manualshive.com logo in svg

D-Link DWC-2000, User Manual

The D-Link DWC-2000 is a high-performance wireless controller that delivers centralized management for up to 256 access points. To maximize your network's potential, our website offers the free Cli Reference Manual download. Enhance your experience with this comprehensive manual available for free download at manualshive.com.

Share
Download
background image

D-Link DWC-2000 User Manual

30

Section 3 - Basic Configuration

3.  Complete the Security fields on the SSID Profile Configuration page.

Field

Description

SSID

Enter the case-sensitive name of the wireless network. Be sure the SSID is the same for all device in 

your wireless network.

VLAN

Enter a VLAN ID. Be sure this VLAN ID had been created on VLAN Setting (

Network

 > 

VLAN

 > 

VLAN 

Setting

).

Security

The default access point profile does not use any security mechanism. To protect your network, 

we recommend you select a security mechanism to prevent unauthorized wireless clients from 

gaining access to your network. Choices are:

•  None = no security mechanism is used.

•  WEP = enable WEP security. Complete the options in Table 3-1.

•  WPA/WPA2 = enable WPA/WPA2 security. Complete the options in Table 3-2.

Field

Description

Security

•  Static WEP = uses static key management. You manually configure the same keys to 

encrypt data on both the wireless client and the access point. Dynamic WEP (WEP IEEE 

802.1x) uses dynamically generated keys to encrypt client-to- access point traffic.

•  WEP IEEE 802.1X = screen refreshes, and there are no more fields to configure. The access 

point uses the global RADIUS server or the RADIUS server you specified for the wireless 

network.

Authentication

Select the authentication type. Choices are:
•  Open System = any wireless station can request authentication. The station that needs to 

authenticate with another wireless station sends an authentication management frame 

that contains the identity of the sending station. The receiving station returns a frame that 

indicates whether it recognizes the sending station.

•  Shared Key = each wireless station is assumed to have received a secret shared key over 

a secure channel that is independent from the 802.11 wireless network communications 

channel.

WEP Key

Select the key type. Choices are:
•  ASCII = upper- and lower-case alphabetic letters, numeric digits, and special symbols 

such as @ and #.

•  HEX = digits 0 to 9 and letters A to F.

WEP Key 

Length (bits)

Select the length of the WEP key. Choices are:
•  64 = 64 bits
•  128 = 128 bits

Tx

Transfer Key Index. Indicates which WEP key the access point uses to encrypt the data it 

transmits. To select a transfer key, click the button in front of the key number and the field 

where you enter the key.

WEP Keys

You can specify four WEP keys. In each text box, enter a string of characters for each of the 

RC4 WEP keys shared with the stations using the access point. Use the same number of 

characters for each key. The number of keys you enter depends on the WEP Key Type and 

WEP Key Length selections. The following list shows the number of keys to enter in the field:
•  64 bit = ASCII: 5 characters; Hex: 10 characters
•  128 bit = ASCII: 13 characters; Hex: 26 characters
Each client station must be configured to use one of these WEP keys in the same slot as 

specified here.

Table 3-1 WEP Page Settings

Summary of Contents for DWC-2000

Page 1: ...Wireless Controller User Manual DWC 2000 Version 1 00 BUSINESS WIRELESS SOLUTION ...

Page 2: ...n 1 00 April 28 2014 DWC 2000 revision A1 initial release Trademarks D Link and the D Link logo are trademarks or registered trademarks of D Link Corporation or its subsidiaries in the United States or other countries All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies 2014 D Link Corporation All rights reserved This publication...

Page 3: ...ystem components and never operate the product in a wet environment If the system gets wet see the appropriate section in your troubleshooting guide or contact your trained service provider Do not push any objects into the openings of your system Doing so can cause fire or electric shock by shorting out interior components Use the product only with approved equipment Allow the product to cool befo...

Page 4: ... power supply UPS Position system cables and power cables carefully route cables so that they cannot be stepped on or tripped over Be sure that nothing rests on any cables Do not modify power cables or plugs Consult a licensed electrician or your power company for site modifications Always follow your local national wiring rules Whenconnectingordisconnectingpowertohot pluggablepowersupplies ifoffe...

Page 5: ...tic discharge ESD 1 When unpacking a static sensitive component from its shipping carton do not remove the component from the antistatic packing material until you are ready to install the component in your system Just before unwrapping the antistatic packaging be sure to discharge static electricity from your body 2 When transporting a sensitive component first place it in an antistatic container...

Page 6: ...gement Interface 20 Web Management Interface Layout 22 Standard Web Management Interface Features 23 Basic Configuration Procedures 24 Step 1 Enable DHCP Server Optional 25 Step 2 Configure Country Code 26 Step 3 Select APs to be Managed 27 Step 4 Change the SSID and Set Up Security 29 Step 5 Select MAC Authentication Mode 34 Step 6 Confirm Access Point Profile is Associated 36 Step 7 Configure Ca...

Page 7: ... a AP from Discovered AP List 80 Manual Change Channel and Power of Managed AP 81 Configure AP Debug Mode 82 Configure AP Provisioning 83 AP Profiles 85 Configure AP Profile 85 Configure AP Profile Radio 87 Configure AP Profile SSID 93 Configure AP Profile QoS 94 SSID Profiles 98 Configure SSID Profiles 98 Wireless Distribution System WDS 102 Configure WDS Managed AP Group 104 Configure WDS Manage...

Page 8: ...Routing 142 Configure IPv6 Static Routing 144 Editing Deleting Static Routes 146 QoS Configuration 147 QoS Priority 147 Enabling QoS Mode 148 Defining DSCP and CoS on each port 150 Configuring 802 1p Priority 151 Configuring DSCP Priority 152 Port Shaping Rate 153 QoS Policy 154 Configure Policy Based QoS 154 Configure Flow based Control 156 Configure Auto VoIP QoS 157 Configure Queue Scheduler 15...

Page 9: ...nfigure POP3 Server 188 Configure POP3 Trusted CA 189 Configure LDAP Server 190 Blocked Clients 192 Status and Statistics 193 Viewing Statistic and Utilization 195 Manage Dashboard 196 Viewing System Status 198 Viewing USB Status 199 Viewing DHCP Clients 200 Viewing Captive Portal Sessions 201 Viewing Traffic on Interfaces 202 Viewing Link Aggregation 204 Viewing Controller Status and Statistics 2...

Page 10: ...nt 242 Using SNMP 243 Configure SNMP v3 User List 243 Configure SNMP Trap List 244 Configure SNMP Access Control List 245 Configure SNMP System Info 246 Configure Wireless SNMP Info 246 Backup Configuration Settings 249 Restoring Configuration Settings 250 Restoring Factory Default Settings 251 Rebooting the Wireless Controller 252 Upgrading Firmware 253 Wireless Controller Firmware Upgrade 253 Us...

Page 11: ...s 262 Capturing Log Packets 263 Conducting a System Check 264 Log Settings 265 Defining What to Log 265 Tracking Traffic Routing Logs 267 System Logging 268 Remote Logging 269 Syslog Server Configuration 271 Event Log 272 Current Logs 273 WLAN Logs 274 LAN Logs 275 Appendix A Basic Planning Worksheet 276 Appendix B Factory Default Settings 279 Appendix C Glossary 280 Appendix D Technical Specifica...

Page 12: ...duct troubleshooting procedures Configuration is performed using configuration profiles A configuration profile allows a wireless controller to distribute a set of radio Service Set Identifier SSID and QoS parameters to the access points associated with that profile The wireless controller comes with one profile predefined You can use this profile as is edit it to suit your requirements or create ...

Page 13: ...p to 256 access points on a single wireless controller Up to 1 024 access point in a clustering group network Maximum of 8 wireless controllers and support auto failover redundancy while access points in full capacity Supports IEEE 802 11a 802 11b 802 11g 802 11n and 802 11ac protocols Centralized Management and Configuration Auto discovery of access points in L2 and L3 domains Single point of man...

Page 14: ... wireless controller s ventilation slots Leave at least 3 feet 91 4 cm clear on both sides and rear of the controller Allow you to reach the wireless controller and all cables attached to it Have a working AC power outlet that is not controlled by a wall switch that can accidentally remove power to the outlet Package Contents Each wireless controller package contains the following items One D Link...

Page 15: ...tes the USB device is attached This LED will blink during data transmission 5 Module Bay Slot for the hard disk drive module 6 Fiber Ports 1 4 Four 100 1000 SFP combo ports labeled 1 through 4 7 LAN Ports 1 4 Four Gigabit Ethernet ports labeled 1 through 4 let you connect Ethernet devices such as computers switches and network storage NAS devices Each port has an Activity LED left and Link LED rig...

Page 16: ...ient connectivity test to determine maximum throughput achievable on the client After the site survey is complete use the collected data to set up an RF plan using the Basic Planning Worksheet in Appendix A After you complete the Basic PlanningWorksheet select a location for the wireless controller The ideal location should Be flat and clean with no dust water moisture or exposure to direct sunlig...

Page 17: ... wireless controller can be mounted in a standard 19 inch equipment rack 1 Attach the mounting brackets to each side of the chassis and secure them with the supplied screws 2 Use the screws provided with the equipment rack to mount the wireless controller into the rack ...

Page 18: ...rnet LAN cable to one of the ports labeled LAN 1 4 on the front of the wireless controller Connect the other end of the cable to an available RJ 45 port on a switch in the LAN network segment 3 Connect one of the wireless controller ports labeled LAN 1 4 to the network or directly to a PC 4 Using the supplied power cord connect the wireless controller to a working AC outlet 5 ThePowerLEDwillillumi...

Page 19: ...ibed in this section which includes Log in to the Web Management Interface on page 20 Web Management Interface Layout on page 22 Standard Web Management Interface Features on page 23 Basic Configuration Procedures on page 24 Using the information in this chapter you can perform the basic information and get your wireless controller up and running in a short period of time ...

Page 20: ...o run JavaScript Upgrade the firmware for your wireless controller see Upgrading Firmware on page 20 Upgrade the firmware for your access points after you upgrade the wireless controller firmware refer to the documentation for your access points To log in to the web management interface 1 Launch a web browser on the PC 2 In the address field of your web browser type the IP address for the wireless...

Page 21: ...face opens with the System Status page This page displays general LAN andWLAN status information You can return to this page at any time by clicking Status Dashboard 5 To log out of the web management interface click the Logout icon which is in the top right corner of the page in the System Menu area ...

Page 22: ...tion buttons Action buttons change the configuration or allow you to make changes to the configuration Common action buttons are Save Saves all configuration changes made on the current screen Saved settings are retained when the wireless controller is powered off or rebooted while unsaved configuration changes are lost Cancel Resets options on the current screen to the last applied or last saved ...

Page 23: ...ight corner of the screen on the left of the System Search box Refresh allows you to refresh the interface in order for changes to take effect immediately Click on the refresh icon near the top right corner of the screen to the right of the Help icon Logout allows you to log out of the interface securely after you have finished Click on the Logout icon at the top right corner of the screen Search ...

Page 24: ...try Code on page 26 Step 3 Select APs to be Managed on page 27 Step 4 Change the SSID and Set Up Security on page 29 Step 5 Select MAC Authentication Mode on page 34 Step 6 Confirm Access Point Profile is Associated on page 36 Step 7 Configure Captive Portal Settings on page 37 Step 8 Use SSID with RADIUS Sever as Authenticator on page 45 Step 9 Configure Guest Management on page 46 Step 10 Config...

Page 25: ... for your LAN Domain Name Enter the domain name Lease Time Enter the lease time of the assigned IP addresses Configure DNS WINS Turn this on to enter the IP address of the DNS or WINS server Primary DNS Server If configured Domain Name System DNS servers are available on the LAN enter the IP address of the primary DNS server Secondary DNS Server If configured domain name system DNS servers are ava...

Page 26: ...Code Each country has its regulation for the radio usage Use the following procedure to select the country where the wireless networks are 1 Click Wireless General General The General Setting page will appear 2 At the bottom select the Country Code from the drop down menu and click Save ...

