ProSafe 20-AP Wireless Controller WC7520 Reference M anua l 350 East Plumeria Drive San Jose, CA 95134 USA February 20, 2012 202-10686-04 1.
ProSafe 20-AP Wireless Controller WC7520 ©2010–2011 NETGEAR, Inc. All rights reserved No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR.
ProSafe 20-AP Wireless Controller WC7520 202-10686-03 v1.
Table of Contents Chapter 1 Introduction and Overview Key Features and Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Front Panel Ports and LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Rear Panel Features . . . . . . . . . . . . . . .
ProSafe 20-AP Wireless Controller WC7520 Chapter 4 Access Point Discovery and Management Access Point Discovery and Discovery Guidelines . . . . . . . . . . . . . . . . . . 51 Requirements for Autodiscovery of Local Access Points . . . . . . . . . . . . 51 Requirements for Autodiscovery of Remote Access Points . . . . . . . . . . 52 Run the Discovery Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Discovery Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ProSafe 20-AP Wireless Controller WC7520 Configure Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Specify RF Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Basic RF Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Advanced RF Management for Profile Groups. . . . . . . . . . . . . . . . . . . 104 Configure QoS for Profile Groups . . . . . . . . . . . . . . . . . . . . . . . . .
ProSafe 20-AP Wireless Controller WC7520 Chapter 10 Managing Stacking and Redundancy Manage Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Configure Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Controller Selection List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Manage Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ProSafe 20-AP Wireless Controller WC7520 Problems with Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Discovery Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Network Performance and Rogue Access Point Detection . . . . . . . . . 200 Use the Diagnostic Tools on the Wireless Controller . . . . . . . . . . . . . . . .
1.
ProSafe 20-AP Wireless Controller WC7520 The wireless controller provides the following key features and capabilities: • • • • Scalable architecture with stacking and redundancy - Support for 20 access points on a single wireless controller with no additional license. - Purchased licenses (WC7510L) in increments of 10 access points allow for support of up to a maximum number of 50 access points on a single wireless controller.
ProSafe 20-AP Wireless Controller WC7520 • • • Wi-Fi Multimedia Quality of Service and advanced wireless features - Wi-Fi Multimedia (WMM) support for video, audio, and Voice over Wi-Fi (VoWi-Fi). - WMM power save option. - Automatic WLAN healing mechanism ensures seamless coverage for wireless users. - Layer 2 and Layer 3 seamless roaming support (FRS). - Local Layer 2 traffic switching at access point level for fast processing and roamed Layer 3 traffic processing at controller level.
ProSafe 20-AP Wireless Controller WC7520 If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. Hardware Features The front panel ports and LEDs, rear panel components, and bottom label of the wireless controller are described in this section. Front Panel Ports and LEDs The following figure shows the front panel ports and status LEDs of the wireless controller.
ProSafe 20-AP Wireless Controller WC7520 Table 1. LED functions (continued) LED Status Description Test LED On The wireless controller is initializing. After approximately 2 minutes, when the wireless controller has completed its initialization, the Test LED turns off. If the Test LED remains on, the initialization has failed (see Test LED Never Turns Off on page 195). Off The wireless controller has completed its initialization successfully. The Test LED should be off during normal operation.
ProSafe 20-AP Wireless Controller WC7520 Note: If you reset the wireless controller, all configuration settings are lost and the default password is restored. • Kensington lock. Attach an optional Kensington lock to prevent unauthorized removal of the wireless controller. • AC power socket. Attach the power cord to this socket. (There is no separate on/off power switch.
ProSafe 20-AP Wireless Controller WC7520 The WC7520 wireless controller system supports the following access point models: • NETGEAR WNAP210 ProSafe wireless-N access point • NETGEAR WNAP320 ProSafe wireless-N access point • NETGEAR WNDAP350 ProSafe dual-band wireless-N access point • NETGEAR WNDAP360 ProSafe dual-band wireless-N access point Future releases will support additional access point models.
ProSafe 20-AP Wireless Controller WC7520 • WNDAP360 ProSafe Dual Band Wireless-N Access Point - Supports 802.11a, 802.11b, 802.11g, and 802.11n network devices - Supports PoE with a power consumption of up to 10.51W - Concurrent operation in 2.4 GHz and 5 GHz radio band while in 802.11n mode - Accepts optional antennas - Requires minimum firmware version WNDAP360_2.0.3 or a newer version. For product documentation and firmware, see http://support.netgear.com/app/products/model/a_id/19189.
ProSafe 20-AP Wireless Controller WC7520 and so on. Easily assign access points to profile groups or make changes to assignments. For more information, see Chapter 6, Managing Security Profiles and Profile Groups. Centrally Manage the Wireless Settings for the Network • Schedule the radios. Schedule the entire network to go offline, or schedule access point profile groups to go offline. • Manage wireless settings and channel allocation.
ProSafe 20-AP Wireless Controller WC7520 Monitor the Network and Its Components • View heat maps. View the real-time heat maps for a deployed WLAN. See the RF signal propagation per floor, and identify coverage holes and weak signal spots. • Monitor the status of all wireless devices. View the status the wireless controllers, access points, clients, access point profiles, and the entire network, and view network usage statistics. • Monitor network health.
ProSafe 20-AP Wireless Controller WC7520 Web Management Interface Layout The following figure shows the menu at the top and the left of the wireless controller’s web management interface (the screen’s content has been removed for more clarity). Controller selection list 1st level: Main navigation menu tab Action buttons 2nd level: Configuration menu tab 3rd level: Submenu link Figure 4. A web management interface screen can include the following components: • 1st level: Main navigation menu tab.
ProSafe 20-AP Wireless Controller WC7520 • - Back. Return to the previous screen. - Next. Advance to the next screen. Controller selection list. In a stacked configuration, the controller selection list lets you select the wireless controller to configure. Initial Connection and Configuration Follow the steps in this section to set up the wireless controller. For additional information, see the WC7520 ProSafe Wireless Controller Installation Guide that you can access from http://kb.netgear.
ProSafe 20-AP Wireless Controller WC7520 The wireless controller’s login window displays: Figure 5. b. When prompted, enter admin for the user name and password for the password, both in lowercase letters. c. Click Login. The wireless controller’s web management interface displays, with the default status screen (the path is Monitor > Controller > Summary), which shows the network status and related information: Figure 6.
ProSafe 20-AP Wireless Controller WC7520 For information about the network status and related information, see View the Wireless Controller Summary Screen on page 180. 3. Configure the wireless controller and your network: a. RF planning. Follow instructions in Chapter 3, RF Planning, to plan the number and location of the access points. b. Configure your network.
ProSafe 20-AP Wireless Controller WC7520 To accommodate all types of networks, almost all configuration menus of the web management interface are divided into basic and advanced submenus. The following figure shows an example of the Security > Wireless > Basic submenu on the left and the Security > Wireless > Advanced submenu on the right: Figure 7.
ProSafe 20-AP Wireless Controller WC7520 Advanced Profile The advanced profile lets you configure up to 8 access point profile groups. Each group includes all the settings that are required to configure a fully functional access point with up to 8 security profiles (16 for dual-band access points). For example, if there are four buildings, each with a completely different wireless network, you simply create four profile groups.
ProSafe 20-AP Wireless Controller WC7520 Figure 9. Choose a Location for the Wireless Controller The wireless controller is suitable for use in an office environment where it can be freestanding on its runner feet or mounted into a standard 19-inch equipment rack. Alternatively, you can rack-mount the wireless controller in a wiring closet or equipment room. A mounting kit, containing two mounting brackets and screws, is provided in the wireless controller package.
ProSafe 20-AP Wireless Controller WC7520 Deploy the Wireless Controller To deploy the wireless controller: 1. Disconnect the wireless controller from the computer and place it where you will deploy it. If necessary, you can now reconfigure the computer that you used in the configuration process back to its original TCP/IP settings. 2. Connect an Ethernet cable from your wireless controller to a LAN port on your network. 3.
2.
ProSafe 20-AP Wireless Controller WC7520 After the survey is complete, use the collected data to set up an RF plan. For more information, see RF Planning Overview on page 41. Before You Configure a Wireless Controller These sections assume that you have deployed at least one wireless controller in your network and are ready to configure the wireless controller.
ProSafe 20-AP Wireless Controller WC7520 Client VLANs Each authenticated wireless user is placed into a VLAN that determines the user’s DHCP server, IP address, and Layer 2 connection. Although you could place all authenticated wireless users into the single VLAN that is specified in the basic security profile, the wireless controller allows you to group wireless users into separate VLANs based on the wireless SSID to differentiate access to network resources.
ProSafe 20-AP Wireless Controller WC7520 Table 2.
ProSafe 20-AP Wireless Controller WC7520 Single Controller Configuration with Advanced Profile Groups A more complex configuration consists of a single wireless controller that controls a collection of access points that are organized in access point profile groups and might use several profiles in each access point profile group. To set up a single wireless controller system with advanced profile groups: Step Configuration Web management interface path 1. Optional: Create an RF plan.
