into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Su p p o r t
Thank you for choosing NETGEAR. T o register your product, get the latest product updates, get support online, or
for more information about the topics covered in this manual, visit the Support website at
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): Check the list of phone numbers at
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication
Part Number
202-10686-04v1.1February 2012Added hexadecimal address information to Guidelines for the
202-10686-04v1.0October, 2011Added the following new information:
Version Publish DateComments
Autodiscovery Process Across
• New features:
- Discovery and management of remote access points (see
Requirements for Autodiscovery of Remote Access Point
on page 52) and Add Access Points to the Managed List
after Discovery on page 57
- Support for sentry mode (see Edit and
Point Information on page 59)
- Rogue AP mitigation (see Co
Detection Settings on page 114)
- Captive portal accounts (see Manag
and Passwords on page 128)
• Changes and improvements to the monitoring screens
• Additional troubleshooting information
Layer 3 Networks on page 52.
Remove Access
nfigure Basic Rogue
e Users, Accounts,
s
2
ProSafe 20-AP Wireless Controller WC7520
202-10686-03v1.0July, 2011Added the following new information:
• Support for the WNDAP360 access point (see NETGEAR
ProSafe Access Points)
• New features:
- N:1 redundancy (see Man
- Monitoring stacking and redundancy (see Vi
Network Summary Screen)
- External RADIUS-based MAC authentication (see
Guidelines for External MAC Authentication)
- External RADIUS-based captive
Configure Captive Portal Settings)
202-10686-02v1.0March 201 1Added the following new information:
• Support for the WNAP320 access point.
• New features:
- Capability to specify use of an access point’s internal or
external
Access Point Information).
- Capability to adjust the Tx power for all managed access
poi
- Capability to adjust the channel and Tx power for
ind
Settings).
- Capability to edit IP settings of individual access points
(s
- Display of radio-mode capabilities on the managed AP list
(s
Revised existing content and
Made changes to some monitoring screens (see Chapter 11,
Monitoring the Wireless Network and Components).
antenna or antennas (see Edit and Remove
nts (see Configure Channels).
ividual access points (see Configure Wireless
ee Manage the Access Point List).
ee Manage the Access Point List).
age Redundancy)
reorganized the manual.
ew th e
portal authentication (see
202-10686-01v1.4October 2010Made a minor revision to indicate the number of supported MAC
esses per SSID.
addr
202-10686-01v1.3September 2010Added an index and made minor revisions to existing content.
202-10686-01v1.2September 2010Added new content and revised existing content in chapters 1,
, 5, 9, and 10.
2, 4
Added chapters 11 and 12 and appendix A.
202-10686-01v1.1September 2010Added new content to chapters 1 through 4.
202-10686-01v1.0August 2010Initial publication.
Use the Diagnostic Tools on the Wireless Controller. . . . . . . . . . . . . . . .200
Detection . . . . . . . . .200
Appendix A Factory Default Settings and Technical Specifications
Appendix B Notification of Compliance
Index
8
1. Introduction and Overview
This chapter includes the following sections:
• Key Features and Capabilities
• Package Contents
• Hardware Features
• WC7520 Wireless Controller System Components
• What Can You Do with the WC7520 Wireless Controller?
• Licenses
• Maintenance and Support
• Web Management Interface Layout
• Initial Connection and Configuration
• Basic and Advanced Settings
• Choose a Location for the Wireless Controller
1
• Deploy the Wireless Controller
Note: For more information about the topics covered in this manual, visit
the support website at http://support.netgear.com.
Key Features and Capabilities
The ProSafe 20-AP Wireless Controller WC7520 is intended for medium-sized businesses,
schools, and hospitals. In a stacked configuration and with the appropriate licenses, a
wireless controller can support up to 150 access points (APs) with up to 1,500 users or more.
The wireless controller supports the IEEE 802.11a/b/g/n protocols. The wireless controller
allows you to manage your wireless network from a central point, implement security
features centrally, support Layer 2 and Layer 3 fast roaming, configure a guest access
captive portal, and support Voice over Wi-Fi (VoWi-Fi).
9
ProSafe 20-AP Wireless Controller WC7520
The wireless controller provides the following key features and capabilities:
• Scalable architecture with stacking and redundancy
-Support for 20 access points on a single wireless controller with no additional license.
