Netgear WC7600 Reference Manual

ProSAFE Wireless Controller WC7600

Reference Manual
June, 2014 202-11414-01
350 East Plumeria Drive San Jose, CA 95134 USA
ProSAFE Wireless Controller WC7600
Support
Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your product and use it to register your product at
https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR
recommends registering your product through the NETGEAR website. For product updates and web support, visit
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR.
Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/general/contact/default.aspx.
Contact your Internet service provider for technical support.
Compliance
For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
See the regulatory compliance document before connecting the power supply.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved.
2
ProSAFE Wireless Controller WC7600
Chapter 1 Introduction
Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Front Panel Ports, Slots, and LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Back Panel Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Bottom Panel with Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
WC7600 Wireless Controller System Components. . . . . . . . . . . . . . . . . . . . . . . 15
NETGEAR ProSAFE Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
What Can You Do with the WC7600 Wireless Controller?. . . . . . . . . . . . . . . . . 18
Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 2 System Planning and Deployment Scenarios
Basic and Advanced Setting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Profile Group Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Basic Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Advanced Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
System Planning Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Preinstallation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Before You Configure a Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
High-Level Configuration Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Single Controller Configuration with Basic Profile Group. . . . . . . . . . . . . . . . 28
Single Controller Configuration with Advanced Profile Groups . . . . . . . . . . . 29
Stacked Controller Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Management VLAN and Data VLAN Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . 31
High-Level Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Scenario Example 1: Network with Single VLAN . . . . . . . . . . . . . . . . . . . . . . . 33
Scenario Example 2: Advanced Network with VLANs and SSIDs. . . . . . . . . . 35
Scenario Example 3: Advanced Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 3 RF Planning
RF Planning Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Planning Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Define and Edit Buildings and Floors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Specify Access Point Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
View and Manage Heat Maps for Deployed Plans . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 4 Installation and Configuration Overview
Connect Your Computer to the Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . 52
Log In to the Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Roadmap for Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Roadmap for Configuring Management of Your Wireless Network. . . . . . . . . . 55
Choose a Location for the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Deploy the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3
ProSAFE Wireless Controller WC7600
Chapter 5 Configure the System and Network Settings and Register the
Licenses
Configure the General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Manage the Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Manage the IP, VLAN, and Link Aggregation Settings. . . . . . . . . . . . . . . . . . . . . 62
Management VLAN Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Untagged VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Link Aggregation Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configure the IP, VLAN, and Link Aggregation Settings . . . . . . . . . . . . . . . . . 63
Manage the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Add a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Change the Settings for a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Remove a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Register Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configure the License Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Register Your Licenses with the License Server . . . . . . . . . . . . . . . . . . . . . . . . 72
Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configure Log, Syslog, Alarm Notification, and Email Settings . . . . . . . . . . . . . 75
Configure Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configure Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Configure Alarm Notification Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configure the Email Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Chapter 6 Manage Security Profiles and Profile Groups
Wireless Security Profile Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Small WLAN Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Large WLAN Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Profile Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Considerations Before You Configure Profiles . . . . . . . . . . . . . . . . . . . . . . . . . 84
Basic and Advanced Security Configuration Concepts . . . . . . . . . . . . . . . . . . 85
Manage Security Profiles for the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . 86
Configure a Profile in the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . 86
Change the Settings for a Profile in the Basic Profile Group . . . . . . . . . . . . . 90
Remove a Profile From the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . . . 91
Manage Security Profiles for Advanced Profile Groups . . . . . . . . . . . . . . . . . . . 91
Add an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Remove an Advanced Profile Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configure a Profile in an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . . 93
Change the Settings for a Profile in an Advanced Profile Group . . . . . . . . . . 98
Remove a Profile From an Advanced Profile Group. . . . . . . . . . . . . . . . . . . . . 99
Network Authentication and Data Encryption Options. . . . . . . . . . . . . . . . . . . . 99
Manage Authentication Servers and Authentication Server Groups. . . . . . . . 104
Authentication Server Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configure Basic Authentication Server Settings . . . . . . . . . . . . . . . . . . . . . . 105
Configure a RADIUS Authentication Server Group . . . . . . . . . . . . . . . . . . . . 107
Remove a RADIUS Authentication Server Group. . . . . . . . . . . . . . . . . . . . . . 109
4
ProSAFE Wireless Controller WC7600
Manage MAC Authentication and MAC Authentication Groups. . . . . . . . . . . . 109
Guidelines for External MAC Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Configure Basic Local MAC Authentication Settings . . . . . . . . . . . . . . . . . . . 110
Remove a MAC Address from a Wireless Client List . . . . . . . . . . . . . . . . . . . 112
Import a MAC List from a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configure a Local MAC Authentication Group . . . . . . . . . . . . . . . . . . . . . . . . 113
Remove a Local MAC Authentication Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Select an ACL for a Profile in the Basic Profile Group . . . . . . . . . . . . . . . . . . 115
Select an ACL for a Profile in an Advanced Profile Group. . . . . . . . . . . . . . . 117
Chapter 7 Discover and Manage Access Points
Access Point Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
General Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Layer 3 Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Remote Access Point Discovery Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Discover Access Points with the Discovery Wizard . . . . . . . . . . . . . . . . . . . . . .123
Discover Access Points in Factory Default State and Access
Points in a Layer 2 Subnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Discover Access Points Installed and Working in
Standalone Mode in Different Layer 3 Networks . . . . . . . . . . . . . . . . . . . . . 127
Manage the Managed AP List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
View the Managed AP List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Change Access Point Information on the Managed AP List . . . . . . . . . . . . . 133
Remove Access Points from the Managed AP List. . . . . . . . . . . . . . . . . . . . . 136
Assign Access Points to Advanced Profile Groups . . . . . . . . . . . . . . . . . . . . . . . 137
Chapter 8 Manage Rogue Access Points,
Guest Network Access, and Users
Manage Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Rogue Access Point Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Configure Basic Rogue Detection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Classify Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Import a List of Known Access Points from a File . . . . . . . . . . . . . . . . . . . . .144
