Netgear WC9500 Reference Guide

ProSAFE Wireless Controller WC9500

Reference Manual

May, 2013 202-11224-02

350 East Plumeria Drive San Jose, CA 95134 USA

ProSAFE Wireless Controller WC9500

Support

Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product

at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com.

Phone (US & Canada only): 1-888-NETGEAR. Phone (Other Countries): Check the list of phone numbers at

http://support.netgear.com/general/contact/default.aspx.

Trademarks

NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved.

Revision History

Publication Part Number Publish Date Comments

202-11224-02 May 2013 Color correction and minor nontechnical edits 202-11224-01 April 2013 First publication

Chapter 1 Introduction

Chapter 2 System Planning and Deployment Scenarios

Key Features and Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Package Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Front Panel Ports, Slots, and LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Back Panel Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Bottom Panel with Product Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

WC9500 Wireless Controller System Components. . . . . . . . . . . . . . . . . . 14

NETGEAR ProSAFE Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

What Can You Do with the WC9500 Wireless Controller? . . . . . . . . . . . . 16

Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Basic and Advanced Setting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Profile Group Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Basic Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Advanced Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

System Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Preinstallation Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Before You Configure a Wireless Controller . . . . . . . . . . . . . . . . . . . . . 23

High-Level Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Single Controller Configuration with Basic Profile Group . . . . . . . . . . . 26

Single Controller Configuration with Advanced Profile Groups . . . . . . . 27

Management VLAN and Data VLAN Strategies . . . . . . . . . . . . . . . . . . . . 27

High-Level Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Scenario Example 1: Network with Single VLAN. . . . . . . . . . . . . . . . . . 29

Scenario Example 2: Advanced Network with VLANs and SSIDs. . . . . 31

Scenario Example 3: Advanced Network . . . . . . . . . . . . . . . . . . . . . . . 34

Chapter 3 Installation and Configuration Overview

Initial Set up and Log in. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Web Management Interface Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Roadmap for Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Roadmap for Configuring Management of Your Wireless Network. . . . . . 43

Choose a Location for the Wireless Controller . . . . . . . . . . . . . . . . . . . . . 45

Deploy the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Table of Contents | 3

ProSAFE Wireless Controller WC9500

Chapter 4 Configure the System and Network

Settings and Register the Licenses

Configure General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Manage the Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

IP and VLAN Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Management VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Untagged VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Configure the IP and VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Manage the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Configure the License Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . .54

Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Configure Log, Syslog, Alarm Notification, and Email Settings . . . . . . . . .58

Configure Log Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Configure Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Configure Alarm Notification Settings. . . . . . . . . . . . . . . . . . . . . . . . . . .61

Configure the Email Notification Server . . . . . . . . . . . . . . . . . . . . . . . . .62

Chapter 5 Manage Security Profiles and Profile Groups

Wireless Security Profile Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Small WLAN Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Larger WLAN Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Profile Naming Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Considerations Before You Configure Profiles. . . . . . . . . . . . . . . . . . . .65

Basic and Advanced Security Configuration Concepts . . . . . . . . . . . . .66

Configure Security Profiles for the Basic Profile Group . . . . . . . . . . . . . . .67

Configure Profiles in the Basic Profile Group. . . . . . . . . . . . . . . . . . . . .67

Edit and Remove Profiles in the Basic Profile Group. . . . . . . . . . . . . . .70

Configure Security Profiles for Advanced Profile Groups. . . . . . . . . . . . . .71

Advanced Profile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Configure Profiles in an Advanced Profile Group. . . . . . . . . . . . . . . . . .73

Edit and Remove Profiles in an Advanced Profile Group. . . . . . . . . . . .76

Network Authentication and Data Encryption Options . . . . . . . . . . . . . . . .77

Manage MAC Authentication and MAC Authentication Groups. . . . . . . . .81

Guidelines for External MAC Authentication . . . . . . . . . . . . . . . . . . . . .81

Configure Basic Local MAC Authentication Settings . . . . . . . . . . . . . . .82

Configure Local MAC Authentication Groups. . . . . . . . . . . . . . . . . . . . .84

Manage Authentication Servers and Authentication Server Groups . . . . .85

Configure Basic Authentication Server Settings. . . . . . . . . . . . . . . . . . .86

Configure RADIUS Authentication Server Groups. . . . . . . . . . . . . . . . .88

Chapter 6 Discover and Manage Access Points

Access Point Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

General Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Layer 3 Discovery Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

ProSAFE Wireless Controller WC9500

Discover Access Points with the Discovery Wizard . . . . . . . . . . . . . . . . . .92

Access Points in Factory Default State and Access Points in

a Layer 2 Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Access Points Installed and Working in Standalone Mode in

Different Layer 3 Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Manage the Managed AP List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

View the Managed AP List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

Edit Access Point Information on the Managed AP List . . . . . . . . . . . .101

Remove Access Points from the Managed AP List . . . . . . . . . . . . . . .104

Assign Access Points to Advanced Profile Groups . . . . . . . . . . . . . . . . .104

Chapter 7 Manage Rogue Access Points,

Guest Network Access, and Users

Manage Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Configure Basic Rogue Detection Settings. . . . . . . . . . . . . . . . . . . . . .108

