D-Link DWL-3600AP Administrator'S Manual Download Page 29 | Manualshive

Page: 29 / 183

background image

Configuring

Security

on

the

Wireless

Access

Point

D-Link

Unified

Access

Point

Administrator’s

Guide

November

2011

Page

29

Unified

Access

Point

Administrator’s

Guide

Configuring

Security

on

the

Wireless

Access

Point

You

configure

secure

wireless

client

access

by

configuring

security

for

each

virtual

access

point

(VAP)

that

you

enable.

You

can

configure

up

to

16

VAPs

per

radio

that

simulate

multiple

APs

in

one

physical

access

point.

By

default,

only

one

VAP

is

enabled.

For

each

VAP,

you

can

configure

a

unique

security

mode

to

control

wireless

client

access.

Each

radio

has

16

VAPs,

with

VAP

IDs

from

0

‐

15.

By

default,

only

VAP

0

on

each

radio

is

enabled.

VAP0

has

the

following

default

settings:

• VLAN

ID:

1

• Broadcast

SSID:

Enabled

• SSID:

dlink1

• Security:

None

• MAC

Authentication

Type:

None

• Redirect

Mode:

None

All

other

VAPs

are

disabled

by

default.

The

default

SSID

for

VAPs

1

–

15

is

"dlink

x"

where

x

is

the

VAP

ID.

To

prevent

unauthorized

access

to

the

UAP,

we

recommend

that

you

select

and

configure

a

security

option

other

than

None

for

the

default

VAP

and

for

each

VAP

that

you

enable.

For

information

about

how

to

configure

the

security

settings

on

each

VAP,

see

“Virtual

Access

Point

Settings”

on

page

70

.

«
...
27
28
29
30
31
...
»

Summary of Contents for DWL-3600AP

Page 1: ...Copyright 2011 All rights reserved Unified Access Point Administrator s Guide Product Model DWL 3600AP DWL 6600AP DWL 8600AP Unified Wired Wireless Access System Release 2 0 November 2011...

Page 2: ...D Link Unified Access Point Administrator s Guide November 2011 Page 2 Unified Access Point Administrator s Guide...

Page 3: ...ess 24 Using the CLI to View the IP Address 24 Configuring the Ethernet Settings 25 Using the CLI to Configure Ethernet Settings 26 Configuring IEEE 802 1X Authentication 27 Using the CLI to Configure...

Page 4: ...and VAP Scheduler 65 Scheduler Association Settings 68 Virtual Access Point Settings 70 None Plain text 74 Static WEP 74 Static WEP Rules 76 IEEE 802 1X 76 WPA Personal 78 WPA Enterprise 79 Configurin...

Page 5: ...ile 118 Performing AP Maintenance 120 Resetting the Factory Default Configuration 120 Rebooting the Access Point 120 Upgrading the Firmware 120 Packet Capture Configuration and Settings 122 Packet Cap...

Page 6: ...nfiguring Advanced Settings 157 Viewing Wireless Neighborhood Information 158 Viewing Details for a Cluster Member 160 Appendix A Default AP Settings 161 Appendix B Configuration Examples 164 Configur...

Page 7: ...tor s Guide November 2011 Page 7 Unified Access Point Administrator s Guide DiffServ Configuration 176 Configuring QoS by Using the CLI 179 ACL Configuration 179 DiffServ Configuration 179 ACL Configu...

Page 8: ...igure 14 Wireless Interface Configuration 54 Figure 15 Configuring Radio Settings 58 Figure 16 Configuring Radio Settings Continued 59 Figure 17 Scheduler Configuration 65 Figure 18 Modify Rule Config...

Page 9: ...e 40 VAP QoS Parameters 129 Figure 41 Client QoS ACL 132 Figure 42 Client QoS DiffServ Class Map 139 Figure 43 Client QoS DiffServ Policy Map 144 Figure 44 Client QoS Status 146 Figure 45 Cluster Info...

Page 10: ...42 Table 13 TSPEC Status and Statistics 46 Table 14 TSPEC AP Statistics 47 Table 15 Radio Statistics Information 48 Table 16 Email Alert Status 50 Table 17 Ethernet Settings Page 52 Table 18 Wireless...

Page 11: ...Capture Configuration 124 Table 49 Packet File Capture 125 Table 50 Remote Packet Capture 127 Table 51 Packet Capture File Download 127 Table 52 VAP QoS Parameters 129 Table 53 ACL Configuration 132 T...

Page 12: ...figuring SNMPv3 on page 111 Section 7 Maintaining the Access Point on page 117 Section 8 Configuring Client Quality of Service on page 128 Section 9 Clustering Multiple APs on page 149 Appendix A Defa...

