Home » Netgear Manuals » Wireless » Netgear WC7500-Wireless » Manual Viewer

Netgear WC7500-Wireless User Manual - Page 141

basic-Auth, Auth1, External LDAP server, basic-LDAP, Network Authentication, Authentication, Server

View all Netgear WC7500-Wireless manuals

Add to My Manuals
Save this manual to your list of manuals

Page 141 highlights

ProSAFE Wireless Controller option during the configuration of a profile. As part of the advanced authentication server settings, you can define multiple external RADIUS servers that you would typically use in a more complex network with many profiles. You can then assign different RADIUS servers to different profiles. By default, the external RADIUS server for the basic authentication group is called basic-Auth. You cannot change this name. By default, the external RADIUS authentication servers for the advanced authentication groups are called Auth1 through Auth8, and you can change these names. You can assign the basic-Auth server to an advanced profile group, and you can assign a RADIUS server of an advanced authentication group to the basic profile group. See the following configuration guidelines for external RADIUS servers: - You must add the IP address of the wireless controller as a RADIUS client to the RADIUS server. All managed access points are then automatically known to the RADIUS server. - For configuration guidelines for external MAC authentication, see Guidelines for External MAC Authentication on page 146. - For configuration guidelines for external authentication of captive portal users, see Manage Guest Network Access Through Guest Portals and Captive Portals on page 223. • External LDAP server. You can define one external LDAP server (commonly referred to as an Active Directory [AD] server). You must specify its configuration on the basic Authentication Server page (see Configure Basic Authentication Server Settings on page 142) so that you can select this authentication option during the configuration of a profile. By default, the external LDAP server for the basic authentication group is called basic-LDAP. You cannot change this name, and you cannot configure any LDAP servers for the advanced authentication groups. You can assign the basic-LDAP server to both the basic profile group and to advanced profile groups. All three servers can be active so that the profiles that you set up can be configured to work with different authentication servers. For example, you could set up a guest profile with no authentication, an engineering profile that uses external RADIUS authentication, and a marketing profile that uses external LDAP authentication. Note: For authentication, you can configure and use a single LDAP server only. However, you can configure and use several RADIUS servers. The settings that you specify on the Authentication Server page affect the selections that are available in the Network Authentication menu and the corresponding Authentication Server field on the Edit Profile page. For information about how to configure security profiles, see Configure a Profile in the Basic Profile Group on page 124 and Configure a Profile in an Advanced Profile Group on page 131. Manage Security Profiles and Profile Groups 141