Classify Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

Import a List of Known Access Points from a File . . . . . . . . . . . . . . . .110

Manage Guest Network Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Portal Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Configure a Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Manage Users, Accounts, and Passwords. . . . . . . . . . . . . . . . . . . . . . . .116

Add a Management User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Add a WiFi Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Add a Captive Portal Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Add a Captive Portal User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

Edit or Remove a User or Account. . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Export a List of Users or Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Chapter 8 Configure Wireless and QoS Settings

Basic and Advanced Wireless and QoS Configuration Concepts . . . . . .125

Configure the Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

Configure the Radio for the Basic Profile Group. . . . . . . . . . . . . . . . . .126

Configure the Radio for an Advanced Profile Group . . . . . . . . . . . . . .127

Configure Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Configure Wireless Settings for the Basic Profile Group . . . . . . . . . . .128

Override Channel and Transmission Power in the Basic Profile Group131

Configure Wireless Settings for an Advanced Profile Group . . . . . . . .133

Override Channel and Transmission Power in an Advanced

Profile Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Configure Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137

Specify RF Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

WLAN Healing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

RF Management for the Basic Profile Group . . . . . . . . . . . . . . . . . . . .141

RF Management for an Advanced Profile Group . . . . . . . . . . . . . . . . .142

Configure QoS for Advanced Profile Groups . . . . . . . . . . . . . . . . . . . . . .144

Configure Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147

Configure Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148

ProSAFE Wireless Controller WC9500

Rate Limiting for the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . .149

Rate Limiting for an Advanced Profile Group. . . . . . . . . . . . . . . . . . . .150

Chapter 9 Maintain the Wireless Controller and Access Points

Manage the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

Back Up the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

Restore the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Reboot or Reset the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . .156

Manage Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Specify Session Time-Outs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

View Alerts and Events and Save the Logs . . . . . . . . . . . . . . . . . . . . . . .159

Query the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

View Alerts and Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162

Manage Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

View Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

Retrieve Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Reboot Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Configure Multicast Firmware Upgrade for Access Points. . . . . . . . . . . .168

Change the Multicast Firmware Upgrade Settings. . . . . . . . . . . . . . . .169

Disable Multicast Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . .169

Chapter 10 Monitor the Wireless Network and Its Components

Common Tasks on the Monitoring Screens. . . . . . . . . . . . . . . . . . . . . . .172

Monitor the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173

View the Wireless Controller Summary Screen . . . . . . . . . . . . . . . . . .173

View Wireless Controller Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

View Access Points Managed by the Wireless Controller . . . . . . . . . .176

View Clients Managed by the Wireless Controller . . . . . . . . . . . . . . . .180

View Neighboring Clients Detected by the Wireless Controller . . . . . .184

View Neighboring Access Points Detected by the Wireless Controller 185

View Security Profiles Managed by the Wireless Controller. . . . . . . . .186

View DHCP Leases Provided by the Wireless Controller. . . . . . . . . . .187

View Captive Portal Users Managed by the Wireless Controller . . . . .188

Monitor the SSIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188

Monitor Local Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Chapter 11 Troubleshooting

Troubleshoot Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Power LED Is Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Status LED Never Turns Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Ethernet Port LEDs Are Not Lit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Troubleshoot the Web Management Interface. . . . . . . . . . . . . . . . . . . . .199

Ethernet Cabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

IP Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Internet Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

ProSAFE Wireless Controller WC9500

Troubleshoot a TCP/IP Network Using the Ping Utility. . . . . . . . . . . . . . .200

Use the Reset Button to Restore Default Settings . . . . . . . . . . . . . . . . . .201

Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Problems with Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Discovery Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

Network Performance and Rogue Access Point Detection . . . . . . . . .203

Use the Diagnostic Tools on the Wireless Controller. . . . . . . . . . . . . . . .203

Appendix A Factory Default Settings and Technical Specifications

Factory Default Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Index

1. Introduction

This chapter includes the following sections:

• Key Features and Capabilities

• Package Contents

• Hardware Features

• WC9500 Wireless Controller System Components

• NETGEAR ProSAFE Access Points

• What Can You Do with the WC9500 Wireless Controller?

• Licenses

• Maintenance and Support

Note: For more information about the topics covered in this manual, visit

the support website at http://support.netgear.com.

Note: Firmware updates with new features and bug fixes are made

available from time to time on downloadcenter.netgear.com. Some products can regularly check the site and download new firmware, or you can check for and download new firmware manually features or behavior of your product do not match what is described in this guide, you might need to update your firmware.

. If the

ProSAFE Wireless Controller WC9500

Key Features and Capabilities

The NETGEAR ProSAFE Wireless Controller WC9500 is a high-capacity, secured wireless controller intended for medium- to large-sized businesses, higher education institutions, hospitals, and hotels.

One wireless controller with the appropriate licenses can support up to 600 access points (APs) with up to 6,000 users. In a stacked configuration (supported in a future release), a stack of three wireless controllers can support up to 18,000 users. The wireless controller supports the IEEE 802.1 wireless controller allows you to manage your wireless network from a central point, implement security features centrally, support Layer 2 and Layer 3 fast roaming, configure a guest access captive portal, and support voice over Wi-Fi (VoWi-Fi).