Page 13: ...fect network connectivity security and so on Table 1 Typographical Conventions Symbol Example Description Bold Click Apply to save your settings Menu titles page names and button names Blue Text See D...

Page 14: ...features available from the user interface UI The information in the online help is a subset of the information available in the Unified Access Point Administrator s Guide Online help information corr...

Page 15: ...ed Wireless Switch see the User Manual for the switch Before you power on a new UAP review the following sections to check required hardware and software components client configurations and compatibi...

Page 16: ...g a wireless connection to the internal network For wireless connection to the access point your administration device will need Wi Fi capability similar to that of any wireless client Portable or bui...

Page 17: ...g the Ethernet Settings on page 25 or by using the Web UI see Ethernet Settings on page 51 Table 3 Requirements for Wireless Clients Required Component Description Wi Fi Client Adapter Portable or bui...

Page 18: ...dynamically assigned address by connecting the AP to a network that has a DHCP server Discovering a Dynamically Assigned IP Address If you have access to the DHCP server on your network and know the...

Page 19: ...e following figure The hub or switch you use must permit broadcast signals from the access point to reach all other devices on the network To use a direct cable connection connect one end of an Ethern...

Page 20: ...information a Connect a serial cable from the administrative computer to the AP and use a terminal emulation program to access the command line interface CLI b At the login prompt enter admin for the...

Page 21: ...Settings page for UAP administration is displayed as the following figure shows 5 Verify the settings on the Basic Settings page Review access point description and provide a new administrator passwo...

Page 22: ...Configuring IEEE 802 1X Authentication on page 27 Basic Settings From the Basic Settings page you can view various information about the UAP including IP and MAC address information and configure the...

Page 23: ...strator password must be an alphanumeric string of up to 8 characters Do not use special characters or spaces Note As an immediate first step in securing your wireless network we recommend that you ch...

Page 24: ...eral net Using the CLI to View the IP Address The DHCP client on the UAP is enabled by default If you connect the UAP to a network with a DHCP server the AP automatically acquires an IP address To man...

Page 25: ...oadcasts requests for network information If you want to use a static IP address you must disable the DHCP client and manually configure the IP address and other network information The management VLA...

Page 26: ...vlan id 1 4094 View untagged VLAN information get untagged vlan Enable the untagged VLAN set untagged vlan status up Disable the untagged VLAN set untagged vlan status down Set the untagged VLAN ID s...

Page 27: ...the network until the 802 1X authenticator grants access If your network uses 802 1X you must configure 802 1X authentication information that the AP can supply to the authenticator If your network u...

Page 28: ...m your computer to the access point do the following procedures a Disconnect the cable from the computer and the access point b Connect an Ethernet cable from the access point to the LAN c Connect you...

Page 29: ...ure a unique security mode to control wireless client access Each radio has 16 VAPs with VAP IDs from 0 15 By default only VAP 0 on each radio is enabled VAP0 has the following default settings VLAN I...

Page 30: ...ns Viewing Interface Status Viewing Events Viewing Transmit and Receive Statistics Viewing Associated Wireless Client Information Viewing TSPEC Client Associations Viewing Rogue AP Detection Viewing M...

Page 31: ...bnet Mask and DNS information To change any of these settings click the Edit link After you click Edit you are redirected to the Ethernet Settings page For information about configuring these settings...

Page 32: ...t erased when the system reboots Set a Severity Level to determine what category of log messages are displayed Set Depth to determine how many log messages are displayed in the Event log Enable a remo...

Page 33: ...ased when the AP reboots Choose Disabled to save system logs to volatile memory Logs in volatile memory are deleted when the system reboots Severity Specify the severity level of the log messages to w...

Page 34: ...ement operations and alerts To use Kernel Log relaying you must configure a remote server to receive the syslog messages The procedure to configure a remote log host depends on the type of system you...

Page 35: ...lay to the remote log server monitor a specified kernel log file or other storage depending on how you configured the Log Relay Host If you disabled the Log Relay Host clicking Apply will disable remo...

Page 36: ...the current AP and a real time display of the transmit and receive statistics for the Ethernet interface on the AP and for the VAPs on all supported radio interfaces All transmit and receive statisti...

Page 37: ...et on the VAP page See Configuring Load Balancing on page 88 Name SSID Wireless network name Also known as the SSID this alphanumeric key uniquely identifies a wireless local area network The SSID is...

Page 38: ...s the underlying IEEE 802 11 authentication and association status which is present no matter which type of security the client uses to connect to the AP This status does not show IEEE 802 1X authenti...

Page 39: ...e wireless client as belonging to a particular user priority An example of a voice traffic stream is a Wi Fi CERTIFIED telephone handset that marks its codec generated data packets as voice priority t...

