ProSAFE Wireless Controller WC9500 Reference Manual
Contents
1. Monitor the Wireless Network and Its Components 181 ProSAFE Wireless Controller WC9500 The following table describes the fields of the Clients table Item Description Select The radio button that lets you select the client MAC The MAC address of the wireless client IP The IP address of the wireless client Note the following e If clients and the access point to which they are connected are in the same VLAN all receive an IP address from the same DHCP server e If clients and the access point to which they are connected are not in the same VLAN you need to have a DHCP server for the client VLAN e If clients are not connected to any DHCP server IP addresses in the 169 254 x x range are assigned automatically Location The location of the access point see Edit Access Point Information on the Managed AP List on page 101 to which the wireless client is connected AP Name The name of the access point see Edit Access Point Information on the Managed AP List on page 101 to which the wireless client is connected AP IP The IP address of the access point to which the wireless client is connected AP MAC The MAC address of the access point to which the wireless client is connected Client Type The wireless mode that the wireless client is using to connect to the access point 802 11ng 802 11 bg 802 11 b 802 11Nna or 802 11 a Usage KBytes The traffic usage of the wireless client in KB RSSI The received s2. CANCEL APPLY 2 Click the tab for the profile group for which you want to configure the wireless settings 3 Click the tab for the radio for which you want to configure the wireless settings Configure Wireless and QoS Settings 136 ProSAFE Wireless Controller WC9500 4 Configure the settings in the table at the bottom of the screen as described in the following table Setting Description AP Name The name of the access point Access Point Channel Override these settings only if there is a specific need From the menu select a channel and frequency for the access point to operate in Note Changing a channel might temporarily affect the traffic on the access point Note By default the access point s channel and frequency are set to the ones that are enabled for the radio and profile group If the channel and frequency are not available on the access point the channel and frequency are set to the ones providing the highest performance For more information see Configure Channels on page 137 Tx Power From the menu select the transmission power of the access point Note By default the access point s transmission power is set to the configuration that is selected on the basic RF Management screen For more information see RF Management for an Advanced Profile Group on page 142 5 Click Apply Configure Channels CAUTION Do not disable channel allocation unless you are debugging or the
3. The floor designation is always Floor 1 which is a fixed selection from the menu Enter a name that is meaningful to you 5 Click Apply 6 Click Back The Managed AP List screen displays Changes that you made on the Edit Access Point screen are displayed in the table 7 Optional If the changes do not display in the table click Refresh Remove Access Points from the Managed AP List To restore a managed access point to its original firmware and use it once again as a standalone access point remove the access point from the Managed AP List Log in to the access point s web management interface upgrade the firmware to the standalone AP firmware version and reboot the access point gt To remove an access point from the Managed AP List 1 Select Access Point gt Managed AP List The Managed AP List screen displays 2 Select the radio button to the right of the access point that you want to remove 3 Click Remove Assign Access Points to Advanced Profile Groups By default all access points are automatically assigned to the basic profile group However you can use the WLAN Group Assignment screen to assign access points to an advanced profile group For information about how to create advanced profile groups see Advanced Profile Groups on page 71 Note Access point profile group profile group and WLAN group are terms that are interchangeable Discover and Manage Access Points 104 ProSAFE Wireles
4. Edit or Remove a User or Account You can easily change or remove a user or an account To edit or remove a user or an account 1 Select Maintenance gt User Management The User Management screen displays with the Management tab and associated screen in view Click one of the following tabs e Management e WiFi Clients e Captive Portal Account e Captive Portal Users Select the radio button that corresponds to the user or account that you want to edit or remove Click one of the following buttons e Edit Opens a pop up screen that lets you change the user or account settings e Remove Removes the user from the user table Note You cannot remove a captive portal account that has one or more captive portal users associated with it You first need to assign the users to another account and then you can remove the account Applies only when you have edited user or account settings Click Apply The settings are saved in the table on the User Management screen Manage Rogue Access Points Guest Network Access and Users 122 ProSAFE Wireless Controller WC9500 Export a List of Users or Accounts You can export a list of users or account as a comma separated values CSV file gt To export a list of users or accounts i Select Maintenance gt User Management The User Management screen displays with the Management tab and associated screen in view Click one of the following tabs e Management
5. gt To upgrade the firmware 1 Optional Download the firmware from NETGEAR a Visit the NETGEAR support page for the WC9500 wireless controller at http support netgear com product WC9500 b Download the firmware and save it to your computer 2 Select Maintenance gt Upgrade gt Firmware Upgrade The Firmware Upgrade screen displays The following figure shows the fields that display when you have selected the FTP radio button When you select the TFTP or Local File radio button fewer fields are shown Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt Firmware Firmware Upgrade Upgrade Otetp rtP Local File gt AP Upgrade Settings Server Parameters Server IP File Name User Name Password Boot Information Active Partition Partition 1 Firmware version 3 0 0 73_1034 Boot Partition to Upgrade Partition1 Partition 2 After upgrade boot from Partitiona Partition 2 Schedule Scheduled Upgrade Status None When to Upgrade O tater hr 15 mins Month 2 Date 15 Year 2013 now 3 Configure the settings as described in the following table Setting Description TFTP FTP or Local File Select one of the following radio buttons to specify from which location the upgrade should occur The screen adjusts to display the fiel
6. Configure the System and Network Settings and Register the Licenses 59 ProSAFE Wireless Controller WC9500 Configure Syslog Settings This screen lets you configure the settings to connect to a syslog server if you have one configured in your network gt To configure syslog settings 1 Select Configuration gt System gt Alerts Logs gt Logs Syslog The Logs Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal General Log Settings gt Time gt IP LAN gt DHCP Server gt Certificates Alerts Logs Logs SysLog gt Alarms gt Email Setup Event Tracing O Time Duration hr 0 mins 30 Log Level LOG_LEVEL_WARN v yslog Settings Enable Syslog Syslog Server IP Address erver Port Number 2 Inthe Syslog Settings section of the screen configure the settings as described in the following table Enable Syslog Enable the syslog settings if you have a syslog server on your network Syslog Server IP Address Enter the IP address to which the wireless controller and managed access points send all syslogs if the Syslog check box is selected Server Port Number Enter the number of the port at which your syslog server is configured to listen to requests 3 Click Apply Configure the System and Network Settings and Register the Licenses 60 ProSAFE Wireless Controller WC9500 Conf
7. Select Configuration gt System gt General The General Settings screen displays Enter a name for the wireless controller and select the country in which the wireless controller is used Click Apply Select Configuration gt System gt Time The Time Setting screen displays Select the time zone in which the wireless controller is used Optionally configure the NTP settings For more information see Manage the Time Settings on page 48 Click Apply Select Configuration gt System gt IP VLAN The IP Settings screen displays wie e IP settings for your network and the VLANs that you want to assign to the wireless controller Note A management VLAN is used for all SNMP and HTTP traffic to and from the wireless controller and managed access points Note Clear the Untagged VLAN check box only if the hubs and switches in your network support the VLAN 802 1Q standard Likewise change the untagged VLAN value only if the hubs and switches in your network support the VLAN 802 1Q standard For more information see P and VLAN Settings on page 49 Installation and Configuration Overview 42 10 11 12 13 ProSAFE Wireless Controller WC9500 Click Apply Optional If no DHCP server is available in your network configure the wireless controller s DHCP server For more information see Manage the DHCP Server on page 51 Click Apply The connection to the wireless controller is terminated becau
8. netgear7B2488 healthy c0 3fi0e 7b 24 80 192 168 0 155 Model Building 2 4 GHz Channel 5 GHz Channel Uptime WNAP210 Building 1 Floor i 1 7 2 412Ghz NA 1 hrs 58 mins 5 secs WNAP210 Building 4 Floor 1 2 412Ghz OMA A hrs 58 mins 6 secs Monitor the Wireless Network and Its Components 189 ProSAFE Wireless Controller WC9500 The following table describes the fields of the Active SSID table with access points Item Description Select The radio button that lets you select the access point Location The location of the access point see Edit Access Point Information on the Managed AP List on page 101 Name The name of the access point see Edit Access Point Information on the Managed AP List on page 101 Status The status of the access point healthy or down MAC The MAC address of the access point IP The IP address of the access point Model The model of the access point WNAP210 WNAP320 WNDAP350 WNDAP360 or WNDAP380R Building The building designation is always Building 1 Floor The floor designation is always Floor 1 2 4 GHz Channel The configured 2 4 GHz channel on the access point This information can change after initial configuration of the access point because of automatic channel allocation 5 GHz Channel The configured 5 GHz channel on the access point This information can change after initial configuration of the access point because of automatic channel allocation Upt
9. 9 4 Click the tab for the radio for which you want to remove a profile 5 Click the tab for the profile that you want to remove 6 Click Delete 7 Confirm that you want to delete the profile Network Authentication and Data Encryption Options This section describes the detailed network authentication and data encryption options that are part of the procedures in Configure Profiles in the Basic Profile Group on page 67 and Configure Profiles in an Advanced Profile Group on page 73 Table 3 on page 78 shows the data encryption options based on the network authentication that you select on the Edit Profile Basic or Edit Profile Group X screen and the required configuration steps to implement the selected network authentication Note On the Edit Profile Basic or Edit Profile Group X screen for any selection from the Network Authentication menu that requires a RADIUS server authentication is not restricted to a RADIUS server you can also use an internal authentication server or an external LDAP server Note You can configure either MAC authentication with an external RADIUS server or network authentication with an external RADIUS server but not both That is if you configure external MAC authentication you cannot use an external RADIUS server with WPA WPA2 or WPA amp WPA2 Manage Security Profiles and Profile Groups 77 ProSAFE Wireless Controller WC9500 Table 3 Network authentication and data encryption se
10. For information about how to configure these settings see the relevant sections Management VLAN The management VLAN is the dedicated VLAN for access to the wireless controller All traffic that is directed to the wireless controller including HTTP HTTPS SNMP and SSH traffic is carried over the management VLAN If the management VLAN is also configured as a tagged VLAN the most common configuration the packets to and from the wireless controller carry the 802 1Q VLAN header with the assigned VLAN number If the management VLAN is marked as untagged the System Planning and Deployment Scenarios 23 ProSAFE Wireless Controller WC9500 packets that are sent from the wireless controller do not carry the 802 1Q header and all untagged packets that are sent to the wireless controller are treated as management VLAN traffic Note Use a tagged VLAN or change the tagged VLAN ID only if the hubs and switches on your LAN support 802 1Q If they do not and you have not configured a tagged VLAN with the same VLAN ID on the hubs and switches in your network IP connectivity might be lost The wireless controller needs to have IP connectivity with the access points through the management VLAN If the wireless controller and the access points are on different management VLANs external VLAN routing needs to allow IP connectivity between the wireless controller and the access points For information about how to configure management VLAN
11. Major CANCEL APPLY 2 Configure the settings as described in the following table Setting Description TX Power Settings Default Tx Power Make a selection from the menu to specify how the transmission Tx power is configured on the access points Full Half Quarter Eighth or Minimum When automatic Tx power control is enabled the selection from the menu is used as the initial power level for the access points Automatic Tx Power Control Select the enable radio button to enable automatic Tx power control e When a client attempts to connect to an access point at low power the access point s Tx power is automatically increased above the default level e When there are overlapping coverage areas the access point s Tx power is automatically decreased below default level Select the disable radio button to disable automatic Tx power control Configure Wireless and QoS Settings 141 ProSAFE Wireless Controller WC9500 setting Description S O WLAN Healing Maximum Neighbors to Participate From the menu select the maximum number of neighboring access in Self healing points that increase or decrease power to cover for a failing access point Selecting 0 zero disables this feature Use close neighbors not a distant access point and do not use all access points Self healing wait Time after AP From the menu select the number of minutes to validate that is wait Failure before co
12. ProSAFE Wireless Controller WC9500 Configure the Email Notification Server The email notification server is the location from which the email alerts originate gt To configure email settings 1 Select Configuration gt System gt Alerts Logs gt Email Setup The Email Configuration screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal gt General Email Configuration Time Server Address gt IP LAN Port gt DHCP Server Sender E Mail Address Certificates Authentication Required Alerts Logs Logs SysLog Alarms Ernail Setup User Name Password Configure the settings as described in the following table Setting Description Server Address Enter the IP address of the server from which email notifications are sent Enter the port number of the server from which email notifications are sent The default is port number 25 Sender Email Address Enter the email address from which email notifications are sent Authentication Required Select this check box if the email server requires authentication and complete the User Name and Password fields User Name Enter the user name that is associated with the email server Password Enter the password that is associated with the email server 3 Click Apply Configure the System and Network Settings a
13. RTS Threshold 0 2347 The selections that are available depend on the selected radio mode From the menu select the wireless mode e 802 11b bg ng mode Ting This is the default setting 11bg Tib e 802 11a na mode Tina This is the default setting 11a Note If you select 802 1 1bg or 802 11b mode both 802 11n and 802 11g compliant devices can connect to the access points However if you select 802 11ng mode 802 11b compliant devices cannot connect From the menu select the available transmit data rates of the wireless network From the menu select the channel width e 20 MHz Static e 20 40 MHz Dynamic This is the default setting A wider channel improves the performance but some legacy devices can operate only with a 20 MHz channel width From the menu select a value that protects transmissions from interference A shorter guard interval improves performance but some legacy devices can operate only with a long guard interval Enter the size of the Request to Send RTS threshold packet The RTS threshold is related to the transmission mechanism CSMA CA or CSMA CD for the packets If the packet size is equal to or less than this threshold the data frame is transmitted immediately if the packet size is larger than the specified value the transmitting station needs to send an RTS threshold packet to the receiving station and then should wait for the receiving station to return a Clear to Send C
14. Troubleshoot the Web Management Interface 0 199 Etheime t Ca DING susara none weet tadawatacagiale OA 199 IP Address Configuration uaaa aaaea 199 Internet BrOWSE ia acnwira sina verde aian akada de da a A E 200 ProSAFE Wireless Controller WC9500 Troubleshoot a TCP IP Network Using the Ping Utiliy 200 Use the Reset Button to Restore Default Settings 201 Problems with Date and Time 00 000 eee eee 202 Problems with Access PointS 0 0000 cece eens 202 Discovery ProbleMs s0 22004 eee eee teen dees ened aia ewes 202 Connection Problems 0 00 cee een eee eae 203 Network Performance and Rogue Access Point Detection 203 Use the Diagnostic Tools on the Wireless Controller 203 Appendix A Factory Default Settings and Technical Specifications Factory Detault SCtINOS s unsaid 24 parka dase swisnsd aid i Aarne 206 Technical Specifications 0 0 ees 206 Password Requirements iseer siirduda ne miih cee eee 207 Index Introduction This chapter includes the following sections Key Features and Capabilities Package Contents Hardware Features WC9500 Wireless Controller System Components NETGEAR ProSAFE Access Points What Can You Do with the WC9500 Wireless Controller Licenses Maintenance and Support Note For more information about the topics covered in this manual visit the support website at htto sup
15. gt RF Management Schedule at hr OM min Ov gt Advanced m t w t f s s ai 2 a a a a a Schedule On Duration hrs OY mins Ov 2 Configure the settings as described in the following table setting Description Current Time This is a nonconfigurable field that displays the current time for the wireless controller Schedule Radio On Off You can specify either when the radio is on by selecting the On radio button or when it is off by selecting the Off radio button Schedule at From the menus specify the time hours and minutes when you want to turn the radio either on or off Schedule On Select the check boxes for each day of the week that you want to schedule the radio to be either on or off Duration From the menus specify the duration in hours and minutes that the radio should be either on or off 3 Click Apply Configure Wireless and QoS Settings 126 ProSAFE Wireless Controller WC9500 Configure the Radio for an Advanced Profile Group You can schedule the radio for specific groups to match their network usage For example during registration a school could leave the radios on for the main office or administration building and turn off radios in buildings that contain only classrooms that are not in use gt To schedule the radio for an advanced profile group 1 Select Configuration gt Wireless gt Advanced gt Radio On Off The advanced Schedule screen displays
16. network performance troubleshooting 203 notification server emails 62 NTP Network Time Protocol client and server 48 O option 43 DHCP 91 P package contents 11 partition memory 155 password requirements 207 passwords restoring default 201 users 116 physical specifications 206 pinging access points 203 planning system 23 PoE Power over Ethernet access points 15 portals configuring 111 115 ports and slots 11 Power LED described 12 troubleshooting 198 power supplies 14 preamble type 131 135 preventing channel allocation 139 product label 14 profile groups See access point profile groups advanced profile groups basic profile group profiles See security profiles Q QoS quality of service 144 R rack mounting 45 radio frequency RF logs viewing and saving 164 management 140 obstructions 23 radio turning on and off 126 RADIUS authentication server groups 88 RADIUS servers 79 85 87 114 rate limit logs viewing and saving 165 rate limiting 148 rebooting access points 167 wireless controller 156 201 received signal strength indication RSSI 148 reduced interframe space RIFS transmission 131 135 registration keys licenses 57 166 regulatory compliance 207 remote access 157 remote access points 94 98 101 requirements Layer 3 autodiscovery 91 Reset button 12 resetting factory defaults 12 passwords 201 wireless controller 156 restoring the configuration 153 RF
17. 2 Click Delete 3 Click Apply For information about how to add a MAC ACL to a security profile in the basic profile group see Configure Profiles in the Basic Profile Group on page 67 For information about how to add a MAC ACL to a security profile in an advanced profile group see Configure Profiles in an Advanced Profile Group on page 73 Import a MAC List from a File You can import a precompiled list of MAC addresses from a saved file This file needs to be a simple text file with one MAC address per line gt To importa MAC list from a file 1 Create a text file that includes a list of MAC addresses Each MAC address should be on a separate line with hard returns between lines as shown in the following example 00 00 00 00 00 00 00 00 00 00 14 11 Lis 11 14 Ils rap el Ii els sis 22 129 22 Zo 22 22 28 27 26 25 2 Select Configuration gt Security gt Basic gt MAC ACL The basic MAC Authentication screen displays 3 Click Browse navigate to the file containing the list of MAC addresses and select it 4 Make one of the following selections from the Import MAC List from a file menu Merge Merges the list of MAC addresses that you intend to import with those that are already present in the Selected Wireless Clients list Replace Replaces the MAC addresses that are present in the Selected Wireless Clients list with those in the file that you intend to impor
18. 4 1 4 4 4 4 4 4 4 4 4 Optional Click Save Follow the directions of your browser to save the logs to your computer The default name of the zipped log file is lt P address gt WC9500 Query txt in which lt P address gt is the IP address of the wireless controller Click Back The Query System Logs screen displays again To save all system logs i Select Maintenance gt Logs amp Alerts gt Logs The Query System Logs screen displays Click Save Follow the directions of your browser to save the logs to your computer The default name of the zipped log file is lt P address gt WC9500 Logs tgz in which lt IP address gt is the IP address of the wireless controller gt To clear the system logs i Select Maintenance gt Logs amp Alerts gt Logs The Query System Logs screen displays 2 Click Clear Maintain the Wireless Controller and Access Points 161 ProSAFE Wireless Controller WC9500 View Alerts and Events The wireless controller lets you view the following alerts and events e System alerts System alerts such as an access point coming up or being shut down the wireless controller coming up or being shut down and a firmware upgrade e RF events Radio frequency events such as the detection of a coverage hole a change of channel or a managed access point going down e Load balancing event Load balancing events such as a bad RSSI for a client or the violation of
19. Controller gt Usage BENGE Maintenance Stacking Diagnostics r WLAN Clients gt Summary Controller Usage gt Usage gt Access Point SSID Usage gt Clients 2 Neighboring Clients gt Neighbor AP Profiles gt DHCP Lease Captive Portal Users Number of Clients Tota O24 Gu a5 Gu Number of Clients Monitor the Wireless Network and Its Components 175 ProSAFE Wireless Controller WC9500 Data for the 2 4 GHz network for the combined 802 11b 802 11bg and 802 11ng modes is shown in purple data for the 5 GHz network for the combined 802 11a and 802 11na modes is shown in green The screen shows the following graphs e AP Usage Displays the 2 4 GHz and 5 GHz traffic usage in MB for access points e SSID Usage Displays the 2 4 GHz and 5 GHz traffic usage in MB for SSIDs e Number of Clients Displays the total number of clients number of clients in the 2 4 GHz network and number of clients in the 5 GHz network over a period View Access Points Managed by the Wireless Controller The Access Point screen lets you monitor all access points that are managed by the wireless controller gt To view the Access Point screen 1 Select Monitor gt Controller gt Access Point Because this screen is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary Access Point gt Usage
20. Default Gateway The default gateway of the access point Primary DNS Server The primary DNS server of the access point Secondary DNS Server The secondary DNS server of the access point VLAN Settings section Managed VLAN Enter a VLAN ID or leave the default ID By default the management VLAN is 1 For more information about management VLANs see Management VLAN on page 23 and Management VLAN Concepts on page 49 Untagged VLAN Enter a VLAN ID or leave the default ID By default the untagged VLAN is 1 and the Untagged VLAN check box is selected When the wireless controller sends frames associated with the untagged VLAN to the LAN Ethernet interface those frames are untagged When the wireless controller receives untagged traffic from the LAN Ethernet interface those frames are assigned to the untagged VLAN Wireless Settings section Antenna You can specify which antenna the access point uses by making a selection from the menu e Internal The access point uses its internal antenna e External The access point uses its external antenna or antennas External antennas are optional antennas that do not come standard with an access point Plan Settings section Site The site designation is always Local Discover and Manage Access Points 103 ProSAFE Wireless Controller WC9500 setting Description n O The building designation is always Building 1 which is a fixed selection from the menu
21. If you use the advanced configuration model you can configure the following wireless and QoS settings separately for each profile group that you have created Advanced radio on off schedules for up to eight profile groups Advanced wireless settings for each radio in up to eight profile groups Advanced QoS settings for each radio in up to eight profile groups Advanced RF management for up to eight profile groups Advanced rate limiting for each radio in up to eight profile groups e Global wireless settings The following wireless and QoS settings apply to all profiles whether in the basic profile group or in any of the advanced profile groups Basic channel allocation Basic load balancing for each type of access point model Configure Wireless and QoS Settings 125 ProSAFE Wireless Controller WC9500 Configure the Radio Radio On Off is a green feature that can be used during scheduled vacations or plant shutdowns on evenings or on weekends Configure the Radio for the Basic Profile Group gt To schedule the radio for the basic profile group 1 Select Configuration gt Wireless gt Basic gt Radio On Off The basic Schedule screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal Basic Schedule gt Radio On Off Current Time Thu Feb 14 22 25 31 PST 2013 gt Wireless gt Channel Allocation Schedule Radio On Off Oon off
22. Month 2 Date 14 Year 2013 Y CANCEL APPLY PRINT RESET 4 Configure the user settings as described in the following table Setting Description User Name Enter a unique user name Only alphanumerical characters and underscore characters _ are supported Password There are two methods to populate the password fields Use either one method Method one 1 Enter a password in the Password field 2 Confirm the password in the Confirm Password field Method two Click Generate A password is generated automatically Manage Rogue Access Points Guest Network Access and Users 121 5 6 ProSAFE Wireless Controller WC9500 Setting Description _ o Expiry Select one of the following radio buttons all of which are mutually exclusive Account Select a captive portal account from the menu Wireless access expires according to the expiration period that is specified for the selected account see Add a Captive Portal Account on page 119 e No Expiry Wireless access does not expire e Expires in Wireless access expires within one hour From the mins menu select in how many minutes access expires e Expires at Wireless access expires at a date and time that you specify by making selections from the following menus hr mins Month Date and Year Optional Click Print The user information is printed Click Apply The user is added to the table on the User Management screen
23. Open WEP WPA WPA2 or WPA WPA2 for the security profile Radio Mode The wireless mode for the security profile 802 11b bg ng or 802 11a na Status The status of the security profile Active or Inactive No of APs The number of access points that are attached to the security profile No of Clients The number of clients that are attached through the access points to the security profile Group Name The name of the group of which the security profile is a member Monitor the Wireless Network and Its Components 186 ProSAFE Wireless Controller WC9500 View DHCP Leases Provided by the Wireless Controller The DHCP Leases screen displays the current DHCP clients that have been allocated IP addresses by the DHCP server on the wireless controller To view the DHCP Leases screen Select Monitor gt Controller gt DHCP Lease Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary DHCP Leases Usage Access Point Search Neighboring netgear7B2488 192 168 0 155 14 38 31 2013 02 17 O 3f 0e 7b 24 80 Management Clients gt Neighbor AP gt Profiles gt DHCP Lease Captive Portal Users REFRESH EXPORT The following table describes the fields of the DHCP Leases table Vostro1500 192 168 0 148 13 48 31 2013 02 17 00 1e 4c 67 33 b2 Management netgearAl0668 192 168 0 158 14 41 20 2013 02 17 c4 3d c7 31 06 60 Management netgear7B26D8 192 168 0 1
24. ProSAFE Wireless Controller WC9500 Connection Problems When an access point is converted from standalone AP mode to managed AP mode its static IP address is changed to an IP address that is issued by the DHCP server either one in the network or one that is configured on the wireless controller This occurs to ensure that each managed access point has a unique IP address If there is no DHCP server or if the access point cannot reach the DHCP server the access point remains in the Connecting state attempting to obtain an IP address If there is no DHCP server in the network configure one on the wireless controller see Manage the DHCP Server on page 51 When a DHCP server becomes available the access point can transition from the Connecting state to the Connected state Network Performance and Rogue Access Point Detection When rogue access point detection is enabled access points intermittently go off channel for short periods which can affect network performance The default rogue access point detection interval is 30 minutes This interval is not configurable Use the Diagnostic Tools on the Wireless Controller As part of the diagnostics functions on the wireless controller you can ping a managed access point from the wireless controller or trace its route from the wireless controller gt To ping an access point 1 Select Diagnostics gt Ping The Ping screen displays Access Point Configuration Monitor Maintenance Stack
25. Setting Description The name of the access point Access Point Channel Override these settings only if there is a specific need From the menu select a channel and frequency for the access point to operate in Note Changing a channel might temporarily affect the traffic on the access point Note By default the access point s channel and frequency are set to the ones that are enabled for the radio and profile group If the channel and frequency are not available on the access point the channel and frequency are set to the ones providing the highest performance For more information see Configure Channels on page 137 Configure Wireless and QoS Settings 132 ProSAFE Wireless Controller WC9500 Setting Description Tx Power From the menu select the transmission power of the access point Note By default the access point s transmission power is set to the configuration that is selected on the basic RF Management screen For more information see RF Management for the Basic Profile Group on page 141 4 Click Apply Configure Wireless Settings for an Advanced Profile Group There are two requirements for you to be able to configure the wireless settings on the Advanced Wireless Settings screen e You need to disable automatic channel allocation for the radio on the Channel Allocation screen For information about channel allocation see Configure Channels on page 137 e There needs to b
26. and the table shows the access points that were discovered For each access point the table includes the model number IP address MAC address and site Optional Enter information in the Search field to find an individual access point Review the discovery results to make sure that all the access points are listed The effectiveness of the discovery process depends in part on how the access points on your LAN are set up If each access point is configured with a unique IP address and is running current firmware discovery is usually simple Discover and Manage Access Points 97 ProSAFE Wireless Controller WC9500 If the discovery results are not what you expect check the following e Access points managed already by the wireless controller are not in the discovery list To view the Managed AP List select Access Point gt Managed AP List e Make sure that a DHCP server is available in the network or on the wireless controller For information about the wireless controllers DHCP server see Manage the DHCP Server on page 51 e If more than one access point has the same IP address only one of them is discovered at a time You have to add the access point to the managed list change its IP address and run discovery again to discover the next access point with that IP address e For more information see Problems with Access Points on page 202 9 Optional Click Restart The discovery process runs again 10 Optional Fr
27. radio frequency logs viewing and saving 164 management 140 obstructions 23 RIFS reduced interframe space transmission 131 135 roadmaps for configuration 42 44 212 ProSAFE Wireless Controller WC9500 rogue access points detecting and managing 108 viewing on the managed access point 180 192 on the wireless controller 174 185 RSSI received signal strength indication 148 RTS threshold 130 134 S scheduling channel allocation 139 firmware updates wireless controller 155 radio 126 security profiles configuring advanced profile groups 73 basic profile group 67 managing 64 viewing on the access point 179 192 viewing on the wireless controller 186 self healing 142 143 server licenses 54 service set ID SSID 68 74 session time out 159 SFP slots and LEDs described 12 13 shared key requirements RADIUS 207 signal strength 147 slots and ports 11 sniffer 200 SNMP enabling 157 soft reset 156 software minimum version for access points 15 multicast using for access point upgrade 168 upgrading wireless controller 153 spectrum analysis 23 SSID service set ID or wireless network name 68 74 Stack Master LED described 13 standalone mode access points autodiscovery 96 returning to 104 Status LED described 12 troubleshooting 198 subnet masks access point 103 DHCP server 52 wireless controller 50 support NETGEAR 18 syslog server 60 system alerts viewing and saving 163 system logs viewing and savi
28. the data frame is transmitted immediately if the packet size is larger than the specified value the transmitting station needs to send an RTS threshold packet to the receiving station and then should wait for the receiving station to return a Clear to Send CTS packet before sending the actual packet data Configure Wireless and QoS Settings 134 ProSAFE Wireless Controller WC9500 Setting Description Fragmentation Length 256 2346 Enter the size that specifies the maximum fragmentation length for data packets Packets larger than the specified fragmentation length are broken up into smaller packets before being transmitted The fragmentation length needs to be an even number Beacon Interval 100 1000 Aggregation Length 1024 65535 802 11n only AMPDU 802 11n only RIFS Transmission 802 11n only DTIM Interval 1 255 Enter the time interval for each beacon transmission that allows the access point to synchronize the wireless network Enter the maximum length of aggregated MAC protocol data unit AMPDU packets Larger aggregation lengths can lead to better network performance Aggregation is a mechanism used to achieve higher throughput Select the On radio button to allow the aggregation of several MAC frames into a single large frame to achieve higher throughput Enabling AMPDU can lead to better network performance Select the Off radio button to disable this option Select t
29. the managed access points remain in the Connecting state and do not enter the Connected state e Connected This status indicates normal operation e Not Connected The wireless controller cannot communicate with the access point at the configured IP address The wireless controller tries to log in to managed access points each minute If the error is temporary the status automatically changes to Connected If the error is prolonged verify the access point s IP address and network connectivity For more information see Problems with Access Points on page 202 Site Shows whether you designated the access point as a local or remote one e Local The access point is designated as a local e Remote The access point is designated as remote Group Name The default group is basic For information about changing the group for an access point see Edit Access Point Information on the Managed AP List on page 101 Capability The wireless modes that are supported by the access point Note Capability information lets you determine which access points are 802 11n mode capable but function in 802 11g mode 2 4ghz Mode The access point s wireless modes that function in the 2 4 GHz band 5ghz Mode The access point s wireless modes that function in the 5 GHz band Edit Access Point Information on the Managed AP List For each individual access point you can change the general information IP settings and VLAN settings you can switch between the
30. which includes the following external components AC power socket Attach the power cord to this socket There is no separate on off power switch Handle The handle allows for easy removal and insertion LED The LED is lit green when the power supply functions correctly If the LED is off power is not supplied to the power supply or there is a problem e Fans Two double fans each of which can be easily exchanged Bottom Panel with Product Label The product label on the bottom of the wireless controller s enclosure displays the default IP address default user name and default password as well as regulatory compliance input power and other information NETGEAR 36 RE ProSAFE Wireless Controller WC9500 PF th AR FURY ETE HR bg hes WC9500 HAART th FEA RSM EAE BY RE BEA PRS AT A DOEA TER Fh KR DEFAULT ACCESS OD http 192 168 0 250 10 cae name admin A password password 4h A Input Rating AC 100 240V 47 63Hz 5A max MAC SERIAL Laon F BS NETGEAR INC ch FRY ffi a Made in China 272 11858 01 Figure 4 Product label WC9500 Wireless Controller System Components A WC9500 wireless controller system consists of one or more wireless controllers and a collection of access points that are organized into groups based on location or network access The wireless controller system can include a single wireless controller a single wireless controller with a backup wireless
31. 103 DHCP server assignment 52 license server 55 multicast range 169 SNMP manager 158 syslog server 60 TFTP and FTP servers 155 wireless controller 50 IP settings access points 103 wireless controller 50 IP subnets access points 92 94 LAN 50 troubleshooting 202 K keys licenses 57 166 known rogue access points 110 L label bottom 14 LAN path troubleshooting 200 LAN port 12 LAN port LEDs described 13 troubleshooting 199 Layer 2 subnet access point autodiscovery 92 Layer 3 access point autodiscovery 91 96 LDAP server 79 86 88 114 LEDs front panel 11 startup procedure 39 troubleshooting 198 legacy 802 1x authentication 78 levels logging 59 licenses managing 165 167 211 ProSAFE Wireless Controller WC9500 number and types required 18 registering 54 57 load balancing 147 load balancing logs viewing and saving 164 local access points 91 98 101 location placement wireless controller 45 logs configuring 58 viewing and saving 159 MAC authentication 81 MAC authentication groups 84 managed AP list 100 managed status access points 101 management users adding 116 management VLANs 23 27 49 maximum burst length 146 maximum number wireless clients 147 memory partition 155 minimum and maximum contention window CwMin or CwMax 146 models access points supported 15 multicast firmware upgrade process 168 N neighboring clients viewing 184 network authentication 69 75
32. 111 Portal CONCEPIS 22 ciwastoighiedids sate Mase ta beeches oes 111 C nfig re a P fal sve rrsdi sanra niri roynt asu nae 113 Manage Users Accounts and Passwords s sssaaa seasea 116 Add a Management User 0 0 0 cee eee 116 Add a WiFi Client lt cis0 nd d lt caccaws aca ee ade aede Seed ease 118 Add a Captive Portal Account 0 0000 0a eee eee eee 119 Add a Captive Portal User 0 0 0 0 0 0 eee 120 Edit or Remove a User or Account 000 cece eee 122 Export a List of Users or AccountS 00000 eee ences 123 Chapter 8 Configure Wireless and QoS Settings Basic and Advanced Wireless and QoS Configuration Concepts 125 Configure heiRadlOs s2 4002818226e pases tee ce a a 126 Configure the Radio for the Basic Profile Group 126 Configure the Radio for an Advanced Profile Group 127 Configure Wireless Settings 0 0c eee eee eee 128 Configure Wireless Settings for the Basic Profile Group 128 Override Channel and Transmission Power in the Basic Profile Group131 Configure Wireless Settings for an Advanced Profile Group 133 Override Channel and Transmission Power in an Advanced Profile GrOUD si serora rss bed akeri arene nee bern e a REEN 135 Configure Channels sc 2 waste caw de reroigriedvendsgi ii Bikiinid 137 Specify RF Management 0 0 0 cece eee 140 WLAN HeGliNG c21cteuyvaceriindde ceed bege aad phe a
33. 573 184549435 23 46 17 94303 578 184549436 23 48 17 94363 lt lt lt lt lt ap_mgr_lock_mac_addd6 07 2c 70 7e Client mac 20 d6 07 2c 70 7e gt Stacking Insert client 20 d6 07 2 70 7e Client mac 20 d6 07 2c 70 7e Client mac 20 d6 07 2 70 7e stm_update_client_ip2 for client mac 20 Client mac 20 d6 07 2c 70 7 Sent Disdssoc Event from AP cO 3 0e 7b 24 80 Client mac 20 d6 07 2 70 7e Deleted client 20 d6 07 2c 70 7e Deleted client 20 d6 07 2 70 7e Client mac 20 46 07 2c 70 7e Client mac 20 d6 07 20 70 7e stm_proc_update client _infolient mac 20 d6 07 2c 70 7e Client entry Fetch Reassoc 20 d6 07 2c 70 7e Client MAC 20 d6 07 2 70 7e lt lt lt lt lt ap_mgr_lock_mac_addd6 07 2 70 7e Client mac 20 d6 07 2c 70 7 s80 16777297 23 48 17 97621 584 16777297 23 48 17 97665 589 184549421 23 48 17 97772 607 16777304 23 48 18 384368 616 16777292 23 48 18 389794 619 16777399 23 48 18 389817 77621 16777297 23 48 18 389829 630 164549437 23 48 18 391260 648 184549401 23 48 25 66179 657 16777297 23 46 25 68731 659 184549435 23 46 26 67261 664 184549436 23 46 26 67302 lt Insert client 20 d6 07 2 70 7e Sent DisAssoc Event from AP cO 3f 0e 7b 26 d0 Client mac 20 d6 07 2 70 7 Deleted client 20 d6 07 2 70 7e Deleted client 20 d6 07 2c 70 7e 4 4 4 4 4 4 4 4 4 4 4 4 579 16777296 23 48 17 97551 4 disassoc timer fired for client 20 d6 07 2c 70 7e 4