The wireless controller is equipped with two 10 Gigabit Ethernet (10GbE) slots with standard SFP+ form factor for optional 10GBASE or 1000BASE GBICs. One RJ-45 Gigabit Ethernet port is available to access the wireless controller for management and for data and control communications between the wireless controller and the access points.

1a/b/g/n protocols and is 802.11ac ready for future deployment. The

The wireless controller provides the following key features and capabilities:

• Scalable architecture

- Purchased licenses in increments of 10, 50, or 100 access points allow for support of

up to a maximum number of 200 access points on a single wireless controller. single license for 200 access points is also available.

- Support of 802.11a, 802.1

1b, 802.11g, and 802.11n modes. Ready for 802.11ac

mode for future deployment.

- Support for an extra power supply.

• Autodiscovery of access points

- Autodiscovery of access points in the same Layer 2 domain.

- Autodiscovery of access points across a Layer 3 domain.

- Automatic download of wireless controller–based firmware to discovered access

points that are added to the managed access point list.

• Centralized management

- Single point of management for the entire wireless network.

- Automatic firmware upgrade to all managed access points.

- DHCP server for IP address provisioning.

- Configurable management VLAN.

• Security

- Identity-based security authentication with an external RADIUS or LDAP (Active

Directory) server

- Support for nine access point profile groups

, or with an internal authentication server

(one basic and eight advanced) on one

wireless controller.

1. Number of profile groups depends on the access point model used with the wireless controller.

Introduction

ProSAFE Wireless Controller WC9500

- Up to eight profiles per access point profile group and eight profiles per radio

(therefore, dual-band access points can support up to 16 profiles in one access point profile group).

- Support for up to 144 profiles

on one wireless controller (eight profiles per access point group and eight groups per radio). Each profile supports settings for SSID, network authentication, data encryption, client separation, VLAN, MAC ACL, and wireless QoS.

- Rogue access point detection and classification.

- Guest access and captive portal access with cost and expiration accounting.

- Scheduled wireless on/of

f times.

• Wi-Fi Multimedia Quality of Service and advanced wireless features

- Wi-Fi Multimedia (WMM) support for video, audio, and voice over Wi-Fi (VoWi-Fi).

- WMM power save option.

- Automatic WLAN healing mechanism ensures seamless coverage for wireless users.

- Layer 2 and Layer 3 seamless roaming support.

- Local Layer 2 traf

fic switching and Layer 3 traf

fic processing at access point level for

fast processing.

• RF management

- Automatic control of access point transmit power and channel allocation to reduce

interference.

- Automatic load balancing of clients across access points.

- Rate limiting per profile.

• Monitoring and reporting

- Monitoring of the status of the network, wireless controllers, WLANs, and clients, and

network usage statistics.

- Specific health monitoring of access points.

- Logging and emailing of system events, RF events, load-balancing events, and

rate-limiting events.

For a list of all features and capabilities of the wireless controller, see the datasheet that you can download from http://support.netgear.com/product/WC9500.

1. Number of profiles depends on the access point model used with the wireless controller.

Introduction

ProSAFE Wireless Controller WC9500

Package Contents

The ProSAFE Wireless Controller WC9500 product package contains the following items:

• ProSAFE Wireless Controller WC9500 appliance

• One

• Rubber feet (four) with adhesive backing

• One rack-mount kit

• Straight-through Category 5 Ethernet cable

• ProSAFE W

AC power cable

ireless Controller WC9500 Installation Guide

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer the carton, including the original packing materials, in case you need to return the product for repair.

Hardware Features

The front panel ports, slots, and LEDs, back panel components, and bottom label of the wireless controller are described in this section.

Front Panel Ports, Slots, and LEDs

The following figure shows the front panel of the wireless controller.

Figure 1. Front panel

The following figure shows a close-up of the left side of the front panel.

. Keep

USB port

Reset

Power

Status

Fan

Stack Master

USB

Digital access point counter

LED Mode: Green= Link at 10G, Blink Green=10G Active, Yellow=Link at 1G, Blink Yellow=1G Active

Reset button LEDs (top to bottom): Power, Status, Fan, Stack Master

Figure 2. Front panel close-up

Slots and LEDs

for optional

SFP GBIC modules

Introduction

LED Mode: Left LED: Green=Link at 1G E, Yellow=Link at 10/100M Right LED:Green=Link, Green Blink=Active

Ethernet port and LEDs

ProSAFE Wireless Controller WC9500

From left to right, the wireless controller’s front panel shows the following counter, LEDs, button, ports, and slots:

• Digital counter. Displays the number of connected access points that are in a healthy

state.

• From top to bottom:

- Power LED

- Status LED

- Fan LED

- Stack Master LED

These LEDs are described in Table 1 on page 12.

• Reset button. Using a sharp object, press and hold this button for about 10 seconds until

the Status LED flashes and the wireless controller returns to factory default settings. If you reset the wireless controller, all configuration settings are lost and the default password is restored.

• USB port.

Allows for external storage for floor heat maps, which will be supported in a

future release.

• SFP slots

. T

wo SFP slots for optional 10GE SFP+ or 1G SFP gigabit interface converters

(GBICs), each slot with an LED.

