How it Works
Netgear
Loading...
WC9500
Installation Manual [de]
2 pgs295.32 Kb0
Installation Manual [fr]
10 pgs1.99 Mb0
Installation Guide
2 pgs152.45 Kb0
Reference Manual
357 pgs8.73 Mb0
Reference Guide
214 pgs8.49 Mb0
Installation Manual [es]
2 pgs285.42 Kb0
Product Datasheet
10 pgs2.55 Mb0
Installation Manual [fr]
2 pgs284.43 Kb0
operation manual
398 pgs10.9 Mb0
Table of contents
Loading...

Netgear WC9500 Reference Manual

ProSAFE Wireless Controller WC9500

Reference Manual
January, 2015 202-11224-05
350 East Plumeria Drive San Jose, CA 95134 USA
ProSAFE Wireless Controller WC9500
Support
Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your product and use it to register your product at
https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR
recommends registering your product through the NETGEAR website.
For product updates and web support, visit http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR.
Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/general/contact/default.aspx.
Compliance
For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
See the regulatory compliance document before connecting the power supply.
Trademarks
© NETGEAR, Inc. NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are used for reference purposes only.
Revision History
Publication Part Number
202-11224-05 January 2015 Corrected the number of access points in the trial license (see Licenses) and
202-11224-04 January 2015 Added the following features:
Publish Date Comments
added a note about port 8443 (see page 45).
Support for additional access points (see Supported NETGEAR Access Points)
Support for antennas (see Supported NETGEAR Antennas)
RF planning, including support for heat maps (see Chapter 3, RF Planning
and Deployment)
Controller redundancy
Manage Stacking and Redundancy)
Support for the “Rest of the world” transmission power feature (see
Configure the General Settings)
Capability to change the building and floor assignments for multiple access
points simultaneously (see Assign Access Points to Buildings, Floors, and
Advanced Profile Groups).
Band steering (see Configure Radio Frequency Management for the Basic Profile Group and Configure Radio Frequency Management for an Advanced Profile Group)
High-density bandwidth (see Configure Wireless Settings for the Basic Profile Group and Configure Wireless Settings for an Advanced Profile Group)
Management of LED behavior for WN370 access points (see Manage the
WN370 LED Behavior for the Basic Profile Group and Manage the WN370 LED Behavior for an Advanced Profile Group)
Capability to print a logo and message on captive portal user information
(see Add a Logo and Message on Captive Portal User Information)
Capability to add multiple captive portal users simultaneously (see Add Multiple Captive Portal Users Simultaneously)
, including 1:1 and N:1 redundancy (see Chapter 1
1,
2
ProSAFE Wireless Controller WC9500
202-11224-04 (continued)
202-11224-03 January 2014 Added the following features:
202-11224-02 May 2013 Color correction and minor nontechnical edits. 202-11224-01 April 2013 First publication.
January 2015 (continued)
Added the following features: (continued)
Capability to locate and monitor an active WiFi client on a deployed floor
plan (see View the Clients in the Network, View Clients on Access Points
that the Wireless Controller Manages, and Monitor Local Clients in the Network)
Support for extended storage (see Manage External Storage)
Support for additional access points (see Supported NETGEAR Access
Points)
Link aggregation (see Manage the IP, VLAN, and Link Aggregation Settings)
Multicast rate limiting, broadcast rate limiting, and
Configure W Wireless Settings for an Advanced Profile Group)
Preferred band selection (see Manage the Preferred Bands)
Stacking (see Chapter 11, Manage Stacking and Redundancy)
Monitoring for a network with a stack of wireless controllers (see Monitor
the Network)
In addition, revised and refined many procedures.
ireless Settings for the Basic Profile Group and Configure
ARP suppression (see
3