ProSafe 20-AP Wireless Controller WC7520 Stacked Controller Configuration A stacked controller configuration can consist of up to three wireless controllers and up to 150 access points. To set up a stacked controller configuration: Step Configuration Web management interface path 1. On each individual wireless controller that you intend to make a stack member, follow the configuration steps as explained in one of the previous sections.
ProSafe 20-AP Wireless Controller WC7520 Figure 10. The wireless controller uses the management VLAN to continually exchange packets with the access points. For large networks, if all traffic uses a single VLAN, the client traffic could potentially flood the network. If this happens, and the wireless controller is not able to exchange packets with the access points, it can cause network performance to slow down, and the access points can lose their connectivity with the wireless controller.
ProSafe 20-AP Wireless Controller WC7520 Deployment Scenarios This section provides three deployment scenarios to illustrate how the wireless controller can function in a variety of network configurations: • Scenario Example 1: Basic Network with Single VLAN • Scenario Example 2: Advanced Network with VLANs and SSIDs • Scenario Example 3: Advanced Network with Redundancy Scenario Example 1: Basic Network with Single VLAN The following sample scenario consists of a simple network with a wireless contr
ProSafe 20-AP Wireless Controller WC7520 The access points and wireless controller are connected in the same subnet and use the same IP address range that is assigned for that subnet. There are no routers between the access points and the wireless controller. The access points are connected to a PoE switch, which, in turn, is connected to the wireless controller. The uplink of PoE switch connects to a Layer 3 switch or router that provides Internet access.
ProSafe 20-AP Wireless Controller WC7520 Figure 12. The access points and wireless controller are connected in the same subnet and same VLAN and use the same IP address range that is assigned for that subnet. There are no routers between the access points and the wireless controller. The access points are connected to a PoE switch, which, in turn, is connected to the wireless controller. The uplink of the PoE switch connects to a Layer 3 switch or router that provides Internet access.
ProSafe 20-AP Wireless Controller WC7520 Provisioning the Wireless Controller Step Configuration Web management interface path 1. For initial discovery and configuration of the access points, temporarily configure management VLAN 100 as an untagged management VLAN on both the wireless controller and the PoE switch. Configuration > System > IP/VLAN 2. Configure the basic system settings: 1. Configure the country code of operation. Configuration > System > General 2.
ProSafe 20-AP Wireless Controller WC7520 Step Configuration Web management interface path 9. For each access point on the managed list, clear the Untagged Vlan check box and configure VLAN 100 as the management VLAN. Doing so causes the access points to lose connectivity with the wireless controller. 10. Restore connectivity between the access points and the wireless controller by changing the PoE switch ports to which the access points are connected to tagged ports.
ProSafe 20-AP Wireless Controller WC7520 Figure 13. The access points and wireless controllers are connected in the same subnet and same VLAN and use the same IP address range that is assigned for that subnet. The core switch is located between the wireless controllers and the PoE switches, to which the access points are connected. The core switch provides Internet access.
ProSafe 20-AP Wireless Controller WC7520 Provisioning the Wireless Controller Step Configuration Web management interface path 1. Configure the basic system settings: 1. Configure the country code of operation. Configuration > System > General 2. Configure the IP address of wireless controller. Configuration > System > IP/VLAN 3. Verify that VLAN 1 is set as the management VLAN and is marked as untagged, which is the default setting. 2.
3. RF Planning 3 This chapter includes the following sections: • RF Planning Overview • Define and Edit Buildings and Floors • Specify Access Point Requirements • View and Manage Heat Maps for Deployed Plans RF Planning Overview You can do the following with RF planning: • Define WLAN coverage. • Estimate the number of access points required based on signal quality and number of clients per access point. • Optimize the placement of access points for the best coverage.
ProSafe 20-AP Wireless Controller WC7520 • Total number of users and number of users per access point. • Radio type or types. • Desired data rates for access points. • Identify areas where you do not necessarily want coverage. • Identify areas where you cannot deploy an access point. Use a worksheet similar to the following to collect your information. Table 3.
ProSafe 20-AP Wireless Controller WC7520 . Figure 14. 2. The Buildings table shows the names of the previously defined buildings and their number of floors. 3. To add a building, click Add. The Add Building pop-up window displays. 4. Enter a name for your building in the Building Name field, and then click Add. The new building is added to the Buildings table. The name is an alphanumeric string up to 64 characters in length. 5.
ProSafe 20-AP Wireless Controller WC7520 6. Define the floors as explained in the following table: Table 4. Building name and floors Setting Description Building Building Name You can modify the previously defined building name, which is an alphanumeric string up to 64 characters in length. Floors Floor Names The floor name is an alphanumeric string up to 64 characters in length. Floor Dimensions Enter the floor length in meters in the Length field; enter the floor width in meters in Width field.
ProSafe 20-AP Wireless Controller WC7520 To delete a building: 1. Select the check box that corresponds to the building that you want to delete, or select the check box at the top row of the table to delete all buildings. 2. Click Delete. Specify Access Point Requirements After you have defined the buildings and floors, you need to specify the following RF requirements for each floor and each supported access point model (WNAP210, WNAP320, WNDAP350, and WNDAP360): • Frequency band.
ProSafe 20-AP Wireless Controller WC7520 The Planning Buildings screen shows a tab for each building that you previously defined. For each building, the screen shows the floors that you previously defined. 2. Select the building and floor that you want to configure by clicking the corresponding tabs. 3. Specify the WLAN requirements for the floor as explained in the following table: Table 5.
ProSafe 20-AP Wireless Controller WC7520 Figure 17. Note that the planning tool provides only default placement and shows the coverage area for each access point. 6. Move the access points to optimize coverage in desired areas and avoid coverage in unwanted areas based on the floor plan. Colored circles around the access point symbols indicate the expected approximate coverage of the individual access point.
ProSafe 20-AP Wireless Controller WC7520 View and Manage Heat Maps for Deployed Plans A heat map lets you view in real time, by wireless frequency band, the signal strength and wireless coverage for a building floor. The heat map shows the actual signal strengths that each access point is detecting from neighbor access points. Note: For the heat maps to work correctly, the access point placement on the floor plan needs to closely match the actual physical location of the access points.
ProSafe 20-AP Wireless Controller WC7520 2. Select the building and floor for which you want to view the heat map by clicking the corresponding tabs. 3. Click Heat Map. The heat map for the selected floor displays: Figure 19. 4. The first time you view the heat map, the access points need to be manually placed on the heat map to closely match their actual physical locations. 5. Click Apply to save the locations. Doing so regenerates the complete heat map of the floor.
ProSafe 20-AP Wireless Controller WC7520 The colors disappear from the heat map until you click Apply again. When you apply the new position, the heat map is refreshed based on the new location and the RF data collected from the access points. 7. Click Apply to view how your changes affect the heat map. Depending on the size of your WLAN, it might take several minutes before the heat map is updated. If you do not want to apply the changes, click Close to return to the Deployed Buildings screen.
4. Access Point Discovery and Management 4 This chapter includes the following sections: • Access Point Discovery and Discovery Guidelines • Run the Discovery Wizard • Discovery Results • Manage the Access Point List Access Point Discovery and Discovery Guidelines You need to run the Discovery Wizard for the wireless controller to discover supported NETGEAR access points on the LAN or WAN.
ProSafe 20-AP Wireless Controller WC7520 • An access point needs to run at least its initial firmware release or a newer version. There are no other firmware requirements for the access point to function with the wireless controller. Guidelines for the Autodiscovery Process Across Layer 3 Networks In addition to the previous general guidelines, for the autodiscovery process to work across Layer 3 networks, enable either one of the following options: • Multicast routing for IP address 254.0.100.
ProSafe 20-AP Wireless Controller WC7520 • - UDP port 6650. Used by the control channel between the wireless controller and the remote access point. - UDP port 7890. Used by the multicast discovery process. This port does not need to be unblocked in a configuration in which remote access points are located behind a NAT router. Enable DHCP option 43 (vendor-specific information) on the DHCP server.
ProSafe 20-AP Wireless Controller WC7520 authentication with the local RADIUS server of the wireless controller instead of an external RADIUS server, the access point can no longer accept new clients. - If the access point is rebooted, it loses its configuration. After the connection with the wireless controller is reestablished, the remote access point functions once again as a managed access point.
ProSafe 20-AP Wireless Controller WC7520 Figure 21. 4. Select the radio button that specifies the network layout of the access points, and click Next. • Same L2 network - directly or via backend L2 switch. Discover all access points on the LAN that are in the same IP subnet and are connected to the wireless controller either directly or through a back-end Layer 2 switch. • Different L3 networks - different VLANs or behind IP subnets.
ProSafe 20-AP Wireless Controller WC7520 7. Click Next to continue. The following occurs: • The wireless controller searches for NETGEAR products on the LAN based on MAC address, and then identifies which products are supported access point models. • When discovery is finished, the table shows the access points that were located: for each access point, the table includes the model number, IP address, MAC address, and name. The next Discovery Wizard Select Access Points to Manage screen displays.
ProSafe 20-AP Wireless Controller WC7520 discovered at a time. You have to add the access point to the managed list, change its IP address, and then run discovery again to discover the next access point with that IP address. • Make sure that a DHCP server is available in the network or on the wireless controller. Note: For troubleshooting information, see Problems with Access Points on page 198.