-Purch
ased licenses (WC7510L) in increments of 10 access point s allow for supp ort of
up to a maximum number of 50 access points on a single wireless controller.
-A maximum of
three stacked wireless controllers allows fo r up to 150 access point s in
a single network.
-Support
-Support
of N:1 redundancy.
of 802.11a, 802.11b, 802.11g, and 802.11n modes.
• Autodis
-Autodiscovery of a
-Autodiscovery of a
-Autodiscovery of
covery of access points
ccess points in the same Layer 2 domain.
ccess points across a Layer 3 domain.
remote access points over a site-to-site VPN connection or behind a
NAT router.
-Automatic downlo
ad of wireless controller-based firmware to discovered access
points that are added to the managed access point list.
• Centralized m
-Single point of
isualization of live coverage and heat maps for the wireless network.
-V
anagement
management for the entire wireless network.
-Automatic firmware upg
-DHCP server
-Config
• Secu
rity
-Ident
urable management VLAN.
ity-based security authentication with an external RADIUS or LDAP (Active
for IP address provisioning.
Directory) server, or with an internal authentication server.
-Up to 8 profiles per profile gro
points can support up to 16 profiles in one profile group).
-Support
for up to 128 access point profiles1 per wireless controller (8 profiles per
group and 8 groups per radio). Each access point profile supports settings for SSID,
network authe
ntication, data encryption, client separation, VLAN, MAC ACL, and
wireless QoS.
rade to all managed access points.
up and 8 profiles per radio (therefore, dual-band access
-Support
-Rogue a
-Gu
-Sched
1. Number of profiles depends on the access point model used with the wireless controller.
2. Number of profile groups depends on the access point model used with the wireless controller.
for up 8 access point profile groups2 per wireless controller.
ccess point detection, classification, and mitigation.
est access and captive portal access with cost and expiration accounting.
uled wireless on/off times.
Introduction and Overview
10
ProSafe 20-AP Wireless Controller WC7520
• Wi-Fi Multimedia Quality of Service and advanced wireless features
i-Fi Multimedia (WMM) support for video, audio, and Voice over Wi-Fi (VoWi-Fi).
-W
-W
MM power save option.
-Aut
-L
-L
• RF planni
-RF p
-Aut
-Aut
-Rat
omatic WLAN healing mechanism ensures seamless coverage for wireless users.
ayer 2 and Layer 3 seamless roaming support (FRS).
ocal Layer 2 traffic switching at access point level for fast processing and roamed
Layer 3 traffic processing at controller level.
ng and management
lanning tool to predict the number and placement of access points based on
signal strength and the number of users per building floor, and to display the
predicted coverage.
omatic control of access point transmit power and channel allocation to reduce
interference.
omatic load balancing of clients across access points.
e limiting per profile.
• Mon
For a list of all features and capabilities of the wireless controller, see the datasheet at
ogging and emailing of system events, RF events, load-balancing events,
rate-limiting events, and redundancy failover events.
int heat maps by wireless band and signal strength for real-time status view
of the status of the network, wireless controllers, WLANs, and client s, and
Package Contents
The ProSafe 20-AP Wireless Controller WC7520 product package contains the following
items:
• ProSafe 2
• On
• Rubber
• On
• S
e AC power cable
e rack-mount kit
traight-through Category 5 Ethernet cable
0-AP Wireless Controller WC7520 appliance
feet (4) with adhesive backing
• WC7520
• Resou
rce CD
ProSafe Wireless Controller Installation Guide
Introduction and Overview
11
ProSafe 20-AP Wireless Controller WC7520
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep
the carton, including the original packing materials, in case you need to return the product for
repair.
Hardware Features
The front panel ports and LEDs, rear panel components, and bottom label of the wireless
controller are described in this section.
Front Panel Ports and LEDs
The following figure shows the front panel ports and status LEDs of the wireless controller.
Figure 1.
From left to right, the wireless controller’s front panel shows the following ports and LEDs:
• Power LE
• Te
st LED
• USB port f
D
or external storage, for example for more floor heat maps and extended
statistics history
• Fo
ur 10/100/1000 Mbps LAN Ethernet ports with RJ-45 connectors, left LEDs, and right
LEDs. All Ethernet ports provide switched N-way, automatic speed negotiating, auto
MDI/MDIX technology.
