capability to adjust the Tx power for all managed access poi
- Capability to adjust the channel and Tx power for ind
Settings).
- Capability to edit IP settings of individual access points (s
- Display of radio-mode capabilities on the managed AP list (s
Revised existing content and Made changes to some monitoring screens (see Chapter 11,
Monitoring the Wireless Network and Components).
antenna or antennas (see Edit and Remove
nts (see Configure Channels).
ividual access points (see Configure Wireless
ee Manage the Access Point List).
ee Manage the Access Point List).
age Redundancy)
reorganized the manual.
ew th e
portal authentication (see
202-10686-01 v1.4 October 2010 Made a minor revision to indicate the number of supported MAC
esses per SSID.
addr 202-10686-01 v1.3 September 2010 Added an index and made minor revisions to existing content. 202-10686-01 v1.2 September 2010 Added new content and revised existing content in chapters 1,
, 5, 9, and 10.
2, 4
Added chapters 11 and 12 and appendix A. 202-10686-01 v1.1 September 2010 Added new content to chapters 1 through 4. 202-10686-01 v1.0 August 2010 Initial publication.
3

Table of Contents

Chapter 1 Introduction and Overview
Key Features and Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Front Panel Ports and LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Rear Panel Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Bottom Panel with Product Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
WC7520 Wireless Controller System Components. . . . . . . . . . . . . . . . . . 14
NETGEAR ProSafe Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
What Can You Do with the WC7520 Wireless Controller? . . . . . . . . . . . . 16
Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Web Management Interface Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Initial Connection and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Basic and Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Profile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Choose a Location for the Wireless Controller . .
Deploy the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
. . . . . . . . . . . . . . . . . . . 25
Chapter 2 System Planning and Deployment Scenarios
System Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Preinstallation Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Before You Configure a Wireless Controller . .
Single Controller Configuration with Basic
Single Controller Configuration with Advanced Profile Groups. . . . . . . 31
Stacked Controller Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Management VLAN and Data VLAN Strategies . . . . . . . . . . . . . . . . . . . . 32
Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Scenario Example 1: Basic Network with Single VLAN
Scenario Example 2: Advanced Network with VLANs and SSIDs. . . . . 35
Scenario Example 3: Advanced Network with Redundancy . . . . . . . . . 38
. . . . . . . . . . . . . . . . . . . 28
Profile Group . . . . . . . . . . . 30
. . . . . . . . . . . . . 34
Chapter 3 RF Planning
RF Planning Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Planning Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Define and Edit Buildings and Floors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Specify Access Point Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
View and Manage Heat Maps for Deployed Plans . . . . . . . . . . . . . . . . . . 48
Table of Contents | 4
ProSafe 20-AP Wireless Controller WC7520
Chapter 4 Access Point Discovery and Management
Access Point Discovery and Discovery Guidelines . . . . . . . . . . . . . . . . . .51
Requirements for Autodiscovery of Local Access
Requirements for Autodiscovery of Remote
Run the Discovery Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Discovery Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Manage the Access Point List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Add Access Points to the Managed List after
Edit and Remove Access Point Informat
ion . . . . . . . . . . . . . . . . . . . . . .59
Points . . . . . . . . . . . .51
Access Points . . . . . . . . . .52
Discovery . . . . . . . . . . . .57
Chapter 5 Configuring Network Settings
Configure General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Time Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Configure IP and VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Management VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Untagged VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Manage the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Configure Syslog and Alarm Notification Settings . . . . . . . . . . . . . . . . . . .71
Configure Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Configure Alarm Notification Settings. . . . . . . . . . . . . . . . . . . . . . . . . . .72
Configure the Email Notification Server . . . . . . . . . . . . . . . . . . . . . . . . .72
Chapter 6 Managing Security Profiles and Profile Groups
Manage Wireless Security Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Small WLAN Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Larger WLAN Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Profile Naming Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Considerations Before You Configure Profiles Configure Security Profiles for the Basic Profile G
Edit and Remove Profiles from the Basic Prof
Network Authentication and Data Encryption O
Configure Security Profiles for Advanced Profile Groups. . . . . . . . . . . . . .84
Edit and Remove Profiles from an Advanced P
Remove an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Manage Basic and Advanced Profile Groups in the WLAN . . . . . . . . . . . .87
. . . . . . . . . . . . . . . . . . . .76
roup . . . . . . . . . . . . . . .77
ile Group. . . . . . . . . . . . .80
ptions . . . . . . . . . . . . . .81
rofile Group. . . . . . . . . .87
Chapter 7 Configuring Wireless and QoS Settings
About Basic and Advanced Wireless and QoS Configurations . . . . . . . . .90
Configure the Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Basic Radio Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Advanced Radio Configuration for Profile Groups . . . . . . . . . . . . . . . . .92
Configure Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Basic Wireless Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Advanced Wireless Configuration for Profile Groups . . . . . . . . . . . . . . .96
5
ProSafe 20-AP Wireless Controller WC7520
Configure Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Specify RF Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Basic RF Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Advanced RF Management for Profile Groups. . . . . . . . . . . . . . . . . . .104