Page 27: ...he access points that the wireless controller will manage 1 Click Wireless Access Point Discovered AP List The Discovered AP List page will appear with a list of access points that the wireless controller has discovered 2 Under Discovered AP List right click on the access point you want the wireless controller to manage and select Manage 3 Complete the fields in the Manage AP page refer to the nex...

Page 28: ...d for wireless communication is displayed This is for reference only Expected WDS Mode If AP Mode Standalone the WDS Wireless Distributed System mode to be used if you intend to use WDS This is for reference only Expected Security Mode If AP Mode Standalone the security mode to be used is displayed This is for reference only Expected Wired Network Mode If AP Mode Standalone select whether wired ne...

Page 29: ...configured and applied in order to the access points on each radio In this procedure you will edit one of the pre configured networks and change its SSID and security settings to suit your requirements 1 Click Wireless Access Point AP Profile AP Profile SSID The following page will appear with a list of the wireless networks configured on the wireless controller 2 Under the SSIDStatus column selec...

Page 30: ...on can request authentication The station that needs to authenticate with another wireless station sends an authentication management frame that contains the identity of the sending station The receiving station returns a frame that indicates whether it recognizes the sending station Shared Key each wireless station is assumed to have received a secret shared key over a secure channel that is inde...

Page 31: ...have a validTKIP key or AES CCMP key to associate with the access point 802 11n clients cannot use the TKIP cipher If you enable TKIP only 802 11 clients cannot authenticate with the network WPA KeyType Enter a WPA key type Range ASCII including upper and lower case alphabetic letters numeric digits and special symbols such as and WPA Key Enter the shared secret key for WPA Personal Range 8 62 cha...

Page 32: ...nk DWC 2000 User Manual 32 Section 3 Basic Configuration 4 To add a new SSID go to at Wireless Access Point SSID Profile and click the Add New SSID Profile button 5 Fill out the fields below and click Save ...

Page 33: ...he radio from SSID Name drop down menu or right click the SSID network you want to enable and click Enable on the AP Profile SSID List Note SSID ID 1 is always enabled If you do not want to have the first SSID enabled you must create a new SSID to be able to swap another SSID in the first slot 6 Click Wireless Access Point AP Profile Click on the AP Profile SSID tab on the middle menu The Access P...

Page 34: ...troller provides two MAC Authentication Mode the white list or the black list White list SelectthisoptiontograntaccesstoanywirelessclientswithMACaddressesthatarespecified in the MAC Authentication database or RADIUS server and are not explicitly denied access If the MAC address is not in the database then access will be denied to the client Black list Select this option to deny access to any wirel...

Page 35: ... clicking Edit The following pop up page will appear Select Local and click Save 4 Click Add New MAC Authentication Fill in the client s MAC address and name and then click Save 3 Click Security Authentication User Database MAC Authentication The MAC Authentication setting page will appear The List Type will display what your selection was in Step 2 ...

Page 36: ...oller Note Each time you change configuration settings perform this procedure to apply the changes to the access point 1 Go to Wireless Access Point AP Profile 2 Under Access Point Profile List right click on the AP profile you want to update and click Apply 3 Wait30secondsandthenclicktherefreshicon toverifythattheprofileisassociated Yourassociated access point is configured and ready to authentic...

Page 37: ...rocess 1 Create a captive portal group a Go to Security Authentication User Database Groups The Groups List page will appear b Click Add New Group The Group Configuration page will appear c Complete the fields in the table below and click Save Field Description Group Name Enter a name for the group Description Enter a description of the group Captive Portal User Enable this option under User Type ...

Page 38: ...00 User Manual 38 Section 3 Basic Configuration 2 Add captive portal users a Go to Security Authentication User Database Users The Users List will appear b Click Add New User The User Configuration page will appear ...

Page 39: ...tion domain is an external server such as RADIUS Select Group Select the captive portal group to which this user will belong Enable Password Change This is the option for administrator to enable disable change Password link in Captive Portal page MultiLogin More than one device can login with the same username password Password Enter a case sensitive password that the user must specify before gain...

Page 40: ...ociate the captive portal group to a SSID Profile a Click Wireless Access Point AP Profile AP Profile SSID b Under the SSID column select an SSID that will use the Captive Portal function by right clicking on it and clicking Edit The following pop up page will appear ...

Page 41: ...er account Select Permanent User on Captive Portal Type and select Local User Database on Authentication Server d Select the customized login page from the Login Profile Name drop down menu e Click Save The captive portal is now associated to the selected SSID To test your configuration from a client connect to the captive portal SSID to log in to the captive portal Enter an IP address on the capt...

Page 42: ...2 Section 3 Basic Configuration b Under the Login Profiles List click Add New Login Profile to add a new profile or right click an existing profile and click Edit to edit the profile The Login Profile Configuration page will appear ...

Page 43: ... the background color of the page that will appear during the captive portal session from the drop down menu Custom Color If you choose Custom on Page Background Color enter the HTML color code Header Details Background Selectwhethertheloginpagedisplayedduringthecaptiveportalsessionwillshowanimage or color Choices are Image show image on the page Use the Header Background Color field to select a b...

Page 44: ... in to the captive portal session This field is optional Welcome Message Enterthewelcomemessagethatappearswhenuserslogintothecaptivesessionsuccessfully This field is optional Error Message Enter the error message that appears when users fail to log in to the captive session successfully This field is optional Footer Details Change Footer Content Enables or disables changes to the footer content on...

Page 45: ...n server Authentication Port RADIUS authentication port number to send RADIUS messages Secret Enter the secret key that allows the device to log into the configured RADIUS server It must match the secret on RADIUS server Timeout Set the timeout in seconds The controller should wait for a response from the RADIUS server Retries The number of tries the controller will make to the RADIUS server befor...

Page 46: ...ick Add New Group The Group Configuration page will appear c Fill in group name and description and select Front Desk on User Type 2 Add front desk users a Go to Security Authentication User Database Users The Users List will appear b Click Add New User The User Configuration page will appear c Complete the fields and select the front desk group you created in the previous step on Selected Group 3...

Page 47: ... service for a period of time counting from first time logs in Below are five most common types of billing profiles I The temporary account usage time is limited by duration The account has the expiration time The account is valid while the account is created Account Creation the temporary account is generated by front desk account in the local database Account Activation the temporary account is ...

Page 48: ...ime This billing profile is suitable for the scenario in Press Conference The organizer generates accounts before the event and delivery account information to participator in advanced if necessary The temporary account would be only valid from specific date and time IV The temporary account has limited time usage The account doesn t have the expiration time until the usage is run out This billing...

Page 49: ...Traffic Maximum traffic user can use before his account expires Only inbound traffic shall be considered towards bandwidth usage Allow Front Desk to Modify Usage If you enable Maximum Usage Time or Maximum Usage Traffic checking this option enables the front desk user to modify usage limits Field Description Profile Details Profile Name Each profile will be having a profile Name to identify itself...

Page 50: ...and clicking Edit c Select a Captive Portal Type from the drop down menu d Click Save Note Apply AP Profile from Wireless Access Point AP Profiles if the SSID have been associated with a used AP Profile to change the configuration 5 Generate guest accounts a Log in the Front Desk page by entering http ip_address frontdesk e g http 192 168 10 1 frontdesk Enter the username and password of a user yo...

Page 51: ...mation by clicking Print The information would send to the internet printer Only one user account can be created at a time 6 Monitor user account status a Monitor temporary account status and extend account usage duration or volume Click View Account for reviewing generated temporary status ...

Page 52: ...ick View Details to view more information 7 Extend user account usage a Select an account and right click Extend Session Manually change the usage time traffic Note Make sure that Allow Front Desk to Modify Usage is turned on in the Captive Portal Billing Profile Configuration page b Click Save ...

Page 53: ...e granted authority To configure a BYOD environment perform the following procedures The authentication methods on each SSID are difference dlink_corporate SSID This SSID is for D Link employees who works with cooperate provided drives It requires device MAC authentication and Captive Portal to complete the authentication process dlink_byod SSID This SSID is for D Link employees who work with his ...

Page 54: ...ssociate VLAN 1 to three memberships in Trunk mode on Port1 a Go to Network VLAN PortVLAN b Right click port 1 and click Edit Select Trunk from the Mode drop down menu and then select VLAN1 to VLAN3 hold CRTL and click 1 2 and 3 next to VLAN Membership c Click Save ...

Page 55: ...The SSID Profile List will appear b Click Add New SSID Profile Create SSID dlink_corporate and dlink byod c Enable Captive Portal on both SSIDs and select the Captive Portal Type as Permanent User d Select the Authentication Server The authentication server can be either local database or external authentication sever i e RADIUS e Assign VLAN2 and VLAN3 to dlink_corporate and dlink_byod respective...

Page 56: ...Point AP Profile b Click Add New AP Profile Create a profile called BYOD c Click Save d Click the AP Profile SSID tab Next to AP Profile make sure BYOD is selected e In the SSID list right click the dlink_corporate row and select Enable f Right click the dlink_byod row and select Enable g Both SSIDs are now associated with the BYOD SSID profile ...

Page 57: ...ase Group tab b Click Add New Group Create a group called EMPLOYEE Next to User Type select Network and toggle Captive Portal User to On Enter an Idle Timeout value in minutes c Click Save d Create user accounts Go to Security Authentication User Database Users tab e Click Add New User to create user accounts Fill in the fields and select EMPLOYEE next to Select Group f Click Save ...

Page 58: ...the setting refer to Step 5 Select MAC Authentication Mode on page 34 c Click Add New MAC Authentication Enter the MAC address of the device and a name d Click Save Note IftheuserauthenticationandMACauthenticationdatabaseisexternalauthenticationserver i e RADIUS please refer to Step 8 Use SSID with RADIUS Sever as Authenticator on page 45 7 Discover and manage an access point from the network Plea...

Page 59: ...should be suitable for most users and most situations The wireless controller also provides advanced configuration settings for users who want to take advantage of the more advanced features of the wireless controller The following sections list the wireless controller s advanced settings Users who do not understand these features should not attempt to reconfigure their wireless controller unless ...

Page 60: ...g commonly used advanced wireless configuration settings WLAN General Settings on page 61 Channel Plan and Power Settings on page 64 WIDS on page 67 Distributed Tunnel on page 72 WLAN Visualization on page 73 AP Discovery Methods on page 75 Managed APs on page 78 AP Profiles on page 85 SSID Profiles on page 98 Wireless Distribution System WDS on page 102 Peer Group on page 108 AP Firmware Download...

Page 61: ...configuration settings for all managed APs and the wireless controller including WLAN Global Setup AP Validation and Country Configuration Path Wireless General General To configure the WLAN general settings 1 Click Wireless General General The WLAN General Settings page will appear 2 Complete the fields in the table on the next page 3 Click Save ...

Page 62: ...ut field the entry is deleted Tunnel IP MTU Size Select the maximum size of an IP packet handled by the network The MTU is enforcedonlyontunneledVAPs WhenIPpacketsaretunneledbetweentheAPsand the wireless controller the packet size is increased by 20 bytes during transit This means that clients configured for 1500 byte IP MTU size may exceed the maximum MTU size of existing network infrastructure w...

Page 63: ... you select this option you must configure the passphrase on the AP while it is in standalone mode as well as in the Valid AP database To configure the pass phrase on a standalone AP log onto the AP Administration Web UI and go to the Managed Access Point page or log onto the AP CLI and use the set managed ap pass phrase command To configure the passphrase for an AP in the local Valid AP database ...

Page 64: ...the operational channel on every AP it manages and changes the channel if the current channel is noisy Configure Channel Plan Path Wireless General Channel Algorithm To configure Channel Algorithm setting 1 Click Wireless General Channel Algorithm Channel Setting tab The Channel Setting page will appear 2 Each AP is dual band capable of operating in the 2 4GHz and 5GHz frequencies The 802 11a n an...

