Home » Netgear Manuals » Wireless » Netgear WAC730-Business » Manual Viewer

Netgear WAC730-Business User Manual - Page 38

WiFi Security Profiles

View all Netgear WAC730-Business manuals

Add to My Manuals
Save this manual to your list of manuals

Page 38 highlights

Dual-Band Wireless AC Access Point WAC720 and WAC730 User Manual • WPA2 with RADIUS. Wi-Fi Protected Access version 2 (WPA2) with a RADIUS server provides the most reliable security with Advanced Encryption Standard (AES) encryption. This very strong authentication along with dynamic per-frame rekeying of WPA2 makes it virtually impossible to compromise. WPA2 uses RADIUS-based 802.1x authentication. For more information, see Configure and Enable WiFi Security Profiles on page 39. and About WPA2 With RADIUS and WPA & WPA2 With RADIUS on page 47 • WPA-PSK & WPA2-PSK mixed mode. This mode provides reliable security for both WPA-PSK and WPA2-PSK clients. Encryption is supported with the TKIP + AES mode. WPA-PSK & WPA2-PSK uses a pre-shared key (PSK) for authentication; for more information, see Configure and Enable WiFi Security Profiles on page 39 and About WPA2-PSK and WPA-PSK & WPA2-PSK on page 46. • WPA & WPA2 mixed mode with RADIUS. This mode provides reliable security for both WPA and WPA2 clients and a RADIUS server. Encryption is supported with the TKIP + AES mode. WPA & WPA2 uses RADIUS-based 802.1x authentication. For more information, see Configure and Enable WiFi Security Profiles on page 39 and About WPA2 With RADIUS and WPA & WPA2 With RADIUS on page 47. WiFi Security Profiles WiFi security profiles, simply referred to as security profiles, let you configure unique security settings for each SSID on each radio of the access point. For each radio, the access point supports up to 8 WiFi security profiles (BSSIDs). That means that you can configure 16 security profiles with custom settings (see Configure and Enable WiFi Security Profiles on page 39). To set up a security profile, select its network authentication type, data encryption, WiFi client security separation, and VLAN ID: • Network authentication. The access point is set by default as an open system with no authentication. When you configure network authentication, bear in mind that some legacy WiFi devices do not support WPA2. If your network includes computers with legacy WiFi devices, configure WPA & WPA2 mixed mode. For information about the types of network authentication that the access point supports, see Configure and Enable WiFi Security Profiles on page 39. • Data encryption. Select the data encryption that you want to use. The available options depend on the network authentication setting (otherwise, data encryption is disabled by default). The data encryption settings are explained in Configure and Enable WiFi Security Profiles on page 39. • WiFi client security separation. If this feature is enabled, the associated WiFi clients (using the same SSID) are not able to communicate with 1each other. This feature is useful for hotspots and other public access situations. By default, WiFi client separation is disabled. For more information, see Configure and Enable WiFi Security Profiles on page 39. • VLAN ID. If this feature is enabled and if the network devices (hubs and switches) on your LAN support the VLAN (802.1Q) standard, the default VLAN ID for the access point is associated with each profile. The default VLAN ID must match the IDs that are used by the other network devices. For more information, see Configure and Enable WiFi Security Profiles on page 39. Configure the WiFi Features and Security 38