Page 40: ...TSPEC Traffic Session Identifier range 0 7 TS Type There will only be an entry in the row for a client association that has an active TS If there are no active traffic streams there is no entry for t...

Page 41: ...ue AP Detection information provides real time statistics for all APs within range of the AP on which you are viewing the Administration Web pages When AP detection is enabled the radio will periodica...

Page 42: ...con frames are transmitted by an AP at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second T...

Page 43: ...Basic Rates shown in bold Rate sets are configured on the Radio Settings page See Modifying Radio Settings on page 58 Known AP List Action An AP can appear in the Known AP List if it has been moved fr...

Page 44: ...must be a plain text file with a txt or cfg extension Entries in the file are MAC addresses in hexidecimal format with each octet separated by colons for example 00 11 22 33 44 55 Separate entries wit...

Page 45: ...configure a DHCP server to respond to AP DHCP requests with the switch IP address information see the User Manual for the switch Viewing TSPEC Status and Statistics Information The TSPEC Status and S...

Page 46: ...or this Access Category over the transmission medium to carry data This value should be less than or equal to the maximum bandwidth allowed over the medium for this TS Medium Time Unallocated Time in...

Page 47: ...eams accepted and rejected by the AP To view TSPEC AP statistics click the TSPEC AP Statistics tab Table 14 describes the information provided on TSPEC AP Statistics page Table 14 TSPEC AP Statistics...

Page 48: ...DWL 8600AP and DWL 6600AP only WLAN Packets Received Total packets received by the AP on this radio interface WLAN Bytes Received Total bytes received by the AP on this radio interface WLAN Packets Tr...

Page 49: ...SDU is not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit Transmit Retry Count Number of times an MSDU is successfully transmitted aft...

Page 50: ...ert on page 106 Figure 12 Email Alert Operational Status The following table describes details about the Email Alert Operational Status Table 16 Email Alert Status Field Description Email Alert Status...

Page 51: ...is section are located under the Manage heading on the Administration Web UI Ethernet Settings The default wired interface settings which include DHCP and VLAN information might not work for all netwo...

Page 52: ...t change Management VLAN ID The management VLAN is the VLAN associated with the IP address you use to access the AP The default management VLAN ID is 1 Provide a number between 1 and 4094 for the mana...

Page 53: ...uter Advertisements received on the LAN port The AP can have multiple auto configured IPv6 addresses Static IPv6 Address Enter a static IPv6 address The AP can have a static IPv6 address even if addre...

Page 54: ...scribe aspects of the local area network LAN related specifically to the radio device in the access point 802 11 Mode and Channel and to the network interface to the access point MAC address for acces...

Page 55: ...IEEE 802 11a n operates in the 5 GHz ISM band and includes support for both 802 11a and 802 11n devices IEEE 802 11n is an extension of the 802 11 standard that includes multiple input multiple output...

Page 56: ...ion between Radio 1 and Radio 2 even if the VAP configuration on each radio is the same AeroScout Engine Protocol Support AeroScout Engine support provides location based services for wireless network...

Page 57: ...more information on WDS see Configuring Load Balancing on page 88 Enabling AeroScout Engine Support The AeroScout Engine AE is a software platform produced by AeroScout Inc for location based service...

Page 58: ...ding on the mode you select All settings are described in Table 19 on page 60 Figure 15 Configuring Radio Settings Note The following notes apply to AeroScout product and protocol support D Link does...

Page 59: ...Modifying Radio Settings D Link Unified Access Point Administrator s Guide November 2011 Page 59 Unified Access Point Administrator s Guide Figure 16 Configuring Radio Settings Continued...

Page 60: ...ging from 6 to 54 Mbps IEEE 802 11a n operates in the 5 GHz ISM band and includes support for both 802 11a and 802 11n devices IEEE 802 11n is an extension of the 802 11 standard that includes multipl...

Page 61: ...el can be considered to consist of two 20 MHz channels that are contiguous in the frequency domain These two 20 MHz channels are often referred to as the Primary and Secondary channels The Primary Cha...

Page 62: ...ly sleeping in low power mode have data buffered on the AP awaiting pick up The DTIM period you specify indicates how often the clients served by this AP should check for buffered data still on the AP...

Page 63: ...upport and the basic rate sets you want the AP to advertise Rates are expressed in megabits per second Supported Rate Sets indicate rates that the AP supports You can check multiple rates click a chec...

Page 64: ...t which includes the allotted medium time if the TSPEC was admitted Off A station can send and receive voice priority traffic without requiring an admitted TSPEC the AP ignores voice TSPEC requests fr...

Page 65: ...ing the office working hours in order to achieve security and reduce power consumption You can also use the Scheduler to allow access to VAPs for wireless clients only during specific times of day Eac...

