Netgear WC9500 Reference Guide

ProSAFE Wireless Controller WC9500

Reference Manual

May, 2013
202-11224-02

350 East Plumeria Drive
San Jose, CA 95134
USA

ProSAFE Wireless Controller WC9500

Support

Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your product and use it to register your product

at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support.
NETGEAR recommends registering your product through the NETGEAR website. For product updates and web
support, visit http://support.netgear.com.

Phone (US & Canada only): 1-888-NETGEAR.
Phone (Other Countries): Check the list of phone numbers at

http://support.netgear.com/general/contact/default.aspx.

Trademarks

NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. © NETGEAR, Inc. All rights reserved.

Revision History

Publication Part Number Publish Date Comments

202-11224-02 May 2013 Color correction and minor nontechnical edits
202-11224-01 April 2013 First publication

2

Contents

Chapter 1 Introduction

Chapter 2 System Planning and Deployment Scenarios

Key Features and Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Package Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Front Panel Ports, Slots, and LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Back Panel Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Bottom Panel with Product Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

WC9500 Wireless Controller System Components. . . . . . . . . . . . . . . . . . 14

NETGEAR ProSAFE Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

What Can You Do with the WC9500 Wireless Controller? . . . . . . . . . . . . 16

Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Maintenance and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Basic and Advanced Setting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Profile Group Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Basic Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Advanced Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

System Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Preinstallation Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Before You Configure a Wireless Controller . . . . . . . . . . . . . . . . . . . . . 23

High-Level Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Single Controller Configuration with Basic Profile Group . . . . . . . . . . . 26

Single Controller Configuration with Advanced Profile Groups . . . . . . . 27

Management VLAN and Data VLAN Strategies . . . . . . . . . . . . . . . . . . . . 27

High-Level Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Scenario Example 1: Network with Single VLAN. . . . . . . . . . . . . . . . . . 29

Scenario Example 2: Advanced Network with VLANs and SSIDs. . . . . 31

Scenario Example 3: Advanced Network . . . . . . . . . . . . . . . . . . . . . . . 34

Chapter 3 Installation and Configuration Overview

Initial Set up and Log in. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Web Management Interface Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Roadmap for Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Roadmap for Configuring Management of Your Wireless Network. . . . . . 43

Choose a Location for the Wireless Controller . . . . . . . . . . . . . . . . . . . . . 45

Deploy the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Table of Contents | 3

ProSAFE Wireless Controller WC9500

Chapter 4 Configure the System and Network

Settings and Register the Licenses

Configure General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Manage the Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

IP and VLAN Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Management VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Untagged VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Configure the IP and VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Manage the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Register Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Configure the License Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . .54

Register Your Licenses with the License Server . . . . . . . . . . . . . . . . . .55

Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Configure Log, Syslog, Alarm Notification, and Email Settings . . . . . . . . .58

Configure Log Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Configure Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Configure Alarm Notification Settings. . . . . . . . . . . . . . . . . . . . . . . . . . .61

Configure the Email Notification Server . . . . . . . . . . . . . . . . . . . . . . . . .62

Chapter 5 Manage Security Profiles and Profile Groups

Wireless Security Profile Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Small WLAN Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Larger WLAN Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Profile Naming Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Considerations Before You Configure Profiles. . . . . . . . . . . . . . . . . . . .65

Basic and Advanced Security Configuration Concepts . . . . . . . . . . . . .66

Configure Security Profiles for the Basic Profile Group . . . . . . . . . . . . . . .67

Configure Profiles in the Basic Profile Group. . . . . . . . . . . . . . . . . . . . .67

Edit and Remove Profiles in the Basic Profile Group. . . . . . . . . . . . . . .70

Configure Security Profiles for Advanced Profile Groups. . . . . . . . . . . . . .71

Advanced Profile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Configure Profiles in an Advanced Profile Group. . . . . . . . . . . . . . . . . .73

Edit and Remove Profiles in an Advanced Profile Group. . . . . . . . . . . .76

Network Authentication and Data Encryption Options . . . . . . . . . . . . . . . .77

Manage MAC Authentication and MAC Authentication Groups. . . . . . . . .81

Guidelines for External MAC Authentication . . . . . . . . . . . . . . . . . . . . .81

Configure Basic Local MAC Authentication Settings . . . . . . . . . . . . . . .82

Configure Local MAC Authentication Groups. . . . . . . . . . . . . . . . . . . . .84

Manage Authentication Servers and Authentication Server Groups . . . . .85

Configure Basic Authentication Server Settings. . . . . . . . . . . . . . . . . . .86

Configure RADIUS Authentication Server Groups. . . . . . . . . . . . . . . . .88

Chapter 6 Discover and Manage Access Points

Access Point Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

General Discovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Layer 3 Discovery Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

4

ProSAFE Wireless Controller WC9500

Discover Access Points with the Discovery Wizard . . . . . . . . . . . . . . . . . .92

Access Points in Factory Default State and Access Points in

a Layer 2 Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Access Points Installed and Working in Standalone Mode in

Different Layer 3 Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Manage the Managed AP List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

View the Managed AP List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

Edit Access Point Information on the Managed AP List . . . . . . . . . . . .101

Remove Access Points from the Managed AP List . . . . . . . . . . . . . . .104

Assign Access Points to Advanced Profile Groups . . . . . . . . . . . . . . . . .104