34. 86 e7 00 8 Doc 17 netgear992948 WNDAP360 2c b0 5d 98 29 40 9 Most Active Clients Most Active SSIDs Monitor the Wireless Network and Its Components 173 ProSAFE Wireless Controller WC9500 The following table describes the fields of the Network Status Wireless Clients Most Active APs Most Active Clients and Most Active SSIDs tables of the screen The Controller Info section is self explanatory Item Description Network Status Total Up The total number of managed devices that are running correctly Down The total number of managed devices that cannot be pinged Critical The wireless controller can ping these managed devices but either cannot log in or has detected that these devices are different from the ones that were configured The number of managed devices for which the configuration differs from the one that is set on the wireless controller This situation occurs most likely because the device runs outdated firmware or the wireless controller changed the configuration while the device was down or Offline Wireless Clients Open The number of wireless clients that are connected to managed access points using security profiles configured with open mode WEP The number of wireless clients that are connected to managed access points using security profiles configured with WEP WPA The number of wireless clients that are connected to managed access points using security profiles conf
35. Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal gt Basic Schedule v Advanced gt Radio On Off Group 1 Group 2 Group 3 Wireless QoS Settings Current Time Thu Feb 14 22 44 07 PST 2013 RF Management Schedule Radio On Off Oon off Schedule at in v t s s Schedule On o oo v Duration ins 0 CANCEL APPLY 2 Click the tab for the profile group for which you want to configure the radio 3 Configure the settings as described in the following table Setting Description Current Time This is a nonconfigurable field that displays the current time for the wireless controller Schedule Radio On Off You can specify either when the radio is on by selecting the On radio button or when it is off by selecting the Off radio button Schedule at From the menus specify the time hours and minutes when you want to turn the radio either on or off Schedule On Select the check boxes for each day of the week that you want to schedule the radio to be either on or off Duration From the menus specify the duration in hours and minutes that the radio should be either on or off 4 Click Apply Configure Wireless and QoS Settings 127 ProSAFE Wireless Controller WC9500 Configure Wireless Settings During initial setup you entered your country and region in the General Settings screen see Configure General Settings
36. J Authentication Server O allow Deny Ragenced Treat ACL as gt Selected Wireless Clients DELETE ADD Available Wireless Clients MAC Address adl MAC Address ull 00 00 11 11 22 25 00 bb 14 dc 22 3e 00 3d 14 de 2a bb CANCEL APPLY IMPORT Note As an option you can import a list of MAC addresses from a file For more information see the next section 2 Next to Trust ACL as select one of the following radio buttons e Allow Network access is granted to the clients for which the MAC addresses are listed in the Selected Wireless Clients list e Deny Network access is denied to the clients for which the MAC addresses are listed in the Selected Wireless Clients list Manage Security Profiles and Profile Groups 82 ProSAFE Wireless Controller WC9500 3 Add wireless clients to the Selected Wireless Clients list through one of the following methods The MAC address that you want to add is in Available Wireless Clients list which contains wireless stations that are present in the vicinity of the access point a Select the MAC address from the Available Wireless Clients list b Click Move The MAC address that you want to add is not in Available Wireless Clients list a Enter the MAC address in the MAC Address field b Click Add 4 Click Apply gt To remove a MAC address from the Selected Wireless Clients list 1 Select the check boxes that correspond to the MAC addresses that you want to remove
37. MAC addresses model numbers names and other information for the managed access points gt To view the status and other information for managed access points Select Access Point gt Managed AP List The Managed AP List screen displays Because this is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics gt Discovery Wizard Managed AP List gt Managed AP List p Search 192 168 0 145 c0 3f 0e 7b 26 d0 WNAP210 netgear7B2608 Connected 192 168 0 146 c0 3f 0e 7b 24 80 WNAP210 netgear7B2488 Connected 192 168 0 144 c4 3d c7 31 06 60 WNDAP360 netgearA10668 Connected Group Name Capability 2 4ghz Mode 5ghz Mode Select basic 802 11bgn basic 802 11bgn basic 802 11bgn 802 11a REMOVE EDIT REFRESH Discover and Manage Access Points 100 ProSAFE Wireless Controller WC9500 The Managed AP List screen shows the following entries for each access point that you added to the list Item Description IP The IP address of the access point MAC The MAC address of the access point Model The model of the access point Name The name of the access point Status Shows one of the following status options e Authentication in progress This status can last several minutes e Applying configurations e Firmware upgrade e AP is rebooting e Connecting Make sure that there is a DHCP server enabled in the network otherwise
38. Page menu Maintain the Wireless Controller and Access Points 162 ProSAFE Wireless Controller WC9500 Each screen lets you refresh the alerts or events export the alerts or events and clear the alerts or events from the screen and from the memory e To display the latest alerts or events onscreen click Refresh e To clear all alerts or events from the screen and from memory click Clear All NETGEAR recommends that you save the logs or alerts before you clear them e To save the alerts or events a Click Export b Follow the directions of your browser to save the alerts or events to your computer View the Alerts and Events Screens There are separate screens to view the system alerts RF events load balancing events and rate limit events To view system alerts Select Maintenance gt Logs amp Alerts gt System Alerts The System Alerts screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management gt System Alerts System Alerts RP Events gt Load Balancing gt Rate Limit gt Redundancy gt Stacking gt Logs Search Severity Major Major Major Major Major Normal Major Major Major Normal Major Major Major es 99 99 Description Access Point NAME netgear782498 IP 192 168 0 154 MAC 0 3 0e 7b 24180 MODEL WNAP210 UP Access Point NAME netgear762488 IP 19
39. The following figure shows an example of the Configuration gt Security gt Basic submenu on the left and the Configuration gt Security gt Advanced submenu on the right Access Point Configuration Access Point Configuration System Wireless System Wireless Basic gt Rogue AP Advanced gt MAC ACL gt Rogue AP Authentication MAC ACL Server Authentication gt Advanced Server Figure 5 Basic and advanced submenus System Planning and Deployment Scenarios 20 ProSAFE Wireless Controller WC9500 Before you start the configuration of your wireless controller decide whether you can use a basic configuration that is follow the Basic submenus or need to use an advanced configuration that is follow the Advanced submenus Once you have made your choice configuring the wireless controller should be fairly easy if you consistently follow either the Basic submenus or the Advanced submenus Profile Group Concepts Each access point can support up to eight security profiles 16 for dual band access points each with its own SSID security settings MAC ACL rate limiting settings WMM and so on The wireless controller follows the same architecture A profile group on the wireless controller includes all the features that you can configure for an individual access point up to eight profiles 16 for dual band access points each of which has its own SSID security MAC ACL rate limiting settings
40. There are two types of reset Hard reset The settings of the wireless controller are restored to factory default settings This reset has the same function as the Reset button on the front panel e Soft reset Saves the IP and VLAN addresses and managed access point list but clears all other settings such as profiles profile groups and authentication servers Note Restoring the factory default settings of the wireless controller does not restore the settings of the access points that are managed by the wireless controller gt To reboot the wireless controller 1 Select Maintenance gt Reboot Reset gt Controllers The Reboot Reset Controllers screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Extended Storage Remote Management Logs amp Alerts gt Controllers Reboot Reset Controllers Access Points Reset Reboot reboot Oreset Reset type hard soft CANCEL APPLY 2 Select the reboot radio button 3 Click Apply The wireless controller reboots The reboot process is complete after several minutes when the Status LED on the front panel turns green Maintain the Wireless Controller and Access Points 156 ProSAFE Wireless Controller WC9500 gt To reset the wireless controller 1 Select Maintenance gt Reboot Reset gt Controllers The Reboot Reset Controllers screen displays 2 Select the reset radio bu
41. User Name Type JohnD_415 PEAP MaryJ_446 PEAP 3 Click Add The Add User pop up screen displays Add User User Name Password Confirm Password Authentication Type EAP y CANCEL APPLY Manage Rogue Access Points Guest Network Access and Users 118 ProSAFE Wireless Controller WC9500 4 Configure the client settings as described in the following table Setting Description User Name Enter a unique user name Only alphanumerical characters and underscore characters _ are supported Password Enter a password in the Password field Confirm the password in the Confirm Password field Authentication Type From the menu select one of the following protocols e EAP Extensible Authentication Protocol e PEAP Protected EAP 5 Click Apply The client is added to the table on the User Management screen Add a Captive Portal Account You can add a captive portal account when you have configured a captive portal but not when you have configured a guest portal For information about configuring a portal see Configure a Portal on page 113 gt To add a captive portal account 1 Select Maintenance gt User Management The User Management screen displays with the Management tab and associated screen in view 2 Click the Captive Portal Account tab The Captive Portal Account screen displays The following figure contains some account examples Access Point Configuration Moni
42. Wizard 3 Select and add the access points that you want to be managed by the wireless controller to the managed list Note By default all access points are added to the basic group and all settings from the basic group profile definition client authentication authentication settings and wireless QoS are applied to the access points Scenario Example 2 Advanced Network with VLANs and SSIDs The following sample scenario consists of an advanced network with a wireless controller PoE switch Layer 3 switch or router access points and several VLANs and SSIDs These are the VLANs in the wireless controller system VLAN 1 the default untagged VLAN to access the wireless controller VLAN 10 a tagged client VLAN VLAN 20 another tagged client VLAN VLAN 100 a tagged management VLAN System Planning and Deployment Scenarios 31 ProSAFE Wireless Controller WC9500 Management VLAN 100 Ethernet traffic Client VLAN 10 Ethernet traffic SSID 1 Client VLAN 20 Ethernet traffic Client VLAN 10 H 7 P WNDAP360 l l 4 Backend L3 switch or router eee i ee e Internet WHDAPSEO SSID 2 Client VLAN 20 Figure 10 Example Advanced network with VLANs and SSIDs The access points and wireless controller are connected in the same subnet and same VLAN and use the same IP address range that is assigned for that subnet There are no routers between t
43. a newer version upgraded Back Up the Configuration File Once the wireless controller is installed and works correctly make a backup of the configuration file to a computer If necessary you can later restore the wireless controller settings from this file gt To back up the configuration file and save a copy of the current settings 1 Select Maintenance gt Backup Restore The Backup Restore screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Reboot Reset Extended Storage Remote Management Logs amp Alerts gt Backup Restore Backup Restore oO i Backup Backup a copy of the current settings to a file BACKUP Restore Restore saved settings from a file CANCEL APPLY 2 Click the Backup button A dialog box displays showing the file name of the backup file The backup file has the following format backup tar gz 3 Follow the instructions of your browser to save the configuration file Maintain the Wireless Controller and Access Points 152 ProSAFE Wireless Controller WC9500 Restore the Configuration File Restore only settings that were backed up from a WC9500 wireless controller You cannot restore settings on a WC9500 wireless controller that were backed up from a WC7520 wireless controller To restore the configuration file from a backed up file 1 Select Maintenance gt Backup Restore The Backup Restore screen
44. advanced Profile Group screen lets you create up to eight profile groups For each profile group you can create and configure up to eight security profiles per wireless radio eight profiles for a single band access point 16 profiles for a dual band access point Separate profiles are applied to 802 11b bg ng mode and 802 11a na mode radios By default all access points are assigned to the basic profile group After you have created advanced profile groups you can use the WLAN Network screen to reassign access points to any of these advanced profile groups see Assign Access Points to Advanced Profile Groups on page 104 gt To add an advanced profile group 1 Select Configuration gt Profile gt Advanced gt Radio Manage Security Profiles and Profile Groups 71 ProSAFE Wireless Controller WC9500 The Profile Groups screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security WLAN Network Captive Portal Profile Groups Basic v Advanced Click to add another profile group gt Radio Group 1 Group 2 Group 3 ts P g P Rate Limit Name Radio Authentication Bidi_Upper_Floor 802 11b bg ng WPA PSK amp WPA2 PSK Bldi_Lower_Floor 802 11b ba ng WPA PSK amp WPA2 PSK Bldi_Library 802 11b bg ng Open System Bldi_Upper_Floor_na 802 i1a na WPA PSK amp WPA2 PSK Bldi_Lower_Floor_na 802 11a na WPA PSK amp WPA2 PSK CANCEL DELETE EDIT APPLY 2 To add
45. an advanced profile group and configure the security profile 1 Select Configuration gt Profile gt Advanced gt Radio The Profile Groups screen displays 2 Click Edit The Edit Profile Group X screen displays 3 Click the tab for the radio that for which you want to add a profile 4 Click the button to add the profile to the selected advanced profile group The Add Profiles pop up screen displays ADD Profiles Clone an existing Profile O Profiles NG_119 31 CANCEL ADD 5 Optional Clone an existing profile a Select the Clone an existing Profile check box b Select a profile from the Profiles menu 6 Click Add The newly created profile displays onscreen and the tab for the new profile is automatically selected to let you configure the new profile Note The selections that are available from the Network Authentication menu are affected by the authentication server settings that you specify on the Authentication Server screen For more information see Manage Authentication Servers and Authentication Server Groups on page 85 If your selection from the Network Authentication menu requires authentication a corresponding Authentication Server field displays Manage Security Profiles and Profile Groups 73 ProSAFE Wireless Controller WC9500 Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security WLAN Network Captive Portal Basic Edit Profile Group 3 Adv
46. client The transmit rate in Mbps of the wireless client Tx Bytes The number of bytes that the wireless client transmitted Rx Rate The receive rate in Mbps of the wireless client Rx Bytes The number of bytes that the wireless client received Tx packets The number of packets that the wireless client transmitted Rx Packets The number of packets that the wireless client received 3 Click Cancel The Client Details screen closes and the Local Client List screen displays again Monitor the Wireless Network and Its Components 196 Troubleshooting This chapter includes the following sections Troubleshoot Basic Functioning Troubleshoot the Web Management Interface Troubleshoot a TCP IP Network Using the Ping Utility Use the Reset Button to Restore Default Settings Problems with Date and Time Problems with Access Points Use the Diagnostic Tools on the Wireless Controller 197 ProSAFE Wireless Controller WC9500 Troubleshoot Basic Functioning After you turn on power to the wireless controller the following sequence of events should occur 1 When power is first applied verify that the Power LED is lit green and that the Status LED is lit yellow 2 After approximately two minutes verify the following a The Status LED is lit green b The left Ethernet port LED is lit for any local port that is connected If the port s left LED is lit a link has been established to the connected device I
47. controllers and the PoE switches to which the access points are connected The core switch provides Internet access This network configuration has the following prerequisites e VLAN 1 is configured on the wireless controllers core switch and PoE switches This VLAN is untagged e VLANs 10 20 and 30 are configured on the wireless controllers core switch and the PoE switch in Building 1 These VLANs are tagged e VLANs 1 10 20 30 and 40 are configured on the wireless controllers core switch and PoE switches Except for VLAN 1 these VLANs are tagged System Planning and Deployment Scenarios 35 ProSAFE Wireless Controller WC9500 gt To provision the wireless controller Step Configuration Web management interface path 1 Configure the basic system settings ie Configure the country code of operation Configuration gt System gt General 2 Configure the time settings Configuration gt System gt Time Configure the IP address of wireless controller Verify that VLAN 1 is set as the management VLAN and is marked as untagged By default VLAN 1 an untagged management VLAN Configuration gt System gt IP VLAN 2 Configure the following profiles and configure network authentication and data encryption for these profiles 1 A profile with SSID 1 and VLAN 10 ajA Jj N A profile with SSID 2 and VLAN 20 A profile with SSID 2 and VLAN 30 A profile with
48. e WiFi Clients e Captive Portal Account e Captive Portal Users Click Export The selected list is opened or saved as a zipped CSV file to a location that you specify Follow the directions of your browser to complete the procedure Manage Rogue Access Points Guest Network Access and Users 123 Configure Wireless and QoS Settings This chapter includes the following sections Basic and Advanced Wireless and QoS Configuration Concepts Configure the Radio Configure Wireless Settings Configure Channels Specify RF Management Configure QoS for Advanced Profile Groups Configure Load Balancing Configure Rate Limiting 124 ProSAFE Wireless Controller WC9500 Basic and Advanced Wireless and QoS Configuration Concepts It is important to know how to configure your network and decide which configuration model better fits your needs basic or advanced Once you follow one it is easy to use the same configuration model for the wireless and Quality of Service QoS settings Before you configure the wireless settings read Basic and Advanced Setting Concepts on page 20 e Basic wireless settings If you use the basic configuration model the following wireless and QoS settings apply to all profiles in the basic profile group Basic radio on off schedule Basic wireless settings for each radio in the basic profile Basic RF management Basic rate limiting for each radio in the basic profile e Advanced wireless settings
49. eee 60 Configure Alarm Notification Settings 0 00000 eee 61 Configure the Email Notification Server 00 cece eee 62 Chapter 5 Manage Security Profiles and Profile Groups Wireless Security Profile Concepts 0 00000 cece ee eeeee 64 Small WLAN Networks 00 0000 cece cee tee 64 Larger WLAN Networks 0 0000 00 cece e eee 65 Profile Naming Conventions 0 000 00 e eee eee 65 Considerations Before You Configure Profiles 65 Basic and Advanced Security Configuration Concepts 66 Configure Security Profiles for the Basic Profile Group 67 Configure Profiles in the Basic Profile Group 67 Edit and Remove Profiles in the Basic Profile Group 70 Configure Security Profiles for Advanced Profile Groups 71 Advanced Profile GroupsS as cried eresi br eee n bed ee ee nee es 71 Configure Profiles in an Advanced Profile Group 78 Edit and Remove Profiles in an Advanced Profile Group 76 Network Authentication and Data Encryption Options 77 Manage MAC Authentication and MAC Authentication Groups 81 Guidelines for External MAC Authentication 81 Configure Basic Local MAC Authentication Settings 82 Configure Local MAC Authentication Groups 84 Manage Authentication Servers and Authentication Serve
50. eight seconds until the Status LED turns on and begins to blink 2 Release the Reset button The reboot process is complete after several minutes when the Status LED on the front panel goes off Note After restoring the factory default configuration the wireless controller s default LAN IP address is 192 168 0 250 the default login user name is admin and the default login password is password Troubleshooting 201 ProSAFE Wireless Controller WC9500 Problems with Date and Time The Time Settings screen displays the current date and time of day see Manage the Time Settings on page 48 The wireless controller uses the Network Time Protocol NTP to obtain the current time from one of several network time servers on the Internet Each entry in the log is stamped with the date and time of day When the date shown is January 1 2000 the wireless controller has not yet successfully reached a network time server Verify that the wireless controller can reach the Internet If you have just completed configuring the wireless controller wait at least five minutes and check the date and time again Problems with Access Points If you encounter access point discovery or connection problems the information in this section might help you to resolve these problems Discovery Problems If the wireless controller does not discover any or all access points check the following For all access points e Make sure that the wireless cont
51. enable O disable Use Custom NTP Server Hostname IP Address 192 168 0 238 2 Configure the settings as described in the following table Description Time Zone From the menu select the local time zone for your country or region Current Time This is a nonconfigurable field that displays the current time at your location NTP Client Select the Enable radio button to use a Network Time Protocol NTP server to synchronize the clock of the wireless controller and managed access points Select the Disable radio button if you do not want to use an NTP server Use Custom NTP Server Select this check box if you want to use an alternate NTP server By default the NETGEAR NTP server is used Hostname IP Address Enter the host name or IP address of the NTP server if you are using a custom NTP server 3 Click Apply Configure the System and Network Settings and Register the Licenses 48 ProSAFE Wireless Controller WC9500 IP and VLAN Settings The IP Settings screen lets you configure the management IP address and VLAN settings of the wireless controller Management VLAN Concepts Management VLANs are used for all SNMP and HTTP traffic to and from the wireless controller and managed access points For large deployments NETGEAR recommends that the wireless controller and access points are in separate VLANs to ensure uninterrupted connectivity between the wireless controller and the access points The w
52. following table lists the authentication methods available with their corresponding encryption options Table 2 Authentication and encryption options Authentication Method Encryption Option Authentication Server Open System 64 bit 128 bit or 152 bit WEP None Shared Key 64 bit 128 bit or 152 bit WEP None WPA PSK TKIP or TKIP AES None WPA2 PSK AES or TKIP AES None WPA PSK and WPA2 PSK TKIP AES None WPA TKIP or TKIP AES One of the following authentication servers e External RADIUS server e Internal authentication server e External LDAP server WPA2 AES or TKIP AES One of the following authentication servers e External RADIUS server e Internal authentication server e External LDAP server WPA and WPA2 TKIP AES One of the following authentication servers e External RADIUS server e Internal authentication server e External LDAP server For information about how to configure client authentication data encryption and authentication servers see Chapter 5 Manage Security Profiles and Profile Groups System Planning and Deployment Scenarios 25 ProSAFE Wireless Controller WC9500 High Level Configuration Examples This section includes the following subsections e Single Controller Configuration with Basic Profile Group e Single Controller Configuration with Advanced Profile Groups Single Controller Configuration with Basic Profile Group A basic configuration consists of a sing
53. gt Access Point gt Clients Select MAC SSID Channel Privacy Last Beacon Category Known UnKnown Name Search gt Neighboring 00 1a dd 00 28 00 NETGEAR _11ng 8 Unsecured Thu Feb 14 18 20 18 2013 Neighbor AP Unknown Clients O gt Neighbor AP gt Profiles gt DHCP Lease gt Captive Portal 60 33 4bieSiSdich SimplePresenceNetvork 3 Secured Thu Feb 14 18 20 18 2013 Neighbor AP Known REFRESH LOCATE The following table describes the fields of the Rogue AP table Item Description Select The radio button that lets you select the access point MAC The MAC address of the rogue access point SSID The wireless network SSID that the rogue access point is using Channel The channel that the access point is using Privacy The security of the access point Secured or Unsecured Last Beacon The last beacon that the access point transmitted Category The category that the access point belongs to Neighbor AP or Rogue AP Known Unknown The status of the access point Known or Unknown Name The name of the access point if a name is assigned Monitor the Wireless Network and Its Components 185 ProSAFE Wireless Controller WC9500 View Security Profiles Managed by the Wireless Controller The Profiles screen lets you monitor all security profiles on the access points that are managed by the wireless controller gt To view the Profiles screen Select Monitor gt Controller gt Profile
54. information NETGEAR WC9500 C with h on i os ProSafe Wireless LAN Controller Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary Network Status Wireless Clients Controller Info gt Usage Total Alarms Open WEP WPA WPA2 Firmware Version 3 0 0 82_1116 gt Access Point Device Up Down Critical Major 0 o Controller Uptime 5 hours 35 mins 59 secs Clients 129 gt Clien as Polnts Last Reboot Mon Apr 8 11 29 00 2013 gt Neighboring eee Last Configuration Change Mon Apr 8 16 52 10 2013 Clients Last Channel Allocation Mon Apr 8 15 33 00 2013 Neighbor AP Last Admin Login Mon Apr 6 17 04 34 2013 gt Profiles Semen Most Active APs gt Captive Portal fi Most Active Clients Most Active SSIDs oon Name Model MAC Clients MAC SSID Usage KBytes SSID Clients netgesr36E7AS WNDAP350 20 4e 7f 86 e7 80 3 Docs 17 netgear992948 WNDAP360 2c b0 5d 98 29 40 9 For information about the network status and related information see View the Wireless Controller Summary Screen on page 173 For information about the layout and general characteristics of the web management interface see the following section Web Management Interface Layout Installation and Configuration Overview 40 ProSAFE Wireless Controller WC9500 Web Management Interface Layout The following figure shows the menus at the top and the left of the wireless controller s web ma
55. internal and external antenna if the access point supports an external antenna and you can enter location information gt To edit the information for an access point on the Managed AP List 1 Select Access Point gt Managed AP List The Managed AP List screen displays Discover and Manage Access Points 101 ProSAFE Wireless Controller WC9500 2 Select the access point that you want to edit by selecting its radio button in the Edit column of the Managed AP List 3 Click Edit The Edit Access Point screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics gt Discovery Wizard gt Managed AP List Edit Access Point Access Point Info Name Model Group IP Settings DHCP IP Address Subnet Mask Default Gateway Primary DNS Server Secondary DNS Server VLAN Settings Management LAN Untagged LAN Wireless Settings Antenna Plan Settings Site Building Floor Location netgearA10668 WNDAP360 basic v enable disable 192 168 0 144 255 255 255 0 192 168 0 1 Internal v Local Building 1 Floor 1 v CANCEL BACK 4 Configure the settings as described in the following table setting Description S O Access Point Info section Enter a unique value that indicates the access point name By default the name is netgearxxxxxx where xxxxxx represents the last 6 hexadecimal digits of the access points MAC address You can c
56. number of wireless clients that can connect to each radio of an access point at one time You can select a value of 64 to allow the maximum number that is supported by a radio of an access point RSSI Drag the slider to specify or enter the minimum signal quality in percentage 0 to 75 percent expected from the wireless clients that connect to the access points A value of 0 means that this check is not enforced and load balancing is disabled 4 Click Apply Configure Rate Limiting The available bandwidth is determined by the number of errors during transmission and the time that a packet spends in the transmission queues Within a profile group including the basic profile group you configure rate limiting separately for each wireless radio 2 4 GHz and 5 GHz Within a profile group for each wireless radio rate limiting needs to add up to a maximum of 100 percent It can be less than 100 percent For example within one profile group if four profiles use the 802 11b bg ng mode and two profiles use the 802 11a na mode you create one rate limiting configuration for the four profiles that use the 802 11b bg ng mode and another rate limiting configuration for the two profiles that use the 802 11a na mode The combined percentages of the four profiles that Configure Wireless and QoS Settings 148 ProSAFE Wireless Controller WC9500 use the 802 11b bg ng mode cannot exceed 100 percent similarly the combined perc
57. of the discovery process When the discovery process is finished the total number of access points is displayed and the table shows the access points that were discovered For each access point the table includes the model number IP address MAC address and site 4 Optional Enter information in the Search field to find an individual access point 5 Review the discovery results to make sure that all the access points are listed Discover and Manage Access Points 93 ProSAFE Wireless Controller WC9500 The effectiveness of the discovery process depends in part on how the access points on your LAN are set up If each access point is configured with a unique IP address and is running current firmware discovery is usually simple If the discovery results are not what you expect check the following e Access points that are already managed by the wireless controller are not in the discovery list To view the Managed AP List select Access Point gt Managed AP List e The access points might be in a different IP network For information about how to discover access points in a different subnet see Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks on page 96 e Access points that are in factory default mode but across a router are not detected For information about how to discover access points across a router see Access Points Installed and Working in Standalone Mode in Different Layer 3 N
58. on page 47 Based on your location and environment the wireless controller determined the best wireless settings for the discovered access points and pushed these settings to your managed access points IMPORTANT Unless your network and environment require that you use other wireless settings NETGEAR recommends that you leave the wireless settings as they are Typically the default wireless settings do not need adjustment Override the wireless settings only if there is a specific need such as a phone vendor that specifies a setting different from the default You can configure wireless settings for the basic profile group and for advanced profile groups see Configure Wireless Settings for an Advanced Profile Group on page 133 Configure Wireless Settings for the Basic Profile Group There are two requirements for you to be able to configure the wireless settings on the Basic Wireless Settings screen e You need to disable automatic channel allocation for the radio on the Channel Allocation screen For information about channel allocation see Configure Channels on page 137 e There needs to be at least one access point assigned to the profile group for the radio for which you want to configure the wireless settings gt To configure wireless settings for the basic profile group 1 Select Configuration gt Wireless gt Basic gt Wireless Configure Wireless and QoS Settings 128 ProSAFE Wireless Controller WC9500
59. point profile groups also Configuration gt WLAN Network referred to as WLAN groups Building 1 and Building 2 System Planning and Deployment Scenarios 37 Installation and Configuration Overview This chapter includes the following sections Initial Set up and Log in e Web Management Interface Layout Roadmap for Initial Configuration Roadmap for Configuring Management of Your Wireless Network e Choose a Location for the Wireless Controller e Deploy the Wireless Controller 38 ProSAFE Wireless Controller WC9500 Initial Set up and Log in To set up and log in to the wireless controller follow the steps in this section You can also access the ProSAFE Wireless Controller WC9500 Installation Guide that you can download from http support netgear com product WC9500 Note To log in to the wireless controller you need to use a web browser such as Microsoft Internet Explorer 8 or later or Mozilla Firefox 18 or later or Google Chrome 24 or later with JavaScript cookies and SSL enabled gt To set up and log in to the wireless controller 1 Connect the wireless controller to your computer a Configure a computer with a static IP address of 192 168 0 210 and 255 255 255 0 as the subnet mask b Connect the wireless controller to the computer through the network or directly to the wireless controller s Ethernet port c Connect the power cord from the wireless controller to an AC power
60. read only access to the wireless controller s web management interface a user who can provision captive portal users only and a user who can manage licenses only gt To adda management user 1 Select Maintenance gt User Management Manage Rogue Access Points Guest Network Access and Users 116 ProSAFE Wireless Controller WC9500 The User Management screen displays with the Management tab and associated screen in view The following figure contains some account examples Access Point Configuration Monitor Maintenance Stacking Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt User Management User Management Management WiFi Clients Captive Portal Account Captive Portal Users User Name User Type admin Administrator guest Read Only PeterBrown Guest Provisioning LicenseAdmin License Management Only EDIT REMOVE EXPORT 2 Click Add The Add User pop up screen displays Add User User Name User Type Administrator Password Confirm Password CANCEL APPLY 3 Configure the user settings as described in the following table Setting Description User Name Enter a unique user name Only alphanumerical characters and underscore characters _ are supported User Type From the menu select the type of user which determines the users s access to the wireless controller s web management interface e Administr
61. sample scenario consists of a simple network with a wireless controller PoE switch Layer 3 switch or router and access points Internet Management VLAN Ethernet traffic All client Ethernet traffic Network printer w ETCEAR aa Sass aw Backend L3 switch or router Deploy the wireless controller on a trunk port if you use the internal DHCP server PoE Switch Access point Wireless controller WC9500 Marketing computer computer Employee Employee computer computer Figure 9 Example Basic network with a single VLAN System Planning and Deployment Scenarios 29 ProSAFE Wireless Controller WC9500 The access points and wireless controller are connected in the same subnet and use the same IP address range that is assigned for that subnet There are no routers between the access points and the wireless controller The access points are connected to a PoE switch which in turn is connected to the wireless controller The uplink of the PoE switch connects to a Layer 3 switch or router that provides Internet access gt To provision the wireless controller Step Configuration Web Management Interface Path Configure the system and network settings of the wireless controller 1 2 Configure the country code of operation Configure the time settings Configuration gt System gt General Configuration gt System gt Ti
62. the Monitoring Screens e Monitor the Wireless Controller e Monitor the SSIDs e Monitor Local Clients Note The information that is shown in the figures in this chapter is not always consistent That is the information in one figure might be fora different network configuration than the information in another figure 171 ProSAFE Wireless Controller WC9500 Common Tasks on the Monitoring Screens The monitoring screens display read only status information of the network that is managed by the wireless controller The following sections describe common tasks that you can perform on many monitoring screens Sort a Table You can sort a table on any column header that has a double triangle icon or single triangle icon placed to the right of it gt To sorta table Click a double triangle icon or single triangle icon next to a column header Search a Table Most monitoring screens provide a Search field that lets you search a table on any information that is listed in the table gt To search a table In the Search field enter the information that you are looking for such as an IP address MAC address name or anything else There is no Search button to click Navigate through a Table Tables on the monitoring screens can extend over multiple pages The progress bar eS shows only when many components such as access points or clients are retrieved and require two or more pages to be displayed You can n
63. the Station EDCA parameters e Data 0 Best Effort 0 e Data 1 Background 0 e Data 2 Video 3008 e Data 3 Voice 1504 5 Click Apply Configure Load Balancing Load balancing allows the wireless controller to distribute access point clients the load equally among the access points that it manages You configure load balancing per type of access point model and per radio By default load balancing is disabled When a client discovers an access point using probe requests or sends association frames the access point determines whether to accept the client based on the number of clients that are already connected the signal strength of the clients that are already connected and the signal strength of the client that attempts to connect The wireless controller performs load balancing based on the following criteria Maximum number of clients If more than the maximum number of clients per access point attempt to associate the clients are pushed to another access point When you want a good distribution of clients between the access points set the maximum number of clients to a low value compared to for example the total number of clients in an office or on a floor Signal strength or RSSI Signal strength determines speed For a client that is far away from an access point the data rate is much lower than for a client that is in closer proximity to the access point The distant client requires more time to tran
64. the Wireless Controller e Neighboring Clients See View Neighboring Clients Detected by the Wireless Controller e Neighboring APs See View Neighboring Access Points Detected by the Wireless Controller e Profiles See View Security Profiles Managed by the Wireless Controller e DHCP Lease See View DHCP Leases Provided by the Wireless Controller e Captive Portal Users See View Captive Portal Users Managed by the Wireless Controller View the Wireless Controller Summary Screen The Summary screen provides an overview of the activity on the wireless controller When you log in to the web management interface the Summary screen displays gt To view the Summary screen Select Monitor gt Controller gt Summary Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary Network Status Wireless Clients Controller Info gt Usage Total gt Access Point Alarms Open WEP WPA WPA2 Firmware Version 3 0 0 862_1116 Device up Down Critical Major 0 Controller Uptime 5 hours 35 mins 59 secs gt Clients z Last Reboot Mon Apr 8 11 29 00 2013 gt Neighboring Last Configuration Change Mon Apr 8 16 52 10 2013 Clients Last Channel Allocation Mon Apr 8 15 33 00 2013 gt Neighbor AP Last Admin Login Mon Apr 8 17 04 34 2013 gt Profiles P 2 DNET ase Most Active APs gt Captive Portal Name Model MAC Clients MAC SSID Usage KBytes SSID Clients netgearS6E7AS WNDAPSSO 20 4e 7f
65. the menu select the maximum number of neighboring access in Self healing points that increase or decrease power to cover for a failing access point Selecting 0 zero disables this feature Use close neighbors not a distant access point and do not use all access points Configure Wireless and QoS Settings 143 ProSAFE Wireless Controller WC9500 setting Deseripton S O Self healing wait Time after AP From the menu select the number of minutes to validate that is wait Failure before confirming a failed access point and increasing transmit power to cover the area Enter a value greater than the access point reboot time which is usually one minute This allows for fluctuations in the power of nearby access points when access points are rebooted Coverage Hole Detection Periodic Coverage Hole Detection Select the enable radio button to allow coverage hole detection to run in the background periodically Select the disable radio button to disable this option Alert Severity for Coverage Hole Select a radio button to specify the type of alarm severity to be associated with a coverage hole detection event on the Logs amp Alerts screen e Critical e Major For more information see Configure Alarm Notification Settings on page 61 4 Click Apply Configure QoS for Advanced Profile Groups Quality of Service QoS works by default for the advanced profile groups Change QoS only if there is a r
66. the radio for which you want to configure rate limiting 3 For each profile on a wireless radio specify the rate limit as a percentage You can drag the sliders to adjust the values in the rate limit fields to the right of the sliders Make sure that the total percentages of all profiles on one wireless radio do not exceed 100 percent 4 Click Apply Configure Wireless and QoS Settings 149 ProSAFE Wireless Controller WC9500 Rate Limiting for an Advanced Profile Group For each profile group and for each radio mode 802 11b bg ng mode and 802 11a na mode rate limiting per profile adds up to a maximum of 100 percent It can be less than 100 percent There is a tab for each group and for each wireless radio mode gt To configure rate limiting for an advanced profile group 1 Select Configuration gt Profile gt Advanced gt Rate Limit The advanced Rate Limit screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics tosour System Wireless Security WLAN Network Captive Portal Basic Rate Limit v Advanced Radio Group 1 Group 2 Group 3 Rate Limit 802 11b bg ng 802 11a na Profile Name SSID Rate Limit Bldi_Upper_Floor NG_11g 11 Bldi_Lower_Floor NG_11g9 12 _3 Bldi_Library NG litg 13 8 10 CANCEL 2 Click the tab for the profile group for which you want to configure rate limiting 3 Click the tab for the radio for which you want to conf
