D-Link DSA-5100 User's Manual
Contents
1. 4 Port AirSpot Gateway AirSpot Gateway Air Spot DSA 5100 With 2 WAN Ports for Double Internet Bandwidth The DSA 5100 AirSpot Gateway is a cost effective device for business and public organizations such as schools hospitals and conventions to create a wired or wireless hot spot This Public Private Hot Spot Gateway is an Ethernet based gateway designed to provide free or fee based broadband connection to the public users while at the same time providing a separate and secure private network that shares the same Internet connection If your business relies on public patronage you have a way to give customers access to the Internet or to networked printers and other resources If you re a private company that wants to offer wireless Internet access for your employees you can do so with the confidence that you re still maintaining a secure private network that a wireless user will never see Connect a D Link wireless access point to the DSA 5100 and you ve got a wireless hot spot Connect a D Link switch and your back office computers and printers can share the same broadband connection Double Internet Bandwidth The DSA 5100 provides 2 WAN ports to double the Internet connection bandwidth The WAN ports supports 802 3ad Link Aggregation industry standard and can be bonded together into a load sharing port trunk to eliminate bottlenecks in heavy Internet access environments The DSA 5100 provides bandwidth management tools for2. Taiwan TEL D Link Corp TEL 27 1266 52165 7 095 744 0099 886 2 2910 2626 886 2 2916 1600 FAX 27 1266 52186 FAX 7 095 744 0099 350 FAX 886 2 2910 1515 FAX 886 2 2914 6299 DSA 5100 Technical Specifications AirSpot Gateway Internet 4 s Cable DSL Modem _ Cable DSL Modem S Router pem Hotspot i Public _ Private DRS 200 Netwo Network RADIUS DSA 5100 a f Switch POP3S RADIUS Optional f Access F W Profiles Point anes ZY Server VLAN1 Hotspot oom ae POPS Authentication Server F W Profiles QoS Profiles Login Schedules To cost effectively double your Internet bandwidth you can 1 connect both WAN ports of your AirSpot Gateway to two separate lower rate lower charge broadband lines then 2 allocate your users servers traffic to different WAN ports to create an even load balance
3. domain Windows 2000 domain controller support only GRIC Roaming GRIC users can use DSA 5100 UAM to login to controlled network Definable Guest Permission Maximum 10 definable filter rules Black List Maximum 5 Black Lists to disallow up to 50 pre defined user accounts from network access User Login Schedule Profile Maximum 5 schedules to control matrixes by the hour Guest Session Time Control 1 to 12 hours limit default no limit Local RADIUS Accounting Local accounting mode generated CDR liked recorder containing fields Start time End time User ID User MAC User IP Packets In Bytes In Packets Out Bytes Out RADIUS accounting mode accounting attributes User Name Calling Station ID Framed IP Address Acct Terminate Cause Acct Input Octets Acct Output Octets Acct Input Packets Acct Output Packets Generated using standardized RADIUS accounting protocols and put on RADIUS server Firewall Firewall Profiles 6 sets of IP filtering rules 50 rules for the Global set 10 rules for each set of other IP filters Following fields can be applied to machines and subnets controlled by DSA 5100 Protocol Port port range Source MAC Source destination interface Source destination IP address segment Walled Garden IP IP segments defined in Walled Garden can be visited prior to user login Machine Subnet DoS Protection NMAP FIN URG PSH Xmas Tree SYN RST Ping of Death Null Scan SYN FIN A
4. you to assign rational bandwidth usage of the 2 WAN ports Total Wireless Management Solution The DSA 5100 Network Access Control System NACS provides functions beyond the AAA standard Its 4A management solution supports not only Authentication Authorization and Accounting AAA but also Administration for all wireless and wired network users The gateway has a built in database of up to 60 customized access management rules and up to 2 000 user accounts The DSA 5100 can support up to 400 users on line at any single moment The gateway also supports POP3 RADIUS and LDAP external authentication for larger scale hot spot networks Other features IP plug and play user bandwidth control network policy enforcement customizable user timer login logout web page online traffic monitoring and URL redirection provide a number of different ways for your organization to configure and manage your hot spot as either as a free or revenue generating service Comprehensive Network Protection The DSA 5100 includes a built in DHCP server and a built in high speed routing engine an easy to use web based graphical user interface GUI with SSL protection to securely and quickly configure the device Configuration is also capable through the device s RS 232 console port To prevent unwanted Internet intruders from accessing your network the DSA 5100 has a built in Security Firewall with Denial of Service DoS prevention With IP PnP Plug and
