Home » Netgear Manuals » Hubs & Switches » Netgear WC7600 » Manual Viewer

Netgear WC7600 Reference Manual - Page 107

Con a RADIUS Authentication Server Group, Apply

Add to My Manuals
Save this manual to your list of manuals

Page 107 highlights

ProSAFE Wireless Controller WC7600 Setting Description Internal Reauthentication Time Authentication (seconds) Server Update Global Key Every (seconds) Specify the time (in seconds) after which reauthentication occurs for all wireless clients. To enable update of the global key: 1. Select the Update Global Key Every (Seconds) check box. 2. Specify the interval (in seconds) after which the global key is updated for all wireless clients. When you use the internal authentication server, set up WiFi clients on the User Management screen. For information, see Manage Users, Accounts, and Passwords on page 150. External Server IP LDAP Server Specify the IP address of the external Active Directory (AD) authentication server. Server Port Specify the port of the external AD server. The default port is 389. User Base DN Specify the user base distinguished name (DN) on the AD server. Workgroup Name Specify the workgroup name on the AD server. Admin Domain Specify the administrative domain on the AD server. Domain Admin User Specify the user name for the administrative domain. Domain Admin Password Specify the password for the administrative domain. Note: For information about password requirements, see Table 11 on page 306. 7. Click the Apply button. For information about how to add an authentication server to a security profile in the basic profile group, see Configure a Profile in the Basic Profile Group on page 86. For information about how to add an authentication server to a security profile in an advanced profile group, see Configure a Profile in an Advanced Profile Group on page 93. Configure a RADIUS Authentication Server Group For greater security flexibility, you can create up to eight external RADIUS servers to authenticate and account for different groups of users. After you have set up these authentication servers, you can assign any of them, including the basic RADIUS server, to any profile, whether in the basic profile group or in an advanced profile group.  To set up a RADIUS authentication server group: 1. Open a web browser. In the browser's address field, type the http:// followed by the IP address that you assigned to the wireless controller. By default, the IP address is 192.168.0.250. If you have not yet assigned another IP address to the wireless controller, type http://192.168.0.250. The wireless controller's login screen displays. Manage Security Profiles and Profile Groups 107