• Ethernet port. One 10/100/1000 Mbps LAN Ethernet port with an RJ-45 connector, left

LED, and right LED.

The Ethernet port provides switched N-way, automatic speed

negotiating, auto MDI/MDIX technology.

• Console port. RS232 port for connecting to an optional console terminal. The port has a

DB9 male connector

. The default baud rate is 9600 K. The configuration is 8 bits, no parity, and 1 stop bit. The console port is for debugging under guidance of NETGEAR technical support only.

The function of each LED is described in the following table:

Table 1. LED functions

LED Status Description Power LED Green The green Power LED should be lit when the wireless controller is on.

Off If the power LED is not lit when the wireless controller is on, check the

connections and check to see if the power outlet is controlled by a wall switch that is turned off (see

Status LED Yellow The wireless controller is initializing. After approximately two minutes, when

the wireless controller has completed its initialization, the Status LED turns green. If the Status LED remains yellow

Status LED Never T

urns Off on page 198).

Power LED Is Not Lit on page 198).

, the initialization has failed (see

Green The wireless controller has completed its initialization successfully. The

Status LED should be steady green during normal operation.

Introduction

ProSAFE Wireless Controller WC9500

Table 1. LED functions (continued)

LED Status Description Status LED

(continued)

Fan LED Green The fans are functioning correctly.

Stack Master LED

SFP slot LEDs Green The slot is operating at 10G.

Left Ethernet port LED

Off The wireless controller does not have power. Blinking yellow Firmware is being upgraded.

Yellow One or more fans are not functioning correctly. Green The wireless controller functions as the primary controller (master) in a stack.

(Stacking will be supported in a future release.)

Yellow The wireless controller functions as a secondary controller (slave) in a stack.

(Stacking will be supported in a future release.)

Blinking green Data is being transmitted or received at 10G. Yellow The slot is operating at 1G. Blinking yellow Data is being transmitted or received at 1G. Off The port has no physical link, that is, no Ethernet cable is plugged into the

wireless controller (see Ethernet Port LEDs Are Not Lit on page 199). Green The port has detected a link with a connected Ethernet device. Blinking green Data is being transmitted or received by the port.

Right Ethernet port LED

Off The port has no physical link, that is, no Ethernet cable is plugged into the

wireless controller (see Ethernet Port LEDs Are Not Lit on page 199). Green The port is operating at 1000 Mbps. Yellow The port is operating at 100 Mbps or 10 Mbps.

Back Panel Features

The wireless controller comes with a single internal power supply but supports an optional second power supply for power redundancy. The power supplies are hot-swappable.

The following figure shows the back panel components of the wireless controller with a single power supply.

Power supply

Figure 3. Back panel

Slot for an optional second power supply

Introduction

ProSAFE Wireless Controller WC9500

From left to right, the wireless controller’s back panel components are:

• Power supply. 100–240V, 5A, 47–63 Hz power supply, which includes the following

external components:

- AC power socket. Attach the power cord to this socket. (There is no separate on/off

power switch.)

- Handle

- LED. The LED is lit green when the power supply functions correctly

power is not supplied to the power supply, or there is a problem.

• Fans

. The handle allows for easy removal and insertion.

. If the LED is off,

. Two double fans, each of which can be easily exchanged.

Bottom Panel with Product Label

The product label on the bottom of the wireless controller’s enclosure displays the default IP address, default user name, and default password, as well as regulatory compliance, input power, and other information.

Figure 4. Product label

WC9500 Wireless Controller System Components

A WC9500 wireless controller system consists of one or more wireless controllers and a

collection of access points that are organized into groups based on location or network access.

The wireless controller system can include a single wireless controller, a single wireless controller with a backup wireless controller for N:1 redundancy, or a group of up to three stacked wireless controllers, with or without a redundant wireless controller. Redundancy and stacking will be supported in a future release.

Introduction

ProSAFE Wireless Controller WC9500

The WC9500 wireless controller system supports the following access point models:

• NETGEAR WNAP210v2 ProSAFE Wireless-N Access Point

• NETGEAR WNAP320 ProSAFE Wireless-N Access Point

• NETGEAR WNDAP350 ProSAFE Dual Band Wireless-N Access Point

• NETGEAR WNDAP360 ProSAFE Dual Band Wireless-N Access Point

• NETGEAR WNDAP380R ProSAFE Dual Band Wireless-N Access Point with RFID

support

Future releases might support additional access point models.

NETGEAR ProSAFE Access Points

Y ou can connect access points to the wireless controller either directly with an Ethernet cable through a router or switch, or remotely through an IP network. After you have used the automatic discovery process and added access points to the managed access point list on the wireless controller, the wireless controller converts the standard access points to dependent access points by pushing firmware to the access points. From then on, you can centrally manage and monitor the access points.

A WC9500 wireless controller system can support the following access points:

• WNAP210v2 ProSAFE W

- Supports 802.11b, 802.1

- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.

- All WNAP210v2 firmware versions are supported.

For product documentation and firmware, see

http://downloadcenter

Note: The WNAP210v1 (also referred to as just the WNAP210 without a

version number) cannot function in a WC9500 wireless controller system, but the WNAP210v2 can.

