•What Can You Do with the WC7600 Wireless Controller?
•Licenses
•Maintenance and Support
Note: For more information about the topics covered in this manual, visit the
support website at support.netgear.com.
1
Note: Firmware updates with new features and bug fixes are made
available from time to time on
products can regularly check the site and download new firmware, or
you can check for and download new firmware manually. If the
features or behavior of your product do not match what is described in
this guide, you might need to update your firmware.
downloadcenter.netgear.com. Some
9
ProSAFE Wireless Controller WC7600
Key Features and Capabilities
The NETGEAR ProSAFE Wireless Controller WC7600 is a high-capacity, secured wireless
controller intended for medium- to large-sized businesses, higher education institutions,
hospitals, and hotels.
One wireless controller with the appropriate licenses can support up to 50 access points
(APs) with up to 2,000 users. In a stacked configuration, a stack of three wireless controllers
can support up to 6,000 users. The wireless controller supports the IEEE 802.11a/b/g/n
protocols and is 802.11ac ready for future deployment. The wireless controller allows you to
manage your wireless network from a central point, implement security features centrally,
support Layer 2 and Layer 3 fast roaming, configure a guest access captive portal, and
support voice over Wi-Fi (VoWi-Fi).
The wireless controller is equipped with two 1/10 Gigabit Ethernet (1/10GbE) slots with
standard SFP or SFP+ form factor for optional 10GBASE or 1000BASE GBICs. One RJ-45
Gigabit Ethernet port is available to access the wireless controller for management and for
data and control communications between the wireless controller and the access points.
The wireless controller provides the following key features and capabilities:
•Scalable architecture with stacking
-Purchased licenses in increments of 10 or 50 access points allow for support of up to
a maximum number of 300 access points on a single wireless controller in a
configuration without a stack.
-A maximum of three stacked wireless controllers allows for up to 150 access points
(50 on each wireless controller in a stacked configuration) in a single network.
-Support of 802.11a, 802.11b, 802.11g, and 802.1 1n modes. Ready for 802.11ac mode
for future deployment.
•Centralized management
-Single point of management for the entire wireless network.
-Automatic firmware upgrade to all managed access points.
-DHCP server for IP address provisioning.
-Configurable management VLAN.
Introduction
10
ProSAFE Wireless Controller WC7600
•Security
-Identity-based security authentication with an external RADIUS or LDAP (Active
Directory) server, or with an internal authentication server.
-Support for nine access point profile groups (one basic and eight advanced) on one
wireless controller.
-Support for up to 8 profiles per access point profile group and 8 profiles per radio
(therefore, dual-band access points can support up to 16 profiles in one access point
profile group).
-Support for up to 144 profiles on one wireless controller (8 profiles per access point
group and eight groups per radio). Each profile supports settings for SSID, network
authentication, data encryption, client separation, VLAN, MAC ACL, and wireless
QoS.
-Rogue access point detection and classification.
-Guest access and captive portal access with cost and expiration accounting.
-Scheduled wireless on/off times.
•Wi-Fi Multimedia Quality of Service and advanced wireless features
-Wi-Fi Multimedia (WMM) support for video, audio, and voice over Wi-Fi (VoWi-Fi).
-WMM power save option.
-Automatic WLAN healing mechanism ensures seamless coverage for wireless users.
-Layer 2 and Layer 3 seamless roaming support.
-Local Layer 2 traffic switching and Layer 3 traffic processing at access point level for
fast processing.
•Wireless and Radio Frequency (RF) management
-Automatic control of access point transmit power and channel allocation to reduce
interference.
-Automatic load balancing of clients across access points.
-Rate limiting per profile.
-Multicast and broadcast rate limiting
-ARP suppression
•Monitoring and reporting
-Monitoring of the status of the network, wireless controllers, WLANs, and clients, and
network usage statistics.
-Specific health monitoring of access points.
-Logging and emailing of system events, RF events, load-balancing events, and
rate-limiting events.
