User Manual
Table Of Contents
- Wireless Controller
- Contents
- 1. Introduction
- 2. Hardware Descriptions
- 3. System Planning and Deployment Scenarios
- 4. RF Planning and Deployment
- Application, Browser, and Port Requirements for RF Planning
- RF Planning Overview
- Manage a Building and Floors for an RF Plan
- Add a Building and Floors
- Add a Single Floor to a Building
- Scale a Floor
- Add a WiFi Coverage or WiFi Noncoverage Zone to a Floor
- Remove a WiFi Coverage or Noncoverage Zone From a Floor
- Add a WiFi Building Obstacle to a Floor
- Remove a Building Obstacle From a Floor
- Add a WiFi Obstruction Area
- Remove a WiFi Obstruction Area
- Change the Name, Map, or Dimensions of a Floor
- Change the Name of a Building
- Duplicate an Entire Building With All Floors
- Duplicate a Single Floor
- Remove a Single Floor
- Remove an Entire Building With All Its Floors
- Use the WiFi Auto Planning Advisor to Generate an RF Plan for a Floor
- Manually Add and Manage Access Points on a Floor Map for an RF Plan
- Manually Add and Manage Antennas on a Floor Map for an RF Plan
- Display and Recalculate the WiFi Coverage for a Heat Map
- Display or Change the WiFi Inventory for an RF Plan
- Download a Report for an RF Plan
- View the Heat Map for a Deployed Floor Plan
- 5. Installation and Configuration Overview
- 6. Configure the System and Network Settings and Register the Licenses
- 7. Manage Security Profiles and Profile Groups
- WiFi Security Profile Concepts
- Manage Security Profiles for the Basic Profile Group
- Manage Security Profiles for Advanced Profile Groups
- Network Authentication and Data Encryption Options
- Manage Authentication Servers and Authentication Server Groups
- Manage MAC Authentication and MAC Authentication Groups
- Guidelines for External MAC Authentication
- Remove a Local MAC Authentication Group
- 8. Discover and Manage Access Points
- 9. Configure WiFi, Radio Frequency, and QoS Settings
- Basic and Advanced WiFi, Radio Frequency Management, and QoS Configuration Concepts
- Configure the Radio On/Off Settings
- Configure WiFi Settings
- Radio Frequency Management Concepts
- Configure Automatic Transmission Power
- Override Transmission Power for Individual Access Points
- Configure WLAN Healing
- Enable Band Steering
- Configure Automatic Channel Allocation
- Override the Channel and Frequency for an Access Point
- Manage AirQual for a Profile Group
- Manage Quality of Service for an Advanced Profile Group
- Manage Load Balancing
- Manage Rate Limiting
- Manage the LED Behavior
- 10. Manage Rogue Access Points, Guest Network Access, and Users
- Manage Rogue Access Points
- Manage Guest Network Access Through Guest Portals and Captive Portals
- Manage Users, Accounts, and Passwords
- User and Account Concepts
- Change the Password of the Default admin Account of the Wireless Controller
- Add a Management User
- Add a WiFi User
- Add a Captive Portal Account
- Add a Logo and Message on Captive Portal User Information
- Add a Captive Portal User
- Add Multiple Captive Portal Users Simultaneously
- Change the Settings for a User or Account
- Remove Users or Accounts
- Export a List of Users or Accounts
- 11. Maintain the Wireless Controller and Access Points
- Manage the Configuration File or Upgrade the Firmware
- Reboot the Wireless Controller
- Reset the Wireless Controller
- Manage Extended Storage
- Manage Remote Access
- Specify Session Time-Outs
- Save the Logs
- View Alerts and Events
- Manage Licenses
- Reboot Access Points
- Configure Multicast Firmware Upgrade for Access Points
- 12. Manage Stacking and Redundancy
- Stacking Concepts
- Configure a Stack of Wireless Controllers
- Remove a Wireless Controller From a Stack
- Select Which Wireless Controller in a Stack to Configure
- Manage Redundancy for a Single Controller
- Manage a Redundancy Group With N:1 Redundancy
- Replace a Redundant Controller
- Remove a Redundancy Group
- Upgrade Firmware in a Stacked Redundancy Group
- 13. Monitor the WiFi Network and Its Components
- Monitor the Network
- Monitor the Wireless Controller
- View the Wireless Controller Summary Page