Manage Guest Network Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Portal Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Configure a Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Manage Users, Accounts, and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
User and Account Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Add a Management User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Add a WiFi User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Add a Captive Portal Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Add a Captive Portal User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Change the Settings for a User or Account. . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Remove a User or Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Export a List of Users or Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
5
ProSAFE Wireless Controller WC7600
Chapter 9 Configure Wireless and QoS Settings
Basic and Advanced Wireless and QoS Configuration Concepts . . . . . . . . . . . 162
Configure the Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Configure the Radio for the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . 162
Configure the Radio for an Advanced Profile Group . . . . . . . . . . . . . . . . . . . 164
Configure Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Configure Wireless Settings for the Basic Profile Group. . . . . . . . . . . . . . . . 165
Override Channel and Transmission Power in the Basic Profile Group . . . . 169
Configure Wireless Settings for an Advanced Profile Group . . . . . . . . . . . . 171
Override Channel and Transmission Power in an Advanced
Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Configure Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Specify Radio Frequency Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Radio Frequency Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
WLAN Healing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Configure Radio Frequency Management for the Basic Profile Group . . . . 181
Configure Radio Frequency Management for an Advanced
Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Manage the Preferred Bands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Configure the Preferred Band for WNDAP620 Access
Points in the Basic Profile Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Configure the Preferred Band for WNDAP620 Access
Points in an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Manage Quality of Service for an Advanced Profile Group . . . . . . . . . . . . . . . 188
Quality of Service Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Configure Quality of Service for a Profile Group. . . . . . . . . . . . . . . . . . . . . . 189
Manage Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Load Balancing Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Configure Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Manage Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Rate Limiting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Configure Rate Limiting for the Basic Profile Group . . . . . . . . . . . . . . . . . . . 195
Configure Rate Limiting for an Advanced Profile Group. . . . . . . . . . . . . . . . 196
Chapter 10 Maintain the Wireless Controller and Access Points
Manage the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Back Up the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Restore the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Reboot the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Reset the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Manage External Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Manage Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Specify Session Time-Outs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Manage the System Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Query the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Save the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
6
ProSAFE Wireless Controller WC7600
Clear the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
View Alerts and Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
View System Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
View Radio Frequency Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
View Load-Balancing Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
View Rate-Limit Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
View Redundancy Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
View Stacking Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
Manage Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
View Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Retrieve Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Reboot Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Configure Multicast Firmware Upgrade for Access Points . . . . . . . . . . . . . . . . 224
Change the Multicast Firmware Upgrade Settings . . . . . . . . . . . . . . . . . . . . 225
Disable Multicast Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226
Chapter 11 Manage Stacking and Redundancy
Stacking Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Configure a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Remove a Wireless Controller from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Select Which Wireless Controller in a Stack to Configure. . . . . . . . . . . . . . . . . 233
Manage Redundancy for a Single Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
VRRP Redundancy Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Configure a Single Controller with Redundancy. . . . . . . . . . . . . . . . . . . . . . . 239
Manage a Redundancy Group with N:1 Redundancy. . . . . . . . . . . . . . . . . . . . . 241
VRRP N:1 Redundancy Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Configure a Redundancy Group with N:1 Redundancy . . . . . . . . . . . . . . . . .244
Change a Redundant Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Remove a Redundancy Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Chapter 12 Monitor the Wireless Network and Its Components
Monitor the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
View the Network Summary Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
View the Wireless Controllers in the Network . . . . . . . . . . . . . . . . . . . . . . . . 251
View the Access Points in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
View the Clients in the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
View the Profiles in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Monitor the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
View the Wireless Controller Summary Screen . . . . . . . . . . . . . . . . . . . . . . . 264
View Wireless Controller Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
View Access Points that the Wireless Controller Manages. . . . . . . . . . . . . . 268
View Clients on Access Points that the Wireless Controller Manages . . . . 273
View Neighboring Clients that the Wireless Controller Detects . . . . . . . . . 277
View Neighboring Access Points that the Wireless Controller
Does Not Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
View Security Profiles That the Wireless Controller Manages. . . . . . . . . . . 280
View DHCP Leases That Are Provided by the Wireless Controller . . . . . . . 282
7
ProSAFE Wireless Controller WC7600
View Captive Portal Users on Access Points That the
Wireless Controller Manages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Monitor the SSIDs on the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Monitor Local Clients in the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Chapter 13 Troubleshooting
Troubleshoot Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Power LED Is Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Status LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Ethernet Port LEDs Are Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Troubleshoot the Web Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Check the Ethernet Cabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Check the IP Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Check the Internet Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Troubleshoot a TCP/IP Network Using the Ping Utility . . . . . . . . . . . . . . . . . . . 298
Use the Reset Button to Restore Default Settings . . . . . . . . . . . . . . . . . . . . . . . 299
Resolve Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Resolve Problems with Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Resolve Discovery Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Resolve Connection Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Network Performance and Rogue Access Point Detection. . . . . . . . . . . . . . 301
Use the Diagnostic Tools on the Wireless Controller . . . . . . . . . . . . . . . . . . . . . 301
Ping an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Trace a Route to an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Appendix A Factory Default Settings, Technical Specifications, and
Passwords Requirements
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
8