67. the vendor specific octets the complete address is 02 04 c0 a8 21 1b Linux or Windows based DHCP server If you use a Linux or Windows based DHCP server configure the IP address in decimal format and NETGEAR_WNC_AP as the vendor class identifier Discover Access Points with the Discovery Wizard The Discovery Wizard finds provides two methods to find access points that are not yet on the managed access point list These methods are described in the following sections e Access Points in Factory Default State and Access Points in a Layer 2 Subnet e Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks AN CAUTION If security is not set up or is set up incorrectly when the wireless controller pushes the configurations to the access points you could accidentally wipe out all security leaving your entire network open to access Be sure that you set up security correctly see Chapter 5 Manage Security Profiles and Profile Groups Access Points in Factory Default State and Access Points in a Layer 2 Subnet Access points in factory default state are access points out of the box that have never been employed Access points in a Layer 2 subnet are access points that are installed and functioning in the same IP subnet as the wireless controller and that are connected to the wireless controller through a back end Layer 2 switch gt To discover access points in factory default state and access po
68. to configure these settings in the table there are two requirements e Channel To enable the Access Point Channel menu in the table you need to disable automatic channel allocation on the Channel Allocation screen see Configure Channels on page 137 e Transmission power To enable the Tx Power menu in the table you need to disable automatic Tx power control on the advanced RF Management screen see RF Management for an Advanced Profile Group on page 142 gt To override the channel and transmission power for individual access points in a security profile of an advanced profile group 1 Select Configuration gt Wireless gt Advanced gt Wireless The Advanced Wireless Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal S Basic Advanced Wireless Settings Advanced Radio On Off Group 1 Group 2 Group 3 gt Wireless QoS Settings RF Management 802 11b bg ng 802 1la na Turn Radio On v Wireless Mode 802 11ing Y Data Rate Best SA Channel Width 20 40 MHz Dynamic Guard Interval 800 ns RTS Threshold 0 2347 2347 Fragmentation Length 256 2346 2346 Beacon Interval 100 1000 100 Aggregation Length 1024 65535 65535 AMPDU enable O disable RIFS Transmission O enable disable DTIM Interval 1 255 3 Preamble Type auto O Long AP Name Access Point Channel Tx Power netgearA10663 1 2 412Ghz
69. typically used for hotspot users and paying guests such as hotel guests who purchase access time for an Internet connection You can configure only a single captive portal on the wireless controller When you configure a captive portal you can use either the wireless controller as a local authentication server for the captive portal clients or you can configure an external RADIUS server for authentication Manage Rogue Access Points Guest Network Access and Users 111 ProSAFE Wireless Controller WC9500 There are two types of portal settings Guest portal Use this portal if all wireless users are allowed to access the network by supplying only their email address You do not need to define user names and passwords for these users Captive portal Use this portal type if wireless users need to supply their login name and password before being allowing access the network You need to define user names and passwords for these users see Manage Users Accounts and Passwords on page 116 Note You cannot configure captive portal authentication if the network authentication uses an external RADIUS server That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 or if you use legacy 802 1X you cannot configure captive portal authentication the network authentication needs to be Open System Shared Key WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK see Network Authentication and Data Encryption Options on pa
70. wireless client that is connected to the selected access point some or all of the following information displays MAC The MAC address of the wireless client IP The IP address of the client Channel The channel that the wireless client is using to connect to the access point Monitor the Wireless Network and Its Components 179 ProSAFE Wireless Controller WC9500 SSID The wireless network SSID that the wireless client is using to connect to the access point Security The security mode that the wireless client is using to connect to the access point Open WEP WPA WPA2 or WPA WPA2 Rogue AP Info For all rogue and unmanaged neighboring access points combined that are detected by the selected managed access point the following information displays The type of profile that the rogue access point is using to connect to the access point 802 11b bg ng or 802 11a na Reported The total number of detected rogue access points in the wireless mode In Same Channel The total number of detected rogue access points in the same channel In Interfering Channel The total number of detected rogue access points in the interfering channel Statistics For each type of usage Wired Ethernet Wireless ng bg or b and Wireless na or a statistics about transmitted and received packets and bytes display for the selected access point The actual statistics are self explanatory Note To see all fields
71. you can assign any of them including the basic RADIUS server to any profile whether in the basic profile group or in an advanced profile group gt To set up a RADIUS authentication server group 1 Select Configuration gt Security gt Advanced gt Authentication Server Manage Security Profiles and Profile Groups 88 ProSAFE Wireless Controller WC9500 The advanced Authentication Server screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Profile WLAN Network Captive Portal Basic Authentication Server v Advanced da Click to add another authentication group Rogue AP Auth 1 Auth 2 Auth 3 MAC ACL Authentication Group Name Auth 3 Server Enable Authentication o Enable Accounting o IP Address Shared Secret Primary Server B 1812 _ eseeeosooooo Secondary Server i 1812 eeeseooooooo Reauthentication Time Seconds 3600 Update Global Key Every Seconds 3600 2 Click the button to create an additional authentication group The new authentication group displays on the advanced Authentication Server screen and the tab for the new authentication is automatically selected to let you configure the new group 3 Optional In the Group Name field enter a unique name for the authentication group By default authentication groups are named Auth 1 Auth 2 Auth 3 and so on 4 Configure the external RADIUS server for the grou
72. 0 250 Subnet mask 255 255 255 0 Default gateway 192 168 0 1 DHCP server pools None Time zone USA Pacific Standard Time PST Time zone adjusted for daylight Enabled saving time Enabled Technical Specifications The following table lists the technical and physical specifications Table 5 Technical and physical specifications Feature Default Setting Electrical specifications e 100 240V 5A 47 63 Hz universal input with IEC 320 connector e Typical power consumption 165 W Dimensions W x H x D cm 43 cm x 4 3 cm x 44 cm Fits in a 1U rack Dimensions W x H x D in 16 92 in x 1 7 in x 17 32 in Fits in a 1U rack Weight e With one power supply 6 32 kg 13 94 Ib e With an optional second power supply 7 57 kg 16 68 Ib Operating temperatures 0 to 45 C 32 to 113 F Operating humidity 90 maximum relative humidity Factory Default Settings and Technical Specifications 206 ProSAFE Wireless Controller WC9500 Table 5 Technical and physical specifications continued Feature Default Setting Storage temperatures 20 to 70 C 4 to 158 F Storage humidity 95 maximum relative humidity noncondensing Major regulatory compliance CCC Note For more information see the ProSAFE Wireless Controller WC9500 data sheet at http support netgear com product WC 9500 Password Requirements The following table lists the passw
73. 2 168 0 154 MAC c0 3f 0e 7b 24 80 MODEL WNAP210 DOWN Access Point NAME netgear782488 IP 192 168 0 151 MAC lt O 3f 0er7bi 24180 MODEL WNAP210 UP Access Point NAME netgear7826D8 IP 192 168 0 150 MAC cO 3f 0017b 26 d0 MODEL WNAP210 UP Access Point NAME netgearA10668 IP 192 168 0 149 MAC c413dic 01 06160 MODEL WNDAP360 UP System UP Access Point NAME netgear762608 IP 192 168 0145 MAC c0 3f 0e 7b 26 d0 MODEL WNAP210 UP Access Point NAME netgear782488 IP 192 168 0 146 MAC c0 3f 0e 7b 24 80 MODEL WNAP210 UP Access Point NAME netgearA10668 IP 192 168 0 144 MAC 4 3d 7 31 06 60 MODEL WNDAP360 UP System UP Access Point NAME netgear762608 IP 192 168 0 145 MAC lt 0 3F 00 7b 26 d0 MODEL WNAP210 UP Access Point NAME netgear762488 IP 192 168 0 146 MAC cO13f10e17b124180 MODEL WNAP210 UP Access Point NAME netgearA10668 IP 192 168 0 144 MAC o4 3d 7181 06 60 MODEL WNDAP360 UP Raised Time Fri Feb 15 12 31 36 2013 Fri Feb 15 12 30 47 2013 Fri Feb 15 12 25 07 2013 Fri Feb 15 12 25 05 2013 Fri Feb 15 12 24 51 2013 Fri Feb 15 12 24 29 2013 Thu Feb 14 21 36 04 2013 Thu Feb 14 21 36 03 2013 Thu Feb 14 21 35 49 2013 Thu Feb 14 21 35 26 2013 Thu Feb 14 18 25 25 2013 Thu Feb 14 18 25 25 2013 Thu Feb 14 26 25 24 2013 Normal Access Point NAME netgear7B2608 MAC c013f10e 7b 26 d0 IP 192 168 0 145 MODEL WHAP210 Site 0 added to Managed List Thu Feb 14 18 24 53 2013 Normal Acc
74. 5 07 192 168 2 107 netgear982948 192 168 0152 00 11 22 33 44 08 192 168 1 108 netgear86E7AS 192 168 0 150 00 11 22 33 44 07 192 168 1 107 netgear86E7AS8 192 168 0 150 00 11 22 33 44 04 192 168 1 104 netgear86E7A8 192 168 0 150 00 11 22 33 44 03 192 168 1 103 netgear86E7AS8 192 168 0 150 OWWOWOV OOOO O0O00 00 11 22 33 44 02 192 168 1 102 netgearS6E7A8 192 168 0 150 16 of 17 Entry Per Page Default v AP MAC Client Type Usage KBytes Building Floor SSID 2C B0 50 98 29 40 802 11g Building 1 Floor 1 Doc Open 2C B0 5D 98 29 40 802 119 Building 1 Floor 1 DocB Open 2C B0 5D 98 29 40 802 119 2C B0 5D0 98 29 40 802 11g 2 B80 50 98 29 40 802 11g 20 4E 7F 86 E7 A0 802 119 20 4E 7F 86 E7 A0 802 119 2 C B0 5D 98 29 40 802 11g 2 80 5D 98 29 40 802 119 2C B0 50 98 29 40 802 119 2C B0 5D 98 29 40 802 119 2O 4E 7F S6 E7 A0 802 119 20 4E 7F S6 E7 A0 802 119 20 4E 7F 86 E7 A0 802 119 20 4E 7F 86 E7 A0 802 11g 20 4E 7F 86 E7 A0 802 11g Building 1 Floor 1 DocB Open Building 1 Floor 1 Doc Open Building 1 Floor 1 DocB Open Building 1 Floor 1 DocB Open Building 1 Floor 1 DocB Open Building 1 Floor 1 Doc Open Building 1 Floor 1 Doc Open Building 1 Floor 1 DocB Open Building 1 Floor 1 Doc Open Building 1 Floor 1 Doc Open Building 1 Floor 1 DocB Open Building 1 Floor 1 Doc Open Building 1 Floor 1 DocB Open Building 1 Floor 1 DocB Open PREVIOUS 1 of 2 NEXT Da O foe o fan fon o fan Ban Bay Han Oo
75. 5 aT gt Access Point renin a Clients Select Status Name Model MAC IP Site Neighboring healthy netgear7B26D8 WNAP210 c0 3f 0e 7b 26 d0 192 168 0 157 Local Clients oO healthy netgear7B2488 WNAP210 cO 3f 0e 7b 24 80 192 168 0 155 Local gt Neighbor AP healthy netgearA10668 WNDAP360 c4 3d c7 a1 06 60 192 168 0 156 Local Profiles gt DHCP Lease gt Captive Portal Users Monitor the Wireless Network and Its Components 176 ProSAFE Wireless Controller WC9500 Group Building Floor Location 2 4 5 GHz Channel Uptime Building 1 Floor 1 7 mins 7 secs Building 1 Floor 1 7 mins 7 secs Building 1 Floor 1 6 mins 57 secs REFRESH DETAILS EXPORT The following table describes the fields of the Access Point table Item Description Select The radio button that lets you select the access point Status The status of the access point healthy or down Name The name of the access point see Edit Access Point Information on the Managed AP List on page 101 Model The model of the access point WNAP210 WNAP320 WNDAP350 WNDAP360 or WNDAP380R MAC The MAC address of the access point IP The IP address of the access point Site The site designation is always Local Group The profile group to which the access point is assigned see Assign Access Points to Advanced Profile Groups on page 104 Building The building designation is always Building 1 Floor The f
76. 59 14 37 53 2013 02 17 cO 3f 0e 7b 26 d0 Management Unknown 192 168 0 133 14 20 40 2013 02 17 20 46 9a 47 c2 13 Management Item Description Host Name The host name of the DHCP client IP The IP address that is allocated to the DHCP client End Time The DHCP lease end time for the DHCP client End Date The DHCP lease end date for the DHCP client MAC The MAC address of the DHCP client VLAN The VLAN name or number that the DHCP server and DHCP client are using to connect Monitor the Wireless Network and Its Components 187 ProSAFE Wireless Controller WC9500 View Captive Portal Users Managed by the Wireless Controller The Captive Portal Users screen displays the current guests and users that are logged in toa captive portal on the access points that are managed by the wireless controller gt To view the Captive Portal Users screen Select Monitor gt Controller gt Captive Portal Users Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary Captive Portal Users Usage 2 Search gt Access Point gt Clients User Name Account Name IP MAC Login Time Expiry Time gt Neighboring WBenson ViIPquests 192 168 1 107 00 0 00 22 00 A0 Sat Feb 16 15 14 22 2013 Sun Feb 17 15 14 22 2013 Clients BHart Default 192 168 1 104 00 0 15 00 00 A0 Sat Feb 16 15 15 57 2013 Mon Feb 18 08 30 00 2013 gt Neighbor AP gt Profiles gt DHCP Lease gt Capt
77. 80 Vy WPA passphrase requirements 207 VAR information licenses 56 video QoS queue 144 VLANs 49 clients 24 27 DHOP server 52 management 23 27 security profiles 69 75 settings access points 103 untagged 49 103 voice calls preventing channel allocation 139 voice QoS queue 144 W web management interface layout 41 troubleshooting 199 weight wireless controller 206 WEP encryption 78 WEP key requirements 207 WiFi clients adding 118 WINS servers 50 wireless band usage viewing 175 wireless client separation 69 75 wireless clients maximum number 147 wireless clients viewing in the network 194 neighboring in the network 184 on the access point 179 192 on the wireless controller 174 182 wireless controller viewing active SSIDs 190 captive portal accounts and users 188 DHOP leases 187 managed access points 176 managed clients 180 neighboring access points 185 neighboring clients 184 profiles 186 summary 173 usage 175 wireless modes 130 134 wireless network name SSID 68 74 wireless settings 124 wizard access point discovery 91 WLAN group assignment 104 214
78. A PSK TKIP AES amp WPA2 PSK Advanced profile Shared Key 64 bit WEP Hexadecimal 10 fixed 1 Select Contiguration gt 128 bit WEP Hexadecimal 26 fixed Profile gt Advanced gt Radio 152 bit WEP Hexadecimal 32 fixed See 2 Select a group Configure i WPA PSK TKIP Alphanumerics and Up to 63 Security 3 Click Edit special characters Profiles for 4 Select a profile TKIP AES excluding quotes Advanced 5 Make a selection from WPA2 PSK AES Profile the Network Groups on Authentication menu TKIP AES page 71 WPA PSK TKIP AES amp WPA2 PSK Select Configuration gt External Shared Secret Alphanumerics and Up to 127 See Manage Security gt Authentication RADIUS special characters Authentication Server Server Servers and Authentication External Domain Admin User Alphanumerics and Up to 32 Server LDAP special characters Groups on Server page 85 Factory Default Settings and Technical Specifications 208 Index Numerics 1U rack 206 2 4 GHz and 5 GHz channels 139 802 11 wireless modes 130 134 802 1Q VLAN header 23 49 A AC power supplies 14 access point profile groups adding advanced groups 71 assigning access points to 104 basic and advanced described 21 channels and transmission power overriding 131 135 profiles adding and configuring 67 73 QoS configuring 144 radio turning on and off 126 rate limiting configuring 148 RF management configuring 140 wireless settin
79. AS8 192 168 0 150 16 of 17 Entry Per Page Default m Monitor the Wireless Network and Its Components 193 ProSAFE Wireless Controller WC9500 AP MAC Client Type Usage KBytes RSSI Building l SSID Security 2C 80 5D 98 29 40 802 119 Building 1 Floor 1 DocB Open 2C B0 5D 98 29 40 802 119 Building 1 Floor i DocB Open 2C 80 50 98 29 40 802 119 Building 1 Floor 1 Open 2C B0 5D 98 29 40 802 119 Building 1 Floor 1 Open 2 B80 50 98 29 40 802 1l1g Building 1 Floor 1 Open 20 48 7F 86 E7 A0 802 119 Building 1 Floor 1 Open 20 4E 7F 86 E7 A0 802 119 Building 1 Floor 1 Open 2C B0 5D 98 29 40 802 119 Building 1 Floor 1 Open 2C 80 50 98 29 40 802 119 Building 1 Floor 1 Open 2C 80 5D 98 29 40 802 l1g 2 B80 5D 98 29 40 802 119 Building 1 Floor 1 Open Building 1 Floor 1 Open 20 4E 7F 86 E7 A0 802 119 Building 1 Floor 1 Open 20 4E 7F 86 E7 A0 802 119 Building 1 Floor 1 Open 20 4E 7F S6 E7 A0 802 119 Building 1 Floor 1 Open 20 4E 7F 86 E7 A0 02 119 Building 1 Floor 1 Open oF oO FO o FOF o Ge o OF o GO o Ge OC OF CO 20 4E 7F 86 E7 A0 802 119 Building 1 Floor 1 DocB Open PREVIOUS 1 of 2 NEXT LOCATE DETAILS EXPORT The following table describes the fields of the Clients table on the Local Client List screen Item Description Select The radio button that lets you select the client The MAC address of the wireless client The IP address of the wireless client Location The l
80. Apply Discover and Manage Access Points 106 Manage Rogue Access Points T Guest Network Access and Users This chapter includes the following sections e Manage Rogue Access Points e Manage Guest Network Access e Manage Users Accounts and Passwords ProSAFE Wireless Controller WC9500 Manage Rogue Access Points Rogue access point detection is disabled by default on the wireless controller If you want to detect rogue access points you need to enable rogue access point detection Scanning might affect the service availability of the access point temporarily An access point is defined as rogue if e The access point s radio basic service set identifier BSSID is detected by any of the managed access points e The access point transmits on the Ethernet side on the same Layer 2 as the managed access points e Atleast one client is connected to the access point Any unmanaged access point not meeting all these conditions is classified as a neighbor The access points transmit broadcast frames on the Ethernet during the time access point radios are off channel and scanning The wireless controller can detect and maintain a maximum of 512 access points both neighboring and rogue access points Note If enabled basic rogue AP detection and advanced rogue AP detection apply to all profiles whether in the basic profile group or in any of the advanced profile groups Configure Basic Rogue Detection Settings I
81. Authentication Server Groups on page 85 From the Data Encryption menu select the type of encryption AES Supports AES only TKIP AES Supports both TKIP and AES Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the menu To configure WPA amp WPA2 authentication with a RADIUS server Wi Set up and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers and Authentication Server Groups on page 85 2 Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the menu Note The Data Encryption menu displays TKIP AES which is the only available option Both TKIP and AES are supported Manage Security Profiles and Profile Groups 79 ProSAFE Wireless Controller WC9500 Table 3 Network authentication and data encryption settings continued Network Authentication Selection Data Encryption Options Configuration Steps Note Use this option if there are both WPA PSK and WPA2 PSkK clients in the network WPA PSK TKIP To configure WPA PSK authentication TKIP AES 1 From the Data Encryption menu select the type of encryption TKIP Supports TKIP only TKIP AES Supports both TKIP and AES 2 Optional Select the Show Passphra
82. C 70 7E Access Point netgearA10668 BSSID C4 3D C7 A1 06 62 SSID NG_11g 33 Frequency 2 412000 GHz Auth open Client Type 802 11b Cipher none AID 4 RSSI 39 Tx Power 10 dbm Tx Rate 11 00Mbps Tx Bytes 728 Rx Rate 1 00Mbps Rx Bytes 1928 Tx Packets 3 Rx Packets 30 The following table describes the fields of the Client Details screen Item Description MAC The MAC address of the wireless client Access Point The name of the access point to which the wireless client is connected BSSID The MAC address of the access point s radio to which the wireless client is connected SSID The wireless network SSID that the wireless client is using to connect to the access point Monitor the Wireless Network and Its Components 195 ProSAFE Wireless Controller WC9500 Description Frequency The channel frequency that the wireless client is using to connect to the access point Auth The security mode that the wireless client is using to connect to the access point Open WEP WPA WPA2 or WPA WPA2 Client Type The wireless mode that the wireless client is using to connect to the access point 802 11ng 802 11 bg 802 11 b 802 11na or 802 11 a Cipher The type of encryption that the wireless client is using WEP AES TKIP or TKIP AES AID The association ID of the client The received signal strength indicator RSSI of the wireless client The transmit power of the wireless
83. C9500 Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks Access points that are installed and working in standalone mode in different Layer 3 networks are access points that do not function in the same subnet as the wireless controller but in different IP ranges and that are connected to the wireless controller through a router If you have a very large wireless network you might have to run the Discovery Wizard several times gt To discover access points in different Layer 3 networks 1 Select Access Point gt Discovery Wizard The Discovery Wizard Step 1 of 3 Choose state of Access Points screen displays Configuration Monitor Maintenance Stacking Diagnostics gt Discovery Wizard Discovery Wizard wenased SES Managed AP List Step 1 of 3 Choose state of Access Points In simple steps WC9500 can discover your supported Access Points in the network Please select the state of the Access Points out of Factory and L2 Subnet APs installed and working in Standalone Mode 1am not sure 2 Select the Installed and working in Standalone Mode radio button Note The lam not sure radio button directs you to the product documentation 3 Click Next The Discovery Wizard Step 2 of 3 Specify IP Range screen displays Configuration Monitor Maintenance Stacking Diagnostics s Discovery Wizard Discovery Wizard gt anager AR HEA AP List Step 2 of 3 Specify IP Range Range 1 Star
84. DAP Advanced security settings You can apply the following security settings to any profile whether in the basic profile group or in an advanced profile group Advanced MAC authentication the MAC ACLs that are by default called Acl 1 Acl 2 Acl 3 and so on you can change these default names Advanced authentication server the RADIUS servers that are by default called Auth 1 Auth 2 Auth 3 and so on you can change these default names Manage Security Profiles and Profile Groups 66 ProSAFE Wireless Controller WC9500 Configure Security Profiles for the Basic Profile Group The basic profile group works well for small scale WLAN networks NETGEAR recommends that you read the information in the previous section Wireless Security Profile Concepts before you configure any profiles Configure Profiles in the Basic Profile Group The Edit Profile Basic screen lets you create and configure up to eight security profiles per wireless radio eight profiles for a single band access point 16 profiles for a dual band access point Separate profiles are applied to 802 11b bg ng mode and 802 11a na mode radios To add a security profile to the basic profile group and configure the security profile v 1 Select Configuration gt Profile gt Basic gt Radio The Edit Profile Basic screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security WLAN Network Captive
85. NETGEAR ProSAFE Wireless Controller WC9500 Reference Manual May 2013 202 11224 02 350 East Plumeria Drive San Jose CA 95134 USA ProSAFE Wireless Controller WC9500 Support Thank you for selecting NETGEAR products After installing your device locate the serial number on the label of your product and use it to register your product at httos my netgear com You must register your product before you can use NETGEAR telephone support NETGEAR recommends registering your product through the NETGEAR website For product updates and web support visit htto support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at http support netgear com general contact default aspx Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice NETGEAR Inc All rights reserved Revision History Publication Part Number Publish Date Comments 202 11224 02 May 2013 Color correction and minor nontechnical edits 202 11224 01 April 2013 First publication Contents Chapter 1 Introduction Key Features and Capabilities 0 0 0 00 e eee eee 9 Package COMES ieee rrue edven trr ddan aeeee gene adeeuageane 11 Hardware Features 0 eee 11 Front P
86. NMP manager To allow any SNMP manager to access the wireless controller keep this field blank 3 Click Apply Maintain the Wireless Controller and Access Points 158 ProSAFE Wireless Controller WC9500 Specify Session Time Outs If an HTTP session times out the user is redirected to the login screen for password verification gt To specify the length of the HTTP session time out for the wireless controller 1 Select Maintenance gt Remote Management gt Session Timeout The Session Timeout screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Logs amp Alerts s SNMP Session Timeout gt Session WL Timeout minutes CANCEL APPLY 2 In the Timeout minutes field specify number of minutes before an active HTTP login session expires The default session time out is five minutes 3 Click Apply View Alerts and Events and Save the Logs You can view the system alerts and save the system logs that are collected on the wireless controller You can also query the system logs for individual access points clients and SSIDs If a problem or failure occurs these system logs along with backed up configuration settings could help determine the cause NETGEAR recommends that you save the system logs before you clear them Query the System Logs The information that is stored in the s
87. No radio button to disable broadcast of the SSID in which case only devices that have the correct SSID can connect to the access point Client Authentication section Note The options that display onscreen depend on your selection from Network Authentication menu Network Authentication From the menu select the authentication type to be used Table 3 on page 78 lists all the authentication type options Data Encryption Wireless Client Security Separation VLAN From the menu select the data encryption type to be used The options available for data encryption as well as other requirements such as entering a key or passphrase depend on the network authentication settings Table 3 on page 78 lists all the data encryption options From the menu select Disable to prevent associated wireless clients from communicating with each other or select Enable to allow such communication Wireless client separation is intended for hotspots and other public access situations Enter the VLAN ID to be associated with this security profile This VLAN ID needs to match the VLAN ID that is used by other network devices Authentication Settings section Note The options that display onscreen depend on the selection from Network Authentication menu Note MAC ACL displays only when you select Open System Shared Key WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK from the Network Authentication menu MAC ACL Select one of t
88. P Server List shows the DHCP servers that are already configured on the wireless controller Configure the System and Network Settings and Register the Licenses 51 ProSAFE Wireless Controller WC9500 2 Click Add The Add DHCP Server pop up screen displays Add DHCP Server DHCP Settings Enable Use LAN Interface LAN IP Network 192 168 0 0 Subnet Mask 255 255 255 0 Default Gateway 192 168 0 1 Start IP End IP Use Default DNS Server Primary DNS Server 192 168 0 1 Secondary DNS Server Use Default WINS Server WINS Server CANCEL CLEAR 3 Configure the settings as described in the following table Setting Description Enabled Select this check box to enable the DHCP server When the check box is cleared the DHCP server is disabled Use VLAN Interface Select this check box to allow the DHCP server to function with multiple VLANs VLAN Enter the DHCP server VLAN ID The range is between 1 and 4094 The DHCP server services this VLAN IP Network Enter the IP address for the wireless controller in the VLAN that you have specified in the VLAN field If you have not selected the Use VLAN Interface check box the IP address of the wireless controllers management VLAN is used Subnet Mask Enter the subnet mask that is assigned to the wireless clients by the DHCP server Default Gateway Enter the IP address of the default network gateway for all traffic beyond the local network Start IP Ent
89. P address of the wireless controller as in this example Ping 192 168 0 250 3 Click OK You should see a message like this one Pinging lt IP address gt with 32 bytes of data If the path is working you see this message Reply from lt IP address gt bytes 32 time NN ms TTL xxx If the path is not working you see this message Request timed out If the path is not functioning correctly you could have one of the following problems e Wrong physical connections Make sure that the Ethernet LEDs are lit If they are off follow the instructions in Ethernet Port LEDs Are Not Lit on page 199 e Wrong network configuration Verify that the Ethernet card driver software and TCP IP software are both installed and configured on your computer Verify that the IP address for your wireless controller and your computer are correct and that the addresses are on the same subnet Use the Reset Button to Restore Default Settings If you can access the wireless controller you can use the Reboot Reset Controllers screen the path is Maintenance gt Backup Restore to perform a soft or hard reset see Reboot or Reset the Wireless Controller on page 156 If you can no longer access the wireless controller press the Reset button on the front panel see Front Panel Ports Slots and LEDs on page 11 to restore the factory default settings gt To clear all data and restore the factory default values 1 Press and hold the Reset button for about
90. Portal Basic Edit Profile Basic Radio Load Balancing 802 11b bg ng 802 11a na 7 A gt Rate Limit Click to add another profile gt Advanced Te VLAN10 VLAN20 VLAN3O Profile Definition Name VLANIO Wireless Network Name SSID VLAN1O Broadcast Wireless Network Name SSID ves Ono Your selection from the Network Authentication menu determines the information that is Client Authentication Network Authentication Open System v lt Data Encryption None v Wirel li i i isable reless Client Security Separation Disable displayed onscreen LAN 10 Aulhenicatios Settings lt Select the Local radio MAC ACL Local External button to display the Local MAC ACL Group basic v Local MAC ACL Captive Portal o Group menu Select the External Wireless QoS radio button to Wi Fi Multimedia WMM enable O disable display the External WMM Powersave enable O disable Radius Server menu By default an NG_11g profile and an NG_11a profile are present in the basic profile group 2 Click the tab for the radio for which you want to add a profile Manage Security Profiles and Profile Groups 67 ProSAFE Wireless Controller WC9500 3 Click the button to add the profile to the basic profile group The Add Profiles pop up screen displays ADD Profiles Clone an existing Profile o Profiles VLAN1O CANCEL ADD 4 Optional Clone an existing profile a Select the Clone an ex
91. S server For configuration guidelines for external MAC authentication see Guidelines for External MAC Authentication on page 81 For configuration guidelines for external authentication of captive portal users see Manage Guest Network Access on page 111 External LDAP server You can define one external LDAP server commonly referred to as an Active Directory AD server You need to specify its configuration on the basic Authentication Server screen see the next section so that you can select this authentication option during the configuration of a profile By default the external LDAP server for the basic authentication group is called basic LDAP You cannot change this name and you cannot configure any LDAP servers for the advanced authentication groups You can assign the basic LDAP server to both the basic profile group and to advanced profile groups All three servers can be active so that the profiles that you set up can be configured to work with different authentication servers For example you could set up a guest profile with no authentication an engineering profile that uses external RADIUS authentication and a marketing profile that uses external LDAP authentication The settings that you specify on the Authentication Server screen affect the selections that are available in the Network Authentication menu and the corresponding Authentication Server field on the Edit Profile screens For information about how to co
92. SSID 3 and VLAN 40 If necessary for the selected network authentication options configure one or more authentication servers Configuration gt Profile gt Basic Configuration gt Security gt Basic gt Authentication Server 3 Configure the following profile groups 1 A profile group with the name Building 1 to which you add the following profiles The profile with SSID 1 and VLAN 10 The profile with SSID 2 and VLAN 20 The profile with SSID 2 and VLAN 30 A profile group with the name Building 2 to which you add the following profiles The profile with SSID 1 and VLAN 10 The profile with SSID 2 and VLAN 30 The profile with SSID 3 and VLAN 40 Configuration gt Profile gt Advanced 4 Deploy the access points and connect them to PoE switches System Planning and Deployment Scenarios 36 ProSAFE Wireless Controller WC9500 Step Configuration Web management interface path 5 When the access points are operating open the Discovery Wizard to do the following Access Point gt Discovery Wizard 1 Specify the state of the access points by selecting the Out of Factory and L2 Subnet APs radio button 2 Run the Discovery Wizard 3 Select and add the access points that you want to be managed by the wireless controller to the managed list Note By default all access points are added to the basic group 6 Assign the access points to the access
93. TS packet before sending the actual packet data Fragmentation Length 256 2346 Enter the size that specifies the maximum fragmentation length for data packets Packets larger than the specified fragmentation length are broken up into smaller packets before being transmitted The fragmentation length needs to be an even number Beacon Interval 100 1000 Enter the time interval for each beacon transmission that allows the access point to synchronize the wireless network Aggregation Length 1024 65535 802 11n only Enter the maximum length of aggregated MAC protocol data unit AMPDU packets Larger aggregation lengths can lead to better network performance Aggregation is a mechanism used to achieve higher throughput Configure Wireless and QoS Settings 130 ProSAFE Wireless Controller WC9500 Setting Description AMPDU Select the On radio button to allow the aggregation of several MAC 802 11n only frames into a single large frame to achieve higher throughput Enabling AMPDU can lead to better network performance Select the Off radio button to disable this option RIFS Transmission Select the On radio button to enable the reduced interframe space 802 11n only RIFS option to allow transmission of successive frames at different transmit powers Enabling RIFS can lead to better network performance Select the Off radio button to disable this option DTIM Interval 1 255 Enter the deliver
94. The Basic Wireless Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal Basic Basic Wireless Settings Radio On Off gt Wireless 802 11b bg ng 802 11a na Channel Allocation RF Management gt Advanced Turn Radio On yy Wireless Mode 802 11ng Data Rate Bet v Channel Width 20 40 MHz Dynamic Guard Interval 800 ns RTS Threshold 0 2347 2347 Fragmentation Length 256 2346 2346 Beacon Interval 100 1000 100 Aggregation Length 1024 65535 65535 AMPDU enable O disable RIFS Transmission O enable disable DTIM Interval 1 255 3 Preamble Type Auto O Long AP Name Access Point Channel Tx Power netgeara10668 1 2 412Ghz Half v netgear7B2488 11 2 462Ghz Half v netgear7B26D8 1 2 412Ghz Half v CANCEL APPLY 2 Click the tab for the radio for which you want to configure the wireless settings 3 Select the Turn Radio On check box The wireless settings become accessible and you can configure them If you cannot select the Turn Radio On check box see the requirements are the beginning of this section Configure Wireless and QoS Settings 129 ProSAFE Wireless Controller WC9500 4 Configure the settings as described in the following table Setting Description Wireless Mode Data Rate Channel Width 802 11n only Guard Interval 802 11n only
95. The Logs Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics gt General gt Time gt IP LAN gt DHCP Server Wireless Security Profile WLAN Network Captive Portal og Settings Event Tracing Time Duration ra 0 gt mins 30 og Level LOG_LEVEL_WARN gt Certificates v Alerts Logs Logs Syslog gt Alarms Syslog Settings Enable Syslog gt Email Setup Syslog Server IP Address Server Port Number CANCEL APPLY 2 Inthe Logs Settings section of the screen configure either event tracing or a log level these selections are mutually exclusive Event tracing To configure event tracing a Select the Event Tracing check box b Next to Time Duration use the menus to specify the period during which event tracing should occur Log level From the Log Level menu select one of the following levels LOG_LEVEL CRIT Critical errors only are logged LOG_LEVEL_ERR Noncritical errors and critical errors are logged LOG_LEVEL_WARN Warnings noncritical errors and critical errors are logged LOG_LEVEL_NOTICE Notifications warnings noncritical errors and critical errors are logged LOG_LEVEL_INFO Informational messages notifications warnings noncritical errors and critical errors are logged 3 Click Apply For information about saving and clearing the logs see View Alerts and Events and Save the Logs on page 159
96. User Management screen see Manage Users Accounts and Passwords on page 116 External RADIUS server You can define a basic external RADIUS server that you would typically use in the profiles of a basic profile group of a small scale network You need to specify its configuration on the basic Authentication Server screen see the next section so that you can select this authentication option during the configuration of a profile As part of the advanced authentication server settings you can define multiple external RADIUS servers that you would typically use in a more complex network with many profiles You can then assign different RADIUS servers to different profiles By default the external RADIUS server for the basic authentication group is called basic Auth You cannot change this name By default the external RADIUS authentication servers for the advanced authentication groups are called Auth1 through Auth8 and you can change these names You can assign the basic Auth server to an advanced profile group and you can assign a RADIUS server of an advanced authentication group to the basic profile group Manage Security Profiles and Profile Groups 85 ProSAFE Wireless Controller WC9500 See the following configuration guidelines for external RADIUS servers You need to add only the IP address of the wireless controller as a RADIUS client to the RADIUS server All managed access points are then automatically known to the RADIU
97. WC9500 Setting Description Note Captive Portal Captive Portal Select this check box if you want to enable the captive portal displays only when you For more information see Manage Guest Network Access on select Open System page 111 Shared Key WPA PSK WPA2 PSK or Note You cannot configure captive portal authentication if the WPA PSK amp WPA2 PSK network authentication uses a RADIUS server whether it is a from the Network local server or an external server That is if you configure a Authentication menu RADIUS server with WPA WPA2 or WPA amp WPA2 or if you use legacy 802 1X the Captive Portal check box is not shown onscreen Note Authentication Authentication Select one of the following radio buttons Server displays only rae when you select WPA Local Use the local authentication server with Radius WPA2 with External Use an external authentication server Radius or WPA amp WPA2 Select an external authentication server from the with Radius from the Authentication Server menu Network Authentication Note For information about setting up and enabling internal Menu and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 85 Wireless QoS section Wi Fi Multimedia WMM To enable Wi Fi Multimedia WMM select the Enable radio button which is the default setting Select the Disable button to disable the feature For more information see Con
98. WMM settings and so on Basic Profile The basic profile includes all the settings that are required to configure a fully functional access point with up to eight security profiles 16 for dual band access points After you have used the automatic discovery process and added access points to the managed AP list on the wireless controller the access points are assigned by default to the basic profile group If your network requires the wireless controller to manage multiple access points with different configurations use the advanced profile Advanced Profile The advanced profile lets you configure up to eight access point profile groups Each group includes all the settings that are required to configure a fully functional access point with up to eight security profiles 16 for dual band access points For example if there are four buildings each with a different wireless network you simply create four profile groups You then assign all access points in one building to one profile group all access points in another building to a second profile group and so on For each profile group you can create an individual radio on off schedule RF management settings MAC ACL authentication and an authentication server For each radio in a profile group 2 4 GHz radio and 5 GHz radio you can create individual wireless settings WMM and rate limit settings The following figure shows the advanced profile group architecture The structu
99. a load balancing threshold e Rate limiting events Rate limit events such as the violation of a rate limit threshold Note The Logs amp Alerts menu includes Redundancy and Stacking links Redundancy and stacking will be supported in a future release Common Components on the Alerts and Events Screens Each screen that displays alerts or events contains a table with three columns e Severity The alarm severity level All Minor Normal Major or Critical You can sort the table on severity level by clicking the icon next to the Severity header in the table e Description The description of the alert or event which is self explanatory You can sort the table on description by clicking the icon next to the Description header in the table e Raised Time The date and time that the alert or event was raised You can sort the table on time by clicking the icon next to the Raised Time header in the table A table can extend over multiple pages The progress bar Ee gt shows only when many components such as access points or clients are retrieved and require two or more pages to be displayed You can navigate through a table by using the following links and menu that display at the bottom of the table only if there are sufficient entries in the table e To move to the next page click Next e To move to the previous page click Previous e To change the number of entries onscreen select 20 40 60 80 or All from the Entry Per