5. Play and IP port redirection provided by the DSA 5100 users connecting to the hot spot don t need to re configure their computer s settings to send or retrieve e mail or access the Internet Ideal Hot Spot Solution Capable of serving hundreds of simultaneous discrete users the DSA 5100 gateway is the perfect system for a mid size enterprise and organization to provide a wireless hot spot In a matter of just a few minutes your business or organization can provide a wired or wireless hot spot while still maintaining a private network that the public will never see Whether you re an enterprise merchants association factory hospital school or public library the DSA 5100 is your instant hot spot solution AirSpot Gateway Functions amp Features Simplified wireless connection for end users No extra software required at end user side No IP setting change on end user computers Friendly end user connection to login page from web browser Minimized training cost for hot spot service providers Beyond the AAA total wireless management Satisfies 4 requirements of WLAN management Authentication Authorization Accounting Administration 4A Built in end user database with maximum 60 customizable access management rules for different groups Multiple external authentication systems support RADIUS POP3 POP3S LDAP AD Simultaneous support of multiple external authentication hosts Rational assignment of bandwidth u
6. ation interface IP monitoring Customizable user login logout web interface Targeted URL redirect after successful login Console administration interface Web based administration interface SSH remote administration interface SNMP v 2 management standard External SYSLOG server User bandwidth control Remote firmware update Configuration data backup restore Software Specifications Networking WAN Fail Condition Handling Virtual Server Mapping WAN fail condition detection using ICMP echo mechanism to ping Maximum 40 configurable mapping rules default gateway and DNS periodically 2 configurable options prior to WAN failure DMZ Server Mapping Display error message and block all access Maximum 40 configurable DMZ server mapping rules Allow free access without control IP Plug and Play Support Policy Routing Profiles Clients can use their existing pre configured IP address to access Public 6 sets of policy routing rules LAN or Private LAN port without changing their IP settings 10 rules for each policy routing set a This function 1 not supported in bridge mode 2 does not allow any L3 switch between clients and DSA 5100 NAT Router Dual Mode Operation Each VLAN LAN port separately configurable to different modes of operation User Management Destination IP Port Redirection Access Control to LAN Port Maximum 40 definable IP port redirection rules to force data packets to be Users must login first
7. dministration Customizable User Login Logout Page Uploaded login logout page may include images Image size for all uploaded images limited to 512KB Login logout pages can be enabled disabled through 128 bit SSL AirSpot Gateway Home Page Support System administrator can customize home page 2 firmware versions for different regions using different default home pages Default homepage for USA www dlink com Default homepage for other areas www dlink co uk Authentication Policy 5 sets of management types including 1 default management type distinguished by postfix Postfix of default group can be omitted for users in default group Each management type can be associated with a Black List and an authentication database Users in a management type can belong to different user groups according to various pre defined attribute matching rules Online User Monitoring Real time monitoring tool containing following fields User ID IP MAC address Packets In Bytes In Packets Out Bytes Out Idle time in seconds System administrator can logout online users individually from monitoring function Off line Usage History History file contains following fields Start End Time User ID IP MAC Address Packets In Bytes In Packets Out Bytes Out History log file can be periodically sent to system administrators in pre defined time interval from 1 hour to 24 hours through email system Generated history log files ca
