manualshive.com logo in svg

D-Link DWC-1000, User Manual

The D-Link DWC-1000 is a cutting-edge networking device, providing seamless connectivity and advanced features. Ensure a smooth experience with our comprehensive User Manual, available for free download on our website. Discover the product's full potential and optimize your network effortlessly with the assistance of our user-friendly manual.

Share
Download
background image

D-Link DWC-1000 User Manual

119

Section 4 - Advanced WLAN Configuration

3.  Complete the fields in the table below and click 

Save

.

Field

Description

SSID

Enter a name of your wireless network. Be sure SSID is the same for all device in your 

wireless network and is case-sensitive.

Captive Portal Type

Captive Portal type is selected per SSID basis. There are four types of access on a SSID:

•  Free: No authentication is required for users connected to this SSID if this option is 

selected.

•  SLA (Service Level Agreement): If this is selected, users connected to this SSID needs 

to accept Service Level Agreement before accessing anything outside this SSID.

•  Permanent User: When this option is selected users need to get authenticated before 

accessing data outside this SSID. Only permanent Captive Portal users can login from 

this SSID.

•  Temporary User: When this option is selected users need to get authenticated before 

accessing data outside this SSID. Only temporary Captive Portal users created by 

frontdesk user can login from this SSID.

•  Billing User:  When this option is selected users need to get authenticated before 

accessing  data  outside  this  SSID. The temporary Captive  Portal billing users created 

via online wireless service purchasing. The wireless service packages are defined in 

Login Profile.

Authentication Server

If Captive Portal Type = Permanent User, select the authentication server. 
All users that log in to the captive portal for this SSID are authenticated through the 

selected server. The available authentication servers are Local User Databass, Radius 

Server, LDAP Server, or POP3.

Authentication Type

If Captive Portal Type = Permanent User and Authentication Server = RADIUS server, 

select the authentication type: PAP, CHAP, MSCHAP, or MSCHAPV2.

Login Profile Name

If Captive Portal Type = Permanent User or Temporary User, select the Login Profile. 
Any of the available profiles can be used for this SSID.

Hide SSID

You can hide the SSID broadcast to discourage stations from automatically discovering 

your access point(s). When the broadcast SSID of the AP is hidden, the SSID name is not 

displayed in the list of available SSID on a client station. Instead, the client must have the 

exact SSID name configured in the supplicant before it is able to connect.
Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting 

to your network, but it will not prevent even the simplest of attempts by a hacker to 

connect or monitor unencrypted traffic.
ON = SSID is hidden
OFF = SSID is broadcasted

Summary of Contents for DWC-1000

Page 1: ...Wireless Controller User Manual DWC 1000 Version 4 00 BUSINESS WIRELESS SOLUTION ...

Page 2: ...ns and software is protected under international copyright laws with all rights reserved Neither this manual nor any of the material contained herein may be reproduced without written consent of the author Limitations of Liability UNDER NO CIRCUMSTANCES SHALL D LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER E G DAMAGES FOR LOSS OF PROFIT SOFTWARE RESTORATION WORK STOPPAGE LOSS OF SAV...

Page 3: ...rs or touching internal components Operate the product only from the type of external power source indicated on the electrical ratings label If you are not sure of the type of power source required consult your service provider or local power company Also be sure that attached devices are electrically rated to operate with the power available in your location Useonlyapprovedpowercable s Ifyouhaven...

Page 4: ...hassis You can also take the following steps to prevent damage from electrostatic discharge ESD 1 When unpacking a static sensitive component from its shipping carton do not remove the component from the antistatic packing material until you are ready to install the component in your system Just before unwrapping the antistatic packaging be sure to discharge static electricity from your body 2 Whe...

Page 5: ...r 21 Basic Configuration 22 Log in to the Web Management Interface 23 Web Management Interface Layout 25 Standard Web Management Interface Features 26 Basic Configuration Procedures 27 Step 1 Enable DHCP Server Optional 28 Step 2 Configure Country Code 29 Step 3 Select APs to be Managed 30 Step 4 Change the SSID and Set Up Security 32 Step 5 Select MAC Authentication Mode 37 Step 6 Confirm Access ...

Page 6: ...icy Class Definition 89 Distributed Tunnel 92 WLAN Visualization 93 Upload Images 93 Deleting Images 93 Launch 94 AP Discovery Methods 95 L2 VLAN Discovery 95 Configure L2 VLAN Discovery 96 L3 IP Discovery 97 Configure L3 IP Discovery 97 Managed APs 98 Add a Valid AP 98 Add a AP from Discovered AP List 100 Manual Change Channel and Power of Managed AP 101 Configure AP Debug Mode 102 Configure AP P...

Page 7: ...40 IPv6 LAN Settings 141 IPv6 Address Pools 143 IPv6 Router Advertisement 145 IPv6 Advertisement Prefixes 147 LAN DHCP Reserved IPs 149 IP MAC Binding 150 IGMP Setup 151 UPnP Setup 152 Configure Jumbo Frames 154 Internet IPv4 155 Option 1 Settings 155 Option 2 DMZ Settings 158 IPv6 Option 1 2 Settings 159 Option Mode 161 Single Option Port 161 Auto Rollover using Option Port 162 Load Balancing 163...

Page 8: ...eless Known Clients 190 Editing Deleting Clients 192 Group Management 193 Adding User Groups 193 Editing User Groups 195 Deleting User Groups 196 Configuring Login Policies 197 Configuring Browser Policies 198 Configuring IP Policies 199 User Management 200 Adding Users Manually 200 Importing Users 201 Editing Users 203 Deleting Users 204 Hotspot 205 Captive Portal Front Desk 206 Guest Account Usa...

Page 9: ...ng 231 Approved URLs 232 Blocked Keywords 233 Dynamic Filtering 234 Firewall 236 Firewall Rules 236 Schedules 238 Blocked Clients 240 Custom Services 241 ALGs 242 SMTP ALGs 243 Mail Filtering 244 VPN Passthrough 245 Dynamic Port Forwarding 246 Application Rules 246 Attack Checks 248 VPN 250 IPSec VPN 251 Policies 251 Tunnel Mode 255 Split DNS Names 256 DHCP Range 257 Certificates 258 Trusted Certi...

Page 10: ...istic and Utilization 285 Manage Dashboard 287 System Information 289 Viewing System Status 289 Viewing USB Status 290 Network Information 291 Viewing DHCP Clients 291 Viewing Captive Portal Sessions 292 Viewing Active Sessions 293 Viewing VPN Sessions 294 Viewing Traffic on Interfaces 295 IPv6 Tunnels Status 297 Wireless Information 298 Viewing Controller Status and Statistics 298 Controller Asso...

Page 11: ... 329 Viewing WDS Link Status 330 Viewing WDS Link Statistics 331 ACL DiffServ Status 332 IP ACL 332 IP ACL Rules 332 MAC ACL 333 MAC ACL Rules 333 DiffServ Class 334 DiffServ Policy 334 DiffServ Policy Attribute 335 Maintenance 336 Administration 337 System Setting 337 System Date and Time 337 Session Settings 338 USB Share Ports 338 Package Manager 340 Activating Licenses 342 Localization 343 Man...

Page 12: ...t ON 366 Web Management Interface 366 Unable to Save Configuration Changes 367 Unable to Access Internet 367 Using the Reset Button to Restore Default Settings 368 Problems with Date and Time 368 Discovery Problems with Access Points 368 Connection Problems 369 Ping to Test LAN Connectivity 369 Network Performance and Rogue Access Point Detection 370 Using Diagnostic Tools on the Wireless Controll...

Page 13: ...D Link DWC 1000 User Manual 13 Syslog Server Configuration 383 All Logs 384 Current Logs 384 Appendix A Basic Planning Worksheet 385 Appendix B Factory Default Settings 388 Appendix C Glossary 389 ...

Page 14: ...o 3 AP licenses By default DWC 1000 can manage up to 6 AP s You increase the number by 6 upon each AP license 3 WCF License is a powerful dynamic web filtering function that can be used in many places It is ideal for companies that want to ensure that employees aren t wasting time online schools that want to prevent their students from viewing questionable online material or libraries and small bu...

Page 15: ...e area of a facility such as a general work area and a different profile for access points in another area of the facility for example in the Human Resources department A shopping mall may need several configuration profiles if several businesses share a WLAN but each business has its own network Large networks that need different policies per building or department could have access points config...

Page 16: ...tocols Centralized Management and Configuration Auto discovery of access points in L2 and L3 domains Single point of management for the entire wireless network Simplified profile based configuration DHCP server for dynamic IP address provisioning Configurable management VLAN Real time monitoring of access points and associated client stations Systemalarmsandstatisticsreportsonmanagedaccesspointsfo...

Page 17: ...bles attached to it Have a working AC power outlet that is not controlled by a wall switch that can accidentally remove power to the outlet Package Contents Each wireless controller package contains the following items One D Link DWC 1000 Wireless Controller One power adapter One RJ 45 to DB 9 console cable One 3 foot Ethernet Category 5 UTP straight through cable One Reference CD ROM containing p...

Page 18: ...ters switches and network storage NAS devices Each port has an Activity LED left and Link LED right 4 Option Ports 1 2 Two Gigabit Ethernet ports labeled Option let you connect the wireless controller to a backbone requires DWC 1000 VPN LIC License Pack upgrade Each port has an Activity LED left and Link LED right 5 Console Port The RJ 45 console cable lets you connect a PC to access the wireless ...

Page 19: ...vity test to determine maximum throughput achievable on the client After the site survey is complete use the collected data to set up an RF plan using the Basic Planning Worksheet in Appendix A After you complete the Basic PlanningWorksheet select a location for the wireless controller The ideal location should Be flat and clean with no dust water moisture or exposure to direct sunlight or vibrati...

Page 20: ... wireless controller can be mounted in a standard 19 inch equipment rack 1 Attach the mounting brackets to each side of the chassis and secure them with the supplied screws 2 Use the screws provided with the equipment rack to mount the wireless controller into the rack ...

Page 21: ...ect one of the wireless controller ports labeled LAN 1 4 to the network or directly to a PC 4 If you purchased aVPN Firewall Router License Pack use the Option1 and Option2 ports on the front of the wireless controller as follows Option1 WAN port for connecting to a cable or DSL modem Option2 WAN or DMZ port for dualWAN connections or internal server farm purposes If used as a DMZ port the port s ...

Page 22: ...ibed in this section which includes Log in to the Web Management Interface on page 23 Web Management Interface Layout on page 25 Standard Web Management Interface Features on page 26 Basic Configuration Procedures on page 27 Using the information in this chapter you can perform the basic information and get your wireless controller up and running in a short period of time ...

Page 23: ...n JavaScript Upgrade the firmware for your wireless controller see section Upgrading Firmware Upgrade the firmware for your access points after you upgrade the wireless controller firmware refer to the documentation for your access points To log in to the web management interface 1 Launch a web browser on the PC 2 In the address field of your web browser type the IP address for the wireless contro...

Page 24: ...interface opens with the System Status page This page displays general LAN andWLAN status information You can return to this page at any time by clicking Status Dashboard 5 To log out of the web management interface click Logout present at the top right corner of the page in the System Menu area ...

Page 25: ...ns Action buttons change the configuration or allow you to make changes to the configuration Common action buttons are Save Saves all configuration changes made on the current screen Saved settings are retained when the wireless controller is powered off or rebooted while unsaved configuration changes are lost Cancel Resets options on the current screen to the last applied or last saved settings A...

Page 26: ... the top right corner of the screen on the left of the System Search box Refresh allows you to refresh the interface in order for changes to take effect immediately Click on the refresh icon near the top right corner of the screen to the right of the Help icon Logout allows you to log out of the interface securely Click on the Logout icon at the top right corner of the screen Search bar on table T...

Page 27: ...28 Step 2 Configure Country Code on page 29 Step 3 Select APs to be Managed on page 30 Step 4 Change the SSID and Set Up Security on page 32 Step 5 Select MAC Authentication Mode on page 37 Step 6 Confirm Access Point Profile is Associated on page 39 Step 7 Configure Captive Portal Settings on page 40 Step 8 Use SSID with RADIUS Sever as Authenticator on page 48 Step 9 Configure Guest Management o...

Page 28: ... server Primary DNS Server If configured Domain Name System DNS servers are available on the LAN enter the IP address of the primary DNS server Secondary DNS Server If configured domain name system DNS servers are available on the LAN enter the IP address of the secondary DNS server WINS Server If Windows Internet Name Service DNS servers are available on the LAN enter the IP address of the WINS s...

Page 29: ...Code Each country has its regulation for the radio usage Use the following procedure to select the country where the wireless networks are 1 Click Wireless General The General Setting page will appear 2 At the bottom select the Current Country Code from the drop down menu and click Save ...

Page 30: ...he access points that the wireless controller will manage 1 Click Wireless Access Point Discovered AP List The Discovered AP List page will appear with a list of access points that the wireless controller has discovered 2 Under Discovered AP List right click on the access point you want the wireless controller to manage and select Manage 3 Complete the fields in the Manage AP page refer to the nex...

Page 31: ...used for wireless communication is displayed This is for reference only Expected WDS Mode If AP Mode Standalone the WDS Wireless Distributed System mode to be used if you intend to use WDS This is for reference only Expected Security Mode If AP Mode Standalone the security mode to be used is displayed This is for reference only Expected Wired Network Mode If AP Mode Standalone select whether wired...

Page 32: ...nfigured and applied in order to the access points on each radio In this procedure you will edit one of the pre configured networks and change its SSID and security settings to suit your requirements 1 Click Wireless Access Point AP Profile AP Profile SSID The following page will appear with a list of the wireless networks configured on the wireless controller 2 Under the SSID Status column select...

Page 33: ...ication type Choices are Open System any wireless station can request authentication The station that needs to authenticate with another wireless station sends an authentication management frame that contains the identity of the sending station The receiving station returns a frame that indicates whether it recognizes the sending station SharedKey eachwirelessstationisassumedtohavereceivedasecrets...

Page 34: ...ave a validTKIP key or AES CCMP key to associate with the access point Note 802 11n clients cannot use the TKIP cipher If you enable TKIP only 802 11 clients cannot authenticate with the network WPA KeyType Enter a WPA key type Range ASCII including upper and lower case alphabetic letters numeric digits and special symbols such as and WPA Key Enter the shared secret key for WPA Personal Range 8 62...

Page 35: ...Link DWC 1000 User Manual 35 Section 3 Basic Configuration 4 To add a new SSID go to Wireless Access Point SSID Profile and click the Add New SSID Profile button 5 Fill in the fields below and click Save ...

Page 36: ...he radio from SSID Name drop down menu or right click the SSID network you want to enable and click Enable on the AP Profile SSID List Note SSID ID 1 is always enabled If you do not want to have the first SSID enabled you must create a new SSID to be able to swap another SSID in the first slot 6 Click Wireless Access Point AP Profiles Click on the AP Profile SSID tab on the middle menu The Access ...

Page 37: ...troller provides two MAC Authentication Mode the white list or the black list White list SelectthisoptiontograntaccesstoanywirelessclientswithMACaddressesthatarespecified in the MAC Authentication database or RADIUS server and are not explicitly denied access If the MAC address is not in the database then the access will be denied to the client Black list Select this option to deny access to any w...

Page 38: ... Edit The following page will appear Select Local and click Save 4 Click Add New MAC Authentication Fill in the client s MAC address name and authentication action and then click Save 3 Click Security Authentication User Database MAC Authentication The MAC Authentication setting page will appear The List Type will display what your selection was in Step 2 ...

Page 39: ...te Each time you change configuration settings perform this procedure to apply the changes to the access point 1 Go to Wireless Access Point AP Profile 2 Under Access Point Profile List right click the AP profile you want to update and click Apply 3 Wait for 30 seconds and then click the refresh icon to verify that the profile is associated Your associated access point is configured and ready to a...