1. Introduction

This chapter includes the following sections:
Key Features and Capabilities
Package Contents
Hardware Features
WC7600 Wireless Controller System Components
NETGEAR ProSAFE Access Points
What Can You Do with the WC7600 Wireless Controller?
Licenses
Maintenance and Support
Note: For more information about the topics covered in this manual, visit the
support website at support.netgear.com.
1
Note: Firmware updates with new features and bug fixes are made
available from time to time on products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product do not match what is described in this guide, you might need to update your firmware.
downloadcenter.netgear.com. Some
9
ProSAFE Wireless Controller WC7600

Key Features and Capabilities

The NETGEAR ProSAFE Wireless Controller WC7600 is a high-capacity, secured wireless controller intended for medium- to large-sized businesses, higher education institutions, hospitals, and hotels.
One wireless controller with the appropriate licenses can support up to 50 access points (APs) with up to 2,000 users. In a stacked configuration, a stack of three wireless controllers can support up to 6,000 users. The wireless controller supports the IEEE 802.11a/b/g/n protocols and is 802.11ac ready for future deployment. The wireless controller allows you to manage your wireless network from a central point, implement security features centrally, support Layer 2 and Layer 3 fast roaming, configure a guest access captive portal, and support voice over Wi-Fi (VoWi-Fi).
The wireless controller is equipped with two 1/10 Gigabit Ethernet (1/10GbE) slots with standard SFP or SFP+ form factor for optional 10GBASE or 1000BASE GBICs. One RJ-45 Gigabit Ethernet port is available to access the wireless controller for management and for data and control communications between the wireless controller and the access points.
The wireless controller provides the following key features and capabilities:
Scalable architecture with stacking
- Purchased licenses in increments of 10 or 50 access points allow for support of up to
a maximum number of 300 access points on a single wireless controller in a configuration without a stack.
- A maximum of three stacked wireless controllers allows for up to 150 access points
(50 on each wireless controller in a stacked configuration) in a single network.
- Support of 802.11a, 802.11b, 802.11g, and 802.1 1n modes. Ready for 802.11ac mode
for future deployment.
Centralized management
- Single point of management for the entire wireless network.
- Automatic firmware upgrade to all managed access points.
- DHCP server for IP address provisioning.
- Configurable management VLAN.
Introduction
10
ProSAFE Wireless Controller WC7600
Security
- Identity-based security authentication with an external RADIUS or LDAP (Active
Directory) server, or with an internal authentication server.
- Support for nine access point profile groups (one basic and eight advanced) on one
wireless controller.
- Support for up to 8 profiles per access point profile group and 8 profiles per radio
(therefore, dual-band access points can support up to 16 profiles in one access point profile group).
- Support for up to 144 profiles on one wireless controller (8 profiles per access point
group and eight groups per radio). Each profile supports settings for SSID, network authentication, data encryption, client separation, VLAN, MAC ACL, and wireless QoS.
- Rogue access point detection and classification.
- Guest access and captive portal access with cost and expiration accounting.
- Scheduled wireless on/off times.
Wi-Fi Multimedia Quality of Service and advanced wireless features
- Wi-Fi Multimedia (WMM) support for video, audio, and voice over Wi-Fi (VoWi-Fi).
- WMM power save option.
- Automatic WLAN healing mechanism ensures seamless coverage for wireless users.
- Layer 2 and Layer 3 seamless roaming support.
- Local Layer 2 traffic switching and Layer 3 traffic processing at access point level for
fast processing.
Wireless and Radio Frequency (RF) management
- Automatic control of access point transmit power and channel allocation to reduce
interference.
- Automatic load balancing of clients across access points.
- Rate limiting per profile.
- Multicast and broadcast rate limiting
- ARP suppression
Monitoring and reporting
- Monitoring of the status of the network, wireless controllers, WLANs, and clients, and
network usage statistics.
- Specific health monitoring of access points.
- Logging and emailing of system events, RF events, load-balancing events, and
rate-limiting events.
- Context-sensitive search function.
For a list of all features and capabilities of the wireless controller, see the datasheet that you can download from
http://support.netgear.com/product/WC7600.
Introduction
11
ProSAFE Wireless Controller WC7600

Package Contents

The ProSAFE Wireless Controller WC7600 product package contains the following items:
ProSAFE Wireless Controller WC7600 appliance
One
AC power cable
Rubber feet (four) with adhesive backing
One rack-mount kit
Straight-through Category 5 Ethernet cable
ProSAFE W
ireless Controller WC7600 Installation Guide
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair
.

Hardware Features

The front panel ports, slots, and LEDs, back panel components, and bottom label of the wireless controller are described in this section.