• WNAP320 ProSAFE W

- Supports 802.11b, 802.1

- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.

- Accepts optional antennas.

- Requires minimum firmware version 2.1.1 or a newer version.

For product documentation and firmware, see

http://downloadcenter

ireless-N

1g, and 802.11n network devices.

.netgear.com/en/product/WNAP210.

ireless-N

1g, and 802.11n network devices.

.netgear.com/en/product/WNAP320.

Access Point

• WNDAP350 ProSAFE Dual Band W

- Supports 802.11a, 802.1

- Supports PoE with a power consumption of up to 10.75W.

1b, 802.11g, and 802.11n network devices.

ireless-N

Introduction

Access Point

ProSAFE Wireless Controller WC9500

- Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode.

- Accepts optional antennas.

- Requires minimum firmware version 2.1.7 or a newer version.

For product documentation and firmware, see

http://support.netgear.com/product/WNDAP350.

• WNDAP360 ProSAFE Dual Band W

- Supports 802.11a, 802.1

- Supports PoE with a power consumption of up to 10.51W.

- Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode.

- Accepts optional antennas.

- Requires minimum firmware version 2.1.6 or a newer version.

For product documentation and firmware, see

http://support.netgear

• WNDAP380R ProSAFE Dual Band W

- Supports 802.11a, 802.1

- Supports PoE with a power consumption of up to 10.51W.

- Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode.

- Can integrate an RFID module for support of RFID devices and tags.

- All WNDAP380R firmware versions are supported.

For product documentation and firmware, see

http://support.netgear

.com/product/WNDAP360.

.com/product/WNDAP380R.

1b, 802.11g, and 802.11n network devices.

ireless-N

Access Point

Access Point with RFID support

What Can You Do with the WC9500 Wireless Controller?

These are some of the tasks that you can perform with a WC9500 wireless controller:

• Organize the Network

- Create access point profiles. Organize access points in profiles to dif

between SSIDs, client authentication, authentication settings, and wireless QoS settings.

- Create access point profile

profile groups to differentiate between buildings, floors, businesses, business divisions, and so on. Easily assign access points to profile groups or change assignments.

For more information, see

Chapter 5, Manage Security Profiles and Profile Groups.

groups. Organize access point profiles in access point

Introduction

ferentiate

ProSAFE Wireless Controller WC9500

• Discover Access Points in the Network and Provision IP Addresses and Firmware

- Discover access points in the network. The access points can be in factory default

state or functioning in standalone mode, but after discovery by the wireless controller and addition to the managed access point list, the access points become dependent (managed) access points.

- Provision IP addresses to the access points. Use the internal DHCP server to

provision IP addresses to all or selected managed access points in the network.

- Upgrade access point firmware. Update and synchronize new firmware versions to

all managed access points in the network.

For more information, see Chapter 6, Discover and Manage Access Points.

• Centrally Manage Security in the Network

- Manage secure access to the network and secure data transmission. Manage

client authentication, encryption, wireless client security separation, and MAC authentication in access point profiles.

- Manage authentication servers for the network. Manage all internal and external

authentication servers for the entire network or for access point profile groups.

- Manage MAC authentication. Specify trusted and untrusted MAC addresses for the

entire network.

- Manage rogue access points. Manage rogue access points and their associated

clients in the network.

- Manage guest access. Manage guest access and captive portal access to the

network.

For more information, see Chapter 7, Manage Rogue Access Points, Guest Network

Access, and Users.

• Centrally Manage the W

ireless Settings for the Network

- Schedule the radios. Schedule the entire network to go offline, or schedule access

point profile groups to go of

fline.

- Manage wireless settings and channel allocation. Manage the wireless settings

such as wireless mode, data rate, and channel width for the entire network or for access point profile groups, and manage channel allocation for the entire network.

- Manage QoS settings. Manage QoS queue settings for data, background, video,

and voice traffic for access point profile groups.

- Configure RF management settings. Configure WLAN healing and wireless

coverage hole detection for the entire network or for access point profile groups.

For more information, see

Chapter 8, Configure Wireless and QoS Settings.

• Monitor the Network and Its Components

- Monitor the status of all wireless devices. V

iew the status of the wireless controllers, access points, clients, access point profiles, and the entire network, and view network usage statistics.

- Monitor network health

. See which access points are healthy and which ones are

down or compromised.

Introduction

ProSAFE Wireless Controller WC9500

For more information, see Chapter 10, Monitor the Wireless Network and

Its Components.

Licenses

By default, the wireless controller comes with a trial license for five access points. You need to purchase and register licenses for the access points in your network. You can purchase a single 200–access point license or licenses in 10–, 50–, or 100–access point increments for support of up to 200 access points on a single wireless controller:

• 10–AP license. WC10APL

• 50–AP license. WC50APL

• 100–AP license. WC100APL

• 200–AP license. WC200APL

Licenses are tied to the serial number of the wireless controller. For more information, see the datasheet that you can download from

http://support.netgear.com/product/WC9500.

For information about how to register and manage your licenses, see Register Your Licenses on page 54 and Manage Licenses on page 165.