Chapter 7 Manage Rogue Access Points,

Guest Network Access, and Users

Manage Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Configure Basic Rogue Detection Settings. . . . . . . . . . . . . . . . . . . . . .108

Classify Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

Import a List of Known Access Points from a File . . . . . . . . . . . . . . . .110

Manage Guest Network Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Portal Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Configure a Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Manage Users, Accounts, and Passwords. . . . . . . . . . . . . . . . . . . . . . . .116

Add a Management User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Add a WiFi Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Add a Captive Portal Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Add a Captive Portal User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

Edit or Remove a User or Account. . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Export a List of Users or Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Chapter 8 Configure Wireless and QoS Settings

Basic and Advanced Wireless and QoS Configuration Concepts . . . . . .125

Configure the Radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

Configure the Radio for the Basic Profile Group. . . . . . . . . . . . . . . . . .126

Configure the Radio for an Advanced Profile Group . . . . . . . . . . . . . .127

Configure Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Configure Wireless Settings for the Basic Profile Group . . . . . . . . . . .128

Override Channel and Transmission Power in the Basic Profile Group131

Configure Wireless Settings for an Advanced Profile Group . . . . . . . .133

Override Channel and Transmission Power in an Advanced

Profile Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Configure Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137

Specify RF Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

WLAN Healing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

RF Management for the Basic Profile Group . . . . . . . . . . . . . . . . . . . .141

RF Management for an Advanced Profile Group . . . . . . . . . . . . . . . . .142

Configure QoS for Advanced Profile Groups . . . . . . . . . . . . . . . . . . . . . .144

Configure Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147

Configure Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148

5

ProSAFE Wireless Controller WC9500

Rate Limiting for the Basic Profile Group . . . . . . . . . . . . . . . . . . . . . . .149

Rate Limiting for an Advanced Profile Group. . . . . . . . . . . . . . . . . . . .150

Chapter 9 Maintain the Wireless Controller and Access Points

Manage the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

Back Up the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

Restore the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Reboot or Reset the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . .156

Manage Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Specify Session Time-Outs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

View Alerts and Events and Save the Logs . . . . . . . . . . . . . . . . . . . . . . .159

Query the System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

View Alerts and Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162

Manage Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

View Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

Retrieve Your Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Reboot Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Configure Multicast Firmware Upgrade for Access Points. . . . . . . . . . . .168

Change the Multicast Firmware Upgrade Settings. . . . . . . . . . . . . . . .169

Disable Multicast Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . .169

Chapter 10 Monitor the Wireless Network and Its Components

Common Tasks on the Monitoring Screens. . . . . . . . . . . . . . . . . . . . . . .172

Monitor the Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173

View the Wireless Controller Summary Screen . . . . . . . . . . . . . . . . . .173

View Wireless Controller Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

View Access Points Managed by the Wireless Controller . . . . . . . . . .176

View Clients Managed by the Wireless Controller . . . . . . . . . . . . . . . .180

View Neighboring Clients Detected by the Wireless Controller . . . . . .184

View Neighboring Access Points Detected by the Wireless Controller 185

View Security Profiles Managed by the Wireless Controller. . . . . . . . .186

View DHCP Leases Provided by the Wireless Controller. . . . . . . . . . .187

View Captive Portal Users Managed by the Wireless Controller . . . . .188

Monitor the SSIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188

Monitor Local Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Chapter 11 Troubleshooting

Troubleshoot Basic Functioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Power LED Is Not Lit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Status LED Never Turns Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Ethernet Port LEDs Are Not Lit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Troubleshoot the Web Management Interface. . . . . . . . . . . . . . . . . . . . .199

Ethernet Cabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

IP Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Internet Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

6

ProSAFE Wireless Controller WC9500

Troubleshoot a TCP/IP Network Using the Ping Utility. . . . . . . . . . . . . . .200

Use the Reset Button to Restore Default Settings . . . . . . . . . . . . . . . . . .201

Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Problems with Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Discovery Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

Network Performance and Rogue Access Point Detection . . . . . . . . .203

Use the Diagnostic Tools on the Wireless Controller. . . . . . . . . . . . . . . .203

Appendix A Factory Default Settings and Technical Specifications

Factory Default Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Password Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Index

7

1. Introduction

This chapter includes the following sections:

• Key Features and Capabilities

• Package Contents

• Hardware Features

• WC9500 Wireless Controller System Components

• NETGEAR ProSAFE Access Points

• What Can You Do with the WC9500 Wireless Controller?

• Licenses

• Maintenance and Support

Note: For more information about the topics covered in this manual, visit

the support website at http://support.netgear.com.

1

Note: Firmware updates with new features and bug fixes are made

available from time to time on downloadcenter.netgear.com. Some
products can regularly check the site and download new firmware,
or you can check for and download new firmware manually
features or behavior of your product do not match what is described
in this guide, you might need to update your firmware.

8

. If the

ProSAFE Wireless Controller WC9500

Key Features and Capabilities

The NETGEAR ProSAFE Wireless Controller WC9500 is a high-capacity, secured wireless
controller intended for medium- to large-sized businesses, higher education institutions,
hospitals, and hotels.

One wireless controller with the appropriate licenses can support up to 600 access points
(APs) with up to 6,000 users. In a stacked configuration (supported in a future release), a
stack of three wireless controllers can support up to 18,000 users. The wireless controller
supports the IEEE 802.1
wireless controller allows you to manage your wireless network from a central point,
implement security features centrally, support Layer 2 and Layer 3 fast roaming, configure a
guest access captive portal, and support voice over Wi-Fi (VoWi-Fi).