Page 40: ...reate a captive portal group a Go to Security Authentication User Database Groups The Groups List page will appear b Click Add New Group The Group Configuration page will appear c Complete the fields given in the table below and click Save Field Description Group Name Enter a name for the group Description Enter a description of the group Captive Portal User Enable toggle to ON this option under U...

Page 41: ...00 User Manual 41 Section 3 Basic Configuration 2 Add captive portal users a Go to Security Authentication User Database Users The Users List will appear b Click Add New User The User Configuration page will appear ...

Page 42: ...t name of the user This is useful when the authentication domain is an external server such as RADIUS Select Group Select the captive portal group to which this user will belong Edit Password This is the option for administrator to enable disable change Password link in Captive Portal page Password Enter a case sensitive password that the user must specify before gaining access to the Internet For...

Page 43: ...figuration 3 Associate the captive portal group to an SSID Profile a Click Wireless Access Point SSID Profiles b Under the SSID column right click the selected SSID that will use the Captive Portal function and click Edit The following page will appear ...

Page 44: ...er account Select Permanent User on Captive Portal Type and select Local User Database on Authentication Server d Select the customized login page from the Login Profile Name drop down menu e Click Save The captive portal is now associated to the selected SSID To test your configuration from a client connect to the captive portal SSID to log in to the captive portal Enter an IP address on the capt...

Page 45: ...5 Section 3 Basic Configuration b Under the Login Profiles List click Add New Login Profile to add a new profile or right click an existing profile and click Edit to edit the profile The Login Profile Configuration page will appear ...

Page 46: ... the background color of the page that will appear during the captive portal session from the drop down menu Custom Color If you choose Custom on Page Background Color enter the HTML color code Header Details Background Select whether the login page displayed during the captive portal session will show an image or color Choices are Image show image on the page Use the Header Background Color field...

Page 47: ... in to the captive portal session This field is optional Welcome Message Enter the welcome message that appears when users log in to the captive session successfully This field is optional Error Message Entertheerrormessagethatappearswhenusersfailtologintothecaptivesessionsuccessfully This field is optional Footer Details Change Footer Content Enables or disables changes to the footer content on t...

Page 48: ...tication server Authentication Port RADIUS authentication port number to send RADIUS messages Secret Enter the secret key that allows the device to log into the configured RADIUS server It must match the secret on RADIUS server Timeout Set the timeout in seconds The controller should wait for a response from the RADIUS server Retries The number of tries the controller will make to the RADIUS serve...

Page 49: ...k Add New Group The Group Configuration page will appear c Fill in the group name and description and select Front Desk as the User Type 2 Add front desk users a Go to Security Authentication User Database Users The Users List will appear b Click Add New User The User Configuration page will appear c Complete the fields and select the front desk group you created in the previous step on Selected G...

Page 50: ...ice for a period of time counting from first time logs in Below are five most common types of billing profiles I The temporary account usage time is limited by duration The account has the expiration time The account is valid while the account is created Account Creation the temporary account is generated by front desk account in the local database Account Activation the temporary account is activ...

Page 51: ...is billing profile is suitable for the scenario in Press Conference The organizer generates accounts before the event and deliver the account information to the participator in advance if necessary The temporary account would be only valid from specific date and time IV The temporary account has limited time usage The account doesn t have the expiration time until the usage is run out This billing...

Page 52: ...can stay login before his account expires Maximum UsageTraffic Maximum traffic that the user can use before his account expires Only inbound traffic shall be considered towards bandwidth usage Allow Front Desk to Modify Usage If you enable Maximum Usage Time or Maximum Usage Traffic checking this option enables the front desk user to modify usage limits Field Description Profile Details Profile Na...

Page 53: ...a Captive Portal Type from the drop down menu d Click Save Note Apply AP Profile from Wireless Access Point AP Profiles if the SSID have been associated with a used AP Profile to change the configuration 5 Generate guest accounts a Log in the Front Desk page by entering http ip_address frontdesk e g http 192 168 10 1 frontdesk Enter the username and password of the user you created in a Front Desk...

Page 54: ...r Only one user account can be created at a time e The Print button will provide a print out of the Billing Profile Configuration page 6 Monitor user account status a Monitor temporary account status and extend account usage duration or volume Click View Account for reviewing generated temporary status ...

Page 55: ...ick View Details to view more information 7 Extend user account usage a Select an account and right click Extend Session Manually change the usage time traffic Note Make sure that Allow Front Desk to Modify Usage is turned ON in the Captive Portal Billing Profile Configuration page b Click Save ...

Page 56: ...should be suitable for most users and most situations The wireless controller also provides advanced configuration settings for users who want to take advantage of the more advanced features of the wireless controller The following sections list the wireless controller s advanced settings Users who do not understand these features should not attempt to reconfigure their wireless controller unless ...

Page 57: ...nly used advanced wireless configuration settings WLAN General Settings on page 58 Channel Plan and Power Settings on page 61 WIDS on page 65 ACL on page 70 DiffServ on page 86 Distributed Tunnel on page 92 WLAN Visualization on page 93 AP Discovery Methods on page 95 Managed APs on page 98 AP Profiles on page 105 SSID Profiles on page 118 Wireless Distribution System WDS on page 122 Peer Group on...

Page 58: ...obal configuration settings for all managed APs and the wireless controller including WLAN Global Setup AP Validation and Country Configuration Path Wireless General To configure the WLAN general settings 1 Click Wireless General The WLAN General Settings page will appear 2 Complete the fields given in the table on the next page 3 Click Save ...

Page 59: ...e Detected Client Status list Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted Tunnel IP MTU Size Select the maximum size of an IP packet handled by the network The MTU is enforced only on tunneled VAPs When IP packets are tunneled between the APs and the wireless controller the packet size is increased by 20 byte...

Page 60: ... of each AP to the local Valid AP database RADIUS Configure the MAC address of each AP in an external RADIUS server Require Authentication Passphrase Select this option to require APs to be authenticated before they can associate with the controller If you select this option you must configure the passphrase on the AP while it is in standalone mode as well as in the Valid AP database To configure ...

Page 61: ...he operational channel on every AP it manages and changes the channel if the current channel is noisy Configure Channel Plan Path Wireless General Channel Algorithm To configure Channel Algorithm setting 1 Go to Wireless General Channel Algorithm Channel Setting page The Channel Setting page will appear 2 Each AP is dual band capable of operating in the 2 4GHz and 5GHz frequencies The 802 11a n an...

Page 62: ...tion and assignment occurs The channel plan calculation will occur once every 24 hours at the time you specify 6 Ignore Unmanaged APs This function indicates whether the controller should pay attention only to APs managed by the cluster or all detected APs when deciding the channel for the radio The setting is enabled by default 7 Channel Change Threshold Configure the detected neighbor signal str...

Page 63: ...gth equal or above the threshold The signal detected below the threshold is ignored 4 If you select Manual click on the Manual Power Adjustments tab Here you can apply and start the power algorithm on selected access points Configure Power Settings Path Wireless General Power Algorithm You can set the power of the AP radio frequency transmission in the AP profile the local database or in the RADIU...

Page 64: ...plete The power adjustment algorithm has finished running A table displays to indicate proposed power adjustments Each entry shows the AP along with the current and new power levels Apply In Progress The controller is adjusting the power levels that the APs use Apply Complete The algorithm and power adjustment are complete Manual Power Adjustments List AP MAC address Identifies the AP MAC address ...

Page 65: ...tion page are part of the global configuration on the controller and must be manually pushed to other controllers in order to synchronize that configuration Many of the tests are focused on identifying APs that are advertising managed SSIDs but are not in fact managed APs Detecting such an AP means that a network is either miss configured or that a hacker set up a honeypot AP in the attempt to col...

Page 66: ...f the radios in the profiles are configured not to send SSID field which is not recommended because it does not provide any real security and disables this test Fake Managed AP on an Invalid Channel This test detects rogue APs that transmit beacons from the source MAC address of one of the managed APs but on different channel from which the AP is supposed to be operating Managed SSID Detected with...

Page 67: ...tate to Rogue In order for the wireless system to detect this threat the wireless network must contain one or more radios that operate in sentry mode Rogue DetectedTrap Interval Specify the interval in seconds between transmissions of the SNMP trap telling the administrator that rogue APs are present in the RF Scan database If you set the value to 0 the trap is never sent Wired Network Detection I...

Page 68: ...ed to other controllers in order to synchronize that configuration Aspartofthegeneralassociationandauthenticationprocess wirelessclientssend802 11managementmessages to APs The WIDS feature tracks the following types of management messages that each detected client sends Probe Requests 802 11 Authentication Requests 802 11 De Authentication Requests In order to help determine whether a client is po...

Page 69: ...Authentication with Unknown AP Test must also be enabled in order for the mitigation to take place Select disable to allow clients in the Known Clients database to remain authenticated with an unknown AP Known Client Database Lookup Method When the controller detects a client on the network it performs a lookup in the Known Client database Specify whether the controller should use the local or RAD...

Page 70: ...ACL IP Access control Lists ACLs allow the network managers to define classification actions and rules for specific ports ACLsarecomposedofrulesthatconsistofthefiltersthatdeterminetrafficclassifications AnIPACLconsists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional ...

Page 71: ...reate Extended IP ACL from the IP ACL dropdown menu For a Standard IP ACL the acceptable ID values are 1 99 From an Extended IP ACL the acceptable ID values are 101 199 IP ACL Name This field appears if you select Create New Named IP ACL from IP ACL dropdown menu Specify an IP ACL Name string which includes only alphanumeric characters The name must start with an alphanumeric character This field ...

Page 72: ...r False from the options True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied Match Every is exclusive to the other filtering rules so if Match Every is True the other rules do not appear on the screen To configure specific Match Criteria for the rule remove the rule and re create it or reconfigure Match Every to False for the other match c...

Page 73: ...stinationL4Keyword SelectthedesiredL4keywordfromalistofdestination ports on which the rule can be based If you select a keyword other than Other the screen refreshes and the Destination L4 Port Number field disappears Destination L4 Port Number If the destination L4 keyword is Other enter a user defined Port ID by which the packets are matched to the rule The valid range is 0 to 65535 ServiceType ...

Page 74: ...on against the IP TOS field in a packet IP ACL Configuration Example Example To block ICMP traffic between the two wireless clients say STA1 Station 1 and STA2 Station 2 The topology for the above configuration is given below Follow the steps given below 1 Go to Wireless ACL IP ACL page and click Add New IP ACL 2 Select IP ACL as Create New Extended IP ACL from the drop down menu 3 Enter IP ACL ID...

Page 75: ...add an IP ACL Rule i e rule 1 to block the ICMP traffic from STA1 and STA2 6 Repeat step 5 to add another rule to block the ICMP traffic from STA2 to STA1 7 After configuring all the rules add one permit rule Adding a permit rule is mandatory to allow all other types of traffic to flow between the source and destination as in an AP there is an implicit deny all rule at the end of ACL ...

Page 76: ...ral page and enable AP Client QoS 9 Go to Wireless Access Point AP Profiles AP Profile SSID page right click any of the configured SSID and click Edit For the selected SSID enable the Client QoS and select the configured ACL for Client QoS Access Control Down and Client QoS Access Control Up ...

Page 77: ...oint AP Profiles page right click the AP Profile and click Apply to push the configuration to the AP 11 To test the configuration connect two wireless clients STA1 STA2 and try to ping the STA2 from STA1 and vice versa You will observe that the ACL will block the ICMP traffic between the two stations ...

Page 78: ... for a match Rules for the MAC ACL are specified created using the MAC ACL Rule Configuration menu To configure MAC ACL Go to Wireless ACL MAC ACL page Click Add New MAC ACL The MAC ACL Configuration page allows the user to define a MAC Based ACL MAC ACL Name Enter a name for the MAC ACL The name string may include alphabetic numeric dash underscore or space characters only The name must start wit...

Page 79: ...e last rule of every list The fields available on the configuration page depend on whether the rule action is permit or deny and whether you select Create Rule or an existing rule from the Rule field To configure MAC ACL Rule 1 Go to Wireless ACL MAC ACL Rules page 2 Click Add New Rule 3 Fill in the fields refer to the below table and click Save Field Description Rule ID This field is available on...

Page 80: ...r the source MAC address to match Use F s and zeros in the MAC mask which is in a wildcard format An F means that the bit is not checked and a zero in a bit position means that the data must equal the value given for that bit The valid format is xx xx xx xx xx xx Destination MAC Address RequiresanEthernetframe sdestinationportMACaddresstomatchtheaddresslisted here EnteraMACaddressintheappropriatef...

Page 81: ...e Example To block the traffic between the two wireless clients STA1 station 1 and STA2 station 2 using the MAC ACL The topology required for this configuration is as follows Follow the following steps 1 Go to Wireless ACL MAC ACL page and click Add New MAC ACL 2 Enter a MAC ACL Name and click Save ...

Page 82: ... 3 Follow the following path to open the MAC ACL Rules page Wireless ACL MAC ACL Rules 4 Select the MAC ACL name from the MAC ACL List drop down menu and click Add New Rule Rule 1 to block the traffic from STA1 to STA2 5 Add Rule 2 to block the traffic from STA2 to STA1 ...

Page 83: ... 6 After saving all the rules add one permit rule This is mandatory to allow all other types of traffic to flow between the source and destination as in an AP there is an implicit deny all rule at the end of ACL 7 Now go to Wireless General page and enable AP client QoS ...

Page 84: ...SID page right click any of the SSIDs say 1 dlink1 and click Edit 9 Enable the Client QoS option and select the configured MAC ACL for Client QoS Access Control Down and Client QoS Access Control Up 10 Go to Wireless Access Point AP Profiles page and to push the configuration to AP right click the AP Profile and click Apply ...

Page 85: ...on 4 Advanced WLAN Configuration 11 To test the MAC ACL configuration connect two wireless clients STA1 STA2 and try to ping HTTP STA2 from STA1 and vice versa You will observe that the ACL will block the traffic between the two stations ...

Page 86: ...essing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiple classes When the policy is active the actions taken depend on which class matches the packet Packet processing begins by testing the class match criteria for a packet A policy is applied to a packet w...

Page 87: ...ormation is needed IP DSCP Matches the packet s DSCP to the class criteria s when selected Select the DSCP type from the menu or enter a DSCP value to match If you select Other enter a custom value in the DSCP Value field that appears The valid range id 0 63 IP Precedence Matches the packet s IP Precedence value to the class criteria s Enter a value in the range of 0 7 IP TOS Matches the packet s ...

Page 88: ...lass list members select the policy name from the menu and click Rename Policy Name Enter a name to associate with the class es The name is case sensitive alphanumeric string from 1 31 characters uniquely identifying a policy To modify the name of the existing policy select it and click Rename enter a new name in the Policy Name field and then click Save PolicyType The available policy type is In ...

Page 89: ...The read only field shows the type of policy Member Class List Select the member class to associate with this policy name from the menu Right click any of the Policy Selectors and click Configure Attribute This opens a page of DiffServ Policy Class Definition Configuration To configure DiffServ Policy Class Definition Configuration fill in the fields refer to the table below Field Description Poli...

Page 90: ...ecified class The simple form of the police command uses a single data rate and burst size resulting in two outcomes conform and violate The conforming data rate is specified in kilobits per second Kbps and is an integer from 1 to 4294967295 The conforming burst size is specified in kilobytes KB and is an integer from 1 to 128 The Police Simple attribute configuration page has the following config...

Page 91: ...emforwardingelement Thisselectionrequires that the Mark CoS value field be set Mark IP DSCP These packets are marked by DiffServ with the specified DSCP value before being presented to the system forwarding element This selection requires that the DSCP value field be set Mark IP Precedence These packets are marked by DiffServ with the specified IP Precedence value before being presented to the sys...

Page 92: ... the tunnel into the wired network If a client roams to another AP in the same subnet then the tunnel is not created and the new AP becomes the Home AP for the client Path Wireless General Distributed Tunnels 1 Click Wireless General Distributed Tunnels 2 Configure the following settings Distributed Tunnel Clients Specify the maximum number of distributed tunneling clients that can roam away from ...