ProSafe 20-AP Wireless Controller WC7520 Figure 24. Left side of the Managed AP List screen Figure 25. Right side of the Managed AP List screen The Managed AP List shows the following entries for each access point that you added to the list: Table 6. Managed AP list information Item Description IP The IP address of the access point. MAC The MAC address of the access point. Model The model of the access point. Name The name of the access point.
ProSafe 20-AP Wireless Controller WC7520 Table 6. Managed AP list information (continued) Item Description Status Shows one of the following status options: • Authentication in progress. (This status can last several minutes) • Applying configurations. • Firmware upgrade. • AP is rebooting. • Connecting. • Connected. This status indicates normal operation. • Not Connected. The wireless controller cannot communicate with the access point at the configured IP address.
ProSafe 20-AP Wireless Controller WC7520 Figure 26. 4. Configure the settings as explained in the following table. Some fields are masked out and cannot be edited; other fields are masked out but can be edited. Table 7. Access point settings Setting Description Access Point Info section Name Enter a unique value that indicates the access point name. By default, the name is netgearxxxxxx, where xxxxxx represents the last six hexadecimal digits of the access point’s MAC address.
ProSafe 20-AP Wireless Controller WC7520 Table 7. Access point settings (continued) Setting Description Group The group to which the access point is assigned. After the access point discovery process, the access point is automatically assigned to the basic group. If you have set up profile groups, you can assign the access point to another profile group by selecting one from the drop-down list. You can also change the group assignment at a later time on the WLAN Group Assignment screen.
ProSafe 20-AP Wireless Controller WC7520 Table 7. Access point settings (continued) Setting Description Plan Settings section Site The site designation that you have selected (see Add Access Points to the Managed List after Discovery on page 57). Building After you have configured buildings (see Define and Edit Buildings and Floors on page 42), select the building in which the access point is located from the drop-down list.
5. Configuring Network Settings 5 This chapter includes the following sections: • Configure General Settings • Time Management • Configure IP and VLAN Settings • Manage the DHCP Server • Manage Certificates • Configure Syslog and Alarm Notification Settings Configure General Settings Note: You need to select the correct country or region of operation. It might not be legal to operate the access points in a country or region not shown here.
ProSafe 20-AP Wireless Controller WC7520 2. Configure the settings as explained in the following table: Table 8. General settings Setting Description Name Enter a unique value as the wireless controller name. NETGEAR recommends changing the name as soon as possible after setting up. The name needs to contain only alphabetical characters, numbers, and hyphens, and needs to be 31 characters or less.
ProSafe 20-AP Wireless Controller WC7520 2. Configure the settings as explained in the following table: Table 9. Time settings Setting Description Time Zone From the drop-down list, select the local time zone for your country or region. Current Time This is a nonconfigurable field that displays the current time at your location. NTP Client Select the Enable radio button to use a Network Time Protocol (NTP) server to synchronize the clock of the wireless controller and managed access points.
ProSafe 20-AP Wireless Controller WC7520 2. Configure the settings as explained in the following table: Table 10. IP and management VLAN settings Setting Description IP Settings section IP Address Enter the IP address of the wireless controller. The default IP address is 192.168.0.250. To change it, enter an available IP address from the address range used on your LAN. IP Subnet Mask Enter the subnet mask value used on your LAN. The default value is 255.255.255.0.
ProSafe 20-AP Wireless Controller WC7520 Untagged VLANs When the Untagged VLAN check box is selected, one VLAN can be configured as an untagged VLAN: • When the wireless controller sends frames associated with the untagged VLAN to the LAN (Ethernet) interface, those frames do not carry an 802.1Q VLAN header. • When the wireless controller receives untagged traffic from the LAN (Ethernet) interface, those frames are assigned to the untagged VLAN.
ProSafe 20-AP Wireless Controller WC7520 Figure 30. The DHCP Server List shows the DHCP servers that are already configured on the wireless controller. 2. Click Add. The Add DHCP Server pop-up window displays: Figure 31. 3. Configure the settings as explained in the following table: Table 11. DHCP settings Setting Description Enabled Select this check box to enable the DHCP server. When the check box is cleared, the DHCP server is disabled.
ProSafe 20-AP Wireless Controller WC7520 Table 11. DHCP settings (continued) Setting Description Subnet Mask Enter the subnet mask that is assigned to the wireless clients by the DHCP server. Default Gateway Enter the IP address of the default network gateway for all traffic beyond the local network. Start IP Enter the starting IP address of the range that can be assigned by the DHCP server. End IP Enter the ending IP address of the range that can be assigned by the DHCP server.
ProSafe 20-AP Wireless Controller WC7520 Manage Certificates The internal authentication server for certificate-based authentication requires you to install a certificate on the wireless controller. There is a default self-signed server certificate installed on the wireless controller. However, NETGEAR strongly recommends that you replace this default certificate with a custom certificate issued for your site or domain by a trusted Certificate Authority (CA).
ProSafe 20-AP Wireless Controller WC7520 Configure Syslog and Alarm Notification Settings From the Alerts menu you can configure the syslog and the alarms, and specify the email address from which alerts originate. Configure Syslog Settings This screen lets you configure the settings to connect to a syslog server, if you have one configured in your network. To configure Syslog settings: 1. Select Configuration > System > Alerts > Syslog. The Syslog Settings screen displays: Figure 33. 2.
ProSafe 20-AP Wireless Controller WC7520 Configure Alarm Notification Settings You can classify certain events as critical, major, normal, or minor. Some events you can classify only as critical or major. For example, on the RF Management screen, you can specify whether a coverage hole should be classified as critical or major (see Basic RF Management on page 102). To configure alarm actions: 1. Select Configuration > System > Alerts > Alarms. The Alarm Actions screen displays: Figure 34. 2.
ProSafe 20-AP Wireless Controller WC7520 Figure 35. 2. Configure the settings as explained in the following table: Table 14. Email configuration settings Setting Description Server Address Enter the IP address of the server from which email notifications are sent. Port Enter the port number of the server from which email notifications are sent. The default is port number 25. Sender Email Address Enter the email address from which email notifications are sent.
6. Managing Security Profiles and Profile Groups 6 This chapter includes the following sections: • Manage Wireless Security Profiles • Configure Security Profiles for the Basic Profile Group • Configure Security Profiles for Advanced Profile Groups • Manage Basic and Advanced Profile Groups in the WLAN Note: In this chapter and in the following chapters, access point profile groups are referred to as just profile groups.
ProSafe 20-AP Wireless Controller WC7520 Note: Note that if an access point is removed from its building (someone takes it home or it is stolen) the access point does not retain the configuration that it received from the wireless controller. The configuration is not stored in memory on the access point. Depending on your network needs, you can either use the basic profile group (that is, the basic configuration) or the advanced profile groups (that is, the advanced configuration).
ProSafe 20-AP Wireless Controller WC7520 Profile Naming Conventions You can use profile naming conventions that are based on user groups such as Marketing, or based on VLANs such as VLAN40, or you can use other naming conventions such as CompanyName15. Note: In the advanced configuration, you cannot change the names of profile groups. However, you can change the group names of MAC ACLs and external RADIUS servers.
ProSafe 20-AP Wireless Controller WC7520 After you have configured one or more MAC ACLs, you can then assign any MAC ACL to a security profile in a basic profile group or advanced profile group. • Cloning profiles. For faster setup you can clone a profile and rename it. Cloning copies all settings except for the name and SSID.
ProSafe 20-AP Wireless Controller WC7520 3. Click the + button to add a profile to the basic profile group. The Add Profiles pop-up window displays: Figure 37. 4. Either click Add, or, if you want to clone an existing profile, select the Clone an existing Profile check box, select a profile from the Profiles drop-down list, and then click Add. The newly created profile displays onscreen, and the tab for the new profile is automatically selected to let you configure the new profile.
ProSafe 20-AP Wireless Controller WC7520 Table 15. Basic security profile definition settings (continued) Setting Description Client Authentication section Note: The options that display onscreen depend on the selection from Network Authentication drop-down list. Network Authentication From the drop-down list, select the authentication type to be used: see Table 16 on page 81. Data Encryption From the drop-down list, select the data encryption type to be used.
ProSafe 20-AP Wireless Controller WC7520 Table 15. Basic security profile definition settings (continued) Setting Description Open System, Shared Key, WPA-PSK, WPA2-PSK, and WPA-PSK & WPA2-PSK (continued) Captive Portal Select this check box if you want to enable the captive portal. For more information, see Configure Captive Portal Settings on page 126. Note: You cannot configure captive portal authentication if the network authentication uses an external RADIUS server.
ProSafe 20-AP Wireless Controller WC7520 Network Authentication and Data Encryption Options The following table shows the data encryption options based on network authentication, and the required configuration steps to implement a selected network authentication.
ProSafe 20-AP Wireless Controller WC7520 Table 16. Network authentication and data encryption settings (continued) Network authentication selection Data encryption Configuration steps options Shared Key 64-bit WEP 128-bit WEP 152-bit WEP To configure Shared Key authentication with WEP: 1. From the Data Encryption drop-down list, select a level of WEP encryption: - 64-bit WEP. Uses 40/64-bit encryption. - 128-bit WEP. Uses 104/128-bit encryption. - 152-bit WEP.