Maintenance and Support

NETGEAR offers technical support seven days a week, 24 hours a day. Information about support is available on the NETGEAR ProSupport website at

http://kb.netgear.com/app/answers/detail/a_id/212.

Introduction

2. System Planning and Deployment

Scenarios

This chapter includes the following sections:

• Basic and Advanced Setting Concepts

• Profile Group Concepts

• System Planning

• High-Level Configuration Examples

• Management VLAN and Data VLAN Strategies

• High-Level Deployment Scenarios

ProSAFE Wireless Controller WC9500

Basic and Advanced Setting Concepts

Y ou can deploy the wireless controller in a small wireless network with 10 or 20 access points or in a large wireless network with up to 600 access points. Small networks require a basic configuration, but large networks can become very complex and require you to configure the advanced features of the wireless controller.

Depending on your network configuration, use basic settings or advanced settings to manage your access points:

• Basic settings for a typical network. The basic settings work with most common

network configurations. For example, all access points on the WLAN are for the same organization or business and therefore adhere to the same policies and use a small number of service set identifiers (SSIDs, or network names).

• Advanced settings for access point profile groups. If you have a large wireless

network, or if separate networks share a single WLAN, use the advanced settings to set up multiple access point profile groups with multiple security profiles (SSIDs with associated security settings). For example, a shopping mall might need several access point profile groups if several businesses share a WLAN but each business has its own network. Larger networks could require multiple access point profile groups to allow

ferent policies per building or department. The access points could have dif

dif security profiles per building and department, for example, one for guests, one for management, and one for sales.

ferent

Note: Access point profile groups are also referred to as just profile

groups. Profiles, security profiles, and SSIDs (that is, SSIDs with associated security settings) are terms that are interchangeable.

To accommodate all types of networks, almost all configuration menus of the web management interface are divided into basic and advanced submenus. The following figure shows an example of the Configuration > Security > Basic submenu on the left and the Configuration > Security > Advanced submenu on the right:

Figure 5. Basic and advanced submenus

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

Before you start the configuration of your wireless controller, decide whether you can use a basic configuration (that is, follow the Basic submenus) or need to use an advanced configuration (that is, follow the Advanced submenus). Once you have made your choice, configuring the wireless controller should be fairly easy if you consistently follow either the Basic submenus or the Advanced submenus.

Profile Group Concepts

Each access point can support up to eight security profiles (16 for dual-band access points), each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.

The wireless controller follows the same architecture. A profile group on the wireless controller includes all the features that you can configure for an individual access point: up to eight profiles (16 for dual-band access points), each of which has its own SSID, security, MAC ACL, rate-limiting settings, WMM settings, and so on.

Basic Profile

The basic profile includes all the settings that are required to configure a fully functional access point with up to eight security profiles (16 for dual-band access points).

After you have used the automatic discovery process and added access points to the managed AP list on the wireless controller, the access points are assigned by default to the basic profile group.

If your network requires the wireless controller to manage multiple access points with different configurations, use the advanced profile.

Advanced Profile

The advanced profile lets you configure up to eight access point profile groups. Each group includes all the settings that are required to configure a fully functional access point with up to eight security profiles (16 for dual-band access points).

For example, if there are four buildings, each with a different wireless network, you simply create four profile groups. Y group, all access points in another building to a second profile group, and so on.

For each profile group, you can create an individual radio on/off schedule, RF management settings, MAC ACL authentication, and an authentication server group (2.4 GHz radio and 5 GHz radio), you can create individual wireless settings, WMM, and rate-limit settings.

ou then assign all access points in one building to one profile

. For each radio in a profile

The following figure shows the advanced profile group architecture. The structure that is shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

Group-1

Group-2

Group-3

Group-4

2.4 GHz radio

5678

Security profiles

Figure 6. Advanced profile group architecture

Group-5

5 GHz radio

Group-6

Security profiles

Group-7

Group-8

The following figure shows an example of three access point profile groups, in which the first profile group (Group-1) has five security profiles. For each profile in this profile group, the profile name, radio mode, and authentication setting are shown. (Group-1 is the default group in the advanced profile group configuration; you need to create the other profiles groups.)

Figure 7. Example of profile groups with security profiles

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

System Planning

This section includes the following subsections:

• Preinstallation Planning

• Before You Configure a Wireless Controller

Preinstallation Planning

Before you install any wireless controllers, determine the following:

• Number of access points required to provide seamless coverage

• Number of licenses required to cover all access points that need to be managed

• Number of wireless controllers required

• 802.1

NETGEAR recommends that you perform a site survey:

1 frequency band and the channels that are optimal for WiFi usage

• Run a spectrum analysis of channels of the site to determine the current RF behavior and

detect both 802.11 and non-802.1

• Run an access point-to-client connectivity test to determine the maximum throughput

achievable on the client.

• Identify potential RF obstructions and interference sources.

• Determine areas where denser coverage might be required because of heavier usage.

1 noise.

Before You Configure a Wireless Controller

These sections assume that you have deployed at least one wireless controller in your network and are ready to configure the wireless controller. For information about how to deploy the wireless controller in your network, see the ProSAFE Wireless Controller WC9500 Installation Guide that you can download from http://support.netgear.com/product/WC9500.