Page 93: ...ualization feature Images file formats that are recommended to upload should be in one of the following formats GIF Graphics Interchange Format JPG Joint Photographic Experts Group It is also recommended that you do not use color images since the WLAN components might not show up well Once user uploads an image file and save the running configuration the image remains on the controller and you can...

Page 94: ...ss General WLAN Deployment To launch the WLAN Visualization tool click Wireless General WLAN Deployment This opens a new browser window and starts the Java applet that allows the AP and WLAN controller network to be presented as a topology diagram with or without a custom background image ...

Page 95: ...lt VLAN 1 is enabled on the AP and VLAN 1 is enabled for discovery on the wireless controller If the wireless controller and AP are in the same Layer 2 multicast domain you might not need to take any action to enable AP discovery The wireless controller also uses L2 VLAN discovery to find peer controllers within the L2 multicast domain TheAPsprocessthediscoverymessageonlywhenitcomesinonthemanageme...

Page 96: ...N Configuration Configure L2 VLAN Discovery Path Wireless Access Point AP Poll List 1 Click Wireless Access Point AP Poll List VLAN Discovery tab 4 Click Save 2 Switch L2 VLAN Discovery to ON and click Save 3 Click Add NewVLAN to Poll Enter a VLAN number ...

Page 97: ...discovery method mechanism is useful for peer wireless controller discovery and AP discovery when the devices are in different IP subnets In fact for a wireless controller to recognize a peer that is not on the same subnet you must configure the IP addresses of each controller in the peer s L3 discovery list Configure L3 IP Discovery Path Wireless Access Point AP Poll List 1 Click Wireless Access ...

Page 98: ...atabase for AP Validation The Valid Access Point List page contains information about APs configured in the local database If the AP Validation is set to RADIUS information about the APs to be managed by the controller must be added to the external RADIUS database Add a Valid AP 1 Click Wireless Access Point Managed APs List Valid AP tab 2 Click Add NewValid AP 3 Complete the fields on the next pa...

Page 99: ...nnel to be used for wireless communication This is for reference only Expected WDS Mode If AP Mode Standalone the WDS Wireless Distributed System link is used to let APs communicate with each other without wires This is for reference only Expected Security Mode If AP Mode Standalone the security mode is to be used This is for reference only Expected Wired Network Mode If AP Mode Standalone select ...

Page 100: ...Configuration Add a AP from Discovered AP List Path Wireless Access Point Discovered AP List 1 Click Wireless Access Point Discovered AP List 2 Right click an AP and select Manage 3 Select an AP Mode and Profile refer to the previous page and then click Save ...

Page 101: ...lied to the AP such as when the AP disassociates and re associates with the controller 1 Click Wireless Access Point Managed APs List Managed APs tab 3 Select the channel as your desired The available channels depend on the radio mode and country in which the APs operate The manual channel change overrides the channel configured in the AP profile and is not retained when the AP reboots or when the...

Page 102: ...s List Managed APs When the AP is in Managed mode remote access to the AP is disabled However you can enableTelnet access by enabling the Debug feature on the Managed APs page 1 Click Wireless Access Point Managed APs List Managed APs tab 2 Right click on one of the entries and select Debug 3 Toggle Enable Debug to On 4 Click Save ...

Page 103: ...ation If a network is not enabled for mutual authentication the APs can be attached to the network by properly configuring the local Valid AP database or RADIUS AP database and discovery options The provisioning feature can optionally be used on networks not enabled for mutual authentication to simplify AP attachment to the cluster Use the AP Provisioning page to view detailed provisioning informa...

Page 104: ...oning configuration In Progress Provisioning is executing for this AP Invalid Switch IP Address Either primary or backup wireless controller IP address is not in the cluster or the mutual authentication mode is enabled and the primary wireless controller IP address is not specified Provisioning Rejected AP is not managed and is configured not to accept provisioning data in unmanaged mode Timed Out...

Page 105: ... APs based on location function or other criteria Profiles are like templates and once you create an AP profile you can apply that profile to any AP that the wireless controller manages For each AP profile you can configure the following features Profile Settings Name Hardware Type ID Wired Network Discovery VLAN ID Radio Settings SSID Settings QoS Configuration Path Wireless Access Point AP Profi...

Page 106: ... Dual Radio a b g n ac DWL 6700AP Dual Radio a b g n DWL 8710AP Dual Radio a b g n ac Wired network Discovery VLAN ID LAN ID that the controller uses to send tracer packets in order to detect APs connected to the wired network Configure AP Profile Radio 1 Radio Mode 802 11a n In a new AP Profile you can edit the radio 802 11a n from here You can also edit it from AP Profile Radio Configure AP Prof...

Page 107: ... the AP can support up to tworadios Bydefault Radio1operatesintheIEEE802 11a nmode andRadio2operatesintheIEEE802 11b g n mode The difference between these modes is the frequency in which they operate IEEE 802 11b g n operates in 2 4 GHz frequency and IEEE 802 11a n operates in 5 GHz frequency of the radio spectrum 1 Click Wireless Access Point AP Profiles AP Profile Radio tab 2 Right click the rad...

Page 108: ... the network recover from interference or collisions which might occur on a busy network or on a network experiencing electromagnetic interference Load Balancing If you enable load balancing you can control the amount of traffic that is allowed on the AP Load Utilization If Load Balancing is set to ON this field allows you to set a threshold for the percentage of network bandwidth utilization allo...

Page 109: ... 54 Mbps IEEE 802 11b g operates in the 2 4 GHz ISM band IEEE 802 11b is an enhancement of the initial 802 11 PHY to include 5 5 Mbps and 11 Mbps data rates It uses direct sequence spread spectrum DSSS or frequency hopping spread spectrum FHSS as well as complementary code keying CCK to provide the higher data rates It supports data rates ranging from 1 to 11 Mbps IEEE 802 11g is a higher speed ex...

Page 110: ...ent page and select Fixed or Interval for the Channel Plan mode You can also run the automatic channel selection algorithm manually from the Manual Channel Plan page Note If you assign a static channel to an AP in the Valid AP database or on the Advanced AP Management page the AP will not participate in the auto channel selection Automatic Power The power level affects how far an AP broadcasts its...

Page 111: ...d the AP blocks communication between wireless clients It still allows data traffic between its wireless clients and wired devices on the network but not among wireless clients This feature is disabled by default Channel Bandwidth The 802 11n specification allows the use of a 40 MHz wide channel in addition to the legacy 20 MHz channel available with other modes The 40 MHz channel enables higher d...

Page 112: ...easurement feature in the AP profile The feature is set independently for each radio and is enabled by default No Ack Select Enable to specify that the AP should not acknowledge frames with QosNoAck as the service class value Force Roaming Select Enable to detect and disconnect wireless clients based on the client RSSI If the client RSSI falls below the roaming threshold value the client will be d...

Page 113: ...d Service Set Identifier SSID You can configure and enable up to 16 VAPs per radio on each physical access point 1 Click Wireless Access Point AP Profiles AP Profiles SSID tab 2 Select the AP Profile from the drop down menu 3 Select the Radio Mode 4 Select the SSID name from the drop down menu 5 Enable disable the SSID by right clicking Enable or Disable Note SSID ID 1 is always enabled If you do ...

Page 114: ...t types of wireless traffic and effectively specifying minimum and maximum wait times through Contention Windows for transmission The settings described here apply to data transmission behavior on the access point only not to that of the client stations AP Enhanced Distributed Channel Access EDCA Parameters affect traffic flowing from the access point to the client station Station Enhanced Distrib...

Page 115: ...kground Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for example AIFS Inter Frame Space The Arbitration Inter Frame Spacing AIFS specifies a wait time for data frames The wait time is measured in slots Valid values for AIFS are 1 through 255 cwMin Minimum Contention Window This parameter is input to the al...

Page 116: ...rom the station to the access point With WMM disabled you can still set some parameters on the downstream traffic flowing from the access point to the client station AP EDCA parameters To disable WMM extensions switch OFF To enable WMM extensions switch ON Station EDCA Parameters Queue Queues are defined for different types of data transmitted from station to AP Data 0 Voice Highest priority queue...

Page 117: ...ow size is reached retries will continue until a maximum number of retries allowed is reached TXOP Limit Station EDCA Parameter Only The TXOP Limit applies only to traffic flowing from the client station to the access point The Transmission Opportunity TXOP is an interval of time when a WME client station has the right to initiate transmissions onto the wireless medium WM This value specifies in m...

Page 118: ...16 additional networks for a total of 50 wireless networks Multiple networks can have the same SSID Configure SSID Profiles Path Wireless Access Point SSID Profiles 1 Click Wireless Access Point SSID Profiles 2 To edit an existing SSID right click it and select Edit To create a new SSID Profile click the Add New SSID Profile button Note SSID ID 1 is always enabled If you do not want to have the fi...

Page 119: ... Captive Portal billing users created via online wireless service purchasing The wireless service packages are defined in Login Profile Authentication Server If Captive Portal Type Permanent User select the authentication server All users that log in to the captive portal for this SSID are authenticated through the selected server The available authentication servers are Local User Databass Radius...

Page 120: ...h the user can click through to access the Internet HTTP HTTP Redirect is enabled None HTTP Redirect is disabled Redirect URL If Redirect HTTP enter the URL where all initial HTTP accesses should be redirected to This field is accessible only when HTTP is selected as the redirect type Wireless ARP Suppression Mode Enable the mode to allow APs to reduce the number of broadcasted ARP requests on the...

Page 121: ...AP Security The default access point profile does not use any security mechanism To protect your network we recommend you select a security mechanism to prevent unauthorized wireless clients from gaining access to your network Choices are None No security mechanism is used WEP Enable WEP security Complete the options in Table 3 1 WPA WPA2 Enable WPA WPA2 security Complete the options in Table 3 2 ...

Page 122: ...DS managed AP feature within the Unified Wired and Wireless Access System includes the following The wireless system can contain up to 12 WDS managed AP groups Each WDS managed AP group can contain up to four APs An AP can be a member of only one WDS AP group Each satellite AP can have only one WDS link on the satellite APs This means that a satellite AP must be connected to a root AP A satellite ...

Page 123: ...e WDS links by specifying the MAC address and radio of the AP on each end of the link Keep the following considerations in mind when you configure and manage a WDS group MakesuretheradiosthatparticipateintheWDSlinkusethesamechannel Useoneofthefollowingmethods to control the channel When you configure the satellite AP in stand alone mode use the Radio page to set a static channel When you configure...

Page 124: ...P group Spanning tree must be enabled if there are any potential loops in the network For example if a satellite AP has links to two root APs then spanning tree must be enabled Note ThespanningtreeprotocolrunningontheAPsinteractswiththespanningtreeprotocol running on the edge switches to which the APs are connected Edit Password Password used for securing WPA2 Personal security on the WDS Link Ran...

Page 125: ... Point WDS Groups WDS Managed AP After you create a WDS Managed AP group use the WDS Managed AP Configuration page to view the APs that are members of the group add new members and change STP Priority values for existing members 1 Click Wireless Access Point WDS Groups WDS Managed AP tab 2 Click Add NewWDS Manage AP ...

Page 126: ...MAC address STP Priority SpanningTree Priority for this AP The STP priority is used only when spanning tree mode is enabled The STP priority determines which AP is selected as the root of the spanning tree and which AP has preference over another AP when multiple equal cost paths exist in the topology The lower value for the spanning tree priority means that the AP is more likely to be used for br...

Page 127: ...gure Source AP MAC Address MAC Address of the source AP Note The WDS links are bidirectional The terms Source and Destination simply help to differentiate between the WDS link endpoints Source AP Radio The radio number of the WDS link endpoint on the source AP Destination AP MAC Address The MAC address of the destination AP in the group Destination AP Radio The radio number of the WDS link endpoin...

Page 128: ...you can make changes to a configuration received from a peer controller No changes automatically propagate from one controllertothecluster youmustmanuallyinitiatearequestononecontrollerinordertocopyanyconfiguration to its peers 1 Click Wireless Peer Group Peer Configuration 2 Toggle each option to On or Off and then click Save Refer to the table below and on the next page Field Description General...

Page 129: ...le includes the general AP settings such as the hardware type Radio settings SSID Profiles and QoS settings MAC Authentication Database Enable this field to include the MAC Authentication Database in the configuration that the controller pushes to its peers Captive Portal Enable this field to include the Captive Portal information in the configuration that the controller pushes to its peers RADIUS...

Page 130: ...berofpeercontrollersincludedatthetimeaconfigurationdownload request is started the value is 1 if a download request is for a single controller Success Count Indicates the total number of peer controllers that have successfully completed a configuration download Failure Count Indicates the total number of peer controllers that have failed to complete a configuration download Peer Configuration Sync...

Page 131: ...Cluster Controller can update code on APs managed by peer wireless controllers Path Maintenance Firmware AP Firmware Download 1 Click Maintenance Firmware AP Firmware Download AP Firmware Download tab 2 Completethefields refertothetableonthenextpage andthenselecttheAP s youwanttoupgrade Use CTRL click to select multiple APs 3 Click Save to begin the upgrade process ...

Page 132: ...next group begins the process Image DownloadType Type of the image to be downloaded which can be one of the following All Images DWL 8600AP DWL 3600AP DWL 6600AP DWL 2600AP DWL 8610AP Note To download all images make sure you specify the file path and file name for both images in the appropriate File Path and File Name fields Managed AP The list shows all the APs that the controller manages If the...

Page 133: ...The reset command has been sent to the AP Success All APs are connected to the wireless controller Download Count The number of managed APs to download software in the current download request If you selected All for the managed APs to upgrade the download count shows the number of managed APs at the time the download request was started The value is 1 if only one AP is being updated Success Count...

Page 134: ... told to download the code Failure The AP reported a failing code download Aborted The download was aborted before the AP loaded code from the TFTP server Waiting For APs To Download A download finished on this AP and it is waiting for other APs to finish download Reset command is not sent to the AP in this state NVRAM Update In Progress Download completed successfully The reset command sent to th...

Page 135: ...wireless controller s advanced configuration settings to be configured This chapter covers the following commonly used advanced configuration settings IP Mode on page 136 IPv4 LAN Settings on page 137 IPv6 LAN Settings on page 141 VLANs on page 171 Configure IPv4 Static Routing on page 177 Configure IPv6 Static Routing on page 179 Note The procedures in this chapter should only be performed by exp...

Page 136: ...onfigure the IP protocol version to be used on the controller In order to support IPv6 on the LAN you must set the controller to be in IPv4 IPv6 mode This mode will allow IPv4 nodes to communicate with IPv6 devices through this controller 1 Go to Network IPv6 IP Mode 2 Next to IP Mode select either IPv4 only or IPv4 IPv6 3 Click Save ...

Page 137: ...fore it is assigned to avoid duplicate addresses on the LAN For most applications the default DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another LAN device that is the network s...

Page 138: ...ame for LAN configuration LeaseTime If DHCP mode DHCP Server enter the duration in hours for which the IP addresses will be leased to clients Configure DNS WINS Toggle it to ON to enable the DNS WINS Primary DNS Server Enter the primary DNS Server IP Secondary DNS Server Enter the secondary DNS Server IP WINS Server Enter theWINS server IP optional TheWindows Internet Naming Service is equivalent ...

Page 139: ... i e the box s LAN IP All DHCP clients will receive the DNS IP addresses of the ISP excluding the DNS Proxy IP address when it is disabled The feature is particularly useful in Auto Rollover mode For example if the DNS servers for each connectionaredifferent alinkfailuremayrendertheDNSserversinaccessible However when the DNS proxy is enabled then the clients can make requests to the controller and...

Page 140: ... DHCP clients will be assigned IP addresses starting with the Start IP address in the first pool in the list of pools Clients will continue to receive sequential IP addresses until the End IP address of the first pool Then if further pools are configured the next LAN client to join the domain of this controller will receive the Start IP address of the second configured pool and so on 1 Go to Netwo...