100. a profile group click the button The new profile group displays on the Profile Groups screen By default an NG_11g 0 profile and an NG_11a 0 profile are present in a profile group Note By default profile groups are named Group 1 Group 2 Group 3 and so on You cannot change these profile group names The following table describes the fields that are shown for each profile in a profile group Setting Description Name The unique profile name The wireless radio mode in which the profile is operating Authentication The authentication setting under which the profile is operating gt To remove an advanced profile group 1 Select Configuration gt Profile gt Advanced gt Radio The Profile Groups screen displays 2 Click the tab for the profile group that you want to remove 3 Click Delete Note There is no separate procedure to edit profile groups You edit profile groups by adding removing or changing profiles in the profile group Manage Security Profiles and Profile Groups 72 ProSAFE Wireless Controller WC9500 Configure Profiles in an Advanced Profile Group For each profile group the Edit Profile Group X screen lets you create and configure up to eight security profiles per wireless radio eight profiles for a single band access point 16 profiles for a dual band access point Separate profiles are applied to 802 11b bg ng mode and 802 11a na mode radios To add a security profile to
101. address The wireless controller tries to log in to managed access points each minute If the error is temporary the status automatically changes to Connected If the error is prolonged verify the access point s IP address and network connectivity For more information see Problems with Access Points on page 202 Remote The site designation is always Local Group Name The profile group to which the access point is assigned For information about creating profile groups and their associated security profiles see Configure Security Profiles for Advanced Profile Groups on page 71 Discover and Manage Access Points 105 ProSAFE Wireless Controller WC9500 Tip To view all members of a profile group sort the access points by profile group You do this by clicking the icon next to the Group Name header in the table gt To assign one or more access points to another profile group 1 Select Configuration gt WLAN Network The WLAN Group Assignment screen displays Take one of the following actions e Assign a single access point to another group by selecting the check box to the right of the access point e Assign a selection of access points to another group by selecting the check boxes to the right of the access points e Assign all access points to another group by selecting the check box in the upper right of the table heading Select the group name from the Group Name menu in the table heading Click
102. agement Every seconds i Select wicchede box screen For information see Manage Users 2 Specify the interval in seconds Accounts and after which the global key is Passwords on page 116 updated for all wireless clients External Server IP Specify the IP address of the external Active Directory AD LDAP Server authentication server Server Port Specify the port of the external AD server The default is port 389 User Base DN Specify the user base distinguished name DN on the AD server Workgroup Name Specify the workgroup name on the AD server Admin Domain Specify the administrative domain on the AD server Domain Admin User Specify the user name for the administrative domain Domain Admin Specify the password for the administrative domain Password Note For information about password requirements see Table 6 on page 207 4 Click Apply For information about how to add an authentication server to a security profile in the basic profile group see Configure Profiles in the Basic Profile Group on page 67 For information about how to add an authentication server to a security profile in an advanced profile group see Configure Profiles in an Advanced Profile Group on page 73 Configure RADIUS Authentication Server Groups For greater security flexibility you can create up to eight external RADIUS servers to authenticate different groups of users After you have set up these authentication servers
103. agged management VLAN on the wireless controller 5 Clear the Untagged Vlan check box Default VLAN 1 changes to a tagged VLAN 2 For initial discovery and configuration of the access points temporarily configure management VLAN 100 as an untagged management on the PoE switch 3 Configure either the network s DHCP server or the wireless controller s DHCP server to use VLAN 100 If you use the wireless controller s DHCP server 1 Configure the IP address range for VLAN 100 Configuration gt System gt DHCP Server 2 Configure the other DHCP server fields including the gateway and DNS servers 4 Configure the following profiles and configure network authentication and data encryption for these profiles 1 Aprofile with SSID 1 and VLAN 10 Configuration gt Profile gt Basic 2 Aprofile with SSID 2 and VLAN 20 3 If necessary for the selected network authentication options Configuration gt Security gt Basic gt configure one or more authentication servers Authentication Server 5 Connect the wireless controller to the PoE switch 6 Before you connect the access points to the PoE switch verify that the switch ports to which you intend to connect the access points are configured as access ports in management VLAN 100 7 Deploy the access points and connect them to the designated PoE switch ports System Planning and Deployment Scenarios 33 ProSAFE Wireless Control
104. an external or a local access control list ACL with MAC addresses of clients to either allow or deny the network access privilege of the specified clients with the wireless controller managed access point The settings are applied only to managed access points Note The wireless controller can support an aggregate number of 4096 MAC addresses for all its local ACLs Guidelines for External MAC Authentication Note the following external RADIUS server guidelines e For each MAC authentication client you need to configure a policy on the RADIUS server e During MAC authentication the wireless controller sends the following information to the RADIUS server MAC address in the format XX XX XX XX XX XX Username Calling station ID e The wireless controller uses CHAP as the authentication protocol with the RADIUS server e You can configure either MAC authentication with an external RADIUS server or network authentication with an external RADIUS server but not both That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 you cannot use external MAC authentication but are limited to internal MAC authentication gt To use an external ACL 1 Configure an ACL on an external RADIUS server 2 On an Edit Profile screen for the basic profile group or an advanced profile group next to MAC ACL select the External radio button 3 From the External Radius Server menu select the external authenticati
105. anced s Radio 802 11b bg ng 802 1la na gt Rate Limit re Click to add another profile NG f NG_1ig 33 Profile Definition Name NG_11g 33 Wireless Network Name SSID NG_119 33 Broadcast Wireless Network Name SSID ves Ono Your selection from the Network z A Authentication menu determines the information that is displayed onscreen Client Authentication Network Authentication Open System Data Encryption None v Wireless Client Security Separation Disable v VLAN 1 Authentication Settings Select the Local radio MAC ACL tocal O External button to display the Local MAC ACL Group basic Local MAC ACL Captive Portal o Group menu Select the External Wireless QoS radio button to Wi Fi Multimedia WMM enable O disable display the External WMM Powersave enable O disable Radius Server menu cancer ii Back il DELETE 7 Configure the settings as described in the following table Setting Description Profile Definition section Name Enter a unique name to identify the profile This value can be up to 32 alphanumeric characters Use meaningful profile names instead of the default names The default profile names are Profile1 Profile2 and so on through Profile8 Wireless Network Name Enter a unique name for the wireless network associated with this profile SSID Broadcast Wireless Select the Yes radio button to enable broadcast of the SSID Network Name This is the default se
106. anel Ports Slots and LEDSssc stnakenciadad a wescewe ees 11 Back Panel Features d4 o000494 2805405 44 teen td Aa 13 Bottom Panel with Product Label 0 0 0 00 ee ae eeee 14 WC9500 Wireless Controller System Components 14 NETGEAR ProSAFE Access Points 000000 ee eee eens 15 What Can You Do with the WC9500 Wireless Controller 16 IHC CNSCSS oneuns cesar eee eeu ae eee eda ae hk ae oa ae 18 Maintenance and Support 0 00 e eee 18 Chapter 2 System Planning and Deployment Scenarios Basic and Advanced Setting Concepts 0 0000 cee eee 20 Profile Group CONCEDIS 3 ide du od cated sea iia dann akenio Sa 21 Basic Protiles 2 cess dewsa ade oo eR aOR ER ee aoa Deen OEE 21 Advanced Profile 0 0 0 teen eee 21 System PIGANING s lt 0 5 2208 dena anaa aa binge ama dda eed Daa 23 Pretastallation Planningen sere ste ausrbardnardss a be pendii e aa 23 Before You Configure a Wireless Controller 23 High Level Configuration Examples 0000 0c eee eens 26 Single Controller Configuration with Basic Profile Group 26 Single Controller Configuration with Advanced Profile Groups 27 Management VLAN and Data VLAN Strategies 27 High Level Deployment Scenarios 000 cee eee eee ee 29 Scenario Example 1 Network with Single VLAN 29 Scenario Example 2 Advanced Network with VLANs and SSID
107. ange the configuration of the wireless controller Read only These users have access to the wireless controllers web management interface but can access only the Monitor main navigation tab and the Help main navigation tab These users cannot change the configuration of the wireless controller Guest provisioning These users can configure only captive portal users that is they can access only the User Management configuration menu tab under the Maintenance main navigation tab License management only These users can configure only licenses that is they can access only the License configuration menu tab under the Maintenance main navigation tab for more information see Manage Licenses on page 165 e WiFi clients Users with credentials to access the wireless network These users do not need to use the captive portal or the guest portal to access the wireless network nor is their access subject to expiration e Captive portal users Users with credentials to access the captive portal and who are granted temporary access or access without expiration In addition to the users you can also configure captive portal accounts that you use in combination with captive portal users Accounts specify the period during which wireless access is available and the amount that is charged for it Note For information about password requirements see Table 6 on page 207 Add a Management User You can add an administrator a user who has
108. anning and Deployment Scenarios 26 ProSAFE Wireless Controller WC9500 Single Controller Configuration with Advanced Profile Groups A more complex configuration consists of a single wireless controller that controls a collection of access points that are organized in access point profile groups and might use several profiles in each access point profile group gt To set up a single wireless controller system with advanced profile groups Step Configuration Web Management Interface Path 1 Configure the system and network settings of the wireless controller 1 Configure the country code of operation Configuration gt System gt General 2 Configure the time settings Configuration gt System gt Time 3 Configure the IP address of the wireless controller Configuration gt System gt IP VLAN 4 Verify that VLAN 1 is set as the management VLAN and is marked as untagged By default VLAN 1 an untagged management VLAN 5 If no network DHCP server is accessible to the access points Configuration gt System gt DHCP configure the wireless controllers DHCP server Server 2 Configure up to eight access point profile groups and for each access point profile in a group do at least the following 1 Configure an SSID for wireless access Configuration gt Profile gt Advanced 2 Configure the network authentication and data encryption 3 Assign the VLAN 4 If necessary for the selected netwo
109. are using the correct login information The factory default login name is admin and the password is password Make sure that Caps Lock is off when entering this information If the wireless controller does not save changes you have made in the web management interface check the following e When entering configuration settings be sure to click the Apply button before moving to another tab or screen or your changes are lost e Click the Refresh or Reload button in your web browser The changes might have occurred but the web browser might be caching the old configuration After you have upgraded the firmware if the browser does not display the latest features of the web management interface clear the browser s cache and refresh the screen Troubleshoot a TCP IP Network Using the Ping Utility Most TCP IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device The device then responds with an echo reply You can easily troubleshoot a TCP IP network by using the ping utility in your computer You can ping the wireless controller from your computer to verify that the LAN path to your wireless controller is set up correctly gt To ping the wireless controller from a computer running Windows 1 From the Windows toolbar click the Start button and select Run Troubleshooting 200 ProSAFE Wireless Controller WC9500 2 In the field provided type ping followed by the I
110. ator Full access with read and write capabilities e Read Only Read only access that is restricted to the Monitor and Help main navigation tabs e Guest Provisioning Access that is restricted to the User Management configuration menu tab under the Maintenance main navigation tab e License Management Only Access that is restricted to the License configuration menu tab under the Maintenance main navigation tab Password Enter a password in the Password field Confirm the password in the Confirm Password field 4 Click Apply Manage Rogue Access Points Guest Network Access and Users 117 ProSAFE Wireless Controller WC9500 The user is added to the table on the User Management screen Add a WiFi Client You can add a user who is allowed to access the wireless network but who does not need to go through the captive portal or the guest portal gt To add a WiFi client 1 Select Maintenance gt User Management The User Management screen displays with the Management tab and associated screen in view Click the WiFi Clients tab The WiFi Client screen displays The following figure contains some account examples Access Point Configuration Monitor Maintenance Stacking Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt User Management User Management Management WiFi Clients Captive Portal Account Captive Portal Users
111. ault indicated by either Pre installed or Available Nmode License Status The number of access points that are used from the total number that your licenses support Used License Count Available License Count The number of access points that are still available from the total number that your licenses support Key Details section Key The value of the key that unlocks the license The type of the key that determines the number of access points that are supported and the mode that is supported Key Type Key Status The status of the key Registering key with server or Registered 3 Optional Click Refresh Maintain the Wireless Controller and Access Points 166 ProSAFE Wireless Controller WC9500 Your license information is refreshed onscreen Retrieve Your Licenses If NETGEAR exchanged your wireless controller for another one your licenses no longer display on the Inventory and Registration screens You need to retrieve your licenses from the license update server gt To retrieve licenses after you have received a replacement unit from NETGEAR 1 Make sure that the wireless controller is connected to the Internet 2 Make sure that the DNS servers are configured correctly For information about configuring DNS servers see IP and VLAN Settings on page 49 3 Select Maintenance gt License 4 Click the Advanced tab The Advanced screen displays Access Point Configuration Monitor Maintenanc
112. avigate through a table by using the following links and menu that display at the bottom of the table only if there are sufficient entries in the table gt To navigate through a table e To move to the next page click Next e To move to the previous page click Previous To change the number of entries onscreen select 20 40 60 80 or All from the Entry Per Page menu Use the Buttons to Perform Specific Tasks Most screens let you refresh the information and some screens let you clear the information onscreen or export the information e To display the latest information onscreen click Refresh e To clear the information that is displayed onscreen click Clear All Monitor the Wireless Network and Its Components 172 ProSAFE Wireless Controller WC9500 e To save the information that is shown onscreen a Click Export b Follow the directions of your browser to save the alerts or events to your computer Note The Location button that is shown on some screens is not functional in this release The location functionality will be added in a later release Monitor the Wireless Controller You can view a summary of the status of the wireless controller and its components and view individual components e Summary See View the Wireless Controller Summary Screen e Usage See View Wireless Controller Usage e Access Points See View Access Points Managed by the Wireless Controller e Clients See View Clients Managed by
113. ays only when you select Open System Shared Key WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK from the Network Authentication menu MAC ACL Select one of the following radio buttons e Local Use local MAC authentication The Local MAC ACL Group menu displays so you can select a group For more information see Manage MAC Authentication and MAC Authentication Groups on page 81 e External Use external MAC authentication The External Radius Server menu displays so you can select a server You can use either the basic Auth RADIUS server or a RADIUS server of an advanced authentication group You cannot use the external LDAP server For information about setting up and enabling internal and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 85 Note The MAC ACL radio buttons do not display onscreen if the network authentication uses an external RADIUS server The reason for this is that you can configure either MAC authentication with an external RADIUS server or network authentication with an external RADIUS server but not both That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 or you use Legacy 802 1X you cannot use external MAC authentication and the MAC ACL radio buttons do not display on screen You can still use internal MAC authentication Manage Security Profiles and Profile Groups 75 ProSAFE Wireless Controller
114. cess Point Configuration Monitor Maintenance Stacking Diagnostics gt Discovery Wizard Managed AP List Managed AP List Search IP MAC Model Name Status FI 192 168 0 145 c0 3f 0e 7b 26 d0 WNAP210 netgear7B26D8 Connected m 192 168 0 146 cO 3f 0e 7b i24 80 WNAP210 netgear7B2488 Connected o 192 168 0 144 4 3d c7 31 06 60 WNDAP360 netgearA10668 Connected Capability 2 4ghz Mode 5ghz Mode BGN NA Local basic 802 11bgn basic BGN 802 11bgn NA O basic 802 11bgn 802 11a O REMOVE EDIT REFRESH After the access points are added to the Managed AP List the wireless controller upgrades the firmware of the access points to the latest firmware that is loaded on the wireless controller and the access points become managed access points Depending on the number of access points that you add to the Managed AP List this process might take several minutes By default the access point upgrade process uses multicast If you need to configure a specific multicast IP address range for the upgrade process or disable multicast see Configure Multicast Firmware Upgrade for Access Points on page 168 If one or more access points do not transition to the Connected state see the Status column in the Managed AP List see Problems with Access Points on page 202 For information about how to manage the Managed AP List see Manage the Managed AP List on page 100 Discover and Manage Access Points 95 ProSAFE Wireless Controller W
115. cess Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal gt General IP Settings gt Time IP Address 192 168 0 251 gt IP VLAN IP Subnet Mask 255 255 255 0 DHCP Server Default Gateway 192 168 0 1 Certificates Primary DNS Server 192 168 0 1 Alerts Logs Secondary DNS Server WINS Server Management LAN Settings Management LAN untagged LAN CANCEL APPLY 2 Configure the settings as described in the following table Setting Description IP Settings section IP Address Enter the IP address of the wireless controller The default IP address is 192 168 0 250 To change it enter an available IP address from the address range used on your LAN IP Subnet Mask Enter the subnet mask value used on your LAN The default value is 255 255 255 0 Default Gateway Enter the IP address of the gateway for your LAN Primary DNS Server Enter the IP address of the primary Domain Name Server DNS that you want to use Secondary DNS Server Enter the IP address of the secondary DNS that you want to use WINS Server Enter the IP address of the Windows Internet Name Service WINS that you want to use Management VLAN Settings section Management VLAN Enter the management VLAN For information see Management VLAN Concepts on page 49 Untagged VLAN Select this check box if the configured VLAN is untagged For information s
116. cess control list ACL to control access of wireless clients first create one or more MAC ACLs Configure the basic MAC ACL on the basic MAC Authentication screen see Configure Basic Local MAC Authentication Settings on page 82 For more complex networks configure additional MAC ACLs on the advanced MAC Authentication screen see Configure Local MAC Authentication Groups on page 84 After you have configured one or more MAC ACLs you can then assign any MAC ACL to a security profile in a basic profile group or advanced profile group Cloning profiles For faster setup you can clone a profile and rename it Cloning copies all settings except for the name and SSID Basic and Advanced Security Configuration Concepts The basic security configuration model Configuration gt Security gt Basic does not apply strictly to the basic profile group nor does the advanced security configuration model Configuration gt Security gt Advanced apply strictly to advanced profile groups The reason is that you apply an authentication server and a MAC ACL to an individual profile and not toa profile group Basic security settings You can apply the following security settings to any profile whether in the basic profile group or in an advanced profile group Basic MAC authentication the MAC ACL group that is called basic Basic authentication server the RADIUS server that is called basic Auth or the LDAP server that is called basic L
117. cess to the network You do not need to configure guest accounts Captive A captive portal with a field for entering a login user name and a field for entering a password If you select this option the Radius Server radio buttons and menu display For information about how to configure captive portal users and accounts see Manage Users Accounts and Passwords on page 116 Radius Server Note This setting is for a Captive portal only Select one of the following radio buttons e Local Use the local authentication server e External Select an external authentication server from the drop down list Note For information about setting up and enabling internal and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 85 Max Clients Per User Specify the number of clients that a single captive portal user can open with the same the login information The default setting is 1 The maximum number of clients that you can select from the menu is 5 Reauthentication Timeout Specify the period after which a user who has been idle needs to be reauthenticated The minimum period is 30 minutes The maximum period that you can select is through the menus is three hours Select Placement Load Background Image EULA section Select Center Bottom or Top to specify the location of the login prompt on the login screen Optional Click Browse to navigate to and sele
118. controller for N 1 redundancy or a group of up to three stacked wireless controllers with or without a redundant wireless controller Redundancy and stacking will be supported in a future release Introduction 14 ProSAFE Wireless Controller WC9500 The WC9500 wireless controller system supports the following access point models NETGEAR WNAP210v2 ProSAFE Wireless N Access Point NETGEAR WNAP320 ProSAFE Wireless N Access Point NETGEAR WNDAP350 ProSAFE Dual Band Wireless N Access Point NETGEAR WNDAP360 ProSAFE Dual Band Wireless N Access Point NETGEAR WNDAP380R ProSAFE Dual Band Wireless N Access Point with RFID support Future releases might support additional access point models NETGEAR ProSAFE Access Points You can connect access points to the wireless controller either directly with an Ethernet cable through a router or switch or remotely through an IP network After you have used the automatic discovery process and added access points to the managed access point list on the wireless controller the wireless controller converts the standard access points to dependent access points by pushing firmware to the access points From then on you can centrally manage and monitor the access points A WC9500 wireless controller system can support the following access points WNAP210v2 ProSAFE Wireless N Access Point Supports 802 11b 802 119 and 802 11n network devices Supports Power over Ethernet PoE with a power consumptio
119. ct an image file for the background of the login screen You can use a gif jog or omp image EULA Text Required Select this check box if you want to present the end user license agreement EULA on the guest login screen or captive portal login screen so users can view the EULA before they log in Enter the EULA text in the text field 3 Optional Click Preview The portal settings that you have configured display The default URL for the captive portal is http 192 168 0 250 guest_access index php 4 Click Apply Manage Rogue Access Points Guest Network Access and Users 114 ProSAFE Wireless Controller WC9500 5 Assign the captive portal or guest portal to a security profile in the basic profile group in an advanced profile group or in both e Basic profile group Assign the captive portal or guest portal to a security profile in the basic profile group a Select Configuration gt Profile gt Basic gt Radio The Edit Profile Basic screen displays b Click the tab for the radio for which you want to assign the portal e Click the tab for the profile to which you want to assign the portal In the Authentication Settings section of the screen select the Captive Portal check box The Captive Portal check box displays only when you select Open System Shared Key WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK from the Network Authentication menu Click Apply Advanced profile grou
120. d 5 GHz Channel 36 5 180Ghz Current Operating 5 GHz Channel 36 5 180Ghz Load Balancing Max Clients 802 11b bg ng Load Balancing Signal Quality 802 11b bg ng Load Balancing Max Clients 802 11a na Load Balancing Signal Quality 802 11a na Profile Info Monitor the Wireless Network and Its Components 178 ProSAFE Wireless Controller WC9500 AP Details Profile Info Type SSID Security 802 11b ba ng NG_119 31 Open 802 11b bg ng NG_i1g 33 Open 802 11a na NG_11a 31 Open Client Info MAC Channel Security Rogue AP Info Type Reported In Same Channel In Interfering Channel Statistics Device Unicast Packets Received Broadcast Packets Received Wired Ethernet 1943 1455 Wireless 11bg 0 o Wireless 11a u o The following table describes the fields of the AP Details screen Item Description AP Info This information is self explanatory Profile Info For each security profile that is configured on the selected access point the following information displays Type The type of profile 802 11b bg ng or 802 11a na SSID The wireless network SSID for the security profile Security The security mode Open WEP WPA WPA2 or WPA WPA2 for the security profile VLAN The VLAN ID or VLAN name for the security profile Client Info The information that displays depends on the type and security of the connection that the client has to the access point For each
121. d IP 192 168 0 249 Use Default DNS Server Primary DNS Server 192 168 0 1 Secondary DNS Server Use Default WINS Server WINS Server 4 Make your changes see the previous table 5 Click Apply gt To delete a DHCP server 1 Select Configuration gt System gt DHCP Server The DHCP Server List screen displays 2 Select the radio button in the Edit Remove column that corresponds to the DHCP server that you want to remove 3 Click Remove Configure the System and Network Settings and Register the Licenses 53 ProSAFE Wireless Controller WC9500 Register Your Licenses Make sure that your licenses cover the number of access points in your network Before you can register your licenses you need to configure the license server settings Note When you install your licenses they replace the default trial license for five access points For more information about licenses see Licenses on page 18 and Manage Licenses on page 165 Configure the License Server Settings Although you generally do not need to change the default license update server you need to make sure that the wireless controller can reach the license update server gt To configure the license server settings 1 Select Maintenance gt License 2 Click the Server Settings tab The Server Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Bac
122. d flexibility of data transmission To enable this feature select the Enable radio button which is the default setting Select the Disable button to disable the feature 7 Click Apply Edit and Remove Profiles in the Basic Profile Group You can easily change or remove a profile from the basic profile group gt To edit an existing profile 1 Select Configuration gt Profile gt Basic gt Radio The Edit Profile Basic screen displays 2 Click the tab for the radio for which you want to edit a profile 3 Click the tab for the profile that you want to edit 4 Change the settings For information about how to change the settings see Configure Profiles in the Basic Profile Group on page 67 Manage Security Profiles and Profile Groups 70 ProSAFE Wireless Controller WC9500 5 Click Apply gt To remove an existing profile 1 Select Configuration gt Profile gt Basic gt Radio The Edit Profile Basic screen displays Click the tab for the radio for which you want to remove a profile Click the tab for the profile that you want to remove Click Delete Confirm that you want to delete the profile ee Pos Configure Security Profiles for Advanced Profile Groups Advanced profile groups are useful for larger deployments NETGEAR recommends that you read the information in the Wireless Security Profile Concepts on page 64 before you configure any profile groups and profiles Advanced Profile Groups The
123. der guidance of NETGEAR technical support only The function of each LED is described in the following table Table 1 LED functions status Description o Power LED Green The green Power LED should be lit when the wireless controller is on Off If the power LED is not lit when the wireless controller is on check the connections and check to see if the power outlet is controlled by a wall switch that is turned off see Power LED Is Not Lit on page 198 Status LED Yellow The wireless controller is initializing After approximately two minutes when the wireless controller has completed its initialization the Status LED turns green If the Status LED remains yellow the initialization has failed see Status LED Never Turns Off on page 198 Green The wireless controller has completed its initialization successfully The Status LED should be steady green during normal operation Introduction 12 ProSAFE Wireless Controller WC9500 Table 1 LED functions continued LED Status Description Status LED continued The wireless controller does not have power Blinking yellow Firmware is being upgraded Fan LED The fans are functioning correctly One or more fans are not functioning correctly The wireless controller functions as the primary controller master in a stack Stacking will be supported in a future release Yellow The wireless controller functions as a secondary co
124. displays 2 Click the Browse button 3 Navigate to the saved configuration file A WARNING When you click Apply to restore the configuration file do not try to go online turn off the wireless controller shut down the computer or do anything else to the wireless controller until the wireless controller finishes rebooting When the Status LED turns green wait a few more seconds before you do anything 4 Click Apply The configuration file is loaded onto the wireless controller and the wireless controller reboots Upgrade the Firmware The wireless controller provides two methods for upgrading its firmware e Scheduled automatic update e Manual update There are two boot partitions to allow you to switch the wireless controller from one firmware version to another You can configure the wireless controller to download firmware from a TFTP or FTP server and upgrade the firmware on the wireless controller when it is least disruptive You can also download firmware manually to a computer and upload it to the wireless controller from a local file Note In some cases such as a major firmware upgrade you might need to erase the configuration and manually reconfigure the wireless controller after the firmware upgrade Refer to the Release Notes for the firmware version to find out if you need to reconfigure the wireless controller Maintain the Wireless Controller and Access Points 153 ProSAFE Wireless Controller WC9500
125. ds that are required for each upgrade location e TFTP Upgrade from a TFTP server The Server IP and File Name server parameters fields display e FTP Upgrade from an FTP server The Server IP File Name User Name and Password server parameters fields display e Local File Upgrade from a local file that you have downloaded The server parameter fields do not display but the Browse field becomes available Follow the directions of your browser to select the firmware upgrade file from your computer Maintain the Wireless Controller and Access Points 154 ProSAFE Wireless Controller WC9500 Setting Description Server Parameters section TFTP and FTP only Server IP Enter the IP address of the TFTP or FTP server File Name Enter the file name of the firmware User Name FTP only Enter the user name to access the FTP server Password FTP only Enter the password to access the FTP server Boot Information section Active Partition This is an informational field that displays the active partition and the current firmware version Boot Partition to Upgrade Select the radio button for the partition to which the new firmware should be saved After upgrade boot from Select the radio button for the partition from which the wireless controller should reboot after the firmware has been upgraded Schedule section Schedule Update Status This is an informational field that displays when the firm
126. e AP EDCA parameters only Specify an upper limit in milliseconds for the doubling of the random backoff value Valid values for this field are 1 3 7 15 31 63 127 255 511 or 1023 The value for the maximum contention window CwMax needs to be higher than the value for minimum contention window CwMin These are the default values for the AP These are the default values for the EDCA parameters Station EDCA parameters Data 0 Best Effort 63 Data 0 Best Effort 1023 Data 1 Toi 1023 Data 1 eri 1023 Data 2 Video 1 Data 2 Video 1 Data 3 Voice 7 Data 3 Voice 7 Specify in milliseconds the maximum burst length allowed for packet bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information Valid values for maximum burst length are 0 0 through 999 9 The maximum burst length applies only to AP EDCA parameters These are the default values for the AP EDCA parameters Data 0 Best Effort 0 Data 1 Background 0 Data 2 Video 3008 Data 3 Voice 1504 Configure Wireless and QoS Settings 146 ProSAFE Wireless Controller WC9500 Setting Description TXOP Limit Specify the transmission opportunity TXOP limit Note StationEDCA The TXOP limit applies only to station AP EDCA parameters and specifies the parameters only maximum period during which the client station client can initiate transmissions These are the default values for
127. e In the advanced configuration you cannot change the names of profile groups However you can change the group names of MAC ACLs and external RADIUS servers Considerations Before You Configure Profiles Before you create and configure profiles for the basic profile group or an advanced profile group consider the following e Authentication servers If you want to use external LDAP or RADIUS authentication or both first configure the authentication server settings Configure basic server settings on the basic Authentication Server screen see Configure Basic Authentication Server Settings on page 86 For more complex networks configure additional RADIUS servers on the advanced Authentication Server screen see Configure RADIUS Authentication Server Groups on page 88 After you have configured authentication server settings you can then assign any authentication server to a security profile in a basic profile group or advanced profile group Manage Security Profiles and Profile Groups 65 ProSAFE Wireless Controller WC9500 Note You can configure profiles to function with different authentication servers For example you could set up a guest profile with no authentication an engineering profile that uses external RADIUS authentication and a marketing profile that uses external LDAP authentication You can also use additional external RADIUS servers in other profiles MAC authentication If you want to use a MAC ac
128. e Stacking Diagnostics User Management Upgrade Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts License Settings Inventory Server Settings Registration Advanced key key Type Key Status 5 Click Replace The wireless controller connects to the license update server and retrieves your licenses Reboot Access Points Under normal circumstances there is no reason to reboot an access point If there is a problem with an access point you can reboot it to see if this resolves the problem gt To reboot an access point 1 Select Maintenance gt Reboot Reset gt Access Points Maintain the Wireless Controller and Access Points 167 ProSAFE Wireless Controller WC9500 The Reboot Access Points screen displays Access Point Configuration Monitor Stacking Diagnostics User Management Upgrade Licensing Backup Restore Extended Storage Remote Management Logs amp Alerts Controllers Reboot Access Points gt Access Points eet _ Search IP MAC Name Building Floor Location Status a 192 168 0 153 cO 3f 0e 7b 26 d0 netgear7B26D8 Building 1 Floor 1 Connected o 192 168 0 154 c0 3f 0e 7b 24 80 netgear7B2488 Building 1 Floor 1 Connected 192 168 0 152 c4 3d c7 21 06 60 netgearA10668 Building 1 Floor 1 Connected CANCEL REBOOT 2 Optional In the Search field enter the IP address MAC address model or name of an access point that you want to reb
129. e at least one access point assigned to the profile group for the radio for which you want to configure the wireless settings gt To configure wireless settings for an advanced profile group 1 Select Configuration gt Wireless gt Advanced gt Wireless The Advanced Wireless Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal S Basic Advanced Wireless Settings Advanced Radio On Off Group 1 Group 2 Group 3 gt Wireless QoS Settings RF Management 802 11b bg ng 802 1lla na Turn Radio On v Wireless Mode 802 11ng Y Data Rate Best v Channel Width 20 40 MHz Dynamic Guard Interval 800 ns Y RTS Threshold 0 2347 2347 Fragmentation Length 256 2346 2346 Beacon Interval 100 1000 100 Aggregation Length 1024 65535 65535 AMPDU enable disable RIFS Transmission O enable disable DTIM Interval 1 255 3 Preamble Type auto Long AP Name Access Point Channel Tx Power netgearA10668 1 2 412Ghz v Half CANCEL APPLY Configure Wireless and QoS Settings 133 ProSAFE Wireless Controller WC9500 Click the tab for the profile group for which you want to configure the wireless settings Click the tab for the radio for which you want to configure the wireless settings Select the Turn Radio On check box The wireless settings become accessible and you can configure them If you cannot select the T
130. e connection from the computer to the wireless controller and reboot your computer e If the wireless controller s IP address has been changed and you do not know the current IP address reset the wireless controller s configuration to factory default settings This sets the wireless controller s IP address to 192 168 0 250 For more information see Reboot or Reset the Wireless Controller on page 156 Troubleshooting 199 ProSAFE Wireless Controller WC9500 If you do not want to revert to the factory default settings and lose your configuration settings you could use one of the following methods to discover the IP address of the wireless controller Reboot the wireless controller and use a sniffer to capture packets sent during the reboot Look at the ARP packets to locate the wireless controller s LAN interface address Run an IP scanner application in your network to discover the IP address of the wireless controller Connect a serial cable between a computer and the wireless controller and use the ipconfig command to discover the IP address of the wireless controller Internet Browser e Make sure that you are using the http address login rather than the https address login e Make sure that your browser has Java JavaScript or ActiveX enabled If you are using Internet Explorer click Refresh to be sure that the Java applet is loaded e Try quitting the browser and launching it again e Make sure that you
131. e radios Schedule the entire network to go offline or schedule access point profile groups to go offline Manage wireless settings and channel allocation Manage the wireless settings such as wireless mode data rate and channel width for the entire network or for access point profile groups and manage channel allocation for the entire network Manage QoS settings Manage QoS queue settings for data background video and voice traffic for access point profile groups Configure RF management settings Configure WLAN healing and wireless coverage hole detection for the entire network or for access point profile groups For more information see Chapter 8 Configure Wireless and QoS Settings Monitor the Network and Its Components Monitor the status of all wireless devices View the status of the wireless controllers access points clients access point profiles and the entire network and view network usage statistics Monitor network health See which access points are healthy and which ones are down or compromised Introduction 17 ProSAFE Wireless Controller WC9500 For more information see Chapter 10 Monitor the Wireless Network and lts Components Licenses By default the wireless controller comes with a trial license for five access points You need to purchase and register licenses for the access points in your network You can purchase a single 200 access point license or licenses in 10 50 or 100 access po
132. e the general channel allocation settings for individual access points on the Basic Wireless Settings screen and on the Advanced Wireless Settings screen For more information see e Override Channel and Transmission Power in the Basic Profile Group e Override Channel and Transmission Power in an Advanced Profile Group gt To change the channel allocation 1 Select Configuration gt Wireless gt Basic gt Channel Allocation The Channel Allocation screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Security Profile WLAN Network Captive Portal w Basic Channel Allocation Rao onon Automatic channel allocation enable O disable Wireless Channel Allocation RF Management Advanced Valid corporate channels 6 7 8 10 11i 9 EADE B 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 MHAHAAHAABRBAHBAD BBG 128 132 136 149 153 157 161 6 MO Prevent channel change during Active voice call O enable disable High Traffic Load O enable disable Schedule channel allocation Run channel allocation at Run channel allocation every CANCEL RUN NOW APPLY Configure Wireless and QoS Settings 138 ProSAFE Wireless Controller WC9500 2 Configure the settings as described in the following table Setting Automatic channel allocation Ensure that the enable radio button is selected during normal operation Automatic channel allocation distributes chann
