Embed Size (px)
Citation preview
I nuovi AP Professionali
WAC720 & WAC730
1
Formazione Online
Andrea RossiSenior System Engineer
Introducing
High performance Business Grade Dual Band 802.11ac Wireless Access Point for Small and Medium Enterprise
with aggregated throughput up to 1.7 Gbps
WAC730 - 450 Mbps for 2.4 GHz and 1.3 Gbps 802.11ac for 5 GHz
WAC720 - 300 Mbps for 2.4 GHz and 867 Mbps 802.11ac for 5 GHz
Designed for;
• Small and Medium enterprises
• K-12 schools requiring gigabit throughput for multimedia applications
• Hospitalities requiring high capacity and superior wireless performance
• Manufacturing and retail stores requiring complete wireless coverage
WAC720 is WC7600/WC9500 and Business Central Wireless Cloud Manager ready.
WAC730 3x3 and WAC720 2x2 Dual Band
802.11ac Access Points
WAC730 WAC720
(Q1 2016)
1750 MbpsWAC730
802.11ac40% Smaller
1167 MbpsWAC720
197 mm
197 mm
200 clients per radio, maximum 400 clients for 2.4G+5G radios
A smaller form-factor and about twice the speed than our previous models.
NOTE:
Clients are automatically steered-up to the 5Ghz band.
Previous models
Optional power supply is available to be purchased separately.(12 VDC, 1.5A)
PAV12V-100NAS (for North America)
PAV12V-100AUS (for Australia)
PAV12V-100EUS (for Europe, except UK)
PAV12V-100UKS (for UK)
PAV12V-100PRS (for China)
The intended main power source is PoE 802.3af (<13W.)
Kensington lock (theft prevention)
Console access.
WAC730 3 antenna takeoffs
External (2.4/5GHz) antenna takeoffs
WAC720 2 antenna takeoffs
Some new features that were not supported before?
11ac Support
+ WAC720 supports 2x2 on 802.11AC
+ WAC730 supports 3x3 on 802.11AC
+ Beam forming is enabled on both 2.4Ghz and 5 Ghz radios
+ Bandsteering : Effectively utilizes 5-GHz by steering dual-band clients from 2.4-GHz to 5-GHz band
Bonjour
+ Bonjour is a software feature that allows the wireless access point and its services to be discovered via mDNS, the component advertises to the network and responds to queries for service type that are supported.
+ When a new Bonjour-enabled AP is attached to the network, any bonjour client (network management system) can discover and access any of the service available on the AP
Some new features that were not supported before?
Captive Portal
+ The Standalone AP captive portal feature is supported
+ Verification can be configured to allow access for both guest and authenticated users.
+ Authenticated users must be validated against a database of authorized Captive Portal users before access is granted. Supports both IPV4 and IPv6
Some new features that were not supported before?
Ensemble, Ensemble firmware upgrade
+ Ensemble mode provides a centralized ensemble firmware upgrade feature that allow all the APs in the cluster to be updated from the dominant AP. The upgrade can be performed only from dominant AP.
+ The dominant AP downloads the firmware from an external filter using TFTP mechanism, and stores it locally on the flash of the dominant AP.
Some new features that were not supported before?
Load Balancing
+ The AP allow associations of authenticated clients while the wireless network utilization is below configured threshold. Once the threshold is reached, no new associations are allowed.
+ The AP starts load balancing when the configured network utilization threshold is exceeded. Clients are denied associations once this occurs, Load balancing continues until the network utilization drops below the configured threshold.
Some new features that were not supported before?
Existing features that are missing?
+ IDS / IPS
+ IPv4 DHCP server
+ IPv6 DHCP server
+ Client Isolation
+ Hotspot
+ Wireless mode – 11b
Captive Portal
Captive Portal
Profile Settings
User Configuration
Web Customization
Upload Logo
Web Customization ApplyCancel
Configuration Monitoring Maintenance Support
ApplyCancel
Captive Portal Web Locale
Captive Portal Web Locale Parameters
We have introduced captive portal into the AP.
Until now this feature was reserved for
“Controllers” or the “Cloud Wireless Manager.”
Initially you must select “Create” to design your
captive portal.
Create
System IP Security Wireless Bridge Ensemble Captive Portal
Captive Portal
Profile Settings
User Configuration
Web Customization
Upload Logo
Web Customization ApplyCancel
Configuration Monitoring Maintenance Support
ApplyCancel
Captive Portal Web Locale
Captive Portal Web Locale Parameters
Create
Web Locale Name
Captive Portal Instances
NETGEAR
NETGEAR-1
OMHRA
Give the “locale” (portal) a name and choose an
instance.