Page 141: ...ubnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is set by the prefix length field 1 Go to Network IPv6 LAN Settings IPv6 LAN Settings tab 2 Complete the fields in the table below and on the next page 3 Click S...

Page 142: ...lients will pick up the DHCPv6 server which has highest preference value The preference value must be a decimal integer and be between 0 and 255 inclusive DNS Servers Select one of the following options for DNS servers for the DHCPv6 clients Use DNS Proxy On button to enable DNS proxy on this LAN or Off this button to disable this proxy When this feature is enabled the controller will act as a pro...

Page 143: ...e of IP addresses to be served by the gateway sDHCPv6server Usingadelegationprefix youcanautomatetheprocessofinformingothernetworking equipment on the LAN of DHCP information specific for the assigned prefix 1 Go to Network IPv6 LAN Settings IPv6 Address Pools tab 2 Click Add New Address Pool IPv6 Address Pools 3 Enter a starting IPv6 address end IPv6 address and the prefix length 4 Click Save ...

Page 144: ...1000 User Manual 144 Section 5 Advanced Network Configuration 6 Click Add New Prefix Length 7 Enter the IPv6 Prefix and Prefix Length Click Save 5 Go to Network IPv6 LAN Settings Prefixes for Prefix Delegation tab ...

Page 145: ...es that are configured to accept such details Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN By configuring the Router Advertisement Daemon on this controller the DWC will listen on the LAN for controller solicitations and respond to these LAN hosts with router advisements 1 Go to Network IPv6 LAN Settings Router Advertisement tab I...

Page 146: ...ment Interval and Maximum Router Advertisement Interval The minimum router advertisement interval is 1 3 of this configured value and the default is 30 seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Managed and Other Choose Managed to use the administered stateful protocol for address auto configuration If the Other flag is selected the host uses admini...

Page 147: ...ments configured with advertisement prefixes allow this controller to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the controller to determine neighbors and whether the host is on the same link as the controller 1 Go to Network IPv6 LAN Settings Advertisement Prefixes tab IPv6 Advertisement Prefixes ...

Page 148: ... the 6to4 address prefix is set to the interface ID of the interface on which the advertisements are sent IPv6 Prefix If IPv6 Prefix Type Global Local SATAP defines the IPv6 network address IPv6 Prefix Length If IPv6 Prefix Type Global Local SATAP and this is a numeric value that indicates the number of contiguous higher order bits of the address that make up the network portion of the address Pre...

Page 149: ... Whenever DHCP server receives a request from the client hardware address of that client is compared with the hardware address list present in the database if an IP address is already assigned to that computer or device in the database the customized IP address is configured otherwise an IP address is assigned to the client automatically from the DHCP pool 1 Click Network LAN LAN DHCP Reserved IPs...

Page 150: ...he source traffic s IP address with the unique MAC Address of the configured LAN node you can ensure that the traffic from that the IP address is not spoofed In the event of a violation i e the traffic s source IP address doesn t match up with the expected MAC address having the same IP address the packets will be dropped and can be logged for diagnosis 1 Click Network LAN IP MAC Binding 2 Click A...

Page 151: ...in on IGMP network traffic This then allows the controller to filter multicast traffic and direct it only to hosts that need this stream This is helpful when there is a lot of multicast traffic on the network where all LAN hosts do not need to receive this multicast traffic To enable IGMP Proxy 1 Click Network LAN IGMP Setup 2 Toggle IGMP Proxy to On 3 Click Save 4 Click Add new Network Address En...

Page 152: ...d ports to allow applications to work To configure the UPnP settings 1 Click Network LAN UPnP 2 Toggle Activate UPnP to On 3 Select a LAN from the LAN Segment drop down menu 4 Enter a value for Advertisement Period This is the frequency that the controller broadcasts UPnP information over the network A large value will minimize the network traffic but cause delays in identifying new UPnP devices t...

Page 153: ...yes no indicating whether the port of the UPnP device that established a connection is cur rently active IP Address The IP address of the UPnP device detected by this controller Protocol The network protocol i e HTTP FTP etc used by the DWC Int Port Internal Port The internal ports opened by UPnP if any Ext Port External Port The external ports opened by UPnP if any Click Refresh to refresh the po...

Page 154: ... Jumbo Frames Path Network LAN Jumbo Frame Jumbo frames are Ethernet frames with more than 1500 bytes of payload When this option is enabled the LAN devices can exchange information at Jumbo frames rate 1 Click Network LAN Jumbo Frame 2 Toggle Activate Jumbo Frames to On 3 Click Save ...

Page 155: ...r another network subnet By default Option1 is enabled and works as a LAN interface but with a dependent MAC address and Option 2 is disabled With a VPN license DWC 1000 VPN DWC 1000 VPN LIC the controller turn into Option ports You can set ISP connection type and NAT Transparent mode features 1 Click Network Internet IPv4 Option 1 Settings Internet IPv4 2 Select your connection type and complete ...

Page 156: ... MS CHAPv2 Reconnect Mode Select one of the following options Always On The connection is always on On Demand The connection is automatically ended if it is idle for a specified number of minutes Enter the number of minutes in the Maximum IdleTime field This feature is useful if your ISP charges you based on the amount of time that you are connected PPTP Russian PPTP Address Mode Select either Dyn...

Page 157: ...Address Source Select Use Default MAC unless your ISP requires MAC authentication and another MAC addresshasbeenpreviouslyregisteredwithyourISP Inthatcase chooseoneofthefollowing options Clone your PC s MAC Address Select this option to assign the MAC address of the computer that you are using to configure the controller Use this MAC Address Select this option if your ISP assigned a MAC address fo...

Page 158: ...rt to connect to the Internet select Option as the ConfigurablePort and refer to the Option 1 Port Settings on the previous three pages Configuring DMZ settings is a 2 step process 1 Configure the wireless controller port to act as a DMZ and 2 Configure the DMZ settings for the port To configure a port to operate as a DMZ 1 Go to Network Internet IPv4 Option 2 DMZ Setting 2 Next to Configurable Po...

Page 159: ...Pv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP When the ISP allows you to obtain the Option WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connec...

Page 160: ...h The IPv6 network subnet is identified by the initial bits of the address called the prefix All hosts in the network have the identical initial bits for their IPv6 address the number of common initial bits in the networks addresses is set by the prefix length field Default IPv6 Gateway IPv6 address of the ISPs gateway This is usually provided by the ISP or your network administrator DNS Server s ...

Page 161: ...able Option connectivity on one of the ports TouseAutoFailoverorLoadBalancing Optionlinkfailuredetectionmustbeconfigured Thisinvolvesaccessing DNS servers on the internet or ping to an internet address user defined If required you can configure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if an Option port is down If you do not wa...

Page 162: ...lick Network Internet IPv4 Option Mode Field Description Option Mode Select Auto Rollover Using Option Port from the drop down menu Use Primary Option Port Select which Option port is the primary Use Secondary Op tion Port Select which port to use if the primary port fails DNS Lookup Method Option DNS Servers DNS Lookup of the DNS Servers of the primary link is used to detect primary Option connec...

Page 163: ...reached After this the secondary Option will be used for new connections Inbound connections on the secondary Option are permitted with this mode as the spillover logic governs outbound connections moving from the primary to secondary Option You can configure spillover mode by using following options LoadTolerance It is the percentage of bandwidth after which the controller switches to secondary O...

Page 164: ...NSLookupofthecustomDNSServerscanbespecifiedtochecktheconnectivity of the primary link PingtheseIPaddresses TheseIP swillbepingedatregularintervalstochecktheconnectivity of the primary link RetryIntervalis Thenumbertellsthecontrollerhowoftenitshouldruntheaboveconfigured failure detection method Failover after This sets the number of retries after which failover is initiated Save Click save to activ...

Page 165: ...heck the connectivity of the primary link Retry Interval is Enter the time in seconds to initiate the DNS Lookup Mode Default is every 30 seconds The number tells the controller how often it should run the above configured failure detection method Failover After Enter the number of failures before the controller initiates the failover process Load Tolerance Enter the percentage of bandwidth after ...

Page 166: ...appropriate firewall settings are configured If your ISP has assigned an IP address for each of the computers devices that you use select Classical NAT is a technique which allows several computers and devices on your local network to share an Internet connection The computers on the LAN use a private IP address range while the Option port on the controller is configured with a single public IP ad...

Page 167: ...intain the LAN and Option in the same broadcast domain select Transparent mode which allows bridging of traffic from LAN to Option and vice versa except for controller terminated traffic and other management traffic Note NAT routing has a feature called NAT Hair pinning that allows internal network users on the LAN and DMZ to accessinternalservers e g aninternalFTPserver usingtheirexternally known...

Page 168: ...edit or delete any existing aliases right click the alias and select either Edit or Delete Field Description Interface Select either Option1 or Option2 IP Address Enter an alias IP address for the Option interface you selected Subnet Mask Enter a subnet mask for the Option interface you selected Save Click save to activate your settings To create a new alias 1 Click Network Internet IPv4 IP Aliasi...

Page 169: ...to that computer or device in the database the customized IP address is configured otherwise an IP address is assigned to the client automatically from the DMZ DHCP pool To create DHCP reservations 1 Click Network Internet IPv4 DMZ DHCP Reserved IPs 2 Click Add New DMZ DHCP Reserved IP 3 Enter the following information and click Save Field Description IP Address Enter the IP address you want to as...

Page 170: ...cted to the correct IP address When you set up an account with a DDNS service the host and domain name username password and wildcard support will be provided by the account provider To configure DDNS 1 Click Network Internet IPv4 Dynamic DNS 2 Click the tab on top to select an Option port to which you want to configure DDNS 3 Next to Dynamic DNS Service Type select your DDNS service 4 Enter the f...

Page 171: ...f VLANs is to split large switched networks which are large broadcast domains The wireless controller provides VLAN functionality for assigning unique VLAN IDs to LAN ports so that traffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN Settings Path Network VLAN VLAN Settings Y...

Page 172: ...anent User Temporary User or Billing User Authentication Server Select the type of authentication server to authenticate captive portal for permanent temporary or billing users It shows the available authentication servers among which one can be selected for this VLAN All users login into the captive portal for this VLAN are authenticated through the selected server This option appears only if Cap...

Page 173: ...n in the table on the previous page and click Save Deleting VLANs Path Network VLAN VLAN Settings If you do not need a VLAN you can delete it Note AprecautionarymessagedoesnotappearbeforeyoudeleteaVLAN Therefore besureyoudonotneedaVLAN before you delete it To delete a VLAN 1 Go to Network VLAN VLAN Settings 2 In theVLAN List right click theVLAN you want to delete and click Delete Or right click on...

Page 174: ...d subnet mask for the virtually isolated network Unless you enable inter VLAN routing for the VLAN the VLAN subnet determines the network address on the LAN that can communicate with the devices that correspond to the VLAN To view and edit the available multi VLAN subnets 1 Go to Network VLAN VLAN Settings 2 To edit a multi subnet VLAN right click the VLAN and click Edit ...

Page 175: ...e available on the VLAN enter the IP address of the secondary DNS server LeaseTime Enter a time interval in hours that a DHCP client can use the IP address that it receives from the DHCP server When the lease time is about to expire the client sends a request to the DHCP server to get a new lease Relay Gateway Enter the gateway address This is the only configuration parameter required in this sect...

Page 176: ... any other Ethernet frame General Select to allow the port to become a member of a user selectable set ofVLANs The port sends and receives data that is tagged or untagged with a VLAN ID If the data into the port is untagged it is assigned the defined PVID All tagged data sent out of the port with the same PVID will be untagged Trunk Select to multiplex traffic for multiple VLANs over the same phys...

Page 177: ...es IP address to determine the next hop whereas Protocol Binding use protocol Configuring your wireless controller for static routing allows data transfers between it and a routing device without using dynamic routing protocols Configure IPv4 Static Routing Path Network Routing Static Routes To add a static route 1 Click Network Routing Static Routes 2 Click Add New Static Route The Static Route C...

Page 178: ... Destination IP Address Enter the IP address of the static route s destination IP Subnet Mask Enter the subnet mask of the static route Interface Select the wireless controller interface that will interface to the static route Choices are Option 1 Option 2 The wireless controller s Option port will interface to the static route LAN VLAN The wireless controller s LAN or VLAN port will interface to ...

Page 179: ... this controller and other devices to account for changes in the path once configured the static route will be active and effective until the network changes TheListofStaticRoutesdisplaysallroutesthathavebeenaddedmanuallybyanadministratorandallowsseveral operations on the static routes The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields with one exception To configu...

Page 180: ...ix bits in the IPv6 address that define the subnet Interface Select the wireless controller interface that will interface to the static route Choices are Option 1 Option 2 the wireless controller s Option port will interface to the static route LAN the wireless controller s LAN or VLAN port will interface to the static route Sit0 Tunnel IPv6 Gateway IP Address of the gateway through which the dest...

Page 181: ...n Only The controller accepts RIP information from other controllers but does not broadcast its routing table None The controller neither broadcasts its route table nor does it accept any RIP packets from other controllers This effectively disables RIP Version The RIP version is dependent on the RIP support of other routing devices in the LAN Disabled This is the setting when RIP is disabled RIP 1...

Page 182: ...mavailablecontrollersandconstructsatopologymapofthenetwork OSPF version 2 is a routing protocol which described in RFC2328 OSPF Version 2 OSPF is IGP Interior Gateway Protocols OSPF is widely used in large networks such as ISP backbone and enterprise networks To configure OSPF 1 Click Network Routing OSPF 2 Right click the port you want to edit LAN Option1 Option2 and click Edit 3 Complete the fie...

Page 183: ...o packet will be sent This value must be the same for all controllers attached to a common network The default value is 10 seconds Dead Interval The number of seconds that a device s hello packets must not have been seen before its neighbors declare the OSPF controller down This value must be the same for all controllers attached to a common network The default value is 40 seconds OSPF requires th...

Page 184: ...formation from available controllers and constructs a topology map of the network OSPFv3 supports IPv6 To enable an OSPFv3 process on a controller you need to enable the OSPFv3 process globally assign the OSPFv3 process a controller ID and enable the OSPFv3 process on related interfaces To configure OSPFv3 1 Click Network IPv6 OSPFv3 2 Right click the port you want to edit LAN Option1 Option2 and ...

Page 185: ...e number of seconds for Hello Interval timer value Enter the number in seconds that the Hello packet will be sent This value must be the same for all controllers attached to a common network The default value is 10 seconds Dead Interval The number of seconds that a device s hello packets must not have been seen before its neighbors declare the OSPF controller down This value must be the same for a...

Page 186: ...sm for migrating from IPv4 to IPv6 a system that allows IPv6 packets to be transmitted over an IPv4 network When enabled traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network To enable 6 to 4 Tunneling 1 Click Network IPv6 6 to 4Tunneling 6 to 4 Tunneling IPv6 2 Toggle Activate Auto Tunneling to On and click Save ...

Page 187: ...k layer for IPv6 To configure ISATAP Tunnels 1 Click Network IPv6 ISATAPTunnels ISATAP Tunnels IPv6 2 Click Network IPv6 ISATAPTunnels Complete the fields Field Description ISATAP Subnet Prefix This is the 64 bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet This can be obtained from your ISP or internet registry or derived from RFC 4193 End Point Address This is th...

Page 188: ...ion link Protocol bindings are only applicable when load balancing mode is enabled and more than one Option port is configured To add edit or delete a protocol binding entry 1 Click Network Routing Protocol Binding 2 Right clickacurrententryandselectEditorDelete Toaddanewentry clickAddNewProtocolBinding 3 Complete the fields in the table below and click Save Field Description Service Select a serv...

Page 189: ...ed security features Client Management on page 190 Group Management on page 193 User Management on page 200 Hotspot on page 205 Captive Portal Front Desk on page 206 Guest Account Usage Management on page 207 External Authentication on page 219 Blocked Clients on page 240 WIDS on page 65 Note The procedures in this chapter should only be performed by expert users who understand networking concepts...

