Manualshelf

Reference Manual

ManualsBrandsNetgear ManualsNetworkingWC7520
111112113114115116117118119120
Configuring Network Access and Security
113
ProSafe 20-AP Wireless Controller WC7520
Basic security settings. You can apply the following security settings to any profile,
whether in the basic profile group or in an advanced profile group:
- Basic MAC aut
hentication (the MAC ACL group that is called basic)
- Basic authen
tication server (the RADIUS server that is called basic-Auth or the LDAP
server that is called basic-LDAP)
Adv
anced security settings. You can apply the following security settings to any profile,
whether in the basic profile group or in an advanced profile group:
- Advanced MAC a
uthentication (the MAC ACLs that are, by default, called, Acl-1,
Acl-2, Acl-3, and so on; you can change these default names)
- Advanced au
thentication server (the RADIUS servers that are, by default, called
Auth-1, Auth-2, Auth-3, and so on; you can change these default names)
Globa
l security settings. The following security settings apply to all profiles, whether in
the basic profile group or in any of the advanced profile groups:
- Basic rogue
AP detection
- Advanced rog
ue AP detection
Manage Rogue Access Points
Rogue access point detection is disabled by default on the wireless controller. If you want to
detect rogue access points, you need to enable rogue access point detection and specify
how aggressively access points should scan for rogue access points. Scanning affects the
service availability of the access point. If rogue access point detection is set up as
aggressive, the access point scans often, at which time it is unavailable for clients to
associate to it.
An access point is defined as rogue if:
The a
ccess point’s radio basic service set identifier (BSSID) is observed by any of the
managed access points.
The a
ccess point is seen transmitting on the Ethernet side on the same Layer 2 as the
managed access points.
At lea
st one client is connected to the access point.
Any unmanaged access point not meeting all these co
nditions is classified as a neighbor.
The access points transmit broadcast frames on the Ethernet during the time access point
ra
dios are off-channel (and scanning).
Note: For the triangulation of the rogue access points to work, ensure that
the access points are positioned correctly in the floor plan. See
View
and Manage Heat Maps for Deployed Plans on page 48.