Wireless Controller - D-Link
Contents
1. 248 SPIIEDNS Na MES c deret seni tnat n dodest Ra OO de CUN QU REN PIU Nm Ies RIN SNS 249 B x u sz n To SRM SIN ERN IRI E RR NR NR E ARI DRIN IIO IND Coane 250 acia e OT E 251 TEusted Certificates oc tb toe dei MS E SE LM E UU UE 251 Active Self Certificates seen tuii atom cte Iun UE NEUE iS Sin ESEK Ka EDUC pA UL ETE CHAUD 252 Self Certificate Requests ento siae tenia auta dri ada tes DOR RR REOR o cR HD RH rA ERR 253 Easy VPN SQtup mn ae 254 D Link DWC 1000 User Manual 10 kg amen 255 EEIN ONT Ec RN Ko PE MR M PN 256 PPTP Active Users List T 257 TEVEN seh icy ee aushsvshadaaeansad essen CEN a ces A ars 258 SEN O aion seus xs cecau ccs suse a tsns cele c 258 EIT PACtIVe edic sete cia rs N 259 SSE VEN T ONS 260 OTE els S a RR ERN rp E 260 P rtal E rot iaa 262 FS OIC 128 NNNM RR A ERR E RN RR NIRE RR NN RN INE INNUIT RUNTIME 264 Add ING RBSOU EB decas Pede Cain iun evens ak nd Paene rena Te 264 PortForwardingtss oon NR NEED NEM denote ec sea ons t Ca a ss ee 266 CIENT RM E S ERROR TROP 267 STEERER CSS casdc does tea raten tain as eme NT RPSL ORE Rt PA ORE E a QURE LG na CUBES 268 ODOT VPN oco tities 269 viz id g 5 ASCENDENS Hnc DE RCM RONSE 269 zip M Rd2. 19 LiripacklHustetieto E etree err RU e ener fetu idea SI D a M a ON NM 19 Selecting A LOCATON oss naso i Sepa essees Eua fup prO rg en Favre ei us FO Hacc Fac dana 19 Rack MOUFIL sco qid esa Qe rp a YR UR c pae AU OIN hr eia eb ptu te dte di 20 Connecting the Wireless Controller soos es pee ERE RR PUB RERO OR ERO GC mins Maton de RUNE 21 Basic Configuration ER 22 Log in to the Web Management Interface ccsssssssssssssecsssssessnssscsssssscsnsssessucsscsssssscsuscsessuceaccsscsecsuscsssnseacesseeseessesees 23 Web Management Interface Layout sssscsscssssssecssecssscnsecsssessessscsuscssecssccsscesscessecsscesecsuscsscceseesscensesssecuccessesseesusenseess 25 Standard Web Management Interface Features ccscssssssssscsscssssessessecssssssssssssessessscssssseesussacsncscssscseesnscaesanseseeseess 26 Basic Configuration Procedures uoces ere aic RE UR UA ENIM antares CER EE EU HER ANKE ERE ONERE TUR 27 Step 1 Enable DHCP Server Optional csssesssssssssssseesssssessnssscssssseesnsssssnssscssssssssusssssussscsssessesusssncsncesceseess 28 Step 42 Configure Country Code 3 ecce i eret ttes tomb ne EUR p e Ee e da ien Cep peb uuu petes onde 29 Step 3 Select APs to be Managed eese eese te ntnnttnt entes R tto stets stata stato stsas 30 Step 4 Change the SSID and Set Up Security ou ssssssssscsecssecssecsccssccssecseecsecssecsuccsscesecsuccssesse
3. 269 WI d 270 Access Server Client n RE Do WERE eL Spp rure sve Po ce D Dp 271 Eotcal INS OE eS aei enden didt nivem ea inm ta SEE S E ER CURES E US 272 Rertiote NepWorKs 5 e S C NR E E RUBER RAN NUR EUR AEE AEA 273 AUTHENTICATION x sco fap ica Pe prtieigle e p gal is eicere eei ase teeth Erosion eigo ed pres 274 Status and Statistics renis P QR DN E VEN NE YER ISVA VENE SE EAE ETE NkHHAVAR e CHE IHE YERU VAR HERE VERE YRL UVP esses Pes Tod E Poen uS 275 Viewing Statistic and Utlizatiohis sss RERO ED UR RR ERROR IU TNR DAUERN ORO NT NU aaa 276 Manage Dashboard sine waves ri pibeiagetes presidida fe prae ava pen S S nice pd cpi cen cep Died 277 Viewing Systemi SUI TUS srar oiu o spei are qi Gd o e OP PGE EO ERE DA EUR Deb AE 279 Viewing USB Status ce UE Ea Er n uito oe on qam se bd pueti p uv eta ci e RU CREE A UI LEE 280 Viewing DACP Clients testo poca pup ecsa wkp un Fed RR Eun RE nr ei LOO Cet Uie 281 Viewing Captive Portal Sessions ccsssssssssesssssesssssscsssssessssssssucsssssscsscsuscsscsuceasesscsscsuscssssusessessesscsnsesscsncensenss 282 Viewing Active SESSIOINS senis tote dee oho eine e bre e Un ne AR D RO UN Ire SA ak 283 Viewing VPN SESSIONS dco eer eis otiosa te tvase iab en cien beoe inap ai e eee Netus qu Oud a iai 284 Viewing Traffic on Interfaces onoxtidia e RE Qi rto BRE ARCU RR ra ted A RP WERT GR e E e 285 Viewing Controller Status and Statistics ccccscssssessscsssssscssssscsecsscsssssscsssssecsuss
4. LONE a No Tris oa a Tr Lodi Cua sari i fel Cur GLa Reger Vi Liis Hali Dbe sas kesif ba pey bp bey led Car Boe Dees A eed elie ir grucoaps Lal s iqmels UE parran Tha spem BE parca 02 aie i B opa WUURB IH La irm Fp mit permis Tra fen dati i anes asc es Coll Carnifiretes Ls m Paida rri pi mer wd irn e ram eer rubr Tta la A l i 2 Click the Browse button Locate your certificate and click Open 3 Click Upload Lido iiie dl i tl i ll e IER IY ee TS Curiis uin Hike Bank ee D Link DWC 1000 User Manual 252 Section 7 VPN Self Certificate Requests To request a self certificate to be signed by a CA you can generate a Certificate Signing Request from the switch by entering identification parameters and passing it along to the CA for signing Once signed the CA s Trusted Certificate and signed certificate from the CA are uploaded to activate the self certificate validating the identity of this switch The self certificate is then used in IPSec and SSL connections with peers to validate the switch s authenticity To generate a certificate signing request 1 Click VPN gt IPSec VPN gt Certificates gt Self Certificate Requests ca man bwri i o asir p a pru E brin ries m 2 Click New Self Certificate 3 Complete the fields in the table below and click Save Eanair jeti Ceipinzus Aigi o apaa E Temi man iyis ari aquai mrs hangs
5. Beje gr os o 0 Tiii Page ille prr o eiie edd deleneiedit Prefs Leti Unt dar Pet pemiiguratien Web Preiir Length Lisi mem coo rpm Rib atch oe rond e mn pend Br dafa salas im Lelie Tat tn Li seers 6 Click Add New Prefix Length tert Prete Lewath ComPlquration a ELIT sets Lag Ba r 7 Enter the IPv6 Prefix and Prefix Length Click Save D Link DWC 1000 User Manual 124 Section 5 Advanced Network Configuration IPv6 Router Advertisement Path Network gt IPv6 gt LAN Settings gt Router Advertisement Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients in that the controller will assign an IP address and supporting network information to devices that are configured to accept such details Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN By configuring the Router Advertisement Daemon on this controller the DWC will listen on the LAN for controller solicitations and respond to these LAN hosts with router advisements 1 Goto Network gt IPv6 gt LAN Settings gt Router Advertisement tab s bide direi hia La Lred unsa Peete bas tombe Ceres BACHE bie 1atui Adee eres mr atime Lp ed Bo jie Aer DUO jii E HR Hh Piers SA parlem MUR aa abe ged a Fem e LER iei Praeneste ers GB vaip et Hag xataurk brissenkan ia me dhr mom sete te arrap mash an A m pum bese b orresanrsc
6. 2 Complete the fields below and click Save Your access point will be configured to use RADIUS authentication server 3 Click Server Checking to test the connection between the DWC 1000 and your RADIUS server Field Description Server Checking Click to test the connection between the controller and your RADIUS server AU nehueagen server IP address of your RADIUS authentication server IP Address Authentication Port RADIUS authentication port number to send RADIUS messages Enter the secret key that allows the device to log into the configured RADIUS server It must Secret match the secret on RADIUS server Set the timeout in seconds The controller should wait for a response from the RADIUS server Retie The number of tries the controller will make to the RADIUS server before giving up D Link DWC 1000 User Manual 48 Section 3 Basic Configuration Step 9 Configure Guest Management The wireless controller can generate temporary guest accounts from front desk manage accounts To configure guest management perform the following procedure 1 Create a front desk group a Go to Security gt Authentication gt User Database gt Groups The Groups List page will appear b Click Add New Group The Group Configuration page will appear c Fillin group name and description and select Front Desk on User Type Ermo iepen E 2 Add front desk users a Go to Security gt Authentication gt
7. Field Description If you enable this field the SNMP agent sends a trap if an AP fails to associate or AP Failure Traps authenticate with the controller If you enable this field the SNMP agent sends a trap for one of the following reasons Managed AP Discovered AP State Change Traps Managed AP Failed Managed AP Unknown Protocol Discovered Managed AP Load Balancing Utilization Exceeded Client Failure Traps If you enable this field the SNMP agent sends a trap if a wireless client fails to associate P or authenticate with an AP that is managed by the controller If you enable this field the SNMP agent sends a trap for one of the following reasons associated with the wireless client Client State Change Traps Client Association Detected e Client Disassociation Detected e Client Roam Detected If you enable this field the SNMP agent sends a trap for one of the following reasons associated with a peer controller Peer Controller Discovered Peer Controller Traps Peer Controller Failed Peer Controller Unknown Protocol Discovered Configuration command received from peer controller The controller does not need to be Cluster Controller for generating this trap If you enable this field the SNMP agent sends a trap when the RF scan detects a new RF Scan Traps AP wireless client or ad hoc client If you enable this field the SNMP agent sends a trap when the controller discovers a Rogue AP Traps rogue AP The agent also
8. e Distributed Tunnel Timeout Specify the number of seconds before the tunnel to the roamed client is terminated and the client is forced to change its IP address e Distributed Tunnel Max Multicast Replications Allowed Specify the maximum number of tunnels to which a multicast frame is copied on the Home AP 3 Click Save D Link DWC 1000 User Manual 75 Section 4 Advanced WLAN Configuration WLAN Visualization WLAN Visualization is a tool that provides a graphical representation of the wireless network through a Web browser The WLAN Visualization graph does not have a background image of its own and so the administrator can upload a static graphic image that provides the wireless topology of the APs and controllers in the wireless network Upload Images General gt WLAN Visualization Image User can upload one or more images such as your office floor plan to provide customized information for the WLAN Visualization feature Images file formats that are recommended to upload should be in one of the following formats e GIF Graphics Interchange Format e JPG Joint Photographic Experts Group It is also recommended that you do not use color images since the WLAN components might not show up well Once user uploads an image file and save the running configuration the image remains on the controller and you can assign it to an existing graph using the WLAN Deployment application Deleting Images This o
9. D Link DWC 1000 User Manual 225 Section 6 Securing Your Network Facebook Wi Fi Path Security gt Authentication gt Facebook WiFi Register the controller with Facebook so users can be directed to your facebook page when accessing the network To configure 1 Go to Security gt Authentication gt Facebook WiFi ee ee a eee 0 Turksa sfida m niae piris pe baie ia sum a akran igm ns yi Pur ati l a com Fass GC Dabrdiucakd sica sasis Parr saad zuormgecrtv ga wma eee ac Parades Thn papi s cusa m rapire amus pude maccmaat pags at9 barrera Terbi Wili Aurhenzirariaa 2 Complete the information from the table below and click Save Field Description Registration Name Enter the name you want to register and click Register Registration Status Displays whether the controller is registered with Facebook or not Registration URL Once the controller are registered you must pair your merchant page with the Registration Url Configuration Status Displays whether the controller is paired with the merchant page or not Ree OS Click to unregister the controller D Link DWC 1000 User Manual 226 Section 6 Securing Your Network Web Content Filter The controller offers some standard web filtering options to allow you to easily create internet access policies between the secure LAN and insecure WAN Instead of creating policies based on the type of traffic as is the case when using firewall rules web
10. Path Status gt Wireless Information gt Access Point gt Hardware Capability The wireless controller supports access points that have different hardware capabilities such as number of radios supported IEEE 802 11 modes and software images Using the AP Hardware Capability page you view information about the radio hardware and IEEE modes supported by access points as well as software images that are available for download to the access point W pups pru ram ee eee p h Pics mium bees Find um dor E iim Pm eed ite AP T mre Ja Jab nomaj lar gari omar mu te n ml Tal cK maus aba pr i gu e TEL eral eee pe i lt men ba mawT W ma IT 1 amp ruinis pem i oed ima eto i p TO Ful Po rU y m 1 m diii ey Whe Pl H re Field Description Shows the ID number assigned to each access point hardware type The Hardware Type ae wireless controller supports six different types of access point hardware Hardware Type Description Describes the platform and the supported IEEE 802 11 modes Radio Count Shows whether the hardware supports one radio or two radios Image Type Shows the type of software the hardware requires The right click option will display the radio Information for the selected hardware type AP H rdvrare Radio Capability o EISE Be eater EIE E j i Cu Hardware Tepe Deicriatian EWL I amp DIAP Single Badia bi pin Radia blo de E Radio 2 Radia Count I M3 he Support Diu ble R
11. The WDS links are secured using WPA2 Personal authentication and AES encryption This page displays summary information about configured WDS links At least one group must be configured for the fields to display To configure a WDS AP group use the pages from Wireless gt Access Point gt WDS Groups tern Wiwa iiias WM regs en og o Wot fey oP Tite A03 Gale f WES eh tiata IIIS ES IE This gage dinslaps pment bci malian ele noel gara Wh Bode WDA Groups Sa atus Lr JMEMUL 7 ria right cick ogee LEE ALI Description oo 0D Unique number that identifies the WDS AP group Configured AP Count Number of APs configured in this WDS AP group Number of Root APs currently being managed by the controller that are Connected Root AP members of this WDS AP Group Number of Satellite APs currently being managed by the controller that are Connected stelle AF members of this WDS AP Group Configured WDS Link Count Number of configured bidirectional links in the WDS AP Group Number of WDS links detected in the system APs on both sides of the link Detected WDS Links Count must detect each other in order for the link to be counted D Link DWC 1000 User Manual 314 Section 8 Viewing Status and Statistics WDS Group AP Status Path Status gt Wireless Information gt WDS Groups Status gt WDS Group AP Status The WDS AP Group Status page displays detailed information about the configured APs
12. bm i daan 1 3 Complete the fields in the table on the next page and click Save D Link DWC 1000 User Manual 162 Section 5 Advanced Network Configuration Field Description Enter a unique name for this static route The name should allow you to easily identify Route Name this static route from others you may add Activates or deactivates the status route Choices are Active ON activate static route OFF deactivate static route Designates the static route as private Choices are Private e ON static route is private OFF static route is not private Destination IP Address Enter the IP address of the static route s destination IP Subnet Mask Enter the subnet mask of the static route Select the wireless controller interface that will interface to the static route Choices are Option 1 Option 2 The wireless controller s Option port will interface to the static route LAN VLAN The wireless controller s LAN or VLAN port will interface to the static route DMZ The port configured for DMZ will interface to the static route Interface Gateway IP Address abi address ofthe gateway router which is the next hop address for the wireless Metric Enter the administrative distance of the route D Link DWC 1000 User Manual 163 Section 5 Advanced Network Configuration Configure IPv6 Static Routing Path Network Routing IPv6 Static Routing Manually adding stati
13. lim Uis NI Capes Parki ias 3 Complete the fields in the table below and click Save Field Description Group Configuration Enter a unique name for this group The name should allow you to easily identify this Group Name group from others you may add Enter a description for this user group User Type Click this to grant all users in this group super user privileges By default there is one admin user The group types for Admin users are e Captive Portal User The users of the group having Captive Portal privilege will have permissions to access the Internet Networks through Captive Portal authentication The users of the group having Front Desk User privilege will have permissions to create temporary users who can access Internet Network by using Hotspot The users of the group having Guest User privilege will only have view only permissions Such users cannot configure the device Enter the number of minutes of inactivity that must occur before the users in this user Idle Timeout group are logged out of their web management session automatically Entering an Idle Timeout value of 0 zero means never log out Selecting Network enables an extra option by default the group types for Network users are e Captive Portal User The users of the group having Captive Portal privilege will have permissions to access the Internet Networks through Captive Portal authentication D Link DWC 1000 User Manual 195 S
14. 3 Complete the fields in the table on the next page and click Save D Link DWC 1000 User Manual 167 Section 5 Advanced Network Configuration TT eer LEE iaa Prism blark is barca i Vind miar kai Bars ds align Tepe Field Description OSPFv2 Enable Toggle ON to enable OSPF Displays the physical network interface on which OSPFv2 is Enabled Disabled Enter the area to which the interface belongs Two controllers having a common segment their interfaces have to belong to the same area on that segment The interfaces should belong to the same subnet and have similar mask Helps to determine the OSPFv2 designated controller for a network The controller with the highest priority will be more eligible to become Designated Controller Setting the value to 0 makes the controller ineligible to become Designated Controller The default value is 1 Lower the value means higher the priority Priority The number of seconds for Hello Interval timer value Enter the number in seconds that the Hello Hello Interval packet will be sent This value must be the same for all controllers attached to a common network The default value is 10 seconds The number of seconds that a device s hello packets must not have been seen before its neighbors declare the OSPF controller down This value must be the same for all controllers attached to a Dead Interval common network The default value is 40 seconds OSPF requires these i
15. IP Aliasing Path Network gt Internet gt IP Aliasing A single Option Ethernet port can be accessed via multiple IP addresses by adding an alias to the port This is done by configuring an IP Alias address To edit or delete any existing aliases right click the alias and select either Edit or Delete To create a new alias 1 Click Network gt Internet gt IP Aliasing fee o me Peg 0 Ce ee ee een ee ee N ram a mnai oma abet F m ircams Wa nh m norm ir ia pmi Tha n ee en ery E 2 Click Add New IP Aliasing 3 Enter the following information and click Save HE Alaura unl ipur atium o marire F rami F Bieu lekta Mb nd Field Description Select either Option1 or Option2 IP Address Enter an alias IP address for the Option interface you selected Subnet Mask Enter a subnet mask for the Option interface you selected Click to save and activate your settings D Link DWC 1000 User Manual 147 Section 5 Advanced Network Configuration DMZ DHCP Reserved IPs The controllers s DHCP server can assign IP settings to your DMZ clients on your network by adding a client s MAC address and the IP address to be assigned Whenever the controller receives a request from a client the MAC address of that client is compared with the MAC address list present in the database If an IP address is already assigned to that computer or device in the database the customized IP address is configured otherwi
16. Standalone AP Mode e Managed access point profile configuration has been applied to the access point and the access point operating in managed mode Rogue access point has not tried to contact the wireless controller and the access point s MAC address is not in the Valid AP database Optional field to identify location of the access point being managed If AP Mode Standalone the SSID that the access point should be set to This is for Expected SSID reference only If AP Mode Standalone the channel to be used for wireless communication This is Expected Channel for reference only Expected WDS Mode If AP Mode Standalone the WDS Wireless Distributed System mode to be used if you intend to use WDS This is for reference only Expected Security Mode If AP Mode Standalone the security mode to be used This is for reference only Expected Wired Network Mode If AP Mode Standalone select whether wired networking is going to be allowed This is for reference only Authentication Password If AP Mode Managed turn on to require a password for authentication Prfle If AP Mode Managed select a profile to apply for AP configuration Radio If AP Mode Managed this is Wireless radio mode that the access point is using The fields below appear after you have selected Managed AP Mode If AP Mode Managed this is operating channel for the radio Power sd If AP Mode Managed this is percentage of power to use for the radio D
17. 7 Possible causes of interference Access Point Planning 5 Desired access point data rate Wireless Controller Planning Change the wireless controller default password and record it here Wn et i me Configure your time zone and record it here SSID information Service Set Identifier SSID name Security none WEP WPA or WPA2 Use wireless controller as a DHCP server Yes host name and IP address should be assigned dynamically No use DHCP relay or configure static IP addresses and record them below IP address IP subnet mask Gateway IP address Primary DNS server Secondary DNS server l M a Ss NENNEN NER NENNEN O p ERE es i HER Use default radio configuration Profile Name Clients Modes Available 802 11 b g 802 11 n 802 11 b g n 802 11 a 5 GHz Only 802 11 a n 5 GHz Only 802 11 a n ac 5 GHz Only D Link DWC 1000 User Manual 364 sco du n LL NN A Basic Planning Worksheet ET PETI NN CR IP LAN IP address 00 Subnet Mask l Mask IP address range Starting IP address range POT m IP address range Default gateway Default gateway optiona 00 DNS server Primary DNS server e DNS server WINS server ns you connected to the Internet ar and record firmware levels for the wireless controller and all access points DWC 1000 wireless controller DWL 2600AP access point DWL 3600AP access point DWL 6600AP access
18. Also be sure that attached devices are electrically rated to operate with the power available in your location Use only approved power cable s If you have not been provided with a power cable for your system or for any AC powered option intended for your system purchase a power cable that is approved for use in your country The power cable must be rated for the product and for the voltage and current marked on the product s electrical ratings label The voltage and current rating of the cable should be greater than the ratings marked on the product To help prevent electric shock plug the system and peripheral power cables into properly grounded electrical outlets D Link DWC 1000 User Manual e These cables are equipped with three prong plugs to help ensure proper grounding Do not use adapter plugs or remove the grounding prong from a cable If you must use an extension cable use a 3 wire cable with properly grounded plugs Observe extension cable and power strip ratings Make sure that the total ampere rating of all products plugged into the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or power strip e To help protect your system from sudden transient increases and decreases in electrical power use a surge suppressor line conditioner or uninterruptible power supply UPS e Position system cables and power cables carefully route cables so that they cannot be steppe
19. Neighbor Client List AP MAC Address The base Ethernet MAC Address of the managed AP which detected the client The configured descriptive location for the managed AP The radio interface and its configured mode that detected the ad hoc device The mechanism of detecting this Ad Hoc device The possible values are Beacon Frame or Data Frame Age SES Time since last detection of the ad hoc network Detection Mode Right click Commands on the WLAN Associated Ad Hoc Clients List Field Description Deletes all ad hoc client entries from the list Clearing the list does not Delete All disassociate any of the ad hoc clients and the clients might still be involved in the ad hoc network ben Blocks an ad hoc client from WLAN access The MAC address is added to the y Known Client database where the default action is Deny Allows an ad hoc client access to the WLAN The MAC address is added to the Known Client database where the default action is Allow D Link DWC 1000 User Manual 310 Section 8 Viewing Status and Statistics Detected Clients Path Status gt Wireless Information gt Associated Clients gt Detected Clients Wireless clients are detected by the wireless system either when the clients attempt to interact with the system or when the system detects traffic from the clients The Detected Client Status page shows information about clients that have authenticated with an access point as well information about clients
20. OFF static route is not private IPv6 Destination The wireless controller will lead to this destination host or IP address IPv6 Prefix Length The number of prefix bits in the IPv6 address that define the subnet Selectthe wireless controller interface that will interface to the static route Choices are Option 1 Option 2 the wireless controller s Option port will interface to the static Interface route LAN the wireless controller s LAN or VLAN port will interface to the static route e Sit0 Tunnel BCCCENG dissidia IPv6 Gateway reached Determines the priority of the route If multiple routes to the same destination exist the route with the lowest metric is chosen Editing Deleting Static Routes After you add static routes you can edit it if you need to change settings To edit a static route right click the static route you want to edit and click Edit To delete a static route right click the static route you want to remove and click Delete D Link DWC 1000 User Manual 165 Section 5 Advanced Network Configuration RIP Path Network gt Routing gt RIP Dynamic routing using the Routing Information Protocol RIP is an Interior Gateway Protocol IGP that is common in LANs With RIP this controller can exchange routing information with other supported routers controllers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traff
21. User Database gt Users The Users List will appear b Click Add New User The User Configuration page will appear c Complete the fields and select the front desk group you created in the previous step on Selected Group em ami quini m eo 3 Create a billing profile a Goto Security gt Authentication gt Billing Profile Click Add New Billing Profile b The billing profile settings include four milestones by timeline D Link DWC 1000 User Manual 49 Section 3 Basic Configuration Account Account Account Account Creation Activation Depletion Expiration Usage Time Usage Volume e Account Creation the temporary account is generated by front desk account in the local database Account Activation the temporary account is activated and it is valid for use Account Depletion the temporary account is run out usage time or usage volume Account Expiration the temporary account is expired no matter usage time volume running out or not and it is removed from the local database Below are five most common types of billing profiles l The temporary account usage time is limited by duration The account has the expiration time The account is valid while the account is created Account Account Creatian Activation Depletion Expiration C h _ y LT 4 Usage Period This billing profile is suitable for the scenario in Hotel The temporary account is created and valid while customers check in I
22. You may add new clients to block To configure blocked clients 1 Go to Security gt Firewall gt Blocked Clients Tensy ee ee Er a e eR page iR n d a iudei MUNI nddedicbi Vinge y iiaia Moth MAC Clients List Bee om Deng CEN wr ee fn gat erm arre Mc cie Senile bo pee 2 Click Add New Blocked Clients Enter the client s MAC address and a description 3 Click Save ae man Anas eens LX 0 D Link DWC 1000 User Manual 234 Section 8 Security Custom Services Path Security gt Firewall gt Custom Services Custom services can be defined to add to the list of services available during firewall rule configuration While common services have known TCP UDP ICMP ports for traffic many custom or uncommon applications exist in the LAN or WAN In the custom service configuration menu you can define a range of ports and identify the traffic type TCP UDP ICMP for this service Once defined the new service will appear in the services list of the firewall rules configuration menu To add delete or edit a custom service 1 Click Security gt Firewall gt Custom Services hag pes mpr a Henid nr jE zm war ia AT ERAT Pied va rur ree EBBE Tip b were E nama Pa mbn ru ua SE GELS prec mam yee iarcia na lm paga sinc Gee pd D43 iR pe pim meh brena a bre van pa pein pusa durum a gt mrii Biya inh nomme da pe cmn ron lr Beets d m li ea 2 Right click an en
23. choosing the network resources from a list of defined resources or defining the IP addresses For applying the policy to addresses the port range port number can be defined The final steps require the policy permission to be set to either permit or deny access to the selected addresses or network resources As well the policy can be specified for one or all of the supported SSL VPN services i e VPN tunnel Once defined the policy goes into effect immediately The policy name SSL service it applies to destination network resource or IP addresses and permission deny permit is outlined in a list of configured policies for the controller Note You must enable Remote Management Refer to VLANs on page 150 To create a new SSL VPN policy 1 Make sure you have enabled remote management and have created user s and group s to assign to this policy 2 Click VPN gt SSL VPN gt SSL VPN Server Policy Next to SSL VPN Server Policy toggle to On and click Save 3 Click Add New SSL VPN Server Policy D Link DWC 1000 User Manual 260 Section 7 VPN 4 Complete the fields from the table below and click Save ES Tees d mens IT E Co yr Se d Um rus sapia Prins na mim mma F ipsis Faits ta ua Basij ni LII T d Pare angr s harp aumie Pai E bua LI inm iman Lr Fuck ficii i Network Resource IP Address Field Description Policy Type Select
24. enables VPN router and firewall functionality via two Gigabit Ethernet Option ports e Purchasable license pack DWC 1000 WCF enables one year dynamic web content filtering to maintain a safe and productive work or study environment The wireless controller must upgrade VPN license DWC 1000 VPN first before enable this license D Link DWC 1000 User Manual 16 Section 1 Product Overview After the site survey is complete use the collected data to set up an RF plan using the Basic Planning Worksheet in Appendix A After you complete the Basic Planning Worksheet select a location for the wireless controller The ideal location should Be flat and clean with no dust water moisture or exposure to direct sunlight or vibrations e Be fairly cool and dry and does not exceed 104 F 40 C Not be prone to variations in temperature and humidity or close to strong magnetic fields or a device that generates electric noise Not place the wireless controller next to on top off or below any device that generates heat or will block the free flow of air through the wireless controller s ventilation slots Leave at least 3 feet 91 4 cm clear on both sides and rear of the controller Allow you to reach the wireless controller and all cables attached to it e Have a working AC power outlet that is not controlled by a wall switch that can accidentally remove power to the outlet Package Contents Each wireless controller package
25. ensure traffic from that IP address is not spoofed In the event of a violation i e the traffic s source IP address doesn t match up with the expected MAC address having the same IP address the packets will be dropped and can be logged for diagnosis 1 Click Network LAN IP MAC Binding 2 Click Add New IP MAC Binding to create a new entry mi ony aria rt ery 3 Enter a name MAC address IP address and select whether to turn dropped packet logging on or off Click Save D Link DWC 1000 User Manual 130 Section 5 Advanced Network Configuration IGMP Setup Note This feature is only available when the DCS 1000 VPN license is activated Path Network gt LAN gt IGMP Setup IGMP snooping IGMP Proxy allows the controller to listen in on IGMP network traffic This then allows the controller to filter multicast traffic and direct it only to hosts that need this stream This is helpful when there is a lot of multicast traffic on the network where all LAN hosts do not need to receive this multicast traffic To enable IGMP Proxy 1 Click Network gt LAN gt IGMP Setup 2 Toggle IGMP Proxy to On 3 Click Save fee ee FEtcHz ares Dhar was bes eo priis ied Phe dut Appry papi ieee a siar im wanb DAP Bra iA i LUS ded me EIE elm dimii be euler ikeir eked beatles Tiira Hem row mana Thi ee a a ID aes sd beii Hp de Pikia bu les deo bh msm Jo men LOI bagh
26. gt Firewall gt ALGs gt SMTP ALGs Simple Mail Transfer Protocol SMTP is a text based protocol used for transferring email between mail servers over the Internet Typically the local SMTP server will be located on a DMZ so that mail sent by remote SMTP servers will traverse the controller to reach the local server Local users will then use email client software to retrieve their email from the local SMTP server SMTP is also used when clients are sending email and SMTP ALG can be used to monitor SMTP traffic originating from both clients and servers 1 Click Security gt Firewall gt ALGs gt SMTP ALGs tab 2 Toggle Status to ON 3 Enter the port at which the SMTP packets are inspected 4 Click Save D Link DWC 1000 User Manual 237 Section 8 Security Mail Filtering Path Security gt Firewall gt ALGs gt Mail Filtering 1 Click Security gt Firewall gt ALGs gt Mail Filtering tab tem lt Gee i el ey Ma sia ibn si Mon Lou ie sri Bai h sini re ae oua od ma direi ht gi m ua ceno je gei cae ye B barrer mom 2 Right click an entry and select either Edit or Delete To add a new mail ID click Add New Mail Filter je Emiten piirne me ELT LESS T LN 3 Enter a subject and a mail ID 4 Select to allow or block 5 Click Save D Link DWC 1000 User Manual 238 Section 8 Security VPN Passthrough Path Security gt Firewall
27. imis Penri Ll Tieas 16 dal d ilie Tanay so Bite a Ler a e a TEk pipi hawg thet ul ei aidad pras Ra Dha ambir The waar gia add delete sad adit the gree sba Groups List hem va eimi Regit ee ew recon ts pat ime eg tini a Aima baap Camila rts Cnet Creup D Link DWC 1000 User Manual 197 Section 6 Securing Your Network Configuring Login Policies Path Security gt Authentication gt User Database gt Groups Using the following procedure you can grant or deny a user group login access to the web management interface 1 Click Security Authentication User Database Groups The Groups page will appear 2 Check the box next to a user group 3 Click the Add Login Policies button The Login Policies Configuration page will appear Login Polici uw mune 4 Mas hl BAR EZIEIE 4 Complete the fields from the table below and click Save Settings e Poobleten Coni yur zt toe Lou DUC PNE ON ia r CREE el Re ERU RE Cream ame Eh Lagin Cree Lage hom Goble biarsr aca Field Description Name ofthe group Grants or denies login access to the web management interface for all users in this user group Choices are On Disable login access e Off Enable login access Disable Login Grants or denies login access from the wireless controller s Option port Choices are On Disable login access e Off Enable login access Deny login
28. mos group AF Datus Wos We statui WO LI Sta this Page dicphen nammary ir rematico aboni the pebei gent ant rarcimd an ike WIE Heini WO Lirik Statistics Sew e mats ra eigh rici aptis A Shoeing Obs Qoi D emrics j inci Beti tid mi Field Description pI The group number that identifies the configured WDS AP group Source AP End Point Indicates whether the AP specified by the destination MAC detected the AP specified by the source MAC Source AP Packets Bytes Sent Number of packets bytes sent by the source AP Source AP Packets Bytes Received Number of packets bytes received by the source AP Indicates whether the AP specified by the source MAC detected the AP DESERSHOIUADERSROIIE specified by the destination MAC Destination AP Packets Bytes Sent Number of packets bytes sent by the destination AP Destination AP Packets Bytes Received Number of packets bytes received by the destination AP D Link DWC 1000 User Manual 319 Section 9 Maintenance Maintenance This chapter describes the following maintenance activities e System Settings on page 321 e Activating Licenses on page 323 e Remote Management on page 324 e Using SNMP on page 326 e Backup Configuration Settings on page 332 e Restoring Configuration Settings on page 333 Restoring Factory Default Settings on page 334 e Rebooting the Wireless Controller on page 335 e Wireless Controller Firmware Upgrade
29. ram Dar Gurgadag ITilprerd Feet Serge nri Fari Ta komim prponegr Port dang HAE Port Ta LE Description Enbe Toggle to ON to activate the rule 4 Click on the Application Rules Status tab to see a list of rules and their status Syvum Damri h tesit real Cramer ort orrei Apglcsion Rules that a e Tia pigi Gas a dpplualsm imi Detaled philos gpi Oe ifi naj rp Hr d f ee les Pun Application Rules Statur List Wee s s mmm Tua rigor CR ag rin p m D Link DWC 1000 User Manual 241 Section 8 Security Attack Checks Path Security gt Firewall gt Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the controller unusable Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources Additionally certain Denial of Service DoS attacks can be blocked These attacks if uninhibited can use up processing power and bandwidth and prevent regular network services from running normally ICMP packet flooding SYN traffic flooding and Echo storm thresholds can be configured to temporarily suspect traffic from the offending source 1 Click Security gt Firewall gt Attack Checks 700 op 2 Complete the fields from the table below and click Save Field D
30. A Et UEM dE A Ee E 201 DERM COTE MII MOES KEE EEE cet RS NR RNC 202 Editing DSBES aces Dri o GEOP Deb m dv RH d t p ae i aa 203 JelennddlseEs osos E aorta OU DU MD qM M EE EE Ren TT 204 D Link DWC 1000 User Manual Guest Account Usage Management ccssssssecsssecsssscsscsccssncsesessscnsscsssssssessssenseussssnsssessseesesscaseaceusassneaseseseesesseecenenees 205 Payment GATEWAY A M 209 Bote eie ERR EET MEC Pe 211 Customize the Captive Portal Login Page eese eene tentent tnnt tnn ton ten testes ttattoa tos tts totos 211 Customize the SEA of the Captive Portal oi De RED A ncaa ian Rien S RUND AUR OO Mt 214 Upload SCUSTOI YEN ONE ce een ameti reve tnra abe tetas enn aq natam UR ERR eU 215 External AUCH mi tient 1 RR ao Eni 216 Configure RADIUS Server ussstsa ipsi ap eU OR REY UO UE CBE RR UERBO E CERE epos pi 216 Configure RADIUS Accobtilit siti de gei Rest qon GANE RR OA re pud a up abe denrm 218 Configure RADIUS Accounting Global Setting eee eese tenter ntnntta tentato ntt nottatus 219 Configure POP3 Server ssesiden sospes sies redeas tb sE ESE a EKK EE EE ra SSE Iion 220 Conng re POPS Trusted C A nter ERA EROS a e E T mn BEN IRR 221 Kelair VEA LDAP Serve ness E E RR E E EE aed NR D te 222 Configure Active Directory Server sesssssssesseesersesssssssssssssssssssesseesessseseesseseesteeteereereereereereeeeeeeerereereereereerssrssessess 224
31. AP Profiles Click on the AP Profile SSID tab on the middle menu The Access Point Profiles SSID List will appear Tuis neue Diiin ibi del ited etd pER ay ur Fori Ee ritin rv LE ad AP ire Stor be fie riri muri mend imer m Dee kde 1 Pa gie mr ipli err pm k ILIA ILI LIE rt dace Paper Erotic 330 Lir Vias dmi A ditis o a JEg fet am om qe cm ad brum Hara S Ine demas Dedi Ld LE T tem Diaki om m Trem 7 Tid un T Dialis dra Ba ira Dus pem Pairi ae LI fem Tecno foc Dai Dd fon Term Val iid Marad Dead era Bai DII d dem Curd Ld Ld Frs TI re Dual S foun Tum GEE E Dialis ona fom fom ee oe Tl eben ee ler Lil 7 Select the SSID you wish to edit from the AP Profile drop down menu 8 Clickthe radio button next to the Radio Mode you prefer 9 Select the SSID you wish to configure on the radio from SSID Name drop down menu or right click the SSID network you want to enable and click Enable on the AP Profile SSID List Note SSID ID 1 is always enabled If you do not want to have the first SSID enabled you must create a new SSID to be able to swap another SSID in the first slot D Link DWC 1000 User Manual 36 Section 3 Basic Configuration Step 5 Select MAC Authentication Mode MAC authentication is useful in networks that operate in Open mode to grant and deny access to clients with specific MAC addresses MAC Authentication can also be used in conjunction with 802 1X se
32. Auth History section Rogue Classification D Link DWC 1000 User Manual 312 Section 8 Viewing Status and Statistics Viewing Cluster Information Path Status gt Wireless Information gt Clustering The Cluster Information page shows information about other wireless controllers in the network Peer wireless controllers within the same cluster exchange data about themselves their managed access points and their clients The wireless controller maintains a database with this data so you can view information about a peer such as its IP address and software version If the wireless controller loses contact with a peer all of the data for that peer is deleted One wireless controller in a cluster is elected as a Cluster Controller The Cluster Controller collects status and statistics from the other controllers in the cluster including information about the access point s peer controller and the clients associated to those access points Syren Saut R 4 Mana c Wirka fors lure Ominra o o Pri daps oe cubdars deiprrsalk honus iilum m Flos Weeden feet teri fis the etek Per eel Cumbia milhis qiu agr i Ins anie lacus datu abut Hama mar er nmaraqri aps ded cBach Phe Corirallas copied a datilars svik ihip dabe se sca nac vias infantiae dud g paar iade s tp IF die noni pel ee eee M e Coal nller beige Cee um TE a peer ali el te dala lor Vidt pepe h deleted Peer Controller Gf bother ite infa Peer CanrnMiar Trarur Lajhie Cad
33. Bama ajii VEH ee aa arii PIF ax PETI beter Wiari Lit E t Rie quern neum f ioe nanan a D Link DWC 1000 User Manual 257 Section 7 VPN L2TP VPN Server Path VPN L2TP VPN Server AL2TP VPN can be established through this switch Once enabled a L2TP server is available on the switch for LAN and WAN L2TP client users to access Once the L2TP server is enabled PPTP clients that are within the range of configured IP addresses of allowed clients can reach the controller s L2TP server Once authenticated by the L2TP server the tunnel endpoint L2TP clients have access to the network managed by the switch The range of IP addresses allocated to L2TP clients can coincide with the LAN subnet As well the L2TP server will default to local L2TP user authentication but can be configured to employ an external authentication server should one be configured To create a L2TP VPN server 1 Click VPN gt L2TP VPN gt Server 2 Complete the fields in the table below and click Save EE Evo raga m bruma Seg ee Cra iori es pra PY eee pO omes Pipa ee Stee PER ees Minox je ee us EQ eR LE peas La EEKE i Field Description D Link DWC 1000 User Manual 258 Section 7 VPN L2TP Active Users List A list of L2TP connections will be displayed on this page Right click the connection to connect and disconnect WP LIPE irie Dies o e Acier LEIP tunnels canrerti2as arm lied bere an LAM VPN
34. Both SSIDs are now associated with the BYOD SSID profile Tm gum donphugn sias Sie Let dir betes Oils wa erred aam pami i PS narii Ate Pebit Prol stp af By Bir Bicis Nes ga SET Uli gin or amp E beatin me Fera Ll LI a Fie P p e p Jmm e L Chained Ere Seer a eee ie a Iraia DL Traiani fara ae fum rn E Mamie TA The i fetai m Eaa amm i am t D o ians aar Tea ILE ie eimi To Hide beter s aa umm Lr ee me E see Po rud d pisie asd VAN cs mind Ba jit srianan manba saa Lam Das qais kd pulis ak d pia Led dete dc SAIS end ellwiL duis D Link DWC 1000 User Manual 59 Section 3 Basic Configuration 5 Create Captive Portal accounts on the local database a To create a user group go to Security gt Authentication gt User Database gt Groups tab b Click Add New Group Create a group called EMPLOYEE Next to User Type select Network and toggle Captive Portal User to On Enter an Idle Timeout value in minutes c Click Save fear pee EHU EP Uim d Create user accounts Go to Security gt Authentication gt User Database gt Users tab e Click Add New User to create user accounts Fill in the fields and select EMPLOYEE next to Select Group f Click Save Mera Plane Firat Puer Las hinm Fsakim Pasimars l hasgs mat onj m Famire D Link DWC 1000 User Manual 60 Section 3 Basic Configuration 6 C
35. Client RADIUS information in the configuration that the controller pushes to its peers D Enable this field to send and receive provisioning messages As a security feature you Controller Provisioning Mode can disable this option Select Enable to require mutual authentication on the wireless network When Disable is selected mutual authentication is not required Changing this parameter on one controller automatically updates the configuration Mutual Authentication Mode on all other controllers in the cluster and all managed APs in the cluster When this field is enabled switch provisioning must be enabled in order for new controllers to be added to the cluster If controller provisioning is disabled the cluster will not accept certificates from a new controller Unmanaged AP Enable to allow access points to accept provisioning information when not managed Reprovisioning Mode by a controller Synchronize Peer Group Path Wireless Peer Group Peer Status Synchronize the settings among the peer group 1 Click Wireless gt Peer Group gt Peer Status Peer Status List will appear 2 Click Start Sync for All Peers to synchronize the settings to all controllers or synchronize one of the peer group by right clicking Start Sync D Link DWC 1000 User Manual 112 Section 4 Advanced WLAN Configuration AP Firmware Download The Wireless Controller can upgrade software on the APs that it manages The Cluster Co
36. Contgure NT Doria SeEVOb ccena ou NE e n ema wc din Dust dates 225 Facebook Wi Fi naisessa 226 Web Content FIter iisdde nite tiri prteb i rin cr teec pes Dra oer spes rtp uin Si ree ra oboe e oa osa DER as bb ea isini 227 Static Me FECT INA uoce eara tese one ton Das rtv tastes Pob atas rd Ra qu Ee dicar ia ER eU 227 Approve URES use S RON ERROR GER RR On pn ap tua oda a ed edu Cdp de 228 Blocked Keywords uei iuter ete epicuri rte rescue csi vetet bestie seed opel dioss ee ue Doo RAN Gpa Up ed 229 PEW el esee pU eU EC em 230 Firewall iso E 230 SCHUM INN EE ENEN AAE 232 Blocked Gli Sici deo cite ont i noe Reni bnt mtu ntes edicola cu Eat ine ab od sema 234 CUSTOTmY SQM WIC BS eT uas td e RE E IER HR UR SOR ORA IRATUS Re ON QR e QNO Res de UR eaa 235 Dc Unctedcenesecbares 236 SITE age 2 E CL PRESE 237 Mail Filtering A ecd RR cond sandal IU ON oo SM AOE REE 238 VPN Passthrougli a uso enm orn b nita ine onse ire WR v o nC an rag pa prn re tsp tuse fd 239 Dynamic Port Forwarding senssni inene aou th tribus tam muda om eolit nnl a t tamcn on Staus 240 Applicatiot Rules oce REED RERO ERROR TNR Aa Ua opt se 240 Attack Checks ANDER TCR 242 iu E 243 IESGc VPN icio taste T E ME MEM VE 244 POUCHES NT T tncandienst 244 Uni ld E
37. D Link DWC 1000 User Manual 57 Section 3 Basic Configuration 3 Create two SSIDs dlink_corporate and dlink_byod and assign VLAN 2 and 3 on these two SSIDs respectively Enable MAC authentication on SSID dlink_corporate Go to Wireless gt Access Point gt SSID Profiles The SSID Profile List will appear Click Add New SSID Profile Create SSID dlink corporate and dlink byod Enable Captive Portal on both SSIDs and select the Captive Portal Type as Permanent User Select the Authentication Server The authentication server can be either local database or external authentication sever i e RADIUS an 0 9 e Assign VLAN2 and VLAN3 to dlink_corporate and dlink byod respectively f Enable MAC authentication on dlink corporate g Click Save tre cocum m o eae TUD Fratii Conf Iis es EJ ML D Link DWC 1000 User Manual 58 Section 3 Basic Configuration 4 Create an AP Profile BYOD Associate SSIDs on this profile a Go to Wireless gt Access Point gt AP Profile b Click Add New AP Profile Create a profile called BYOD c Click Save per p da meie Did Ibin ta apaia AP Frafris Sal d Bull Vader HI Ta ote ED Pipin w sj d Click the AP Profile SSID tab Next to AP Profile make sure BYOD is selected e In the SSID list right click the dlink_corporate row and select Enable f Right click the dlink_byod row and select Enable g
38. Details Profile Mion hgerisr Tie foc bg risd Page Rasbgreard im age Hrad eimin Warktgreaed meega Bas bg camel Pape eadmr Carien Dai tija Fian font Sire DIN deg ren pn Par Lagi Led Das dira Welcome Manage bea Seo Vider Pria Chenge Poem Tratant Face Cii pal Tai bes Fani Galen forfeited Paprat Corera bikir ajersal Pausmri abra ar Essia Titia Bea imide Piped ee eniigt hm dida 1 Eoch e Beg Parier beric Dacha Tact Primeri Serene inajn Esis i a4 k leana ical m ter Petal Lege Paim Leges Fasli Uen Fn Paced FER T ee Ca Tir I Wu dora vacans in cable D Link DWC 1000 User Manual 45 Section 3 Basic Configuration c Complete the fields in the table below and click Save The message Operation Succeeded will appear Field Description General Details Enter a name for this captive portal profile The name should allow you to differentiate this Profile Name captive profile from others you may set up Browser Title Enter the text that will appear in the title of the browser during the captive portal session Select whether the login page displayed during the captive portal session will Show an image or color Choices are Image displays an image as the background on the page Use the Page Background Image field to select a background image Color sets the background color on the page Select the color fro
39. Et a E iks Bim Sims jat nidan Description Enter a name identifier for the certificate This field will populate the CN Common Name entry of the generated certificate Subject names are usually defined in the following format CN lt device name gt OU lt department gt O lt organization gt L lt city gt ST lt state gt C lt country gt For example CN router1 OU my_company O mydept L SFO C US D Link DWC 1000 User Manual 253 Section 7 VPN Easy VPN Setup To upload an exported IPSec VPN policy 1 Click VPN IPSec VPN Easy VPN Setup 2 Click Browse and navigate to the policy file you want to upload Select it and click Open 3 Click Upload T r ajs H prlja ee rta geh tees cdi pela Steet Fm cies uan Hla VT pe ows asp tekapi Line Te dike UH Toss Fare brip Min Te Ea V Targ YPE Lesa krma b incon 4 Once uploaded go to VPN gt IPSec VPN gt Policies and the loaded VPN will be listed Right click it to edit or delete D Link DWC 1000 User Manual 254 Section 7 VPN PPTP VPN Server Path VPN PPTP VPN Server A PPTP VPN can be established through this switch Once enabled a PPTP server is available on the switch for LAN and WAN PPTP client users to access Once the PPTP server is enabled PPTP clients that are within the range of configured IP addresses of allowed clients can reach the controller s PPTP server Once authenticated by the PPTP ser
40. Field Description IP Address Setup IP Address LAN interface IP address of the wireless controller SubnetMask The factory default 255 255 255 0 DHCP Setup There are three DHCP modes to choose from None the controller s DHCP server is disabled for the LAN DHCP Server With this option the controller assigns an IP address within the specified range plus additional specified information to any LAN device that DHCP Mode requests DHCP served addresses DHCP Relay With this option enabled DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet Specify the Relay Gateway and when LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address Domain Name Enter a domain name If DHCP mode DHCP Server Starting IP Address Enter the first IP address in the range Any new DHCP client joining the LAN will be assigned an IP address between this address and the Ending IP Address If DHCP mode DHCP Server Enter the last IP address in the range of addresses to lease to LAN hosts Any new DHCP client joining the LAN will be assigned an IP address between the Starting IP Address and this IP address Default Gateway If DHCP mode DHCP Server Enter the default gateway Ending IP Address If DHCP mode DHCP Relay Enter the relay gateway address Default Route Enable Default Route Enable or disable ON
41. GVRP Path Network gt VLAN gt Advanced VLAN gt GVRP The GARP VLAN Registration Protocol GVRP provides a mechanism that allows network controllers to dynamically register and de register VLAN membership information with the networking devices attached the same segment and for that information to be disseminated across all networking controllers in the bridged LAN that support GMRP 1 Go to Network gt VLAN gt Advanced VLAN gt GVRP tab 2 Toggle Activate GVRP to ON and click Save D Link DWC 1000 User Manual 161 Section 5 Advanced Network Configuration Routing A static route tells network devices about an exact fixed hard coded destination Static routes can work well with small networks There are two kinds of static routing Static Route and Protocol Binding The Static Route uses IP address to determined where is the next hop whereas Protocol Binding use protocol Configuring your wireless controller for static routing allows data transfers between it and a routing device without needing to use dynamic routing protocols Configure IPv4 Static Routing Path Network Routing Static Routes To add a static route 1 Click Network gt Routing gt Static Routes smm epr cho mowepuws praa nrc minim mmm md mi ee ae Om dai echas mc s mei das Eod enis 2 Click Add New Static Route The Static Route Configuration page will appear kisin Hirsbs Loli o a ae 73 NUR IER
42. Ii bya C m ALT i etmir Teip EHEREIII HR F Badii ie Some Tsi MLL Ls BS 1l Er d Laie Pais ost a I EID LITE memi Tm DE malla iS Ay Ti Bs sd d iy he Hemd 21 ere D Link DWC 1000 User Manual 300 Section 8 Viewing Status and Statistics Field Description Ethernet MAC address of the detected access point This could be a physical MAC Address radio interface or VAP MAC The wireless name Service Set Identifier of the network which is broadcast in the detected beacon frame Physical Mode The 802 11 mode used on the access point Transmit channel of the access point Time since this access point was last detected in an RF scan Status entries for this page are collected at a point in time and eventually age out The age value for each entry shows how long ago the wireless controller recorded the entry Managed status of the access point The valid values are Managed Neighbor access point is managed by the wireless system Standalone Access point is managed in standalone mode and configured as a valid AP entry local or RADIUS Rogue Access point is classified as a threat by one of the threat detection algorithms Unknown Access point is detected in the network but is not classified as a threat by the threat detection algorithms De Authentication Attacks Path Status gt Wireless Information gt Access Point gt De Authentication Attacks The AP De Authentication Attack
43. LAN Settings In IPv6 mode the LAN DHCP server is disabled by default similar to IPv4 mode The DHCPv6 server will serve IPv6 addresses from configured address pools with the IPv6 Prefix Length assigned to the LAN The default IPv6 LAN address for the controller is fec0 1 You can change this 128 bit IPv6 address based on your network requirements The other field that defines the LAN settings for the controller is the prefix length The IPv6 network subnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is set by the prefix length field 1 Goto Network gt IPv6 gt LAN Settings gt IPv6 LAN Settings tab ities Bot LEAH betiege et Biri a eo ee the Poole Piatlesy jor PoaPli Gelegution amis Ada iliemeal Agaat pees Prelim Tiii Bags Hipmi aibi Ba Bed iio LL ids cialimen 55 rt bling i LD bili mile a wil ba kil ge elis Nul dalicst Web ad bunk drei in pees See n Li beja Beep Sete eint ofl deen ieee ed lo I ILIUM Eu ell sequam alt LAH Ezio L bee la te iade bcm Gielen ls Dep Pac acdsee Ds cqui tik HI IE LAR bet Cire Samia 2 Complete the fields in the table below and on the next page 3 Click Save Field Description LAN TCP IP Setup The Wireless Controller s LAN IPv6 address The IPv6 network subnet is identi
44. Limit nme Coptiow Farta Bihi piaia d eng nee Option Description If enabled the controller will log information related to wireless client logs in and log Captive Portal B Out via Captive Portal Wireless Logs If enabled the controller will log information relative to wireless activities Note To understand log messages it is very important to have accurate system time that has been set manually or from a NTP server D Link DWC 1000 User Manual 355 Section 10 Troubleshooting Current Logs Path Status gt System Information gt All Logs gt Current Logs The Display Logs window allows you to view configured log messages from the controller as they appear Each log will appear with a timestamp as determined by the controller s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are sent to the remote interface while being displayed here Click Refresh to refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen Click Send Logs to send all logs in the Display Logs screen to preconfigured e mail recipients Tiii pape dixglryi tee 2 njfcimd lug amnebinpsu of The costa is Leite Currenll Logs EE sim pa righe cick optional n fo dan sHits this D Link DWC 1000 User Manual 356 Section 10 Troubleshooting WLAN Logs Path Status gt System Information gt All Logs gt WLA