Front Panel Ports, Slots, and LEDs

The following figure shows the front panel of the wireless controller.
LED Mode: Green= Link at 10G, Blink Green=10G Active,
ID
Power
Status
Fan
Stack Master
USB
Reset
Yellow=Link at 1G, Blink Yellow=1G Active
Figure 1. Front panel
The following figure shows a close-up of the left side of the front panel.
USB port
ID
Power
Status
Fan
Stack Master
USB
Reset
Reset button LEDs (top to bottom): Power, Status, Fan, Stack Master
Figure 2. Front panel close-up
Digital access point counter
LED Mode: Green= Link at 10G, Blink Green=10G Active, Yellow=Link at 1G, Blink Yellow=1G Active
LED Mode: Left LED: Green=Link at 1G E, Yellow=Link at 10/100M Right LED:Green=Link, Green Blink=Active
Slots and LEDs
for optional SFP and SFP+ GBIC module
LED Mode: Left LED: Green=Link at 1G E, Yellow=Link at 10/100M Right LED:Green=Link, Green Blink=Active
Ethernet port and LEDs
Console 9600,N,8,1
Introduction
12
ProSAFE Wireless Controller WC7600
From left to right, the wireless controller’s front panel shows the following counter, LEDs, button, ports, and slots:
Digital counter. Displays the number of connected access points that are in a healthy
state.
From top to bottom:
- Power LED
- Status LED
- Fan LED
- Stack Master LED
These LEDs are described in Table 1 on page 13.
Reset button. Using a sharp object, press and hold this button for about 10 seconds until
the Status LED flashes and the wireless controller returns to factory default settings. If you reset the wireless controller, all configuration settings are lost and the default password is restored.
USB port. Allows for external storage for floor heat maps, which will be supported in a
future release.
SFP slots. Two SFP slots for optional 10GE SFP+ or 1G SFP gigabit interface
converters (GBICs), each slot with an LED.
Ethernet port. One 10/100/1000 Mbps LAN Ethernet port with an RJ-45 connector, left
LED, and right LED. The Ethernet port provides switched N-way, automatic speed negotiating, auto MDI/MDIX technology.
Console port. RS232 port for connecting to an optional console terminal. The port has a
DB9 male connector. The default baud rate is 9600 K. The configuration is 8 bits, no parity, and 1 stop bit. The console port is for debugging under guidance of NETGEAR technical support only.
The function of each LED is described in the following table:
Table 1. LED functions
LED Status Description Power LED Green The green Power LED should be lit when the wireless controller is on.
Off If the power LED is not lit when the wireless controller is on, check the
connections and check to see if the power outlet is controlled by a wall switch that is turned off (see
Status LED Yellow The wireless controller is initializing. After approximately two minutes, when
the wireless controller has completed its initialization, the Status LED turns green. If the Status LED remains yellow, the initialization has failed (see
Status LED Never Turns Off on page 296).
Power LED Is Not Lit on page 296).
Green The wireless controller has completed its initialization successfully. The
Status LED should be steady green during normal operation.
Introduction
13
ProSAFE Wireless Controller WC7600
Table 1. LED functions (continued)
LED Status Description
Status LED (continued)
Fan LED Green The fans are functioning correctly.
Stack Master LED
SFP slot LEDs Green The slot is operating at 10G.
Left Ethernet port LED
Right Ethernet port LED
Off The wireless controller does not have power. Blinking yellow Firmware is being upgraded.
Yellow One or more fans are not functioning correctly. Green The wireless controller functions as the master controller in a stack. Yellow The wireless controller functions as a slave controller in a stack.
Blinking green Data is being transmitted or received at 10G. Yellow The slot is operating at 1G. Blinking yellow Data is being transmitted or received at 1G. Off The port has no physical link, that is, no Ethernet cable is plugged into the
wireless controller (see Ethernet Port LEDs Are Not Lit on page 297). Green The port has detected a link with a connected Ethernet device. Blinking green The port transmits or receives data. Off The port has no physical link, that is, no Ethernet cable is plugged into the
wireless controller (see Ethernet Port LEDs Are Not Lit on page 297). Green The port is operating at 1000 Mbps. Yellow The port is operating at 100 Mbps or 10 Mbps.

Back Panel Features

The wireless controller comes with a single internal power supply but supports an optional second power supply for power redundancy. The power supplies are hot-swappable.
The following figure shows the back panel of the wireless controller with a single internal power supply, the power supply connector, and two double fans.
Power supply connector
Figure 3. Back panel
Introduction
14
ProSAFE Wireless Controller WC7600
From left to right, the wireless controller’s back panel components are:
Power supply. 100–240V
, 5A, 47–63 Hz power supply, which includes the following
external components:
- AC power socket.
Attach the power cord to this socket. (The wireless controller does
not have a separate on/off power switch.)
- Handle.
- LED.
The handle allows for easy removal and insertion.
The LED is lit green when the power supply functions correctly . If the LED is of f,
power is not supplied to the power supply, or a problem has occurred.
Fans.
Two double fans, each of which can be easily exchanged.

