Home » Netgear Manuals » Hubs & Switches » Netgear WC7600 » Manual Viewer

Netgear WC7600 Reference Manual - Page 141

Manage Rogue Access Points, Rogue Access Point Concepts, Con Basic Rogue Detection Settings

Add to My Manuals
Save this manual to your list of manuals

Page 141 highlights

ProSAFE Wireless Controller WC7600 Manage Rogue Access Points The wireless controller can detect rogue access points in your network, you can classify the detected rogue access points, and you can import a list of known access points. Rogue Access Point Concepts Rogue access point detection is disabled by default on the wireless controller. If you want to detect rogue access points, you must enable rogue access point detection. Scanning might affect the service availability of the access point temporarily. An access point is defined as rogue if: • The access point's radio basic service set identifier (BSSID) is detected by any of the managed access points. • The access point transmits on the Ethernet side on the same Layer 2 as the managed access points. • At least one client is connected to the access point. Any unmanaged access point not meeting all these conditions is classified as a neighbor. The access points transmit broadcast frames on the Ethernet during the time access point radios are off-channel (and scanning). The wireless controller can detect and maintain a maximum of 512 access points, both neighboring and rogue access points. Note: If enabled, basic rogue AP detection and advanced rogue AP detection apply to all profiles, whether in the basic profile group or in any of the advanced profile groups. Configure Basic Rogue Detection Settings In a basic setup, you can set up one detection server. In an advanced setup you can create multiple detection servers (for more information, see Classify Rogue Access Points on page 142).  To set up a server to detect rogue access points: 1. Open a web browser. In the browser's address field, type the http:// followed by the IP address that you assigned to the wireless controller. By default, the IP address is 192.168.0.250. If you have not yet assigned another IP address to the wireless controller, type http://192.168.0.250. The wireless controller's login screen displays. 2. Enter your user name and password. Manage Rogue Access Points, Guest Network Access, and Users 141