Note: The four ports of the wireless controller function as a single switch.
The function of each LED is described in the following table:
Table 1. LED functions
LEDStatusDescription
Power LEDOnThe green Power LED should be lit when the wireless controller is on.
OffIf the power LED is not lit when the wireless controller is on, check the
nections and check to see if the power outlet is controlled by a wall switch
con
that is turned off (see Power LED Not On on p
Introduction and Overview
12
age 194).
ProSafe 20-AP Wireless Controller WC7520
Table 1. LED functions (continued)
LEDStatusDescription
Te st LEDOnThe wireless controller is initializing. After approximately 2 minutes, when the
wireless controller has completed its initialization, the Test LED turns off. If the
T est LED remains on, the initialization has failed (see T est LED Never Turns Off
on page 195).
its initialization successfully. The Test
Ethernet cable is plugged into the
age 195).
Left LAN
rt LED
po
(one for
each port)
Right LAN
rt LED
po
(one for
each port)
OffThe wireless controller has completed
LED should be off during normal operation.
BlinkingFirmware is being upgraded.
OffThe port has no physical link, that is, no
wireless controller (see also LAN Port LEDs Not On on p
On (green)The port has detected a link with a connected Ethernet device.
Blinking (green) Data is being transmitted or received by the port.
OffThe port is operating at 10 Mbps.
On (amber)The port is operating at 100 Mbps.
On (green)The port is operating at 1000 Mbps.
Rear Panel Features
The following figure shows the rear panel components of the wireless controller.
Figure 2.
From left to right, the wireless controller’s rear panel components are:
• Con
sole port. RS232 port for connecting to an optional console terminal. The port has a
DB9 male connector. The default baud rate is 9600 K. The configuration is 8 bits, no
parity, and 1 stop bit.
Note: The console port is for debugging under guidance of NETGEAR
technical support only.
• Factory Defaults button. Using a sharp object, press and hold this button for about
10 seconds until the front panel LED flashes and the wireless controller returns to factory
d
efault settings.
Introduction and Overview
13
ProSafe 20-AP Wireless Controller WC7520
Note: If you reset the wireless controller, all configuration settings are lost
and the default password is restored.
• Kensington lock. Attach an optional Kensington lock to prevent unauthorized removal of
the wireless controller.
• AC power socke
power switch.)
t. Attach the power cord to this socket. (There is no separate on/off
Bottom Panel with Product Label
The product label on the bottom of the wireless controller’s enclosure displays the default IP
address, default user name, and default password, as well as regulatory compliance, input
power, and other information.
Figure 3.
WC7520 Wireless Controller System Components
A WC7520 wireless controller system consists of one or more wireless controllers and a
collection of access points that are organized into groups based on location or network
access.
The wireless controller system can include a single
controller with a backup wireless controller for N:1 redundancy, or a group of up to three
stacked wireless controllers, with or without a redundant wireless controller.
Introduction and Overview
14
wireless controller, a single wireless
ProSafe 20-AP Wireless Controller WC7520
The WC7520 wireless controller system supports the following access point models:
• NET
• NET
• NET
• NET
Future releases will support additional access point models.
GEAR WNAP210 ProSafe wireless-N access point
GEAR WNAP320 ProSafe wireless-N access point
GEAR WNDAP350 ProSafe dual-band wireless-N access point
GEAR WNDAP360 ProSafe dual-band wireless-N access point
NETGEAR ProSafe Access Points
You can connect access points to the wireless controller either directly with an Ethernet cable
through a router or switch, or remotely through an IP network. After you have used the
automatic discovery process and added access points to the managed access point list on
the wireless controller, the wireless controller converts the standard access points to
dependent access points by pushing firmware to the access points. From then on, you can
centrally manage and monitor the access points.
A WC7520 wireless controller system can support the following access points:
• WNAP2
-Sup
-Sup
-Req
10 ProSafe Wireless-N Access Point
ports 802.11b, 802.11g, and 802.11n network devices
ports Power over Ethernet (PoE) with a power consumption of up to 5.8W
uires minimum firmware version WNAP210_2.0.8 or a newer version.
ports 802.11b, 802.11g, and 802.11n network devices
ports Power over Ethernet (PoE) with a power consumption of up to 5.8W
ts optional antennas
uires minimum firmware version WNAP320_2.0.7 or a newer version.