Bottom Panel with Product Label

The product label on the bottom of the wireless controller’s enclosure displays the default IP address, default user name, and default password, as well as regulatory compliance, input power, and other information.
®
ProSAFE Wireless Controller WC7600
This device complies with part 15 of the FCC Rules and Canada CAN ICES-3 (A)/NMB-3(A). Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
DEFAULT ACCESS
http://192.168.0.250 user name: admin password: password
MAC
(LAN)
NETGEAR, INC.NETGEAR, INC. Made in ChinaMade in China
Input Rating: AC 100-240V
10
47-63Hz, 5A max.
SERIAL
272-12101-02
Figure 4. Product label

WC7600 Wireless Controller System Components

A WC7600 wireless controller system consists of one or more wireless controllers and a collection of access points that are organized into groups based on location or network access.
The wireless controller system can include a single wireless controller or a group of up to three stacked wireless controllers. Redundancy is also supported.
Introduction
15
ProSAFE Wireless Controller WC7600
The WC7600 wireless controller system supports the following NETGEAR ProSAFE access point models:
WNAP210v2 ProSAFE Wireless-N Access Point
WNAP320 ProSAFE Wireless-N
WNDAP350 ProSAFE Dual Band Wireless-N
WNDAP360 ProSAFE Dual Band Wireless-N
WNDAP380R ProSAFE Dual Band Wireless-N
WNDAP620 Premium 3x3 Dual Band Wireless-N
WNDAP660 Premium 3x3 Dual Band Concurrent Wireless-N
WN370 ProSAFE W
all Mount Wireless N Access Point
Access Point
Access Point Access Point
Access Point with RFID support
Access Point
Access Point

NETGEAR ProSAFE Access Points

Y ou can connect access points to the wireless controller either directly with an Ethernet cable through a router or switch, or remotely through an IP network. After you have used the automatic discovery process and added access points to the managed access point list on the wireless controller, the wireless controller converts the standard access points to dependent access points by pushing firmware to the access points. From then on, you can centrally manage and monitor the access points.
The following table lists the minimum firmware versions that must run on the standalone access points before you convert them to managed access points:
Table 2. Minimum firmware versions
Access Point Model Minimum Firmware Version on
Standalone Access Point
WNAP210v2 All firmware versions are supported WNAP320 2.1.1 or a newer version WNDAP350 2.1.7 or a newer version WNDAP360 2.1.6 or a newer version WNDAP380R All firmware versions are supported WNAP620 2.0.4 or a newer version WNDAP660 2.0.2 or a newer version WN370 All firmware versions are supported
A WC7600 wireless controller system can support the following access points:
WNAP210v2 ProSAFE W
- Supports 802.1
1b, 802.11g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W
ireless-N Access Point
.
Introduction
16
ProSAFE Wireless Controller WC7600
For product documentation and firmware, visit
http://support.netgear.com/product/WNAP210.
Note: The WNAP210v1 cannot function in a WC7600 wireless controller
system, but the WNAP210v2 can.
WNAP320 ProSAFE Wireless-N Access Point
- Supports 802.11b, 802.11g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNAP320.
WNDAP350 ProSAFE Dual Band Wireless-N Access Point
- Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 10.75W.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP350.
WNDAP360 ProSAFE Dual Band Wireless-N Access Point
- Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 10.51W.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP360.
WNDAP380R ProSAFE Dual Band Wireless-N Access Point with RFID support
- Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 10.51W.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts an RFID module for support of RFID devices and tags.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP380R.
WNAP620 ProSAFE Premium 3x3 Dual Band Wireless-N Access Point
- Supports concurrently 802.11a, 802.11b, 802.11g, and 802.11n network devices.
- Supports 3x3 multiple input, multiple output (MIMO).
- Support speeds of up to 450 Mbps for 802.11n network devices
Introduction
17
ProSAFE Wireless Controller WC7600
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3af standard.
- Operates in either the 2.4 GHz or 5 GHz radio band.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP620.
WNDAP660 ProSAFE Premium 3x3 Dual Band Concurrent Wireless-N Access Point
- Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
- Supports 3x3 multiple input, multiple output (MIMO).
- Support speeds of up to 450 Mbps for 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3at standard.
Note: If your network does not include a PoE device that can provide the
WNDAP660 access point with PoE power according to the 802.3at standard, you can instead use two ports of a PoE device that complies with the 802.3af standard. (The WNDAP660 access point has two Ethernet ports that accept PoE.)
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP660.
WN370 ProSAFE Wall Mounted Wireless-N Access Point
- Supports concurrently 802.11b, 802.11g, and 802.11n network devices.
- Support speeds of up to 300 Mbps for 802.11n network devices
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3af standard.
- Operates in the 2.4 GHz radio band.
For product documentation and firmware, visit
http://support.netgear.com/product/WN370.

What Can You Do with the WC7600 Wireless Controller?