Page 190: ...r Database MAC Authentication To view wireless known clients 1 Go to Security Authentication User Database 2 Click on the MAC Authentication tab in the middle menu The MAC Authentication page will appear displaying a list of the wireless clients in the MAC Authentication database 3 Next to List Type the current global setting is displayed MAC authentication is a feature that grants or denies a cli...

Page 191: ...w you to differentiate this known client from others you may add Authentication Action When MAC authentication is enabled on the network this field shows the action to be taken on a wireless client The following options are available Grant Allow the client with the specified MAC address to access the network Deny Prohibit the client with the specified MAC address from accessing the network Global ...

Page 192: ...ation After you add clients you can edit or delete it if you need to change settings To edit or delete a client 1 Go to Security Authentication User Database MAC Authentication 2 Under MAC Authentication List right click the client and select either Edit or Delete 3 Change the desired settings refer to the table on the previous page 4 Click Save ...

Page 193: ...edit user groups when changes are required and delete the user groups that you do not need Adding User Groups Path Security Authentication User Database Groups When you add a user group you assign A name that identifies the user group An optional user group description At least one privilege or user type An idle timeout value After you define user groups you can use the procedure under User Manage...

Page 194: ...sions to access the Internet Networks through Captive Portal authentication Network Selecting Network enables an extra option by default the group types for Network users are Captive Portal User The users of the group having Captive Portal privilege will have permissions to access the Internet Networks through Captive Portal authentication Front Desk The users of the group having Front Desk User p...

Page 195: ...t a user group For example you might want to change the privileges for the user group or idle timeout To edit a user group 1 Go to Security Authentication User Database Groups The Groups List page will appear 2 Right click the user group you want to edit and click Edit The Group Configuration pop up page will appear 3 Complete the fields in the previous page and click Save ...

Page 196: ...lete all users in it see Editing Deleting Clients on page 192 Note A precautionary message does not appear before you delete a user group Therefore be sure you do not need a user group before you delete it To delete a user group 1 Go to Security Authentication User Database Groups The Groups page will appear 2 Right click on the user group you want to delete and click Delete To delete all groups c...

Page 197: ...er group 3 Click the Add Login Policies button The Login Policies Configuration page will appear 4 Complete the fields from the table below and click Save Settings Field Description Group Name Name of the group Disable Login Grants or denies login access to the web management interface for all users in this user group Choices are On Disable login access Off Enable login access Deny login from Opti...

Page 198: ...ticular web browsers to log in to the wireless controllers web management interface 1 Click Security Authentication User Database Groups 2 Click the Add Browser Policies button 3 Select a group and a browser from the drop down menus and click Add The selected browser will appear in the Defined Browsers area Field Description Group Name Select the group name from the drop down menu Client Browser S...

Page 199: ...lar network or IP address 1 Click Security Authentication User Database Groups tab 2 Click the Add IP Policies button The IP Policies Configuration page will appear 3 Complete the fields given in the table below and click Save The address you defined will appear in the Defined Addresses area Field Description Group Name Select a group name from the drop down menu Source AddressType Choices are IP ...

Page 200: ...om a comma separated value CSV formatted file After you add users you can edit them when changes are required and delete users when you no longer need them Adding Users Manually Path Security Authentication User Database Users One way of adding users is to add users individually 1 Go to Security Authentication User Database Users tab 2 Click Add New User The User Configuration pop up page will app...

Page 201: ...a unique name for this user The name should allow you to easily identify this user from others you may add First Name Enter the first name of the user Last Name Enter the last name of the user Select Group Select the captive portal group to which this user will belong Password Enter a case sensitive login password that the user must specify at the login prompt to access the web management interfac...

Page 202: ...assword change Password The above sample has fields that can assume the following values Username text field Name of the user and identifier in the DWC s database and so it must be unique in the local user database FirstName text field This is a user detail and need not be unique LastName text field This is a user detail and need not be unique GroupName text field The group that is associated with...

Page 203: ...ame for this user The name should allow you to easily identify this user from others you may add First Name Enter the first name of the user Last Name Enter the last name of the user Select Group Select the group to which this user will belong Edit Password Toggle this option to enter the password to be used by this user to log in to the web management interface Current Logged in Administrator Pas...

Page 204: ...t user Note A precautionary message does not appear before you delete a user Therefore be sure that the specific user is not needed before you delete it To delete a user 1 Click Security Authentication User Database Users tab The Users List page will appear 2 Right click on the user you want to delete and click Delete To delete all the users click Select All and then Delete ...

Page 205: ... peer controllers in advance This will allow the auto synchronization of temporary users to take place between peer controllers Example In a hotel the controller administrator creates a set of billing and captive portal profiles and pushes them from the DWC controller to all peer controllers The front desk administrator creates temporary accounts for a new guest The temporary accounts will be push...

Page 206: ...users given access by the Front Desk the Captive Portal Type needs to be a temporary user This will allow for the usage limits to have control on the amount or duration of internet access The last step to leverage this feature is to create a Front Desk group and assign a user to this group i e user name HotelAdmin The Front Desk user HotelAdmin will be allowed to access the appliance s management ...

Page 207: ... it is valid for use Account Depletion the temporary account is run out usage time or usage volume Account Expiration the temporary account is expired no matter usage time volume running out or not and it is removed from the local database Thebillingprofilecanbevariousdependingonhowtoputthevalueinthesettings Belowarefivemostcomment types of billing profiles 1 The temporary account usage time is li...

Page 208: ...ce The organizer generates accounts before the event and delivery account information to participator in advanced if necessary The temporary account would be only valid from specific date and time 4 The temporary account has limited time usage The account doesn t have the expiration time until the usage is run out This billing profile is suitable for the scenario in Hotspot The service provider ch...

Page 209: ...ultiple users to use the same captive portal login credentials created for this profile to login simultaneously Allow Batch Generation on Front Desk Checking this option enables front desk user to generate a batch of temporary captive portal users at one click Session IdleTimeout Idle timeout for CP users generated for this profile Show Alert Message on Login Page while Rest of Usage Time Traffic ...

Page 210: ...um traffic user can use before his account expires Only inbound traffic shall be considered towards bandwidth usage Allow frontdesk to modify duration Enabling this option enables frontdesk user to modify usage limits Ticket Pricing Options Header Enable this option to set a header value for ticket Customized Note Enable this option to display extra details on ticket like location Time Stamp Enabl...

Page 211: ... tab Field Description Payment Processor Select the payment agent Paypal Paypal Payment Receiver Email ID Enter your Paypal account email used for receiving payments API Username Enter the API username of the Paypal Premier Business Website Payment Pro account API Password Enter the API password of the Paypal account API Signature Enter the API signature of the Paypal Premier Business Website Paym...

Page 212: ...ssor Select the payment agent Authorize net Paypal Login ID Enter the API account ID used for receiving payments Transaction Key Enter your transaction key MD5 Hash Enter your MD5 Hash value Transaction Server Live is selected Transaction Mode Select Live or Test Currency Select the currency type ...

Page 213: ...e of that page with specific text and images The wireless controller supports multiple login and SLA pages Associate login page or SLAs on SSIDs or VLANs separately Customize the Captive Portal Login Page Path Security Authentication Login Profiles Login Profiles 1 Go to Security Authentication Login Profiles Login Profiles tab 3 Complete the fields in the table on the next page and click Save 2 C...

Page 214: ... during the captive portal session from the drop down menu Custom Color If you choose Custom on Page Background Color enter the HTML color code Header Details Background Select whether the login page displayed during the captive portal session will show an image or color Choices are Image show image on the page Use the Header Background Color field to select a background color The maximum size of ...

Page 215: ...wireless service purchasing from on the login page SessionTitle 1 Enter the text that appears in the title of the online purchasing login box when the user logs in to the captive portal session Message Enter the text appears in the online purchasing login box when the user logs in to the captive portal session SessionTitle 2 Enter the text that appears in the title of the message box while online ...

Page 216: ...ields in the table below and click Save Field Description SLA Profile Name Enter a name for this SLA profile The name should allow you to differentiate this SLA from others you may set up BrowserTitle Enter the text that will appear in the title of the browser during the captive portal session Term of Service Rule Shows the set of rules on Captive Portal which is set for temporary and SLA type use...

Page 217: ...tion 6 Securing Your Network Upload a Custom Profile Path Security Authentication Login Profiles Custom CP Profile 1 Go to Security Authentication Login Profiles Custom CP Profiles tab 2 Click Browse and select a saved profile Click Save ...

Page 218: ... Authentication RADIUS Accounting Global Setting tab 2 Complete the information from the table below and click Save Field Description Accounting Mode Toggle to ON to enable the RADIUS accounting mode By default it is disabled Accounting Interim Update Mode Toggle to ON to send Radius Accounting Interim Update based on Interim Interval Period By default this mode is disabled Radius Accounting Inter...

Page 219: ...rity uses a RADIUS Server forWPA and orWPA2 security A RADIUS server must be configured and accessible by the controller to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication The Authentication IP Address is required to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by th...

Page 220: ...rver Authentication Port RADIUS authentication server port to send RADIUS messages Secret Secret key that allows the device to log into the configured RADIUS server It must match the secret on the RADIUS server Timeout Set the amount of time in seconds the controller should wait for a response from the RADIUS server Retries This determines the number of tries the controller will make to the RADIUS...

Page 221: ...o configure RADIUS Server 1 Go to Security Authentication External Auth Server RADIUS Accounting tab 2 Click Add New Account Complete the information from the table below and click Save Field Description Accounting Server IP Address IP address of the RADIUS accounting server Accounting Server Name Enter a name for the server Port Enter the port to use Secret Secret key that allows the device to lo...

Page 222: ...ec PPTP L2TP Server and Captive Portal users Note that POP3 for PPTP L2TP servers is supported only with PAP and not with CHAP MSCHAP MSCHAPv2 encryption To configure your POP3 Server 1 Go to Security Authentication External Auth Server POP3 Server tab 2 Complete the fields in the table below and click Save Field Description Authentication Server IP address of the POP3 authentication server Authen...

Page 223: ... A CA file is used as part of the POP3 negotiation to verify the configured authentication server identity Each of the three configured servers can have a unique CA used for authentication 1 Go to Security Authentication External Auth Server POP3Trusted CA tab 2 Click Add CA File to add a CA file 3 Click Browse to select a CA file Once selected click Save ...

Page 224: ...nformation is stored in a hierarchal manner Note that configuring a LDAP server on Windows or Linux servers is considerably less complex than setting up NT Domain or Active Directory servers for user authentication The details configured on the controller will be passed for authenticating the controller and its hosts The LDAP attributes domain name DN and in some cases the administrator account pa...

Page 225: ...P Base DN LDAP authentication requires the base domain name contact your administrator for the Base DN to use LDAP authentication for this domain Timeout Set the amount of time in seconds the controller should wait for a response from the LDAP server Retries This determines the number of tries the controller will make to the LDAP server before giving up Administrator Account AdminaccountinLDAPserv...

Page 226: ... This authentication option is common for SSL VPN client users and is also useful for IPSec PPTP L2TP client authentication To configure your AD Server 1 Go to Security Authentication External Auth Server AD Server tab 2 Complete the AD server information from the table below and click Save Field Description Authentication Server IP address of the AD authentication server Active Directory Domain S...

Page 227: ... of authorized users To configure your NT Domain Server 1 Go to Security Authentication External Auth Server NT Domain page Field Description Authentication Server Enter the IP address of the NT Domain server Workgroup Enter the Workgroup for the Authentication Server Timeout Set the amount of time in seconds that the controller should wait for a response from the NT Domain server Retries This det...

Page 228: ...acebook WiFi authentication uses the Facebook service to authenticate the users by defining some requirements on the gateway To use this feature the user is expected to have created a page for the business which can be selected after login to Facebook and the controller should be registered with Facebook so that the users can be directed to your facebook page when accessing the network To configur...

Page 229: ...ame Facebook WiFi Auth Status Registration Status Displays whether the controller is registered with Facebook or not Registration URL Once the controller are registered you must pair your merchant page with the Registration Url Configuration Status Displays whether the controller is paired with the merchant page or not Check Config Status Checks pairing of the gateway device with the merchant page...

Page 230: ...t Name of an SMTP server The controller will connect to this server to send captive portal user credentials SMTP Port Enter the SMTP port of the e mail server Return E mail address Type the e mail address where the replies from the SMTP server are to be sent required for failure messages Authentication with SMTP If the SMTP server requires authentication before accepting connections select either ...

Page 231: ...he gateway can prevent ActiveX controls from being downloaded via Internet Explorer For added security cookies which typically contain session information can be blocked as well for all devices on the private network To configure 1 Go to Security Web Content Filter Static Filtering 2 Toggle which service you want to filter to On and click Save Static Filtering The controller offers some standard w...

Page 232: ...s added to this list then all of the following URL s are permitted access from the LAN www dlink com support dlink com etc Importing exporting from a text or CSV file is also supported To specify approved URLs 1 Go to Security Web Content Filter Static Filtering Approved URL tab 2 To import a list from a text CSV file click Upload URLs List from File If you want to export the current list click Ex...

Page 233: ...s present in a site allowed by a trusted domain in the Approved URL List then access to that site will be allowed Import export from a text or CSV file is also supported To add import export URLs to the approved list 1 Click Security Web Content Filter Static Filtering Blocked Keywords tab Blocked Keywords 2 To import a list from a text CSV file click Upload Keywords List from File If you want to ...

Page 234: ...1 Go to Security Web Content Filtering Dynamic Filtering 2 Toggle which service you want to filter refer to the table below to On and click Save Field Description Adult Sites that host explicit sex content nudity and sites that use profanity News Sites that offer news and information on current events including newspapers broadcasters and other publishers Job Search Sites that offer job listings i...

Page 235: ...Sites providing online banking services offered by financial institutions Crime Terrorism Sites providing information on anti social activities like murder sabotage bombing etc Personal Beliefs Cults Sites about religion places of worship religious groups and occultism Politics Sites about politics elections and legislation and sites that promote a politician or political party Sports Sites about ...

Page 236: ...ddress known depends on how the Option ports are configured for this controller you may use the IP address if a static address is assigned to the Option port or if your Option address is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to Option rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The ...

Page 237: ...t a service from the drop down menu ANY means all traffic is affected by this rule Action Select an action from the drop down menu Source Hosts Select a source host If you select Single Address or Address Range you will need to enter the IP address or IP range Destination Hosts Select a Destination host If you select Single Address or Address Range you will need to enter the IP address or IP range...

Page 238: ...s of the week and the time of day for a new schedule and then this schedule can be selected in the firewall rule configuration page Note All schedules will follow the time in the controller s configured time zone Refer to the section on choosing your Time Zone and configuring NTP servers for more information To add a schedule profile 1 Click Security Firewall Schedules Profiles 2 Click Add New Sch...

Page 239: ...tartTime EndTime If you selected SpecificTimes use the mouse on the blue boxes representing the hour min utes and am pm to select the start time and end time Click hold and move up to de crease the value or move down to increase the value Save Click to save your settings 3 Click the Schedules Rules tab Next to Schedule Name select the schedule profile you want to configure 4 Right click an entry a...

Page 240: ...ecurity Firewall Blocked Clients This page displays a list of blocked clients You may add new clients to block To configure blocked clients 1 Go to Security Firewall Blocked Clients 2 Click Add New Blocked Clients Enter the client s MAC address and a description 3 Click Save ...

Page 241: ...ation menu To add delete or edit a custom service 1 Click Security Firewall Custom Services 2 Right click an entry and click either Edit or Delete To add a new schedule click Add New Custom Service Field Description Name Enter a name for your custom service Type Enter the layer 3 protocol that the service uses TCP UDP BOTH or ICMP PortType Select Port Range or Multiple Ports Start Port If you sele...