133. eason such as device vendor specifications that require you to use different settings Using QoS Wi Fi MultiMedia WMM ensures that the applications that require better throughput and performance are provided special queues with higher priority For example video and audio applications are given higher priority over applications such as FTP WMM defines the following four queues in decreasing order of priority e Voice The highest priority queue with minimum delay which makes it ideal for applications such as voice over IP VoIP and streaming media e Video The second highest priority queue with low delay is given to this queue Video applications are routed to this queue Best Effort The medium priority queue with medium delay is given to this queue Most standard IP applications use this queue e Background Low priority queue with high throughput Applications such as FTP that are not time sensitive but require high throughput can use this queue QoS prioritization and coordination of wireless medium access is on QoS settings on the access point control downstream traffic flowing from the access point to the client station AP Enhanced Distributed Channel Access EDCA parameters and the upstream traffic flowing from the client station to the access point Station EDCA parameters Configure Wireless and QoS Settings 144 ProSAFE Wireless Controller WC9500 The Advanced QoS Settings screen lets you modify the QoS sett
134. ecurity profiles for the basic profile group or for advanced profile groups For detailed configuration steps see e Configure Security Profiles for the Basic Profile Group on page 67 e Configure Security Profiles for Advanced Profile Groups on page 71 b Optional Configure authentication servers Installation and Configuration Overview 43 10 ProSAFE Wireless Controller WC9500 For more information see Manage Authentication Servers and Authentication Server Groups on page 85 c Optional Configure MAC authentication For more information see Manage MAC Authentication and MAC Authentication Groups on page 81 d Optional Assign the authentication servers and MAC ACLs to the security profiles For more information see e Configure Security Profiles for the Basic Profile Group on page 67 e Configure Security Profiles for Advanced Profile Groups on page 71 Configure the managed access point list a Run the Discovery Wizard and add access points to the managed list For more information see Discover Access Points with the Discovery Wizard on page 92 b Optional Configure access points that are on the managed list For more information see Manage the Managed AP List on page 100 c Optional Assign access points to advanced profile groups For more information see Assign Access Points to Advanced Profile Groups on page 104 Optional Configure rogue access point detection For more information see Mana
135. ediereereatens 167 Configure Multicast Firmware Upgrade for Access Points 168 Change the Multicast Firmware Upgrade Settings 169 Disable Multicast Firmware Upgrade 20000 eae 169 Chapter 10 Monitor the Wireless Network and Its Components Common Tasks on the Monitoring Screens 0 00005 172 Monitor the Wireless Controller 0 0000 cece eee eee eee 173 View the Wireless Controller Summary Screen 173 View Wireless Controller Usage 2 0 000 cece eee eee 175 View Access Points Managed by the Wireless Controller 176 View Clients Managed by the Wireless Controller 180 View Neighboring Clients Detected by the Wireless Controller 184 View Neighboring Access Points Detected by the Wireless Controller 185 View Security Profiles Managed by the Wireless Controller 186 View DHCP Leases Provided by the Wireless Controller 187 View Captive Portal Users Managed by the Wireless Controller 188 Monitor the SSIDS 602 2 Secs seas rrer oda aed eaae aa eeaemaas 188 Momit r Local Cents ers srersar he nihand ane este Ged fare amp Wakes s 193 Chapter 11 Troubleshooting Troubleshoot Basic Functioning 0060 cece eee eee 198 Power LED Is Not LI isda caged ian ae hd ERR eS FSA BOOS 198 Status LED Never Turns Off 00 000 cece eee eee 198 Ethernet Port LEDs Are Not Lit 0 000000 eaee 199
136. ee Untagged VLAN Concepts on page 49 3 Click Apply Configure the System and Network Settings and Register the Licenses 50 ProSAFE Wireless Controller WC9500 Manage the DHCP Server Note Make sure that a DHCP server is available otherwise the Discovery Wizard does not function correctly If you already have a DHCP server on your network do not enable the DHCP server on the wireless controller The wireless controller can function as a DHCP server You can add multiple DHCP server pools for different VLANs By default there is no DHCP server pool The DHCP Server List screen lets you add a DHCP server pool gt To adda DHCP server and configure its settings 1 Select Configuration gt System gt DHCP Server The DHCP Server List screen displays The following figure shows part of the DHCP Server List screen Because this is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal General DHCP Server List gt Time IP LAN gt gt DHCP Server 5 gt Certificates gt Alerts Logs Management 192 168 0 0 255 255 255 0 192 168 0 1 25 192 168 25 0 255 255 255 0 192 168 25 1 Start IP End IP Primary DNS Secondary DNS WINS Server 192 168 0 130 192 168 0 249 192 168 0 1 Enabled 192 168 25 2 192 168 25 254 192 168 0 1 Enabled J remove il cance d The DHC
137. els across the managed access points to reduce interference To disable automatic channel allocation select the disable radio button Valid corporate channels Specify the wireless band by selecting the 2 4 GHz or 5 GHz check box For each wireless band the following applies e You can remove one or more channels from the list of available channels by clearing their check boxes This is a good way to avoid interference with competing equipment such as in a medical setting where medical devices use a specific channel You cannot add channels The wireless controller determines available channels based on the country or region that you specified on the General Settings screen see Configure General Settings on page 47 Prevent channel change during Active voice call Select the enable radio button to prevent Note If the wireless controller is channel changes during voice calls prevented from reallocating a Select the disable radio button to allow channel channel because it is in use the changes during voice calls This is the default wireless controller checks again at setting le a ane High Traffic Load Select the enable radio button to prevent channel changes during a high traffic load Select the disable radio button to allow channel changes during a high traffic load This is the default setting Schedule channel allocation Run channel From the menus select the hour and minutes Note NETGEAR recommends that allocation at w
138. entages of the two profiles that use the 802 11a na mode cannot exceed 100 percent On each managed access point or on each radio in a managed dual band access point the available bandwidth is distributed in the specified percentages among the profiles in a profile group The percentage that is configured for a single profile is shared among all the clients connected to it If you do not want to configure rate limiting for a profile configure rate limiting as 0 zero percent This effectively disables rate limiting for that profile A setting of 0 zero percent can work well for profiles that are used for management administration or testing Rate Limiting for the Basic Profile Group In the basic profile group for each radio mode 802 11b bg ng mode and 802 11a na mode rate limiting per profile adds up to a maximum of 100 percent It can be less than 100 percent There is a tab for each wireless radio mode gt To configure rate limiting for the basic profile group 1 Select Configuration gt Profile gt Basic gt Rate Limit The basic Rate Limit screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security WLAN Network Captive Portal Basic Rate Limit Radio Load Balancing 802 11b bg ng 802 11a na gt Rate Limit Advanced Profile Name SSID Rate Limit VLAN10 VLAN10 M VLAN20 VLAN20 R T VLAN3O VLANSO CANCEL APPLY 2 Click the tab for
139. er the start IP address of the range that the DHCP server can assign endip Enter the end IP address of the range that the DHCP server can assign Use Default DNS Server Select this check box to allow the DHCP server to use the wireless controller s default DNS servers The Primary DNS Server and Secondary DNS Server fields are masked out Primary DNS Server Enter the IP address of the primary DNS server for the network Configure the System and Network Settings and Register the Licenses 52 ProSAFE Wireless Controller WC9500 Setting Description Secondary DNS Server Enter the IP address of the secondary DNS server for the network Use Default WINS Server Select this check box to allow the DHCP server to use the wireless controller s default WINS server The WINS Server field is masked out WINS Server Enter the IP address of the WINS server for the network 4 Click Add The new DHCP server is added to the DHCP Server List gt To edit a DHCP server 1 Select Configuration gt System gt DHCP Server The DHCP Server List screen displays 2 Select the radio button in the Edit Remove column that corresponds to the DHCP server that you want to edit 3 Click Edit The Edit DHCP Server pop up screen displays Edit DHCP Server DHCP Settings Enable Use LAN Interface LAN IP Network 192 168 0 0 Subnet Mask 255 255 255 0 Default Gateway 192 168 0 1 Start IP 192 168 0 130 En
140. ess Point NAME netgear782488 MAC c0 3f 0e 7b 24 80 IP 192 168 0 146 MODEL WNAP210 Site 0 added to Managed List Thu Feb 14 28 24 53 2013 Normal Access Point NAME netgearAl0668 MAC c4i3dic71 91106160 IP 192 168 0 144 MODEL WNDAP360 Site 0 added to Managed List Thu Feb 14 18 24 53 2013 1 16 of 99 Entry Per Page Default PREVIOUS 1 of 7 NEXT REFRESH CLEAR ALL EXPORT Maintain the Wireless Controller and Access Points 163 ProSAFE Wireless Controller WC9500 gt To view RF events Select Maintenance gt Logs amp Alerts gt RF Events The RF Events screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management RF Events gt System Alerts gt RF Events gt Load Balancing gt Rate Limit gt Redundancy gt Stacking gt Logs Search Severity Normal Description Raised Time Automatic Tx Power Computation adjusted Power for following AP s netgear7B26D08 cO Sf 0e 7b 26 d0 BG mode Radio Power EIGHTH netgear7B2488 cO 3f 0e 7b 24 80 BG mode Radio Power EIGHTH Mon Feb 04 18 10 07 2013 gt To view load balancing events Select Maintenance gt Logs amp Alerts gt Load Balancing The Load Balancing screen displays Access Point User Management gt System Alerts gt RF Events gt Load Balancing Rate Limit gt Redu
141. esses to the access points enabling them to join the multicast group and to receive the firmware upgrade Maintain the Wireless Controller and Access Points 168 ProSAFE Wireless Controller WC9500 Change the Multicast Firmware Upgrade Settings By default the wireless controller uses IP range 239 255 0 0 239 255 0 255 for the multicast firmware upgrade process If your network requires that the wireless controller uses a different multicast IP range you can configure the IP range on the AP Upgrade Settings screen gt To configure another multicast IP address range and port for the firmware upgrade process 1 Select Maintenance gt Upgrade gt AP Upgrade Settings The AP Upgrade Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics LOGOUT Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts Firmware AP Upgrade Settings Upgrade Enable MultiCast gt AP Upgrade Settings E J Start IP 239 25s o0_ o0_ End IP 239 255 o 255 Port Number 69 CANCEL APPLY 2 Configure the settings as described in the following table Setting Description Start IP Enter the start IP address of the multicast range that the wireless controller should use End IP Enter the end IP address of the multicast range that the wireless controller should use Port Number Enter the port number that the wireless controller should u
142. etworks on page 96 e Make sure that a DHCP server is available in the network or on the wireless controller For information about the wireless controllers DHCP server see Manage the DHCP Server on page 51 e For more information see Problems with Access Points on page 202 Optional Click Restart The discovery process runs again Optional From the Site menu select Remote for each access point that you want to designate as a remote access point By default all discovered access points are designated as Local The Remote and Local designations are for organization only Note The wireless controller cannot discover remote access points over a site to site VPN connection or behind a remote NAT router without a VPN connection This capability will be added in a future release Do one of the following e Select individual check boxes for discovered access points that you want to add to the managed list e Select the check box in the upper right of the table heading to add all discovered access points to the managed list Click Add Depending on the type of access points that have been discovered a screen that lets you enter or ignore a login name and password might display Discover and Manage Access Points 94 ProSAFE Wireless Controller WC9500 10 If necessary enter the login name and password The Managed AP List screen displays Because this is a wide screen it is shown in the following two figures Ac
143. f the port is connected to a 1000 Mbps device verify that the port s right LED is green If the port functions at 100 Mbps the right LED is yellow If the port functions at 10 Mbps the right LED is off If any of these conditions do not occur see to the appropriate following section Power LED Is Not Lit If the Power and other LEDs are off when your wireless controller is turned on make sure that the power cord is correctly connected to your wireless controller and that the power supply adapter is correctly connected to a functioning power outlet If the error persists you have a hardware problem and should contact NETGEAR technical support Status LED Never Turns Off When the wireless controller is powered on the Status LED is lit yellow for approximately two minutes and then turns green when the wireless controller has completed its initialization If the Status LED remains yellow a fault has occurred within the wireless controller If the Status LED is yellow more than several minutes minute after power up e Turn off the power and turn it on again to see if the wireless controller recovers e Reset the wireless controller s configuration to factory default settings Doing so sets the wireless controller s IP address to 192 168 0 250 For more information see Reboot or Reset the Wireless Controller on page 156 If the error persists you might have a hardware problem and should contact NETGEAR technical support Tr
144. figure QoS for Advanced Profile Groups on page 144 WMM Powersave The WMM Powersave feature saves power for battery powered equipment by increasing the efficiency and flexibility of data transmission To enable this feature select the Enable radio button which is the default setting Select the Disable button to disable the feature 8 Click Apply Edit and Remove Profiles in an Advanced Profile Group You can easily change or remove a profile from an advanced profile group gt To edit an existing profile to an advanced profile group 1 Select Configuration gt Profile gt Advanced gt Radio The Profile Groups screen displays 2 Click the tab for the profile group for which you want to edit a profile 3 Click Edit The Edit Profile screen displays 4 Click the tab for the radio for which you want to edit a profile Manage Security Profiles and Profile Groups 76 ProSAFE Wireless Controller WC9500 5 Click the tab for the profile that you want to edit 6 Change the settings For information about how to change the settings see Configure Profiles in an Advanced Profile Group on page 73 7 Click Apply gt To remove an existing profile from an advanced profile group 1 Select Configuration gt Profile gt Advanced gt Radio The Profile Groups screen displays 2 Click the tab for the profile group for which you want to remove a profile Click Edit The Edit Profile Group X screen displays
145. ge 77 Note these guidelines for captive portal user authentication and accounting through an external RADIUS server You can use either the basic Auth RADIUS server or a RADIUS server of an advanced authentication group You cannot use the external LDAP server The wireless controller uses CHAP or MS CHAP as the authentication protocol with the authentication server The following RADIUS authentication variables are supported on the wireless controller User Name User Password WISPr Session Terminate Time Session Timeout If you change the values for any of these variables before the wireless client disassociates from the access point the new values are not updated on the wireless controller A managed access point can send accounting information to the external RADIUS server because the wireless controller functions as a proxy RADIUS client for the managed access point The following RADIUS accounting variables are supported on the wireless controller Acct Input Octets Acct Output Octets Acct Input Gigawords Acct Input Gigawords Manage Rogue Access Points Guest Network Access and Users 112 ProSAFE Wireless Controller WC9500 Configure a Portal You can configure a guest portal or captive portal with a local or external authentication server gt To configure a guest portal or a captive portal 1 Select Configuration gt Captive Portal The Portal Settings screen displays The following fi
146. ge Rogue Access Points on page 108 Optional Configure a guest portal or captive portal For more information see Manage Guest Network Access on page 111 Optional Configure user accounts and portal accounts For more information see Manage Users Accounts and Passwords on page 116 Optional Configure wireless and QoS settings For more information see Chapter 8 Configure Wireless and QoS Settings Optional but recommended Back up the configuration For more information see Back Up the Configuration File on page 152 Installation and Configuration Overview 44 ProSAFE Wireless Controller WC9500 Choose a Location for the Wireless Controller The wireless controller is suitable for use in an office environment where it can be freestanding on its runner feet or mounted into a standard 19 inch equipment rack Alternatively you can rack mount the wireless controller in a wiring closet or equipment room A mounting kit containing two mounting brackets and screws is provided in the wireless controller package Consider the following when deciding where to position the wireless controller e The unit is accessible and cables can be connected easily e Cabling is away from sources of electrical noise These include lift shafts microwave ovens and air conditioning units e Water or moisture cannot enter the case of the unit Airflow around the unit and through the vents in the side of the case is not restricted Pro
147. gistered NG2F04 49C9 EB6B 24A5 775D 0C9E 3DF9 269A 453F 10 AP Registered NG2F06 A729 CABB 1A64 C195 90BF CA9A 7346 0ED6 S0 AP Registered Customer Information Company Name First Name Last name Email Address Fax Number Phone Number Address Address2 Zip City State Country VAR Information Company Name First Name Last name Email Address Fax Number Phone Number Address Address2 Zip City State Country CANCEL REFRESH APPLY Complete the Customer Information fields with the customer information that is associated with the key that you want to add and register These fields are self explanatory Complete the VAR Information fields with the value added reseller VAR information that is associated with the key that you want to add and register These fields are self explanatory Configure the System and Network Settings and Register the Licenses 56 ProSAFE Wireless Controller WC9500 6 Inthe Registration Key field at the top of the screen enter the registration key for the license that you want to add and register 7 Click Add The license is added to the table The key details have the same meaning as those shown on the Inventory screen see the Key Details section in the table in View Your Licenses on page 165 8 Click Apply Your license is registered 9 Optional Repeat these steps to register another license The wireless controller lets you remove license keys that are invalid or that d
148. gs configuring 128 access points adding 94 98 antennas configuring 103 autodiscovery 90 channel allocation automatic 137 139 manual 132 137 DHCP client disabling 103 discovery 91 dual band 15 21 64 149 factory default state autodiscovery 92 firmware minimum version 15 floor and building settings 103 IP addresses 103 IP subnet 92 94 known and unknown 110 local 91 98 101 managed status 101 models supported 15 pinging 203 rebooting 167 remote 94 98 101 rogue detecting and managing 108 viewing on the managed access point 180 192 viewing on the wireless controller 185 standalone mode autodiscovery 96 returning to 104 supported models 15 tracing a route 204 troubleshooting 202 Tx power automatically controlling 141 143 manually controlling 133 137 overriding 131 135 viewing on the wireless controller 177 security profiles 179 192 statistics 180 192 VLAN settings 103 access remote 157 accounts captive portal 116 active SSIDs viewing 190 active voice calls preventing channel allocation 139 Advanced Encryption Standard AES 79 advanced profile groups adding groups 71 assigning access points to 104 channels and transmission power overriding 135 described 21 profiles adding and configuring 73 QoS configuring 144 radio turning on and off 127 rate limiting configuring 150 RF management configuring 142 wireless settings configuring 133 advanced settings description 20 64 AES Advanced Encryp
149. gt To view your licenses 1 Select Maintenance gt License Maintain the Wireless Controller and Access Points 165 ProSAFE Wireless Controller WC9500 2 Click the Inventory tab The Inventory screen displays tocour Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts License Settings Inventory Server Settings Registration Advanced Summary Total AP License Nmode License Status Used License Count Available License Count 200 Preinstalled 138 62 Key Details Key Key Type Key Status NG2F06 S0D6 C765 D487 30AC AA43 2867 B63A 85D8 50 AP NG2FO06 38SD F39F 9D9C 2766 BB87 CBDE S806 BDF9 SO AP NG2F04 95DC F01D A13D 871D 1552 2520 8707 0333 10 AP NG2F04 1D30 7951 99DE D18C FOEA B269 636B S82C 10 AP NG2F04 4BC5 5B12 3D6E AA78 4B8F E62F C612 DE63 10 AP NG2F04 3639 1888 D2D3 6F7A 90F6 OAES BF21 SFES 10 AP NG2F04 49C9 EB6B 24A5 775D 0C9E 3DF9 269A 453F 10 AP Registered Registered Registered Registered Registered Registered Registered NG2F06 A729 CABB 1A64 C195 90BF CA9A 7346 0ED6 SO AP Registered REFRESH The following table describes the fields of the screen Setting Description Summary section Total AP License The number of access points that your licenses support Availability of the 802 11n mode license This license is available by def
150. gure shows the settings for a captive portal The settings for a guest portal are identical except for the RADIUS server settings which you cannot configure for a guest portal Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security Profile WLAN Network Portal EULA Portal Settings Settings 2 Portal Type O Guest Captive Radius Server Local O external basic Auth v Max Clients Per User 1 v Reauthentication Timeout hr 04 mins 30 Select Placement center O Bottom O Top Load Background Image bmp gif jpg png Size Limit 5 MB EULA Eula Text Required M Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA Enter the End User License Agreement EULA CANCEL PREVIEW APPLY Manage Rogue Access Points Guest Network Access and Users 113 ProSAFE Wireless Controller WC9500 2 Configure the settings as described in the following table Setting Description Portal Settings section Portal Type Select one of the following radio buttons e Guest A guest portal with a field for entering an email address Guests do not need to provide a password and can have unlimited ac
151. hange the name to one that is meaningful to you The model of the access point This field is populated during the access point discovery process and cannot be edited Discover and Manage Access Points ProSAFE Wireless Controller WC9500 Setting Description Group The group to which the access point is assigned After the access point discovery process the access point is automatically assigned to the basic group If you have set up profile groups you can assign the access point to another profile group by selecting one from the menu You can also change the group assignment later on the WLAN Group Assignment screen For more information see Assign Access Points to Advanced Profile Groups on page 104 IP Settings These fields show the IP address and other IP settings of the access point By default these fields are populated during the access point discovery process These are the functions of the radio buttons e enable By default the enable radio button is selected allowing the access point to function as a DHCP client The IP settings fields are masked out preventing you from making changes e disable Select the disable radio button to disable the access points DHCP client The IP settings fields become available allowing you to make changes including changes to the access point s IP address IP Address The IP address of the access point Subnet Mask The subnet mask of the access point
152. he access point Frequency The channel frequency that the wireless client is using to connect to the access point Auth The security mode that the wireless client is using to connect to the access point Open WEP WPA WPA2 or WPA WPA2 Client Type The wireless mode that the wireless client is using to connect to the access point 802 11ng 802 11 bg 802 11 b 802 11na or 802 11 a Cipher The type of encryption that the wireless client is using WEP AES TKIP or TKIP AES AID The association ID of the client RSSI The received signal strength indicator RSSI of the wireless client Tx Power The transmit power of the wireless client Tx Rate The transmit rate in Mbps of the wireless client Monitor the Wireless Network and Its Components 183 ProSAFE Wireless Controller WC9500 Tx Bytes The number of bytes that the wireless client transmitted Rx Rate The receive rate in Mbps of the wireless client The number of bytes that the wireless client received Tx Packets The number of packets that the wireless client transmitted Rx Packets The number of packets that the wireless client received 5 Click Cancel The Client Details screen closes and the Clients screen displays again View Neighboring Clients Detected by the Wireless Controller The Neighboring Clients screen lets you monitor clients that the wireless controller detected and that are attached to known or rogue access points To view
153. he On radio button to enable the reduced interframe space RIFS option to allow transmission of successive frames at different transmit powers Enabling RIFS can lead to better network performance Select the Off radio button to disable this option Enter the delivery traffic indication message DTIM or the data beacon rate that you want to use This sets the message period of the beacon delivery traffic indication in multiples of beacon intervals Preamble Type 802 11b bg only 6 Click Apply Select one of the following radio buttons to specify the preamble type e Auto Automatically handles both long and short preambles A short transmit preamble provides better performance Auto is the default setting e Long Enables a long transmit preamble to provide a more reliable connection or a slightly longer range Override Channel and Transmission Power in an Advanced Profile Group The table on the Advanced Wireless Settings screen shows the access points that are managed in the profiles of an advanced profile group and to which the channel allocation and advanced RF management settings apply After you have configured the wireless settings for an advanced profile group see the previous section you can change the channel the transmission power or both for individual access points in an advanced profile group Configure Wireless and QoS Settings 135 ProSAFE Wireless Controller WC9500 For you to be able
154. he access points and the wireless controller The access points are connected to a PoE switch which in turn is connected to the wireless controller The uplink of the PoE switch connects to a Layer 3 switch or router that provides Internet access This network configuration has the following prerequisites VLANs 10 20 and 100 are tagged VLANs and are configured on both the wireless controller and the PoE switch The wireless controller is connected to the PoE switch through default VLAN 1 You manage the wireless controller from a computer over VLAN 1 through the PoE switch The DHCP server on the wireless controller is configured in management VLAN 100 to enable the access points to receive an IP address through VLAN 100 The PoE switch port to which the wireless controller is connected is configured as a tagged port to allow tagged traffic from VLAN 100 System Planning and Deployment Scenarios 32 ProSAFE Wireless Controller WC9500 gt To provision the wireless controller Step Configuration Web management interface path 1 Configure the basic system settings 1 Configure the country code of operation Configuration gt System gt General 2 Configure the time settings Configuration gt System gt Time 3 Configure the IP address of wireless controller Configuration gt System gt IP VLAN 4 For initial discovery and configuration of the access points temporarily configure management VLAN 100 as an unt
155. he following radio buttons e Local Use local MAC authentication The Local MAC ACL Group menu displays so you can select a group For more information see Manage MAC Authentication and MAC Authentication Groups on page 81 e External Use external MAC authentication The External Radius Server menu displays so you can select a server You can use either the basic Auth RADIUS server or a RADIUS server of an advanced authentication group You cannot use the external LDAP server For information about setting up and enabling internal and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 85 Note The MAC ACL radio buttons do not display onscreen if the network authentication uses an external RADIUS server The reason for this is that you can configure either MAC authentication with an external RADIUS server or network authentication with an external RADIUS server but not both That is if you configure an external RADIUS server with WPA WPA2 or WPA amp WPA2 or you use Legacy 802 1X you cannot use external MAC authentication and the MAC ACL radio buttons do not display on screen You can still use internal MAC authentication Manage Security Profiles and Profile Groups 69 ProSAFE Wireless Controller WC9500 Setting Description Note Captive Portal displays only when you select Open System Shared Key WPA PSK WPA2 PSK or Note You cannot configure captive
156. he information that is shown in the Clients screen gt To view the clients in the network 1 Select Monitor gt Clients gt Local Client List Because this screen is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics Controller WLAN Local Client List Local Client List gt Blacklisted So Clients Search _ gt Select MAC IP Location AP Name AP IP 00 11 22 33 45 06 192 168 2 106 netgear982948 192 168 0 152 00 11 22 33 45 05 192 168 2 105 netgear982948 192 168 0 152 00 11 22 33 45 04 192 168 2 104 netgear982948 192 168 0 152 00 11 22 33 45 03 192 168 2 103 netgear982948 192 168 0 152 00 11 22 33 45 01 192 168 2 101 netgear982948 192 168 0 152 00 11 22 33 44 0A 192 168 1 110 metgear86E7A8 192 168 0 150 00 11 22 33 44 09 192 168 1 109 netgear86E7A8 192 168 0 150 00 11 22 33 45 02 192 168 2 102 netgear982948 192 168 0 152 00 11 22 33 45 09 192 168 2 109 netgear982948 192 168 0 152 00 11 22 33 45 08 192 168 2 108 netgear982948 192 168 0 152 00 11 22 33 45 07 192 168 2 107 netgear982948 192 168 0 152 00 11 22 33 44 08 192 168 1 108 netgesr86E7AS 192 168 0 150 00 11 22 33 44 07 192 168 1 107 netgear86E7A8 192 168 0 150 00 11 22 33 44 04 192 168 1 104 netgear86E7A8 192 168 0 150 00 11 22 33 44 03 192 168 1 103 netgear86E7AS 192 168 0 150 O oO O O O O O 0 O 00 11 22 33 44 02 192 168 1 102 netgearS6E7
157. hen the channel allocation should run you schedule channel allocation once a day at times when the fewest clients are expected to be connected Run channel Select the check boxes to specify the day or allocation every days when the channel allocation should run IMPORTANT Changing channels might temporarily affect traffic on the managed access points in the network 3 Optional Click Run Now The channel allocation occurs immediately and the selected channels are applied to the managed access points This option is useful when you add a new access point or change your network 4 Click Apply If enabled the channel allocation occurs according to the configured schedule Configure Wireless and QoS Settings 139 ProSAFE Wireless Controller WC9500 Specify RF Management RF management optimizes the channel allocation for access points based on clients user data traffic and the nearby RF environment of access points The wireless controller periodically checks the radio neighborhood maps and detects changes in the radio neighborhood maps or loss of connectivity to the wireless controller by an access point WLAN healing is a special feature of RF management When WLAN healing is used if an access point goes down or loses connectivity other access points share its load to avoid a coverage hole To do this the other access points increase their transmit power WLAN healing is configured per security profile grou
158. ic RF Management screen see RF Management for the Basic Profile Group on page 141 To override the channel and transmission power for individual access points in a security profile of the basic profile group 1 Select Configuration gt Wireless gt Basic gt Wireless Configure Wireless and QoS Settings 131 The Basic Wireless Settings screen displays Access Point System y Basic Radio On Off gt Wireless Channel Allocation RF Management gt Advanced Configuration Security ProSAFE Wireless Controller WC9500 Monitor Profile WLAN Network Basic Wireless Settings 802 11b bg ng 802 1la na Turn Radio On Wireless Mode Data Rate Channel Width Guard Interval RTS Threshold 0 2347 Fragmentation Length 256 2346 Beacon Interval 100 1000 Aggregation Length 1024 65535 Maintenance Stacking Diagnostics Captive Portal cd Best B 20 40 MHz Dynamic 800 ns 2347 2346 100 65535 AMPDU RIFS Transmission enable disable O enable disable DTIM Interval 1 255 3 Preamble Type Auto O Long Access Point Channel Tx Power 1 2 412Ghz_ 111 2 462Ghz 1 2 412Ghz AP Name netgearA10668 netgear7B2488 netgear7B26D8 CANCEL ii APPLY 2 Click the tab for the radio for which you want to configure the wireless settings 3 Configure the settings in the table at the bottom of the screen as described in the following table
159. id not register successfully with the license server However you cannot remove licenses that registered successfully with the license server gt To remove a license 1 Select Maintenance gt License 2 Click the Registration tab The Registration screen displays 3 Inthe table select the radio button that corresponds to the license that you want to remove 4 Click Delete Manage Certificates The internal authentication server for certificate based authentication requires you to install a certificate on the wireless controller A default self signed server certificate is installed on the wireless controller However NETGEAR strongly recommends that you replace this default certificate with a custom certificate issued for your site or domain by a trusted certificate authority CA To obtain a security certificate for the wireless controller generate and submit a certificate signing request CSR to the CA of your choice Upon receiving the CA signed server certificate install the certificate from your computer as described in this section Certificates need to be in X 509 PEM format gt To add certificates 1 Select Configuration gt System gt Certificates Configure the System and Network Settings and Register the Licenses 57 ProSAFE Wireless Controller WC9500 The Add Certificates screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Ne
160. ignal strength indicator RSSI of the wireless client Building The building designation is always Building 1 Floor The floor designation is always Floor 1 SSID The wireless network SSID that the wireless client is using to connect to the access point Security The security mode Open WEP WPA WPA2 or WPA WPA2 that the wireless client is using to connect to the access point Optional To see details about a client a Select the radio button that corresponds to the clients for which you want to see the details b Click Details Monitor the Wireless Network and Its Components 182 ProSAFE Wireless Controller WC9500 The Client Details pop up screen displays Client Details MAC Access Point BSSID SSID Frequency Auth Client Type Cipher AID RSSI Tx Power Tx Rate Tx Bytes Rx Rate Rx Bytes Tx Packets Rx Packets 20 06 07 2C 70 7E netgear7B26D8 CO 3F 0E 78 26 00 VLAN1O 2 412000 GHz open 802 119 none i 35 14 dbm 54 00Mbps 0 1 00Mbps 2326 0 23 The following table describes the fields of the Client Details screen Item Description MAC The MAC address of the wireless client Access Point The name of the access point to which the wireless client is connected BSSID The MAC address of the access point s radio to which the wireless client is connected SSID The wireless network SSID that the wireless client is using to connect to t
161. igure Alarm Notification Settings You can classify certain events as critical major normal or minor Some events you can classify only as critical or major For example on the RF Management screen you can specify whether a coverage hole should be classified as critical or major see RF Management for the Basic Profile Group on page 141 gt To configure alarm actions 1 Select Configuration gt System gt Alerts Logs gt Alarms The Alarm Actions screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal Alarm Actions gt General gt Time Severity Action Email Address EL SLAN Minor No Action v gt DHCP Server gt Certificates v Alerts Logs Logs SysLog gt Alarms Email Setup Normal No Action v Major Add To Syslog v Critical _Add To Syslog 2 For each alarm severity Minor Normal Major and Critical select the desired action from its corresponding Action menu e No Action When the alarm occurs no action is taken Add To Syslog When the alarm occurs the wireless controller adds an entry to the syslog e Send Email When the alarm occurs the wireless controller sends an email 3 For each alarm severity for which you have selected the Send Email option in the previous step enter an email address 4 Click Apply Configure the System and Network Settings and Register the Licenses 61
162. igure rate limiting 4 For each profile on a wireless radio in the selected profile group specify the rate limit as a percentage You can drag the sliders to adjust the values in the rate limit fields to the right of the sliders Make sure that the total percentages of all profiles on one wireless radio in the selected profile group do not exceed 100 percent 5 Click Apply Configure Wireless and QoS Settings 150 Maintain the Wireless Controller and Access Points This chapter includes the following sections Manage the Configuration File Reboot or Reset the Wireless Controller Manage Remote Access Specify Session Time Outs View Alerts and Events and Save the Logs Manage Licenses Reboot Access Points Configure Multicast Firmware Upgrade for Access Points Note Although the web management interface provides an Extended Storage menu tab extended or external storage is not supported Extended storage will be supported in a future release 151 ProSAFE Wireless Controller WC9500 Manage the Configuration File This section includes the following subsections e Back Up the Configuration File Restore the Configuration File e Upgrade the Firmware The configuration settings of the wireless controller are stored in a configuration file on the wireless controller This file can be saved backed up to a computer retrieved restored from the computer cleared to factory default settings and replaced by
163. igured with WPA WPA2 The number of wireless clients that are connected to managed access points using security profiles configured with WPA2 Most Active APs For the most active access points the following information displays Name The name of the access point see Edit Access Point Information on the Managed AP List on page 101 Model The model of the access point WNAP210 WNAP320 WNDAP350 WNDAP360 or WNDAP380R MAC The MAC address of the access point Clients The number of clients that are associated with the access point Most Active Clients For the most active clients the following information displays MAC The MAC address of the wireless client SSID The wireless network SSID that the wireless client is using to connect to the access point Usage KBytes The traffic usage of the wireless client in KB Monitor the Wireless Network and Its Components 174 ProSAFE Wireless Controller WC9500 ltem Description Most Active SSIDs For the most active SSIDs the following information displays SSID The name of the wireless network SSID The number of clients that are using the SSID Clients View Wireless Controller Usage The screen displays graphics that show the access point usage SSID usage and number of clients on the wireless controller Note Adobe Flash player 10 or later is required to display the graphics To view the Usage screen Select Monitor gt
164. ime The period since the access point was last restarted Optional To see details about an access point a Select the radio button that corresponds to the access point for which you want to see the details b Click Details Monitor the Wireless Network and Its Components 190 ProSAFE Wireless Controller WC9500 The AP Details pop up screen displays Because this is a tall screen that you need to scroll through it is shown in the following two figures AP Details Access Point Details AP Info Access Point Name netgear7B26D8 Model WNAP210 Group basic IP Address 192 168 0 159 Ethernet MAC Address c0 3f 0e 7b 26 d0 AP Site Local Configured 2 4 GHz Channel 1 2 412Gh2 Current Operating 2 4 GHz Channel 1 2 412Gh2 Load Balancing Max Clients 802 11b bg ng 40 Load Balancing Signal Quality 802 11b bg ng 30 Profile Info Type Security 802 11b bg ng Open 802 11b ba ng Open 802 11b bg ng Open AP Details Vee aaur ew iy 802 11b bg ng 802 11b bg ng Client Info MAC SSID Channel Security Rogue AP Info Type Reported In Same Channel In Interfering Channel Statistics Device Unicast Packets Received Broadcast Packets Received Wired Ethernet 7520 5923 Wireless 1ibg 716 415 The following table describes the fields of the AP Details screen Item Description AP Info This information is self explanatory Monitor the Wireless Network and Its Components 191 Pr
165. inance Finance computer computer Employee Employe computer computer Figure 8 Example Use VLANs to segregate traffic by user categories The wireless controller uses the management VLAN to continually exchange packets with the access points For large networks if all traffic uses a single VLAN the client traffic could potentially flood the network If this happens and the wireless controller is not able to exchange packets with the access points it can cause network performance to slow down and the access points can lose their connectivity with the wireless controller If you use the internal DHCP server of the wireless controller you should deploy the wireless controller on a trunk port on your switch The trunk port should have access to all VLANs Use a high speed port on your switch as the trunk port to accommodate the traffic load of the trunk If you use an external DHCP server you do not need to deploy the wireless controller on a trunk port on your switch System Planning and Deployment Scenarios 28 ProSAFE Wireless Controller WC9500 High Level Deployment Scenarios This section provides three deployment scenarios to illustrate how the wireless controller can function in various network configurations e Scenario Example 1 Network with Single VLAN e Scenario Example 2 Advanced Network with VLANs and SS IDs e Scenario Example 3 Advanced Network Scenario Example 1 Network with Single VLAN The following
