Home » Netgear Manuals » Hubs & Switches » Netgear WC7660SKT » Manual Viewer

Netgear WC7660SKT Reference Manual - Page 104

Manage Authentication Servers and Authentication Server Groups, Authentication Server Concepts

Add to My Manuals
Save this manual to your list of manuals

Page 104 highlights

ProSAFE Wireless Controller WC7600 Manage Authentication Servers and Authentication Server Groups You can set up internal and external authentication servers and server groups that the wireless controller can use for authentication. Authentication Server Concepts You can specify three types of authentication servers: internal, external RADIUS, and external LDAP: • Internal authentication server. The wireless controller handles authentication. If you use this setting, set up WiFi clients on the User Management screen (see Manage Users, Accounts, and Passwords on page 150.) • External RADIUS server. You can define a basic external RADIUS server that you would typically use in the profiles of a basic profile group of a small-scale network. You must specify its configuration on the basic Authentication Server screen (see the next section) so that you can select this authentication option during the configuration of a profile. As part of the advanced authentication server settings, you can define multiple external RADIUS servers that you would typically use in a more complex network with many profiles. You can then assign different RADIUS servers to different profiles. By default, the external RADIUS server for the basic authentication group is called basic-Auth. You cannot change this name. By default, the external RADIUS authentication servers for the advanced authentication groups are called Auth1 through Auth8, and you can change these names. You can assign the basic-Auth server to an advanced profile group, and you can assign a RADIUS server of an advanced authentication group to the basic profile group. See the following configuration guidelines for external RADIUS servers: - You need to add only the IP address of the wireless controller as a RADIUS client to the RADIUS server. All managed access points are then automatically known to the RADIUS server. - For configuration guidelines for external MAC authentication, see Guidelines for External MAC Authentication on page 110. - For configuration guidelines for external authentication of captive portal users, see Manage Guest Network Access on page 145. • External LDAP server. You can define one external LDAP server (commonly referred to as an Active Directory [AD] server). You must specify its configuration on the basic Authentication Server screen (see the next section) so that you can select this authentication option during the configuration of a profile. By default, the external LDAP server for the basic authentication group is called basic-LDAP. You cannot change this name, and you cannot configure any LDAP servers Manage Security Profiles and Profile Groups 104