The wireless controller is equipped with two 10 Gigabit Ethernet (10GbE) slots with standard
SFP+ form factor for optional 10GBASE or 1000BASE GBICs. One RJ-45 Gigabit Ethernet
port is available to access the wireless controller for management and for data and control
communications between the wireless controller and the access points.

1a/b/g/n protocols and is 802.11ac ready for future deployment. The

The wireless controller provides the following key features and capabilities:

• Scalable architecture

- Purchased licenses in increments of 10, 50, or 100 access points allow for support of

up to a maximum number of 200 access points on a single wireless controller.
single license for 200 access points is also available.

- Support of 802.11a, 802.1

1b, 802.11g, and 802.11n modes. Ready for 802.11ac

mode for future deployment.

- Support for an extra power supply.

• Autodiscovery of access points

- Autodiscovery of access points in the same Layer 2 domain.

- Autodiscovery of access points across a Layer 3 domain.

- Automatic download of wireless controller–based firmware to discovered access

points that are added to the managed access point list.

• Centralized management

- Single point of management for the entire wireless network.

- Automatic firmware upgrade to all managed access points.

- DHCP server for IP address provisioning.

- Configurable management VLAN.

• Security

- Identity-based security authentication with an external RADIUS or LDAP (Active

Directory) server

- Support for nine access point profile groups

, or with an internal authentication server

1

(one basic and eight advanced) on one

.

wireless controller.

A

1. Number of profile groups depends on the access point model used with the wireless controller.

Introduction

9

ProSAFE Wireless Controller WC9500

- Up to eight profiles per access point profile group and eight profiles per radio

(therefore, dual-band access points can support up to 16 profiles in one access point
profile group).

- Support for up to 144 profiles

1

on one wireless controller (eight profiles per access
point group and eight groups per radio). Each profile supports settings for SSID,
network authentication, data encryption, client separation, VLAN, MAC ACL, and
wireless QoS.

- Rogue access point detection and classification.

- Guest access and captive portal access with cost and expiration accounting.

- Scheduled wireless on/of

f times.

• Wi-Fi Multimedia Quality of Service and advanced wireless features

- Wi-Fi Multimedia (WMM) support for video, audio, and voice over Wi-Fi (VoWi-Fi).

- WMM power save option.

- Automatic WLAN healing mechanism ensures seamless coverage for wireless users.

- Layer 2 and Layer 3 seamless roaming support.

- Local Layer 2 traf

fic switching and Layer 3 traf

fic processing at access point level for

fast processing.

• RF management

- Automatic control of access point transmit power and channel allocation to reduce

interference.

- Automatic load balancing of clients across access points.

- Rate limiting per profile.

• Monitoring and reporting

- Monitoring of the status of the network, wireless controllers, WLANs, and clients, and

network usage statistics.

- Specific health monitoring of access points.

- Logging and emailing of system events, RF events, load-balancing events, and

rate-limiting events.

For a list of all features and capabilities of the wireless controller, see the datasheet that you
can download from http://support.netgear.com/product/WC9500.

1. Number of profiles depends on the access point model used with the wireless controller.

Introduction

10

ProSAFE Wireless Controller WC9500

Package Contents

The ProSAFE Wireless Controller WC9500 product package contains the following items:

• ProSAFE Wireless Controller WC9500 appliance

• One

• Rubber feet (four) with adhesive backing

• One rack-mount kit

• Straight-through Category 5 Ethernet cable

• ProSAFE W

AC power cable

ireless Controller WC9500 Installation Guide

If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer
the carton, including the original packing materials, in case you need to return the product for
repair.

Hardware Features

The front panel ports, slots, and LEDs, back panel components, and bottom label of the
wireless controller are described in this section.

Front Panel Ports, Slots, and LEDs

The following figure shows the front panel of the wireless controller.

Figure 1. Front panel

The following figure shows a close-up of the left side of the front panel.

. Keep

USB port

Reset

Power

Status

Fan

Stack
Master

ID

USB

Digital access point counter

LED Mode:
Green= Link at 10G, Blink Green=10G Active,
Yellow=Link at 1G, Blink Yellow=1G Active

Reset button
LEDs (top to bottom):
Power, Status, Fan, Stack Master

Figure 2. Front panel close-up

Slots and LEDs

for optional

SFP GBIC modules

Introduction

11

LED Mode:
Left LED: Green=Link at 1G E,
Yellow=Link at 10/100M
Right LED:Green=Link,
Green Blink=Active

Ethernet port and LEDs

ProSAFE Wireless Controller WC9500

From left to right, the wireless controller’s front panel shows the following counter, LEDs,
button, ports, and slots:

• Digital counter. Displays the number of connected access points that are in a healthy

state.

• From top to bottom:

- Power LED

- Status LED

- Fan LED

- Stack Master LED

These LEDs are described in Table 1 on page 12.

• Reset button. Using a sharp object, press and hold this button for about 10 seconds until

the Status LED flashes and the wireless controller returns to factory default settings. If
you reset the wireless controller, all configuration settings are lost and the default
password is restored.

• USB port.

Allows for external storage for floor heat maps, which will be supported in a

future release.

• SFP slots

. T

wo SFP slots for optional 10GE SFP+ or 1G SFP gigabit interface converters

(GBICs), each slot with an LED.