ProSafe 20-AP Wireless Controller WC7520 Table 16. Network authentication and data encryption settings (continued) Network authentication selection Data encryption Configuration steps options WPA2 with Radius AES TKIP + AES To configure WPA2 authentication with a RADIUS server: 1. Set up and enable an internal or external (RADIUS or LDAP) authentication server. For information, see Manage Authentication Servers and Authentication Server Groups on page 122. 2.
ProSafe 20-AP Wireless Controller WC7520 Table 16. Network authentication and data encryption settings (continued) Network authentication selection Data encryption Configuration steps options WPA-PSK & WPA2-PSK AES TKIP + AES Note: Use this option if there are both WPA-PSK and WPA2-PSK clients in the network. To configure WPA-PSK & WPA2-PSK authentication, type a passphrase of at least 8 characters in the WPA Passphrase (Network Key) field.
ProSafe 20-AP Wireless Controller WC7520 The following table describes the fields that are shown for each profile in a profile group. Table 17. Profile group settings Setting Description Name The unique profile name. Radio The wireless radio mode in which the profile is operating. Authentication The authentication setting under which the profile is operating. 2. Click the + button to create an additional profile group. The new profile group displays on the advanced Profile Groups screen.
ProSafe 20-AP Wireless Controller WC7520 Click + to add another profile. Your selection from the Network Authentication drop-down list determines the information that is displayed onscreen. Select the Local radio button to display the Local MAC ACL Group drop-down list. Select the External radio button to display the External Radius Server drop-down list. Figure 39. 4. Click a tab to select a radio. 5. Specify the settings as described in Table 15 on page 78 and Table 16 on page 81. 6.
ProSafe 20-AP Wireless Controller WC7520 9. Click Apply to save your settings. Edit and Remove Profiles from an Advanced Profile Group To edit an existing profile to an advanced profile group: 1. On the Profile Groups screen, click a tab to select a profile group. 2. Click Edit. The Edit Profile screen displays. 3. Click a tab to select a radio. 4. Click a tab to select a profile. 5. Change the settings as explained in the Table 15 on page 78 and Table 16 on page 81. 6.
ProSafe 20-AP Wireless Controller WC7520 Figure 41. The displayed settings are explained in the following table: Table 18. WLAN group assignments Setting Description IP The IP address of the access point. MAC The MAC address of the access point. Model The model of the access point. Name The name that you specified for the access point. Building The building in which the access point is located.
ProSafe 20-AP Wireless Controller WC7520 Table 18. WLAN group assignments (continued) Setting Description Remote AP Shows whether the access point is a local or remote one: • Local. The AP is deployed at the local site. • Remote. The AP is deployed at a remote site. Sentry Shows whether or not sentry mode is enabled: • No. Sentry mode is disabled. • Yes. Sentry mode is enabled. 2. To assign an access point to a profile group, select the profile group name from the Group Name drop-down list.
7. Configuring Wireless and QoS Settings 7 This chapter includes the following sections: • About Basic and Advanced Wireless and QoS Configurations • Configure the Radio • Configure Wireless Settings • Configure Channels • Specify RF Management • Configure QoS for Profile Groups • Configure Load Balancing • Configure Rate Limiting During initial setup, enter your country and region in the General Settings screen (Configure General Settings on page 63).
ProSafe 20-AP Wireless Controller WC7520 • • Advanced wireless settings.
ProSafe 20-AP Wireless Controller WC7520 2. Configure the settings as explained in the following table: Table 19. Schedule radio on/off settings Setting Description Current Time This is a nonconfigurable field that displays the current time for the wireless controller. Schedule Radio On/Off You can specify either when the radio is on by selecting the On radio button or when it is off by selecting the Off radio button.
ProSafe 20-AP Wireless Controller WC7520 3. Configure the settings as explained in the previous table. 4. Click Apply to save your settings. Configure Wireless Settings Typically, the default wireless settings do not need adjustment. Override the wireless settings only if there is a specific need, such as a phone vendor that specifies a setting different from the default.
ProSafe 20-AP Wireless Controller WC7520 Note: If automatic channel allocation is enabled on the Channel Allocation screen (see Configure Channels on page 99), you cannot configure the wireless settings on the Basic Wireless Settings screen. You need to disable automatic channel allocation to be able to configure the wireless settings. Note: You cannot configure the wireless settings if there are no access points assigned to a radio in a profile group. 4.
ProSafe 20-AP Wireless Controller WC7520 Table 20. Wireless settings (continued) Setting Description RTS Threshold (0-2347) Enter the size of the Request to Send (RTS) threshold packet. The RTS threshold is related to the transmission mechanism (CSMA/CA or CSMA/CD) for the packets.
ProSafe 20-AP Wireless Controller WC7520 Note: If automatic Tx power control is enabled on the basic RF Management screen (see Basic RF Management on page 102), you cannot configure the transmission power on the Basic Wireless Settings screen. You need to disable automatic Tx power control to enable the Tx Power drop-down list on the Basic Wireless Settings screen.
ProSafe 20-AP Wireless Controller WC7520 Figure 45. 2. Click a tab to select a profile group. 3. Click a tab to select a radio. 4. Select the Turn Radio On check box to enable configuration of the wireless settings. Note: If automatic channel allocation is enabled on the Channel Allocation screen (see Configure Channels on page 99), you cannot configure the wireless settings on the Advanced Wireless Settings screen.
ProSafe 20-AP Wireless Controller WC7520 6. Optionally, you can override the channel and transmission power for individual access points. Note: If automatic Tx power control is enabled on the advanced RF Management screen (see Advanced RF Management for Profile Groups on page 104), you cannot configure the transmission power on the Advanced Wireless Settings screen. You need to disable automatic Tx power control to enable the Tx Power drop-down list on the Advanced Wireless Settings screen.
ProSafe 20-AP Wireless Controller WC7520 Configure Channels CAUTION: Do not disable channel allocation unless you are debugging or there is an extreme situation that affects the channels. Automatic channel allocation distributes channels across the managed access points to reduce interference. Each wireless controller allocates channels for its managed access points, regardless of their configured security profiles.
ProSafe 20-AP Wireless Controller WC7520 To change the channel allocation: 1. Select Configuration > Wireless > Basic > Channel Allocation. The Channel Allocation screen displays: Figure 46. 2. Configure the settings as explained in the following table: Table 23. Channel allocation settings Setting Description Automatic channel allocation Ensure that the Enable radio button is selected during normal operation.
ProSafe 20-AP Wireless Controller WC7520 Table 23. Channel allocation settings (continued) Setting Description Prevent channel change during Active voice call Select the Enable radio button to prevent channel changes during voice calls. Select the Disable radio button to allow channel changes during voice calls. High Traffic Load Select the Enable radio button to prevent channel changes during a high traffic load. Select the Disable radio button to allow channel changes during a high traffic load.
ProSafe 20-AP Wireless Controller WC7520 The wireless controller has the capacity for automatic WLAN healing through the following features: • Automatic channel allocation. Allows an access point channel to be distributed automatically by the wireless controller across the access points on a floor to reduce interference.
ProSafe 20-AP Wireless Controller WC7520 Figure 47. 2. Configure the settings as explained in the following table: Table 24. RF management settings Setting Description TX Power Settings section Default Tx Power Make a selection from the drop-down list to specify how the transmission (Tx) power is configured on the access points: Full, Half, Quarter, Eighth, or Minimum.
ProSafe 20-AP Wireless Controller WC7520 Table 24. RF management settings (continued) Setting Description Coverage Hole Detection section Periodic Coverage Hole Detection Select the Enable radio button to allow coverage hole detection to run in the background periodically. Select the Disable radio button to disable this option.
ProSafe 20-AP Wireless Controller WC7520 2. Click a tab to select a profile group. 3. Configure the settings as explained in the previous table. 4. Click Apply to save your settings. Configure QoS for Profile Groups Quality of Service (QoS) works by default. Change QoS only if there is a reason, such as device vendor specifications that require you to use different settings.
ProSafe 20-AP Wireless Controller WC7520 Figure 49. 2. Click a tab to select a profile group. 3. Click a tab to select a radio. This screen lets you modify the QoS settings per profile group and per radio for upstream traffic flowing from the station (that is, the wireless client) to managed access points and the downstream traffic flowing from managed access points to the station. These settings are applied only to managed access points that are capable of supporting these settings.
ProSafe 20-AP Wireless Controller WC7520 Table 25. QoS settings Setting Description AIFS Specify a wait time (in milliseconds) for data frames. Valid values for Arbitration Inter-Frame Space (AIFS) are 1 through 255. CwMin Specify an upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined. Valid values for this field are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024.
ProSafe 20-AP Wireless Controller WC7520 access point determines whether or not to accept a client based on the number of clients already connected or the signal strength of the clients. • Number of clients. When there are several access points and you want a good distribution of clients between the access points, set the maximum number of clients to a low value (compared to the total number of clients in an office or on a floor). • RSSI.