0 ProSafe Dual Band Wireless-N Access Point
ports 802.11a, 802.11b, 802.11g, and 802.11n network devices
ports PoE with a power consumption of up to 10.75W
current operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode
ts optional antennas
_V2.0 or a newer version.
Introduction and Overview
15
ProSafe 20-AP Wireless Controller WC7520
• WNDAP360 ProSafe Dual Band Wireless-N Access Point
-Support
s 802.11a, 802.11b, 802.11g, and 802.11n network devices
rrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode
s optional antennas
60_2.0.3 or a newer version.
What Can You Do with the WC7520 Wireless Controller?
These are some of the tasks that you can perform with a WC7520 wireless controller:
Plan a Wireless Network
• Design a WLAN. Design an efficient WLAN with building and floor dimensions for your
specific environment.
• Estim
Estimate how many access points you need for your wireless coverage and determine
their optimum location for best coverage and performance.
For more information, see Chapter 3, RF Planning.
ate the number of required access points and their approximate locations.
Discover Access Points in the Network and Provision IP Addresses and
Firmware
• Discover access points in the network. The access points can be in factory default
state or functioning in standalon e mode, but af ter discovery by the wireless controller and
addition to the managed access point list, the access points become dependent
(managed) access points.
• Provisi
provision IP addresses to all or selected managed access points in the network.
• Upgrade
managed access points in the network.
For more information, see Chapter 4, Access Point Discovery and Management.
on IP addresses to the access points. Use the internal DHCP server to
access point firmware. Update and synchronize new firmware versions to all
Organize the Network
• Create access point profiles. Organize access points in profiles to differentiate between
SSIDs, client authentication, authentication settings, and wireless QoS settings.
• Create a
profile groups to differentiate between buildings, flo ors, businesses or business divisions,
ccess point profile groups. Organize access point profiles in access point
Introduction and Overview
16
ProSafe 20-AP Wireless Controller WC7520
and so on. Easily assign access points to profile groups or make changes to
assignments.
For more information, see Chapter 6, Managing Security Profiles and Profile Groups.
Centrally Manage the Wireless Settings for the Network
• Schedule the radios. Schedule the entire network to go offline, or schedule access point
profile groups to go offline.
• Manage wireless
as wireless mode, data rate, channel width, and so on, for the entire network or for
access point profile groups, and manage channel allocation for the entire network.
• Man
• Configure RF ma
For more information, see Chapter 7, Configuring Wireless and QoS Settings.
age QoS settings. Manage QoS queue settings for data, background, video, and
voice traffic for access point profile groups.
hole detection for the entire network or for access point profile groups.
settings and channel allocation. Manage the wireless settings such
nagement settings. Configure WLAN healing and wireless coverage
Centrally Manage Security in the Network
• Manage secure access to the network and secure data transmission . Manage client
authentication, encryption, wireless client security separation, and MAC authentication in
access point profiles.
• Man
• Man
• Ma
• Man
For more information, see Chapter 8, Configuring Network Access and Security.
age authentication servers for the network. Manage all internal and external
authentication servers for the entire network or for access point profile groups.
age MAC authentication. Specify trusted and untrusted MAC addresses for the
entire network.
nage rogue access points . Manage rogue access po ints and their associated client s
in the network.
age guest access. Manage guest access and captive portal access to the network.
Manage Other Wireless Controllers in the Network
• Manage stacking. Specify the primary and secondary wireless controllers in a stack and
synchronize information between the wireless controller.
• Manage redun
redundancy group and enable failover protection.
For more information, see Chapter 10, Managing Stacking and Redundancy.
dancy groups. Specify the primary and secondary wireless controllers in
Introduction and Overview
17
ProSafe 20-AP Wireless Controller WC7520
Monitor the Network and Its Components
• View heat map s. V iew the real-time heat map s for a deployed WLAN. See the RF signal
propagation per floor, and identify coverage holes and weak signal spots.