45. Option port can have a different DDNS service if required Once configured the controller will update DDNS services changes in the Option IP address so that features that are dependent on accessing the controller s WAN via FQDN will be directed to the correct IP address When you set up an account with a DDNS service the host and domain name username password and wildcard support will be provided by the account provider To configure DDNS 1 Click Network Internet Dynamic DNS 2 Clickthe tab on top to select which Option port you want to configure DDNS to 3 Next to Dynamic DNS Service Type select your DDNS service Lili i a i ir ide bee e o Dami UB ban lares ureu w Fal dirn asien us mas peg imde EP dee ie Ez wiled adig Greed heih maiz n CML pre chui d AR ie id ope ik p ere iui di Ure EE ore Le oe eda iid vies Sade ii 4 Enter the following information and click Save The information below is for DynDNS Other services will have similar fields Field Description UserName Enter your DDNS user name Enter the domain name Enter your DDNS password sums Displays the current comnectionstatus SSS D Link DWC 1000 User Manual 149 Section 5 Advanced Network Configuration VLANs A virtual Local Area Network VLAN is a logical segment in a switched network It allows independent logical networks to be created within a single physical network VLANs separate devices into different broad
46. Permanent User Temporary User or Authentication S rver Select the type of authentication server to authenticate captive portal for permanent temporary or billing users Select a captive portal from the drop down menu Click Create a Profile to create a Login Profile Name new profile SubnetMask Enter the subnet mask for the Multi VLAN subnet D Link DWC 1000 User Manual 151 Section 5 Advanced Network Configuration Editing VLANs Path Network gt VLAN gt VLAN Settings To edit a VLAN 1 Go to Network gt VLAN gt VLAN Settings 2 Under VLAN List right click the VLAN you want to edit and click Edit The following page will appear 3 Edit the fields in the table on the previous page and click Save Deleting VLANs Path Network gt VLAN gt VLAN Settings If you no longer need a VLAN you can delete it Note A precautionary message does not appear before you delete a VLAN Therefore be sure you do not need a VLAN before you delete it To delete a VLAN 1 Goto Network VLAN VLAN Settings 2 IntheVLAN List right click the VLAN you want to delete and click Delete Or right click on a VLAN and Click Select All then Delete to delete all VLANs The selected VLAN s will be deleted D Link DWC 1000 User Manual 152 Section 5 Advanced Network Configuration MultiVLAN Subnets Path Network gt VLAN gt VLAN Settings Each VLAN can be assigned a unique IP address and subnet mask for the vir
47. Port Source UDP Port or Destination UDP Address enter a defined port number Priority of the QoS rule The priority choices are e Highest Priority High Low Lowest Profile Type D Link DWC 1000 User Manual 181 Section 5 Advanced Network Configuration Configure Flow based Control Path Network gt QoS gt LAN QoS Policy gt Flow Control The Flow Based QoS Policy allows you to limit the Bandwidth for a particular service Changes here affect the traffic of a configured service that is egressed on the ports 1 Go to Network gt QoS gt LAN QoS Policy gt Flow Control tab br Piee daa Te ee eo 6 iso m patrola vumara hasp Bron djagi den hahi gi a eo ee Sar h tie lha pait ees ams miin jiga ik sl T mare upi ka dzia malilie in Lahin a a E E Eaa 2 Click Add New Flow based Control QoS ns bessa ELE LLL 4 3 Complete the fields in the table below and click Save Field Description Profile Name The name of the profile Select the type of service you want to use The choices are Any aim bgp bootp client bootp server cu seeme udp cu seeme tcp dns udp dns tcp finger ftp http https icmp icq imap2 imap3 irc news nfs nntp ping Service pop3 pptp rcmd rea audio rexec rlogin rtelnet rtsp tcp rtsp udp sftp smtp snmp tcp snmp udp snmp traps tcp snmp traps udp sql net ssh tcp ssh udp strmworks tacacs telnet tftp rip kie shttpd ipsec udp
48. RIP 2M sends data to multicast addresses Note If RIP 2B or RIP 2M is the selected version authentication between this controller and other controllers configured with the same RIP version is required MD5 authentication is used in a first second key exchange process The authentication key validity lifetimes are configurable to ensure that the routing information exchange is with current and supported controllers detected on the LAN Click Save to save your settings D Link DWC 1000 User Manual 166 Section 5 Advanced Network Configuration OSPF Path Network gt Routing gt OSPF OSPF is an interior gateway protocol that routes Internet Protocol IP packets solely within a single routing domain It gathers link state information from available controllers and constructs a topology map of the network OSPF version 2 is a routing protocol which described in RFC2328 OSPF Version 2 OSPF is IGP Interior Gateway Protocols OSPF is widely used in large networks such as ISP backbone and enterprise networks To configure OSPF 1 Click Network gt Routing gt OSPF eee Aa OT eo e diis dagh hass The Gibis dacsteriari aslgamd b Pen sepii biim d p Sih PE ba SOP uem pow Basura Cai et Lee AT rp deci oa record iz get meee con nd a irit L i L a kore Iram Laie nm LL TRT Cirera H c H he L WILD a 2 Right click the port you want to edit LAN Option1 Option2 and select Edit
49. Roem Hirtory eo Field Description AP MAC Address MAC address of the managed access point to which the client has pre authenticated Radio number to which the client is authenticated VAP MAC Address VAP MAC address to which the client roamed SSID SSID name used by the VAP Status A flag indicating whether the history entry represents a new authentication or a roam event Time Since Event Time since the history entry was added D Link DWC 1000 User Manual 309 Section 8 Viewing Status and Statistics Ad Hoc Clients Path Status gt Wireless Information gt Associated Clients gt Ad Hoc Clients An ad hoc client is a wireless client that gains access to the WLAN through a wireless client that is associated with an access point The ad hoc client does not communicate directly with the AP Ad hoc networks are a particular concern because they consume RF bandwidth and can present a security risk Vee oo Midd Bie Aiii luem oo i Bie Dni amp e UL TTEIITMETICHUCEESUTL Th i page ween burma iee of HOC chenin WLAN Associated Ad Hoc Clients List Thos 15 aiL miei E um eco be get re aal Fi ni curs mabir m tacos Shom D da Hd pete Field Description The Ethernet address of the client If the Detection Mode is Beacon then the MAC Address client is represented as an AP in the RF Scan database and the Neighbor AP List If the Detection Mode is Data Frame then the client information is in the
50. Routing Mode is enabled NAT is not performed on traffic between the LAN and Option interfaces Broadcast and multicast packets that arrive on the LAN interface are switched to the Option and vice versa if they do not get filtered by firewall or VPN policies To maintain the LAN and Option in the same broadcast domain select Transparent mode which allows bridging of traffic from LAN to WAN and vice versa except for controller terminated traffic and other management traffic Note NAT routing has a feature called NAT Hair pinning that allows internal network users on the LAN and DMZ to access internal servers e g an internal FTP server using their externally known domain name This is also referred to as NAT loopback since LAN generated traffic is redirected through the firewall to reach LAN servers by their external name 1 Click Network gt Internet gt Routing ee o bami o g This page misas suat is ems uper Aani oramg main bir RET Tlarsirai bssbag onal Pa mparari Tae ees chym razed mr paz shri merzine WAT h ma sepi eee ep brarien Far mart hitai Pea ee Hh anmi Skra digi dit tee eal aedi a rai BUS Pias irg Moe rey rg Guin reem i ese fassi bes 2 Complete the fields from the table below and click Save Field Description Routing Settings Select Transparent Sae o o Click to save and activate your settings D Link DWC 1000 User Manual 146 Section 5 Advanced Network Configuration
51. SSID Profiles The SSID Profile List page will appear b Under the SSID column select an SSID that will use the Captive Portal function by right clicking on it and clicking Edit c Select a Captive Portal Type from the drop down menu d Click Save Note Apply AP Profile from Wireless gt Access Point gt AP Profiles if the SSID have been associated with aused AP Profile to change the configuration 5 Generate guest accounts a Log in the Front Desk page by entering http lt ip_address gt frontdesk e g http 192 168 10 1 frontdesk Enter the username and password of a user you created in a Front Desk group b Select a billing profile Modify the usage if you want Click Generate DHA pagt ghee UlarPeitins phas Pies Dads papie pad pasri d iiri Nala ri File feats ar u Bn Biqrim m Lege Tw D Link DWC 1000 User Manual 53 Section 3 Basic Configuration c Print out the account information by clicking Print The information would send to the internet printer Only one user account can be created at a time Filling y gites en erac te o BF Jeet Astanan Ver cam Fromm d Majin thape Pim 6 Monitor user account status a Monitor temporary account status and extend account usage duration or volume Click View Account for reviewing generated temporary status owe m lr Earm he Dom Pen T D Link DWC 1000 User Manual 54 Section 3 Basic Configuration
52. Your Network 1 Click Security gt Authentication gt Billing Profile 2 Click Add New Billing Profile jammer Fonsi eia q Patar jargon o L LE 3 Complete the fields in the table below and click Save Field Description Profile Details Profile Name Enter a name for this profile Profile Description Enter a description for this profile Allow Multiple Login Checking this option will allow multiple users to use the same captive portal login credentials created for this profile to login simultaneously Allow Batch Generation on Checking this option enables front desk user to generate a batch of temporary captive Front Desk portal users at one click Session Idle Timeout Idle timeout for CP users generated for this profile Show Alert Message on Login Enter a value here in Hours Days MB GB to get an alert message when usage time Page while Rest of Usage traffic left reaches the desired limit By default if 0 is entered it implies no alert message Time Traffic Under is required D Link DWC 1000 User Manual 207 Section 6 Securing Your Network Field Description Basic Limit by Duration Valid iil and End Limitations on Duration basis There are 3 types of limiting user access by duration Start While Account Created Activate account when user is created Valid Begin Start While Account Login Activate account when user first login using his credentials Begin From Activate account
53. a background color The maximum size of the image is 100 kb Color show background color on the page Use the radio buttons to select an image Header Background f you set Background to Image upload the image file by clicking Add gt Browse Select an Image image click Open and then click the Upload button The maximum size of the image is 100 kb Meader Barkaround Choose the file you want to upload Upload aa das If you set Background to Color select the header color from the drop down menu Gaston Color If you choose Custom on Page Background Color you can choose particular color by filling in the HTML color code Header Caption Enter the text that appears in the header of the login page during the captive portal session Select the font for the header text Select the font size for the header text Font Color Select the font color for the header text D Link DWC 1000 User Manual 212 Section 6 Securing Your Network Field Description Login Details Enter the text that appears in the title of the login box when the user logs in to the captive Login Section Title a portal session This field is optional Welcome Message Enter the welcome message that appears when users log in to the captive session successfully This field is optional Enter the error message that appears when users fail to log in to the captive session Error Message successfully This field is optional Footer Details n Enables or disable
54. an Activity LED left and Link LED right Two Gigabit Ethernet ports labeled Option let you connect the wireless controller to a backbone requires DWC 1000 VPN LIC License Pack upgrade Each port has an Activity LED left and Link LED right The RJ 45 console cable lets you connect a PC to access the wireless controller s command line interface Rear Panel I Press and hold for 10 seconds to reset the switch back to the factory default settings Connect the supplied power cord to a power outlet or surge protector Press to turn the wireless controller on and off D Link DWC 1000 User Manual 18 Section 2 Installation Installation A DWC 1000 wireless controller system consists of one or more wireless controllers and a collection of DWL 2600AP DWL 3600AP DWL 6600AP DWL 8600AP and or DWL 8610AP access points that are organized into groups based on location or network access This section describes how to unpack and install the wireless controller system Unpacking Follow these steps to unpack the wireless controller and prepare it for operation 1 Open the shipping container and carefully remove the contents 2 Return all packing materials to the shipping container and save it 3 Confirm that all items listed on page 17 are included in the shipment Check each item for damage If any item is damaged or missing notify your authorized D Link representative Selecting a Location Selecting the proper lo
55. and AES encryption When the AP is in Managed mode remote access to the AP is disabled However you can enable Telnet access by enabling the Debug feature on the Managed AP List Settings page Support for the WDS managed AP feature within the Unified Wired and Wireless Access System includes the following The wireless system can contain up to 12 WDS managed AP groups Each WDS managed AP group can contain up to four APs An AP can be a member of only one WDS AP group Each satellite AP can have only one WDS link on the satellite APs This means that a satellite AP must be connected to a root AP A satellite AP cannot be connected to another satellite AP By default an AP is configured as a root AP For an AP to be attached to the Wireless System as a satellite AP configure the following settings on the AP while it is in stand alone mode Satellite AP mode This setting enables the satellite AP to discover and establish WDS link with the root AP By default the WDS Managed Mode is Root AP Password for WPA2 Personal authentication used to establish the WDS links Only the satellite APs need this configuration The root APs get the password from the controller when they become managed Static Channel The APs on each end of a WDS link must use the same radio and channel to communicate Configure the satellite AP to use a static channel For a root AP set the static channel when you add the AP to the Valid AP database on the con
56. and links in the WDS Group From this page you can also send a new password to group members m n Brien Benai Tain Wesley hieraii e WES Gaan ade WE nop AF Melee e Pu LIEGE SETS LIH it RF SIAE Won p inis pran wir iin Srarisrico Vs pags dupiays drbahnd iefarmatism abel The sardiguemd Lbs acd Dris is Har MUS deep WES AP SEALE Field Description PDS Unique number that identifies the WDS AP group Configured AP Count Number of APs configured in this WDS AP group Number of APs managed by the controller that are members of this WDS AP Connected AP Count Group This number is the sum of the Connected Root APs and Connected Satellite APs Number of Root APs currently being managed by the controller that are Saure AP Count members of this WDS AP Group er Number of Satellite APs currently being managed by the controller that are Destination AP Count members of this WDS AP Group MAC Address of the device elected as the Spanning Tree Root Bridge If Soupe Bidye AF MAE spanning tree is disabled this value is 00 00 00 00 00 00 The type of device elected as the Spanning Tree Root bridge e None STP is disabled Source Device Type Root AP e Satellite AP e External Device STP Root is not one of the APs Config WDS Link Count Number of configured bidirectional links in the WDS AP Group Number of WDS links detected in the system APs on both sides of the link Detect WDS LINKE count must detect each other in
57. annm 1m bhn roire ia biii m piid pe For LER Fas diab i are i a tsi i a thoes LER bash SHE seis did Pei f imna deri neni Fasli Linra Dune e EI EX Liisa Bike B unssEiiind Seibel EOT Pan beltead fe fle fen pga 2 Complete the fields from the table on the next page 3 Click Save D Link DWC 1000 User Manual 125 Section 5 Advanced Network Configuration Field Description Enable or disable the RADVD process here to allow stateless auto configuration of the Status IPv6 LAN network Two Advertise Modes e Unsolicited Multicast select to send router advertisements RA s to all interfaces Advertise Mode belonging to the multicast group e Unicast Only This option restricts advertisements to well known IPv6 addresses only RA are sent to the interface belonging to the known address only If Advertise Mode Unsolicited Multicast this sets the maximum advertise interval The advertise interval used when RADVD is enabled is a random value between Minimum Advertise Interval Router Advertisement Interval and Maximum Router Advertisement Interval The minimum router advertisement interval is 1 3 of this configured value and the default is 30 seconds The router advertisements RA S can be sent with one or both of these flags Managed and Other Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is selected the host uses administered stateful protocol for
58. as a threat D Link DWC 1000 User Manual 74 Section 4 Advanced WLAN Configuration Distributed Tunnel The Distributed Tunneling mode also known as AP AP tunneling mode is used to support L3 roaming for wireless clients without forwarding any data traffic to the wireless controller In the AP AP tunneling mode when a client first associates with an AP in the wireless system the AP forwards its data using the VLAN forwarding mode The AP to which the client initially associates is the Home AP The AP to which the client roams is the Association AP When a client roams to another AP in a different subnet the Association AP tunnels all traffic from the client to the Home AP using a CAPWAP L2 tunnel The Home AP injects the traffic received over the tunnel into the wired network If a client roams to another AP in the same subnet then the tunnel is not created and the new AP becomes the Home AP for the client Configure Distributed Tunnel Path Wireless gt General gt Distributed Tunnel 1 Click Wireless gt General gt Distributed Tunnel 2 Configure the following settings e Distributed Tunnel Clients Specify the maximum number of distributed tunneling clients that can roam away from the Home AP at the same time e Distributed Tunnel Idle Timeout Specify the number of seconds of no activity by the client before the tunnel to that client is terminated and the client is forced to change its IP address
59. b Select an account and right click View Details to view more information 7 Extend user account usage a Select an account and right click Extend Session Manually change the usage time traffic Note Make sure that Allow Front Desk to Modify Usage is turned on in the Captive Portal Billing Profile Configuration page b Click Save D Link DWC 1000 User Manual 55 Section 3 Basic Configuration Step 10 Configure a BYOD Environment The trend of Bring Your Own Device BYOD in the work place is a new challenge on network security and management Many corporations that allow employees to use their own devices at work expect to have better performance and productivity however on the downside corporations also are concerned with network security and information leakage by using private devices How to distinguish between corporate provided devices and private devices BYOD device is a major task for IT teams Use device MAC authentication to enforce client associating specific SSIDs based on the device which is corporate provided or private All connectivity from SSIDs required performing authentication before granted authority To configure a BYOD environment perform the following procedures o dnbermst Firewall hurhenbcabon d FENET zx 0 AM e 6 Q L3 wich L vec 000 Data Far d ab LALA Switch e e uu Ui Q Q bbo Pii Tp WAA iini ni L The authentication met
60. before the data frame is sent a retry counter is incremented and the random backoff value window is doubled Doubling will continue until the size of the random backoff value reaches the number defined in the Maximum Contention Window Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax D Link DWC 1000 User Manual 98 Section 4 Advanced WLAN Configuration Description The value specified here in the Maximum Contention Window is the upper limit in milliseconds for the doubling of the random backoff value This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached Once the Maximum Contention Window size is reached retries will continue until a maximum number of retries allowed is reached Valid values for the cwmax are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmax must be higher than the value for cwmin cwMan Maximum Contention Window AP EDCA Parameter Only The Max Burst Length applies only to traffic flowing from the access point to the client station This value specifies in milliseconds the Maximum Burst Length allowed for packet bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information The decreased overhead results in higher throughput and better performance Valid values for maximum burst length are 0 0
61. broadcast traffic The limit should be greater than 1 but less than 50 packets per second Any traffic that falls below this Rate Limit rate limit will always conform to and be transmitted to the appropriate destination The default and maximum rate limit setting is 50 packets per second This field is disabled if Rate Limiting is disabled Setting a rate limit burst determines how much traffic bursts can be before all traffic exceeds the rate limit This burst limit allows intermittent bursts of traffic on a network Rate Limit Burst above the set rate limit The default and maximum rate limit burst setting is 75 packets per second This field is disabled if Rate Limiting is disabled ee Shows the number of milliseconds to wait before terminating attempts to transmit the Transmit Lifetime it e MSDU after the initial transmission Receive Lifetime Shows the number of milliseconds to wait before terminating attempts to reassemble the MMPDU or MSDU after the initial reception of a fragmented MMPDU or MSDU When this option is selected the AP blocks communication between wireless clients It still allows data traffic between its wireless clients and wired devices on the network but Station Isolation not among wireless clients This feature is disabled by default e To enable Multicast and Broadcast Rate Limiting click ON e To disable Multicast and Broadcast Rate Disabled click OFF The 802 11n specification allows the use of a 40 MHz wide ch
62. changes the channel if the current channel is noisy Configure Channel Plan Path Wireless gt General gt Channel Algorithm To configure Channel Algorithm setting 1 Click Wireless gt General gt Channel Algorithm gt Channel Setting tab The Channel Setting page will appear Wvl Gee Mhel ilgili Themed giha 5 Ole foal Charms Plas 4 17 TIR Pian Higieny bramgh Uris page y rar zwerfigurm F frarcumisp peeled partae ers far dc sein chanel mo AF Channel Gr Settings Race He WOLII aia Chantel Plan aoe E kiani CECIEL F Pini Tips Hant Uraian gtd Abt E 7 H Lranasi Chasqe Thr erha d hia agad AP DH Casilla Thiai haii E oc 2 Each AP is dual band capable of operating in the 2 4GHz and 5GHz frequencies The 802 11a n and 802 11b g n modes use different channel plans Before you configure channel plan settings select the mode to configure Click either the 5GHz or 2 4GHz tab D Link DWC 1000 User Manual 67 Section 4 Advanced WLAN Configuration 3 Select Channel Plan Mode There are three type of modes Manual With the manual channel plan mode you control and initiate the calculation and assignment of the channel plan You must manually run the channel plan algorithm and apply the channel plan to the APs Interval In the interval channel plan mode the controller periodically calculates and applies the channel plan You can configure the interval to be
63. contains the following items One D Link DWC 1000 Wireless Controller One power cord e One RJ 45 to DB 9 console cable One 3 foot Ethernet Category 5 UTP straight through cable One Reference CD ROM containing product documentation in PDF format Two rack mounting brackets e Quick Installation Guide Required Tools and Information You will need the following additional items to install your wireless controller D Link DWL 2600AP DWL 3600AP DWL 6600AP DWL 8600AP and or DWL 8610AP access points e A computer with a supported web browser for configuration e Microsoft Internet Explorer 9 0 or higher Mozilla Firefox 23 or higher e Apple Safari 5 1 7 or higher Windows e Apple Safari 6 1 3 or higher iOS Google Chrome 26 or higher D Link DWC 1000 User Manual 17 Section 1 Product Overview 4 1 2 3 Front Panel D Link sens Power LED USB Ports LAN Ports 1 4 Option Ports 1 2 Console Port Reset Button Power Port On Off Switch A solid green light indicates a good connect to a power source This LED will be orange during boot up Two Universal Serial Bus USB 2 0 ports are provided for connecting USB flash drives hard drives and printers A solid LED indicates the USB device is attached This LED will blink during data transmission Four Gigabit Ethernet ports labeled 1 through 4 let you connect Ethernet devices such as computers switches and network storage NAS devices Each port has
64. database or the y external RADIUS server database so the access point has not been validated Authentication password configured in the access point did not match the Local Authorization password configured in the local database Access pointis in the Valid AP database but the access point Mode in the local Not Managed i database is not set to Managed RADIUS Authentication The password configured in the RADIUS client for the RADIUS server was rejected by the server RADIUS Challenged The RADIUS serveris configured to use the Challenge Response authentication mode which is incompatible with the access point RADIUS Unreachable The RADIUS server that the access point is configured to use is unreachable Invalid RADIUS Response The access point received a response packet from the RADIUS server that was not recognized or invalid The profile ID specified in the RADIUS database may not exist on the controller Invalid Profile ID This can also happen with the local database when the configuration has been received from a peer controller Profile Mismatch Hardware Type The access point hardware type specified in the access point Profile is not compatible with the actual access point hardware D Link DWC 1000 User Manual 299 Section 8 Viewing Status and Statistics Fields on the AP Authentication Failure Status Page Field Description Ethernet address of the AP If the MAC address of the access point is followed MAC Addres
65. determines the number of tries the controller will make to the POP3 server before giving up D Link DWC 1000 User Manual 220 Section 6 Securing Your Network Configure POP3 Trusted CA Path Security gt Authentication gt External Auth Server gt POP3 Trusted CA A CA file is used as part of the POP3 negotiation to verify the configured authentication server identity Each of the three configured servers can have a unique CA used for authentication 1 Go to Security gt Authentication gt External Auth Server gt POP3 Trusted CA tab maip s laimi Lene dab Serer OP Ine LA Tie gage ikasa ee Bar ui POPI DA Mus Pie Ca tikes Lish i erem Diss dice cm rcd Door suam opcs EEUU ee E ka N af E aE rbi 2 Add the CA file by click Add CA File Ca Fil Laias ard iom Ca Phi iners ii aeii 3 Click Choose File and browse to the CA file Once selected click Save D Link DWC 1000 User Manual 221 Section 6 Securing Your Network Configure LDAP Server Path Security gt Authentication gt External Auth Server gt LDAP Server The LDAP authentication method uses LDAP to exchange authentication credentials between the controller and external server The LDAP server maintains a large database of users in a directory structure so users with the same username but belonging to different groups can be authenticated since the user information is stored in a hierarchal manner Al
66. dewdnrg ras he ied be margqr Hc bys ronrichr irem Optia sida 2 Set HTTP and or HTTPS to On 3 Click Save D Link DWC 1000 User Manual If you select HTTPS you may enter a port 4443 is the default setting 324 Section 9 Maintenance Power Saving Settings Path Maintenance gt Administration gt Power Saving There are two options available to support power efficiency on the controller 1 Go to Maintenance gt Management gt Power Saving Tis pags kise wwe tn arable rds perm caving in rS rater kmra Saving Bp ih Disigi Wy Cob Lengm Ds iertios ex ET MCN MCCC 2 Toggle the feature you want to enable to ON and click Save Toggle By Link Status When enabled the total power to the controller is dependent on the number of connected ports The overall current draw when a single port is connected is less than when all of the available LAN ports have an active Ethernet connection By Cable Length Detection When enabled the controller will reduce the overall current supplied to the LAN port when a small cable length is connected to that port Longer cables have higher resistance than shorter cables and require more power to transmit packets over that distance This option will reduce the power to a LAN port if an Ethernet cable of less than 10 ft is detected as being connected to that port D Link DWC 1000 User Manual 325 Section 9 Maintenance Using SNMP Path Maintenance gt Managem
67. displayed This is for reference only If AP Mode Standalone the channel to be used for wireless communication is displayed This Expected Channel is for reference only Expected WDS If AP Mode Standalone the WDS Wireless Distributed System mode to be used if you intend Mode to use WDS This is for reference only Lc If AP Mode Standalone the security mode to be used is displayed This is for reference only Expected Wired If AP Mode Standalone select whether wired networking is going to be allowed This is for Network Mode reference only Authentication If AP Mode Managed turn on to require a password for authentication Profle If AP Mode Managed select a profile to apply for AP configuration Radio If AP Mode Managed this is Wireless radio mode that the access point is using is displayed The fields below appear after you have selected Managed AP Mode If AP Mode Managed this is operating channel for the radio Power O If AP Mode Managed this is percentage of power to use for the radio 4 Repeat steps 2 and 3 for each additional access point you want the wireless controller to manage D Link DWC 1000 User Manual 31 Section 3 Basic Configuration Step 4 Change the SSID and Set Up Security You can configure up to 50 separate networks on the wireless controller and apply them across multiple radio and virtual access point interfaces By default 16 networks are pre configur
68. ees im Me ris gm Boden pum 4 Click Add New MAC Authentication Fill in the client s MAC address and name and then click Save Bda dal DLL EL LULL mii Xm ims deem ma alrum 9 5 Click Wireless Access Point SSID Profiles 6 Select an SSID by right clicking on it and clicking Edit The following pop up page will appear Select Local and click Save shalt eeii Cot P gil eet o See PEE rm Fl Tar E fede TUE I m lye the bade uci me Lia D Link DWC 1000 User Manual 38 Section 3 Basic Configuration Step 6 Confirm Access Point Profile is Associated Use the following procedure to confirm that the access point profile is associated with the wireless controller Note Each time you change configuration settings perform this procedure to apply the changes to the access point 1 Go to Wireless gt Access Point gt AP Profile frim HS pegm mins deh ele Coes n debeis AP proflwi Tei das regha qup Fi Pa RP pele an pha Declan Wr nore Cic le iie Acces Puent Prolite List a HEA Side on record m gei rera pe tise D a P sd j urbe n id Taska T ia d add mb Zt Fee tiers feet E oa s rav 2 Under Access Point Profile List right click on the AP profile you want to update and click Apply 3 Wait 30 seconds and then click the refresh icon to verify that the profile is associated Your associated access point is configured and read
69. enabled the default route function If Enable Default Route ON enter the Gateway IP address DNS Server If Enable Default Route ON enter the DNS Server IP address Enable or disable SNAT Source Network Address Translation Enable SNAT if you SNAT have set up VLANs on your LAN network and it needs NAT to translate the source and origin address DNS Host Name Mapping fF HostName Entera DNS hostname IP Address Enter the IP address of the DNS host name LAN Proxy Enable or disable DNS proxy on this LAN When this feature is enabled the controller will act as a proxy for all DNS requests and communicate with the ISP s DNS servers as configured in the Option settings page All DHCP clients will receive the Primary Secondary DNS IP along with the IP where the DNS Proxy is running i e the box s LAN IP All DHCP clients will receive the Activate DNS Proxy DNS IP addresses of the ISP excluding the DNS Proxy IP address when it is disabled The feature is particularly useful in Auto Rollover mode For example if the DNS servers for each connection are different then a link failure may render the DNS servers inaccessible However when the DNS proxy is enabled then clients can make requests to the controller and in turn sends those requests to the DNS servers of the active connection D Link DWC 1000 User Manual 120 Section 5 Advanced Network Configuration IPv6 LAN Settings Path Network gt IPv6 gt LAN Settings gt IPv6
70. from every 6 to every 24 hours The interval period begins when you click Submit Fixed Time If you select the fixed time channel plan mode you specify the time for the channel plan and channel assignment In this mode the plan is applied once every 24 hours at the specified time 4 Channel Plan Interval If you select the Interval channel plan mode you can specify the frequency at which the channel plan calculation and assignment occurs The interval time is in hours and you can specify an interval that ranges between every 6 hours to every 24 hours 5 Channel Plan Fixed Time If you select the Fixed Time channel plan mode you can specify the time at which the channel plan calculation and assignment occurs The channel plan calculation will occur once every 24 hours at the time you specify 6 Ignore Unmanaged APs This function indicates whether the controller should pay attention only to APs managed by the cluster or all detected APs when deciding what channel select for the radio The setting is enabled by default 7 Channel Change Threshold Configure the detected neighbor signal strength that triggers the channel plan to re evaluate the current operation channel If the operating channel detects neighbor APs operating on the same channel with signal below this threshold then the AP does not try to select a new channel for the radio The default value for this threshold is 82dBm The range is 99dBm to 1dBm 8 Managed AP CH C
71. from this date now UN modry Enabling this option enables frontdesk user to modify duration limits Basic Limit by Usage Maximum Usage Time Maximum time user can stay logged in before their account expires Maximum traffic user can use before his account expires Only inbound traffic shall be Maximum Usage Traffic i considered towards bandwidth usage AOW eee moony Enabling this option enables frontdesk user to modify usage limits Ticket Pricing Options Footer Enable this option to set a value for ticket footer like service providername Unit Price Enable the option to set the price for this billing profile The price will be shown on the Captive Portal which is set the Captive Portal Type as Billing User Pie Enteraprice S Select the Monetary Unit from drop down menu The available options are from the Monetary Unit Currency setting on Payment Gateway Set Price D Link DWC 1000 User Manual 208 Section 6 Securing Your Network Payment Gateway Path Security gt Authentication gt Billing Profile gt Payment Gateway A payment gateway is an e commerce application service provider service that authorizes payment and money transfers to be made through the Internet Configure payment gateway settings to allow user online purchasing wireless service from Captive Portal 1 Click Security gt Authentication gt Billing Profile gt Payment Gateway tab 2 Click Add New Payment Gateway S
72. le dm od Shimii des c niuk Be grwian f dh Iur palier Tu kiba pus al Paha aes sisliernd 3a as eset die Shh WEM PAD Laynuut amp Lh Them ci al min rri ice um verd Es prt mer oper n ILYEN B Pte VUW homing Les T af omina Note You may right click a layout from the list and edit or delete a layout 3 Complete the fields from the table on the next page and click Save D Link DWC 1000 User Manual 262 Section 7 VPN Portal Lagsut Mime Lag Profle Hit Por tal bite Tola ancar fitis Bunter Mtkagm Cipla Dairy Benq g Login Page Canirnl i scemnerdedi VEH Tasa guage Part Forwarding Portal Leyout aad There Marar BTTP Meta Tapi far Cache ActieeX Web Cache Cleaner SL VPH Naara Pages io Display or ml Field PartaliavautiName Enter a name for this portal This name will be used as part of the path for the SSL y aa RN URL Only alphanumeric characters are allowed for this field Login ProfileView Profile View Peces Enter the portal web browser window title that appears when the client accesses this Portal Site Title f portal This field is optional The banner title that is displayed to SSLVPN clients prior to login This field is optional Enter a message you want to display Display Banner Message on Login Toggle to ON to display the banner title and message or OFF to hide the banner title Page and message Toggle to ON or OFF This security feature prev
73. logs every hour Daily send logs every day at the Time specified Weekly send logs weekly at the Day and Time specified If Unit is set to Weekly select the day when logs will be sent If Unit is set to Daily or Weekly select the time when logs will be sent D Link DWC 1000 User Manual 353 Section 10 Troubleshooting Syslog Server Configuration Path Maintenance gt Logs Settings gt Syslog Server An external Syslog server is often used by network administrator to collect and store logs from the wireless controller This remote device typically has less memory constraints than the local Event Viewer on the wireless controller s web management interface Therefore a number of logs can be collected over a sustained period This is useful for debugging network issues or to monitor controller traffic over a long duration The wireless controller supports 8 concurrent Syslog servers Each server can be configured to receive different log facility messages of varying severity using the Remote Logging page This page also lets you send configuration logs to three email recipients hasas o Le 3 Eb G eo Pus piga sipon via ee a wmm ben npning pared bbw og Bens Por Tha imum Tog pare Lal re iLag deer i EX m Ha A Syslog Server Configuration To enable a Syslog server click the ON OFF switch next to an empty Syslog server field and enter an IP address or FQDN in the Name field The selected facility and
74. non address auto configuration RA Flags Choose between Low Medium High for the preference associated with the RADVD Router Preference process of the controller This feature is useful if there are other RADVD enabled devices on the LAN The default is high MTU This is used in RA to ensure all nodes on the network use the same MTU value in the cases where the LAN MTU is not well known The default is 1500 Router Lifetime The lifetime in seconds of the route The default is 3600 seconds D Link DWC 1000 User Manual 126 Section 5 Advanced Network Configuration IPv6 Advertisement Prefixes Path Network gt IPv6 gt LAN Setting gt Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this controller to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the controller to determine neighbors and whether the host is on the same link as the controller 1 Go to Network gt IPv6 gt LAN Settings gt Advertisement Prefixes tab nte abre mama fe ogee lri geen w dih mPE bm ged siiip ee Qe lea dg her idiucd ammuzdz ee gee ee eee predire mtr m r assum du eim a brila Bree be petit tins leas md min raia 1 mei pete Booey pire Petes ts inm ere d De d imm rosis feat pps Hur rpi kg debre sipiin eed kg reer der py e a br mpap Bai g he regir hove livement Postings Lint Wem aimi NM ick en nei grim pinta
75. on page 336 e Using the Command Line Interface on page 338 e Log Settings on page 348 D Link DWC 1000 User Manual 320 Section 9 Maintenance System Settings Set System Name Path Maintenance gt Administration gt System Setting Enter a name for the system and click Save Set System Date and Time Path Maintenance gt Administration gt Date and Time You can configure your time zone whether or not to adjust for Daylight Savings Time and with which Network Time Protocol NTP server to synchronize the date and time You can choose to set Date and Time manually which will store the information on the controller s real time clock RTC If the controller has access to the internet the most accurate mechanism to set the controller time is to enable NTP server communication To configure the date and time following below steps 1 Select the controller s time zone relative to Greenwich Mean Time GMT 2 If supported for your region click to Enable Daylight Savings 3 Determine whether to use default or custom Network Time Protocol NTP servers If custom enter the server addresses or FODN D Link D Link DWC 1000 User Manual 321 Section 9 Maintenance Set Login Session Timeout Path Maintenance gt Administration gt Session Settings Enter the session timeout value for administrator and guest users and then click Save fee ieee en be LEGS Siew pope slim Pin sar hp
76. ona comin ieee colon bus meee ete aud peel rain Sabi het See mag peep ii T Tumis ama Set USB Share Ports Path Maintenance gt Administration gt USB Share Ports Enable USB port sharing on USB port 1 2 or both and click Save Dee pemi de Fas prie Ea ete m beeps i hiilet eoptnder b Bie due Up tabe Pirhi CAE ears Fari Leiam WE Pai i p L mm L IELI Lr mem elaire Frontin om Ei farri dem me C D Link DWC 1000 User Manual 322 Section 9 Maintenance Activating Licenses Path Maintenance gt Administration gt License Update The License Update page lets you activate licenses for additional access points on the wireless controller 1 Obtain an Activation Key from D Link a Find the wireless controller serial number on the bottom of the device b Obtain a license key from D Link after purchasing the license C Open a web browser and go to https register dlink com to register with D Link d If you do not have an account register for a new account e Log in with your username and password f Click License Key Activation on the D Link Global Registration Portal website g Follow the directions to receive an activation code 2 After obtaining the Activation Key go to Maintenance gt Administration gt License Update The License Update page will appear ee Bisson Biedri Lior Leiar o a Thh peg ibosi rhe fat of ga thalai remiss ed nma iae Re qued das asclieniiug
77. operation and performance of the wireless controller When improvements are available they are offered to customers as firmware upgrade releases After you install the wireless controller check that it has the latest firmware Thereafter check for firmware releases and install them as they become available 1 In the wireless controller web management interface click Maintenance gt Firmware gt Firmware Upgrade The Using System PC page will appear Bathe P re reran Upped Lhit Wyetem PLI Ce i iste im aS mm gm Eod ries Using ribe PCI foe iraso eee Virmrearq ecran WEH Haduon mrniua wa Rd De TEE TITS juu Lema reme md D Link DWC 1000 User Manual 336 Section 9 Maintenance To use a USB drive to update the firmware click the Using USB tab 2 If the firmware version on the D Link support website has a higher number than the firmware version shown under Firmware Information continue with this procedure 3 Download the new firmware from the D Link website 4 Under Firmware Upgrade click the Choose File button 5 In the Choose File dialog box navigate to the firmware file and then click the file and click Open If you want to upgrade using a file from a USB drive click the Using USB tab near the top of this page 6 Click Upgrade 7 Atthe confirmation message click OK to start the firmware upgrade A progress bar shows the progress of the upgrade Note The upgrade proc
78. option to specify the IP address and prefix length of a preferred DHCPv6 server is available as well 1 Goto Network IPv6 Option 1 Settings or Option 2 Settings 2 Select your connection type DHCPv6 PPPoE or Static and complete the fields from the next page 3 Click Save D Link DWC 1000 User Manual 138 Section 5 Advanced Network Configuration Field Description Connection Type Select the type of your IPv6 Internet connection DHCPv6 Static or PPPoE DHCPv6 Select one of the following e Stateless Address Auto Configuration this option will use router advertisement for address assignment DHCPv6 Auto Configuration The IPv6 RADVD protocol will be enabled to advertise this controller as a DHCPv6 client Stateful Address Auto Configuration select this option to request an IPv6 address from any available DHCPv6 servers available on the ISP Prefix Delegation Toggle to ON to request router advertisement prefix from any available DHCPv6 servers available from your g ISP the obtained prefix is updated to the advertised prefixes on the LAN side Static IPv6 Address Enter the static IPv6 address that your ISP assigned to you This address will identify the router to your ISP The IPv6 network subnet is identifed by the initial bits of the address called the prefix All hosts in the IPv6 Prefix Length network have the identical initial bits for their IPv6 address the number of common initial bits in the n
79. order for the link to be counted D Link DWC 1000 User Manual 315 Section 8 Viewing Status and Statistics Blocked WDS Link Count WDS Group Password Change Status Edit Password D Link DWC 1000 User Manual Number of WDS links blocked by the spanning tree protocol If the AP on one side of the link reports the link as blocking then the link is counted by this status parameter Status of the last attempt to configure the password for the WDS Group Not Started Success Invalid Password Requested Timed Out To change the password for all controllers and APs in this WDS Group select the Edit checkbox type the new password and then click Apply Password Password must be minimum of 8 characters and can be up to 63 characters in length 316 Section 8 Viewing Status and Statistics Viewing WDS AP Status Path Status gt Wireless Information gt WDS Groups Status gt WDS AP Status The WDS AP Group Status page displays summary information about the APs in a configured WDS group Sates Wieck infomation WOS Groups Satin WES AP Senn 2e 0 WO Groupt Status BOS Group AP Status i i d Di Lirk Stab WES Lind Satiric Thi page dipglayr summers ir ornatian about the Pr in configured WE Group WU AP Status Summary Te anten re righe ci options i Ehpad t D o D aniries TEL tent Field Description Use the drop down menu above the fields to select the group
80. page contains information about rogue APs that the Cluster Controller has attacked by using the de authentication attack feature The wireless controller can protect against rogue APs by sending de authentication messages to the rogue AP The de authentication attack feature must be globally enabled in order for the wireless system to do this function Make sure that no legitimate APs are classified as rogues before enabling the attack feature This feature is disabled by default The wireless system can conduct the de authentication attack against 16 APs at the same time The intent of this attack is to serve as a temporary measure until the rogue AP is located and disabled The de authentication attack is not effective for all rogue types and therefore is not used on every detected rogue The following rogues are not subjected to the attack If the detected rogue is spoofing the BSSID of the valid managed AP then the wireless system does not attempt to use the attack because that attack may deny service to a legitimate AP and provide another avenue for a hacker to attack the system The de authentication attack is not effective against Ad hoc networks because these networks do not use authentication The APs operating on channels outside of the country domain are not attacked because sending any traffic on illegal channels is against the law The wireless controller maintains a list of BSSIDs against which it is conducting a de authenticatio
81. password is AP Group n where n is the AP group ID D Link DWC 1000 User Manual 107 Section 4 Advanced WLAN Configuration Configure WDS Managed AP Path Wireless gt Access Point gt WDS Groups gt WDS Managed AP After you create a WDS Managed AP group use the WDS Managed AP Configuration page to view the APs that are members of the group add new members and change STP Priority values for existing members 1 Click Wireless gt Access Point gt WDS Groups gt WDS Managed AP tab GEE Viii Pape sinas poe ja cure Es APS ibaj ar ee a be dreap nid aim massbarj acd phasga LIF Peisiliy sete Pai mode eg ar AP pee Qreake Wi Mam kb qr oe crim Dmm WE Marge LP foe figersties page in vire Re Ah Mai acm eee of the prap ahil eee eee wd chase DIP Friccita water for adito mznbarn WIS Managed AP List EE deem Eih cliche cr racio germanis aciem er ala E aliki D Link DWC 1000 User Manual 108 Section 4 Advanced WLAN Configuration 2 Click Add New WDS Manage AP wen Macageid AP Conf lgeratkon e WD M asagqni sms id Tad BE MAE idest T 1 T 3 Complete the fields in the table below and click Save Field Description Spanning Tree Priority for this AP The STP priority is used only when spanning tree mode is enabled The STP priority determines which AP is selected as the root of the spanning tree and which AP has preference over another AP when multiple equ
82. peer wireless controller in the cluster that Peer Controller IP Address i received configuration information Configuration Controller IP Address Shows the IP Address of the controller that sent the configuration information Identifies which parts of the configuration the controller received from the Configuration peer controller Shows when the configuration was applied to the controller The time is Timestamp displayed as UTC time and therefore only useful if the administrator has configured each peer controller to use NTP D Link DWC 1000 User Manual 292 Section 8 Viewing Status and Statistics Viewing Access Point Information Global Status Path Status gt Wireless Information gt Access Point gt Global Status The AP Global Status page shows summary information about managed failed and rogue access points the wireless controller has discovered or detected Pha itemise aes Dhu Gabe Ras piga Heimi ele ded GRP bhrat The Cb elt and ab aF The siti aimee ete milh LU IR eed Wiininin Sales paras rali li imiaccbi oi ee Kg BPD IE pabagsi afd Fr m mitad alis jani di ealruluri APL Global Status Paru ifi inc apud E Description Total number of Managed APs in the database This value is always equal to Total APs the sum of Managed Access Points Connection Failed Access Points and Discovered Access Points Managed APs Number of APs in the managed AP database that are authenticated g configured and hav
83. point DWL 8600AP access point DWL 8610AP access point DWC 1000 wireless controller DWL 2600AP access point s DWL 3600AP access point s DWL 6600AP access point s DWL 8600AP access point s DWL 8610AP access point s Record MAC addresses for the wireless controller and all access points D Link DWC 1000 User Manual 365 Appendix B Factory Default Settings Appendix B Factory Default Settings Feature Description Default Setting 19216803 p al D Link DWC 1000 User Manual 366 Appendix C Glossary Appendix C Glossary Access Point A device that provides network access to wireless devices ARP Address Resolution Protocol Broadcast protocol for mapping IP addresses to MAC addresses CHAP Challenge Handshake Authentication Protocol Protocol for authenticating users to an ISP DDNS Dynamic DNS System for updating domain names in real time Allows a domain name to be assigned to a device with a dynamic IP address DHCP Dynamic Host Configuration Protocol Protocol for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them DNS Domain Name System A hierarchical distributed naming system for computers services or any resource connected to the Internet or a private network FQDN Fully qualified domain name Complete domain name including the host portion Example serverA companyA com FTP File Transfer Protocol Protocol for transf
84. range is 1 3965 GroupID O Identifies the group to configure Optional Enter or modify a name to associate with protocol group ID The name can Group Name be up to 16 characters Selects the interface s to add or remove from this group Protocol List Specify one or more protocols to associate with this group Double VLANs Path Network gt VLAN gt Advanced VLAN gt Double VLAN Double VLAN Tunneling allows the use of a second tag on network traffic The additional tag helps differentiate between customers in the Metropolitan Area Networks MAN while preserving individual customer s VLAN identification when they enter their own 802 1Q domain With the introduction of this second tag you do not need to divide the 4k VLAN ID space to send traffic on an Ethernet based MAN With Double VLAN Tunneling enabled every frame that is transmitted from an interface has a DVlan Tag attached while every packet that is received from an interface has a tag removed if one or more tags are present Use the Double VLAN Tunneling page to configure Double VLAN frame tagging on one or more ports 1 Go to Network gt VLAN gt Advanced VLAN gt Double VLAN tab BAC bruei TAA Evie BLAR Melee Based HAN bia data Priti irs Lida eee Fe i E 2 Click Add New Double VLAN 3 Select the Ether Type Dot1q VLAN or Custom Tag 4 Click Save D Link DWC 1000 User Manual 160 Section 5 Advanced Network Configuration
85. securing your network This chapter describes the following commonly used security features e Client Management on page 191 e Group Management on page 194 User Management on page 201 e Guest Account Usage Management on page 205 e External Authentication on page 216 e Blocked Clients on page 234 e WIDS on page 70 Note The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology D Link DWC 1000 User Manual 190 Section 6 Securing Your Network Client Management Using the MAC Authentication page you can view wireless clients in the MAC Authentication database The database contains wireless client MAC addresses and names The database is used to retrieve descriptive client names from the RADIUS server and implement MAC authentication The page also lets you add edit and delete clients Viewing Adding Wireless Known Clients Path Security gt Authentication gt User Database gt MAC Authentication To view wireless known clients 1 Go to Security gt Authentication gt User Database 2 Click on the MAC Authentication tab in the middle menu The MAC Authentication page will appear displaying a list of the wireless clients in the MAC Authentication database fevers dierent Lie Detainee MAL Alied Le a amp there Ds et esd chides iupinli im Hes Pad eed Duisbeis bad nalursci u 1s sid eim ee mi madin um Th Gea Chin em
86. severity level messages are sent to the configured and enabled Syslog server after you save the settings on this page To have the wireless controller send logs to a Syslog server check one or more boxes Switch You can check up to 8 Syslog servers and use them concurrently FQDN IP Address Enter the IP address or Internet Name of the Syslog server For each syslog server select a unique facility for logging Facility values are defined in RFC 3164 Choices are Facility All Kernel System Select the appropriate Syslog severity When a severity is selected all Syslogs with Syslog Severity severity equal to or greater than the chosen severity are logged on the configured Syslog Server D Link DWC 1000 User Manual 354 Section 10 Troubleshooting Event Log Path Maintenance gt Logs Settings gt Event Log The wireless controller s web management interface displays configured log messages from the Status menu When traffic through or to the wireless controller matches the settings in the Maintenance gt Log Settings gt Facility Logs page see Log Settings on page 348 or Maintenance gt Log Settings gt Routing Logs page see Tracking Traffic Routing Logs on page 350 the corresponding log message will appear in this window with a timestamp Gh tome pth Soa Wainierorce lap lectam ssi Lop Q ac Pie paga alles azar is can igarg the gevilaia ssent Loge on the ribar Event Legs Bas bids
87. that disassociate and are no longer connected to the system etd iwi ferme o lad iii ti eied iets ae Phe Debi ded bebe Vato prir ee mi me ee nbis rbuet Ped ih milii ded dide cem lene xd Pd La hb alee WLAN iiot isted feles Cbr d eis px a n Eg E om mami Lom mmm odes oe a 7 ies Biik ia k m HE aar Du mene Frei as ERG Did be Cis oe ted Bb H Bb elie m eC ad Lies LLL bh Dn 15a mire shee I D monit akpi pia EIS t TD ithe at exei 5a Ft rane Rt Tics mei Bat r 3 D thad Erika FR De irz lai Bd WO FI TO WE ain d e eia htta fn llai Ne r Du terres Bei dm edid roy 0m ld Hope a i i ma e Db ur Fields on the Detected Client Status Page are shown in the table below Field Description MAC Address Ethernet MAC address of the client Client Name Name of the client if available from the Known Client Database If the client is not in the database the field is blank Client status which can be one of the following values Authenticated wireless client is authenticated with the wireless system Detected wireless client is detected by the wireless system but is not a security threat Black Listed client with this MAC address is specifically denied access via MAC authentication Rogue client is classified as a threat by one of the threat detection algorithms Time since any event has been received for this client that updated the detected client database entry Time since this en
88. the network The MTU Size standard MTU value for Ethernet networks is usually 1500 Bytes and for PPPoE PPTP connections it is 1492 Bytes For all I2tp connections it is 1460 Bytes Custom MTU Size Enter a specific MTU size Port Speed The Ethernet port speed can be manually set or specified depending on you Option1 Option 2 requirements DNS Server Source MAC Address Source D Link DWC 1000 User Manual 136 Section 5 Advanced Network Configuration Option 2 DMZ Settings Path Network gt Internet gt Option 2 DMZ Setting The wireless controller allows an Option port to be configured as a secondary Ethernet port or dedicated Demilitarized Zone DMZ port A DMZ allows one IP address computer to be exposed to the Internet for activities such as Internet gaming and video conferencing If you want to set up the Option 2 port to connect to the Internet select Option next to Configurable Port and refer to the Option 1 Port Settings on the previous three pages Configuring DMZ settings is a 2 step process 1 Configure the wireless controller port to act as a DMZ and 2 Configure the DMZ settings for the port To configure a port to operate as a DMZ 1 Go to Network gt Internet gt Option 2 DMZ Setting 2 Next to Configurable Port select DMZ 3 Enter the IP address and the subnet mask of the computer device you want to configure DMZ to 4 Under DHCP for DMZ select either None DHCP Server and en