• Ethernet port. One 10/100/1000 Mbps LAN Ethernet port with an RJ-45 connector, left

LED, and right LED.

The Ethernet port provides switched N-way, automatic speed

negotiating, auto MDI/MDIX technology.

• Console port. RS232 port for connecting to an optional console terminal. The port has a

DB9 male connector

. The default baud rate is 9600 K. The configuration is 8 bits, no
parity, and 1 stop bit. The console port is for debugging under guidance of NETGEAR
technical support only.

The function of each LED is described in the following table:

Table 1. LED functions

LED Status Description
Power LED Green The green Power LED should be lit when the wireless controller is on.

Off If the power LED is not lit when the wireless controller is on, check the

connections and check to see if the power outlet is controlled by a wall
switch that is turned off (see

Status LED Yellow The wireless controller is initializing. After approximately two minutes, when

the wireless controller has completed its initialization, the Status LED turns
green. If the Status LED remains yellow

Status LED Never T

urns Off on page 198).

Power LED Is Not Lit on page 198).

, the initialization has failed (see

Green The wireless controller has completed its initialization successfully. The

Status LED should be steady green during normal operation.

Introduction

12

ProSAFE Wireless Controller WC9500

Table 1. LED functions (continued)

LED Status Description
Status LED

(continued)

Fan LED Green The fans are functioning correctly.

Stack Master
LED

SFP slot LEDs Green The slot is operating at 10G.

Left Ethernet
port LED

Off The wireless controller does not have power.
Blinking yellow Firmware is being upgraded.

Yellow One or more fans are not functioning correctly.
Green The wireless controller functions as the primary controller (master) in a stack.

(Stacking will be supported in a future release.)

Yellow The wireless controller functions as a secondary controller (slave) in a stack.

(Stacking will be supported in a future release.)

Blinking green Data is being transmitted or received at 10G.
Yellow The slot is operating at 1G.
Blinking yellow Data is being transmitted or received at 1G.
Off The port has no physical link, that is, no Ethernet cable is plugged into the

wireless controller (see Ethernet Port LEDs Are Not Lit on page 199).
Green The port has detected a link with a connected Ethernet device.
Blinking green Data is being transmitted or received by the port.

Right Ethernet
port LED

Off The port has no physical link, that is, no Ethernet cable is plugged into the

wireless controller (see Ethernet Port LEDs Are Not Lit on page 199).
Green The port is operating at 1000 Mbps.
Yellow The port is operating at 100 Mbps or 10 Mbps.

Back Panel Features

The wireless controller comes with a single internal power supply but supports an optional
second power supply for power redundancy. The power supplies are hot-swappable.

The following figure shows the back panel components of the wireless controller with a single
power supply.

Power supply

Figure 3. Back panel

Slot for an optional
second power supply

Introduction

13

ProSAFE Wireless Controller WC9500

From left to right, the wireless controller’s back panel components are:

• Power supply. 100–240V, 5A, 47–63 Hz power supply, which includes the following

external components:

- AC power socket. Attach the power cord to this socket. (There is no separate on/off

power switch.)

- Handle

- LED. The LED is lit green when the power supply functions correctly

power is not supplied to the power supply, or there is a problem.

• Fans

. The handle allows for easy removal and insertion.

. If the LED is off,

. Two double fans, each of which can be easily exchanged.

Bottom Panel with Product Label

The product label on the bottom of the wireless controller’s enclosure displays the default IP
address, default user name, and default password, as well as regulatory compliance, input
power, and other information.

Figure 4. Product label

WC9500 Wireless Controller System Components

A WC9500 wireless controller system consists of one or more wireless controllers and a

collection of access points that are organized into groups based on location or network
access.

The wireless controller system can include a single wireless controller, a single wireless
controller with a backup wireless controller for N:1 redundancy, or a group of up to three
stacked wireless controllers, with or without a redundant wireless controller. Redundancy and
stacking will be supported in a future release.

Introduction

14

ProSAFE Wireless Controller WC9500

The WC9500 wireless controller system supports the following access point models:

• NETGEAR WNAP210v2 ProSAFE Wireless-N Access Point

• NETGEAR WNAP320 ProSAFE Wireless-N Access Point

• NETGEAR WNDAP350 ProSAFE Dual Band Wireless-N Access Point

• NETGEAR WNDAP360 ProSAFE Dual Band Wireless-N Access Point

• NETGEAR WNDAP380R ProSAFE Dual Band Wireless-N Access Point with RFID

support

Future releases might support additional access point models.

NETGEAR ProSAFE Access Points

Y ou can connect access points to the wireless controller either directly with an Ethernet cable
through a router or switch, or remotely through an IP network. After you have used the
automatic discovery process and added access points to the managed access point list on
the wireless controller, the wireless controller converts the standard access points to
dependent access points by pushing firmware to the access points. From then on, you can
centrally manage and monitor the access points.

A WC9500 wireless controller system can support the following access points:

• WNAP210v2 ProSAFE W

- Supports 802.11b, 802.1

- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.

- All WNAP210v2 firmware versions are supported.

For product documentation and firmware, see

http://downloadcenter

Note: The WNAP210v1 (also referred to as just the WNAP210 without a

version number) cannot function in a WC9500 wireless controller system, but
the WNAP210v2 can.