Configure QoS for Profile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Configure Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Configure Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Basic Rate Limiting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Advanced Rate Limiting for Profile Groups . . . . . . . . . . . . . . . . . . . . . 110
Chapter 8 Configuring Network Access and Security
About Basic and Advanced Security Configurations . . . . . . . . . . . . . . . .112
Manage Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configure Basic Rogue Detection Settings . . . . . . . . . . . . . . . . . . . . .114
Configure Advanced Rogue Detection Settings. . . . . . . . . . . . . . . . . . 116
Manage MAC Authentication and MAC Authentication Groups. . . . . . . .117
Guidelines for External MAC Authentication . .
Configure Basic Local MAC Authentication Settings . . . . . . . . . . . . . . 118
Configure Local MAC Authentication Groups. . . . . . . . . . . . . . . . . . . .120
Manage Authentication Servers and Authentication Server Groups . . . .122
Configure Basic Authentication Server Settings. . . . . . . . . . . . . . . . . . 123
Configure RADIUS Authentication Server Groups. . . . . . . . . . . . . . . .125
Manage Guest Network Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Configure Captive Portal Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Manage Users, Accounts, and Passwords. . . . . . . . . . . . . . . . . . . . . . . . 128
. . . . . . . . . . . . . . . . . . 118
Chapter 9 Maintaining the Controller
Manage the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Back Up and Restore the Configuration File . . . . . . . . . . . . . . . . . . . .135
Upgrade the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Reboot or Reset the Wireless Controller . . . . .
Reboot Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Manage External Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Manage Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Specify Session Time-Outs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
View Alerts and Events and Save the Logs . . . . . . . . . . . . . . . . . . . . . . .144
Save the Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
View Alerts and Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Manage Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
View Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Configure the License Server Settings. . . . . . . . . . . . . . . . . . . . . . . . .150
Register Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Retrieve Your Licenses . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
. . . . . . . . . . . . . . . . . . . .139
6
ProSafe 20-AP Wireless Controller WC7520
Chapter 10 Managing Stacking and Redundancy
Manage Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Configure Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Controller Selection List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Manage Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Single Controller with Redundanc
N:1 Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Configure Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
y. . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Chapter 11 Monitoring the Wireless Network and Components
Monitor the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
View the Network Summary Screen. . . . . . . . . . . . . . . . . . . . . . . . . . .168
View Network Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
View Wireless Controllers in t
View Managed Access Points in the Network . . . . . . . . . . . . . . . . . . .172
View Clients in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
View Security Profiles in the Network. . . . . . . . . . . . . . . . . . . . . . . . . .178
Monitor the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
View the Wireless Controller Summary Screen .
View Wireless Controller Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
View Access Points Managed by the Wireless Controller . . . . . . . . . .182
View Clients Managed by the Wireless Controller
View Neighboring Clients Detected by
View Rogue Access Points D
View Security Profiles Managed by the W
View DHCP Leases Provided by the Wireless Controller. . . . . . . . . . .188
View Captive Portal Guests and Users Managed by
the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Monitor the SSIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
Monitor the Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
View Local Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
View Blacklisted Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
he Network. . . . . . . . . . . . . . . . . . . . . . .171
. . . . . . . . . . . . . . . . .180
. . . . . . . . . . . . . . . .184
the Wireless Controller . . . . . .184
etected by the Wireless Controller. . . . .185
ireless Controller. . . . . . . . .187
Chapter 12 Troubleshooting
Troubleshoot Basic Functioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Power LED Not On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Test LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
LAN Port LEDs Not On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Troubleshoot the Web Management Interface . . . . . . . . . . . . . . . . . . . . .195
Ethernet Cabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
IP Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Internet Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Troubleshoot a TCP/IP Network Using the Ping Utility. . . . . . . . . . . . . . .197
Test the LAN Path to Your W Use the Factory Default Button to Restore D
Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
ireless Controller . . . . . . . . . . . . . . . . . .197
efault Settings . . . . . . . . . .198
7
ProSafe 20-AP Wireless Controller WC7520
Problems with Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Discovery Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Connection Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
Network Performance and Rogue Access Point
Use the Diagnostic Tools on the Wireless Controller. . . . . . . . . . . . . . . .200
Detection . . . . . . . . .200
Appendix A Factory Default Settings and Technical Specifications Appendix B Notification of Compliance Index
8

1. Introduction and Overview

This chapter includes the following sections:
Key Features and Capabilities
Package Contents
Hardware Features
WC7520 Wireless Controller System Components
What Can You Do with the WC7520 Wireless Controller?
Licenses
Maintenance and Support
Web Management Interface Layout
Initial Connection and Configuration
Basic and Advanced Settings
Choose a Location for the Wireless Controller
1
Deploy the Wireless Controller
Note: For more information about the topics covered in this manual, visit
the support website at http://support.netgear.com.