-Context-sensitive search function.
For a list of all features and capabilities of the wireless controller, see the datasheet that you
can download from
http://support.netgear.com/product/WC7600.
Introduction
11
ProSAFE Wireless Controller WC7600
Package Contents
The ProSAFE Wireless Controller WC7600 product package contains the following items:
•ProSAFE Wireless Controller WC7600 appliance
•One
AC power cable
•Rubber feet (four) with adhesive backing
•One rack-mount kit
•Straight-through Category 5 Ethernet cable
•ProSAFE W
ireless Controller WC7600 Installation Guide
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep
the carton, including the original packing materials, in case you need to return the product for
repair
.
Hardware Features
The front panel ports, slots, and LEDs, back panel components, and bottom label of the
wireless controller are described in this section.
Front Panel Ports, Slots, and LEDs
The following figure shows the front panel of the wireless controller.
LED Mode:
Green= Link at 10G, Blink Green=10G Active,
ID
Power
Status
Fan
Stack
Master
USB
Reset
Yellow=Link at 1G, Blink Yellow=1G Active
Figure 1. Front panel
The following figure shows a close-up of the left side of the front panel.
LED Mode:
Green= Link at 10G, Blink Green=10G Active,
Yellow=Link at 1G, Blink Yellow=1G Active
LED Mode:
Left LED: Green=Link at 1G E,
Yellow=Link at 10/100M
Right LED:Green=Link,
Green Blink=Active
Slots and LEDs
for optional
SFP and SFP+
GBIC module
LED Mode:
Left LED: Green=Link at 1G E,
Yellow=Link at 10/100M
Right LED:Green=Link,
Green Blink=Active
Ethernet port and LEDs
Console 9600,N,8,1
Introduction
12
ProSAFE Wireless Controller WC7600
From left to right, the wireless controller’s front panel shows the following counter, LEDs,
button, ports, and slots:
•Digital counter. Displays the number of connected access points that are in a healthy
state.
•From top to bottom:
-Power LED
-Status LED
-Fan LED
-Stack Master LED
These LEDs are described in Table 1 on page 13.
•Reset button. Using a sharp object, press and hold this button for about 10 seconds until
the Status LED flashes and the wireless controller returns to factory default settings. If
you reset the wireless controller, all configuration settings are lost and the default
password is restored.
•USB port. Allows for external storage for floor heat maps, which will be supported in a
future release.
•SFP slots. Two SFP slots for optional 10GE SFP+ or 1G SFP gigabit interface
converters (GBICs), each slot with an LED.
•Ethernet port. One 10/100/1000 Mbps LAN Ethernet port with an RJ-45 connector, left
LED, and right LED. The Ethernet port provides switched N-way, automatic speed
negotiating, auto MDI/MDIX technology.
•Console port. RS232 port for connecting to an optional console terminal. The port has a
DB9 male connector. The default baud rate is 9600 K. The configuration is 8 bits, no
parity, and 1 stop bit. The console port is for debugging under guidance of NETGEAR
technical support only.
The function of each LED is described in the following table:
Table 1. LED functions
LEDStatusDescription
Power LEDGreenThe green Power LED should be lit when the wireless controller is on.
OffIf the power LED is not lit when the wireless controller is on, check the
connections and check to see if the power outlet is controlled by a wall
switch that is turned off (see
Status LEDYellowThe wireless controller is initializing. After approximately two minutes, when
the wireless controller has completed its initialization, the Status LED turns
green. If the Status LED remains yellow, the initialization has failed (see
Status LED Never Turns Off on page 296).
Power LED Is Not Lit on page 296).
GreenThe wireless controller has completed its initialization successfully. The
Status LED should be steady green during normal operation.
Introduction
13
ProSAFE Wireless Controller WC7600
Table 1. LED functions (continued)
LEDStatusDescription
Status LED
(continued)
Fan LEDGreenThe fans are functioning correctly.
Stack Master
LED
SFP slot LEDs GreenThe slot is operating at 10G.