• WNAP320 ProSAFE W

- Supports 802.11b, 802.1

- Supports Power over Ethernet (PoE) with a power consumption of up to 5.8W.

- Accepts optional antennas.

- Requires minimum firmware version 2.1.1 or a newer version.

For product documentation and firmware, see

http://downloadcenter

ireless-N

1g, and 802.11n network devices.

.netgear.com/en/product/WNAP210.

ireless-N

1g, and 802.11n network devices.

.netgear.com/en/product/WNAP320.

Access Point

Access Point

• WNDAP350 ProSAFE Dual Band W

- Supports 802.11a, 802.1

- Supports PoE with a power consumption of up to 10.75W.

1b, 802.11g, and 802.11n network devices.

ireless-N

Introduction

15

Access Point

ProSAFE Wireless Controller WC9500

- Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode.

- Accepts optional antennas.

- Requires minimum firmware version 2.1.7 or a newer version.

For product documentation and firmware, see

http://support.netgear.com/product/WNDAP350.

• WNDAP360 ProSAFE Dual Band W

- Supports 802.11a, 802.1

- Supports PoE with a power consumption of up to 10.51W.

- Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode.

- Accepts optional antennas.

- Requires minimum firmware version 2.1.6 or a newer version.

For product documentation and firmware, see

http://support.netgear

• WNDAP380R ProSAFE Dual Band W

- Supports 802.11a, 802.1

- Supports PoE with a power consumption of up to 10.51W.

- Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode.

- Can integrate an RFID module for support of RFID devices and tags.

- All WNDAP380R firmware versions are supported.

For product documentation and firmware, see

http://support.netgear

.com/product/WNDAP360.

.com/product/WNDAP380R.

1b, 802.11g, and 802.11n network devices.

1b, 802.11g, and 802.11n network devices.

ireless-N

ireless-N

Access Point

Access Point with RFID support

What Can You Do with the WC9500 Wireless Controller?

These are some of the tasks that you can perform with a WC9500 wireless controller:

• Organize the Network

- Create access point profiles. Organize access points in profiles to dif

between SSIDs, client authentication, authentication settings, and wireless QoS
settings.

- Create access point profile

profile groups to differentiate between buildings, floors, businesses, business
divisions, and so on. Easily assign access points to profile groups or change
assignments.

For more information, see

Chapter 5, Manage Security Profiles and Profile Groups.

groups. Organize access point profiles in access point

Introduction

ferentiate

16

ProSAFE Wireless Controller WC9500

• Discover Access Points in the Network and Provision IP Addresses and Firmware

- Discover access points in the network. The access points can be in factory default

state or functioning in standalone mode, but after discovery by the wireless controller
and addition to the managed access point list, the access points become dependent
(managed) access points.

- Provision IP addresses to the access points. Use the internal DHCP server to

provision IP addresses to all or selected managed access points in the network.

- Upgrade access point firmware. Update and synchronize new firmware versions to

all managed access points in the network.

For more information, see Chapter 6, Discover and Manage Access Points.

• Centrally Manage Security in the Network

- Manage secure access to the network and secure data transmission. Manage

client authentication, encryption, wireless client security separation, and MAC
authentication in access point profiles.

- Manage authentication servers for the network. Manage all internal and external

authentication servers for the entire network or for access point profile groups.

- Manage MAC authentication. Specify trusted and untrusted MAC addresses for the

entire network.

- Manage rogue access points. Manage rogue access points and their associated

clients in the network.

- Manage guest access. Manage guest access and captive portal access to the

network.

For more information, see Chapter 7, Manage Rogue Access Points, Guest Network

Access, and Users.

• Centrally Manage the W

ireless Settings for the Network

- Schedule the radios. Schedule the entire network to go offline, or schedule access

point profile groups to go of

fline.

- Manage wireless settings and channel allocation. Manage the wireless settings

such as wireless mode, data rate, and channel width for the entire network or for
access point profile groups, and manage channel allocation for the entire network.

- Manage QoS settings. Manage QoS queue settings for data, background, video,

and voice traffic for access point profile groups.

- Configure RF management settings. Configure WLAN healing and wireless

coverage hole detection for the entire network or for access point profile groups.

For more information, see

Chapter 8, Configure Wireless and QoS Settings.

• Monitor the Network and Its Components

- Monitor the status of all wireless devices. V

iew the status of the wireless
controllers, access points, clients, access point profiles, and the entire network, and
view network usage statistics.

- Monitor network health

. See which access points are healthy and which ones are

down or compromised.

Introduction

17

ProSAFE Wireless Controller WC9500

For more information, see Chapter 10, Monitor the Wireless Network and

Its Components.

Licenses

By default, the wireless controller comes with a trial license for five access points. You need
to purchase and register licenses for the access points in your network. You can purchase a
single 200–access point license or licenses in 10–, 50–, or 100–access point increments for
support of up to 200 access points on a single wireless controller:

• 10–AP license. WC10APL

• 50–AP license. WC50APL

• 100–AP license. WC100APL

• 200–AP license. WC200APL

Licenses are tied to the serial number of the wireless controller.
For more information, see the datasheet that you can download from

http://support.netgear.com/product/WC9500.

For information about how to register and manage your licenses, see Register Your Licenses
on page 54 and Manage Licenses on page 165.

Maintenance and Support

NETGEAR offers technical support seven days a week, 24 hours a day. Information about
support is available on the NETGEAR ProSupport website at

http://kb.netgear.com/app/answers/detail/a_id/212.