Section	Page
Contents	4
1. Introduction and Hardware Overview	8
Unpack Your Access Point	9
Top Panel	9
Rear Panel	10
Access Point Label	11
2. Initial Setup	12
What You Need Before You Begin	13
System Requirements	13
WiFi Equipment Placement and Range Guidelines	13
Ethernet Cabling Requirements	14
LAN Configuration Requirements	14
Hardware Requirements for Computers on Your LAN	14
Operating Frequency Guidelines	14
Requirements for Entering IP Addresses	14
IPv4	14
IPv6	15
Install and Configure the Access Point	15
Connect the Access Point to a Computer	15
Log In to the Access Point	16
Log In to the Access Point When It Is Directly Connected to Your Computer	17
Log In to the Access Point When It Is Connected to a Network With a DHCP Server	18
Local Browser Interface	18
Disable Business Central Mode for a Standalone Access Point	19
Configure Basic General System Settings	20
Configure Time Settings	22
Configure the IPv4 Settings	23
Configure the Basic WiFi Settings	24
Configure 802.11bg/ng/bgn WiFi Settings	24
Configure 802.11a/a-na-ac WiFi Settings	27
Test Basic WiFi Connectivity	29
Mount the Access Point	30
Package Content of the Ceiling and Wall Installation Kit	30
Mount the Access Point to a Drop Ceiling	30
Mount the Access Point to a Wall	33
3. Configure the WiFi Features and Security	36
WiFi Data Security Options	37
WiFi Security Profiles	38
Configure and Enable WiFi Security Profiles	39
About WPA2-PSK and WPA-PSK & WPA2-PSK	46
About WPA2 With RADIUS and WPA & WPA2 With RADIUS	47
Change the QoS Policy for a WiFi Security Profile	47
Configure RADIUS Server Settings	48
Manage MAC Address Filter Profiles in the Local MAC Address Database	50
Add a MAC Address Filter Profile	51
Modify a MAC Address Filter Profile	52
Delete a MAC Address Filter Profile	53
Enable Rogue AP Detection and Monitor Rogue APs	53
Enable Rogue AP Detection	54
Monitor Rogue APs	55
Monitor Knows APs	56
Schedule the WiFi Radios to Be Turned Off	57
Configure Basic WiFi Quality of Service	59
4. Manage and Monitor the Access Point	61
Enable Remote Management	62
SNMP Management	62
Secure Shell and Telnet Management	63
Manage the Access Point over a Telnet Connection	64
Upgrade the Access Point Firmware	65
Upgrade the Firmware Over a Web Browser	65
Upgrade the Firmware Over a TFTP Server	66
Manage the Configuration File or Reset to Factory Defaults	67
Save the Configuration	68
Restore the Configuration	68
Restore the Access Point to the Factory Default Settings	69
Use the Local Browser Interface to Restore Factory Default Settings	70
Use the Reset Button to Restore Factory Default Settings	70
Reboot the Access Point Without Restoring the Default Configuration	71
Change the Administrator Password	72
Manage User Accounts	73
Add a New User Account	73
Change the Name for a User Account	74
Change the Privilege for a User Account	75
Reset the Password for a User Account	75
Delete a User Account	76
Enable the Syslog Server	76
Monitor the Access Point	77
View System Information	78
View Dashboard Information	80
View the Standalone Dashboard	80
View the Ensemble Dashboard	81
Monitor WiFi Clients	83
View the Activity Logs	85
View the Traffic Statistics	86
Set Up, Manage, and Monitor Ensembles	87
Configure Enable Ensemble Mode	88
Manage an Ensemble	88
Specify an Ensemble Management IP Address	89
Configure Ensemble Security With a Passphrase	89
Specify an Ensemble’s Channel Assignment Settings	90
Manage Automatic Channel Assignment for an Ensemble	91
Upgrade the Firmware of Ensemble Members From a Downloaded Firmware File	93
Upgrade the Firmware of Ensemble Members Over a TFTP Server	95
Monitor an Ensemble	96
Monitor the Status of the Ensemble	96
Monitor the Devices Connected to the Ensemble	97
Monitor the Access Points and Networks Neighboring the Ensemble	98
5. Configure Advanced Network and WiFi Features	100
Configure IPv6 Settings	101
Configure Spanning Tree Protocol, 802.1Q VLAN, and Link Layer Discovery Protocol	102
Configure STP and VLANs	102
Configure Ethernet LLDP	104
Configure Bonjour	105
Configure Advanced WiFi Settings	106
Configure Advanced Quality of Service Settings	109
Configure and Manage Quality of Service Policies	112
Configure a New QoS Policy	112
Modify a QoS Policy	117
Delete a QoS Policy	118
Configure Load Balancing	118
Manage Captive Portals	120
Enable the Access Point to Register With Facebook	121
Specify Captive Portal Profile Settings and Enable the Captive Portal Instance	121
Set Up Facebook Wi-Fi for a Captive Portal Profile	124
Add User Accounts to the Local Database for Captive Portal Access	126
Upload a Custom Logo	128
Configure a Default or Custom Captive Portal Splash Page	129
Enable the Global Captive Portal Mode	131
Configure WiFi Bridging	132
Point-to-Point Bridge and Point-to-Multipoint Bridge	132
Configure a WiFi Bridge	133
6. Troubleshooting	136
Troubleshoot the Basic Functions	137
Verify the Correct Sequence of Events at Startup	137
No LEDs Are Lit on the Access Point	137
The Active LED or the LAN LED Is Not Lit	138
The WLAN LED Does Not Light	138
You Cannot Access the Internet or the LAN From a WiFi Computer	138
You Cannot Configure the Access Point From a Browser	139
When You Enter a URL or IP Address a Time-Out Error Occurs	140
Troubleshoot a TCP/IP Network Using the Ping Utility	140
Test the LAN Path to Your Access Point	140
Test the Path from Your Computer to a Remote Device	141
Problems With Date and Time	141
Use the Packet Capture Tool	142
A. Configure the Access Point in Business Central Mode	143
Enable Business Central Mode	144
Configure the IP and 802.1Q VLAN Settings in Business Central Mode	145
Reboot the Access Point in Business Central Mode	146
Reset the Access Point in Business Central Mode to Factory Default Settings	147
Upgrade Access Point Firmware in Business Central Mode	148
Configure MAC Authentication in Business Central Mode	148
Add a MAC Address Filter Profile on an Access Point in Business Central Mode	149
Assign a MAC Address Filter Profile on an Access Point in Business Central Mode	151
Modify a MAC Address Filter Profile on an Access Point in Business Central Mode	153
Delete a MAC Address Filter Profile on an Access Point in Business Central Mode	154
Monitor the Access Point in Business Central Mode	154
View the Activity Logs of an Access Point in Business Central Mode	155
View Basic Information About the Access Point In Business Central Mode	156
B. Supplemental Information	157
Technical Specifications	158