Left Ethernet
port LED
Right Ethernet
port LED
OffThe wireless controller does not have power.
Blinking yellowFirmware is being upgraded.
YellowOne or more fans are not functioning correctly.
GreenThe wireless controller functions as the master controller in a stack.
YellowThe wireless controller functions as a slave controller in a stack.
Blinking greenData is being transmitted or received at 10G.
YellowThe slot is operating at 1G.
Blinking yellowData is being transmitted or received at 1G.
OffThe port has no physical link, that is, no Ethernet cable is plugged into the
wireless controller (see Ethernet Port LEDs Are Not Lit on page 297).
GreenThe port has detected a link with a connected Ethernet device.
Blinking greenThe port transmits or receives data.
OffThe port has no physical link, that is, no Ethernet cable is plugged into the
wireless controller (see Ethernet Port LEDs Are Not Lit on page 297).
GreenThe port is operating at 1000 Mbps.
YellowThe port is operating at 100 Mbps or 10 Mbps.
Back Panel Features
The wireless controller comes with a single internal power supply but supports an optional
second power supply for power redundancy. The power supplies are hot-swappable.
The following figure shows the back panel of the wireless controller with a single internal
power supply, the power supply connector, and two double fans.
Power supply connector
Figure 3. Back panel
Introduction
14
ProSAFE Wireless Controller WC7600
From left to right, the wireless controller’s back panel components are:
•Power supply. 100–240V
, 5A, 47–63 Hz power supply, which includes the following
external components:
-AC power socket.
Attach the power cord to this socket. (The wireless controller does
not have a separate on/off power switch.)
-Handle.
-LED.
The handle allows for easy removal and insertion.
The LED is lit green when the power supply functions correctly . If the LED is of f,
power is not supplied to the power supply, or a problem has occurred.
•Fans.
Two double fans, each of which can be easily exchanged.
Bottom Panel with Product Label
The product label on the bottom of the wireless controller’s enclosure displays the default IP
address, default user name, and default password, as well as regulatory compliance, input
power, and other information.
®
ProSAFE Wireless Controller WC7600
This device complies with part 15 of the FCC Rules and Canada CAN ICES-3 (A)/NMB-3(A). Operation
is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this
device must accept any interference received, including interference that may cause undesired operation.
DEFAULT ACCESS
http://192.168.0.250
user name: admin
password: password
MAC
(LAN)
NETGEAR, INC.NETGEAR, INC.Made in ChinaMade in China
Input Rating: AC 100-240V
10
47-63Hz, 5A max.
SERIAL
272-12101-02
Figure 4. Product label
WC7600 Wireless Controller System Components
A WC7600 wireless controller system consists of one or more wireless controllers and a
collection of access points that are organized into groups based on location or network
access.
The wireless controller system can include a single wireless controller or a group of up to
three stacked wireless controllers. Redundancy is also supported.
Introduction
15
ProSAFE Wireless Controller WC7600
The WC7600 wireless controller system supports the following NETGEAR ProSAFE access
point models:
•WNAP210v2 ProSAFE Wireless-N Access Point
•WNAP320 ProSAFE Wireless-N
•WNDAP350 ProSAFE Dual Band Wireless-N
•WNDAP360 ProSAFE Dual Band Wireless-N
•WNDAP380R ProSAFE Dual Band Wireless-N
•WNDAP620 Premium 3x3 Dual Band Wireless-N
•WNDAP660 Premium 3x3 Dual Band Concurrent Wireless-N
•WN370 ProSAFE W
all Mount Wireless N Access Point
Access Point
Access Point
Access Point
Access Point with RFID support
Access Point
Access Point
NETGEAR ProSAFE Access Points
Y ou can connect access points to the wireless controller either directly with an Ethernet cable
through a router or switch, or remotely through an IP network. After you have used the
automatic discovery process and added access points to the managed access point list on
the wireless controller, the wireless controller converts the standard access points to
dependent access points by pushing firmware to the access points. From then on, you can
centrally manage and monitor the access points.