Section	Page
ProSAFE Wireless Controller WC7600	1
1. Introduction	9
Key Features and Capabilities	10
Package Contents	12
Hardware Features	12
Front Panel Ports, Slots, and LEDs	12
Back Panel Features	14
Bottom Panel with Product Label	15
WC7600 Wireless Controller System Components	15
NETGEAR ProSAFE Access Points	16
What Can You Do with the WC7600 Wireless Controller?	18
Licenses	20
Maintenance and Support	20
2. System Planning and Deployment Scenarios	21
Basic and Advanced Setting Concepts	22
Profile Group Concepts	23
Basic Profile	23
Advanced Profile	23
System Planning Concepts	25
Preinstallation Planning	25
Before You Configure a Wireless Controller	25
High-Level Configuration Examples	28
Single Controller Configuration with Basic Profile Group	28
Single Controller Configuration with Advanced Profile Groups	29
Stacked Controller Configuration	30
Management VLAN and Data VLAN Strategies	31
High-Level Deployment Scenarios	33
Scenario Example 1: Network with Single VLAN	33
Scenario Example 2: Advanced Network with VLANs and SSIDs	35
Scenario Example 3: Advanced Network	37
3. RF Planning	41
RF Planning Overview	41
Planning Requirements	41
Define and Edit Buildings and Floors	42
Specify Access Point Requirements	45
View and Manage Heat Maps for Deployed Plans	48
4. Installation and Configuration Overview	51
Connect Your Computer to the Wireless Controller	52
Log In to the Wireless Controller	52
Roadmap for Initial Configuration	54
Roadmap for Configuring Management of Your Wireless Network	55
Choose a Location for the Wireless Controller	57
Deploy the Wireless Controller	58
5. Configure the System and Network Settings and Register the Licenses	59
Configure the General Settings	60
Manage the Time Settings	61
Manage the IP, VLAN, and Link Aggregation Settings	62
Management VLAN Concepts	62
Untagged VLAN Concepts	63
Link Aggregation Concepts	63
Configure the IP, VLAN, and Link Aggregation Settings	63
Manage the DHCP Server	65
Add a DHCP Server	65
Change the Settings for a DHCP Server	68
Remove a DHCP Server	69
Register Your Licenses	70
Configure the License Server Settings	70
Register Your Licenses with the License Server	72
Manage Certificates	74
Configure Log, Syslog, Alarm Notification, and Email Settings	75
Configure Log Settings	75
Configure Syslog Settings	77
Configure Alarm Notification Settings	79
Configure the Email Notification Server	80
6. Manage Security Profiles and Profile Groups	82
Wireless Security Profile Concepts	83
Small WLAN Networks	83
Large WLAN Networks	84
Profile Naming Conventions	84
Considerations Before You Configure Profiles	84
Basic and Advanced Security Configuration Concepts	85
Manage Security Profiles for the Basic Profile Group	86
Configure a Profile in the Basic Profile Group	86
Change the Settings for a Profile in the Basic Profile Group	90
Remove a Profile From the Basic Profile Group	91
Manage Security Profiles for Advanced Profile Groups	91
Add an Advanced Profile Group	91
Remove an Advanced Profile Group	93
Configure a Profile in an Advanced Profile Group	93
Change the Settings for a Profile in an Advanced Profile Group	98
Remove a Profile From an Advanced Profile Group	99
Network Authentication and Data Encryption Options	99
Manage Authentication Servers and Authentication Server Groups	104
Authentication Server Concepts	104
Configure Basic Authentication Server Settings	105
Configure a RADIUS Authentication Server Group	107
Remove a RADIUS Authentication Server Group	109
Manage MAC Authentication and MAC Authentication Groups	109
Guidelines for External MAC Authentication	110
Configure Basic Local MAC Authentication Settings	110
Remove a MAC Address from a Wireless Client List	112
Import a MAC List from a File	112
Configure a Local MAC Authentication Group	113
Remove a Local MAC Authentication Group	115
Select an ACL for a Profile in the Basic Profile Group	115
Select an ACL for a Profile in an Advanced Profile Group	117
7. Discover and Manage Access Points	119
Access Point Discovery Guidelines	120
General Discovery Guidelines	120
Layer 3 Discovery Guidelines	120
Remote Access Point Discovery Guidelines	121
Discover Access Points with the Discovery Wizard	123
Discover Access Points in Factory Default State and Access Points in a Layer 2 Subnet	123
Discover Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks	127
Manage the Managed AP List	131
View the Managed AP List	131
Change Access Point Information on the Managed AP List	133
Remove Access Points from the Managed AP List	136
Assign Access Points to Advanced Profile Groups	137
8. Manage Rogue Access Points, Guest Network Access, and Users	140
Manage Rogue Access Points	141
Rogue Access Point Concepts	141
Configure Basic Rogue Detection Settings	141
Classify Rogue Access Points	142
Import a List of Known Access Points from a File	144
Manage Guest Network Access	145
Portal Concepts	145
Configure a Portal	146
Manage Users, Accounts, and Passwords	150
User and Account Concepts	150
Add a Management User	151
Add a WiFi User	152
Add a Captive Portal Account	154
Add a Captive Portal User	156
Change the Settings for a User or Account	158
Remove a User or Account	159
Export a List of Users or Accounts	160
9. Configure Wireless and QoS Settings	161
Basic and Advanced Wireless and QoS Configuration Concepts	162
Configure the Radio	162
Configure the Radio for the Basic Profile Group	162
Configure the Radio for an Advanced Profile Group	164
Configure Wireless Settings	165
Configure Wireless Settings for the Basic Profile Group	165
Override Channel and Transmission Power in the Basic Profile Group	169
Configure Wireless Settings for an Advanced Profile Group	171
Override Channel and Transmission Power in an Advanced Profile Group	175
Configure Channels	177
Specify Radio Frequency Management	180
Radio Frequency Concepts	180
WLAN Healing Concepts	181
Configure Radio Frequency Management for the Basic Profile Group	181
Configure Radio Frequency Management for an Advanced Profile Group	183
Manage the Preferred Bands	186
Configure the Preferred Band for WNDAP620 Access Points in the Basic Profile Group	186
Configure the Preferred Band for WNDAP620 Access Points in an Advanced Profile Group	187
Manage Quality of Service for an Advanced Profile Group	188
Quality of Service Concepts	188
Configure Quality of Service for a Profile Group	189
Manage Load Balancing	192
Load Balancing Concepts	192
Configure Load Balancing	193
Manage Rate Limiting	194
Rate Limiting Concepts	194
Configure Rate Limiting for the Basic Profile Group	195
Configure Rate Limiting for an Advanced Profile Group	196
10. Maintain the Wireless Controller and Access Points	198
Manage the Configuration File	199
Back Up the Configuration File	199
Restore the Configuration File	200
Upgrade the Firmware	201
Reboot the Wireless Controller	204
Reset the Wireless Controller	205
Manage External Storage	206
Manage Remote Access	207
Specify Session Time-Outs	209
Manage the System Logs	209
Query the System Logs	210
Save the System Logs	212
Clear the System Logs	212
View Alerts and Events	213
View System Alerts	213
View Radio Frequency Events	214
View Load-Balancing Events	215
View Rate-Limit Events	217
View Redundancy Events	218
View Stacking Events	218
Manage Licenses	219
View Your Licenses	220
Retrieve Your Licenses	222
Reboot Access Points	223
Configure Multicast Firmware Upgrade for Access Points	224
Change the Multicast Firmware Upgrade Settings	225
Disable Multicast Firmware Upgrade	226
11. Manage Stacking and Redundancy	227
Stacking Concepts	228
Configure a Stack	230
Remove a Wireless Controller from a Stack	232
Select Which Wireless Controller in a Stack to Configure	233
Manage Redundancy for a Single Controller	237
VRRP Redundancy Concepts	237
Configure a Single Controller with Redundancy	239
Manage a Redundancy Group with N:1 Redundancy	241
VRRP N:1 Redundancy Concepts	241
Configure a Redundancy Group with N:1 Redundancy	244
Change a Redundant Controller	246
Remove a Redundancy Group	247
12. Monitor the Wireless Network and Its Components	248
Monitor the Network	249
View the Network Summary Screen	249
View the Wireless Controllers in the Network	251
View the Access Points in the Network	253
View the Clients in the Network	258
View the Profiles in the Network	262
Monitor the Wireless Controller	264
View the Wireless Controller Summary Screen	264
View Wireless Controller Usage	266
View Access Points that the Wireless Controller Manages	268
View Clients on Access Points that the Wireless Controller Manages	273
View Neighboring Clients that the Wireless Controller Detects	277
View Neighboring Access Points that the Wireless Controller Does Not Manage	279
View Security Profiles That the Wireless Controller Manages	280
View DHCP Leases That Are Provided by the Wireless Controller	282
View Captive Portal Users on Access Points That the Wireless Controller Manages	283
Monitor the SSIDs on the Wireless Controller	285
Monitor Local Clients in the Network	290
13. Troubleshooting	295
Troubleshoot Basic Functioning	296
Power LED Is Not Lit	296
Status LED Never Turns Off	296
Ethernet Port LEDs Are Not Lit	297
Troubleshoot the Web Management Interface	297
Check the Ethernet Cabling	297
Check the IP Address Configuration	297
Check the Internet Browser	298
Troubleshoot a TCP/IP Network Using the Ping Utility	298
Use the Reset Button to Restore Default Settings	299
Resolve Problems with Date and Time	299
Resolve Problems with Access Points	300
Resolve Discovery Problems	300
Resolve Connection Problems	300
Network Performance and Rogue Access Point Detection	301
Use the Diagnostic Tools on the Wireless Controller	301
Ping an Access Point	301
Trace a Route to an Access Point	302
A. Factory Default Settings, Technical Specifications, and Passwords Requirements	304
Factory Default Settings	305
Technical Specifications	305