Page 242: ... TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without which the admin would have to open large number of ports to accomplish the same support Because the ALG understands the protocol used by the specific application that it supports it is a very secure and efficient way of introducing support for client applications through the co...

Page 243: ... DMZ so that the mail sent by remote SMTP servers will traverse the controller to reach the local server Local users will then use email client software to retrieve their email from the local SMTP server SMTP is also used when clients are sending email and SMTP ALG can be used to monitor SMTP traffic originating from both clients and servers 1 Click Security Firewall ALGs SMTP ALGs tab 2 Toggle St...

Page 244: ...ecurity Firewall ALGs Mail Filtering 1 Click Security Firewall ALGs Mail Filtering tab 2 Right click an entry and select either Edit or Delete To add a new mail ID click Add New Mail Filter 3 Enter a subject and a mail ID 4 Select your action as allow or block 5 Click Save ...

Page 245: ...ncryptedVPNtrafficforIPSec PPTP andL2TPVPNtunnel connections between the LAN and internet A specific firewall rule or service is not appropriate to introduce this passthrough support instead the options in the VPN Passthrough page must be toggled to ON 1 Click Security Firewall VPN Passthrough 2 Toggle the VPN protocol you want to allow to ON and click Save ...

Page 246: ...ic LAN IP or IP range Also ports are not left open when not in use thereby providing a level of security that port forwarding does not offer Note Port triggering is not appropriate for servers on the LAN since there i s a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receive data...

Page 247: ... your rule Enable Toggle to ON to activate the rule Protocol Select TCP or UDP Interface Select either LAN or DMZ Outgoing Trigger Port Range Enter the start and end trigger port range Incoming Port Range Enter the port range to open Save Click to save your settings 4 Click on the Application Rules Status tab to see a list of rules and their status ...

Page 248: ...g source 1 Click Security Firewall Attack Checks 2 Complete the fields from the table below and click Save Field Description Stealth Mode If this option is toggled to ON the controller will not respond to port scans from the WAN This makes it less susceptible to discovery and attacks BlockTCP Flood If this option is toggled to ON the controller will drop all invalid TCP packets and be protected fr...

Page 249: ...te at which the SYN Flood can be detected Echo Storm The number of ping packets per second at which the controller detects an Echo storm attack from the Option and prevents further ping traffic from that external address ICMP Flood The number of ICMP packets per second at which the controller detects an ICMP flood attack from the Option and prevents further ICMP traffic from that external address ...

Page 250: ...y VPN tunnel A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder Remote client behind a NAT router The client has a dynamic IP address and is behind a NAT Router The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance The gateway...

Page 251: ...ncrypted Tunnel This mode is used for network to network IPSec tunnels where this gateway is one endpoint of the tunnel In this mode the entire IP packet including the header is encrypted and or authenticated When tunnel mode is selected you can enable NetBIOS and DHCP over IPSec DHCP over IPSec allows this switch to serve IP leases to hosts on the remote LAN Also in this mode you can define the s...

Page 252: ...Remote Endpoint Select the type of identifier that you want to provide for the controller at the remote endpoint either IP Address or FQDN Fully Qualified Domain Name IP Address FQDN Enter the identifier for the controller Enable Mode Config Toggle to ON to enable Mode Config is similar to DHCP and is used to assign IP addresses to the remote VPN clients Enable NetBIOS Toggle to ON to allow NetBIO...

Page 253: ...l dynamically exchanges keys between two IPSec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details ThePhase2Autopolicyparameterscoverthesecurityassociationlifetimeandencryption authentication details of the phase 2 key negotiation The VPN policy is one half of the IKE VPN policy pair required to establish an Auto IPSec VPN tunnel The IP addresses of the ma...

Page 254: ...e that using Auto policies with IKE are preferred as in some IPSec implementations the SPI security parameter index values require conversion at each endpoint The DWC 1000 supports VPN roll over feature This means that policies configured on the primary Option port will rollover to the secondary port in case of a link failure This feature can be used only if your Option is configured in Auto Rollo...

Page 255: ...rom the client across the VPN tunnel to the switch Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the client access to specific private networks thereby allowing access control over specific LAN services 1 Click VPN IPSecVPN Tunnel Mode 2 Complete the fields in the table below and click Save Field Description Tunnel Mode Select...

Page 256: ...created entries to edit or delete 3 Enter a domain name and click Save In a split DNS infrastructure you create two zones for the same domain one to be used by the internal network the other to be used by the external network Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution ...

Page 257: ... IP Address Enter the starting IP address to issue your clients connecting using DHCP over IPSec Ending IP Address Enter the ending IP address Subnet Mask Enter the subnet mask Save Click Save to save and activate your settings This page displays the IP range to be assigned to clients connecting using DHCP over IPSec By default the range is in 192 168 12 0 subnet Note To support DHCP over IPsec en...

Page 258: ... strong assurance of the server s identity and is a requirement for most corporate network VPN solutions The certificates menu allows you to view a list of certificates both from a CA and self signed currently loaded on the switch The following certificate data is displayed in the list of Trusted CA certificates CA Identity Subject Name The certificate is issued to this person or organization Issu...

Page 259: ...PN peers Subject Name This is the name that will be displayed as the owner of this certificate This should be your official registered or company name as IPSec or SSL VPN peers are shown this field Serial Number The serial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that has issued signed this certificate Expiry Time The date after wh...

Page 260: ... 3 Complete the fields in the table below and click Save Field Description Name Enter a name identifier for the certificate Subject This field will populate the CN Common Name entry of the generated certificate Subject names are usually defined in the following format CN device name OU department O organization L city ST state C country For example CN router1 OU my_company O mydept L SFO C US Hash...

Page 261: ...ported IPSec VPN policy 1 Click VPN IPSec VPN Easy VPN Setup 2 Click Browse and navigate to the policy file you want to upload Select it and click Open 3 Click Upload 4 Once uploaded go to VPN IPSec VPN Policies and the loaded VPN will be listed Right click it to edit or delete ...

Page 262: ...tion but can be configured to employ an external authentication server Field Description Enable PPTP Server Select either IPv4 or IPv6 PPTP Routing Mode Select either NAT or Classical Starting Ending IP Address Enter the IP address range to assign your PPTP clients IPv6 Prefix If you selected IPv6 enter the IPv6 prefix IPv6 Prefix Length If you selected IPv6 enter the IPv6 prefix length Authentica...

Page 263: ...PTP server you want to connect to Remote Network Enter the remote network address This address is local for the PPTP Server Remote Netmask Enter the remote network subnet mask Username Enter your PPTP user name Password Enter your PPTP password MPPE Encryption Toggle to ON to enable Microsoft Point to Point Encryption MPPE Idle Time Out Enter the amount of time in seconds that you will disconnect ...

Page 264: ...D Link DWC 1000 User Manual 264 Section 7 VPN PPTP Active Users List A list of PPTP connections will be displayed on this page Right click the connection to connect and disconnect ...

Page 265: ...e configured to employ an external authentication server should one be configured Field Description Enable L2TP Server Select either IPv4 or IPv6 L2TP Routing Mode Select either NAT or Classical Starting Ending IP Address Enter the IP address range to assign your L2TP clients IPv6 Prefix If you selected IPv6 enter the IPv6 prefix IPv6 Prefix Length If you selected IPv6 enter the IPv6 prefix length...

Page 266: ...D Link DWC 1000 User Manual 266 Section 7 VPN L2TP Active Users List A list of L2TP connections will be displayed on this page Right click the connection to connect and disconnect ...

Page 267: ...rce details follow in the subsequent section IP address IP network or all devices on the LAN of the switch Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the network resources from a list of defined resources or defining the IP addresses For applying the policy to the addresses port range port number can be defined The final steps...

Page 268: ...er the IP address Mask Length If you selected IP Network enter the mask length 0 32 ICMP Toggle to ON to include ICMP traffic Begin End Enter a port range or leave blank to include all TCP and UDP ports These fields are not available when selecting Network Resource Defined Resources If you selected Network Resource select the resource for the Defined Resource drop down menu If you have not created...

Page 269: ... that the default portal LAN IP address is https 192 168 10 1 scgi bin userPortal portal This is the same page that opens when the User Portal link is clicked on the SSLVPN menu of the controller web UI To create a new portal layout 1 Click VPN SSLVPN Portal Layouts 2 Click Add New SSLVPN Portal Layout Note You may right click a layout from the list and edit or delete a layout 3 Complete the field...

Page 270: ... Message on Login Page Toggle to ON to display the banner title and message or OFF to hide the banner title and message HTTP Meta Tags for Cache Control Toggle to ON or OFF This security feature prevents expired web pages and data from being stored in the client s web browser cache It is recommended to toggle to ON Active X Web Cache Cleaner Toggle to ON or Off An ActiveX cache control web cleaner...

Page 271: ...ating a unique name to identify the resource and assigning it to one or all of the supported SSL services Once this is done editing one of the created network resources allows you to configure the object type either IP address or IP range associated with the service The Network Address Mask Length and Port Range Port Number can all be defined for this resource as required 3 Complete the fields fro...

Page 272: ...ervice Select VPNTunnel Port Forwarding or All ICMP Toggle to ON to include ICMP traffic Object Type Select Single IP Address or IP Network Object Address Enter the IP address Mask Length If you selected IP Network enter the mask length 0 32 Begin End Enter a port range for the object Save Click to save your settings ...

Page 273: ...mber or the domain name FQDN 5 Click Save Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the switch is detected and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made acces...

Page 274: ...s on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non overlapping range as the corporate LAN The controller allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the switch Split tunnel mode only sends traffic to the private LAN based on pre specified client rout...

Page 275: ...d to forward private traffic through the VPN Firewall to the remote SSL VPN client When split tunnel mode is enabled the user is required to configure routes for VPN tunnel clients Destination network The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here Subnet mask The subnet information of the destination network i...

Page 276: ...ertificate for every client using signature and Certificate authority An OpenVPN can be established through this controller You can select server mode client mode or access server client mode In access server client mode the user has to download the auto login profile from the OpenVPN Access Server and upload the same to connect Server Settings To configure the controller as an OpenVPN Server 1 Cl...

Page 277: ...Row Set of certificates and keys the server uses Second Row Set of certificates and keys newly uploaded Enable Tls Authenti cation Key Enabling this adds Tls authentication which adds an additional layer of authentication Can be checked only when the tls key is uploaded Disabled by default Block Invalid Client Certificates Enabling this adds facility to block invalid client certificate This featur...

Page 278: ...s optional and applicable only in client mode Port Enter what port to use The default port is 1194 Tunnel Protocol Select either TCP or UDP Encryption Algo rithm Select the encryption algorithm from the drop down menu Hash Algorithm Select the hash algorithm from the drop down menu Certificates Select the set of certificates OpenVPN server uses First row indicates the set of certificates and keys ...

Page 279: ... certificate This feature requires crl certificate which contains list of client certificates to be blocked Please upload crl certificate in OpenVPN Authentication page Allow only User Based Auth Configu ration This method does not require the client certificate client will authenticate using the username password only Enable User Based Auth This option is introduced to provide the additional auth...

Page 280: ... uses First row indicates the set of certificates and keys that the server uses Second row indicates the set of certificates and keys newly uploaded Enable Tls Authenti cation Key Enabling this adds Tls authentication which adds an additional layer of authentication This can be checked only when the tls key is uploaded By default it is disabled Block Invalid Client Certificates Enabling this adds ...

Page 281: ...works If Split Tunnel from OpenVPN Server is selected you can create a local network by following the steps given below 1 Click VPN OpenVPN Local Networks 2 Click Add New OpenVPN Local Network 3 Enter a local IP network 4 Enter the subnet mask 5 Click Save ...

Page 282: ... Section 7 VPN Remote Networks To create remote networks 1 Click VPN OpenVPN Remote Networks 2 Click Add New OpenVPN Remote Network 3 Enter a name of the remote network 4 Enter a local IP network 5 Enter the subnet mask 6 Click Save ...

Page 283: ...Allow only User Based Auth feature in OpenVPN Settings Page Trusted Certificate CA Certificate Browse and upload the pem formatted CA Certificate Server Client Certifi cate Browse and upload the pem formatted Server Client Certificate Server Client Key Browse and upload the pem formatted Server Client Key DH Key Browse and upload the pem formatted Diffie Hellman Key TLS Authentication Key Browse a...

Page 284: ...ribes the following pages which display wireless controller and access point status information and statistics Viewing Statistic and Utilization on page 285 Manage Dashboard on page 287 System Information on page 289 Network Information on page 291 Wireless Information on page 298 ACL DiffServ Status on page 332 ...

Page 285: ...rces the system is using It presents hardware and usage statistics The CPU and Memory utilization is a function of the available hardware current configuration and traffic through the controller Interface statistics for the wired connections LAN Option1 Option2 DMZ VLANs provideindicationofpacketsthroughandpacketsdroppedbytheinterface ClickRefresh to have this page retrieve the most current statis...

Page 286: ...c Click on Details to get detailed Client Statistics including Client IP Address Client MAC Address SSID AP MAC Address AP Location Channel NetBIOS Rx Traffic MB and Tx Traffic MB Controller CPU Utilization Percent of the CPU utilization currently consumed by the device The CPU utilization is broken down into specifics such as all user space processes such as management operations kernel space pro...

Page 287: ...us and Statistics Manage Dashboard To manage the dashboard 1 Click on the Manage Dashboard button 2 The following window will pop out and allow you to enable or disable the overview panels shown on the dashboard Toggle the panel to On or Off and click Save ...

Page 288: ...packets Cumulating bytes sec for transmit receive directions for each interface If you suspect issues with any of the wired ports use this table to identify uptime or transmit level issues with the port The statistics table has an auto refresh control for displaying the most current port level data at each page refresh The default auto refresh for this page is 10 seconds Detail Information You can...

Page 289: ...igured in the Setup and Advanced menus This page is organized into the following sections General Shows system name firmware version WLAN module version and serial number Port Information Shows information based on the administrator configuration parameters Note that LAN1 will display the local interface of the controller If you set any of the LAN ports to Standalone information will be displayed ...

Page 290: ... LAN users as a network drive USBPrinter The DWC can provide the LAN with access to printers connected through the USB The printer driver will have to be installed on the LAN host and traffic will be routed through the DSR between the LAN and printer To configure printer on a Windows machine follow the steps given below Click Start on the desktop Select Printers and faxes option Right click and cl...

Page 291: ...tatistics Network Information Viewing DHCP Clients Path Status Network Information DHCP Leased Clients LAN Leased Clients Two separated tabs shows a list of clients that have got IP leased from the wireless controller LAN leased clients and LAN IPv6 leased clients ...

Page 292: ...he local or external user database and have had their login credentials approved for internet access If Internet session passthrough is enabled select the session and right click Disconnect allowing the admin to selectively drop an authenticated user Select the session and right click Block device The Block Device button will result in the selected client being added to the blocked list Security F...

Page 293: ...tics Viewing Active Sessions Path Status Network Information Active Sessions The Active Sessions page shows the following information about the active Internet sessions through the wireless controller Source Destination Protocol used during the Internet sessions State ...

Page 294: ...PN license is activated Path Status Network Information Active VPNs IPsec SAs The Active VPN Sessions page displays the following information about the active VPN sessions through the wireless controller Policy Name Endpoint Transfer Rate KB and Packets Configuration State Click the tab of the VPN session you want to view IPSec SSL PPTP or Open VPN ...

Page 295: ...95 Section 8 Viewing Status and Statistics Viewing Traffic on Interfaces Path Status Network Information Interfaces Statistics This page shows the incoming outgoing packets on each interface Table fields are shown on the next page ...

Page 296: ...rface Dropped Out Packets Packets dropped on the outbound path of the interface WLAN Info Transmitted Total packets transmitted across all APs managed by the controller Received Total packets received across all APs managed by the controller Transmit Dropped Total packets transmitted across all APs managed by the controller that were dropped Receive Dropped Packets dropped on the inbound path of t...

