Home » Netgear Manuals » Wireless » Netgear WC7520-Wireless » Manual Viewer

Netgear WC7520-Wireless Reference Manual - Page 122

Manage Authentication Servers and Authentication Server Groups, Internal authentication server

View all Netgear WC7520-Wireless manuals

Add to My Manuals
Save this manual to your list of manuals

Page 122 highlights

ProSafe 20-AP Wireless Controller WC7520 Manage Authentication Servers and Authentication Server Groups You can specify three types of authentication servers: internal, external RADIUS, and external LDAP: • Internal authentication server. The wireless controller handles authentication. If you use this setting, set up Wi-Fi clients on the User Management screen (see Manage Users, Accounts, and Passwords on page 128.) • External RADIUS server. You can define a basic external RADIUS server that you would typically use in the profiles of a basic profile group of a small-scale network. You need to specify its configuration on the basic Authentication Server screen (see the next section) so that you can select this authentication option during the configuration of a profile. As part of the advanced authentication server settings, you can define multiple external RADIUS servers that you would typically use in a more complex network with many profiles. You can then assign different RADIUS servers to different profiles. By default, the external RADIUS server for the basic authentication group is called basic-Auth. You cannot change this name. By default, the external RADIUS authentication servers for the advanced authentication groups are called Auth1 through Auth8, and you can change these names. You can assign the basic-Auth server to an advanced profile group, and you can assign a RADIUS server of an advanced authentication group to the basic profile group. See the following configuration guidelines for external RADIUS servers: - For configuration guidelines for external MAC authentication, see Guidelines for External MAC Authentication on page 118. - For configuration guidelines for external authentication of captive portal users, see Configure Captive Portal Settings on page 126. • External LDAP server. You can define one external LDAP server (commonly referred to as an Active Directory [AD] server). You need to specify its configuration on the basic Authentication Server screen (see the next section) so that you can select this authentication option during the configuration of a profile. By default, the external LDAP server for the basic authentication group is called basic-LDAP. You cannot change this name, and you cannot configure any LDAP servers for the advanced authentication groups. You can assign the basic-LDAP server to both the basic profile group and to advanced profile groups. All three servers can be active so that the profiles that you set up can be configured to work with different authentication servers. For example, you could set up a guest profile with no authentication, an engineering profile that uses external RADIUS authentication, and a marketing profile that uses external LDAP authentication. The settings that you specify on the Authentication Server screen affect the selections available in the Network Authentication drop-down list and the corresponding Authentication Server field on the Edit Profile screens (see Figure 36 on page 77 and Figure 39 on page 86.) Configuring Network Access and Security 122