Page 66: ...de Scheduler Profile The Scheduler profile defines the list of profiles names that can be associated to the VAP or Radio configuration Rules are associated with a named scheduler profile You can defin...

Page 67: ...t Administrator s Guide To change an existing rule select the rule update the values in the Rule Configuration area and click Modify Rule Figure 18 Modify Rule Configuration Click Apply to save the ne...

Page 68: ...s created so no profile is associated to any radio or VAP The Scheduler profile needs to be explicitly associated to a radio or VAP configuration Only one Scheduler profile can be associated to any ra...

Page 69: ...one radio Status The operational status of the Scheduler The range is Up or Down VAP Scheduler Profile Operational Status Radio From the menu select Radio 1 or Radio 2 to associate the VAP Scheduler P...

Page 70: ...D you configure on the VAP page or by using the RADIUS server assignment If you use an external RADIUS server you can configure multiple VLANs on each VAP The external RADIUS server assigns wireless c...

Page 71: ...e with the AP the AP sends an authentication request to the primary server If the primary server responds to the authentication request the AP continues to use this RADIUS server as the primary server...

Page 72: ...VAP0 is the physical radio interface so to disable VAP0 you must disable the radio Enabled You can enable or disable a configured network To enable the specified network select the Enabled option besi...

Page 73: ...PA Enterprise If you select a security mode other than None additional fields appear These fields are explained below Note The Security mode you set here is specifically for this VAP MAC Authenticatio...

Page 74: ...available but it offers more protection than setting the security mode to None Plain text as it does prevent an outsider from easily sniffing out unencrypted wireless traffic WEP encrypts data moving...

Page 75: ...lowed to associate with an AP when static WEP is the security mode Specify the authentication algorithm you want to use by choosing one of the following options Open System authentication allows any c...

Page 76: ...tensible Authentication Protocol EAP messages sent over an IEEE 802 11 wireless network using a protocol called EAP Encapsulation Over LANs EAPOL IEEE 802 1X provides dynamically generated keys that a...

Page 77: ...o prevent others from seeing the RADIUS key as you type RADIUS Key 1 3 Enter the RADIUS key associated with the configured backup RADIUS servers The server at RADIUS IP Address 1 uses RADIUS Key 1 RAD...

Page 78: ...ch support WPA2 and others which support only the original WPA select both of the check boxes This lets both WPA and WPA2 client stations associate and authenticate but uses the more robust WPA2 for c...

Page 79: ...thentication for WPA2 clients Click Enable pre authentication if you want WPA2 wireless clients to send pre authentication packet The pre authentication information will be relayed from the AP the cli...

Page 80: ...er The text you enter will be displayed as characters to prevent others from seeing the RADIUS key as you type RADIUS Key 1 3 Enter the RADIUS key associated with the configured backup RADIUS servers...

Page 81: ...simple OSI layer 2 network device In the point to multipoint bridge mode one AP acts as the common link between multiple APs In this mode the central AP accepts client associations and communicates wi...

Page 82: ...ress may appear only once on the WDS page for a particular AP Both APs participating in a WDS link must be on the same Radio channel and using the same IEEE 802 11 mode See Modifying Radio Settings on...

Page 83: ...dio AP the Local Address reflects the MAC address for the internal interface on the selected radio Radio One on wlan0 or Radio Two on wlan1 Remote Address Specify the MAC address of the destination AP...

Page 84: ...u selected HEX enter hexadecimal digits any combination of 0 9 and a f or A F These are the RC4 encryption keys shared with the stations using the AP Note To configure WPA PSK on any WDS link VAP0 of...

Page 85: ...setting is applied If it is not found the opposite is applied On the VAP page the MAC Authentication Type setting controls whether the AP uses the station list configured locally on the MAC Authentica...

Page 86: ...ess Note The filter you select is applied to the clients in the station list regardless of whether that station list is local or on the RADIUS server Stations List This is the local list of clients th...

Page 87: ...d in the following table Note After you configure local MAC Authentication settings you must click Apply to apply the changes and to save the settings Changing some settings might cause the AP to stop...

Page 88: ...ring Load Balancing Table 32 Load Balancing Field Description Load Balancing Enable or disable load balancing To enable load balancing on this AP click Enable To disable load balancing on this AP clic...

Page 89: ...messages on the SSL TCP connection As long as the AP maintains communication with the switch through the keepalive messages it remains in Managed Mode If the AP does not receive a message within 45 s...

Page 90: ...ss switches on your network that were configured by using a DHCP server The AP attempts to contact Switch IP Address 1 first Base IP Port The starting IP port number used by the wireless feature in a...