Match case Limit results 1 per page

Manage Security Profiles and Profile Groups

104

ProSAFE Wireless Controller WC7600

Manage Authentication Servers and Authentication

Server Groups

You can set up internal and external authentication servers and server groups that the

wireless controller can use for authentication.

Authentication Server Concepts

You can specify three types of authentication servers: internal, external RADIUS, and

external LDAP:

•

Internal authentication server

. The wireless controller handles authentication. If you

use this setting, set up WiFi clients on the User Management screen (see

Manage Users,

Accounts, and Passwords

on page

150.)

•

External RADIUS server

. You can define a basic external RADIUS server that you would

typically use in the profiles of a basic profile group of a small-scale network. You must

specify its configuration on the basic Authentication Server screen (see the next section)

so that you can select this authentication option during the configuration of a profile. As

part of the advanced authentication server settings, you can define multiple external

RADIUS servers that you would typically use in a more complex network with many

profiles. You can then assign different RADIUS servers to different profiles.

By default, the external RADIUS server for the basic authentication group is called

basic-Auth

. You cannot change this name. By default, the external RADIUS

authentication servers for the advanced authentication groups are called

Auth1

through

Auth8

, and you

can

change these names. You can assign the

basic-Auth

server to an

advanced profile group, and you can assign a RADIUS server of an advanced

authentication group to the basic profile group.

See the following configuration guidelines for external RADIUS servers:

You need to add only the IP address of the wireless controller as a RADIUS client to

the RADIUS server. All managed access points are then automatically known to the

RADIUS server.

For configuration guidelines for external MAC authentication, see

Guidelines for

External MAC Authentication

on page

110.

For configuration guidelines for external authentication of captive portal users, see

Manage Guest Network Access

on page

145.

•

External LDAP server

. You can define one external LDAP server (commonly referred to

as an Active Directory [AD] server). You must specify its configuration on the basic

Authentication Server screen (see the next section) so that you can select this

authentication option during the configuration of a profile.

By default, the external LDAP server for the basic authentication group is called

basic-LDAP

. You cannot change this name, and you cannot configure any LDAP servers