The following table lists the minimum firmware versions that must run on the standalone
access points before you convert them to managed access points:
Table 2. Minimum firmware versions
Access Point ModelMinimum Firmware Version on
Standalone Access Point
WNAP210v2All firmware versions are supported
WNAP3202.1.1 or a newer version
WNDAP3502.1.7 or a newer version
WNDAP3602.1.6 or a newer version
WNDAP380RAll firmware versions are supported
WNAP6202.0.4 or a newer version
WNDAP6602.0.2 or a newer version
WN370All firmware versions are supported
A WC7600 wireless controller system can support the following access points:
•WNAP210v2 ProSAFE W
-Supports 802.1
1b, 802.11g, and 802.11n network devices.
-Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W
ireless-N Access Point
.
Introduction
16
ProSAFE Wireless Controller WC7600
For product documentation and firmware, visit
http://support.netgear.com/product/WNAP210.
Note: The WNAP210v1 cannot function in a WC7600 wireless controller
system, but the WNAP210v2 can.
•WNAP320 ProSAFE Wireless-N Access Point
-Supports 802.11b, 802.11g, and 802.11n network devices.
-Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.
-Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNAP320.
•WNDAP350 ProSAFE Dual Band Wireless-N Access Point
-Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
-Supports Power over Ethernet (PoE) with a power consumption of up to 10.75W.
-Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
-Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP350.
•WNDAP360 ProSAFE Dual Band Wireless-N Access Point
-Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
-Supports Power over Ethernet (PoE) with a power consumption of up to 10.51W.
-Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
-Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP360.
•WNDAP380R ProSAFE Dual Band Wireless-N Access Point with RFID support
-Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices.
-Supports Power over Ethernet (PoE) with a power consumption of up to 10.51W.
-Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
-Accepts an RFID module for support of RFID devices and tags.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP380R.
•WNAP620 ProSAFE Premium 3x3 Dual Band Wireless-N Access Point
-Supports concurrently 802.11a, 802.11b, 802.11g, and 802.11n network devices.
-Support speeds of up to 450 Mbps for 802.11n network devices.
-Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3at standard.
Note: If your network does not include a PoE device that can provide the
WNDAP660 access point with PoE power according to the 802.3at
standard, you can instead use two ports of a PoE device that complies
with the 802.3af standard. (The WNDAP660 access point has two
Ethernet ports that accept PoE.)
-Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
-Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP660.
•WN370 ProSAFE Wall Mounted Wireless-N Access Point
-Supports concurrently 802.11b, 802.11g, and 802.11n network devices.
-Support speeds of up to 300 Mbps for 802.11n network devices
-Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3af standard.
-Operates in the 2.4 GHz radio band.
For product documentation and firmware, visit
http://support.netgear.com/product/WN370.
What Can You Do with the WC7600 Wireless Controller?
You can perform the following tasks with a WC7600 wireless controller:
•Organize the Network
-Create access point profiles. Organize access points in profiles to differentiate
between SSIDs, client authentication, authentication settings, and wireless QoS
settings.
Introduction
18
ProSAFE Wireless Controller WC7600
-Create access point profile groups. Organize access point profiles in access point
profile groups to differentiate between buildings, floors, businesses, business
divisions, and so on. Easily assign access points to profile groups or change
assignments.
For more information, see Chapter 6, Manage Security Profiles and Profile Groups.
•Discover Access Points in the Network and Provision IP Addresses and Firmware
-Discover access points in the network. The access points can be in factory default
state or functioning in standalone mode, but after discovery by the wireless controller
and addition to the managed access point list, the access points become dependent
(managed) access points.
-Provision IP addresses to the access points. Use the internal DHCP server to
provision IP addresses to all or selected managed access points in the network.
-Upgrade access point firmware. Update and synchronize new firmware versions to
all managed access points in the network.
For more information, see Chapter 7, Discover and Manage Access Points.