8. est User Configuration E Default IP of Public LAN 192 168 1 40 Maximum 10 predefined guest accounts configurable as active or inactive Default IP of Private LAN 192 168 0 40 Local User Accounts NAT Application Protocol Pass Through Maximum 2000 user accounts When client is under NAT segment following protocols can be passed through User accounts configurable to associate with individual MAC addresses IPSEC ESP PPTP L2TP H 323 Case insensitive user IDs HTTP Proxy RADIUS Authentication Maximum 10 sets of external proxy servers Primary secondary RADIUS servers support for fault tolerant user authentication Inter Segment Roaming RADIUS authentication protocols supported PAR CHAP Authenticated users can roam between VLAN segments without changing their RADIUS attributes supported Session Timeout Idle Timeout network settings or re login to system LDAP User Database Static Route Mapping Microsoft Active Directory support Maximum 6 sets of policy routing rules Configurable fields LDAP server IP port number Base DN Maximum 10 rules per policy routing set oo POP3 Authentication Primary secondary POP3 mail server support DSA 5100 Software Specifications POP3S Authentication Primary secondary POP3 mail server with SSL support Windows Domain Authentication Microsoft NT domain controller support Transparent Windows Domain Login Automatic login to DSA 5100 upon user s successful login to Windows
9. imum network throughput 90Mbps Maximum guest accounts 10 accounts MAC ACL Dynamic Memory RAM Buffer Maximum number of on line users 400 users 128MB Maximum number of authentication authorization policies 5 policies External authentication database support POP3 POP3S RADIUS LDAP Flash Memory Firmware Windows domain 64MB Allow disallow multiple login User login schedule control LED Indicators Customizable logout timer Power per device Customizable guest session time control Status per device MAC IP address pass through Link Activity per WAN LAN port GRIC roaming in Customizable Black List Local RADIUS accountin Software Features 8 Networking Security Policy NAT router and bridge modes Secure HTML login page SSL NAT Plug and Play 64 bit 128 bit WEP encryption Static IP DHCP client and PPPoE client on WAN interface 802 1x user authentication EAP MD 5 EAP TLS Static IP DHCP client and 802 3ad under static IP on WAN2 interface Maximum 802 1q VLAN for LAN ports 32 VLANs Built in DHCP server VLAN tag range from 2 to 4094 DHCP relay Machine Subnet DoS protection Built in NTP client Customizable packet filter rules by group HTTP proxy Customizable Walled Garden free surfing area DSA 5100 Technical Specifications AirSnot Gateway Administration On line status monitoring traffic data history SSL protected administration user authentic
10. n be kept maximum 4 days Customizable received administrator mail account and received history mail account History log accessible from specific IP address Local time display on history log Web Based Administration SSL protected Serial Console Management Functions Restore to factory default Change administrator s password Network debug utilities Device service status check SSH Remote Management Functions Restore to factory default Change administrator s password Network debug utilities Device service status check Remote Firmware Upgrade Via a web based administration UI External SYSLOG External SYSLOG server can store log data for DSA 5100 Monitor IP List Using ICMP echo mechanism DSA 5100 checks accessibility for all devices configured in Monitor IP List Maximum 40 sets of IP can be defined in Monitor IP List If any device in this list loses contact DSA 5100 will send an alarm message to its system administrators via e mail SNMP Support SNMP v 2c read only access basic MIBs only Welcome E Mail Message Contains guidance to access DSA 5100 This message will be sent when users try to receive e mail before actually logged into DSA 5100 Supports POP3 protocol DSA 5100 Technical Specifications AirSpot Gateway MAC IP Pass Through Provides 100 sets of IP addresses and 100 sets of MAC addresses which can bypass login procedure but still have all general user permissi
11. ng KE CE Ordering Information DSA 5100 ACN 052 202 838 4 Port AirSpot Ticket Printer D Link Specifications subject to change without prior notice D Link is a registered trademarks of U S A TEL Canada TEL 1 714 885 6000 1 905 8295033 FAX 1 866 743 4905 FAX 1 905 8295223 EMI Certification Paan o ni Europe TEL 44 20 8731 5555 FAX 44 20 8731 5511 eraprietore Germany TEL 49 6196 77990 FAX 49 6196 7799300 FCC Class A France TEL 33 1 30238688 FAX 33 1 30238689 CE Class A Netherlands TEL 31 10 282 1445 FAX 31 10 282 1331 Belgium TEL 32 0 2 517 7111 FAX 32 0 2 517 6500 Italy TEL 39 2 2900 0676 FAX 39 2 2900 1723 Safety Approval Iberia TEL 34 93 4090770 FAX 34 93 4910795 UL Sweden TEL 46 0 8564 61900 FAX 46 0 8564 61901 Rev 01 Sep 2004 Norway TEL 47 23 897189 FAX 47 22 309085 Denmark TEL 45 43 969040 FAX 45 43 424347 Finland TEL 358 9 2707 5080 FAX 358 9 2707 5081 Singapore TEL 65 6774 6233 FAX 65 6774 6322 Australia TEL 61 2 8899 1800 FAX 61 2 8899 1868 China TEL 86 10 5863 5800 FAX 86 10 5863 5799 India TEL 91 022 2652 6696 FAX 91 022 2652 8914 Middle East Dubai TEL 9714 3916480 FAX 9714 3908881 Turkey TEL 90 212 335 2553 FAX 90 212 335 2500 Egypt TEL 202 414 4295 FAX 202 415 6704 Israel TEL 972 9 9715700 FAX 972 9 9715601 Latin America TEL 56 2 232 3185 FAX 56 2 232 0923 Brasil TEL 55 11 55039320 FAX 55 11 55039322 South Africa TEL Russia TEL