Page 65: ...l occur once every 24 hours at the time you specify 6 Ignore Unmanaged APs This function indicates whether the controller should pay attention only to APs managed by the cluster or all detected APs when deciding what channel select for the radio The setting is enabled by default 7 Channel Change Threshold Configure the detected neighbor signal strength that triggers the channel plan to re evaluate...

Page 66: ...gth equal or above the threshold The signal detected below the threshold is ignored 4 If you select Manual click on the Manual Power Adjustments tab Here you can apply and start the power algorithm on selected access points Configure Power Settings Path Wireless General Power Algorithm You can set the power of the AP radio frequency transmission in the AP profile the local database or in the RADIU...

Page 67: ...on page are part of the global configuration on the controller and must be manually pushed to other controllers in order to synchronize that configuration Many of the tests are focused on identifying APs that are advertising managed SSIDs but are not in fact managed APs Detecting such an AP means that a network is either miss configured or that a hacker set up a honeypot AP in the attempt to colle...

Page 68: ...f any of the radios in the profiles are configured not to send SSID field which is not recommended because it does not provide any real security and disables this test Fake Managed AP on an Invalid Channel This test detects rogue APs that transmit beacons from the source MAC address of one of the managed APs but on different channel from which the AP is supposed to be operating Managed SSID Detect...

Page 69: ...te to Rogue In order for the wireless system to detect this threat the wireless network must contain one or more radios that operate in sentry mode Rogue DetectedTrap Interval Specify the interval in seconds between transmissions of the SNMP trap telling the administrator that rogue APs are present in the RF Scan database If you set the value to 0 the trap is never sent Wired Network Detection Int...

Page 70: ... to other controllers in order to synchronize that configuration Aspartofthegeneralassociationandauthenticationprocess wirelessclientssend802 11managementmessages to APs The WIDS feature tracks the following types of management messages that each detected client sends Probe Requests 802 11 Authentication Requests 802 11 De Authentication Requests In order to help determine whether a client is posi...

Page 71: ...n with Unknown AP Test must also be enabled in order for the mitigation to take place SelectdisabletoallowclientsintheKnownClientsdatabasetoremainauthenticated with an unknown AP Known Client Database Lookup Method When the controller detects a client on the network it performs a lookup in the Known Client database Specify whether the controller should use the local or RADIUS database for these lo...

Page 72: ...to the wired network If a client roams to another AP in the same subnet then the tunnel is not created and the new AP becomes the Home AP for the client Configure Distributed Tunnel Path Wireless General Distributed Tunnel 1 Click Wireless General Distributed Tunnel 2 Configure the following settings Distributed Tunnel Clients Specify the maximum number of distributed tunneling clients that can ro...

Page 73: ...on feature Images file formats that are recommended to upload should be in one of the following formats GIF Graphics Interchange Format JPG Joint Photographic Experts Group It is also recommended that you do not use color images since the WLAN components might not show up well Once user uploads an image file and save the running configuration the image remains on the controller and you can assign ...

Page 74: ... Wireless General WLAN Visualization To launch theWLANVisulization tool clickWireless General WLANVisualization This will open a new browser windowandstartstheJavaappletthatallowstheAPandWLANcontrollernetworktobepresentedasatopology diagram with or without a custom background image ...

Page 75: ...lt VLAN 1 is enabled on the AP and VLAN 1 is enabled for discovery on the wireless controller If the wireless controller and AP are in the same Layer 2 multicast domain you might not need to take any action to enable AP discovery The wireless controller also uses L2 VLAN discovery to find peer controllers within the L2 multicast domain TheAPsprocessthediscoverymessageonlywhenitcomesinonthemanageme...

Page 76: ...N Configuration Configure L2 VLAN Discovery Path Wireless Access Point AP Poll List 1 Click Wireless Access Point AP Poll List VLAN Discovery tab 4 Click Save 2 Switch L2 VLAN Discovery to ON and click Save 3 Click Add NewVLAN to Poll Enter a VLAN number ...

Page 77: ...very method mechanism is useful for peer wireless controller discovery and AP discovery when the devices are in different IP subnets In fact for a wireless controller to recognize a peer that is not on the same subnet you must configure the IP addresses of each controller in the peer s L3 discovery list Configure L3 IP Discovery Path Wireless Access Point AP Poll List 1 Click Wireless Access Point...

Page 78: ...atabase for AP Validation The Valid Access Point List page contains information about APs configured in the local database If the AP Validation is set to RADIUS information about the APs to be managed by the controller must be added to the external RADIUS database Add a Valid AP 1 Click Wireless Access Point Managed APs List Valid AP tab 2 Click Add NewValid AP 3 Complete the fields on the next pa...

Page 79: ...andalone the channel to be used for wireless communication This is for reference only Expected WDS Mode If AP Mode Standalone the WDS Wireless Distributed System mode to be used if you intend to use WDS This is for reference only Expected Security Mode If AP Mode Standalone the security mode to be used This is for reference only Expected Wired Network Mode If AP Mode Standalone select whether wire...

Page 80: ...onfiguration Add a AP from Discovered AP List Path Wireless Access Point Discovered AP List 1 Click Wireless Access Point Discovered AP List 2 Right click an AP and select Manage 3 Select an AP Mode and Profile refer to the previous page and then click Save ...

Page 81: ...lied to the AP such as when the AP disassociates and re associates with the controller 1 Click Wireless Access Point Managed APs List Managed APs tab 3 Select the channel as your desired The available channels depend on the radio mode and country in which the APs operate The manual channel change overrides the channel configured in the AP profile and is not retained when the AP reboots or when the...

Page 82: ...s List Managed APs When the AP is in Managed mode remote access to the AP is disabled However you can enableTelnet access by enabling the Debug feature on the Managed APs page 1 Click Wireless Access Point Managed APs List Managed APs tab 2 Right click on one of the entries and select Debug 3 Toggle Enable Debug to On 4 Click Save ...

Page 83: ...Configuration If a network is not enabled for mutual authentication then APs can be attached to the network by properly configuring the local Valid AP database or RADIUS AP database and discovery options The provisioning feature can optionally be used on networks not enabled for mutual authentication to simplify AP attachment to the cluster Use the AP Provisioning page to view detailed provisionin...

Page 84: ...oning configuration In Progress Provisioning is executing for this AP Invalid Switch IP Address Either primary or backup wireless controller IP address is not in the cluster or the mutual authentication mode is enabled and the primary wireless controller IP address is not specified Provisioning Rejected AP is not managed and is configured not to accept provisioning data in unmanaged mode Timed Out...

Page 85: ...location function or other criteria Profiles are like templates and once you create an AP profile you can apply that profile to any AP that the wireless controller manages For each AP profile you can configure the following features Profile Settings Name Hardware Type ID Wired Network Discovery VLAN ID Radio Settings SSID Settings QoS Configuration Configure AP Profile Path Wireless Access Point A...

Page 86: ...al Radio a b g n ac Wired network Discovery VLAN ID LAN ID that the controller uses to send tracer packets in order to detect APs connected to the wired network Configure AP Profile Radio 1 Radio Mode 802 11a n In a new AP Profile you can edit the radio 802 11a n from here You can also edit it from AP Profile Radio Configure AP Profile Radio 2 Radio Mode 802 11b g n In a new AP Profile you can edi...

Page 87: ... support up to tworadios Bydefault Radio1operatesintheIEEE802 11a nmode andRadio2operatesintheIEEE802 11b g n mode The difference between these modes is the frequency in which they operate IEEE 802 11b g n operates in the 2 4 GHz frequency and IEEE 802 11a n operates in the 5 GHz frequency of the radio spectrum 1 Click Wireless Access Point AP Profiles AP Profiles Radio tab 2 Select the radio you ...

Page 88: ... support for both 802 11a and 802 11n devices IEEE 802 11n is an extension of the 802 11 standard that includes multiple input multiple output MIMO technology IEEE 802 11n supports data ranges of up to 248 Mbps and nearly twice the indoor range of 802 11 b 802 11g and 802 11a IEEE 802 11b g n operates in the 2 4 GHz ISM band and includes support for 802 11b 802 11g and 802 11n devices 5 GHz IEEE 8...

Page 89: ...io switches from one channel to the next The length of time spent on each channel is controlled by the scan duration The default scan duration is 10 milliseconds RF Scan Interval This field controls the length of time between channel changes during the RF Scan RF Scan Sentry Channels The radio can scan channels in the radio frequency used by the 802 11b g band 2 4 GHz the 802 11a band 5 GHz or bot...

Page 90: ...d The Delivery Traffic Information Map DTIM message is an element included in some Beacon frames It indicates which client stations currently sleeping in low power mode have data buffered on the access point awaiting pick up The DTIM period you specify indicates how often the clients served by this access point should check for buffered data still on the AP awaiting pickup Specify a DTIM period wi...

Page 91: ...inating attempts to transmit the MSDU after the initial transmission Receive Lifetime Shows the number of milliseconds to wait before terminating attempts to reassemble the MMPDU or MSDU after the initial reception of a fragmented MMPDU or MSDU Station Isolation When this option is selected the AP blocks communication between wireless clients It still allows data traffic between its wireless clien...

Page 92: ...supported for the radio mode currently selected on the page and for the country configured on the General Settings page Press Crtl to select multiple channels Basic Rate Set Mbps These numbers indicate the data rates that all stations associating with the AP must support Supported Rate Set Mbps These numbers indicate rates that the access point supports You can select multiple rates The AP automat...

Page 93: ...ntifier SSID You can configure and enable up to 16 VAPs per radio on each physical access point 1 Click Wireless Access Point AP Profiles AP Profiles SSID tab 2 Select the AP Profile from the drop down menu 3 Select the Radio Mode either 802 11a n or 802 11b g n 4 Select the SSID name from the drop down menu 5 Enable disable the SSID by right clicking Enable or Disable Note SSID ID 1 is always ena...

Page 94: ...types of wireless traffic and effectively specifying minimum and maximum wait times through Contention Windows for transmission The settings described here apply to data transmission behavior on the access point only not to that of the client stations AP Enhanced Distributed Channel Access EDCA Parameters affect traffic flowing from the access point to the client station Station Enhanced Distribut...

Page 95: ...kground Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for example AIFS Inter Frame Space The Arbitration Inter Frame Spacing AIFS specifies a wait time for data frames The wait time is measured in slots Valid values for AIFS are 1 through 255 cwMin Minimum Contention Window This parameter is input to the al...

Page 96: ...ng from the station to the access point With WMM disabled you can still set some parameters on the downstream traffic flowing from the access point to the client station AP EDCA parameters To disable WMM extensions switch OFF To enable WMM extensions switch ON Station EDCA Parameters Queue Queues are defined for different types of data transmitted from station to AP Data 0 Voice Highest priority q...

Page 97: ...w size is reached retries will continue until a maximum number of retries allowed is reached TXOP Limit Station EDCA Parameter Only The TXOP Limit applies only to traffic flowing from the client station to the access point The Transmission Opportunity TXOP is an interval of time when a WME client station has the right to initiate transmissions onto the wireless medium WM This value specifies in mi...

Page 98: ...l networks for a total of 50 wireless networks Multiple networks can have the same SSID Configure SSID Profiles Path Wireless Access Point SSID Profiles 1 Click Wireless Access Point SSID Profiles The SSID Profile List page will appear 2 To edit an existing SSID right click it and select Edit To create a new SSID Profile click the Add New SSID Profile button Note SSID ID 1 is always enabled If you...

Page 99: ...y Captive Portal billing users created via online wireless service purchasing The wireless service packages are defined in Login Profile Authentication Server If Captive Portal Type Permanent User select the authentication server All users that log in to the captive portal for this SSID are authenticated through the selected server The available authentication servers are Local User Databass Radiu...

Page 100: ...user can click through to access the Internet HTTP HTTP Redirect is enabled None HTTP Redirect is disabled Redirect URL If Redirect HTTP enter the URL where all initial HTTP accesses should be redirected to This field is accessible only when HTTP is selected as the redirect type Wireless ARP Suppression Mode Enable the mode to allow APs to reduce the number of broadcasted ARP requests on the wirel...