This instance will later be –selected- when you
set it up on the “wireless security /profile
settings”
There are two instances that can be used when
employing Captive portal
System IP Security Wireless Bridge Ensemble Captive Portal
Captive Portal
Profile Settings
User Configuration
Web Customization
Upload Logo
Cancel
Configuration Monitoring Maintenance Support
ApplyCancel
Captive Portal Web Locale
Captive Portal Web Locale Parameters
OMHRA
Instance Name
Logo Image Name
NETGEAR
logo.jpg
Browser Title Captive Portal
Browser Content Welcome to the Wireless
Network.
Content To start using this service, enter
your credentials and click the
connect button.
Acceptance Use Policy Acceptance Use Policy
Welcome Title Congratulations!
Welcome Content You are authorized and
connected!
Delete Locale
This is the instance (of two) that is selected for
this Portal layout.
Not to exceed 5KB in size.
This will appear on the title bar of the browser.
This is the text that will appear on the body of
the page.
Pop box title, notifying you that your credentials
worked.
Instructions that will appear on the portal page.
If you want to enter into an agreement with the
portal users, enter your text here.
Deletes everything about this Locale
Enter the text you want the permitted user to see
once authentication has occurred.
You may edit the look of the portal in all the
usual ways.
When you are done click “Apply”
Web Customization
System IP Security Wireless Bridge Ensemble Captive Portal
Profile Settings
Advanced
Edit Security Profile ApplyCancel
Configuration Monitoring Maintenance Support
System IP Security Wireless Bridge Ensemble Captive Portal
Edit ApplyCancelBack
Profile Definition
Wireless Network Name (SSID)
Profile Name NETGEAR
NOPE
NoYesBroadcast Wireless Network Name (SSID)
Authentication Settings
Qos Policies
Captive Portal
Network Authentication
Data Encryption
********WPA Passphrase (Network Key)
NoYesShow Passphrase in Clear Text
WPA-PSK & WPA2-PSK
TKIP + AES
1VLAN ID
NONE NONE
0 0
Incoming OutgoingApply policy
Policy Details
Bandwidth Limit (bits per second)
NETGEARProfile Name
At the bottom of the familiar settings we can
find the Captive portal selector.
Choose the profile you want.
And click apply.
After associating to the SSID, upon attempting navigation,
you will be prompted for your user name.
Tiberious
Check the agreement and click “Connect.”
EnsembleAnd IP management
Management IP (MIP)
Centralized management of up to 10 Access Points without the
need of separate wireless controller.
Ch
am
be
r
StopStart
Basic
General
Time
Advanced
Ensemble General ApplyCancel
Configuration Monitoring Maintenance Support
System IP Wireless Bridge Security Ensemble Captive Portal
?
ApplyCancel
Ensemble Name
AP Name
Priority (0 – 255)
Ensemble Mode
default
ensemble1
0
Chamber
255
ensemble1
Chamber
255
Basic
Ensemble General
Management
Secured Ensemble
Advanced
172.31.99.8
AP #1 (Dominant AP)
“Ensemble” works by matching a unique identifier which
must be common to all of the access points that you
want sharing in the configuration.
In this case I will call this Ensemble group “Chamber”
The access points that get configured with the same
Ensemble identifier will commence an election process for
dominance, all things being equal a dominant AP will be
determined by the lowest MAC address.
However we have the option to make this AP the dominant
agent by entering a high priority value.
In a case where the “next-standing” dominant AP fails we
could give other access points “graded” values to assign an
order for assuming dominance over the group.
NOTE:
The dominant AP will distribute its configuration to all standing
members of the Ensemble.
In the event that the “Dominant” AP fails, this duty will go to the
next ranking priority member, as stipulated by its MAC address
in combination with the value entered in the priority field.
This value serves as a tie-breaker and pretty much guarantees
predictable priority ranking among the Ensemble members.
After entering a value click on “Start” and then “Apply.”
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
ensemble1
Ch
am
be
r
Basic
Ensemble General
Management
Secured Ensemble
Advanced
Configuration
Basic
Monitoring Maintenance Support
System IP Wireless Bridge Security Ensemble
Ensemble General
ApplyCancel
Management
Secured Ensemble
Captive Portal
Started
Ensemble General
IP Address to manage Ensemble (IPv4)
ApplyCancel
Ensemble Status
172.31.99.60
Advanced
172.31.99.8
AP #1 (Dominant AP)
One of the most convenient aspects of “Ensemble” is the fact that it is
possible to “address” the group (regardless of which AP is currently
dominant) by using a single additional IP address.