Introduction

18

2. System Planning and Deployment

Scenarios

This chapter includes the following sections:

• Basic and Advanced Setting Concepts

• Profile Group Concepts

• System Planning

• High-Level Configuration Examples

• Management VLAN and Data VLAN Strategies

• High-Level Deployment Scenarios

2

19

ProSAFE Wireless Controller WC9500

Basic and Advanced Setting Concepts

Y ou can deploy the wireless controller in a small wireless network with 10 or 20 access points
or in a large wireless network with up to 600 access points. Small networks require a basic
configuration, but large networks can become very complex and require you to configure the
advanced features of the wireless controller.

Depending on your network configuration, use basic settings or advanced settings to manage
your access points:

• Basic settings for a typical network. The basic settings work with most common

network configurations. For example, all access points on the WLAN are for the same
organization or business and therefore adhere to the same policies and use a small
number of service set identifiers (SSIDs, or network names).

• Advanced settings for access point profile groups. If you have a large wireless

network, or if separate networks share a single WLAN, use the advanced settings to set
up multiple access point profile groups with multiple security profiles (SSIDs with
associated security settings). For example, a shopping mall might need several access
point profile groups if several businesses share a WLAN but each business has its own
network. Larger networks could require multiple access point profile groups to allow

ferent policies per building or department. The access points could have dif

dif
security profiles per building and department, for example, one for guests, one for
management, and one for sales.

ferent

Note: Access point profile groups are also referred to as just profile

groups.
Profiles, security profiles, and SSIDs (that is, SSIDs with associated
security settings) are terms that are interchangeable.

To accommodate all types of networks, almost all configuration menus of the web
management interface are divided into basic and advanced submenus. The following figure
shows an example of the Configuration > Security > Basic submenu on the left and the
Configuration > Security > Advanced submenu on the right:

Figure 5. Basic and advanced submenus

System Planning and Deployment Scenarios

20

ProSAFE Wireless Controller WC9500

Before you start the configuration of your wireless controller, decide whether you can use a
basic configuration (that is, follow the Basic submenus) or need to use an advanced
configuration (that is, follow the Advanced submenus). Once you have made your choice,
configuring the wireless controller should be fairly easy if you consistently follow either the
Basic submenus or the Advanced submenus.

Profile Group Concepts

Each access point can support up to eight security profiles (16 for dual-band access points),
each with its own SSID, security settings, MAC ACL, rate-limiting settings, WMM, and so on.

The wireless controller follows the same architecture. A profile group on the wireless
controller includes all the features that you can configure for an individual access point: up to
eight profiles (16 for dual-band access points), each of which has its own SSID, security,
MAC ACL, rate-limiting settings, WMM settings, and so on.

Basic Profile

The basic profile includes all the settings that are required to configure a fully functional
access point with up to eight security profiles (16 for dual-band access points).

After you have used the automatic discovery process and added access points to the
managed AP list on the wireless controller, the access points are assigned by default to the
basic profile group.

If your network requires the wireless controller to manage multiple access points with
different configurations, use the advanced profile.

Advanced Profile

The advanced profile lets you configure up to eight access point profile groups. Each group
includes all the settings that are required to configure a fully functional access point with up to
eight security profiles (16 for dual-band access points).

For example, if there are four buildings, each with a different wireless network, you simply
create four profile groups. Y
group, all access points in another building to a second profile group, and so on.

For each profile group, you can create an individual radio on/off schedule, RF management
settings, MAC ACL authentication, and an authentication server
group (2.4 GHz radio and 5 GHz radio), you can create individual wireless settings, WMM,
and rate-limit settings.

ou then assign all access points in one building to one profile

. For each radio in a profile

The following figure shows the advanced profile group architecture. The structure that is
shown under Group-1 is implemented in all profile groups (that is, Group-2 through Group-8):

System Planning and Deployment Scenarios

21

ProSAFE Wireless Controller WC9500

Group-1

Group-2

Group-3

Group-4

2.4 GHz
radio

1

2

34

5678

Security profiles

Figure 6. Advanced profile group architecture

Group-5

5 GHz
radio

1

Group-6

23

Security profiles

Group-7

4

56

Group-8

78

The following figure shows an example of three access point profile groups, in which the first
profile group (Group-1) has five security profiles. For each profile in this profile group, the
profile name, radio mode, and authentication setting are shown. (Group-1 is the default group
in the advanced profile group configuration; you need to create the other profiles groups.)

Figure 7. Example of profile groups with security profiles

System Planning and Deployment Scenarios

22

ProSAFE Wireless Controller WC9500

System Planning

This section includes the following subsections:

• Preinstallation Planning

• Before You Configure a Wireless Controller

Preinstallation Planning

Before you install any wireless controllers, determine the following:

• Number of access points required to provide seamless coverage

• Number of licenses required to cover all access points that need to be managed

• Number of wireless controllers required

• 802.1

NETGEAR recommends that you perform a site survey:

1 frequency band and the channels that are optimal for WiFi usage

• Run a spectrum analysis of channels of the site to determine the current RF behavior and

detect both 802.11 and non-802.1

• Run an access point-to-client connectivity test to determine the maximum throughput

achievable on the client.

• Identify potential RF obstructions and interference sources.

• Determine areas where denser coverage might be required because of heavier usage.