Page 101: ...AP Security The default access point profile does not use any security mechanism To protect your network we recommend you select a security mechanism to prevent unauthorized wireless clients from gaining access to your network Choices are None No security mechanism is used WEP Enable WEP security Complete the options in Table 3 4 WPA WPA2 Enable WPA WPA2 security Complete the options in Table 3 5 ...

Page 102: ...DS managed AP feature within the Unified Wired and Wireless Access System includes the following The wireless system can contain up to 12 WDS managed AP groups Each WDS managed AP group can contain up to four APs An AP can be a member of only one WDS AP group Each satellite AP can have only one WDS link on the satellite APs This means that a satellite AP must be connected to a root AP A satellite ...

Page 103: ...e WDS links by specifying the MAC address and radio of the AP on each end of the link Keep the following considerations in mind when you configure and manage a WDS group MakesuretheradiosthatparticipateintheWDSlinkusethesamechannel Useoneofthefollowingmethods to control the channel When you configure the satellite AP in stand alone mode use the Radio page to set a static channel When you configure...

Page 104: ... Spanning tree must be enabled if there are any potential loops in the network For example if a satellite AP has links to two root APs then spanning tree must be enabled Note The spanning tree protocol running on the APs interacts with the spanning tree protocol running on the edge switches to which the APs are connected Edit Password Password used for securing WPA2 Personal security on the WDS Li...

Page 105: ...ireless Access Point WDS Groups WDS Managed AP After you create a WDS Managed AP group use the WDS Managed AP Configuration page to view the APs that are members of the group add new members and change STP Priority values for existing members 1 Click Wireless Access Point WDS Groups WDS Managed AP tab ...

Page 106: ...Tree Priority for this AP The STP priority is used only when spanning tree mode is enabled The STP priority determines which AP is selected as the root of the spanning tree and which AP has preference over another AP when multiple equal cost paths exist in the topology The lower value for the spanning tree priority means that the AP is more likely to be used for bridging data into the campus netwo...

Page 107: ...igure Source AP MAC Address MAC Address of the source AP Note The WDS links are bidirectional The terms Source and Destination simply help to differentiate between the WDS link endpoints Source AP Radio The radio number of the WDS link endpoint on the source AP Destination AP MAC Address The MAC address of the destination AP in the group Destination Radio The radio number of the WDS link endpoint ...

Page 108: ... and you can make changes to a configuration received from a peer controller No changes automatically propagate from one controllertothecluster youmustmanuallyinitiatearequestononecontrollerinordertocopyanyconfiguration to its peers 1 Click Wireless Peer Group Peer Configuration 2 Toggle each option to On or Off and then click Save Refer to the table on the next page Field Description General Enab...

Page 109: ...ive Portal information in the configuration that the controller pushes to its peers RADIUS Client Enable this field to include the Client RADIUS information in the configuration that the controller pushes to its peers Controller Provisioning Mode Enable this field to send and receive provisioning messages As a security feature you can disable this option Mutual Authentication Mode Select Enable to...

Page 110: ...Cluster Controller can update code on APs managed by peer wireless controllers Path Maintenance Firmware AP Firmware Download 1 Click Maintenance Firmware AP Firmware Download AP Firmware Download tab 2 Completethefields refertothetableonthenextpage andthenselecttheAP s youwanttoupgrade Use CTRL click to select multiple APs 3 Click Save to begin the upgrade process ...

Page 111: ...ext group begins the process Image DownloadType Type of the image to be downloaded which can be one of the following All Images DWL 8600AP DWL 3600AP DWL 6600AP DWL 2600AP DWL 8610AP Note To download all images make sure you specify the file path and file name for both images in the appropriate File Path and File Name fields Managed AP The list shows all the APs that the controller manages If the ...

Page 112: ...fully The reset command has been sent to the AP Success All APs are connected to the wireless controller Download Count The number of managed APs to download software in the current download request If you selected All for the managed APs to upgrade the download count shows the number of managed APs at the time the download request was started The value is 1 if only one AP is being updated Success...

Page 113: ... told to download the code Failure The AP reported a failing code download Aborted The download was aborted before the AP loaded code from the TFTP server Waiting For APs To Download A download finished on this AP and it is waiting for other APs to finish download Reset command is not sent to the AP in this state NVRAM Update In Progress Download completed successfully The reset command sent to th...

Page 114: ...ller s advanced configuration settings to be configured This chapter covers the following commonly used advanced configuration settings IP Mode on page 115 IPv4 LAN Settings on page 116 IPv6 LAN Settings on page 118 VLANs on page 130 Configure IPv4 Static Routing on page 142 Configure IPv6 Static Routing on page 144 QoS Configuration on page 147 Note The procedures in this chapter should only be p...

Page 115: ...nfigure the IP protocol version to be used on the controller In order to support IPv6 on the LAN you must set the controller to be in IPv4 IPv6 mode This mode will allow IPv4 nodes to communicate with IPv6 devices through this controller 1 Go to Network IPv6 IP Mode 2 Next to IP Mode select either IPv4 only or IPv4 IPv6 3 Click Save ...

Page 116: ...fore it is assigned to avoid duplicate addresses on the LAN For most applications the default DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another LAN device that is the network s...

Page 117: ...the Starting IP Address and this IP address Default Gateway If DHCP mode DHCP Server Enter the default gateway Gateway If DHCP mode DHCP Relay Enter the relay gateway address Default Route Enable Default Route Enable or disable ON enabled the default route function Gateway If Enable Default Route ON enter the Gateway IP address DNS Server If Enable Default Route ON enter the DNS Server IP address ...

Page 118: ...ubnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is set by the prefix length field 1 Go to Network IPv6 LAN Settings IPv6 LAN Settings tab 2 Complete the fields in the table below and on the next page 3 Click S...

Page 119: ...lients will pick up the DHCPv6 server which has highest preference value The preference value must be a decimal integer and be between 0 and 255 inclusive DNS Servers Select one of the following options for DNS servers for the DHCPv6 clients Use DNS Proxy On button to enable DNS proxy on this LAN or Off this button to disable this proxy When this feature is enabled the controller will act as a pro...

Page 120: ...range of IP addresses to be served by the gateway s DHCPv6 server Using a delegation prefix can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix 1 Go to Network LAN LAN Settings IPv6 Address Pools tab 2 Click Add New Address Pool IPv6 Address Pools 3 Enter a starting IPv6 address end IPv6 address and the prefix length 4 Cl...

Page 121: ...k DWC 2000 User Manual 121 Section 5 Advanced Network Configuration 6 Click Add New Prefix Length 7 Enter the IPv6 Prefix and Prefix Length Click Save 5 Go to Network LAN LAN Settings IPv6 Prefix Length tab ...

Page 122: ...evices that are configured to accept such details Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN By configuring the Router Advertisement Daemon on this controller the DWC will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements 1 Go to Network LAN LAN Settings Router Advertisement tab IP...

Page 123: ...ent Interval and Maximum Router Advertisement Interval The minimum router advertisement interval is 1 3 of this configured value and the default is 30 seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Managed and Other Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is selected the host uses administ...

Page 124: ...isements configured with advertisement prefixes allow this controller to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the controller 1 Go to Network LAN Settings Advertisement Prefix tab IPv6 Advertisement Prefixes ...

Page 125: ...he 6to4 address prefix is set to the interface ID of the interface on which the advertisements are sent IPv6 Prefix If IPv6 Prefix Type Global Local SATAP then defines the IPv6 network address IPv6 Prefix Length If Ipv6 Prefix Type Global Local SATAP and this is a numeric value that indicates the number of contiguous higher order bits of the address that make up the network portion of the address ...

Page 126: ...se Whenever DHCP server receives a request from client hardware address of that client is compared with the hardware address list present in the database if an IP address is already assigned to that computer or device in the database the customized IP address is configured otherwise an IP address is assigned to the client automatically from the DHCP pool 1 Click Network LAN LAN DHCP Reserved IPs 2...

Page 127: ...ulticast traffic on the network say from an IPTV application where all LAN hosts do not need to receive this multicast traffic Enabling IGMP snooping allows the controller to regulate the amount of multicast traffic on the network to prevent flooding all LAN hosts Active IGMP snooping is referred to IGMP Proxy and this is available on your controller 1 Click Network LAN IGMP Setup 2 Next to IGMP P...

Page 128: ...es Path Network LAN Jumbo Frame Jumbo frames are Ethernet frames with more than 1500 bytes of payload When this option is enabled the LAN devices can exchange information at Jumbo frames rate 1 Click Network LAN Jumbo Frame 2 Toggle Activate Jumbo Frames to On and enter a MTU value 3 Click Save ...

Page 129: ... this to work the controllers must comply with LACP to allow negotiation of the aggregated link 2 Click Add New LAC The following window will appear Field Description Name Enter a name for this configuration Static Mode Activates or deactivates the Static Mode Choices are ON Use static mode OFF Use dynamic mode LACP Administrative Mode Enables or disables this configuration ON Enabled OFF Disabled...

Page 130: ...tched networks which are large broadcast domains The wireless controller provides VLAN functionality for assigning unique VLAN IDs to LAN ports so that traffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network Creating VLANs Path Network VLAN VLAN Settings You can create VLANs on the V...

Page 131: ...fferent VLANs Unchecked deny communications between different VLANs Captive PortalType Select the type of captive portal from free SLA Permanent User Temporary User or Billing User Authentication Server Select the type of authentication server to authenticate captive portal for permanent temporary or billing users Login Profile Name Select a captive portal from the drop down menu Click Create a Pr...

Page 132: ...the table on the previous page and click Save Deleting VLANs Path Network VLAN VLAN Settings If you no longer need a VLAN you can delete it Note AprecautionarymessagedoesnotappearbeforeyoudeleteaVLAN Therefore besureyoudonotneedaVLAN before you delete it To delete a VLAN 1 Go to Network VLAN VLAN Settings 2 In theVLAN List right click theVLAN you want to delete and click Delete Or right click on a...

Page 133: ...d subnet mask for the virtually isolated network Unless you enabled inter VLAN routing for theVLAN theVLAN subnet determines the network address on the LAN that can communicate with the devices that correspond to the VLAN To view and edit the available multi VLAN subnets 1 Go to Network VLAN VLAN Settings 2 To edit a multi subnet VLAN right click the VLAN and click Edit ...

Page 134: ...red domain name system DNS servers are available on the VLAN enter the IP address of the primary DNS server Secondary DNS Server Optional If configured domain name system DNS servers are available on the VLAN enter the IP address of the secondary DNS server LeaseTime Enter a time interval in hours that a DHCP client can use the IP address that it receives from the DHCP server When the lease time i...

Page 135: ...s like any other Ethernet frame General Select to allow the port to become a member of a user selectable set ofVLANs The port sends and receives data that is tagged or untagged with a VLAN ID If the data into the port is untagged it is assigned the defined PVID All tagged data sent out of the port with the same PVID will be untagged Trunk Select to multiplex traffic for multiple VLANs over the sam...

Page 136: ... MAC based VLAN tables If there is no matching entry in the table then the packet is subject to normal VLAN classification rules of the device UsetheMAC basedVLANConfigurationpagetomapaMACentrytotheVLANtable AfterthesourceMACaddress and the VLAN ID are specified the MAC to VLAN configurations are shared across all ports of the controller 1 Go to Network VLAN AdvancedVLAN MAC BasedVLAN tab 2 Toggle...

Page 137: ...ed Network Configuration 4 Complete the fields in the table below and click Save Field Description MAC Address Enter the MAC address of the client you want to add to a VLAN VLAN Enter the VLAN ID number Interface Select a port from the drop down menu ...