Contents

Chapter 1 Introduction
Chapter 2 System Planning and Deployment Scenarios
Key Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Package Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Front Panel Ports, Slots, and LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Back Panel Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Bottom Panel with Product Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
WC9500 Wireless Controller System Components . . . . . . . . . . . . . . . . . . . . . . . 17
Supported NETGEAR Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Supported NETGEAR Antennas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
What Can You Do with the WC9500 Wireless Controller? . . . . . . . . . . . . . . . . .21
Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
M
aintenance and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Basic and Advanced Setting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Profile Group Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Basic Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Advanced Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
System Planning Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Preinstallation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Before You Configure a Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
High-Level Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Single Controller Configuration with Basic Profile Group . . . . . . . . . . . . . . . .31
Single Controller Configuration with Advanced Profile Groups . . . . . . . . . . .32
Stacked Controller Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Management VLAN and Data VLAN Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . .34
High-Level Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Scenario Example 1: Network with Single VLAN . . . . . . . . . . . . . . . . . . . . . . .36
Scenario Example 2: Advanced Network with VLANs and SSIDs . . . . . . . . . .38
Scenario Example 3: Advanced Network with Redundancy . . . . . . . . . . . . . .41
Chapter 3 RF Planning and Deployment
RF Planning Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Planning Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Recommended RF Planning Procedure for a Building . . . . . . . . . . . . . . . . . . . .48
Manage a Building and Floors for an RF Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Add a Building and Floors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
4
ProSAFE Wireless Controller WC9500
Add a Single Floor to a Building. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Scale a Floor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Add a WiFi Coverage or WiFi Noncoverage Zone to a Floor. . . . . . . . . . . . . . 54
Remove a WiFi Coverage or WiFi Noncoverage Zone from a Floor. . . . . . . . 55
Add a WiFi Building Obstacle to a Floor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Remove a Building Obstacle from a Floor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Add a WiFi Obstruction Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Remove a WiFi Obstruction Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Change the Name, Map, or Dimensions of a Floor. . . . . . . . . . . . . . . . . . . . . . 60
Change the Name of a Building. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Duplicate an Entire Building with All Floors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Duplicate a Single Floor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Remove a Single Floor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Remove an Entire Building with All Its Floors . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Use the WiFi Auto Planning Advisor to Generate an RF Plan for a Floor . . . . . . 64
Manually Add and Manage Access Points on a Floor Map for an RF Plan . . . . . 69
Manually Add and Manage Antennas on a Floor Map for an RF Plan. . . . . . . . . 72
Display and Recalculate the WiFi Coverage for a Heat Map . . . . . . . . . . . . . . . . 75
Display or Change the WiFi Inventory for an RF Plan. . . . . . . . . . . . . . . . . . . . . . 77
Download a Report for an RF Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
View the Heat Map for a Deployed Floor Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Chapter 4 Installation and Configuration Overview
Connect Your Computer to the Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . 85
Log In to the Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Roadmap for Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Roadmap for Configuring Management of Your Wireless Network. . . . . . . . . . 88
Choose a Location for the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Deploy the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Chapter 5 Configure the System and Network Settings and
Register the Licenses
Configure the General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Manage the Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Manage the IP, VLAN, and Link Aggregation Settings. . . . . . . . . . . . . . . . . . . . . 95
Management VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Untagged VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Link Aggregation Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Configure the IP, VLAN, and Link Aggregation Settings . . . . . . . . . . . . . . . . . 96
Manage the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Add a DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Change the Settings for a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Remove a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Register Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configure the License Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Register Your Licenses with the License Server . . . . . . . . . . . . . . . . . . . . . . . 105
Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5
ProSAFE Wireless Controller WC9500
Configure Log, Syslog, Alarm Notification, and Email Settings . . . . . . . . . . . . 108
Configure Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Configure Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Configure Alarm Notification Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configure the Email Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 6 Manage Security Profiles and Profile Groups
Wireless Security Profile Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Small WLAN Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Large WLAN Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Profile Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Considerations Before You Configure Profiles . . . . . . . . . . . . . . . . . . . . . . . . 117
Basic and Advanced Security Configuration Concepts . . . . . . . . . . . . . . . . . 118
Manage Security Profiles for the Basic Profile Group . . . . . . . . . . . . . . . . . . . . 119
Configure a Profile in the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . . . 119
Change the Settings for a Profile in the Basic Profile Group . . . . . . . . . . . . 123
Remove a Profile From the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . . 124
Manage Security Profiles for Advanced Profile Groups . . . . . . . . . . . . . . . . . . 124
Add an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Remove an Advanced Profile Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Configure a Profile in an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . 126
Change the Settings for a Profile in an Advanced Profile Group . . . . . . . . . 131
Remove a Profile From an Advanced Profile Group. . . . . . . . . . . . . . . . . . . . 132
Network Authentication and Data Encryption Options. . . . . . . . . . . . . . . . . . . 132
Manage Authentication Servers and Authentication Server Groups. . . . . . . . 136
Authentication Server Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Configure Basic Authentication Server Settings . . . . . . . . . . . . . . . . . . . . . . 137
Configure a RADIUS Authentication Server Group . . . . . . . . . . . . . . . . . . . . 140
Remove a RADIUS Authentication Server Group. . . . . . . . . . . . . . . . . . . . . . 142
Manage MAC Authentication and MAC Authentication Groups. . . . . . . . . . . . 142
Guidelines for External MAC Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Configure Basic Local MAC Authentication Settings. . . . . . . . . . . . . . . . . . . 143
Remove a MAC Address from a Wireless Client List . . . . . . . . . . . . . . . . . . . 145
Import a MAC List from a File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Configure a Local MAC Authentication Group . . . . . . . . . . . . . . . . . . . . . . . . 146
Remove a Local MAC Authentication Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Select an ACL for a Profile in the Basic Profile Group . . . . . . . . . . . . . . . . . . 148
Select an ACL for a Profile in an Advanced Profile Group. . . . . . . . . . . . . . . 150
Chapter 7 Discover and Manage Access Points
Access Point Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
General Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Layer 3 Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Discover Access Points with the Discovery Wizard . . . . . . . . . . . . . . . . . . . . . . 154
Discover Access Points in Factory Default State and Access
Points in a Layer 2 Subnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Discover Access Points Installed and Working in
6
ProSAFE Wireless Controller WC9500
Standalone Mode in Different Layer 3 Networks . . . . . . . . . . . . . . . . . . . . . 158
Manage the Managed AP List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
View the Managed AP List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Change Access Point Information on the Managed AP List . . . . . . . . . . . . . 165
Remove Access Points from the Managed AP List. . . . . . . . . . . . . . . . . . . . . 168
Assign Access Points to Buildings, Floors, and Advanced Profile Groups . . . . 169
Chapter 8 Configure Wireless and QoS Settings