12. ons applied Idle Timeout Provides different idle timeouts for guest groups Sorry Page Mechanism to detect abnormal status of Internet connection and backend systems Displayed when WAN or external user database fails Sorry page will replace login page until abnormal status 1s recovered Max Bandwidth Control Configurable bandwidth control to limit all groups Bandwidth control customizable by group in KB MB per second 64KB 128KB 256KB 512KB IMB 2MB 5MB 10MB unlimited Wizard Support Setup wizard for easy system configuration Specific User Account Support Provides manager account Can only access specific pages e g Authentication Policies Group Configuration Black List Configuration Guest User Configuration Roaming Configuration User Control Upload File If access to other pages attempted system will display alarm message Certificate to Upload Provides upload customer key page and upload customer certificate page for user upload certificate API Support Provides API following attributes Package size translated in bytes Timeout control Kick off users Physical amp Environmental Power 110 to 240 VAC 50 60Hz Internal universal power supply Dimensions 425 mm W x 240 mm D x 44 mm H device only 19 inch rack mount width 1 U height Weight 3 3kg device only Operating Temperature 5to45C Storage Temperature 25 to 55 C Operating Humidity 5 to 95 non condensi
13. sage through a bandwidth management tools Wireless Access Point on line status monitoring through Monitor IP function Remote system maintenance in safe mode through SSL encryption Complete security features Multi layer traffic control from L2 to L4 with 802 1x standard integration End user account information protection through SSL encryption at login Customizable packet filtering rules through group policies to manage end users access End user access time control through login schedules management Multiple protection mechanisms against DoS attacks Integrated accounting engine Multiple accounting mechanisms RADIUS and local based account records support Technical Specifications Hardware Device Ports 2 WAN ports 10 100BASE TX Ethernet with 802 3ad LACP Link Aggregation support Destination IP port redirect 1 private LAN port 10 100BASE TX Ethernet with 802 1q Inter IP segment roaming VLAN tag support IPSec ESP PPTP and H 323 pass through under NAT 1 public LAN port 10 100BASE TX Ethernet Virtual Server Mapping with 802 1x authentication support DMZ Server Mapping RS 232 console port Static Route Mapping RS 232 auxiliary port reserved for thermal printer connection User Management System Performance Maximum local user accounts in built in database 2 000 accounts Maximum concurrent users supported 400 users Optional MAC address locking with local user database Max
14. to gain network access redirected from one destination to another destination Group Non Authentication Private LAN Port Maximum 6 user groups 1 guest group 5 definable user groups For connection to desktops and servers Each group configurable to have own name filter rules routing Hosts on Private LAN still under control of firewall rules bandwidth control and schedule control Bridge Mode MAC Address Control DSA 5100 can be set up as a bridge for easier network integration Maximum 40 sets of MAC addresses Limitations in bridge mode All device interfaces are bridged VLANSs are disabled External User Database Failure Condition Handling Available only when WAN port is set to static IP address Displays error message with administrator s contact information First WAN Port Connection Methods Logout Method Static IP address Manual logout password amp ID key in required DHCP client By closing logout window once user friendly logout enabled PPPOE client Login Method Second WAN Port Connection Methods Automatic login through user s cached login information Static IP address Customizable maximum remembrance of user ID DHCP client Multiple User Databases Built In DHCP Server Simultaneous support of multiple internal external user databases for Each LAN port independently configurable enabled authentication Configurable functions IP pool leasing time WINS DHCP relay DNS i per port primary secondary Gu
Download Pdf Manuals
Related Search