Section	Page
ProSAFE Wireless Controller	1
Contents	3
1. Introduction	11
Models, Key Features, and Capabilities	12
Model WC7500	12
Model WC7600	12
Model WC7600v2	13
Model WC9500	13
Model Scalability and Feature Differences	13
Model Common Features and Capabilities	14
What Can You Do With a Wireless Controller?	15
Licenses	17
Maintenance and Support	17
2. Hardware Descriptions	18
Package Contents	19
Hardware Models WC7500 and WC7600v2	19
WC7500 and WC7600v2 Front Panel Ports and Slots	19
WC7500 and WC7600v2 Back Panel Components	21
WC7500 and WC7600v2 Product Labels	21
Hardware Models WC7600 and WC9500	22
WC7600 and WC9500 Front Panel Ports and Slots	22
WC7600 and WC9500 Back Panel Components	23
WC7600 and WC9500 Product Labels	24
LED Functions (All Models)	25
Wireless Controller System Components	26
Supported NETGEAR Access Points	27
Supported NETGEAR Antennas	30
3. System Planning and Deployment Scenarios	32
Basic and Advanced Setting Concepts	33
Profile Group Concepts	34
Basic Profile	34
Advanced Profile	34
System Planning Concepts	36
Preinstallation Planning	36
Before You Configure a Wireless Controller	36
High-Level Configuration Examples	39
Single Controller Configuration With Basic Profile Group	39
Single Controller Configuration With Advanced Profile Groups	40
Stacked Controller Configuration	41
Management VLAN and Data VLAN Strategies	42
High-Level Deployment Scenarios	44
Scenario Example 1: Network With Single VLAN	44
Scenario Example 2: Advanced Network With VLANs and SSIDs	46
Scenario Example 3: Advanced Network With Redundancy	48
4. RF Planning and Deployment	52
Application, Browser, and Port Requirements for RF Planning	53
RF Planning Overview	53
Planning Requirements	54
Recommended RF Planning Procedure for a Building	56
Manage a Building and Floors for an RF Plan	56
Add a Building and Floors	57
Add a Single Floor to a Building	59
Scale a Floor	60
Add a WiFi Coverage or WiFi Noncoverage Zone to a Floor	61
Remove a WiFi Coverage or Noncoverage Zone From a Floor	62
Add a WiFi Building Obstacle to a Floor	62
Remove a Building Obstacle From a Floor	64
Add a WiFi Obstruction Area	65
Remove a WiFi Obstruction Area	66
Change the Name, Map, or Dimensions of a Floor	66
Change the Name of a Building	67
Duplicate an Entire Building With All Floors	68
Duplicate a Single Floor	68
Remove a Single Floor	69
Remove an Entire Building With All Its Floors	70
Use the WiFi Auto Planning Advisor to Generate an RF Plan for a Floor	70
Manually Add and Manage Access Points on a Floor Map for an RF Plan	76
Manually Add and Manage Antennas on a Floor Map for an RF Plan	79
Display and Recalculate the WiFi Coverage for a Heat Map	83
Display or Change the WiFi Inventory for an RF Plan	84
Download a Report for an RF Plan	87
View the Heat Map for a Deployed Floor Plan	88
5. Installation and Configuration Overview	91
Connect Your Computer to the Wireless Controller	92
Log In to the Wireless Controller	92
Roadmap for Initial Configuration	94
Roadmap for Configuring Management of Your WiFi Network	96
Choose a Location for the Wireless Controller	98
Deploy the Wireless Controller	98
6. Configure the System and Network Settings and Register the Licenses	99
Configure the General Settings	100
Manage the Time Settings	101
Manage the IP, VLAN, and Link Aggregation Settings	102
Management VLAN Concepts	102
Untagged VLAN Concepts	103
Controller Link Aggregation Concepts	103
Configure the IP, VLAN, and Controller Link Aggregation Settings	104
Manage the DHCP Server	106
Add a DHCP Server	106
Change the Settings for a DHCP Server	108
Remove a DHCP Server	109
Register Your Licenses	110
Configure the License Server Settings	110
Register Your Licenses With the License Server	111
Manage Certificates	113
Configure Syslog, Alarm Notification, and Email Settings	114
Configure the Syslog Settings for an Internal Syslog Location	114
Configure the Syslog Settings for an External Syslog Location	116
Configure Alarm Notification Settings	118
Configure the Email Notification Server	119
7. Manage Security Profiles and Profile Groups	120
WiFi Security Profile Concepts	121
Small WLAN Networks	121
Large WLAN Networks	122
Profile Naming Conventions	122
Considerations Before You Configure Profiles	122
Basic and Advanced Security Configuration Concepts	123
Manage Security Profiles for the Basic Profile Group	124
Configure a Profile in the Basic Profile Group	124
Change the Settings for a Profile in the Basic Profile Group	128
Remove a Profile From the Basic Profile Group	129
Manage Security Profiles for Advanced Profile Groups	129
Add an Advanced Profile Group	129
Remove an Advanced Profile Group	131
Configure a Profile in an Advanced Profile Group	131
Change the Settings for a Profile in an Advanced Profile Group	135
Remove a Profile From an Advanced Profile Group	136
Network Authentication and Data Encryption Options	137
Manage Authentication Servers and Authentication Server Groups	140
Authentication Server Concepts	140
Configure Basic Authentication Server Settings	142
Configure a RADIUS Authentication Server Group	144
Remove a RADIUS Authentication Server Group	145
Manage MAC Authentication and MAC Authentication Groups	146
Guidelines for External MAC Authentication	146
Configure Basic Local MAC Authentication Settings	146
Remove a MAC Address From a Wireless Client List	148
Import a MAC List From a File	148
Configure a Local MAC Authentication Group	149
Remove a Local MAC Authentication Group	151
Select an ACL for a Profile in the Basic Profile Group	151
Select an ACL for a Profile in an Advanced Profile Group	152
8. Discover and Manage Access Points	154
Access Point Discovery Guidelines	155
General Discovery Guidelines	155
Layer 3 Discovery Guidelines	155
Remote Access Point Discovery Guidelines	157
Discover Access Points With the Discovery Wizard	159
Discover Access Points in Factory Default State and Access Points in a Layer 2 Subnet	159
Discover Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks	163
Manage the Managed AP List	167
View the Managed AP List	167
Change Access Point Information on the Managed AP List	170
Remove Access Points From the Managed AP List	173
Assign Access Points to Buildings, Floors, and Advanced Profile Groups	174
9. Configure WiFi and QoS Settings	178
Basic and Advanced WiFi and QoS Configuration Concepts	179
Configure the Radio	179
Configure the Radio for the Basic Profile Group	179
Configure the Radio for an Advanced Profile Group	180