Key Features and Capabilities

The ProSafe 20-AP Wireless Controller WC7520 is intended for medium-sized businesses, schools, and hospitals. In a stacked configuration and with the appropriate licenses, a wireless controller can support up to 150 access points (APs) with up to 1,500 users or more. The wireless controller supports the IEEE 802.11a/b/g/n protocols. The wireless controller allows you to manage your wireless network from a central point, implement security features centrally, support Layer 2 and Layer 3 fast roaming, configure a guest access captive portal, and support Voice over Wi-Fi (VoWi-Fi).
9
ProSafe 20-AP Wireless Controller WC7520
The wireless controller provides the following key features and capabilities:
Scalable architecture with stacking and redundancy
- Support for 20 access points on a single wireless controller with no additional license.
- Purch
ased licenses (WC7510L) in increments of 10 access point s allow for supp ort of
up to a maximum number of 50 access points on a single wireless controller.
- A maximum of
three stacked wireless controllers allows fo r up to 150 access point s in
a single network.
- Support
- Support
of N:1 redundancy. of 802.11a, 802.11b, 802.11g, and 802.11n modes.
Autodis
- Autodiscovery of a
- Autodiscovery of a
- Autodiscovery of
covery of access points
ccess points in the same Layer 2 domain. ccess points across a Layer 3 domain.
remote access points over a site-to-site VPN connection or behind a
NAT router.
- Automatic downlo
ad of wireless controller-based firmware to discovered access
points that are added to the managed access point list.
Centralized m
- Single point of
isualization of live coverage and heat maps for the wireless network.
- V
anagement
management for the entire wireless network.
- Automatic firmware upg
- DHCP server
- Config
Secu
rity
- Ident
urable management VLAN.
ity-based security authentication with an external RADIUS or LDAP (Active
for IP address provisioning.
Directory) server, or with an internal authentication server.
- Up to 8 profiles per profile gro
points can support up to 16 profiles in one profile group).
- Support
for up to 128 access point profiles1 per wireless controller (8 profiles per group and 8 groups per radio). Each access point profile supports settings for SSID, network authe
ntication, data encryption, client separation, VLAN, MAC ACL, and
wireless QoS.
rade to all managed access points.
up and 8 profiles per radio (therefore, dual-band access
- Support
- Rogue a
- Gu
- Sched
1. Number of profiles depends on the access point model used with the wireless controller.
2. Number of profile groups depends on the access point model used with the wireless controller.
for up 8 access point profile groups2 per wireless controller.
ccess point detection, classification, and mitigation.
est access and captive portal access with cost and expiration accounting.
uled wireless on/off times.
Introduction and Overview
10
ProSafe 20-AP Wireless Controller WC7520
Wi-Fi Multimedia Quality of Service and advanced wireless features
i-Fi Multimedia (WMM) support for video, audio, and Voice over Wi-Fi (VoWi-Fi).
- W
- W
MM power save option.
- Aut
- L
- L
RF planni
- RF p
- Aut
- Aut
- Rat
omatic WLAN healing mechanism ensures seamless coverage for wireless users. ayer 2 and Layer 3 seamless roaming support (FRS). ocal Layer 2 traffic switching at access point level for fast processing and roamed
Layer 3 traffic processing at controller level.
ng and management
lanning tool to predict the number and placement of access points based on signal strength and the number of users per building floor, and to display the predicted coverage.
omatic control of access point transmit power and channel allocation to reduce
interference.
omatic load balancing of clients across access points. e limiting per profile.
Mon
For a list of all features and capabilities of the wireless controller, see the datasheet at
http://support.netgear.com/app/products/model/a_id/13060.
itoring and reporting
- Access po
of the WLAN.
- Monitoring
network usage statistics.
- S
pecific health monitoring of access points.
- L
ogging and emailing of system events, RF events, load-balancing events,
rate-limiting events, and redundancy failover events.
int heat maps by wireless band and signal strength for real-time status view
of the status of the network, wireless controllers, WLANs, and client s, and

Package Contents

The ProSafe 20-AP Wireless Controller WC7520 product package contains the following items:
ProSafe 2
On
Rubber
On
S
e AC power cable
e rack-mount kit
traight-through Category 5 Ethernet cable
0-AP Wireless Controller WC7520 appliance
feet (4) with adhesive backing
WC7520
Resou
rce CD
ProSafe Wireless Controller Installation Guide
Introduction and Overview
11
ProSafe 20-AP Wireless Controller WC7520
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.

Hardware Features

The front panel ports and LEDs, rear panel components, and bottom label of the wireless controller are described in this section.