You can perform the following tasks with a WC7600 wireless controller:
Organize the Network
- Create access point profiles. Organize access points in profiles to differentiate
between SSIDs, client authentication, authentication settings, and wireless QoS
settings.
Introduction
18
ProSAFE Wireless Controller WC7600
- Create access point profile groups. Organize access point profiles in access point
profile groups to differentiate between buildings, floors, businesses, business divisions, and so on. Easily assign access points to profile groups or change assignments.
For more information, see Chapter 6, Manage Security Profiles and Profile Groups.
Discover Access Points in the Network and Provision IP Addresses and Firmware
- Discover access points in the network. The access points can be in factory default
state or functioning in standalone mode, but after discovery by the wireless controller and addition to the managed access point list, the access points become dependent (managed) access points.
- Provision IP addresses to the access points. Use the internal DHCP server to
provision IP addresses to all or selected managed access points in the network.
- Upgrade access point firmware. Update and synchronize new firmware versions to
all managed access points in the network.
For more information, see Chapter 7, Discover and Manage Access Points.
Centrally Manage Security in the Network
- Manage secure access to the network and secure data transmission. Manage
client authentication, encryption, wireless client security separation, and MAC authentication in access point profiles.
- Manage authentication servers for the network. Manage all internal and external
authentication servers for the entire network or for access point profile groups.
- Manage MAC authentication. Specify trusted and untrusted MAC addresses for the
entire network.
- Manage rogue access points. Manage rogue access points and their associated
clients in the network.
- Manage guest access. Manage guest access and captive portal access to the
network.
For more information, see Chapter 8, Manage Rogue Access Points, Guest Network
Access, and Users.
Centrally Manage the Wireless Settings for the Network
- Schedule the radios. Schedule the entire network to go offline, or schedule access
point profile groups to go offline.
- Manage wireless settings and channel allocation. Manage the wireless settings
such as wireless mode, data rate, and channel width for the entire network or for access point profile groups, and manage channel allocation for the entire network.
- Manage QoS settings. Manage QoS queue settings for data, background, video,
and voice traffic for access point profile groups.
- Configure RF management settings. Configure WLAN healing and wireless
coverage hole detection for the entire network or for access point profile groups.
For more information, see Chapter 9, Configure Wireless and QoS Settings.
Introduction
19
ProSAFE Wireless Controller WC7600
Manage Other Wireless Controllers in the Network
- Manage stacking. Specify the master and slave wireless controllers in a stack and
synchronize information between the wireless controller.
For more information, see Chapter 11, Manage Stacking and Redundancy.
Monitor the Network and Its Components
- Monitor the status of all wireless devices. View the status of the wireless
controllers, access points, clients, access point profiles, and the entire network, and view network usage statistics.
- Monitor network health. See which access points are healthy and which ones are
down or compromised.
For more information, see Chapter 12, Monitor the Wireless Network and Its
Components.

Licenses

By default, the wireless controller comes with a trial license for five access points. You must purchase and register licenses for the access points in your network. Licenses are tied to the serial number of the wireless controller.
You can purchase a single 50–access point license or licenses in 10–,or 50–access point increments for support of up to 150
10–AP license. WC10APL
50–AP license. WC50APL
If you have three wireless controllers in a stack and want to support the maximum number of 150 access points in a stacked configuration, you must purchase three WC50APL licenses (or a combination of other licenses that add up to a total of 150 access points).
For more information, see the datasheet that you can download from
http://support.netgear.com/product/WC7600.
For information about how to register and manage your licenses, see Register Your Licenses on page 70 and Manage Licenses on page 219.
access points on a single wireless controller:

Maintenance and Support

NETGEAR offers technical support seven days a week, 24 hours a day. Information about support is available on the NETGEAR ProSupport website at
http://kb.netgear.com/app/answers/detail/a_id/212.
Introduction
20
2. System Planning and Deployment
Scenarios
This chapter includes the following sections:
Basic and Advanced Setting Concepts
Profile Group Concepts
System Planning Concepts
High-Level Configuration Examples
Management VLAN and Data VLAN Strategies
High-Level Deployment Scenarios
2
21
ProSAFE Wireless Controller WC7600

Basic and Advanced Setting Concepts

You can deploy the wireless controller in a small wireless network with 10 access points or in a large wireless network with up to 150 access points. Small networks require a basic configuration, but large networks can become complex and require you to configure the advanced features of the wireless controller.
Depending on your network configuration, use basic settings or advanced settings to manage your access points:
Basic settings for a typical network.
network configurations. For example, all access points on the WLAN are for the same organization or business and therefore adhere to the same policies and use a few service set identifiers (SSIDs, or network names).
Advanced settings for access point profile groups. If you have a large wireless
network, or if separate networks share a single WLAN, use the advanced settings to set up multiple access point profile groups with multiple security profiles (SSIDs with associated security settings). For example, a shopping mall might need several access point profile groups if several businesses share a WLAN but each business has its own network. Larger networks could require multiple access point profile groups to allow
ferent policies per building or department. The access points could have different
dif security profiles per building and department, for example, one for guests, one for management, and one for sales.
Note: Access point profile groups are also referred to as just profile groups.
Profiles, security profiles, and SSIDs (that is, SSIDs with associated security settings) are terms that are interchangeable.
To accommodate all types of networks, almost all configuration menus of the web management interface are divided into basic and advanced submenus. shows an example of the Configuration > Security > Basic submenu on the left and the Configuration > Security > Advanced submenu on the right:
The basic settings work with most common
The following figure
Figure 5. Basic and advanced submenus
System Planning and Deployment Scenarios
22
ProSAFE Wireless Controller WC7600
Before you start the configuration of your wireless controller, decide whether you can use a basic configuration (that is, follow the Basic submenus) or need to use an advanced configuration (that is, follow the Advanced submenus). Once you have made your choice, configuring the wireless controller should be fairly easy if you consistently follow either the Basic submenus or the Advanced submenus.

Profile Group Concepts

Each access point can support up to eight security profiles (16 for dual-band access points), each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.
The wireless controller follows the same architecture. A profile group on the wireless controller includes all the features that you can configure for an individual access point: up to eight profiles (16 for dual-band access points), each of which has its own SSID, security, MAC ACL, rate-limiting settings, WMM settings, and so on.