Section	Page
ProSafe 20-AP Wireless Controller WC7520	1
Table of Contents	4
1. Introduction and Overview	9
Key Features and Capabilities	9
Package Contents	11
Hardware Features	12
Front Panel Ports and LEDs	12
Rear Panel Features	13
Bottom Panel with Product Label	14
WC7520 Wireless Controller System Components	14
NETGEAR ProSafe Access Points	15
What Can You Do with the WC7520 Wireless Controller?	16
Licenses	18
Maintenance and Support	18
Web Management Interface Layout	19
Initial Connection and Configuration	20
Basic and Advanced Settings	22
Profile Groups	23
Choose a Location for the Wireless Controller	25
Deploy the Wireless Controller	26
2. System Planning and Deployment Scenarios	27
System Planning	27
Preinstallation Planning	27
Before You Configure a Wireless Controller	28
Single Controller Configuration with Basic Profile Group	30
Single Controller Configuration with Advanced Profile Groups	31
Stacked Controller Configuration	32
Management VLAN and Data VLAN Strategies	32
Deployment Scenarios	34
Scenario Example 1: Basic Network with Single VLAN	34
Scenario Example 2: Advanced Network with VLANs and SSIDs	35
Scenario Example 3: Advanced Network with Redundancy	38
3. RF Planning	41
RF Planning Overview	41
Planning Requirements	41
Define and Edit Buildings and Floors	42
Specify Access Point Requirements	45
View and Manage Heat Maps for Deployed Plans	48
4. Access Point Discovery and Management	51
Access Point Discovery and Discovery Guidelines	51
Requirements for Autodiscovery of Local Access Points	51
Requirements for Autodiscovery of Remote Access Points	52
Run the Discovery Wizard	54
Discovery Results	56
Manage the Access Point List	57
Add Access Points to the Managed List after Discovery	57
Edit and Remove Access Point Information	59
5. Configuring Network Settings	63
Configure General Settings	63
Time Management	64
Configure IP and VLAN Settings	65
Management VLANs	66
Untagged VLANs	67
Manage the DHCP Server	67
Manage Certificates	70
Configure Syslog and Alarm Notification Settings	71
Configure Syslog Settings	71
Configure Alarm Notification Settings	72
Configure the Email Notification Server	72
6. Managing Security Profiles and Profile Groups	74
Manage Wireless Security Profiles	74
Small WLAN Networks	75
Larger WLAN Networks	75
Profile Naming Conventions	76
Considerations Before You Configure Profiles	76
Configure Security Profiles for the Basic Profile Group	77
Edit and Remove Profiles from the Basic Profile Group	80
Network Authentication and Data Encryption Options	81
Configure Security Profiles for Advanced Profile Groups	84
Edit and Remove Profiles from an Advanced Profile Group	87
Remove an Advanced Profile Group	87
Manage Basic and Advanced Profile Groups in the WLAN	87
7. Configuring Wireless and QoS Settings	90
About Basic and Advanced Wireless and QoS Configurations	90
Configure the Radio	91
Basic Radio Configuration	91
Advanced Radio Configuration for Profile Groups	92
Configure Wireless Settings	93
Basic Wireless Configuration	93
Advanced Wireless Configuration for Profile Groups	96
Configure Channels	99
Specify RF Management	101
Basic RF Management	102
Advanced RF Management for Profile Groups	104
Configure QoS for Profile Groups	105
Configure Load Balancing	107
Configure Rate Limiting	109
Basic Rate Limiting	109
Advanced Rate Limiting for Profile Groups	110
8. Configuring Network Access and Security	112
About Basic and Advanced Security Configurations	112
Manage Rogue Access Points	113
Configure Basic Rogue Detection Settings	114
Configure Advanced Rogue Detection Settings	116
Manage MAC Authentication and MAC Authentication Groups	117
Guidelines for External MAC Authentication	118
Configure Basic Local MAC Authentication Settings	118
Configure Local MAC Authentication Groups	120
Manage Authentication Servers and Authentication Server Groups	122
Configure Basic Authentication Server Settings	123
Configure RADIUS Authentication Server Groups	125
Manage Guest Network Access	126
Configure Captive Portal Settings	126
Manage Users, Accounts, and Passwords	128
9. Maintaining the Controller	135
Manage the Configuration File	135
Back Up and Restore the Configuration File	135
Upgrade the Configuration File	137
Reboot or Reset the Wireless Controller	139
Reboot Access Points	141
Manage External Storage	141
Manage Remote Access	142
Specify Session Time-Outs	144
View Alerts and Events and Save the Logs	144
Save the Logs	144
View Alerts and Events	145
Manage Licenses	149
View Your Licenses	149
Configure the License Server Settings	150
Register Your Licenses	151
Retrieve Your Licenses	153
10. Managing Stacking and Redundancy	154
Manage Stacking	154
Configure Stacking	155
Controller Selection List	157
Manage Redundancy	158
Single Controller with Redundancy	158
N:1 Redundancy	160
Configure Redundancy	164
11. Monitoring the Wireless Network and Components	167
Monitor the Network	167
View the Network Summary Screen	168
View Network Usage	170
View Wireless Controllers in the Network	171
View Managed Access Points in the Network	172
View Clients in the Network	176
View Security Profiles in the Network	178
Monitor the Wireless Controller	179
View the Wireless Controller Summary Screen	180
View Wireless Controller Usage	182
View Access Points Managed by the Wireless Controller	182
View Clients Managed by the Wireless Controller	184
View Neighboring Clients Detected by the Wireless Controller	184
View Rogue Access Points Detected by the Wireless Controller	185
View Security Profiles Managed by the Wireless Controller	187
View DHCP Leases Provided by the Wireless Controller	188
View Captive Portal Guests and Users Managed by the Wireless Controller	188
Monitor the SSIDs	190
Monitor the Clients	191
View Local Clients	191
View Blacklisted Clients	192
12. Troubleshooting	194
Troubleshoot Basic Functioning	194
Power LED Not On	194
Test LED Never Turns Off	195
LAN Port LEDs Not On	195
Troubleshoot the Web Management Interface	195
Ethernet Cabling	195
IP Address Configuration	195
Internet Browser	196
Troubleshoot a TCP/IP Network Using the Ping Utility	197
Test the LAN Path to Your Wireless Controller	197
Use the Factory Default Button to Restore Default Settings	198
Problems with Date and Time	198
Problems with Access Points	198
Discovery Problems	198
Connection Problems	199
Network Performance and Rogue Access Point Detection	200
Use the Diagnostic Tools on the Wireless Controller	200
A. Factory Default Settings and Technical Specifications	202
B. Notification of Compliance	205