89. the number of steps a packet is allowed to propagate before being discarded Small values will limit the UPnP broadcast range A default of 4 is typical for networks with a few number of switches 6 Click Save Your entry will be displayed in the UPnP Port Map List To edit or delete right click an entry and select the action from the menu Repeat steps 3 6 to add multiple entries Tope nmm oiim Lu DEI Bape D Link DWC 1000 User Manual 132 Section 5 Advanced Network Configuration Configure Jumbo Frames Path Network gt LAN gt Jumbo Frame Jumbo frames are Ethernet frames with more than 1500 bytes of payload When this option is enabled the LAN devices can exchange information at Jumbo frames rate 1 Click Network gt LAN gt Jumbo Frame Bheri e LAN anbi Fiama Thig pape picat grer SE ete cee jambo iranyt and ta KIE Fus jonb Framas in tea rosier eee Promar paman 11 awallktUs bo ercbangqe taf llc conkalniag jamio Freer on Lad s Or Dreki ri jumbo Trame AcTsars Jambo Fanti EX MELLON dicssa 2 Toggle Activate Jumbo Frames to On and enter a MTU value 3 Click Save D Link DWC 1000 User Manual 133 Section 5 Advanced Network Configuration Internet Option 1 Settings Path Network gt Internet gt Option 1 Settings The wireless controller has two Option ports that can be used to establish a connection to the Internet or another network subnet By default Option is ena
90. the user Enter the last name of the user Select Group Select the group to which this user will belong Edit Password Toggle this option to enter the password to be used by this user to log in to the web management interface Enter Current Logged in Enter the current case sensitive login password For security each typed password Administrator Password character is masked with a dot Enter the new case sensitive login password For security each typed password character is masked with a dot Record the new password in Appendix A Confirm Password Enter the new password again New Password D Link DWC 1000 User Manual 203 Section 6 Securing Your Network Deleting Users Path Security gt Authentication gt User Database gt Users If you no longer a user you can delete the user Note A precautionary message does not appear before you delete a user Therefore be sure you do not need a user before you delete it To delete a user 1 Click Security gt Authentication gt User Database gt Users tab The Users List page will appear 2 Right click on the user you want to delete and click Delete To delete all users click Select All and then Delete D Link DWC 1000 User Manual 204 Section 6 Securing Your Network Guest Account Usage Management Guest account is generated by the wireless controller Set the relative billing profiles to control guest internet usage The billing profile settings includ
91. through 999 General Parameters Wi Fi MultiMedia WMM is enabled by default With WMM enabled QoS prioritization and coordination of wireless medium access is on With WMM enabled QoS settings on the D Link controller control downstream traffic flowing from the access point to client station AP EDCA parameters and the upstream traffic flowing from the station to the access point station EDCA parameters Disabling WMM deactivates QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point With WMM disabled you can still set some parameters on the downstream traffic flowing from the access point to the client station AP EDCA parameters To disable WMM extensions switch OFF To enable WMM extensions switch ON Station EDCA Parameters Queues are defined for different types of data transmitted from station to AP Data 0 Voice Highest priority queue minimum delay Time sensitive data such as VoIP and streaming media are automatically sent to this queue Data 1 Video Highest priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 best effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue e Data 3 Background Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for example The Ar
92. to 54 Mbps to the 802 11b PHY It uses orthogonal frequency division multiplexing OFDM It supports data rates ranging from 1 to 54 Mbps IEEE 802 11a n operates in the 5 GHz ISM band and includes support for both 802 11a and 802 11n devices IEEE 802 11n is an extension ofthe 802 11 standard that includes multiple input multiple output MIMO technology IEEE 802 11n supports data ranges of up to 248 Mbps and nearly twice the indoor range of 802 11 b 802 119 and 802 11a IEEE 802 11b g n operates in the 2 4 GHz ISM band and includes support for 802 11b 802 119 and 802 11n devices 5 GHz IEEE 802 11n is the recommended mode for networks with 802 11n devices that operate in the 5 GHz frequency that do not need to support 802 11a or 802 11b g devices IEEE 802 11n can achieve a higher throughput when it does not need to be compatible with legacy devices 802 11b g or 802 113 2 4 GHz IEEE 802 11n is the recommended mode for networks with 802 11n devices that operate in the 2 4 GHz frequency that do not need to support 802 11a or 802 11b g devices IEEE 802 1 1n can achieve a higher throughput when it does not need to be compatible with legacy devices 802 11b g or 802 112 IEEE 802 11n ac operates in 5GHz ISM band and includes support both 11n and 11ac devices D Link DWC 1000 User Manual 92 Section 4 Advanced WLAN Configuration DTIM Period Beacon Interval Automatic Channel Automatic Power Initial Power APSD Mod
93. typical controller each physical port consists of one or more queues for transmitting packets on the attached network Multiple queues per port are often provided to give preference to certain packets over others based on user defined criteria When a packet is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port If a delay is necessary packets get held in the queue until the scheduler authorizes the queue for transmission As queues become full packets have no place to be held for transmission and get dropped by the controller QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS capable The presence of at least one node which is not QoS capable creates a deficiency in the network path and the performance of the entire packet flow is compromised QoS Priority Configuring QoS Priority settings is a 3 step process 1 Enable QoS mode next page and 2 Define the Trust Mode on each port refer to Defining DSCP and CoS on each port on page 177 3 Define the DHCP or COS settings refer to Configuring DSCP Priority on page 179 or Configurin
94. unten Nen ix te tm Scb ur oie N sepe eH Eee Mean apa nne 88 Conhgure AP PIODIG oeste tori coe A EE EO NR ORTU Gee OR Re cnet uut mad RA cena d 88 Configure AP Pronme Radio ssuei u eie atOU De SCHON GU IRI RI oie atum audes 90 Configure AP Profile SSID issici retraso pcenis esc pn La RA HR gei pU Rer pi Rc proper Rad 96 Configure AP Prone QOS 5 sinite trou a Eutr eR E D ted e ey Ea 97 SSID Profile S mocnina INN RSEN RENE ERA Haba RN SNC A e dE MP E eee EE 101 Configure SSID Profiles usse un timc seii pesci cd c np e ERE RUD 101 Wireless Distribution System WES cni ee rere rale tenen te Pat Rin RET pP et RRE d dpuP UE 105 Configure WDS Managed AP saison ete Up CAU Ga EORNM IER OUSSTNTRNU EBEN MOT HORIS 107 Configure WDS Managed AP retro titotrtesetses tetti rtt tp e EpL RUE HIE POE EDU Perk r pie cocti pro ed t 108 Gonigure WIOS PAPE casa enin pese E E Recent eder ipu else tt obe nee e 110 ast iiel enm C HU 111 Configure Peer GrOUD suausexiestiaier giis mca spin reci t Rp Qr a OP RARE EH PH sp 111 Suyhchronize Peer GRO UI usos hs eit onsite fon mid n cicuta nde eminent Dee ed 112 AP Fitenwale DOoWHLOadl oc eR va RUNI ANO OB aet NNa eact MU CL MM EID das 113 AP Fita e SUE Ss ea atm palco niet adresse i D saute Preterea Tebuis pdt p a ii 115 D Link DWC 1000 User Manual Advanced Network Configuration scssssssscssssssssccssssssccsssssscsccssssscscsssssscsccssssscscssssssc
95. when configuring firewall rules This is because a port triggering rule does not have to reference a specific LAN IP or IP range As well ports are not left open when not in use thereby providing a level of security that port forwarding does not offer Note Port triggering is not appropriate for servers on the LAN since there i s a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receive data on a specific port or range of ports in order to function properly The controller must send all incoming data for that application only on the required port or range of ports The controller has a list of common applications and games with corresponding outbound and inbound ports to open You can also specify a port triggering rule by defining the type of traffic TCP or UDP and the range of incoming and outgoing ports to open when enabled 1 Click Security gt Firewall gt Dynamic Port Forwarding gt Application Rules tab aa mi Magi veg um teed Le gd mara oye ITI LLLI 2 Right clickan entry and select either Edit or Delete To add a new schedule click Add New Application Rule D Link DWC 1000 User Manual 240 Section 8 Security 3 Complete the fields from the table below and click Save Aeelication Rules Centheuretion e Appilec h Fulna Home Laas wen Pog dorcel co Lue la T l as i
96. you to manage your wireless network from a central point implement security and QoS features centrally configure a guest access captive portal and support Voice over Wi Fi Scalable Architecture with Stacking and Redundancy Supports for 6 access points on a single wireless controller with no additional license e Purchased license packs DWC 1000 AP6 LIC in increments of 6 access points which allows for support of up to 24 access points on a single wireless controller Up to 1 024 access point in a clustering group network e Maximum of 4 wireless controllers allows for up to 96 access points in a single network e Supports IEEE 802 112 802 11b 802 119 802 11n and 802 11ac protocols Centralized Management and Configuration e Auto discovery of access points in L2 and L3 domains e Single point of management for the entire wireless network e Simplified profile based configuration DHCP server for dynamic IP address provisioning Configurable management VLAN e Real time monitoring of access points and associated client stations e System alarms and statistics reports on managed access points for managing controlling and optimizing network performance Security e Identity based security authentication with an external RADIUS server or an internal authentication server Rogue access point detection classification and mitigation e Guest access and captive portal access e Purchasable license pack DWC 1000 VPN
97. 000 User Manual 178 Section 5 Advanced Network Configuration Configuring DSCP Priority Path Network gt QoS gt LAN QoS Priority gt IP DSCP Settings If you selected DSCP for your QoS configuration use the following procedure to configure and assign priority to the DSCP fields in IP packets 1 Goto Network gt QoS gt LAN QoS Priority gt IP DSCP Settings tab Thi page dr en vr mag becaria ras OE sman ba ha parar eed Fir ares priarrt ierra miiir goscndam rarueqi ee Li ete Tie ima tee ples oes ee ime Madiqn uigesiiriel vus ja ieee bem IFXB iar he nne OS Sua Be ee re a IT TT TETTTETT ELE DI mado bm 2 In the IP DSCP List select a DSCP by right clicking it and clicking Edit RD MS kasd ial 3 From the Queue drop down list select one of the following priorities Highest Medium Low Lowest 4 Repeat step 2 for each additional DSCP field you want to prioritize 5 When you finish click Save D Link DWC 1000 User Manual 179 Section 5 Advanced Network Configuration QoS Policy The QoS Policy allows you to configure the priority of the traffic based on the matching criteria on the LAN Changes here affect the traffic that is egressed on the ports Note that a change to the priority can affect the priority of the egress traffic Configure Policy Based QoS Path Network gt QoS gt LAN QoS Policy gt Policy Based QoS 1 Go to Network gt
98. 02 11b g When protection is enabled in this mode it protects 802 11b clients and APs from 802 11g transmissions Protection D Link DWC 1000 User Manual 94 Section 4 Advanced WLAN Configuration Description The guard interval is the dead time in nanoseconds between OFDM symbols The guard interval prevents Inter Symbol and Inter Carrier Interference ISI ICI The 802 11n mode allows fora reduction in this guard interval from the a and g definition of 800 nanoseconds to 400 nanoseconds Reducing the guard interval can yield a 1096 improvement in data Short Guard Interval throughput Select one of the following options ON The AP transmits data using a 400 ns guard Interval when communicating with clients that also support the 400 ns guard interval OFF The AP transmits data using an 800 ns guard interval Space Time Block Coding STBC is an 802 11n technique intended to improve the reliability of data transmissions The data stream is transmitted on multiple antennas so the receiving system has a better chance of detecting at least one of the data streams Select one of the following options ON The AP transmits the same data stream on multiple antennas at the same time OFF The AP does not transmits the same data on multiple antennas Radio Resource Measurement RRM mode requires the Wireless System to send Radio Resource additional information in beacons probe responses and association responses Enable or Mana
99. 10 Troubleshooting IPSec VPN Logs Path Status gt System Information gt All Logs gt IPSec VPN Logs The Display Logs window allows you to view configured IPSec VPN log messages from the controller as they appear Each log will appear with a timestamp as determined by the controller s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are sent to the remote interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen Mu usada Ae La oo Curent Loge LAM Lag reat Lagi Thi page Sigel um asp lamad leq mmcu mac npm Dio stp Pur Pen prahti Carrea amp Wor VER Logs Ee n eiiim ear dia scm E Gc Mis Lalor i im eia D Link DWC 1000 User Manual 359 Section 10 Troubleshooting SSLVPN Logs Path Status gt System Information gt All Logs gt SSL VPN Logs The Display Logs window allows you to view configured SSL VPN log messages from the controller as they appear Each log will appear with a timestamp as determined by the controller s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are sent to the remote interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Lo
100. 3 Complete the fields in the table below and click Save Field Description Enter a name for this SLA profile The name should allow you to differentiate this SLA SLA Profile Name from others you may set up Browser Title Enter the text that will appear in the title of the browser during the captive portal session Shows the set of rules on Captive Portal which is set for temporary and SLA type users Term of Service Rule e The user needs to accept before accessing internet D Link DWC 1000 User Manual 214 Section 6 Securing Your Network Upload a Custom Profile Path Security gt Authentication gt Login Profiles gt Custom CP Profile 1 Go to Security gt Authentication gt Login Profiles gt Custom CP Profiles tab 2 Click Browse and select a saved profile Click Save Cuxtam CP Profile piped Curran CP Pre fle Brows Combe CO file ee ed Cates Prale LA fia Game rmi D Link DWC 1000 User Manual 215 Section 6 Securing Your Network External Authentication The local user database present in the controller itself is typically used for granting management access for the GUI or CLI External authentication servers are typically more secure and can be used for allowing wireless AP connections authenticating IPSec endpoints and even allowing access via a Captive Portal on the VLAN This section describes the available authentication servers on the controller and also the configuration requirement
101. 345 Capturing LOG Packets rede eR RN AROUND RA UU RUN E TOR GARD ORC UR UR RERO ale 346 Conducting a System Check tir tteipadrt total tiv vereri tetris tob tct eloe bie asa pos can f sce pedes 347 BOGE SIN Gy Ro RA 348 Defirittig What to LOG a os Rd a Russ RA Ue 348 Tracking Tratfic Routing Logis metier rec Ve tH REEF Ur HR REVO po USE S Pre VERDI IH HORS 350 SV SUSIE LOG OUING RERO MR cM rr EES 351 Remote Logging P crc TRU NR 352 Syslog Server Configurations ice ris tri reeedpaders erint sara toe lese Tbeb rie SEM ri PERO RU eIs Dabit pou fuae pad anad ec 354 Iz Vs ond Boro NENNT RR RETE NE 355 EI d Bero ee tcI M 356 WLAN LOG BRANI MONROE NONE ETERNI a CUR NORUNT MNSRUNONEUNUR NONE TIU UNUIN NENNT NONIUS 357 Fireviall LOGOS cs rae deponens ma RSV re suman cbse vat PUDE CRAT TATE SE 358 IPSec VPN Nos de 359 SSEVPN St RR I RI RE 360 11 0 ni fora mm P cS 361 captive Portal EOGgS 5 unos E AE uaa dU E uL aa 362 Appendix A Basic Planning Worksheet ceres eee eee e e eee ee eene ette eset en eset en ese tena s e tenes et ens see ens se eoo 363 Appendix B Factory Default Settings eere rece eee esee eee eee ee esee en eset en aset en eset ens se tens see ens see ens seno 366 Appendix C GIOSSalV 4 25 n ERE E IE eo ei Igor ic i esu EIE ebat acp olio iso Ee PPOT Pesce eee e Ec EDI Ee EE eU PIGUP E NEUE 367 D Link DWC 1000 User Manual 13 Section 1 Product O
102. Add New Resource To add a new resource 1 Click VPN SSL VPN Resources 2 Click Add New Resource WE Eu VERE o Bassus od SSR CL RC hi hriby rinrin wbt iE Thes aniisi iiri Mem wim rimbag oes pilis ms matipi pasia Db Wd a ui ormaim UL wma im aimata na ra Hesi dta ther Lgl in Fa ens Ferial aui ban cha Per Teracrdicg Heraa Ta hea Ba epasha wor t be Fish hh deiH Te imf tnb eH beei pe i eripe ord bem Pea ah Pel ee orae rs Em eh jen of Ure CLP pacc atten nde beri oeme E pir ee Pe es ee simh L TFH ioetcennes in mas s oo Tb weh T nn ror apnd omar eget pai mou 2 lee Fis Dt Poe Pan Foncaring Lint ter Coafl igered Applscationg Bi Bate ota dn Ln Bi ieir poirie R Lal 3 Complete the fields from the table on the next page and click Save D Link DWC 1000 User Manual 264 Section 7 VPN SSL FPM Renourcers Segurce Nome hervir vp Tusas Port Pores ding ak Rescurer Dhjet Lonfigaratian PEAP Object Typs iF uicaus x Objet Addved Part Rarmge Port Numbei i agiu ind Field Description D Link DWC 1000 User Manual 265 Section 7 VPN Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the switch is detected and re routed based on configured port forwarding rules Internal host servers o
103. Client WIDS Settings ccsccssssssssssscssssscssssssssssncsssssscssssnsssessncessesscsussusssessuseacesscsucsuscsecauceacessesscsnseaeeaes 73 Distributed Tunnelen tart qae etes ed codi tet aunt Dub cu ence t ms Metu 75 Configure Distributed Turinel aeria t OR In iR een aan t Re OR EO KL nas REARR vec reis 75 WLAN VistlaliZakiOTi uu aciertos rebos ral testo au ire uon De bres oss eani A det ub orari siai pute 76 Upl ad I Rrie NR TUR 76 Daleting Iiriddes uc E ORNARE EROR REA GR ste i RR RO M RA UR 76 E ET a iei NR TERM 77 AP Discovery Mete ecd oett ae ntes osten caule nerd tu mere e R d Eme a Red 78 E27 VEATNDISCOVGEV acria aceite E E coeie A on pause cu aocie aie Na EE 78 Configure L2 VLAN DISCOV ETH reir an tributo in ruere tpr faepe cn etos EI te Ug ug 79 MLB ADESCOVENY e 80 Configure L3 IP DISCOVOLy anat asasena ien Rb eE AE REOR SaR DR ERR ia RR DR 80 Managed PS sober Ap T Ud RARE perds NSN fu c ten rtg ce 81 Add aWalid Apad nasus ad acacia E Dd amd E E E E Er Rufus md EE 81 Adda AP from Discovered AP LSU eire eiece nece etcetera iE cse i iiis 83 Manual Change Channel and Power of Managed AP csssssssssssssssesssssessnssssssssscsssssessnssaccssssscessesssncencensess 84 Gontgure AP Debug ModE crasieotcir nne ve RS SERRE TRU ARR AA DARET RUNE A 85 GornfoureJP Provision Hr C RR RO URP RU RES RU Oa OE ea RR Ra c CC ORTUS 86 AP Profle S alas drea ii ttn stricte ndis casey ario
104. D Link DWC 1000 User Manual figuration Description WLAN Global Setup Displays the current IP address of the wireless controller In order to support larger networks you can configure wireless controllers as peers with up to eight controllers in a cluster peer group Peer controllers share some information about APs and allow L3 roaming among them Peers are grouped according to the group ID This value determines how long to keep an entry in the Associated Client Status list after a client has disassociated Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted This value determines how long to keep an entry in the Ad Hoc Client Status list Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted This value determines how long to keep an entry in the Ad Failure Client Status list Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted Select either White list or Black list This value determines how long to keep an entry in the RF Scan Status list Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted This value determines how long to keep an entry in the Detected Client Status list Each entry in the statu
105. E Ea emere t Ro Herne d 184 Queue Management secius enn roce e beoe dro rte cae pete peace co Raub edente cp Si eic Donne cd 185 Setup CoS and DSCP MarkiHhg ouest trienrrseiites rtesgeik ert steigen i prever ipo p pi tvi plait 186 Option DoS Tratic sable eco iesmote lone ratibus tiam edet ny Mn pnt Me a aer tuae ee een 187 Securing Your NetWork or E e Eie EXE DR eT RE VENE NN EINER VERRE FP eENN VN NM EQU S RRMEPENN E VES INN E issis 190 Client Mariagermierit sies eset eni De eed reti ertieceiyntisel ce pu ra e nep b D pcd p pid p dra pp 191 Viewing Adding Wireless Known Clients eese eese renn entente ntnnttnn totes ttes stata tattoos 191 Editing Deleting Gllients 5 ne OU RN INNO IN n UO dU e I NE 193 Group ManagerielTE une dosi uere cedex rin tries me qu cused a esa rat cri Bep iSS dius ee P INPS e cen QU te mE CE EUIS 194 Adding User GFOUPDS uias ec dr e Dor DR nga MOD TOS RE E AAA ue bag aoa nci pda e 194 Editing User GLOW S d aaO OT ae DNE E teen eR rere 196 Deleting User GEOUDS a cpexattevadidre irit iri reir v nel ei race v e n e PUDOR Ud pH pU pA Hp 197 Configuring Login Policies ib PRO ERR QE UR UR ORDEN EE eR NO a idi 198 Configuring Browser PolItiBs ci AUREAM RREERNORI NO UAE NAR td qus 199 ConfigurmngP Politles usecuusoaimera runtime ipie dip A p GER rnnr oi ress S SESE REVOCARI RE 200 User Managementin asistir a Kini Deb eeu euet eng erste pedes HU dep Uo earair raia 201 Adding Users Manually siot t ope etn ONOU
106. EM E 4 n amp NI ac IM par seam mesa nope mami spun 2 Switch L2 VLAN Discovery to ON and click Save 3 Click Add New VLAN to Poll Enter a VLAN number rmecresred Viane Kant atium Tis 4 Click Save D Link DWC 1000 User Manual 79 Section 4 Advanced WLAN Configuration L3 IP Discovery You can configure up to 256 IP addresses in the wireless controller for potential peer controllers and APs The wireless controller sends association invitations to all IP addresses in this list If the device accepts the invitation and is successfully validated by the controller the controller and the AP or peer wireless controller are associated This discovery method mechanism is useful for peer wireless controller discovery and AP discovery when the devices are in different IP subnets In fact for a wireless controller to recognize a peer that is not on the same subnet you must configure the IP addresses of each controller in the peer s L3 discovery list Configure L3 IP Discovery Path Wireless Access Point AP Poll List 1 Click Wireless gt Access Point gt AP Poll List gt IP Discovery tab 2 Switch L3 IP Discovery to On and click Save 3 Click Add New IP Addresses to Poll Enter the IP range LLIDUCIPLSIASIPLLTT io TI 4 ClickSave 5 Navigate to Wireless gt Access Point gt Discovered AP List Check the discovered AP via L3 IP discov
107. Global Group or User s E ae MEN Mu the drop down menu If you selected User Enter a port range or leave blankto include all TCP and UDP ports These fields are not Begin End available when selecting Network Resource If you selected Network Resource select the resource for the Defined Resource drop Defined Resources down menu If you have not created a resource refer to Resources on page 264 to create a defined resource A Select either VPN Tunnel Port Forwarding or All This field is not available when Service selecting Network Resource D Link DWC 1000 User Manual Section 7 VPN Portal Layouts Path VPN SSL VPN Portal Layouts You may create a custom page for remote VPN users that is viewed during authentication You may include login instructions services and other details Note that the default portal LAN IP address is https 192 168 10 1 scgi bin userPortal portal This is the same page that opens when the User Portal link is clicked on the SSL VPN menu of the controller web UI To create a new portal layout 1 Click VPN gt SSL VPN gt Portal Layouts 2 Click Add New SSL VPN Portal Layout WEM s SV Penis Las eo Teer Cable Baby Die phl peril brawl ian parrd for Deis invidit sd dires peal amp perulintz sr the mitia epee Tha rea almi zia is ieee rombasm papa lur iem Lil FE gidri Tha iu pidiaalid epee eS ala dum apii RR iara mpiakin ere mi dm atat viiga Boke FAY mim ipa
108. Google Chrome 26 or higher Before you perform the following procedure Configure your PC running the web browser to use an IP address on the 192 168 10 x network with a subnet mask of 255 255 255 0 Configure your web browser to accept cookies prompt for pop ups and allow sites to run JavaScript Upgrade the firmware for your wireless controller see Upgrading Firmware on page 20 Upgrade the firmware for your access points after you upgrade the wireless controller firmware refer to the documentation for your access points To log in to the web management interface 1 Launch a web browser on the PC 2 In the address field of your web browser type the IP address for the wireless controller web management interface The default IP address is http 192 168 10 1 A login prompt will appear If the login prompt does not appear see Web Management Interface on page 340 3 If you are logging in for the first time the default user name is admin and the default password is admin Both the user name and password are case sensitive Note We recommend that you change the password to a new more secure password see Editing Users on page 203 and record it in Appendix A D Link DWC 1000 User Manual 23 Section 3 Basic Configuration 4 Click Login The web management interface opens with the System Status page This page displays general LAN and WLAN status information You can return to this page at any t
109. Huphiygb pmmembirg i ee Chol ka Bai i a Erde jale P3 o4 WU Grii WDS Link Haii chew a miris ro rtt cte ren ati Sla h al Dantes ari aout ime Field Description pW The group number that identifies the configured WDS AP group Indicates whether the AP specified by the destination MAC detected the AP Source AP End Point specified by the source MAC T Indicates whether the AP specified by the source MAC detected the AP Destination AP ERG aint specified by the destination MAC Adaredation Mode When parallel links are defined between two APs this field indicates whether ggreg this link is part of the aggregation link pair Spanning Tree State of the link on the source AP which is one of the following Disabled STP is disable or Link is down Source AP STP lt Forwarding Learning e Listening Blocking Spanning Tree State of the link on the destination AP which is one of the following Disabled STP is disable or Link is down Destination AP STP Forwarding Learning e Listening Blocking D Link DWC 1000 User Manual 318 Section 8 Viewing Status and Statistics Viewing WDS Link Statistics Path Status gt Wireless Information gt WDS Groups Status gt WDS Link Statistics The WDS Group Link Statistics page displays summary information about the packets sent and received on the WDS links Oyni Search hus c Werin iets SOC Grou Matus WE Ind Soa c ET e wo arpapi stans
110. I4es d o eee 3g ope Dept Maragr Lrhmrairdqe uad ee drin mi tH AP Sup Diii AP Link Mem ii e min ILL GPL LL LL TEE el E Fi Be bateke iea kis LT mu iis 2 Under Discovered AP List right click on the access point you want the wireless controller to manage and select Manage Discovered AP List Show 10 arbi Right click on record es get more options peera natos D i md Entry Ohslesia uA MIA ra r Shepenng toa Taf enne gt s a 1 TA EU view Denis M Dwiele Ad 3 Complete the fields in the Manage AP page refer to the next page and click Save When the confirmation appears click OK D Link DWC 1000 User Manual 30 Section 3 Basic Configuration a AE Anda biuaxagad ten iar s Segue Field Description MAC Address MAC address of the access point Select standalone managed or rogue Selecting standalone will require you to fill out the fields below from Location to Expected Wired Network Mode e Standalone AP Mode Managed Access point profile configuration has been applied to the access point and the access point operating in managed mode Rogue Access point has not tried to contact the wireless controller and the access point s MAC address is not in the Valid AP database Optional field to identify location of the access point being managed Expected SSID If AP Mode Standalone the SSID that the access point should be set to is
111. Information All Logs Current Logs or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server D Link DWC 1000 User Manual 349 Section 10 Troubleshooting Tracking Traffic Routing Logs Maintenance gt Logs Settings gt Routing Logs Traffic can be tracked based on whether the packet was accepted or dropped by the firewall Denial of service attacks general attack information login attempts dropped packets and similar events can be captured for review by the IT administrator Note Enabling logging options may generate a significant volume of log messages and is recommended for debugging purposes only Option Description Accepted Packets If enabled tracks packets that were transferred through the segment successfully Dropped Packets Bis tracks packets that were blocked from being transferred through the Routing Logs Inter VLAN If enable tracks traffic from inter VLAN routing logs After making your selections on this page click Save to save your changes or click Cancel to revert to the previous settings D Link DWC 1000 User Manual 350 Section 10 Troubleshooting System Logging Path Maintenance gt Logs Settings gt System Logs The System Logs page lets you select the type of traffic passing through the wireless controller that you want to log for display in Syslog E mailed logs or t
112. Link DWC 1000 User Manual 82 Section 4 Advanced WLAN Configuration Add a AP from Discovered AP List Path Wireless gt Access Point gt Discovered AP List 1 Click Wireless gt Access Point gt Discovered AP List snnm lore feted o iana AP ind eo Deh oo Lege bemary infora aoc phani omar Frfird pcd reper BIIETDP urba tha Igrilcx4 ue bal HorIeIeC4 e drbrrbn Wr cam Bobi WBigcspr E lmacirige gas mra cies gH uM EP korp Discovered AP LIE reie er His fatness ia iiet mra ma Berei imm i r 2 Right click an AP and select Manage 3 Select an AP Mode and Profile refer to the previous page and then click Save D Link DWC 1000 User Manual 83 Section 4 Advanced WLAN Configuration Manual Change Channel and Power of Managed AP Path Wireless gt Access Point gt Managed APs List gt Managed APs From the Managed AP page you can also manually change the RF channel and power for each radio on an AP The manual power and channel changes override the settings configured in the AP profile including automatic channel selection and take effect immediately The manual channel and power assignments are not retained when the AP is reset or if the profile is reapplied to the AP such as when the AP disassociates and re associates with the controller 1 Click Wireless gt Access Point gt Managed APs List gt Managed APs tab Se 2 Right click on one of the entries and select Chann
113. Load Balancing from the drop down menu Load Balancing Select Round Robin Option DNS Servers DNS Lookup of the DNS Servers of the primary link is used to detect primary Option connectivity DNS Servers DNS Lookup of the custom DNS Servers can be specified to check the connectivity of the primary link DNS Lookup Method Ping these IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link Retry Interval is The number tells the controller how often it should run the above configured failure detection method Failover after This sets the number of retries after which failover is initiated Click to save and activate your settings D Link DWC 1000 User Manual 143 Section 5 Advanced Network Configuration Spillover 1 Click Network gt Internet gt Option Mode Basmi merum Duden Bodie e o Tb pepe Ur win Up Coes C54 pajlO L Ge De Des Cees gree fee ieelpas ie diapa iaa Lar Dee dendi De Siei Par sham maiae Ja ax corvus tien bajarsa laud beeing acum dafis du gad isum Fon minium bz ba kee acram brih nmi pormdl Fabr ia mmputn SLE TEE D SPD BOISE Hila fe gt baii ee ee i ge rz man primacq Deis isih far sap reo Oyi lon Maes Camas Pa Hekg af CEtus era bii Ia Lowel Apike my Pri ug kait Pilasjcug pmj Parum 0899 Mimp M rer Dig bema tn tine dann Deus uz jare DAS larem Peg Toma T iiias inline Con guesvias betw Lasd aarin m Ic mas Deed h
114. Lr imam Dm oa Bormio 2 Click Add New Advertisement Prefixes petentis f Porta iml erm LETS ua Berta Grm D Link DWC 1000 User Manual 127 Section 5 Advanced Network Configuration 3 Complete the fields from the table below 4 Click Save Field Description IPv6 Prefix Type Select the prefix type as 6to4 or Global Local ISATAP If IPv6 Prefix Type 6to4 the SLA ID Site Level Aggregation Identifier in the 6to4 address prefix is set to the interface ID of the interface on which the advertisements are sent IPv6 Prefix If IPv6 Prefix Type Global Local SATAP then defines the IPv6 network address If IPv6 Prefix Type Global Local SATAP and this is a numeric value that indicates the IPv6 Prefix Length number of contiguous higher order bits of the address that make up the network portion of the address Prefix Lifetime The length of time over which the requesting controller is allowed to use the prefix D Link DWC 1000 User Manual 128 Section 5 Advanced Network Configuration LAN DHCP Reserved IPs Path Network gt LAN gt LAN DHCP Reserved IPs The controller s DHCP server can assign TCP IP configurations to computers in the LAN explicitly by adding client s network interface hardware address and the IP address to be assigned to that client in DHCP server s database Whenever DHCP server receives a request from client hardware address of that client is compared with the
115. Managed APs in Peer Group Maximum number of access points that can be managed by the cluster WLAN Utilization Total network utilization across all APs managed by this controller This is based on global statistics D Link DWC 1000 User Manual 294 Section 8 Viewing Status and Statistics All APs Path Status gt Wireless Information gt Access Point gt All APs The All APs List page shows summary information about managed failed and rogue access points the wireless controller has discovered or detected Status entries can be deleted manually bm wewirm oei don Pea 45a oO e GiBkdj 3 pitai hiing ed Borer hiriei dabei alice faded AY See Deg ieee tie Bees fis emis Cop eb ba in iP Loe page ee imm a Lie ee Pale oe apee mima palah Dem einen ha a ed ee ond ALL APS List Deajo z heia im ge oak eo i DXX MN ben in Coke WE neg H Ul es lepe LECE LH i MAR Die Met riam rum ig WA Xn arch deme WX eg Hh d ommum Wy teg 1 iia Dh Dant kapa WU THeg 1 Ha E te WE Tg i mi k Ta t tapu imin amp LE ier Tess Vu dea i wh he Tirei ope TunTneg 1 LELLLELOI F Pee 0 200 fer 21 bar op Field Description MAC Address MAC address of the access point IP Address IP address of the access point Amount of time that has passed since the access point was last detected and the information was last updated Access point status Possible values are Managed access point profile con
116. Mima PIT Ai mim Farseuni Fashem Payssard D Link DWC 1000 User Manual Section 3 Basic Configuration c Complete the fields in the table below and click Save Field Description User Name Enter a unique name for this user The name should allow you to easily identify this user from others you may add Enter the first name of the user This is useful when the authentication domain is an external server such as RADIUS Enter the last name of the user This is useful when the authentication domain is an external server such as RADIUS Select Group Select the captive portal group to which this user will belong Last Name This is the option for administrator to enable disable change Enable Password Change mid Password link in Captive Portal page MultiLogin More than one device can login with the same username password Enter a case sensitive password that the user must specify before Password gaining access to the Internet For security each typed password character is masked with a dot Enter the same case sensitive password entered in the Password Confirm Password field For security each typed password character is masked with a dot D Link DWC 1000 User Manual 42 Section 3 Basic Configuration 3 Associate the captive portal group to a SSID Profile a Click Wireless gt Access Point gt SSID Profiles fe ee ia dadd Cee ee er aei daiair erem om ram adi mici re rer up n 3d e
117. N Logs The Display Logs window allows you to view configured log messages from the controller on WLAN interface as they appear Each log will appear with a timestamp as determined by the controller s configured time The same logs are sent to the WLAN interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen Thu pare dbrisp tha centered log mrilagms of the eewice ecteriicn on ELEH beter Cusrient VILAM Logs Va a je p Pan tigen di aptis m E amp I dg data mabir m Dole pe TIME D Link DWC 1000 User Manual 357 Section 10 Troubleshooting Firewall Logs Path Status gt System Information gt All Logs gt Firewall Logs The Display Logs window allows you to view configured Firewall log messages from the controller as they appear Each log will appear with a timestamp as determined by the controller s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are sent to the remote interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen Pui ipi Mbari Fen Gag Baten bep Roilspei af Me cepi ie ed lie Pharma gos Dureeril Pema Lag ma E oo pow cb ac EL Patel eis ewm D Link DWC 1000 User Manual 358 Section
118. NAT is a technique which allows several computers and devices on your local network to share an Internet connection The computers on the LAN use a private IP address range while the WAN port on the controller is configured with a single public IP address Along with connection sharing NAT also hides internal IP addresses from the computers on the Internet NAT is required if your ISP has assigned only one IP address to you The computers devices that connect through the controller will need to be assigned IP addresses from a private subnet 1 Click Network gt Internet gt Routing Dra rh Thi page shaan gei e o eeyene di Vas ai sun ibo nades bis R Flsidr al asileg ssd Toncijaimmi The Pasito mein dabzradur bom iets li Baad whit peddhi dh ism philipi baleti AAT hi Yea kiji i bambi nhilialian lur seul iaul si pid brei pan En che ahei LAE ih Sebo dium inbirhnl dimidii Tease pees Siis Jan bl pir scm MAE ind uli pia beige UrdTis ilein Met LAR phil Danaa Hansy Bode mi sidia al Bare ng 2 Complete the fields from the table below and click Save Field Description Routing Settings Select NAT or Classical NAT with WAN1 Toggle to ON to use NAT with WAN1 or OFF for classical NAT with WAN2 Toggle to ON to use NAT with WAN2 or OFF for classical we o Click to save and activate your settings D Link DWC 1000 User Manual 145 Section 5 Advanced Network Configuration Transparent When Transparent
119. OUR UR RA M ORI ea dp tu DOT ql qa dde pe ue 140 Auto Rollover using Option POF t ccsscssssssssessscssscssssssssssssscssssssssnssssssucssssssesscsnscsessuceassssesscsnssscsnceasessessssneesees 141 Load Balanicifisis soos usn bar rnm C ntt onset on OR eru ona lu ue UU RUP UTE LR VETE 142 feltlafol rele rem Mer PU E 143 visae T o 144 POULIN RN RR ER RR NR RR E EE 145 NAT Or 6 lassicali odo ha dp HR qe Ue bua RO d t OR Gd ois 145 Urin sio 51 2g LN UHR ore enn enter CONN sn ENT fer NN NONU NORON OE Eon TOT aai 146 EE AV Vol e ARS D Ret en Cr End LN M ACUTE E 147 DMZ DHCP Reserved IPS s oco A ae PRAG RE GENRE Odor o oS SERA ES 148 Dynamic DN jo o c P c 149 VEAN co 150 Creating V A N S cus 150 Editing VLAN Sinmi P 152 BIE ae IAIN E AE AE A AN A um EA E E 152 MultiVLAN SUNE S m O AR ann ao a R N NA OP ENTM Hd 153 LOTA AA E EN N KAPE A A AAEE E 155 MAC Based VA E N E EAE EE eden S NEE E ar 156 Voice VLAN S a A teow ae a Ne 158 Protocol Based VLAN S ninun nenn nEn c ndun cu o e TEES ESS PU Hd 159 Double VENIS AE E rots E E qu A A N A EA EE S 160 GVRP Spouses Soares u e ca ee a Ci tar a TA 161 D Link DWC 1000 User Manual ROLNI AIS eR 162 Configure IPv4 Static ROUEN sri Ras ni ad nen e su maaan Sas am ee ee 162 Configure IPv6 S
120. P Details Shows detailed status information collected from the access point Radio Details Shows detailed status for a radio interface Shows the neighbor APs that the specified AP has discovered through periodic Neighbor APs Sun RF scans on the selected radio interface i Shows information about wireless clients associated with an access point or Neighbor Clients detected by the access point radio Shows summary information about the virtual access points VAPs for the VAP Details selected access point and the access point radio interface that the wireless controller manages Distributed Tunnel Shows information about the L2 tunnels currently in use on the access point Reset AP Reset the managed AP back to the factory default settings Disassociate Clients View disassociate clients with the selected AP The Managed AP Statistics page shows information about traffic on the access point s wired and wireless interfaces This information can help diagnose network issues such as throughput problems To view the statistics for a managed access point right click on its entry in the Managed AP List and select AP Statistics Radio Statistics and VAP Statistics Button Description AP Statistics Shows the number and type of packets transmitted and received on a specific access point ae Shows per radio information about the number and type of packets Radio Statistics transmitted and received for a specific access point Sho
121. QoS gt LAN QoS Policy gt Policy Based QoS tab Eise Du LAB Doi Poir Malice Berend Unt eo Dh Qu Paley abiwa pie ba Calf Fap piety P Ta Haho habe aA 75a RG rilawki de Neu LAN CR pri Fc dait lg Duis TRal is mjirsbd wa Uem jiria mi LAM qmdliR Mein DRE m azg Db De pilas ly son afar Thu prier a 15 niri Halfin Valigy fated p 1HE TS tally AND tek an rerai in pet acre atia By dais maladia m tir 2 Click Add New Policy Based QoS 3 Complete the fields in the table on the next page and click Save Policy Based 5 Comtigurat hon Policy Bae Qet Cm wan o Profile Mams Fari Poti f Frnfile Type LAN ia TAN Priority Hdi s D Link DWC 1000 User Manual 180 Section 5 Advanced Network Configuration Field Description Profile Name The name of the profile Pt OS Select a port or ports Hold CTRL to select multiple ports Matching criteria of this profile The criteria are e VLAN Destination MAC Address Source MAC Address Destination IP Address Source IP Address Source TCP Port Destination TCP Port Source UDP Address Destination UDP Address VLAN If Profile Type VLAN enter a defined VLAN number MAC Address If Profile Type Destination MAC Address or Source MAC Address enter a defined MAC Address If Profile Type Destination IP Address or Source IP Address enter a defined IP IP Address Address L4 Port If Profile Type Source TCP Port Destination TCP
122. RL list is an acceptance list for all URL domain names Domains added to this list are allowed in any form For example if the domain dlink is added to this list then all of the following URL s are permitted access from the LAN www dlink com support dlink com etc Importing exporting from a text or CSV file is also supported To specify approved URLs 1 Go to Security gt Web Content Filter gt Static Filtering gt Approved URL tab ee et e re ac ihe W Dipu o gu CRIYRUE Dr Curs ee n isi eiis m abo 2 To import a list from a text CSV file click Upload URLs List from File If you want to export the current list click Export URLs List to File To add a new URL click Add New Approved URL arm E 3 Enter a URL and click Save D Link DWC 1000 User Manual 228 Section 6 Securing Your Network Blocked Keywords Path Security gt Web Content Filter gt Static Filtering gt Blocked Keywords Keyword blocking allows you to block all website URL s or site content that contains the keywords in the configured list This is lower priority than the Approved URL List i e if a blocked keyword is present in a site allowed by a trusted domain in the Approved URL List then access to that site will be allowed Import export from a text or CSV file is also supported To add import export URLs to the approved list 1 Click Security gt Web Content Filter gt Static Filtering gt Blocke
123. Set oreo Dei LAH Qoi Priorite ao ha C LETISITTMETUMI ELI LIT POSS etna nckiina Dc cm LAM a gun eae cesbipacalign eflc is raved acl pra cach opsaastos pm ther beie eo der LEM nariz aM Get SeWivete Chad ee Las rm D Link DWC 1000 User Manual 175 Section 5 Advanced Network Configuration 2 Toggle Activate QoS on LAN to ON 3 On the middle menu on the LAN QoS Priority page click the Trust Mode Settings tab In the Trust Mode List select a port by right clicking it and clicking Edit This brings up a pop up box called Trust Mode Configuration 4 Type in the port number for LAN Port and select either CoS or DSCP next to Classify Using 5 Click Save 6 Proceed to Configuring DSCP Priority on page 179 or Configuring 802 1p Priority on page 178 to configure values for DSCP and CoS and their priority D Link DWC 1000 User Manual 176 Section 5 Advanced Network Configuration Defining DSCP and CoS on each port Path Network gt QoS gt LAN QoS Priority gt Trust Mode Setting Choose between CoS or DSCP for that port When there is congestion on the port the LAN port will check the value of one these fields in the packet and make a decision on the priority for that packet Individual values for DSCP and CoS and the priority that they should be given are set by the Port Cos Mapping amp Port DSCP Mapping pages under QoS 1 Go to Network gt QoS gt LAN QoS Priority On the middl
124. To Zone can be the To Zone public DMZ or secure LAN Similarly if the From Zone is the LAN then the To Zone can be the public DMZ or insecure WAN Select a service from the drop down menu ANY means all traffic is affected by this rule Select an action from the drop down menu Select a source host If you select Single Address or Address Range you will need to enter the IP address Source Hosts or IP range m Select a Destination host If you select Single Address or Address Range you will need to enter the IP Destination Hosts address or IP range Select whether to log firewall traffic or not Outbound rules where To Zone insecure WAN only can have the traffic marked with a QoS priority tag Select a priority level Normal Service ToS 0 lowest QoS QoS Priority IPv4 only Minimize Cost ToS 1 e Maximize Reliability ToS 2 Maximize Throughput ToS 4 e Minimize Delay ToS 16 D Link DWC 1000 User Manual 231 Section 8 Security Schedules Path Security gt Firewall gt Schedules Firewall rules can be enabled or disabled automatically if they are associated with a configured schedule The schedule configuration page allows you to define days of the week and the time of day for a new schedule and then this schedule can be selected in the firewall rule configuration page Note All schedules will follow the time in the controller s configured time zone Refer to the section on choosing your Time Zone and conf
125. User Manual 102 Section 4 Advanced WLAN Configuration Description If a wireless client broadcasts probe requests to all available SSIDs this option controls whether the AP will respond to the probe request ON Prohibits the AP from responding to client probe requests OFF Allow the AP to respond to client probe requests VLAN Enter a VLAN ID Be sure this VLAN ID has been created Network gt VLAN gt VLAN Setting If enabled wireless clients must be authenticated by the AP in order to connect to the network To use MAC authentication configure the client MAC addresses in one of the databases Local or RADIUS In the database set a default action to either accept or deny that client or use the global action configured MAC authentication is useful in networks that operate in Open mode to grant or deny access to clients with specific MAC addresses MAC Authentication can also be used in conjunction with 802 1X security methods in which the MAC Authentication is done prior to the 802 1X authentication Authentication Type If Captive Portal Type Permanent User and Authentication Server RADIUS server yp select the authentication type PAP CHAP MSCHAP or MSCHAPV2 Select the HTTP option in the Redirect field to redirect wireless clients to a custom Web page When redirect mode is enabled the user will be redirected to the URL you specify after the wireless client associates with an AP and the user opens a web browser to a
126. VPN SSL VPN Client If the SSL VPN client is assigned an IP address in a different subnet than the corporate network a client route must be added to allow access to the private LAN through the VPN tunnel As well a static route on the private LAN s firewall typically this switch is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client When split tunnel mode is enabled the user is required to configure routes for VPN tunnel clients e Destination network The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here Subnet mask The subnet information of the destination network is set here To configure a client route 1 Click VPN SSL VPN Client Routes 2 Click Add New Client Route The Taco rd Cire Eaatrpna mrkri arm che casing parir y etd cud pm nido Ha cha DD STU Reet peche repi acr dei bu dace ir peer niita h RE a eed Uc cul Den D Om lese aud 3E rer eam d oie nir mila Der Peil L TS el eal meie h bette Tha istie Liman Oe lee inert veo Bt aA aT Pan ret proinde Up TEL UE ard Por amaemein H B ld IT Ham mdubrs im eons Fem LAB ast Fans mom LFLIT Tamen moa pr apsidi ade iier d sieri qa thr ferien tiro pads na dar eer Vin Dies Bassi Line i LS Ser e Sent wi pri ees rrara i 3i E A be dra nasu iair 3 Enter the destination network and subnet mask 4 Click Save V TM Cilesi smia Configeratios
127. Wireless Controller User Manual DWC 1000 Version 3 11 BUSINESS WIRELESS SOLUTION Preface D Link reserves the right to revise this publication and to make changes in the content hereof without obligation to notify any person or organization of such revisions or changes Information in this document may become obsolete as our services and websites develop and change Manual Revisions Revision pae X X Desrpin id October 16 2014 DWC 1000 revision A1 with firmware 4 4 0 1 October 1 2015 DWC 1000 revision A1 B1 with firmware 4 4 1 2 Trademarks D Link and the D Link logo are trademarks or registered trademarks of D Link Corporation or its subsidiaries in the United States or other countries All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies O 2015 D Link Corporation All rights reserved This publication may not be reproduced in whole or in part without prior expressed written permission from D Link Corporation D Link DWC 1000 User Manual 2 Use the following safety guidelines to ensure your own personal safety and to help protect your system from Safety Instructions potential damage To reduce the risk of bodily injury electrical shock fire and damage to the equipment observe the following Safety Cautions precautions Observe and follow service markings Do not service any product except as explained in
128. XOP Limit applies only to traffic flowing from the client station to the access point The Transmission Opportunity TXOP is an interval of time when a WME client station TXOP Limit has the right to initiate transmissions onto the wireless medium WM This value specifies in milliseconds the Transmission Opportunity TXOP for client stations that is the interval of time when a WMM client station has the right to initiate transmissions on the wireless network D Link DWC 1000 User Manual 100 Section 4 Advanced WLAN Configuration SSID Profiles The SSID Profile list shows all the wireless networks configured on the controller The first 16 networks are created by default You can modify the default networks but you cannot delete them You can add and configure up to 16 additional networks for a total of 50 wireless networks Multiple networks can have the same SSID Configure SSID Profiles Path Wireless gt Access Point gt SSID Profiles 1 Click Wireless gt Access Point gt SSID Profiles Wem ieee oY is E e LI ZR II LX ML IRI Bil bal a 7 pa pd tee ee ee LS a iia Bee See oe ee eed 1 ami Tiu po para M in Hem i eras dent Dr el is nre t meal 1 Pl mal Erxl LS Lnd i es Ld amp m E ul fa icm inm Bim 1 feat 5 Qe mat Eiri Pizai m Us hss oe nase in s j wa Tmas Dusimd E e ma za rdi carmen Thaid Braa ipa Ina iwa LS nel sl m m irat chain mu ma
129. a o eroe io ie Rute ee pbn e ures conseeneuess ROGO PLUS V erERARQU EE UIE SpA PR UNE IY Co PERDIERON Oven M TOC AU Te eve LOS IUE 339 LED Tro bleshootlrig mooner eret epe ed ver ro a ege Ong ran bord caa Far pde ar RU CR RE HEP UN e 340 Power EDS OBE oai dated ae ba oua a ERR HR ve Opa 340 LAN Port EEDS NOTON dcn oe ersparen tin ox coeli vase ex avugbatunsseeuan ERE RR Sevens Rel RR Le RENT RR 340 Web Management Iriterf ace us eee t tero Peck et ait ps i ted HER dtr e vu adn d cxt 340 D Link DWC 1000 User Manual 12 Using the Reset Button to Restore Default Settings cccsssssssssssssecsscsscsncsncssssssessscsessncencssscsscessesessnseacesscesceseess 341 Problems with Date and Mines seen e tcd bte Qn uetus imum eR Sal E LE 341 Discovery Problems with Access POIDS anre arret et cede rites teet beo ces reprend tosp este ede conde ia niae eus 341 Connection Probl tris esca ritiro etienne custos e a E aie eei en pede e ci ecu E na aS a aeeai iaia 342 Network Performance and Rogue Access Point Detection eese eene tte rte tnnt tenens ttn tto ntas 342 Using Diagnostic Tools on the Wireless Controller eese essetis tentent tente ntnnt tnn tnn tentes ntan 343 PirickandP Ades coss E OI DR AR RNC DR p DA NEU Yd RN Saas a UR an EURO C NERO dis 343 Using Irae BEOUEO inusisa eiui etie tede ote termed Qus bo Ne vad eruit cia us ee tetuer 344 Performing DNSEODKUBS eso nis iva Dr DE nep cus T A ae Duet DA GR EEEE E EATE ea
130. abase gt Users tab m Kellie Eme Gees Mam a riie re i iai afin imira aniis haiwi Din pap ham o eri ad cen aan a ha aa i aT cum ub duie amd abt He sran tie Din papa sam mm ur mnd dem riiag pli Females pa feai Si Tea Miei LP Bakiri r LU el Vind TURPE Lisa OPT 2 Click Add New User The User Configuration pop up page will appear Abeer Coal eara kar o s yc SEDES o lpes biia Firik Hama Lait Aata Teisri free l Fassmred Coal rg Faismgid D Link DWC 1000 User Manual 201 Section 6 Securing Your Network 3 Complete the fields in the table below and click Save Field Description Enter a unique name for this user The name should allow you to easily identify this user User Name from others you may add FirstName Enter the first name of the user Enter the last name of the user Select Group Select the captive portal group to which this user will belong Enter a case sensitive login password that the user must specify at the login prompt to Password access the web management interface For security each typed password character is masked with a dot Enter the same case sensitive password entered in the Password field For security Confirm Password each typed password character is masked with a dot Enable Password Change Ifthe group user type is Captive Portal enable password changes by user if needed X If the group user ty
131. account Select Permanent User on Captive Portal Type and select Local User Database on Authentication Server d Select the customized login page from the Login Profile Name drop down menu e Click Save The captive portal is now associated to the selected SSID To test your configuration from a client connect to the captive portal SSID to log in to the captive portal Enter an IP address on the captive portal network to see the controller redirect request to the captive portal page If the authentication database is using the RADIUS server on step c above choose Permanent User on Captive Portal Type and select RADIUS Server on Authentication Server 4 Customize the captive portal login page a Go to Security gt Authentication gt Login Profiles The Login Profiles page will appear to T Dears each un Aera y o Ruben tn Lopa Prom ao e The babis dizi aD Cone anv llasls Legis Poot bes b the suam Tos Logis page bi ded Dei atfenricatian an Captive Portal enakisd litei aiie Leyin Profiles List DUET aires Set dick oe reed amp gemi reo oper debmi Dia Wa reas Cork lhe bii be Lies dela D We eles Corso illam LEE NE D Link DWC 1000 User Manual 44 Section 3 Basic Configuration b Under the Login Profiles List click Add New Login Profile to add a new profile or right click an existing profile and click Edit to edit the profile The Login Profile Configuration page will appear Severed
132. action of Deny or if the action is Global Action and it is globally set to Black List the client fails this test Configured Authentication Rate Thistest checks whetherthe client has exceeded the configured ratefortransmitting Test 802 11 authentication requests Configured Probe Requests Thistest checks whetherthe client has exceeded the configured ratefortransmitting Rate Test probe requests Configured De Authentication This test checks whether the client has exceeded the configured rate for transmitting Requests Rate Test de authentication requests Maximum Authentication This test checks whether the client has exceeded the maximum number of failed Failures Test authentications Authentication with Unknown This test checks whether a client in the Known Client database is authenticated with AP Test an unknown AP Select enable to send de authentication messages to clients that are in the Known Clients database but are associated with unknown APs The Authentication with Client Threat Mitigation Unknown AP Test must also be enabled in order for the mitigation to take place Select disable to allow clients in the Known Clients database to remain authenticated with an unknown AP Not Present in Known Client Database Test When the controller detects a client on the network it performs a lookup in the Known Client Database Lookup Method Known Client database Specify whether the controller should use the local or RADIUS databa
133. ad process Requested A request to download AP software has been made but the controller has not done any downloads Code Transfer in Progress A download is in progress Status Global Failure Download failed on all APs Aborted Download was aborted before the AP loaded code from the TFTP server NVRAM Update in Progress Download completed successfully The reset command has been sent to the AP Success All APs are connected to the wireless controller The number of managed APs to download software in the current download request If you selected All for the managed APs to upgrade the download count shows the number of managed APs at the time the download request was started The value is 1 if only one AP is being updated The number of APs that have successfully downloaded the new code This value Success Count starts with 0 at the beginning of the download and increases by one for every AP that successfully downloaded the code The number of APs that failed to download the new code starting at 0 and incremental Failure Count with each failure The number of APs for which the download was aborted starting at 0 and incremental Abort Count each aborted download D Link DWC 1000 User Manual 115 Download Count Section 4 Advanced WLAN Configuration AP Firmware Status A table also appears and lists each AP its download status and the software version it is downloading The status for an individual AP can have one