ProSafe 20-AP Wireless Controller WC7520 Configure Rate Limiting The available bandwidth is determined by the number of errors during transmission and the time that a packet spends in the transmission queues. Within a profile group (including the basic profile group), you configure rate limiting separately for each wireless radio (2.4 GHz and 5 GHz). Within a profile group, for each wireless radio, rate limiting needs to add up to a maximum of 100 percent. (It can be less than 100 percent.
ProSafe 20-AP Wireless Controller WC7520 Figure 51. 2. Click a tab to select a radio. 3. For each profile on a wireless radio, specify the rate limit as a percentage. You can use the slider bars to adjust the values in the rate limit fields to the right of the slider bars. Make sure that the total percentages of all profiles on one wireless radio do not exceed 100 percent. 4. Click Apply to save your settings. Advanced Rate Limiting for Profile Groups For each profile group, and for each radio mode (802.
ProSafe 20-AP Wireless Controller WC7520 2. Click a tab to select a profile group. 3. Click a tab to select a radio. 4. For each profile on a wireless radio in the selected profile group, specify the rate limit as a percentage. You can use the slider bars to adjust the values in the rate limit fields to the right of the slider bars. Make sure that the total percentages of all profiles on one wireless radio in the selected profile group do not exceed 100 percent. 5. Click Apply to save your settings.
8.
ProSafe 20-AP Wireless Controller WC7520 • • • Basic security settings. You can apply the following security settings to any profile, whether in the basic profile group or in an advanced profile group: - Basic MAC authentication (the MAC ACL group that is called basic) - Basic authentication server (the RADIUS server that is called basic-Auth or the LDAP server that is called basic-LDAP) Advanced security settings.
ProSafe 20-AP Wireless Controller WC7520 Configure Basic Rogue Detection Settings In a basic setup you can set up one detection server. In an advanced setup you can create multiple detection servers (for more information, see Configure Advanced Rogue Detection Settings on page 116). Note: If there are long delays in the network or clients are unexpectedly disconnected from access points, disable rogue access point detection and mitigation. To set up a server to detect rogue access points: 1.
ProSafe 20-AP Wireless Controller WC7520 Table 27. Basic rogue AP detection settings (continued) Setting Description Rogue AP Mitigation Select the Enable radio button to enable rogue AP mitigation. Rogue mitigation does the following: • Prevents wireless clients from associating with rogue access points in the network. • Attempts to disconnect clients from rogue access points in the network. • Performs denial of service (DoS) attacks against rogue access points in the network.
ProSafe 20-AP Wireless Controller WC7520 Configure Advanced Rogue Detection Settings The advanced Rogue AP screen allows you to identify what could be an access point from a neighboring business that is known. As you identify them, mark them as known or unknown so that the wireless controller does not keep finding them and flagging them. This will help you to identify your own equipment that should be managed and the rogue access points that should be detected.
ProSafe 20-AP Wireless Controller WC7520 3. Click Apply to save your settings. Importing a List of Known Access Points from a File You can import a list of known access points from a saved file. To do this, create a text file that includes the MAC address of each access point. This file needs to be a simple text file with one MAC address per line. The wireless controller can support a total of up to 512 access points from the known and unknown lists combined.
ProSafe 20-AP Wireless Controller WC7520 Guidelines for External MAC Authentication To use an external ACL: 1. Configure an ACL on an external RADIUS server. 2. On an Edit Profile screen (see Chapter 6, Managing Security Profiles and Profile Groups), next to MAC ACL, select the External radio button. 3. From the External Radius Server drop-down list, select an external authentication server. The wireless controller consults the MAC ACL at initial client authentication.
ProSafe 20-AP Wireless Controller WC7520 Figure 55. As an option, you can import a list of MAC addresses from a file. For more information, see the next section. 2. Next to Trust ACL as, select one of the following radio buttons: • Allow. Network access is granted to the clients for which the MAC addresses are listed in the Selected Wireless Clients list. • Deny. Network access is denied to the clients for which the MAC addresses are listed in the Selected Wireless Clients list. 3.
ProSafe 20-AP Wireless Controller WC7520 Importing a MAC List from a File You can import a precompiled list of MAC address from a saved file. This file needs to be a simple text file with one MAC address per line. To import a MAC list from a file: 1. Create a text file that includes a list of MAC addresses.
ProSafe 20-AP Wireless Controller WC7520 Click + to add another ACL group. Figure 56. 2. Click the + button to create an additional ACL group. The new ACL group displays on the advanced MAC Authentication screen, and the tab for the new ACL is automatically selected to let you configure the new group. Note: By default, profile groups are named Acl-1, Acl-2, Acl-3, and so on. You can change these ACL group names. 3. In the Group Name field, enter a unique name for the ACL group. 4.
ProSafe 20-AP Wireless Controller WC7520 Manage Authentication Servers and Authentication Server Groups You can specify three types of authentication servers: internal, external RADIUS, and external LDAP: • Internal authentication server. The wireless controller handles authentication. If you use this setting, set up Wi-Fi clients on the User Management screen (see Manage Users, Accounts, and Passwords on page 128.) • External RADIUS server.
ProSafe 20-AP Wireless Controller WC7520 Configure Basic Authentication Server Settings Use the basic Authentication Server screen to set up the internal authentication server, the basic external RADIUS server (which is called Auth-basic), and the external LDAP server (which is called Auth-LDAP). After you have set up these authentication servers, you can assign any of them to any profile, whether in the basic profile group or in an advanced profile group. To configure a basic authentication server: 1.
ProSafe 20-AP Wireless Controller WC7520 3. Configure the settings that correspond to the selected authentication server as described in the following table: Table 28. Authentication server settings Setting Description External RADIUS Server Primary Authentication Server Specify the IP address, port (default 1812), and shared secret. Secondary Authentication Server Specify the IP address, port (default 1812), and shared secret.
ProSafe 20-AP Wireless Controller WC7520 Configure RADIUS Authentication Server Groups For greater security flexibility, you can create up to 8 external RADIUS servers to authenticate different groups of users. After you have set up these authentication servers, you can assign any of them, including the basic RADIUS server, to any profile, whether in the basic profile group or in an advanced profile group. To set up a RADIUS authentication group: 1.
ProSafe 20-AP Wireless Controller WC7520 Manage Guest Network Access Users with management (admin) credentials—for example, receptionists or hotel clerks—can provision guests. Guests need to provide their email address, or both their email address and a password. These latter guests are referred to as captive portal users, for which you need to set up a captive portal and captive portal user credentials.
ProSafe 20-AP Wireless Controller WC7520 - WISPr-Session-Terminate-Time - Session-Timeout If you change the values for any of these variables before the wireless client disassociates from the access point, the new values are not updated on the wireless controller. • A managed access point can send accounting information to the external RADIUS server because the wireless controller functions as a proxy RADIUS client for the managed access point.
ProSafe 20-AP Wireless Controller WC7520 2. Configure the settings as described in the following table. Table 29. Portal settings Setting Description Portal Settings section Portal Type Select one of the following radio buttons: • Guest. A guest portal with a field for entering an email address. Guests do not need to provide a password and can have unlimited access to the network. You do not need to configure guest accounts. • Captive.
ProSafe 20-AP Wireless Controller WC7520 - Read-only. These users have access to the wireless controller’s web management interface but can access only the Monitor main navigation tab and the Help main navigation tab. These users cannot change the configuration of the wireless controller. - Guest provisioning. These users can configure only captive portals users, that is, they can access only the User Management configuration menu tab under the Maintenance main navigation tab.
ProSafe 20-AP Wireless Controller WC7520 • WiFi Clients. The WiFi Client screen displays: Figure 61. • Captive Portal Account. The Captive Portal Account screen displays: Figure 62. • Captive Portal Users. The Captive Portal Users screen displays: Figure 63.
ProSafe 20-AP Wireless Controller WC7520 3. Click Add to add a new user or account. A pop-up window displays. The pop-up windows are shown in the following table. 4. Configure the users or account settings as described in the following table. Table 30. User and account settings Setting Description Management User Name Enter a unique user name. Only alphanumerical characters and underscore characters (_) are supported.
ProSafe 20-AP Wireless Controller WC7520 Table 30. User and account settings (continued) Setting Description WiFi Clients User Name Enter a unique user name. Only alphanumerical characters and underscore characters (_) are supported. Password Enter a password in the Password field, and confirm the password in the Confirm Password field. Authentication From the drop-down list, select one of the following protocols: Type • EAP. Extensible Authentication Protocol. • PEAP. Protected EAP.
ProSafe 20-AP Wireless Controller WC7520 Table 30. User and account settings (continued) Setting Description Captive Portal Users Note: This selection is disabled if the portal setting is a guest portal instead of a captive portal. User Name Enter a unique user name. Only alphanumerical characters and underscore characters (_) are supported. Password Enter a password in the Password field, and confirm the password in the Confirm Password field.
ProSafe 20-AP Wireless Controller WC7520 To edit or remove a user or an account: 1. Click a tab (Management, WiFi Clients, Captive Portal Account, or Captive Portal Users). 2. Select a radio button that corresponds to a user or an account. 3. Click one of the following buttons: • Edit. Opens a pop-up window that lets you change the user settings as described in the previous table. You cannot change the user name and user type or the account name. • Remove. Removes the user from the user table.