Basic and Advanced Wireless and QoS Configuration Concepts . . . . . . . . . . . 173
Configure the Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Configure the Radio for the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . 173
Configure the Radio for an Advanced Profile Group . . . . . . . . . . . . . . . . . . . 175
Configure Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Configure Wireless Settings for the Basic Profile Group. . . . . . . . . . . . . . . . 176
Override Channel and Transmission Power in the Basic Profile Group . . . . 180
Configure Wireless Settings for an Advanced Profile Group . . . . . . . . . . . . 182
Override Channel and Transmission Power in an Advanced
Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Configure Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Specify Radio Frequency Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Radio Frequency Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
WLAN Healing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Configure Radio Frequency Management for the Basic Profile Group . . . . 192
Configure Radio Frequency Management for an Advanced
Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Manage the Preferred Bands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Configure the Preferred Band for WNDAP620 Access
Points in the Basic Profile Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Configure the Preferred Band for WNDAP620 Access
Points in an Advanced Profile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Manage Quality of Service for an Advanced Profile Group . . . . . . . . . . . . . . . 200
Quality of Service Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Configure Quality of Service for a Profile Group. . . . . . . . . . . . . . . . . . . . . . 201
Manage Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Load Balancing Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Configure Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Manage Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Rate Limiting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Configure Rate Limiting for the Basic Profile Group . . . . . . . . . . . . . . . . . . . 207
Configure Rate Limiting for an Advanced Profile Group . . . . . . . . . . . . . . . . 208
Manage the LED Behavior of WN370 Access Points . . . . . . . . . . . . . . . . . . . . . 209
Manage the WN370 LED Behavior for the Basic Profile Group. . . . . . . . . . 209
Manage the WN370 LED Behavior for an Advanced Profile Group . . . . . . 210
Chapter 9 Manage Rogue Access Points,
Guest Network Access, and Users
Manage Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
7
ProSAFE Wireless Controller WC9500
Rogue Access Point Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Configure Basic Rogue Detection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Classify Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Import a List of Known Access Points from a File . . . . . . . . . . . . . . . . . . . . . 216
Manage Guest Network Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Portal Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Configure a Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Manage Users, Accounts, and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
User and Account Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Add a Management User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Add a WiFi User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Add a Captive Portal Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Add a Logo and Message on Captive Portal User Information. . . . . . . . . . . 228
Add a Captive Portal User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Add Multiple Captive Portal Users Simultaneously . . . . . . . . . . . . . . . . . . . . 232
Change the Settings for a User or Account . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Remove Users or Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Export a List of Users or Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Chapter 10 Maintain the Wireless Controller and Access Points
Manage the Configuration File or Upgrade the Firmware. . . . . . . . . . . . . . . . . 239
Back Up the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Restore the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Reboot the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Reset the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Manage External Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Manage Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Specify Session Time-Outs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Manage the System Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Query the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Save the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Clear the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
View Alerts and Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
View System Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
View Radio Frequency Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
View Load-Balancing Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
View Rate-Limit Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
View Redundancy Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
View Stacking Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Manage Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
View Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Retrieve Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Reboot Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Configure Multicast Firmware Upgrade for Access Points . . . . . . . . . . . . . . . . 265
Change the Multicast Firmware Upgrade Settings . . . . . . . . . . . . . . . . . . . . 266
Disable Multicast Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
8
ProSAFE Wireless Controller WC9500
Chapter 11 Manage Stacking and Redundancy
Stacking Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Configure a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Remove a Wireless Controller from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Select Which Wireless Controller in a Stack to Configure. . . . . . . . . . . . . . . . . 274
Manage Redundancy for a Single Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
VRRP Redundancy Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Configure a Single Controller with Redundancy. . . . . . . . . . . . . . . . . . . . . . . 280
Manage a Redundancy Group with N:1 Redundancy. . . . . . . . . . . . . . . . . . . . . 282
VRRP N:1 Redundancy Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Configure a Redundancy Group with N:1 Redundancy . . . . . . . . . . . . . . . . .285
Change a Redundant Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Remove a Redundancy Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Chapter 12 Monitor the Wireless Network and Its Components
Monitor the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
View the Network Summary Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
View the Wireless Controllers in the Network . . . . . . . . . . . . . . . . . . . . . . . . 293
View the Access Points in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295
View the Clients in the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
View the Profiles in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Monitor the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
View the Wireless Controller Summary Screen . . . . . . . . . . . . . . . . . . . . . . . 306
View Wireless Controller Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
View Access Points that the Wireless Controller Manages. . . . . . . . . . . . . . 310
View Clients on Access Points that the Wireless Controller Manages . . . . 315
View Neighboring Clients that the Wireless Controller Detects . . . . . . . . . 319
View Neighboring Access Points that the Wireless Controller
Does Not Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
View Security Profiles That the Wireless Controller Manages. . . . . . . . . . . 322
View DHCP Leases That Are Provided by the Wireless Controller . . . . . . . 324
View Captive Portal Users on Access Points That the
Wireless Controller Manages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Monitor the SSIDs on the Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Monitor Local Clients in the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Chapter 13 Troubleshooting
Troubleshoot Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Power LED Is Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Status LED Never Turns Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Ethernet Port LEDs Are Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Troubleshoot the Web Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Check the Ethernet Cabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Check the IP Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Check the Internet Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Troubleshoot a TCP/IP Network Using the Ping Utility . . . . . . . . . . . . . . . . . . . 340
9
ProSAFE Wireless Controller WC9500
Use the Reset Button to Restore Default Settings . . . . . . . . . . . . . . . . . . . . . . . 341
Resolve Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Resolve Problems with Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Resolve Discovery Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Resolve Connection Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Network Performance and Rogue Access Point Detection. . . . . . . . . . . . . . 343
Use the Diagnostic Tools on the Wireless Controller . . . . . . . . . . . . . . . . . . . . . 343
Ping an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Trace a Route to an Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Appendix A Factory Default Settings, Technical Specifications,
and Passwords Requirements
Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Index
10