For many configurations, you can use the default wireless settings. The IP address, VLAN, DHCP server, client authentication, and data encryption settings are specific to your environment. Following are short sections that describe these settings (except for IP address settings, which are self-explanatory). For information about how to configure these settings, see the relevant sections.

Management VLAN

The management VLAN is the dedicated VLAN for access to the wireless controller. All traf fic that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is carried over the management VLAN.

If the management VLAN is also configured as a tagged VLAN (the most common configuration), the packets to and from the wireless controller carry the 802.1Q VLAN header with the assigned VLAN number. If the management VLAN is marked as untagged, the

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

packets that are sent from the wireless controller do not carry the 802.1Q header, and all untagged packets that are sent to the wireless controller are treated as management VLAN traffic.

Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs and

switches on your LAN support 802.1Q. If they do not, and you have not configured a tagged VLAN with the same VLAN ID on the hubs and switches in your network, IP connectivity might be lost.

The wireless controller needs to have IP connectivity with the access points through the management VLAN. If the wireless controller and the access points are on different management VLANs, external VLAN routing needs to allow IP connectivity between the wireless controller and the access points.

For information about how to configure management VLANs, see page 49.

IP and VLAN Settings on

Client VLANs

Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP server, IP address, and Layer 2 connection. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile, the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources. For example, you might place authorized employee users into one VLAN, and itinerant users, such as contractors or guests, into a separate VLAN. To use different VLANs, you need to create different security profiles.

For information about how to configure regular VLANs, see IP and VLAN Settings on page 49.

DHCP Server

The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it. You can add up to 64 DHCP server pools, each assigned to a different VLAN.

Client Authentication and Data Encryption

A user needs to authenticate to the WLAN to be able to access WLAN resources. The

wireless controller supports several types of security methods, including those that require an external RADIUS or LDAP authentication server.

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

The encryption option that you can select depends upon the authentication method that you have selected. The following table lists the authentication methods available, with their corresponding encryption options:

Table 2. Authentication and encryption options

Authentication Method Encryption Option Authentication Server

Open System 64-bit, 128-bit, or 152-bit WEP None Shared Key 64-bit, 128-bit, or 152-bit WEP None WPA-PSK TKIP or TKIP+AES None WPA2-PSK AES or TKIP+AES None WPA-PSK and WPA2-PSK TKIP+AES None WPA TKIP or TKIP+AES One of the following authentication servers:

• External RADIUS server

• Internal authentication server

• External LDAP server

WPA2 AES or TKIP+AES One of the following authentication servers:

• External RADIUS server

• Internal authentication server

• External LDAP server

WPA and WPA2 TKIP+AES One of the following authentication servers:

• External RADIUS server

• Internal authentication server

• External LDAP server

For information about how to configure client authentication, data encryption, and authentication servers, see Chapter 5, Manage Security Profiles and Profile Groups.

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

High-Level Configuration Examples

This section includes the following subsections:

• Single Controller Configuration with Basic Profile Group

• Single Controller Configuration with Advanced Profile Groups

Single Controller Configuration with Basic Profile Group

A basic configuration consists of a single wireless controller that controls a collection of

access points that are organized into the basic default group.

 To set up a single wireless controller system with a basic profile group:

Step Configuration Web Management Interface Path

1. Configure the system and network settings of the wireless

controller:

1. Configure the country code of operation.

2. Configure the time settings.

3. Configure the IP address of the wireless controller.

4. Verify that VLAN 1 is set as the management VLAN and is marked as untagged.

By default, VLAN 1 an untagged management VLAN.

5. If no network DHCP server is accessible to the access points, configure the wireless controller’s DHCP server.

2. Configure up to eight profiles, and for each profile, do at least the following:

1. Configure an SSID for wireless access.

2. Configure the network authentication and data encryption.

3. Assign the VLAN.

4. If necessary for the selected network authentication option,

configure the authentication server.

3. Run the Discovery Wizard and add the access points to the managed access point list.

Configuration > System > General Configuration > System > Time Configuration > System > IP/VLAN

Configuration > System > DHCP Server

Configuration > Profile > Basic

Configuration > Security > Basic > Authentication Server

Access Point > Discovery Wizard

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

Single Controller Configuration with Advanced Profile Groups

A more complex configuration consists of a single wireless controller that controls a collection of access points that are organized in access point profile groups and might use several profiles in each access point profile group.

 To set up a single wireless controller system with advanced profile groups:

Step Configuration Web Management Interface Path

1. Configure the system and network settings of the wireless

controller:

1. Configure the country code of operation.

2. Configure the time settings.

3. Configure the IP address of the wireless controller.

4. Verify that VLAN 1 is set as the management VLAN and is

marked as untagged. By default, VLAN 1 an untagged management VLAN.

5. If no network DHCP server is accessible to the access points,

configure the wireless controller’s DHCP server.

2. Configure up to eight access point profile groups, and for each access point profile in a group, do at least the following:

1. Configure an SSID for wireless access.

2. Configure the network authentication and data encryption.

3. Assign the VLAN.

4. If necessary for the selected network authentication option,

configure the authentication server.