•Centrally Manage Security in the Network
-Manage secure access to the network and secure data transmission. Manage
client authentication, encryption, wireless client security separation, and MAC
authentication in access point profiles.
-Manage authentication servers for the network. Manage all internal and external
authentication servers for the entire network or for access point profile groups.
-Manage MAC authentication. Specify trusted and untrusted MAC addresses for the
entire network.
-Manage rogue access points. Manage rogue access points and their associated
clients in the network.
-Manage guest access. Manage guest access and captive portal access to the
network.
For more information, see Chapter 8, Manage Rogue Access Points, Guest Network
Access, and Users.
•Centrally Manage the Wireless Settings for the Network
-Schedule the radios. Schedule the entire network to go offline, or schedule access
point profile groups to go offline.
-Manage wireless settings and channel allocation. Manage the wireless settings
such as wireless mode, data rate, and channel width for the entire network or for
access point profile groups, and manage channel allocation for the entire network.
and voice traffic for access point profile groups.
-Configure RF management settings. Configure WLAN healing and wireless
coverage hole detection for the entire network or for access point profile groups.
For more information, see Chapter 9, Configure Wireless and QoS Settings.
Introduction
19
ProSAFE Wireless Controller WC7600
•Manage Other Wireless Controllers in the Network
-Manage stacking. Specify the master and slave wireless controllers in a stack and
synchronize information between the wireless controller.
For more information, see Chapter 11, Manage Stacking and Redundancy.
•Monitor the Network and Its Components
-Monitor the status of all wireless devices. View the status of the wireless
controllers, access points, clients, access point profiles, and the entire network, and
view network usage statistics.
-Monitor network health. See which access points are healthy and which ones are
down or compromised.
For more information, see Chapter 12, Monitor the Wireless Network and Its
Components.
Licenses
By default, the wireless controller comes with a trial license for five access points. You must
purchase and register licenses for the access points in your network. Licenses are tied to the
serial number of the wireless controller.
You can purchase a single 50–access point license or licenses in 10–,or 50–access point
increments for support of up to 150
•10–AP license. WC10APL
•50–AP license. WC50APL
If you have three wireless controllers in a stack and want to support the maximum number of
150 access points in a stacked configuration, you must purchase three WC50APL licenses
(or a combination of other licenses that add up to a total of 150 access points).
For more information, see the datasheet that you can download from
http://support.netgear.com/product/WC7600.
For information about how to register and manage your licenses, see Register Your Licenses
on page 70 and Manage Licenses on page 219.
access points on a single wireless controller:
Maintenance and Support
NETGEAR offers technical support seven days a week, 24 hours a day. Information about
support is available on the NETGEAR ProSupport website at
You can deploy the wireless controller in a small wireless network with 10 access points or in
a large wireless network with up to 150 access points. Small networks require a basic
configuration, but large networks can become complex and require you to configure the
advanced features of the wireless controller.
Depending on your network configuration, use basic settings or advanced settings to manage
your access points:
•Basic settings for a typical network.
network configurations. For example, all access points on the WLAN are for the same
organization or business and therefore adhere to the same policies and use a few service
set identifiers (SSIDs, or network names).
•Advanced settings for access point profile groups. If you have a large wireless
network, or if separate networks share a single WLAN, use the advanced settings to set
up multiple access point profile groups with multiple security profiles (SSIDs with
associated security settings). For example, a shopping mall might need several access
point profile groups if several businesses share a WLAN but each business has its own
network. Larger networks could require multiple access point profile groups to allow
ferent policies per building or department. The access points could have different
dif
security profiles per building and department, for example, one for guests, one for
management, and one for sales.
Note: Access point profile groups are also referred to as just profile groups.
Profiles, security profiles, and SSIDs (that is, SSIDs with associated
security settings) are terms that are interchangeable.