1. Introduction

This chapter includes the following sections:
Key Features and Capabilities
Package Contents
Hardware Features
WC9500 Wireless Controller System Components
Supported NETGEAR Access Points
Supported NETGEAR Antennas
What Can You Do with the WC9500 Wireless Controller?
Licenses
Maintenance and Support
Note: For more information about the topics covered in this manual, visit the
support website at support.netgear.com.
1
Note: Firmware updates with new features and bug fixes are made
available from time to time on downloadcenter.netgear.com. Some products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product do not match what is described in this guide, you might need to update your firmware.
11
ProSAFE Wireless Controller WC9500

Key Features and Capabilities

The NETGEAR ProSAFE Wireless Controller WC9500 is a high-capacity, secured wireless controller intended for medium- to large-sized businesses, higher education institutions, hospitals, and hotels.
One standalone wireless controller with the appropriate licenses can support up to 300 access points. In a stacked configuration, one wireless controller with the appropriate licenses can support up to 200 access points. A stack can support three wireless controllers.
The wireless controller supports the IEEE 802.1
future deployment. The wireless controller allows you to manage your wireless network from a central point, implement security features centrally, support Layer 2 and Layer 3 fast roaming, configure a guest access captive portal, and support voice over Wi-Fi (VoWi-Fi).
The wireless controller is equipped with one RJ-45 Gigabit Ethernet port and two 10 Gigabit Ethernet (10GbE) slots with standard SFP+ form factor for optional 10GBASE or 1000BASE GBICs. These ports are available to access the wireless controller for management and for data and control communications between the wireless controller and the access points.
The wireless controller provides the following key features and capabilities:
Scalable architecture with stacking
- Purchased licenses in increments of 10, 50, 100, or 200 access points allow for
support of up to a maximum number of 300 access points on a single wireless controller in a configuration without a stack.
- A maximum of three stacked wireless controllers allows for up to 600 access points
(200 on each wireless controller in a stacked configuration) in a single network.
- Support of 802.1 1a, 802.1
for future deployment.
- Support for an extra power supply.
Autodiscovery of access points
- Autodiscovery of access points in the same Layer 2 domain.
- Autodiscovery of access points across a Layer 3 domain.
- Automatic download of wireless controller–based firmware to discovered access
points that are added to the managed access point list.
Centralized management
- Single point of management for the entire wireless network.
- Automatic firmware upgrade to all managed access points.
- DHCP server for IP address provisioning.
- Configurable management VLAN.
1b, 802.1 1g, and 802.1 1n modes. Ready for 802.11ac mode
1a/b/g/n protocols and is 802.11ac ready for
Introduction
12
ProSAFE Wireless Controller WC9500
Security
- Identity-based security authentication with an external RADIUS or LDAP (Active
Directory) server, or with an internal authentication server
.
- Support for nine access point profile groups (one basic and eight advanced) on one
wireless controller.
- Support for up to 8 profiles per access point profile group and 8 profiles per radio
(therefore, dual-band access points can support up to 16 profiles in one access point profile group).
- Support for up to 144 profiles on one wireless controller (8 profiles per access point
group and eight groups per radio). Each profile supports settings for SSID, network authentication, data encryption, client separation, VLAN, MAC
ACL, and wireless
QoS.
- Rogue access point detection and classification.
- Guest access and captive portal access with cost and expiration accounting.
- Scheduled wireless on/off times.
Wi-Fi Multimedia Quality of Service and advanced wireless features
- Wi-Fi Multimedia (WMM) support for video, audio, and voice over Wi-Fi (VoWi-Fi).
- WMM power save option.
- Automatic WLAN healing mechanism ensures seamless coverage for wireless users.
- Layer 2 and Layer 3 seamless roaming support.
- Local Layer 2 traf
fic switching and Layer 3 traf
fic processing at access point level for
fast processing.
Wireless and Radio Frequency (RF) management
- Automatic control of access point transmit power and channel allocation to reduce
interference.
- Automatic load balancing of clients across access points.
- Rate limiting per profile.
- Multicast and broadcast rate limiting
- ARP suppression
Monitoring and reporting
- Monitoring of the status of the network, wireless controllers, WLANs, and clients, and
network usage statistics.
- Specific health monitoring of access points.
- Logging and emailing of system events, RF events, load-balancing events, and
rate-limiting events.
For a list of all features and capabilities of the wireless controller, see the datasheet that you can download from
http://support.netgear.com/product/WC9500.
Introduction
13
ProSAFE Wireless Controller WC9500

Package Contents

The ProSAFE Wireless Controller WC9500 product package contains the following items:
ProSAFE Wireless Controller WC9500 appliance
One
Rubber feet (four) with adhesive backing
One rack-mount kit
Straight-through Category 5 Ethernet cable
ProSAFE W
AC power cable
ireless Controller WC9500 Installation Guide
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer the carton, including the original packing materials, in case you need to return the product for repair.

Hardware Features

The front panel ports, slots, and LEDs, back panel components, and bottom label of the wireless controller are described in this section.