Page 91: ...e AP to discover and establish WDS link with the Root AP WDS Managed Ethernet Port Specify whether the Ethernet port is to be enabled or disabled when the AP becomes part of a WDS group WDS Group Pass...

Page 92: ...n information that the AP can supply to the authenticator To configure the UAP 802 1X supplicant user name and password by using the Web interface click the Authentication tab and configure the fields...

Page 93: ...rs numbers and special symbols such as and Certificate File Status Indicates whether a certificate file is present and when that certificate expires Certificate File Upload Upload a certificate file t...

Page 94: ...L tab Figure 26 Management ACL Table 35 Management ACL Field Description Management ACL Mode Enable or disable the management ACL feature At least one IPv4 or IPv6 address should be configured before...

Page 95: ...ply to SNMPv1 and SNMPv2c only Key components of any SNMP managed network are managed devices SNMP agents and a management system The agents store data about their devices in Management Information Ba...

Page 96: ...y to save your configuration changes Note If SNMP is disabled all remaining fields on the SNMP page are disabled This is a global SNMP parameter which applies to SNMPv1 SNMPv2c and SNMPv3 Read only co...

Page 97: ...Pv4 DNS hostname or subnet of the machines that can execute get and set requests to the managed devices The valid range is 1 256 characters As with community names this provides a level of security on...

Page 98: ...to send SNMP traps The valid range is 1 256 characters An example of a DNS hostname is snmptraps foo com Since SNMP traps are sent randomly from the SNMP agent it makes sense to specify where exactly...

Page 99: ...enabled Either access type can be disabled separately To configure Web server settings click Web Server tab Figure 28 Configuring Web Server Settings Table 37 Web Server Settings Field Description HTT...

Page 100: ...art the secure Web server The secure connection will not work until the new certificate is accepted on the browser HTTP SSL Certificate File Status Indicates whether a certificate file is present and...

Page 101: ...ing the Telnet Status Telnet is a program that provides access to the DWL x600AP CLI from a remote host From the Telnet page you can enable or disable Telnet access to the system Figure 30 Telnet Stat...

Page 102: ...Windows for transmission The settings described here apply to data transmission behavior on the AP only not to that of the client stations AP Enhanced Distributed Channel Access EDCA Parameters affec...

Page 103: ...itive data such as VoIP and streaming media are automatically sent to this queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 bes...

Page 104: ...ntion Window size is reached retries will continue until a maximum number of retries allowed is reached Valid values for cwMax are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwMax must be higher...

Page 105: ...it time expires before the data frame is sent a retry counter is incremented and the random backoff value window is doubled Doubling will continue until the size of the random backoff value reaches th...

Page 106: ...ring Email Alert Note Email alert is operationally disabled when the AP transitions to managed mode Table 41 Email Alert Configuration Field Description Email Alert Global Configuration Admin Mode Glo...

Page 107: ...hostname of the SMTP server on the network Mail Server Security Specify whether to use SMTP over SSL TLSv1 or no security Open for authentication with the mail server The default is Open Mail Server P...

Page 108: ...the email server details are configured The following text shows an example of an email alert sent from the AP to the network administrator From AP 192 168 2 10 mailserver com Sent Wednesday July 08...

Page 109: ...s computer clock times on your network NTP servers transmit Coordinated Universal Time UTC also known as Greenwich Mean Time to their client systems NTP sends periodic time requests to servers using t...

Page 110: ...and hyphens are accepted The first character must be a letter a z or A Z and the last character cannot be a hyphen System Date Manual configuration Specify the current month day and year System Time...

Page 111: ...of view subtrees where each view subtree is a subtree within the managed object naming tree You can create MIB views to control the OID range that SNMPv3 users can access A MIB view called all is crea...

Page 112: ...6 1 2 1 1 Mask The OID mask is 47 characters in length The format of the OID mask is xx xx xx or xx xx xx and is 16 octets in length Each octet is 2 hexadecimal characters separated by either period o...

Page 113: ...be defined By default users of this group will have read only access to the default all MIB view which can be modified by the user RW A read write group using authentication and data encryption Users...

Page 114: ...tication and data encryption With this security level users send an MD5 key password for authentication and a DES key password for encryption For groups that require authentication encryption or both...

Page 115: ...User names can contain up to 32 alphanumeric characters Group Map the user to a group The default groups are RWAuth RWPriv and RO You can define additional groups on the SNMPv3 Groups page Authentica...

Page 116: ...ve defined on the AP To remove a user select the user and click Remove Note After you configure the SNMPv3 Users settings you must click Apply to apply the changes and to save the settings Table 46 SN...

Page 117: ...s all of the information about the AP settings You can download the configuration file to a management station to manually edit the content or to save as a back up copy You can use HTTP or TFTP to tra...