3. Run the Discovery Wizard and add the access points to the managed access point list.

Configuration > System > General Configuration > System > Time Configuration > System > IP/VLAN

Configuration > System > DHCP Server

Configuration > Profile > Advanced

Configuration > Security > Advanced > Authentication Server

Access Point > Discovery Wizard

4. Assign the access points to the access point profile groups (also

referred to as WLAN groups).

Configuration > WLAN Network

Management VLAN and Data VLAN Strategies

If your network includes 10 or more access points, NETGEAR recommends that you set up at least two VLAN groups: a management VLAN group and a data VLAN group. If your network is large, you should create a number of data VLAN groups. Setting up data VLANs for clients allows you to:

• Segregate traffic by user category

• Create different policies such as access policies that are based on user category

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

The following illustration shows a simplified view of how you can use VLANs to segregate traffic by user category:

Internet

Management VLAN 100 Ethernet traffic

Finance VLAN 10 Ethernet traffic

Employee VLAN 20 Ethernet traffic

Network printer

Deploy the wireless controller on a trunk port if you use the internal DHCP server

Wireless controller

WC9500

Finance computer

PoE switch

Finance computer

Employee

computer

Figure 8. Example: Use VLANs to segregate traffic by user categories

Backend L3 switch

or router

Access point WNDAP360

Employee computer

The wireless controller uses the management VLAN to continually exchange packets with the access points. For large networks, if all traffic uses a single VLAN, the client traffic could potentially flood the network. If this happens, and the wireless controller is not able to exchange packets with the access points, it can cause network performance to slow down, and the access points can lose their connectivity with the wireless controller.

If you use the internal DHCP server of the wireless controller, you should deploy the wireless controller on a trunk port on your switch.

The trunk port should have access to all VLANs. Use a high-speed port on your switch as the trunk port to accommodate the traffic load of the trunk. If you use an external DHCP server

, you do not need to deploy the wireless controller

on a trunk port on your switch.

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

High-Level Deployment Scenarios

This section provides three deployment scenarios to illustrate how the wireless controller can function in various network configurations:

• Scenario Example 1: Network with Single VLAN

• Scenario Example 2: Advanced Network with VLANs and SSIDs

• Scenario Example 3: Advanced Network

Scenario Example 1: Network with Single VLAN

The following sample scenario consists of a simple network with a wireless controller, PoE switch, Layer 3 switch or router, and access points:

Internet

Management VLAN Ethernet traffic

All client Ethernet traffic

Deploy the wireless controller on a trunk port if you use the internal DHCP server

Wireless controller

WC9500

Finance computer

PoE switch

Marketing computer

Network printer

Employee computer

Backend L3 switch

or router

Access point

WNDAP360

Employee computer

Figure 9. Example: Basic network with a single VLAN

System Planning and Deployment Scenarios

ProSAFE Wireless Controller WC9500

The access points and wireless controller are connected in the same subnet and use the same IP address range that is assigned for that subnet. There are no routers between the access points and the wireless controller. The access points are connected to a PoE switch, which, in turn, is connected to the wireless controller. The uplink of the PoE switch connects to a Layer 3 switch or router that provides Internet access.

 To provision the wireless controller:

Step Configuration Web Management Interface Path

1. Configure the system and network settings of the wireless

controller:

1. Configure the country code of operation.

2. Configure the time settings.

3. Configure the IP address of the wireless controller.

4. Verify that VLAN 1 is set as the management VLAN and is marked as untagged.

By default, VLAN 1 an untagged management VLAN.

5. If no network DHCP server is accessible to the access points, configure the wireless controller’s DHCP server.

2. Configure up to eight profiles, and for each profile, do at least the following:

1. Configure an SSID for wireless access.

2. Configure the network authentication and data encryption.

3. Assign the VLAN.

4. If necessary for the selected network authentication option,

configure the authentication server.

3. Use any port of the wireless controller to connect the wireless PoE switch.

Configuration > System > General Configuration > System > Time Configuration > System > IP/VLAN

Configuration > System > DHCP Server

Configuration > Profile > Basic

Configuration > Security > Basic > Authentication Server

4. Deploy the access points and connect them to the same wireless

PoE switch.

System Planning and Deployment Scenarios

+ 184 hidden pages

Netgear WC9500 Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

ProSAFE Wireless Controller WC9500

Contents

1. Introduction

Key Features and Capabilities

Package Contents

Hardware Features

Front Panel Ports, Slots, and LEDs

Back Panel Features

Bottom Panel with Product Label

WC9500 Wireless Controller System Components

NETGEAR ProSAFE Access Points

What Can You Do with the WC9500 Wireless Controller?

Licenses

Maintenance and Support

Basic and Advanced Setting Concepts

Profile Group Concepts

Basic Profile

Advanced Profile

System Planning

Preinstallation Planning

Before You Configure a Wireless Controller

High-Level Configuration Examples

Single Controller Configuration with Basic Profile Group

Single Controller Configuration with Advanced Profile Groups

Management VLAN and Data VLAN Strategies

High-Level Deployment Scenarios

Scenario Example 1: Network with Single VLAN