Section	Page
ProSAFE Wireless Controller WC7600	1
1. Introduction	9
Key Features and Capabilities	10
Package Contents	12
Hardware Features	12
Front Panel Ports, Slots, and LEDs	12
Back Panel Features	14
Bottom Panel with Product Label	15
WC7600 Wireless Controller System Components	15
NETGEAR ProSAFE Access Points	16
What Can You Do with the WC7600 Wireless Controller?	18
Licenses	20
Maintenance and Support	20
2. System Planning and Deployment Scenarios	21
Basic and Advanced Setting Concepts	22
Profile Group Concepts	23
Basic Profile	23
Advanced Profile	23
System Planning Concepts	25
Preinstallation Planning	25
Before You Configure a Wireless Controller	25
High-Level Configuration Examples	28
Single Controller Configuration with Basic Profile Group	28
Single Controller Configuration with Advanced Profile Groups	29
Stacked Controller Configuration	30
Management VLAN and Data VLAN Strategies	31
High-Level Deployment Scenarios	33
Scenario Example 1: Network with Single VLAN	33
Scenario Example 2: Advanced Network with VLANs and SSIDs	35
Scenario Example 3: Advanced Network	37
3. RF Planning	41
RF Planning Overview	41
Planning Requirements	41
Define and Edit Buildings and Floors	42
Specify Access Point Requirements	45
View and Manage Heat Maps for Deployed Plans	48
4. Installation and Configuration Overview	51
Connect Your Computer to the Wireless Controller	52
Log In to the Wireless Controller	52
Roadmap for Initial Configuration	54
Roadmap for Configuring Management of Your Wireless Network	55
Choose a Location for the Wireless Controller	57
Deploy the Wireless Controller	58
5. Configure the System and Network Settings and Register the Licenses	59
Configure the General Settings	60
Manage the Time Settings	61
Manage the IP, VLAN, and Link Aggregation Settings	62
Management VLAN Concepts	62
Untagged VLAN Concepts	63
Link Aggregation Concepts	63
Configure the IP, VLAN, and Link Aggregation Settings	63
Manage the DHCP Server	65
Add a DHCP Server	65
Change the Settings for a DHCP Server	68
Remove a DHCP Server	69
Register Your Licenses	70
Configure the License Server Settings	70
Register Your Licenses with the License Server	72
Manage Certificates	74
Configure Log, Syslog, Alarm Notification, and Email Settings	75
Configure Log Settings	75
Configure Syslog Settings	77
Configure Alarm Notification Settings	79
Configure the Email Notification Server	80
6. Manage Security Profiles and Profile Groups	82
Wireless Security Profile Concepts	83
Small WLAN Networks	83
Large WLAN Networks	84
Profile Naming Conventions	84
Considerations Before You Configure Profiles	84
Basic and Advanced Security Configuration Concepts	85
Manage Security Profiles for the Basic Profile Group	86
Configure a Profile in the Basic Profile Group	86
Change the Settings for a Profile in the Basic Profile Group	90
Remove a Profile From the Basic Profile Group	91
Manage Security Profiles for Advanced Profile Groups	91
Add an Advanced Profile Group	91
Remove an Advanced Profile Group	93
Configure a Profile in an Advanced Profile Group	93
Change the Settings for a Profile in an Advanced Profile Group	98
Remove a Profile From an Advanced Profile Group	99
Network Authentication and Data Encryption Options	99
Manage Authentication Servers and Authentication Server Groups	104
Authentication Server Concepts	104
Configure Basic Authentication Server Settings	105
Configure a RADIUS Authentication Server Group	107
Remove a RADIUS Authentication Server Group	109
Manage MAC Authentication and MAC Authentication Groups	109
Guidelines for External MAC Authentication	110
Configure Basic Local MAC Authentication Settings	110
Remove a MAC Address from a Wireless Client List	112
Import a MAC List from a File	112
Configure a Local MAC Authentication Group	113
Remove a Local MAC Authentication Group	115
Select an ACL for a Profile in the Basic Profile Group	115
Select an ACL for a Profile in an Advanced Profile Group	117
7. Discover and Manage Access Points	119
Access Point Discovery Guidelines	120
General Discovery Guidelines	120
Layer 3 Discovery Guidelines	120
Remote Access Point Discovery Guidelines	121
Discover Access Points with the Discovery Wizard	123
Discover Access Points in Factory Default State and Access Points in a Layer 2 Subnet	123
Discover Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks	127
Manage the Managed AP List	131
View the Managed AP List	131
Change Access Point Information on the Managed AP List	133
Remove Access Points from the Managed AP List	136
Assign Access Points to Advanced Profile Groups	137
8. Manage Rogue Access Points, Guest Network Access, and Users	140
Manage Rogue Access Points	141
Rogue Access Point Concepts	141
Configure Basic Rogue Detection Settings	141
Classify Rogue Access Points	142
Import a List of Known Access Points from a File	144
Manage Guest Network Access	145
Portal Concepts	145
Configure a Portal	146
Manage Users, Accounts, and Passwords	150
User and Account Concepts	150
Add a Management User	151
Add a WiFi User	152
Add a Captive Portal Account	154
Add a Captive Portal User	156
Change the Settings for a User or Account	158
Remove a User or Account	159
Export a List of Users or Accounts	160
9. Configure Wireless and QoS Settings	161
Basic and Advanced Wireless and QoS Configuration Concepts	162
Configure the Radio	162
Configure the Radio for the Basic Profile Group	162
Configure the Radio for an Advanced Profile Group	164
Configure Wireless Settings	165
Configure Wireless Settings for the Basic Profile Group	165
Override Channel and Transmission Power in the Basic Profile Group	169
Configure Wireless Settings for an Advanced Profile Group	171
Override Channel and Transmission Power in an Advanced Profile Group	175
Configure Channels	177
Specify Radio Frequency Management	180
Radio Frequency Concepts	180
WLAN Healing Concepts	181
Configure Radio Frequency Management for the Basic Profile Group	181
Configure Radio Frequency Management for an Advanced Profile Group	183
Manage the Preferred Bands	186
Configure the Preferred Band for WNDAP620 Access Points in the Basic Profile Group	186
Configure the Preferred Band for WNDAP620 Access Points in an Advanced Profile Group	187
Manage Quality of Service for an Advanced Profile Group	188
Quality of Service Concepts	188
Configure Quality of Service for a Profile Group	189
Manage Load Balancing	192
Load Balancing Concepts	192
Configure Load Balancing	193
Manage Rate Limiting	194
Rate Limiting Concepts	194
Configure Rate Limiting for the Basic Profile Group	195
Configure Rate Limiting for an Advanced Profile Group	196
10. Maintain the Wireless Controller and Access Points	198
Manage the Configuration File	199
Back Up the Configuration File	199
Restore the Configuration File	200
Upgrade the Firmware	201
Reboot the Wireless Controller	204
Reset the Wireless Controller	205
Manage External Storage	206
Manage Remote Access	207
Specify Session Time-Outs	209
Manage the System Logs	209
Query the System Logs	210
Save the System Logs	212
Clear the System Logs	212
View Alerts and Events	213
View System Alerts	213
View Radio Frequency Events	214
View Load-Balancing Events	215
View Rate-Limit Events	217
View Redundancy Events	218
View Stacking Events	218
Manage Licenses	219
View Your Licenses	220
Retrieve Your Licenses	222
Reboot Access Points	223
Configure Multicast Firmware Upgrade for Access Points	224
Change the Multicast Firmware Upgrade Settings	225
Disable Multicast Firmware Upgrade	226
11. Manage Stacking and Redundancy	227
Stacking Concepts	228
Configure a Stack	230
Remove a Wireless Controller from a Stack	232
Select Which Wireless Controller in a Stack to Configure	233
Manage Redundancy for a Single Controller	237
VRRP Redundancy Concepts	237
Configure a Single Controller with Redundancy	239
Manage a Redundancy Group with N:1 Redundancy	241
VRRP N:1 Redundancy Concepts	241
Configure a Redundancy Group with N:1 Redundancy	244
Change a Redundant Controller	246
Remove a Redundancy Group	247
12. Monitor the Wireless Network and Its Components	248
Monitor the Network	249
View the Network Summary Screen	249
View the Wireless Controllers in the Network	251
View the Access Points in the Network	253
View the Clients in the Network	258
View the Profiles in the Network	262
Monitor the Wireless Controller	264
View the Wireless Controller Summary Screen	264
View Wireless Controller Usage	266
View Access Points that the Wireless Controller Manages	268
View Clients on Access Points that the Wireless Controller Manages	273
View Neighboring Clients that the Wireless Controller Detects	277
View Neighboring Access Points that the Wireless Controller Does Not Manage	279
View Security Profiles That the Wireless Controller Manages	280
View DHCP Leases That Are Provided by the Wireless Controller	282
View Captive Portal Users on Access Points That the Wireless Controller Manages	283
Monitor the SSIDs on the Wireless Controller	285
Monitor Local Clients in the Network	290
13. Troubleshooting	295
Troubleshoot Basic Functioning	296
Power LED Is Not Lit	296
Status LED Never Turns Off	296
Ethernet Port LEDs Are Not Lit	297
Troubleshoot the Web Management Interface	297
Check the Ethernet Cabling	297
Check the IP Address Configuration	297
Check the Internet Browser	298
Troubleshoot a TCP/IP Network Using the Ping Utility	298
Use the Reset Button to Restore Default Settings	299
Resolve Problems with Date and Time	299
Resolve Problems with Access Points	300
Resolve Discovery Problems	300
Resolve Connection Problems	300
Network Performance and Rogue Access Point Detection	301
Use the Diagnostic Tools on the Wireless Controller	301
Ping an Access Point	301
Trace a Route to an Access Point	302
A. Factory Default Settings, Technical Specifications, and Passwords Requirements	304
Factory Default Settings	305
Technical Specifications	305