Basic Profile

The basic profile includes all the settings that are required to configure a fully functional access point with up to eight security profiles (16 for dual-band access points).
After you have used the automatic discovery process and added access points to the managed AP list on the wireless controller, the access points are assigned by default to the basic profile group.
If your network requires the wireless controller to manage multiple access points with different configurations, use the advanced profile.

Advanced Profile

The advanced profile lets you configure up to eight access point profile groups. Each group includes all the settings that are required to configure a fully functional access point with up to eight security profiles (16 for dual-band access points).
For example, if your company has four buildings, each with a different wireless network, you simply create four profile groups. You then assign all access points in one building to one profile group, all access points in another building to a second profile group, and so on.
For each profile group, you can create an individual radio on/off schedule, RF management settings, MAC ACL authentication, and an authentication server. For each radio in a profile group (2.4 GHz radio and 5 GHz radio), you can create individual wireless settings, WMM, and rate-limit settings.
The following figure shows the advanced profile group architecture. The structure that is shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):
System Planning and Deployment Scenarios
23
ProSAFE Wireless Controller WC7600
Group-1
Group-2
Group-3
Group-4
2.4 GHz radio
1
2
34
5678
Security profiles
Figure 6. Advanced profile group architecture
Group-5
5 GHz radio
1
Group-6
23
Security profiles
Group-7
4
56
Group-8
78
The following figure shows an example of three access point profile groups, in which the first profile group (Group-1) has five security profiles. For each profile in this profile group, the profile name, radio mode, and authentication setting are shown. (Group-1 is the default group in the advanced profile group configuration; you must create the other profiles groups.)
Figure 7. Example of profile groups with security profiles
System Planning and Deployment Scenarios
24
ProSAFE Wireless Controller WC7600

System Planning Concepts

This section includes the following subsections:
Preinstallation Planning
Before You Configure a Wireless Controller

Preinstallation Planning

Before you install any wireless controllers, determine the following:
Number of access points required to provide seamless coverage
Number of licenses required to cover all access points that must be managed
Number of wireless controllers required
802.11 frequency band and the channels that are optimal for WiFi usage
NETGEAR recommends that you perform a site survey:
To determine the current RF behavior and detect both 802.11 and non-802.11 noise, run
a spectrum analysis of the channels of the site.
To determine the maximum throughput that is achievable on the client, run an access
point-to-client connectivity test.
Identify potential RF obstructions and interference sources.
Determine areas where denser coverage might be required because of heavier usage.

Before You Configure a Wireless Controller

These sections assume that you have deployed at least one wireless controller in your network and are ready to configure the wireless controller. For information about how to deploy the wireless controller in your network, see the ProSAFE Wireless Controller WC7600 Installation Guide that you can download from
For many configurations, you can use the default wireless settings. The IP address, VLAN, DHCP server, client authentication, and data encryption settings are specific to your environment. Following are short sections that describe these settings (except for IP address settings, which are self-explanatory). For information about how to configure these settings, see the relevant sections.
Management VLAN
http://support.netgear.com/product/WC7600.
The management VLAN is the dedicated VLAN for access to the wireless controller. All traf fic that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is carried over the management VLAN.
If the management VLAN is also configured as a tagged VLAN (the most common configuration), the packets to and from the wireless controller carry the 802.1Q VLAN header with the assigned VLAN number. If the management VLAN is marked as untagged, the packets that are sent from the wireless controller do not carry the 802.1Q header, and all
System Planning and Deployment Scenarios
25
ProSAFE Wireless Controller WC7600
untagged packets that are sent to the wireless controller are treated as management VLAN traffic.
Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs
and switches on your LAN support 802.1Q. If they do not, and you have not configured a tagged VLAN with the same VLAN ID on the hubs and switches in your network, IP connectivity might be lost.
The wireless controller must have IP connectivity with the access points through the management VLAN. If the wireless controller and the access points are on different management VLANs, external VLAN routing must allow IP connectivity between the wireless controller and the access points.
For information about how to configure management VLANs, see Manage the IP, VLAN, and
Link Aggregation Settings on page 62.
Client VLANs
Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP server, IP address, and Layer 2 connection. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile, the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources. For example, you might place authorized employee users into one VLAN, and itinerant users, such as contractors or guests, into a separate VLAN. To use different VLANs, you must create different security profiles.
For information about how to configure regular VLANs, see Manage the IP, VLAN, and Link
Aggregation Settings on page 62.
DHCP Server
The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it. You can add up to 64 DHCP server pools, each assigned to a different VLAN.
DHCP option 43 (vendor-specific information) must be enabled on an external DHCP server. Specifying an internal DHCP server on the wireless controller automatically enables DHCP option 43 with the IP address of the wireless controller.
Client Authentication and Data Encryption
A user must authenticate to the WLAN to be able to access WLAN resources. The wireless
controller supports several types of security methods, including those methods that require an external RADIUS or LDAP authentication server.
System Planning and Deployment Scenarios
26
ProSAFE Wireless Controller WC7600
The encryption option that you can select depends upon the authentication method that you have selected. The following table lists the authentication methods available, with their corresponding encryption options:
Table 3. Authentication and encryption options
Authentication Method Encryption Option Authentication Server
Open System 64-bit, 128-bit, or 152-bit WEP None Shared Key 64-bit, 128-bit, or 152-bit WEP None WPA-PSK TKIP or TKIP+AES None WPA2-PSK AES or TKIP+AES None WPA-PSK and WPA2-PSK TKIP+AES None WPA TKIP or TKIP+AES One of the following authentication servers:
External RADIUS server
Internal authentication server
External LDAP server
WPA2 AES or TKIP+AES One of the following authentication servers:
External RADIUS server
Internal authentication server
External LDAP server
WPA and WPA2 TKIP+AES One of the following authentication servers:
External RADIUS server
Internal authentication server
External LDAP server
For information about how to configure client authentication, data encryption, and authentication servers, see Chapter 6, Manage Security Profiles and Profile Groups.
System Planning and Deployment Scenarios
27
ProSAFE Wireless Controller WC7600