Front Panel Ports, Slots, and LEDs

The following figure shows the front panel of the wireless controller.
Figure 1. Front panel
The following figure shows a close-up of the left side of the front panel.
. Keep
USB port
Reset
Power
Status
Fan
Stack Master
ID
USB
Digital access point counter
LED Mode: Green= Link at 10G, Blink Green=10G Active, Yellow=Link at 1G, Blink Yellow=1G Active
Reset button LEDs (top to bottom): Power, Status, Fan, Stack Master
Figure 2. Front panel close-up
Slots and LEDs
for optional
SFP GBIC modules
Introduction
14
LED Mode: Left LED: Green=Link at 1G E, Yellow=Link at 10/100M Right LED:Green=Link, Green Blink=Active
Ethernet port and LEDs
ProSAFE Wireless Controller WC9500
From left to right, the wireless controller’s front panel shows the following counter, LEDs, button, ports, and slots:
Digital counter. Displays the number of connected access points that are in a healthy
state.
From top to bottom:
- Power LED
- Status LED
- Fan LED
- Stack Master LED
These LEDs are described in Table 1 on page 15.
Reset button. Using a sharp object, press and hold this button for about 10 seconds until
the Status LED blinks and the wireless controller returns to factory default settings. If you reset the wireless controller, all configuration settings are lost and the default password is restored.
USB port.
SFP slots
Allows for external storage for floor heat maps.
. T
wo SFP slots for optional 10GE SFP+ or 1G SFP gigabit interface
converters (GBICs), each slot with an LED.
Ethernet port. One 10/100/1000 Mbps LAN Ethernet port with an RJ-45 connector, left
LED, and right LED.
The Ethernet port provides switched N-way, automatic speed
negotiating, auto MDI/MDIX technology.
Console port. RS232 port for connecting to an optional console terminal. The port
provides a DB9 male connector
. The default baud rate is 9600 K. The configuration is 8 bits, no parity, and 1 stop bit. The console port is for debugging under guidance of NETGEAR technical support only.
The function of each LED is described in the following table.
Table 1. LED functions
LED Status Description Power LED Green The wireless controller is on.
Off The wireless controller is off.
If the power LED is not lit when the wireless controller is on, check the connections and check to see if the power outlet is controlled by a wall switch that is turned of
Status LED Yellow The wireless controller is initializing. After approximately two minutes, when
the wireless controller completes its initialization, the Status LED turns green. If the Status LED remains yellow
LED Never T
urns Off on page 338).
Power LED Is Not Lit on page 338).
f (see
, the initialization failed (see Status
Green The wireless controller completed its initialization successfully. The Status
LED is steady green during normal operation.
Introduction
15
ProSAFE Wireless Controller WC9500
Table 1. LED functions (continued)
LED Status Description
Status LED (continued)
Fan LED Green The fans are functioning correctly.
Stack Master LED
SFP slot LEDs Green The slot is operating at 10G.
Left Ethernet port LED
Right Ethernet port LED
Off The wireless controller is not receiving power. Blinking yellow Firmware is being upgraded.
Yellow One or more fans are not functioning correctly.
Green The wireless controller is functioning as the master controller in a stack.
Yellow The wireless controller is functioning as a slave controller in a stack.
Blinking green Data is being transmitted or received at 10G.
Yellow The slot is operating at 1G.
Blinking yellow Data is being transmitted or received at 1G. Off The port is not connected to a powered-on Ethernet device (see Ethernet
Port LEDs Are Not Lit on page 338).
Green The port detected a link with a connected Ethernet device. Blinking green Data is being transmitted or received. Off The port is not connected to a powered-on Ethernet device (see Ethernet
Port LEDs Are Not Lit on page 338).
Green The port is operating at 1000 Mbps.
Yellow The port is operating at 100 Mbps or 10 Mbps.

Back Panel Features

The wireless controller comes with a single internal power supply but supports an optional second power supply for power redundancy. The power supplies are hot-swappable.
The following figure shows the back panel of the wireless controller with a single internal power supply, the power supply connector, and two double fans.
Power supply connector
Figure 3. Back panel
Slot for an optional second power supply
Introduction
16
ProSAFE Wireless Controller WC9500
From left to right, the wireless controller’s back panel components are as follows:
Power supply. 100–240V, 5A, 47–63 Hz power supply, which includes the following
external components:
- AC power socket
not provide an on/off power switch.)
- Handle
- LED. The LED is lit green when the power supply functions correctly
power is not supplied to the power supply, or a problem occurred.
Fans
. The handle allows for easy removal and insertion.
. Two double fans, each of which can be easily exchanged.
. Attach the power cord to this socket. (The wireless controller does
. If the LED is off,

Bottom Panel with Product Label

The product label on the bottom of the wireless controller’s enclosure displays the default IP address, default user name, and default password, as well as regulatory compliance, input power, and other information.
Figure 4. Product label

WC9500 Wireless Controller System Components

A WC9500 wireless controller system consists of one or more wireless controllers and a collection of access points that are organized into groups based on location or network access.
The wireless controller system can include a single wireless controller or a group of up to three stacked wireless controllers that can function in a redundant configuration.
Introduction
17
ProSAFE Wireless Controller WC9500
The WC9500 wireless controller system supports the following NETGEAR ProSAFE access point models:
WN370 ProSAFE Wall Mount Wireless N Access Point
WNAP210v2 ProSAFE Wireless-N Access Point
WNAP320 ProSAFE Wireless-N Access Point
WND930 Outdoor Dual Band Wireless-N
WNDAP350 ProSAFE Dual Band Wireless-N
Access Point
WNDAP360 ProSAFE Dual Band Wireless-N Access Point
WNDAP380R ProSAFE Dual Band Wireless-N Access Point with RFID support
WNDAP620 ProSAFE Premium 3x3 Dual Band Wireless-N Access Point
WNDAP660 ProSAFE Premium 3x3 Dual Band Concurrent Wireless-N Access Point