Front Panel Ports and LEDs

The following figure shows the front panel ports and status LEDs of the wireless controller.
Figure 1.
From left to right, the wireless controller’s front panel shows the following ports and LEDs:
Power LE
Te
st LED
USB port f
D
or external storage, for example for more floor heat maps and extended
statistics history
Fo
ur 10/100/1000 Mbps LAN Ethernet ports with RJ-45 connectors, left LEDs, and right LEDs. All Ethernet ports provide switched N-way, automatic speed negotiating, auto MDI/MDIX technology.
Note: The four ports of the wireless controller function as a single switch.
The function of each LED is described in the following table:
Table 1. LED functions
LED Status Description Power LED On The green Power LED should be lit when the wireless controller is on.
Off If the power LED is not lit when the wireless controller is on, check the
nections and check to see if the power outlet is controlled by a wall switch
con that is turned off (see Power LED Not On on p
Introduction and Overview
12
age 194).
ProSafe 20-AP Wireless Controller WC7520
Table 1. LED functions (continued)
LED Status Description Te st LED On The wireless controller is initializing. After approximately 2 minutes, when the
wireless controller has completed its initialization, the Test LED turns off. If the T est LED remains on, the initialization has failed (see T est LED Never Turns Off on page 195).
its initialization successfully. The Test
Ethernet cable is plugged into the
age 195).
Left LAN
rt LED
po (one for each port)
Right LAN
rt LED
po (one for each port)
Off The wireless controller has completed
LED should be off during normal operation. Blinking Firmware is being upgraded. Off The port has no physical link, that is, no
wireless controller (see also LAN Port LEDs Not On on p On (green) The port has detected a link with a connected Ethernet device. Blinking (green) Data is being transmitted or received by the port. Off The port is operating at 10 Mbps. On (amber) The port is operating at 100 Mbps. On (green) The port is operating at 1000 Mbps.

Rear Panel Features

The following figure shows the rear panel components of the wireless controller.
Figure 2.
From left to right, the wireless controller’s rear panel components are:
Con
sole port. RS232 port for connecting to an optional console terminal. The port has a
DB9 male connector. The default baud rate is 9600 K. The configuration is 8 bits, no parity, and 1 stop bit.
Note: The console port is for debugging under guidance of NETGEAR
technical support only.
Factory Defaults button. Using a sharp object, press and hold this button for about
10 seconds until the front panel LED flashes and the wireless controller returns to factory d
efault settings.
Introduction and Overview
13
ProSafe 20-AP Wireless Controller WC7520
Note: If you reset the wireless controller, all configuration settings are lost
and the default password is restored.
Kensington lock. Attach an optional Kensington lock to prevent unauthorized removal of
the wireless controller.
AC power socke
power switch.)
t. Attach the power cord to this socket. (There is no separate on/off

Bottom Panel with Product Label

The product label on the bottom of the wireless controller’s enclosure displays the default IP address, default user name, and default password, as well as regulatory compliance, input power, and other information.
Figure 3.

WC7520 Wireless Controller System Components

A WC7520 wireless controller system consists of one or more wireless controllers and a collection of access points that are organized into groups based on location or network access.
The wireless controller system can include a single controller with a backup wireless controller for N:1 redundancy, or a group of up to three stacked wireless controllers, with or without a redundant wireless controller.
Introduction and Overview
14
wireless controller, a single wireless
ProSafe 20-AP Wireless Controller WC7520
The WC7520 wireless controller system supports the following access point models:
NET
NET
NET
NET
Future releases will support additional access point models.
GEAR WNAP210 ProSafe wireless-N access point GEAR WNAP320 ProSafe wireless-N access point GEAR WNDAP350 ProSafe dual-band wireless-N access point GEAR WNDAP360 ProSafe dual-band wireless-N access point

NETGEAR ProSafe Access Points

You can connect access points to the wireless controller either directly with an Ethernet cable through a router or switch, or remotely through an IP network. After you have used the automatic discovery process and added access points to the managed access point list on the wireless controller, the wireless controller converts the standard access points to dependent access points by pushing firmware to the access points. From then on, you can centrally manage and monitor the access points.
A WC7520 wireless controller system can support the following access points:
WNAP2
- Sup
- Sup
- Req
10 ProSafe Wireless-N Access Point
ports 802.11b, 802.11g, and 802.11n network devices ports Power over Ethernet (PoE) with a power consumption of up to 5.8W uires minimum firmware version WNAP210_2.0.8 or a newer version.
For product documentation and firmware, see
http://support.netgear.com/app/products/model/a_id/8101.
WNAP3
- Sup
- Sup
- Accep
- Req
For product documentation and firmware, see
http://support.netgear.com/app/products/model/a_id/18601.
WNDAP35
- Sup
- Sup
- Con
- Accep
- Requires minimum firmware version WNDAP350
For product documentation and firmware, see
http://support.netgear.com/app/products/model/a_id/12823.
20 ProSafe Wireless-N Access Point
ports 802.11b, 802.11g, and 802.11n network devices ports Power over Ethernet (PoE) with a power consumption of up to 5.8W
ts optional antennas
uires minimum firmware version WNAP320_2.0.7 or a newer version.
0 ProSafe Dual Band Wireless-N Access Point
ports 802.11a, 802.11b, 802.11g, and 802.11n network devices ports PoE with a power consumption of up to 10.75W current operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode
ts optional antennas
_V2.0 or a newer version.
Introduction and Overview
15
ProSafe 20-AP Wireless Controller WC7520
WNDAP360 ProSafe Dual Band Wireless-N Access Point
- Support
s 802.11a, 802.11b, 802.11g, and 802.11n network devices
- Support
- Concu
- Accept
- Requires minimum firmware version WNDAP3
For product documentation and firmware, see
http://support.netgear.com/app/products/model/a_id/19189.
s PoE with a power consumption of up to 10.51W
rrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode
s optional antennas
60_2.0.3 or a newer version.