Configure WiFi Settings	182
Configure WiFi Settings for the Basic Profile Group	182
Override Channel and Transmission Power in the Basic Profile Group	186
Configure WiFi Settings for an Advanced Profile Group	188
Override Channel and Transmission Power in an Advanced Profile Group	193
Configure Channels	195
Specify Radio Frequency Management	198
Radio Frequency Concepts	198
WLAN Healing Concepts	198
Configure Radio Frequency Management for the Basic Profile Group	199
Configure Radio Frequency Management for an Advanced Profile Group	200
Manage AirQual for a Profile Group	203
AirQual Concepts	203
Configure AirQual for the Basic Profile Group	203
Configure AirQual for an Advanced Profile Group	205
Manage Quality of Service for an Advanced Profile Group	207
Quality of Service Concepts	207
Configure Quality of Service for a Profile Group	208
Manage Load Balancing	210
Load Balancing Concepts	210
Configure Load Balancing	211
Manage Rate Limiting	212
Rate Limiting Concepts	212
Configure Rate Limiting for the Basic Profile Group	213
Configure Rate Limiting for an Advanced Profile Group	214
Manage the LED Behavior	215
Manage the LED Behavior for the Basic Profile Group	215
Manage the LED Behavior for an Advanced Profile Group	216
10. Manage Rogue Access Points, Guest Network Access, and Users	218
Manage Rogue Access Points	219
Rogue Access Point Concepts	219
Configure Basic Rogue Detection Settings	219
Classify Rogue Access Points	220
Import a List of Known Access Points From a File	222
Manage Guest Network Access Through Guest Portals and Captive Portals	223
Portal Concepts	223
Configure a Basic Guest Portal or Captive Portal	224
Configure an Advanced Guest Portal or Captive Portal	229
Remove a Portal	236
Manage Users, Accounts, and Passwords	236
User and Account Concepts	236
Change the Password of the Default admin Account of the Wireless Controller	237
Add a Management User	239
Add a WiFi User	240
Add a Captive Portal Account	241
Add a Logo and Message on Captive Portal User Information	243
Add a Captive Portal User	245
Add Multiple Captive Portal Users Simultaneously	247
Change the Settings for a User or Account	250
Remove Users or Accounts	250
Export a List of Users or Accounts	251
11. Maintain the Wireless Controller and Access Points	253
Manage the Configuration File or Upgrade the Firmware	254
Back Up the Configuration File	254
Restore the Configuration File	255
Upgrade the Firmware	256
Reboot the Wireless Controller	259
Reset the Wireless Controller	259
Manage Extended Storage	260
Manage Remote Access	262
Specify Session Time-Outs	263
Save the Logs	264
Save the System Logs	264
Save and Clear the Logs for an Access Point	265
View Alerts and Events	267
View System Alerts	267
View Radio Frequency Events	268
View Load-Balancing Events	269
View Rate-Limit Events	271
View Redundancy Events	272
View Stacking Events	273
Manage Licenses	274
View Your Licenses	274
Retrieve Your Licenses	276
Reboot Access Points	277
Configure Multicast Firmware Upgrade for Access Points	278
Change the Multicast Firmware Upgrade Settings	278
Disable Multicast Firmware Upgrade	279
12. Manage Stacking and Redundancy	280
Stacking Concepts	281
Configure a Stack of Wireless Controllers	283
Remove a Wireless Controller From a Stack	287
Select Which Wireless Controller in a Stack to Configure	288
Manage Redundancy for a Single Controller	291
VRRP Redundancy Concepts	291
Configure a Single Controller With Redundancy	293
Manage a Redundancy Group With N:1 Redundancy	297
VRRP N:1 Redundancy Concepts	297
Configure a Redundancy Group With N:1 Redundancy	300
Replace a Redundant Controller	305
Remove a Redundancy Group	306
13. Monitor the WiFi Network and Its Components	308
Monitor the Network	309
View the Network Summary Page	309
View the Wireless Controllers in the Network	311
View the Access Points in the Network	313
View the Clients in the Network	318
View the Profiles in the Network	322
Monitor the Wireless Controller	324
View the Wireless Controller Summary Page	324
View Wireless Controller Usage	327
View Access Points That the Wireless Controller Manages	328
View Clients on Access Points That the Wireless Controller Manages	333
View Neighboring Clients That the Wireless Controller Detects	337
View Neighboring Access Points That the Wireless Controller Does Not Manage	339
View Security Profiles That the Wireless Controller Manages	340
View DHCP Leases That Are Provided by the Wireless Controller	342
View Captive Portal Users on Access Points That the Wireless Controller Manages	343
View the Guest Email Address Database for Access Points That the Wireless Controller Manages	345
View AirQual for the Channels in a Profile Group	346
Monitor the SSIDs on the Wireless Controller	348
Monitor Local Clients in the Network	353
Monitor Accepted Clients	353
Monitor Blacklisted Clients	357
14. Troubleshooting and Diagnostics	360
Troubleshoot Basic Functioning	361
Power LED Is Not Lit	361
Status LED Never Turns Off	361
Ethernet Port LEDs Are Not Lit	361
Troubleshoot the Web Management Interface	362
Check the Ethernet Cabling	362
Check the IP Address Configuration	362
Check the Internet Browser	363
Troubleshoot a TCP/IP Network Using the Ping Utility	363
Use the Reset Button to Restore Default Settings	364
Resolve Problems With Date and Time	364
Resolve Network Problems	365
Resolve Problems With Access Points	365
Resolve Discovery Problems	365
Resolve Connection Problems	366
Network Performance and Rogue Access Point Detection	366
Use the Diagnostic Tools on the Wireless Controller	366
Ping an Access Point	367
Trace a Route to an Access Point	368
View the Console Debug Logs of an Access Point	369
Capture WiFi Packets	371
A. Controller-Managed Access Points	374
Overview	375
Change IP Address and VLAN Settings on a Controller-Managed Access Point	376
Reenable the DHCP Client on a Controller-Managed Access Point	377
Upgrade or Change Firmware on a Controller-Managed Access Point	378
Save and View the Logs on a Controller-Managed Access Point	381
Enable Link Aggregation on a WAC740 Access Point	382
Change the Password on an Access Point	383
Convert an Access Point From Controller-Managed to Standalone	385
B. Factory Default Settings, Technical Specifications, and Passwords Requirements	386
Factory Default Settings	387
Technical Specifications Models WC7500 and WC7600v2	387
Technical Specifications Models WC7600 and WC9500	388
Password Requirements	389