Page 138: ...ork traffic from the controller in a predictable manner The system uses the source MAC of the traffic traveling through the port to identify the IP phone data flow Voice VLAN is enabled per port basis A port can participate only in one voice VLAN at a time The Voice VLAN feature is disabled by default 1 Go to Network VLAN AdvancedVLAN VoiceVLAN tab 2 Toggle Activate Voice VLAN to ON and click Save...

Page 139: ...ged packets are always handled according to the IEEE 802 1Q standard and are not included in protocol based VLANs Ifyouassignaporttoaprotocol basedVLANforaspecificprotocol untaggedframesreceivedonthatportforthat protocol will be assigned the protocol basedVLAN ID Untagged frames received on the port for other protocols will be assigned the Port VLAN ID PVID which is either the default PVID 1 or a ...

Page 140: ...aDVlanTagattached while every packet that is received from an interface has a tag removed if one or more tags are present Use the Double VLAN Tunneling page to configure Double VLAN frame tagging on one or more ports 1 Go to Network VLAN AdvancedVLAN DoubleVLAN tab 2 Click Add New DoubleVLAN 3 Select the Ether Type Dot1q VLAN or CustomTag 4 Click Save 3 Complete the fields in the table below and c...

Page 141: ...a mechanism that allows network controllers to dynamically register and de register VLAN membership information with the networking devices attached the same segment and for that information to be disseminated across all networking controllers in the bridged LAN that support GMRP 1 Go to Network VLAN AdvancedVLAN GVRP tab 2 Toggle Activate GVRP to ON and click Save ...

Page 142: ...ss to determined where is the next hop whereas Protocol Binding use protocol Configuring your wireless controller for static routing allows data transfers between it and a routing device without needing to use dynamic routing protocols Configure IPv4 Static Routing Path Network Routing IPv4 Static Routes To add a static route 1 Click Network Routing IPv4 Static Routes 2 Click Add New Static Route ...

Page 143: ...ic route as private Choices are ON static route is private OFF static route is not private Destination IP Address Enter the IP address of the static route s destination IP Subnet Mask Enter the subnet mask of the static route Interface Select the wireless controller interface that will interface to the static route Choices are LAN VLAN The wireless controller s LAN or VLAN port will interface to t...

Page 144: ...en this controller and other devices to account for changes in the path once configured the static route will be active and effective until the network changes TheListofStaticRoutesdisplaysallroutesthathavebeenaddedmanuallybyanadministratorandallowsseveral operations on the static routes The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields with one exception To confi...

Page 145: ...t private IPv6 Destination The wireless controller will lead to this destination host or IP address IPv6 Prefix Length The number of prefix bits in the IPv6 address that define the subnet Interface Select the wireless controller interface that will interface to the static route Choices are Option 1 Option 2 the wireless controller s Option port will interface to the static route LAN the wireless c...

Page 146: ...th Network Routing IPv4 Static Routes or IPv6 Static Routes After you add static routes you can edit it if you need to change settings To edit a static route right click the static route you want to edit and click Edit To delete a static route right click the static route you want to remove and click Delete ...

Page 147: ...no place to be held for transmission and get dropped by the controller QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS...

Page 148: ...d use congestion management and congestion avoidance techniques to provide preferential treatment Implementing QoS in your network makes network performance more predictable and bandwidth utilization more effective It is especially useful if you expect traffic congestion on the wireless controller LAN ports QoS classification can be applied in Layer 2 or Layer 3 frames For this reason you can conf...

Page 149: ...b In the Trust Mode List select a port by right clicking it and clicking Edit This brings up a pop up box called Trust Mode Configuration 4 Type in the port number for LAN Port and select either CoS or DSCP next to Classify Using 5 Click Save 6 Proceed to Configuring DSCP Priority on page 152 or Configuring 802 1p Priority on page 151 to configure values for DSCP and CoS and their priority ...

Page 150: ...vidual values for DSCP and CoS and the priority that they should be given are set by the Port Cos Mapping Port DSCP Mapping pages under QoS 1 Go to Network QoS QoS Priority On the middle menu on the LAN QoS Priority page click the Trust Mode Settings tab In the Trust Mode List select the mode by right clicking it and clicking Edit This brings up a popup box called Trust Mode Configuration 2 Select...

Page 151: ...o Network QoS QoS Priority On the middle menu on the QoS Priority page click the 802 1P Priority tab In the 802 1p Priority List each row corresponds to a CoS field in an IP packet Select a CoS field by right clicking on it and clicking Edit This brings up a popup box called 802 1P Priority Configuration 2 On the Queue drop down list select one of the following priorities Highest Medium Low Lowest...

Page 152: ...he DSCP fields in IP packets 1 Go to Network QoS QoS Priority On the middle menu on the QoS Priority page click the IP DSCP Settings tab In the IP DSCP List select a DSCP by right clicking it and clicking Edit This brings up a popup box called IP DSCP Configuration 2 From the Queue drop down list select one of the following priorities Highest Medium Low Lowest 3 Repeat step 2 for each additional D...

Page 153: ...age 1 Go to Network QoS QoS Priority Port Shaping Rate tab 2 Right click the port and select Edit 3 Select the percentage you want to assign to the port from the drop down menu and click Save Field Description Port Port to be affected by the Port Shaping Rate Percentage Setsthelimitonhowmuchtrafficcanleaveaport Thelimitonmaximumtransmission bandwidth has the effect of smoothing temporary traffic b...

Page 154: ...criteria on the LAN Changes here affect the traffic that is egressed on the ports Note that a change to the priority can affect the priority of the egress traffic Configure Policy Based QoS Path Network QoS Policy Based QoS 1 Go to Network QoS QoS Policy Policy Based QoS tab 2 Click Add New Policy Based QoS 3 Complete the fields in the table on the next page and click Save ...

Page 155: ...Source TCP Port Destination TCP Port Source UDP Address Destination UDP Address VLAN If Profile Type VLAN enter a defined VLAN number MAC Address If Profile Type Destination MAC Address or Source MAC Address enter a defined MAC Address IP Address If Profile Type Destination IP Address or Source IP Address enter a defined IP Address L4 Port If ProfileType SourceTCP Port DestinationTCP Port Source U...

Page 156: ...eld Description Profile Name The name of the profile Service Select the type of service you want to use The choices are Any aim bgp bootp_client bootp_server cu seeme udp cu seeme tcp dns udp dns tcp finger ftp http https icmp icq imap2 imap3 irc news nfs nntp ping pop3 pptp rcmd rea audio rexec rlogin rtelnet rtsp tcp rtsp udp sftp smtp snmp tcp snmp udp snmp traps tcp snmp traps udp sql net ssh ...

Page 157: ...nfiguration Configure Auto VoIP QoS Path Network QoS QoS Policy Auto VoIP Enables the QoS rule for prioritizing Changes here affect the SIP and H 323 traffic priority in the LAN 1 Go to Network QoS QoS Policy AutoVoIP tab 2 Enable Active Auto VoIP and click Save ...

Page 158: ...k QoS QoS Policy Queue Scheduler The supported algorithms are strict and weighted round robin only The device will be programmed to handle the traffic using the algorithm configured here 1 Go to Network QoS QoS Policy Queue Scheduler tab 2 Select Scheduling Algorithm Strict or Weighted Round Robin 3 Click Save ...

Page 159: ...Policy Queue Management This page shows the current queue management algorithm that is used in the wireless controller 1 Go to Network QoS Option QoS Queue Management tab This page displays the current queue management algorithm that is used We currently do not support configuration of queue management algorithm ...

Page 160: ...ed to a Layer 3 QoS field in the packet so that upstream routers can make a QoS decision based on the DSCP field set in the packet Once you enable CoS to DSCP marking by choosing the check box you can choose the appropriate value of the DSCP for a given CoS value 1 Go to Network QoS CoS DSCP Marking 2 Enable CoS and DSCP Marking and click Save 3 Right click on the CoS and select Edit Change the ma...

Page 161: ...bes the following commonly used security features Client Management on page 162 Group Management on page 165 User Management on page 172 Guest Account Usage Management on page 177 External Authentication on page 186 Blocked Clients on page 192 WIDS on page 67 Note The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology ...

Page 162: ...tication User Database MAC Authentication To view wireless known clients 1 Go to Security Authentication User Database 2 Click on the MAC Authentication tab in the middle menu The MAC Authentication page will appear displaying a list of the wireless clients in the MAC Authentication database 3 Next to List Type the current global setting is displayed MAC authentication is a feature that grants or ...

Page 163: ...e MAC Authentication Configuration page will appear 5 Complete the fields in the table below and click Save Field Description MAC Address Enter the MAC address for the known client Name Enter the name of the known client The name should allow you to differentiate this known client from others you may add ...

Page 164: ...ation After you add clients you can edit or delete it if you need to change settings To edit or delete a client 1 Go to Security Authentication User Database MAC Authentication 2 Under MAC Authentication List right click the client and select either Edit or Delete 3 Change the desired settings refer to the table on the previous page 4 Click Save ...

Page 165: ...so edit user groups when changes are required and delete user groups you no longer need Adding User Groups Path Security Authentication User Database Groups When you add a user group you assign A name that identifies the user group An optional user group description At least one privilege or user type An idle timeout value After you define user groups you can use the procedure under User Managemen...

Page 166: ...access the Internet Networks through Captive Portal authentication Network Selecting Network enables an extra option by default the group types for Network users are Captive Portal User The users of the group having Captive Portal privilege will have permissions to access the Internet Networks through Captive Portal authentication Field Description Front Desk The users of the group having Front De...

Page 167: ...t a user group For example you might want to change the privileges for the user group or idle timeout To edit a user group 1 Go to Security Authentication User Database Groups The Groups List page will appear 2 Right click the user group you want to edit and click Edit The Group Configuration pop up page will appear 3 Complete the fields in the previous page and click Save ...

Page 168: ...lete all users in it see Editing Deleting Clients on page 164 Note A precautionary message does not appear before you delete a user group Therefore be sure you do not need a user group before you delete it To delete a user group 1 Go to Security Authentication User Database Groups The Groups page will appear 2 Right click on the user group you want to delete and click Delete To delete all groups c...

Page 169: ...er group 3 Click the Add Login Policies button The Login Policies Configuration page will appear 4 Complete the fields from the table below and click Save Settings Field Description Group Name Name of the group Disable Login Grants or denies login access to the web management interface for all users in this user group Choices are On Disable login access Off Enable login access Deny login from Opti...

Page 170: ...user group from using particular web browsers to log in to the wireless controllers web management interface 1 Click Security Authentication User Database Groups 2 Click the Add Browser Policies button 3 Under Add Defined Browser click a browser from the Client Browser drop down list and click Add The selected browser will appear in the Defined Browsers area Field Description Group Name Select the...

Page 171: ...rticular network or IP address 1 Click Security Authentication User Database Groups 2 Click the Add IP Policies button The IP Policies Configuration page will appear 3 Complete the fields in the table below and click Save The address you defined will appear in the Defined Addresses area Field Description Group Name Select a group name from the drop down menu Source AddressType Choices are IP Addre...

Page 172: ...from a comma separated value CSV formatted file After you add users you can edit them when changes are required and delete users when you no longer need them Adding Users Manually Path Security Authentication User Database Users One way of adding users is to add users individually 1 Go to Security Authentication User Database Users 2 Click Add New User The User Configuration pop up page will appea...

Page 173: ...this user from others you may add First Name Enter the first name of the user Last Name Enter the last name of the user Select Group Select the captive portal group to which this user will belong Password Enter a case sensitive login password that the user must specify at the login prompt to access the web management interface For security each typed password character is masked with a dot Confirm...

Page 174: ...this user The name should allow you to easily identify this user from others you may add First Name Enter the first name of the user Last Name Enter the last name of the user Select Group Select the group to which this user will belong Edit Password Toggle this option to enter the password to be used by this user to log in to the web management interface Enter Current Logged in Administrator Passw...

Page 175: ...elete the user Note A precautionary message does not appear before you delete a user Therefore be sure you do not need a user before you delete it To delete a user 1 Click Security Authentication User Database Users The Users List page will appear 2 Right click on the user you want to delete and click Delete To delete all users click Select All and then Delete ...