• Monitor the s
access points, clients, access point profiles, and the entire network, and view network
usage statistics.
• Monitor network health.
or compromised.
For more information, see Chapter 11, Monitoring the Wireless Network and Components.
tatus of all wireless devices. View the status the wireless controllers,
See which access points are healthy and which ones are down
Licenses
The wireless controller includes an built-in license to support up to 20 access points in
802.11a/b/g/n mode. You can purchase licenses in 10–access point increments (WC7510L)
for support of up to 50 access points for a single wireless controller. To support 50 access
points, you would need to purchase 3 WC7510L licenses; if you have three wireless
trollers in a stack and want to support the maximum number of 150 access points, you
con
would need to purchase 9 WC7510L licenses.
Adding a redundant wireless controller also r
required number of access points on the redundant wireless controller.
Licenses are tied to the serial number of the wireless controller.
For more information, see the License Configuration section in the datasheet at
The following figure shows the menu at the top and the left of the wireless controller’s web
management interface (the screen’s content has been removed for more clarity).
Figure 4.
A web management interface screen can include the following components:
• 1st le
• 2nd le
• 3rd leve
• Action bu
vel: Main navigation menu tab. The main navigation menu tabs in the light gray
bar across the top of the web management interface provide access to all configuration
menu tabs of the wireless controller and remain constant. When you select a main
navigation menu tab, the letters are displayed in white against a blue background.
vel: Configuration menu tab. The configuration menu tabs in the blue bar
(immediately below the main navigation menu bar) change according to the main
navigation menu tab that you select. When you select a configuration menu tab, the
letters are displayed in orange against a blue background.
l: Submenu link. Each configuration menu tab has one or more submenu links
that are listed on the left side of the screen in a gray box. When you select a submenu
link, the text is displayed in orange against a gray background. On many screens, the
submenus are divided into a basic submenu and an advanced submenu.
ttons. Action buttons change the configuration or allow you to make changes
to the configuration. These are the most common action buttons:
-Appl
-Can
-Add.
-Edit. Allows you
y. Saves all configuration changes made on the current screen. Saved settings
are retained when the wireless controller is powered off or rebooted, while unsaved
configuration changes are lost.
cel. Resets options on the current screen to the last-applied or -saved settings.
Adds a new item to the current screen. Typically, a pop-up window opens that
enables you to enter information in additional fields.
to edit the configuration of the selected item.
-Rem
ove or Delete. Removes the selected item from the table or screen
configuration.
Introduction and Overview
19
ProSafe 20-AP Wireless Controller WC7520
-Back. Return to the previous screen.
-Next. Advance to the
next screen.
• Controlle
select the wireless controller to configure.
r selection list. In a stacked configuration, the controller selection list lets you
Initial Connection and Configuration
Follow the steps in this section to set up the wireless controller. For additional information,
see the WC7520 ProSafe Wireless Controller Installation Guide that you can access from
To set up, configure, and deploy the wireless controller:
1. Connect the wire
a. Config
as the subnet mask.
b. Connect the wire
one of the wireless controller’s ports.
c. Connect the po
d. Check the light
• Power. The
• T
• LAN
ure a computer with a static IP address of 192.168.0.210 and 255.255.255.0
connections and check to see if the power outlet is controlled by a wall switch that
is turned off.
est. The Test LED is on briefly when the controller is first turned on.
1000 Mbps) indicating that a connection has been made. If it is not, make sure
that the Ethernet cable is securely attached at both ends.
less controller to your computer:
less controller to the computer through the network or directly to
wer cord from the wireless controller to an AC power outlet.
s on the front of the wireless controller:
green Power LED should be lit. If the Power LED is not lit, check the
The Ethernet (LAN) LED should be lit (amber for 10/100 Mbps and green for
2. Log
in to the wir e l es s c on t r ol l e r:
a. Op
en your browser and type http://192.168.0.250 in the browser’s address field.
Note: You need to use a web browser such as Microsoft Internet Explorer
5.1 or later or Mozilla Firefox l.x or later with JavaScript, cookies,
and SSL enabled.