What Can You Do with the WC7520 Wireless Controller?

These are some of the tasks that you can perform with a WC7520 wireless controller:
Plan a Wireless Network
Design a WLAN. Design an efficient WLAN with building and floor dimensions for your
specific environment.
Estim
Estimate how many access points you need for your wireless coverage and determine their optimum location for best coverage and performance.
For more information, see Chapter 3, RF Planning.
ate the number of required access points and their approximate locations.
Discover Access Points in the Network and Provision IP Addresses and Firmware
Discover access points in the network. The access points can be in factory default
state or functioning in standalon e mode, but af ter discovery by the wireless controller and addition to the managed access point list, the access points become dependent (managed) access points.
Provisi
provision IP addresses to all or selected managed access points in the network.
Upgrade
managed access points in the network.
For more information, see Chapter 4, Access Point Discovery and Management.
on IP addresses to the access points. Use the internal DHCP server to
access point firmware. Update and synchronize new firmware versions to all
Organize the Network
Create access point profiles. Organize access points in profiles to differentiate between
SSIDs, client authentication, authentication settings, and wireless QoS settings.
Create a
profile groups to differentiate between buildings, flo ors, businesses or business divisions,
ccess point profile groups. Organize access point profiles in access point
Introduction and Overview
16
ProSafe 20-AP Wireless Controller WC7520
and so on. Easily assign access points to profile groups or make changes to assignments.
For more information, see Chapter 6, Managing Security Profiles and Profile Groups.
Centrally Manage the Wireless Settings for the Network
Schedule the radios. Schedule the entire network to go offline, or schedule access point
profile groups to go offline.
Manage wireless
as wireless mode, data rate, channel width, and so on, for the entire network or for access point profile groups, and manage channel allocation for the entire network.
Man
Configure RF ma
For more information, see Chapter 7, Configuring Wireless and QoS Settings.
age QoS settings. Manage QoS queue settings for data, background, video, and
voice traffic for access point profile groups.
hole detection for the entire network or for access point profile groups.
settings and channel allocation. Manage the wireless settings such
nagement settings. Configure WLAN healing and wireless coverage
Centrally Manage Security in the Network
Manage secure access to the network and secure data transmission . Manage client
authentication, encryption, wireless client security separation, and MAC authentication in access point profiles.
Man
Man
Ma
Man
For more information, see Chapter 8, Configuring Network Access and Security.
age authentication servers for the network. Manage all internal and external
authentication servers for the entire network or for access point profile groups.
age MAC authentication. Specify trusted and untrusted MAC addresses for the
entire network.
nage rogue access points . Manage rogue access po ints and their associated client s
in the network.
age guest access. Manage guest access and captive portal access to the network.
Manage Other Wireless Controllers in the Network
Manage stacking. Specify the primary and secondary wireless controllers in a stack and
synchronize information between the wireless controller.
Manage redun
redundancy group and enable failover protection.
For more information, see Chapter 10, Managing Stacking and Redundancy.
dancy groups. Specify the primary and secondary wireless controllers in
Introduction and Overview
17
ProSafe 20-AP Wireless Controller WC7520
Monitor the Network and Its Components
View heat map s. V iew the real-time heat map s for a deployed WLAN. See the RF signal
propagation per floor, and identify coverage holes and weak signal spots.
Monitor the s
access points, clients, access point profiles, and the entire network, and view network usage statistics.
Monitor network health.
or compromised.
For more information, see Chapter 11, Monitoring the Wireless Network and Components.
tatus of all wireless devices. View the status the wireless controllers,
See which access points are healthy and which ones are down

Licenses

The wireless controller includes an built-in license to support up to 20 access points in
802.11a/b/g/n mode. You can purchase licenses in 10–access point increments (WC7510L)
for support of up to 50 access points for a single wireless controller. To support 50 access points, you would need to purchase 3 WC7510L licenses; if you have three wireless
trollers in a stack and want to support the maximum number of 150 access points, you
con would need to purchase 9 WC7510L licenses.
Adding a redundant wireless controller also r required number of access points on the redundant wireless controller.
Licenses are tied to the serial number of the wireless controller. For more information, see the License Configuration section in the datasheet at
http://support.netgear.com/app/products/model/a_id/13060.
equires you to purchase licenses to support the
For information about how to manage your licenses, see Manage Licenses o
n page 149.

Maintenance and Support

NETGEAR offers technical support seven days a week, 24 hours a day. Information about support is available on the NETGEAR ProSupport website at
http://kb.netgear.com/app/answers/detail/a_id/212.
Introduction and Overview
18
ProSafe 20-AP Wireless Controller WC7520
1st level: Main navigation menu tab
2nd level: Configuration menu tab
3rd level: Submenu link
Action buttons
Controller selection list