Page 176: ... User Database Password Rules Password Rules Field Description Password Enforcement Toggle on to turn on the following password rules Minimal Password Length Enter the minimum number of characters required Minimal Numeric Characters Enter the minimum number of numbers that users must use in their password New Password must be Different Your new password configured must be different than old passwo...

Page 177: ... it is valid for use Account Depletion the temporary account is run out usage time or usage volume Account Expiration the temporary account is expired no matter usage time volume running out or not and it is removed from the local database Thebillingprofilecanbevariousdependingonhowtoputthevalueinthesettings Belowarefivemostcomment types of billing profiles 1 The temporary account usage time is li...

Page 178: ...ce The organizer generates accounts before the event and delivery account information to participator in advanced if necessary The temporary account would be only valid from specific date and time 4 The temporary account has limited time usage The account doesn t have the expiration time until the usage is run out This billing profile is suitable for the scenario in Hotspot The service provider ch...

Page 179: ...eated for this profile to login simultaneously Allow Customized Account on Front Desk Checking this option enables front desk user to give customized account name to the captive portal users being created on this profile Allow Batch Generation on Front Desk Checking this option enables front desk user to generate a batch of temporary captive portal users at one click Session IdleTimeout Idle timeo...

Page 180: ...n using his credentials Begin From Activate account from this date Maximum UsageTraffic Maximum traffic user can use before his account expires Only inbound traffic shall be considered towards bandwidth usage Allow Front Desk to Modify Usage Checking this option enables front desk user to modify usage limits Unit Price Set Price Enable the option to set the price for this billing profile The price...

Page 181: ...Security Authentication Billing Profile Payment Gateway tab 2 Click Add New Payment Gateway 3 Complete the fields in the table below and click Save Field Description Payment Processor Select the payment agent Paypal Payment Receiver Email ID The Paypal email account used for receiving payment API Username The API username of the Paypal Premier Business Website Payment Pro account API Password The ...

Page 182: ...e of that page with specific text and images The wireless controller supports multiple login and SLA pages Associate login page or SLAs on SSIDs or VLANs separately Customize the Captive Portal Login Page Path Security Authentication Login Profiles Login Profiles 1 Go to Security Authentication Login Profiles Login Profiles tab 3 Complete the fields in the table on the next page and click Save 2 C...

Page 183: ... during the captive portal session from the drop down menu Custom Color If you choose Custom on Page Background Color enter the HTML color code Header Details Background Selectwhethertheloginpagedisplayedduringthecaptiveportalsessionwillshowanimage or color Choices are Image show image on the page Use the Header Background Color field to select a background color The maximum size of the image is 1...

Page 184: ...d online wireless service purchasing from on the login page SessionTitle 1 Enter the text that appears in the title of the online purchasing login box when the user logs in to the captive portal session Message Enter the text appears in the online purchasing login box when the user logs in to the captive portal session SessionTitle 2 Enterthetextthatappearsinthetitleofthemessageboxwhileonlinepurch...

Page 185: ...ields in the table below and click Save Field Description SLA Profile Name Enter a name for this SLA profile The name should allow you to differentiate this SLA from others you may set up BrowserTitle Enter the text that will appear in the title of the browser during the captive portal session Term of Service Rule Shows the set of rules on Captive Portal which is set for temporary and SLA type use...

Page 186: ...rity uses a RADIUS Server forWPA and orWPA2 security A RADIUS server must be configured and accessible by the controller to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication The Authentication IP Address is required to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by th...

Page 187: ...server Authentication Port RADIUS authentication server port to send RADIUS messages Secret Secret key that allows the device to log into the configured RADIUS server It must match the secret on RADIUS server Timeout Set the amount of time in seconds the controller should wait for a response from the RADIUS server Retries This determines the number of tries the controller will make to the RADIUS s...

Page 188: ...IPsec PPTP L2TP Server and Captive Portal users Note that POP3 for PPTP L2TP servers is supported only with PAP and not with CHAP MSCHAP MSCHAPv2 encryption To configure POP3 Server 1 Go to Security Authentication External Auth Server POP3 Server tab 2 Complete the fields in the table below and click Save Field Description Authentication Server IP address of the POP3 authentication server Authenti...

Page 189: ...ile is used as part of the POP3 negotiation to verify the configured authentication server identity Each of the three configured servers can have a unique CA used for authentication 1 Go to Security Authentication External Auth Server POP3Trusted CA tab 2 Add the CA file by click Add CA File 3 Click Choose File and browse to the CA file Once selected click Save ...

Page 190: ...nformation is stored in a hierarchal manner Also of note is that configuring a LDAP server on Windows or Linux servers is considerably less complex than setting up NT Domain or Active Directory servers for user authentication The details configured on the controller will be passed for authenticating the controller and its hosts The LDAP attributes domain name DN and in some cases the administrator...

Page 191: ...ween different users having same user name LDAP Base DN LDAP authentication requires the base domain name contact your administrator for the Base DN to use LDAP authentication for this domain Timeout Set the amount of time in seconds the controller should wait for a response from the LDAP server Retries This determines the number of tries the controller will make to the LDAP server before giving u...

Page 192: ...wall Blocked Clients If traffic passes through the DCS 2000 directly the controller will block the traffic from blocked clients MAC address To add clients to block 1 Go to Security Firewall Blocked Clients 2 Click Add New Blocked Clients Enter the client s MAC address and a description 3 Click Save ...

Page 193: ...connected to the LAN DHCPv6 Server and to whom DHCPv6 Server has given leases 200 Status Network Information Captive Portal Session Showstheruntimeauthenticationsessionsthatareactiveonthecontroller 201 Status Network Information Interfaces Shows detailed transmit and receive statistics for each physical port 202 Status Network Information Link Aggregation Shows the link aggregation status 204 Stat...

Page 194: ... for downloading to access points 221 Status Wireless Information Associated Clients Global Status Shows statistics about all the clients traffic while the clients are associated with managed access points as well as throughout the roaming session 223 Status Wireless Information Associated Clients Associated Clients Showsinformationaboutalltheclientsconnectedthroughmanaged access points 224 Status...

Page 195: ... network segment such as WLAN or LAN The data is broken into by applications service such as HTTP HTTPS DNS SNMP and others WLAN Statistics Displays a chart of traffic overview by bandwidth and packet information for WLAN traffic captured by all of the managed APs currently associated CPU Utilization Percent of the CPU utilization currently consumed by the device The CPU utilization is broken down...

Page 196: ...us and Statistics Manage Dashboard To manage the dashboard 1 Click on the Manage Dashboard button 2 The following window will pop out and allow you to enable or disable the overview panels shown on the dashboard Toggle the panel to On or Off and click Save ...

Page 197: ...tes sec for transmit receive directions for each interface If you suspect issues with any of the wired ports use this table to identify uptime or transmit level issues with the port The statistics table has an auto refresh control for displaying the most current port level data at each page refresh The default auto refresh for this page is 10 seconds Click Clear Statistics to reset the traffic inf...

Page 198: ... the Setup and Advanced menus This page is organized into the following sections General Shows system name firmware version WLAN module version and serial number Port Information Shows information based on the administrator configuration parameters Note that LAN1 will display the local interface of the controller If you set any of the LAN ports to Standalone information will be displayed under the...

Page 199: ...s Viewing USB Status Path Status System Information USB Status The USB Status page summarizes the USB devices connected to the wireless controller The wireless controller allows to connect USB printer and USB disk for firmware upgrade only directly There are two USB ports ...

Page 200: ...on 7 Viewing Status and Statistics Viewing DHCP Clients Path Status Network Information DHCP Clients Two separated tabs shows a list of clients whom get IP leased from the wireless controller LAN leased clients and LAN IPv6 leased clients ...

Page 201: ...he local or external user database and have had their login credentials approved for internet access If Internet session passthrough is enabled select the session and right click Disconnect allowing the admin to selectively drop an authenticated user Select the session and right click Block device The Block Device button will result in the selected client being added to the blocked list Security F...

Page 202: ...nual 202 Section 7 Viewing Status and Statistics Viewing Traffic on Interfaces Path Status Network Information Interfaces This page shows the incoming outgoing packets on each interface Table fields are shown on the next page ...

Page 203: ... packets entering the port Outgoing Packets The number of packets leaving the port Dropped In Packets Packets dropped on the inbound path of the interface Dropped Out Packets Packets dropped on the outbound path of the interface WLAN Info Transmitted Total packets transmitted across all APs managed by the controller Received Total packets received across all APs managed by the controller Transmit ...

Page 204: ...ink DWC 2000 User Manual 204 Section 7 Viewing Status and Statistics Viewing Link Aggregation Path Status Wireless Information Controller Status Link Aggregation This page shows the link aggregation status ...

Page 205: ...llers detected on the network Cluster Controller IndicateswhetherthiscontrolleristheClusterControllerforthecluster Among a group of peer Controllers one of the Controllers is automatically elected or configured to be the Cluster Controller The Cluster Controller gathers status and statistics about all APs and clients in the peer group Note Only the Cluster Controller controller can display managed...

Page 206: ...and its associated clients If this controller is the Cluster Controller it will also show the associated clients whom is managed with other peer controllers Controller Associated Clients Field Description Controller IP Address Shows the IP address of the Controller that manages the AP to which the client is associated Client MAC Address Shows the MAC address of the associated client ...

Page 207: ...AN forwarding mode The AP the client initially associates with is called the Home AP The AP the client roams to is called the Association AP Distributed Tunnel Field Description DistributedTunnel Packets Transmitted Total number of packets sent by all APs via distributed tunnels DistributedTunnel Roamed Clients Total number of client that successfully roamed away from Home AP using distributed tun...

Page 208: ... controllers in the cluster from one controller The Configuration Receive Status page provides information about the configuration a controller has received from one of its peers Peer Controller Receive Status Field Description Current Receive Status Current Receive Status Global status when wireless configuration is received from a peer controller Possible status values are Not Started Receiving ...

Page 209: ...Power AP Database AP Profiles Known Client Captive Portal RADIUS Client QoS ACL QoS DiffServ None wireless controller has not received any configuration for another controller Timestamp Shows the last time this wireless controller received any configuration data from a peer controller The Peer Controller Managed AP Status page shows information about the access points that each peer controller in ...

Page 210: ...ller that receive the configuration information Peer Controller Sent Status Field Description Peer Controller IP Address Shows the IP address of each peer wireless controller in the cluster that received configuration information Configuration Controller IP Address ShowstheIPAddressofthecontrollerthatsenttheconfigurationinformation Configuration Identifies which parts of the configuration the cont...

Page 211: ...ured and have an active connection with the Wireless controller Standalone APs Number of trusted APs in Standalone mode APs in Standalone mode are not managed by a controller Rogue APs Number of Rogue APs currently detected on theWLAN When an AP performs an RF scan it might detect access points that have not been validated It reports these APs as rogues Discovered APs APs that have a connection wi...

Page 212: ...tion Limit Maximum number of APs for which the system can send de authentication frames Rogue AP Mitigation Count Number of APs to which the wireless system is currently sending de authentication messages to mitigate against rogue APs A value of 0 indicates that mitigation is not in progress Maximum Managed APs in Peer Group Maximum number of access points that can be managed by the cluster WLAN U...

Page 213: ... Managed access point profile configuration has been applied to the access point and the access point is operating in managed mode No Database Entry access point s MAC address does not appear in the local or RADIUS Valid AP database Authentication Failed AP access point failed to be authenticated by the wireless controller or RADIUS server Failed wireless controller lost contact with the access po...

Page 214: ...f authentication is enabled but it is not configured Managed profile configuration has been applied to the access point and the access point is operating in managed mode Failed wireless controller lost contact with the access point A failed entry remains in the Managed AP database unless you remove it Note that a managed access point shows a failed status temporarily during a reset If management c...