Supported NETGEAR Access Points

Y ou can connect access points to the wireless controller either directly with an Ethernet cable through a router or switch, or remotely through a VPN network. After you use the automatic discovery process and add access points to the managed access point list on the wireless controller, the wireless controller converts the standard access points to dependent access points by pushing firmware to the access points. From then on, you can centrally manage and monitor the access points.
The following table lists the minimum firmware versions that must run on the standalone access points before you convert them to managed access points:
Table 2. Minimum firmware versions
Access Point Model Minimum Firmware Version on
Standalone Access Point
WN370 All firmware versions are supported. WNAP210v2 All firmware versions are supported. WNAP320 2.1.1 or a newer version is supported. WND930 All firmware versions are supported. WNDAP350 2.1.7 or a newer version is supported. WNDAP360 2.1.6 or a newer version is supported. WNDAP380R All firmware versions are supported. WNAP620 2.0.4 or a newer version is supported. WNDAP660 2.0.2 or a newer version is supported.
Introduction
18
ProSAFE Wireless Controller WC9500
A WC9500 wireless controller system supports the following access points:
WN370 ProSAFE Wall Mounted W
- Supports concurrently 802.11b, 802.1
ireless-N Access Point
1g, and 802.11n network devices.
- Supports speeds of up to 300 Mbps for 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3af standard.
- Operates in the 2.4 GHz radio band.
For product documentation and firmware, visit http://support.netgear
WNAP210v2 ProSAFE W
- Supports 802.11b, 802.1
ireless-N
Access Point
1g, and 802.11n network devices.
.com/product/WN370.
- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.
For product documentation and firmware, visit
http://support.netgear
.com/product/WNAP210.
Note: The WNAP210v1 cannot function in a WC9500 wireless controller
system, but the WNAP210v2 can.
WNAP320 ProSAFE W
- Supports 802.11b, 802.1
ireless-N
Access Point
1g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear
WND930 Outdoor Dual Band W
- Supports 802.11a, 802.1
.com/product/WNAP320.
ireless-N
1b, 802.11g, and 802.11n network devices.
- Supports speeds of up to 300 Mbps for 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3af or 802.3at standards.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
For product documentation and firmware, visit
http://support.netgear
WNDAP350 ProSAFE Dual Band W
- Supports 802.11a, 802.1
.com/product/WND930.
ireless-N
1b, 802.11g, and 802.11n network devices.
Access Point
- Supports Power over Ethernet (PoE) with a power consumption of up to 10.75W.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear
.com/product/WNDAP350.
Introduction
19
ProSAFE Wireless Controller WC9500
WNDAP360 ProSAFE Dual Band Wireless-N Access Point
- Supports 802.11a, 802.1
1b, 802.11g, and 802.11n network devices.
- Supports Power over Ethernet (PoE) with a power consumption of up to 10.51W.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear
.com/product/WNDAP360.
WNDAP380R ProSAFE Dual Band W
- Supports 802.11a, 802.1
1b, 802.11g, and 802.11n network devices.
ireless-N
Access Point with RFID support
- Supports Power over Ethernet (PoE) with a power consumption of up to 10.51W.
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts an RFID module for support of RFID devices and tags.
For product documentation and firmware, visit
http://support.netgear
WNAP620 ProSAFE Premium 3x3 Dual Band W
- Supports concurrently 802.11a, 802.1
.com/product/WNDAP380R.
1b, 802.11g, and 802.11n network devices.
ireless-N
Access Point
- Supports 3x3 multiple input, multiple output (MIMO).
- Supports speeds of up to 450 Mbps for 802.1
1n network devices
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3af standard.
- Operates in either the 2.4 GHz or 5 GHz radio band.
- Accepts optional antennas.
For product documentation and firmware, visit
http://support.netgear
WNDAP660 ProSAFE Premium 3x3 Dual Band Concurrent W
- Supports 802.11a, 802.1
.com/product/WNDAP620.
1b, 802.11g, and 802.11n network devices.
ireless-N
Access Point
- Supports 3x3 multiple input, multiple output (MIMO).
- Supports speeds of up to 450 Mbps for 802.1
1n network devices.
- Supports Power over Ethernet (PoE) with a power consumption that complies with the
802.3at standard.
Note: If your network does not include a PoE device that can provide the
WNDAP660 access point with PoE power according to the 802.3at standard, you can instead use two ports of a PoE device that complies with the 802.3af standard. (The WNDAP660 access point provides two Ethernet ports that accept PoE.)
- Operates concurrently in the 2.4 GHz and 5 GHz radio bands.
- Accepts optional antennas.
Introduction
20
ProSAFE Wireless Controller WC9500
For product documentation and firmware, visit
http://support.netgear.com/product/WNDAP660.

Supported NETGEAR Antennas

A WC9500 wireless controller system supports the following antennas:
ANT2409 ProSAFE Indoor/Outdoor 9 dBi Omni-directional Antenna
- 9 dBi omni-directional antenna for indoor or outdoor use
- WiFi signal 802.1
- Frequency range 2400–2485 MHz
- Maximum range 1
- Polarization vertical
For product documentation and firmware, visit
http://support.netgear
1g
1.5 km (7.2 miles)
.com/product/ANT2409v2.
ANT224D10 ProSAFE 10 dBi 2x2 Indoor/Outdoor Directional
- 10 dBi directional antenna for indoor or outdoor use
- WiFi signal 802.1
- Frequency range 2400–2500 MHz
- Maximum range 8.5 km (5.28 miles)
- Polarization linear; vertical
For product documentation and firmware, visit
http://support.netgear
1n
.com/product/ANT224.
Antenna

What Can You Do with the WC9500 Wireless Controller?