Web Management Interface Layout

The following figure shows the menu at the top and the left of the wireless controller’s web management interface (the screen’s content has been removed for more clarity).
Figure 4.
A web management interface screen can include the following components:
1st le
2nd le
3rd leve
Action bu
vel: Main navigation menu tab. The main navigation menu tabs in the light gray
bar across the top of the web management interface provide access to all configuration menu tabs of the wireless controller and remain constant. When you select a main navigation menu tab, the letters are displayed in white against a blue background.
vel: Configuration menu tab. The configuration menu tabs in the blue bar (immediately below the main navigation menu bar) change according to the main navigation menu tab that you select. When you select a configuration menu tab, the letters are displayed in orange against a blue background.
l: Submenu link. Each configuration menu tab has one or more submenu links that are listed on the left side of the screen in a gray box. When you select a submenu link, the text is displayed in orange against a gray background. On many screens, the submenus are divided into a basic submenu and an advanced submenu.
ttons. Action buttons change the configuration or allow you to make changes
to the configuration. These are the most common action buttons:
- Appl
- Can
- Add.
- Edit. Allows you
y. Saves all configuration changes made on the current screen. Saved settings
are retained when the wireless controller is powered off or rebooted, while unsaved configuration changes are lost.
cel. Resets options on the current screen to the last-applied or -saved settings.
Adds a new item to the current screen. Typically, a pop-up window opens that
enables you to enter information in additional fields.
to edit the configuration of the selected item.
- Rem
ove or Delete. Removes the selected item from the table or screen
configuration.
Introduction and Overview
19
ProSafe 20-AP Wireless Controller WC7520
- Back. Return to the previous screen.
- Next. Advance to the
next screen.
Controlle
select the wireless controller to configure.
r selection list. In a stacked configuration, the controller selection list lets you

Initial Connection and Configuration

Follow the steps in this section to set up the wireless controller. For additional information, see the WC7520 ProSafe Wireless Controller Installation Guide that you can access from
http://kb.netgear.com/app/products/model/a_id/13060.
To set up, configure, and deploy the wireless controller:
1. Connect the wire
a. Config
as the subnet mask.
b. Connect the wire
one of the wireless controller’s ports.
c. Connect the po d. Check the light
Power. The
T
LAN
ure a computer with a static IP address of 192.168.0.210 and 255.255.255.0
connections and check to see if the power outlet is controlled by a wall switch that is turned off.
est. The Test LED is on briefly when the controller is first turned on.
1000 Mbps) indicating that a connection has been made. If it is not, make sure that the Ethernet cable is securely attached at both ends.
less controller to your computer:
less controller to the computer through the network or directly to
wer cord from the wireless controller to an AC power outlet.
s on the front of the wireless controller:
green Power LED should be lit. If the Power LED is not lit, check the
The Ethernet (LAN) LED should be lit (amber for 10/100 Mbps and green for
2. Log
in to the wir e l es s c on t r ol l e r:
a. Op
en your browser and type http://192.168.0.250 in the browser’s address field.
Note: You need to use a web browser such as Microsoft Internet Explorer
5.1 or later or Mozilla Firefox l.x or later with JavaScript, cookies, and SSL enabled.
Introduction and Overview
20
ProSafe 20-AP Wireless Controller WC7520
The wireless controller’s login window displays:
Figure 5.
b. When prompted, enter admin for the user name and password for the password,
both in lowercase letters.
c. Click Login. Th
e wireless controller’s web management interface displays, with the default status screen (the path is Monitor > Controller > Summary), which shows the network status and related information:
Figure 6.
Note: The Network navigation menu tab displays under the Monitor main
navigation tab only when you have configured stacking.
For information about the layout and general cha interface, see Web Management Interface Layout on p
Introduction and Overview
21
racteristics of the web management
age 19.
ProSafe 20-AP Wireless Controller WC7520
For information about the network status and related information, see View the
Wireless Controller Summary Screen on p
onfigure the wireless controller and your network:
3. C
a. RF planning. Fol
location of the access points.
low instructions in Chapter 3, RF Planning, to plan the number and
age 180.
b. Configure your network. F
configure your network, including the SSIDs, security QoS, rate limiting, and so on.
c. Set up the wireless controller. Follow the in
page 27 to select the type of deployment for your network.
d. Add the access points. Follow the
Guidelines on p
controller’s managed access point list.
age 51 to discover your access points and add them to wireless
ollow the instructions in Chapter 4 through Chapter 10 to
, MAC ACLs, captive portal,
structions in System Planning on
steps in Access Point Discovery and Discovery