Page 215: ... on the access point Reset AP Reset the managed AP back to the factory default settings Disassociate Clients View disassociate clients with the selected AP The Managed AP Statistics page shows information about traffic on the access point s wired and wireless interfaces This information can help diagnose network issues such as throughput problems To view the statistics for a managed access point r...

Page 216: ...ed Field Description MAC Address MAC address of each access point managed by the peer controller AP IP Address IP address of the access point Peer IP Address IP address of the peer controller that manages the access point This field appears when All is selected from the drop down menu Location Descriptive location configured for the managed access point Profile Access point profile that the wirele...

Page 217: ...d in the access point did not match the password configured in the local database Not Managed Access point is in theValid AP database but the access point Mode in the local database is not set to Managed RADIUS Authentication The password configured in the RADIUS client for the RADIUS server was rejected by the server RADIUS Challenged TheRADIUSserverisconfiguredtousetheChallenge Responseauthentic...

Page 218: ...lients that the wireless controller has detected Right click on an AP or client to bring up options to view details Fields on the AP Authentication Failure Status Page Field Description MAC Address Ethernet address of the AP If the MAC address of the access point is followed by an asterisk it was reported by a peer controller IP Address IP address of the access point Last FailureType Last type of ...

Page 219: ...attack is not effective against Ad hoc networks because these networks do not use authentication The APs operating on channels outside of the country domain are not attacked because sending any traffic on illegal channels is against the law The wireless controller maintains a list of BSSIDs against which it is conducting a de authentication attack The controller sends the list of BSSIDs and channe...

Page 220: ...gainst which the attack is launched The BSSID is a MAC address Channel Identifies the channel on which the rogue AP is operating Time Since Attack Started Shows the amount of time that has passed since the attack started on the AP RF Scan Report Age Shows the amount of time that has passed since the RF Scan reported this AP ...

Page 221: ...upported by access points as well as software images that are available for download to the access point The right click option will display the radio Information for the selected hardware type Field Description HardwareType Shows the ID number assigned to each access point hardware type The wireless controller supports six different types of access point hardware HardwareType Description Describe...

Page 222: ...ws whether the hardware supports one radio or two radios 802 11a Support Shows whether support for IEEE 802 11a mode is enabled RadioType Description Displays the type of radio which might contain information such as the manufacturer name and supported IEEE 802 11 modes 802 11bg Support Shows whether support for IEEE 802 11bg mode is enabled VAP Count Displays the number of VAPs the radio supports...

Page 223: ...nclude IEEE 802 11a n IEEE 802 11b g n 5 GHz IEEE 802 11n 2 4GHz IEEE 802 11n 802 11ac Clients Total number of IEEE 802 11ac only clients that are authenticated Max Associated Clients Maximum number of clients that can associate with the wireless system This is the maximum number of entries allowed in the Associated Client database Detected Clients Number of wireless clients detected in the WLAN M...

Page 224: ... and clicking the View Details button displays detailed information about the selected client Field Description Client MAC Address Ethernet MAC address of the client station Client IP Address The IP address of the client station SSID Name of the wireless network on which the client is connected BSSID MAC address for the managed access point virtual access point where this client is associated AP M...

Page 225: ... its MAC address Field Description Disconnect Disconnects the associated client Details Shows detailed information about the associated client and the AP it is connected to DistributedTunneling Shows information about distributed tunneling status Neighbor AP Status Shows information about the neighbor AP status Client Statistics Shows detailed statistic information about the associated client and ...

Page 226: ...e client station PacketsTransmitted Total number of packets transmitted to the client station BytesTransmitted Total number of bytes transmitted to the client station Packets Receive Dropped Number of packets received from the client stations that were dropped Bytes Receive Dropped Number of bytes received from the client stations that were dropped PacketsTransmit Dropped Number of packets transmi...

Page 227: ...nt is authenticated Radio 1 or Radio 2 VAP MAC Address VAP MAC address to which the client roamed SSID SSID name used by the VAP User Name User name of client that authenticated via 802 1X Pre Authorization Status Indicates whether the client successfully authenticated Shows a status of Success or Failure Age Time since the history entry was added Field Description AP MAC Address MAC address of th...

Page 228: ... the client information is in the Neighbor Client List AP MAC Address ThebaseEthernetMACAddressofthemanagedAPwhichdetectedtheclient Location The configured descriptive location for the managed AP Radio The radio interface and its configured mode that detected the ad hoc device Detection Mode The mechanism of detecting this Ad Hoc device The possible values are Beacon Frame or Data Frame Age Time s...

Page 229: ...ption MAC Address Ethernet MAC address of the client Client Name Name of the client if available from the Known Client Database If the client is not in the database the field is blank Client Status Client status which can be one of the following values Authenticated wireless client is authenticated with the wireless system Detected wireless client is detected by the wireless system but is not a se...

Page 230: ...lists up to three non sentry and three sentry managed APs that have detected the client Rogue Classification The Wireless Intrusion Detection System WIDS can help detect intrusion attempts into the wireless network and take automatic actions to protect the network The Unified Wireless controller allows you to activate or deactivate various threat detection tests and set threat detection thresholds...

Page 231: ...tistics from the other controllers in the cluster including information about the access point s peer controller and the clients associated to those access points Field Description Cluster Information Cluster Controller IP Address IP address of the controller that controls the cluster Peer Controllers Number of peer controllers Connected Peer Controllers IP Address IP address of the peer wireless ...

Page 232: ...he Root AP The WDS links are secured using WPA2 Personal authentication and AES encryption This page displays summary information about configuredWDS links At least one group must be configured for the fields to display To configure a WDS AP group use the pages from Wireless Access Point WDS Groups Field Description ID Unique number that identifies the WDS AP group Configured AP Count Number of AP...

Page 233: ...te APs Source AP Count Number of Root APs currently being managed by the controller that are members of this WDS AP Group Destination AP Count Number of Satellite APs currently being managed by the controller that are members of this WDS AP Group Source Bridge AP MAC MAC Address of the device elected as the Spanning Tree Root Bridge If spanning tree is disabled this value is 00 00 00 00 00 00 Sour...

Page 234: ...counted by this status parameter WDS Group Password Change Status Status of the last attempt to configure the password for the WDS Group Not Started Success Invalid Password Requested Timed Out Edit Password To change the password for all controllers and APs in this WDS Group select the Edit checkbox type the new password and then click Apply Password Password must be minimum of 8 characters and c...

Page 235: ...is a Satellite AP connected to the network via aWDS link or a Root AP connected to the network via a wired link STP Root Mode Indicates whether this AP is the root of the spanning tree If spanning tree is disabled then the AP is always reported as Not STP Root Root Path Cost SpanningTree Path Cost to the root The root AP always reports this value as 0 If spanning tree is disabled the value is also...

Page 236: ...dpoint on the destination AP Source AP End Point Indicates whether the AP specified by the destination MAC detected the AP specified by the source MAC Destination AP End Point Indicates whether the AP specified by the source MAC detected the AP specified by the destination MAC Aggregation Mode When parallel links are defined between two APs this field indicates whether this link is part of the agg...

Page 237: ...e Source AP in the group Destination AP Radio The radio number of the WDS link endpoint on the destination AP Source AP End Point Indicates whether the AP specified by the destination MAC detected the AP specified by the source MAC Destination AP End Point Indicates whether the AP specified by the source MAC detected the AP specified by the destination MAC Source AP Packets Bytes Sent Number of pa...

Page 238: ...enses on page 241 Remote Management on page 242 Using SNMP on page 243 Backup Configuration Settings on page 249 Restoring Configuration Settings on page 250 Restoring Factory Default Settings on page 251 Rebooting the Wireless Controller on page 252 Wireless Controller Firmware Upgrade on page 253 Using the Command Line Interface on page 255 Log Settings on page 265 ...

Page 239: ...o synchronize the date and time You can choose to set Date and Time manually whichwillstoretheinformationonthecontroller srealtimeclock RTC Ifthecontrollerhasaccesstotheinternet the most accurate mechanism to set the controller time is to enable NTP server communication To configure the date and time following below steps 1 Select the controller s time zone relative to Greenwich Mean Time GMT 2 If...

Page 240: ...Timeout Path Maintenance Administration Session Settings Enter the session timeout value for administrator and guest users and then click Save Set USB Share Ports Path Maintenance Administration USB Share Ports Enable USB port sharing on USB port 1 2 or both and click Save ...

Page 241: ...th D Link d If you do not have an account register for a new account e Log in with your username and password f Click License Key Activation on the D Link Global Registration Portal website g Follow the directions to receive an activation code 2 After obtaining the Activation Key go to Maintenance Administration License Update The License Update page will appear 3 Under Activation Setup enter the ...

Page 242: ...ur wireless controller Select HTTP and or HTTPS Note When remote management is enabled the controller is accessible to anyone who knows its IP address It is HIGHLY RECOMMENDED that you change the default administrator and guest passwords before continuing 1 Go to Maintenance Management Remote Management 2 Set HTTP and or HTTPS to On If you select HTTPS you may enter a port 4443 is the default sett...

Page 243: ... to view or update configurationparameters ThecontrollerasamanageddevicehasanSNMPagentthatallowstheMIBconfiguration variables to be accessed by the Master the SNMP manager The Access Control List on the controller identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this controller are provided to the S...

Page 244: ...k Save 2 Click Add SNMPTrap 3 Complete the information on fields refer to the table below 4 Click Save Configure SNMP Trap List 1 Go to Maintenance Management SNMP SNMPTrap List tab Field Description IP Address The IP Address of the SNMP trap agent Port The SNMP trap port of the IP address to which the trap messages will be sent Community The community string to which the agent belongs Most agents...

Page 245: ...Control 3 Complete the information on fields refer to the table below 4 Click Save Field Description IP Address The IP Address of the SNMP trap agent Subnet Mask The network mask used to determine the list of allowed SNMP managers Community The community string to which the agent belongs AccessType Access will be either read only ROcommunity or read write RWcommunity ...

Page 246: ...identification of the controller 3 Click Save Configure Wireless SNMP Info If you use Simple Network Management Protocol SNMP to manage the controller you can configure the SNMP agent on the controller to send traps to the SNMP manager on your network from this page When an AP is managed by a controller it does not send out any traps The controller generates all SNMP traps based on its own events ...

Page 247: ...this field the SNMP agent sends a trap for one of the following reasons associated with the wireless client Client Association Detected Client Disassociation Detected Client Roam Detected Peer ControllerTraps If you enable this field the SNMP agent sends a trap for one of the following reasons associated with a peer controller Peer Controller Discovered Peer Controller Failed Peer Controller Unkno...

Page 248: ...e Cluster Controller Rogue Client detected Rogue Client s continue to exist after every Rogue Detected Trap Interval seconds Maximum number of Managed APs in the peer group exceeded Wireless StatusTraps If you enable this field the SNMP agent sends a trap if the operational status of the controller it need not be Cluster Controller for this trap changes It sends a trap if the Channel Algorithm is ...

Page 249: ...hatwillreplaceorworkwithotherwirelesscontrollers 1 Click Maintenance Firmware Backup Restore 2 Click Save from System PC Save from USB Port 1 or Save from USB Port 2 depending on the location the backup should be saved to A If Save from System PC is chosen a dialog box message will appear Afterwards the browser will automatically begin the download to the default download location B If Save from U...

Page 250: ...configuration settings you can restore the settings using the following procedure 1 Click Maintenance Firmware Backup Restore 2 In the Restore to System PC section click the Choose File button Use the Choose file dialog box to find the backup file then click the file and click Open 3 Click Restore A message will appear 4 Click OK to close the message and restore the configuration settings from the...

Page 251: ...restore a wireless controller to its original factory default settings Use the reset button on the back of the wireless controller see Using the Reset Button to Restore Default Settings on page 258 Use the web management interface instructions below 1 Click Maintenance Firmware Soft Reboot 2 Next to Factory Default settings click the Default button 3 At the confirmation message click OK to restore...