134. address to issue your clients connecting using DHCP over IPSec Ending IP Address Enter the ending IP address Click Save to save and activate your settings D Link DWC 1000 User Manual 250 Section 7 VPN Certificates The DWC 1000 uses digital certificates for IPSec VPN authentication You can obtain a digital certificate from a well known Certificate Authority CA such as VeriSign or generate and sign your own certificate using functionality available on this gateway The switch comes with a self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance ofthe server s identity and is a requirement for most corporate network VPN solutions Trusted Certificates The certificates menu allows you to view a list of certificates both from a CA and self signed currently loaded on the switch The following certificate data is displayed in the list of Trusted CA certificates CA Identity Subject Name The certificate is issued to this person or organization Issuer Name This is the CA name that issued this certificate Expiry Time The date after which this Trusted certificate becomes invalid To upload a certificate 1 Click VPN IPSec VPN Certificate Trusted Certificates tab Tr u fa vastis ius seirg Bi Revisions peed bp hem Skee s jarah aia h praa sasi ti i gerd by n cad eae en ied a tras ath Aadrae a Lindon ixaLsen Mb ceri urhe b
135. adia Troe Descrip ton D Link OWL TEM brgin Md ey Suspart Enable WAP Cain D 103 1In Xupzart E nablg Eili Subpart Cesabbe D Link DWC 1000 User Manual 303 Section 8 Viewing Status and Statistics Field Description bogs Shows the ID number assigned to each access point hardware type The Hardware Type Description are i wireless controller supports six different types of access point hardware Radio Mode Describes the platform and the supported IEEE 802 11 modes Shows whether the hardware supports one radio or two radios 802 11a Support Shows whether support for IEEE 802 11a mode is enabled manufacturer name and supported IEEE 802 11 modes D Link DWC 1000 User Manual 304 Section 8 Viewing Status and Statistics Associated Clients Global Status Path Status gt Wireless Information gt Associated Clients gt Global Status This page shows statistic information about all the clients which are connected through managed AP Field Description Total Clients Total number of clients in the database This total includes clients with an Associated Authenticated or Disassociated status Total number of clients in the associated client database with an Authenticated Authenticated Clients statis 802 11a Clients Total number of IEEE 802 11a only clients that are authenticated 802 11b g Clients Total number of IEEE 802 11b g only clients that are authenticated Total number of clients that a
136. aged by the DWC 1000 Purge Roam History Will purge the roam history for the selected client Roam History Details Neighbor AP Status Shows information about the neighbor AP status After right clicking next to the MAC address the Client Statistic page shows the fields in the table on the next page This page shows information about the traffic a wireless client receives and transmits while it is associated with a single access point Use the table to view details about an associated client Each client is identified by its MAC address Avyaclated Clients Stetistiss e D Link DWC 1000 User Manual 307 Section 8 Viewing Status and Statistics Field Description TS Violate Packets Received Count of packets received by an access point from a wireless client for the specified access category TS Violate Packets Transmitted Count of packets transmitted by an access point to a wireless client for the specified access category Duplicates Received Total number of duplicate packets received from the client station To help authenticated clients roam without losing sessions and needing to re authenticate wireless clients can try to authenticate to other access points within range of the client For successful pre authentication the target access point must have a VAP with an SSID and security configuration that match the client including MAC authentication encryption method and pre shared key or RADIUS parameters The acc
137. al 287 Section 8 Viewing Status and Statistics Controller Associated Clients Path Status gt Wireless Information gt Controller Status gt Controller Associated Clients This page shows the controller and its associated clients If this controller is the Cluster Controller it will also show the associated clients whom is managed with other peer controllers Tua Wheeler omar a Lortnailey Hehe Cordele deleted Claes hott ibated Codsall LI JM IL toate Peer I Conkiqker Sait Tusa Tee tbla Hrkg aM the sealable Cortralier Sineciogad lenin ln the sprima Canzmnller amp sscctared Chients List S a t E hee i we minn ras rigt cok opin a Ue data mitis in table bienes Dia Qu J aiia lani Poems isit baig Field Description Shows the IP address of the Controller that manages the AP to which the Controller IP Address ERA client is associated Client MAC Address Shows the MAC address of the associated client D Link DWC 1000 User Manual 288 Section 8 Viewing Status and Statistics Distributed Tunnel Path Status gt Wireless Information gt Controller Status gt Distributed Tunnel The AP AP tunneling mode is used to support L3 roaming for wireless clients without forwarding any data traffic to the wireless controller In the AP AP tunneling mode when a client first associates with an AP in the wireless system the AP forwards the wireless client s data using VLAN for
138. al cost paths exist in the STP Priority topology The lower value for the spanning tree priority means that the AP is more likely to be used for bridging data into the campus network You should assign a lower priority to the APs connected to the wired network than to the satellite APs The STP priority value is rounded down to a multiple of 4096 The range is 0 61440 and the default value is 36864 D Link DWC 1000 User Manual 109 Section 4 Advanced WLAN Configuration Configure WDS AP Link Path Wireless gt Access Point gt WDS Groups gt WDS AP Link After you create a WDS Managed AP group use the WDS AP Link Configuration page to configure the WDS links between the APs that are members of the group 1 Click Wireless gt Access Point gt WDS Groups gt WDS AP Link tab 2 Click Add New WDS AP Link TT AF iih Cete m o 3 Complete the fields in the table below and click Save Field Description WDS Managed Group ID Select the ID associated with the group to configure MAC Address of the source AP Source AP MAC Address Note The WDS links are bidirectional The terms Source and Destination simply help to differentiate between the WDS link endpoints Source AP Radio The radio number of the WDS link endpoint on the source AP Destination AP MAC Address The MAC address of the destination AP in the group Destination Radio The radio number of the WDS link endpoint on the destination AP S
139. alone mode to managed mode its static IP address changes to an IP address that is issued by the DHCP server either one in the network or one that is configured on the wireless controller This occurs to ensure that each managed access point has a unique IP address If there is no DHCP server or if the access point cannot reach the DHCP server the access point remains in the Connecting state as it tries to obtain an IP address If there is no DHCP server in the network configure one on the wireless controller see Step 1 Enable DHCP Server Optional on page 28 When a DHCP server becomes available the access point can transition from the Connecting state to the Connected state If you added a new SSID but the SSID does not appear under Wi Fi Networks within 5 minutes use the following procedure to reboot the Wireless Controller 1 Click Maintenance gt Firmware gt Soft Reboot 2 Click Soft Reboot Network Performance and Rogue Access Point Detection When rogue access point detection is enabled access points intermittently go off channel for short periods which can affect network performance If security concerns are more important than network performance you can enable rogue access point detection If network performance is more important than security concerns you can temporarily disable rogue access point detection D Link DWC 1000 User Manual 342 Section 10 Troubleshooting Using Diagnostic Tools on the Wireless C
140. ameters If you select Voice or Factory Defaults the wireless controller will use the pre defined settings for the template you select AP EDCA Parameters Queues are defined for different types of data transmitted from AP to station e Data 0 Voice High priority queue minimum delay Time sensitive data such as VoIP and streaming media are automatically sent to this queue e Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 best effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 Background Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for example AIFS Inter Frame Space The Arbitration Inter Frame Spacing AIFS specifies a wait time for data frames The wait P time is measured in slots Valid values for AIFS are 1 through 255 This parameter is input to the algorithm that determines the initial random backoff wait time window for retry of a transmission The value specified here in the Minimum Contention Window is the upper limit in milliseconds of a range from which the initial random backoff wait time is determined The first random number generated will be a number between 0 and the number cwMin Minimum specified here Contention Window If the first random backoff wait time expires
141. annel in addition to the legacy 20 MHz channel available with other modes The 40 MHz channel enables higher data rates but leaves fewer channels available for use by other 2 4 GHz and 5 GHz devices The 40 MHz option is enabled by default for 802 11a n modes and 20 MHz for 802 11b g n modes You can use this setting to restrict the use of the channel bandwidth to a 20 MHz channel This setting is editable only when a channel is selected and the channel bandwidth is set to 40 MHz A 40 MHz channel can be considered to consist of two 20 MHz channels that are contiguous in the frequency domain These two 20 MHz channels are often referred to as the Primary and Secondary channels The Primary Channel is used for 802 11n clients that support only a 20 MHz channel bandwidth and for legacy clients Use this setting to set the Primary Channel as the upper or lower 20 MHz channel in the 40 MHz band Channel Bandwidth Primary Channel The protection feature contains rules to guarantee that 802 11 transmissions do not cause interference with legacy stations or applications By default these protection mechanisms are enabled Auto With protection enabled protection mechanisms will be invoked if legacy devices are within range of the AP You can disable Off these protection mechanisms however when 802 11n protection is off legacy clients or APs within range can be affected by 802 11n transmissions 802 11 protection is also available when the mode is 8
142. ase the client roams to another AP Bcast Key Refresh Rate seconds If Security WPA Enterprise enter a value to set the interval at which the AP will refresh session unicast keys for each client associated to the VAP The valid range is 0 86400 seconds A value of 0 indicates that the broadcast key is not refresh Session Key Refresh Rate D Link DWC 1000 User Manual 34 Section 3 Basic Configuration 4 To add anew SSID go to at Wireless gt Access Point gt SSID Profile and click the Add New SSID Profile button bm o mha ee acd Mis nepr hee IG Bie ees eters ADA aeiaai e Be reesei Mie Fiend H Fe e vernies ka eee je poe my IIa m n aa Pm nr Lab mcd s air ap Re y iama R ja g tal ced RC naa Lid Um Pioi liisi Be i a ICM TP as due e LU Ld Aee m LeS Eei Lam i ii p hamum p tua m tan a he Pt Sah Bet LS um E auam iiim pe mas man p m diem deut ETT hm Bun car ura mn IE od mii L sd asi pee pe mas maa mis maa dant Lian imis Eua e um LL Hee Pit date Te Ere Ld L sd ay a E E T EL P 5 Fill out the fields below and click Save EPO Pretlle xa onm I n0 ll tum Cerise Furie Pisa ien i EESTI Eme PIT D me mum Pape aj LIMITES jma Bams Dk i iamen Joa Lj ITF wee OP oe PH EE C nee mem Li kebi lusesiieg pL me mea LTEM D Link DWC 1000 User Manual 35 Section 3 Basic Configuration 6 Click Wireless gt Access Point gt
143. b nee eee i ae 2 Toggle Activate MAC based VLAN to ON and click Save 3 Click Add New MAC Based VLAN MAE eevee WLAN Cooter or e ABI ded r vim fies a D Link DWC 1000 User Manual 156 Section 5 Advanced Network Configuration 4 Complete the fields in the table below and click Save Field Description MAC Address Enter the MAC address of the client you want to add to a VLAN VLAN Enter the VLAN ID number Select a port from the drop down menu D Link DWC 1000 User Manual 157 Section 5 Advanced Network Configuration Voice VLANs Path Network gt VLAN gt Advanced VLAN gt Voice VLAN The voice VLAN feature enables controller ports to carry voice traffic with defined settings so that voice and data traffic are separated when coming onto the port A voice VLAN ensures that the sound quality of an IP phone is safeguarded from deterioration when data traffic on the port is high The inherent isolation provided by VLANs ensures that inter VLAN traffic is under management control and that network attached clients cannot initiate a direct attack on voice components A QoS protocol based on the IEEE 802 1P class of service CoS protocol uses classification and scheduling to send network traffic from the controller in a predictable manner The system uses the source MAC of the traffic traveling through the port to identify the IP phone data flow Voice VLAN is enabled per port basis A po
144. based content itself can be used to determine if traffic is allowed or dropped Static Filtering Path Security gt Web Content Filter gt Static Filtering Content filtering must be enabled to configure and use the subsequent features list of Trusted Domains filtering on Blocked Keywords etc Proxy servers which can be used to circumvent certain firewall rules and thus a potential security gap can be blocked for all LAN devices Java applets can be prevented from being downloaded from internet sites and similarly the gateway can prevent ActiveX controls from being downloaded via Internet Explorer For added security cookies which typically contain session information can be blocked as well for all devices on the private network To configure 1 Go to Security gt Web Content Filter gt Static Filtering api peed JS Ecos nage d Thin coristi Heer cptico alae the grer ce Gicck apcepi ta cer taia lacernes viter Dp to 12 ry wird in the pice come ges cine WEL can pa sercibed stich i Bleck scconr obe Ee ste Ta mbap DELS ps Ex Apprascd UL ssd Rocked Rryearis pepe Static Fittering Tassen d Fine adm EN Web Fiir o pam Jura pee AUR pee Bractar Caplan Se 2 Toggle which service you want to filter to On and click Save D Link DWC 1000 User Manual 227 Section 6 Securing Your Network Approved URLs Path Security gt Web Content Filter gt Static Filtering gt Approved URL The approved U
145. be downloaded which can be one of the following All Images DWL 8600AP DWL 3600AP DWL 6600AP e DWL 2600AP DWL 8610AP Note To download all images make sure you specify the file path and file name for both images in the appropriate File Path and File Name fields Image Download Type The list shows all the APs that the controller manages If the controller is the Cluster Controller then the list shows the APs managed by all controllers in the cluster Each AP is identified by its MAC address IP address and Location in the MAC IP Location format To upgrade a single AP select the AP MAC address from the drop Managed AP down list To upgrade all APs select All from the top of the list If All is selected the Group Size field will limit the number of simultaneous AP upgrades in order not to overwhelm the TFTP server To select multiple APs to upgrade CTRL click the APs to upgrade Note D Link recommends that you upgrade all managed APs at the same time D Link DWC 1000 User Manual 114 Section 4 Advanced WLAN Configuration AP Firmware Status Path Maintenance gt Firmware gt AP Firmware Download gt AP Firmware Status After the download begins the AP Firmware Status tab will display information about the upgrade Refer to the table below Description Code Download Status The status of the upgrade process for all APs Not Started The wireless controller has not started the downlo
146. become unavailable DHCP Server Select this setting to use the wireless controller as a DHCP server Complete the remaining settings on the page DHCP Relay If you select this setting you need only enter the relay gateway information Enter the domain name for the VLAN Enter the starting IP address in the IP address pool Any new DHCP client joining the LAN is assigned an IP address within the starting and ending IP address range Starting and ending IP addresses should be in the same IP address subnet as the wireless controller s LAN IP address Ending IP Address Enter the ending IP address in the IP address pool Default Gateway Optional Enter the IP address of the gateway for your LAN Optional If configured domain name system DNS servers are available on the VLAN Frimory DNS Server enter the IP address of the primary DNS server DHCP Mode Starting IP Address Optional If configured domain name system DNS servers are available on the VLAN enter the IP address of the secondary DNS server Enter a time interval in hours that a DHCP client can use the IP address that it receives Lease Time from the DHCP server When the lease time is about to expire the client sends a request to the DHCP server to get a new lease Relay Gatewa Enter the gateway address This is the only configuration parameter required in this y y section when DHCP Mode DHCP Relay LAN Proxy Enables or disables DNS proxy on this LAN The
147. been created on VLAN Setting Network gt VLAN gt VLAN Setting The default access point profile does not use any security mechanism To protect your network we recommend you select a security mechanism to prevent unauthorized wireless clients from gaining access to your network Choices are Security aum None no security mechanism is used WEP enable WEP security Complete the options in Table 3 1 WPA WPA2 enable WPA WPA2 security Complete the options in Table 3 2 Table 3 1 WEP Page Settings Field Description e Static WEP uses static key management You manually configure the same keys to encrypt data on both the wireless client and the access point Dynamic WEP WEP IEEE Securit 802 1x uses dynamically generated keys to encrypt client to access point traffic WEP IEEE 802 1X screen refreshes and there are no more fields to configure The access point uses the global RADIUS server or the RADIUS server you specified for the wireless network Select the authentication type Choices are Open System any wireless station can request authentication The station that needs to authenticate with another wireless station sends an authentication management frame that contains the identity of the sending station The receiving station returns a frame that indicates whether it recognizes the sending station Shared Key each wireless station is assumed to have received a secret shared key over a secure chan
148. bitration Inter Frame Spacing AIFS specifies a wait time for data frames The wait time is measured in slots Valid values for AIFS are 1 through 255 Max Burst Length AIDS Inter Frame Space This parameter is used by the algorithm that determines the initial random backoff wait time window for data transmission during a period of contention The value specified in the Minimum Contention Window is the upper limit in milliseconds of a range from which the initial random backoff wait time is determined cwMin Minimum The first random number generated will be a number between 0 and the number Contention Window specified here If the first random backoff wait time expires before the data frame is sent a retry counter is incremented and the random backoff value window is doubled Doubling will continue until the size of the random backoff value reaches the number defined in the Maximum Contention Window D Link DWC 1000 User Manual 99 Section 4 Advanced WLAN Configuration Description The value specified in the Maximum Contention Window is the upper limit in milliseconds for the doubling of the random backoff value This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached Once the Maximum Contention Window size is reached retries will continue until a maximum number of retries allowed is reached cwMan Maximum Contention Window Station EDCA Parameter Only The T
149. bled and works as a LAN interface but with a dependent MAC address and Option 2 is disabled With a VPN license DWC 1000 VPN DWC 1000 VPN LIC the controller turn into WAN ports You can set ISP connection type and NAT Transparent mode features 1 Click Network gt Internet gt Option 1 Settings Siemens beet pk levis eo Ts eee igen pues Pu cm a gi dr vaarassa acm Phal mas aem dim brim amnunrins wicrmalizm imu au em I ikrus dirus elk Palin adi ha a esae aisa or ire EET war FU as amber E iPed Opthos 3 beings 2 Select your connection type and complete the fields from the next page 3 Click Save D Link DWC 1000 User Manual 134 Section 5 Advanced Network Configuration Field Description Connection Tune Select the type of your Internet connection Static Dynamic PPPoE PPTP L2TP Japanese PPPoE Russian yp PPPoE Russian PPTP or Russian L2TP Dynamic Specify the host name option to send to the DHCP server The host name string only contains the client s Host Name optional host name prefix to which the server will append the DDNS domain name or domain name options if any to derive the fully qualified domain name ofthe client Static PPPoE Japanese PPPoE Russian PPPoE UserName emteryourrpPoEwername Cd Use this field if you need to distinguish two servers using the same Username and Password combination Service With PPP as you can t specify servers using IP address you can specify
150. c routes to this device allows you to define the path selection of traffic from one interface to another There is no communication between this controller and other devices to account for changes in the path once configured the static route will be active and effective until the network changes The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields with one exception To configure IPv6 Static Routing 1 Goto Network Routing IPv6 Static Routing Bee Fi Hite baig Pg Gaels Ase ing LIU Pipini cick wm rrari m get see noci LEE 1 fii page seisi a ME if Pai dials teen ddd B apm nat DE dulin sad adh ha mutis shi i 2 Click Add New IPv6 Static Route ied binidc Routing Conligueatiqn D Link DWC 1000 User Manual 164 Section 5 Advanced Network Configuration 3 Complete the fields in the table below and click Save Field Description Enter a unique name for this static route The name should allow you to easily identify Route Name this static route from others you may add Activates or deactivates the status route Choices are Active ON activate static route OFF deactivate static route Designates the static route as private Choices are Private e ON static route is private
151. cast domains and Layer 3 subnets Devices within a VLAN can communicate without routing The primary use of VLANs is to split large switched networks which are large broadcast domains The wireless controller provides VLAN functionality for assigning unique VLAN IDs to LAN ports so that traffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network Creating VLANs Path Network gt VLAN gt VLAN Settings You can create VLANs on the VLAN Settings page After you create VLANs you can use the same page to view edit and delete VLANs To create a VLAN 1 Go to Network gt VLAN gt VLAN Settings 2 Click Add New VLAN The following pop up box will appear Lan cpm WS 57 nd aot 2 D Link DWC 1000 User Manual 150 Section 5 Advanced Network Configuration 3 Complete the fields in the table below and click Save Field Description VLAN ID Enter a unique ID to this VLAN 2 4093 Enter a unique name for this VLAN The name should allow you to easily identify this VLAN from others you may add Allows or denies communication between VLAN networks Choices are Activate InterVLAN Routing Checked allow communications between different VLANs Unchecked deny communications between different VLANs Captive Portal Type Sie ee De of captive portal from free SLA
152. cate is sent to Primary and Backup Switches Failed The primary or backup switch wasn t in the cluster when this switch attempted to send the information New Primary IP Address Enter the IP address of the wireless controller that should manage the AP Enter the IP address of switch to which the AP should try to connect if it is unable to New Backup IP Address connect to the primary wireless controller Profle Select an AP profile you want to use AP Certificate and Profile Transmit Status D Link DWC 1000 User Manual 87 Section 4 Advanced WLAN Configuration AP Profiles Access point configuration profiles are a useful feature for large wireless networks with APs that serve a variety of different users You can create multiple AP profiles on the wireless controller to customize APs based on location function or other criteria Profiles are like templates and once you create an AP profile you can apply that profile to any AP that the wireless controller manages For each AP profile you can configure the following features Profile Settings Name Hardware Type ID Wired Network Discovery VLAN ID e Radio Settings SSID Settings QoS Configuration Configure AP Profile Path Wireless Access Point AP Profiles AP Profiles 1 Click Wireless Access Point AP Profiles AP Profiles tab ee halia ooo Tais DA pim did cem Ld Lider de dada ra MP gos ae dues a aa La ARP pah
153. cation for the wireless controller is essential for its successful operation To ensure optimum performance D Link recommends that you perform a site survey A site survey should enable you to Identify how Wi Fi coverage should be provided Determine access point placement locations and identify areas with weak signal or dead spots that require additional access points Determine areas of heavier usage that might require dense access point coverage Determine the indoor propagation of RF signals Identify potential RF obstructions and interference sources Run a spectrum analysis of channels of the site to ascertain current RF behavior and detect both 802 11 and non 802 11 noise Run an access point to client connectivity test to determine maximum throughput achievable on the client After the site survey is complete use the collected data to set up an RF plan using the Basic Planning Worksheet in Appendix A After you complete the Basic Planning Worksheet select a location for the wireless controller The ideal location should Be flat and clean with no dust water moisture or exposure to direct sunlight or vibrations Be fairly cool and dry and does not exceed 104 F 40 C Not be prone to variations in temperature and humidity or close to strong magnetic fields or a device that generates electric noise Not place the wireless controller next to on top off or below any device that generates heat or will block the free
154. ccess the Internet The custom Web page must be located on an external web server and might contain information such as the company logo and network usage policy Note The wireless client is redirected to the external Web server only once while it associated Redirect with the AP Redirect functionality allows you to implement captive portal functionality a captive portal is often used at Wi Fi hotspots to provide branding for the hotspot provider and or display a legal disclaimer which the user can click through to access the Internet HTTP HTTP Redirect is enabled None HTTP Redirect is disabled Redirect URL If Redirect HTTP enter the URL where all initial HTTP accesses should be redirected to This field is accessible only when HTTP is selected as the redirect type Enable the mode to allow APs to reduce the number of broadcasted ARP requests on the wireless interfaces Reducing broadcasts helps conserve power on the wireless clients The wireless clients that use power save mode must wake up and use more power when they detect broadcast frames Note Enabling this feature slightly degrades AP packet forwarding performance due to extra packet filtering to find DHCP packets and extra processing for ARP request and reply packets Networks that do not use IPv4 should not enable this feature Ignore Broadcast MAC Authentication Wireless ARP Suppression Mode The distributed L2 tunneling mode supports L3 roaming for wireless clients
155. ce Firmware Soft Reboot Mee Rum 1i ii o amp Tah iuga chews mist i rhage 5H Dale ah vith Bad lie Diet Thur Fe Bat airl 2 Next to Factory Default settings click the Default button 3 At the confirmation message click OK to restore factory default settings or click Cancel to retain your current settings Note After restoring the factory default configuration the wireless controller s default LAN IP address is 192 168 10 1 the default login user name is admin and the default login password is admin D Link DWC 1000 User Manual 334 Section 9 Maintenance Rebooting the Wireless Controller Path Maintenance gt Firmware gt Soft Reboot You can reboot the wireless controller Rebooting performs a power cycle and keeps any customized overrides you made to the default settings 1 Go to Maintenance gt Firmware gt Soft Reboot Meet mene Forme Th Refine Lr e inh page sierp wide bj Behe med Blog vith Bae lite Cash Tha ramuli Saft Rebost 2 Next to Soft Reboot click Soft Reboot To reboot to the original factory default click Default 3 Atthe confirmation message click OK to reboot the wireless controller or click Cancel to not reboot D Link DWC 1000 User Manual 335 Section 9 Maintenance Upgrading Firmware Wireless Controller Firmware Upgrade Path Maintenance gt Firmware gt Firmware Upgrade gt Using System PC D Link is constantly improving the
156. cessesseesncenseese 32 Step 5 Select MAC Authentication Mode eese entes tte te ntnntta testo tits tta tatto to neas 37 Step 6 Confirm Access Point Profile is Associated essent tte ntnntnt tots ntonn 39 Step 7 Configure Captive Portal Settings esee eerte tret ntnnttn totis tenes tta tatto to seas 40 Step 8 Use SSID with RADIUS Sever as Authenticator eese entente tete ntnntnn toto nonn 48 Step 9 Configure Guest Management c scsssssessscsssssseseesssssessnsscssscsessusssssnssscsssssscsuscsscsusescssscsesnsesecanceseeseess 49 Step 10 Configure a BYOD Environment eese tette tete nttnatta tto tto ttes tta tatto ts stsas 56 Where TO GOTrOTt Pere ase id dde ta op a e E br epa e Penes ande nud 62 D Link DWC 1000 User Manual Advanced WLAN Configuration eessseessocssosessosescsocssosessosssosessosesooessosessosssosessosssosessosssosessosessssssosessosssse 63 WLAN General SOCEM esso eunte ir e OR nO COM ctr er cd naa one aad p n as hA ONDE 64 Channel Plan and Power Settings ssa ed etaient sca acida ae pn hes Haste Sr te E DR RET RES 67 Configure Chanriel PIah stri eb pe ase eas e tea as nha rtr e e ide 67 Configure Power Settings ose dba asd da etd nee Ht t nan ene AUR dua 69 VV H P P 70 Configure AP WIDS Settlrids scie SNR CORR RAR RR HRK RR tu RI pd UR IRR dio E ER QUE UH RE RR OR 70 Configure
157. ciate with the access point 802 11n clients cannot use the TKIP cipher If you enable TKIP only 802 11 clients cannot authenticate with the network Enter a WPA key type WPA Key Type Range ASCII including upper and lower case alphabetic letters numeric digits and special symbols such as and Enter the shared secret key for WPA Personal WPA Key Range 8 62 characters including upper and lower case alphabetic letters numeric digits and special symbols such as and Enter a value to set the interval at which the broadcast group key is refreshed for clients associated to this VAP Range 0 86400 seconds 0 broadcast key is not refreshed Pre Authentication If Security WPA Enterprise turn on to enable pre authentication Pre Authentication If Security WPA Enterprise the Pre Authentication Limit field will appear below for you to enter Limit a value between 0 and 192 If Security WPA Enterprise enter the amount of minutes a PMK will be held by the AP This applies to Pairwise Master Keys PMKs generated by RADIUS those that come from pre authentication Key Caching Hold and those that are forwarded to the AP Note that this time limit can be overridden by RADIUS Time if the RADIUS server returns a longer time in the Session Timeout attribute for a particular user The valid values of this are from 1 1440 minutes If you do not enter a value APs will not forward the PMK for the wireless client to other APs in c
158. clients are oc tres LPUP g LITE Actives Urari List ERE err sett Ta LORE Rw ATETA wm s ie eax opa 1 r AD E CU 000 LOL TAXE Y Fe dita eade i debe uter t Fia j Pai Fi o dd D Link DWC 1000 User Manual 259 Section 7 VPN SSL VPN Server Policies SSL VPN Policies can be created on a Global Group or User level User level policies take precedence over Group level policies and Group level policies take precedence over Global policies These policies can be applied to a specific network resource IP address or IP ranges on the LAN or to different SSL VPN services supported by the switch The List of Available Policies can be filtered based on whether it applies to a user group or all users global To add a SSL VPN policy you must first assign it to a user group or make it global i e applicable to all SSL VPN users If the policy is for a group the available configured groups are shown in a drop down menu and one must be selected Similarly for a user defined policy a SSL VPN user must be chosen from the available list of configured users The next step is to define the policy details The policy name is a unique identifier for this rule The policy can be assigned to a specific Network Resource details follow in the subsequent section IP address IP network or all devices on the LAN of the switch Based on the selection of one of these four options the appropriate configuration fields are required i e
159. controller is powered off or rebooted while unsaved configuration changes are lost Cancel Resets options on the current screen to the last applied or last saved settings Add Adds a new item to the current screen Right click Right clicking list table items allow you to do more action for the existing items o Edit Modify the configuration of this item Delete Delete this item Move Move this item to specific position Enable Enable this item Disable Disable this item Apply Apply this change to existing configuration Copy Copy the configuration value of this item and create a new item Manage Manage the discovered access point O O O O O O OO View Information The information would be various depending on the items D Link DWC 1000 User Manual 25 Section 3 Basic Configuration Standard Web Management Interface Features There are several standard features in the web management interface The Help feature has explanations for the various functions and settings on the interface Click amp 3 on the question mark icon to bring up the Help menu It is always located near the top right corner of the screen System Search allows you to search for a function or feature by typing in a word into the search box The search box is always located near the top right corner of the screen The Wizard feature provides a number of helpful guides to common configuration task such as EM setting up the device con
160. ct traffic flowing from the access point to the client station Station Enhanced Distributed Channel Access EDCA Parameters affect traffic flowing from the client station to the access point You can specify custom QoS settings or you can select a template that configures the AP profile with pre defined settings that are optimized for data traffic or voice traffic 1 Click Wireless gt Access Point gt AP Profiles gt AP Profiles QoS tab ren is acc 4 d rwde diene OF Bex co LR e jk o eo k Prolin Arijs Lj rlik 215 Quality af Serhi eh predau un cil dha acit de aosiy perean ina um wultiziz geran fer locraauz Virazahaui ard bibr prriarmioca ai ference wdralaqrn prar Bam Beer CrEEL mer rper of masia sides bai vrreuming patie p ari ax retinal I duta reer ria tuni aiu Access Point Profiles Gat List Shame iL x dele PUMP Chek na eceiE E pH ware op born amp eld HAE Hai Tec Deas JA UB gi Lade pate am lans Lus baee tiis T regis find Seber ie Po deriva 2 Right click an AP Profile and select Edit D Link DWC 1000 User Manual 97 Section 4 Advanced WLAN Configuration AP preie Gat Confheuratian Q 3 Complete the fields below and click Save Field Description AP Profile The name of AP Profile Radio Mode The radio mode 802 11a n or 802 b g n Select the QoS template to apply to the AP profile If you select Custom you can change Template the AP and station par
161. curity methods in which case MAC Authentication is done prior to 802 1X authentication To enable MAC authentication wireless clients must first be authenticated by the Unified Access Point UAP in order to connect to the network The wireless controller provides two MAC Authentication Mode the white list or the black list White list Select this option to grant access to any wireless clients with MAC addresses that are specified in the MAC Authentication database or RADIUS server and are not explicitly denied access If the MAC address is not in the database then access will be denied to the client Black list Select this option to deny access to any wireless clients with MAC addresses that are specified in the MAC Authentication database or RADIUS server and are not explicitly granted access If the MAC address is not in the database then access will be granted to the client 1 Click Wireless gt General gt General 2 Next to Client MAC Authentication Mode select Black list or White list Click Save D Link DWC 1000 User Manual 37 Section 3 Basic Configuration 3 Click Security gt Authentication gt User Database gt MAC Authentication The MAC Authentication setting page will appear The List Type will display what your selection was in Step 2 Aga ER Sis IEF PTS nm Xs Rage E es arem m er marziair CONCELLO dup prii pre n rain m im uin di ey Lu F haai mim get cn mom de qni
162. d Keywords tab I ooo Ppa ram bimi eee IE ere gp penring prepirir DH amp kari bri c Kus ULE nr Wei jafo Gade Pes d EHE G3 Fen Deed Karuacii asd kiina ree mpmid Mhinn um Ter Bees ee d ppsa penri tomus dr oria rh cortan Hier spas fend Blocked Beyond Lee eee i Im j urt che pa niczod rn pat casa quiim lt i His disiu zlaikr isiin Genie F a de da LLLI Pu KL 2 To import a list from a text CSV file click Upload Keywords List from File If you want to export the current list click Export Keywords List to File To add a new URL click Add New Keyword hee eget D A ett S Vader id Mental T e 3 Enter a keyword and click Save D Link DWC 1000 User Manual 229 Section 8 Security Firewall Firewall Rules Note You must activate the DCS 1000 VPN license to access the firewall options Path Security gt Firewall gt Firewall Rules Inbound Option to LAN DMZ rules restrict access to traffic entering your network selectively allowing only specific outside users to access specific local resources By default all access from the insecure Option WAN side are blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN you must create an inbound firewall rule for each service If you want to allow incoming traffic you must make the controller s Option port IP address kno
163. d WLAN Configuration 3 Complete the fields in the table below and click Save Field Description AP Profile The name of AP Profile Radio Mode The radio mode 802 11a n or 802 b g n Radio Configuration Specify whether you want the radio on or off by clicking On or Off If you turn off a radio the AP sends disassociation frames to all the wireless clients it is currently supporting so that the radio can be gracefully shutdown and the clients can start the association process with other available APs ON Radio ON OFF Radio OFF Radio Scheduler Select a configured schedule or select Scheduler Off Specify a Request to Send RTS Threshold value between 0 and 2347 The RTS threshold indicates the number of octets in an MPDU below which an RTS CTS handshake is not performed RTS Threshold Changing the RTS threshold can help control traffic flow through the AP especially one with a lot of clients If you specify a low threshold value RTS packets will be sent more frequently This will consume more bandwidth and reduce the throughput of the packet On the other hand sending more RTS packets can help the network recover from interference or collisions which might occur on a busy network or on a network experiencing electromagnetic interference Load Balancing If you enable load balancing you can control the amount of traffic that is allowed on the AP If Load Balancing is set to ON this field allows you to set a threshold for the pe
164. d on or tripped over Be sure that nothing rests on any cables Do not modify power cables or plugs Consult a licensed electrician or your power company for site modifications Always follow your local national wiring rules e When connecting or disconnecting power to hot pluggable power supplies if offered with your system observe the following guidelines e Install the power supply before connecting the power cable to the power supply e Unplug the power cable before removing the power supply e Ifthe system has multiple sources of power disconnect power from the system by unplugging all power cables from the power supplies e Move products with care ensure that all casters and or stabilizers are firmly connected to the system Avoid sudden stops and uneven surfaces D Link DWC 1000 User Manual Protecting Against Electrostatic Discharge Static electricity can harm delicate components inside your system To prevent static damage discharge static electricity from your body before you touch any of the electronic components such as the microprocessor You can do so by periodically touching an unpainted metal surface on the chassis You can also take the following steps to prevent damage from electrostatic discharge ESD 1 When unpacking a static sensitive component from its shipping carton do not remove the component from the antistatic packing material until you are ready to install the component in your system Just bef
165. d under the corresponding LAN heading Hd a ppm laluinz pad macruik peep Van duisi won disiarud ux Ven arion holes paga Tin Firmus miian ail haege snis mgm lj bra BA ikk re i ihania O iaie E TI IE idea cii a PEL RACHAEL RTL T EEEN Pe BLAR ALA LL dsl en ma LE E vr cumin aia sh Emma lias lean Bun aa BL Pan rumeur nar ae na Fee n nied We n dadina Li ILI mo a 34 jb Cty eis p LT iral C mmm ias Fea rr Same i HCE teas d ODHCF hod regnans D Hale ha may Fit Cossus und Bir Pan Cases al Les ims mim URS ras oo oe Bu Mem crete apia und Tul Va vase niria pab Dind D Link DWC 1000 User Manual 279 Section 8 Viewing Status and Statistics Viewing USB Status Path Status gt System Information gt USB Status The USB Status page summarizes the USB devices connected to the wireless controller The wireless controller allows to connect USB printer and USB disk for firmware upgrade only directly There are two USB ports LE i c MJ inie Temi ei remplir iter du erui ip UIB mpeocaer Come D p CP res QUIE pihia aa tl ee eee Um bae Urs iata f tw hU divide dmm ted Ge eis iure tpi State L de ram ad ted naih ia Mabel Bata raster Li E Tiia Mai e D Hasek inda 1 w D Link DWC 1000 User Manual 280 Section 8 Viewing Status and Statistics Viewing DHCP Clients Path Status gt Network Information gt DHCP Clients Two separated tabs shows a list of clients whom get IP leased from the wi
166. ddress format as well as a means for site border router discovery ISATAP also specifies the operation of IPv6 over a specific link layer that being IPv4 used as a link layer for IPv6 To configure ISATAP Tunnels 1 Click Network IPv6 ISATAP Tunnels Besi ed MUTA ey drita ped adrt SpA P presi Ham nini page TTAF by eek bu pele ee aad elc T i page ngos ee ee dum PY ii item Kite elo mie Bee raris eo m LR ue ert e bd ee PLE AP Tiras List in 2 mm Miir Ri m mii a qi eee gimn ah ei c La 2 Click Network gt IPv6 gt ISATAP Tunnels Complete the fields DC TS cmn o TU tubar Ferr Ped iind Adi mia E Lan Bas d Field Description ISATAP Subnet Prefix This is the 64 bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet This can be obtained from your ISP or internet registry or derived from RFC 4193 End Point Address This is the endpoint address for the tunnel that starts with this controller The endpoint can be the LAN interface assuming the LAN is an IPv4 network or a specific LAN IPv4 address IPv4 Address If you selected LAN IPv4 Address then enter the end point address Click Save to save your settings D Link DWC 1000 User Manual 172 Section 5 Advanced Network Configuration Protocol Binding Path Network gt Routing gt Protocol Binding Protocol bindings are useful when the Load Balancing feature is in use Selecting from a list of c
167. ddress of 192 168 10 nnn where nnn is the number 0 or a number from 2 to 255 and a subnet of 255 255 255 0 e If the wireless controller s IP address has been changed and you do not know the current IP address reset the wireless controller s configuration to factory default settings This sets the wireless controller s IP address to 192 168 10 1 refer to Restoring Factory Default Settings on page 334 but it also loses any changes you made to the factory default settings If you do not want to revert to the factory default settings and lose your configuration settings you can reboot the wireless controller and use a sniffer to capture packets sent during the reboot Look at the ARP packets to find the wireless controller s LAN interface address D Link DWC 1000 User Manual 340 Section 10 Troubleshooting Using the Reset Button to Restore Default Settings If you cannot access the wireless controller s management interface for some reason press the reset button on the front panel to restore the factory default settings To clear all settings and restore the factory default values 1 Press and hold the reset button for at least 15 seconds 2 Release the reset button The reboot process is complete after several minutes Note After restoring the factory default configuration the wireless controller s default LAN IP address is 192 168 10 1 the default login user name is admin and the default login password is admin Problems wit
168. e Frag Threshold Description The Delivery Traffic Information Map DTIM message is an element included in some Beacon frames It indicates which client stations currently sleeping in low power mode have data buffered on the access point awaiting pick up The DTIM period you specify indicates how often the clients served by this access point should check for buffered data still on the AP awaiting pickup Specify a DTIM period within the given range 1 255 The measurement is in beacons For example if you set this field to 1 clients will check for buffered data on the AP at every beacon If you set this field to 10 clients will check on every 10th beacon Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second The Beacon Interval value is set in milliseconds Enter a value from 20 to 2000 The channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving The range of channels and the default channel are determined by the Mode of the radio interface When the AP boots the AP scans the RF area for occupied channels and selects a channel from the available non interfering or clear channels However channel conditions can change during operation Enabling the Automatic Channel makes APs assigned to this profile eligible for auto channel se
169. e 4 milestones by timeline Account Account Account Account Creation Activation Depletion Expiration Usage Time Usage Volume e Account Creation the temporary account is generated by front desk account in the local database Account Activation the temporary account is activated and it is valid for use Account Depletion the temporary account is run out usage time or usage volume Account Expiration the temporary account is expired no matter usage time volume running out or not and it is removed from the local database The billing profile can be various depending on how to put the value in the settings Below are five most comment types of billing profiles 1 The temporary account usage time is limited by duration The account has the expiration time The account is valid while the account is created Account Account Creatian Activation Depletion Expiration c E E LT d Usage Period This billing profile is suitable for the scenario in Hotel The temporary account is created and valid while cus tomers check in D Link DWC 1000 User Manual 205 Section 6 Securing Your Network 2 The temporary account usage time is limited by duration The account has the expiration time The account is valid while the account first logs in Account Account Activation Account Account Creation Login Depletion Expiration ps quB Usage Period This billing profile is suitable for the scenario in Coffee Shop Airport etc T
170. e VPN session you want to view IPSec SSL PPTP or Open VPN Tk paga fete comest auribURk ec Figs Dberwccs Bien Acte Pror Ses List eo DS 1 Ego zn um mind m p onm ptem Pic cha reniei in abi E l l T fs sm GL s D Link DWC 1000 User Manual 284 Section 8 Viewing Status and Statistics Viewing Traffic on Interfaces Path Status gt Network Information gt Interfaces This page shows the incoming outgoing packets on each interface Table fields are shown on the next page duras eee eee Wuxchegw Pba pif amd Buried Halls Pe sag he belii di iskirerd die amim ete SLIEPTE a Laa Tapa fen Sees AE a Coole Poist mi 1 ri LLL a L Db cere Loot Be bats 4 PLAH Snavtiativa L ENFM em peso hy dixe aom a He arb goed adie Li i Tel oleen Ba fees mep ys WLLA dearhim Tim md a I Bie mm l a i Jr Ln Bm obs Zo om L 8 Agr es iun WO um nias r D Link DWC 1000 User Manual 285 Section 8 Viewing Status and Statistics Section Description LAN Info LAN 1 4 VLAN Info Port The portthat the VLAN is associated with WLAN Info Total packets transmitted across all APs managed by the controller that were Transmit Dropped dropped Receive Dropped Packets dropped on the inbound path of the interface Dropped Out Packets aa received across all APs managed by the controller that were D Link DWC 1000 User Manual 286 Section 8 Viewing Status and Statistics Viewing Control
171. e an active connection with the Wireless controller Number of trusted APs in Standalone mode APs in Standalone mode are not Standalone APs managed by a controller Number of Rogue APs currently detected on the WLAN When an AP performs Rogue APs an RF scan it might detect access points that have not been validated It reports these APs as rogues APs that have a connection with the controller but haven t been completely Discovered APs configured This value includes all managed APs with a Discovered or Authenticated status Number of APs that were previously authenticated and managed but Connection Failed APs currently don t have connection with the Wireless controller ee Number of APs that failed to establish communication with the FASTPATH Authentication Failed APs Unified Wireless controller D Link DWC 1000 User Manual 293 Section 8 Viewing Status and Statistics Number of Unknown APs currently detected on the WLAN If an AP configured Unknown APs to be managed by the Wireless controller is detected through an RF scan at any time that it is not actively managed it is classified as an Unknown AP Rogue AP Mitigation Limit PENET NEA number of APs for which the system can send de authentication Number of APs to which the wireless system is currently sending de Rogue AP Mitigation Count authentication messages to mitigate against rogue APs A value of 0 indicates that mitigation is not in progress Maximum
172. e be ees Dear bee Pe Phili cake Das eee ad eh leet A iii ed PUT hi h Yl ti ee i rii be doe makiis ep griya SS ce bere Imie Gerd Oe eee eee eee S pzpaeri pri pines eee Eisi ST ori ba eed Jd Pairs med ee ee ei eel arm rti Ca Ce E ee ee ee a FOAL Lem t u pan Dy amp u 2 Right click the port you want to edit LAN Option1 Option2 and select Edit 3 Complete the fields in the table on the next page and click Save D Link DWC 1000 User Manual 169 Section 5 Advanced Network Configuration Field Birine LLA Pri efi imi bm trea Used taai al S Description OSPFv3 Enable Toggle ON to enable OSPFv3 Displays the physical network interface on which OSPFv3 is Enabled Disabled Priority Hello Interval Dead Interval Helps to determine the OSPFv3 designated controller for a network The controller with the highest priority will be more eligible to become Designated Controller Setting the value to 0 makes the controller ineligible to become Designated Controller The default value is 1 Lower the value means higher the priority The number of seconds for Hello Interval timer value Enter the number in seconds that the Hello packet will be sent This value must be the same for all controllers attached to a common network The default value is 10 seconds The number of seconds that a device s hello packets must not have been seen before its neighbors declare the OSPF controller down This val
173. e menu on the LAN QoS Priority page click the Trust Mode Settings tab lsak mg Gai ma DAMUR det et pad Dn pwirdURt Riel h rudwirkd fe W owe b fem D mill i nm cmd a gll ihm mm Fai Eat Bai en Pei i 2 Inthe Trust Mode List select the mode by right clicking it and clicking Edit A od e 4 TI he singe 3 Select the LAN port CoS or DSCP mode and the percentage 4 Click Save After you enable QoS mode use the procedures in the following sections to configure the values and priorities used by DSCP and CoS D Link DWC 1000 User Manual 177 Section 5 Advanced Network Configuration Configuring 802 1p Priority Path Network gt QoS gt LAN QoS Priority gt 802 1P Priority If you selected CoS for your QoS configuration use the following procedure to configure and assign priority to the CoS fields in the IP packets 1 Go to Network gt QoS gt LAN QoS Priority gt 802 1P Priority tab a 2 dm eel dad ys ram d i pr laara od Bmccmqruu a Bere 2 In the 802 1p Priority List each row corresponds to a CoS field in an IP packet Select a CoS field by right clicking on it and clicking Edit Roe ge oa Ps eS Sa NN oe 3 On the Queue drop down list select one of the following priorities Highest Medium Low Lowest 4 Repeat step 3 for each additional CoS field you want to prioritize 5 When you finish click Save D Link DWC 1
174. e the settings using the following procedure 1 Click Maintenance gt Firmware gt Backup Restore Pakaesaems o Piera Ree i Sector eo Th iris ibisi wit Li do bEM gaaLoscshled patati Cb cakes Lilia dol Lie Barkin Brita Briter from FH Pd 4 Uus Device Jaksi Teh rt Fem eura 2 In the Restore to System PC section click the Browse button Use the Choose file dialog box to find the backup file then click the file and click Open You may also restore from a thumb drive connected to one of the USB ports 3 Click Restore A message will appear 4 Click OK to close the message and restore the configuration settings from the selected file D Link DWC 1000 User Manual 333 Section 9 Maintenance Restoring Factory Default Settings Path Maintenance gt Firmware gt Soft Reboot If you reset a wireless controller to its factory default settings it returns to the state when it was new all changes you made to the default configuration are lost Examples of settings that get restored include critical things you need to get online such as login password SSID IP addresses and wireless security keys There are two ways to restore a wireless controller to its original factory default settings Use the reset button on the back of the wireless controller see Using the Reset Button to Restore Default Settings on page 341 Use the web management interface instructions below 1 Click Maintenan
175. e to memet udo qu meat sind p perte un Cpu par 310 CCE Clients rrenda dett Cede e tese s amm nents se um Does rne m EE UE 311 Viewing Cluster Informatio Nasion ier cni e RP ORNA CHR OUR ERN GU NO X Ree i t E 313 Viewing WDS Group Stells e eati torrens eere eene idu trier e el ete eesid e epu reseau Prep e pauta nd 314 WIS GroupuAP SUI US coitus tutos fle Re Catone ntes lied otn i Reed cao EEUU a esu Deseo 315 Viewing WDS AP Status ascii hea cane coc eepevcte nep aa iene oa nce e och pepe 317 Viewing WDS Link Status sisssssisssnnniinnticinsunnnininmanadinenanieunamninancinnnumeuntuiune 318 Viewing WDS Pink Statistics oscuro E n eser ARD et PASSAU Te ERN Ein 319 MalnitelialiCG uoc eo IERHASEENSR EIN SURE RORIS UN MAR PEPRE ERR YU RN AMEN EA E EEEE 320 System SBUIDIOS colatur rd ehe d USER VER TURNIER RR SEE RIPE SUR RIED MATRE EE SED EEEE dd 321 Ser System Nate ieren eeina ne ehe e na Re UR eU Eea NK eue Ke Gra ee cau eSa atie e DRE ioeie e 321 Set System Date apnd IME us stood pesi RR oaa stu a tac tse aes aaa dd Ne OS A Em DU 321 Set Login Session TITIBOUU susto to cos alesis Sees Save bn tinet edes er beer cesta ereetesso tree ineat ee ipe Cede tarerd 322 Set USB S Bare Ports osos ecencubontiasen matta meatubedti ap mic tad e T ias ac micis ENSS 322 Activating EICerises uoo o E ER ERA SER Ue Sende quern Cd ANA Nd er nua spe a aT Ue tod st det uuu Ld UM 323 Remote daniddgeriell aee endci teneat irsdu ciet cr epe t p eie sies s eie te easet bd v Re
176. e web browser s address field enter the new IP address you recorded in step 2 Click Network LAN LAN Settings In the LAN Settings page change DHCP Mode to DHCP Server This will bring up several new fields below DHCP Mode 8 Complete the fields below and click Save NOAUA UW Description Enter the starting IP address in the IP address pool Any new DHCP client joining the LAN is assigned sende ddress within the starting and ending IP add ing and ending IP add Address an IP address within the starting and ending IP address range Starting and ending IP addresses should be in the same IP address subnet as the wireless controller s LAN IP address Ending IP Address Default Gateway Domain Name Lease Time Configure DNS WINS Turn this on to enter the IP address of the DNS or WINS server Primary DNS If configured Domain Name System DNS servers are available on the LAN enter the IP address of Server the primary DNS server Secondary DNS If configured domain name system DNS servers are available on the LAN enter the IP address of Server the secondary DNS server If Windows Internet Name Service DNS servers are available on the LAN enter the IP address of WINS Server jhe WINS server D Link DWC 1000 User Manual 28 Section 3 Basic Configuration Step 2 Configure Country Code Each country has its regulation for the radio usage Use the following procedure to select the country where the wirel