Section	Page
ProSAFE Wireless Controller WC7600	1
1. Introduction	9
Key Features and Capabilities	10
Package Contents	12
Hardware Features	12
Front Panel Ports, Slots, and LEDs	12
Back Panel Features	14
Bottom Panel with Product Label	15
WC7600 Wireless Controller System Components	15
NETGEAR ProSAFE Access Points	16
What Can You Do with the WC7600 Wireless Controller?	18
Licenses	20
Maintenance and Support	20
2. System Planning and Deployment Scenarios	21
Basic and Advanced Setting Concepts	22
Profile Group Concepts	23
Basic Profile	23
Advanced Profile	23
System Planning Concepts	25
Preinstallation Planning	25
Before You Configure a Wireless Controller	25
High-Level Configuration Examples	28
Single Controller Configuration with Basic Profile Group	28
Single Controller Configuration with Advanced Profile Groups	29
Stacked Controller Configuration	30
Management VLAN and Data VLAN Strategies	31
High-Level Deployment Scenarios	33
Scenario Example 1: Network with Single VLAN	33
Scenario Example 2: Advanced Network with VLANs and SSIDs	35
Scenario Example 3: Advanced Network	37
3. RF Planning	41
RF Planning Overview	41
Planning Requirements	41
Define and Edit Buildings and Floors	42
Specify Access Point Requirements	45
View and Manage Heat Maps for Deployed Plans	48
4. Installation and Configuration Overview	51
Connect Your Computer to the Wireless Controller	52
Log In to the Wireless Controller	52
Roadmap for Initial Configuration	54
Roadmap for Configuring Management of Your Wireless Network	55
Choose a Location for the Wireless Controller	57
Deploy the Wireless Controller	58
5. Configure the System and Network Settings and Register the Licenses	59
Configure the General Settings	60
Manage the Time Settings	61
Manage the IP, VLAN, and Link Aggregation Settings	62
Management VLAN Concepts	62
Untagged VLAN Concepts	63
Link Aggregation Concepts	63
Configure the IP, VLAN, and Link Aggregation Settings	63
Manage the DHCP Server	65
Add a DHCP Server	65
Change the Settings for a DHCP Server	68
Remove a DHCP Server	69
Register Your Licenses	70
Configure the License Server Settings	70
Register Your Licenses with the License Server	72
Manage Certificates	74
Configure Log, Syslog, Alarm Notification, and Email Settings	75
Configure Log Settings	75
Configure Syslog Settings	77
Configure Alarm Notification Settings	79
Configure the Email Notification Server	80
6. Manage Security Profiles and Profile Groups	82
Wireless Security Profile Concepts	83
Small WLAN Networks	83
Large WLAN Networks	84
Profile Naming Conventions	84
Considerations Before You Configure Profiles	84
Basic and Advanced Security Configuration Concepts	85
Manage Security Profiles for the Basic Profile Group	86
Configure a Profile in the Basic Profile Group	86
Change the Settings for a Profile in the Basic Profile Group	90
Remove a Profile From the Basic Profile Group	91
Manage Security Profiles for Advanced Profile Groups	91
Add an Advanced Profile Group	91
Remove an Advanced Profile Group	93
Configure a Profile in an Advanced Profile Group	93
Change the Settings for a Profile in an Advanced Profile Group	98
Remove a Profile From an Advanced Profile Group	99
Network Authentication and Data Encryption Options	99
Manage Authentication Servers and Authentication Server Groups	104
Authentication Server Concepts	104
Configure Basic Authentication Server Settings	105
Configure a RADIUS Authentication Server Group	107
Remove a RADIUS Authentication Server Group	109
Manage MAC Authentication and MAC Authentication Groups	109
Guidelines for External MAC Authentication	110
Configure Basic Local MAC Authentication Settings	110
Remove a MAC Address from a Wireless Client List	112
Import a MAC List from a File	112
Configure a Local MAC Authentication Group	113
Remove a Local MAC Authentication Group	115
Select an ACL for a Profile in the Basic Profile Group	115
Select an ACL for a Profile in an Advanced Profile Group	117
7. Discover and Manage Access Points	119
Access Point Discovery Guidelines	120
General Discovery Guidelines	120
Layer 3 Discovery Guidelines	120
Remote Access Point Discovery Guidelines	121
Discover Access Points with the Discovery Wizard	123
Discover Access Points in Factory Default State and Access Points in a Layer 2 Subnet	123
Discover Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks	127
Manage the Managed AP List	131
View the Managed AP List	131
Change Access Point Information on the Managed AP List	133
Remove Access Points from the Managed AP List	136
Assign Access Points to Advanced Profile Groups	137
8. Manage Rogue Access Points, Guest Network Access, and Users	140
Manage Rogue Access Points	141
Rogue Access Point Concepts	141
Configure Basic Rogue Detection Settings	141
Classify Rogue Access Points	142
Import a List of Known Access Points from a File	144
Manage Guest Network Access	145
Portal Concepts	145
Configure a Portal	146
Manage Users, Accounts, and Passwords	150
User and Account Concepts	150
Add a Management User	151
Add a WiFi User	152
Add a Captive Portal Account	154
Add a Captive Portal User	156
Change the Settings for a User or Account	158
Remove a User or Account	159
Export a List of Users or Accounts	160
9. Configure Wireless and QoS Settings	161
Basic and Advanced Wireless and QoS Configuration Concepts	162
Configure the Radio	162
Configure the Radio for the Basic Profile Group	162
Configure the Radio for an Advanced Profile Group	164
Configure Wireless Settings	165
Configure Wireless Settings for the Basic Profile Group	165
Override Channel and Transmission Power in the Basic Profile Group	169
Configure Wireless Settings for an Advanced Profile Group	171
Override Channel and Transmission Power in an Advanced Profile Group	175
Configure Channels	177
Specify Radio Frequency Management	180
Radio Frequency Concepts	180
WLAN Healing Concepts	181
Configure Radio Frequency Management for the Basic Profile Group	181
Configure Radio Frequency Management for an Advanced Profile Group	183
Manage the Preferred Bands	186
Configure the Preferred Band for WNDAP620 Access Points in the Basic Profile Group	186
Configure the Preferred Band for WNDAP620 Access Points in an Advanced Profile Group	187
Manage Quality of Service for an Advanced Profile Group	188
Quality of Service Concepts	188
Configure Quality of Service for a Profile Group	189
Manage Load Balancing	192
Load Balancing Concepts	192
Configure Load Balancing	193
Manage Rate Limiting	194
Rate Limiting Concepts	194
Configure Rate Limiting for the Basic Profile Group	195
Configure Rate Limiting for an Advanced Profile Group	196
10. Maintain the Wireless Controller and Access Points	198
Manage the Configuration File	199
Back Up the Configuration File	199
Restore the Configuration File	200
Upgrade the Firmware	201
Reboot the Wireless Controller	204
Reset the Wireless Controller	205
Manage External Storage	206
Manage Remote Access	207
Specify Session Time-Outs	209
Manage the System Logs	209
Query the System Logs	210
Save the System Logs	212
Clear the System Logs	212
View Alerts and Events	213
View System Alerts	213
View Radio Frequency Events	214
View Load-Balancing Events	215
View Rate-Limit Events	217
View Redundancy Events	218
View Stacking Events	218
Manage Licenses	219
View Your Licenses	220
Retrieve Your Licenses	222
Reboot Access Points	223
Configure Multicast Firmware Upgrade for Access Points	224
Change the Multicast Firmware Upgrade Settings	225
Disable Multicast Firmware Upgrade	226
11. Manage Stacking and Redundancy	227
Stacking Concepts	228
Configure a Stack	230
Remove a Wireless Controller from a Stack	232
Select Which Wireless Controller in a Stack to Configure	233
Manage Redundancy for a Single Controller	237
VRRP Redundancy Concepts	237
Configure a Single Controller with Redundancy	239
Manage a Redundancy Group with N:1 Redundancy	241
VRRP N:1 Redundancy Concepts	241
Configure a Redundancy Group with N:1 Redundancy	244
Change a Redundant Controller	246
Remove a Redundancy Group	247
12. Monitor the Wireless Network and Its Components	248
Monitor the Network	249
View the Network Summary Screen	249
View the Wireless Controllers in the Network	251
View the Access Points in the Network	253
View the Clients in the Network	258
View the Profiles in the Network	262
Monitor the Wireless Controller	264
View the Wireless Controller Summary Screen	264
View Wireless Controller Usage	266
View Access Points that the Wireless Controller Manages	268
View Clients on Access Points that the Wireless Controller Manages	273
View Neighboring Clients that the Wireless Controller Detects	277
View Neighboring Access Points that the Wireless Controller Does Not Manage	279
View Security Profiles That the Wireless Controller Manages	280
View DHCP Leases That Are Provided by the Wireless Controller	282
View Captive Portal Users on Access Points That the Wireless Controller Manages	283
Monitor the SSIDs on the Wireless Controller	285
Monitor Local Clients in the Network	290
13. Troubleshooting	295
Troubleshoot Basic Functioning	296
Power LED Is Not Lit	296
Status LED Never Turns Off	296
Ethernet Port LEDs Are Not Lit	297
Troubleshoot the Web Management Interface	297
Check the Ethernet Cabling	297
Check the IP Address Configuration	297
Check the Internet Browser	298
Troubleshoot a TCP/IP Network Using the Ping Utility	298
Use the Reset Button to Restore Default Settings	299
Resolve Problems with Date and Time	299
Resolve Problems with Access Points	300
Resolve Discovery Problems	300
Resolve Connection Problems	300
Network Performance and Rogue Access Point Detection	301
Use the Diagnostic Tools on the Wireless Controller	301
Ping an Access Point	301
Trace a Route to an Access Point	302
A. Factory Default Settings, Technical Specifications, and Passwords Requirements	304
Factory Default Settings	305
Technical Specifications	305