Simply assign an available IP address from the LAN on this field.
You only need to do this on the “dominant” AP.
Click on “Secure Ensemble.”
NOTE:
The AP’s own IP address will remain unchanged.
This AP will, in fact, respond to two different IP
addresses.
If you were to “arp –a” you will get two IP addresses
from this AP’s MAC address.
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
172.31.99.60
In the case where the standing dominant AP fails this “Ensemble-address 172.31.99.60” will be used by the “next-standing-dominant-AP.”
ensemble1
Ch
am
be
r
Secured Ensemble
Secure Mode
Passphrase (8-63 characters)
DisabledEnabled
Re-authentication Timeout (300-8600 secs)
Ensemble Status Started
Basic
Ensemble General
Management
Secured Ensemble
Advanced
Basic
Ensemble General
Management
Secured Ensemble
Advanced
Configuration Monitoring Maintenance Support
System IP Wireless Bridge Security Ensemble
ApplyCancel
Captive Portal
ApplyCancel
300
descartes
172.31.99.8
AP #1 (Dominant AP)
The configuration for the remaining APs consists only of the name of
the “Ensemble” and the “Secure Ensemble” Passphrase.
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
172.31.99.60
ensemble1
Ch
am
be
rC
ha
mb
er
StopStart
Basic
General
Time
Advanced
Ensemble General ApplyCancel
Configuration Monitoring Maintenance Support
System IP Wireless Bridge Security Ensemble Captive Portal
?
ApplyCancel
Ensemble Name
AP Name
Priority (0 – 255)
Ensemble Mode
default
ensemble2
0
Chamber
200
ensemble2
Chamber
200
Basic
Ensemble General
Management
Secured Ensemble
Advanced
172.31.99.9
AP #1 (Dominant AP)
We are joining this AP to our Ensemble-group
“Chamber.”
We gave our previous AP the highest possible priority value of 255 to make sure it is elected dominant by
the ensemble.
I want this AP to be the “next dominant” access point in this group. Which is to say that if “ensemble1” fails
“ensemble2” will take on the roll. I will give it the value of 200
After entering our value click on “Start” and then “Apply.”
We don’t need to go into management since we already have a dominant AP in the “Ensemble.”
We can go directly to “Secured Ensemble” to set our passphrase.
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
172.31.99.60
ensemble1 ensemble2
Ch
am
be
rC
ha
mb
er
Secured Ensemble
Secure Mode
Passphrase (8-63 characters)
DisabledEnabled
Re-authentication Timeout (300-8600 secs)
Ensemble Status Started
Basic
Ensemble General
Management
Secured Ensemble
Advanced
Configuration Monitoring Maintenance Support
System IP Wireless Bridge Security Ensemble
ApplyCancel
Captive Portal
ApplyCancel
default
300
descartes
Basic
Ensemble General
Management
Secured Ensemble
Advanced
172.31.99.9
Once the passphrase is set the AP will be able to interpret
the “Ensemble data” that our dominant AP is broadcasting
and will learn the name of the other members of the
ensemble…. Until then, the APs would be on separate
Ensembles.. Even if they had the same name.
AP #2 (non-dominant )
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
172.31.99.60
ensemble1 ensemble2
Ch
am
be
r
23
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
172.31.99.60
ensemble1 ensemble2 ensemble3 ensemble4
Ensemble Shared Data Data NOT shared
SSID IP local address
Wireless Security Access Point Names
Guest Access Settings Channel Information
NTP Settings Advanced Wireless Settings
Radio Settings VLAN
Network Security Settings Packet Capture
Quality of Service Settings
Access Lists
Username and Password
Shared DATA:
The APs will synchronize a great deal of data, but not all..
When you think about the fact that all the members of an Ensemble must be on the same layer 2 environment it makes sense why things like
VLANs are not shared.
The advanced wireless settings are such, that you want to configure that on a per AP basis anyway, like the beacons and RTS thresholds..
Configuration
Dashboard
Monitoring Maintenance Support
Ensemble Dashboard
System Dashboard Wireless Stations Rogue AP Logs Statistics Packet Capture Ensemble
Current Usage –Top Access Point
# Clients TrafficC
ha
mb
er
172.31.99.60
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
Ensemble “Chamber.”
172.31.99.60
ensemble1 ensemble2 ensemble3 ensemble4
33.3%
66.7% 92.5%
7.5%
Total Ensemble Members now : 2
Total clients in Ensemble now: 3
Ensemble info
Version 1.1.10.4
AP Uptime: 1 days, 4 hours, 15 minutes
Ensemble info
System name : ensemble 1IP:172.31.99.8
Usage of Last 24 Hours
Ensemble 1
Ensemble 2
The little Dot tells me that there
are 3 clients currently
connected.
