Netgear WC7520-Wireless Reference Manual - Page 113
Manage Rogue Access Points, Basic security settings
![]() |
View all Netgear WC7520-Wireless manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
ProSafe 20-AP Wireless Controller WC7520 • Basic security settings. You can apply the following security settings to any profile, whether in the basic profile group or in an advanced profile group: - Basic MAC authentication (the MAC ACL group that is called basic) - Basic authentication server (the RADIUS server that is called basic-Auth or the LDAP server that is called basic-LDAP) • Advanced security settings. You can apply the following security settings to any profile, whether in the basic profile group or in an advanced profile group: - Advanced MAC authentication (the MAC ACLs that are, by default, called, Acl-1, Acl-2, Acl-3, and so on; you can change these default names) - Advanced authentication server (the RADIUS servers that are, by default, called Auth-1, Auth-2, Auth-3, and so on; you can change these default names) • Global security settings. The following security settings apply to all profiles, whether in the basic profile group or in any of the advanced profile groups: - Basic rogue AP detection - Advanced rogue AP detection Manage Rogue Access Points Rogue access point detection is disabled by default on the wireless controller. If you want to detect rogue access points, you need to enable rogue access point detection and specify how aggressively access points should scan for rogue access points. Scanning affects the service availability of the access point. If rogue access point detection is set up as aggressive, the access point scans often, at which time it is unavailable for clients to associate to it. An access point is defined as rogue if: • The access point's radio basic service set identifier (BSSID) is observed by any of the managed access points. • The access point is seen transmitting on the Ethernet side on the same Layer 2 as the managed access points. • At least one client is connected to the access point. Any unmanaged access point not meeting all these conditions is classified as a neighbor. The access points transmit broadcast frames on the Ethernet during the time access point radios are off-channel (and scanning). Note: For the triangulation of the rogue access points to work, ensure that the access points are positioned correctly in the floor plan. See View and Manage Heat Maps for Deployed Plans on page 48. Configuring Network Access and Security 113
![](/manual_guide/products/netgear-wc7520wireless-reference-manual-6d3f321/113.png)