Match case Limit results 1 per page

Manage Security Profiles and Profile Groups

141

ProSAFE Wireless Controller

option during the configuration of a profile. As part of the advanced authentication server

settings, you can define multiple external RADIUS servers that you would typically use in

a more complex network with many profiles. You can then assign different RADIUS

servers to different profiles.

By default, the external RADIUS server for the basic authentication group is called

basic-Auth

. You cannot change this name. By default, the external RADIUS

authentication servers for the advanced authentication groups are called

Auth1

through

Auth8

, and you

can

change these names. You can assign the

basic-Auth

server to an

advanced profile group, and you can assign a RADIUS server of an advanced

authentication group to the basic profile group.

See the following configuration guidelines for external RADIUS servers:

You must add the IP address of the wireless controller as a RADIUS client to the

RADIUS server. All managed access points are then automatically known to the

RADIUS server.

For configuration guidelines for external MAC authentication, see

Guidelines for

External MAC Authentication

on page 146.

For configuration guidelines for external authentication of captive portal users, see

Manage Guest Network Access Through Guest Portals and Captive Portals

page 223.

•

External LDAP server

. You can define one external LDAP server (commonly referred to

as an Active Directory [AD] server). You must specify its configuration on the basic

Authentication Server page (see

Configure Basic Authentication Server Settings

page 142) so that you can select this authentication option during the configuration of a

profile.

By default, the external LDAP server for the basic authentication group is called

basic-LDAP

. You cannot change this name, and you cannot configure any LDAP servers

for the advanced authentication groups. You can assign the

basic-LDAP

server to both

the basic profile group and to advanced profile groups.

All three servers can be active so that the profiles that you set up can be configured to work

with different authentication servers. For example, you could set up a guest profile with no

authentication, an engineering profile that uses external RADIUS authentication, and a

marketing profile that uses external LDAP authentication.

Note:

For authentication, you can configure and use a single LDAP server

only. However, you can configure and use several RADIUS servers.

The settings that you specify on the Authentication Server page affect the selections that are

available in the

Network Authentication

menu and the corresponding

Authentication

Server

field on the Edit Profile page. For information about how to configure security profiles,

see

Configure a Profile in the Basic Profile Group

on page 124 and

Configure a Profile in an

Advanced Profile Group

on page 131.