Introduction and Overview
20
ProSafe 20-AP Wireless Controller WC7520
The wireless controller’s login window displays:
Figure 5.
b. When prompted, enter admin for the user name and password for the password,
both in lowercase letters.
c. Click Login. Th
e wireless controller’s web management interface displays, with the
default status screen (the path is Monitor > Controller > Summary), which shows the
network status and related information:
Figure 6.
Note: The Network navigation menu tab displays under the Monitor main
navigation tab only when you have configured stacking.
For information about the layout and general cha
interface, see Web Management Interface Layout on p
Introduction and Overview
21
racteristics of the web management
age 19.
ProSafe 20-AP Wireless Controller WC7520
For information about the network status and related information, see View the
Wireless Controller Summary Screen on p
onfigure the wireless controller and your network:
3. C
a. RF planning. Fol
location of the access points.
low instructions in Chapter 3, RF Planning, to plan the number and
age 180.
b. Configure your network. F
configure your network, including the SSIDs, security
QoS, rate limiting, and so on.
c. Set up the wireless controller. Follow the in
page 27 to select the type of deployment for your network.
d. Add the access points. Follow the
Guidelines on p
controller’s managed access point list.
age 51 to discover your access points and add them to wireless
ollow the instructions in Chapter 4 through Chapter 10 to
, MAC ACLs, captive portal,
structions in System Planning on
steps in Access Point Discovery and Discovery
Basic and Advanced Settings
You can deploy the wireless controller in a small wireless network with 10 or 20 access points
or in a large wireless network with up to 150 access points. Small networks require a basic
configuration, but large networks can become very complex and require you to configure the
advanced features of the wireless controller.
Depending on your network configuration, use basic settings or advanced settings to man age
r access points:
you
• Basic
network configurations. For example, all access points on the WLAN are for the same
organization or business and therefore adhere to the same policies and use a small
number of service set identifiers (SSIDs, or network names).
• Adva
network, or if completely separate networks share a single WLAN, use the advanced
settings to set up multiple access point profile groups with multiple security profiles
(SSIDs with associated security settings). For example, a shopping mall might need
several access point profile groups if several businesses share a WLAN but each
business has its own network. Larger networks could require multiple access point profile
groups to allow different policies per building or department. The access points could
have different security profiles per building and department, for example, one for guests,
one for management, one for sales, and so on.
settings for a typical network. The basic settings work with most common
nced settings for access point profile groups. If you have a large wireless
Note: Access point profile groups are also referred to as just profile
groups.
Profiles, security profiles, and SSIDs (that is, SSIDs with associated
security settings) are terms that are interchangeable.
Introduction and Overview
22
ProSafe 20-AP Wireless Controller WC7520
To accommodate all types of networks, almost all configuration menus of the web
management interface are divided into basic and advanced submenus. The following figure
shows an example of the Security > Wireless > Basic submenu on the left and the
Security > Wireless > Advanced submenu on the right:
Figure 7.
Before you start the configuration of your wireless controller, decide whether you can use a
basic configuration (that is, follow the basic submenus) or need to use an advanced
configuration (that is, follow the advanced submenus). Once you have made your choice,
configuring the wireless controller should be fairly easy if you consistently follow either the
basic submenus or the advanced submenus.
Profile Groups
Each access point can support up to 8 security profiles (16 for dual-band access points),
each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.
The wireless controller follows the same architecture. A profile group on the wireless
contro
8 profiles (16 for dual-band access points), each of which has its own SSID, security, MAC
ACL, rate-limiting settings, WMM settings, and so on.
Basic Profile
The basic profile includes all the settings that are required to configure a fully functional
access point with up to 8 security profiles (16 for dual-band access points).
After you have used the automatic discovery process and added access points to the
manag
basic profile group.
If your network requires the wireless controller to manag
different configurations, use the advanced profile.
ller includes all the features that you can configure for an individual access point: up to
ed AP list on the wireless controller, the access points are assigned by default to the
e multiple access points with
Introduction and Overview
23
ProSafe 20-AP Wireless Controller WC7520
Group-1
Group-2
Group-3
Group-4
Group-5Group-6
Group-7
Group-8
2.4-GHz
radio
5-GHz
radio
Security Profiles
Security Profiles
1
2
34
5678
1
23
4
56
78
Advanced Profile
The advanced profile lets you configure up to 8 access point profile groups. Each group
includes all the settings that are required to configure a fully functional access point with up to
8 security profiles (16 for dual-band access points).