166. ing Diagnostics Trace Route Technical Support Ping Ping Count 10 Access Point netgearAi0668 IP Address 192 168 0 158 Ping Result 64 bytes from 192 168 64 bytes from 192 168 64 bytes from 192 168 158 icmp_seq 3 ttl 64 time 0 244 ms 158 icmp_seq 4 ttl 64 time 0 295 ms 158 icmp_seq 5 ttl 64 time 0 272 ms slog icmp seq 7 ttl 64 time 0 285 ms 158 icmp_seq 8 ttl 64 time 0 264 ms 158 icmp_seq 9 ttl 64 time 0 309 ms 158 icmp_seq 10 ttl 64 time 0 307 ms 64 bytes from 192 168 64 bytes from 192 168 64 bytes from 192 168 64 bytes from 192 168 it o o 64 bytes from 192 168 0 158 icmp seq 6 ttl 64 time 0 303 ms o 0 o o 192 168 0 158 ping statistics 10 packets transmitted 10 received 0 packet loss time 9000ms rtt min avg max mdevy 0 161 0 293 0 454 0 067 ms CANCEL STOP Troubleshooting 203 ProSAFE Wireless Controller WC9500 2 Inthe Ping Count field enter the number of ping packets to be sent The default number is 10 3 From the Access Point menu select the access point to be pinged After you have made your selection the IP address of the access point displays in the IP Address field 4 Click Start The results are shown in the Ping Result field gt To trace a route to an access point 1 Select Diagnostics gt Trace Route The Trace Route screen displays see the following figure 2 From the Access Point menu select the access point for which you want to
167. ings per profile group and per radio for upstream traffic flowing from the station that is the wireless client to managed access points and the downstream traffic flowing from managed access points to the station These settings are applied only to managed access points that are capable of supporting these settings Disabling WMM deactivates QoS control of station EDCA parameters for upstream traffic flowing from the client station to the access point You can change the settings for the station EDCA parameters but these settings do not take effect until you enable WMM However when WMM is disabled you can still set some parameters for downstream traffic flowing from the access point to the client station AP EDCA parameters and these settings do take effect even when WMM is disabled gt To configure the QoS settings for a profile group 1 Select Configuration gt Wireless gt Advanced gt QoS The Advanced QoS Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal gt Basic Advanced QoS Settings Advanced Radio On Off Group 1 Group 2 Group 3 Wireless gt QoS Settings RF Management 802 11b bg ng 802 11a na AP EDCA parameters Queue cwMax Max Burst Data 0 Best Effort 3 Data 1 Background Data 2 Video Data 3 Voice Station EDCA parameters Queue Data 0 Best Effort W Data 1 Backgrou
168. int increments for support of up to 200 access points on a single wireless controller e 10 AP license WC10APL e 50 AP license WC50APL e 100 AP license WC100APL e 200 AP license WC200APL Licenses are tied to the serial number of the wireless controller For more information see the datasheet that you can download from http support netgear com product WC9500 For information about how to register and manage your licenses see Register Your Licenses on page 54 and Manage Licenses on page 165 Maintenance and Support NETGEAR offers technical support seven days a week 24 hours a day Information about support is available on the NETGEAR ProSupport website at http kb netgear com app answers detail a_id 212 Introduction 18 System Planning and Deployment 9 Scenarios This chapter includes the following sections e Basic and Advanced Setting Concepts e Profile Group Concepts e System Planning e High Level Configuration Examples e Management VLAN and Data VLAN Strategies e High Level Deployment Scenarios ProSAFE Wireless Controller WC9500 Basic and Advanced Setting Concepts You can deploy the wireless controller in a small wireless network with 10 or 20 access points or in a large wireless network with up to 600 access points Small networks require a basic configuration but large networks can become very complex and require you to configure the advanced features of the wireless controller Depending
169. ints in a Layer 2 subnet 1 Select Access Point gt Discovery Wizard Discover and Manage Access Points 92 ProSAFE Wireless Controller WC9500 The Discovery Wizard Step 1 of 2 Choose state of Access Points screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Discovery Wizard Discovery Wizard Managed AP List Step 1 of 2 Choose state of Access Points In simple steps WC9500 can discover your supported Access Points in the network Please select the state of the Access Points out of Factory and L2 Subnet APs O Installed and working in Standalone Mode O tam not sure 2 Select the Out of Factory and L2 Subnet APs radio button Note The lam not sure radio button directs you to the product documentation 3 Click Next The Discovery Wizard Step 2 of 2 Select Access Points to manage screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Discovery Wizard Discovery Wizard gt Managed AP List TES Step 2 of 2 Select Access Points to manage L2 Subnet APs Out of Factory APs v Total AP Discovered 3 RESTART Search Model MAC Site WNOAP360 c4 3d c7 31 06 60 Local WNAP210 Sr 0 3f 06 7b 26 d0 Local WNAP210 192 168 0 146 c0 3f 0e 7b 24 80 Local The wireless controller searches for NETGEAR products on the LAN based on MAC address and identifies which products are supported access point models Progress bars show the progress
170. ireless controller and access points share heartbeat messages to keep synchronized and share configurations and client key data to facilitate seamless roaming Untagged VLAN Concepts When the Untagged VLAN check box is selected on the IP Settings screen one VLAN can be configured as an untagged VLAN e When the wireless controller sends frames associated with the untagged VLAN to the LAN Ethernet interface those frames do not carry an 802 1Q VLAN header e When the wireless controller receives untagged traffic from the LAN Ethernet interface those frames are assigned to the untagged VLAN If the Untagged VLAN check box is cleared the wireless controller tags all outgoing LAN Ethernet frames and accepts only incoming frames that are tagged with known VLAN IDs Note Clear the Untagged VLAN check box only if the hubs and switches on your LAN support the VLAN 802 1Q standard Likewise change the untagged VLAN value only if the hubs and switches on your LAN support the VLAN 802 1Q standard Changing either of these values results in a loss of IP connectivity if the hubs and switches on your network have not yet been configured with the corresponding VLANs Configure the IP and VLAN Settings gt To configure IP VLAN settings 1 Select Configuration gt System gt IP VLAN Configure the System and Network Settings and Register the Licenses 49 ProSAFE Wireless Controller WC9500 The IP Settings screen displays Ac
171. isting Profile check box The previous figure shows that you can clone an existing profile with the name VLAN10 b Select a profile from the Profiles menu 5 Click Add The newly created profile displays onscreen and the tab for the new profile is automatically selected to let you configure the new profile Note The selections that are available from the Network Authentication menu are affected by the authentication server settings that you specify on the Authentication Server screen For more information see Manage Authentication Servers and Authentication Server Groups on page 85 If your selection from the Network Authentication menu requires authentication a corresponding Authentication Server field displays 6 Configure the settings as described in the following table Setting Description Profile Definition section Enter a unique name to identify the profile This value can be up to 32 alphanumeric characters Use meaningful profile names instead of the default names The default profile names are Profile1 Profile2 and so on through Profiles Wireless Network Name Enter a unique name for the wireless network associated with this profile SSID Manage Security Profiles and Profile Groups 68 ProSAFE Wireless Controller WC9500 Setting Description Broadcast Wireless Network Name Select the Yes radio button to enable broadcast of the SSID This is the default setting Select the
172. ith the wireless controller Introduction 9 ProSAFE Wireless Controller WC9500 Up to eight profiles per access point profile group and eight profiles per radio therefore dual band access points can support up to 16 profiles in one access point profile group Support for up to 144 profiles on one wireless controller eight profiles per access point group and eight groups per radio Each profile supports settings for SSID network authentication data encryption client separation VLAN MAC ACL and wireless QoS Rogue access point detection and classification Guest access and captive portal access with cost and expiration accounting Scheduled wireless on off times e Wi Fi Multimedia Quality of Service and advanced wireless features Wi Fi Multimedia WMM support for video audio and voice over Wi Fi VoWi Fi WMM power save option Automatic WLAN healing mechanism ensures seamless coverage for wireless users Layer 2 and Layer 3 seamless roaming support Local Layer 2 traffic switching and Layer 3 traffic processing at access point level for fast processing e RF management Automatic control of access point transmit power and channel allocation to reduce interference Automatic load balancing of clients across access points Rate limiting per profile e Monitoring and reporting Monitoring of the status of the network wireless controllers WLANs and clients and network usage statistics Specific health mo
173. ive Portal Users REFRESH CLEAR ALL EXPORT The following table describes the fields of the Captive Portal Users table ltem Description User Name The login name of the user Account Name The account name if any that is associated with the user IP The IP address of the user The MAC address of the device with which the user is logged in Login Time The time that the user logged in Expiry Time The time when the login access expires Monitor the SSIDs The Active SSID table on the SSID Mapping screen lets you monitor all access points that function in an SSID gt To monitor an active SSID in the network 1 Select Monitor gt WLAN Monitor the Wireless Network and Its Components 188 ProSAFE Wireless Controller WC9500 The SSID Mapping screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Controller Clients SSID Hepping SSID Mapping Active SSID present Select an SSID 2 From the Active SSID present menu select an SSID The Active SSID table for the selected SSID displays Because this screen is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics Controller Clients gt SSID Mapping SSID Mapping Active SSID present Active SSID VLAN3O Search Select Name Location Status MAC netgear7B26D8 healthy cO 3f 0e 7b 26 d0 192 168 0 159 O
174. kup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts License Settings Inventory Server Settings Registration Advanced Update From Default Update Server 1 Specify Update Server Server Address updatel eng netgear cc o Use a Proxy Server to Connect to the Internet Proxy Server Proxy Port 0 This Proxy Server Requires Authentication User Name Password CANCEL APPLY Configure the System and Network Settings and Register the Licenses 54 ProSAFE Wireless Controller WC9500 3 Configure the settings as described in the following table Setting Description Update From Select one of the following radio buttons to specify the license update server e Default Update Server The default license update server is used e Specify Update Server You need to specify the license update server Fill in the Server Address field Server Address Enter the IP address or FQDN of the server from which you import your licenses By default the FQDN of the NETGEAR license server is update1 eng netgear com Use a Proxy Server to Select this check box if you use a proxy server to connect to the Internet Connect to the Internet Proxy Server Enter the IP address or FQDN of the proxy server Proxy Port Enter the port that the proxy server uses This Proxy Server If the proxy server requires authentication specify the user name and password Requires Authentication User Name Ente
175. le to access the wireless controller for management and for data and control communications between the wireless controller and the access points The wireless controller provides the following key features and capabilities e Scalable architecture Purchased licenses in increments of 10 50 or 100 access points allow for support of up to a maximum number of 200 access points on a single wireless controller A single license for 200 access points is also available Support of 802 11a 802 11b 802 119 and 802 11n modes Ready for 802 11ac mode for future deployment Support for an extra power supply e Autodiscovery of access points Autodiscovery of access points in the same Layer 2 domain Autodiscovery of access points across a Layer 3 domain Automatic download of wireless controller based firmware to discovered access points that are added to the managed access point list e Centralized management Single point of management for the entire wireless network Automatic firmware upgrade to all managed access points DHCP server for IP address provisioning Configurable management VLAN e Security Identity based security authentication with an external RADIUS or LDAP Active Directory server or with an internal authentication server Support for nine access point profile groups one basic and eight advanced on one wireless controller 1 Number of profile groups depends on the access point model used w
176. le wireless controller that controls a collection of access points that are organized into the basic default group gt To set up a single wireless controller system with a basic profile group step Configuration Web Management Interface Path Configure the system and network settings of the wireless controller 1 Configure the country code of operation Configuration gt System gt General 2 hail Configure the time settings Configure the IP address of the wireless controller Verify that VLAN 1 is set as the management VLAN and is marked as untagged By default VLAN 1 an untagged management VLAN Configuration gt System gt Time Configuration gt System gt IP VLAN If no network DHCP server is accessible to the access points configure the wireless controllers DHCP server Configure up to eight profiles and for each profile do at least the following 1 Configure an SSID for wireless access Configure the network authentication and data encryption Assign the VLAN Configuration gt System gt DHCP Server Configuration gt Profile gt Basic A J N If necessary for the selected network authentication option configure the authentication server Configuration gt Security gt Basic gt Authentication Server Run the Discovery Wizard and add the access points to the managed access point list Access Point gt Discovery Wizard System Pl
177. ler WC9500 step Configuration Web management interface path When the access points are operating open the Discovery Wizard to do the following 1 Specify the state of the access points by selecting the Out of Factory and L2 Subnet APs radio button Run the Discovery Wizard Select and add the access points that you want to be managed by the wireless controller to the managed list Note By adding the access points to managed list you enable them to receive an IP address from the DHCP server over management VLAN 100 For each access point on the managed list clear the Untagged Vlan check box and configure VLAN 100 as the management VLAN Doing so causes the access points to lose connectivity with the wireless controller Restore connectivity between the access points and the wireless controller by changing the PoE switch ports to which the access points are connected to tagged ports During the discovery process these switch ports were access ports in management VLAN 100 wo N Access Point gt Discovery Wizard Scenario Example 3 Advanced Network The following sample scenario consists of an advanced network with one wireless controller one core switch two PoE switches in different buildings access points and several VLANs and SSIDs These are the components in the wireless controller system e One wireless controller e 50 access points managed by the wireless controller through
178. les that you intend to use These steps are described in Register Your Licenses on page 54 and in Chapter 5 Manage Security Profiles and Profile Groups 90 ProSAFE Wireless Controller WC9500 Access Point Discovery Guidelines You need to run the Discovery Wizard for the wireless controller to discover supported NETGEAR access points on the LAN or WAN The wireless controller can discover access points that are still in their factory default state and access points that are deployed and running After the access points are discovered you can add them to the Managed AP List You can then use the wireless controller to configure manage and monitor the managed access points General Discovery Guidelines An access point needs to run at least its initial firmware release or a newer version For firmware requirements see NETGEAR ProSAFE Access Points on page 15 There are no other firmware requirements for the access point to function with the wireless controller Access points in factory default state that are in the same Layer 2 network can have the same IP address and still be discovered Depending on the configuration of the DHCP server these access points are discovered in parallel or sequentially Layer 3 Discovery Guidelines These are the requirements for autodiscovery of local access points across Layer 3 networks e All standalone access points need to have SNMP and SSH enabled This is the default setting for access
179. list of known access points from a file 1 Create a text file that includes a list of MAC addresses for the access points Each MAC address should be on a separate line with hard returns between lines as shown in the following example 00 00 11 11 22 29 00 00 11 11 22 28 00 00 11 11 22 27 00 00 11 11 22 26 002001141122525 2 Select Configuration gt Security gt Advanced gt Rogue AP The advanced Rogue AP screen displays 3 Click Browse navigate to the file containing the list of known access points and select it 4 Next to Import Known List select one of the following radio buttons e Merge Merges the list of access points that you intend to import with those that are already present in the Rogue List e Replace Replaces the access points that are present in the Rogue List with those in the file that you intend to import 5 Click Import 6 Click Apply Manage Guest Network Access Users with management admin credentials for example receptionists or hotel clerks can provision guests Guests need to provide their email address or both their email address and a password These latter guests are referred to as captive portal users for which you need to set up a Captive portal and captive portal user credentials Note The URL for the portal is http lt P address gt guest_access index php in which lt P address gt is the IP address of the wireless controller Portal Concepts Captive portal authentication is
180. loor designation is always Floor 1 Location The location of the access point see Edit Access Point Information on the Managed AP List on page 101 Monitor the Wireless Network and Its Components 177 Item ProSAFE Wireless Controller WC9500 Description 2 4 5 GHz Channel Uptime e The active 2 4 GHz or 5 GHz channel on the access point This information can change after initial configuration of the access point because of automatic channel allocation The color coding specifies the channel utilization on each radio and has the following meaning Green 0 40 percent utilization Light green 41 60 percent utilization Orange 61 80 percent utilization Red 81 100 percent utilization NA The radio does not support the band The period since the access point was last restarted 2 Optional To see details about an access point a Select the radio button that corresponds to the access point for which you want to see the details b Click Details The AP Details pop up screen displays Because this is a tall screen that you need to scroll through it is shown in the following two figures AP Details Access Point Details AP Info Access Point Name Model Group IP Address Ethernet MAC Address AP Site Configured 2 4 GHz Channel netgearA10668 WNDAP360 Group 3 192 168 0 156 04 3d c7 481 06 60 Local 1 2 412Ghz Current Operating 2 4 GHz Channel 1 2412Gh2 Configure
181. management VLAN 1 e Four VLANs VLAN 10 VLAN 20 VLAN 30 and VLAN 40 e Three SSIDs SSID 1 SSID 2 and SSID 3 In this scenario the VLANs and SSIDs are used to accommodate traffic for different user groups in a school that is spread out over two buildings e Building 1 SSID 1 in VLAN 10 for staff traffic SSID 2 in VLAN 20 for middle school students SSID 3 in VLAN 30 for guests System Planning and Deployment Scenarios 34 ProSAFE Wireless Controller WC9500 e Building 2 SSID 1 in VLAN 10 for staff traffic SSID 2 in VLAN 40 for high school students SSID 3 in VLAN 30 for guests Internet Building 1 SSID 1 Staff VLAN 10 SSID 2 Middle school VLAN 20 SSID 3 Guest VLAN 30 j il KH MEIRIG Backend L3 switch or router WNDAP360 J n WwcC9500 Core switch Building 2 SSID 1 Staff VLAN 10 SSID 2 High school VLAN 40 SSID 3 Guest VLAN 30 m m m e m m e m r l 7 Staff VLAN 10 Ethernet traffic cnn 1h lana Middle school VLAN 20 Ethernet traffic PoE switch High school VLAN 40 Ethernet traffic Guest VLAN 30 Ethernet traffic WNDAP360 Figure 11 Example Advanced network The access points and wireless controllers are connected in the same subnet and same VLAN and use the same IP address range that is assigned for that subnet The core switch is located between the wireless
182. me Configure the IP address of the wireless controller Verify that VLAN 1 is set as the management VLAN and is marked as untagged By default VLAN 1 an untagged management VLAN If no network DHCP server is accessible to the access points configure the wireless controllers DHCP server Configuration gt System gt IP VLAN Configuration gt System gt DHCP Server Configure up to eight profiles and for each profile do at least the following 1 Configure an SSID for wireless access P eO N Configure the network authentication and data encryption Assign the VLAN If necessary for the selected network authentication option configure the authentication server 3 Use any port of the wireless controller to connect the wireless PoE switch Configuration gt Profile gt Basic Configuration gt Security gt Basic gt Authentication Server 4 Deploy the access points and connect them to the same wireless PoE switch System Planning and Deployment Scenarios 30 ProSAFE Wireless Controller WC9500 Step Configuration Web Management Interface Path When the access points are operating open the Discovery Wizard to do the following Access Point gt Discovery Wizard 1 Specify the state of the access points by selecting the Out of Factory and L2 Subnet APs radio button or the Installed and working in Standalone Mode radio button 2 Run the Discovery
183. n a basic setup you can set up one detection server In an advanced setup you can create multiple detection servers for more information see Classify Rogue Access Points on page 109 gt To set up a server to detect rogue access points 1 Select Configuration gt Security gt Basic gt Rogue AP Manage Rogue Access Points Guest Network Access and Users 108 ProSAFE Wireless Controller WC9500 The basic Rogue AP screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Profile WLAN Network Captive Portal Basle Rogue AP fi et Rogue AP Detection enable disable MAC ACL iste i ein Authentication ert Severity Major Minor Server Advanced CANCEL APPLY The wireless controller can support a total of up to 512 access points from the known and unknown lists combined 2 Next to Rogue AP Detection select the enable radio button 3 Next to Alert Severity select the severity of the alarm when a rogue access point is detected e Major A major alarm is triggered e Minor A minor alarm is triggered 4 Click Apply Because the neighboring and rogue access points are detected during off channel scans it typically takes about 30 minutes after the rogue AP detection is enabled for the neighbor and rogue access points to be detected on one channel Once the neighbor and rogue access points are detected the wireless controller populates the know
184. n list that is the database with known access points and unknown list that is the database with unknown access points Classify Rogue Access Points The advanced Rogue AP screen allows you to identify what could be an access point from a neighboring business that is known As you identify them mark them as known or unknown so that the wireless controller does not keep finding them and flagging them This can help you to identify your own equipment that should be managed and the rogue access points that should be detected A rogue access point has both a wireless and a LAN connection A neighbor is an access point with only a wireless connection not a LAN connection gt To view and classify rogue access points 1 Select Configuration gt Security gt Advanced gt Rogue AP Manage Rogue Access Points Guest Network Access and Users 109 ProSAFE Wireless Controller WC9500 The advanced Rogue AP screen displays Monitor Maintenance Stacking Diagnostics WLAN Network Captive Portal Rogue AP gt Basic v Advanced logue AP MAC ACL Rogue List Authentication Server Import Known List O merge Replace Search AP Type Classificatio 00 18 dd 00 28 00 NETGEAR_1ing Unsecured Thu Feb 14 18 20 18 2013 Neighbor AP Unknown 60 33 4b 33 5d cb SimplePresenceNetvork Secured Thu Feb 14 16 20 18 2013 Neighbor AP Known Move to KNOWN UNKNOWN The screen displays the Rogue List which shows all de
185. n of up to 5 8W All WNAP210v2 firmware versions are supported For product documentation and firmware see http downloadcenter netgear com en product WNAP210 Note The WNAP210v1 also referred to as just the WNAP210 without a version number cannot function in a WC9500 wireless controller system but the WNAP210v2 can WNAP320 ProSAFE Wireless N Access Point Supports 802 11b 802 119 and 802 11n network devices Supports Power over Ethernet PoE with a power consumption of up to 5 8W Accepts optional antennas Requires minimum firmware version 2 1 1 or a newer version For product documentation and firmware see http downloadcenter netgear com en product WNAP320 WNDAP350 ProSAFE Dual Band Wireless N Access Point Supports 802 11a 802 11b 802 119 and 802 11n network devices Supports PoE with a power consumption of up to 10 75W Introduction 15 ProSAFE Wireless Controller WC9500 Concurrent operation in 2 4 GHz and 5 GHz radio band while in 802 11n mode Accepts optional antennas Requires minimum firmware version 2 1 7 or a newer version For product documentation and firmware see http support netgear com product WNDAP3350 WNDAP360 ProSAFE Dual Band Wireless N Access Point Supports 802 11a 802 11b 802 119 and 802 11n network devices Supports PoE with a power consumption of up to 10 51W Concurrent operation in 2 4 GHz and 5 GHz radio band while in 802 11n mode Accepts optional ante
186. naged access points You can configure profiles and profile groups without taking the state of the access points into consideration When the access points connect to the wireless controller the profile configurations are pushed onto the access points Note If an access point is removed from its building someone takes it home or it is stolen the access point does not retain the configuration that it received from the wireless controller The configuration is not stored in memory on the access point Depending on your network needs you can either use the basic profile group that is the basic configuration or the advanced profile groups that is the advanced configuration The basic profile group works well for small scale WLAN networks advanced profile groups are useful for larger deployments Note For more information about basic and advanced profile groups see Basic and Advanced Setting Concepts on page 20 Small WLAN Networks For small WLAN networks you can use the basic configuration with the basic profile group All access points belong to the same group and use the same wireless security and QoS configurations The basic profile group can contain up to 16 profiles for a dual band access point or eight profiles for a single band access point Each profile has its own SSID and can have its own VLAN to allow the profile to establish its own tunnel Profiles can also share the same VLAN For example in an enterprise net
187. nagement interface the screen s content has been removed for more clarity Access Point Configuration Monitor Maintenance Stacking Diagnostics System Secur i Profile WLAN Network Captive Portal v Basic gt Radio gt Wireless gt Channel Allocdtion mS Management 1st level Main menu tab gt Advanced ome 2nd level Configuration menu tab Action buttons 3rd level Submenu link CANCEL APPLY Figure 12 Web management interface components A web management interface screen can include the following components e 1st level Main menu tab The main menu tabs in the light gray bar across the top of the web management interface provide access to all configuration menu tabs of the wireless controller and remain constant When you select a main menu tab the letters are displayed in white against a blue background 2nd level Configuration menu tab The configuration menu tabs in the blue bar immediately below the main menu bar change according to the main menu tab that you select When you select a configuration menu tab the letters are displayed in orange against a blue background e 3rd level Submenu link Each configuration menu tab has one or more submenu links that are listed on the left side of the screen in a gray box When you select a submenu link the text is displayed in orange against a gray background On many screens the submenus are divided into a Basic submenu and an Advanced submenu Acti
188. nance gt Remote Management gt SNMP The SNMP screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Logs amp Alerts gt SNMP SNMP gt Session Timeout SNMP Read Only Community Name public Read Write Community Name private Trap Community Name trap IP Address to Receive Traps Trap Port 162 SNMP Manager IP 255 255 255 255 CANCEL APPLY 2 Enable SNMP and configure the settings as described in the following table Sotin _ peseription o SNMP Select this check box to enable SNMP for the wireless controller Read Only Community Name Enter the community string that allows the SNMP manager to read the wireless controllers MIB objects The default setting is public Read Write Community Name Enter the community string that allows the SNMP manager to read and write the wireless controller s MIB objects The default setting is private Trap Community Name Enter the community name that is associated with the IP address to receive traps The default setting is trap IP Address to Receive Traps Enter the IP address at which the SNMP manager receives traps sent from the wireless controller Trap Port Enter the port on which the SNMP manager receives traps sent from the wireless controller The default setting is port 162 SNMP Manager IP Enter the IP address of the S
189. nd Data 2 Video Data 3 Voice 2 Click the tab for the profile group for which you want to configure the QoS settings 3 Click the tab for the radio for which you want to configure the QoS settings 4 Configure the settings as described in the following table Configure Wireless and QoS Settings 145 ProSAFE Wireless Controller WC9500 Setting Description Specify a wait time in milliseconds for data frames Valid values for arbitration inter frame space AIFS are 1 through 255 These are the default values for the AP These are the default values for the EDCA parameters Station EDCA parameters e Data 0 Best Effort 3 e Data 0 Best Effort 3 e Data 1 Background 7 e Data 1 Background 7 e Data 2 Video 1 e Data 2 Video 2 Data 3 Voice 1 e Data 3 Voice 2 Specify an upper limit in milliseconds of a range from which the initial random backoff wait time is determined Valid values for this field are 1 3 7 15 31 63 127 255 511 or 1023 The value for the minimum contention window CwMin needs to be lower than the value for the maximum contention window CwMax These are the default values for the AP These are the default values for the EDCA parameters Station EDCA parameters Data 0 Best Effort 15 e Data 0 Best Effort 15 Data 1 Background 15 e Data 1 Background 15 Data 2 Video 7 e Data 2 Video 7 Data 3 Voice 3 e Data 3 Voice 3 Max Burst Not
190. nd Authentication Server Groups on page 85 2 Select the Local or External radio button 3 If you select the External radio button select the authentication server that you wish to use from the menu Manage Security Profiles and Profile Groups 78 ProSAFE Wireless Controller WC9500 Table 3 Network authentication and data encryption settings continued Network Authentication Data Encryption Selection Options Configuration Steps WPA with Radius TKIP TKIP AES WPA2 with Radius AES TKIP AES WPA amp WPA2 with Radius TKIP AES Note Use this option if there are both WPA and WPA2 clients in the network To configure WPA authentication with a RADIUS server 1 Set up and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers and Authentication Server Groups on page 85 From the Data Encryption menu select the type of encryption TKIP Supports Temporal Key Integrity Protocol TKIP only TKIP AES Supports both TKIP and Advanced Encryption Standard AES Select the Local or External radio button If you select the External radio button select the authentication server that you wish to use from the menu To configure WPA2 authentication with a RADIUS server Set up and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers and
191. nd Register the Licenses 62 Manage Security Profiles and Profile Groups This chapter includes the following sections Wireless Security Profile Concepts Configure Security Profiles for the Basic Profile Group Configure Security Profiles for Advanced Profile Groups Network Authentication and Data Encryption Options Manage MAC Authentication and MAC Authentication Groups Manage Authentication Servers and Authentication Server Groups Note In this chapter and in the following chapters access point profile groups are referred to as just profile groups Profiles security profiles and SSIDs that is SSIDs with associated security settings are terms that are interchangeable 63 ProSAFE Wireless Controller WC9500 Wireless Security Profile Concepts Profiles are sets of configurations that you can apply to an access point The configuration includes radio parameters load balancing parameters and rate limit parameters Each wireless radio on an access point can support eight profiles This means that the dual band WNDAP350 access point can support a total of 16 profiles Therefore in one profile group on the wireless controller you can configure up to eight profiles for each radio that is up to eight profiles for the 2 4 GHz radio and up to eight profiles for the 5 GHz radio Setting up profiles allows you to configure the WLAN network offline Then when the WLAN network is operating you can push the configuration onto ma
192. ndancy gt Stacking gt Logs Configuration Upgrade Load Balancing Licensing Monitor Maintenance Stacking Diagnostics Backup Restore Reboot Reset Extended Storage Search Severity Description Load Balancing Bad RSSI Event for Client 04 1e 64 81 ed d1 Load Balancing Bad RSSI Event for Client 00 16 ea ba cfibe Load Balancing Bad RSSI Event for Client 90 27 e4 47 b2 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 b2 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 b2 22 Load Balancing Bad RSSI Event for Client 90 27 e4 47 b2 22 Raised Time Fri Feb 15 12 31 36 2013 Fri Feb 15 12 30 47 2013 Fri Feb 15 12 25 07 2013 Fri Feb 15 12 25 05 2013 Fri Feb 15 12 24 51 2013 Fri Fab 15 12 24 29 2013 Remote Management Thu Feb 14 21 36 04 2013 Thu Feb 14 21 36 03 2013 Thu Feb 14 21 38 49 2013 Thu Feb 14 21 35 26 2013 Thu Feb 14 18 25 25 2013 Thu Feb 14 18 25 25 2013 Load Balancing Bad RSSI Event for Client 90 27 e4 47 b2 22 Load Balancing Bad RSSI Event for Client 90 271 64 47 b2 22 Load Balancing Bad RSSI Event for Client 90 27 4 47 62 22 Load Balancing Bad RSSI Event for Client 00 21 5c 03 39 0b Load Balancing Bad RSSI Event for Client 00 21 5c 03 39 0b Load Balancing Bad RSSI Event for Client 00 21 5c 03 39 0b Maintain the Wireless Controller and Access Points 164 ProSAFE Wireless Controller WC9500 gt To view rate limit events Select Maintenance gt L
193. nected Local basic Capability 2 4ghz Mode 5ghz Mode BGN NAS 802 11ibgn Local basic BGN 802 11bgn NA O Local basic 802 11bgn 802 11a O REMOVE EDIT REFRESH After the access points are added to the Managed AP List the wireless controller upgrades the firmware of the access points to the latest firmware that is loaded on the wireless controller and the access points become managed access points Depending on the number of access points that you add to the Managed AP List this process might take several minutes By default the access point upgrade process uses multicast If you need to configure a specific multicast IP address range for the upgrade process or disable multicast see Configure Multicast Firmware Upgrade for Access Points on page 168 If one or more access points do not transition to the Connected state see the Status column in the Managed AP List see Problems with Access Points on page 202 For information about how to manage the Managed AP List see Manage the Managed AP List on page 100 Discover and Manage Access Points 99 ProSAFE Wireless Controller WC9500 Manage the Managed AP List After you have added discovered access points to the Managed AP List you can view the status of the access points on the list edit information for selected access point on the list and remove access points from the list View the Managed AP List The managed AP List displays the status IP addresses
194. nfigure security profiles see Configure Profiles in the Basic Profile Group on page 67 and Configure Profiles in an Advanced Profile Group on page 73 Configure Basic Authentication Server Settings Use the basic Authentication Server screen to set up the internal authentication server the basic external RADIUS server which is called Auth basic and the external LDAP server which is called Auth LDAP After you have set up these authentication servers you can assign any of them to any profile whether in the basic profile group or in an advanced profile group gt To configure a basic authentication server 1 Select Configuration gt Security gt Basic gt Authentication Server Manage Security Profiles and Profile Groups 86 ProSAFE Wireless Controller WC9500 The basic Authentication Server screen displays The following figure shows the fields for an external LDAP server Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Profile WLAN Network Captive Portal x Basic Choose Authentication Server Type Rogue AP E Authentication Server MAC ACL Authentication External RADIUS Server oO Server O Internal Authentication Server aedoanre External LDAP Server External LDAP Server Server IP Server Port User Base DN Workgroup Name Admin Domain Domain Admin User Domain Admin Password CANCEL APPLY 2 Select the radio button that corresponds to
195. nfirming a failed access point and increasing transmit power to cover the area Enter a value greater than the access point reboot time which is usually one minute This allows for fluctuations in the power of nearby access points when access points are rebooted Coverage Hole Detection Periodic Coverage Hole Detection Select the enable radio button to allow coverage hole detection to run in the background periodically Select the disable radio button to disable this option Alert Severity for Coverage Hole Select a radio button to specify the type of alarm severity to be associated with a coverage hole detection event on the Logs amp Alerts screen e Critical e Major For more information see Configure Alarm Notification Settings on page 61 3 Click Apply RF Management for an Advanced Profile Group The advanced RF Management screen lets you configure the wireless transmission power WLAN healing and wireless coverage hole detection for advanced profile groups gt To configure RF management for access points in an advanced profile group 1 Select Configuration gt Wireless gt Advanced gt RF Management Configure Wireless and QoS Settings 142 ProSAFE Wireless Controller WC9500 The advanced RF Management screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics tocourt System i Security Profile WLAN Network Captive Portal Basic RF Management Ad
196. ng 159 system planning 23 F tagged VLANs 49 TCP IP network troubleshooting 200 technical specifications 206 technical support 2 temperatures operating and storage 206 Temporal Key Integrity Protocol TKIP 79 TFTP server firmware upgrade 154 time and time zone configuring 48 troubleshooting 202 TKIP Temporal Key Integrity Protocol 79 tracing a route 204 tracing events 59 trademarks 2 transmission opportunity TXOP limit 147 transmission power automatically controlling 141 143 manually controlling 133 137 overriding 131 135 trap port SNMP 158 troubleshooting access points 202 basic functioning 198 configuration settings using sniffer 200 connection problems 203 date 202 diagnostic tools 203 discovery problems 202 GUI 199 LAN path 200 LEDs 198 network performance 203 pinging access points 203 restoring factory default settings 201 TCP IP network 200 time and time zone 202 tracing an access point route 204 web management interface 199 Tx power automatically controlling 141 143 manually controlling 133 137 overriding 131 135 TXOP transmission opportunity limit 147 U unicast firmware upgrade process 168 unknown rogue access points 110 ProSAFE Wireless Controller WC9500 untagged VLANs 49 103 WLAN healing 140 upgrading firmware wireless controller 153 WMM Wi Fi multimedia 144 USB port 12 WNAP210 WNAP320 WNDAP350 WNDAP360 and users managing 116 WNDAP380R 15 WPA and WPA2 authentication 79
197. nitoring of access points Logging and emailing of system events RF events load balancing events and rate limiting events For a list of all features and capabilities of the wireless controller see the datasheet that you can download from http support netgear com product WC9500 1 Number of profiles depends on the access point model used with the wireless controller Introduction 10 ProSAFE Wireless Controller WC9500 Package Contents The ProSAFE Wireless Controller WC9500 product package contains the following items e ProSAFE Wireless Controller WC9500 appliance e One AC power cable e Rubber feet four with adhesive backing e One rack mount kit e Straight through Category 5 Ethernet cable e ProSAFE Wireless Controller WC9500 Installation Guide If any of the parts are incorrect missing or damaged contact your NETGEAR dealer Keep the carton including the original packing materials in case you need to return the product for repair Hardware Features The front panel ports slots and LEDs back panel components and bottom label of the wireless controller are described in this section Front Panel Ports Slots and LEDs The following figure shows the front panel of the wireless controller Figure 1 Front panel The following figure shows a close up of the left side of the front panel USB port Digital access point counter ed Slots and LEDs LEDs top to bottom for optional Ethernet p
198. nnas Requires minimum firmware version 2 1 6 or a newer version For product documentation and firmware see http support netgear com product WNDAP360 e WNDAP380R ProSAFE Dual Band Wireless N Access Point with RFID support Supports 802 11a 802 11b 802 119 and 802 11n network devices Supports PoE with a power consumption of up to 10 51W Concurrent operation in 2 4 GHz and 5 GHz radio band while in 802 11n mode Can integrate an RFID module for support of RFID devices and tags All WNDAP380R firmware versions are supported For product documentation and firmware see http support netgear com product WNDAP380R What Can You Do with the WC9500 Wireless Controller These are some of the tasks that you can perform with a WC9500 wireless controller e Organize the Network Create access point profiles Organize access points in profiles to differentiate between SSIDs client authentication authentication settings and wireless QoS settings Create access point profile groups Organize access point profiles in access point profile groups to differentiate between buildings floors businesses business divisions and so on Easily assign access points to profile groups or change assignments For more information see Chapter 5 Manage Security Profiles and Profile Groups Introduction 16 ProSAFE Wireless Controller WC9500 Discover Access Points in the Network and Provision IP Addresses and Firmware Discover acce