Page 297: ...nnels Status This page lists configured and active IPv6 tunnels for routing IPv6 traffic through the appliance The fields available on the IPv6 Tunnels Status page are Tunnel Name The active IPv6 to IPv4 tunnel identifier IPv6 Addresses The source IPv6 address es in your LAN that have data being sent over this tunnel ...

Page 298: ... WLAN controllers detected on the network Cluster Controller IndicateswhetherthiscontrolleristheClusterControllerforthecluster Among a group of peer Controllers one of the Controllers is automatically elected or configured to be the Cluster Controller The Cluster Controller gathers status and statistics about all APs and clients in the peer group Note Only the Cluster Controller controller can dis...

Page 299: ...and its associated clients If this controller is the Cluster Controller it will also show the associated clients whom is managed with other peer controllers Controller Associated Clients Field Description Controller IP Address Shows the IP address of the Controller that manages the AP to which the client is associated Client MAC Address Shows the MAC address of the associated client ...

Page 300: ...ding mode The AP the client initially associates with is called the Home AP The AP the client roams to is called the Association AP Distributed Tunnel Field Description Tunnel PacketsTransmitted Total number of packets sent by all APs via distributed tunnels Tunnel Roamed Clients Total number of client that successfully roamed away from Home AP using distributed tunneling Tunnel Clients Totalnumbe...

Page 301: ... controllers in the cluster from one controller The Configuration Receive Status page provides information about the configuration a controller has received from one of its peers Peer Controller Receive Status Field Description Current Receive Status Current Receive Status Global status when wireless configuration is received from a peer controller Possible status values are Not Started Receiving ...

Page 302: ...Power AP Database AP Profiles Known Client Captive Portal RADIUS Client QoS ACL QoS DiffServ None wireless controller has not received any configuration for another controller Timestamp Shows the last time this wireless controller received any configuration data from a peer controller The Peer Controller Managed AP Status page shows information about the access points that each peer controller in ...

Page 303: ...us Field Description Peer IP Address Shows the IP address of each peer wireless controller in the cluster that received configuration information Configuration IP Address ShowstheIPAddressofthecontrollerthatsenttheconfigurationinformation Configuration Identifies which parts of the configuration the controller received from the peer controller The possible configuration elements can be one or more...

Page 304: ...ured and have an active connection with the Wireless controller Standalone APs Number of trusted APs in Standalone mode APs in Standalone mode are not managed by a controller Rogue APs Number of Rogue APs currently detected on theWLAN When an AP performs an RF scan it might detect access points that have not been validated It reports these APs as rogues Discovered APs APs that have a connection wi...

Page 305: ...AP Mitigation Limit Maximum number of APs for which the system can send de authentication frames Rogue AP Mitigation Count Number of APs to which the wireless system is currently sending de authentication messages to mitigate against rogue APs A value of 0 indicates that mitigation is not in progress Maximum Managed APs in Peer Group Maximum number of access points that can be managed by the clust...

Page 306: ... Managed access point profile configuration has been applied to the access point and the access point is operating in managed mode No Database Entry access point s MAC address does not appear in the local or RADIUS Valid AP database Authentication Failed AP access point failed to be authenticated by the wireless controller or RADIUS server Failed wireless controller lost contact with the access po...

Page 307: ...f authentication is enabled but it is not configured Managed profile configuration has been applied to the access point and the access point is operating in managed mode Failed wireless controller lost contact with the access point A failed entry remains in the Managed AP database unless you remove it Note that a managed access point shows a failed status temporarily during a reset If management c...

Page 308: ... on the access point Reset AP Reset the managed AP back to the factory default settings Disassociate Clients View disassociate clients with the selected AP The Managed AP Statistics page shows information about traffic on the access point s wired and wireless interfaces This information can help diagnose network issues such as throughput problems To view the statistics for a managed access point r...

Page 309: ...ed Field Description MAC Address MAC address of each access point managed by the peer controller AP IP Address IP address of the access point Peer IP Address IP address of the peer controller that manages the access point This field appears when All is selected from the drop down menu Location Descriptive location configured for the managed access point Profile Access point profile that the wirele...

Page 310: ...d in the access point did not match the password configured in the local database Not Managed Access point is in theValid AP database but the access point Mode in the local database is not set to Managed RADIUS Authentication The password configured in the RADIUS client for the RADIUS server was rejected by the server RADIUS Challenged TheRADIUSserverisconfiguredtousetheChallenge Responseauthentic...

Page 311: ...lients that the wireless controller has detected Right click on an AP or client to bring up options to view details Fields on the AP Authentication Failure Status Page Field Description MAC Address Ethernet address of the AP If the MAC address of the access point is followed by an asterisk it was reported by a peer controller IP Address IP address of the access point Last FailureType Last type of ...

Page 312: ...tack is not effective against Ad hoc networks because these networks do not use authentication The APs operating on channels outside of the country domain are not attacked because sending any traffic on illegal channels is against the law The wireless controller maintains a list of BSSIDs against which it is conducting a de authentication attack The controller sends the list of BSSIDs and channels...

Page 313: ...gainst which the attack is launched The BSSID is a MAC address Channel Identifies the channel on which the rogue AP is operating Time Since Attack Started Shows the amount of time that has passed since the attack started on the AP RF Scan Report Age Shows the amount of time that has passed since the RF Scan reported this AP ...

Page 314: ...upported by access points as well as software images that are available for download to the access point The right click option will display the radio Information for the selected hardware type Field Description HardwareType Shows the ID number assigned to each access point hardware type The wireless controller supports six different types of access point hardware HardwareType Description Describe...

Page 315: ...ws whether the hardware supports one radio or two radios 802 11a Support Shows whether support for IEEE 802 11a mode is enabled RadioType Description Displays the type of radio which might contain information such as the manufacturer name and supported IEEE 802 11 modes 802 11bg Support Shows whether support for IEEE 802 11bg mode is enabled VAP Count Displays the number of VAPs the radio supports...

Page 316: ...nclude IEEE 802 11a n IEEE 802 11b g n 5 GHz IEEE 802 11n 2 4GHz IEEE 802 11n 802 11ac Clients Total number of IEEE 802 11ac only clients that are authenticated Max Associated Clients Maximum number of clients that can associate with the wireless system This is the maximum number of entries allowed in the Associated Client database Detected Clients Number of wireless clients detected in the WLAN M...

Page 317: ...ent and clicking the View Details button displays detailed information about the selected client Field Description Client MAC Address Ethernet MAC address of the client station Client IP Address The IP address of the client station SSID Name of the wireless network on which the client is connected BSSID MAC address for the managed access point virtual access point where this client is associated A...

Page 318: ... its MAC address Field Description Disconnect Disconnects the associated client Details Shows detailed information about the associated client and the AP it is connected to DistributedTunneling Shows information about distributed tunneling status Neighbor AP Status Shows information about the neighbor AP status Client Statistics Shows detailed statistic information about the associated client and ...

Page 319: ...e client station PacketsTransmitted Total number of packets transmitted to the client station BytesTransmitted Total number of bytes transmitted to the client station Packets Receive Dropped Number of packets received from the client stations that were dropped Bytes Receive Dropped Number of bytes received from the client stations that were dropped PacketsTransmit Dropped Number of packets transmi...

Page 320: ...nt is authenticated Radio 1 or Radio 2 VAP MAC Address VAP MAC address to which the client roamed SSID SSID name used by the VAP User Name User name of client that authenticated via 802 1X Pre Authorization Status Indicates whether the client successfully authenticated Shows a status of Success or Failure Age Time since the history entry was added Field Description AP MAC Address MAC address of th...

Page 321: ... the client information is in the Neighbor Client List AP MAC Address ThebaseEthernetMACAddressofthemanagedAPwhichdetectedtheclient Location The configured descriptive location for the managed AP Radio The radio interface and its configured mode that detected the ad hoc device Detection Mode The mechanism of detecting this Ad Hoc device The possible values are Beacon Frame or Data Frame Age Time s...

Page 322: ...ption MAC Address Ethernet MAC address of the client Client Name Name of the client if available from the Known Client Database If the client is not in the database the field is blank Client Status Client status which can be one of the following values Authenticated wireless client is authenticated with the wireless system Detected wireless client is detected by the wireless system but is not a se...

Page 323: ...lists up to three non sentry and three sentry managed APs that have detected the client Rogue Classification The Wireless Intrusion Detection System WIDS can help detect intrusion attempts into the wireless network and take automatic actions to protect the network The Unified Wireless controller allows you to activate or deactivate various threat detection tests and set threat detection thresholds...

Page 324: ...ng Request packets retransmitted to this server Accounting Responses Displays the number of RADIUS packets received on the accounting port from this server Malformed Access Responses Displays the number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Badauthenticatorsandunknowntypesarenotincludedasmalformed accounti...

Page 325: ...tistics from the other controllers in the cluster including information about the access point s peer controller and the clients associated to those access points Field Description Cluster Information Cluster Controller IP Address IP address of the controller that controls the cluster Peer Controllers Number of peer controllers Connected Peer Controllers IP Address IP address of the peer wireless ...

Page 326: ...he Root AP The WDS links are secured using WPA2 Personal authentication and AES encryption This page displays summary information about configuredWDS links At least one group must be configured for the fields to display To configure a WDS AP group use the pages from Wireless Access Point WDS Groups Field Description ID Unique number that identifies the WDS AP group Configured AP Count Number of AP...

Page 327: ...te APs Source AP Count Number of Root APs currently being managed by the controller that are members of this WDS AP Group Destination AP Count Number of Satellite APs currently being managed by the controller that are members of this WDS AP Group Source Bridge AP MAC MAC Address of the device elected as the Spanning Tree Root Bridge If spanning tree is disabled this value is 00 00 00 00 00 00 Sour...

Page 328: ... link is counted by this status parameter WDS Group Password Change Status Status of the last attempt to configure the password for the WDS Group Not Started Success Invalid Password Requested Timed Out Edit Password To change the password for all controllers and APs in this WDS Group select the Edit checkbox type the new password and then click Apply Password Password must be minimum of 8 charact...

Page 329: ...is a Satellite AP connected to the network via aWDS link or a Root AP connected to the network via a wired link STP Root Mode Indicates whether this AP is the root of the spanning tree If spanning tree is disabled then the AP is always reported as Not STP Root Root Path Cost SpanningTree Path Cost to the root The root AP always reports this value as 0 If spanning tree is disabled the value is also...

Page 330: ...dpoint on the destination AP Source AP End Point Indicates whether the AP specified by the destination MAC detected the AP specified by the source MAC Destination AP End Point Indicates whether the AP specified by the source MAC detected the AP specified by the destination MAC Aggregation Mode When parallel links are defined between two APs this field indicates whether this link is part of the agg...

Page 331: ...he WDS link Source Radio The radio number of the WDS link endpoint on the source AP Destination AP MAC The MAC address of the Source AP in the group Destination Radio The radio number of the WDS link endpoint on the destination AP Source AP Packets Bytes Sent Number of packets bytes sent by the source AP Source AP Packets Bytes Received Number of packets bytes received by the source AP Destination...

Page 332: ...s IP ACL IP ACL Rules Path Status ACL DiffServ IP ACL Rules The IP ACL Rules status page provides a summary of the Rules configuration for the respective IP ACL List Path Status ACL DiffServ IP ACL The IP ACL status page displays the number of rules configured for the specific IP ACL ID Name Path Status ACL DiffServ IP ACL The IP ACL status page displays the number of rules configured for the spec...

Page 333: ... Path Status ACL DiffServ MAC ACL The MAC ACL status page displays the number of rules configured for the specific MAC ACL Name MAC ACL MAC ACL Rules Path Status ACL DiffServ MAC ACL Rules The MAC ACL Rules status page provides a summary of the MAC ACL Rules configuration ...

Page 334: ...he DiffServ Class status page displays the settings done for the configured DiffServ Classes DiffServ Class DiffServ Policy Path Status ACL DiffServ DiffServ Policy The DiffServ Policy status page provides the Policy name policy Type and the member classes i e the selected classes to which the policy is associated ...

Page 335: ...Section 8 Viewing Status and Statistics DiffServ Policy Attribute Path Status ACL DiffServ DiffServ Policy Attribute The DiffServ Policy Attribute status page summarizes the configuration done for the DiffServ Policy Class Definition ...

Page 336: ...36 Section 9 Maintenance Maintenance This chapter describes the following maintenance activities Administration on page 337 Management on page 345 Firmware on page 354 Using the Command Line Interface on page 360 Wizard on page 361 ...

Page 337: ...ronize the date and time You can choose to set Date and Time manually whichwillstoretheinformationonthecontroller srealtimeclock RTC Ifthecontrollerhasaccesstotheinternet the most accurate mechanism to set the controller time is to enable NTP server communication To configure the date and time follow the steps given below 1 Select the controller s time zone relative to Greenwich Mean Time GMT 2 If...

Page 338: ... Maintenance Administration Session Settings Enter the session timeout value for administrator and guest users and then click Save USB Share Ports Path Maintenance Administration USB Share Ports This page allows to configure the USB Share Ports feature available in the device ...

Page 339: ...Select this option to allow the USB printer connected to the router to be shared across the network The USB printer can be accessed on any LAN host with appro priate printer driver installed connected to the router by using the following command in the host s add printers window http Router s IP 631 printers Device Model Device Model can be found in the USB settings page Enable Sharing Select this...

Page 340: ...able for use after device reboot There are 2 types of installations supported by this feature 1 Manual Installation Upon selecting manual installation the user has to download the package which will then display the available languages that the router GUI now supports Note Only drivers provided by D Link can be used for manual installation A validation process will be performed during installation...

Page 341: ...n Install to save your changes Install History It displays a list of installed and uninstalled packages Clicking Click Here displays a page showing the list of device drivers The fields are given below Field Description List of Device Drivers It displays the list of device drivers Description This describes the drivers that are supported Action It consists of 2 options Install Click on Install to ...

Page 342: ...ation Portal website g Follow the directions to receive an activation code 2 After obtaining the Activation Key go to Maintenance Administration License Update The License Update page will appear 3 Under Activation Setup enter the D Link supplied code for the license you want to activate in the Activation Code field 4 Click Activate The activation code will appear under List of Available Licenses ...

Page 343: ...install a language package Path Maintenance Administration Package Manager This page shows the list of available device drivers which the user can install or upgrade and the list of default drivers The drivers which are installed by the user are indicated with green icon while un installed drivers are indicated with red icon To install or upgrade any drivers the user has to right click the respect...

Page 344: ...n be set by selecting the language from the drop down list present at the following page Maintenance Administration Set Language The languages supported by the device are Spanish French Chinese Italian German and English For complete detail please refer Package Manager on page 340 ...

Page 345: ...toconfigure your wireless controller Select HTTP and or HTTPS Note When remote management is enabled the controller is accessible to anyone who knows its IP address It is HIGHLY RECOMMENDED that you change the default administrator and guest passwords before continuing 1 Go to Maintenance Management Remote Management 2 Set HTTP and or HTTPS to On If you select HTTPS you may enter a port 4443 is th...

Page 346: ...FF button to enable authorized users to access this CLI over the internet SNMP Switch it ON to access the device through SNMP remotely AccessType Permission for Remote Management can be given to a selected PC a range of IP addresses or anyone on the Option or LAN Respond to Ping To configure the controller to respond to an ICMP Echo ping packet coming from the Option side switch it to ON This sett...

Page 347: ... number of connected ports The overall current drawn when a single port is connected is less than when all of the available LAN ports have an active Ethernet connection By Cable Length Detection When enabled the controller will reduce the overall current supplied to the LAN port when a small cable length is connected to that port Longer cables have higher resistance than shorter cables and require...

Page 348: ...e configuration parameters The controller as a managed device has an SNMP agent that allows the MIB configuration variables to be accessed by the Master the SNMP manager The Access Control List on the controller identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this controller are provided to the SNM...