High-Level Configuration Examples

This section includes the following subsections:
Single Controller Configuration with Basic Profile Group
Single Controller Configuration with Advanced Profile Groups
Stacked Controller Configuration

Single Controller Configuration with Basic Profile Group

A basic configuration consists of a single wireless controller that controls a collection of
access points that are organized into the basic default group.
To set up a single wireless controller system with a basic profile group:
Step Configuration Web Management Interface Path
1. Configure the system and network settings of the wireless
controller:
1. Configure the country code of operation.
2. Configure the time settings.
3. Configure the IP address of the wireless controller.
4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged. By default, VLAN 1 an untagged management VLAN.
5. DHCP option 43 (vendor-specific information) must be
enabled on an external DHCP server. If no network DHCP
server is accessible to the access points, configure the wireless controller’s DHCP server. Specifying an internal
DHCP server on the wireless controller automatically enables DHCP option 43 with the IP address of the wireless controller.
2. Configure up to eight profiles, and for each profile, do at least the following:
1. Configure an SSID for wireless access.
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
Configuration > System > General Configuration > System > Time Configuration > System > IP/VLAN
Configuration > System > DHCP Server
Configuration > Profile > Basic
4. If necessary for the selected network authentication option,
configure the authentication server.
3. Run the Discovery Wizard and add the access points to the managed access point list.
System Planning and Deployment Scenarios
28
Configuration > Security > Basic > Authentication Server
Access Point > Discovery Wizard
ProSAFE Wireless Controller WC7600

Single Controller Configuration with Advanced Profile Groups

A more complex configuration consists of a single wireless controller that controls a collection of access points that are organized in access point profile groups and might use several profiles in each access point profile group.
To set up a single wireless controller system with advanced profile groups:
Step Configuration Web Management Interface Path
1. Configure the system and network settings of the wireless
controller:
1. Configure the country code of operation.
2. Configure the time settings.
3. Configure the IP address of the wireless controller.
4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged. By default, VLAN 1 an untagged management VLAN.
5. DHCP option 43 (vendor-specific information) must be
enabled on an external DHCP server. If no network DHCP
server is accessible to the access points, configure the wireless controller’s DHCP server. Specifying an internal
DHCP server on the wireless controller automatically enables DHCP option 43 with the IP address of the wireless controller.
2. Configure up to eight access point profile groups, and for each access point profile in a group, do at least the following:
1. Configure an SSID for wireless access.
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
Configuration > System > General Configuration > System > Time Configuration > System > IP/VLAN
Configuration > System > DHCP Server
Configuration > Profile > Advanced
4. If necessary for the selected network authentication option,
configure the authentication server.
3. Run the Discovery Wizard and add the access points to the managed access point list.
4. Assign the access points to the access point profile groups (also referred to as WLAN groups).
System Planning and Deployment Scenarios
29
Configuration > Security > Advanced > Authentication Server
Access Point > Discovery Wizard
Configuration > WLAN Network
ProSAFE Wireless Controller WC7600

Stacked Controller Configuration

A stacked controller configuration can consist of up to three wireless controllers and up to
150 access points.
Note: If the stack members are on different floors or in different buildings, you
could configure a separate access point profile group for each building or floor.
To set up a stacked controller configuration:
Step Configuration Web management interface path
1. On each individual wireless controller that you intend to make a
stack member, configure the system and network settings of the wireless controller:
1. Configure the country code of operation.
2. Configure the time settings.
3. Configure the IP address of the wireless controller.
4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged. By default, VLAN 1 an untagged management VLAN.
5. DHCP option 43 (vendor-specific information) must be
enabled on an external DHCP server. If no network DHCP
server is accessible to the access points, configure the wireless controller’s DHCP server. Specifying an internal
DHCP server on the wireless controller automatically enables DHCP option 43 with the IP address of the wireless controller.
2. Configure the master wireless controller and deploy it in the network.
Configure up to eight access point profile groups, and for each access point profile in a group, do at least the following:
1. Configure an SSID for wireless access.
Configuration > System > General Configuration > System > Time Configuration > System > IP/VLAN
Configuration > System > DHCP Server
Configuration > Profile > Advanced
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
4. If necessary for the selected network authentication option,
configure the authentication server.
System Planning and Deployment Scenarios
30
Configuration > Security > Advanced > Authentication Server
Loading...
+ 277 hidden pages