199. nstall any wireless controllers determine the following e Number of access points required to provide seamless coverage e Number of licenses required to cover all access points that need to be managed e Number of wireless controllers required e 802 11 frequency band and the channels that are optimal for WiFi usage NETGEAR recommends that you perform a site survey e Runaspectrum analysis of channels of the site to determine the current RF behavior and detect both 802 11 and non 802 11 noise e Run an access point to client connectivity test to determine the maximum throughput achievable on the client e Identify potential RF obstructions and interference sources e Determine areas where denser coverage might be required because of heavier usage Before You Configure a Wireless Controller These sections assume that you have deployed at least one wireless controller in your network and are ready to configure the wireless controller For information about how to deploy the wireless controller in your network see the ProSAFE Wireless Controller WC9500 Installation Guide that you can download from http support netgear com product WC9500 For many configurations you can use the default wireless settings The IP address VLAN DHCP server client authentication and data encryption settings are specific to your environment Following are short sections that describe these settings except for IP address settings which are self explanatory
200. ntroller slave in a stack Stacking will be supported in a future release SFP slot LEDs Green The slot is operating at 10G Stack Master LED Blinking green Data is being transmitted or received at 10G Yellow The slot is operating at 1G Blinking yellow Data is being transmitted or received at 1G Left Ethernet The port has no physical link that is no Ethernet cable is plugged into the port LED wireless controller see Ethernet Port LEDs Are Not Lit on page 199 The port has detected a link with a connected Ethernet device Data is being transmitted or received by the port Right Ethernet The port has no physical link that is no Ethernet cable is plugged into the port LED wireless controller see Ethernet Port LEDs Are Not Lit on page 199 The port is operating at 1000 Mbps The port is operating at 100 Mbps or 10 Mbps Back Panel Features The wireless controller comes with a single internal power supply but supports an optional second power supply for power redundancy The power supplies are hot swappable The following figure shows the back panel components of the wireless controller with a single power supply Power supply Slot for an optional second power supply Figure 3 Back panel Introduction 13 ProSAFE Wireless Controller WC9500 From left to right the wireless controller s back panel components are e Power supply 100 240V 5A 47 63 Hz power supply
201. oSAFE Wireless Controller WC9500 tem Description Profile Info For each security profile that is configured on the selected access point the following information displays Type The type of profile 802 11b bg ng or 802 11a na The wireless network SSID for the security profile Security The security mode Open WEP WPA WPA2 or WPA WPA2 for the security profile VLAN The VLAN ID or VLAN name for the security profile Client Info The information that displays depends on the type and security of the connection that the client has to the access point For each wireless client that is connected to the selected access point some or all of the following information displays The MAC address of the wireless client The IP address of the client Channel The channel that the wireless client is using to connect to the access point The wireless network SSID that the wireless client is using to connect to the access point Security The security mode that the wireless client is using to connect to the access point Open WEP WPA WPA2 or WPA WPA2 Rogue AP Info For all rogue and unmanaged neighboring access points combined that are detected by the selected managed access point the following information displays Type The type of profile that the rogue access point is using to connect to the access point 802 11b bg ng or 802 11a na Reported The total number of detected rogue access p
202. oblems troubleshooting 202 DNS servers 50 DTIM delivery traffic indication message interval 131 135 dual band access points 15 21 64 149 E EAP Extensible Authentication Protocol 119 electrical specifications 206 email notification server 62 encryption methods supported 24 end user license agreement EULA 114 Ethernet port 12 Ethernet port LEDs described 13 troubleshooting 199 EULA end user license agreement 114 event tracing 59 Extensible Authentication Protocol EAP 119 external antenna 103 external authentication MAC authentication 69 75 81 RADIUS and LDAP servers 79 85 87 114 F factory default settings wireless controller 12 201 206 factory default state access point autodiscovery 92 Fan LED described 13 fans 14 features overview 9 16 firmware minimum version for access points 15 multicast using for access point upgrade 168 upgrading wireless controller 153 fragmentation length 130 135 FTP server firmware upgrade 154 G GBICs gigabit interface converters 12 guard interval 130 134 guest portal configuring 111 115 GUI layout 41 troubleshooting 199 H hard reset 156 201 healing WLAN 140 high traffic load preventing channel allocation 139 hotspot users 111 humidity operating and storage 206 interference sources 23 internal antenna 103 internal authentication server 88 internal RADIUS server 85 inventory licenses 165 IP addresses access points
203. ocation of the access point see Edit Access Point Information on the Managed AP List on page 101 to which the wireless client is connected The name of the access point see Edit Access Point Information on the Managed AP List on page 101 to which the wireless client is connected The IP address of the access point to which the wireless client is connected The MAC address of the access point to which the wireless client is connected Client Type The wireless mode that the wireless client is using to connect to the access point 802 11ng 802 11 bg 802 11 b 802 11na or 802 11 a Usage KBytes The traffic usage of the wireless client in KB RSSI The received signal strength indicator RSSI of the wireless client Monitor the Wireless Network and Its Components 194 ProSAFE Wireless Controller WC9500 Item Description Building The building designation is always Building 1 Floor The floor designation is always Floor 1 SSID The wireless network SSID that the wireless client is using to connect to the access point Security The security mode Open WEP WPA WPA2 or WPA WPA2 that the wireless client is using to connect to the access point 2 Optional To see details about a client a Select the radio button that corresponds to the clients for which you want to see the details b Click Details The Client Details pop up screen displays Client Details MAC 20 06 07 2
204. of the table on the AP Details screen scroll to the right 3 Click OK The AP Details screen closes and the Access Point screen displays again View Clients Managed by the Wireless Controller The Clients screen lets you view all clients that are connected to access points that are managed by the wireless controller gt To view the Clients screen Select Monitor gt Controller gt Clients Monitor the Wireless Network and Its Components 180 ProSAFE Wireless Controller WC9500 Because this screen is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary Clients Usage 5 Search a Access Point 5 gt Neighboring 00 11 22 33 45 06 192 168 2 106 netgear982948 192 168 0 152 Clients Neighbor AP gt Profiles gt DHCP Lease gt Captive Portal Users 00 11 22 33 45 05 192 168 2 105 netgear982948 192 168 0 152 00 11 22 33 45 04 192 168 2 104 netgear982948 192 168 0152 00 11 22 33 45 03 192 168 2 103 netgear982948 192 168 0 152 00 11 22 33 45 01 192 168 2 101 netgear982948 192 168 0 152 00 11 22 33 44 0A 192 168 1 110 netgear86E7AS 192 168 0 150 00 11 22 33 44 09 192 168 1 109 netgear86E7A8 192 168 0 150 00 11 22 33 45 02 192 168 2 102 netgear982948 192 168 0 152 00 11 22 33 45 09 192 168 2 109 netgear982948 192 168 0 152 00 11 22 33 45 08 192 168 2 108 netgear982948 192 168 0 152 00 11 22 33 4
205. ogs amp Alerts gt Rate Limit The Rate Limit screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management System Alerts Rate Limit gt RF Events gt Load Balancing s Rate Limit Severity Description Raised Time Search gt Redundancy gt Stacking gt Logs REFRESH CLEAR ALL EXPORT Manage Licenses The License screen allows you to import register and view the licenses that you require for your network For more information about licenses see Licenses on page 18 The License screen consists of four separate screens e Inventory Provides an overview of your licenses For information see View Your Licenses on page 165 e Server Settings Allows you to configure the server settings to import your licenses For information see Configure the License Server Settings on page 54 e Registration Allows you to register your licenses For information see Register Your Licenses with the License Server on page 55 e Advanced Lets you retrieve your licenses This screen displays relevant information only if you have received a replacement unit from NETGEAR Under normal circumstances you do not need this screen For information see Retrieve Your Licenses on page 167 View Your Licenses When your licenses are installed and registered you can view them on the Inventory screen
206. oints in the wireless mode In Same Channel The total number of detected rogue access points in the same channel In Interfering Channel The total number of detected rogue access points in the interfering channel For each type of usage Wired Ethernet Wireless ng bg or b and Wireless na or a statistics about transmitted and received packets and bytes display for the selected access point The actual statistics are self explanatory Note To see all fields of the table on the AP Details screen scroll to the right 4 Click OK The AP Details screen closes and the SSID Mapping screen displays again Monitor the Wireless Network and Its Components 192 ProSAFE Wireless Controller WC9500 Monitor Local Clients You can monitor the clients that have been accepted into the wireless network Note Although the web management interface provides a Blacklisted Clients submenu link monitoring of blacklisted clients is not supported Monitoring of blacklisted clients will be supported in a future release The Local Client List screen shows all clients in the network that is all clients managed by all wireless controllers in the network whereas the Clients screen see View Clients Managed by the Wireless Controller on page 180 shows only the clients that are managed by a single wireless controller Because this release does not support stacking the information that is shown in the Local Clients screen is identical to t
207. om the Site menu select Remote for each access point that you want to designate as a remote access point By default all discovered access points are designated as Local The Remote and Local designations are for organization only Note The wireless controller cannot discover remote access points over a site to site VPN connection or behind a remote NAT router without a VPN connection This capability will be added in a future release 11 Do one of the following e Select individual check boxes for discovered access points that you want to add to the managed list e Select the check box in the upper right of the table heading to add all discovered access points to the managed list 12 Click Add Depending on the type of access points that have been discovered a screen that lets you enter or ignore a login name and password might display 13 If necessary enter the login name and password Discover and Manage Access Points 98 ProSAFE Wireless Controller WC9500 The Managed AP List screen displays Because this is a wide screen it is shown in the following two figures Access Point Configuration Monitor Maintenance Stacking Diagnostics gt Discovery Wizard Managed AP List gt Managed AP List Search E IP MAC Model Status 192 168 0 145 cO 3f 0e 7b 26 d0 WNAP210 netgear7B26D8 Connected 192 168 0 146 cO 3f 0e 7b 24 80 WINAP210 netgear7B2488 Connected 192 168 0 144 4 3d c7 31 06 60 WNDAPS60 netgearA10668 Con
208. on buttons Action buttons let you change the configuration or navigate through the web management interface These are the most common action buttons Apply Saves all configuration changes made on the current screen Saved settings are retained when the wireless controller is powered off or rebooted while unsaved configuration changes are lost Cancel Resets options on the current screen to the last applied or saved settings Add Adds an item to the screen Typically a pop up screen opens that enables you to enter information in additional fields Edit Allows you to edit the configuration of the selected item Installation and Configuration Overview 41 ProSAFE Wireless Controller WC9500 Delete or Remove Removes the selected item from the table or screen configuration Back Return to the previous screen Next Advance to the next screen Roadmap for Initial Configuration After you have connected and logged in to the wireless controller you need to perform the initial configuration If you are not sure how you are going to deploy the wireless controller in your network NETGEAR recommends that you read Chapter 2 System Planning and Deployment Scenarios This section is a roadmap for basic configuration only It provides high level configuration steps with references to the sections or chapters that provide detailed configuration steps To perform the initial configuration of the wireless controller 1
209. on server For more information see Configure Security Profiles for the Basic Profile Group on page 67 and Configure Security Profiles for Advanced Profile Groups on page 71 The wireless controller consults the MAC ACL at initial client authentication While a client roams the wireless controller uses cached authentication information After a client has disassociated from the access point and then attempts to reassociate the wireless controller once again consults the MAC ACL Manage Security Profiles and Profile Groups 81 ProSAFE Wireless Controller WC9500 Configure Basic Local MAC Authentication Settings You would typically use the basic MAC authentication group in the profiles of a basic profile group of a small scale network However you can assign the basic MAC authentication group to any profile whether in the basic profile group or in an advanced profile group The wireless controller supports a maximum of 256 MAC addresses per SSID Note You cannot add multicast or broadcast MAC addresses to a MAC access control list ACL gt To set up basic MAC authentication ACL 1 Select Configuration gt Security gt Basic gt MAC ACL The basic MAC Authentication screen displays Diagnostics Access Point Configuration Monitor Maintenance Stacking System Wireless Profile WLAN Network Captive Portal Basic MAC Authentication Rogue AP f Import MAC List from a file iMerge gt MAC ACL Ceronse
210. on your network configuration use basic settings or advanced settings to manage your access points e Basic settings for a typical network The basic settings work with most common network configurations For example all access points on the WLAN are for the same organization or business and therefore adhere to the same policies and use a small number of service set identifiers SSIDs or network names e Advanced settings for access point profile groups If you have a large wireless network or if separate networks share a single WLAN use the advanced settings to set up multiple access point profile groups with multiple security profiles SSIDs with associated security settings For example a shopping mall might need several access point profile groups if several businesses share a WLAN but each business has its own network Larger networks could require multiple access point profile groups to allow different policies per building or department The access points could have different security profiles per building and department for example one for guests one for management and one for sales Note Access point profile groups are also referred to as just profile groups Profiles security profiles and SSIDs that is SSIDs with associated security settings are terms that are interchangeable To accommodate all types of networks almost all configuration menus of the web management interface are divided into basic and advanced submenus
211. oot or enter other information to narrow down the information that is displayed in the table The table displays only the access point or access points that match the information that you entered in the Search field 3 Take one of the following actions e Select a single access point by selecting the check box to the right of the access point e Make a selection of access points by selecting the check boxes to the right of the access points e Select all access points by selecting the check box in the upper right of the table heading 4 Click Reboot The selected access point or access points are rebooted Configure Multicast Firmware Upgrade for Access Points When you add access points to the managed list see Chapter 6 Discover and Manage Access Points the wireless controller upgrades the firmware of the access points to the latest firmware that is loaded on the wireless controller By default this firmware upgrade process uses multicast which allows all access points to be upgraded simultaneously If you need to you can disable multicast and let the wireless controller use unicast for the firmware upgrade process see Disable Multicast Firmware Upgrade on page 169 Also if the multicast firmware upgrade process fails three times the wireless controller automatically switches to the unicast firmware upgrade process With the default multicast firmware upgrade process the wireless controller distributes multicast IP addr
212. ord requirements Table 6 Password requirements 2 Click the Captive Portal Users tab Management 2 Click the WiFi Clients tab 1 Select Maintenance gt User WiFi user Alphanumerics Up to 31 only Web Management Interface Path User Type Restrictions Section in or This Manual Data Encryption Allowed Length Characters Select Maintenance gt User Administrator Alphanumerics and Up to 31 Management Read Only special characters Guest Provisioning License Management Only See Manage Users 1 Select Maintenance gt User Captive portal user Alphanumerics and Up to 31 Accounts and Management special characters Passwords on page 116 Factory Default Settings and Technical Specifications 207 ProSAFE Wireless Controller WC9500 Table 6 Password requirements continued Web Management Interface Path User Type Restrictions Section in or This Manual Data Encryption Allowed Length Characters Basic profile Shared Key 64 bit WEP Hexadecimal 10 fixed ie ee Configuration 128 bit WEP Hexadecimal 26 fixed Profile gt Basic gt Radio 152 bit WEP Hexadecimal 32 fixed oo 2 Select a profile i j l WPA PSK TKIP Alphanumerics and Up to 63 Configure 3 Make a selection from special characters Security the Network TKIP AES excluding quotes Profiles for Authentication menu the Basic WPA2 PSK AES Profile Group on page 67 TKIP AES WP
213. ort and LEDs Power Status Fan Stack Master SFP GBIC modules Figure 2 Front panel close up Introduction 11 ProSAFE Wireless Controller WC9500 From left to right the wireless controller s front panel shows the following counter LEDs button ports and slots Digital counter Displays the number of connected access points that are in a healthy state e From top to bottom Power LED Status LED Fan LED Stack Master LED These LEDs are described in Table 7 on page 12 e Reset button Using a sharp object press and hold this button for about 10 seconds until the Status LED flashes and the wireless controller returns to factory default settings If you reset the wireless controller all configuration settings are lost and the default password is restored e USB port Allows for external storage for floor heat maps which will be supported in a future release SFP slots Two SFP slots for optional 10GE SFP or 1G SFP gigabit interface converters GBICs each slot with an LED Ethernet port One 10 100 1000 Mbps LAN Ethernet port with an RJ 45 connector left LED and right LED The Ethernet port provides switched N way automatic speed negotiating auto MDI MDIX technology e Console port RS232 port for connecting to an optional console terminal The port has a DB9 male connector The default baud rate is 9600 K The configuration is 8 bits no parity and 1 stop bit The console port is for debugging un
214. oubleshooting 198 ProSAFE Wireless Controller WC9500 Ethernet Port LEDs Are Not Lit If the Ethernet LEDs do not light when the Ethernet connection is made check the following e Make sure that the Ethernet cable connections are secure at the wireless controller and at the hub switch or router e Make sure that power is turned on to the connected hub switch or router e Be sure that you are using the correct cables Troubleshoot the Web Management Interface If you are unable to access the wireless controllers web management interface from a computer on your local network try to isolate the problem You can most likely solve the problem by following the suggestions that are described in the following sections Ethernet Cabling Check the Ethernet connection between the computer and the wireless controller as described in the previous section see Ethernet Port LEDs Are Not Lit IP Address Configuration e Make sure that your computer s IP address is on the same subnet as the wireless controller If you are using the recommended addressing scheme make sure that your computer has a static IP address of 192 168 0 210 and a subnet of 255 255 255 0 Note If your computer s IP address is shown as 169 254 x x Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server These autogenerated addresses are in the range of 169 254 x x If your IP address is in this range check th
215. outlet d Verify that the following LEDs on the front panel are lit LED Description Power The green Power LED is lit If the Power LED is not lit check the connections and check to see if the power outlet is controlled by a wall switch that is turned off Status The Status LED is lit yellow while the wireless controller is initializing After approximately two minutes when the wireless controller has completed its initialization the Status LED turns green Fan The green Fan LED is lit indicating that the fans are functioning correctly Ethernet The right Ethernet port LED is lit green for a 1000 Mbps connection or yellow for a 100 Mbps or 10 Mbps connection If it is not make sure that the Ethernet cable is securely attached at both ends 2 Log in to the wireless controller a Open your browser and type http 192 168 0 250 in the browser s address field Installation and Configuration Overview 39 ProSAFE Wireless Controller WC9500 The wireless controller s login screen displays NETGEAR WC9500 ProSafe Wireless LAN Controller Connect with Innovation Login User Name Password When prompted enter admin for the user name and password for the password both in lowercase letters Click Login The wireless controller s web management interface opens and displays the Summary screen the path is Monitor gt Controller gt Summary which shows the network status and related
216. p For information about setting up an external RADIUS server see the table in the previous section Configure Basic Authentication Server Settings on page 86 5 Click Apply For information about how to add a RADIUS authentication group to a security profile in the basic profile group see Configure Profiles in the Basic Profile Group on page 67 For information about how to add a RADIUS authentication group to a security profile in an advanced profile group see Configure Profiles in an Advanced Profile Group on page 73 gt To delete a RADIUS authentication group 1 Configuration gt Security gt Advanced gt Authentication Server The advanced Authentication Server screen displays 2 Click the tab for the RADIUS authentication group that you want to delete 3 Click Delete Manage Security Profiles and Profile Groups 89 Discover and Manage Access Points This chapter includes the following sections Access Point Discovery Guidelines Discover Access Points with the Discovery Wizard Manage the Managed AP List Assign Access Points to Advanced Profile Groups IMPORTANT Before you use the wireless controller to discover your access points and push the configurations to the access points 1 Make sure that you have registered sufficient licenses 2 Determine which profiles and security you require 3 If needed set up authentication servers and MAC authentication 4 Complete the configuration of the profi
217. p Assign the captive portal or guest portal to a security profile in an advanced profile group a Select Configuration gt Profile gt Advanced gt Radio The Profile Groups screen displays b Click the tab for the profile group for which you want to assign the portal c Click Edit The Edit Profile screen displays d Click the tab for the radio for which you want to assign the portal Click the tab for the profile to which you want to assign the portal In the Authentication Settings section of the screen select the Captive Portal check box The Captive Portal check box displays only when you select Open System Shared Key WPA PSK WPA2 PSK or WPA PSK amp WPA2 PSK from the Network Authentication menu Click Apply Manage Rogue Access Points Guest Network Access and Users 115 ProSAFE Wireless Controller WC9500 Manage Users Accounts and Passwords The wireless controller supports three types of users management users WiFi clients and captive portal users All of these users need to provide their login name and password to be authenticated by the wireless controller s internal authentication server and to access the wireless controller s web management interface or wireless network e Management users These users have access to the wireless controllers web management interface There are four groups Administrators Administrative users admins with read and write capabilities These users can ch
218. p and is active among access points that share a common security configuration You can configure centralized RF management for the basic profile group on the basic RF Management screen If you use advanced profile groups you can use the advanced RF Management screen to customize settings for each advanced profile group WLAN Healing The wireless controller has the capacity for automatic WLAN healing through the following features e Automatic channel allocation Allows an access point channel to be distributed automatically by the wireless controller across the access points on a floor to reduce interference Automatic channel allocation considers interference and the traffic load on the access point as well as the wireless mode and bandwidth also referred to as channel width to provide the best channel for the access point For information about how to configure automatic channel allocation including the option to skip automatic channel allocation if there is a heavy traffic load or voice activity see Configure Channels on page 137 e Automatic transmission power Automatically determines the optimum transmit power of an access point based on the coverage requirement The access point scans its neighborhood to determine the RF environment to minimize neighboring access point interference leakage across floors and coverage holes When you configure WLAN healing NETGEAR recommends the following e Configure the WLAN self healing wai
219. points e UDP port number 7890 needs to be unblocked in the firewall e Each access point needs to have a unique IP address This requirement does not apply to Layer 2 discovery If more than one access point has the same IP address only one of them is discovered at a time You have to add the access point to the managed list change its IP address and run discovery again to discover the next access point with that IP address e DHCP option 43 vendor specific information needs to be enabled on an external DHCP server Specifying an internal DHCP server on the wireless controller automatically enables DHCP option 43 with the IP address of the wireless controller How you need to configure DHCP option 43 depends on the type of external DHCP server Layer 3 switch as a DHCP server If you use a Layer 3 switch as a DHCP server specify the wireless controller s IP address in hexadecimal format to allow the access points to receive the wireless controller s IP address and to allow the DHCP server to assign IP addresses to the access points The hexadecimal address needs to be preceded by the vendor specific octets 02 04 Discover and Manage Access Points 91 ProSAFE Wireless Controller WC9500 To compose the address start with 02 04 and then add each of the four address octets in hexadecimal format separated by colons For example 192 168 33 27 in decimal format equals c0 a8 21 1b in hexadecimal format After you have added
220. port netgear com Note Firmware updates with new features and bug fixes are made available from time to time on downloadcenter netgear com Some products can regularly check the site and download new firmware or you can check for and download new firmware manually If the features or behavior of your product do not match what is described in this guide you might need to update your firmware ProSAFE Wireless Controller WC9500 Key Features and Capabilities The NETGEAR ProSAFE Wireless Controller WC9500 is a high capacity secured wireless controller intended for medium to large sized businesses higher education institutions hospitals and hotels One wireless controller with the appropriate licenses can support up to 600 access points APs with up to 6 000 users In a stacked configuration supported in a future release a stack of three wireless controllers can support up to 18 000 users The wireless controller supports the IEEE 802 11a b g n protocols and is 802 11ac ready for future deployment The wireless controller allows you to manage your wireless network from a central point implement security features centrally support Layer 2 and Layer 3 fast roaming configure a guest access captive portal and support voice over Wi Fi VoWi Fi The wireless controller is equipped with two 10 Gigabit Ethernet 10GbE slots with standard SFP form factor for optional 1OGBASE or 1000BASE GBICs One RJ 45 Gigabit Ethernet port is availab
221. portal authentication if the WPA PSK amp WPA2 PSK network authentication uses a RADIUS server whether it is a from the Network local server or an external server That is if you configure a Authentication menu RADIUS server with WPA WPA2 or WPA amp WPA2 or if you use legacy 802 1X the Captive Portal check box is not shown onscreen Captive Portal Select this check box if you want to enable the captive portal For more information see Manage Guest Network Access on page 111 Note Authentication Authentication Select one of the following radio buttons Server displays only when you select WPA Local Use the local authentication server with Radius WPA2 with External Use an external authentication server Radius or WPA amp WPA2 Select an external authentication server from the with Radius from the Authentication Server menu Network Authentication Note For information about setting up and enabling internal Menu and external authentication servers see Manage Authentication Servers and Authentication Server Groups on page 85 Wireless QoS section Wi Fi Multimedia WMM To enable Wi Fi Multimedia WMM select the Enable radio button which is the default setting Select the Disable button to disable the feature For more information see Configure QoS for Advanced Profile Groups on page 144 WMM Powersave The WMM Powersave feature saves power for battery powered equipment by increasing the efficiency an
222. r Groups 85 Configure Basic Authentication Server Settings 86 Configure RADIUS Authentication Server Groups 88 Chapter 6 Discover and Manage Access Points Access Point Discovery Guidelines 0 000 cece eee 91 General Discovery Guidelines 00 0c c eee eee eee 91 Layer 3 Discovery GuidelineS 0 0000 cece eee eae 91 ProSAFE Wireless Controller WC9500 Discover Access Points with the Discovery Wizard 92 Access Points in Factory Default State and Access Points in aikaver2 SuBNCL pir ridan nena eee socked be ae eee bate Be eee i 92 Access Points Installed and Working in Standalone Mode in Different Layer 3 Networks 00 00 cee eee eee 96 Manage the Managed AP List 0000 c eee eee eee 100 View the Managed AP List 0 0000 c eee eee 100 Edit Access Point Information on the Managed AP List 101 Remove Access Points from the Managed AP List 104 Assign Access Points to Advanced Profile Groups 104 Chapter 7 Manage Rogue Access Points Guest Network Access and Users Manage Rogue Access PONS in c0ca dundee nae ceauia y enamels 108 Configure Basic Rogue Detection Settings 2 108 Classify Rogue Access Points 20 0 0 cee eee eee eee 109 Import a List of Known Access Points froma File 110 Manage Guest Network ACCESS 00 cee eee
223. r a message for the captive portal user 5 Click Apply The account is added to the table on the User Management screen Add a Captive Portal User You can add a captive portal user when you have configured a captive portal but not when you have configured a guest portal For information about configuring a portal see Configure a Portal on page 113 gt To adda captive portal user 1 Select Maintenance gt User Management The User Management screen displays with the Management tab and associated screen in view 2 Click the Captive Portal Users tab Manage Rogue Access Points Guest Network Access and Users 120 ProSAFE Wireless Controller WC9500 The Captive Portal Users screen displays The following figure contains some account examples Access Point Configuration Monitor Maintenance Stacking Diagnostics LOGOUT Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt User Management User Management Management WiFi Clients Captive Portal Account Captive Portal Users User Name Account Name Expiry WBenson VIPguests Never Used O EJohson HotelGuests Never Used O BHart Default 2 15 2013 at 16 30 EDIT REMOVE EXPORT 3 Click Add The Add User pop up screen displays Add User User Name Password GENERATE Confirm Password Expiry account vIPguests O No Expiry O Expires in 1 gt mins Expires at hr 214 mins 5S5
224. r the user name to access the proxy server Password Enter the password to access the proxy server 4 Click Apply Register Your Licenses with the License Server You need to have purchased licenses before you can register them For more information see Licenses on page 18 gt To register your licenses 1 Make sure that the wireless controller is connected to the Internet 2 Select Maintenance gt License 3 Click the Registration tab Configure the System and Network Settings and Register the Licenses 55 ProSAFE Wireless Controller WC9500 The Registration screen displays The following figure shows some licenses already registered and installed If you register licenses for the first time the screen does not yet show any licenses Access Point Configuration Monitor Maintenance Stacking Diagnostics tocour User Management Upgrade Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts License Settings Inventory Server Settings Registration Advanced Registration Key DELETE Key Key Type Key Status al NG2F06 50D6 C765 D487 30AC AA42 2967 B62A 85D8 50 AP Registered NG2F06 3850 F39F 9D9C 2766 BB87 CBDE 5806 BDF9 SO AP Registered NG2F04 95DC F01D A13D 871D 1552 2520 8707 0333 10 AP Registered NG2F04 1030 7951 99DE D18C FOEA B269 6368 582C 10 AP Registered NG2F04 4BC5 5B12 2D6E AA78 4B8F E62F C612 DE63 10 AP Registered NG2F04 3639 1888 D2D3 6F7A 90F6 OAES BF21 SFES 10 AP Re
225. re is an extreme situation that affects the channels Automatic channel allocation distributes channels across the managed access points to reduce interference Each wireless controller allocates channels for its managed access points regardless of their configured security profiles The wireless controller detects interference traffic load on the access point and neighborhood maps to determine the best channel for an access point This information collected over the previous 24 hours is used by the wireless controller to determine the best possible channel for the access point You can configure channel allocation to allow allocation of only the specified channels when channel allocation is scheduled to run This ensures that the access points use only the channels allowed according to administration policies To adhere to best practices when adjusting channel allocation NETGEAR recommends the following e Select channels that do not overlap For example for 2 4 GHz use channels 1 6 and 11 e Schedule channel allocation once a day at times when the fewest clients are expected to be connected This allows better management of available bandwidth during the day Configure Wireless and QoS Settings 137 ProSAFE Wireless Controller WC9500 The allocated channels apply to all access points irrespective of whether they are managed in profiles of the basic profile group or profiles of an advanced profile group However you can overrid
226. re that is shown under Group 1 is implemented in all profile groups that is Group 2 through Group 8 System Planning and Deployment Scenarios 21 ProSAFE Wireless Controller WC9500 Ga ep ta acu aca cea Security profiles Security profiles Figure 6 Advanced profile group architecture The following figure shows an example of three access point profile groups in which the first profile group Group 1 has five security profiles For each profile in this profile group the profile name radio mode and authentication setting are shown Group 1 is the default group in the advanced profile group configuration you need to create the other profiles groups Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security WLAN Network Captive Portal gt Basic Profile Groups Advanced Radio Group 1 Group 2 Group 3 Rate Limit Name Radio Authentication Bldi_Upper_Floor 02 1ib ba ng WPA PSK amp WPA2 PSK Bid1_Lower_Floor 802 11b ba nqg WPA PSK amp WPA2 PSK Bidi_Library 02 11b bg ng Open System Bldi_Upper_Floor_na 802 i1a na WPA PSK amp WPA2 PSK Bidi_Lower_Floor_na 02 11a na WPA PSK amp WPA2 PSK System Planning and Deployment Scenarios 22 ProSAFE Wireless Controller WC9500 System Planning This section includes the following subsections e Preinstallation Planning e Before You Configure a Wireless Controller Preinstallation Planning Before you i
227. rk authentication option Configuration gt Security gt configure the authentication server Advanced gt Authentication Server 3 Run the Discovery Wizard and add the access points to the Access Point gt Discovery Wizard managed access point list 4 Assign the access points to the access point profile groups also Configuration gt WLAN Network referred to as WLAN groups Management VLAN and Data VLAN Strategies If your network includes 10 or more access points NETGEAR recommends that you set up at least two VLAN groups a management VLAN group and a data VLAN group If your network is large you should create a number of data VLAN groups Setting up data VLANs for clients allows you to e Segregate traffic by user category e Create different policies such as access policies that are based on user category System Planning and Deployment Scenarios 27 ProSAFE Wireless Controller WC9500 The following illustration shows a simplified view of how you can use VLANs to segregate traffic by user category Internet Management VLAN 100 Ethernet traffic Finance VLAN 10 Ethernet traffic Employee VLAN 20 Ethernet traffic P E i Network printer y E f Deploy the wireless controller Backend L3 switch on a trunk port if you use the or router internal DHCP server PoE switch Wireless controller wc9500 Access point i WNDAP360 lt gt F
228. roller is connected to the LAN see Ethernet Port LEDs Are Not Lit on page 199 e Make sure that you have entered the correct IP range if the access points function in different VLANs are behind an IP subnet or are already installed and working in standalone mode see Access Point Discovery Guidelines on page 91 e Make sure that the access points run at least their initial firmware release or a newer version For firmware requirements see NETGEAR ProSAFE Access Points on page 15 For local access points that are installed across a Layer 3 network e Verify that access points that are already installed and working in standalone mode have SSH and SNMP enabled which is the default setting e Make sure that UDP port number 7890 is unblocked in the firewall e Except for access points in factory default state that are in the same Layer 2 network if more than one access point has the same IP address only one of them is discovered at a time You have to add the access point to the managed list change its IP address and run discovery again to discover the next access point with that IP address e Make sure that DHCP option 43 vendor specific information is enabled on an external DHCP server Specifying an internal DHCP server on the wireless controller automatically enables DHCP option 43 with the IP address of the wireless controller For more information see Access Point Discovery Guidelines on page 91 Troubleshooting 202
229. roup displays on the advanced MAC Authentication screen and the tab for the new ACL is automatically selected to let you configure the new group 4 Optional In the Group Name field enter a unique name for the ACL group By default profile groups are named Acl 1 Acl 2 Acl 3 and so on Manage Security Profiles and Profile Groups 84 ProSAFE Wireless Controller WC9500 5 Compile the Selected Wireless Clients list For information about how to compile a wireless clients list see Configure Basic Local MAC Authentication Settings on page 82 6 Click Apply For information about how to add a MAC authentication group to a security profile in the basic profile group see Configure Profiles in the Basic Profile Group on page 67 For information about how to add a MAC authentication group to a security profile in an advanced profile group see Configure Profiles in an Advanced Profile Group on page 73 gt To delete an ACL group 1 Select Configuration gt Security gt Advanced gt MAC Authentication The advanced MAC Authentication screen displays 2 Click the tab for the ACL group that you want to delete 3 Click Delete Manage Authentication Servers and Authentication Server Groups You can specify three types of authentication servers internal external RADIUS and external LDAP Internal authentication server The wireless controller handles authentication If you use this setting set up WiFi clients on the
230. s 31 Scenario Example 3 Advanced Network 0000 eae 34 Chapter 3 Installation and Configuration Overview lnttial Set upand Log iM seii oda o weedaias piia yri de Senari aa 39 Web Management Interface Layout s suasanana 41 Roadmap for Initial Configuration sssaaa aeaaaee 42 Roadmap for Configuring Management of Your Wireless Network 43 Choose a Location for the Wireless Controller 45 Deploy the Wireless Controller 00 00 eee 45 Table of Contents 3 ProSAFE Wireless Controller WC9500 Chapter 4 Configure the System and Network Settings and Register the Licenses Configure General Settings 0 000 cece eee 47 Manage the Time Settings 200 c eee 48 Pind VIEANISCHINGS repeater d riara NEE da AAN ENERE 49 Management VLAN Concepts sasssa asuaan 49 Untagged VLAN Concepts sssaaa anaana 49 Configure the IP and VLAN Settings 00 00e ee eeee 49 Manage the DHCP Server 02 00 c eects 51 Register Your Licenses 0000 cece eens 54 Configure the License Server Settings 20000e eee 54 Register Your Licenses with the License Server 55 Manage Cemificate Shs arasa iaiaaeaia tabbed nit a Mae eae 57 Configure Log Syslog Alarm Notification and Email Settings 58 Configure Log SeninGSiis occass ceases ed ease dio sedaveeiia 58 Configure Syslog Settings 0 0 eee