To accommodate all types of networks, almost all configuration menus of the web
management interface are divided into basic and advanced submenus.
shows an example of the Configuration > Security > Basic submenu on the left and the
Configuration > Security > Advanced submenu on the right:
The basic settings work with most common
The following figure
Figure 5. Basic and advanced submenus
System Planning and Deployment Scenarios
22
ProSAFE Wireless Controller WC7600
Before you start the configuration of your wireless controller, decide whether you can use a
basic configuration (that is, follow the Basic submenus) or need to use an advanced
configuration (that is, follow the Advanced submenus). Once you have made your choice,
configuring the wireless controller should be fairly easy if you consistently follow either the
Basic submenus or the Advanced submenus.
Profile Group Concepts
Each access point can support up to eight security profiles (16 for dual-band access points),
each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.
The wireless controller follows the same architecture. A profile group on the wireless
controller includes all the features that you can configure for an individual access point: up to
eight profiles (16 for dual-band access points), each of which has its own SSID, security,
MAC ACL, rate-limiting settings, WMM settings, and so on.
Basic Profile
The basic profile includes all the settings that are required to configure a fully functional
access point with up to eight security profiles (16 for dual-band access points).
After you have used the automatic discovery process and added access points to the
managed AP list on the wireless controller, the access points are assigned by default to the
basic profile group.
If your network requires the wireless controller to manage multiple access points with
different configurations, use the advanced profile.
Advanced Profile
The advanced profile lets you configure up to eight access point profile groups. Each group
includes all the settings that are required to configure a fully functional access point with up to
eight security profiles (16 for dual-band access points).
For example, if your company has four buildings, each with a different wireless network, you
simply create four profile groups. You then assign all access points in one building to one
profile group, all access points in another building to a second profile group, and so on.
For each profile group, you can create an individual radio on/off schedule, RF management
settings, MAC ACL authentication, and an authentication server. For each radio in a profile
group (2.4 GHz radio and 5 GHz radio), you can create individual wireless settings, WMM,
and rate-limit settings.
The following figure shows the advanced profile group architecture. The structure that is
shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):
System Planning and Deployment Scenarios
23
ProSAFE Wireless Controller WC7600
Group-1
Group-2
Group-3
Group-4
2.4 GHz
radio
1
2
34
5678
Security profiles
Figure 6. Advanced profile group architecture
Group-5
5 GHz
radio
1
Group-6
23
Security profiles
Group-7
4
56
Group-8
78
The following figure shows an example of three access point profile groups, in which the first
profile group (Group-1) has five security profiles. For each profile in this profile group, the
profile name, radio mode, and authentication setting are shown. (Group-1 is the default group
in the advanced profile group configuration; you must create the other profiles groups.)
Figure 7. Example of profile groups with security profiles
System Planning and Deployment Scenarios
24
ProSAFE Wireless Controller WC7600
System Planning Concepts
This section includes the following subsections:
•Preinstallation Planning
•Before You Configure a Wireless Controller
Preinstallation Planning
Before you install any wireless controllers, determine the following:
•Number of access points required to provide seamless coverage
•Number of licenses required to cover all access points that must be managed
•Number of wireless controllers required
•802.11 frequency band and the channels that are optimal for WiFi usage
NETGEAR recommends that you perform a site survey:
•To determine the current RF behavior and detect both 802.11 and non-802.11 noise, run
a spectrum analysis of the channels of the site.
•To determine the maximum throughput that is achievable on the client, run an access
point-to-client connectivity test.
•Identify potential RF obstructions and interference sources.
•Determine areas where denser coverage might be required because of heavier usage.
Before You Configure a Wireless Controller
These sections assume that you have deployed at least one wireless controller in your
network and are ready to configure the wireless controller. For information about how to
deploy the wireless controller in your network, see the ProSAFE Wireless Controller WC7600 Installation Guide that you can download from
For many configurations, you can use the default wireless settings. The IP address, VLAN,
DHCP server, client authentication, and data encryption settings are specific to your
environment. Following are short sections that describe these settings (except for IP address
settings, which are self-explanatory). For information about how to configure these settings,
see the relevant sections.