For example, if there are four buildings, each with a completely different wireless network,
simply create four profile groups. You then assign all access points in one building to one
you
profile group, all access points in another building to a second profile group, and so on.
For each profile group, you can create an individual radio-on/off schedule, RF management
tings, MAC ACL authentication, and an authentication server. For each radio in a profile
set
group (2.4-GHz radio and 5-GHz radio), you can create individual wireless settings, WMM,
and rate-limit settings.
The following figure shows the advanced pro
file group architecture. The structure that is
shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):
Figure 8.
The following figure shows an example of three access point profile groups, in which the first
profile group (Group-1) has three security profiles. For each profile in this profile group, the
profile name, radio mode, and authentication setting are shown. (Group-1 is the default group
in the advanced profile group configuration; you need to create the other profiles groups.)
Introduction and Overview
24
Figure 9.
ProSafe 20-AP Wireless Controller WC7520
Choose a Location for the Wireless Controller
The wireless controller is suitable for use in an office environment where it can be
freestanding on its runner feet or mounted into a standard 19-inch equipment rack.
Alternatively, you can rack-mount the wireless controller in a wiring closet or equipment
room. A mounting kit, containing two mounting brackets and screws, is provided in the
wireless controller package.
Consider the following when deciding where to
• The u
• Cabling is away from sources of electrical noise. Th
• W
• Airflow around
• The a
• T
nit is accessible and cables can be connected easily.
ovens, and air-conditioning units.
ater or moisture cannot enter the case of the unit.
the unit and through the vents in the side of the case is not restricted.
Provide a minimum of 25 mm or 1 inch clearance.
ir is as free of dust as possible.
emperature operating limits are not likely to be exceeded. Install the unit in a clean,
air-conditioned environment. For information about the recommended operating
temperatures for the wireless controller, see Appendix A, Factory Default Settings and
Technical Specifications.
position the wireless controller:
ese include lift shafts, microwave
Introduction and Overview
25
ProSafe 20-AP Wireless Controller WC7520
Deploy the Wireless Controller
To deploy the wireless controller:
1. Disconne
it. If necessary, you can now reconfigure the computer that you used in the configuration
process back to its original TCP/IP settings.
2. Connect an Ethern
3. Connect th
outlet. The Power, Test, and Ethernet LEDs should light up. If any of these do not light up,
see Troubleshoot Basic Functioning on p
ct the wireless controller from the computer and place it where you will deploy
et cable from your wireless controller to a LAN port on your network.
e power cord to the wireless controller and plug the power cord into a power
age 194.
Introduction and Overview
26
2. System Planning and Deployment
Scenarios
This chapter includes the following sections:
• System Planning
• Management VLAN and Data VLAN Strategies
• Deployment Scenarios
System Planning
This section includes the following subsections:
• Preinstallation Planning
• Before You Configure a Wireless Controller
• Single Controller Configuration with Basic Profile Group
• Single Controller Configuration with Advanced Profile Groups
• Stacked Controller Configuration
2
Preinstallation Planning
Before you install any wireless controllers, determine the following:
• Numb
• Numb
• 802
NETGEAR recommends that you perform a site survey:
• Run
• Run an
• Iden
• Determine
er of access points required to provide seamless coverage
er of wireless controllers required
.11 frequency band and the channels that are optimal for Wi-Fi usage
a spectrum analysis of channels of the site to determine the current RF behavior and
detect both 802.11 and non-802.11 noise.
access point-to-client connectivity test to determine the maximum throughput
achievable on the client.
tify potential RF obstructions and interference sources.
areas where denser coverage might be required because of heavier usage.
27
ProSafe 20-AP Wireless Controller WC7520
After the survey is complete, use the collected data to set up an RF plan. For more
information, see RF Planning Overview on p
age 41.
Before You Configure a Wireless Controller
These sections assume that you have deployed at least one wireless controller in your
network and are ready to configure the wireless controller. For information about how to
deploy the wireless controller in your network, see the WC7520 ProSafe Wireless Controller
For many configurations, you can use the default
DHCP server, client authentication, and data encryption settings are specific to your
environment. Following are short sections that discuss these settings (with the exception of
IP address settings, which are self-explanatory). For information about how to configure
these settings, see the relevant sections.
wireless settings. The IP address, VLAN,
VLANs
The management VLAN is the dedicated VLAN for access to the wireless controller. All traffic
that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is
carried over the management VLAN.