Page 118: ...Configuration from a Previously Saved File You can use HTTP or TFTP to transfer files to and from the UAP After you download a configuration file to the management station you can manually edit the fi...

Page 119: ...d or Choose File dialog box displays 4 Navigate to the directory that contains the file then select the file to upload and click Open Only those files created with the Backup function and saved as xml...

Page 120: ...ubleshooting measure you can reboot the UAP To reboot the AP click the Reboot button on the Configuration page Upgrading the Firmware As new versions of the UAP firmware become available you can upgra...

Page 121: ...oint restarts The AP resumes normal operation with the same configuration settings it had before the upgrade 6 To verify that the firmware upgrade completed successfully check the firmware version sho...

Page 122: ...capture file mode captured packets are stored in a file on the Access Point The AP can transfer the file to a TFTP server The file is formatted in pcap format and can be examined using tools such as W...

Page 123: ...Packet Capture Configuration and Settings D Link Unified Access Point Administrator s Guide November 2011 Page 123 Unified Access Point Administrator s Guide Figure 39 Packet Capture Configuration...

Page 124: ...or transmitted by the radio Promiscuous Capture Enable to place the radio in promiscuous mode when the capture is active In promiscuous mode the radio receives all traffic on the channel including tr...

Page 125: ...capture mode is in use the AP doesn t store any captured data locally in its file system Your can trace up to five interfaces on the AP at the same time However you must start a separate Wireshark se...

Page 126: ...on a specific BSSID wlan bssid 00 02 bc 00 17 d0 All traffic to and from a specific client wlan addr 00 00 e8 4e 5f 8e In remote capture mode traffic is sent to the PC running Wireshark via one of the...

Page 127: ...gured TFTP server or by HTTP S to a PC The captured packets are stored in file tmp apcapture pcap on the AP A capture is automatically stopped when the capture file download command is triggered Becau...

Page 128: ...idual client is allowed to send and receive To control general categories of traffic such as HTTP traffic or traffic from a specific subnet you can configure ACLs and assign them to one or more VAPs I...

Page 129: ...will not affect clients that access the network through other VAPs Client QoS Mode Enable or disable QoS operation on the VAP selected in the VAP menu QoS must be enabled globally from the Client QoS...

Page 130: ...applied to traffic in the outbound down direction After switching the packet or frame to the outbound interface the ACL s rules are checked for a match The packet or frame is transmitted if it is perm...

Page 131: ...on IP address the source or destination L4 port or the protocol carried in the packet MAC ACLs MAC ACLs are Layer 2 ACLs You can configure the rules to inspect fields of a frame such as the source or...

Page 132: ...lients in the 192 168 20 0 network from being forwarded Figure 41 Client QoS ACL The following table describes the fields available on the Client QoS ACL page Table 53 ACL Configuration Field Descript...

Page 133: ...ria is forwarded unless this rule is the final rule Because there is an implicit deny all rule at the end of every ACL traffic that is not explicitly permitted is dropped Match Every Indicates that th...

Page 134: ...to match ftp ftpdata http smtp snmp telnet tftp www Each of these keywords translates into its equivalent port number Match to Port Enter the IANA port number to match to the source port identified in...

Page 135: ...box and select a DSCP value keyword or enter a DSCP value to match You can select only one service type DSCP IP Precedence or TOS bits to use for match criteria Select from List Select from a list of...

Page 136: ...ld to apply this criteria Source IPv6 Prefix Length Enter the prefix length of the source IPv6 address Source Port Select this option to include a source port in the match condition for the rule The s...

Page 137: ...in the first only 802 1Q VLAN tag Source MAC Address Select this field and enter the source MAC address to compare against an Ethernet frame Source MAC Mask Select this field and enter the source MAC...

Page 138: ...erv for Client QoS use the Class Map and Policy Map pages to define the following categories and their criteria Class create classes and define class criteria Policy create policies associate classes...

Page 139: ...alphanumeric characters Match Layer 3 Protocol Specify whether to classify IPv4 or IPv6 packets Match Criteria Configuration Class Map Name Select name of the class to configure Use the fields in the...

Page 140: ...sk in IP dotted decimal format indicating which part s of the destination IP Address to use for matching against packet content A DiffServ mask of 255 255 255 255 indicates that all bits are important...

Page 141: ...fy quality of service handling in routers range 0 to 1048575 IP DSCP To use IP DSCP as a match criteria select the check box and select a DSCP value keyword or enter a DSCP Select from List Select fro...

Page 142: ...and includes three different types of ports 0 1023 Well Known Ports 1024 49151 Registered Ports 49152 65535 Dynamic and or Private Ports EtherType Select the EtherType field to compare the match crite...