Management VLAN
http://support.netgear.com/product/WC7600.
The management VLAN is the dedicated VLAN for access to the wireless controller. All traf fic
that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is
carried over the management VLAN.
If the management VLAN is also configured as a tagged VLAN (the most common
configuration), the packets to and from the wireless controller carry the 802.1Q VLAN header
with the assigned VLAN number. If the management VLAN is marked as untagged, the
packets that are sent from the wireless controller do not carry the 802.1Q header, and all
System Planning and Deployment Scenarios
25
ProSAFE Wireless Controller WC7600
untagged packets that are sent to the wireless controller are treated as management VLAN
traffic.
Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs
and switches on your LAN support 802.1Q. If they do not, and you
have not configured a tagged VLAN with the same VLAN ID on the
hubs and switches in your network, IP connectivity might be lost.
The wireless controller must have IP connectivity with the access points through the
management VLAN. If the wireless controller and the access points are on different
management VLANs, external VLAN routing must allow IP connectivity between the wireless
controller and the access points.
For information about how to configure management VLANs, see Manage the IP, VLAN, and
Link Aggregation Settings on page 62.
Client VLANs
Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP
server, IP address, and Layer 2 connection. Although you could place all authenticated
wireless users into the single VLAN that is specified in the basic security profile, the wireless
controller allows you to group wireless users into separate VLANs based on the wireless
SSID to differentiate access to network resources. For example, you might place authorized
employee users into one VLAN, and itinerant users, such as contractors or guests, into a
separate VLAN. To use different VLANs, you must create different security profiles.
For information about how to configure regular VLANs, see Manage the IP, VLAN, and Link
Aggregation Settings on page 62.
DHCP Server
The wireless controller can function as a DHCP server and assign IP addresses to both
wireless and wired devices that are connected to it. You can add up to 64 DHCP server
pools, each assigned to a different VLAN.
DHCP option 43 (vendor-specific information) must be enabled on an external DHCP server.
Specifying an internal DHCP server on the wireless controller automatically enables DHCP
option 43 with the IP address of the wireless controller.
Client Authentication and Data Encryption
A user must authenticate to the WLAN to be able to access WLAN resources. The wireless
controller supports several types of security methods, including those methods that require
an external RADIUS or LDAP authentication server.
System Planning and Deployment Scenarios
26
ProSAFE Wireless Controller WC7600
The encryption option that you can select depends upon the authentication method that you
have selected. The following table lists the authentication methods available, with their
corresponding encryption options:
Table 3. Authentication and encryption options
Authentication MethodEncryption OptionAuthentication Server
Open System64-bit, 128-bit, or 152-bit WEP None
Shared Key64-bit, 128-bit, or 152-bit WEP None
WPA-PSK TKIP or TKIP+AESNone
WPA2-PSK AES or TKIP+AESNone
WPA-PSK and WPA2-PSK TKIP+AESNone
WPA TKIP or TKIP+AESOne of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
WPA2 AES or TKIP+AESOne of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
WPA and WPA2 TKIP+AESOne of the following authentication servers:
• External RADIUS server
• Internal authentication server
• External LDAP server
For information about how to configure client authentication, data encryption, and
authentication servers, see Chapter 6, Manage Security Profiles and Profile Groups.
System Planning and Deployment Scenarios
27
ProSAFE Wireless Controller WC7600
High-Level Configuration Examples
This section includes the following subsections:
•Single Controller Configuration with Basic Profile Group
•Single Controller Configuration with Advanced Profile Groups
•Stacked Controller Configuration
Single Controller Configuration with Basic Profile Group
A basic configuration consists of a single wireless controller that controls a collection of
access points that are organized into the basic default group.
To set up a single wireless controller system with a basic profile group:
Step ConfigurationWeb Management Interface Path
1.Configure the system and network settings of the wireless
controller:
1. Configure the country code of operation.
2. Configure the time settings.
3. Configure the IP address of the wireless controller.
4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged.