Basic and Advanced Settings

You can deploy the wireless controller in a small wireless network with 10 or 20 access points or in a large wireless network with up to 150 access points. Small networks require a basic configuration, but large networks can become very complex and require you to configure the advanced features of the wireless controller.
Depending on your network configuration, use basic settings or advanced settings to man age
r access points:
you
Basic
network configurations. For example, all access points on the WLAN are for the same organization or business and therefore adhere to the same policies and use a small number of service set identifiers (SSIDs, or network names).
Adva
network, or if completely separate networks share a single WLAN, use the advanced settings to set up multiple access point profile groups with multiple security profiles (SSIDs with associated security settings). For example, a shopping mall might need several access point profile groups if several businesses share a WLAN but each business has its own network. Larger networks could require multiple access point profile groups to allow different policies per building or department. The access points could have different security profiles per building and department, for example, one for guests, one for management, one for sales, and so on.
settings for a typical network. The basic settings work with most common
nced settings for access point profile groups. If you have a large wireless
Note: Access point profile groups are also referred to as just profile
groups. Profiles, security profiles, and SSIDs (that is, SSIDs with associated security settings) are terms that are interchangeable.
Introduction and Overview
22
ProSafe 20-AP Wireless Controller WC7520
To accommodate all types of networks, almost all configuration menus of the web management interface are divided into basic and advanced submenus. The following figure shows an example of the Security > Wireless > Basic submenu on the left and the Security > Wireless > Advanced submenu on the right:
Figure 7.
Before you start the configuration of your wireless controller, decide whether you can use a basic configuration (that is, follow the basic submenus) or need to use an advanced configuration (that is, follow the advanced submenus). Once you have made your choice, configuring the wireless controller should be fairly easy if you consistently follow either the basic submenus or the advanced submenus.

Profile Groups

Each access point can support up to 8 security profiles (16 for dual-band access points), each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.
The wireless controller follows the same architecture. A profile group on the wireless contro
8 profiles (16 for dual-band access points), each of which has its own SSID, security, MAC ACL, rate-limiting settings, WMM settings, and so on.
Basic Profile
The basic profile includes all the settings that are required to configure a fully functional access point with up to 8 security profiles (16 for dual-band access points).
After you have used the automatic discovery process and added access points to the manag basic profile group.
If your network requires the wireless controller to manag different configurations, use the advanced profile.
ller includes all the features that you can configure for an individual access point: up to
ed AP list on the wireless controller, the access points are assigned by default to the
e multiple access points with
Introduction and Overview
23
ProSafe 20-AP Wireless Controller WC7520
Group-1
Group-2
Group-3
Group-4
Group-5 Group-6
Group-7
Group-8
2.4-GHz radio
5-GHz radio
Security Profiles
Security Profiles
1
2
34
5678
1
23
4
56
78
Advanced Profile
The advanced profile lets you configure up to 8 access point profile groups. Each group includes all the settings that are required to configure a fully functional access point with up to 8 security profiles (16 for dual-band access points).
For example, if there are four buildings, each with a completely different wireless network,
simply create four profile groups. You then assign all access points in one building to one
you profile group, all access points in another building to a second profile group, and so on.
For each profile group, you can create an individual radio-on/off schedule, RF management
tings, MAC ACL authentication, and an authentication server. For each radio in a profile
set group (2.4-GHz radio and 5-GHz radio), you can create individual wireless settings, WMM, and rate-limit settings.
The following figure shows the advanced pro
file group architecture. The structure that is
shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):
Figure 8.
The following figure shows an example of three access point profile groups, in which the first profile group (Group-1) has three security profiles. For each profile in this profile group, the profile name, radio mode, and authentication setting are shown. (Group-1 is the default group in the advanced profile group configuration; you need to create the other profiles groups.)
Introduction and Overview
24
Figure 9.
ProSafe 20-AP Wireless Controller WC7520

Choose a Location for the Wireless Controller

The wireless controller is suitable for use in an office environment where it can be freestanding on its runner feet or mounted into a standard 19-inch equipment rack. Alternatively, you can rack-mount the wireless controller in a wiring closet or equipment room. A mounting kit, containing two mounting brackets and screws, is provided in the wireless controller package.
Consider the following when deciding where to
The u
Cabling is away from sources of electrical noise. Th
W
Airflow around
The a
T
nit is accessible and cables can be connected easily.
ovens, and air-conditioning units.
ater or moisture cannot enter the case of the unit.
the unit and through the vents in the side of the case is not restricted.
Provide a minimum of 25 mm or 1 inch clearance.
ir is as free of dust as possible.
emperature operating limits are not likely to be exceeded. Install the unit in a clean, air-conditioned environment. For information about the recommended operating temperatures for the wireless controller, see Appendix A, Factory Default Settings and
Technical Specifications.
position the wireless controller:
ese include lift shafts, microwave
Introduction and Overview
25
ProSafe 20-AP Wireless Controller WC7520

Deploy the Wireless Controller

To deploy the wireless controller:
1. Disconne
it. If necessary, you can now reconfigure the computer that you used in the configuration process back to its original TCP/IP settings.
2. Connect an Ethern
3. Connect th
outlet. The Power, Test, and Ethernet LEDs should light up. If any of these do not light up, see Troubleshoot Basic Functioning on p
ct the wireless controller from the computer and place it where you will deploy
et cable from your wireless controller to a LAN port on your network.
e power cord to the wireless controller and plug the power cord into a power
age 194.
Introduction and Overview
26
2. System Planning and Deployment
Scenarios
This chapter includes the following sections:
System Planning
Management VLAN and Data VLAN Strategies
Deployment Scenarios

System Planning

This section includes the following subsections:
Preinstallation Planning
Before You Configure a Wireless Controller
Single Controller Configuration with Basic Profile Group
Single Controller Configuration with Advanced Profile Groups
Stacked Controller Configuration
2

Preinstallation Planning

Before you install any wireless controllers, determine the following:
Numb
Numb
802
NETGEAR recommends that you perform a site survey:
Run
Run an
Iden
Determine
er of access points required to provide seamless coverage er of wireless controllers required
.11 frequency band and the channels that are optimal for Wi-Fi usage
a spectrum analysis of channels of the site to determine the current RF behavior and
detect both 802.11 and non-802.11 noise.
access point-to-client connectivity test to determine the maximum throughput
achievable on the client.
tify potential RF obstructions and interference sources.
areas where denser coverage might be required because of heavier usage.
27
ProSafe 20-AP Wireless Controller WC7520
After the survey is complete, use the collected data to set up an RF plan. For more information, see RF Planning Overview on p
age 41.