9.
ProSafe 20-AP Wireless Controller WC7520 Figure 64. The Backup/Restore screen lets you: • Back up and save a copy of the current settings • Restore saved settings from the backed-up file To back up the configuration file: 1. On the Backup/Restore Settings screen (see the previous figure), click the Backup button to save a copy of your current settings. A dialog box displays, showing the file name of the backup file. The backup file has the following format: backup.tar.gz. 2.
ProSafe 20-AP Wireless Controller WC7520 Upgrade the Configuration File The wireless controller provides two methods for upgrading its firmware: • Scheduled, automatic update • Manual update There are two boot partitions to allow you to switch the wireless controller from one firmware version to another. To upgrade the firmware: 1. Go to the NETGEAR support page for the WC7520 wireless controller at http://kb.netgear.com/app/products/model/a_id/13060 or to a TFTP or FTP server. 2.
ProSafe 20-AP Wireless Controller WC7520 4. Configure the settings as explained in the following table: Table 31. Firmware upgrade settings Setting Description TFTP, FTP, or Local File Select one of the following radio buttons to specify from which location the upgrade should occur. The screen adjusts to display the fields that are required for each upgrade location. • TFTP. Upgrade from a TFTP server. The Server IP and File Name server parameters fields display. • FTP. Upgrade from an FTP server.
ProSafe 20-AP Wireless Controller WC7520 WARNING! During a firmware upgrade, do not try to go online, turn off the wireless controller, shut down the computer, or do anything else to the wireless controller until the wireless controller finishes rebooting! When the LED light turns off, wait a few more seconds before you do anything. 6.
ProSafe 20-AP Wireless Controller WC7520 Figure 66. To reboot the wireless controller: 1. Select the Reboot radio button. 2. Click Apply to save your settings. The wireless controller reboots. The reboot process is complete after several minutes when the Test LED on the front panel goes off. To reset the wireless controller: 1. Select the Reset radio button. 2. Select one of the following radio buttons to specify a hard reset or soft reset: - Hard.
ProSafe 20-AP Wireless Controller WC7520 Reboot Access Points Under normal circumstances, there is no reason to reboot an access point. If there is a problem with an access point, you can reboot it to see if this resolves the problem. To reboot an access point: 1. Select Maintenance > Reboot/Reset > Access Points. The Reboot Access Points screen displays: Figure 67. 2.
ProSafe 20-AP Wireless Controller WC7520 Figure 68. 2. Attach the external storage device to the USB port on the front panel of the wireless controller. 3. Click Mount. The storage details become visible on the Extended Storage screen. Before you remove the external storage device from the USB port, click Unmount. Manage Remote Access Enable SNMP to allow SNMP network management software, such as HP OpenView, to monitor the wireless controller by using SNMPv1 or SNMPv2c protocol.
ProSafe 20-AP Wireless Controller WC7520 Figure 69. 2. Enable SNMP and configure the settings as explained in the following table: Table 32. SNMP settings Setting Description SNMP Select this check box to enable SNMP for the wireless controller. Read-Only Community Name Enter the community string that allows the SNMP manager to read the wireless controller’s MIB objects. The default setting is public.
ProSafe 20-AP Wireless Controller WC7520 Specify Session Time-Outs If an HTTP session times out, the user is redirected to the login window for password verification. To specify the length of the HTTP session time-out for the wireless controller: 1. Select Maintenance > Remote Management > Session Timeout. The Session Timeout screen displays: Figure 70. 2. In the Timeout (minutes) field, specify number of minutes before an active HTTP login session expires. 3. Click Apply to save your settings.
ProSafe 20-AP Wireless Controller WC7520 Figure 71. 2. Select an access point from the drop-down list. 3. Click Save, and follow the directions of you browser to save the logs to the selected access point. The name of the zipped log file is ap_logs.tgz. To save system logs: 1. Select Maintenance > Logs & Alerts > Save Logs > System Logs. The System Logs screen displays: Figure 72. 2. Click Save, and follow the directions of you browser to save the logs to your computer.
ProSafe 20-AP Wireless Controller WC7520 • Rate Limit. Rate-limit events such as the violation of a rate-limit threshold. • Redundancy. Redundancy events such as the redundant wireless controller coming up or going down, or a failover to another wireless controller. • Stacking. Stacking events such as a secondary wireless controller (slave) coming up or going down, or the synchronization between two wireless controllers.
ProSafe 20-AP Wireless Controller WC7520 Figure 74. To view load-balancing events: Select Maintenance > Logs & Alerts > Load Balancing. The Load Balancing screen displays: Figure 75. To view rate-limit events: Select Maintenance > Logs & Alerts > Rate Limit.
ProSafe 20-AP Wireless Controller WC7520 Figure 76. To view redundancy events: Select Maintenance > Logs & Alerts > Redundancy. The Redundancy screen displays: Figure 77. To view stacking events: Select Maintenance > Logs & Alerts > Stacking. The Stacking screen displays: Figure 78.
ProSafe 20-AP Wireless Controller WC7520 Manage Licenses The License screen allows you to import, register, and view the licenses that you require for your network. For more information about licenses, see Licenses on page 18. The License screen consists of four separate screens: • Inventory screen. Provides an overview of your licenses. • Server Settings screen. Allows you to configure the server settings to import your licenses. • Registration screen. Allows to register your licenses.
ProSafe 20-AP Wireless Controller WC7520 Table 33. License inventory settings (continued) Setting Description Nmode License Status Availability of the 802.11n mode license. (This license is available by default, indicated by either Pre-installed or Available.) Used License Count Number of access points used from the total number that is supported by your licenses. Available License Count Number of access points still available from the total number that is supported by your licenses.
ProSafe 20-AP Wireless Controller WC7520 2. Configure the settings as explained in the following table: Table 34. License server settings Setting Description Update From Select one of the following radio buttons to specify the license update server: • Default Update Server. The default license update server is used. • Specify Update Server. You need to specify the license update server. Fill in the Server Address field.
ProSafe 20-AP Wireless Controller WC7520 Figure 81. 3. Complete the Customer Information fields with the customer information that is associated with the key that you want to add and register. These fields are self-explanatory. 4. Complete the VAR Information fields with the value-added reseller (VAR) information that is associated with the key that you want to add and register. These fields are self-explanatory. 5.
ProSafe 20-AP Wireless Controller WC7520 Retrieve Your Licenses If NETGEAR exchanged your wireless controller for another one, your licenses no longer display on the Inventory and Registration screens. You need to retrieve your licences from the license update server. To retrieve licenses after you have received a replacement unit from NETGEAR: 1. Make sure that the wireless controller is connected to the Internet. 2. Select Maintenance > License, and then click the Advanced tab.
10. Managing Stacking and Redundancy 10 This chapter includes the following sections: • Manage Stacking • Manage Redundancy Manage Stacking The wireless controller supports stacking of up to three units for management of up to 150 access points through purchased licensing (see Licenses on page 18). One wireless controller functions as the primary controller (also known as the master), and the other two wireless controllers function as secondary controllers (also known as slaves).
ProSafe 20-AP Wireless Controller WC7520 controller. When stacking is enabled, the primary controller synchronizes the administrative user name and password and the firmware image with the secondary controllers. The master controller can push all configuration changes to the individual access points through the secondary controllers. For ease of management, you can configure location-based profiles on the master controller and assign a location to each secondary controller.
ProSafe 20-AP Wireless Controller WC7520 Figure 83. The Stacking table shows all wireless controllers in the stack, with their IP address and role (Master or Slave). 2. Click Add to add a wireless controller to the stack. The Add Settings pop-up window displays: Figure 84. 3. Configure the settings as explained in the following table: Table 35. Stacking settings Setting Description Controller IP Enter the IP address of the controller.
ProSafe 20-AP Wireless Controller WC7520 Table 36. Stacking table fields Setting Description Role The role or function that the wireless controller has in the stack: either Master or Slave. Controller The IP address of the wireless controller. Local IP The local IP address of the wireless controller in a redundancy group.
ProSafe 20-AP Wireless Controller WC7520 Figure 86. Manage Redundancy The wireless controller supports N:1 redundancy with failover. Redundancy is implemented through the use of the Virtual Router Redundancy Protocol (VRRP). Single Controller with Redundancy You can configure two controllers to form a redundancy group. You then designate one controller in the redundancy group as the primary controller and the other wireless controller as the redundant controller.
ProSafe 20-AP Wireless Controller WC7520 Requirements and Restrictions for a Single Controller with Redundancy These are the requirements and restrictions for a single controller with redundancy to function correctly: • The primary controller and redundant controller need to be in the same management VLAN and IP subnet.
ProSafe 20-AP Wireless Controller WC7520 Figure 88. The following figure shows a configuration with a primary controller and a redundant controller after a failover has occurred: Figure 89. N:1 Redundancy With N:1 redundancy, you can add one redundant controller for up to three controllers, that is, a redundancy group can consist of four controllers, one of which is a redundant controller.