Match case Limit results 1 per page

Configuring Network Access and Security

122

ProSafe 20-AP Wireless Controller WC7520

Manage Authentication Servers and Authentication

Server Groups

You can specify three types of authentication servers: internal, external RADIUS, and

external LDAP:

•

Internal authentication server

. The wireless controller handles authentication. If you

use this setting, set up Wi-Fi clients on the User Management screen (see

Manage

Users, Accounts, and Passwords

on page 128.)

•

External RADIUS server

. You can define a basic external RADIUS server that you would

typically use in the profiles of a basic profile group of a small-scale network. You need to

specify its configuration on the basic Authentication Server screen (see the next section)

so that you can select this authentication option during the configuration of a profile. As

part of the advanced authentication server settings, you can define multiple external

RADIUS servers that you would typically use in a more complex network with many

profiles. You can then assign different RADIUS servers to different profiles.

By default, the external RADIUS server for the basic authentication group is called

basic-Auth. You cannot change this name. By default, the external RADIUS

authentication servers for the advanced authentication groups are called Auth1 through

Auth8, and you

can

change these names. You can assign the basic-Auth server to an

advanced profile group, and you can assign a RADIUS server of an advanced

authentication group to the basic profile group.

See the following configuration guidelines for external RADIUS servers:

For configuration guidelines for external MAC authentication, see

Guidelines for

External MAC Authentication

on page 118.

For configuration guidelines for external authentication of captive portal users, see

Configure Captive Portal Settings

on page 126.

•

External LDAP server

. You can define one external LDAP server (commonly referred to

as an Active Directory [AD] server). You need to specify its configuration on the basic

Authentication Server screen (see the next section) so that you can select this

authentication option during the configuration of a profile.

By default, the external LDAP server for the basic authentication group is called

basic-LDAP. You cannot change this name, and you cannot configure any LDAP servers

for the advanced authentication groups. You can assign the basic-LDAP server to both

the basic profile group and to advanced profile groups.

All three servers can be active so that the profiles that you set up can be configured to work

with different authentication servers. For example, you could set up a guest profile with no

authentication, an engineering profile that uses external RADIUS authentication, and a

marketing profile that uses external LDAP authentication. The settings that you specify on the

Authentication Server screen affect the selections available in the Network Authentication

drop-down list and the corresponding Authentication Server field on the Edit Profile screens

(see

Figure 36

on page 77 and

Figure 39

on page 86.)