Page 143: ...specify one type of service to use in matching packets to class criteria IP DSCP To use IP DSCP as a match criteria select the check box and select a DSCP value keyword or enter a DSCP Select from Li...

Page 144: ...iteria is defined by a class on the Class Map page The processing is defined by a policy s attributes on the Policy Map page Policy attributes may be defined on a per class instance basis and it is th...

Page 145: ...iteria is met Drop Select Drop to specify that all packets for the associated traffic stream are to be dropped if the class map criteria is met Mark Class of Service Select this field to mark all pack...

Page 146: ...r the QOS mode for the selected client is enabled or disabled Note For the Qos Mode to be enabled on a client it must be globally enabled on the AP and enabled on the VAP the client is associated with...

Page 147: ...AP the ACL s rules are checked for a match The packet or frame is processed if it is permitted and discarded if it is denied ACL Type Down Shows the type of ACL to apply to traffic in the outbound AP...

Page 148: ...121 Access list identifier to be applied to 802 1X authenticated wireless client traffic in the inbound up direction If this attribute refers to an ACL that does not exist on the AP all packets for th...

Page 149: ...t The APs joining the cluster have the same Cluster Name Clustering mode is enabled on both APs Clustering Single and Dual Radio APs Clustering of single and dual radios is not supported A cluster can...

Page 150: ...5 Cluster Information and Member Configuration The following figure shows the Cluster Access Points page when clustering is enabled and two access points are in the cluster Figure 46 Cluster Informati...

Page 151: ...one of the information in this table is visible To disable clustering on the AP click Stop Clustering Location Description of where the access point is physically located MAC Address Media Access Cont...

Page 152: ...tral management of clustered access points For access points in a cluster all access points in the cluster reflect the same configuration In this case it does not matter which access point you actuall...

Page 153: ...session ends when the client either logs off intentionally or loses the connection for some other reason To manage sessions associated with the cluster click Cluster Sessions Figure 47 Session Managem...

Page 154: ...nes that a change is necessary that information is sent to all members of the cluster and a syslog message is generated indicating the sender AP new and old channel assignments The Channel Management...

Page 155: ...nnel Assignment By default automatic channel assignment is disabled off Click Start to resume automatic channel assignment When automatic channel assignment is enabled the Channel Manager periodically...

Page 156: ...channels than they were previously using depending on the results of the plan Table 61 Channel Assignments Field Description IP Address Specifies the IP Address for the access point Radio Identifies t...

Page 157: ...algorithm Click Apply under Advanced settings to apply these settings Advanced settings will take effect when they are applied and influence how automatic channel management is performed Table 63 Adva...

Page 158: ...erval You can click on an AP to get additional statistics about the APs in radio range of the currently selected AP The Wireless Neighborhood view can help you Detect and locate unexpected or rogue ac...

Page 159: ...er member itself Neighbors who are also cluster members are always shown at the top of the list with a heavy bar above and include a location indicator The colored bars to the right of each AP in the...

Page 160: ...ccess point must always have two different network names MAC Address Shows the MAC address of the neighboring access point A MAC address is a hardware address that uniquely identifies each node of a n...

Page 161: ...e Default System Information User Name admin Password admin Ethernet Interface Settings Connection Type DHCP DHCP Enabled IP Address 10 90 90 91 if no DHCP server is available Subnet Mask 255 0 0 0 DN...

Page 162: ...al 100 DTIM Period 2 Fragmentation Threshold 2346 RTS Threshold 2347 TSPEC Mode Off TSPEC Voice ACM Mode Off Virtual Access Point Settings Status VAP0 is enabled on both radios all other VAPs disabled...

Page 163: ...Access Enabled disabled in Managed Mode HTTPS Access Enabled disabled in Managed Mode Console Port Access Enabled Telnet Access Enabled disabled in Managed Mode SSH Access Enabled disabled in Managed...

Page 164: ...amples the objects you use to AP are in a private MIB The path to the tables that contain the objects is iso 1 org 3 dod 6 internet 1 private 4 enterprises 1 dlink 171 dlink products 10 dwl ap 37 dwlW...

Page 165: ...Set the Security Mode to WPA Personal set interface wlan0vap1 security wpa personal 6 Allow WPA2 clients and not WPA clients to connect to the AP set bss wlan0bssvap1 wpa allowed off set bss wlan0bssv...

Page 166: ...figSecurity object to wpa personal 3 10 Set the value of instance3 in the apIfConfigWpaPersonalKey object to JuPXkC7GvY moQiUttp2 which is the WPA pre shared key 11 Navigate to the objects in the apRa...