177. ection 6 Securing Your Network Editing User Groups Path Security gt Authentication gt User Database gt Groups There may be times when you need to edit a user group For example you might want to change the privileges for the user group or idle timeout To edit a user group 1 Go to Security gt Authentication gt User Database gt Groups The Groups List page will appear 2 Right click the user group you want to edit and click Edit The Group Configuration pop up page will appear bine iar Lapa Description risen User Tyne lle T pje Admin liebe bh Fiat Dead Gurea S5LVPH Use n Caption Portal Use die Timmaui 3 Complete the fields in the previous page and click Save D Link DWC 1000 User Manual 196 Section 6 Securing Your Network Deleting User Groups Path Security gt Authentication gt User Database gt Groups If you no longer need a user group you can delete it Before you delete a user group you must delete all users in it see Editing Deleting Clients on page 193 Note A precautionary message does not appear before you delete a user group Therefore be sure you do not need a user group before you delete it To delete a user group 1 Go to Security gt Authentication gt User Database gt Groups The Groups page will appear 2 Right click on the user group you want to delete and click Delete To delete all groups click Select All and then Delete Aji
178. ed VLANs untagged packets are assigned to VLAN 1 You can override this behavior by defining either port based VLANs protocol based VLANs or both Tagged packets are always handled according to the IEEE 802 1Q standard and are not included in protocol based VLANs If you assign a port toa protocol based VLAN for a specific protocol untagged frames received on that port for that protocol will be assigned the protocol based VLAN ID Untagged frames received on the port for other protocols will be assigned the Port VLAN ID PVID which is either the default PVID 1 or a PVID you have specifically assigned to the port using the Port VLAN Configuration screen Use the Protocol based VLAN Configuration page to configure which protocols go to which VLANs and then enable certain ports to use these settings You define a protocol based VLAN by creating a group Each group has a one to one relationship with a VLAN ID can include one or more protocol definitions and can include multiple ports 1 Go to Network gt VLAN gt Advanced VLAN gt Protocol Based VLAN tab 2 Toggle Activate Protocol Based VLAN to ON and click Save 3 Click Add New Protocol Based VLAN ferite Mined ik egret em 5 E D Link DWC 1000 User Manual 159 Section 5 Advanced Network Configuration 3 Complete the fields in the table below and click Save Field Description VLAN ID Specify the VLAN ID to associate with this group The
179. ed and applied in order to the access points on each radio In this procedure you will edit one of the pre configured networks and change its SSID and security settings to suit your requirements 1 Click Wireless gt Access Point gt AP Profile gt AP Profile SSID The following page will appear with a list of the wireless networks configured on the wireless controller Tak papa diggin des waned paas piion fid comings ppp and uite bm psi AD padia Tir BiP bs yaamua Rim cme mei qud mora un here UU m ga u ami okie zu ju la HR gas iada um noc pial anu pamah sh Fah a Bim aymi Taa oka m e LLL 4 eS aaa i Yu o pim oac ee ee Corea Peram a imma iimm nad nae me 7 hee Iaf eari Looe i pr IET bum a basa m e net miii Chad um biia Eai a Pea imb ao i masked Mid ka D essi E d LX b oa IT T ETT im amd a E Timbe Biet E A eae bos is Chale bi a Fami Em Mmm Poma das dn ere 2 i ad l S 2 Underthe SSID Status column select an SSID by right clicking on it and clicking Edit The following page will appear a i ii D Link DWC 1000 User Manual 32 Section 3 Basic Configuration 3 Complete the Security fields on the SSID Profile Configuration page Field Description SSID Enter the case sensitive name of the wireless network Be sure the SSID is the same for all device in your wireless network VLAN Enter a VLAN ID Be sure this VLAN ID had
180. el and Power i me ge 3 Select the channel as your desired The available channels depend on the radio mode and country in which the APs operate The manual channel change overrides the channel configured in the AP profile and is not retained when the AP reboots or when the AP profile is reapplied 4 Change the power as your desired You can set a new power level for the AP The manual power change overrides the power setting configured in the AP profile and is not retained when the AP reboots or when the AP profile is reapplied 5 Click Save D Link DWC 1000 User Manual 84 Section 4 Advanced WLAN Configuration Configure AP Debug Mode Path Wireless gt Access Point gt Managed APs List gt Managed APs When the AP is in Managed mode remote access to the AP is disabled However you can enable Telnet access by enabling the Debug feature on the Managed APs page 1 Click Wireless gt Access Point gt Managed APs List gt Managed APs tab 2 Right click on one of the entries and select Debug kaari AP prre Lectin ee o 3 Toggle Enable Debug to On 4 Click Save D Link DWC 1000 User Manual 85 Section 4 Advanced WLAN Configuration Configure AP Provisioning Path Wireless gt Access Point gt Managed AP List gt AP Provisioning The AP Provisioning feature helps you add new APs to an existing switch cluster With AP Provisioning you can configure the access points with parameters
181. elect either Paypal below or Authorize net refer to the next page Peer d mtm gn Leh aer ations e 3 Complete the fields in the table below and click Save Field Description Payment Processor Select the payment agent Paypal Paypal Payment Receiver Email ID Enter your Paypal account email used for receiving payments D Link DWC 1000 User Manual 209 Section 6 Securing Your Network Paycasl daalaacan oblans diii e Fem hos OU pna dr Field Description Select the payment agent Authorize net Paypal MD5Hash_ jEnteryurMDSHashvllue S O Transaction Mode Select Live or Test Select the currency type D Link DWC 1000 User Manual 210 Section 6 Securing Your Network Login Profiles When a wireless client connects to the SSIDs of access point or VLANs the user sees a login page The Login Profile and SLA page allows you to customize the appearance of that page with specific text and images The wireless controller supports multiple login and SLA pages Associate login page or SLAs on SSIDs or VLANs separately Customize the Captive Portal Login Page Path Security gt Authentication gt Login Profiles gt Login Profiles 1 Go to Security gt Authentication gt Login Profiles gt Login Profiles tab D Link 2 Click Add New Login Profile EN 3 Complete the fields in the table on the next page and click Save D L
182. elect the version of IKE Select either Tunnel or Transport IPSec tunnel mode is useful for protecting traffic between different networks when traffic must pass through an intermediate untrusted network Tunnel mode is primarily IPSec Mode used for interoperability with gateways or end systems that do not support L2TP IPSec or PPTP connections Transport mode is the default mode for IPSec and it is used for end to end communications for example for communications between a client and a server In the event that two Option ports are configured to connect to your ISP select the gateway that will be Select Local Gateway used as the local endpoint for this IPSec tunnel Select the type of identifier that you want to provide for the controller at the remote endpoint either IP Remote Endpoint Address or FQDN Fully Qualified Domain Name IP Address FQDN Enter the identifier for the controller Enable Mode Config ucc to enable Mode Config is similar to DHCP and is used to assign IP addresses to the remote Enable NetBIOS Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel Enable RollOver Toggle to ON to enable VPN rollover You must have the Option Mode set to Rollover Select a protocol from the drop down menu Toggle to ON to allow VPN clients that are connected to your controller over IPSec to receive an assigned Enable DHCP IP using DHCP Select the type of identifier that you want to provide for the endpoint A
183. encap ident vddolive ssh sip tcp sip udp or icmpv6 Source IP Address The source IP address Destination IP Address The destination IP address Bandwidth Limit the Bandwidth for a particular service D Link DWC 1000 User Manual 182 Section 5 Advanced Network Configuration Configure Auto VoIP QoS Path Network gt QoS gt LAN QoS Policy gt Auto VoIP Enables the QoS rule for prioritizing Changes here affect the SIP and H 323 traffic priority in the LAN 1 Go to Network gt QoS gt LAN QoS Policy gt Auto VoIP tab 2 Enable Active Auto VoIP and click Save Vsabina the Qe rise das pprbaritiaisg Charges hare adt tha CE sad H IFE waila padarily vi The LAM Auto VelP dikes Rat Wal me D Link DWC 1000 User Manual 183 Section 5 Advanced Network Configuration Configure Queue Scheduler Path Network gt QoS gt LAN QoS Policy gt Queue Scheduler The supported algorithms are strict and weighted round robin only The device will be programmed to handle the traffic using the algorithm configured here 1 Go to Network gt QoS gt LAN QoS Policy gt Queue Scheduler tab eter Dh LAM Cee Pie e Cms briser eo Tra 1 beelfgBag dranr a tor the DRM paiia pan DB ChT Dersd Barn 7r merit wappritbas ans obec PH rea phtpd poe nomm ges sil kw peaprkmemr tm bees ta tee pag Eur gratta coe Pian ta Qurur Se eeduler 2i edwi ep Mg Tbr B iiri Arini Bod Hobs 2 Next to Schedulin
184. ent gt SNMP SNMP is an additional management tool that is useful when multiple controllers in a network are being managed by a central Master system When an external SNMP manager is provided with this controller s Management Information Base MIB file the manager can update the controller s hierarchal variables to view or update configuration parameters The controller as a managed device has an SNMP agent that allows the MIB configuration variables to be accessed by the Master the SNMP manager The Access Control List on the controller identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this controller are provided to the SNMP community managers and also the SNMP version v1 v2c v3 for the trap Configure SNMP v3 User List Go to Maintenance Management SNMP SNMP tab n ERN UE o Oo LP Trap Link Lice ul ERIS Sepia Hzbsrrh ianaprmcok Frakscel DAMD Lets gau maibe qud ensaqr pce raabe Prea ars CRM meeps CHAP pechier a comic een dn eee hei bid Qaeda urn dps RA ad ua mage Pei ger eess platita i ualle Plum PR iau S ku n dI SRP e User List adrer TAVA Pa sth Pin Pete ent Lo Pla Bip Fig dee 1 Right click either admin or guest and select Edit Seno l e Dd sd niite Bipaku Farina LIST TI law sridg lawei D Link DWC 1000 User Manual 326 Section 9 Maintenance 2 Set the securi
185. ents expired web pages and data from HITE Meta Tags for Cache Control being stored in the client s web browser cache It is recommended to toggle to ON Toggle to ON or Off An ActiveX cache control web cleaner can be pushed from the petive nye Cache cleaner gateway to the client browser whenever users login to this SSL VPN portal Authentication Type Select the type of authentication from the drop down menu Gop Select what group to include from the drop down menu VPN Tunnel Page Toggle to ON to allow remote users to view this page Port Forwarding Toggle to ON to allow remote users to view this page D Link DWC 1000 User Manual Description Select a Select a login profile fromthe drop down menu profile from the drop down menu 263 Section 7 VPN Resources Path VPN SSL VPN Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies This shortcut saves time when creating similar policies for multiple remote SSL VPN users Adding a Network Resource involves creating a unique name to identify the resource and assigning it to one or all of the supported SSL services Once this is done editing one of the created network resources allows you to configure the object type either IP address or IP range associated with the service The Network Address Mask Length and Port Range Port Number can all be defined for this resource as required
186. er Shows the last time this wireless controller received any configuration data from a peer controller The Peer Controller Managed AP Status page shows Timestamp information about the access points that each peer controller in the cluster manages Use the drop down list at the top of this page to select a peer controller whose access point information you want to view Each peer controller is identified by its IP address Configuration D Link DWC 1000 User Manual 291 Section 8 Viewing Status and Statistics Peer Controller Sent Status Path Status gt Wireless Information gt Controller Status gt Peer Controller Sent Status You can push portion of the controller configuration from one controller to another controller in the cluster The Peer Controller Sent Status page display information about the configuration sent by a peer controller in the cluster It also identifies the IP address of each peer controller that receive the configuration information ibahum Ween ieiermatinn Canivofier thet Puer Creire Send Yeti Qo D priali pratui Coivoller asicslatad Gibaja Divtribuied Iunne Pease Ceniralar Receive siaiu The Pree Contsallri Canfigsralisa Plates page diglars inletsalion aluut the qaeligecation seal by pear Centealle in pie ils ter Geer Controller Configurations Status chow T emis ha righe oii etis a Ha daba irerilable ir irie Field Description Shows the IP address of each
187. er of the RF signal will not decrease The power level is a percentage of the maximum transmission power for the RF signal Select Enable to enable Automatic Power Save Delivery APSD which is a power management method APSD is recommended if VoIP phones access the network through the AP The fragmentation threshold limits the size of packets transmitted over the network Acceptable values are even numbers from 256 2345 Packets that are underthe configured size are not fragmented A value of 2346 means that packets are not fragmented Short Retries The value in this field indicates the maximum number of transmission attempts on frame sizes less than or equal to the RTS Threshold The range is 1 255 Lond Retries The value in this field indicates the maximum number of transmission attempts on frame g sizes greater than the RTS Threshold The range is 1 255 D Link DWC 1000 User Manual 93 Section 4 Advanced WLAN Configuration Description Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network This feature is disabled by default Rate Limiting Note The available rate limit values are very low for most environments so enabling this feature is not recommended To enable Multicast and Broadcast Rate Limiting switch ON To disable Multicast and Broadcast Rate Disabled switch OFF Enter the rate limit you want to set for multicast and
188. ernet address of the managed access point If an asterisk follows the MAC Aadres gt iPserMahiaged MAC address the access point is managed by a peer controller IP Address Network IP address of the managed access point An optional description of where the AP is physically located Configured Location i through the AP management section Current managed state of the access point Possible values are e Discovered access point is discovered by the wireless controller but not authenticated Authenticated access point has been validated and authenticated if authentication is enabled but it is not configured Managed profile configuration has been applied to the access point and the access point is operating in managed mode Failed wireless controller lost contact with the access point A failed entry remains in the Managed AP database unless you remove it Note that a managed access point shows a failed status temporarily during a reset If management connectivity is lost for a managed access point both of its radios are turned down and all clients associated with the access point are disassociated The radios resume operation when that access point is managed again by a wireless controller Configuration Status Shows whether the configuration profile applied to the managed access point is successful or not D Link DWC 1000 User Manual 296 Section 8 Viewing Status and Statistics Button Description A
189. erring files between network nodes HTTP Hypertext Transfer Protocol Protocol used by web browsers and web servers to transfer files IKE Internet Key Exchange Mode for securely exchanging encryption keys in ISAKMP as part of building a VPN tunnel IP Internet Protocol The principal communications protocol used for relaying datagrams known as network packets across an internetwork using the Internet Protocol Suite IP is responsible for routing packets across network boundaries It is the primary protocol that establishes the Internet IPSec IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPSec operates in either transport mode encrypts payload but not packet headers or tunnel mode encrypts both payload and packet headers ISAKMP Internet Key Exchange Security Protocol Protocol for establishing security associations and cryptographic keys on the Internet ISP Internet service provider MAC Address Media access control address Unique physical address identifier attached to a network adapter MTU Maximum transmission unit Size in bytes of the largest packet that can be passed on The MTU for Ethernet is a 1500 byte packet NAT Network Address Translation Process of rewriting IP addresses as a packet passes through a controller or firewall NAT enables multiple hosts on a LAN to access the Internet using the single public IP address of the LAN s ga
190. erve IP leases to hosts on the remote LAN You can also define a single IP address a range of IPs or a subnet on both the local and remote private networks that can communicate over the tunnel The DWC 1000 allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the switch Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the client access to specific private networks thereby allowing access control over specific LAN services 1 Click VPN gt IPSec VPN gt Tunnel Mode WPH e Fiap Tunari Bide eoo Thit pepe rer eua da cH Da HE pce ge yt cle ccena ang ering rds Denfhg ade nal lande config DIEI B fw jumat Sait amma oer Me didecani Th a vp RN Toast iF idian k bh f Pda Filer DES ca Din bean MH rm p With Lateat ELM ke 2 Complete the fields in the table below and click Save Field Description Tunnel Mode Select either Full Tunnel or Split Tunnel Start End IP Address Enter the starting and ending IP addresses Primary Secondary DNS Enter the primary and secondary DNS server addresses Primary Secondary WINS Enter the primary and secondary WINS server addresses Click Save to save and activate your settings D Link DWC 1000 User Manual 248 Section 7 VPN Settings Split DNS Names In a split DNS infrastructure you create two zones for the same domai
191. ery D Link DWC 1000 User Manual 80 Section 4 Advanced WLAN Configuration Managed APs The managed AP information stores in controller local database You can add delete change power channel or change the AP profile individually The Wireless Global Configuration page contains a field to select whether to use a local or RADIUS database for AP Validation The Valid Access Point List page contains information about APs configured in the local database If the AP Validation is set to RADIUS information about the APs to be managed by the controller must be added to the external RADIUS database Add a Valid AP 1 Click Wireless gt Access Point gt Managed APs List gt Valid AP tab Ties page rnsmikes tee bee dis roriipm rd m the idee Jalaksis Valid AF Liat foe o ei Pig ck cm ered eo get rura piira eee m blur LEID 2 Click Add New Valid AP 3 Complete the fields on the next page and click Save Note To add or delete an AP from the valid AP list right click the access point and select Edit or Delete D Link DWC 1000 User Manual 81 Section 4 Advanced WLAN Configuration send MPs cae Managed Mode E ELLE oa Standalone Mode dni adn IU o Rogue Mode Field Description MAC Address MAC address of the access point Select standalone managed or rogue Selecting standalone or managed will require you to fill out the fields refer to the next page
192. escription If this option is toggled to ON the controller will not respond to port scans from the WAN This makes it less Stealth Mode susceptible to discovery and attacks Block TCP Flood n Ead is toggled to ON the controller will drop all invalid TCP packets and be protected from a SYN If this option is toggled to ON the controller will not accept more than 20 simultaneous active UDP con Block UDP Flood nections from a single computer on the LAN You can set the number of simultaneous active UDP connec tions to be accepted from a single computer on the LAN the default is 25 Allow Ping from LAN Toggle to ON to allow local computers to ping rad and ate tae ee as such ICMP packets if identified can be Echo Storm The number of ping packets per second at which the controller detects an Echo storm attack from the WAN and prevents further ping traffic from that external address ICMP Flood The number of ICMP packets per second at which the controller detects an ICMP flood attack from the WAN and prevents further ICMP traffic from that external address D Link DWC 1000 User Manual 242 Section 7 VPN Settings VPN AVPN provides a secure communication channel tunnel between two gateway routers or a remote PC client The following types of tunnels can be created e Gateway to gateway VPN To connect two or more routers to secure traffic between remote sites e Remote Client client to gateway VPN tunnel A remote c
193. esn t have the expiration time until the usage is run out Account Account Account Creation Activation Depletion Expiration ry d m E Xf Usage Volume This billing profile is suitable for a Hotspot scenario The service provider charge the wireless service based on usage volume c Complete the fields below annnm i 6 D Link DWC 1000 User Manual 51 Section 3 Basic Configuration Field Description Profile Details Profile Name Each profile will be having a profile Name to identify itself Profile Description This is the description of the profile Allow Multiple Login Checking this option will allow multiple users to use same captive portal login credentials created for this profile to login simultaneously Allow Customized Account on Checking this option enables front desk user to give customized account name to Front Desk the captive portal users being created on this profile Allow Batch Generation on Checking this option enables front desk user to generate a batch of temporary Front Desk captive portal users at one click Session Idle Timeout Idle timeout for CP users generated for this profile Show Alert Message on Login Enter a value here in Hours Days MB GB to get an alert message when usage time Page while Rest of Usage Time traffic left reaches the desired limit By default if 0 is entered it implies no alert Traffic Under message is required Basic Li
194. ess networks are 1 Click Wireless gt General gt General The General Setting page will appear 2 At the bottom select the Country Code from the drop down menu and click Save Erim Cowal eo Thr paga md pede pp magi imber aad ope ee ha cachAquom pee DRD UD rasap SLAN pobal ja hiing disky map Fai WLES porivi n be a tbir ime i Hepa uina ee teem ia Garmwrral papug TAN Grete derum BIAR Ceski ties Dyis it idii ihitza EN Fade a Cinch bees Timrrzi B dm LEAN VE Ohi el at EF auam Sinton Turri CEFER MAL dots des MR WB Phila 8 Bi h sa barum Pie nak Deliri ed Dien hte ul Based EF WOU Vie e rum Diesin Fria ilg Al Chest el Bite Ha Ert natem bt rer wea oo Beinn diim en di sn be rer nn ped dint haranciing tapes D i det tlg hirri Alila Speed bibil BF mmteg Mule me AP Tadei D Link DWC 1000 User Manual 29 Section 3 Basic Configuration Step 3 Select APs to be Managed The wireless controller automatically discovers managed and unmanaged access points on the WLAN that are in the same IP subnet Use the following procedure to select the access points that the wireless controller will manage 1 Click Wireless gt Access Point gt Discovered AP List The Discovered AP List page will appear with a list of access points that the wireless controller has discovered Eiern eiri Bake beer REI be ec Te cane phos nam ware irae eee eed aco bed eee BEEG bee ep ere ban BIC
195. ess point that the client is associated with captures all pre authentication requests and sends them to the controller The WLAN Associated Detected Clients Pre Authentication History List page shows detected clients that have made pre authentication requests and identifies the access points that received the requests Right clicking next to the MAC address the Pre Auth History page shows the fields in the table on the next page Pes gattesqrli epee a2 aiu e D Link DWC 1000 User Manual 308 Section 8 Viewing Status and Statistics Field Description MAC Address MAC address of the client AP MAC Address MAC address of the managed access point to which the client has pre authenticated Radio Interface Number Radio number to which the client is authenticated Radio 1 or Radio 2 VAP MAC Address VAP MAC address to which the client roamed SSID SSID name used by the VAP User name of client that authenticated via 802 1X Indicates whether the client successfully authenticated Shows a status of Success or Failure o Ag Time since the history entry was added Pre Authorization Status The wireless system keeps a record of clients as they roam from one managed access point to another and displays this information on the WLAN Associated Detected Clients Roam History List Right clicking next to the MAC address the Roam History page shows the fields in the table below List af associated Clients
196. ess takes a few minutes Do not interrupt the upgrade or turn off the system otherwise you can damage the firmware Wait for the upgrade to complete before browsing any sites from your browser 8 When the upgrade completes log in to the wireless controller web management interface click Maintenance Firmware Firmware Upgrade and confirm that the new firmware appears next to Firmware on the Using System PC page 9 Record the firmware level in Appendix A D Link DWC 1000 User Manual 337 Section 9 Maintenance Using the Command Line Interface The wireless controller supports a command line interface CLI The CLI lets you use a VT 100 terminal emulation program to locally or remotely configure monitor and control the wireless controller and its managed access points via a simple text based tree structured interface The wireless controller supports SSH and Telnet management for command line interaction The following procedure describes how to access the CLI Note A separately purchased USB to DB9F serial adapter will be helpful when connecting a PC or Linux workstation to the console An RJ 45 to DB9M cable is included with the wireless controller 1 Connect a PC with a VT 100 terminal emulation program to the Console port on the front panel of the wireless controller 2 CLI login credentials are shared with the GUI for administrator users When prompted type cli in the SSH or console prompt and login with administra
197. etection method is used at regular intervals on all configured Option ports when in Load Balancing mode This controller currently supports three algorithms for Load Balancing Round Robin This algorithm is particularly useful when the connection speed of one Option port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMTP go over the lower speed link Protocol binding is explained in next section Spillover If Spillover method is selected the primary Option acts as a dedicated link until a defined bandwidth threshold are reached After this the secondary Option will be used for new connections Inbound connections on the secondary Option are permitted with this mode as the spillover logic governs outbound connections moving from the primary to secondary Option You can configure spillover mode by using following options Load Tolerance It is the percentage of bandwidth after which the controller switches to secondary Option Max Bandwidth This sets the maximum bandwidth tolerable by the primary Option for outbound traffic If the link bandwidth of outbound traffic goes above the load tolerance value of max bandwidth the controller will spillover the next connections to secondary Option For example if the maximum bandwidth of primary Option is 1Kbps and the load tolerance is set to 70 Now eve
198. etworks addresses is set by the prefix length field Default IPv6 Gateway IPv6 address of the ISPs gateway This is usually provided by the ISP or your network administrator DNS Server s Enter the primary and secondary DNS server IP address es PPPoE Enter your PPPoE user name Use this field if you need to distinguish two servers using the same Username and Password combination Service With PPP as you can t specify servers using IP address you can specify the particular server to connect to using this field Authentication Type Select the type of Authentication to use Auto Negotiate PAP CHAP MS CHAP or MS CHAPv2 The mode of Dhcpv6 client that will start in this mode disable dhcpv6 stateless dhcpv6 stateful dhcpv6 DHCPV6 Options stateless dhcpv6 with prefix delegation DNS Server s Enter the primary and secondary DNS server IP address es D Link DWC 1000 User Manual 139 Section 5 Advanced Network Configuration Option Mode Path Network gt Internet gt Option Mode This controller supports multiple Internet WAN links This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports To use Auto Failover or Load Balancing WAN link failure detection must be configured This involves accessing DNS servers on the internet or ping to an internet address user defined If requ
199. feature is particularly useful in Auto Rollover mode For example if the DNS servers for each connection are different a link failure can render the DNS servers inaccessible However when the DNS proxy is enabled clients can make requests to the wireless controller and the controller in turn sends those requests to the DNS servers of the active connection Choices are Checked The wireless controller acts as a proxy for all DNS requests and communicates with the ISP s DNS servers as configured in the Option settings page All DHCP clients receive the primary and secondary DNS IP addresses along with the IP address where the DNS proxy is running i e the wireless controller s LAN IP Unchecked All DHCP clients receive the DNS IP addresses of the ISP excluding the DNS proxy IP address Secondary DNS Server Enable DNS Proxy D Link DWC 1000 User Manual 154 Section 5 Advanced Network Configuration Port VLANs Path Network gt VLAN gt Port VLAN After you enable the wireless controller s VLAN function use the Port VLAN page to configure the ports participating in the VLAN 1 Go to Network gt VLAN gt Port VLAN bee 2 Select the port and right click Edit Port V AA Cewrbbronstiam 3 Change Mode and PVID There are four modes Access Select to isolate this port from other VLANs All data going into and out of the port is untagged Traffic through a port in access m
200. fied by the initial bits of the address called the prefix All hosts in the network have the identical initial bits for their IPv6 address the number of common initial bits in the networks addresses is set by the prefix length field IPv6 Prefix Length D Link DWC 1000 User Manual 121 Section 5 Advanced Network Configuration Field Description DHCPv6 Status o oO Toggle On to enable DHCPv6 It is disable in default If DHCPv6 is Enabled ON There are two ways to obtain an appropriate address for the gateway You must select one of the following Stateless Address Auto Configuration This option will use router advertisement for address assignment The IPv6 RADVD protocol will be enabled to advertise this controller as a DHCPv6 client Stateful Address Auto Configuration Select this option to request an IPv6 address from any available DHCPv6 servers available on the ISP Name of the domain Optional for this DHCPv6 server This is used by the stateless DHCP to indicate the preference level of this DHCP server Server Preference DHCPv6 clients will pick up the DHCPv6 server which has highest preference value The preference value must be a decimal integer and be between 0 and 255 inclusive Select one of the following options for DNS servers for the DHCPv6 clients Use DNS Proxy On button to enable DNS proxy on this LAN or Off this button to disable this proxy When this feature is enabled the controller will ac
201. figuration has been applied to the access point and the access point is operating in managed mode No Database Entry access point s MAC address does not appear in the local or RADIUS Valid AP database Authentication Failed AP access point failed to be authenticated by the wireless controller or RADIUS server Failed wireless controller lost contact with the access point A failed entry will remain in the Managed AP database unless you remove it Note a managed access point shows a failed status temporarily during a reset Rogue access point has not tried to contact the wireless controller and the access point s MAC address is not in the Valid AP database Wireless radio mode the access point is using Operating channel for the radio D Link DWC 1000 User Manual 295 Section 8 Viewing Status and Statistics Managed Path Status gt Wireless Information gt Access Point gt Managed The Managed AP List page shows details about the managed access point right clicking a managed access point enables more options e sprt LIU each LS So cae ma H tha Prir s priced bo m eed AP herz Fr cam preicem actions Lor qed dione ieia cest oram ied with mierime AP Bare gel APs Lint jase sett pipa cise aes iind im pet mare options oe AIRE MOI CE eT ue Mrapi accen Ld Shsebag I t D al acres Field Description Model Name The model of the managed AP The firmware version of the managed AP Eth
202. figure POP3 Server Path Security gt Authentication gt External Auth Server gt POP3 Server POP3 is an application layer protocol most commonly used for e mail over a TCP IP connection The authentication server can be used with SSL encryption over port 995 to send encrypted traffic to the POP3 server The POP3 server s certificate is verified by a user uploaded CA certificate If SSL encryption is not used port 110 will be used for the POP3 authentication traffic The wireless controller acts only as a POP3 client to authenticate a user by contacting an external POP3 server This authentication option is available for IPSec PPTP L2TP Server and Captive Portal users Note that POP3 for PPTP L2TP servers is supported only with PAP and not with CHAP MSCHAP MSCHAPv2 encryption To configure your POP3 Server 1 Go to Security gt Authentication gt External Auth Server gt POP3 Server tab 2 Complete the fields in the table below and click Save Field Description Authentication Server IP address of the POP3 authentication server Authentication Port RADIUS authentication server port to send POP3 messages Enable SSL support for POP3 If this option is enabled it is mandatory to select a SSL Enable certificate authority for it CA File Certificate Authority to verify POP3 server s certificate Set the amount of time in seconds the controller should wait for a response from Timeout the POP3 server This
203. figured RADIUS server D Link DWC 1000 User Manual 218 Section 6 Securing Your Network Configure RADIUS Accounting Global Setting Path Security gt Authentication gt External Auth Server gt RADIUS Server This page is used to view and configure various global parameters for the RADIUS Accounting server configured on the system Use Accounting Mode to enable disable accounting globally for configured SSID s To configure the global settings 1 Goto Security Authentication External Auth Server RADIUS Accounting Global Setting tab ee ee ee ee ee ee asl Rma le lids Lee g o This gu io SO 22 Her HA eer ate EUH paru 1042 304 Tar AUS ee er cei oe Der miele fcc cee ey Mir da br peakiri dhabi ace oboe i coc guod Sw EL Badius Acceuniing Glcbal Configuration dentin Meda mne 4zqppomtisg interim biaia dzda E3 Wagen arc dac np item iaeei i 2 Complete the information from the table below and click Save Field Description Accounting Mode Toggle to ON to enable accounting mode Accounting Interim Update Toggle to ON to send Radius Accounting Interim Update based on Interim Interval Mode Period By default this mode is disabled RADIUS Accounting Interim The interim Interval at which Radius Accounting Interim Update packets should be Interval sent by the controller The value should be in the range 300 3600 D Link DWC 1000 User Manual 219 Section 6 Securing Your Network Con
204. figured re provisioning mode in the AP which is one of the following Unmanaged AP Reprovisioning e a e Enable The AP can be reprovisioned when it is not managed Mode c 2 Disable The AP cannot be reprovisioned when it is not managed Status of the most recently issued AP provisioning command which is one of the following Not Started Provisioning has not been done for this AP e Success Provisioning finished successfully for this wireless controller The AP Provisioning Status Table should reflect the latest provisioning configuration AP Provisioning Status In Progress Provisioning is executing for this AP e Invalid Switch IP Address Either primary or backup wireless controller IP address is not in the cluster or the mutual authentication mode is enabled and the primary wireless controller IP address is not specified Provisioning Rejected AP is not managed and is configured not to accept provisioning data in unmanaged mode e Timed Out The last provisioning request timed out Status of the last AP profile and X 509 Certificate distribution to the Primary and Backup switches This status is changed as a result of the AP provisioning command The X 509 certificate is sent to the primary and backup switches only if mutual authentication is enabled The status is one of the following Not Started No information for this AP has been sent to the primary and backup switch e Success AP Profile and X 509 Certifi
205. flow of air through the wireless controller s ventilation slots Leave at least 3 feet 91 4 cm clear on both sides and rear of the controller Allow you to reach the wireless controller and all cables attached to it e Have a working AC power outlet that is not controlled by a wall switch that can accidentally remove power to the outlet D Link DWC 1000 User Manual 19 Section 2 Installation Rack Mount The wireless controller can be mounted in a standard 19 inch equipment rack 1 Attach the mounting brackets to each side of the chassis and secure them with the supplied screws 2 Use the screws provided with the equipment rack to mount the wireless controller into the rack D Link DWC 1000 User Manual 20 Section 2 Installation Connecting the Wireless Controller To install the wireless controller perform the following procedure 1 Install the controller and access points according to the instructions in their documentation 2 Connect one end of an Ethernet LAN cable to one of the ports labeled LAN 1 4 on the front of the wireless controller Connect the other end of the cable to an available RJ 45 port on a switch in the LAN network segment 3 Connect one of the wireless controller ports labeled LAN 1 4 to the network or directly to a PC 4 If you purchased a VPN Firewall Router License Pack use the Option1 and Option2 ports on the front of the wireless controller as follows Option WAN por
206. from Option Interface 198 D Link DWC 1000 User Manual Section 6 Securing Your Network Configuring Browser Policies Path Security gt Authentication gt User Database gt Groups The following procedure describes how to configure browser specific policies for user groups Using this procedure you can allow or deny the users in a user group from using particular web browsers to log in to the wireless controllers web management interface 1 Click Security gt Authentication gt User Database gt Groups 2 Click the Add Browser Policies button Eraverer Policies Ters BATTU imer fortis Ln bisig 1 ot dew T asd Fest Presea waT 3 Select a group and a browser from the drop down menus and click Add The selected browser will appear in the Defined Browsers area nnviser Policies Cond guration Grap Some igi xil Defined Drowse Covet Erawser viserenh Eeglases Field Description Select the group name from the drop down menu Client Browser Select a web browser from the drop down menu 4 Right click your entry from the list and select Allow or Deny D Link DWC 1000 User Manual 199 Section 6 Securing Your Network Configuring IP Policies Path Security gt Authentication gt User Database gt Groups The following procedure describes how to configure IP specific policies for user groups Using this procedure you can allow or deny the users in a user group t
207. g 802 1p Priority on page 178 D Link DWC 1000 User Manual 174 Section 5 Advanced Network Configuration Enabling QoS Mode Path Network gt QoS gt LAN QoS Priority Using the QoS page you can enable Quality of Service QoS on the wireless controller Typically networks operate on a best effort delivery basis which means that all traffic has equal priority and an equal chance of being delivered in a timely manner When congestion occurs all traffic has an equal chance of being dropped When you configure the QoS feature you can select specific network traffic prioritize it according to its relative importance and use congestion management and congestion avoidance techniques to provide preferential treatment Implementing QoS in your network makes network performance more predictable and bandwidth utilization more effective It is especially useful if you expect traffic congestion on the wireless controller LAN ports QoS classification can be applied in Layer 2 or Layer 3 frames For this reason you can configure the wireless controller to use Layer 2 CoS settings or Layer 3 DSCP settings Note The wireless controller also provides a CoS to DSCP map to map CoS values in incoming packets to a DSCP value that QoS uses internally to represent the priority of the traffic To access this feature click Network gt QoS gt QoS Priority To configure QoS mode 1 Click Network gt QoS gt LAN QoS Priority orn _ Date
208. g Algorithm select either Strict or Weighted Round Robin 3 Click Save D Link DWC 1000 User Manual 184 Section 5 Advanced Network Configuration Queue Management Path Network gt QoS gt LAN QoS Policy gt Queue Management This page shows the current queue management algorithm that is used in the wireless controller 1 Go to Network gt QoS gt LAN QoS Policy gt Queue Management tab Tels page thea How gears quana manage gees ibsi k oe dm Ea DECR eli m cis dm mud sappii imeli z paraa ee ee e pe Ipem Dmu Ans ag eren Germe Hucijnmud hi een This page displays the current queue management algorithm that is used We currently do not support configuration of queue management algorithm D Link DWC 1000 User Manual 185 Section 5 Advanced Network Configuration Setup CoS and DSCP Marking Path Network gt QoS gt CoS DSCP Marking Remarking CoS to DSCP is an advanced QoS configuration where the Layer 2 quality of service field is translated to a Layer 3 QoS field in the packet so that upstream routers can make a QoS decision based on the DSCP field set in the packet Once you enable CoS to DSCP marking by choosing the check box you can choose the appropriate value of the DSCP for a given CoS value 1 Go to Network gt QoS gt CoS DSCP Marking eee L Cah CP ey ec feeeskosg m ka MALF bee mPa nid Qul ge queis herir De bijdr Feb B3 eei Meid eel mop Lupus P pel eid ie qe pismi na dias c
209. g tab 2 You can configure the power as a percentage of maximum power where the maximum power is the minimum of power level allowed for the channel by the regulatory domain or the hardware capability Select Manual or Auto Mode 3 Enter the power change threshold The default value is 85dBm The power changes are initiated only if the neighbor radio hears the transmitting radio with the signal strength equal or above the threshold The signal detected below the threshold is ignored 4 If you select Manual click on the Manual Power Adjustments tab Here you can apply and start the power algorithm on selected access points D Link DWC 1000 User Manual 69 Section 6 Securing Your Network WIDS The Wireless Intrusion Detection System WIDS can help detect intrusion attempts into the wireless network and take automatic actions to protect the network Configure AP WIDS Settings Path Wireless gt General gt WIDS gt AP WIDS Security The WIDS AP Configuration page allows you to activate or deactivate various threat detection tests and set threat detection thresholds in order to help detect rogue APs on the wireless network These changes can be done without disrupting network connectivity Since some of the work is done by access points the controller needs to send messages to the APs to modify its WIDS operational properties Note The classification settings on the WIDS AP Configuration page are part of the
210. gement disable the support for radio resource measurement feature in the AP profile The feature is set independently for each radio and is enabled by default Select Enable to specify that the AP should not acknowledge frames with QosNoAck as the service class value Select the 802 11 rate at which the radio transmits multicast frames The rate is in Mbps Multicast TC RAEE ips The lowest rate in the 5 GHz band is 6 Mbps Channel This field displays the channels that are supported for the radio mode currently selected Auto Eligible Channels on the page and for the country configured on the General Settings page Press Crtl to select multiple channels Basic Rate Set Mbps i indicate the data rates that all stations associating with the AP must These numbers indicate rates that the access point supports You can select multiple Supported Rate Set Mbps rates The AP automatically chooses the most efficient rate based on factors like error rates and distance of client stations from the AP Space Time Block Code D Link DWC 1000 User Manual 95 Section 4 Advanced WLAN Configuration Configure AP Profile SSID Path Wireless gt Access Point gt AP Profiles gt AP Profile SSID The AP Profile SSID List page displays the virtual access point VAP settings associated with the selected AP profile Each VAP is identified by its network number and Service Set Identifier SSID You can configure and enable up to 16 VAPs per radio o
211. global configuration on the controller and must be manually pushed to other controllers in order to synchronize that configuration Many of the tests are focused on identifying APs that are advertising managed SSIDs but are not in fact managed APs Detecting such an AP means that a network is either miss configured or that a hacker set up a honeypot AP in the attempt to collect passwords or other secure information Although operational mode radios can detect most threats the sentry radios detect the threats faster especially when a potential rogue is operating on a different channel from any of the managed AP radios The number of deployed sentry radios should be sufficient to provide coverage by one sentry radio in every geographical location within the network A denser sentry deployment may be desirable in order to improve rogue or interferer signal triangulation To configure WIDS AP 1 Go to Wireless gt General gt WIDS gt AP WIDS Security tab 1022022122 D Link DWC 1000 User Manual 70 Section 6 Securing Your Network 2 Enable or disable the security options as desired refer to the table below and click Save Field Description Administrator Configured Ifthe source MAC address is in the valid AP database on the controller or on the RADIUS Rogue AP server and the AP type is marked as Rogue then the AP state is Rogue This test checks whether an unknown AP is using the managed network SSID A hacker may se
212. grade up to 3 AP licenses By default DWC 1000 can manage up to 6 AP s You increase the number by 6 upon each AP license 3 WCF License is a powerful dynamic web filtering function that can be used in many places It is ideal for companies that want to ensure that employees aren t wasting time online schools that want to prevent their students from viewing questionable online material or libraries and small businesses like coffee stores that want to limit customers from accessing certain sites on their network You can filter up to 32 categories of websites in total such as pornography gambling online shopping and many others You can easily block or unblock these categories in just a few clicks The dynamic WCF also has a logging feature Whenever a user tries to access a website that is blocked or the time stamp of login logout the corresponding event will be logged Using the wireless controller and the access points with which it is associated lets you e Discover and configure D Link access points on the WLAN Optimize wireless access point performance with centralized RF management security Quality of Service QoS and other configuration features e Streamline security configuration tasks and set up guest access e Monitor network status and statistics e Perform maintenance tasks and firmware updates for the wireless management system and for D Link access points on your wireless network Conduct troubleshooting procedures Co
213. gs screen Bae Wydce dues Alae 7H VPE edo Th zig pin eS 028p Le ee IHE Pg Se impar Cureent 551 VFN Legs i i aj Tre iba c etis B Fp sain realen babe thee dal ee Oe REI D Link DWC 1000 User Manual 360 Section 10 Troubleshooting WCF Logs Path Status gt System Information gt All Logs gt WCF Logs The Display Logs window allows you to view configured WCF log messages from the router as they appear Each log will appear with a timestamp as determined by the controller s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are sent to the remote interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen D Link ee ET ip 0 Pih pape Mico Fen i spiorad keg amrrapiss ogee Fa sis Vus TF mrmi TAE be mtm is igi la op Bang im lei pci D Link DWC 1000 User Manual 361 Section 10 Troubleshooting Captive Portal Logs Path Status gt System Information gt All Logs gt Captive Portal Logs The Display Logs window allows you to view configured Captive Portal log messages from the router as they appear Each log appears with a timestamp as determined by the router s configured time If remote logging such as a Syslog server or e mail logging is configured the same logs are se
214. gt VPN Passthrough This switch s firewall settings can be configured to allow encrypted VPN traffic for IPSec PPTP and L2TP VPN tunnel connections between the LAN and internet A specific firewall rule or service is not appropriate to introduce this passthrough support instead the options in the VPN Passthrough page must be toggled to ON 1 Click Security gt Firewall gt VPN Passthrough ee ee edo Ti papa Rum ee te ca uam Uds Rec AFTE pad LPT peers x er eer Peake pert pxrcktaamt beer Hinr priprta Wear Eserb rues Dem DA OS haie Fe VEH Pat Psi regs ride were iris mas EN Ma id iilos d 2 Toggle the VPN protocol you want to allow to ON and click Save D Link DWC 1000 User Manual 239 Section 8 Security Dynamic Port Forwarding Application Rules Path Security gt Firewall gt Dynamic Port Forwarding gt Application Rules Application rules are also referred to as port triggering This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them Port triggering waits for an outbound request from the LAN DMZ on one of the defined outgoing ports and then opens an incoming port for that specified type of traffic This can be thought of as a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming port s Port triggering application rules are more flexible than static port forwarding that is an available option
215. guis pa estes cas waia m qus deride Rind x vu PUF Pils rab e Pim pais Dura jas ww Im im DIE mar imq bp emmy Feder Tiri pii sme s Gadid Fed permed rete c Eee YU Res pee Lael tere Cok far artis Liu DEE iig NEN i tt Msg um n iip isch em ems a quil om capt em 2 Enable CoS and DSCP Marking and click Save 3 Right click on the CoS and select Edit Cat 160 Mueren C vali tion E PER 4 Select the CoS and DSCP values and then click Save D Link DWC 1000 User Manual 186 Section 5 Advanced Network Configuration Option QoS Traffic Shaping Path Network gt QoS gt Option QoS Bandwidth management controls the rate and priority of the traffic on your Internet link allowing you to efficiently utilize the Internet bandwidth Configuring bandwidth management will allow you to control the rate and priority of the traffic going to the internet ensuring that high priority traffic such as voice are assured of certain quality of service and also limit low priority traffic 1 Goto Network QoS Option QoS 2 Toggle Bandwidth Management to On and click Save 3 Define the upstream and downstream bandwidth for the Option 1 and Option 2 interfaces and click Save 4 To create a new profile click Add New Option QoS Profile 5 Complete the fields on the next page and click Save D Link DWC 1000 User Manual 187 Section 5 Advanced Network Configuration Field Descr
216. gure AP Profile Radio 2 In a new AP Profile you can edit the radio 802 11b g n from here You can also Radio Mode goa T1bigin edit it from AP Profile Radio Configure AP Profile QoS Radio 1 In a new AP Profile you can edit the QoS on radio 802 11a n from here You can Gus Radio Mode802 119 f also edit it from AP Profile Radio Configure AP Profile QoS Radio 2 In a new AP Profile you can edit the QoS on radio 802 11b g n from here You can toS RAIO Made BOX TBIR also edit it from AP Profile Radio D Link DWC 1000 User Manual 89 Section 4 Advanced WLAN Configuration Configure AP Profile Radio Path Wireless gt Access Point gt AP Profile gt AP Profile Radio To accommodate a broad range of wireless clients and wireless network requirements the AP can support up to two radios By default Radio 1 operates in the IEEE 802 11a n mode and Radio 2 operates in the IEEE 802 11b g n mode The difference between these modes is the frequency in which they operate IEEE 802 1 1b g n operates in the 2 4 GHz frequency and IEEE 802 11a n operates in the 5 GHz frequency of the radio spectrum 1 Click Wireless gt Access Point gt AP Profiles gt AP Profiles Radio tab 2 Right click on the radio you want to change and click Edit Pele ted Ariel io ms cuc EN i rT T T a E et rt t a Ex ET md T a ee D Link DWC 1000 User Manual 90 Section 4 Advance
217. h Date and Time The Date and Time page shows the current date and time of day The wireless controller uses the Network Time Protocol NTP to obtain the current time from one of several network time servers on the Internet Each entry in the log is stamped with the date and time of day If you find that the date and time stamps are not accurate confirm that the wireless controller can reach the Internet Discovery Problems with Access Points If the wireless controller does not discover any or all access points e Be sure the wireless controller is connected to the LAN see LAN Port LEDs Not ON on page 340 e Be sure you entered the appropriate IP address range if the access points operate in different VLANs reside behind an IP subnet or operate in standalone mode see Step 1 Enable DHCP Server Optional on page 28 If you are using a firewall unblock the UDP port number for each access port in the firewall e Be sure each access point is using a unique IP address see AP Discovery Methods on page 78 If more than one access point has the same IP address only one of them is discovered In this case add the access point to the managed list change its IP address and then run discovery again to discover the next access point with that IP address see Step 3 Select APs to be Managed on page 30 D Link DWC 1000 User Manual 341 Section 10 Troubleshooting Connection Problems When an access point is converted from stand
218. h the DHCP server enabled the controller s IP address serves as the gateway address for LAN and WLAN clients The PCs in the LAN are assigned IP addresses from a pool of addresses specified in this procedure Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN For most applications the default DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another LAN device that is the network s DHCP server this is particularly useful for wireless clients Instead of using a DNS server you can use a Windows Internet Naming Service WINS server A WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve host names The controller includes the WINS server IP address in the DHCP configuration when acknowledging a DHCP request from a DHCP client You can also enable DNS proxy for the LAN When this is enabled the controller will act as a proxy for all DNS requests and communicates with the ISP s DNS servers When disabled all DHCP clients receive the DNS IP addresses of the ISP 1 Click Network gt LAN gt LAN Settings D Link DWC 1000 User Manual 119 Section 5 Advanced Network Configuration 2 Complete the fields in the table below and click Save
219. hardware address list present in the database if an IP address is already assigned to that computer or device in the database the customized IP address is configured otherwise an IP address is assigned to the client automatically from the DHCP pool 1 Click Network gt LAN gt LAN DHCP Reserved IPs Bewa LAN LAM Dc dered En o e Tu page adiu cris 3s Sigon Cee duni up D aloes faa Tha DHCP lsrrae sacwipcrasusa pidor P serias rae ule DIA dee imag receion pur nere IP det shea DUCI In arable sa khe LAB bisd ter LAN devices MAC adders da x necfaered P azdiross Phir IP address eil als ba mirer c Eus puizhirg xp piirre LAN OCP Reverved IPs List meme 0 m Ripr cvi ra ejna 2o qur marg eoram Mo kia arl dr hs latin 2 Click Add New DHCP Reserved IP LAN inc P Redereed iP Cantigniien o W iidr PM BUG ti 3 Enter the IP address you want to reserve and the MAC Address of the client you want to assign the IP address to 4 Click Save D Link DWC 1000 User Manual 129 Section 5 Advanced Network Configuration IP MAC Binding Path Network gt LAN gt IP MAC Binding Another available security measure is to only allow outbound traffic from the LAN to WAN when the LAN node has an IP address matching the MAC address bound to it This is IP MAC Binding and by enforcing the gateway to validate the source traffic s IP address with the unique MAC Address of the configured LAN node you can
220. he following sections describe the log configuration settings and the ways you can access these logs Defining What to Log Path Maintenance gt Logs Settings gt Facility Logs The Facility Logs page lets you determine the granularity of logs to receive from the wireless controller Select one of the following facilities e Kernel the Linux kernel Log messages that correspond to this facility would correspond to traffic through the firewall or network stack e System application and management level features available on this wireless controller for managing the unit Bainbmence Loge lettings Facility aga o eo Than pape alkiwri ger 1o comfigere Logging erity brenln dor differert Logging dacilitis Facility Lasa Facri gy belec t Facilis WO doe pel Hil Jer Firat Log velat Log Trosg E LLEN mem mm Alert D pee ritizak mem m Was sig mm m Patifica tien me mm inizrmatizu few C Dei eygna pn n inc D Link DWC 1000 User Manual 348 Section 10 Troubleshooting For each facility the following events in order of severity can be logged Severity Description System is unusable Aet O Action must be taken immediately Critical conditions Emo Errorconditions ooo Waming Warningconditions The display for logging can be customized based on whether the logs are sent to the Event Log viewer in the web management interface the Event Log viewer is in the Status System