- View Wireless Controller Usage
- View Access Points That the Wireless Controller Manages
- View Clients on Access Points That the Wireless Controller Manages
- View Neighboring Clients That the Wireless Controller Detects
- View Neighboring Access Points That the Wireless Controller Does Not Manage
- View Security Profiles That the Wireless Controller Manages
- View DHCP Leases That Are Provided by the Wireless Controller
- View Captive Portal Users on Access Points That the Wireless Controller Manages
- View the Guest Email Address Database for Access Points That the Wireless Controller Manages
- View AirQual for the Channels in a Profile Group
- Monitor the SSIDs on the Wireless Controller
- Monitor Local Clients in the Network
- 14. Troubleshooting and Diagnostics
- Troubleshoot Basic Functioning
- Troubleshoot the Web Management Interface
- Troubleshoot a TCP/IP Network Using the Ping Utility
- Use the Reset Button to Restore Default Settings
- Resolve Problems With Date and Time
- Resolve Network Problems
- Resolve Problems With Access Points
- Use the Diagnostic Tools on the Wireless Controller
- A. Controller-Managed Access Points
- Overview
- Change IP Address and VLAN Settings on a Controller-Managed Access Point
- Reenable the DHCP Client on a Controller-Managed Access Point
- Upgrade or Change Firmware on a Controller-Managed Access Point
- Save and View the Logs on a Controller-Managed Access Point
- Enable Link Aggregation on a WAC740 Access Point
- Change the Password on an Access Point
- Convert an Access Point From Controller-Managed to Standalone
- B. Factory Default Settings, Technical Specifications, and Passwords Requirements
- Index
Manage Security Profiles and Profile Groups
124
Wireless Controller
Note: You can configure profiles to function with different authentication
servers. For example, you could set up a guest profile with no
authentication, an engineering profile that uses external RADIUS
authentication, and a marketing profile that uses external LDAP
authentication. You can also use additional external RADIUS servers
in other profiles.
• Captive portals and guest portals. If you want to use captive portals, guest portals, or
both, first configure the portals:
- Configure the basic portal on the basic Portal Settings page (see Configure a Basic
Guest Portal or Captive Portal on page 233).
- For more complex networks, configure additional portals on the advanced Captive
Portal Settings page (see Configure an Advanced Guest Portal or Captive Portal on
page 238).
After you configure portals, you can then assign any portal to a security profile in a basic
profile group or advanced profile group.
• MAC authentication. If you want to use a MAC access control list (ACL) to control
access of WiFi clients, first create one or more MAC ACLs:
- Configure the basic MAC ACL on the basic MAC
Authentication page (see Configure
Basic Local MAC Authentication Settings on page 147).
- For more complex networks, configure additional MAC ACLs on the advanced MAC
Authentication page (see Configure a Local MAC
Authentication Group on page 150).
After you configure one or more MAC ACLs, you can then assign any MAC ACL to a
security profile in a basic profile group or advanced profile group.
• Cloning profiles. For faster setup, you can clone a profile and rename it. Cloning copies
all settings except for the name and SSID.
Basic and Advanced Security Configuration Concepts
The basic security configuration model (Configuration > Security > Basic) does not apply
strictly to the basic profile group, nor does the advanced security configuration model
(Configuration > Security > Advanced) apply strictly to advanced profile groups. The
reason is that you apply an authentication server and a MAC ACL to an individual profile and
not to a profile group.
• Basic security settings.
Y
ou can apply the following security settings to any profile,
whether in the basic profile group or in an advanced profile group:
- Basic MAC authentication (the MAC ACL group that is called basic)
- Basic authentication server (the RADIUS server that is called basic-Auth or the LDAP
server that is called basic-LDAP)