Page 349: ...d 3 Click Save 2 Click Add SNMPTrap 3 Complete the fields refer to the table below 4 Click Save Configure SNMP Trap List 1 Go to Maintenance Management SNMP SNMPTrap List tab Field Description IP Address The IP Address of the SNMP trap agent Port The SNMP trap port of the IP address to which the trap messages will be sent Community The community string to which the agent belongs Most agents are co...

Page 350: ... Access Control 3 Fill in the fields refer to the table below 4 Click Save Field Description IP Address The IP Address of the SNMP trap agent Subnet Mask The network mask used to determine the list of allowed SNMP managers Community The community string to which the agent belongs AccessType Access will be either read only ROcommunity or read write RWcommunity ...

Page 351: ...y identification of the controller 3 Click Save Configure Wireless SNMP Info If you use Simple Network Management Protocol SNMP to manage the controller you can configure the SNMP agent on the controller to send traps to the SNMP manager on your network from this page When an AP is managed by a controller it does not send out any traps The controller generates all SNMP traps based on its own event...

Page 352: ...this field the SNMP agent sends a trap for one of the following reasons associated with the wireless client Client Association Detected Client Disassociation Detected Client Roam Detected Peer ControllerTraps If you enable this field the SNMP agent sends a trap for one of the following reasons associated with a peer controller Peer Controller Discovered Peer Controller Failed Peer Controller Unkno...

Page 353: ... peer group exceeded Wireless StatusTraps If you enable this field the SNMP agent sends a trap if the operational status of the controller it need not be Cluster Controller for this trap changes It sends a trap if the Channel Algorithm is complete or the Power Algorithm is complete It also sends a trap if any of the following databases or lists has reached the maximum number of entries Managed AP ...

Page 354: ...llerthatwillreplaceorworkwithotherwirelesscontrollers 1 Click Maintenance Firmware Backup Restore 2 Click Save from System PC Save from USB Port 1 or Save from USB Port 2 depending on the location the backup should be saved to A If Save from System PC is chosen a dialog box message will appear Afterwards the browser will automatically begin the download to the default download location B If Save f...

Page 355: ...ings using the following procedure 1 Click Maintenance Firmware Backup Restore 2 In the Restore to System PC section click the Browse button Use the Choose file dialog box to find the backup file then click the file and click Open You may also restore from a USB drive connected to one of the USB ports 3 Click Restore A message will appear 4 Click OK to close the message and restore the configurati...

Page 356: ...ys to restore a wireless controller to its original factory default settings Use the reset button on the back of the wireless controller see Using the Reset Button to Restore Default Settings on page 368 Use the web management interface instructions below 1 Click Maintenance Firmware Soft Reboot 2 Next to Factory Default settings click the Default button 3 At the confirmation message click OK to r...

Page 357: ... controller Rebooting performs a power cycle and keeps any customized overrides you made to the default settings 1 Go to Maintenance Firmware Soft Reboot 2 Next to Soft Reboot click Soft Reboot To reboot to the original factory default click Default 3 At the confirmation message click OK to reboot the wireless controller or click Cancel to abort reboot ...

Page 358: ...eless controller When improvements are available they are offered to customers as firmware upgrade releases After you install the wireless controller check that it has the latest firmware Thereafter check for firmware releases and install them as they become available 1 In the wireless controller web management interface click Maintenance Firmware Firmware Upgrade The Using System PC page will app...

Page 359: ...f you want to upgrade using a file from a USB drive click the Using USB tab near the top of this page 6 Click Upgrade 7 Attheconfirmationmessage clickOKtostartthefirmwareupgrade Aprogressbarshowstheprogress of the upgrade Note The upgrade process takes a few minutes Do not interrupt the upgrade or turn off the system otherwise you can damage the firmware Wait for the upgrade to complete before bro...

Page 360: ...eraction The following procedure describes how to access the CLI Note A separately purchased USB to DB9F serial adapter will be helpful when connecting a PC or Linux workstation to the console An RJ 45 to DB9M cable is included with the wireless controller 1 Connect a PC with aVT 100 terminal emulation program to the Console port on the front panel of the wireless controller 2 CLI login credential...

Page 361: ...rollercanmanageexternalAP sandalsoactasanAPforwirelessLANclients TheWirelessWizard isauserfriendlyapproachtoconfigureawirelessLANconnectionusingthecontroller sbuiltin802 11radio Ital lowsusertoaimyourwirelessadapter measurenetworkperformanceandquicklyidentifyandfixwirelessbroad bandproblems TheWizardincludesaWi Fianalyzertoeasilyidentifythebestchannelandresolveinterference issues One can even comp...

Page 362: ...ternet access for your network Please follow the procedure given below 1 You can start using the Wizard by logging in with the administrator password for the controller 2 Once authenticated set the time zone that you are located in and then choose the type of ISP connec tion DHCP Static PPPoE PPTP and L2TP 3 Depending on the connection type a username password may be required to register this cont...

Page 363: ...al 363 Section 11 Wizard 5 The last step in the Wizard is to click the Save button which confirms the settings by establishing a link with the ISP 6 Once connected you can move on and configure other features in this controller ...

Page 364: ... Configure Remote and Local Option address for the tunnel endpoints 3 Configure the Secure Connection Remote Accessibility fields to identify the remote network 4 Review the settings and click Connect to establish the tunnel Note The VPN Wizard is the recommended method to set up an Auto IPsec policy Once the Wizard creates the matching IKE and VPN policies required by the Auto policy one can modi...

Page 365: ... the problem The topics covered in this chapter are LED Troubleshooting on page 366 Web Management Interface on page 366 Using the Reset Button to Restore Default Settings on page 368 Problems with Date and Time on page 368 Discovery Problems with Access Points on page 368 Connection Problems on page 369 Network Performance and Rogue Access Point Detection on page 370 Using Diagnostic Tools on the...

Page 366: ...contact D Link technical support LAN Port LEDs Not ON If the LAN LEDs do not go ON when the Ethernet connection is made 1 Check that the Ethernet cable connections are secure at the wireless controller and at the switch 2 Be sure power is applied to the connected switch and that the switch is turned on 3 Be sure you are using the correct cables straight through or crossover Web Management Interfac...

Page 367: ...68 10 1 Select Monitoring Controller Status Ensure that an IP address is shown for the Option port If 0 0 0 0 is shown your firewall has not obtained an IP address from your ISP See the next symptom If the controller cannot obtain the IP address from the ISP Turn off the power to the cable or DSL modem Turn off the controller Wait for 5 minutes and then reapply power to the cable or DSL modem When...

Page 368: ...he Internet If you have just configured the controller wait for at least 5 minutes select Administration Date and Time Time Zone and recheck the date and time Verify your internet access settings If you find that the time is off by an hour Select Administration Date and Time Time Zone and view the current date and time settings Toggle the switch to Enable or Disable Daylight Savings then click Sav...

Page 369: ...n ICMP echo request packet to the designated device The DWC responds with an echo reply Troubleshooting a TCP IP network is made very easy by using the ping utility in your PC or workstation Procedure to test the LAN path from your PC to your controller On the PC s Windows toolbar Click Start and click Run Type ping IP_address where IP_address is the controller s IP address Example ping 192 168 10...

Page 370: ...ctioning Ask your ISP if it has assigned a hostname to your PC If yes select Network Internet IPv4 Option1 Settings and enter that hostname as the ISP account name Ask your ISP if it rejects the Ethernet MAC addresses of all but one of your PCs Many broadband ISPs restrict access by allowing traffic from the MAC address of only your broadband modem but some ISPs additionally restrict access to the...

Page 371: ... controller you can ping an IP address You can use this function to test connectivity between the wireless controller and another device on the network connected to the wireless controller 1 Go to Maintenance Management Diagnostics NetworkTools 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Ping The results will appear ...

Page 372: ...the network path to a public host Up to 30 intermediate controllers or hops between this wireless controller and the destination will be displayed 1 Go to Maintenance Management Diagnostics NetworkTools 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Traceroute The results will appear in the Command Output display given ...

Page 373: ...e the IP address of aWeb FTP Mail or any other server on the Internet 1 Go to Maintenance Management Diagnostics NetworkTools 2 Under DNS Lookup in the Domain Name field enter an Internet name 3 Click Lookup The results will appear in the Command Output display below If the host or domain entry exists a response will appear with the IP address If the message Host Unknown appears the Internet name ...

Page 374: ... data per capture session If the capture file size exceeds 1MB it is deleted automatically and a new capture file is created To capture packets 1 Go to Maintenance Management Diagnostics Capture Packets 2 Select an interface LAN or Option 1 Option 2 from the drop down menu 3 Click Start Trace The results are shown in the Command Output page The trace can be downloaded by clicking the Download butt...

Page 375: ...er and another device on the network connected to the wireless controller 1 Go to Maintenance Management Diagnostics System Check 2 ClickDisplayIPv4TableorDisplayIPv6Table TheresultswillappearintheCommandOutputdisplay area Generating DBGLOGs The link http device ip scgi bin dbglog cgi from the device allows the user to download and automate the debug log dbglog package grouping of system status st...

Page 376: ... the ways you can access these logs Defining What to Log Path Maintenance Logs Settings Log Facilities The Facility Logs page lets you determine the granularity of logs to receive from the wireless controller Select oneofthefollowingfacilities Kernel System Network VPN WCF Firewall WirelessController andCaptivePortal For each facility the following events in order of severity can be logged Severit...

Page 377: ...sages The display for logging can be customized based on whether the logs are sent to the Event Log viewer in the web management interface the Event Log viewer is in the Status System Information All Logs Current Logs or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server ...

Page 378: ... by the firewall Denial of service attacks general attack information login attempts dropped packets and similar events can be captured for review by the IT administrator Note Enabling logging options may generate a significant volume of log messages and is recommended for debugging purposes only Aftermakingyourselectionsonthispage clickSavetosaveyourchangesorclickCanceltoreverttotheprevious setti...

Page 379: ...ion those packets will be accept ed and a message will be logged Make sure the log option is set to allow for this firewall rule Dropped Packets It logs packets that were blocked from being transferred through the segment This option is useful when the Default Outbound Policy is Allow Always see the Firewall Rules page under the Firewall menu Example If Dropped Packets from LAN to WAN is enabled a...

Page 380: ... the firewall Routing Logs All UnicastTraffic If enabled tracks packets directed to the wireless controller All Broadcast MulticastTraffic Ifenabled tracksallbroadcastormulticastpacketsdirectedtothewirelesscontroller FTP Logs If enabled logged information is sent to FTP logs Redirected ICMP Packets Ifenabled tracksthenumberofredirectedInternetControlMessageProtocol ICMP packets Invalid Packets If ...

Page 381: ...les e mail logs Choices are ON enable e mail logs Complete the remaining fields on this page OFF disable e mail logs The remaining fields on this page are unavailable E Mail Server Address If E Mail Logs is enabled enter the IP address or Internet Name of a Simple Mail Transfer Protocol SMTP server The wireless controller will connect to this server to send e mail logs when required The SMTP serve...

Page 382: ...lain Login or CRAM MD5 Password If Authentication with SMTP Server is set to Plain Login or CRAM MD5 enter the case sensitive password to be used for authentication Respond to Identd from SMTP If E Mail Logs is enabled this option determines whether the wireless controller responds to IDENT requests from the SMTP server Choices are ON wireless controller responds to an IDENT request from the SMTP ...

Page 383: ...ferent log facility messages of varying severity using the Remote Logging page Syslog Server Configuration To enable a Syslog server click the ON OFF switch next to the Syslog server field and enter an IP address or FQDN in the Name field The selected facility and severity level messages are sent to the configured and enabled Syslog server after you save the settings on this page Switch To have th...

Page 384: ...all entries in the Display Logs screen Click Send Logs to send all logs in the Display Logs screen to pre configured e mail recipients Click Export Logs to export save the current log entries to a file Field Description Facility Level Filter the logs based on the facility level selected Category Filter the logs based on category selected Severity Level Filter the logs based on the severity level s...

Page 385: ... Wi Fi coverage A Basic Planning Worksheet similar to the one in this appendix allows you to collect the following critical information to expedite your planning efforts Building dimensions Walls and possible obstructions to wireless coverage Number of floors Distance between floors Total number of users and number of users per access point Radio type s Desired access point data rates Areas where ...

Page 386: ...Configure your time zone and record it here___________________ 3 Use default radio configuration Profile Name ___________________________________________ Clients ________________________________________________ Modes Available 802 11 b g 802 11 n 802 11 b g n 802 11 a 5 GHz Only 802 11 a n 5 GHz Only 802 11 a n ac 5 GHz Only 4 SSID information Service Set Identifier SSID name _____________________...

Page 387: ...ccess points DWC 1000 wireless controller DWL 2600AP access point DWL 3600AP access point DWL 6600AP access point DWL 6700AP access point DWL 8600AP access point DWL 3610AP access point DWL 6610AP access point DWL 8610AP access point DWL 8710AP access point 15 Record MAC addresses for the wireless controller and all access points DWC 1000 wireless controller DWL 2600AP access point s DWL 3600AP ac...

Page 388: ...lt Setting Device Login User login URL http 192 168 10 1 User name case sensitive admin Login password case sensitive admin Local area network LAN IP address 192 168 10 1 IPv4 subnet mask 255 255 255 0 DHCP server Disabled Time zone GMT Time zone adjusted for Daylight Savings Time Disabled SNMP Disabled Remote management Disabled ...

Page 389: ...e Mode for securely exchanging encryption keys in ISAKMP as part of building a VPN tunnel IP Internet Protocol The principal communications protocol used for relaying datagrams known as network packets across an internetwork using the Internet Protocol Suite IP is responsible for routing packets across network boundaries It is the primary protocol that establishes the Internet IPSec IP security Su...

Page 390: ...rk from another All access points and devices trying to connect to a specific wireless network must use the same SSID to enable effective roaming Subnet A portion of a network that shares a common address component On TCP IP networks subnets are defined as all devices whose IP addresses have the same prefix For example all devices with IP addresses that start with 100 100 100 belong to the same su...

Reviews:

No comments

Related manuals for DWC-1000

Eaton SC300 Operation Handbook preview
SC300
Brand: Eaton Pages: 166
Samsung DMS2.5 Service Manual preview
DMS2.5
Brand: Samsung Pages: 32
Datalogic DX8200 Quick Reference Manual preview
DX8200
Brand: Datalogic Pages: 15
Farfisa TD6100 Manual preview
TD6100
Brand: Farfisa Pages: 20
Racal Instruments 1266 Manual preview
1266
Brand: Racal Instruments Pages: 64
Häfele 633.03.298 Quick Start Manual preview
633.03.298
Brand: Häfele Pages: 2
Häfele 633.03.298 Operating Instructions Manual preview
633.03.298
Brand: Häfele Pages: 24
Harpo BraillePen 12 Quick Start Manual preview
BraillePen 12
Brand: Harpo Pages: 35
Hardi HC 6500 Quick Manual preview
HC 6500
Brand: Hardi Pages: 2
National Instruments NI cRIO-9036 User Manual preview
NI cRIO-9036
Brand: National Instruments Pages: 40
National Instruments cRIO-9063 Manual preview
cRIO-9063
Brand: National Instruments Pages: 28
National Instruments NI PXI-8104 Installation Manual preview
NI PXI-8104
Brand: National Instruments Pages: 7
National Instruments NI PXI-8840 Getting Started Manual preview
NI PXI-8840
Brand: National Instruments Pages: 22
Sakura Seiki Tissue-Tek TEC 6 Operating Manual preview
Tissue-Tek TEC 6
Brand: Sakura Seiki Pages: 6
U.S. Divers Impulse Service & Repair Manual preview
Impulse
Brand: U.S. Divers Pages: 22
RadioMaster MT12 Instruction Manual preview
MT12
Brand: RadioMaster Pages: 49
X10 SUPERREMOTE UR19A Addendum preview
SUPERREMOTE UR19A
Brand: X10 Pages: 3
Xantech MRC88M Installation Instructions Manual preview
MRC88M
Brand: Xantech Pages: 102

Brands by name

Popular brands

Load more brands