By default, VLAN 1 an untagged management VLAN.
5. DHCP option 43 (vendor-specific information) must be
enabled on an external DHCP server. If no network DHCP
server is accessible to the access points, configure the
wireless controller’s DHCP server. Specifying an internal
DHCP server on the wireless controller automatically enables
DHCP option 43 with the IP address of the wireless controller.
2.Configure up to eight profiles, and for each profile, do at least the
following:
1. Configure an SSID for wireless access.
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
Configuration > System > General
Configuration > System > Time
Configuration > System > IP/VLAN
Configuration > System > DHCP
Server
Configuration > Profile > Basic
4. If necessary for the selected network authentication option,
configure the authentication server.
3.Run the Discovery Wizard and add the access points to the
managed access point list.
System Planning and Deployment Scenarios
28
Configuration > Security > Basic >
Authentication Server
Access Point > Discovery Wizard
ProSAFE Wireless Controller WC7600
Single Controller Configuration with Advanced Profile Groups
A more complex configuration consists of a single wireless controller that controls a collection
of access points that are organized in access point profile groups and might use several
profiles in each access point profile group.
To set up a single wireless controller system with advanced profile groups:
Step ConfigurationWeb Management Interface Path
1.Configure the system and network settings of the wireless
controller:
1. Configure the country code of operation.
2. Configure the time settings.
3. Configure the IP address of the wireless controller.
4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged.
By default, VLAN 1 an untagged management VLAN.
5. DHCP option 43 (vendor-specific information) must be
enabled on an external DHCP server. If no network DHCP
server is accessible to the access points, configure the
wireless controller’s DHCP server. Specifying an internal
DHCP server on the wireless controller automatically enables
DHCP option 43 with the IP address of the wireless controller.
2.Configure up to eight access point profile groups, and for each
access point profile in a group, do at least the following:
1. Configure an SSID for wireless access.
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
Configuration > System > General
Configuration > System > Time
Configuration > System > IP/VLAN
Configuration > System > DHCP
Server
Configuration > Profile > Advanced
4. If necessary for the selected network authentication option,
configure the authentication server.
3.Run the Discovery Wizard and add the access points to the
managed access point list.
4.Assign the access points to the access point profile groups (also
referred to as WLAN groups).
System Planning and Deployment Scenarios
29
Configuration > Security >
Advanced > Authentication Server
Access Point > Discovery Wizard
Configuration > WLAN Network
ProSAFE Wireless Controller WC7600
Stacked Controller Configuration
A stacked controller configuration can consist of up to three wireless controllers and up to
150 access points.
Note: If the stack members are on different floors or in different buildings, you
could configure a separate access point profile group for each building or
floor.
To set up a stacked controller configuration:
Step ConfigurationWeb management interface path
1.On each individual wireless controller that you intend to make a
stack member, configure the system and network settings of the
wireless controller:
1. Configure the country code of operation.
2. Configure the time settings.
3. Configure the IP address of the wireless controller.
4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged.
By default, VLAN 1 an untagged management VLAN.
5. DHCP option 43 (vendor-specific information) must be
enabled on an external DHCP server. If no network DHCP
server is accessible to the access points, configure the
wireless controller’s DHCP server. Specifying an internal
DHCP server on the wireless controller automatically enables
DHCP option 43 with the IP address of the wireless controller.
2.Configure the master wireless controller and deploy it in the
network.
Configure up to eight access point profile groups, and for each
access point profile in a group, do at least the following:
1. Configure an SSID for wireless access.
Configuration > System > General
Configuration > System > Time
Configuration > System > IP/VLAN
Configuration > System > DHCP
Server
Configuration > Profile > Advanced
2. Configure the network authentication and data encryption.
3. Assign the VLAN.
4. If necessary for the selected network authentication option,
configure the authentication server.
System Planning and Deployment Scenarios
30
Configuration > Security >
Advanced > Authentication Server
Loading...
+ 277 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.