221. he Event Viewer This page helps you capture suspicious activity such as denial of service attacks general attack information login attempts dropped packets and similar events Traffic can be tracked based on whether the packet was accepted or dropped by the firewall luisa Lop bec iewem toe eo Th i pam suma unam Le coe erie ehe hog orem System Log Ak Code ust T raifiz L m WE draadoart Baticavk Trete nme OT Lag nme Wadisrpse UG EE Porast neue imale Pas apes me Routing Logs All Unicast Traffic If enabled tracks packets directed to the wireless controller All Broadcast Multicast Traffic If enabled tracks all broadcast or multicast packets directed to the wireless controller FTP Logs If checked logged information is sent to FTP logs Redirected ICMP Packets isla tracks the number of redirected Internet Control Message Protocol ICMP Invalid Packets If checked tracks the number of invalid packets received D Link DWC 1000 User Manual 351 Section 10 Troubleshooting Remote Logging Path Maintenance gt Logs Settings gt Remote Logs The wireless controller can be configured to send logs to an email address Email logs can be sent out based on a defined schedule by first choosing the frequency hourly daily or weekly The wireless controller lets you send configuration logs to three email recipients ee c Lamp kiip eee CF e Option Description Log Opti
222. he customer can use wireless internet service for a period of time counting from first time logs in 3 The temporary account is valid with specific date and time The account has the expiration time Account Account Activation Account Creation Specific Date amp Time Depletion Expiration n Usage Period This billing profile is suitable for the scenario in Press Conference The organizer generates accounts before the event and delivery account information to participator in advanced if necessary The temporary account would be only valid from specific date and time 4 The temporary account has limited time usage The account doesn t have the expiration time until the usage is run out Account Account ccaunt Creation Activation Depletion Expiration rs gt sr pr M j b 0 07g Usage Tima This billing profile is suitable for the scenario in Hotspot The service provider charge the wireless service based on usage time This account allows multiple devices log in at the same time 5 The temporary account has limited usage traffic The account doesn t have the expiration time until the usage is run out Account Account Account Creation Activation Depletion Expiration FS d m NEN ET J B Usage Volume This billing profile is suitable for a Hotspot scenario The service provider charge the wireless service based on usage volume D Link DWC 1000 User Manual 206 Section 6 Securing
223. henticated before accessing data outside this SSID The temporary Captive Portal billing users created via online wireless service purchasing The wireless service packages are defined in Login Profile If Captive Portal Type Permanent User select the authentication server All users that log in to the captive portal for this SSID are authenticated through the selected server The available authentication servers are Local User Databass Radius Server LDAP Server or POP3 Authentication Server If Captive Portal Type Permanent User and Authentication Server RADIUS server select the authentication type PAP CHAP MSCHAP or MSCHAPV2 r din Broale Nani If Captive Portal Type Permanent User or Temporary User select the Login Profile g Any of the available profiles can be used for this SSID You can hide the SSID broadcast to discourage stations from automatically discovering your access point s When the broadcast SSID of the AP is hidden the SSID name is not displayed in the list of available SSID on a client station Instead the client must have the exact SSID name configured in the supplicant before it is able to connect Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting to your network but it will not prevent even the simplest of attempts by a hacker to connect or monitor unencrypted traffic ON SSID is hidden OFF SSID is broadcast Authentication Type D Link DWC 1000
224. hods on each SSID are difference e dlink corporate SSID This SSID is for D Link employees who works with cooperate provided drives It requires device MAC authentication and Captive Portal to complete the authentication process dlink byod SSID This SSID is for D Link employees who work with his her private drive BYOD device It requires Captive Portal to complete the authentication process 1 Set up VLANs based on the network architecture Create three VLANs VLANT is the default VLAN for AP management VLAN2 is for the traffic associated from SSID dlink corporate and VLAN3 is for the traffic associated from SSID dlink byod Associate VLAN 1 to 3 memberships on Port1 a Goto Network gt VLAN gt VLAN Settings The VLAN List will appear b Click Add New VLAN The VLAN Configuration page will appear c EnteraVLAN ID and name d Enter the IP range for your VLAN D Link DWC 1000 User Manual 56 Section 3 Basic Configuration a ee mI o amp LLLI UL ep ee Be diu ted bp LAO a iiem LAR brit mpm fe comi qui rmi ra ml E Tamam 1 aii m Fa Too domam Fus b mo di ee indies TEEN mI E a ee 2 Associate VLAN 1 to three memberships in Trunk mode on Port 1 a Go to Network gt VLAN gt Port VLAN b Right click port 1 and click Edit Select Trunk from the Mode drop down menu and then select VLAN1 to VLAN3 hold CRTL and click 1 2 and 3 next to VLAN Membership c Click Save
225. i CA aa qe pie SUM giras a Ml AIL us st eats cniin De ich areal ern i aair ler evi ul Mie Ei eiut Mea Ca Li sajaga amish Ept Pirie eile alm t Eberimairilit p a ig aa oe ed be et ae LE I dis 2 Click the Browse button Locate your certificate and click Open 3 Click Upload Fette d GENERAR iR a epa eig tee 7 o i SEs ha i s D Link DWC 1000 User Manual 251 Section 7 VPN Active Self Certificates A self certificate is a certificate issued by a CA identifying your device or self signed if you don t want the identity protection of a CA The Active Self Certificate table lists the self certificates currently loaded on the switch The following information is displayed for each uploaded self certificate Name The name you use to identify this certificate it is not displayed to IPSec VPN peers Subject Name This is the name that will be displayed as the owner of this certificate This should be your official registered or company name as IPSec or SSL VPN peers are shown this field Serial Number The serial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that issued signed this certificate Expiry Time The date after which this signed certificate becomes invalid You should renew the certificate before it expires To upload a certificate 1 Click VPN IPSec VPN Certificate Active Self Certificates tab
226. i From iem ie mg ath teem a Ir n rug DUP bene Wa Frau EX kis miei hetmani dASESEaard ii n s Paget cee m record a get rum ipte i ol r T 5m deis malian i iiir 4 Click Add new Network Address Enter a network address and mask length 5 Click Save D Link DWC 1000 User Manual 131 Section 5 Advanced Network Configuration UPnP Setup Note This feature is only available when the DCS 1000 VPN license is activated Path Network gt LAN gt UPnP Universal Plug and Play UPnP is a feature that allows the controller to discover devices on the network that can communicate with the controller and allow for auto configuration If a network device is detected by UPnP the controller can open internal or external ports for the traffic protocol required by that network device If disabled the controller will not allow for automatic device configuration and you may have to manually open forward ports to allow applications to work To configure the UPnP settings 1 Click Network gt LAN gt UPnP 2 Toggle Activate UPnP to On 3 4 Enter a value for Advertisement Period This is the frequency that the controller broadcasts UPnP Select a VLAN from the LAN Segment drop down menu information over the network A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network Enter a value for Advertisement Time to Live This is
227. ia aa Clu Roe rapi Cea lee Acceda Patet Feefle Ling fen a din Dii itab are ee pf ees al m Landes uai in 1 2 Click Add New AP Profile AT Sandia Daliai Dasig iiaia 2o a awe temm 2 r iais lain Dici eei ls Profan hana Baisi Teka x f Sard ete B serg Crei mafiya AP Pru Ma Badis ade ii tibis Caen gett AP Peel Wadi dip de PIU UE pr Conair AP People ed Boots Oa fete Be Copia AP Horus Dub aama ish Eis BR pls Do D Link DWC 1000 User Manual 88 Section 4 Advanced WLAN Configuration 3 Complete the fields in the table below and click Save Field Description AP Profile Global Configuration Profile Name Identifies the name of the configured profile Hardware type for the APs that use this profile The hardware type is determined in part by the number of radios the AP supports single or dual and the IEEE 802 11 modes that the radio supports a b g or a b g n The available options Hardware Type Any DWL 8600AP Dual Radio a b g n DWL 6600AP Dual Radio a b g n DWL 3600AP Single Radio b g n DWL 2600AP Single Radio b g n e DWL 8610AP Dual Radio a b g n ac Wired network Discovery VLAN ID LAN ID that the controller uses to send tracer packets in order to detect APs connected to the wired network Configure AP Profile Radio 1 Radio Mode 802 11a n In a new AP Profile you can edit the radio 802 11a n from here You can also edit it from AP Profile Radio Confi
228. iate with the controller If you select this option you must configure the passphrase on the AP while it is in standalone mode as well as in the Valid AP database To configure the pass phrase on a standalone AP log onto the AP Administration Web UI and go to the Managed Access Point page or log onto the AP CLI and use the set managed ap pass phrase command To configure the passphrase for an AP in the local Valid AP database click the Valid AP page from the Basic Setup page Then click the MAC address of the AP and enter the passphrase in the Authentication Password field If you enable authentication it takes place immediately after the controller validates the AP Discover and manage APs with older firmware Country Configuration Select the country code that represents the country where your controller and APs operate When you click Submit a pop up message asks you to confirm the change Wireless regulations vary from country to country Make sure you select the correct country code so that your WLAN system complies with the regulations in your country 66 Section 4 Advanced WLAN Configuration Channel Plan and Power Settings The wireless controller software contains a channel plan algorithm that automatically determines which RF channels each AP should use to minimize RF interference When you enable the channel plan algorithm the wireless controller periodically evaluates the operational channel on every AP it manages and
229. ic flow To configure RIP 1 Click Network gt Routing gt RIP kaamt es E eo Tus pagr pisn is paige ma EF ALS mug mdimimicm Preteen 2 Complete the fields in the table below and click Save Description The RIP direction will define how this controller sends and receives RIP packets Select one of the following e Both The controller both broadcasts its routing table and also processes RIP information received from other controllers This is the recommended setting in order to fully utilize RIP capabilities e Out Only The controller broadcasts its routing table periodically but does not accept RIP information from other controllers In Only The controller accepts RIP information from other controllers but does not broadcast its routing table None The controller neither broadcasts its route table nor does it accept any RIP packets from other controllers This effectively disables RIP Direction The RIP version is dependent on the RIP support of other routing devices in the LAN Disabled This is the setting when RIP is disabled RIP 1 A class based routing version that does not include subnet information This is the most commonly supported version RIP 2 Includes all the functionality of RIPv1 plus it supports subnet information Though the data is sent in RIP 2 format for both RIP 2B and RIP 2M the mode in which packets are sent is different Version RIP 2B broadcasts data in the entire subnet while
230. ich 132 2 Complete the fields from the table below and click Save Field Description Option Mode Select Load Balancing from the drop down menu Load Balance Select Spillover Mode Option DNS Servers DNS Lookup of the DNS Servers of the primary link is used to detect primary Option connectivity DNS Servers DNS Lookup of the custom DNS Servers can be specified to check the connectivity of the primary link DNS Lookup Mode Ping these IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link Retry Interval is The number tells the controller how often it should run the above configured failure detection method Failover after This sets the number of retries after which failover is initiated D Link DWC 1000 User Manual 144 Section 5 Advanced Network Configuration Routing Routing between the LAN and WAN will impact the way this controller handles traffic that is received on any of its physical interfaces The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet NAT or Classical Path Network gt Internet gt Routing With classical routing devices on the LAN can be directly accessed from the internet with their public IP addresses assuming appropriate firewall settings are configured If your ISP has assigned an IP address for each of the computers devices that you use select Classical
231. ient and select either Edit or Delete 3 Change the desired settings refer to the table on the previous page 4 Click Save D Link DWC 1000 User Manual 193 Section 6 Securing Your Network Group Management A user group is a collection of users who share the same privileges The following section describes how to add user groups After you add a user group you can configure its login policies policies for browsers and policies by IP You can also edit user groups when changes are required and delete user groups you no longer need Adding User Groups Path Security gt Authentication gt User Database gt Groups When you add a user group you assign e A name that identifies the user group e An optional user group description At least one privilege or user type An idle timeout value After you define user groups you can use the procedure under User Management on page 201 to populate the groups with users To add a user group 1 Go to Security gt Authentication gt User Database gt Groups This saga woe iba Hiii sf acted grows be then rondo Then asor cam add Belden asd ee iba eee alin Grops Lii om ia Egik atik mi red Rc ed ee iaa a aras Albis Oe LARGI taii bre Fea a ii miia D Link DWC 1000 User Manual 194 Section 6 Securing Your Network 2 Click Add New Group The Group Configuration pop up page will appear oun Cenflgaraclan o ERE EE BENE aeuum Eam
232. igured for the VAP Server Status The default access point profile does not use any security mechanism To protect your network we recommend you select a security mechanism to prevent unauthorized wireless clients from gaining access to your network Choices are e None No security mechanism is used WEP Enable WEP security Complete the options in Table 3 4 e WPA WPA2 Enable WPA WPA2 security Complete the options in Table 3 5 Security D Link DWC 1000 User Manual 104 Section 4 Advanced WLAN Configuration Wireless Distribution System WDS The Wireless Distribution System WDS Managed AP feature allows you to add managed APs to the cluster using over the air WDS links through other managed APs This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks It can also simplify the network infrastructure by reducing the amount of cabling required With WDS APs may be located outdoors where wired connection to the data network is unavailable or in remote buildings that are not connected to the main campus with a wired network The WDS AP group consists of two types of APs root APs and satellite APs A root AP acts as a bridge or repeater on the wireless medium and communicates with the controller via the wired link A satellite AP communicates with the controller via a WDS link to the root AP The WDS links are secured using WPA2 Personal authentication
233. iguring NTP servers for more information To add a schedule profile 1 Click Security gt Firewall gt Schedules Profiles 2 Click Add New Schedule Profile Enter a name for the profile and click Save f aen poets Goel ete e Tit D Link DWC 1000 User Manual 232 Section 8 Security 3 Click the Schedules Rules tab Next to Schedule Name select the schedule profile you want to configure fey jPa ieii o Beie ates ao rap DITE ss II T D isHmrdgkrn uum m Cui deraa ud ham es pee Ne Pus bes Wim ine Pau E aaa m Tghid m omai i gria nem Mu HEEL ee oe 4 Right click an entry and select either Edit or Delete or to add a new schedule rule click Add New Schedule eren Baie Coat tha eo hmm Prii bis 8H Sop Be okie Pia ida Pee tad Mas Field Description Scheduled Days Select All Days or Specific Days Monday Sunday If you selected Specific Days toggle each day you want to ON Scheduled Time of Day Select All Day or Specific Times If you selected Specific Times use the mouse on the blue boxes representing the hour minutes and am Start Time End Time pm to select the start time and end time Click hold and move up to decrease the value or move down to increase the value D Link DWC 1000 User Manual 233 Section 8 Security Blocked Clients Path Security gt Firewall gt Blocked Clients This page displays a list of blocked clients
234. ime by clicking Status gt Dashboard L JJ LL Gewese be ere ee rimi iaa rushing SS ee oe eee wein ee oam eee oe e a i a ee ee ee ee ie ee eres bevasi a zm iee cm E a a L me a E i e IL udi Lam p E AA a 5 To log out of the web management interface click the Logout icon which is in the top right corner of the page in the System Menu area D Link DWC 1000 User Manual 24 Section 3 Basic Configuration Web Management Interface Layout A web management interface screen can include the following components 1st level Main navigation menu tab The main navigation menu tabs appear across the top of the web management interface These tabs provide access to all configuration menus and remain constant 2nd level Main navigation submenu tab The main navigation submenu tabs appear on drop down menus when you move your mouse over the main navigation menu tabs 3rd level Middle menu tabs Some pages have menu tabs below the main navigation menu tab which lead to other pages when you click on them Ath level Workspace The workspace shows the parameters associated with the selected menu and submenu Action buttons Action buttons change the configuration or allow you to make changes to the configuration Common action buttons are Save Saves all configuration changes made on the current screen Saved settings are retained when the wireless
235. in the IP Address Domain Name field enter an IP address or domain name 3 Click Traceroute The results will appear in the Command Output display below D Link DWC 1000 User Manual 344 Section 10 Troubleshooting Performing DNS Lookups Path Maintenance gt Management gt Diagnostics gt Network Tools The wireless controller provides a DNS lookup function that lets you retrieve the IP address of a Web FTP Mail or any other server on the Internet 1 Go to Maintenance gt Management gt Diagnostics gt Network Tools Tiis smpn tir bre seni Ne simi milk ipee apenith Fuss ker gie du kaim m b itiren Bri cuni Toch 2 Under DNS Lookup in the Domain Name field enter an Internet name 3 Click Lookup The results will appear in the Command Output display below If the host or domain entry exists a response will appear with the IP address If the message Host Unknown appears the Internet name does not exist D Link DWC 1000 User Manual 345 Section 10 Troubleshooting Capturing Log Packets Path Maintenance gt Management gt Management gt Diagnostics gt Capture Packets The wireless controller lets you capture all packets that pass through the LAN or Option interface The packet trace is limited to 1 MB of data per capture session If the capture file size exceeds 1MB it is deleted automatically and a new capture file is created To capture packets 1 Go to Maintenance gt Management g
236. ink DWC 1000 User Manual 211 Section 6 Securing Your Network Field Description General Details Enter a name for this captive portal profile The name should allow you to differentiate this Profile Name captive profile from others you may set up Browser Title Enter the text that will appear in the title of the browser during the captive portal session Select whether the login page displayed during the captive portal session will Show an image or color Choices are Image displays an image as the background on the page Use the Page Background Image field to select a background image Color sets the background color on the page Select the color from the drop down menu Background Page Background If you set Background to Image upload the image file by clicking Add Browse Select an Image image click Open and then click the Upload button The maximum size of the image is 100 kb Page Background Choose the file you want to upload Upload Page Background If you set Background to Color select the background color of the page that will appear Color during the captive portal session from the drop down menu Custom Color If you choose Custom on Page Background Color enter the HTML color code a 3 To 18 PT 6 10 3 Select whether the login page displayed during the captive portal session will Show an image or color Choices are Background Image show image on the page Use the Header Background Color field to select
237. iption Profile Name Enter a name for this profile Select the priority of the profile The choices are e Highest Priority e High Low Lowest Maximum Bandwidth Enter the maximum bandwidth value for this profile Minimum Bandwidth Enter the minimum bandwidth value for this profile Option Interface Select which Option interface to apply this profile to 6 Goto Network QoS Option Traffic Shaping Where Qe Opole Deae eic e oc ie gum pisaba a baadcdlk paik qua sam gpaalajm Hb eds a byin Purus imr eked baly Hon fopi Urim isio fer iki ded mad ey mama eit hiij ie Uh Pese bii T Optics Traftsz Prispa List Re il mm Echt ote ee ra ez gel oma sz cons E Vin dul ulmi m Laka DAL IL 7 Click Add New Traffic Selector Complete the fields on the next page and then click Save am paf Ta Som ends Lupe d oom a ee Meat MP Pieler Bisse eres rfe Pelee inert Tuan I D Link DWC 1000 User Manual 188 Section 5 Advanced Network Configuration Field Description Profile Name Select the profile you created from the drop down menu Select a service from the drop down menu Select a match type from the drop down menu Choices are IP Address MAC Address Traffic Selector Match Type Port Name VLAN and DSCP value D Link DWC 1000 User Manual 189 Section 6 Securing Your Network Securing Your Network The wireless controller supports a number of features for
238. ired you can configure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if an Option port is down Single Option Port If you do not want to use Auto Failover or Load Balancing select Single WAN Port from the WAN Mode drop down menu and select the Option port you want to set Click Save D Link DWC 1000 User Manual 140 Section 5 Advanced Network Configuration Auto Rollover using Option Port In this mode one of your Option ports is assigned as the primary Internet link for all Internet traffic and the secondary Option port is used for redundancy in case the primary link goes down for any reason Both Option ports primary and secondary must be configured to connect to the respective ISP s before enabling this feature The secondary Option port will remain unconnected until a failure is detected on the primary link either port can be assigned as the primary In the event of a failure on the primary port all Internet traffic will be rolled over to the backup port When configured in Auto Failover mode the link status of the primary Option port is checked at regular intervals as defined by the failure detection settings 1 Click Network gt Internet gt Option Mode 2 Complete the fields from the table below and click Save Field Description Option Mode Select Auto Rollover Using Option Port from the drop down menu Use Primary Port Select
239. ivate your settings D Link DWC 1000 User Manual 269 Section 7 VPN Client To configure the controller as an OpenVPN client 1 Click VPN gt OpenVPN gt Settings 2 Toggle OpenVPN to ON and complete the fields in the table below Ogiaibu suirqekuem pipe SES Phe pier n agiia Cpiasim qi p Re B aea Cope Te Zjiziegi r1 EX muta m EB addu xad TM het Peas Pantin s i xs IDE i ues E Mein dare P zal ey ad Description Mode SeletClient Enter the IP address of the OpenVPN server Tunnel Protocol Select either TCP or UDP Encryption Algorithm Select the encryption algorithm from the drop down menu Pot Enter what port to use The default port is 1194 Hash Algorithm Select the hash algorithm from the drop down menu Click Save to save and activate your settings D Link DWC 1000 User Manual 270 Section 7 VPN Access Server Client To configure the switch as an OpenVPN access server client 1 Click VPN gt OpenVPN gt Settings 2 Toggle OpenVPN to ON and complete the fields in the table below ee ee pa aksa ee ee ee mms Car FP ard is umane doce berar Lever Corpo Wplcad Cotas is Ma eu Beit Field Description Mode Select Access ServerChant O O OOO O Pet Enter what port tose The defautportis984 File Cick Browse and locate the configuration file Cick Open andthen cick Upload D Link DWC 1000 User Manual 271 Sectio
240. ka aoe eet To DIT 2 To edit an existing SSID right click it and select Edit To create a new SSID Profile click the Add New SSID Profile button Note SSID ID 1 is always enabled If you do not want to have the first SSID enabled you must create a new SSID to be able to swap another SSID in the first slot D Link DWC 1000 User Manual 101 Section 4 Advanced WLAN Configuration memi feis Valles ares 3 Complete the fields in the table below and click Save Field Description Enter a name of your wireless network Be sure SSID is the same for all device in your wireless network and is case sensitive Captive Portal type is selected per SSID basis There are four types of access on a SSID Free No authentication is required for users connected to this SSID if this option is selected SLA Service Level Agreement If this is selected users connected to this SSID needs to accept Service Level Agreement before accessing anything outside this SSID Permanent User When this option is selected users need to get authenticated before accessing data outside this SSID Only permanent Captive Portal users can login from Captive Portal Type this SSID Temporary User When this option is selected users need to get authenticated before accessing data outside this SSID Only temporary Captive Portal users created by frontdesk user can login from this SSID Billing User When this option is selected users need to get aut
241. ked Clients and the current and future sessions from this client will be prevented iisa Webwork iome Capisem Portal bean amp 0 Urs this pape io montar the runtime authentication widens that arg arkis cn pour reoter Captive Portal Sessions List sees jen hight eiiie o record ts get move opciars amp Fic dala mulae in tabis Shaming O ia Dil T arein piak L j Paskan din D Link DWC 1000 User Manual 282 Section 8 Viewing Status and Statistics Viewing Active Sessions Path Status gt Network Information gt Active Sessions The Active Sessions page shows the following information about the active Internet sessions through the wireless controller e Source Destination Protocol used during the Internet sessions e State Tais co rem imsi co deis Paras len a gt dee hes pepe de ete Be tered Ibat Bis irea gp rire ramise Briss benii Lis mes D Jus rig ick apti 5 1 igen PALA Fred m Bag s Fai aig D Link DWC 1000 User Manual 283 Section 8 Viewing Status and Statistics Viewing VPN Sessions Path Status gt Network Information gt Active VPN Sessions Note This feature is only available when the DCS 1000 VPN license is activated The Active VPN Sessions page displays the following information about the active VPN sessions through the wireless controller e Policy Name e Endpoint e Transfer Rate KB and Packets e Configuration State Click the tab of th
242. l The temporary account usage time is limited by duration The account has the expiration time The account is valid while the account first logs in Account Account Activation Account Account Creation Login Depletion Expiration Usage Period This billing profile is suitable for the scenario in Coffee Shop Airport etc The customer can use wireless internet service for a period of time counting from first time logs in D Link DWC 1000 User Manual 50 Section 3 Basic Configuration Ill The temporary account is valid with specific date and time The account has the expiration time Account Account Activation ASSLT Creation Specific Dates Tine Depletion Expiration Usage Period This billing profile is suitable for the scenario in Press Conference The organizer generates accounts before the event and delivery account information to participator in advanced if necessary The temporary account would be only valid from specific date and time IV The temporary account has limited time usage The account doesn t have the expiration time until the usage is run out Account Account Account Creation Activation Depletion Expiration 5x tt a a L J m J Usage Time This billing profile is suitable for the scenario in Hotspot The service provider charge the wireless service based on usage time This account allows multiple devices log in at the same time V The temporary account has limited usage traffic The account do
243. l VAPs are disabled Networks that deploy sentry APs or radios can detect devices on the network quicker and perform more thorough security analysis In this mode the radio switches from one channel to the next The length of time spent on each channel is controlled by the scan duration The default scan duration is 10 milliseconds RF Scan Interval nen controls the length of time between channel changes during the RF The radio can scan channels in the radio frequency used by the 802 11b g band 2 4 GHz the 802 11a band 5 GHz or both bands Select the channel band for RF Scan Sentry Channels the radio to scan Note The band selection applies only to radios in sentry mode and is dependent upon the capabilities of the radio The Mode defines the Physical Layer PHY standard the radio uses Select one of the following modes for each radio interface IEEE 802 11a is a PHY standard that specifies operating in the 5 GHz U NII band using orthogonal frequency division multiplexing OFDM It supports data rates ranging from 6 to 54 Mbps IEEE 802 11b g operates in the 2 4 GHz ISM band IEEE 802 11b is an enhancement of the initial 802 11 PHY to include 5 5 Mbps and 11 Mbps data rates It uses direct sequence spread spectrum DSSS or frequency hopping spread spectrum FHSS as well as complementary code keying CCK to provide the higher data rates It supports data rates ranging from 1 to 11 Mbps IEEE 802 11g is a higher speed extension up
244. l configuration settings for all managed APs and the wireless controller including WLAN Global Setup AP Validation and Country Configuration Path Wireless gt General gt General To configure the WLAN general settings 1 Click Wireless gt General gt General The WLAN General Settings page will appear Les ret al rti ieg Wr AB Hnos Letas WR Caste tied priatsca ete EN J 7 be Beit Fem Giese D Chess Roe Paidan Ad Rap Chet hisia Fiance LI Of alee atas Fm ot Piensa dvttemie ei mas B mei n Bachiri PIDEN i Diez ir D rer Tin furi Tones pr Teaee OF wiy Jigi i Ete jar Biber Ak Casi Bak C m Pemas bm beriii piam iier Dem TED ere Bibu kal EE Ara n tairi Lauri Ig o Luna Baum did pah Bio Lire Bwa Rar latim Badan iss peeing here Dum Babsi dep mieg Bode me AA Fallicrios AP a Su ddai cm imi low Regie Batrascizaties Zasipbt ait Ln Bacepe MF edm Present Feleme Cade mw LEE eee Lr LEF m ka LIEN LIC LIS pii LI DLP LE II pom FEL OIA rombe FLEE pwbp I eo Esi Mifi dee m 2 Complete the fields in the table on the next page 3 Click Save D Link DWC 1000 User Manual 64 Section 4 Advanced WLAN Con Field IP Address Peer Group ID Client Roam Timeout Ad Hoc Client Status Timeout AP Failure Status Timeout Client MAC Authentication RF Scan Status Timeout Detected Clients Status Timeout Tunnel IP MTU Size Cluster Priority AP Client QoS
245. lection You can automatically or manually run the auto channel selection algorithm to allow the controller to adjust the channel on APs as WLAN conditions change By default the global auto channel mode is set to manual To enable the automatic channel selection mode go to the AP Management gt RF Management page and select Fixed or Interval for the Channel Plan mode You can also run the automatic channel selection algorithm manually from the Manual Channel Plan page Note If you assign a static channel to an AP in the Valid AP database or on the Advanced AP Management page the AP will not participate in the auto channel selection The power level affects how far an AP broadcasts its RF signal If the power level is too low wireless clients will not detect the signal or experience poor WLAN performance If the power level is too high the RF signal might interfere with other APs within range Automatic power uses a proprietary algorithm to automatically adjust the RF signal to broadcast far enough to reach wireless clients but not so far that it interferes with RF signals broadcast by other APs The power level algorithm increases or decreases the power level in 10 increments based on presence or absence of packet retransmission errors The automatic power algorithm will not reduce the power below the number you set in the default power field By default the power level is 100 Therefore even if you enable the automatic power the pow
246. ler Status and Statistics Path Status gt Wireless Information gt Controller Status gt Controller Status This page shows the controller status and information 1 Craters dosecheted Clais i Fite heried Tamael Peer Comtiile Becelee Thais Perr Ceateetie Teas Shalaw Ihe bm opahan oe to wirke pags Hama pintar eed sEa tubecz coca fe Coste ler Coetnaller Stacus WLAN Lasical s Cyaaestisanl Lraqas Coie bel ed See Cae troben 2haulamr Dar pide Chari Lort oles P Ach mme Hih TI Field Description WLAN Controller Operational Status This status field displays the operational status of the WLAN controller IP Address The IP address of the wireless controller Peer Controllers The number of peer WLAN controllers detected on the network Indicates whether this controller is the Cluster Controller for the cluster Among a group of peer Controllers one of the Controllers is automatically elected or configured to be the Cluster Controller The Cluster Controller gathers status Cluster Controller and statistics about all APs and clients in the peer group Note Only the Cluster Controller controller can display managed APs clients statistics and RF Scan databases for the whole cluster The Controllers that are not Cluster Controllers can display information only about locally attached devices Cluster Controller IP Address The IP address of the peer controller that is the Cluster Controller D Link DWC 1000 User Manu
247. lient initiates a VPN tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder e Remote client behind a NAT router The client has a dynamic IP address and is behind a NAT Router The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance The gateway WAN port acts as responder e PPTP server for LAN WAN PPTP client connections L2TP server for LAN WAN L2TP client connections D Link DWC 1000 User Manual 243 Section 7 VPN Settings IPSec VPN Policies Path VPN gt IPSec VPN gt Policies An IPSec policy is between the DWC 1000 and another gateway router and an IPSec client on a remote host The IPSec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints Transport This is used for end to end communication between the DWC 1000 and the tunnel endpoint either another IPSec gateway or an IPSec VPN client on a host Only the data payload is encrypted and the IP header is not modified or encrypted e Tunnel This mode is used for network to network IPSec tunnels where this gateway is one endpoint of the tunnel In this mode the entire IP packet including the header is encrypted and or authenticated When tunnel mode is selected you can enable NetBIOS and DHCP over IPSec DHCP over IPSec allows this switch to serve IP leases to hosts on the
248. ligible channels By default multiple channels are enabled D Link recommends that satellite APs do not have wired connectivity to the wireless controller A configuration push to WDS APs may take up to three minutes to complete D Link DWC 1000 User Manual 106 Section 4 Advanced WLAN Configuration Configure WDS Managed AP Path Wireless gt Access Point gt WDS Groups gt WDS Groups 1 Click Wireless gt Access Point gt WDS Groups 2 Click Add New WDS Group FA cmd a ream Lenin i be 3 Complete the fields in the table on the next page and click Save Field Description WDS Group Name A descriptive name of the WDS AP group which can contain up to 32 characters Specifies whether to enable spanning tree on all APs in this WDS AP group Spanning tree must be enabled if there are any potential loops in the network For Spanning Tree example if a satellite AP has links to two root APs then spanning tree must be enabled Note The spanning tree protocol running on the APs interacts with the spanning tree protocol running on the edge switches to which the APs are connected Password used for securing WPA2 Personal security on the WDS Link Range 8 63 ASCII characters To create or change the password select the Edit checkbox and type a Edit Password password in the available field This password must match the passwords set on the satellite APs in this group By default the
249. lone AP in the local or RADIUS Valid AP database This test may detect network misconfiguration as well as potential intrusion attempts Standalone AP with The following parameters are checked Unexpected Configuration Channel Number SSID e Security Mode WDS Mode Presence on a wired network D Link DWC 1000 User Manual 71 Section 6 Securing Your Network Description If the AP is classified as a Managed or Unknown AP and wireless distribution system Unexpected WDS Device WDS traffic is detected on the AP then the AP is considered to be Rogue Only stand Detection on Network alone APs that are explicitly allowed to operate in WDS mode are not reported as rogues by this test This test checks whether the AP is detected on the wired network If the AP state is Unknown then the test changes the AP state to Rogue The flag indicating whether AP is detected on the wired network is reported as part of the RF Scan report If AP is managed and is detected on the network then the controller simply reports this fact and doesn t change the AP state to Rogue In order for the wireless system to detect this threat the wireless network must contain one or more radios that operate in sentry Unmanaged AP Detection on Wired Network mode Specify the interval in seconds between transmissions of the SNMP trap telling the Rogue Detected Trap Interval administrator that rogue APs are present in the RF Scan database If you set the
250. m the drop down menu Background Page Background If you set Background to Image upload the image file by clicking Add Browse Select an Image image click Open and then click the Upload button The maximum size of the image is 100 kb Page Background If you set Background to Color select the background color of the page that will appear Color during the captive portal session from the drop down menu Custom Color If you choose Custom on Page Background Color enter the HTML color code Header Details Select whether the login page displayed during the captive portal session will show an image or color Choices are Background Image show image on the page Use the Header Background Color field to select a background color The maximum size of the image is 100 kb Color show background color on the page Use the radio buttons to select an image Header Background If you set Background to Image upload the image file by clicking Add gt Browse Select an Image image click Open and then click the Upload button The maximum size of the image is 100 kb ida rnc If you set Background to Color select the header color from the drop down menu Custom Color If you choose Custom on Page Background Color you can choose particular color by filling in the HTML color code Header Caption Enter the text that appears in the header of the login page during the captive portal session Caption Font Select the font for the header text Select the f
251. mikri We dala i54 184 10 1 Paar Coat ler Peer Zoapndters Lin re ps itat om as aim due d m m a ise elle ip rade Leg ut ee Field Description Cluster Information Connected Peer Controllers Software Version Software version for the given peer controllers Protocol Version Protocol version supported by the software on the peer wireless controllers Discovery method of the given peer wireless controller either through an L2 Discovery Reason Poll or IP Poll Managed AP Count Number of access points that the wireless controller manages currently Time since last communication with the wireless controller in hours minutes and seconds D Link DWC 1000 User Manual 313 Section 8 Viewing Status and Statistics Viewing WDS Group Status Path Status gt Wireless Information gt WDS Groups Status gt WDS Groups Status The Wireless Distribution System WDS Managed AP feature allows you to add managed APs to the cluster using over the air WDS links through other managed APs With WDS APs may be located outdoors where wired connection to the data network is unavailable or in remote buildings that are not connected to the main campus with a wired network The WDS AP group consists of the following managed APs Root AP Acts as a bridge or repeater on the wireless medium and communicates with the controller via the wired link e Satellite AP Communicates with the controller via a WDS link to the Root AP
252. mit by Duration Valid with Begin and End Time Limitations on Duration basis If you enable Valid with Begin and End Time There are 3 types of limiting user access by duration 1 Start While Account Created Activate account when user is created 2 Start While Account Login Activate account when user first login using his credentials 3 Begin From Activate account from this date Start While Account Created If you select Start While Account Created enter a value in Hours Days to set duration of usage time Start While Account Login e Start While Account Login enter a value in Hours Days to set duration of If you choose Begin From select a specific time and date for the account valid begin Allow Front Desk to Modify If you enable Valid with Begin and End Time checking this option enables the front Duration desk user to modify duration limits Valid Begin Basic Limit by Usage Maximum Usage Time Maximum time user can stay login before his account expires Maximum traffic user can use before his account expires Only inbound traffic shall Maximum Usage Traffic be considered towards bandwidth usage Allow Front Desk to Modify If you enable Maximum Usage Time or Maximum Usage Traffic checking this option Usage enables the front desk user to modify usage limits D Link DWC 1000 User Manual 52 Section 3 Basic Configuration 4 Select an Interface for the guest captive portal a Click Wireless gt Access Point gt
253. n one to be used by the internal network the other used by the external network Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution To add a DNS name 1 Click VPN IPSec VPN Tunnel Mode Split DNS Names tab Wm c wa PPR Tonus edm por UMP fo Lt 2 lius saca smmm und iua Cura dii monum diem DNA praamid TRE Fummel w m Dgsmmis IF Bigo page ia cximdrr Pie donsa smaa hiis ia appii akkr szig bm nara mi plii DHS Mames List m v Lamar Ast rie am incl i qu mcr zen hs dria essi Lakh B LLLLIRIL 2 Click Add New Split DNS name You can right click any created entries to edit or delete DIE De Pr Leh ed i lom o ima ux es 3 Enter a domain name and click Save D Link DWC 1000 User Manual 249 Section 7 VPN DHCP Range This page displays the IP range to be assigned to clients connecting using DHCP over IPSec By default the range is in 192 168 12 0 subnet To configure the DHCP over IPSec DHCP server settings 1 Click VPN IPSec VPN DHCP Range TM s Wie WPS DHT enr oo Ti Raph dewi pis da mich ew Df piinia ridji mi d ds9 eg eg ans EL uere Feed Baid Ta bzaguari DHF je Cubo a d ia Del UELLE ITI URF Banger 2 Complete the fields in the table below and click Save Field Description Starting IP Address Enter the starting IP
254. n 7 VPN Local Networks If you selected Split Tunnel from OpenVPN Server you can create a local network by following the steps below 1 Click VPN gt OpenVPN gt Local Networks 2 Click Add New OpenVPN Local Network ee rai Tris pepe py Fem Val ud i maligni CpusEPE LUE delet Padis Kara piyon ba pris thee kmj al eo beasts Phe mepi Lim sus add deluje mad OL semmije Fee li pas Dipse VR banal aletrenres Lha a s no jet he c rit ln get menn pend LE di Hamm His Et Hamer 3 Enter a local IP network 4 Enter the subnet mask 5 Click Save Vari Line Reiret Cusligaratum iam His em E Lemar min D Link DWC 1000 User Manual 272 Section 7 VPN Remote Networks To create remote networks 1 Click VPN OpenVPN Remote Networks 2 Click Add New OpenVPN Remote Network EE HWE mans Hebel Peu pipt der Ea Ria idiin P S amimicba er sehe cam phis add db dad nU dl ed Rd Dham Fir paji Ue EM Bemete Magesshs Di oo Betrieb aa ruant ta qut mee ap M Marne teme htm tg 00 0 prr Cien m Gi repr t 3 Enter a name of the remote network 4 Enter alocal IP network 5 Enter the subnet mask 6 Click Save Spari herois Wetec Caniigerarin m O Era ru dman ia e D Link DWC 1000 User Manual 273 Section 7 VPN Authentication This page will allow you to upload certificates and keys Click Browse and select the file you wa
255. n 9 Maintenance Backup Configuration Settings Path Maintenance gt Firmware gt Backup Restore After you configure the wireless controller as desired back up the configuration settings When you back up the settings they are saved as a file You can then use the file to restore the settings on the same wireless controller if something goes wrong or on a different wireless controllerthat will replace or work with other wireless controllers 1 Click Maintenance Firmware Backup Restore Madama wwe o Reno hoses u e Tek irs ibisi wit Li do bE Racalios cslaled patati Cb dri Lilia dol Lire Barkin Setar eters FE msr 2 Click Save from System PC Save from USB Port 1 or Save from USB Port 2 depending on the location the backup should be saved to A If Save from System PC is chosen a dialog box message will appear Afterwards the browser will automatically begin the download to the default download location B If Save from USB Port 1 or Save from USB Port 2 is chosen the file will immediately be backed up to the corresponding USB flash drive without further prompts If no USB flash medium is present these options will do nothing D Link DWC 1000 User Manual 332 Section 9 Maintenance Restoring Configuration Settings Path Maintenance gt Firmware gt Backup Restore After you use the procedure on the previous page to back up a wireless controller s configuration settings you can restor
256. n and authentication process wireless clients send 802 11 management messages to APs The WIDS feature tracks the following types of management messages that each detected client sends Probe Requests e 802 11 Authentication Requests 802 11 De Authentication Requests In order to help determine whether a client is posing a threat to the network by flooding the network with management traffic the system keeps track of the number of times the AP received each message type and the highest message rate detected in a single RF Scan report On the WIDS Client Configuration page you can set thresholds for each type of message sent and the APs monitor whether any clients exceed those thresholds or tests To configure WIDS Client 1 Go to Wireless gt General gt WIDS gt AP WIDS Client Security tab D Link DWC 1000 User Manual 73 Section 6 Securing Your Network 2 Enable or disable the security options as desired refer to the table below and click Save Field Description Not Present in OUI Database This test checks whether the MAC address of the client is from a registered Test manufacturer identified in the OUI database This test checks whether the client which is identified by its MAC address is listed in the Known Client Database and is allowed access to the AP either through the Authentication Action of Grant or through the White List global action If the client is in the Known Client Database and has an
257. n attack The controller sends the list of BSSIDs and channels on which the rogue APs are operating to every managed AP D Link DWC 1000 User Manual 301 Section 8 Viewing Status and Statistics Sytien Sarh amp atm Winslea kvarmatkor Acces uina Deauthentscatson Aiacis o0 Distal Status managed Hardware Cagabikiny The AP De Authentication Athen Sous page conkainr intcraakion about rogus APL ihai Eve Cluster Contralier has attacked ay using tha de iwthenbeaton attack feature Thh feature Hi drabled by default The wirebris centraller can pealeck agaleiE rogir amp Fs by serding de auihenteatan nejsagei to the rogec ARP The de authen tation etlech l enturg sit be globally abd in cider for the wireleds iyibesm ps de fhiuduncticn Mala wre that ra logitingte AP aem classified sn rcquar before anablieg the attack fasiurs De Authentication Attacks List Shee O6 m anien a right dick option z a Fic data malatie in cH eig O i Dal Danika Field Description Shows the BSSID of the AP against which the attack is launched The BSSID is a MAC address Identifies the channel on which the rogue AP is operating Time Since Attack Started Shows the amount of time that has passed since the attack started on the AP RF Scan Report Age Shows the amount of time that has passed since the RF Scan reported this AP D Link DWC 1000 User Manual 302 Section 8 Viewing Status and Statistics Hardware Capability
258. n each physical access point 1 Click Wireless Access Point AP Profiles AP Profiles SSID tab FRIEEEEEEY i a a 4 3 7 PF 5 B8 i D SELELIES 2 Select the AP Profile from the drop down menu 3 Select the Radio Mode 4 Selectthe SSID name from the drop down menu 5 Enable disable the SSID by right clicking Enable or Disable Note SSID ID 1 is always enabled If you do not want to have the first SSID enabled you must create a new SSID to be able to swap another SSID in the first slot D Link DWC 1000 User Manual 96 Section 4 Advanced WLAN Configuration Configure AP Profile QoS Path Wireless gt Access Point gt AP Profiles gt AP Profile QoS Quality of Service QoS provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice over IP VoIP other types of audio video and streaming media as well as traditional IP data over the wireless controller Configuring Quality of Service QoS on the wireless controller consists of setting parameters on existing queues for different types of wireless traffic and effectively specifying minimum and maximum wait times through Contention Windows for transmission The settings described here apply to data transmission behavior on the access point only not to that of the client stations AP Enhanced Distributed Channel Access EDCA Parameters affe
259. necting to the internet configuring wired and wireless networking setting security options and creating new users Click on the Wizard wand icon to bring up the wizard It is always located near the top right corner of the screen on the left of the System Search box Refresh allows you to refresh the interface in order for changes to take effect immediately Click o on the refresh icon near the top right corner of the screen to the right of the Help icon Logout allows you to log out of the interface securely after you have finished Click on the Logout icon at the top right corner of the screen Status s System Information Device Menu Navigation Route Displays the menu route for the current page Displays the number of items on the table in one page The system can list 10 25 50 100 entries in one page Suns entries Ya e 11 ee First Previous Next Last on table Information would be shown in multiple pages Use First Previous Next Last to switch pages The page change function is always located near the bottom right corner of the table Search bar on table o Table content search allows you to search information in the table by typing in a word into the search box The search box is always located near the top right corner of the table Ranking sort on table Rank sort the relative order of value and information on the table by clicking table header D Link DWC 1000 User Manual 26 Section 3 Basic C
260. nel that is independent from the 802 11 wireless network communications channel Authentication Select the key type Choices are ASCII upper and lower case alphabetic letters numeric digits and special symbols such as and e HEX digits 0 to 9 and letters A to F Select the length of the WEP key Choices are 64 64 bits e 128 128 bits Transfer Key Index Indicates which WEP key the access point uses to encrypt the data it Tx transmits To select a transfer key click the button in front of the key number and the field where you enter the key You can specify four WEP keys In each text box enter a string of characters for each of the RC4 WEP keys shared with the stations using the access point Use the same number of characters for each key The number of keys you enter depends on the WEP Key Type and WEP Key Length selections The following list shows the number of keys to enter in the field 64 bit ASCII 5 characters Hex 10 characters 128 bit ASCII 13 characters Hex 26 characters Each client station must be configured to use one of these WEP keys in the same slot as specified here WEP Key Length bits WEP Keys D Link DWC 1000 User Manual 33 Section 3 Basic Configuration Table 3 2 WPA WPA2 Page Settings Field Description If you select WPA for Security the following two additional security options are displayed WPA Personal uses static key management You manually configu
261. neve Dikectery Homan database can now access the SSLVPN portal by using their Active Directory username and password Set the amount of time in seconds that the controller should wait for a response from Timeout the AD server DEBET This determines the number of tries the controller will make to the AD server before giving up D Link DWC 1000 User Manual 224 Section 6 Securing Your Network Configure NT Domain Server Path Security gt Authentication gt External Auth Server gt NT Domain The NT Domain server allows users and hosts to authenticate themselves via a pre configured Workgroup field Typically Windows or Samba servers are used to manage the domain of authentication for the centralized directory of authorized users To configure your NT Domain Server 1 Go to Security gt Authentication gt External Auth Server gt NT Domain tab a ee ee inih e co e D TE ILI Eg bel kz s ki pega uam pra is a smtp 57 Tinea jmmr BT Domain onfligurabiox 2 Complete the AD server information from the table below and click Save Field Description Authentication Server Enter the IP address of the NT Domain server Workgroup Enter the Workgroup for the Authentication Server Set the amount of time in seconds that the controller should wait for a response from Timeout the NT Domain server This determines the number of tries the controller will make to the NT Domain server before giving up
262. nfiguration is performed using configuration profiles A configuration profile allows a wireless controller to distribute a set of radio Service Set Identifier SSID and QoS parameters to the access points associated with that profile D Link DWC 1000 User Manual 14 Section 1 Product Overview The wireless controller comes with one profile predefined You can use this profile as is edit it to suit your requirements or create new configuration profiles as necessary For example An office building may have one configuration profile for access points located in one area of a facility such as a general work area and a different profile for access points in another area of the facility for example in the Human Resources department A shopping mall may need several configuration profiles if several businesses share a WLAN but each business has its own network e Large networks that need different policies per building or department could have access points configured for security policies for each building and department for example one for guests one for management one for sales and so on D Link DWC 1000 User Manual 15 Section 1 Product Overview Features and Benefits The DWC 1000 Wireless Controller is intended for campuses branch offices and small to medium businesses In a stacked configuration with the appropriate licenses a wireless controller can support up to 96 access points The wireless controller allows
263. nfigured here along with the policy parameters required to secure the tunnel i i LECTII E i D Link DWC 1000 User Manual 246 Section 7 VPN Settings A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPSec hosts The incoming and outgoing security parameter index SPI values must be mirrored on the remote tunnel endpoint As well the encryption and integrity algorithms and keys must match on the remote IPSec host exactly in order for the tunnel to establish successfully Note that using Auto policies with IKE are preferred as in some IPSec implementations the SPI security parameter index values require conversion at each endpoint The DWC 1000 supports VPN roll over feature This means that policies configured on the primary Option port will rollover to the secondary port in case of a link failure This feature can be used only if your WAN is configured in Auto Rollover mode Note Once you have created an IPSec policy you may right click the policy and select Export to save as a file You can then upload this to another controller or keep as a backup To upload a saved policy refer to Easy VPN Setup on page 254 D Link DWC 1000 User Manual 247 Section 7 VPN Settings Tunnel Mode Path VPN gt IPSec VPN gt Tunnel Mode When tunnel mode is selected you can enable NetBIOS and DHCP over IPSec DHCP over IPSec allows this switch to s
264. nt to the remote interface while being displayed here Click Refresh Right side on the page for refresh logs or reload page again Click Clear All to remove all entries in the Display Logs screen Vito maur ieee ttr eime Soo eee e Heip hes CAP PME gece Current CAPTIVE PORTAL Logi Hexe n jae fms ight tic options a ism de Dum tni TIENE TT Sm D Link DWC 1000 User Manual 362 Appendix A Basic Planning Worksheet Appendix A Basic Planning Worksheet RF planning enables you to specify how Wi Fi coverage will be provided It provides coverage maps and locations prone to weak signals or dead spots that might require additional access points to provide adequate Wi Fi coverage A Basic Planning Worksheet similar to the one in this appendix allows you to collect the following critical information to expedite your planning efforts e Building dimensions e Walls and possible obstructions to wireless coverage Number of floors e Distance between floors Total number of users and number of users per access point e Radio type s e Desired access point data rates Areas where you want to deploy access points Areas where you cannot deploy an access point Areas where you do not want coverage D Link DWC 1000 User Manual 363 Appendix A Basic Planning Worksheet Task Completed Site Planning Height of building Width of building 3 Floor dimensions Distance between floors Visual obstructions
