Home » Netgear Manuals » Wireless » Netgear WC7520-Wireless » Manual Viewer

Netgear WC7520-Wireless Reference Manual - Page 113

Manage Rogue Access Points, Basic security settings

View all Netgear WC7520-Wireless manuals

Add to My Manuals
Save this manual to your list of manuals

Page 113 highlights

ProSafe 20-AP Wireless Controller WC7520 • Basic security settings. You can apply the following security settings to any profile, whether in the basic profile group or in an advanced profile group: - Basic MAC authentication (the MAC ACL group that is called basic) - Basic authentication server (the RADIUS server that is called basic-Auth or the LDAP server that is called basic-LDAP) • Advanced security settings. You can apply the following security settings to any profile, whether in the basic profile group or in an advanced profile group: - Advanced MAC authentication (the MAC ACLs that are, by default, called, Acl-1, Acl-2, Acl-3, and so on; you can change these default names) - Advanced authentication server (the RADIUS servers that are, by default, called Auth-1, Auth-2, Auth-3, and so on; you can change these default names) • Global security settings. The following security settings apply to all profiles, whether in the basic profile group or in any of the advanced profile groups: - Basic rogue AP detection - Advanced rogue AP detection Manage Rogue Access Points Rogue access point detection is disabled by default on the wireless controller. If you want to detect rogue access points, you need to enable rogue access point detection and specify how aggressively access points should scan for rogue access points. Scanning affects the service availability of the access point. If rogue access point detection is set up as aggressive, the access point scans often, at which time it is unavailable for clients to associate to it. An access point is defined as rogue if: • The access point's radio basic service set identifier (BSSID) is observed by any of the managed access points. • The access point is seen transmitting on the Ethernet side on the same Layer 2 as the managed access points. • At least one client is connected to the access point. Any unmanaged access point not meeting all these conditions is classified as a neighbor. The access points transmit broadcast frames on the Ethernet during the time access point radios are off-channel (and scanning). Note: For the triangulation of the rogue access points to work, ensure that the access points are positioned correctly in the floor plan. See View and Manage Heat Maps for Deployed Plans on page 48. Configuring Network Access and Security 113