Match case Limit results 1 per page

Manage Rogue Access Points, Guest Network Access, and Users

141

ProSAFE Wireless Controller WC7600

Manage Rogue Access Points

The wireless controller can detect rogue access points in your network, you can classify the

detected rogue access points, and you can import a list of known access points.

Rogue Access Point Concepts

Rogue access point detection is disabled by default on the wireless controller. If you want to

detect rogue access points, you must enable rogue access point detection. Scanning might

affect the service availability of the access point temporarily.

An access point is defined as rogue if:

•

The access point’s radio basic service set identifier (BSSID) is detected by any of the

managed access points.

•

The access point transmits on the Ethernet side on the same Layer 2 as the managed

access points.

•

At least one client is connected to the access point.

Any unmanaged access point not meeting all these conditions is classified as a neighbor.

The access points transmit broadcast frames on the Ethernet during the time access point

radios are off-channel (and scanning).

The wireless controller can detect and maintain a maximum of 512 access points, both

neighboring and rogue access points.

Note:

If enabled, basic rogue AP detection and advanced rogue AP

detection apply to all profiles, whether in the basic profile group or in

any of the advanced profile groups.

Configure Basic Rogue Detection Settings

In a basic setup, you can set up one detection server. In an advanced setup you can create

multiple detection servers (for more information, see

Classify Rogue Access Points

page

142).



To set up a server to detect rogue access points:

Open a web browser. In the browser’s address field, type the

http://

followed by the IP

address that you assigned to the wireless controller.

By default, the IP address is 192.168.0.250. If you have not yet assigned another IP

address to the wireless controller, type

http://192.168.0.250

The wireless controller’s login screen displays.

Enter your user name and password.