265. nt to upload Click Open and then click Upload LE wm o Cae Peeled eee aiaa Cea Th pape deci la da aged pais cece ped Bari hh ds pm Dee Opn e IM Atha ic ain True Devtifiare C LaetiPiearei LaiBPiald Ll fen Lr TETEPIUTEPEEM Lis Fina arci Tekst P Ceci Desdiflieis mi Pa nim Vis Fen Bs breis Des EST Lp hee 5 Clee Fry Gap Dieta Ba liimik Ky fisi i eras Pie Tia amimi i Fry Far Tabet Be Boser ir Bile irern Fin tn ti Tis Aa Barri al ie Bary Arg Himin g hamis Ery Fis T D Link DWC 1000 User Manual 274 Section 8 Viewing Status and Statistics Status and Statistics This chapter describes the following pages which display wireless controller and access point status information and statistics D Link DWC 1000 User Manual 275 Section 8 Viewing Status and Statistics Viewing Statistic and Utilization Path Status gt Dashboard The wireless controller provides a dashboard that displays about the resources the system is using The dashboard page is organized into the following sections bt m E a e i EL e a B L m m m i Section Description Displays a chart of traffic overview by service for each interface Discovered APs MR a oe of discovered APs by their current status as detected by the Displays bandwidth usage by network segment such as WLAN or LAN The Bandwidth Usage data is broken into by applications ser
266. ntervals to be exactly the same between two neighbors If any of these intervals are different these controllers will not become neighbors on a particular segment Enter the cost of sending a packet on an OSPFv2 interface Select one of the following authentication types None The interface does not authenticate OSPF packets Simple OSPF packets are authenticated using simple text key MD5 The interface authenticates OSPF packets with MD5 authentication Md5 Key ID If MD5 authentication is selected enter the MD5 key ID Md5 Authentication Key If MD5 authentication is selected enter the MD5 authentication key we O Click Save to save your settings Authentication Type D Link DWC 1000 User Manual 168 Section 5 Advanced Network Configuration OSPF v3 IPv6 Path Network gt IPv6 gt OSPFv3 OSPF Open Shortest Path First is an interior gateway protocol that routes Internet Protocol IP packets solely within a single routing domain It gathers link state information from available controllers and constructs a topology map of the network OSPFv3 supports IPv6 To enable an OSPFv3 process on a controller you need to enable the OSPFv3 process globally assign the OSPFv3 process a controller ID and enable the OSPFv3 process on related interfaces To configure OSPFv3 1 Click Network gt IPv6 gt OSPFv3 nae o BS a o amp Vi piin cere UR Ll ph eri noa m iori id t Wee nimbi Vari dan Pii rdi ee eed e
267. ntroller can update code on APs managed by peer wireless controllers Path Maintenance gt Firmware gt AP Firmware Download 1 Click Maintenance gt Firmware gt AP Firmware Download gt AP Firmware Download tab ee aD Fase fence edo ke Ded Me ims Dirvi tibie bg rai els aera em s Mu Eri HE i mimi aaa Lael othe tet moist sndr re d i ened by ee ke ee Jer ie AA AF Firericnip Corimeaad 2 Complete the fields refer to the table on the next page and then select the AP s you want to upgrade Use CTRL click to select multiple APs 3 Click Save to begin the upgrade process D Link DWC 1000 User Manual 113 Section 4 Advanced WLAN Configuration Field Description Enter the IP address of the host where the upgrade file is located The host must have Server Address a TFTP server installed and running Enter the file path on the TFTP server where the software is located You may enter up to 96 characters Enter the name of the upgrade file You may enter up to 32 characters and the file extension tar must be included When you upgrade multiple APs each AP contacts the TFTP server to download the upgrade file To prevent the TFTP server from being overloaded you can limit the number of APs to be upgraded at a time In the Group Size field enter the number of APs that can be upgraded at the same time When one group completes the upgrade the next group begins the process Type of the image to
268. number that identifies the configured WDS AP group AP MAC Address Identifies the AP in the group by its MAC address AB Connection Status Indicates whether the AP is currently being managed by one ofthe controllers in the cluster Satellite Mode Indicates whether the AP is a Satellite AP connected to the network via a WDS link or a Root AP connected to the network via a wired link Indicates whether this AP is the root of the spanning tree If spanning tree is SIPRGOUMOHE disabled then the AP is always reported as Not STP Root Ethernet Port STP State When spanning tree is enabled on the APs in the WDS group this status parameter reports the spanning tree status of the Ethernet port On Satellite APs the Ethernet port can be manually disabled On root APs the port is always enabled Ethernet Port Link State When the Ethernet port is enabled this status reports the link state ofthe port Ethernet Port Mode Root Path Cost Spanning Tree Path Cost to the root The root AP always reports this value as 0 If spanning tree is disabled the value is also 0 D Link DWC 1000 User Manual 317 Section 8 Viewing Status and Statistics Viewing WDS Link Status Path Status gt Wireless Information gt WDS Groups Status WDS Link Status The WDS AP Link Status page displays summary information about the link configuration and link state in a WDS group duum rimis iaa WON Ciiis Hain E eo t e WI G oga Shaka x WHL AF ET ire bags
269. ny Specifies that the policy is for traffic from the given end point local or remote Note that selecting Any for both local and remote end points is not valid Single Limits the policy to one host Enter the IP address of the host that will be part of the VPN Range Allows computers within an IP address range to connect to the VPN Enter the Start IP Address and End IP Address in the provided fields Subnet Allows an entire subnet to connect to the VPN Enter the network address and subnet mask in the provided fields Enable Keepalive E to periodically send ping packets to the host on the peer side of the network to keep the D Link DWC 1000 User Manual 245 Local IP Remote IP Section 7 VPN Settings 3 Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 Phase 2 negotiation to use for the tunnel This is covered in the IPSec mode setting as the policy can be Manual or Auto For Auto policies the Internet Key Exchange IKE protocol dynamically exchanges keys between two IPSec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details The Phase 2 Auto policy parameters cover the security association lifetime and encryption authentication details of the phase 2 key negotiation The VPN policy is one half of the IKE VPN policy pair required to establish an Auto IPSec VPN tunnel The IP addresses of the machine or machines on the two VPN endpoints are co
270. o atom z S 7 D Link DWC 1000 User Manual 268 Section 7 VPN Open VPN Settings VPN OpenVPN Settings OpenVPN allows peers to authenticate each other using a pre shared secret key certificates or username password When used in a multiclient server configuration it allows the server to release an authentication certificate for every client using signature and Certificate authority An OpenVPN can be established through this controller You can select server mode client mode or access server client mode In access server client mode the user has to download the auto login profile from the OpenVPN Access Server and upload the same to connect Server To configure the controller as an OpenVPN Server 1 Click VPN gt OpenVPN gt Settings 2 Toggle OpenVPN to ON and complete the fields in the table below E Field Description mode seese O O O O pon EwerwwtpottoeTheddadpoTk nioa Encryption Algorithm Select the encryption algorithm from the drop down menu Hash Algorithm Select the hash algorithm from the drop down menu Select either Full Tunnel or Split Tunnel Full Tunnel mode just sends all traffic from the client across the Tunnel Type VPN tunnel to the controller Split Tunnel mode only sends traffic to the private LAN based on pre specified client routes If you select Split Tunnel refer to LAN Configuration on page 119 to create local networks Click Save to save and act
271. o log in to the wireless controllers web management interface from a particular network or IP address 1 Click Security Authentication User Database Groups tab 2 Click the Add IP Policies button The IP Policies Configuration page will appear BP Folicies ae 7C min Fis dete meslabla by ishla Tieni E i Bef 0 ones ri 3 Complete the fields in the table below and click Save The address you defined will appear in the Defined Addresses area JP Policies Configuration arcuz Hane Dee arr dcc ot ed Put bet aurcs igde Tape Wire dddreds iP Address Field Description Select a group name from the drop down menu Choices are Source Address Type IP Address specifies a particular IP address e IP Network specifies an entire IP network Network Address IP Address Enter the network or IP address MaskLength D Link DWC 1000 User Manual 200 Section 6 Securing Your Network User Management After you add user groups you can add users to the user groups Users can be added individually or they can be imported from a comma separated value CSV formatted file After you add users you can edit them when changes are required and delete users when you no longer need them Adding Users Manually Path Security Authentication User Database Users One way of adding users is to add users individually 1 Go to Security gt Authentication gt User Dat
272. ode looks like any other Ethernet frame General Select to allow the port to become a member of a user selectable set of VLANs The port sends and receives data that is tagged or untagged with a VLAN ID If the data into the port is untagged it is assigned the defined PVID All tagged data sent out of the port with the same PVID will be untagged Trunk Select to multiplex traffic for multiple VLANs over the same physical link All data going into and out of the port is tagged Untagged coming into the port is not forwarded except for the default VLAN with PVID 1 which is untagged Interface Select to make it as a standalone interface Manually define the interface IP address subnet mask and gateway 4 Click Save D Link DWC 1000 User Manual 155 Section 5 Advanced Network Configuration MAC Based VLANs Path Network gt VLAN gt Advanced VLAN gt MAC Based VLAN If a packet is untagged or priority tagged the device shall associate it with the VLAN which corresponds to the source MAC address in its MAC based VLAN tables If there is no matching entry in the table then the packet is subject to normal VLAN classification rules of the device Use the MAC based VLAN Configuration page to map a MAC entry to the VLAN table After the source MAC address and the VLAN ID are specified the MAC to VLAN configurations are shared across all ports of the controller 1 Go to Network gt VLAN gt Advanced VLAN gt MAC Based VLAN ta
273. of the following values Requested A download is planned for this AP but the AP is not in the current download group so it hasn t been told to start the download yet Code Transfer In Progress The AP has been told to download the code Failure The AP reported a failing code download Aborted The download was aborted before the AP loaded code from the TFTP Status per AP server Waiting For APs To Download A download finished on this AP and it is waiting for other APs to finish download Reset command is not sent to the AP in this state NVRAM Update In Progress Download completed successfully The reset command sent to the AP Timed Out The AP did not reconnect to the controller in the fixed time interval Refer to Status per AP above D Link DWC 1000 User Manual 116 Section 5 Advanced Network Configuration Advanced Network Configuration While the basic configuration described in the previous chapter is satisfactory for most users large wireless networks or a complex setup may require the wireless controller s advanced configuration settings to be configured This chapter covers the following commonly used advanced configuration settings IP Mode on page 118 IPv4 LAN Settings on page 119 e IPv6 LAN Settings on page 121 e VLANs on page 150 e Configure IPv4 Static Routing on page 162 e Configure IPv6 Static Routing on page 164 e QoS Configuration on page 174 Note The procedure
274. ographic protection making them vulnerable CRAM MD5 a challenge response authentication mechanism defined in RFC 2195 based on the HMAC MD5 MAC algorithm CRAM MD5 offers a higher level of authentication than Login Plain E Mail Server Address D Link DWC 1000 User Manual 352 Section 10 Troubleshooting Option Description If Authentication with SMTP Server is set to Login Plain or CRAM MD5 enter the user User Name dM name to be used for authentication If Authentication with SMTP Server is set to Login Plain or CRAM MD5 enter the Password Mae case sensitive password to be used for authentication If Enable E Mail Logs is checked this option determines whether the wireless Respond to Identd from SMTP controller responds to IDENT requests from the SMTP server Choices are Server ON wireless controller responds to an IDENT request from the SMTP server e OFF wireless controller ignores IDENT requests from the SMTP server Send E Mail Logs by Schedule To receive e mail logs according to a schedule configure the appropriate schedule settings Scheduling options are enabled when the Enable E Mail Logs option is checked Select the period of time that you need to send the log This option is useful when you do not want to receive logs by e mail but want to keep e mail options configured so you can use the Send Log function Event Log viewer pages Choices are Unit Never disable sending of logs Hourly send
275. ome the Cluster Controller The highest possible priority is 255 Enable or disable the client QoS feature If AP Client QoS is disabled the Client QoS configuration remains in place but any ACLs or DiffServ policies applied to wireless traffic are not enforced The Client QoS feature extends the primary QoS capabilities of the wireless controller to the wireless domain More specifically access control lists ACLs and differentiated service DiffServ policies are applied to wireless clients associated to the AP 65 Section 4 Advanced WLAN Configuration AP MAC Validation Require Authentication Passphrase Manage AP with Previous Release Code Country Code D Link DWC 1000 User Manual Description AP Validation For a wireless controller to manage an AP you must add the MAC address of the AP to the Valid AP database which can be kept locally on the controller or in an external RADIUS server When the controller discovers an AP that is not managed by another wireless controller it looks up the MAC address of the AP in the Valid AP database If it finds the MAC address in the database the controller validates the AP and assumes management Select the database to use for AP validation Choices are e Local Add the MAC address of each AP to the local Valid AP database RADIUS Configure the MAC address of each AP in an external RADIUS server Select this option to require APs to be authenticated before they can assoc
276. onfiguration Basic Configuration Procedures To perform common basic configuration procedures follow the steps below e Step 1 Enable DHCP Server Optional on page 28 e Step 2 Configure Country Code on page 29 e Step 3 Select APs to be Managed on page 30 e Step 4 Change the SSID and Set Up Security on page 32 e Step 5 Select MAC Authentication Mode on page 37 e Step 6 Confirm Access Point Profile is Associated on page 39 e Step 7 Configure Captive Portal Settings on page 40 e Step 8 Use SSID with RADIUS Sever as Authenticator on page 48 e Step 9 Configure Guest Management on page 49 e Step 10 Configure a BYOD Environment on page 56 D Link DWC 1000 User Manual 27 Section 3 Basic Configuration Step 1 Enable DHCP Server Optional By default Dynamic Host Configuration Protocol DHCP is disabled on the wireless controller If you are not configuring your access points with static IP addresses set up a DHCP server or DHCP server relay on the network If desired perform the following procedure to configure your wireless controller to act as a DHCP server 1 Click Network gt LAN gt LAN Settings The LAN Settings page will appear 2 Under IP Address Setup change the IP Address and Subnet Mask to values used within your network Record the settings you will refer to them later in this procedure Click Save Wait 60 seconds and then relaunch your web browser In th
277. onfigured services or any of the user defined services the type of traffic can be assigned to go over only one of the available Option ports For increased flexibility the source network or machines can be specified as well as the destination network or machines For example the VOIP traffic for a set of LAN IP addresses can be assigned to one Option and any VOIP traffic from the remaining IP addresses can be assigned to the other Option link Protocol bindings are only applicable when load balancing mode is enabled and more than one Option port is configured To add edit or delete a protocol binding entry 1 Click Network gt Routing gt Protocol Binding 2 Right clicka current entry and select Edit or Delete To add a new entry click Add New Protocol Binding 3 Complete the fields in the table below and click Save roro dedos C EL eo Field Description Select a service from the drop down menu Local Gateway Select an Option interface Source Network Select the source network Any Single Address or Address Range If Single Address or Address Range is selected enter the IP address or IP range Destination Network Select the destination network Any Single Address or Address Range If Single Address or Address Range is selected enter the IP address or IP range Click Save to save your settings D Link DWC 1000 User Manual 173 Section 5 Advanced Network Configuration QoS Configuration In a
278. onflict Threshold Once the controller channel interference calculation has done AP will prepare to change the radio to the less interference channel To avoid two or more nearing APs change to the same channel at the same time AP will cancel the channel changing if there have any nearing AP which the signal strength is above the Managed AP CH conflict Threshold are also attempt change to the same channel 9 Manual Channel Plan If you select Manual click on the Manual Channel Plan tab Here you can apply and start the channel algorithm on selected access points 10 Channel Plan History This field shows whether the controller is using the automatic channel adjustment algorithm on the AP 2 4GHz and 5GHz radio D Link DWC 1000 User Manual 68 Section 4 Advanced WLAN Configuration Configure Power Settings Path Wireless gt General gt Power Algorithm You can set the power of the AP radio frequency transmission in the AP profile the local database or in the RADIUS server The power level in the AP profile is the default level for the AP and the power will not be adjusted below the value in the AP profile The settings in the local database and RADIUS server always override power set in the profile setting If you manually set the power the level is fixed and the AP will not use the automatic power adjustment algorithm To configure Channel Algorithm setting 1 Click Wireless gt General gt Power Algorithm gt Power Settin
279. ons Remote Log Identifier Enter a prefix used to identify the source of the message This identifier is prefixed to both e mail and Syslog messages Routing Logs Enables or disables email logs Choices are Enable E Mail Logs ON enable email logs Complete the remaining fields on this page OFF disable email logs The remaining fields on this page are unavailable If Enable E Mail Logs is enabled enter the IP address or Internet Name of a Simple Mail Transfer Protocol SMTP server The wireless controller will connect to this server to send e mail logs when required The SMTP server must be operational for email notifications to be received SMTP Port If Enable E Mail Logs is enabled enter the SMTP port of the e mail server Return E Mail Address If Enable E Mail Logs is enabled enter the e mail address where replies from the SMTP server are to be sent required for failure messages Send to E mail Address 1 3 If Enable E Mail Logs is enabled enter up to three email addresses where logs and alerts are to be sent If Enable E Mail Logs is enabled select an authentication if the SMTP server requires authentication before accepting connections Choices are None no authentication is used The User Name and Password fields are not available Authentication with SMTP e Login Plain authentication used to log in using Base64 encoded passwords Server over non encrypted communication session Base64 encoded passwords offer no crypt
280. ont size for the header text Font Color Select the font color for the header text D Link DWC 1000 User Manual 46 Section 3 Basic Configuration Field Description Login Details Enter the text that appears in the title of the login box when the user logs in to the captive Login Section Title a portal session This field is optional Welcome Message Enter the welcome message that appears when users log in to the captive session successfully This field is optional Enter the error message that appears when users fail to log in to the captive session Error Message successfully This field is optional Footer Details rcr Enables or disables changes to the footer content on the login page Footer Content If Change Footer Content is checked enter the text that appears in the footer If Change Footer Content is checked select the color of the text that appears in the Footer Font Color footer d Under Login Profiles List right click the profile and click Show Preview to view the profile you just configured Confirm that the appearance of the login page suits your requirements If not repeat steps 4b and 4c as necessary D Link DWC 1000 User Manual 47 Section 3 Basic Configuration Step 8 Use SSID with RADIUS Sever as Authenticator To use SSID with RADIUS authentication perform the following procedure 1 Go to Security gt Authentication gt External Auth Server gt RADIUS Server tab
281. ontroller Ping an IP Address Path Maintenance gt Management gt Diagnostics gt Network Tools As part of the diagnostics functions on the wireless controller you can ping an IP address You can use this function to test connectivity between the wireless controller and another device on the network connected to the wireless controller 1 Go to Maintenance gt Management gt Diagnostics gt Network Tools Vets aun tir br send Ue doramaddig acmanze lbh repr etree zit SU iste genie uada kier rimi don cag mp mM et ee Kris Doch 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Ping The results will appear in the Command Output display below D Link DWC 1000 User Manual 343 Section 10 Troubleshooting Path Maintenance gt Management gt Diagnostics gt Network Tools Using Traceroute The wireless controller provides a Traceroute function that lets you map the network path to a public host Up to 30 intermediate controllers or hops between this wireless controller and the destination will be displayed 1 Go to Maintenance gt Management gt Diagnostics gt Network Tools Hic Doch l anno hrger e E sade roms bpas Commun hs ruat Vida amm pier br acri 56 degen ido acmcae zs Vibe eee stele sihi SU dee ingens Fuge kier adem lew oto mei ae eee 2 Under Command Output for Ping and Traceroute
282. ore giving up n Admin account in LDAP server that will be used when LDAP authentication is required Administrator Account for PPTP L2TP connection Enter the admin password D Link DWC 1000 User Manual 223 Section 6 Securing Your Network Configure Active Directory Server Path Security gt Authentication gt External Auth Server gt AD Server Active Directory authentication is an enhanced version of NT Domain authentication The Kerberos protocol is leveraged for authentication of users who are grouped in Organizational Units OUs In particular the Active Directory server can support more than a million users given is structure while the NT Domain server is limited to thousands The configured Authentication Servers and Active Directory domain s are used to validate the user with the directory of users on the external Windows based server This authentication option is common for SSL VPN client users and is also useful for IPSec PPTP L2TP client authentication To configure your AD Server 1 Go to Security gt Authentication gt External Auth Server gt AD Server tab 2 Complete the AD server information from the table below and click Save Field Description Authentication Server IP address of the AD authentication server Since Active Directory is the chosen authentication type you must enter the Active Directory domain name in this field Users that are registered in the Active Directory
283. ore unwrapping the antistatic packaging be sure to discharge static electricity from your body 2 When transporting a sensitive component first place it in an antistatic container or package 3 Handle all sensitive components in a static safe area If possible use antistatic floor pads workbench pads and an antistatic grounding strap D Link DWC 1000 User Manual 5 Table of Contents Preface c cosctusedevstenseueeiusssecenunssevedesabevdenieesevenshivedessnuveseeceuseoasleeev esos DU ed d uv Du dU du ka DU drea teu VER 2 Manda Reyisi OS nite cosa E RUN en qnd irons Uo Enter e UM ARA een Rama er n n 2 Trademarks nie NUR DETUR Fe BR ORE t NU GAA RR NER ASAE RAEN ND GN DON Oo 2 Salts nStPU Oris as oit aa RUD UR UR Me dE M e CONO SOR QUO Ebo pe He Ote 3 Safety Cal HODS norit qi seduto alin tant o tes dara Pec nes usce aeu e sc uma D rms qud ad 3 Protecting Against Electrostatic Discharge eese tentes rte tentent tonta tentent stones testes tt ssenns 5 PROGUCEO VGN VIGW PT 14 MUSA CU DOI NR Rc 14 Features and BerneHtsx cucusot e RN wy eases EE E e ssa 16 PackageContents iucundi pep prb uide ap ia Rp rc RU UR Uns D rei igo sto manana antl 17 Required Tools and Inforrmatigr oe eim centi vermieten pet ah eh AERE Co pete PERROS 17 Front Patel s sete sev ERN PME EAT UON IE e Ae UM ens GRE Ra dO EM UAE 18 Rear Pariel i 5 aiamoenhita ouo e OM RH p HS Dn ses e e vc d eed mask us rage psi oe n pl c Masa RE 18 Distal ALIGN ee
284. ou can enable the discovery protocol on up to 16 VLANs By default VLAN 1 is enabled on the AP and VLAN 1 is enabled for discovery on the wireless controller If the wireless controller and AP are in the same Layer 2 multicast domain you might not need to take any action to enable AP discovery The wireless controller also uses L2 VLAN discovery to find peer controllers within the L2 multicast domain The APs process the discovery message only when it comes in on the management VLAN The APs do not forward the L2 discovery messages onto the wireless media From the wireless controller you can check the discovery status of APs and peer controllers To view information about whether the controller discovered any APs navigate to the Wireless gt Access Point gt Discovered AP List page The color of MAC address of the Discovered AP List indicating the AP is Green Managed AP e Red Connected Fail AP or AP D Link UAP which is not in local or RADIUS Valid AP Database e Gray Unknown AP or Rogue AP Orange Managed AP by peer controller Pm i TLS SR cm woe du pei ee i Ga LENITER CES Fia Ea Latter airy Timi LX A coming bou Fo 1n D Link DWC 1000 User Manual 78 Section 4 Advanced WLAN Configuration Configure L2 VLAN Discovery Path Wireless gt Access Point gt AP Poll List 1 Click Wireless gt Access Point gt AP Poll List gt VLAN Discovery tab fe anaes sued Hc ie heed MAP cel RR EAT ee ee PED
285. panning Tree Path cost for the WDS link The range is 0 255 When multiple alternate paths are defined in the WDS group the link cost is used to indicate which links are the primary links and which links are the secondary links The spanning tree selects the path with the lowest link cost Link Cost D Link DWC 1000 User Manual 110 Section 4 Advanced WLAN Configuration Peer Group The Peer Group Configuration feature allows you to send a variety of configuration information from one wireless controller to all other wireless controllers In addition to keeping the wireless controller synchronized this function allows you to manage all wireless controllers in the cluster from one controller Configure Peer Group Path Wireless gt Peer Group gt Peer Configuration You can copy portions of the wireless controller configuration from one controller to another controller in the cluster The Peer Group Configuration Enable Disable page allows you to select which parts of the configuration to copy to one or more peer wireless controllers in the group You can make changes to a configuration that has been sent to one or more peer controllers and you can make changes to a configuration received from a peer controller No changes automatically propagate from one controller to the cluster you must manually initiate a request on one controller in order to copy any configuration to its peers 1 Click Wireless gt Peer Group gt Peer Configu
286. pe is Captive Portal enable MultiLogin allowing user using the same MultiLogin Ae 1 username password login via multiple devices at the same time Importing Users Path Security Authentication User Database Get User DB A faster alternative to adding individual users is to import users from a CSV formatted file 1 Click Security Authentication User Database Get User DB tab 2 Click the Browse button 3 In the Choose File dialog box navigate to the location of the CSV file and then click the file 4 Click Open and then click Upload D Link DWC 1000 User Manual 202 Section 6 Securing Your Network Editing Users Path Security gt Authentication gt User Database gt Users There may be times when you need to edit a user For example you might want to change the user s login password or idle timeout To edit a user 1 Click Security gt Authentication gt User Database gt Users tab The Users List page will appear 2 Right click on the user you want to edit and click Edit User Configuration o Price Ve Nebel SANE Ae mte S weil Mi Pas 111 gm 1 kerng sibi Pasre3qed Change mm ail LL ein on aseword m 3 Complete the fields in the table below and click Save Field Description Enter a unique name for this user The name should allow you to easily identify this user User Name from others you may add FirstName Enter the first name of
287. ption is available only if images are already loaded onto the controller To delete all images loaded onto the controller click Delete All Images Deleting background images is not recommended However if user uses has to delete the images user will need to refresh the WLAN Visualization tool after deleting images D Link DWC 1000 User Manual 76 Section 4 Advanced WLAN Configuration Launch Path Wireless gt General gt WLAN Visualization To launch the WLAN Visualization tool click Wireless gt General gt WLAN Visualization This will open a new browser window and starts the Java applet that allows the AP and WLAN controller network to be presented as a topology diagram with or without a custom background image a WD NN INES D Link DWC 1000 User Manual 77 Section 4 Advanced WLAN Configuration AP Discovery Methods The wireless controller and AP can use the following methods to discover each other L2 Discovery IP Address of AP Configured in the wireless controller IP Address of the wireless controller Configured in the AP L2 VLAN Discovery When the AP and the wireless controller are directly connected or in the same layer 2 broadcast domain and use the default VLAN settings the wireless controller automatically discovers the AP through its broadcast of a L2 discovery message The L2 discovery works automatically when the devices are directly connected or connected by using a layer 2 bridge Y
288. r Cus ir tibet T gee usua ar azar rdi i Eus edie Liu P n SEPI JRE a aP ara LU d LL Se u a mas mx das diua iw ans i fum a Ld 1 tali Becarios r i dt IL Wendel LJ e a p p maa L ime amem prr Lud mam feum m r Bash md m mu is a L DL oes ann IL noh ae bisaig i w hi a l mnl i LM b Under the SSID column select an SSID that will use the Captive Portal function by right clicking on it and clicking Edit The following pop up page will appear S210 stink Cop tive Portal Type Five ix Mida SiD BN ati E Farmer CIT t ignore Broadcast Leer de a VLAM WD MAC Authentication Local Wadlu Enable Redirect E Home J HTTP Wireless JEP tuppresilem Tunc Hades 11 Distributed Tunneliag me eda D Link DWC 1000 User Manual 43 Section 3 Basic Configuration c Select a user type from the drop down menu next to Captive Portal Type Choosing Free will allow immediate access through the Captive Portal choosing SLA will require the end user to agree to a service level agreement before being allowed access Choosing Permanent User will allow for selecting an authentication method such as local user database RADIUS LDAP or POP3 Choosing Temporary User or Billing User the authentication method is local user database In this case the user account in the local database is a permanent user
289. r TCP applications must be specified as being made accessible to remote users Allowing access to a LAN server requires entering the local server IP address and TCP port number of the application to be tunnelled To add a port forwarding rule 1 Click VPN SSL VPN Resources 2 Click Add New Rule under either Port Forwarding List for Configured Applications TCP Port or under Port Forwarding List for Configured Host Names FODN 3 Enter the IP address of the local server 4 Next enter either the TCP port number or the domain name FODN 5 Click Save pej lawang Lisi Rer dmi ri dagli ee eo D Link DWC 1000 User Manual Fon b Totam dig id Ta kiam i ro 266 Section 7 VPN Client Path VPN gt SSL VPN gt SSL VPN Client An SSL VPN tunnel client provides a point to point connection between the browser side machine and this switch When a SSL VPN client is launched from the user portal a network adapter with an IP address from the corporate subnet DNS and WINS settings is automatically created This allows local applications to access services on the private network without any special network configuration on the remote SSL VPN client machine It is important to ensure that the virtual PPP interface address of the VPN tunnel client does not conflict with physical devices on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different s
290. ration 2 Toggle each option to On or Off and then click Save Refer to the table below and on the next page Field Description Enable this field to include the basic and advanced global settings in the configuration that the controller pushes to its peers The configuration does not include the controller IP address since that is a unique setting Discover Enable this field to include the L2 and L3 discovery information including the VLAN y list and IP list in the configuration that the controller pushes to its peers Enable this field to include the RF management information in the configuration that Channel Power the controller pushes to its peers Enable this field to include the AP Database Valid AP in the configuration that the AP Database controller pushes to its peers D Link DWC 1000 User Manual 111 Section 4 Advanced WLAN Configuration Enable this field to include all AP profiles in the configuration that the controller AP Profiles pushes to its peers The AP profile includes the general AP settings such as the hardware type Radio settings SSID Profiles and QoS settings MAC Authentication DB Enable this field to include the MAC Authentication Database in the configuration that the controller pushes to its peers Enable this field to include the Captive Portal information in the configuration that Captive Portal the controller pushes to its peers RADIUS Client Enable this field to include the
291. rcentage of Load Utilization network bandwidth utilization allowed on the radio Once the level you specify is reached the AP stops accepting new client associations Enter a percentage of utilization from 1 to 100 Specify the maximum number of stations allowed to associate with this access point at any Maximum Clients f one time You can enter a value between 0 and 200 The access point can perform RF scans to collect information about other wireless devices within range and then report this information to the wireless controller If Scan Other Channels is set to ON the radio periodically moves away from the operational channel to scan other channels Enabling this mode causes the radio to interrupt user traffic which may be noticeable with voice connections When the Scan Other Channels OFF is cleared the AP scans only the operating channel This field controls the amount of time the radio spends scanning the other channel in RF Scan Duration a s milliseconds during an RF scan RF Scan Other Channels D Link DWC 1000 User Manual 91 Section 4 Advanced WLAN Configuration Description Select this option to allow the radio to operate in sentry mode When the RF Scan Sentry option ON the radio primarily performs dedicated RF scanning The radio passively listens for beacons and traffic exchange between clients and other access points but does not accept connections from wireless clients RF Scan Sentry In sentry mode al
292. re IEEE 802 11n capable and are authenticated 802 11n Clients These include IEEE 802 1 1a n IEEE 802 11b g n 5 GHz IEEE 802 1 1n 2 4GHz IEEE 802 11n 802 11ac Clients Total number of IEEE 802 1 1ac only clients that are authenticated Maximum number of clients that can associate with the wireless system Max Associated Clients This is the maximum number of entries allowed in the Associated Client database Detected Clients Number of wireless clients detected in the WLAN Max Detected Clients Maximum number of clients that can be detected by the controller The number is limited by the size of the Detected Client Database Maximum number of Client Pre Authentication events that can be recorded Max Pre auth History Entries by the system Total Pre auth History Entries Current number of pre authentication history entries in use by the system Maximum number of entries that can be recorded in the roam history for all detected clients Maximum Roam History Entries Total Roam History Entries Current number of pre authentication history entries in use by the system D Link DWC 1000 User Manual 305 Section 8 Viewing Status and Statistics Associated Clients Path Status gt Wireless Information gt Associated Clients gt Associated Clients The WLAN Associated Clients page tracks the traffic associated with the client connected to the wireless controller Right clicking on a client and clicking the View Details button display
293. re the same keys to encrypt data on both the wireless client and the access point WPA Enterprise uses a RADIUS server and dynamically generated keys to encrypt client to access point traffic WPA Security Enterprise is more secure than WPA Personal but you need a RADIUS server to manage the keys WPA Enterprise more secure than WPA Personal but you need a RADIUS server to manage the keys If you click this option the screen refreshes and the WPA Key Type and WPA Key fields are hidden The access point uses the global RADIUS server or the RADIUS server you specified for the wireless network Select the types of client stations you want to support Choices are WPA if all client stations on the network support the original WPA but none supports WPA2 select WPA WPAQ2 if all client stations on the network support WPA2 use WPA2 which provides the best WPA Versions security per the IEEE 802 1 1i standard WPA and WPA2 if you have a mix of clients that support WPA2 or WPA select both boxes This lets both WPA and WPA2 client stations associate and authenticate but uses the more robust WPA2 for clients who support it This WPA configuration allows more interoperability at the expense of some security Select the cipher suite you want to use Choices are e TKIP e CCMP AES WPA Ciphers TKIP and CCMP AES Both TKIP and AES clients can associate with the access point WPA clients must have a valid TKIP key or AES CCMP key to asso
294. reate device MAC authentication database on local database a Go to Security gt Authentication gt User Database gt MAC Authentication tab b Next to List Type the current type is displayed To change the setting refer to Step 5 Select MAC Authentication Mode on page 37 LI NEMPE ILI Is BB Euler LL AD E Phere fh Rau Dias Genii ein Web owibalkii Ges ede bb a Karea CBee Caos il dlami ceu Ps PH ndo suras n mail imij Ue BAC Karthreathcakios tind Lippe Dacian P weii itas am Gai om ass RII 10a Wem o s minm rer l n Ho ahi olde nine Shay Ee ae te c Click Add New MAC Authentication Enter the MAC address of the device and a name d Click Save ae eateries Contention msj Ride LL bard eg bea dm dum Note If the user authentication and MAC authentication database is external authentication server i e RADIUS please refer to Step 8 Use SSID with RADIUS Sever as Authenticator on page 48 7 Discover and manage an access point from the network Please refer to Step 3 Select APs to be Managed on page 30 D Link DWC 1000 User Manual 61 Section 3 Basic Configuration Where to Go from Here After installing the basic configuration procedures the wireless controller is ready for operation using the factory default settings in Appendix B These settings should be suitable for most users and most situations The wireless controller also provides advanced config
295. reless controller LAN leased clients and LAN IPv6 leased clients Mates Berea oko ERC CDex CAM Lee floes eo Ea SaaS Pike iibi fai Dm Get DM Serm ditet bed das Pe LUS DIS Tee mei te Saa DHF jer C m giere oriri Pe La etree DP sipasmi dua Labis m oe Dem Evi Ris Pur Pea malas LAB CR ree Lih eani Clg List ges s mmo ote a Pe ahi aulis e ale eX nua ns fert nf ii LL mat Po ia tia ee maman Lada es Rake desjcage Fe Bed id pam Pt Sheets cemented Lm Phe dis IL ee miris aud de DSP eh ides ate gadd oris Pe LAN iy peering RPSL pirenea Bee tee culi qaas ter Bl e Deeb rimas Pe bna eee LAA Dee eee VE vh Lsa Dirai bt mee a femmes o dense E E MH D Link DWC 1000 User Manual 281 Section 8 Viewing Status and Statistics Viewing Captive Portal Sessions Path Status gt Network Information gt Captive Portal Sessions The active run time internet sessions through the controller s managed AP s is listed in the below table These users are present in the local or external user database and have had their login credentials approved for internet access If Internet session passthrough is enabled select the session and right click Disconnect allowing the admin to selectively drop an authenticated user Select the session and right click Block device The Block Device button will result in the selected client being added to the blocked list Security gt Firewall gt Bloc
296. remote LAN As well in this mode you can define the single IP address range of IPs or subnet on both the local and remote private networks that can communicate over the tunnel To configure the radio settings 1 Click VPN gt IPSec VPN gt Policies a tata eee ae uri Peete 1 D b m p rs ime 2 Click Add new IPSec Policy Fill out the General section which you will name the VPN select policy type define the tunnel type and define endpoints D Link DWC 1000 User Manual 244 Section 7 VPN Settings DL Bebe r Bee abr Torr Ferme Team v s a 7 mo Bag LEE uds s Pal Lilk ilai ey Bamsir Fodpsiat B kde Pues Denis Hes Liste zr Traum eed rii Bsilsh lacera ad Pra tec LI aa L bpp iP ba ri bas bP kalii en brp bert Baca NUM Las Bumcin hoot F id domes Semele Tubi Mirt Erablr Baggacicn Field Description Policy Name Enter a unique name for the VPN Policy This name is not an identifier for the remote WAN client Select either Manual or Auto e Manual All settings including the keys for the VPN tunnel are manually input for each end point No Policy Type third party server or organization is involved Auto Some parameters for the VPN tunnel are generated automatically This requires using the IKE Internet Key Exchange protocol to perform negotiations between the two VPN Endpoints IP Protocol Version Select either IPv4 or IPv6 IKE Version S
297. ress of the RADIUS authentication server Authentication Port RADIUS authentication server port to send RADIUS messages Secret Secret key that allows the device to log into the configured RADIUS server It must match the secret on RADIUS server Set the amount of time in seconds the controller should wait for a response from the Timeout RADIUS server This determines the number of tries the controller will make to the RADIUS server before giving up D Link DWC 1000 User Manual 217 Section 6 Securing Your Network Configure RADIUS Accounting Path Security gt Authentication gt External Auth Server gt RADIUS Server You can configure the state of the specified RADIUS accounting service here To configure RADIUS Server 1 Go to Security gt Authentication gt External Auth Server gt RADIUS Accounting tab Thi pips sirm ku qam igucu Hasse i yee dm Darcas d rim arpar ma qam DU RADIUS Accounting dotnet LHe Mem dm mel dal um rmi ii qul cca prion FUL eat Trinar RR rn ouem P ma Fo xb f omnsoke 2 Click Add New Account Complete the information from the table below and click Save bia dopremi Hres Ler tineti or EN mirum mum Jue Wind di emn u Field Description Accounting Server IP Address IP address of the RADIUS accounting server Accounting Server Name Enter a name for the server Enter the port to use Secret OS Secret key that allows the device to log into the con
298. rmation about the configuration a controller has received from one of its peers Meme o Wide inderscion Giwi ema Pee orare Benes torts o 6 Fen Caeli abe rmt ike Tee Peer Career rete Tiatus gage idle mmfcrmatine skori te comAgererice wert y pas Loabrykes ie the cheer Peer Controtler Receive Status fonfipovatian rprivie hiafup Capa t Replies alai h t Saas d LA Lanier Bere Feer Contrpi ar IF bien naa Cosh par ater Frar haha Jan V ES EE rDD TO Description Current Receive Status Global status when wireless configuration is received from a peer controller Possible status values are Not Started Receiving Configuration Saving Configuration Applying AP Profile Configuration Success Failure Invalid Code Version Failure Invalid Hardware Version Failure Invalid Configuration Current Receive Status D Link DWC 1000 User Manual 290 Section 8 Viewing Status and Statistics Last Configuration Received Peer controller IP address of the last wireless controller from which this Peer Controller IP Address controller received any wireless configuration data Shows which portions of configuration were last received from a peer controller Possible values are Global Discovery Channel Power AP Database AP Profiles Known Client Captive Portal RADIUS Client QoS ACL QoS DiffServ None wireless controller has not received any configuration for another controll
299. rofile that the wireless controller applies to the access point Hardware ID Hardware ID associated with the access point hardware platform D Link DWC 1000 User Manual 298 Section 8 Viewing Status and Statistics Authentication Failed Path Status gt Wireless Information gt Access Point gt Authentication Failed An access point might fail to associate to the wireless controller due to errors such as invalid packet format or vendor ID or because the access point is not configured as a valid access point with the correct local or RADIUS authentication information The Authentication Failed APs List page shows information about access points that failed to establish communication with the wireless controller Right click on an AP to bring up options to manage or to view details System Sess SM LLLI gan Po dither TIL ao pm Br seam EMILE iEs LS he dd Mhars E Seek ee khe LFu al aed Ja fee dPond a Me Lied Wunkkeis Taaie RACER might ink in ase page is deu cacier nr Pur ba eer peck as brakii sechet dere rr veetes EO we econ the APO nrt costed ki a cach AP sitt nee rr B oe Bah ther tht atkos bandeau thon Authenticwtics Failed APg Litr hag mms EB iE wo aed ge mane rg iam ni Mi daa rabbiy in cabe ee E Fu Eoi ordiri An access point can fail due to any of the reasons Failure Description No Database Entr MAC address of the access point is not in the local Valid AP
300. rt can participate only in one voice VLAN at a time The Voice VLAN feature is disabled by default 1 Go to Network gt VLAN gt Advanced VLAN gt Voice VLAN tab 2 Toggle Activate Voice VLAN to ON and click Save 3 Click Add New Voice VLAN LE DE 4 Select the interface and Voice VLAN mode e VLAN The voice VLAN packets are uniquely identified by a number you assign All voice traffic carries this VLAN ID to distinguish it from other data traffic which is assigned the port s default VLAN ID However voice traffic is not prioritized differently than other traffic Dot1q This parameter is set by the VoIP device for all voice traffic to distinguish voice data from other traffic All other traffic is assigned the port s default priority 5 Click Save D Link DWC 1000 User Manual 158 Section 5 Advanced Network Configuration Protocol Based VLANs Path Network gt VLAN gt Advanced VLAN gt Protocol Based VLAN In a protocol based VLAN traffic is bridged through specified ports based on the protocol associated with the VLAN User defined packet filters determine whether a particular packet belongs to a particular VLAN Protocol based VLANs are most often used in situations where network segments contain hosts running multiple protocols You can use a protocol based VLAN to define filtering criteria for untagged packets By default if you do not configure any port based IEEE 802 1Q or protocol bas
301. ry time a new connection is established the bandwidth increases After a certain number of connections say bandwidth reached 7096 of 1Kbps the new outbound connections will be spilled over to secondary Option The maximum value of load tolerance is 8096 and the minimum is 2096 Load balancing is particularly useful when the connection speed of one Option port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMTP go over the lower speed link D Link DWC 1000 User Manual 142 Section 5 Advanced Network Configuration Round Robin 1 Click Network gt Internet gt Option Mode Heese iter Open Bini o eo Thon sage bees pem vp Lanc gar te cei gr Tha tec Ope en Fac iater Rb ccena Den Pg cce que oe Op ers Hee Rp Ced EQ Pos pee pras ray Ds oe tee Teer leei leer Hirel PEHI ro acd rms de bee pc be ceed eura Serm coef gered liebt 1a sumare pee HE fo ean cores meeblaiec durs rhes sies B Be be ed dp primes beiasmel Lasari rii Fus rfe am Y Tbe euis IE catered an Pe prmmb p p lies Vail dm acp nuum Optlon Mode Dpt n Hodge wor Colin a ate il leary i did Bob leg fru lad Bind in naj md toot fobs D Seller Esir De Levies Me tbo P tiene Orien OS barver EHL doers Pag Trae IF era 2 Complete the fields from the table below and click Save Field Description Option Mode Select
302. s Basti he reor hit bis Mui dusshenricatian ist Toon r SLY Hul esg eTid TURPE ISF rr al nebim Giu GS a ecd md pel a ete amp He dsla malu ims isie Tegi is a Dame 3 Next to List Type the current global setting is displayed MAC authentication is a feature that grants or denies a client access to the network if the client s MAC address in the white list or black list MAC Authentication is enable at the network level The network configuration also defines whether MAC addresses are looked up on the local database or on the RADIUS server D Link DWC 1000 User Manual 191 Section 6 Securing Your Network 4 Click on Add New MAC Authentication The MAC Authentication Configuration page will appear Fons ethno il ancl ht o WAT Sabinas 5 Complete the fields in the table below and click Save Field Description MAC Address Enter the MAC address for the known client Enter the name of the known client The name should allow you to differentiate this known client from others you may add D Link DWC 1000 User Manual 192 Section 6 Securing Your Network Editing Deleting Clients Path Security gt Authentication gt User Database gt MAC Authentication After you add clients you can edit or delete it if you need to change settings To edit or delete a client 1 Go to Security gt Authentication gt User Database gt MAC Authentication 2 Under MAC Authentication List right click the cl
303. s In all cases the Server Checking button is used to verify connectivity to the configured server s Configure RADIUS Server Path Security gt Authentication gt External Auth Server gt RADIUS Server Enterprise Mode for wireless security uses a RADIUS Server for WPA and or WPA2 security A RADIUS server must be configured and accessible by the controller to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication The Authentication IP Address is required to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the controller when needed Authentication Port The port for the RADIUS server connection Secret Enter the shared secret that allows this controller to log into the specified RADIUS server s This key must match the shared secret on the RADIUS Server The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached or to give up the RADIUS authentication attempt if communication with the server is not possible To configure RADIUS Server 1 Go to Security gt Authentication gt External Auth Server gt RADIUS Server tab D Link D Link DWC 1000 User Manual 216 Section 6 Securing Your Network 2 Complete the RADIUS server information from the table below and click Save Field Description Authentication Server IP add
304. s E d by an asterisk it was reported by a peer controller IP Address IP address of the access point Last type of failure that occurred Possible values are e Local Authentication No Database Entry Not Managed RADIUS Authentication RADIUS Challenged RADIUS Unreachable Invalid RADIUS Response Invalid Profile ID Profile Mismatch Hardware Type Age X Timesincefailure occurred O RF Scan Last Failure Type Path Status Wireless Information Access Point RF Scan The radio s on each access point can scan the radio frequency periodically to collect information about other access points and wireless clients that are within range In normal operating mode the access point always scans on the operational channel for the radio The RF Scan page shows information about other access points and wireless clients that the wireless controller has detected Right click on an AP or client to bring up options to view details Tr Awm Venim Biyi Hac dus m Lamrakiistn Teopeghh iP BI Gree Sane prr pre ndm etre iepa pee pi dn PEE BF su dmt tip eoe Wer die Pets m Hm ias EI a ira Erin meri SP ard miehen Bes Fond aim mile inp Po et memi rj mau iba i ey mar cm om sguadilama heme hir Fun rail pori ep BT comm duciadegp hou ergenennt as Hagen Tha spera n Ar Cras 221 EH i eit decks nm rand ro psi oe ater ti ELEAL Caii ie pra ey m Bob Vicar Emi mw een i I E Dx r nina LI T mi Leer Ear Ein i rro
305. s automatically ended if it is idle for a specified number of minutes Enter the number of minutes in the Maximum Idle Time field This feature is useful if your ISP charges you based on the amount of time that you are connected D Link DWC 1000 User Manual 135 Section 5 Advanced Network Configuration Description DNS Servers Choose one of the following options Get Dynamically from ISP Choose this option if your ISP did not assign a static DNS IP address Use These DNS Servers Choose this option if your ISP assigned a static DNS IP address for you to use Also complete the fields below Primary DNS Server Enter the primary DNS server Secondary DNS Server Enter the secondary DNS server MAC Address Choose Use Default Address unless your ISP requires MAC authentication and another MAC address has been previously registered with your ISP In that case choose one of the following options Clone your PC s MAC Address Choose this option to assign the MAC address of the computer that you are using to configure the controller Use this MAC Address Choose this option if your ISP assigned a MAC address for you to use Also complete the fields below Enter a MAC address in the following format XX XX XX XX XX XX where X is a number from 0 to 9 inclusive or MAC Address an alphabetical letter between A and F inclusive Port Settings The MTU Maximum Transmit Unit is the size of the largest packet that can be sent over
306. s changes to the footer content on the login page Footer Content If Change Footer Content is checked enter the text that appears in the footer Footer Font Color If Change Footer Content is checked select the color of the text that appears in the footer External Payment Gateway Enable External Enables or disables external payment gateway and online wireless service purchasing from Payment Gateway on the login page Enter the text that appears in the title of the online purchasing login box when the user logs Session Title 1 in to the captive portal session N ssag Enter the text appears in the online purchasing login box when the user logs in to the captive g portal session Enable Billing Profile Select the billing profile which will be shown on the login page The table only listed the g billing profiles which are set Unit Price Enable the billing profile by switch ON on STATUS Enter the service disclaimer text which is shown before user select and purchase wireless Service Disclaimer Text min Payment Server Select the payment received account and its payment agent D Link DWC 1000 User Manual 213 Section 6 Securing Your Network Customize the SLA of the Captive Portal Path Security gt Authentication gt Login Profiles gt SLA 1 Go to Security gt Authentication gt Login Profiles gt SLA tab 2 Click Add New SLA Profile BL Pent caniaii E rer Pep
307. s detailed information about the selected client Tra ram vie wo marigi p baiana piiga ete Sep oweralzs rRrctsp ai arg praciri wc Hr Les fhe cosine Dap mpanga LAN Aiescieted Climnia List ima s E Bot Ue smi paean A pe mas pli um a Dilaw SEE TU AA ME D leek PLA ihe th TC Fs ti T and LH ILI Field Description Client MAC Address Ethernet MAC address of the client station Client IP Address The IP address of the client station Name of the wireless network on which the client is connected MAC address for the managed access point virtual access point where this client is associated AP MAC Address Ethernet MAC address of the access point bas mais o Ouiuiol 0 lee le eo CUUOmEmO 3 Pana s t dre n beg md Web eere aru Mi aerei ees Sad met memes a ut mA ee B Ea eee ett PRAH Aids Fal ilaan ERE Mem do pem beet cu am uud im gut recu aerae LILOE LET LU ins Peo LI iari ed n mus xu rag D Link DWC 1000 User Manual 306 Section 8 Viewing Status and Statistics Field Description Disconnects the associated client Shows detailed information about the associated client and the AP it is connected to Distributed Tunneling Shows information about distributed tunneling status A Shows detailed statistic information about the associated client and its Client Statistics bandwidth usage Shows a history of the different APs the client has been connected to that are man