Before You Configure a Wireless Controller

These sections assume that you have deployed at least one wireless controller in your network and are ready to configure the wireless controller. For information about how to deploy the wireless controller in your network, see the WC7520 ProSafe Wireless Controller
Installation Guide that you can access from
http://kb.netgear.com/app/products/model/a_id/13060.
For many configurations, you can use the default DHCP server, client authentication, and data encryption settings are specific to your environment. Following are short sections that discuss these settings (with the exception of IP address settings, which are self-explanatory). For information about how to configure these settings, see the relevant sections.
wireless settings. The IP address, VLAN,
VLANs
The management VLAN is the dedicated VLAN for access to the wireless controller. All traffic that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is carried over the management VLAN.
If the management VLAN is also configured as a tagged VLAN (the most common con
figuration), the packets to and from the wireless controller carry the 802.1Q VLAN header with the assigned VLAN number. If the management VLAN is marked as untagged, the packets that are sent from the wireless controller do not carry the 802.1Q header, and all untagged packets that are sent to the wireless controller are treated as management VLAN traffic.
Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs
and switches on your LAN support 802.1Q. If they do not, and you have not specifically configured a tagged VLAN with the same VLAN ID on the hubs and switches in your network, IP connectivity might be lost.
The wireless controller needs to have IP connectivity with the access points through the management VLAN. If the wireless controller and the access points are on different management VLANs, external VLAN routing needs to allow IP connectivity between the wireless controller and the access points.
For information about how to configure management VLANs, see Configure IP and VLAN
Settings o
n page 65.
System Planning and Deployment Scenarios
28
Client VLANs
ProSafe 20-AP Wireless Controller WC7520
Each authenticated wireless user is placed into a VLAN that determines the user
’s DHCP server, IP address, and Layer 2 connection. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile, the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources. For example, you might place authorized employee users into one VLAN, and itinerant users, such as contractors or guests, into a separate VLAN. To use different VLANs, you need to create different security profiles.
For information about how to configure regular VLANs, see Manage Rogue Access Points on page 113.
DHCP Server
The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it. You can add up to 64 DHCP server
pools, each assigned to a different VLAN.
Client Authentication and Data Encryption
A user needs to authenticate to the WLAN to be able to access WLAN resources. The wireless controller supports several types of security methods, including those that require an external RADIUS or LDAP authentication server.
The encryption option that you can select dep have selected. The following table lists the authentication methods available, with their corresponding encryption options:
ends upon the authentication method that you
Table 2. Authentication and encryption options
Authentication method Encryption option Authentication server
Open system 64-bit, 128-bit, or 152-bit WEP None Shared Key 64-bit, 128-bit, or 152-bit WEP None WPA-PSK TKIP or TKIP+AES None WPA2-PSK AES or TKIP+AES None WPA-PSK and WPA2-PSK TKIP+AES None WPA TKIP or TKIP+AES One of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
System Planning and Deployment Scenarios
29
ProSafe 20-AP Wireless Controller WC7520
Table 2. Authentication and encryption options (continued)
Authentication method Encryption option Authentication server
WPA2 AES or TKIP+AES One of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
WPA and WPA2 TKIP+AES One of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
For information about how to configure client authentication and data encryption, see
Manage Rogue Access Points on p
age 113.
For information about how to configure au
Servers and Authentication Server Groups on p
thentication servers, see Manage Authentication
age 122.

Single Controller Configuration with Basic Profile Group

A basic configuration consists of a single wireless controller that controls a collection of access points that are organized into the basic default group.
To set up a single wireless controller system with a basic profile group:
Step Configuration Web management interface path
1. Optional: Create an RF plan. Plans > Layout
2. If you have not yet done so, configure the system settings of the
wireless controller:
1. Configure the country code of operation.
2. Configure the IP address of wireless controller.
3. Verify that VLAN 1 is set as the management VLAN and is marked as untagged, which is the default setting.
3. Configure up to 8 profiles, and for each profile, do at least the following:
Configuration > System > General Configuration > System > IP/VLAN
1. Configure an SSID for wireless access.
2. Configure the network authentication and data encryption.
3. Assign the VLAN. If required, configure the authentication server. Configuration > Security > Basic >
4. Run the Discovery Wizard and add the access points to the managed access point list.
System Planning and Deployment Scenarios
30
Configuration > Profile > Basic
Authentication Server Access Point > Discovery Wizard
Loading...
+ 183 hidden pages