1 noise.

Before You Configure a Wireless Controller

These sections assume that you have deployed at least one wireless controller in your
network and are ready to configure the wireless controller. For information about how to
deploy the wireless controller in your network, see the ProSAFE Wireless Controller WC9500
Installation Guide that you can download from http://support.netgear.com/product/WC9500.

For many configurations, you can use the default wireless settings. The IP address, VLAN,
DHCP server, client authentication, and data encryption settings are specific to your
environment. Following are short sections that describe these settings (except for IP address
settings, which are self-explanatory). For information about how to configure these settings,
see the relevant sections.

Management VLAN

The management VLAN is the dedicated VLAN for access to the wireless controller. All traf fic
that is directed to the wireless controller, including HTTP, HTTPS, SNMP, and SSH traffic, is
carried over the management VLAN.

If the management VLAN is also configured as a tagged VLAN (the most common
configuration), the packets to and from the wireless controller carry the 802.1Q VLAN header
with the assigned VLAN number. If the management VLAN is marked as untagged, the

System Planning and Deployment Scenarios

23

ProSAFE Wireless Controller WC9500

packets that are sent from the wireless controller do not carry the 802.1Q header, and all
untagged packets that are sent to the wireless controller are treated as management VLAN
traffic.

Note: Use a tagged VLAN or change the tagged VLAN ID only if the hubs and

switches on your LAN support 802.1Q. If they do not, and you have not
configured a tagged VLAN with the same VLAN ID on the hubs and
switches in your network, IP connectivity might be lost.

The wireless controller needs to have IP connectivity with the access points through the
management VLAN. If the wireless controller and the access points are on different
management VLANs, external VLAN routing needs to allow IP connectivity between the
wireless controller and the access points.

For information about how to configure management VLANs, see
page 49.

IP and VLAN Settings on

Client VLANs

Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP
server, IP address, and Layer 2 connection. Although you could place all authenticated
wireless users into the single VLAN that is specified in the basic security profile, the wireless
controller allows you to group wireless users into separate VLANs based on the wireless
SSID to differentiate access to network resources. For example, you might place authorized
employee users into one VLAN, and itinerant users, such as contractors or guests, into a
separate VLAN. To use different VLANs, you need to create different security profiles.

For information about how to configure regular VLANs, see IP and VLAN Settings on
page 49.

DHCP Server

The wireless controller can function as a DHCP server and assign IP addresses to both
wireless and wired devices that are connected to it. You can add up to 64 DHCP server pools,
each assigned to a different VLAN.

Client Authentication and Data Encryption

A user needs to authenticate to the WLAN to be able to access WLAN resources. The

wireless controller supports several types of security methods, including those that require an
external RADIUS or LDAP authentication server.

System Planning and Deployment Scenarios

24

ProSAFE Wireless Controller WC9500

The encryption option that you can select depends upon the authentication method that you
have selected. The following table lists the authentication methods available, with their
corresponding encryption options:

Table 2. Authentication and encryption options

Authentication Method Encryption Option Authentication Server

Open System 64-bit, 128-bit, or 152-bit WEP None
Shared Key 64-bit, 128-bit, or 152-bit WEP None
WPA-PSK TKIP or TKIP+AES None
WPA2-PSK AES or TKIP+AES None
WPA-PSK and WPA2-PSK TKIP+AES None
WPA TKIP or TKIP+AES One of the following authentication servers:

• External RADIUS server

• Internal authentication server

• External LDAP server

WPA2 AES or TKIP+AES One of the following authentication servers:

• External RADIUS server

• Internal authentication server

• External LDAP server

WPA and WPA2 TKIP+AES One of the following authentication servers:

• External RADIUS server

• Internal authentication server

• External LDAP server

For information about how to configure client authentication, data encryption, and
authentication servers, see Chapter 5, Manage Security Profiles and Profile Groups.

System Planning and Deployment Scenarios

25

ProSAFE Wireless Controller WC9500

High-Level Configuration Examples

This section includes the following subsections:

• Single Controller Configuration with Basic Profile Group

• Single Controller Configuration with Advanced Profile Groups

Single Controller Configuration with Basic Profile Group

A basic configuration consists of a single wireless controller that controls a collection of

access points that are organized into the basic default group.

 To set up a single wireless controller system with a basic profile group:

Step Configuration Web Management Interface Path

1. Configure the system and network settings of the wireless

controller:

1. Configure the country code of operation.

2. Configure the time settings.

3. Configure the IP address of the wireless controller.

4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged.

By default, VLAN 1 an untagged management VLAN.

5. If no network DHCP server is accessible to the access points,
configure the wireless controller’s DHCP server.

2. Configure up to eight profiles, and for each profile, do at least the
following:

1. Configure an SSID for wireless access.

2. Configure the network authentication and data encryption.

3. Assign the VLAN.

4. If necessary for the selected network authentication option,

configure the authentication server.

3. Run the Discovery Wizard and add the access points to the
managed access point list.

Configuration > System > General
Configuration > System > Time
Configuration > System > IP/VLAN

Configuration > System > DHCP
Server

Configuration > Profile > Basic

Configuration > Security > Basic >
Authentication Server

Access Point > Discovery Wizard

System Planning and Deployment Scenarios

26

ProSAFE Wireless Controller WC9500

Single Controller Configuration with Advanced Profile Groups

A more complex configuration consists of a single wireless controller that controls a collection
of access points that are organized in access point profile groups and might use several
profiles in each access point profile group.