You can perform the following tasks with a WC9500 wireless controller:
Organize the Network
- Create access point profiles. Organize access points in profiles to dif
between SSIDs, client authentication, authentication settings, and wireless QoS settings.
- Create access point profile
profile groups to differentiate between buildings, floors, businesses, business divisions, and so on. Easily assign access points to profile groups or change assignments.
groups. Organize access point profiles in access point
ferentiate
For more information, see
Chapter 6, Manage Security Profiles and Profile Groups.
Introduction
21
ProSAFE Wireless Controller WC9500
Discover Access Points in the Network and Provision IP Addresses and Firmware
- Discover access points in the network. The access points can be in factory default
state or functioning in standalone mode, but after discovery by the wireless controller and addition to the managed access point list, the access points become dependent (managed) access points.
- Provision IP addresses to the access points
. Use the internal DHCP server to
provision IP addresses to all or selected managed access points in the network.
- Upgrade access point firmware. Update and synchronize new firmware versions to
all managed access points in the network.
For more information, see Chapter 7, Discover and Manage Access Points.
Centrally Manage Security in the Network
- Manage secure access to the network and secure data transmission. Manage
client authentication, encryption, wireless client security separation, and MAC authentication in access point profiles.
- Manage authentication servers for the network. Manage all internal and external
authentication servers for the entire network or for access point profile groups.
- Manage MAC authentication. Specify trusted and untrusted MAC addresses for the
entire network.
- Manage rogue access points. Manage rogue access points and their associated
clients in the network.
- Manage guest access. Manage guest access and captive portal access to the
network.
For more information, see Chapter 9, Manage Rogue Access Points, Guest Network
Access, and Users.
Centrally Manage the W
- Schedule the radios
point profile groups to go of
ireless Settings for the Network
. Schedule the entire network to go offline, or schedule access
fline.
- Manage wireless settings and channel allocation. Manage the wireless settings
such as wireless mode, data rate, and channel width for the entire network or for access point profile groups, and manage channel allocation for the entire network.
- Manage QoS settings. Manage QoS queue settings for data, background, video,
and voice traffic for access point profile groups.
- Configure RF management settings
. Configure WLAN healing and wireless
coverage hole detection for the entire network or for access point profile groups.
For more information, see Chapter 8, Configure Wireless and QoS Settings.
Manage Other Wireless Controllers in the Network
- Manage stacking
. Specify the master and slave wireless controllers in a stack and
synchronize information between the wireless controller.
For more information, see Chapter 11, Manage Stacking and Redundancy.
Introduction
22
ProSAFE Wireless Controller WC9500
Monitor the Network and Its Components
- Monitor the status of all wireless devices. View the status of the wireless
controllers, access points, clients, access point profiles, and the entire network, and view network usage statistics.
- Monitor network health
down or compromised.
For more information, see Chapter 12, Monitor the Wireless Network
and Its Components.
. See which access points are healthy and which ones are

Licenses

By default, the wireless controller comes with a trial license for two access points. You must purchase and register licenses for the access points in your network. Licenses are tied to the serial number of the wireless controller.
You can purchase a single 200–access point license or licenses in 10–, 50–, or 100–access point increments for support of up to 300 access points on a single wireless controller:
10–AP license. WC10APL
50–AP license. WC50APL
100–AP license. WC100APL
200–AP license. WC200APL
If you installed three wireless controllers in a stack and want to support the maximum number of 600 access points in a stacked configuration, you must purchase three WC200APL licenses (or a combination of other licenses that add up to a total of 600 access points).
For more information, see the datasheet that you can download from
http://support.netgear.com/product/WC9500.
For information about how to register and manage your licenses, see Register Your Licenses on page 103 and Manage Licenses on page 261.

Maintenance and Support

NETGEAR offers technical support seven days a week, 24 hours a day. Information about support is available on the NETGEAR ProSupport website at
http://kb.netgear.com/app/answers/detail/a_id/212.
Introduction
23
2. System Planning and Deployment
Scenarios
This chapter includes the following sections:
Basic and Advanced Setting Concepts
Profile Group Concepts
System Planning Concepts
High-Level Configuration Examples
Management VLAN and Data VLAN Strategies
High-Level Deployment Scenarios
2
24
ProSAFE Wireless Controller WC9500

Basic and Advanced Setting Concepts

Y ou can deploy the wireless controller in a small wireless network with 10 or 20 access points or in a large wireless network with up to 600 access points. Small networks require a basic configuration, but large networks can become complex and require you to configure the advanced features of the wireless controller.
Depending on your network configuration, use basic settings or advanced settings to manage your access points:
Basic settings for a typical network. The basic settings work with most common
network configurations. For example, all access points on the WLAN are for the same organization or business and therefore adhere to the same policies and use a few service set identifiers (SSIDs, or network names).
Advanced settings for access point profile groups. In a large wireless network, or if
separate networks share a single WLAN, use the advanced settings to set up multiple access point profile groups with multiple security profiles (SSIDs with associated security settings). For example, a shopping mall might need several access point profile groups if several businesses share a WLAN but each business maintains its own network. Larger networks could require multiple access point profile groups to allow dif building or department. The access points could support dif building and department, for example, one for guests, one for management, and one for sales.
ferent security profiles per
ferent policies per
Note: Access point profile groups are also referred to as just profile groups.
Profiles, security profiles, and SSIDs (that is, SSIDs with associated security settings) are terms that are interchangeable.
To accommodate all types of networks, almost all configuration menus of the web management interface are divided into basic and advanced submenus. The following figure shows an example of the Configuration > Security > Basic submenu on the left and the Configuration > Security > Advanced submenu on the right:
Figure 5. Basic and advanced submenus
System Planning and Deployment Scenarios
25
ProSAFE Wireless Controller WC9500
Before you start the configuration of your wireless controller, decide whether you can use a basic configuration (that is, follow the Basic submenus) or need to use an advanced configuration (that is, follow the Advanced submenus). Once you make your choice, configuring the wireless controller can be fairly easy if you consistently follow either the Basic submenus or the Advanced submenus.

Profile Group Concepts

Each access point can support up to eight security profiles (16 for dual-band access points), each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.
The wireless controller follows the same architecture. A profile group on the wireless controller includes all the features that you can configure for an individual access point: up to 8 profiles (16 for dual-band access points), each of which supports its own SSID, security, MAC ACL, rate-limiting settings, WMM settings, and so on.

Basic Profile

The basic profile includes all the settings that are required to configure a fully functional access point with up to eight security profiles (16 for dual-band access points).
After you use the automatic discovery process and add access points to the managed AP list
on the wireless controller, the access points are assigned by default to the basic profile group.
If your network requires the wireless controller to manage multiple access points with different configurations, use the advanced profile.