ProSafe 20-AP Wireless Controller WC7520 has a redundancy relationship with a primary controller. You need a unique VRRP ID for each relationship. Each controller in the redundancy group has a unique controller IP address and a unique local IP address. Local addresses remain constant so a controller can always be identified before and after a failover. If the primary controller fails or is disconnected from the network, an automatic failover to the redundant controller occurs.
ProSafe 20-AP Wireless Controller WC7520 • When a failover occurs and the redundant controller takes over for a primary controller, redundancy is no longer available for the other primary controllers in the redundancy group. • When you upgrade from a firmware release before release 2.2 to release 2.2, you need to reconfigure redundancy.
ProSafe 20-AP Wireless Controller WC7520 Figure 91. The following figure shows an N:1 configuration with three primary controllers and one redundant controller after a failover has occurred: Figure 92.
ProSafe 20-AP Wireless Controller WC7520 Configure Redundancy To enable redundancy, configure the redundancy settings on both the primary and redundant controllers. If you configure redundancy with two controllers, there is a single primary controller; if you configure N:1 redundancy, there are two or three primary controllers. To configure redundancy: 1. Select Stacking > Stacking/Redundancy. The Stacking/Redundancy screen displays (see Figure 83 on page 156). 2. Select the Enable Redundancy check box.
ProSafe 20-AP Wireless Controller WC7520 5. Configure the VRRP IDs and local IP addresses of the controllers in the stack so they can become part of the redundancy group. The settings, including the nonconfigurable fields, are explained in the following table: Table 38. Redundancy settings Setting Description Controller Role This is a nonconfigurable field that shows if the primary controller functions as a master or slave controller in the stack for which you are configuring redundancy.
ProSafe 20-AP Wireless Controller WC7520 To modify the redundant controller after you have configured redundancy: 1. Click Replace. The Replacing Controller Information pop-up window displays. Note: The Replace button displays onscreen only after a redundancy configuration has become active. The button is shown on Figure 91 on page 163. 2. Modify the settings as explained in Table 37 on page 164. 3. Click Apply.
11. Monitoring the Wireless Network and Components 11 This chapter includes the following sections: • Monitor the Network • Monitor the Wireless Controller • Monitor the SSIDs • Monitor the Clients The monitoring screens display read-only status information of the network and its various components. Most screens have a Refresh button; clicking this button displays the most recent information.
ProSafe 20-AP Wireless Controller WC7520 To monitor the network: 1. Select Monitor > Network. 2. Select one of the following submenu links to display a network monitoring screen: • Summary. See View the Network Summary Screen • Usage. See View Network Usage • Controller. See View Wireless Controllers in the Network • Access Points. See View Managed Access Points in the Network • Clients. See View Clients in the Network • Profiles.
ProSafe 20-AP Wireless Controller WC7520 Table 39. Network summary information (continued) Item Description Local Device IP The local IP address of a primary controller in a redundancy group. This IP address remains assigned to the primary controller and is not transferred to the secondary controller if a failover occurs. This allows the primary controller to be identified before and after a failover. Controller Status The state of the wireless controller (Up or Down).
ProSafe 20-AP Wireless Controller WC7520 Table 39. Network summary information (continued) Item Description Rogue Access Points section Rogue AP current The total number of unique rogue and unmanaged neighboring access points that are detected now in the network. Rogue AP count 24hrs The total number of unique rogue and unmanaged neighboring access points that were detected over the last 24 hours in the network. View Network Usage Figure 95.
ProSafe 20-AP Wireless Controller WC7520 View Wireless Controllers in the Network Figure 96. The Network Controllers screen lets you monitor the stacking configuration of the wireless controllers in the network. The following table explains the fields of the Controllers table on the Network Controllers screen: Table 40. Network controllers information Item Description Controller IP The IP address of the wireless controller.
ProSafe 20-AP Wireless Controller WC7520 View Managed Access Points in the Network Because the Network Access Point screen is a wide screen, it is shown in the following two figures: Figure 97. Left side of the Network Access Point screen Figure 98. Right side of the Network Access Point screen The Network Access Point screen lets you monitor all managed access points in the network. To view additional access points, click Next; to return to the previous access points, click Previous.
ProSafe 20-AP Wireless Controller WC7520 Table 41. Network access point information (continued) Item Description Status The status of the access point (Healthy or Down). MAC The MAC address of the access point. IP The IP address of the access point. Model The model of the access point (WNAP210, WNAP320, WNDAP350, or WNDAP360). Remote Shows the site designation (Local or Remote) of the access point. Sentry Shows whether or not (Yes or No) sentry mode is enabled.
ProSafe 20-AP Wireless Controller WC7520 Figure 99. Figure 100.
ProSafe 20-AP Wireless Controller WC7520 The following table explains the fields of the AP Details window: Table 42. Network access point details information Item Description AP Info section This information is self-explanatory. Profile Info section For each security profile that is configured on the selected access point, the following information displays: Type The type of profile (802.11b/bg/ng or 802.11a/na). SSID The wireless network SSID for the security profile.
ProSafe 20-AP Wireless Controller WC7520 View Clients in the Network Figure 101. The Network Clients screen lets you monitor all clients that are connected to the network. To view additional clients, click Next; to return to the previous clients, click Previous. The following table explains the fields of the Clients table on the Network Clients screen: Table 43. Network clients information Item Description Select The radio button that lets you select the client.
ProSafe 20-AP Wireless Controller WC7520 To export the list of clients, click Export. To see details about a client, select its corresponding radio button in the Select column of the Client table, and then click the Details button to display the Client Details pop-up window: Figure 102. To close the Client Details window, click Cancel. The following table explains the fields of the Client Details window: Table 44.
ProSafe 20-AP Wireless Controller WC7520 Table 44. Network client details information (continued) Item Description Cipher The type of encryption that the wireless client is using (WEP, AES, TKIP, or TKIP + AES). AID The association ID of the client. RSSI The received signal strength indicator (RSSI) of the wireless client. Tx Power The transmit power of the wireless client. Tx Rate The transmit rate in Mbps of the wireless client.
ProSafe 20-AP Wireless Controller WC7520 The following table explains the fields of the Profiles table on the Network Profiles screen: Table 45. Network security profiles information Item Description SSID The wireless network SSID for the security profile. Security The security mode (Open, WEP, WPA, WPA2, or WPA/WPA2) for the security profile. Radio Mode The wireless mode for the security profile (802.11b/bg/ng or 802.11a/na). Status The status of the security profile (Active or Inactive).
ProSafe 20-AP Wireless Controller WC7520 View the Wireless Controller Summary Screen Figure 104. The following table explains the fields of the Network Status, Wireless Clients, Rogue Access Points, Network Info, and Redundancy Status tables on the Controller Summary screen: Table 46.
ProSafe 20-AP Wireless Controller WC7520 Table 46. Controller summary information (continued) Item Description WPA The number of wireless clients that are connected to managed access points using security profiles configured with WPA. WPA2 The number of wireless clients that are connected to managed access points using security profiles configured with WPA2.
ProSafe 20-AP Wireless Controller WC7520 View Wireless Controller Usage Figure 105. The Controller Usage screen displays a graphic of the average rate of data traffic that was received and transmitted over the last 24 hours by all access points that are managed by the wireless controller and by the rogue access points that were detected by the wireless controller. Select the type of usage you want to display by clicking one of the following tabs: • 2.4 GHz Band Usage. Displays combined 802.11b-, 802.
ProSafe 20-AP Wireless Controller WC7520 Figure 106. Left side of the Controller Access Point screen Figure 107. Right side of the Controller Access Point screen The Controller Access Point screen lets you monitor all access points that are managed by the wireless controller. To view additional access points, click Next; to return to the previous access points, click Previous.
ProSafe 20-AP Wireless Controller WC7520 View Clients Managed by the Wireless Controller Figure 108. The Controller Clients screen lets you monitor all clients that are connected to access points that are managed by the wireless controller. To view additional clients, click Next; to return to the previous clients, click Previous. Because this screen is almost identical to the Network Clients screen, see Table 43 on page 176 for information about the fields.
ProSafe 20-AP Wireless Controller WC7520 The Controller Neighboring Clients screen lets you monitor clients that are attached to known or rogue access points and that were detected by the wireless controller. To view additional neighboring clients, click Next; to return to the previous neighboring clients, click Previous. The following table explains the fields of the Neighboring Clients table on the Controller Neighboring Clients screen: Table 47.
ProSafe 20-AP Wireless Controller WC7520 The Controller Rogue AP screen lets you monitor all rogue access points that were detected by the wireless controller. To view additional rogue access points, click Next; to return to the previous rogue access points, click Previous. The following table explains the fields of the Rogue AP table on the Controller Rogue AP screen: Table 48.
ProSafe 20-AP Wireless Controller WC7520 View Security Profiles Managed by the Wireless Controller Figure 111. The Controller Profiles screen lets you monitor all security profiles on the access points that are managed by the wireless controller. To view additional profiles, click Next; to return to the previous profiles, click Previous. Because this screen is almost identical to the Network Profiles screen, see Table 45 on page 179 for information about the fields.