 To set up a single wireless controller system with advanced profile groups:

Step Configuration Web Management Interface Path

1. Configure the system and network settings of the wireless

controller:

1. Configure the country code of operation.

2. Configure the time settings.

3. Configure the IP address of the wireless controller.

4. Verify that VLAN 1 is set as the management VLAN and is

marked as untagged.
By default, VLAN 1 an untagged management VLAN.

5. If no network DHCP server is accessible to the access points,

configure the wireless controller’s DHCP server.

2. Configure up to eight access point profile groups, and for each
access point profile in a group, do at least the following:

1. Configure an SSID for wireless access.

2. Configure the network authentication and data encryption.

3. Assign the VLAN.

4. If necessary for the selected network authentication option,

configure the authentication server.

3. Run the Discovery Wizard and add the access points to the
managed access point list.

Configuration > System > General
Configuration > System > Time
Configuration > System > IP/VLAN

Configuration > System > DHCP
Server

Configuration > Profile > Advanced

Configuration > Security >
Advanced > Authentication Server

Access Point > Discovery Wizard

4. Assign the access points to the access point profile groups (also

referred to as WLAN groups).

Configuration > WLAN Network

Management VLAN and Data VLAN Strategies

If your network includes 10 or more access points, NETGEAR recommends that you set up
at least two VLAN groups: a management VLAN group and a data VLAN group. If your
network is large, you should create a number of data VLAN groups. Setting up data VLANs
for clients allows you to:

• Segregate traffic by user category

• Create different policies such as access policies that are based on user category

System Planning and Deployment Scenarios

27

ProSAFE Wireless Controller WC9500

The following illustration shows a simplified view of how you can use VLANs to segregate
traffic by user category:

Internet

Management VLAN 100 Ethernet traffic

Finance VLAN 10 Ethernet traffic

Employee VLAN 20 Ethernet traffic

Network printer

Deploy the wireless controller
on a trunk port if you use the
internal DHCP server

Wireless controller

WC9500

Finance
computer

PoE switch

Finance
computer

Employee

Employee

computer

computer

Figure 8. Example: Use VLANs to segregate traffic by user categories

Backend L3 switch

or router

Access point
WNDAP360

Employee
computer

The wireless controller uses the management VLAN to continually exchange packets with the
access points. For large networks, if all traffic uses a single VLAN, the client traffic could
potentially flood the network. If this happens, and the wireless controller is not able to
exchange packets with the access points, it can cause network performance to slow down,
and the access points can lose their connectivity with the wireless controller.

If you use the internal DHCP server of the wireless controller, you should deploy the wireless
controller on a trunk port on your switch.

The trunk port should have access to all VLANs.
Use a high-speed port on your switch as the trunk port to accommodate the traffic load of the
trunk. If you use an external DHCP server

, you do not need to deploy the wireless controller

on a trunk port on your switch.

System Planning and Deployment Scenarios

28

ProSAFE Wireless Controller WC9500

High-Level Deployment Scenarios

This section provides three deployment scenarios to illustrate how the wireless controller can
function in various network configurations:

• Scenario Example 1: Network with Single VLAN

• Scenario Example 2: Advanced Network with VLANs and SSIDs

• Scenario Example 3: Advanced Network

Scenario Example 1: Network with Single VLAN

The following sample scenario consists of a simple network with a wireless controller, PoE
switch, Layer 3 switch or router, and access points:

Internet

Management VLAN Ethernet traffic

All client Ethernet traffic

Deploy the wireless controller
on a trunk port if you use the
internal DHCP server

Wireless controller

WC9500

Finance
computer

PoE switch

Marketing
computer

Network printer

Employee
computer

Backend L3 switch

or router

Access point

WNDAP360

Employee
computer

Figure 9. Example: Basic network with a single VLAN

System Planning and Deployment Scenarios

29

ProSAFE Wireless Controller WC9500

The access points and wireless controller are connected in the same subnet and use the
same IP address range that is assigned for that subnet. There are no routers between the
access points and the wireless controller. The access points are connected to a PoE switch,
which, in turn, is connected to the wireless controller. The uplink of the PoE switch connects
to a Layer 3 switch or router that provides Internet access.

 To provision the wireless controller:

Step Configuration Web Management Interface Path

1. Configure the system and network settings of the wireless

controller:

1. Configure the country code of operation.

2. Configure the time settings.

3. Configure the IP address of the wireless controller.

4. Verify that VLAN 1 is set as the management VLAN and is
marked as untagged.

By default, VLAN 1 an untagged management VLAN.

5. If no network DHCP server is accessible to the access points,
configure the wireless controller’s DHCP server.

2. Configure up to eight profiles, and for each profile, do at least the
following:

1. Configure an SSID for wireless access.

2. Configure the network authentication and data encryption.

3. Assign the VLAN.

4. If necessary for the selected network authentication option,

configure the authentication server.

3. Use any port of the wireless controller to connect the wireless
PoE switch.

Configuration > System > General
Configuration > System > Time
Configuration > System > IP/VLAN

Configuration > System > DHCP
Server

Configuration > Profile > Basic

Configuration > Security > Basic >
Authentication Server

4. Deploy the access points and connect them to the same wireless

PoE switch.

System Planning and Deployment Scenarios

30