308. s in this chapter should only be performed by expert users who understand networking concepts and terminology D Link DWC 1000 User Manual 117 Section 5 Advanced Network Configuration IP Mode Path Network gt LAN gt IP Mode This page allows user to configure the IP protocol version to be used on the controller In order to support IPv6 on the LAN you must set the controller to be in IPv4 IPv6 mode This mode will allow IPv4 nodes to communicate with IPv6 devices through this controller 1 Go to Network gt IPv6 gt IP Mode amp xbeueu i 2 Fl 66d Tak page wn quar p Apg Su S guaruigi nies in ha peed ow Pee aur Po pady de wape HR ga jis d AR gaa et Dei tis parie be ee T a IP kade p pisi i 2 Next to IP Mode select either IPv4 only or IPv4 amp IPv6 3 Click Save D Link DWC 1000 User Manual 118 Section 5 Advanced Network Configuration LAN Configuration IPv4 LAN Settings Path Network gt LAN gt LAN Settings By default the controller function the Dynamic Configuration Protocol DHCP mode is set to None The DHCP mode can be set as DHCP server or DHCP relay When DHCP server mode is set as DHCP server the controller functions as SHCP server for assigning IP address leases to host on WLAN or LAN network With DHCP PCs and other LAN devices can be assigned IP addresses as well as addresses for DNS servers Windows Internet Name Service WINS servers and the default gateway Wit
309. s list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted Select the maximum size of an IP packet handled by the network The MTU is enforced only on tunneled VAPs When IP packets are tunneled between the APs and the wireless controller the packet size is increased by 20 bytes during transit This means that clients configured for 1500 byte IP MTU size may exceed the maximum MTU size of existing network infrastructure which is set up to switch and route 1518 1522 tagged byte frames If you increase the tunnel IP MTU size you must also increase the physical MTU of the ports on which the traffic flows Note if any of the following conditions are true you do not need to increase the tunnel IP MTU size e The wireless network does not use L3 tunneling The tunneling mode is used only for voice traffic which typically has small packets The tunneling mode is used only for TCP based protocols such as HTTP This is because the AP automatically reduces the maximum segment size for all TCP connections to fit within the tunnel Specify the priority of this controller for the Cluster Controller election The wireless controller with highest priority in a cluster becomes the Cluster Controller If the priority is the same for all wireless controllers then the wireless controller with lowest IP address becomes the Cluster Controller A priority of 0 means that the wireless controller cannot bec
310. sam DT IDASSERE DAT hEN EYF aed Umicl b0W aPu Comum Lhcenze pisia Linen mew rar Game b oes em che ais piira 4 Re ol raii n tk ee S dep ETAT k ith ine Lydia 3 Under Activation Setup enter the D Link supplied code for the license you want to activate in the Activation Code field 4 Click Activate The activation code will appear under List of Available Licenses 5 Reboot the wireless controller to have the license take effect refer to Rebooting the Wireless Controller on page 335 D Link DWC 1000 User Manual 323 Section 9 Maintenance Remote Management Path Maintenance gt Administration gt Remote Management Note This feature is only available with the DCS 1000 VPN license activation The Remote Access page allows you to enable remote management from outside your local network to configure your wireless controller Select HTTP and or HTTPS Note When remote management is enabled the controller is accessible to anyone who knows its IP address It is HIGHLY RECOMMENDED that you change the default administrator and guest passwords before continuing 1 Go to Maintenance gt Management gt Remote Management Marimar Berane lee Pagel Remote Management Pemare uizcagemuaenr aru aitis reas Vilagsrimart WIT Fs Pid Ha 134 iT Adii Chalat Sela Acera Pope pilon Pog bripoad te Peg pr Mia rri eran eo Feces this pags m axrr cg ccmdqugr Hm ra err naedqsmrnt rntans Tes
311. same prefix For example all devices with IP addresses that start with 100 100 100 belong to the same subnet TCP Transmission Control Protocol Protocol for transmitting data over the Internet with guaranteed reliability and in order delivery UDP User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery VPN Virtual private network Network that enables IP traffic to travel securely over a public TCP IP network by encrypting all traffic from one network to another Uses tunneling to encrypt all information at the IP level WINS Windows Internet Name Service Service for name resolution Allows clients on different IP subnets to dynamically resolve addresses register themselves and browse the network without sending broadcasts Wireless Controller D Link device that centralizes and simplifies network management of a wireless LAN by consolidating individually managed access points into a single unified solution D Link DWC 1000 User Manual 368
312. scription IP Address The IP Address of the SNMP trap agent SubnetMask The network mask used to determine the list of allowed SNMP managers The community string to which the agent belongs Access Type Access will be either read only ROcommunity or read write RWcommunity D Link DWC 1000 User Manual 328 Section 9 Maintenance Configure SNMP System Info 1 Go to Maintenance gt Management gt SNMP gt SNMP System Info tab 2 Enter the information as desired e SysContact The name of the contact person for this controller Examples admin John Doe e SysLocation The physical location of the controller Example Rack 2 4th Floor SysName A name given for easy identification of the controller 3 Click Save Configure Wireless SNMP Info If you use Simple Network Management Protocol SNMP to manage the controller you can configure the SNMP agent on the controller to send traps to the SNMP manager on your network from this page When an AP is managed by a controller it does not send out any traps The controller generates all SNMP traps based on its own events and the events it learns about through updates from the APs it manages All Wireless SNMP traps are disabled by default 1 Goto Maintenance Management SNMP SNMP Trap tab D Link DWC 1000 User Manual 329 Section 9 Maintenance BREREREREE 2 Enable the trap as desired refer to the table below 3 Click Save
313. se an IP address is assigned to the client automatically from the DMZ DHCP pool To create DHCP reservations 1 Click Network gt Internet gt DMZ LAN DHCP Reserved IPs ee i mman o DI P rmn n eoo Ti paga reu mae om ques puer ian auer UP desiree cars Par Far ORE Inr cs per aae on asdar Pa m meie Pur Lama F chairs adum DEUS d anata wm iba WAJ bied Fem GES disks p f eatin dn a prh sar hz pend in Fem miis hig BAN addin Dar DMNPECHervBREHSLIHE Bum ja maim PY ids nr ciam da pri mora tee a asm aaa cm iain 2 Click Add New DMZ DHCP Reserved IP 3 Enter the following information and click Save DAT DHCP Revered Hx Com iguratin o DIPSA er i BL VIDES a a E LEA accum IP Adam MAC dade Field Description IP Address Enter the IP address you want to assign to this device Note that this IP address must be in the same range as the starting ending IP address under DHCP Settings MAC Address Enter the MAC address of this device xx xx xx Xx xx xx format Click Save to save your reservation D Link DWC 1000 User Manual 148 Section 5 Advanced Network Configuration Dynamic DNS Path Network gt Internet gt Dynamic DNS Dynamic DNS DDNS is an Internet service that allows controllers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account with a DDNS provider such as DynDNS org D Link DDNS or Oray net Each configured
314. se for these lookups Known Client Database Radius If the known client database lookup method is RADIUS then this field specifies the Server Name RADIUS server name Specify the interval in seconds between transmissions of the SNMP trap telling the Rogue Detected Trap Interval administrator that rogue APs are present in the RF Scan database If you set the value to 0 the trap is never sent De Authentication Requests Specify the number of seconds an AP should spend counting the de authentication Threshold Interval messages sent by wireless clients De Authentication Requests If the controller receives more than specified messages during the threshold interval Threshold Value the test triggers Authentication Requests Specify the number of seconds an AP should spend counting the authentication Threshold Interval messages sent by wireless clients Authentication Requests Ifthe controller receives more than specified messages during the threshold interval Threshold Value the test triggers Probe Requests Threshold Specify the number of seconds an AP should spend counting the probe messages Interval sent by wireless clients Specify the number of probe requests a wireless client is allowed to send during the Prope Requests Thveshold Value threshold interval before the event is reported as a threat Authentication Failure Specify the number of 802 1X authentication failures a client is allowed to have Threshold Value before the event is reported
315. sends a trap every Rogue Detected Trap Interval seconds if any rogue AP continues to be present in the network D Link DWC 1000 User Manual 330 Section 9 Maintenance TSPEC Traps WIDS Status Traps Wireless Status Traps D Link DWC 1000 User Manual Description If you enable this field the SNMP agent sends a trap when the following TSPEC related events occur An authorized WMM client is repeatedly using more bandwidth than was allocated for its traffic stream e AWMM enabled client is sending prioritized traffic without authorization to use admission controlled resources If you enable this field the SNMP agent sends a trap for one of the following reasons This controller has become Cluster Controller e Rogue Client detected Rogue Client s continue to exist after every Rogue Detected Trap Interval seconds Maximum number of Managed APs in the peer group exceeded If you enable this field the SNMP agent sends a trap if the operational status of the controller it need not be Cluster Controller for this trap changes It sends a trap if the Channel Algorithm is complete or the Power Algorithm is complete It also sends a trap if any of the following databases or lists has reached the maximum number of entries Managed AP database AP Neighbor List Client Neighbor List AP Authentication Failure List RF Scan AP List Client Association Database Ad Hoc Clients List Detected Clients List 331 Sectio
316. so of note is that configuring a LDAP server on Windows or Linux servers is considerably less complex than setting up NT Domain or Active Directory servers for user authentication The details configured on the controller will be passed for authenticating the controller and its hosts The LDAP attributes domain name DN and in some cases the administrator account amp password are key fields in allowing the LDAP server to authenticate the controller To configure your LDAP Server 1 Go to Security gt Authentication gt External Auth Server gt LDAP Server tab a aan hecem o ERU dence Pasa aad 2 Complete the fields in the table on the next page and click Save D Link DWC 1000 User Manual 222 Section 6 Securing Your Network Field Description Authentication Server 1 3 IP address of the LDAP authentication server These are attributes related to LDAP users configured in LDAP server These may LDAP Attribute include attributes like SAM account name Associated domain name etc These can be used to distinguish between different users having same user name LDAP Base DN LDAP authentication requires the base domain name contact your administrator for the Base DN to use LDAP authentication for this domain Set the amount of time in seconds the controller should wait for a response from the Timeout LDAP server This determines the number of tries the controller will make to the LDAP server bef
317. sssssssscscsssceees 117 IIO Ba rotate ite a abe OUR Td Rn aed an ORO OA Dean NU CITAS No 118 EANET OLOTE Ead d es A iuter du eodeni e ef E PR SENDER Fide B ven nc rA IR D Tino 119 IPVA LAN ups M 119 IPVO LAN Settings paier e ee tute soe edi Led a Erud loe isst decal 121 IPWO Address PObOIS c adfonsasdenn im Rh haven SIUE atender Ea Rn Ruben a qns Ea e t ERR rens 123 IPv6 Router Advertiserfierit ae i I RR ERG QU NERRURS a E ERURR A OR ERAN E GER Od I pecu UE 125 IPv6 Advertisement Prefixes ccccsssssssssssssssssssssessncsssssscsssssscsussncsasssscssssascsussaccasssscesssascsuseaccasssscesseascsuceaceasessceseess 127 EABAOHCP Reserved IPS eov AS innt pip necne uie CO Ren RARE HA pete PERRA TERN 129 sedute si are oo eR UR HQ 130 KET Ss UII exes ose P Rc ATO PRAECIPUE ROT URDU 131 UP SC sce RC PREPARA 132 Configure Jumbo Erates oos t ea pa on dr n OR RR OA a OR Eua e mE 133 REIT NN te RERO T RN IS PR PIU RN NUR Nt Pom So RE aia 134 Option T SOURIS scene ceni t beu cen ones c eaa a unam aa paie est eter d ere estes A O Raa dioene 134 Option 2 DMZ Settings oie Reda rtc Neteco vec oue pa eaniplavestiee Quoc AE aae oda eeu eia 137 IPVO Option 1 2 Seb tds stes usi need eds vn dun ubeeid coo S eA er e ku nn tac p ph Pu looses 138 CENA MOGB cierta odii oim ates bans ios tau b Rp BR pu oe E RO en 140 Single QDUOR PON ase na a Ir REOS UR RU RU
318. sssssssscsssssessessaesasssscesssaeesnsesees 287 Controller Associated Clients cecessssssssessscssssssccscsssssesseccnsssscsscsssssucsuccassescssssusssnssuccaccasceucssssanssuseaseassescessess 288 Distributed T ritiel uitio Ed ci etia cie rtu peru nse dew tur D aia aden Deb Pe Fer DER PORE 289 Peer Controller Receive Stats testo iA ERR OU RRSR REN NRIERRSUMNUNI REGNO IR EN AR MN DUE 290 Peer Controller Sent Status s sese rr princi boe premis ebore eene civ esee etie cin iced ret ple iisi 292 Viewing Access Point Information ccessssssessesssessssscssscsessscsscssscsscssscsscsussscssscsscssscsscsuscascsscsscesecsscsuscaseasesseessess 293 ClO al Statuss seb eme REINO israel Oe Oe En RN ade INR ES 293 AAPS m nnr m aaRE 295 Managemen idipetkb a IGI rdi dde A d dr aue Pu it va Hum Once qu c OMe 296 D Link DWC 1000 User Manual 11 Pe rMaliaged asm es di UR CR wena nesta a i ax Rn at a aa n usn pnis 298 Authentication Falled siano e eb oS cade UD e oes pi Du a atl as 299 FRE cael Migs goss MCN M C cose cuu se vieainyovehgtn ea wsicse danse 300 De A uthentication Attacks daret iena ethacadsacuclelostasato anvechetacdatdsacsastucclectetbetactlastdtectsaacescbacees 301 Hardware Capability du odis as toma am a eR EU Es ud M ripeto 303 Associated Clients Global SESEUS oisi ticitettinb estu a i rabo eea cien pa aoo EE 305 Associated Rai cq 306 Ad Hot Glielhits oett dede ai b oerte pe uni
319. t Diagnostics gt Capture Packets presi teak Visis pry pe meh cimi geet mallei at d diempani tool Capture Peckett mimara Lag 2 Select an interface LAN or Option 1 from the drop down menu 3 Click Start Trace The results are shown in the Command Output page The trace can be downloaded by clicking the Download button which will immediately begin the download to the browsers default download location D Link DWC 1000 User Manual 346 Section 10 Troubleshooting Conducting a System Check Path Maintenance gt Management gt Diagnostics gt System Check As part of the diagnostics functions on the wireless controller you can ping an IP address You can use this function to test connectivity between the wireless controller and another device on the network connected to the wireless controller 1 Go to Maintenance gt Management gt Diagnostics gt System Check ee d omzcguncumud Maga c toe Khanh e Tels iam Miele Dien ruis pipii amd Pomel saim tiem Cheek 2 Click Display IPv4 Table or Display IPv6 Table The results will appear in the Command Output display below D Link DWC 1000 User Manual 347 Section 10 Troubleshooting Log Settings The wireless controller lets you capture log messages You can monitor the type of traffic that goes through the wireless controller and be notified of potential attacks or errors when they are detected by the controller T
320. t as a proxy for all DNS requests and communicate with the ISP s DNS servers as configured in the DNS Servers Option settings page Use DNS from ISP This option allows the ISP to define the DNS servers primary secondary for the LAN DHCP client Use below if selected the below configured Primary and Secondary DNS servers are used for DHCPv6 clients D Link DWC 1000 User Manual 122 Section 5 Advanced Network Configuration IPv6 Address Pools Path Network gt IPv6 gt LAN Settings gt IPv6 Address Pools This feature allows you to define the IPv6 delegation prefix for a range of IP addresses to be served by the gateway s DHCPv6 server Using a delegation prefix can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix 1 Go to Network gt IPv6 gt LAN Settings gt IPv6 Address Pools tab Seek WA LAN A der Tae oo Rig Page irm ma be sinsin sk dolde niki Bie Boe Li For Fo olga oie Pet dbs Pelt be Bem Wo a et ul iom caus m quio meum ha mum iia e mmn 2 Click Add New Address Pool pre aera te mmr 0000000000000 RITTER asa orla iae 3 Enter a starting IPv6 address end IPv6 address and the prefix length 4 Click Save D Link DWC 1000 User Manual 123 Section 5 Advanced Network Configuration 5 Go to Network gt IPv6 gt LAN Settings gt Prefixes for Prefix Delegation tab D Link
321. t eEER EUER rie HM isi tc EAR netus ed 324 Power Saving Settings etri subete tances echas ioiii eni iaa iii i n De eode pete CREE uel i ehd eia coh pri 325 iore beu mec C 326 Configure SNMP v3 USEF EISE iere tre vetitis ree pri pa cedri p een bue dere piros 326 Configure SNMP Trap LIS seite eden tiie RR DR evel AREA UR cH tabo 327 Configure SNMP Access Control EISt osi e oit eng RO aO prd RU IN pt dE adm oi 328 Configure SNMP System IDfO ueteres creasti tarte scans RU tee ten bv eie eese ESSERI UEbp Resto E p usn esposo DERE buE andes 329 Configure Wireless SNMP Info sca cator tiro ned RE RO XH eH IR ROR HE UR evt NO A FREU HERR 329 Backup Configuration Settings ooxecasutae i ORARE RR SON ERO Ye edet n tore Torte eins 332 Restoring Configuration SettinGS scsscsessssssessscseesssssessncsssssscseessscsessucsasssscsesussssssuccscsssesscsusssscsnceassssceecsuseascansencensess 333 Restoring Factory Default Settings scccscissssczssseasaisecnssstscruaccedescsenstion cases davctanienbaeabaniausbsdieanepasademncncsee 334 Rebooting the Wireless Coritroller o o atendido Fo RU ERU bi avioanGweeniummaimaan anwar 335 Upgrading EIFIwale uccisi pii ranis b nip ege Ov d Fe ERE en P pr Ro VE pu Speo ege RE PU ER 336 Wireless Controller Firmware Upgrade eese tentent tenentes tnn tonta testi stessa tosta tts st sts 336 Using the Command Line Interface e RORIS REGE ENGNARIQR URN MOX i bbs sea pto ve IS ed dre meine 338 Troubleshooting
322. t for connecting to a cable or DSL modem Option2 WAN or DMZ port for dual WAN connections or internal server farm purposes If used as a DMZ port the port s IP address must be different than the IP address of the wireless controller s LAN interface 5 Using the supplied power cord connect the wireless controller to a working AC outlet 6 ThePower LED will illuminate orange during boot up The LED will turn green oncethe wireless controller has booted D Link DWC 1000 User Manual 21 Section 3 Basic Configuration Basic Configuration After you install the wireless controller perform the basic configuration instructions described in this section which includes e Log in to the Web Management Interface on page 23 e Web Management Interface Layout on page 25 e Standard Web Management Interface Features on page 26 e Basic Configuration Procedures on page 27 Using the information in this chapter you can perform the basic information and get your wireless controller up and running in a short period of time D Link DWC 1000 User Manual 22 Section 3 Basic Configuration Log in to the Web Management Interface Configuration procedures using the wireless controller s web management interface are performed using one of the following supported web browsers e Microsoft Internet Explorer 9 0 or higher Mozilla Firefox 23 or higher e Apple Safari 5 1 7 or higher Windows e Apple Safari 6 1 3 or higher iOS e
323. t transmit beacons from the source MAC address of one of the managed APs but on different channel from which the AP is supposed to be operating AP without a SSID Fake Managed AP on an Invalid Channel During RF Scanthe AP examines beacon frames received from other APs and determines Managed SSID Detection with whether the detected AP is advertising an open network WEP or WPA Incorrect Security If the SSID reported in the RF Scan is one of the managed networks and its configured security not match the detected security then this test marks the AP as rogue This test checks whether a known managed AP is sending an unexpected SSID The Invalid SSID from a Managed SSID reported in the RF Scan is compared to the list of all configured SSIDs that are AP used by the profile assigned to the managed AP If the detected SSID doesn t match any configured SSID then the AP is marked as rogue The purpose of this test is to detect hackers or incorrectly configured devices that are AP is Operating on an Illegal operating on channels that are not legal in the country where the wireless system is set up Channel Note In order for the wireless system to detect this threat the wireless network must contain one or more radios that operate in sentry mode If the AP is classified as a known standalone AP then the controller checks whether the AP is operating with the expected configuration parameters You configure the expected parameters for the standa
324. t up an AP with managed SSID to fool users into associating with the AP and revealing password and other secure information Managed SSID from an Administrators with large networks who are using multiple clusters should either use Unknown AP f nu different network names in each cluster or disable this test Otherwise if an AP in the first cluster detects APs in the second cluster transmitting the same SSID as APs in the first cluster then these APs are reported as rogues A hacker may set up an AP with the same MAC address as one of the managed APs and Managed SSID from a Fake configure it to send one of the managed SSIDs This test checks for a vendor field in the Managed AP beacons which is always transmitted by managed APs If the vendor field is not present then the AP is identified as a fake AP SSID is an optional field in beacon frames To avoid detection a hacker may set up an AP with the managed network SSID but disable SSID transmission in the beacon frames The AP would still send probe responses to clients that send probe requests for the managed SSID fooling the clients into associating with the hacker s AP This test detects and flags APs that transmit beacons without the SSID field The test is automatically disabled if any of the radios in the profiles are configured not to send SSID field which is not recommended because it does not provide any real security and disables this test This test detects rogue APs tha
325. tatic ROUEN vc xsecesicseanedsveasenzsrsucctatevenay easovtsucisecheyshusaatesetaseca RUNI epe EUR Can REA 164 Editing Deleting Static Rotes oie re eni RR ONE LEHRER RN LEV HACER ORS EAR LUN NR VR ER anes 165 ERIS S cuui cba NU MR M tad tmu Sc EL o UEM Octo E 166 OSP P 167 OSPFV3AIPVO SERA QUASI Ug Un aiiqua mnndi ui nnd pq on ndn du OR oles 169 6to4 Tunneling IBV6 ups ta niteat pp Siu Ap un Uu n RH ER DER C Uer 171 SAAP Tunnels PIG coste ee RE eH URP EnUPEERR PR MEN GHR ER DO RUR C RC UA NUAGE RATEN ND 172 Protocel BIRGIAG E ER D PEE 173 QOS Configufatlofss cesi epa enarrant rh nire tuse rag eel uc pe bro es Pup lg REIR gd 174 COGS PHOFPIU ons sri trepidi tr ed enis nt ltd edi gau Re ton Ra RO AER En enu Papa UR RE SERRE eei 174 Enabling QoS Mode oso ne b nn eU E a Oats CO dr OR d aie 175 Defining DSCP and COS on each POrt sccsscssssessessscsssssscsessssssecsscssssssccscssscsussaccasssscssssascsuceaccasssscsaseacsncencenss 177 COMET UIC 802 1D Priori cce oeiecehe equat vens ha Duet cR nup dient des pup ru de piam esed 178 Configuring DSCP Priority acisini iiser ceca cocco Reb oc dence atebiad sii shens 179 COS xoa MEC C 180 Configure Policy Based QOS Sinisisi e e leac adi lee ea m EAE ne trt dinge 180 configure Flow based COhITOL ui rp e na RI RR HI OR RUP adi Og a DO ed Ta Rd uu 182 Configure Auto VOIP Q5 utut eei ee nef e Vai qe pbi Ep Fu p eren pr dedere 183 Configure Que e Scheduler sedia CREER aas e ana NORT
326. ter the primary and secondary DNS Server addresses or DHCP Relay 5 Click Save D Link DWC 1000 User Manual 137 Section 5 Advanced Network Configuration IPv6 Option 1 2 Settings Path Network gt IPv6 gt Option 1 Settings or Option 2 Settings For Pv6 Option WAN connections this controller can havea static IPv6 address or receive connection information when configured as a DHCPv6 client In the case where the ISP assigns you a fixed address to access the internet the static configuration settings must be completed In addition to the IPv6 address assigned to your controller the IPv6 prefix length defined by the ISP is needed The default IPv6 Gateway address is the server at the ISP that this controller will connect to for accessing the internet The primary and secondary DNS servers on the ISP s IPv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP When the ISP allows you to obtain the Option WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connect to the ISP s DHCPv6 server for a leased address For stateless DHCP there need not be a DHCPv6 server available at the ISP rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration A third
327. teway controller D Link DWC 1000 User Manual 367 Appendix C Glossary NetBIOS Microsoft Windows protocol for file sharing printer sharing messaging authentication and name resolution NTP Network Time Protocol Protocol for synchronizing a controller to a single clock on the network known as the clock master PAP Password Authentication Protocol Protocol for authenticating users to a remote access server or ISP PPPoE Point to Point Protocol over Ethernet Protocol for connecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses PPTP Point to Point Tunneling Protocol Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet RADIUS Remote Authentication Dial In User Service Protocol for remote user authentication and accounting Provides centralized management of usernames and passwords RSA Rivest Shamir Adleman Public key encryption algorithm SSID Service Set Identifier A case sensitive 32 alphanumeric character unique identifier used for naming wireless networks The SSID differentiates one wireless network from another All access points and devices trying to connect to a specific wireless network must use the same SSID to enable effective roaming Subnet A portion of a network that shares a common address component On TCP IP networks subnets are defined as all devices whose IP addresses have the
328. that are needed to connect to the wireless network Use AP Provisioning to connect devices to a network enabled for mutual authentication Wireless gt Peer Group gt Peer Configuration If a network is not enabled for mutual authentication then APs can be attached to the network by properly configuring the local Valid AP database or RADIUS AP database and discovery options The provisioning feature can optionally be used on networks not enabled for mutual authentication to simplify AP attachment to the cluster Use the AP Provisioning page to view detailed provisioning information about an AP and use Edit by right click to specify the IP address of the primary or backup switch that provides provisioning information for the AP 1 Click Wireless gt Access Point gt Managed AP List gt AP Provisioning tab Brei rpm mam lege GPa jee LF Feminine a e 4 Tiga nrHA Hg j T ET E CETT US BILE ED TT med 2 Right click a managed AP from the status list and select Edit Af Pe paced ibe gait ELEM ie ix E Mt idis rii fos fist io TA dan ddtie ri UELLE I Deme been biit a de ba XILILIE airal Vac Som H2 Aidma imertuai i prier iu phun Mode Li ziamiadd d mpiurizin vag kede Af Fegsaamirg Halss n zlii D Link DWC 1000 User Manual 86 Section 4 Advanced WLAN Configuration 3 Enter the new primary address new backup address and AP Profile 4 Click Save Field Description A The con
329. the particular server to connect to using this field Authentication Type Select the type of Authentication to use Auto Negotiate PAP CHAP MS CHAP or MS CHAPv2 Select one of the following options Always On The connection is always on Reconnect Mode On Demand The connection is automatically ended if it is idle for a specified number of minutes Enter the number of minutes in the Maximum Idle Time field This feature is useful if your ISP charges you based on the amount of time that you are connected PPTP Russian PPTP UserName EmeyurPIPwermme OOOO O Split Tunnel nabling split tunnel will prevent you from adding a Gateway IP address and instead you need to add specific P routes to route LAN traffic Select one of the following options Always On The connection is always on Reconnect Mode On Demand The connection is automatically ended if it is idle for a specified number of minutes Enter the number of minutes in the Maximum Idle Time field This feature is useful if your ISP charges you based on the amount of time that you are connected L2TP Russian L2TP Username tweouPIPuerme O OOOO O Set Emerthesecetphrasetologintothesenee SSCS Split Tunnel Enabling split tunnel will prevent you from adding a Gateway IP address and instead you need to add specific P routes to route LAN traffic Select one of the following options Always On The connection is always on Reconnect Mode On Demand The connection i
330. tor user credentials For more information refer to the Wireless Controller CLI Reference Guide DWC 1000 D Link DWC 1000 User Manual 338 Section 10 Troubleshooting Troubleshooting In the unlikely event you encounter a problem using the wireless controller refer to the troubleshooting suggestions in this chapter to identify and resolve the problem The topics covered in this chapter are e LED Troubleshooting on page 340 Web Management Interface on page 340 e Using the Reset Button to Restore Default Settings on page 341 e Problems with Date and Time on page 341 e Discovery Problems with Access Points on page 341 e Connection Problems on page 342 e Network Performance and Rogue Access Point Detection on page 342 e Using Diagnostic Tools on the Wireless Controller on page 343 D Link DWC 1000 User Manual 339 Section 10 Troubleshooting LED Troubleshooting After you apply power and turn on the wireless controller the following sequence of events should occur 1 When power is first applied verify that the front panel green Power LED to the left of the USB ports is ON 2 After approximately 2 minutes verify that the right LAN port LED is ON for any local ports that are connected This indicates that a link has been established to the connected device 3 If a RJ 45 port is connected to a 1000Mbps device verify that the port s left LED is orange If a port is connected to a 100Mbps device
331. troller Optionally to allow the Ethernet port on a satellite AP to provide wired access to the LAN you must set the WDS Managed Ethernet Port to Enabled It is disabled by default D Link DWC 1000 User Manual 105 Section 4 Advanced WLAN Configuration To configure a WDS managed group and its links use the following general steps 1 Configure the satellite APs by connecting to the AP management interface while the AP is in stand alone mode Set the WDS Managed Mode to Satellite AP and configure the WDS Group Password 2 From the controller CLI or web based interface create a WDS group 3 Configure the WDS group password The password you configure on the controller should be the same as the password you configure on each satellite AP 4 Add the MAC address of each AP to the WDS group 5 Configure the WDS links by specifying the MAC address and radio of the AP on each end of the link Keep the following considerations in mind when you configure and manage a WDS group e Make sure the radios that participate in the WDS link use the same channel Use one of the following methods to control the channel When you configure the satellite AP in stand alone mode use the Radio page to set a static channel When you configure the AP in the Valid AP database specify the channel that the radio must use By default the channel is set to Auto On the Radio page for the AP profile select only one channel in the list of Auto E
332. try and select either Edit or Delete To add a new schedule click Add New Custom Service sare manii ad pim e Port Type Select Port Range or Multiple Ports If you selected Port Range enter the first TCP UDP or BOTH port of a range that the service uses HEN Oe D Link DWC 1000 User Manual 235 Section 8 Security ALGs Path Security gt Firewall gt ALGs Application Level Gateways ALGs are security components that enhance the firewall and NAT support of this controller to seamlessly support application layer protocols In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without which the admin would have to open large number of ports to accomplish the same support Because the ALG understands the protocol used by the specific application that it supports it is a very secure and efficient way of introducing support for client applications through the controller s firewall 1 Click Security gt Firewall gt ALGs tab ap dilema ee Hips 1p n SER sums ru a UE sU 14 mad aa Mala tet ums ii FIR PP MILE STU Rau De HLL pe Ses d Partus i art ded B dn ad cca FAC DEEP RF ee GOV es Ps eee 2 Toggle the protocol s to ON that you want to allow through the controller D Link DWC 1000 User Manual 236 Section 8 Security SMTP ALGs Path Security
333. try was first added to the detected client database Client Status D LinkDWC 1000UserManud gag DWC 1000 User Manual 311 Section 8 Viewing Status and Statistics Right click commands on the WLAN Detected Clients List are listed below Field Description Details si Show detail information about the selected client Pre Auth Histor The Detected Client Pre Authentication History page shows information y about the pre authentication requests that the detected client has made Roam History Details A record of clients as they roam from one managed AP to another managed y AP A history of up to 10 APs is kept for each client Purge Roam History Clears current roam history data from Roam History section Trianaulation Detail The Detected Client Triangulation page lists up to three non sentry and three g sentry managed APs that have detected the client The Wireless Intrusion Detection System WIDS can help detect intrusion attempts into the wireless network and take automatic actions to protect the network The Unified Wireless controller allows you to activate or deactivate various threat detection tests and set threat detection thresholds The WIDS Client Rogue Classification page provides information about the results of these tests If a client has been classified as a rogue this page provides information about which tests the client might have failed to trigger the classification Purge Pre auth History Clears pre auth data from Pre
334. tually isolated network Unless you enabled inter VLAN routing for the VLAN the VLAN subnet determines the network address on the LAN that can communicate with the devices that correspond to the VLAN To view and edit the available multi VLAN subnets 1 Go to Network gt VLAN gt VLAN Settings Bamm Vie c Lim deccm e o Tua rratke Spe eed araga pn om eC MG On mre LE UIT eT Td prisni Wi Ad Leu CEN thc inopem OM Rel emt cp me ELS i TU id E Pr rend fees LX ee a 2 2 To edit a multi subnet VLAN right click the VLAN and click Edit VLAN Configuration eo lm VLAN IE i Hime Default Ac Uhaie interVLAN Raating TN Cop tiva Portal Tapa Fai Abuit VLAM Sotaer IP Addresi 1 bin eee ubnet Mark ower DHCP mode Hone CME arrer Cate ete Dim ain Mam Default Gateway Pebeary DIT tartar facandarg DAS Server Looe Time LAM Pray Esable DHS Prey mw D Link DWC 1000 User Manual 153 Section 5 Advanced Network Configuration 2 Edit the settings as desired refer to the table below and click Save Field Description MultiVLAN Subnet IP Address Edit the IP address for the Multi VLAN subnet Subnet Mask Edit the subnet mask for the Multi VLAN subnet DHCP Select a DHCP mode for the VLAN Choices are e None Select this setting if the computers on the LAN are configured with static IP addresses or are configured to use another DHCP server The remaining fields
335. ty level e noAuthnoPriv only requires a username match for authentication e authNoPriv Provides authentication based on the MD5 or SHA algorithms e authPriv Provides authentication based on the MD5 or SHA algorithms as well as encryption privacy with the DES 256 bit standard 3 Click Save Configure SNMP Trap List 1 Go to Maintenance gt Management gt SNMP gt SNMP Trap List tab 2 Click Add SNMP Trap 3 Complete the information on fields refer to the table below 4 Click Save pet te Cong we a Description The IP Address of the SNMP trap agent The SNMP trap port of the IP address to which the trap messages will be sent The community string to which the agent belongs Most agents are configured to listen for traps in the Public community The SNMP version used by the trap agent The choices are v1 v2c or v3 D Link DWC 1000 User Manual 327 Section 9 Maintenance Configure SNMP Access Control List 1 Go to Maintenance gt Management gt SNMP gt Access Control List tab lem jules mda Tha mabig Bim a ade H E ajnu ons bia pa rials md B cs irt BDSP RI SR LU oe Lib qeu Arzt Dose Lact ja TE mbin age h eT e pH uz Fir dein SAI et E aa 2 Click Add Access Control creat rie 9 E ibti E SIE P Cititi macaa Tena sec pean nn ELLA 3 Complete the information on fields refer to the table below 4 Click Save Field De
336. ubnet or non overlapping range as the corporate LAN The controller allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the switch Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the SSL client access to specific private networks thereby allowing access control over specific LAN services To configure client mode 1 Click VPN SSLVPN SSL VPN Client Ve MLH PR WR Rea SAL WPH Cheni Fal Tammi Janmi E iat eda DL Saree iat Ani Lege Reger 3 Hg gr Cesk Adir Dege lnc LE Tier imet an TA YEH nue ey DEECO PL B paei OHH C ee eee Up beeen id mbrkse and DID dais Wher a IJL YEH cient iE Letcher fim the sur peed s etl lapisi ahb am P kiran DhUL cet WT serios du eda Th alg created siis ale ed uppl ratiumi ja Rab Ya trend m Fb Pelee maPudhih eel d y pial Cub lore mega een ka a peel iL VETH ipar misihima Enter a DNS suffix to assign to this client optional Enter a primary and secondary DNS server addresses optional Enterthe range of IP addresses clients will be assigned DHCP Next to LCP Timeout set the value for LCP echo interval in seconds Click Save nu BWW DN D Link DWC 1000 User Manual Toggle Full Tunnel Support to ON to support full tunnel or OFF to enable split tunnel 267 Section 7 VPN Client Routes Path VPN SSL
337. ue must be the same for all controllers attached to a common network The default value is 40 seconds OSPF requires these intervals to be exactly the same between two neighbors If any of these intervals are different these controllers will not become neighbors on a particular segment Enter the cost of sending a packet on an OSPFv3 interface Click Save to save your settings D Link DWC 1000 User Manual 170 Section 5 Advanced Network Configuration 6 to 4 Tunneling IPv6 Path Network gt IPv6 6 to 4 Tunneling 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6 a system that allows IPv6 packets to be transmitted over an IPv4 network When enabled traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network To enable 6 to 4 Tunneling 1 Click Network IPv6 6 to 4 Tunneling X funem s Nub oc Bid Tana o 6 LIMES IBI LIS II iul ee W Thnk ep Elina vacas gent cu da ark Dai pia baik Po sod Fri nuha ha qo ied Tantus ee EX 2 Toggle Activate Auto Tunneling to On and click Save D Link DWC 1000 User Manual 171 Section 5 Advanced Network Configuration ISATAP Tunnels IPv6 Path Network gt IPv6 gt ISATAP Tunnels ISATAP Intra Site Automatic Tunnel Addressing Protocol is an IPv6 transition mechanism meant to transmit IPv6 packets between dual stack nodes on top of an IPv4 network ISATAP specifies an IPv6 IPv4 compatibility a
338. uration settings for users who want to take advantage of the more advanced features of the wireless controller The following sections list the wireless controller s advanced settings Users who do not understand these features should not attempt to reconfigure their wireless controller unless advised to do so by the technical support staff D Link DWC 1000 User Manual 62 Section 4 Advanced WLAN Configuration Advanced WLAN Configuration While the basic configuration described in the previous chapter is satisfactory for most users large wireless networks or a complex setup may require the wireless controller s advanced configuration settings to be configured This chapter covers the following commonly used advanced wireless configuration settings WLAN General Settings on page 64 e Channel Plan and Power Settings on page 67 e WIDS on page 70 e Distributed Tunnel on page 75 e WLAN Visualization on page 76 AP Discovery Methods on page 78 e Managed APs on page 81 AP Profiles on page 88 e SSID Profiles on page 101 e Wireless Distribution System WDS on page 105 Peer Group on page 111 AP Firmware Download on page 113 Note The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology D Link DWC 1000 User Manual 63 Section 4 Advanced WLAN Configuration WLAN General Settings The WLAN General Configuration page contains the globa
339. value to 0 the trap is never sent Wired Network Detection Specify the number of seconds that the AP waits before starting a new wired network Interval detection cycle If you set the value to 0 wired network detection is disabled Enable or disable the AP de authentication attack The wireless controller can protect against rogue APs by sending de authentication messages to the rogue AP The de AP De Authentication Attack authentication attack feature must be globally enabled in order for the wireless system to do this function Make sure that no legitimate APs are classified as rogues before enabling the attack feature This feature is disabled by default D Link DWC 1000 User Manual 72 Section 6 Securing Your Network Configure Client WIDS Settings Path Wireless gt General gt WIDS gt AP WIDS Client Security The Wireless Intrusion Detection System WIDS can help detect intrusion attempts into the wireless network and take automatic actions to protect the network The settings you configure on the WIDS Client Configuration page help determine whether a detected client is classified as a rogue Clients classified as rogues are considered to be a threat to network security Note The classification settings on the WIDS Client Configuration page are part of the global configuration on the controller and must be manually pushed to other controllers in order to synchronize that configuration As part of the general associatio
340. ver the tunnel endpoint PPTP clients have access to the network managed by the controller The range of IP addresses allocated to PPTP clients can coincide with the LAN subnet As well the PPTP server will default to local PPTP user authentication but can be configured to employ an external authentication server should one be configured To create a PPTP VPN server 1 Click VPN gt PPTP VPN gt Server 2 Complete the fields in the table below and click Save HF F Ges Bre us Wa Verdi Field Description D Link DWC 1000 User Manual 255 Section 7 VPN Client Path VPN PPTP VPN Client PPTP VPN Client can be configured on this switch Using this client you can access remote network which is local to PPTP server Once client is enabled the user can access Status Active VPNs page and establish PPTP VPN tunnel clicking Connect To configure the switch as a PPTP VPN client 1 Click VPN gt PPTP VPN gt Client tab 2 Toggle Client to ON and complete the fields in the table below BPI riim liae cam pa icm wer rd pu mern hsg ne irri mz spa uic gus s aba m Rp uu Siera ja or PUP Lan Field Description Username HeormPuemme D Link DWC 1000 User Manual 256 Section 7 VPN PPTP Active Users List A list of PPTP connections will be displayed on this page Right click the connection to connect and disconnect Wa o FW Liia iim Eriki FE baasi scum ws as mr Bebe
341. verify that the port s left LED is green If a port is connected to a 10Mbps device verify that the port s right LED is OFF 4 If a SFP port is connected a 1000Mbps device verify that the port s LED is orange If a portis connected to a 100Mbps device verify that the port s LED is green If any of these conditions do not occur see the appropriate section below Power LED is OFF If the Power and other LEDs are off when your wireless controller is turned on confirm that the power cord is connected properly to the wireless controller and that the power cord is connected to a functioning power outlet that is not controlled by a wall switch If the error persists please contact D Link technical support LAN Port LEDs Not ON If the LAN LEDs do not go ON when the Ethernet connection is made 1 Check that the Ethernet cable connections are secure at the wireless controller and at the switch 2 Be sure power is applied to the connected switch and that the switch is turned on 3 Be sure you are using the correct cables straight through or crossover Web Management Interface If you cannot access the wireless controller s web management interface from a PC on your local network Check the Ethernet connection between the PC and the wireless controller e Be sure your PC s IP address is on the same subnet as the wireless controller If you are using the recommended addressing scheme be sure your PC is configured to use a static IPv4 a
342. verview Product Overview Introduction D Link Wireless Controller DWC DWC 1000 is a full featured wireless LAN controller designing for small network environment The centralized control function contains various access point management functions such as fast roaming inter subnet roaming automatic channel and power adjustment self healing etc The advanced wireless security function including rouge AP detection captive portal wireless intrusion detection system WIDS offers a strong wireless network protection avoiding attacks from hackers After license upgrade optimal network security is provided via features such as virtual private network VPN tunnels IP Security IPSec Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Secure Sockets Layer SSL Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels There are three types of licenses available to activate increased functionality for the DWC These licenses are not activated by default 1 VPN license upgrade enables the following features ISP Connection types PPPoE PPTP L2TP NAT Transparent mode Option2 DMZ port IP Aliasing Dynamic Routing RIP VPN PPTP client server L2TP client server SSLVPN OpenVPN Intel AMT Dynamic DNS Website Filter Application Rules Firewall Rules UPNP IGMP proxy and ALG SMTP ALG 2 AP6 license upgrades the number of APs controller can manage You can up
343. vice such as HTTP HTTPS DNS SNMP and others oe Displays a chart of traffic overview by bandwidth and packet information for WEAN Statistics WLAN traffic captured by all of the managed APs currently associated Percent of the CPU utilization currently consumed by the device The CPU CPU Utilization utilization is broken down into specifics such as all user space processes such as management operations kernel space processes and CPU idle time or IO Memory Utilization Displays a breakdown of memory usage by the amount used free cached and currently in the system buffer Traffic Information Displays a grid of traffic statistics for each interface D Link DWC 1000 User Manual 276 Section 8 Viewing Status and Statistics Manage Dashboard To manage the dashboard 1 Click on the Manage Dashboard button Tie iare Temm Be eed A Oe Panli Beedle age ei een rte ee ey St j ed a Usa lala b xac prep ate podad Bee pad poniai bt pie Berg Dur peer k Daley ber maii ede uim 2 The following window will pop out and allow you to enable or disable the overview panels shown on the dashboard Toggle the panel to On or Off and click Save Sere esd o ratte er rna ET Dacer ei dL E Daise Porte EX landi Lege ER LAM Sistintics E spa ET DPY iridis tien ERA um Beni LER a EL Aches fate ET D Link DWC 1000 User Manual 277 Section 8 Viewing Status and Statistics Detail Information CPE Cra You can revie
344. w detail information or statistic by clicking the Detail button on each widget LAN rir ij pag Fa Ts oe RE EH b XXX F LIE Pw B LE SP B RF s dg ni ECE TIRE Sate Eare RE pL Roo RE THH Pe BE The Traffic Information table shows detailed transmit and receive statistics for each physical port This includes Port specific packet level information for each interface LAN and VLANs e Transmitted and received packets Cumulating bytes sec for transmit receive directions for each interface If you suspect issues with any of the wired ports use this table to identify uptime or transmit level issues with the port The statistics table has an auto refresh control for displaying the most current port level data at each page refresh The default auto refresh for this page is 10 seconds D Link DWC 1000 User Manual 278 Section 8 Viewing Status and Statistics Viewing System Status Path Status gt System Information gt Device The Device Info page summarizes the wireless controller configuration settings configured in the Setup and Advanced menus This page is organized into the following sections General Shows system name firmware version WLAN module version and serial number Port Information Shows information based on the administrator configuration parameters Note that LANI will display the local interface of the controller If you set any of the LAN ports to Standalone information will be displaye
345. warding mode The AP the client initially associates with is called the Home AP The AP the client roams to is called the Association AP Waka o romi mieia ee ee ee ee lahai o a fenjiedes Tiata f Ceeteeiie ism lated Esr fee LL SLUT hele Theis pape thoma formation sheet s Her yids ted ieee crabe Durtributed Tueeding 5125 EIE Tae FRrbkti Tremmitisd Tare Ime Deen 1 Jarm Lipra lanm Libert Demiin Field Description Distributed Tunnel Packets Total number of packets sent by all APs via distributed tunnels Transmitted Distributed Tunnel Roamed Clients Total number of client that successfully roamed away from Home AP using distributed tunneling Total numberofclients thatare associated with an AP that are using distributed Tunnel Clients tunneling c Total number of clients for which the system was unable to setup a distributed Tunnel Client Denials tunnel when client roamed D Link DWC 1000 User Manual 289 Section 8 Viewing Status and Statistics Peer Controller Receive Status Path Status gt Wireless Information gt Controller Status gt Peer Controller Receive Status The Peer Controller Configuration feature lets you send a wireless configuration from one wireless controller to all other controllers In addition to keeping the controllers synchronized this function lets you manage all wireless controllers in the cluster from one controller The Configuration Receive Status page provides info
346. which Option port is the primary ie pases Option Select which port to use if the primary port fails Option DNS Servers DNS Lookup of the DNS Servers of the primary link is used to detect primary Option connectivity DNS Servers DNS Lookup of the custom DNS Servers can be specified to check the connectivity of the primary link DNS Lookup Method Ping these IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link Retry Interval is The number tells the controller how often it should run the above configured failure detection method Failover after This sets the number of retries after which failover is initiated Option 1 Option 2 Enter the DNS server or IP address to ping Retry Interval Enter the time in seconds to initiate the WAN health check Default is every 30 seconds Failover After Enter the number of failures before the controller will enable the failover process D Link DWC 1000 User Manual 141 Section 5 Advanced Network Configuration Load Balancing Path Network gt Internet gt Option Mode This feature allows you to use multiple Option links and presumably multiple ISP s simultaneously After configuring more than one Option port the load balancing option is available to carry traffic over more than one link Protocol bindings are used to segregate and assign services over one Option port in order to manage internet flow The configured failure d
347. without forwarding any data traffic to the Unified Wireless controller Use the menu to enable or disable the mode L2 tunneling is recommended when the Unified Wireless controller does not support hardware forwarding acceleration or hardware based L2 tunnels Note 1 When there is only one controller managing all APs and that controller goes down all APs shut L2 Distributed down their radios and the tunnel is terminated After the controller recovers and the AP becomes Tunneling Mode managed again the client that was previously tunneling traffic will re associate and obtain an IP address on the network where its currently located This IP address will be different from the IP address it was using when it was tunneling and the traffic will not be tunneled 2 If the network has peer controllers and the tunnel is established between the APs managed by the peer controller then when a controller managing the home AP fails the controller managing the association AP detects the failure and terminates the tunnel At this point the client is disassociated When the client re associates it obtains a new IP address 3 If the controller managing the association AP fails then the scenario is the same as in item 1 above The AP takes down all radios and the clients disassociate D Link DWC 1000 User Manual 103 Section 4 Advanced WLAN Configuration Field Description RADIUS Authentication Indicates whether the RADIUS authentication server is conf
348. wn to the public This is called exposing your host How you make your address known depends on how the Option ports are configured for this controller you may use the IP address if a static address is assigned to the Option port or if your Option address is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to Option rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The default outbound rule is to allow access from the secure zone LAN to either the public DMZ or insecure Option On other hand the default outbound rule is to deny access from DMZ to insecure Option When the default outbound policy is allow always you can to block hosts on the LAN from accessing internet services by creating an outbound firewall rule for each service To create a new firewall rule 1 Click Security gt Firewall gt Firewall Rules ee eee 2 Right click an entry and select either Edit or Delete To add a new group click Add New IPv4 Firewall Rule D Link DWC 1000 User Manual 230 Section 8 Security Poe peel PE oO 3 Complete the fields from the table below and click Save Field Description Select the source of originating traffic either secure LAN public DMZ or insecure WAN For an inbound rule WAN should be selected mE Select the destination of traffic covered by this rule If the From Zone is the WAN the
349. ws per VAP information about the number of packets transmitted and VAP Statistics received and the number of wireless client failures for a specific access point D Link DWC 1000 User Manual 297 Section 8 Viewing Status and Statistics Peer Managed Path Status gt Wireless Information gt Access Point gt Peer Managed The Peer Controller Managed APs List page provides information about the access points that each peer controller in the cluster manages Each peer controller is identified by its IP address Dam Wirm biomes kore Posi Pop haragri eco OU FIETPII ja EI tor aa ihre Cicatiog fated AF then Ree theti howl lae ataa Aatas Capa Al hy The Fee Cu pirpUgs Sanaged OF Plates paper d splais ln aimatign wegen The AFL Lhal gaib pers Laciraliec da fie ihinga Ganges ie Che neca alere the Libor Cy eel Lee poet Conte siih er AF bip matos i Bicla Dach peer Castralir Ji ldznpfied ba E OF acre Pad Controle Managed AP Ligt i irini ee rigbt cok agrionz Es By data meisi r backs Vursarg B te O gi d etree vm Field Description MAC Address MAC address of each access point managed by the peer controller AP IP Address IP address of the access point IP address of the peer controller that manages the access point This field Peer IP Address appears when All is selected from the drop down menu Descriptive location configured for the managed access point Profe Access point p
350. y to authenticate wireless users D Link DWC 1000 User Manual 39 Section 3 Basic Configuration Step 7 Configure Captive Portal Settings Configuring the wireless controller s captive portal settings with local database is a 4 step process 1 Create a captive portal group a Go to Security gt Authentication gt User Database gt Groups The Groups List page will appear i did rs De lf ed Ged DB PE FR Tee uds Lis idi ie ai ee poani te E T mem Wig eb pn rooms e pri omm gps dies Lote Cael Sm b Click Add New Group The Group Configuration page will appear Uri ipi Lor io ed i e e amc EN da TID reU _ a ia c Complete the fields in the table below and click Save Field Description Enter a name for the group Enter a description of the group Captive Portal User Enable toggle to ON this option under User Type D Link DWC 1000 User Manual 40 Section 3 Basic Configuration 2 Add captive portal users a Go to Security gt Authentication gt User Database gt Users The Users List will appear Tie gage crs p a a asian papa Dm he paien ga qum dei nid ppi iux aay gii Te papa jam sisa cd be chy goalie amg am pan Varri Lh E j e e ee mney e gc maa ee a oe ty a ar ge iy pre am Tina dams lembi TE cag Ota a ms b Click Add New User The User Configuration page will appear e bo Ue ews ee eer Mamm Fi i5 Hann imo
351. your system documentation Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock Only a trained service technician should service components inside these compartments If any of the following conditions occur unplug the product from the electrical outlet and replace the part or contact your trained service provider e The power cable extension cable or plug is damaged e An object has fallen into the product e The product has been exposed to water The product has been dropped or damaged e The product does not operate correctly when you follow the operating instructions Keep your system away from radiators and heat sources Also do not block cooling vents Do not spill food or liquids on your system components and never operate the product in a wet environment If the system gets wet see the appropriate section in your troubleshooting guide or contact your trained service provider Do not push any objects into the openings of your system Doing so can cause fire or electric shock by shorting out interior components Use the product only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the product only from the type of external power source indicated on the electrical ratings label If you are not sure of the type of power source required consult your service provider or local power company
Download Pdf Manuals
Related Search