ProSafe 20-AP Wireless Controller WC7520 View DHCP Leases Provided by the Wireless Controller Figure 112. The DHCP Leases screen displays the current DHCP clients that have been allocated IP addresses by the DHCP server on the wireless controller. To view additional DHCP leases, click Next; to return to the previous DHCP leases, click Previous. The following table explains the fields of the DHCP Leases table on the Controller DHCP Leases screen: Table 49.
ProSafe 20-AP Wireless Controller WC7520 To view the guest list: Click the Guest List tab. The associated Guest List screen displays: Figure 113. The Guest List table shows the IP addresses and email addresses of the logged-in guests. To view additional guests, click Next; to return to the previous guests, click Previous. To clear all user information from the screen, click Clear All. To export the list of captive portal guests, click Export.
ProSafe 20-AP Wireless Controller WC7520 The following table explains the fields of the User List table: Table 50. Captive portal user information Item Description User Name The login name of the user. Account Name The account name, if any, that is associated with the user. User IP The IP address of the user. User MAC The MAC address of the device with which the user is logged in. Login Time The time that the user has logged in. Expiry Time The time when the login access will expire.
ProSafe 20-AP Wireless Controller WC7520 Because this table is almost identical to the Access Point table on the Network Access Point screen, see Table 41 on page 172 for information about the fields. To export the list of access points, click Export. To see details about an access point, select its corresponding radio button in the Select column of the Access Point table, and then click the Details button to display the AP Details pop-up window.
ProSafe 20-AP Wireless Controller WC7520 To export the list of clients, click Export. To see details about a client, select its corresponding radio button in the Select column of the Client table, and then click the Details button to display the Client Details pop-up window. Because this screen is identical to the Client Details pop-up window that you can access from the Network Clients screen, see Table 44 on page 177 for information about the fields.
ProSafe 20-AP Wireless Controller WC7520 To see the location of the blacklisted client on a floor map, select the client’s radio button (in the Select column), and then click the Locate button. To export the list of blacklisted clients, click Export.
12.
ProSafe 20-AP Wireless Controller WC7520 If the error persists, you have a hardware problem and should contact NETGEAR technical support. Test LED Never Turns Off When the wireless controller is powered on, the Test LED turns on for approximately 2 minutes and then turns off when the wireless controller has completed its initialization. If the Test LED remains on, there is a fault within the wireless controller.
ProSafe 20-AP Wireless Controller WC7520 Note: If your PC’s IP address is shown as 169.254.x.x: Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server. These autogenerated addresses are in the range of 169.254.x.x. If your IP address is in this range, check the connection from the PC to the wireless controller and reboot your PC.
ProSafe 20-AP Wireless Controller WC7520 Troubleshoot a TCP/IP Network Using the Ping Utility Most TCP/IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. You can easily troubleshooting a TCP/IP network by using the ping utility in your computer.
ProSafe 20-AP Wireless Controller WC7520 Use the Factory Default Button to Restore Default Settings If you can access the wireless controller, you can use the Reboot/Reset Controllers screen (select Maintenance > Backup/Restore) to perform a soft or hard reset (see Reboot or Reset the Wireless Controller on page 139). If you can no longer access the wireless controller, press the Factory Default button on the rear panel (see Rear Panel Features on page 13) to restore the factory default settings.
ProSafe 20-AP Wireless Controller WC7520 • Make sure that you have entered the correct IP range if the access points function in different VLANs, are behind an IP subnet, or are already installed and working in standalone mode (see Access Point Discovery and Discovery Guidelines on page 51). • Verify that access points that are already installed and working in standalone mode have SSH and SNMP enabled (which is the default setting). • Make sure that UDP port number 7890 is unblocked in the firewall.
ProSafe 20-AP Wireless Controller WC7520 Server on page 67). When a DHCP server becomes available, the access point can transition from the Connecting state to the Connected state. Network Performance and Rogue Access Point Detection When rogue access point detection is enabled, access points intermittently go off channel for short periods, which can affect network performance.
ProSafe 20-AP Wireless Controller WC7520 3. From the Access Point drop-down list, select the access point to be pinged. After you have made your selection, the IP address of the access point displays in the IP Address field. 4. Click Start. The results are shown in the Ping Result field. To trace a route to an access point: 1. Select Diagnostics > Trace Route. The Trace Route screen displays (see the following figure). 2.
A. Factory Default Settings and Technical Specifications A You can restore the wireless controller to its factory default settings on the Reboot/Reset Controllers screen (see Reboot or Reset the Wireless Controller on page 139) or by using the Factory Defaults button on the rear panel (see Use the Factory Default Button to Restore Default Settings on page 198). The wireless controller will return to the factory configuration settings shown in the following table: Table 52.
ProSafe 20-AP Wireless Controller WC7520 Table 53. Technical and physical specifications (continued) Feature Default Setting Operating temperatures and humidity 0° to 45° C (32° to 113° F) 90% maximum relative humidity Storage temperatures and humidity –20° to 70° C (–4° to 58° F) 95% maximum relative humidity Major regulatory compliance FCC Class A, CE, WEEE, RoHS Note: For more information, see the ProSafe 20-AP Wireless Controller WC7520 data sheet at http://support.netgear.
ProSafe 20-AP Wireless Controller WC7520 Table 54. Password requirements (continued) Web management interface path Advanced Profile: User type or data encryption Shared Key 64-bit WEP Restrictions Section in this manual Allowed characters Length Hexadecimal 10 fixed 1. Configuration > Profile > Advanced > Radio. 128-bit WEP Hexadecimal 26 fixed 2. Select a group. 152-bit WEP Hexadecimal 32 fixed TKIP Alphanumerics and Up to 63 special characters, excluding quotes 3. Click Edit.
B. Notification of Compliance N ETGE A R Wire d P ro d uct s B Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
ProSafe 20-AP Wireless Controller WC7520 Operation is subject to the following two conditions: • This device may not cause harmful interference, and • This device must accept any interference received, including interference that may cause undesired operation. FCC Radio Frequency Interference Warnings & Instructions This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
ProSafe 20-AP Wireless Controller WC7520 GPL License Agreement GPL may be included in this product; to view the GPL license agreement go to ftp://downloads.netgear.com/files/GPLnotice.pdf. For GNU General Public License (GPL) related information, please visit http://support.netgear.com/app/answers/detail/a_id/2649.
Index Numerics viewing on the wireless controller 186 sentry mode 61 standalone mode 54, 62 supported models 15 tracing a route 201 troubleshooting 198 TX power, controlling automatically 103 manually 96, 98 viewing in the network 172 on the wireless controller 183 security profiles 175 statistics 175 VLAN settings 61 access, remote 142 accounts, captive portal 128 active SSIDs, viewing 191 active voice calls, preventing channel allocation 101 Advanced Encryption Standard (AES) 82 advanced settings, descri
ProSafe 20-AP Wireless Controller WC7520 B D background QoS queue 105 backing up the configuration 135 basic access point group 23 basic service set identifier (BSSID) 113 basic settings, description 22, 74 beacon interval 95 best effort QoS queue 105 blacklisted clients, viewing 192 bottom label 14 broadcasting SSID 78 BSSID (basic service set identifier) 113 buildings, planning 44 data encryption configuring 79 supported methods 29 data rate 94 data sheet 203 date, troubleshooting 198 default access p
ProSafe 20-AP Wireless Controller WC7520 LAN ports 12 Layer 2 and 3 networks, autodiscovery 55 LDAP server 82, 122–124, 128 LEDs front panel 12 troubleshooting 194 licenses number and types required 18 redundancy group 159, 161 registering and managing 149–152 viewing 149 load balancing 107 load balancing logs, viewing 147 local access points 51, 57–59 local buildings 42 location, placement 25 lock, Kensington 14 logs downloading 144 saving 144 fragmentation length 95 frequency band 46 FTP server, firmwar
ProSafe 20-AP Wireless Controller WC7520 P resetting Factory Default button 13 passwords 198 wireless controller 139 restoring the configuration 135 RF logs, viewing 146 management 101 obstructions 27 RIFS (reduced interframe space) transmission 95 rogue access points detecting, managing, and mitigating 113 viewing in the network 170 on the managed access point 175 on the wireless controller 181, 186 RSSI (received signal strength indication) 47, 108 RTS threshold 95 package contents 11 partition, memory
ProSafe 20-AP Wireless Controller WC7520 U subnet masks access point 61 DHCP server 69 wireless controller 66 support, NETGEAR 18 syslog server 71 system alerts, viewing 146 system logs, saving 144 untagged VLANs 67 upgrading firmware 137 USB port 12 users, managing 128 V VAR information, licenses 152 video QoS queue 105 Virtual Router Redundancy Protocol (VRRP) 158, 165 VLANs 66 client 29, 32 DHCP server 68 management 28, 32 security profiles 79 settings, access points 61 untagged 67 voice QoS queue 10
ProSafe 20-AP Wireless Controller WC7520 WMM (Wi-Fi multimedia) 105 WNAP210, WNAP320, WNDAP350, and WNDAP360 15 WPA and WPA2 authentication 82–84 WPA passphrase requirements 203 213