231. s Access Point Configuration Monitor Maintenance Stacking Diagnostics tosourt WLAN Clients Summary Profiles U aces Search Access Point gt Clients SSID Profile Name Security Radio Mode Status No of APs No of Clients Group Name gt Neighboring VLANLO VLANLO Open 802 11b ba ng Active 2 12 basic Clients VLAN20 VLAN20 Open 802 11b ba ng Active gt Neighbor AP gt Profiles gt DHCP Lease gt Captive Portal Users NG_tig 12 Bld1_Lower_Floor Wps Wps2 802 1ib ba ng Inactive basic VLANSO VLAN3O Open 802 11b ba ng basic NG_11a 01 NG_ita O1 Open 802 11a na Active NG_1ig 11 Bld1_Upper_Floor Wpa Wpa2 802 1ib bg ng Inactive basic Group 1 Group 1 NG_119 13 BId1_Library Open 802 11b ba ng Inactive Group 1 NG_11a 11 Bldi_Upper_Floor_na Wpa Wpa2 802 11a na Inactive Group 1 NG_11a 12 Bldi_Lower_Floor_na Wpa Wpa2 802 11la na Inactive NG_11g 21 NG_ilg 22 Open 802 1ib bg ng Inactive Group 1 Group 2 NG_tia 21 NG_ila 21 Open 802 11a na Inactive Group 2 NG_tig 31 NG_iig 31 Open 802 11b bg ng Active NG_119 33 NG_119 33 Open 02 11b ba ng Active Group 3 Group 3 rPrPRPRFROO oO 8B OO FG ON WN Pio Fo 8 co 8 oo oO Se hh NG_11a 31 NG_11a 31 Open 802 11a na Group 3 REFRESH The following table describes the fields of the Profiles table Item Description SSID The wireless network SSID for the security profile Profile Name The name of the security profile Security The security mode
232. s see P and VLAN Settings on page 49 Client VLANs Each authenticated wireless user is placed into a VLAN that determines the user s DHCP server IP address and Layer 2 connection Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources For example you might place authorized employee users into one VLAN and itinerant users such as contractors or guests into a separate VLAN To use different VLANs you need to create different security profiles For information about how to configure regular VLANs see P and VLAN Settings on page 49 DHCP Server The wireless controller can function as a DHCP server and assign IP addresses to both wireless and wired devices that are connected to it You can add up to 64 DHCP server pools each assigned to a different VLAN Client Authentication and Data Encryption A user needs to authenticate to the WLAN to be able to access WLAN resources The wireless controller supports several types of security methods including those that require an external RADIUS or LDAP authentication server System Planning and Deployment Scenarios 24 ProSAFE Wireless Controller WC9500 The encryption option that you can select depends upon the authentication method that you have selected The
233. s Controller WC9500 gt To view the WLAN Group Assignment screen Select Configuration gt WLAN Network Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security Profile Captive Portal WLAN Group Assignment Search Model Name Building Status Remote Group Name 192 168 0 245 cO 3f 0e 7b 26 d0 WNAP210 netgear7B26D8 Building 1 Floor 2 Connected Local 192 168 0 146 cO 3f 0e 7b 24 80 WNAP210 netgear762488 Building 1 Floor 1 Connected Local 192 168 0 144 c4 3d c 31 06 60 WNDAP360 netgearAl066S Building 1 Floor 1 Connected Local CANCEL APPLY The settings are explained in the following table Setting Description IP The IP address of the access point MAC The MAC address of the access point Model The model of the access point Name The name that you specified for the access point Building The building designation is always Building 1 Floor The floor designation is always Floor 1 Status e Authentication in progress This status can last several minutes Applying configurations Firmware upgrade e AP is rebooting Connecting Make sure that there is a DHCP server enabled in the network otherwise the managed access points remain in the Connecting state and do not enter the Connected state e Connected This status indicates normal operation e Not Connected The wireless controller cannot communicate with the access point at the configured IP
234. se The default number is 69 3 Click Apply Disable Multicast Firmware Upgrade There might be network configurations in which you cannot use multicast If you disable multicast on the AP Upgrade Setting screen the firmware upgrade process uses unicast which is a slower process because the firmware upgrade is applied to groups of access points instead of simultaneously to all access points The time that the unicast firmware upgrade process takes depends on the network load and on the type of Ethernet interface to which the wireless controller is connected gt To disable multicast firmware upgrade for access points 1 Select Maintenance gt Upgrade gt AP Upgrade Settings Maintain the Wireless Controller and Access Points 169 ProSAFE Wireless Controller WC9500 The AP Upgrade Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt Firmware AP Upgrade Settings Upgrade gt AP Upgrade Settings Enable MultiCast a Start IP 239 255 fo jlo End IP 239 255o 255 Port Number 69 2 Clear the Enable Multicast check box This check box is selected by default 3 Click Apply Maintain the Wireless Controller and Access Points 170 Monitor the Wireless Network and 10 Its Components This chapter includes the following sections e Common Tasks on
235. se check box to display the characters in the WPA Passphrase Network Key field 3 Type a passphrase of at least eight characters in the WPA Passphrase Network Key field Note For information about requirements for a WPA passphrase see Table 6 on page 207 WPA2 PSK AES To configure WPA2 PSK authentication TKIP AES 1 From the Data Encryption menu select the type of encryption AES Supports AES only TKIP AES Supports both TKIP and AES 2 Optional Select the Show Passphrase check box to display the characters in the WPA Passphrase Network Key field 3 Type a passphrase of at least eight characters in the WPA Passphrase Network Key field Note For information about requirements for a WPA passphrase see Table 6 on page 207 WPA PSK amp WPA2 PSK_ TKIP AES To configure WPA PSK amp WPA2 PSK authentication 1 Optional Select the Show Passphrase check box to display the characters in the WPA Passphrase Network Key field 2 Type a passphrase of at least eight characters in the WPA Passphrase Network Key field Note The Data Encryption menu displays TKIP AES which is the only available option Both TKIP and AES are supported Note For information about requirements fora WPA passphrase see Table 6 on page 207 Manage Security Profiles and Profile Groups 80 ProSAFE Wireless Controller WC9500 Manage MAC Authentication and MAC Authentication Groups MAC authentication lets you set up
236. se you have changed its IP address Reconfigure your computer with an IP address and subnet mask that is in the same IP subnet as the new IP address of the wireless controller Log back in to the wireless controller using its new IP address Continue with the following section Roadmap for Configuring Management of Your Wireless Network Roadmap for Configuring Management of Your Wireless Network After you have performed the initial configuration and changed the IP address to an address that is specific to your network see the previous section Roadmap for Initial Configuration you are ready to configure the wireless controller for management of your wireless network This section is a roadmap only It provides high level configuration steps with references to the sections or chapters that provide detailed configuration steps gt To configure the wireless controller for management of your wireless network 1 4 Register the licenses For more information see Register Your Licenses on page 54 Optional but recommended Replace the default certificate with a custom certificate for certificate based authentication of the internal authentication server For more information see Manage Certificates on page 57 Optional but recommended Configure logs alerts and alarms For more information see Configure Log Syslog Alarm Notification and Email Settings on page 58 Configure security profiles a Configure the s
237. sers viewing 188 certificates authentication 57 channel allocation automatic 137 139 manual 132 137 channel width 130 134 classify rogue access points 109 client separation 69 75 client VLANs 24 27 clients DHCP 103 clients viewing in the network 194 neighboring in the network 184 on the access point 179 192 on the wireless controller 174 182 clients wireless maximum number 147 color coding channels 178 community names SNMP 158 compliance regulatory 207 configuration roadmaps 42 44 configuration backing up and restoring 152 153 connection problems troubleshooting 203 connectivity test 23 console port 12 contents package 11 corporate channels 139 counter 12 country and region of operation 47 coverage hole detection 142 144 customer information licenses 56 CwMin and CwMax minimum or maximum contention window 146 D data encryption configuring 69 75 supported methods 24 data rate 130 134 data sheet 207 date troubleshooting 202 default profile group See basic profile group default settings 12 201 206 delivery traffic indication message DTIM interval 131 135 detecting rogue access points 108 DHCP client access points 103 DHCP leases viewing 187 DHCP option 43 91 DHCP server description 24 settings 52 diagnostic tools 203 digital counter 12 dimensions wireless controller 206 210 ProSAFE Wireless Controller WC9500 discovering access points 91 discovery pr
238. smit or receive data and the delay could be too long You can give a threshold for signal strength which is specified as a percentage such as 50 percent When you want only clients near an access point to associate with the access point in situations where the throughput expectation is high set the received signal strength indication RSSI to a high percentage In situations in which the clients can be expected to be far away or there are fewer access points set the RSSI to a lower value Note The load balancing settings apply to all profiles whether they are in the basic profile group or in advanced profile groups Configure Wireless and QoS Settings 147 ProSAFE Wireless Controller WC9500 gt To configure load balancing for all access points of one model 1 Select Configuration gt Profile gt Basic gt Load Balancing The Load Balancing screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Security WLAN Network Captive Portal Basic Load Balancing Radio Load Balancing WNAP210 WNDAP350 WNAP320 WNDAP360 WNDAP380R Rate Limit essvanced _ Radio Max Client RSSI 802 11b ba ng 64 ea 0 CANCEL APPLY 2 Click the tab for the access point model for which you want to configure load balancing 3 Configure the settings as described in the following table Setting Description Max Client Drag the slider to specify or enter the maximum
239. ss points in the network The access points can be in factory default state or functioning in standalone mode but after discovery by the wireless controller and addition to the managed access point list the access points become dependent managed access points Provision IP addresses to the access points Use the internal DHCP server to provision IP addresses to all or selected managed access points in the network Upgrade access point firmware Update and synchronize new firmware versions to all managed access points in the network For more information see Chapter 6 Discover and Manage Access Points Centrally Manage Security in the Network Manage secure access to the network and secure data transmission Manage client authentication encryption wireless client security separation and MAC authentication in access point profiles Manage authentication servers for the network Manage all internal and external authentication servers for the entire network or for access point profile groups Manage MAC authentication Specify trusted and untrusted MAC addresses for the entire network Manage rogue access points Manage rogue access points and their associated clients in the network Manage guest access Manage guest access and captive portal access to the network For more information see Chapter 7 Manage Rogue Access Points Guest Network Access and Users Centrally Manage the Wireless Settings for the Network Schedule th
240. t Manage Security Profiles and Profile Groups 83 ProSAFE Wireless Controller WC9500 5 Click Import 6 Click Apply Configure Local MAC Authentication Groups For greater security flexibility you can create up to eight MAC authentication groups MAC ACLs to block or allow network access privilege of different clients You can assign any MAC authentication group including the basic MAC authentication group to any profile whether in the basic profile group or in an advanced profile group The wireless controller supports a maximum of 256 MAC addresses per SSID Note You cannot add multicast or broadcast MAC addresses to a MAC access control list ACL gt To set up a MAC authentication group 1 Select Configuration gt Security gt Advanced gt MAC ACL The advanced MAC Authentication screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Wireless Profile WLAN Network Captive Portal gt Basic MAC Authentication pera Click to add another ACL group gt Rogue AP Acl 1 Acl 2 Aci 3 Acl 4 4 _ gt MAC ACL gt Authentication Sarda Group Name Acl 4 Import MAC List from a file Merge _ Browse Treat ACL as O low Deny Selected Wireless Clients _ DELETE Available Wireless Clients OO ca c3 20 34 a1 O0 ddic3 65 34 b3 00 34 03 d5 78 21 5 CANCEL DELETE IMPORT APPLY 2 Click the button to create an additional ACL group 3 The new ACL g
241. t IP End IP Discover and Manage Access Points 96 4 ProSAFE Wireless Controller WC9500 In the Range 1 section fill in the Start IP and End IP fields These IP addresses specify the range in which the wireless controller should discover access points Optional Add additional IP address ranges for the wireless controller to search in a Click Add The screen adjusts to display a second set of Start IP and End IP fields In the Range 2 section fill in the Start IP and End IP fields Click Add The screen adjusts to display a third set of Start IP and End IP fields d In the Range 3 section fill in the Start IP and End IP fields Click Next The Discovery Wizard Step 3 of 3 Select Access Points to manage screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics gt Discovery Wizard Discovery Wizard gt Managed AP List p a SS Step 3 of 3 Select Access Points to manage L3 Subnet APs es Total AP Discovered 3 RESTART Search Model IP MAC WNDAP360 292 168 0 144 e4 3dic7 a1 06 60 WNAP210 192 168 0 146 0 3f 0e 7b 24 80 WNAP210 192 168 0 145 0 3f 0e 7b 26 d0 The wireless controller searches for NETGEAR products on the LAN based on MAC address and then identifies which products are supported access point models A progress bar show the progress of the discovery process When the discovery process is finished the total number of access points is displayed
242. t or access points that match the information that you entered in the Search field 3 Take one of the following actions you can perform one query at a time e Inthe table select the radio button for the access point for which you want to query the logs e Inthe IP MAC field enter the MAC address of the access point for which you want to query the logs e Inthe Client MAC field enter the MAC address of the wireless client for which you want to query the logs e Inthe SSID field enter the name of the SSID for which you want to query the logs 4 Click Query Maintain the Wireless Controller and Access Points 160 gt ProSAFE Wireless Controller WC9500 If any logs are available they are displayed onscreen Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management System Alerts Queried System Logs ae eta SLNo Log 1D Timestamp ms Level Module Log Message o 446 16777304 23 47 25 733325 Fetch Reassoc 20 d6 07 2c 70 7e Lead Balancing 455 16777292 23 47 25 737524 Client MAC 20 d6 07 2c 70 7 Rate Limit 458 16777399 23 47 25 737555 Redundancy 460 16777297 23 47 25 737572 469 184549437 23 47 25 739912 499 16777297 23 47 36 208302 gt Legs 504 16777297 23 47 36 208360 508 184549438 23 47 36 208392 563 184549401 23 48 16 93179 571 16777297 23 46 16 96506
243. t time to a value greater than the access point reboot time which is usually one minute This allows for fluctuations in the power of nearby access points when access points are rebooted e The number of neighbors to participate in WLAN self healing should not be very large three to four usually suffices in most deployments This avoids too many access points increasing power for a single failed access point Configure Wireless and QoS Settings 140 ProSAFE Wireless Controller WC9500 RF Management for the Basic Profile Group The basic RF Management screen lets you configure the wireless transmission power WLAN healing and wireless coverage hole detection for the basic profile group gt To configure RF management for access points in the basic profile group 1 Select Configuration gt Wireless gt Basic gt RF Management The basic RF Management screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics System Security Profile WLAN Network Captive Portal Basic TX Power Settings gt Radio On Off gt Wireless Channel Allocation gt RF Management Advanced WLAN Healing Default Tx Power Half v Automatic Tx Power Control enable O disable Maximum Neighbours to participate in Self healing 3 Self healing wait Time after AP Failure mins iv Coverage Hole Detection Periodic Coverage Hole Detection enable disable Alert Severity For Coverage Hole Critical
244. tected rogue access points with essential information including information about their last beacon If there are many entries that are spread out over several pages click Next or Previous to scroll through the Rogue List Note As an option you can import a list of access points from a file For more information see the next section 2 Classify the access points in the Rogue List a Do one of the following e Select one or more check boxes that correspond to the access points e Select all access points in the Rogue List by selecting the check box at the top of the table b Click one of the following two buttons both of which are located below the Rogue List e Known Moves the selected access points to the known list e Unknown Moves the selected access points to the unknown list 3 Optional For each known access point enter a name in the Name column This allows access points to be more easily identified 4 Click Apply Import a List of Known Access Points from a File You can import a list of known access points from a saved file To do this create a text file that includes the MAC address of each access point This file needs to be a simple text file with one MAC address per line The wireless controller can support a total of up to 512 access points from the known and unknown lists combined Manage Rogue Access Points Guest Network Access and Users 110 ProSAFE Wireless Controller WC9500 gt To importa
245. ters or less Country Region From the menu select the region of operation for the wireless controller and the access points managed by the wireless controller This setting is crucial for optimal performance of the wireless controller The wireless controller uses the country code to determine the best wireless settings for your access points In the United States the country is preset and cannot be changed on the access points If the country or region is not set up correctly the wireless controller might not be able to access the access points Controller Optional Enter a code to identify the physical location of the wireless controller Location Code This is especially useful if you use more than one wireless controller 3 Click Apply Configure the System and Network Settings and Register the Licenses 47 ProSAFE Wireless Controller WC9500 Manage the Time Settings This screen lets you configure the time related settings of your wireless controller and managed access points gt To configure time settings 1 Select Configuration gt System gt Time The Time Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal gt General Time Settings gt Time gt IP LAN gt DHCP Server Certificates amp lerts Logs Time Zone USA Pacific Current Time Thu Feb 14 13 28 41 PST 2013 NTP Client
246. the Neighboring Clients screen Select Monitor gt Controller gt Neighboring Clients Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients Summary Neighboring Clients gt Usage Search gt Access Point o 35 No Neighboring b0 e8 92 31 fa f5 Clients gt Neighbor AP Profiles gt DHCP Lease gt Captive Portal Users 00 1e 4c 67 33 b2 36 No O 00 0d 4b 78 6b 7b 60 No O 20 d6 07 2c 70 7e 48 No O REFRESH LOCATE EXPORT The following table describes the fields of the Neighboring Clients table Locate Not applicable The location functionality will be added in a later release MAC The MAC address of the neighboring client Monitor the Wireless Network and Its Components 184 ProSAFE Wireless Controller WC9500 Item Description RSSI The received signal strength indicator RSSI of the neighboring client Rogue Shows whether or not Yes or No the neighboring client is connected to a rogue access point View Neighboring Access Points Detected by the Wireless Controller The Rogue AP screen lets you monitor the access points that the wireless controller detected but that are not managed by the wireless controller To view the Rogue AP screen Select Monitor gt Controller gt Neighbor AP Access Point Configuration Monitor Maintenance Stacking Diagnostics WLAN Clients gt Summary Rogue AP gt Usage
247. the authentication server that you want to set up e External RADIUS Server Internal Authentication Server e External LDAP Server 3 Configure the settings that correspond to the selected authentication server as described in the following table Setting Description External Enable Authentication Select this check box to enable authentication RADIUS Server Enable Accounting Select this check box to enable accounting Primary Server Do the following for each server For information about shared secret requirements see Table 6 on page 207 1 Specify the IP address po Specify the port Secondary Server The default port is 1812 3 Specify the shared secret Reauthentication time Specify the time in seconds after which reauthentication occurs Seconds for all wireless clients Update Global Key To enable update of the global key Every Seconds 1 Select this check box 2 Specify the interval in seconds after which the global key is updated for all wireless clients Manage Security Profiles and Profile Groups 87 ProSAFE Wireless Controller WC9500 Setting Description Internal Reauthentication Time Specify the time in seconds after Wh th Authentication seconds which reauthentication occurs for all V6 you use the Server wireless clients internal authentication server set up WiFi clients Update Global Key To enable update of the global key on the User Man
248. tion Standard 79 aggregated MAC protocol data unit AMPDU 131 135 aggregation length 130 135 AIFS arbitration inter frame space 146 alarms settings 61 viewing on the wireless controller 174 alerts viewing and saving 163 AMPDU aggregated MAC protocol data unit 131 135 209 ProSAFE Wireless Controller WC9500 antenna 103 arbitration inter frame space AIFS 146 architecture advanced profile group 22 authentication certificates 57 external MAC authentication 69 75 81 RADIUS and LDAP servers 79 85 87 114 internal 88 methods supported 24 servers 85 autodiscovery access points 90 automatic channel allocation and transmission power WLAN healing 140 background QoS queue 144 backing up the configuration 152 basic profile group assigning access points to 104 channels and transmission power overriding 131 described 21 profiles adding and configuring 67 radio scheduling 126 rate limiting configuring 149 RF management configuring 141 wireless settings configuring 128 basic service set identifier BSSID 108 basic settings description 20 64 beacon interval 130 135 best effort QoS queue 144 bottom label 14 broadcasting SSID 69 74 browsers supported 39 troubleshooting 200 BSSID basic service set identifier 108 C cabling troubleshooting 199 calls preventing channel allocation 139 captive portal accounts and users adding 119 122 configuring 111 115 enabling 76 captive portal accounts and u
249. tor Maintenance Stacking Diagnostics Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management Logs amp Alerts gt User Management User Management Management WiFi Clients Captive Portal Account Captive Portal Users Account Name Expiry Amount VIPguests 24 Hours s 0 HotelGuests 1 Hours s 10 EDIT REMOVE EXPORT 3 Click Add Manage Rogue Access Points Guest Network Access and Users 119 ProSAFE Wireless Controller WC9500 The Add Account pop up screen displays Add Account Account Name Amount Currency Sign Expiry Hours s Print Message 4 Configure the account settings as described in the following table setting Description n O Account Name Enter a unique account name Only alphanumerical characters and underscore characters _ are supported Amount Enter the total amount that is charged for the period during which access is available Enter whole numbers only Currency Sign Enter the currency that is associated with the amount From the menu select one of the following periods and enter a valid number in the field to the left of the menu Hour s The expiration period is measured in one or more hours Day s The expiration period is measured in one or more days Week s The expiration period is measured in one or more weeks Month s The expiration period is measured in one or more months Print Message Optional Ente
250. trace the route After you have made your selection the IP address of the access point displays in the IP Address field 3 Click Start The results are shown in the TraceRoute Result field Access Point Configuration Monitor Maintenance Stacking Diagnostics Ping t Technical Support TraceRoute Access Point netgear 10668 A Host IP Address Name 192 168 0 158 TraceRoute Result traceroute to 192 168 0 158 192 168 0 158 30 hops max 46 byte p 1 192 168 0 158 192 168 0 158 0 384 ms 0 415 ms 0 263 ms CANCEL STOP Troubleshooting 204 Factory Default Settings and A Technical Specifications This appendix includes the following sections e Factory Default Settings e Technical Specifications e Password Requirements 205 ProSAFE Wireless Controller WC9500 Factory Default Settings You can restore the wireless controller to its factory default settings on the Reboot Reset Controllers screen see Reboot or Reset the Wireless Controller on page 156 or by using the Reset button on the front panel see Use the Reset Button to Restore Default Settings on page 201 The wireless controller returns to the factory configuration settings that are shown in the following table Table 4 Factory default settings for the wireless controller Feature Default Setting User login URL http 192 168 0 250 User name case sensitive admin Login password case sensitive password LAN IP 192 168
251. tting Select the No radio button to disable broadcast of the SSID in which case only devices that have the correct SSID can connect to the access point Manage Security Profiles and Profile Groups 74 ProSAFE Wireless Controller WC9500 Setting Description Client Authentication section Note The options that display onscreen depend on your selection from Network Authentication menu Network Authentication Data Encryption From the menu select the authentication type to be used Table 3 on page 78 lists all the authentication type options From the menu select the data encryption type to be used The options available for data encryption as well as other requirements such as entering a key or passphrase depend on the network authentication settings Table 3 on page 78 lists all the data encryption options Wireless Client Security Separation From the menu select Disable to prevent associated wireless clients from communicating with each other or select Enable to allow such communication Wireless client separation is intended for hotspots and other public access situations VLAN Enter the VLAN ID to be associated with this security profile This VLAN ID needs to match the VLAN ID that is used by other network devices Authentication Settings section Note The options that display onscreen depend on the selection from Network Authentication menu Note MAC ACL displ
252. ttings Network Authentication Selection Data Encryption Options Configuration Steps Open Shared Key None WEP 64 bit WEP 128 bit WEP 152 bit WEP You can use an open system without any encryption or with WEP encryption No encryption An open system without encryption is the default setting No further authentication and encryption configuration is required WEP encryption To configure an open system with WEP encryption see the Shared Key and WEP information further down in this table To configure Shared Key authentication with WEP 1 From the Data Encryption menu select a level of WEP encryption 64 bit WEP Uses 40 64 bit encryption 128 bit WEP Uses 104 128 bit encryption 152 bit WEP A proprietary mode that works only with other wireless devices that support this mode 2 Optional Select the Show Key check box to display the characters in the key fields 3 Select a key radio button Key1 Key2 Key3 or Key4 4 Enter a key in the corresponding field 64 bit WEP requires a key with 10 characters 128 bit WEP requires a key with 26 characters 152 bit WEP requires a key with 32 characters Note For information about requirements for WEP keys see Table 6 on page 207 Legacy 802 1x None To configure legacy 802 1x authentication 1 Setup and enable an internal or external RADIUS or LDAP authentication server For information see Manage Authentication Servers a
253. ttings e IP and VLAN Settings e Manage the DHCP Server e Register Your Licenses e Manage Certificates Configure Log Syslog Alarm Notification and Email Settings 46 ProSAFE Wireless Controller WC9500 Configure General Settings Note You need to select the correct country or region of operation It might not be legal to operate the access points in a country or region not shown here If your location is not listed check with your local government agency or check the NETGEAR website for more information about which channels to use The General Settings screen lets you configure the basic settings of your wireless controller gt To configure general settings 1 Select Configuration gt System gt General The General Settings screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics Wireless Security Profile WLAN Network Captive Portal gt General General Settings Time Name WC9500MainBld gt IP LAN gt DHCP Server Certificates gt Alerts Logs Country Region United States _ Controller Location Code Rack4_b_14 CANCEL APPLY 2 Configure the settings as described in the following table Setting Description Name Enter a unique value as the wireless controller name NETGEAR recommends changing the name as soon as possible after setting up The name needs to contain only alphabetical characters numbers and hyphens and needs to be 31 charac
254. tton 3 Select one of the following radio buttons to specify a hard reset or soft reset hard Restore the factory default settings to the wireless controller The factory default settings are listed in Appendix A Factory Default Settings and Technical Specifications soft Clear all settings except for the IP and VLAN addresses and managed access point list A WARNING When you have selected the hard radio button and you click Apply do not try to go online turn off the wireless controller shut down the computer or do anything else to the wireless controller until the wireless controller finishes rebooting When the Status LED turns green wait a few more seconds before you do anything 4 Click Apply The configuration file is restored according to the selection that you made and the wireless controller reboots Manage Remote Access Enable SNMP to allow SNMP network management software such as HP OpenView to monitor the wireless controller by using SNMPv1 or SNMPv2c protocol You can configure the wireless controller through SNMP except for the following features e Guest access management e RF management Note The wireless controller supports SSH through the console port However the console port is for debugging under guidance of NETGEAR technical support only Maintain the Wireless Controller and Access Points 157 ProSAFE Wireless Controller WC9500 gt To enable and configure SNMP 1 Select Mainte
255. twork Captive Portal General Add Certificates gt Time Password eeccccce HIRANCAN Controller Key C Browse gt DHCP Server Certificates Controller Certificate gt Alerts Logs CA Certificate CANCEL APPLY 2 Configure the settings as described in the following table Setting Description Password Enter the password for wireless controller certificates Controller Key Click Browse and select the controller key Controller Certificate Click Browse and select the controller certificate CA Certificate Click Browse and select the CA certificate 3 Click Apply Configure Log Syslog Alarm Notification and Email Settings From the Alerts Logs menu you can configure the logs syslog and the alarms and specify the email address from which alerts originate Configure Log Settings For the logs you can either configure event tracing or select a log level These selections are mutually exclusive Event tracing can help you to debug the wireless network Event tracing generates logs from the wireless controller and from all controlled access points and saves these logs in a file on the wireless controller The file can become large quickly gt To configure the log settings and view the logs 1 Select Configuration gt System gt Alerts Logs gt Logs Syslog Configure the System and Network Settings and Register the Licenses 58 ProSAFE Wireless Controller WC9500
256. urn Radio On check box see the requirements are the beginning of this section Configure the settings as described in the following table Setting Description Wireless Mode The selections that are available depend on the selected radio mode From the menu select the wireless mode e 802 11b bg ng mode 11ng This is the default setting 11bg 11b e 802 11a na mode Tina This is the default setting Tia Note If you select 802 11bg or 802 11b mode both 802 11n and 802 11g compliant devices can connect to the access points However if you select 802 11ng mode 802 11b compliant devices cannot connect Data Rate From the menu select the available transmit data rates of the wireless network Channel Width From the menu select the channel width 802 11n only e 20 MHz Static e 20 40 MHz Dynamic This is the default setting A wider channel improves the performance but some legacy devices can operate only with a 20 MHz channel width Guard Interval From the menu select a value that protects transmissions from 802 11n only interference A shorter guard interval improves performance but some legacy devices can operate only with a long guard interval RTS Threshold 0 2347 Enter the size of the Request to Send RTS threshold packet The RTS threshold is related to the transmission mechanism CSMA CA or CSMA CD for the packets If the packet size is equal to or less than this threshold
257. vanced gt Radio On Off Group 1 Group 2 Group 3 gt Wireless QoS Settings TX Power Settings KBEN ge pec Default Tx Power Half v Automatic Tx Power Control enable disable WLAN Healing Maximum Neighbours to participate in Self healing 3 Vv Self healing wait Time after AP Failure mins iv Coverage Hole Detection Periodic Coverage Hole Detection enable disable Alert Severity For Coverage Hole Critical Major CANCEL APPLY 2 Click the tab for the profile group for which you want to configure RF management 3 Configure the settings as described in the following table Setting Description TX Power Settings Default Tx Power Make a selection from the menu to specify how the transmission Tx power is configured on the access points Full Half Quarter Eighth or Minimum When automatic Tx power control is enabled the selection from the menu is used as the initial power level for the access points Automatic Tx Power Control Select the enable radio button to enable automatic Tx power control When a client attempts to connect to an access point at low power the access point s Tx power is automatically increased above the default level e When there are overlapping coverage areas the access point s Tx power is automatically decreased below default level Select the disable radio button to disable automatic Tx power control WLAN Healing Maximum Neighbors to Participate From
258. vide a minimum of 25 mm or one inch clearance e The air is as free of dust as possible e Temperature operating limits are not likely to be exceeded Install the unit in a clean air conditioned environment For information about the recommended operating temperatures for the wireless controller see Appendix A Factory Default Settings and Technical Specifications Deploy the Wireless Controller After you have followed the steps in the Roadmap for Initial Configuration on page 42 and the Roadmap for Configuring Management of Your Wireless Network on page 43 you are ready to deploy the wireless controller in your network gt To deploy the wireless controller 1 Disconnect the wireless controller from the computer that you used for configuration 2 Optional Reconfigure the computer back to its original TCP IP settings 3 Place the wireless controller where you intend to deploy it 4 Connect an Ethernet cable from the wireless controller to a switch or router on your wired network 5 Connect the power cord to the wireless controller and plug the power cord into a power outlet The Power Status and Ethernet LEDs should light If any of these do not light see Troubleshoot Basic Functioning on page 198 Installation and Configuration Overview 45 Configure the System and Network 4 Settings and Register the Licenses This chapter includes the following sections e Configure General Settings e Manage the Time Se
259. ware upgrade will occur If no update is scheduled the field displays None When to Upgrade Select when the firmware upgrade should occur e Later Make selections from the menus to specify the date and time when the upgrade should occur e Now The upgrade occurs immediately after you click Apply A WARNING When you click Apply and the Now radio button is selected to upgrade the firmware immediately do not try to go online turn off the wireless controller shut down the computer or do anything else to the wireless controller until the wireless controller finishes rebooting When the Status LED turns green wait a few more seconds before you do anything Click Apply Unless you scheduled the firmware upgrade for a particular time the firmware is upgraded immediately and the wireless controller reboots Optional Verify that the wireless controller is running the latest firmware a Select Monitor gt Network gt Controller The Controllers screen displays b Verify the firmware version in the Version column Maintain the Wireless Controller and Access Points 155 ProSAFE Wireless Controller WC9500 Note After you have upgraded the firmware if the browser does not display the latest features of the web management interface clear the browser s cache and refresh the screen Reboot or Reset the Wireless Controller The Reboot Reset Controllers screen lets you reboot or reset the wireless controller
260. we 140 RF Management for the Basic Profile Group 5 141 RF Management for an Advanced Profile Group 142 Configure QoS for Advanced Profile Groups 0 000 144 Configure Load Balancing 2 2 02 222 4088sreeeeen edad bees eee 147 Configure Rate LIMINO sssr c eoceetaceeaetageeadhanteseaceas 148 ProSAFE Wireless Controller WC9500 Rate Limiting for the Basic Profile Group 000 149 Rate Limiting for an Advanced Profile Group 150 Chapter 9 Maintain the Wireless Controller and Access Points Manage the Configuration File 000c cece een eee 152 Back Up the Configuration File 0 0 cece eae eee 152 Restore the Configuration File 0 0c cece eae eaee 153 Upgrade the Firmware 0 00 00 c eee eee 153 Reboot or Reset the Wireless Controller 00 000 156 Manage Remote ACCESS 000 0c e eet eee 157 Specify Session Time Outs 00 cect ti bargda i 159 View Alerts and Events and Save the Logs 0 000005 159 Query the System Logs 0 200 c eee eee 159 View Alerts and EV6nSe c 23 etceacane buweawe d Oe gawe 4 162 Manage WICenS S e aiae 54404 a eee apis e ay neh heed we ee psa as 165 View VOunMLiCCnSeS cs cccondodiir tinge ahaa ecandsa eens owed 165 Retrieve Your Licenses 00 cece eee eee eee 167 REDOOL ACCESS PONS sg 2scneeeeereacclacneiac
261. work in which all access points managed by the wireless controller serve the same wireless networks and have the same settings you can use the basic configuration Manage Security Profiles and Profile Groups 64 ProSAFE Wireless Controller WC9500 Larger WLAN Networks For larger network deployments that consist of different sets of WLAN networks consider using the advanced configuration to create multiple profile groups The access points that belong to the same profile group use the same wireless security and QoS configurations The wireless controller supports up to eight profile groups Each profile group can have its own wireless security and QoS configurations Each profile group can contain up to 16 profiles for a dual band access point or eight profiles for a single band access point Using dual band access points the wireless controller could support a total of 128 profiles Each profile has its own SSID and can have its own VLAN to allow the profile to establish its own tunnel Profiles can also share the same VLAN In larger network deployments also you would assign guests to a separate VLAN because guests typically access only the Internet not the business network and do not have peer to peer access Profile Naming Conventions You can use profile naming conventions that are based on user groups such as Marketing or based on VLANs such as VLAN4O or you can use other naming conventions such as CompanyName15 Not
262. y traffic indication message DTIM or the data beacon rate that you want to use This sets the message period of the beacon delivery traffic indication in multiples of beacon intervals Preamble Type Select one of the following radio buttons to specify the preamble type 802 11b bg only e Auto Automatically handles both long and short preambles A short transmit preamble provides better performance Auto is the default setting e Long Enables a long transmit preamble to provide a more reliable connection or a slightly longer range 5 Click Apply Override Channel and Transmission Power in the Basic Profile Group The table on the Basic Wireless Settings screen shows the access points that are managed in the profiles of the basic profile group and to which the channel allocation and basic RF management settings apply After you have configured the wireless settings for the basic profile group see the previous section you can change the channel the transmission power or both for individual access points in the basic profile group For you to be able to configure these settings in the table there are two requirements e Channel To enable the Access Point Channel menu in the table you need to disable automatic channel allocation on the Channel Allocation screen see Configure Channels on page 137 e Transmission power To enable the Tx Power menu in the table you need to disable automatic Tx power control on the bas
263. ystem logs and that you can query depends on the log settings For information about how to configure which information is recorded and stored in the logs see Configure Log Settings on page 58 gt To query the system logs for an access point client or SSID 1 Select Maintenance gt Logs amp Alerts gt Logs Maintain the Wireless Controller and Access Points 159 ProSAFE Wireless Controller WC9500 The Query System Logs screen displays Access Point Configuration Monitor Maintenance Stacking Diagnostics User Management Upgrade Licensing Backup Restore Reboot Reset Extended Storage Remote Management gt System Alerts Query System Logs gt RF Events gt Load Balancing Rate Limit Select Status IP MAC Model Name gt Redundancy oO Connected 192 168 0153 lt 0 3f 0e 7b 26 d0 WNAP210 netgear7B26D8 Search Stacking O Connected 192 168 0 154 c0 3f 0e 7b 24 80 WNAP210 netgear7B82488 gt Logs Connected 192 168 0 152 c4 3d c7 a1 06 60 WNDAP360 netgearA10668 AP MAC Client MAC SSID Save System Logs Save a copy of WC9500 data base logs to a file by clicking Save button below Clear System Logs Clear all WC9500 data base logs by clicking Clear button below 2 Optional In the Search field enter the status for example Connected or Disconnected IP address MAC address model or name of an access point for which you want to query the logs The table displays only the access poin
Download Pdf Manuals
Related Search