Netgear WFS709TP Reference Manual
WFS709TP – Case Scenario: Wireless deployment for a Corporate and Public
network
This document describes the activities undertaken to deploy a Wireless solution using the Wireless
Controller WFS709TP and multiple Lightweight Access Points (WGL102).
The description will encompass how to create an environment with multiple SSIDs, with VLAN
separation, VLAN routing and DHCP enabled for each VLAN to serve the Wireless clients with the
relevant TCP/IP settings.
NOTE:
To ensure the configuration changes are retained in case of Power cycles please ensure
that the configuration is saved at all time using the tab.
Table of Contents
Section 1 – Initial Setup ................................................................................................................. 2
Physical Setup ............................................................................................................................ 2
Logical setup ............................................................................................................................... 2
Initial configuration ...................................................................................................................... 4
Creating a new SSID .............................................................................................................. 5
Create a new VLAN ................................................................................................................ 8
Configure the IP address (IP Interface of a VLAN) and Enable it ..................................... 10
Configure trunk port on L2/L3 Switch .................................................................................. 11
WFS709TP trunk port configuration .................................................................................... 13
Performed testing .................................................................................................................. 13
Section 2 - RF Plan & provisioning Access Points .................................................................... 14
Section 3 – Captive Portal ........................................................................................................... 22
IAS Server Configuration ......................................................................................................... 22
WFS709TP Configuration ........................................................................................................ 23
Testing Performed .................................................................................................................... 24
Useful procedures......................................................................................................................... 25
Section 1 – Initial Setup
Physical Setup
VLAN1: Ports 1/0 – 4
Connected to the Corporate network via Trunk to a Layer2/Layer3 switch (in the
Diagram below a Netgear Layer 2/Layer 3 switch)
VLAN2: Port 1/5
Connected to the Public via a Trunk to a Layer 2/Layer 3 switch
VLAN100:
Separate the APs traffic from the rest of the network
Logical setup
APs Wireless Configuration
VLAN1: SSID = Corporate
Authentication WPA-PSK
VLAN2: SSID = Public
Authentication Captive Portal (Internal Database)
Wireless Controller Configuration:
VLAN1: 10.35.1.200 DHCP 10.35.1.0/24
VLAN2: 192.168.100.1 DHCP 192.168.100.0/24
VLAN100: 172.16.0.1 DHCP 172.16.0.0/24
Port: VLAN1 VLAN2 VLAN100 U = Untagged T= Tagged
1/0 U
1/1 U
1/2 U
1/3 U
1/4 U
1/5 U
1/6 U
1/7 U
Gig 1/8 T T
1.2.1
1.2.61.2.51.2.4
1.2.31.2.2
POE Switch
Wireless Controller config:
VLAN1: 10.35.1.200 DHCP 10.35.1.0/24
VLAN2: 192.168.100.1 DHCP 192.168.100.0/24
VLAN100: 172.16.0.1 DHCP 172.16.0.0/24
Port: VLAN1 VLAN2 VLAN100
1/0 U
1/1 U
1/2 U
1/3 U
1/4 U
1/5 U
1/6 U
1/7 U
Gig 1/8 T T
POE Switch
APs Wireless configuration
VLAN1 : SSID = Corporate
Authentication WPA-PSK
VLAN2 : SSID = Public
Authentication Captive Portal (Internal DataBase)
Corporate
Public
Trunk (VLAN1, VLAN2)
Layer 2/ Layer 3 switch
To Corporate Network – VLAN 1
To Public Network – VLAN 2
WFS709TP
Initial configuration
When connecting the first time to the unit via the Web Interface (default IP address 192.168.0.250)
the User is presented with the following page:
The default configuration can be kept or changes can be made to suit the local LAN setup.
In this scenario the unit will be connected to a Corporate network via VLAN1 which is also retained as
the management VLAN.
Hit the Save & Reboot button is and the unit will Reboot.
The next picture shows the Network summary, after reconnecting to the unit Web Interface upon its
reboot.
Creating a new SSID
To create a new SSID access Configuration - Basic - WLAN.
In the two pictures below and as described in the Physical setup section, two SSIDs will be created:
- Corporate, with WPA-PSK authentication (Password = 12345678 )
- Public , with Captive Portal (Web) authentication against the WFS709TP internal database
To create Users in the Internal Database, click on Show Internal Database – Add User to add a New
user:
The example shows the creation of the Portal_Test user:
Create a new VLAN
VLAN 1 is the default VLAN for the WFS709TP – by default all the ports (Fa1/0-7, Gig 1/8) are
members of VLAN1 – therefore access to the Controller Web Interface can take place connecting to
any of the ports.
To create a new VLAN, access the menu via Configuration – Basic - Network – VLAN.
This menu will allow creation of the VLAN, but the IP address assigned to the VLAN and the VLAN
Port membership will require to be setup separately.
To combine the setup of all the above settings please use the menu Configuration – Advanced –
Controller – VLAN as in the examples below.
The example shows how to create VLAN 100 and configure Port 0/6 and 0/7 to be part of the VLAN.
The result after apply the changes to both VLANs will be the following:
Loading...