Page 252: ...s controller Rebooting performs a power cycle and keeps any customized overrides you made to the default settings 1 Go to Maintenance Firmware Soft Reboot 2 Next to Soft Reboot click Soft Reboot To reboot to the original factory default click Default 3 At the confirmation message click OK to reboot the wireless controller or click Cancel to not reboot ...

Page 253: ...eless controller When improvements are available they are offered to customers as firmware upgrade releases After you install the wireless controller check that it has the latest firmware Thereafter check for firmware releases and install them as they become available 1 In the wireless controller web management interface click Maintenance Firmware Firmware Upgrade The Using System PC page will app...

Page 254: ...D Link DWC 2000 User Manual 254 Section 8 Maintenance To use a USB drive to update the firmware click the Using USB tab ...

Page 255: ...r credentials For more information refer to the Wireless Controller CLI Reference Guide DWC 2000 2 If the firmware version on the D Link support website has a higher number than the firmware version shown under Firmware Information continue with this procedure 3 Download the new firmware from the D Link website 4 Under Firmware Upgrade click the Choose File button 5 In the Choose File dialog box n...

Page 256: ... the problem The topics covered in this chapter are LED Troubleshooting on page 257 Web Management Interface on page 257 Using the Reset Button to Restore Default Settings on page 258 Problems with Date and Time on page 258 Discovery Problems with Access Points on page 258 Connection Problems on page 259 Network Performance and Rogue Access Point Detection on page 259 Using Diagnostic Tools on the...

Page 257: ...nk technical support LAN Port LEDs Not ON If the LAN LEDs do not go ON when the Ethernet connection is made 1 Check that the Ethernet cable connections are secure at the wireless controller and at the switch 2 Be sure power is applied to the connected switch and that the switch is turned on 3 Be sure you are using the correct cables straight through or crossover Web Management Interface If you can...

Page 258: ... servers on the Internet Each entry in the log is stamped with the date and time of day If you find that the date and time stamps are not accurate confirm that the wireless controller can reach the Internet Discovery Problems with Access Points If the wireless controller does not discover any or all access points Be sure the wireless controller is connected to the LAN see LAN Port LEDs Not ON on p...

Page 259: ...ss controller see Step 1 Enable DHCP Server Optional on page 25 When a DHCP server becomes available the access point can transition from the Connecting state to the Connected state If you added a new SSID but the SSID does not appear underWi Fi Networks within 5 minutes use the following procedure to reboot the Wireless Controller 1 Click Maintenance Firmware Soft Reboot 2 Click Soft Reboot Netwo...

Page 260: ... controller you can ping an IP address You can use this function to test connectivity between the wireless controller and another device on the network connected to the wireless controller 1 Go to Maintenance Management Diagnostics NetworkTools 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Ping The results will appear ...

Page 261: ...ap the network path to a public host Up to 30 intermediate controllers or hops between this wireless controller and the destination will be displayed 1 Go to Maintenance Management Diagnostics NetworkTools 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Traceroute The results will appear in the Command Output display bel...

Page 262: ...e the IP address of aWeb FTP Mail or any other server on the Internet 1 Go to Maintenance Management Diagnostics NetworkTools 2 Under DNS Lookup in the Domain Name field enter an Internet name 3 Click Lookup The results will appear in the Command Output display below If the host or domain entry exists a response will appear with the IP address If the message Host Unknown appears the Internet name ...

Page 263: ...ed to 1 MB of data per capture session If the capture file size exceeds 1MB it is deleted automatically and a new capture file is created To capture packets 1 Go to Maintenance Management Diagnostics Capture Packets 2 Select an interface from the drop down menu 3 Click Start Trace The results are shown in the Command Output page The trace can be downloaded by clicking the Download button which wil...

Page 264: ...s functions on the wireless controller you can ping an IP address You can use this function to test connectivity between the wireless controller and another device on the network connected to the wireless controller 1 Go to Maintenance Management Diagnostics System Check 2 ClickDisplayIPv4TableorDisplayIPv6Table TheresultswillappearintheCommandOutputdisplay below ...

Page 265: ...the log configuration settings and the ways you can access these logs Defining What to Log Path Maintenance Logs Settings Facility Logs The Facility Logs page lets you determine the granularity of logs to receive from the wireless controller Select one of the following facilities Kernel the Linux kernel Log messages that correspond to this facility would correspond to traffic through the firewall ...

Page 266: ... is in the Status System Information All Logs Current Logs or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server Severity Description Emergency System is unusable Alert Action must be taken immediately Critical Critical conditions Error Error conditions Warning Warning conditions Notification No...

Page 267: ... logs Tracking Traffic Routing Logs Maintenance Logs Settings Routing Logs Traffic can be tracked based on whether the packet was accepted or dropped by the firewall Denial of service attacks general attack information login attempts dropped packets and similar events can be captured for review by the IT administrator Note Enabling logging options may generate a significant volume of log messages ...

Page 268: ...nformation login attempts dropped packets and similar events Traffic can be tracked based on whether the packet was accepted or dropped by the firewall Routing Logs All UnicastTraffic If enabled tracks packets directed to the wireless controller All Broadcast MulticastTraffic Ifenabled tracksallbroadcastormulticastpacketsdirectedtothewirelesscontroller FTP Logs If checked logged information is sen...

Page 269: ...ll connect to this server to send e mail logs when required The SMTP server must be operational for email notifications to be received SMTP Port If Enable E Mail Logs is enabled enter the SMTP port of the e mail server Return E Mail Address If Enable E Mail Logs is enabled enter the e mail address where replies from the SMTP server are to be sent required for failure messages Send to E mail Addres...

Page 270: ...ver OFF wireless controller ignores IDENT requests from the SMTP server Send E Mail Logs by Schedule To receive e mail logs according to a schedule configure the appropriate schedule settings Scheduling options are enabled when the Enable E Mail Logs option is checked Unit Selecttheperiodoftimethatyouneedtosendthelog Thisoptionisusefulwhenyou do not want to receive logs by e mail but want to keep ...

Page 271: ...also lets you send configuration logs to three email recipients Syslog Server Configuration To enable a Syslog server click the ON OFF switch next to an empty Syslog server field and enter an IP address or FQDN in the Name field The selected facility and severity level messages are sent to the configured and enabled Syslog server after you save the settings on this page Switch To have the wireless...

Page 272: ...ings on page 265 or Maintenance Log Settings Routing Logs page see Tracking Traffic Routing Logs on page 267 the corresponding log message will appear in this window with a timestamp Option Description Captive Portal If enabled the controller will log information related to wireless client logs in and log out via Captive Portal Wireless Logs If enabled the controller will log information relative ...

Page 273: ...with a timestamp as determined by the controller s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are sent to the remote interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen Click Send Logs to send all logs in the Displ...

Page 274: ...ured log messages from the controller on WLAN interface as they appear Each log will appear with a timestamp as determined by the controller s configured time The same logs are sent to the WLAN interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen ...

Page 275: ...red log messages from the controller on LAN interface as they appear Each log will appear with a timestamp as determined by the controller s configured time The same logs are sent to the WLAN interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen ...

Page 276: ... Wi Fi coverage A Basic Planning Worksheet similar to the one in this appendix allows you to collect the following critical information to expedite your planning efforts Building dimensions Walls and possible obstructions to wireless coverage Number of floors Distance between floors Total number of users and number of users per access point Radio type s Desired access point data rates Areas where ...

Page 277: ...Configure your time zone and record it here___________________ 3 Use default radio configuration Profile Name ___________________________________________ Clients ________________________________________________ Modes Available 802 11 b g 802 11 n 802 11 b g n 802 11 a 5 GHz Only 802 11 a n 5 GHz Only 802 11 a n ac 5 GHz Only 4 SSID information Service Set Identifier SSID name _____________________...

Page 278: ...d to the Internet Yes No 14 Confirm and record firmware levels for the wireless controller and all access points DWC 2000 wireless controller DWL 2600AP access point DWL 3600AP access point DWL 6600AP access point DWL 8600AP access point DWL 8610AP access point 15 Record MAC addresses for the wireless controller and all access points DWC 2000 wireless controller DWL 2600AP access point s DWL 3600A...

Page 279: ...http 192 168 10 1 User name case sensitive admin Login password case sensitive admin Local area network LAN IP address 192 168 10 1 IPv4 subnet mask 255 255 255 0 DHCP server Disabled DHCP starting IP address 192 168 10 100 DHCP ending IP address 192 168 10 254 Time zone GMT Time zone adjusted for Daylight Savings Time Disabled SNMP Disabled Remote management Disabled ...

Page 280: ...e Mode for securely exchanging encryption keys in ISAKMP as part of building a VPN tunnel IP Internet Protocol The principal communications protocol used for relaying datagrams known as network packets across an internetwork using the Internet Protocol Suite IP is responsible for routing packets across network boundaries It is the primary protocol that establishes the Internet IPsec IP security Su...

Page 281: ...rk from another All access points and devices trying to connect to a specific wireless network must use the same SSID to enable effective roaming Subnet A portion of a network that shares a common address component On TCP IP networks subnets are defined as all devices whose IP addresses have the same prefix For example all devices with IP addresses that start with 100 100 100 belong to the same su...

Page 282: ...er Model DEM 210 B1 C1 D1 E1 DEM 211 B1 C1 D1 E1 DEM 220T B1 C1 D1 E1 DEM 302S BXD A1 DEM 302S BXU A1 DEM 302S LX A1 DEM 310GT F1 G1 H1 I1 DEM 311GT F1 G1 H1 I1 DEM 312GT2 D1 E1 DEM 314GT E1 F1 G1 H1 DEM 315GT E1 F1 G1 H1 DEM 330T B1 B2 C1 D1 DEM 330R B1 B2 C1 D1 DEM 331T B1 B2 C1 D1 DEM 331R B1 B2 C1 D1 DGS 712 C1 Upgrade License DWC 2000 AP32 DWC 2000 AP32 LIC additional 32 managed AP Licenses D...

Reviews:

No comments

Related manuals for DWC-2000

ABB HF Series Manual preview
HF Series
Brand: ABB Pages: 63
Ebyte E103-W03 Product Instruction Manual preview
E103-W03
Brand: Ebyte Pages: 38
EBS CPX200NB User Manual preview
CPX200NB
Brand: EBS Pages: 30
Gatekeeper ITSS User Manual & Install Manual preview
ITSS
Brand: Gatekeeper Pages: 28
Samson 3277 Mounting And Operating Instructions preview
3277
Brand: Samson Pages: 48
Zodiac SIROCCO2 Spare Parts/Accessories Instructions Manual preview
SIROCCO2
Brand: Zodiac Pages: 12
National Instruments 73 Series Getting Started preview
73 Series
Brand: National Instruments Pages: 34
Allen-Bradley PowerFlex 755 IP00 Installation Instructions Manual preview
PowerFlex 755 IP00
Brand: Allen-Bradley Pages: 78
Klimaire KUMR-903 Operation Manual preview
KUMR-903
Brand: Klimaire Pages: 5
FEAS SSE10 Operating Instructions preview
SSE10
Brand: FEAS Pages: 4
HEIDENHAIN ND 1300 Operating Instructions Manual preview
ND 1300
Brand: HEIDENHAIN Pages: 257
ECKELMANN CI 4000 Series Operating Instruction preview
CI 4000 Series
Brand: ECKELMANN Pages: 147
Squizz Z15 Instruction Manual preview
Z15
Brand: Squizz Pages: 24
bluelab Dosetronic Instruction Manual preview
Dosetronic
Brand: bluelab Pages: 39
SOMFY Situo 1 io Instructions preview
Situo 1 io
Brand: SOMFY Pages: 2
Paser AFRTX/4T Installation Manual preview
AFRTX/4T
Brand: Paser Pages: 2
Pegasus Astro Dual Motor Focus Controller Manual preview
Dual Motor Focus Controller
Brand: Pegasus Astro Pages: 16
HORI 4961818031043 Instruction Manual preview
4961818031043
Brand: HORI Pages: 60

Brands by name

Popular brands

Load more brands