Section	Page
ProSafe 20-AP Wireless Controller WC7520	1
Table of Contents	4
1. Introduction and Overview	9
Key Features and Capabilities	9
Package Contents	11
Hardware Features	12
Front Panel Ports and LEDs	12
Rear Panel Features	13
Bottom Panel with Product Label	14
WC7520 Wireless Controller System Components	14
NETGEAR ProSafe Access Points	15
What Can You Do with the WC7520 Wireless Controller?	16
Licenses	18
Maintenance and Support	18
Web Management Interface Layout	19
Initial Connection and Configuration	20
Basic and Advanced Settings	22
Profile Groups	23
Choose a Location for the Wireless Controller	25
Deploy the Wireless Controller	26
2. System Planning and Deployment Scenarios	27
System Planning	27
Preinstallation Planning	27
Before You Configure a Wireless Controller	28
Single Controller Configuration with Basic Profile Group	30
Single Controller Configuration with Advanced Profile Groups	31
Stacked Controller Configuration	32
Management VLAN and Data VLAN Strategies	32
Deployment Scenarios	34
Scenario Example 1: Basic Network with Single VLAN	34
Scenario Example 2: Advanced Network with VLANs and SSIDs	35
Scenario Example 3: Advanced Network with Redundancy	38
3. RF Planning	41
RF Planning Overview	41
Planning Requirements	41
Define and Edit Buildings and Floors	42
Specify Access Point Requirements	45
View and Manage Heat Maps for Deployed Plans	48
4. Access Point Discovery and Management	51
Access Point Discovery and Discovery Guidelines	51
Requirements for Autodiscovery of Local Access Points	51
Requirements for Autodiscovery of Remote Access Points	52
Run the Discovery Wizard	54
Discovery Results	56
Manage the Access Point List	57
Add Access Points to the Managed List after Discovery	57
Edit and Remove Access Point Information	59
5. Configuring Network Settings	63
Configure General Settings	63
Time Management	64
Configure IP and VLAN Settings	65
Management VLANs	66
Untagged VLANs	67
Manage the DHCP Server	67
Manage Certificates	70
Configure Syslog and Alarm Notification Settings	71
Configure Syslog Settings	71
Configure Alarm Notification Settings	72
Configure the Email Notification Server	72
6. Managing Security Profiles and Profile Groups	74
Manage Wireless Security Profiles	74
Small WLAN Networks	75
Larger WLAN Networks	75
Profile Naming Conventions	76
Considerations Before You Configure Profiles	76
Configure Security Profiles for the Basic Profile Group	77
Edit and Remove Profiles from the Basic Profile Group	80
Network Authentication and Data Encryption Options	81
Configure Security Profiles for Advanced Profile Groups	84
Edit and Remove Profiles from an Advanced Profile Group	87
Remove an Advanced Profile Group	87
Manage Basic and Advanced Profile Groups in the WLAN	87
7. Configuring Wireless and QoS Settings	90
About Basic and Advanced Wireless and QoS Configurations	90
Configure the Radio	91
Basic Radio Configuration	91
Advanced Radio Configuration for Profile Groups	92
Configure Wireless Settings	93
Basic Wireless Configuration	93
Advanced Wireless Configuration for Profile Groups	96
Configure Channels	99
Specify RF Management	101
Basic RF Management	102
Advanced RF Management for Profile Groups	104
Configure QoS for Profile Groups	105
Configure Load Balancing	107
Configure Rate Limiting	109
Basic Rate Limiting	109
Advanced Rate Limiting for Profile Groups	110
8. Configuring Network Access and Security	112
About Basic and Advanced Security Configurations	112
Manage Rogue Access Points	113
Configure Basic Rogue Detection Settings	114
Configure Advanced Rogue Detection Settings	116
Manage MAC Authentication and MAC Authentication Groups	117
Guidelines for External MAC Authentication	118
Configure Basic Local MAC Authentication Settings	118
Configure Local MAC Authentication Groups	120
Manage Authentication Servers and Authentication Server Groups	122
Configure Basic Authentication Server Settings	123
Configure RADIUS Authentication Server Groups	125
Manage Guest Network Access	126
Configure Captive Portal Settings	126
Manage Users, Accounts, and Passwords	128
9. Maintaining the Controller	135
Manage the Configuration File	135
Back Up and Restore the Configuration File	135
Upgrade the Configuration File	137
Reboot or Reset the Wireless Controller	139
Reboot Access Points	141
Manage External Storage	141
Manage Remote Access	142
Specify Session Time-Outs	144
View Alerts and Events and Save the Logs	144
Save the Logs	144
View Alerts and Events	145
Manage Licenses	149
View Your Licenses	149
Configure the License Server Settings	150
Register Your Licenses	151
Retrieve Your Licenses	153
10. Managing Stacking and Redundancy	154
Manage Stacking	154
Configure Stacking	155
Controller Selection List	157
Manage Redundancy	158
Single Controller with Redundancy	158
N:1 Redundancy	160
Configure Redundancy	164
11. Monitoring the Wireless Network and Components	167
Monitor the Network	167
View the Network Summary Screen	168
View Network Usage	170
View Wireless Controllers in the Network	171
View Managed Access Points in the Network	172
View Clients in the Network	176
View Security Profiles in the Network	178
Monitor the Wireless Controller	179
View the Wireless Controller Summary Screen	180
View Wireless Controller Usage	182
View Access Points Managed by the Wireless Controller	182
View Clients Managed by the Wireless Controller	184
View Neighboring Clients Detected by the Wireless Controller	184
View Rogue Access Points Detected by the Wireless Controller	185
View Security Profiles Managed by the Wireless Controller	187
View DHCP Leases Provided by the Wireless Controller	188
View Captive Portal Guests and Users Managed by the Wireless Controller	188
Monitor the SSIDs	190
Monitor the Clients	191
View Local Clients	191
View Blacklisted Clients	192
12. Troubleshooting	194
Troubleshoot Basic Functioning	194
Power LED Not On	194
Test LED Never Turns Off	195
LAN Port LEDs Not On	195
Troubleshoot the Web Management Interface	195
Ethernet Cabling	195
IP Address Configuration	195
Internet Browser	196
Troubleshoot a TCP/IP Network Using the Ping Utility	197
Test the LAN Path to Your Wireless Controller	197
Use the Factory Default Button to Restore Default Settings	198
Problems with Date and Time	198
Problems with Access Points	198
Discovery Problems	198
Connection Problems	199
Network Performance and Rogue Access Point Detection	200
Use the Diagnostic Tools on the Wireless Controller	200
A. Factory Default Settings and Technical Specifications	202
B. Notification of Compliance	205

Match case Limit results 1 per page

Configuring Network Access and Security

113

ProSafe 20-AP Wireless Controller WC7520

•

Basic security settings

. You can apply the following security settings to

any

profile,

whether in the basic profile group or in an advanced profile group:

Basic MAC authentication (the MAC ACL group that is called basic)

Basic authentication server (the RADIUS server that is called basic-Auth or the LDAP

server that is called basic-LDAP)

•

Advanced security settings

. You can apply the following security settings to

any

profile,

whether in the basic profile group or in an advanced profile group:

Advanced MAC authentication (the MAC ACLs that are, by default, called, Acl-1,

Acl-2, Acl-3, and so on; you can change these default names)

Advanced authentication server (the RADIUS servers that are, by default, called

Auth-1, Auth-2, Auth-3, and so on; you can change these default names)

•

Global security settings

. The following security settings apply to all profiles, whether in

the basic profile group or in any of the advanced profile groups:

Basic rogue AP detection

Advanced rogue AP detection

Manage Rogue Access Points

Rogue access point detection is disabled by default on the wireless controller. If you want to

detect rogue access points, you need to enable rogue access point detection and specify

how aggressively access points should scan for rogue access points. Scanning affects the

service availability of the access point. If rogue access point detection is set up as

aggressive, the access point scans often, at which time it is unavailable for clients to

associate to it.

An access point is defined as rogue if:

•

The access point’s radio basic service set identifier (BSSID) is observed by any of the

managed access points.

•

The access point is seen transmitting on the Ethernet side on the same Layer 2 as the

managed access points.

•

At least one client is connected to the access point.

Any unmanaged access point not meeting all these conditions is classified as a neighbor.

The access points transmit broadcast frames on the Ethernet during the time access point

radios are off-channel (and scanning).

Note:

For the triangulation of the rogue access points to work, ensure that

the access points are positioned correctly in the floor plan. See

View

and Manage Heat Maps for Deployed Plans

on page 48.