Page 167: ...t Administrator s Guide 5 From the Channel Bandwidth field select 40 MHz 6 In the Maximum Stations field change the value to 100 7 In the Transmit Power field change the value to 75 The following imag...

Page 168: ...tx power 75 8 View information about the radio settings get radio wlan1 detail Radio Configuration Using SNMP 1 Load the DLINK WLAN ACCESS POINT MIB module 2 From the MIB tree navigate to the objects...

Page 169: ...WDS Configuration from the Web Interface To create a WDS link between a pair of access points MyAP1 and MyAP2 use the following steps 1 Log onto MyAP1 and navigate to the Manage WDS page The MAC addre...

Page 170: ...P1 by using Telnet SSH or a serial connection 2 Configure the remote MAC address for MyAP2 set interface wlan0wds0 status up remote mac 00 30 AB 00 00 B0 3 Set WPA PSK as the encryption type for the l...

Page 171: ...The first WDS link is instance 1 4 Set the value of instance 1 in the apIfConfigRemoteMac object to 00 30 AB 00 00 B0 In the MG Soft browser the format for the MAC address value to set is 0x00 0x30 0...

Page 172: ...r Clustering APs by Using the Web Interface 1 Log onto the AP and navigate to the Cluster Access Points page 2 If clustering has started click Stop Clustering so you can change the Clustering Options...

Page 173: ...clustering so you can change the location and cluster name set cluster clustered 0 3 Set the AP Location set cluster cluster name Room 214 4 Set the cluster name set cluster location MyCluster 5 Start...

Page 174: ...d to the inbound interface on the AP so that packets are checked when the AP receives traffic from associated clients The DiffServ policy in this example shows how to establish default DiffServ behavi...

Page 175: ...List Source Port www 7 Click Apply to save the rule 8 Select New Rule from the Rule menu and create another rule with the following settings Action Permit Match Every Clear the option Protocol IP Add...

Page 176: ...e Class Map Name field and click Add Class Map The page refreshes and additional fields appear 3 Select the Match Every option to indicate that all match criteria defined for the class must be satisfi...

Page 177: ...Access Point Administrator s Guide Destination IP Mask 255 255 255 255 7 Click Apply to save the match criteria 8 Navigate to the Client QoS Policy Map page 9 To create a policy enter pol_voip into t...

Page 178: ...f from the Select From List menu 11 Traffic that meets the criteria defined in the class_voip class is marked with a DSCP value of EF expedited forwarding 12 Click Apply to save the policy 13 Navigate...

Page 179: ...c ip mask 0 0 0 255 src port http 4 Add another rule to acl1 that allows all traffic from the host with an IP address of 192 168 1 23 add rule acl name acl2 acl type ipv4 action permit protocol ip src...

Page 180: ...ction from the client to the AP set vap wlan0vap2 def policy up pol_voip Configuring QoS by Using SNMP ACL Configuration 1 Load the DLINK WLAN ACCESS POINT MIB module 2 From the MIB tree navigate to t...

Page 181: ...ss of 192 168 1 23 Use 1 3 6 1 4 1 6132 1 1 28 10 3 1 14 1 4 97 99 108 49 2 to set the apQosAclRuleStatus of Rule 2 to active 1 Use 1 3 6 1 4 1 6132 1 1 28 10 3 1 4 1 4 97 99 108 49 2 to set the apQos...

Page 182: ...t apQosDsClassMapMatchProtocol to UDP 17 Set apQosDsClassMapMatchSrcIpAddress to 192 168 1 0 Set apQosDsClassMapMatchSrcIpMask to 255 255 255 0 Set apQosDsClassMapMatchDestIpAddress to 192 168 2 200 S...

Page 183: ...Mode object to set the status to up 1 which enables Client QoS on the AP 9 Walk the apVapDescription object to view the instance ID for VAP 2 wlan0vap2 VAP 2 on Radio 1 is instance 5 10 Use the apVapQ...

Reviews:

No comments

Related manuals for DWL-3600AP

Brand: Abocom Pages: 14

Brand: H3C Pages: 42

Brand: Arris Pages: 2

Brand: IP-COM Pages: 2

Brand: Sercomm Pages: 14

Brand: SONBEST Pages: 5

Brand: EnGenius Pages: 4

Brand: EnGenius Pages: 5

HBFHP792 Series

Brand: JETWAY Pages: 37

Brand: Draytek Pages: 134

Brand: INSTEON Pages: 12

LiteBeam 5AC LR

Brand: Ubiquiti Pages: 32

Brand: I-O Wireless Pages: 36

Brand: Ebyte Pages: 11

Brand: Ebyte Pages: 21

Brand: Airspan Pages: 58

Brand: Solwise Pages: 3

Brand: Solwise Pages: 39

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands