manualshive.com logo in svg

D-Link DWS-3024L, User Manual

The D-Link DWS-3024L is an advanced network switch designed for seamless connectivity. With its reliable performance and extensive features, configuring and optimizing your network has never been easier. Enhance your user experience by downloading the free user manual from our website to explore the full potential of this exceptional product.

Share
Download
background image

Configuring SSID Settings    101

5   Configuring Access Point Settings

If the wireless network topology changes (for example, a DWS-3000 switch reboots) while the 
L3 tunneling feature is in use, you should perform an ARP refresh on wired clients to speed up 
the process of re-establishing connectivity to the tunneled network.

For information about how to configure a network to use L3 tunneling, including CLI 
commands and Web configuration procedures, see Appendix C, 

“L3 Roaming Example” on 

page 213

.

Configuring AP Security

The Default AP profile does not use any security mechanism by default. In order to protect 
your network, we strongly recommend that you select a security mechanism so that 
unauthorized wireless clients cannot gain access to your network. 

From the Wireless Network Configuration page, you can select NoneWEP or WPA/WPA2 
as the WLAN security mechanisms, as 

Figure 44

 shows. The default is None.

Figure 44.  AP Network Security Options

The following sections describe the security mechanicians.

Using No Security

If you select None as your security mode, no further options are configurable on the AP. This 
mode means that any data transferred between the D-Link Access Point and the associated 
wireless clients is not encrypted, and any wireless client can associate with the AP. 

This security mode can be useful during initial network configuration or for problem solving, 
but it is not recommended for regular use on the internal network because it is not secure.

Using Static or Dynamic WEP

Wired Equivalent Privacy (

WEP

) is a data encryption protocol for 802.11 wireless networks. If 

you select this security mechanism, all wireless clients and access points on the network are 
configured with a 64-bit (40-bit secret key + 24-bit initialization vector (IV)), 128-bit (104-bit 
secret key + 24-bit IV), or 152-bit (128-bit secret key + 24-bit IV) Shared Key for data 
encryption.

Static WEP is not the most secure mode available, but it offers more protection than setting the 
security mode to None as it does prevent an outsider from easily sniffing out unencrypted 
wireless traffic.

Dynamic WEP is more secure than Static WEP, but you need a RADIUS server to manage the 
dynamically generated keys.

WEP encrypts data moving across the wireless network based on a static key. (The encryption 
algorithm is a “stream” cipher called RC4.)

Summary of Contents for DWS-3024L

Page 1: ...User Manual Product Model DWS 3000 Series DWL 3500AP 8500AP Unified Wired Wireless Access System Release 2 1 May 2008 Copyright 2008 All rights reserved ...

Page 2: ...estic environment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen In diesem Fall kann vom Benutzer verlangt werden angemessene Massnahmen zu ergreifen Precaución Este es un producto de Clase A En un entorno doméstico puede causar interfe...

Page 3: ...gy 23 Single Unified Switch Deployment 24 Peer Unified Switch Deployment 24 Understanding the User Interfaces 25 Using the Web Interface 26 Using the Command Line Interface 28 Using SNMP 29 Wireless System Features and Standards Support 30 2 Planning the D Link Unified Access System Network 33 System Requirements 33 WLAN Topology Considerations 34 Access Point to Switch Discovery 36 Access Point P...

Page 4: ...vering Access Points and Peer Switches 61 Understanding the Discovery Methods 61 Discovery and Peer Switches 64 Assigning the IP Address to Switches and Managed APs 64 Enabling the AP and Peer Switch Discovery 67 Authenticating and Validating Access Points 74 Configuring AP Authentication 75 Using the Local Database for AP Validation 76 Using the RADIUS Database for AP Validation 78 Managing Faile...

Page 5: ... Client SSID Status 149 Viewing Associated Client VAP Status 149 Viewing Associated Client Statistics 149 Viewing Client Authentication Failure Status 151 Monitoring and Managing Ad Hoc Clients 153 8 Configuring Advanced Settings 155 Creating Configuring and Managing AP Profiles 155 Creating Copying and Deleting AP Profiles 157 Applying an AP Profile 158 Configuring Global Settings 159 Enabling SN...

Page 6: ...US Clients 207 Creating and Including an Attribute Dictionary 207 Adding Access Points to the Valid AP Database 208 Configuring RADIUS Settings for Wireless Clients 209 Configuring RADIUS for Client MAC Authentication 209 FreeRADIUS Example for Wireless Client Configuration 210 Configuring User Based Authentication and Dynamic VLANs 210 Configuring MAC Authentication 211 C L3 Roaming Example 213 C...

Page 7: ...E Limited Warranty USA Only 233 Product Registration 237 Limited Warranty 238 What You Must Do For Warranty Service 239 What Is Not Covered 239 Trademarks 240 Copyright Statement 240 FCC Warning 240 F Technical Support 241 International Offices 265 Registration Card All Countries and Regions Excluding USA 266 ...

Page 8: ...D Link Unified Access System User Manual ...

Page 9: ...lation on a Desktop or Shelf 45 Figure 20 Fasten Mounting Brackets to Switch 45 Figure 21 Mounting the Switch in a Standard 19 Rack 46 Figure 22 Inserting the Fiber Optic Transceivers into the Switch 47 Figure 23 Front Panel of the DEM 410X 48 Figure 24 Front Panel of the DEM 410CX 48 Figure 25 Inserting the optional module into the Switch DWS 3026 48 Figure 26 DWS 3026 with optional DEM 410X modu...

Page 10: ...iled AP Status 142 Figure 64 RF Scan 144 Figure 65 Associated Client Status 145 Figure 66 Client Authentication Failure Status 152 Figure 67 Ad Hoc Clients 153 Figure 68 Multiple AP Profiles 156 Figure 69 Adding a Profile 157 Figure 70 Configuring an AP Profile 157 Figure 71 Applying the AP Profile 158 Figure 72 Global Configuration 159 Figure 73 SNMP Trap Configuration 161 Figure 74 QoS Configura...

Page 11: ...iew 192 Figure 94 Component Tool Tip 193 Figure 95 Graphed Components 194 Figure 96 Legend 196 Figure 97 Sentry Mode Detailed View 197 Figure 98 Channel Colors 197 Figure 99 Tool Tip for Radio Managed AP Information 198 Figure 100 Wireless Component Attributes 199 Figure 101 Example of a Network with L3 Tunnel Subnet 214 Figure 102 Traffic Prioritization 232 ...

Page 12: ...12 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 13: ... Debug 120 Table 23 Managed AP Channel Power Adjust 120 Table 24 Global WLAN Statistics 124 Table 25 Peer Switch Status 127 Table 26 Monitoring All Access Points 128 Table 27 Managed Access Point Status 130 Table 28 Detailed Managed Access Point Status 132 Table 29 Managed AP Radio Summary 134 Table 30 Managed AP Radio Detail 134 Table 31 Managed AP Neighbor Status 136 Table 32 Neighbor AP Clients...

Page 14: ...onfiguration 174 Table 61 Captive Portal User RADIUS Attributes 175 Table 62 Global Captive Portal Configuration 176 Table 63 Global Captive Portal Status 177 Table 64 CP Activation and Activity Status 178 Table 65 Interface Activation Status 180 Table 66 Interface and Capability Status 181 Table 67 Client Summary 182 Table 68 Client Detail 183 Table 69 Client Interface Association Connection Stat...

Page 15: ... on page 83 Chapter 6 Managing and Maintaining D Link Access Points on page 109 Chapter 7 Monitoring Status and Statistics on page 123 Chapter 8 Configuring Advanced Settings on page 155 Chapter 9 Configuring the Captive Portal on page 167 Chapter 10 Visualizing the Wireless Network on page 187 Appendix A D Link Unified Access System Default Settings on page 201 Appendix B Configuring the External...

Page 16: ...ble or plug is damaged An object has fallen into the product The product has been exposed to water The product has been dropped or damaged The product does not operate correctly when you follow the operating instructions Table 1 Typographical Conventions Symbol Description Example Bold Menu titles page names and button names Click Submit to apply your settings Blue Text Hyperlinked text See About ...

Page 17: ... product and for the voltage and current marked on the product s electrical ratings label The voltage and current rating of the cable should be greater than the ratings marked on the product To help prevent an electric shock plug the system and peripheral power cables into properly grounded electrical outlets These cables are equipped with three prong plugs to help ensure proper grounding Do not u...

Page 18: ... the bottom up and load the heaviest item in the rack first Make sure that the rack is level and stable before extending a component from the rack Use caution when pressing the component rail release latches and sliding a component into or out of a rack the slide rails can pinch your fingers After a component is inserted into the rack carefully extend the rail into a locking position and then slid...

Page 19: ...rton do not remove the component from the antistatic packing material until you are ready to install the component in your system Just before unwrapping the antistatic packaging be sure to discharge static electricity from your body 2 When transporting a sensitive component first place it in an antistatic container or packaging 3 Handle all sensitive components in a static safe area If possible us...

Page 20: ...20 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 21: ...D Link Unified Switch and the D Link Access Point AP The DWS 3024L Unified Switch can manage up to 24 D Link Access Points whereas the DWS 3024 and the DWS 3026 switches can manage up to 48 D Link Access Points Each managed access point can handle up to 512 associated wireless clients 256 per radio The switch tracks the status and statistics for all associated WLAN traffic and devices You can conf...

Page 22: ...nd line interface CLI In Managed Mode the D Link Access Point is part of the D Link Unified Access System and you manage it by using the D Link Unified Switch If an AP is in Managed Mode the Administrator Web UI services on the AP are disabled Access is limited to the CLI through Telnet The Standalone Mode is appropriate for small networks with only a few APs The Managed Mode is useful for any siz...

Page 23: ...n and network with a D Link Unified Switch that manages two APs The graph also shows a peer switch and a rogue AP in the network Figure 1 Sample WLAN Visualization The WLAN Visualization tool provides an AP power display with color coded channels to help you determine where to physically place access points to reduce interference or increase coverage on your WLAN D Link Unified Access System Topol...

Page 24: ...ve the same SSID wireless clients can seamlessly roam among the three APs with no interruption in network access The client keeps the same IP address and does not need to re authenticate when it moves into the broadcast area of a different AP Configuration changes to the APs are managed by the switch simultaneously or on a per AP basis Peer Unified Switch Deployment To support larger networks you ...

Page 25: ...ints which not only facilitates deployment and management but also enhances security The D Link Unified Access System includes a set of comprehensive management functions for managing and monitoring the WLAN by using one of the following three methods Web based Command Line Interface CLI Simple Network Management Protocol SNMP Each of the standards based management methods enables you to configure...

Page 26: ... By default the user name is admin and there is no password 3 After the system authenticates you the System Description page displays Figure 4 shows the layout of the D Link Unified Switch Web interface Each Web page contains three main areas interface configuration graphic the navigation tree and the configuration status or options Figure 4 Web Interface Layout Interface Configuration Graphic The...

Page 27: ...to the left of the panel The tree consists of a combination of folders subfolders and configuration and status HTML pages Click the folder to view the options in that folder Each folder contains either subfolders or HTML pages or a combination of both Figure 6 shows an example of a folder subfolder and HTML page in the navigation menu When you click a folder or subfolder that is preceded by a plus...

Page 28: ...he tab to access a specific page NOTE Other packages in the software suite do not use tabs in the Web interface Tools Menu If you mouse over the Tool icon a list of the following useful system tools appears Reset Configuration Reset Password Reboot System Save Changes Download File Upload File Multiple Image Services Each item in the list is a link to the Web page where you can perform the related...

Page 29: ...is in DLINK SWITCHING MIB which is a private MIB Some interface configurations also involve objects in the public MIB IF MIB SNMP is enabled by default The System Description Web page which is the page the displays after a successful login and the show sysinfo command display the information you need to configure an SNMP manager to access the switch Any user can connect to the switch using the SNM...

Page 30: ...atic or Manual RF Channel Assignment Automatic or Manual AP Power Adjustment AP Authentication Client Authentication Load Balancing RF Scan and AP Sentry Mode Dual Radio Support Multiple Mode Support for Radios IEEE 802 11a IEEE 802 11b IEEE 802 11g Dynamic Turbo 5Ghz Dynamic Turbo 2 4 Ghz IEEE 802 11h TPC and DFS Security Standard Support WEP 64 128 WEP 152 TKIP AES CCMP Inhibit SSID broadcast WP...

Page 31: ...ation Firmware Upload Download Each AP supports 8 virtual access points VAPs per radio You can configure a unique SSID and security policy on each VAP The following list shows some of the D Link Access Point features and standards support WLAN and IEEE Standards IEEE 802 11a IEEE 802 11b IEEE 802 11d IEEE 802 11e WMM IEEE 802 11g IEEE 802 11h IEEE 802 11i WPA2 IEEE 802 1X 2001 Port Based Network A...

Page 32: ...P Dynamic VLANs MAC ACLs SpectralLink Priority Support WLAN Encryption and Security WEP TKIP AES CCMP Rogue AP detection Ad Hoc Client Detection Inhibit Ignore SSID broadcast Weak IV avoidance MAC Authentication Port IP blocking RADIUS support EAP PEAP TLS and TTLS WPA Personal Enterprise WPA2 Personal Enterprise 802 11i 802 1X Supplicant Client Authentication Firewall IP filtering support ...

Page 33: ...e connection After the initial configuration you can manage the Unified Switch by using a Web based user interface UI command line interface CLI or SNMP The following list describes the minimum requirements you need to install and manage the D Link Unified Switch VT100 terminal or PC with terminal emulation software Direct serial connection to the console port of the D Link Unified Switch Remote s...

Page 34: ...e IEEE 802 11 modes in which you plan to run the access point IEEE 802 11a 802 11b 802 11g Client software such as Microsoft Windows Supplicant configured to associate with the WLAN Wireless security software that is compatible with the authentication mode the access point uses WLAN Topology Considerations The D Link Unified Switch adds WLAN functionality to the base switching and IP routing featu...

Page 35: ...list of managed APs and wireless clients with the switches in the peer group so that the APs and wireless clients are not reported as rogues unknown The topology in Figure 8 works well if you need to add upgrade or replace LAN switches on your network NOTE When tunneled clients are used in conjunction with peer switches one of the peer switches must be configured as a default gateway for the tunne...

Page 36: ...each other you can use one of the following four methods Enter the IP address of the Unified Switch into the AP Enter the IP address of the AP into the Unified Switch Configure the DHCP server to pass the IP address of the Unified Switch to the AP in DHCP option 43 Use the D Link Wireless Device Discovery Protocol The AP to switch discovery method you use depends on your network topology For examp...

Page 37: ...es the security threat to the network When the power level is high and RF broadcast area is larger more wireless clients can detect the signal and associate with the AP An increase in the number of wireless clients that associate with the AP generally means that the amount of traffic the AP receives and transmits increases as well You can limit the network utilization level allowed on an AP to pre...

Page 38: ... different subnets A D Link Unified Switch controls the three APs When the wireless client connects to any of the APs it receives an IP address from the Unified Switch that is in the L3 Tunnel subnet As the client roams among the APs it maintains its connection to the WLAN and keeps the same IP address that the switch originally assigned it All traffic the client sends and receives goes through th...

Page 39: ...without the Rack Installing the Switch in a Rack Powering On the Switch Installing the SFP ports Installing the Optional Modules Connecting to the External Redundant Power System Connecting the Switch Connecting the Switch to the Network Connecting the Switch and AP Directly Connecting the Switch and AP through the L2 L3 Network Connecting to the Core Network Hardware Overview This section describ...

Page 40: ...ED indicators for Power Console RPS PoE and Link Act Speed for each port on the Switch including 10GE Ports for optional modules and SFP port LEDs Table 2 describes the LED indicators in more detail Figure 11 Front Panel View of the DWS 3024L as Shipped Figure 12 Front Panel View of the DWS 3024 as Shipped Figure 13 Front Panel View of the DWS 3026 as Shipped ...

Page 41: ...ors The Switch supports LED indicators for Power Console RPS PoE and Port LEDs including 10GE port LEDs for optional module inserts on the DWS 3026 Figure 14 LED Indicators on DWS 3024L Figure 15 LED Indicators on DWS 3024 Figure 16 LED Indicators on DWS 3026 ...

Page 42: ...row of LEDs for each port is located above the ports on the front panel The indicator above the left side of a port corresponds to the port below the indicator in the upper row of ports The indicator above the right side of a port corresponds to the port below the indicator in the lower row of ports The port LEDs show information about link activity and speed on the port or Power over Ethernet usa...

Page 43: ... a redundant power supply connector and two empty slots for optional 10GE module inserts Figure 18 Rear panel view of DWS 3026 Side Panels The system fans and heat vents located on each side of the Switch dissipate heat Do not block these openings Leave at least 6 inches of space at the rear and sides of the Switch for proper ventilation Without proper heat dissipation and air circulation system c...

Page 44: ...ease follow these guidelines for setting up the Switch Install the Switch on a sturdy level surface that can support at least 6 6 lb 3 kg of weight Do not place heavy objects on the Switch The power outlet should be within 1 82 meters 6 feet of the Switch Visually inspect the power cord and see that it is fully secured to the AC power port Make sure that there is proper heat dissipation from the S...

Page 45: ...cushioning feet on the bottom at each corner of the device Allow enough ventilation space between the Switch and any other objects in the vicinity Figure 19 Prepare Switch for Installation on a Desktop or Shelf Installing the Switch in a Rack The Switch can be mounted in a standard 19 rack Use the following diagrams as a guide Figure 20 Fasten Mounting Brackets to Switch Rubber Feet ...

Page 46: ...the Switch the LED indicators will momentarily blink This blinking of the LED indicators represents a reset of the system Power Failure As a precaution in the event of a power failure unplug the Switch When power is resumed plug the Switch back in Installing the SFP ports The DWS 3000 series switches are equipped with SFP Small Form factor Pluggable ports which are to be used with fiber optical tr...

Page 47: ...XFP MSA compliant transceivers The DEM 410CX uses copper wire medium not optic fiber and therefore has a transmit length limit up to 1 meters Compliant with the IEEE802 3ak standard this module uses a 4 lane copper connector for data transfer in full duplex mode To install these modules in the DWS 3026 Switch follow the steps listed in this section CAUTION Before adding the optional module make su...

Page 48: ...X Install the Module Unplug the Switch before removing the faceplate covering the empty slot To install the module slide it in to the available slot at the rear of the Switch until it reaches the back as shown in the following figure Gently but firmly push in on the module to secure it to the Switch The module should fit snugly into the corresponding receptors Figure 25 Inserting the optional modu...

Page 49: ...stem RPS The diagrams below illustrate a proper RPS power connection to the Switch Please consult the documentation for information on power cabling and connectors and setup procedure Figure 27 RPS Connector Connecting the Switch This section describes how to connect the following nodes Switch to the network AP directly to the Switch AP to the Switch through the L2 L3 network Switch through the 10...

Page 50: ...P STP cable Connect a 100BASE TX hub or switch to the Switch via a twisted pair Category 5 UTP STP cable Connect 1000BASE T switch to the Switch via a twisted pair Category 5e UTP STP cable Connect a switch supporting a fiber optic uplink to the Switch s SFP ports via fiber optic cabling Change the Switch to PoE mode using the Mode Select button When in PoE Mode the Switch works with all D Link 80...

Page 51: ...twork Connecting to the Core Network The optional 10GB ports on the DWS 3026 are ideal for uplinking to the core network Connections to the Gigabit Ethernet ports are made using a fiber optic cable or Category 5e copper cable depending on the type of port A valid connection is indicated when the Link LED is lit Figure 30 shows the rear panel of the DWS 3026 with the optional DEM 410X module Figure...

Page 52: ...52 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 53: ...nts and to minimize radio frequency RF interference by other access points You should also determine how to integrate the D Link Unified Switch into your existing network topology For more information about planning the WLAN topology see WLAN Topology Considerations on page 34 2 Install and configure the D Link Unified Switch To install and configure the switch you need a serial connection to the ...

Page 54: ...he APs You can optionally configure the Unified Switch so that it only manages APs that it authenticates You can use the local database or an external RADIUS database for AP authentication Whether or not you require AP to Unified Switch authentication the switch must be able to validate an AP before it can manage the AP For the switch to validate the AP you must add the MAC address of each AP to t...

Page 55: ...e or UNIX workstation start a terminal emulation program such as HyperTerminal or TeraTerm 2 Configure the terminal emulation program to use the following settings Baud rate 115 000 bps Data bits 8 Parity none Stop bit 1 Flow control none 3 Press the return key and the User prompt appears Enter admin as the user name There is no default password Press ENTER at the password prompt if you did not ch...

Page 56: ...ion Basic Setup Table 3 describes the fields on the Wireless Global Configuration page NOTE Wireless features are available under the WLAN tab on the navigation menu NOTE Most configuration pages have a Submit button which applies the changes to the running configuration but does not save them to non volatile memory NVRAM To make the changes permanent so they persist across a reboot click the Tool...

Page 57: ... for the operational status to be enabled For information about how to configure a loopback interface and enable routing see D Link Unified Switch with Routing Enabled on page 65 IP Address This field shows the IP address of the WLAN interface on the switch If routing is disabled the IP address is the network interface If routing is enabled this is the IP address of the routing or loopback interfa...

Page 58: ...To prevent wireless clients from having access to the AP management interface you can create a management VLAN NOTE The commands you enter on the AP apply the changes to the running configuration but does not save them to non volatile memory NVRAM To make the changes permanent so they persist across a reboot use the save running command Logging on to the AP You can access the AP CLI only through T...

Page 59: ...d log on to the AP and enter the following command set system password password For example the following command changes the password to test1234 set system password test1234 The password you type appears in plain text You are not asked to confirm the password after you enter it once Configuring 802 1X Authentication Information on the AP On networks that use IEEE 802 1X port based network access...

Page 60: ...e as the one you configure on the Unified Switch To configure the pass phrase on the AP use the following command set managed ap pass phrase phrase The pass phrase can be up to 32 alphanumeric characters For example the following command sets the AP to Unified Switch authentication pass phrase to test1234 WLAN AP set managed ap pass phrase test1234 For more information about AP to Unified Switch a...

Page 61: ...vices and must be compatible When the D Link Unified Switch discovers and validates D Link Access Points the switch takes over the management of the AP The default AP Profile settings are listed in Appendix A For information about how to change the AP Profile settings see Chapter 5 Configuring Access Point Settings on page 83 Understanding the Discovery Methods The Unified Switch and AP have multi...

Page 62: ...ows two access points One AP is directly connected to the D Link Unified Switch and the other AP is connected via a L3 switch Figure 33 L3 Discovery Example 1 The administrator disables the L2 discovery method on the switch and adds the IP addresses of the APs to the L3 Discovery list on the switch The Unified Switch sends UDP discovery messages to the IP addresses in its list When the AP receives...

Page 63: ...tation from the first Unified Switch configured in its list it sends a UDP discovery message to the second Unified Switch configured in the list five seconds after sending the message to the first Unified Switch When an IP address of a Unified Switch is configured on the AP the AP only associates with that switch even if other switches discover the AP by using other mechanisms For more information...

Page 64: ...rnal RADIUS Server on page 205 If the RADIUS server indicates that the AP is a valid managed AP and returns an IP address of a switch that is not the same as this switch then the switch sends a re link message to the access point with the IP address of the Unified Switch to which the AP should be talking to When the AP gets the re link message it modifies or sets the Unified Switch IP address brea...

Page 65: ...itch With the loopback interface the IP address of the wireless function is always the same NOTE In this context the loopback interface does not refer to the loopback interface with the 127 0 0 1 IP address When you configure a loopback interface for the wireless interface on the switch it is essentially a permanent logical inter face and cannot have an IP address of 127 0 0 1 You must create a de...

Page 66: ...ocedures to enable routing and configure an IP address on the switch by using the Web interface NOTE Routing is available under the LAN tab on the navigation menu 1 Log on to the Web interface and click L3 Features IP Configuration to access the IP Configuration page 2 From the Routing Mode drop down menu choose Enable and then click Submit 3 To create a loopback interface click Routing Loopback C...

Page 67: ...he following command set static ip route gateway gateway_ip mask subnet For example set static ip route gateway 102 168 22 1 mask 255 255 255 0 6 From the CLI enter save running to save the configuration to memory You can use the Unified Switch as a DHCP server If you plan to use the Unified Switch as the DHCP server that responds to DHCP requests from the AP see Setting the Switch Information in ...

Page 68: ...he switch and AP are in the same Layer 2 multicast domain you might not need to take any action to enable AP to Switch discovery If the switch has discovered a new AP by using L2 discovery and the MAC address of the AP is not in the Valid AP database the AP appears in the list on the Monitoring Access Point Authentication Failed Access Points page To view AP authentication failures from the CLI en...

Page 69: ...ration file switch prompt write This operation may take a few minutes Management interfaces will not be available during this time Are you sure you want to save y n y Configuration Saved To check the managed status from the Unified Switch CLI enter the following command switch prompt show wireless ap status Configuring IP Addresses of Peers and APs in the Switch You can configure up to 256 IP addr...

Page 70: ...he To field blank 5 Click Add to add the IP addresses to the list Table 6 L3 IP Discovery Field Description L3 IP Discovery This check box is used to enable or disable IP based discovery of access points and peer Unified Switches When checked IP polling is enabled and the switch will periodically poll each address in the configured IP List By default L3 IP Discovery is enabled IP List The list of ...

Page 71: ...ess of a peer switch or AP to the discovery list switch prompt Config wireless discovery ip list 192 168 6 211 From the CLI you can only add one IP address at a time 3 Enter CTRL Z to return to Privileged EXEC mode 4 Save the changes to the configuration file switch prompt write This operation may take a few minutes Management interfaces will not be available during this time Are you sure you want...

Page 72: ... manage the AP For example to enter a Unified Switch with an IP address of 192 168 66 202 and a Unified Switch with an IP address of 192 168 19 242 use the following commands WLAN AP set managed ap switch address 1 192 168 66 202 WLAN AP set managed ap switch address 2 192 168 19 242 3 Use the get managed ap command to verify that the information you entered is correct WLAN AP get managed ap Prope...

Page 73: ...ith the access points with DHCP Option 43 as the following procedures describe 1 From the DHCP manager right click the applicable scope and select Configure Options 2 From the Available Options list scroll to Option 43 and select the 043 Vendor Specific Info check box 3 Enter the Option 43 data into the Data Entry field The format for DHCP option 43 values are defined by RFC 2132 To enter an IP ad...

Page 74: ... field on the Windows DHCP server 4 Click OK The following figure shows a scope with Option 43 configured Authenticating and Validating Access Points For a D Link Unified Switch to manage an AP you must add the MAC address of the AP to the local or external RADIUS database When the switch discovers an AP that is not managed Scope with Configured Option 43 Information ...

Page 75: ... of the access point configuration information such as the radio security and SSID settings You can configure all of the AP settings before the switch validates an AP For information about configuring the default AP profile see Chapter 5 Configuring Access Point Settings on page 83 Configuring AP Authentication Unless access to the wired network is secured with IEEE 802 1X authentication or anothe...

Page 76: ...pt enable Password switch prompt config switch prompt Config wireless switch prompt Config wireless ap authentication Using the Local Database for AP Validation To use the local Valid AP database set the AP MAC Validation to local add APs to the database and configure the settings for the APs in the database All of the configuration takes place on the switch To set up the local database for AP MAC...

Page 77: ...r so you can provide configuration information about the AP including a passphrase for AP authentication 5 If you selected the AP Authentication check box on the Wireless Global Configuration page select the Apply check box and enter an authentication password for the AP The password must match the pass phrase that you configured on the AP The length of the password can be 8 63 alphanumeric charac...

Page 78: ...ver From the switch set the AP Validation to RADIUS and configure information about the RADIUS server such as its IP address From the RADIUS server configure information about the Valid APs including the pass phrase for AP authentication For information about the parameters to configure on the RADIUS server see Appendix B Configuring the External RADIUS Server on page 205 When you enable RADIUS as...

Page 79: ... Enter the Wireless Config mode switch prompt enable Password switch prompt config switch prompt Config wireless 2 Set the RADIUS server as the validation method switch prompt Config wireless ap validation radius 3 Exit to Global Config Mode and configure the RADIUS settings In the following command example the RADIUS server IP address is 192 168 2 2 switch prompt Config wireless exit switch promp...

Page 80: ...ccess page To add an AP from the Authentication Failed Access Points page or the Rogue RF Scan Access page to the local Valid AP database use the following procedures 1 Access either the Authentication Failed Access Points page or the Rogue RF Scan Access page from the by clicking Monitoring Access Point folder 2 Select the check box associated with the AP and click Manage NOTE You cannot add an A...

Page 81: ...by one after you submit a configured AP entry To view the list of failed APs by using the CLI use the show wireless ap failure status command in Privileged EXEC mode To view the list of APs detected through the RF scan use the show wireless ap rfscan status command To add a failed or rogue AP to the local Valid AP database use the procedures described in Using the Local Database for AP Validation ...

Page 82: ...82 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 83: ... by using the CLI see the D Link CLI Command Reference NOTE Changing some access point settings might cause the AP to stop and restart system processes If this happens wireless clients will temporarily lose connectivity We recommend that you change access point settings when WLAN traffic is low AP Profiles Networks and the Local Database This section provides an overview of the access point profil...

Page 84: ...rofiles that you create For information about how to create a new profile and assign it to an AP see Creating Configuring and Managing AP Profiles on page 155 Networks In general a wireless client connects to an access point by choosing a network identified by the SSID from a list of available wireless networks You configure these wireless networks including their associated SSID on the D Link Uni...

Page 85: ... client to AP authentication and accounting Management of AP to Switch authentication and accounting Database for AP settings The information in this section applies to the client to AP authentication and accounting management For information about AP to switch management see Using the RADIUS Database for AP Validation on page 78 For information about how to set AP database settings in the RADIUS ...

Page 86: ...to the AP and all other wireless clients are denied If you select Deny as the default action the wireless clients with the MAC addresses that you add to the Deny MAC list cannot associate with the AP NOTE The MAC list label updates depending on the default action you select Figure 37 MAC Access Control To add a wireless client to the MAC Authentication list enter the MAC address of the client in t...

Page 87: ... the default radio settings from the Administration Basic Setup Radio tab which Figure 38 shows Table 8 MAC Authentication Field Description Default Action The default action is the action that is taken for unknown MAC addresses of wireless clients that attempt to associate with an access point Allow Only the clients you explicitly add to this list are allowed access to APs that use MAC Authentica...

Page 88: ...whether you want the radio on or off by clicking On or Off If you turn off a radio the AP sends disassociation frames to all the wireless clients it is currently supporting so that the radio can be gracefully shutdown and the clients can start the association process with other available APs Super A Super G Super A and Super G attempt to increases performance through bursting and frame compression...

Page 89: ...ss devices within range and then report this information to the Unified Switch If you select the Scan Other Channels check box the radio periodically moves away from the operational channel to scan other channels Enabling this mode causes the radio to interrupt user traffic which may be noticeable with voice connections Changing the channels also causes the radio to lose auto calibration settings ...

Page 90: ...al Layer PHY standard the radio uses The DWL 3500AP and Radio 1 on the DWL 8500AP use the IEEE 802 11g mode PHY standard This mode is a higher speed extension up to 54 Mbps to the 802 11b PHY while operating in the 2 4 GHz band It uses orthogonal frequency division multiplexing OFDM It supports data rates ranging from 1 to 54 Mbps IEEE 802 11b clients can use the 802 11g mode Radio 2 on the DWL 85...

Page 91: ...nd select Fixed or Interval for the Channel Plan mode You can also run the automatic channel selection algorithm manually from the Manual Channel Plan page NOTE If you assign a static channel to an AP in the Valid AP database or on the Advanced AP Management page the AP will not participate in the auto channel selection Limit Channels If the radio is operating in 802 11a mode you can select the Li...

Page 92: ...ve traffic Primary Use the primary antenna to send and receive traffic Secondary Use the secondary antenna to send and receive traffic Table 10 Advanced Radio Configuration Field Description RF Scan Duration This field controls the amount of time the radio spends scanning the other channel in milliseconds during an RF scan Transmit Lifetime Shows the number of milliseconds to wait before terminati...

Page 93: ...irectly to a MAC address A network is a logical entity that you apply to a VAP Networks are identified by a network number and an associated SSID The SSID does not need to be unique for each network You can create and modify a network in one place and apply the network to one or more VAP as needed This allows you to mix networks within different profiles without having to reconfigure everything Wh...

Page 94: ... NOTE You cannot disable the default VAP VAP0 Network The drop down menu lists the available networks that you can assign to the VAP You can configure up to 64 separate networks on the switch and apply them across multiple radio and VAP interfaces By default eight networks are pre configured and applied in order to the VAPs on each radio To configure additional networks click Advanced Configuratio...

Page 95: ...ctions on the characters that may be used in an SSID Hide SSID You can hide the SSID broadcast to discourage stations from automatically discovering your access point When the broadcast SSID of the AP is hidden the network name is not displayed in the list of available networks on a client station Instead the client must have the exact network name configured in the supplicant before it is able to...

Page 96: ...hese access points are attached to different IP subnets NOTE When L3 tunneling is enabled the VLAN ID is not used In fact the switch puts the management VLAN ID if any on the tunneled packets NOTE If the wireless network topology changes for example a DWS 3000 switch reboots while the L3 tunneling feature is in use you should perform an ARP refresh on wired clients to speed up the process of re es...

Page 97: ...authenticate wireless clients you can use the same RADIUS server that you configure on the AAA RADIUS tab for the profile or you can specify a different RADIUS server To specify a RADIUS server for this VAP clear the Use Profile check box and enter the IP address of the RADIUS server in the field RADIUS Secret To enter a RADIUS secret select the Edit check box and type the secret in the field RADI...

Page 98: ...n example of an AP Profile with five VAPs enabled Each VAP uses a different network Figure 41 AP Profile With Five VAPs Enabled Figure 42 shows what a user on a Microsoft Windows XP client sees when the user searches for wireless networks within range Figure 42 Networks Available to the Wireless Client Although the wireless client finds five different wireless networks these networks are all on th...

Page 99: ... VAPs on one radio it does not affect the VAPs on the second radio Configuring a VAP for L3 Tunnels This section provides an overview of the L3 Tunneling feature For a detailed configuration example of a network that uses L3 roaming see Appendix C L3 Roaming Example on page 213 The L3 Tunnel feature allows mobile stations to maintain their IP connections while roaming from one access point to anot...

Page 100: ... to be on the same subnet even though the APs are on different subnets In the sample network that Figure 43 shows the laptop users are connected to different WLAN networks on two different APs The Internet phone users are connected to the same WLAN network on two different APs On the VoIP Network the phone users can seemlessly roam between AP1 and AP2 without service interruption or the need to re...

Page 101: ...ode no further options are configurable on the AP This mode means that any data transferred between the D Link Access Point and the associated wireless clients is not encrypted and any wireless client can associate with the AP This security mode can be useful during initial network configuration or for problem solving but it is not recommended for regular use on the internal network because it is ...

Page 102: ...e no more fields to configure The AP uses the global RADIUS server IP address and secret or the RADIUS server settings you specify for the VAP The AP acts as the RADIUS client and must be configured as a client in the RADIUS server For information about how to configure the global RADIUS server settings on the Unified Switch see Configuring AAA and RADIUS Settings on page 85 Authentication Choose ...

Page 103: ...s between the access point and its client stations Using WPA WPA2 Personal or Enterprise WPA and WPA2 are Wi Fi Alliance IEEE 802 11i standards which include AES CCMP and TKIP mechanisms The WPA WPA2 Personal employs a pre shared key to perform an initial check of credentials The WAP WPA2 Enterprise uses a RADIUS server to authenticate users WEP Key Length Specify the length of the key by clicking...

Page 104: ...he AP uses the global RADIUS server IP address and secret or the RADIUS server settings you specify for the VAP The AP acts as the RADIUS client and must be configured as a client in the RADIUS server For information about how to configure the global RADIUS server settings on the Unified Switch see Configuring AAA and RADIUS Settings on page 85 WPA Versions Select the types of client stations you ...

Page 105: ...using WPA2 can use this feature It is not supported by the original WPA Pre Authentication Limit Enter the number of pre authentications that can be in progress simultaneously on an AP The limit prevents too much load on the RADIUS server This does not prevent the pre authentication from being attempted again when the load is lighter A value of 0 represents no limit NOTE This field is only availab...

Page 106: ...of the AP to access its configuration page If you use the local database for AP validation the switch maintains the database of access points that you validate When you add the MAC address of an AP to the database you can specify whether the AP is a Managed AP Standalone AP or Acknowledged Rogue and assign Table 15 Valid Access Point Summary Field Description MAC Address Enter the MAC address of t...

Page 107: ...Administrator Web User Interface UI or CLI WS Managed The AP is part of the D Link Unified Access System and you manage it by using the D Link Unified Switch If an AP is in Managed Mode the Administrator Web UI on the AP are disabled Acknowledged Rogue The AP has been discovered by the switch and acknowledge as a Rogue This AP is not a D Link Access Point You can add an Acknowledged Rogue to the V...

Page 108: ...s the best channel whenever its radio or radios restart If you specify a channel make sure that the channel does not interfere with the channel that neighbor APs use NOTE The channel you set for an AP in the valid AP database is fixed and takes precedence over initial channel selection done by the AP and any automatic channel planning done by the switch NOTE For radios that use 802 11a mode some c...

Page 109: ...Point Management For information about the commands you use to manage and maintain the APs by using the CLI see the D Link CLI Command Reference Resetting the Access Points You can manually reset one or all APs from the D Link Unified Switch When you issue the command to reset an AP the AP closes the SSL connection to the switch before resetting the hardware To reset one or more APs click AP Manag...

Page 110: ... interference on network performance can intensify during busy times when a large amount of data and media traffic is competing for bandwidth For the b g radio band the classical set of non interfering channels is 1 6 11 Channels 1 4 8 11 produce minimal overlap A similar set of non interfering channels is used for the a radio band which includes all channels for that mode since they are not overl...

Page 111: ...f the power level is too high the RF signal might interfere with other APs within range or broadcast the signal beyond the desired physical boundaries which can create a security risk Automatic power uses a proprietary algorithm to automatically adjust the RF signal to broadcast far enough to reach wireless clients but not so far that it interferes with RF signals broadcast by other APs To configu...

Page 112: ...nnel Plan History Depth The channel plan history lists the channels the switch assigns each of the APs it manages after a channel plan is applied Entries are added to the history regardless of interval time or channel plan mode The number you specify in this field controls the number of iterations of the channel assignment NOTE The APs changed in previous iterations cannot be assigned new channels...

Page 113: ...justment algorithm You can configure the power as a percentage of maximum power where the maximum power is the minimum of power level allowed for the channel by the regulatory domain or the hardware capability Manual In this mode you run the proposed power adjustments manually from the Manual Power Adjustments page Interval In this mode the switch periodically calculates the power adjustments and ...

Page 114: ...switch is using the automatic channel adjustment algorithm on the D Link Access Point radios Last Iteration The number in this field indicates the last iteration of channel plan adjustments The APs that received a channel adjustment in previous iterations cannot be assigned new channels in the next iteration to prevent the same APs from being changed time after time On the AP Management RF Managem...

Page 115: ...ent channel shows the current operating channel and the new channel shows the proposed channel To apply the new channels click Apply If no APs appear after the algorithm is complete the algorithm does not recommend any channel changes It is possible for the network configuration to change between the time the automatic channel selection runs and the time you attempt to apply the proposed channel a...

Page 116: ...d Apply In Progress The switch is adjusting the power levels that the APs use Apply Complete The algorithm and power adjustment are complete Upgrading the Access Point Software The D Link Unified Switch can upgrade software on the APs that it manages To upgrade one or more D Link Access Point from the switch that manages it click the WLAN AP Management Software Downloads tab Figure 54 AP Upgrade N...

Page 117: ... Status File Name Enter the name of the upgrade file You may enter up to 32 characters and the file extension tar must be included Group Size When you upgrade multiple APs each AP contacts the TFTP server to download the upgrade file To prevent the TFTP server from being overloaded you can limit the number of APs to be upgraded at a time In the Group Size field enter the number of APs that can be ...

Page 118: ...d A request to download AP software has been made but the switch has not done any downloads In Progress The AP is currently attempting to download software from the server Success Download completed successfully on all APs An AP reports a successful download to the switch after the software transfers from the TFTP server to the AP and the code checksum is good The code must also match the intended...

Page 119: ...ot Table 21 Advanced AP Management Field Description Debug To help you troubleshoot you can enable Telnet access to the AP so that you can debug the device from the CLI The Debug field shows the debug status and can be one of the following Disabled Set Requested Set in Progress Enabled To change the status click the Debug status link The Managed AP Debug page appears Table 22 describes the fields ...

Page 120: ... been enabled or disabled Password Enter the admin password for the AP the default is admin Confirm Password Since the password is encrypted you must retype the password to confirm the password Enable Debug Select or clear the Enable check box to enable or disable debugging Once once you Telnet to the AP you get an AP interface login prompt The user name is admin Enter the password you set in the ...

Page 121: ...e channel if radar is detected on the statically assigned channel Interference can occur when multiple access points within range of each other are broadcasting on the same or overlapping channels The impact of this interference on network performance can intensify during busy times when a large amount of data and media traffic is competing for bandwidth If you select auto the AP scans the RF area...

Page 122: ...122 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 123: ...ts Monitoring Associated Client Information Viewing Client Authentication Failure Status Monitoring and Managing Ad Hoc Clients For information about the commands you use to view WLAN status and statistics by using the CLI see the D Link CLI Command Reference Monitoring Wireless Global Information The D Link Unified Switch periodically collects information from the D Link Access Points it manages ...

Page 124: ... WLAN Switch The WLAN Switch may be configured as enabled but is operationally disabled due to configuration dependencies If the operational status is disabled the reason will be displayed in the following status field The WLAN Switch is composed of multiple components and each component in the system must acknowledge an enable or disable of the WLAN Switch During a transition the operational stat...

Page 125: ...etect access points that have not been validated It reports these APs as rogues Authentication Failed Access Points Number of access points that failed to authenticate with the Unified Switch Total Clients Total number of clients in the database This total includes clients with an Associated Authenticated or Disassociated status Authenticated Clients Total number of clients in the client database ...

Page 126: ...ailed The switch contacted the peer switch or AP with IP address in the L3 IP Discovery list and was unable to authenticate or validate the device If the device is an access point an entry appears in the AP failure list with a failure reason For information about adding IP addresses to the IP Discovery list see Configuring IP Addresses of Peers and APs in the Switch on page 69 Monitoring Peer Swit...

Page 127: ...oring Access Points All Access Points page shows summary information about managed failed and rogue access points the switch has discovered or detected Figure 60 All Access Points Table 25 Peer Switch Status Field Description IP Address IP address of the peer Unified Switch managed in the peer group Vendor ID Vendor of the peer switch software Software Version The software version for the given pe...

Page 128: ...lect the check box next to the MAC address of the AP and click Acknowledge The switch adds the AP to the Valid AP database as an Acknowledged Rogue To identify an AP as a rogue again select the check box next to the MAC address of the acknowledged AP and click UnAcknowledge The switch deletes the AP from the Valid AP database To view additional information about the detected AP click the MAC addre...

Page 129: ...ll temporarily show a failed status during a reset Rogue The AP has not attempted to contact the switch and the MAC address of the AP is not in the Valid AP database Acknowledged Rogue The AP has been acknowledged as a known rogue and its MAC address of the AP is in the Valid AP database Profile The AP profile configuration currently applied to the managed AP The profile is assigned to the AP in t...

Page 130: ...on collected from the AP Radio Summary Shows the channel transmit power and number of associated wireless clients for all managed APs Radio Detail From the Radio Summary page click the MAC address of the AP to view detailed status for a radio interface Use the radio button to navigate between the two radio interfaces Neighbor APs Shows the neighbor APs that the specified AP has discovered through ...

Page 131: ... status indicates if the AP is configured successfully with the assigned profile The status is one of the following Not Configured The profile has not been sent to the AP yet the AP may be discovered but not yet authenticated In Progress The switch is currently sending the AP profile configuration packet to the AP Success The entire profile has been sent to the AP and there were no configuration e...

Page 132: ...Once an AP is discovered and managed by the Unified Switch if the profile is changed in the valid AP database either locally or on the RADIUS server the AP must be reset to configure with the new profile Status The current managed state of the AP The possible values are Discovered The AP is discovered and by the switch but is not yet authenticated Authenticated The AP has been validated and authen...

Page 133: ...ng discovery Last Failing Configuration Element If the configuration status indicates a partial success or complete failure this field indicates the last element that failed during configuration This field is only visible if there is a failed element Configuration Failure Error Message If the configuration status indicates a partial success or complete failure this field contains an ASCII string f...

Page 134: ...thenticated Clients Total number of clients currently associated to the AP that have been authenticated This is the sum of all authenticated clients for all the VAPs enabled on the radio Table 30 Managed AP Radio Detail Field Description MAC Address Location Drop down Menu Shows the MAC address and location of the AP to which the values on the page apply To view details about a different AP select...

Page 135: ...he current state of a manual request to change the channel on this radio The valid values are Not Started No request has been made to change the channel Requested A channel change has been requested by the user but has not been processed by the switch In Progress The switch is processing a channel change request for this radio Success A channel change request is complete Failure A channel change r...

Page 136: ... of the radios to view the neighbor APs detected via an RF scan on that radio Neighbor AP MAC The Ethernet MAC address of the neighbor AP network this could be a physical radio interface or VAP MAC address For D Link Access Points this is always a VAP MAC address The neighbor AP MAC address may be cross referenced in the RF Scan status SSID Service Set ID of the neighbor AP network RSSI Received s...

Page 137: ... station RSSI Received signal strength indication this is an indicator of the signal strength relative to the neighbor and may give an idea of the neighbor s distance from the managed AP Channel The managed AP channel the client frame was received on which may be different than the operating channel for this radio Discovery Reason Indicates one or more discovery methods for the neighbor client One...

Page 138: ...Status Field Description MAC Address Location Drop down Menu Shows the MAC address and location of the AP to which the values on the page apply To view details about a different AP select its MAC address from the drop down menu Radio ex 1 802 11g Indicates a radio interface and its configured mode Select one of the radios to view VAP status for that radio VAP ID The integer ID used to identify the...

Page 139: ...ibes the fields you see on the Ethernet Summary page for the managed access point statistics Viewing Detailed Managed Access Point Statistics The detailed AP statistics show information about the packets and bytes transmitted and received on the wired and wireless interface of a particular access point managed by the switch Table 34 Managed Access Point WLAN Summary Statistics Field Description MA...

Page 140: ...ed Total bytes received by the AP on the wired network Ethernet Packets Transmitted Total packets transmitted by the AP on the wired network Ethernet Bytes Transmitted Total bytes transmitted by the AP on the wired network Multicast Packets Received Total multicast packets received by the AP on the wired network Total Receive Errors Total receive errors detected by the AP on the wired network Tota...

Page 141: ...ount Count of CTS frames not received in response to an RTS frame ACK Failure Count Count of ACK frames not received when expected FCS Error Count Count of FCS errors detected in a received MPDU frame Frames Transmitted Count of each successfully transmitted MSDU WEP Undecryptable Count Count of encrypted frames received and the key configuration of the transmitter indicates that the frame should ...

Page 142: ...e following reasons No Database Entry The MAC address of the AP is not in the local Valid AP database or the external RADIUS server database so the AP has not been validated Authentication The authentication password configured in the AP did not match the password configured in the local database or RADIUS database To delete the entries for all APs from the failure list click Delete All To configu...

Page 143: ...all available channels on each radio When the scan is complete the AP sends information it collected during the RF scan to the switch that manages it For information about how to configure the scan mode see Configuring Wireless Radio Settings on page 87 The D Link Unified Switch considers an access point to be a Rogue if is detected during the RF scan process and the MAC address of the detected AP...

Page 144: ...formation see Appendix B Configuring the External RADIUS Server on page 205 Figure 64 RF Scan To identify an AP as an acknowledge rogue select the check box next to the MAC address of the AP and click Acknowledge The switch adds the AP to the Valid AP database as an Acknowledged Rogue To identify an AP as a rogue again select the check box next to the MAC address of the acknowledged AP and click U...

Page 145: ...cates the 802 11 mode being used on the AP Channel Transmit channel of the AP Status Indicates the managed status of the AP whether this is a valid AP known to the switch or a Rogue on the network The valid values are WS Managed The neighbor AP is managed by this switch the neighbor AP status can be referenced using its base MAC address Peer WS Managed The neighbor AP is managed by another switch ...

Page 146: ...and receives during association with a single managed AP Session Detail Shows additional information about packets the associated client transmits and receives during a session which can include statistics for one or more managed AP associations if the client has roamed Since the associated client database supports roaming across APs an entry is not removed when a client disassociates from a speci...

Page 147: ...s from the drop down menu SSID Indicates the network on which the client is connected AP MAC Address MAC address of the AP to which this client is associated BSSID Indicates the Ethernet MAC address for the managed AP VAP where this client is associated Location Location of the AP to which this client is associated Status Indicates whether or not the client has associated and or authenticated The ...

Page 148: ... Captive Portal Client Connection Status page Table 43 Associated Client Neighbor AP Status Field Description MAC Address Drop down Menu Shows the MAC address of the client to which the values on the page apply To view details about a different associated client select its MAC address from the drop down menu AP MAC Address The base Ethernet address of the Unified Switch managed AP Location The con...

Page 149: ...AP as well as throughout the roaming session Table 44 Associated Client SSID Status Field Description SSID Indicates the network on which the client is connected MAC Address The Ethernet address of client station Channel Indicates the operating channel for the client association Status Indicates whether or not the client has associated and or authenticated The valid values are Associated The clien...

Page 150: ...es received from the client station Packets Transmitted Packets transmitted to the client station Bytes Transmitted Bytes transmitted to the client station Table 47 Associated Client Summary Statistics Field Description MAC Address The Ethernet address of client station Packets Received Packets received from the client station Bytes Received Total bytes received from the client station Packets Tra...

Page 151: ...ient station failed after one or more retries Duplicates Received Total duplicate packets received from the client station Table 49 Associated Client Session Detail Statistics Field Description MAC Address Drop down Menu Shows the MAC address of the client to which the values on the page apply To view details about a different associated client select its MAC address from the drop down menu Packet...

Page 152: ...r MAC authentication in one or more AP profiles you must add the MAC Address to the RADIUS database Table 50 shows the fields on the summary page for failed client status Click the MAC address of the failed client to view additional information about a client NOTE If a wrong password is entered on a client for WEP this page may not list that authentication failed client This issue actually arises ...

Page 153: ...d can present a security risk Status entries for ad hoc clients are collected at a point in time and eventually age out The age value for each entry shows how long ago the switch recorded the entry You can configure the age out time for status entries on the Administration Advanced Configuration Global page You can also manually delete status entries From the Monitoring Client Ad Hoc Clients page ...

Page 154: ... the list or to allow access to all MAC addresses on the list To se the mode for the default AP Profile click the Administration Basic Setup AAA RADIUS tab Set the MAC Authentication Default Action field to Allow or Deny all MAC Addresses in the list To set the mode for a different AP profile go to the Global tab on the AP Profile to configure The switch does not remove MAC entries from this list ...

Page 155: ...ith APs that serve a variety of different users You can create multiple AP profiles on the D Link Unified Switch to customize APs based on location function or other criteria Profiles are like templates and once you create an AP profile you can apply that profile to any AP that the Unified Switch manages For each AP profile you can configure the following features Global RADIUS settings MAC authen...

Page 156: ...tional networks and no security Building 2 is the engineering building The Building 2 APs use a profile called Engineering The Engineering profile has three different VAPs that each have a unique SSID Hardware Software and Test Building 3 is the Sales and Marketing building The Building 3 AP uses a profile called Marketing The Marketing AP Profile has three VAPs The SSIDs for the VAPs are Sales Ma...

Page 157: ...k Add Figure 69 Adding a Profile After you add the profile the Global Configuration page for the profile appears and a new tab with the name of the profile appears a the top of the page Click the Radio VAP or QoS tabs to configure additional features for the profile Figure 70 shows the layout for AP Profile configuration Figure 70 Configuring an AP Profile To copy an existing profile and all of it...

Page 158: ...on page 87 For more information about the fields on the Network page see Configuring SSID Settings on page 92 For more information about the fields on the QoS page see Configuring QoS on page 163 Applying an AP Profile After you update an AP Profile on the Unified Switch the changes are not applied to the access points that use that profile until you explicitly apply the profile on the Access Poin...

Page 159: ...t was applied to one or more associated APs the profile must be re applied for the changes to take effect Apply Requested After you select a profile and click Apply the screen refreshes and shows that an apply has been requested Apply In Progress The profile is being applied to all APs that use this profile During this process the APs reset and all wireless clients are disassociated from the AP Co...

Page 160: ...in the RF Scan Status list Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted Tunnel IP MTU Size Sets the maximum size of the IP packet handled by the network The MTU is enforced only on tunneled VAPs Select one of the following values 1500 Maps the tunneled IP frame size to 1518 bytes untagged and 1522 bytes tagged...

Page 161: ...default Table 54 SNMP Traps Field Description AP Failure Traps If you enable this field the SNMP agent sends a trap if an AP fails to associate or authenticate with the switch AP State Change Traps If you enable this field the SNMP agent sends a trap for one of the following reasons Managed AP Discovered Managed AP Failed Managed AP Unknown Protocol Discovered Managed AP Load Balancing Utilization...

Page 162: ...you enable this field the SNMP agent sends a trap when the switch discovers a rogue AP Wireless Status Traps If you enable this field the SNMP agent sends a trap if the operational status of the D Link Unified Switch changes or of any of the following databases or lists has reached the maximum number of entries Managed AP database AP Neighbor List Client Neighbor List AP Authentication Failure Lis...

Page 163: ...y of Service on page 227 Figure 74 QoS Configuration Configuring QoS on the D Link Unified Access System consists of setting parameters on existing queues for different types of wireless traffic and effectively specifying minimum and maximum wait times through Contention Windows for transmission The settings described here apply to data transmission behavior on the access point only not to that of...

Page 164: ...tial random backoff wait time window for retry of a transmission The value specified here in the Minimum Contention Window is the upper limit in milliseconds of a range from which the initial random backoff wait time is determined The first random number generated will be a number between 0 and the number specified here If the first random backoff wait time expires before the data frame is sent a ...

Page 165: ...ontrol of station EDCA parameters on upstream traffic flowing from the station to the access point With WMM disabled you can still set some parameters on the downstream traffic flowing from the access point to the client station AP EDCA parameters To disable WMM extensions click Disabled To enable WMM extensions click Enabled Queue Queues are defined for different types of data transmitted from st...

Page 166: ... Contention Window The value specified in the Maximum Contention Window is the upper limit in milliseconds for the doubling of the random backoff value This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached Once the Maximum Contention Window size is reached retries will continue until a maximum number of retries allowed is reached Valid values ...

Page 167: ...ve Portal Users Associating Interfaces with the Captive Portal Viewing the Captive Portal Global Status Viewing the Client Summary SNMP Trap Configuration For information about the commands you use to manage and maintain the APs by using the CLI see the D Link CLI Command Reference Configuring Global Captive Portal Settings From the CP Global Configuration page you can control the administrative s...

Page 168: ...onfiguration Field Description Enable Captive Portal Select the check box to enable the CP feature on the switch Clear the check box to disable the captive portal feature CP Global Operational Status Shows whether the CP feature is enabled CP Global Disable Reason If CP is disabled this field displays the reason which can be one of the following None Administratively Disabled No IPv4 Address Routi...

Page 169: ...scribes the fields on the CP Summary page Table 57 Captive Portal Summary Field Description Configuration Shows the captive portal ID and name To access the configuration page for an exiting CP click the configuration name Mode Shows whether the CP is enabled Protocol Indicates whether the portal uses HTTP or HTTPS Verification Specifies which type of user verification to perform Guest The user do...

Page 170: ...rtal Settings By default the D Link Unified Switch has one captive portal You can change the settings for that captive portal and you can also create and configure up to nine additional portals After you create a captive portal from the CP Summary page you can change its settings Figure 77 Captive Portal Configuration ...

Page 171: ...uest The user does not need to be authenticated by a database Local The switch uses a local database to authenticated users RADIUS The switch uses a database on a remote RADIUS server to authenticate users URL Redirect Mode Select the check box to specify that the CP should redirect the newly authenticated client to the configured URL If the check box is clear the user sees the locale specific wel...

Page 172: ...p If the Verification Mode is Local assign an existing User Group to the captive portal or create a new group All users who belong to the group are permitted to access the network through this portal The User Group list is the same for all CP configurations on the switch The User Group field also allows you to add delete or rename user groups for all captive portals To assign an existing user grou...

Page 173: ... a time Click Delete All to remove all configured users from the local database Table 59 Local User Summary Field Description User Identifies the name of the user Group Identifies the group to which the user belongs Each captive portal has a user group assigned to it Only users in the group can access the captive portal Each user can be in one or more groups Session Timeout Shows the number of sec...

Page 174: ... RADIUS attributes and vendor specific attributes VSA VSAs are denoted in the Attribute column and are comma delimited vendor id attribute id Table 60 Local User Configuration Field Description User Name Enter the name of the user Password Enter a password for the user The password length can be from 8 to 64 characters User Group Assign the user to at least one User Group To assign a user to more ...

Page 175: ...ace Association Figure 80 Global Captive Portal Configuration Table 62 describes the fields on the Interface Association page Table 61 Captive Portal User RADIUS Attributes Attribute Number Description Range Usage Default User Name 1 User name to be autho rized 1 32 characters Required None User Password 2 User password 8 64 characters Required None Session Timeout 27 Logout once session tim eout ...

Page 176: ...e portal 1 Select the desired captive portal from the CP Configuration list 2 In the Associated Interfaces field select the interface or interfaces to remove To select more than one interface hold the Ctrl key and click multiple interfaces 3 Click Delete The interface is removed from the Associated Interface list and appears in the Interface List Table 62 Global Captive Portal Configuration Field ...

Page 177: ...us Shows whether the CP feature is enabled CP Global Disable Reason Indicates the reason for the CP to be disabled which can be one of the following None Administratively Disabled No IPv4 Address Routing Enabled But no IPv4 routing interface CP IP Address Shows the captive portal IP address Authenticated Users Shows the number of users currently authenticated to all captive portal instances on thi...

Page 178: ...al the activation and activity status for that portal displays Table 64 describes the information that displays for each portal Table 64 CP Activation and Activity Status Field Description Operational Status Indicates whether the captive portal is enabled or disabled Disable Reason If the captive portal is disabled then this field indicates the reason The portal instance may be disabled for the fo...

Page 179: ... to view information Figure 83 Interface Activation Status Table 65 describes the fields on the Interface Activation Status page Blocked Status Indicates whether authentication attempts to the captive portal are currently blocked Use the Block and Unblock buttons to control the blocked status If the CP is blocked users cannot gain access to the network through the CP Use this function to temporari...

Page 180: ...e specified interface Disable Reason If the selected CP is disabled on this interface this field indicates the reason which can be one of the following Interface Not Attached Disabled by Administrator Blocked Status Indicates whether the captive portal is temporarily blocked for authentications Authenticated Users Displays the number of authenticated users using the captive portal instance on this...

Page 181: ...cribes the fields on the Interface Capability Status page Table 66 Interface and Capability Status Parameter Description Session Timeout Shows whether the interface supports client session timeout This attribute is supported on all interfaces Bytes Received Counter Shows whether the interface supports displaying the number of bytes received from each client Bytes Transmitted Counter Shows whether ...

Page 182: ...ection Status Figure 85 Client Summary Table 68 describes the fields on the Client Summary page To force the captive portal to disconnect an authenticated client select the check box next to the client MAC address and click Delete To disconnect all clients from all captive portals click Delete All Click the MAC address of a client to view additional status information Table 67 Client Summary Field...

Page 183: ...e Client Detail page Table 68 Client Detail Field Description User Name Displays the user name or Guest ID of the connected client CP Configuration Identifies the CP configuration the wireless client is using Protocol Shows the current connection protocol which is either HTTP or HTTPS Client IP Address Identifies the IP address of the wireless client if applicable Session Time Shows the amount of ...

Page 184: ...ect it from the list Table 69 describes the fields on the Client Statistics page Viewing the Client Interface Association Status Use the Interface Client Status page to view clients that are authenticated to a specific interface Figure 88 Interface Client Status Table 69 Client Interface Association Connection Statistics Field Description Bytes Transmitted Total bytes the client has transmitted By...

Page 185: ...tion Status page Table 70 Interface Client Status Field Description Client MAC Address Identifies the MAC address of the wireless client Client IP Address Identifies the IP address of the wireless client CP Configuration Identifies the captive portal the client used to access the network Protocol Shows the current connection protocol which is either HTTP or HTTPS Verification Shows the current acc...

Page 186: ...ng captive portal trap modes Select Enable to allow the SNMP agent on the switch to generate captive portal SNMP traps that are enabled Select Disable to prevent the SNMP agent on the switch from generating any captive portal SNMP traps even if they are individually enabled Client Authentication Failure Traps If you enable this field the SNMP agent sends a trap when a client attempts to authentica...

Page 187: ...oad one or more custom images to create a background for the graph Then you place the WLAN components discovered by the switch on the graph to help provide a realistic representation of your wireless network From each object on the WLAN Visualization graph you can access information about the object and links to configuration pages on the Web interface This chapter contains the following sections ...

Page 188: ...image You can upload one or more images such as your office floor plan to provide a site context and site related information Images that you upload should be in one of the following two file formats GIF Graphics Interchange Format JPG Joint Photographic Experts Group Additionally we recommend that you do not use color images since the WLAN components might not show up as well To load an image ont...

Page 189: ...no background image and all discovered WLAN components are ungraphed The screen is split into two panes The left pane has 3 container views that are used to hold un graphed components The right pane is an area where graph definitions are shown This graph pane is initially blank and must be defined before WLAN components can be placed Creating a New Graph To create a new graph and load the backgrou...

Page 190: ...ngth you enter determines the scale of the background image in relation to the network components The scale of the background image affects the way the WLAN Visualization tool presents the radio frequency RF coverage of the access points so it is important to be as accurate as possible when you specify the length For example in the following graphs the background image is the same and the APs are ...

Page 191: ...izing the Wireless Network with a graph definition length of 800 feet 4 Click Save to complete the graph setup The background you uploaded to the switch appears in the background of the graph Graph Definition Graph Definition Length 800 Length 200 ...

Page 192: ...nents that the switch has discovered The panel lists the following component types Switches Unified Switch and peer Unified Switches Managed Access Points RF Scan Access Points These components appear in the panel on the left until you drag them onto the graph From the View menu you can choose to view the components in a list view which shows all three types of components in the left panel or in a...

Page 193: ...hed If you mouse over an ungraphed component a tool tip appears to provide additional information about the ungraphed component as shown in Figure 94l Figure 94 Component Tool Tip To graph a component that is listed in the panel click the component and drag it to the location in the graph that represents the physical location of the component in the building Once you move a switch or access point ...

Page 194: ...ons The following table provides an overview of the menu items available in the WLAN Visualization tool Table 73 WLAN Visualization Menu Bar Options Menu Item Description File Force Refresh Resynchronizes the Java client application If you edit the graph you can force a refresh to manually update the view Reconnect and Refresh Disconnects the client application from the switch and re connects it E...

Page 195: ...w 802 11 b g Shows the transmit power for all managed APs that have a radio operating in 802 11 b g mode The size of the power range image is based on the transmit power for the radio which can be low medium or high The size of the power range image also depends on the actual scale factor of the current background image If the AP has two radios that are configured in the same mode two power range ...

Page 196: ... Scan APs Controls whether to display the APs detected through the RF scan Clearing the check box hides but does not un graph the objects Show Managed AP Clients Controls whether to display wireless clients associated with man aged APs Clearing the check box hides but does not un graph the objects Legend Images Shows the icons associated with each WLAN component on the graph Channel Color Maps the...

Page 197: ...g in managed mode Red The switch has lost contact with the AP the AP is being reset or the AP has experienced an authentication failure When a radio is operating in Sentry Mode the antenna on the AP icon is replaced by the letter S as Figure 97 shows Figure 97 Sentry Mode Detailed View For radios in sentry mode the AP power display image around the AP is gray The Channel Color legend maps the colo...

Page 198: ...dio is using you can mouse over the managed AP to activate the tool tip The tool tip displays general information about the AP including the channel that each radio uses Figure 99 Tool Tip for Radio Managed AP Information You can also right click the object to access a variety of information which the next section describes ...

Page 199: ...ut it un graph it or link to a page on the Web UI to manage or monitor the component Figure 100 Wireless Component Attributes Table 74 lists the attribute and link information available from each component Table 74 Component Information Component Attributes Links Commands Switch IP Address Basic Setup RF Management Global Status Statistics Peer Switch IP Address Peer Switch Status ...

Page 200: ...n AP Profile Configuration Valid AP Configuration Management Radio Software Download Debug Status and Statistics Managed AP Status Detail Radio Status and Statistics Command AP Reset Other AP MAC Address Status Rogue Standalone Peer Managed or Acknowledged AP RF Channel Status Commands Manage Acknowledge Wireless Client MAC Address Radio 1 or 2 RF Channel Depends on channel plan Associated Client ...

Page 201: ...ter it is discovered and authenticated when the AP uses the default profile Default D Link Unified Switch Settings Table 75 shows the default settings for the D Link Unified Switch Table 75 Switch Defaults Feature Default System Information User Name admin Password None Network Information DHCP Client Disabled Network Configuration Protocol None IP Address 10 90 90 90 Subnet Mask 255 0 0 0 802 1Q ...

Page 202: ...r Switch Group ID 1 L2 VLAN L3 IP Discovery Enabled SNMP Traps Disabled Client Roam Timeout 30 seconds Ad Hoc Client Status 24 hours AP Failure Status 24 hours Client Failure Status 24 hours RF Scan Status 24 hours Table 76 Default AP Settings Feature Default System Information User Name admin Password admin Network Information DHCP Client Enabled Management IP Address 10 90 90 91 If not assigned ...

Page 203: ...bled and no mode is configured Radio 2 IEEE 802 11 Mode 802 11b g RF Scan Other Channels Disabled RF Scan Interval 60 seconds RF Scan Duration 10 milliseconds Super A G Disabled Extended Range Disabled Automatic Channel Enabled Automatic Power Enabled Initial Power 100 Load Balancing Disabled Load Utilization 60 Maximum Clients 256 RTS Threshold 2347 bytes DTIM Period 10 beacons Fragmentation Thre...

Page 204: ...n Disabled RADIUS IP Address Use Profile Global RADIUS Accounting Disabled Other Settings QoS Enabled WMM Enabled Table 78 Default Captive Portal Settings Feature Default Global Configuration Operational Status Enabled Additional HTTP Port None Peer Switch Statistics Reporting Interval 120 seconds Authentication Session Timeout 600 seconds CP Configuration Status Enabled Configuration Name None Pr...

Page 205: ... set to the MAC address Table 79 indicates the attributes to configure in the RADIUS server entry for each AP Add the vendor specific attributes by using the D Link vendor ID 6132 and the identifier D Link Wireless AP where represents the attribute name NOTE This appendix does not describe RADIUS configuration for AP network authentication using 802 1X This feature is separate from a valid AP conf...

Page 206: ...de is WS managed Vendor Specific 26 Switch IP If there is more than one WS using this RADIUS server indicates the IP address of the WS to managed this AP Valid IP Address Optional Vendor Specific 26 Radio 1 Chan Vendor Specific 26 Radio 2 Chan Indicates a fixed channel for the radio Valid channels depend on the regulatory domain country code and the configured mode for that radio in the assigned A...

Page 207: ... 168 30 249 Subnet mask 255 255 255 0 Shared secret wireless DNS name wireless sw1 The following code shows the format of the client entry in the clients conf file client 192 168 30 249 24 secret wireless shortname wireless sw1 Creating and Including an Attribute Dictionary You configure attributes in an attribute dictionary so that you can assign the attributes and values to an access point when ...

Page 208: ... 1 Power 107 integer D Link ATTRIBUTE D Link Wireless AP Radio 2 Power 108 integer D Link VALUE D Link Wireless AP Mode WS Managed 1 VALUE D Link Wireless AP Mode Standalone 2 VALUE D Link Wireless AP Mode Rogue 3 VALUE D Link Wireless AP Radio 1 Chan Auto 0 VALUE D Link Wireless AP Radio 2 Chan Auto 0 VALUE D Link Wireless AP Radio 1 Power Auto 0 VALUE D Link Wireless AP Radio 1 Power Minimum 1 V...

Page 209: ...signments for IP tunneling Table 80 shows the attributes to set for wireless clients within the RADIUS server Configuring RADIUS for Client MAC Authentication You can configure the AP to use RADIUS based MAC authentication to allow or deny specific client stations access to the wireless network Although this method is less secure than 802 1X you can use it for client stations that do not support 8...

Page 210: ...up enables users of Dynamic VLANs to move from one location to another without intervention and without having to make any changes to the switches If you use an external RADIUS server to manage VLANs you configure the server to use Tunnel attributes in Access Accept messages in order to inform the access point about the selected VLAN These attributes are defined in RFC 2868 and their use for dynam...

Page 211: ...addb users file you must restart the RADIUS server daemon to apply the changes Configuring MAC Authentication For each network you can configure whether to use a local or RADIUS database for client MAC authentication To use RADIUS based MAC authentication for wireless clients you add an entry for each client in the etc raddb users file If the default action for MAC Authentication on the switch is ...

Page 212: ...212 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 213: ...le in this appendix describes how to configure a D Link Unified Switch by using an L3 Tunnel for a network that needs L3 roaming capabilities This example contains information about the following features which might be required to use L3 tunneling on your WLAN Configuring the WLAN and Tunnel Interfaces Configuring the L3 Tunnel Network Configuring DHCP Relay and the DHCP Server ...

Page 214: ... Unified Switch and the port the call server uses is assigned to the VLAN ID of the VLAN Routing interface of the tunneled subnet Each switch uses a loopback interface for the WLAN functions and the loopback interface is on a different network than the L3 tunnel subnet Routing is enabled on each switch Network devices have routes to the loopback and L3 tunnel subnets and a host can ping the loopba...

Page 215: ...tch network the Unified Switch that manages the AP to which the client is associated routes the frames into the remote subnets This means that each peer switch must have routing table entries that enable it to route frames to every subnet in the network Using a Loopback Interface for the Wireless Functions By creating a loopback interface you can control which routing interface the wireless functi...

Page 216: ...choose Enable and then click Submit 3 To create a loopback interface click Routing Loopback Configuration 4 From the Loopback drop down menu choose Create and then click Submit 5 Enter an IPv4 address and subnet mask in the appropriate fields and then click Submit Creating the VLAN Routing Interface The D Link Unified Switch and the D Link Access Point support Virtual LANs VLANs to provide the log...

Page 217: ... switch prompt configure switch prompt Config interface 0 4 1 5 Assign an IP address to the interface and enable routing switch prompt Interface 0 4 1 ip address 192 168 60 15 255 255 255 0 switch prompt Interface 0 4 1 routing 6 Add the port to which the call server is attached to VLAN 200 in this example the call server is attached to port 3 switch prompt Config interface 1 0 3 switch prompt Int...

Page 218: ...ting Configuration page create a VLAN routing interface on VLAN 200 3 From the L3 Features IP Interface Configuration page assign an IP address and subnet mask to the interface and make sure routing is enabled 4 From the Monitoring L3 Status VLAN Routing Summary page view the summary information for the VLAN routing interface ...

Page 219: ...configuration mode for network 3 switch prompt configure switch prompt Config wireless switch prompt Config wireless network 3 2 Create the network name SSID switch prompt Config network ssid L3 Tunnel 3 Configure security on the network to control wireless client access For this network the administrator uses WPA Enterprise for the security mode The administrator must also configure the security ...

Page 220: ...tatus is listed as Configured and to confirm that other network settings are correct switch prompt show wireless network 3 Network ID 3 SSID L3 Tunnel Default VLAN 1 Hide SSID Disable Deny Broadcast Disable L3 Tunnel Mode Enable L3 Tunnel Status Configured L3 Tunnel Subnet IP 192 168 60 0 L3 Tunnel Subnet Mask 255 255 255 0 Security Mode WPA Enterprise MAC Authentication Disable RADIUS Use AP Prof...

Page 221: ...tion for example ping l 1542 f 192 168 60 15 From a Unix system use s size to set the packet size and M do to prohibit packet fragmentation for example ping s 1542 M do 192 168 60 15 Table 82 L3 Tunnel Status Values L3 Tunnel Status Description None The status might be None for one of the following reasons The WLAN Operational Status is disabled L3 Tunnel is Disabled The network is not associated ...

Page 222: ...asic Setup SSID tab select the check box next to the SSID to configure and click Edit 2 From Wireless Network Configuration page configure the following settings SSID L3 Tunnel L3 Tunnel check box Selected L3 Tunnel Subnet 192 168 60 0 L3 Tunnel Mask 255 255 255 0 Security WPA PSK The L3 Tunnel Subnet is the network IP address of the VLAN routing interface configured in the procedures for Creating...

Page 223: ... a DHCP server or use static IP addresses for all devices you must enable DHCP relay on the switch so that the switch can forward DHCP requests from the roaming wireless clients to the DHCP server on your network If you choose to use the Unified Switch as a DHCP server for wireless clients you must configure the DHCP server and the address pool for wireless clients Configuring the Relay Agent Use ...

Page 224: ...an serve IP addresses to wireless clients that use other networks such as the Guest Network or Corporate LAN The following commands show how to configure a DHCP server to use for the wireless clients that connect to the L3 Tunnel wireless network 1 From Global Config mode enable DHCP switch prompt Config service dhcp 2 Exclude the IP addresses in the range of 192 168 60 1 through 192 168 60 50 whi...

Page 225: ...enter the range of IP addresses that you do not want to assign to wireless clients then click Submit 2 Navigate to the Administration DHCP Server Pool Configuration page and select Create from the Pool Name drop down menu 3 Enter a name for the address pool in the Pool Name field and select Dynamic from the Type of Binding drop down menu 4 Enter a network number network mask and default router add...

Page 226: ...226 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 227: ...vice is compromised the audio or video will be distorted QoS and Load Balancing By using a combination of load balancing and QoS techniques you can provide a high quality of service for time sensitive applications even on a busy network Load balancing sets thresholds for client associations and AP utilization QoS is a means of allocating bandwidth and network access based on transmission prioritie...

Page 228: ... multiple queues The queues provided offer built in prioritization and routing based on the type of data being transmitted The Administration UI provides a way for you to configure parameters on the queues QoS Queues and DSCP on Packets QoS on the D Link Unified Access System leverages WMM information in the IP packet header related to Diff Serv Code Point DSCP Every IP packet sent over the networ...

Page 229: ... Data Frames and AIFS Data is transmitted over 802 11 wireless networks in frames A frame consists of a discrete portion of data along with some descriptive meta information packaged for transmission on a wireless network Each frame includes a source and destination MAC address a control field with protocol version frame type frame sequence number frame body with the actual information to be trans...

Page 230: ...ned The value specified for the Minimum Contention Window is the upper limit of a range for the initial random backoff wait time The number used in the random backoff is initially a random number between 0 and the number defined for the Minimum Contention Window If the first random backoff time ends before successful transmission of the data frame the access point increments a retry counter and do...

Page 231: ...se of 802 1p is to prioritize network traffic at the data link MAC layer The 802 1q tag includes a three bit field for prioritization which allows packets to be grouped into various traffic classes Eight priority levels are defined The highest priority is seven which might go to network critical traffic voice The lowest priority level is zero this is used as a best effort default it is invoked aut...

Page 232: ...itization Table 83 outlines the VLAN priority and DSCP values Table 83 VLAN Priority Tags VLAN Priority Priority DSCP Value 0 Best Effort 0 1 Background 16 2 Background 8 3 Best Effort 24 4 Video 32 5 Video 40 6 Voice 48 7 Voice 56 START Is VLAN tag YES Take Priority from DSCP Is VLAN priority tag VLAN id 0 Take priority from tag Is priority tag 0 NO Take priority from tag Take Priority from DSCP ...

Page 233: ...e and exclusive remedy and the entire liability of D Link and its suppliers under this Limited Warranty will be at D Link s option to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund the actual purchase price paid Any repair or replacement will be rendered by D Link at an Authorized D Link Service Office The replacement hardware ne...

Page 234: ...d hereunder for Hardware and Software portions of D Link s products will not be applied to and does not cover any refurbished product and any product purchased through the inventory clearance or liquidation sale or other sales in which D Link the sellers or the liquidators expressly disclaim their warranty obligation pertaining to the product and in that case the product is being sold As Is withou...

Page 235: ...ance Damage that occurs in shipment due to act of God failures due to power surge and cosmetic damage Any hardware software firmware or other products or services provided by anyone other than D Link and Products that have been purchased from inventory clearance or liquidation sales or other sales in which D Link the sellers or the liquidators expressly disclaim their warranty obligation pertainin...

Page 236: ...from D Link Corporation D Link Systems Inc as stipulated by the United States Copyright Act of 1976 and any amendments thereto Contents are subject to change without prior notice Copyright 2007 by D Link Corporation D Link Systems Inc All rights reserved CE Mark Warning This is a Class A product In a residential environment this product may cause radio interference in which case the user may be re...

Page 237: ...Warranty USA Only Product Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Page 238: ...termines in its sole discretion that it is not practical to repair or replace the defective Hardware the price paid by the original purchaser for the defective Hardware will be refunded by D Link upon return to D Link of the defective Hardware All Hardware or part thereof that is replaced by D Link or for which the purchase price is refunded shall become the property of D Link upon replacement or ...

Page 239: ...with all shipping costs prepaid D Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements or for which an RMA number is not visible from the outside of the package The product owner agrees to pay D Link s reasonable handling and return shipping charges for any product that is not packaged and shipped in accordance with the foregoi...

Page 240: ...cidental or consequential damages or limitations on how long an implied warranty lasts so the foregoing limitations and exclusions may not apply This limited warranty provides specific legal rights and the product owner may also have other rights which vary from state to state Trademarks Copyright 2007 D Link Corporation Contents subject to change without prior notice D Link is a registered tradem...

Page 241: ...ian customers can contact D Link technical support through our website or by phone Tech Support for customers within the United States D Link Technical Support over the Telephone 877 354 6555 Monday to Friday 8 00am to 5 00pm PST D Link Technical Support over the Internet http support dlink com email support dlink com Tech Support for customers within Canada D Link Technical Support over the Telep...

Page 242: ...peedy resolution for your problem For Customers within the United Kingdom Ireland D Link UK Ireland Technical Support over the Internet http www dlink co uk ftp ftp dlink co uk D Link UK Ireland Technical Support over the Telephone 08456 12 0003 United Kingdom 1890 886 899 Ireland Lines Open 8 00am 10 00pm Mon Fri 10 00am 7 00pm Sat Sun For Customers within Canada D Link Canada Technical Support o...

Page 243: ...de E Mail support dlink de Telefon 49 1805 2787 0 12 Min aus dem Festnetz der Deutschen Telekom Telefonische technische Unterstützung erhalten Sie Montags bis Freitags von 09 00 bis 17 30 Uhr Unterstützung erhalten Sie auch bei der Premiumhotline für D Link Produkte unter der Rufnummer 09001 475767 Montag bis Freitag von 6 22 Uhr und am Wochenende von 11 18 Uhr 1 75 Min aus dem Festnetz der Deutsc...

Page 244: ...echnique destiné aux clients établis en France Assistance technique D Link par téléphone 0820 0803 03 N INDIGO 0 12 TTC min Prix en France Métropolitaine au 3 mars 2005 Du lundi au samedi de 9h00 à 19h00 Assistance technique D Link sur internet http www dlink fr e mail support dlink fr Support technique destiné aux clients établis au Canada Assistance technique D Link par téléphone 800 361 5265 Lu...

Page 245: ...de D Link D Link ofrece asistencia técnica gratuita para clientes residentes en España durante el periodo de garantía del producto Asistencia Técnica de D Link por teléfono 34 902 30 45 45 Lunes a Viernes de 9 00 a 14 00 y de 15 00 a 18 00 Asistencia Técnica de D Link a través de Internet http www dlink es support e mail soporte dlink es ...

Page 246: ...enti e la documentazione sono disponibili sul sito D Link Supporto tecnico per i clienti residenti in Italia D Link Mediterraneo S r L Via N Bonnet 6 B 20154 Milano Supporto Tecnico dal lunedì al venerdì dalle ore 9 00 alle ore 19 00 con orario continuato Telefono 02 39607160 URL http www dlink it supporto html Email tech dlink it ...

Page 247: ...hin the Netherlands D Link Technical Support over the Telephone 0900 501 2007 Monday to Friday 9 00 am to 10 00 pm D Link Technical Support over the Internet www dlink nl Tech Support for customers within Belgium D Link Technical Support over the Telephone 070 66 06 40 Monday to Friday 9 00 am to 10 00 pm D Link Technical Support over the Internet www dlink be Tech Support for customers within Lux...

Page 248: ...ernetowym firmy D Link D Link zapewnia bezpłatną pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D Link za pośrednictwem Internetu lub telefonicznie Telefoniczna pomoc techniczna firmy D Link 48 12 25 44 000 Pomoc techniczna firmy D Link świadczona przez Internet URL http www dlink pl e mail dlink fixit pl ...

Page 249: ...stránce firmy D Link D Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky mailem nebo telefonicky Web http www dlink cz suppport E mail support dlink cz Telefon 224 247 503 Telefonická podpora je v provozu PO PÁ od 09 00 do 17 00 ...

Page 250: ...pjáról tölthet le Telefonon technikai segítséget munkanapokon hétfőtől csütörtökig 9 00 16 00 óráig és pénteken 9 00 14 00 óráig kérhet a 1 461 3001 telefonszámon vagy a support dlink hu emailcímen Magyarországi technikai támogatás D Link Magyarország 1074 Budapest Alsóerdősor u 6 R70 Irodaház 1 em Tel 06 1 461 3001 Fax 06 1 461 3004 email support dlink hu URL http www dlink hu ...

Page 251: ... Links web sider D Link tilbyr sine kunder gratis teknisk support under produktets garantitid Kunder kan kontakte D Links teknisk support via våre hjemmesider eller på tlf Teknisk Support D Link Teknisk telefon Support 800 10 610 Hverdager 08 00 20 00 D Link Teknisk Support over Internett http www dlink no ...

Page 252: ...dokumentation på D Link s hjemmeside D Link tilbyder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode Danske kunder kan kontakte D Link s tekniske support via vores hjemmeside eller telefonisk D Link teknisk support over telefonen Tlf 7026 9040 Hverdager kl 08 00 20 00 D Link teknisk support på Internettet http www dlink dk ...

Page 253: ...Link tarjoaa teknistä tukea asiakkailleen Tuotteen takuun voimassaoloajan Tekninen tuki palvelee seuraavasti Arkisin klo 9 21 numerosta 0800 114 677 Internetin kautta Ajurit ja lisätietoja tuotteista http www dlink fi Sähköpostin kautta voit myös tehdä kyselyitä ...

Page 254: ...a mer information om mjukvaru uppdateringar och annan användarinformation D Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt Teknisk Support för kunder i Sverige D Link Teknisk Support via telefon 0770 33 00 35 Vardagar 08 00 20 00 D Link Teknisk Support via Internet http www dlink se ...

Page 255: ...ilizador no site de D Link Portugal http www dlink pt A D Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto Suporte Técnico para clientes no Portugal Assistência Técnica Email soporte dlink es http www dlink pt support ftp ftp dlink es ...

Page 256: ...ης D Link Η D Link προσφέρει στους πελάτες της δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε με το τμήμα τεχνικής υποστήριξης μέσω της ιστοσελίδας ή μέσω τηλεφώνου Για πελάτες εντός του Ελλαδικού χώρου Τηλεφωνική υποστήριξη D Link Τηλ 210 86 11 114 Φαξ 210 86 53 172 Δευτέρα Παρασκευή 09 00 17 00 e mail support dlink gr Τεχνική υποστήριξη D Link μέσω Internet http www dlink gr ftp ...

Page 257: ... 7 00PM http www dlink co in support productsupport aspx Indonesia Malaysia Singapore and Thailand Tel 62 21 3851275 Indonesia Tel 1800 882 880 Malaysia Tel 65 66229355 Singapore Tel 66 2 719 8978 9 Thailand Monday to Friday 9 00am to 6 00pm http www dlink com sg support e mail support dlink com sg Korea Tel 82 2 890 5496 Monday to Friday 9 00am to 6 00pm http www d link co kr e mail lee d link co...

Page 258: ...o Thursday 9 00am to 5 00pm http www dlink co il support e mail support dlink co il Pakistan Tel 92 21 4548158 or 92 21 4548310 Sunday to Thursday 9 00am to 6 00pm http support dlink me com e mail support pk dlink me com South Africa and Sub Sahara Region Tel 27 12 665 2165 08600 DLINK for South Africa only Monday to Friday 8 30am to 9 00pm South Africa Time http www d link co za Turkey Tel 90 212...

Page 259: ...ет сайте D Link D Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока Клиенты могут обратиться в группу технической поддержки D Link по телефону или через Интернет Техническая поддержка D Link 495 744 00 99 Техническая поддержка через Интернет http www dlink ru e mail support dlink ru ...

Page 260: ... 08 00 am a 21 00 pm Soporte Técnico Help Desk Colombia Teléfono 01800 9525465 Lunes a Viernes 07 00 am a 20 00 pm Soporte Técnico Help Desk Ecuador Teléfono 1800 035465 Lunes a Viernes 07 00 am a 20 00 pm Soporte Técnico Help Desk El Salvador Teléfono 800 6335 Lunes a Viernes 06 00 am a 19 00 pm Soporte Técnico Help Desk Guatemala Teléfono 1800 8350255 Lunes a Viernes 06 00 am a 19 00 pm Soporte ...

Page 261: ...l www dlinkbrasil com br A D Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto Suporte Técnico para clientes no Brasil Telefone São Paulo 11 2185 9301 Segunda à sexta Das 8h30 às 18h30 Demais Regiões do Brasil 0800 70 24 104 E mail e mail suporte dlinkbrasil com br ...

Page 262: ...262 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 263: ...umentasi pengguna dapat diperoleh pada situs web D Link Dukungan Teknis untuk pelanggan Dukungan Teknis D Link melalui telepon Tel 62 21 3851275 Senin sampai Jumat 9 00 12 30 14 00 18 00 Waktu Singapura Dukungan Teknis D Link melalui Internet e mail support dlink com sg ...

Page 264: ...264 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access System User Manual ...

Page 265: ... 320 23 07 URL www dlink eu Spain Avenida Diagonal 593 95 9th floor 08014 Barcelona Spain TEL 34 93 409 07 70 FAX 34 93 491 07 95 URL www dlink es Sweden Gustavslundsvägen 151B S 167 51 Bromma Sweden TEL 46 0 8 564 619 00 FAX 46 0 8 564 619 01 URL www dlink se Switzerland Glatt Tower 2 OG Postfach CH 8301 Glattzentrum Switzerland TEL 41 0 1 832 11 00 FAX 41 0 1 832 11 01 URL www dlink ch Singapore...

Page 266: ...l Use 2 How many employees work at installation site 1 employee 2 9 10 49 50 99 100 499 500 999 1000 or more 3 What network protocol s does your organization use XNS IPX TCP IP DECnet Others_____________________________ 4 What network operating system s does your organization use D Link LANsmart Novell NetWare NetWare Lite SCO Unix Xenix PC NFS 3Com 3 Open Cisco Network Banyan Vines DECnet Pathwor...

Page 267: ...Registration Card All Countries and Regions Excluding USA 267 ...

Page 268: ......

Reviews:

No comments

Related manuals for DWS-3024L

Paradyne 6388 User Manual preview
6388
Brand: Paradyne Pages: 86
Sandberg Wireless G54 USB Manual preview
Wireless G54 USB
Brand: Sandberg Pages: 24
NC-link NC-AP212 User Manual preview
NC-AP212
Brand: NC-link Pages: 13
RAK WISAP-MT7628 User Manual preview
WISAP-MT7628
Brand: RAK Pages: 19
Edimax EW-7416APn Quick Installation Manual preview
EW-7416APn
Brand: Edimax Pages: 15
Digisol DG-WM6305SIE2 User Manual preview
DG-WM6305SIE2
Brand: Digisol Pages: 29
Vaisala VaiNet AP10 Manual preview
VaiNet AP10
Brand: Vaisala Pages: 76
Pakedge Device & Software W7 SERIES User Manual preview
W7 SERIES
Brand: Pakedge Device & Software Pages: 57
Buffalo AirStation WHR3-G54 Quick Setup Manual preview
AirStation WHR3-G54
Brand: Buffalo Pages: 10
AirLive AIRLIVE WL-5430AP User Manual preview
AIRLIVE WL-5430AP
Brand: AirLive Pages: 36
Air Live WN-151ARM Quick Setup Manual preview
WN-151ARM
Brand: Air Live Pages: 2
Air Live wl-5460apv2 Quick Setup Manual preview
wl-5460apv2
Brand: Air Live Pages: 44
LogiLink WL0156 Instruction preview
WL0156
Brand: LogiLink Pages: 5
LogiLink wl0143 Quick User Manual preview
wl0143
Brand: LogiLink Pages: 13
Credo mobile AIRAVE User Manual preview
AIRAVE
Brand: Credo mobile Pages: 6
Watchguard WatchGuard AP Series Quick Start Manual preview
WatchGuard AP Series
Brand: Watchguard Pages: 9
Gigafast WF711-APR User Manual preview
WF711-APR
Brand: Gigafast Pages: 62
AirLive WH-9000MESH User Manual preview
WH-9000MESH
Brand: AirLive Pages: 66

Brands by name

Popular brands

Load more brands