You will land on the Dashboard of the Ensemble.
Here you can see the total number of member APs
and how many clients each AP has.
You can see who the dominant AP is etc.
Ch
am
be
r
Basic
Configuration Monitoring Maintenance Support
Channel Assignment
Advanced
ApplyCancel
Channel Assignment
Channel Assignment
System IP Wireless Bridge Security Ensemble Captive Portal
Auto Assign Channels
Ensemble Status
Settings
172.31.99.60
Started
IP Address
172.31.99.9
172.31.99.9
172.31.99.8
172.31.99.8
Radio
50:6A:03:80:5C:F0
50:6A:03:80:5C:F0
50:6A:03:80:34:B0
50:6A:03:80:34:B0
Band
11a-na-ac
11bgn
11a-na-ac
11bgn
Channel
100
1
36
6
Status
up
up
up
up
Proposed Channel Assignments
IP Address Radio Proposed Channel
StopStart Refresh
172.31.99.8 172.31.99.9 172.31.99.10 172.31.99.11
Ensemble “Chamber.”
172.31.99.60
ensemble1 ensemble2 ensemble3 ensemble4
While in Ensemble mode, every menu
will have an “Ensemble” link.
Let’s start with Configuration / Advanced
/ Ensemble and under “Channel
Assignment” we can see if the system
currently allocated channels and if it has
any proposals to change channels.
Configuration
Basic
Monitoring Maintenance Support
System IP Wireless Bridge Security Ensemble
Channel Assignment
Advanced
ApplyCancel
Channel Assignment
Channel Assignment
Captive Portal
Channel interference
ApplyCancel
Ensemble Status
Settings
172.31.99.60
Started
Channel Selection Interval (minutes)
75% 1 Day
Ensemble “Chamber.”
Related to the channel assignment
under the settings we can determine
how much interference is acceptable
before changing the channels.. we
can also determine how often these
changes can be made.
Simple and effective.
Ensemble assigns different radio channels to be used by the ensemble APs to reduce mutual interference or interference with neighboring AP’s outside of the group It maps APs
to a radio channel and measures any interference levels in the continuously.
If RF interference is detected, Ensemble automatically re-assigns some (or all) of the APs to new channels as per an efficiency algorithm.
The frequency of these channel re-assignments is user configurable with a default value of once a day.
Ensemble uses the signal strength and operating channel of any detected AP as a means to find the optimal channel to use with the goal to reduce the aggregate interference in
the wireless neighborhood.
The previous channel assignment is stored for use in case the interference reduction using the new algorithm is higher than a particular threshold. Channel re-assignment must
be evaluated between dynamic channel change and frequency of channel change.
Configuration
Access Point
Monitoring Maintenance Support
Wireless Stations
Wireless Neighborhood
172.31.99.60
System Dashboard Wireless Stations Rogue AP Logs Statistics Packet Capture Ensemble
Ensemble “Chamber.”
Under monitoring / Ensemble you can see the member APs and some of their operating parameters.
Access PointWireless Stations
AP Name MAC Address IP Address Ensemble Priority Master AP Firmware version Uptime Status
ensamble1 50:6A:03:80:34:AF 172.31.99.8 255 yes 1.1.10.4 1 100
ensamble2 50:6A:03:80:5C:EF 172.31.99.9 200 no 1.1.10.4 11 149
**NOTE: This table takes few minutes to get updated..
2.4 GHZ 5Ghz
1 days 1 hours 1 minute Connected
3 days 6 hours 1 minute Connected
Configuration
Access Point
Monitoring Maintenance Support
Wireless Stations
Wireless Stations
Wireless Neighborhood
172.31.99.60
System Dashboard Wireless Stations Rogue AP Logs Statistics Packet Capture Ensemble
AP Name Station MAC Station Idle Time Rate RSSI Tx Bytes RX Bytes Error Rate
ensamble1 AC:FD:CE:E5:B3:E8 0 196 78 9615652 9412365 0
ensamble2 30:3A:64:CF:CC:F9 0 326 67 654648 6546555 0
**NOTE: Maximum of 20 clients per radio of each AP will be displayed. To view all clients, please access individual AP.
Ensemble “Chamber.”
NOTE:
When accessing the Ensemble “Stations” page on the GUI, a maximum of 20 clients
are reported per radio. To see all the associated clients with a specific AP, access the
Client Associations web page of that AP directly.