Advanced Profile

The advanced profile lets you configure up to eight access point profile groups. Each group includes all the settings that are required to configure a fully functional access point with up to eight security profiles (16 for dual-band access points).
For example, if your company site includes four buildings, each with a different wireless network, you simply create four profile groups. Y building to one profile group, all access points in another building to a second profile group, and so on.
For each profile group, you can create an individual radio on/off schedule, RF management settings, MAC ACL authentication, and an authentication server group (2.4 GHz radio and 5 GHz radio), you can create individual wireless settings, WMM, and rate-limit settings.
ou then assign all access points in one
. For each radio in a profile
The following figure shows the advanced profile group architecture. The structure that is shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):
System Planning and Deployment Scenarios
26
ProSAFE Wireless Controller WC9500
Group-1
Group-2
Group-3
Group-4
2.4 GHz radio
1
2
34
5678
Security profiles
Figure 6. Advanced profile group architecture
Group-5
5 GHz radio
1
Group-6
23
Security profiles
Group-7
4
56
Group-8
78
The following figure shows an example of three access point profile groups, in which the first profile group (Group-1) supports five security profiles. For each profile in this profile group, the profile name, radio mode, and authentication setting are shown. (Group-1 is the default group in the advanced profile group configuration; you must create the other profiles groups.)
Figure 7. Example of profile groups with security profiles
System Planning and Deployment Scenarios
27
ProSAFE Wireless Controller WC9500

System Planning Concepts

This section includes the following subsections:
Preinstallation Planning
Before You Configure a Wireless Controller

Preinstallation Planning

Before you install any wireless controllers, determine the following:
Number of access points required to provide seamless coverage
Number of licenses required to cover all access points that must be managed
Number of wireless controllers required
802.1
NETGEAR recommends that you perform a site survey:
1 frequency band and the channels that are optimal for WiFi usage
To determine the current RF behavior and detect both 802.11 and non-802.11 noise, run
a spectrum analysis of the channels of the site.
To determine the maximum throughput that is achievable on the client, run an access
point-to-client connectivity test.
Identify potential RF obstructions and interference sources.
Determine areas where denser coverage might be required because of heavier usage.

Before You Configure a Wireless Controller

These sections assume that you deployed at least one wireless controller in your network and are ready to configure the wireless controller. For information about how to deploy the wireless controller in your network, see the ProSAFE Wireless Controller WC9500 Installation Guide that you can download from http://support.netgear.com/product/WC9500.
For many configurations, you can use the default wireless settings. The IP address, VLAN, DHCP server, client authentication, and data encryption settings are specific to your environment. Following are short sections that describe these settings (except for IP address settings, which are self-explanatory). For information about how to configure these settings, see the relevant sections.
Management VLAN
The management VLAN is the dedicated VLAN for access to the wireless controller. All traf fic that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is carried over the management VLAN.
If the management VLAN is also configured as a tagged VLAN (the most common configuration), the packets to and from the wireless controller carry the 802.1Q VLAN header with the assigned VLAN number. If the management VLAN is marked as untagged, the
System Planning and Deployment Scenarios
28
ProSAFE Wireless Controller WC9500
packets that are sent from the wireless controller do not carry the 802.1Q header, and all untagged packets that are sent to the wireless controller are treated as management VLAN traffic.
Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs
and switches on your LAN support 802.1Q. If they do not, and you did not configure a tagged VLAN with the same VLAN ID on the hubs and switches in your network, IP connectivity might be lost.
The management VLAN must provide IP connectivity between the wireless controller and the access points. If the wireless controller and the access points are on different management VLANs, external VLAN routing must allow IP connectivity between the wireless controller and the access points.
For information about how to configure management VLANs, see Manage the IP
Link Aggregation Settings on page 95.
, VLAN, and
Client VLANs
Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP server, IP address, and Layer 2 connection. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile, the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources. For example, you might place authorized employee users into one VLAN, and itinerant users, such as contractors or guests, into a separate VLAN. To use different VLANs, you must create different security profiles.
For information about how to configure regular VLANs, see Manage the IP, VLAN, and Link
Aggregation Settings on page 95.
DHCP Server
The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it. You can add up to 64 DHCP server pools, each assigned to a different VLAN.
Client Authentication and Data Encryption
A user must authenticate to the WLAN to be able to access WLAN resources. The wireless controller supports several types of security methods, including those methods that require an external RADIUS or LDAP authentication server.
System Planning and Deployment Scenarios
29
ProSAFE Wireless Controller WC9500
The encryption option that you can select depends upon the authentication method that you selected. The following table lists the authentication methods available, with their corresponding encryption options:
Table 3. Authentication and encryption options
Authentication Method Encryption Option Authentication Server
Open System 64-bit, 128-bit, or 152-bit WEP None Shared Key 64-bit, 128-bit, or 152-bit WEP None WPA-PSK TKIP or TKIP+AES None WPA2-PSK AES or TKIP+AES None WPA-PSK and WPA2-PSK TKIP+AES None WPA TKIP or TKIP+AES One of the following authentication servers:
External RADIUS server
Internal authentication server
External LDAP server
WPA2 AES or TKIP+AES One of the following authentication servers:
External RADIUS server
Internal authentication server
External LDAP server
WPA and WPA2 TKIP+AES One of the following authentication servers:
External RADIUS server
Internal authentication server
External LDAP server
For information about how to configure client authentication, data encryption, and authentication servers, see Chapter 6, Manage Security Profiles and Profile Groups.
System Planning and Deployment Scenarios
30
Loading...
+ 327 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use