Home » Netgear Manuals » Wireless » Netgear WC7520 » Manual Viewer

Netgear WC7520 WC7520 Reference Manual - Page 24

DHCP Server, Client Authentication and Data Encryption, Client VLANs - radius

UPC - 606449072969

Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

ProSafe 20-AP Wireless Controller WC7520 Reference Manual Client VLANs Each authenticated wireless user is placed into a VLAN that determines the user's DHCP server, IP address, and layer 2 connection. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile, the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources. For example, you might place authorized employee users into one VLAN and itinerant users, such as contractors or guests, into a separate VLAN. To use different VLANs, you must create different security profiles. For information about how to configure regular VLANs, see Managing Wireless Security Profiles on page 83. DHCP Server The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it. You can add up to 64 DHCP server pools, each assigned to a different VLAN. Client Authentication and Data Encryption A user must authenticate to the WLAN to be able to access WLAN resources. The wireless controller supports several types of security methods, including those that require an external RADIUS or LDAP authentication server. The encryption option that you can select depends upon the authentication method that you have selected. The following table lists the authentication methods available, with their corresponding encryption options. Table 2. Authentication and Encryption Options Authentication Method Open system Shared Key Legacy 802.1x WPA-PSK WPA2-PSK WPA-PSK and WPA2-PSK WPA WPA2 WPA and WPA2 Encryption Option 64-bit, 128-bit, or 152-bit WEP 64-bit, 128-bit, or 152-bit WEP WEP TKIP or TKIP+AES AES or TKIP+AES TKIP+AES TKIP or TKIP+AES AES or TKIP+AES TKIP+AES Authentication Server None None Internal authentication server or external RADIUS server None None None Internal authentication server, external RADIUS server, or external AD server Internal authentication server, external RADIUS server, or external AD server Internal authentication server, external RADIUS server, or external AD server For information about how to configure client authentication and data encryption, see Managing Wireless Security Profiles on page 83. Chapter 2: System Planning and Deployment Scenarios | 24

Section	Page
ProSafe 20-AP Wireless Controller WC7520	1
Table of Contents	3
1. Introduction and Overview	7
Key Features and Capabilities	7
Package Contents	9
Hardware Features	10
Front Panel Ports and LEDs	10
Rear Panel Features	11
Bottom Panel With Product Label	12
WC7520 Wireless Controller System Components	12
NETGEAR ProSafe Access Points: WNAP210 and WNDAP350	13
What Can You Do With the WC7520 Wireless Controller?	13
Licenses	15
Maintenance and Support	16
Understanding the Web Management Interface Menu Layout	16
Initial Connection and Configuration	17
Understanding Basic and Advanced Settings	19
Choosing a Location for the Wireless Controller	21
Deploying the Wireless Controller	21
2. System Planning and Deployment Scenarios	22
System Planning	22
Pre-Installation Planning	22
Before You Configure a Wireless Controller	23
Single Controller Configuration with Basic Profile Group	25
Single Controller Configuration with Access Point Groups	26
Stacked Controller Configuration	27
Management VLAN and Data VLAN Strategies	27
Deployment Scenarios	29
Scenario Example 1: Basic Network with Single VLAN	29
Scenario Example 2: Advanced Network with VLANs and SSIDs	31
Scenario Example 3: Advanced Network With Redundancy	33
3. RF Planning	36
RF Planning Overview	36
Planning Requirements	37
Defining and Editing Buildings and Floors	38
Specifying Access Point Requirements	40
Viewing and Managing Heat Maps for Deployed Plans	42
4. Access Point Discovery and Management	46
Access Point Discovery	46
Requirements for Auto Discovery	46
Using the Discovery Wizard	47
Understanding the Discovery Results	49
Managing the Access Point List	50
Adding Access Points to the Managed List After Discovery	50
Editing Access Point Information	51
5. Configuring Network Settings	54
Configuring General Settings	54
Time Management	56
Configuring IP and VLAN Settings	57
Management VLANs	58
Untagged VLANs	58
Managing the DHCP Server	59
Managing Certificates	60
Configuring Syslog and Alarm Notification Settings	61
Configuring Syslog Settings	61
Configuring Alarm Notification Settings	62
Configuring the Email Notification Server	63
6. Managing Access Point Groups	65
Configuring Access Point Groups	65
Managing Access Point Groups in the WLAN	66
7. Configuring Wireless Settings	68
Configuring the Radio	69
Basic Radio Configuration	69
Advanced Radio Configuration for Access Point Groups	69
Configuring Wireless Settings	70
Basic Wireless Configuration	71
Advanced Wireless Configuration for Access Point Groups	72
Configuring Channels	73
Specifying RF Management	75
Basic RF Management	76
Advanced RF Management for Access Point Groups	77
Configuring QoS for Access Point Groups	78
Configuring Load Balancing	79
Configuring Rate Limiting	81
Basic Rate Limiting	81
Advanced Rate Limiting for Access Point Groups	82
8. Configuring Security and Wireless Security Profiles	83
Managing Wireless Security Profiles	83
Small-Scale WLAN Networks	84
Larger Deployments	84
Configuring Basic Security Profiles	85
Configuring Advanced Security Profiles for Access Point Groups	87
Managing Rogue Access Points	89
Configuring Basic Rogue Detection Settings	89
Configuring Advanced Rogue Detection Settings	90
Managing MAC Authentication and MAC Authentication Groups	92
Configuring Basic MAC Authentication Settings	93
Configuring MAC Authentication Settings for Groups	94
Managing Authentication Servers and Authentication Server Groups	95
Configuring Basic Authentication Server Settings	96
Configuring Advanced Authentication Server Settings for Groups	97
Managing Guest Network Access	98
Configuring Captive Portal Settings	98
Managing Users and Passwords	100
9. Maintaining the Controller	101
Managing the Configuration File	101
Backing Up and Restoring the Configuration File	102
Upgrading the Configuration File	103
Rebooting or Resetting the Wireless Controller	105
Rebooting Access Points	107
Managing External Storage	107
Managing Remote Access	108
Specifying Session Timeouts	110
Viewing Alerts and Events and Saving Logs	110
Saving Logs	111
Viewing Alerts and Events	111
Managing Licenses	115
Viewing Your Licenses	116
Configuring the License Server Settings	117
Registering Your Licenses	118
10. Managing Stacking and Redundancy	119
Managing Stacking	119
Configuring Stacking	120
Controller Selection Menu	121
Managing Redundancy	121
Configuring Redundancy	122
11. Monitoring the Wireless Network and Components	124
Monitoring the Network	124
Viewing the Network Summary Screen	125
Viewing Network Usage	126
Viewing Wireless Controllers in the Network	127
Viewing Managed Access Points in the Network	127
Viewing Clients in the Network	131
Viewing Security Profiles in the Network	133
Monitoring the Wireless Controller	134
Viewing the Wireless Controller Summary Screens	135
Viewing Wireless Controller Usage	136
Viewing Access Points Managed by the Wireless Controller	137
Viewing Clients Managed by the Wireless Controller	137
Viewing Rogue Access Points Managed by the Wireless Controller	138
Viewing Security Profiles Managed by the Wireless Controller	139
Viewing DHCP Leases Provided by the Wireless Controller	140
Viewing Captive Portal Users Managed by the Wireless Controller	141
Monitoring the SSIDs	141
Monitoring the Clients	142
Viewing Local Clients	142
Viewing Blacklisted Clients	143
12. Troubleshooting	144
Troubleshooting Basic Functioning	144
Power LED Not On	144
Test LED Never Turns Off	145
LAN Port LEDs Not On	145
Troubleshooting the Web Management Interface	145
Ethernet Cabling	145
IP Address Configuration	145
Internet Browser	146
When You Enter a URL or IP Address a Time-out Error Occurs	147
Troubleshooting a TCP/IP Network Using the Ping Utility	147
Testing the LAN Path to Your Wireless Controller	147
Using the Reset Button to Restore Factory Default Settings	148
Problems with Date and Time	148
Problems With Access Points	149
Using the Diagnostic Tools on the Wireless Controller	149
A. Factory Default Settings and Technical Specifications	152
B. Notification of Compliance	154

Match case Limit results 1 per page

Chapter 2:

System Planning and Deployment Scenarios

ProSafe 20-AP Wireless Controller WC7520 Reference Manual

Client VLANs

Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP

server, IP address, and layer 2 connection. Although you could place all authenticated

wireless users into the single VLAN that is specified in the basic security profile, the wireless

controller allows you to group wireless users into separate VLANs based on the wireless

SSID to differentiate access to network resources. For example, you might place authorized

employee users into one VLAN and itinerant users, such as contractors or guests, into a

separate VLAN. To use different VLANs, you must create different security profiles.

For information about how to configure regular VLANs, see

Managing Wireless Security

Profiles

on page 83.

DHCP Server

The wireless controller can function as a DHCP server and assign IP addresses to both

wireless and wired devices that are connected to it. You can add up to 64 DHCP server

pools, each assigned to a different VLAN.

Client Authentication and Data Encryption

A user must authenticate to the WLAN to be able to access WLAN resources. The wireless

controller supports several types of security methods, including those that require an external

RADIUS or LDAP authentication server.

The encryption option that you can select depends upon the authentication method that you

have selected. The following table lists the authentication methods available, with their

corresponding encryption options.

For information about how to configure client authentication and data encryption, see

Managing Wireless Security Profiles

on page 83.

Table 2.

Authentication and Encryption Options

Authentication Method

Encryption Option

Authentication Server

Open system

64-bit, 128-bit, or 152-bit WEP

None

Shared Key

64-bit, 128-bit, or 152-bit WEP

None

Legacy 802.1x

WEP

Internal authentication server or

external RADIUS server

WPA-PSK

TKIP or TKIP+AES

None

WPA2-PSK

AES or TKIP+AES

None

WPA-PSK and WPA2-PSK

TKIP+AES

None

WPA

TKIP or TKIP+AES

Internal authentication server, external

RADIUS server, or external AD server

WPA2

AES or TKIP+AES

Internal authentication server, external

RADIUS server, or external AD server

WPA and WPA2

TKIP+AES

Internal authentication server, external

RADIUS server, or external AD server