Match case Limit results 1 per page

•

WPA2 with RADIUS

.Wi-Fi Protected Access version 2 (WPA2) with a RADIUS server provides the

most reliable security with Advanced Encryption Standard (AES) encryption. This very strong

authentication along with dynamic per-frame rekeying of WPA2 makes it virtually impossible to

compromise.

WPA2 uses RADIUS-based 802.1x authentication. For more information, see

Configure and Enable

WiFi Security Profiles

on page 39. and

About WPA2 With RADIUS and WPA & WPA2 With RADIUS

on page 47

•

WPA-PSK & WPA2-PSK mixed mode

.This mode provides reliable security for both WPA-PSK and

WPA2-PSK clients. Encryption is supported with the TKIP + AES mode.

WPA-PSK & WPA2-PSK uses a pre-shared key (PSK) for authentication; for more information, see

Configure and Enable WiFi Security Profiles

on page 39 and

About WPA2-PSK and WPA-PSK &

WPA2-PSK

on page 46.

•

WPA & WPA2 mixed mode with RADIUS

.This mode provides reliable security for both WPA and

WPA2 clients and a RADIUS server. Encryption is supported with the TKIP + AES mode.

WPA & WPA2 uses RADIUS-based 802.1x authentication. For more information, see

Configure and

Enable WiFi Security Profiles

on page 39 and

About WPA2 With RADIUS and WPA & WPA2 With

RADIUS

on page 47.

WiFi Security Profiles

WiFi security profiles, simply referred to as security profiles, let you configure unique security settings for

each SSID on each radio of the access point. For each radio, the access point supports up to 8 WiFi security

profiles (BSSIDs). That means that you can configure 16 security profiles with custom settings (see

Configure

and Enable WiFi Security Profiles

on page 39).

To set up a security profile, select its network authentication type, data encryption, WiFi client security

separation, and VLAN ID:

•

Network authentication

. The access point is set by default as an open system with no authentication.

When you configure network authentication, bear in mind that some legacy WiFi devices do not support

WPA2. If your network includes computers with legacy WiFi devices, configure WPA & WPA2 mixed

mode.

For information about the types of network authentication that the access point supports, see

Configure

and Enable WiFi Security Profiles

on page 39.

•

Data encryption

. Select the data encryption that you want to use.The available options depend on the

network authentication setting (otherwise, data encryption is disabled by default). The data encryption

settings are explained in

Configure and Enable WiFi Security Profiles

on page 39.

•

WiFi client security separation

. If this feature is enabled, the associated WiFi clients (using the same

SSID) are not able to communicate with 1each other.This feature is useful for hotspots and other public

access situations. By default, WiFi client separation is disabled. For more information, see

Configure

and Enable WiFi Security Profiles

on page 39.

•

VLAN ID

. If this feature is enabled and if the network devices (hubs and switches) on your LAN support

the VLAN (802.1Q) standard, the default VLAN ID for the access point is associated with each profile.

The default VLAN ID must match the IDs that are used by the other network devices. For more

information, see

Configure and Enable WiFi Security Profiles

on page 39.

Configure the WiFi Features and Security

Dual-Band Wireless AC Access Point WAC720 and WAC730 User Manual