Match case Limit results 1 per page

Manage Security Profiles and Profile Groups

107

ProSAFE Wireless Controller WC7600

Click the

Apply

button.

For information about how to add an authentication server to a security profile in the basic

profile group, see

Configure a Profile in the Basic Profile Group

on page

86.

For information about how to add an authentication server to a security profile in an

advanced profile group, see

Configure a Profile in an Advanced Profile Group

on page

93.

Configure a RADIUS Authentication Server Group

For greater security flexibility, you can create up to eight external RADIUS servers to

authenticate and account for different groups of users. After you have set up these

authentication servers, you can assign any of them, including the basic RADIUS server, to

any

profile, whether in the basic profile group or in an advanced profile group.



To set up a RADIUS authentication server group:

Open a web browser. In the browser’s address field, type the

http://

followed by the IP

address that you assigned to the wireless controller.

By default, the IP address is 192.168.0.250. If you have not yet assigned another IP

address to the wireless controller, type

http://192.168.0.250

The wireless controller’s login screen displays.

Internal

Authentication

Server

Reauthentication Time

(seconds)

Specify the time (in seconds) after

which reauthentication occurs for all

wireless clients.

When you use the

internal authentication

server, set up WiFi

clients on the User

Management screen. For

information, see

Manage

Users, Accounts, and

Passwords

on page

150.

Update Global Key

Every (seconds)

To enable update of the global key:

Select the

Update Global Key

Every (Seconds)

check box.

Specify the interval (in seconds)

after which the global key is

updated for all wireless clients.

External

LDAP Server

Server IP

Specify the IP address of the external Active Directory (AD)

authentication server.

Server Port

Specify the port of the external AD server.

The default port is

389

User Base DN

Specify the user base distinguished name (DN) on the AD server.

Workgroup Name

Specify the workgroup name on the AD server.

Admin Domain

Specify the administrative domain on the AD server.

Domain Admin User

Specify the user name for the administrative domain.

Domain Admin

Password

Specify the password for the administrative domain.

Note:

For information about password requirements, see

Table

on page

306.

Setting

Description