If the management VLAN is also configured as a tagged VLAN (the most common
con
figuration), the packets to and from the wireless controller carry the 802.1Q VLAN header
with the assigned VLAN number. If the management VLAN is marked as untagged, the
packets that are sent from the wireless controller do not carry the 802.1Q header, and all
untagged packets that are sent to the wireless controller are treated as management VLAN
traffic.
Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs
and switches on your LAN support 802.1Q. If they do not, and you
have not specifically configured a tagged VLAN with the same VLAN
ID on the hubs and switches in your network, IP connectivity might
be lost.
The wireless controller needs to have IP connectivity with the access points through the
management VLAN. If the wireless controller and the access points are on different
management VLANs, external VLAN routing needs to allow IP connectivity between the
wireless controller and the access points.
For information about how to configure management VLANs, see Configure IP and VLAN
Settings o
n page 65.
System Planning and Deployment Scenarios
28
Client VLANs
ProSafe 20-AP Wireless Controller WC7520
Each authenticated wireless user is placed into a VLAN that determines the user
’s DHCP
server, IP address, and Layer 2 connection. Although you could place all authenticated
wireless users into the single VLAN that is specified in the basic security profile, the wireless
controller allows you to group wireless users into separate VLANs based on the wireless
SSID to differentiate access to network resources. For example, you might place authorized
employee users into one VLAN, and itinerant users, such as contractors or guests, into a
separate VLAN. To use different VLANs, you need to create different security profiles.
For information about how to configure regular VLANs, see Manage Rogue Access Points on
page 113.
DHCP Server
The wireless controller can function as a DHCP server and assign IP addresses to both
wireless and wired devices that are connected to it. You can add up to 64 DHCP server
pools, each assigned to a different VLAN.
Client Authentication and Data Encryption
A user needs to authenticate to the WLAN to be able to access WLAN resources. The
wireless controller supports several types of security methods, including those that require an
external RADIUS or LDAP authentication server.
The encryption option that you can select dep
have selected. The following table lists the authentication methods available, with their
corresponding encryption options:
ends upon the authentication method that you
Table 2. Authentication and encryption options
Authentication methodEncryption optionAuthentication server
Open system64-bit, 128-bit, or 152-bit WEP None
Shared Key64-bit, 128-bit, or 152-bit WEP None
WPA-PSK TKIP or TKIP+AESNone
WPA2-PSK AES or TKIP+AESNone
WPA-PSK and WPA2-PSK TKIP+AESNone
WPA TKIP or TKIP+AESOne of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
System Planning and Deployment Scenarios
29
ProSafe 20-AP Wireless Controller WC7520
Table 2. Authentication and encryption options (continued)
Authentication methodEncryption optionAuthentication server
WPA2 AES or TKIP+AESOne of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
WPA and WPA2 TKIP+AESOne of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
For information about how to configure client authentication and data encryption, see
Manage Rogue Access Points on p
age 113.
For information about how to configure au
Servers and Authentication Server Groups on p
thentication servers, see Manage Authentication
age 122.
Single Controller Configuration with Basic Profile Group
A basic configuration consists of a single wireless controller that controls a collection of
access points that are organized into the basic default group.
To set up a single wireless controller system with a basic profile group:
Step ConfigurationWeb management interface path
1.Optional: Create an RF plan.Plans > Layout
2.If you have not yet done so, configure the system settings of the
wireless controller:
1. Configure the country code of operation.
2. Configure the IP address of wireless controller.
3. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged, which is the default setting.
3.Configure up to 8 profiles, and for each profile, do at least the
following:
Configuration > System > General
Configuration > System > IP/VLAN
1. Configure an SSID for wireless access.
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
If required, configure the authentication server.Configuration > Security > Basic >
4.Run the Discovery Wizard and add the access points to the
managed access point list.
System Planning and Deployment Scenarios
30
Configuration > Profile > Basic
Authentication Server
Access Point > Discovery Wizard
Loading...
+ 183 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.