Page 2
D-Link Unified Access System User Manual D-Link Unified Access System User Manual FCC Warning FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
General Precautions for Rack-Mountable Products............... 19 Protecting Against Electrostatic Discharge..................20 Battery Handling Reminder ......................20 Section 2: Overview of the D-Link Unified Access System..........21 D-Link Unified Access System Components................... 21 D-Link Unified Switch ........................21 D-Link Access Point......................... 22 WLAN Visualization ........................
Page 4
Connecting the Switch and AP Directly...................49 Connecting the Switch and AP through the L2/L3 Network ............49 Connecting to the Core Network ....................50 Section 5: Installing the D-Link Unified Access System ............ 51 System Deployment Overview.......................51 Connecting the Switch to the Network....................52 Null User Authentication ........................53...
Page 5
Configuring a VAP for L3 Tunnels ....................95 Configuring AP Security ........................97 Configuring Valid Access Point Settings ..................... 101 Section 7: Managing and Maintaining D-Link Access Points ...........105 Resetting the Access Points......................... 105 Managing Radio Frequency Settings ....................105 Configuring Channel Plan and Power Settings ................
Page 6
D-Link Unified Access System Software User Manual 02/15/2011 ................................134 Viewing Access Point Authentication Failure Status................137 Monitoring Rogue and RF Scan Access Points ..................138 Detailed Access Point RF Scan Status....................140 Monitoring WIDS AP De-Authentication Attack Status ..............141 Monitoring Associated Client Information ..................142 Viewing Associated Client Status ....................143...
Page 7
Understanding the Menu Bar Options ....................197 Legend Menu..........................198 Managing the Graph..........................201 Appendix A: D-Link Unified Access System Default Settings ...........203 Default D-Link Unified Switch Settings ....................203 Default D-Link Access Point Settings ....................204 Default D-Link Access Point Profile Settings..................204 Default Captive Portal Settings......................
Page 8
D-Link Unified Access System Software User Manual 02/15/2011 Example of Configuring L3 Roaming by Using the CLI..............218 Example of Configuring L3 Roaming by Using the Web Interface ..........220 Configuring DHCP Relay and the DHCP Server..................223 Configuring the Relay Agent ......................223 Configuring the DHCP Server ......................224...
Page 9
Figure 4: Web Interface Layout........................26 Figure 5: Cascading Navigation Menu......................27 Figure 6: Hierarchical Tree Navigation Menu ....................27 Figure 7: D-Link Unified Access System Components ................... 34 Figure 8: Wiring Closet Topology........................35 Figure 9: Data Center Topology........................36 Figure 10: Inter-Subnet Roaming........................
Page 10
D-Link Unified Access System Software User Manual 02/15/2011 Figure 34: L3 Discovery Example 2 ........................60 Figure 35: DHCP Option Example ........................60 Figure 36: Requiring AP Authentication ......................71 Figure 37: MAC Access Control ........................80 Figure 38: Radio Settings..........................82 Figure 39: VAP Settings ............................86 Figure 40: Configuring Network Settings......................88...
Page 11
Software User Manual D-Link Unified Access System 02/15/2011 Figure 69: Ad Hoc Clients ..........................151 Figure 70: Multiple AP Profiles........................153 Figure 71: Adding a Profile ..........................154 Figure 72: Configuring an AP Profile ......................155 Figure 73: Applying the AP Profile ........................156 Figure 74: Global Configuration ........................
Page 12
D-Link Unified Access System Software User Manual 02/15/2011 Figure 104:Legend ............................199 Figure 105:Sentry Mode - Detailed View ......................199 Figure 106:Channel Colors ..........................200 Figure 107:Tool Tip for Radio Managed AP Information ................200 Figure 108:Wireless Component Attributes ....................201 Figure 109:Example of a Network with L3 Tunnel Subnet ................213 Figure 110:Traffic Prioritization ........................231...
Page 13
Software User Manual D-Link Unified Access System 02/15/2011 IST OF ABLES Table 1: Typographical Conventions ......................18 Table 2: D-Link Access Points........................22 Table 3: LED Description..........................41 Table 4: Basic Wireless Global Configuration ....................54 Table 5: IEEE 802.1X Supplicant Commands ....................57 Table 6: AP VLAN Commands ........................
Page 14
D-Link Unified Access System Software User Manual 02/15/2011 Table 35: Neighbor AP Clients ........................132 Table 36: Managed Access Point VAP Status ....................133 Table 37: Managed Access Point WLAN Summary Statistics ...............134 Table 38: Managed Access Point Ethernet Summary Statistics ..............134 Table 39: Detailed Managed Access Point Statistics ..................135...
Page 15
Software User Manual D-Link Unified Access System 02/15/2011 Table 70: Local User Configuration ....................... 178 Table 71: Captive Portal User RADIUS Attributes..................179 Table 72: Global Captive Portal Configuration ....................181 Table 73: Global Captive Portal Status......................182 Table 74: CP Activation and Activity Status....................183 Table 75: Interface Activation Status ......................
Page 16
D-Link Unified Access System Software User Manual 02/15/2011 Page 16 34CS3000-SWUM104-D10...
D-Link Unified Access System 02/15/2011 S ec t io n 1 : A b o ut Th i s D o cu m en t This guide describes the planning, setup, configuration, administration, and maintenance for the D-Link Unified Access System. UDIENCE The information in this guide is intended for the person responsible for installing, configuring, monitoring, and maintaining the D-Link Unified Access System as part of a network infrastructure.
D-Link Unified Access System Software User Manual 02/15/2011 Table 1: Typographical Conventions Symbol Description Example Bold Menu titles, page names, and button names Click Submit to apply your settings. Blue Text Hyperlinked text. “About This Document” on page courier font Screen text, file names.
Software User Manual D-Link Unified Access System 02/15/2011 • Operate the product only from the type of external power source indicated on the electrical ratings label. If you are not sure of the type of power source required, consult your service provider or local power company.
D-Link Unified Access System Software User Manual 02/15/2011 weight of the rack rests on the floor. Install front and side stabilizers on a single rack or front stabilizers for joined multiple racks before working on the rack. • Always load the rack from the bottom up, and load the heaviest item in the rack first.
D-Link Unified Switch The D-Link Unified Switch handles Layer 2, 3, and 4 switching and routing functions for traffic on the wired and wireless LAN. The DWS-3024L manages up to 24 access points (APs), and the DWS-3024 and DWS-3026 switches manage up to 48 APs.
The D-Link Access Point can operate in one of two modes: Standalone Mode or Managed Mode. In Standalone Mode, the D-Link Access Point acts as an individual access point in the network, and you manage it by connecting to the AP and using the Administrator Web User Interface (UI) or command-line interface (CLI).
The WLAN network topology you use depends on the size and requirements of your network. Small-to-medium networks might require only one Unified Switch that manages a few D-Link Access Points. For larger networks that need greater roaming capabilities for wireless clients, a deployment with multiple peer switches that each manage several APs might be appropriate.
Software User Manual 02/15/2011 Single Unified Switch Deployment When you deploy a D-Link Access Point, the D-Link Unified Switch can automatically detect the AP and assign a default profile, which includes automatic RF channel selection and automatic power adjustment. Figure 2 shows a deployment with one D-Link Unified Switch that manages three D-Link Access Points.
D-Link Unified Access System locally or remotely. Management is standards-based, with configuration parameters and a private MIB that provides control for functions not completely specified in the standard MIBs. The method you use to configure and monitor the D-Link Unified Switch depends on your network size and requirements, and on your preference.
Interface Configuration Graphic The interface configuration graphic is a Java™ applet that displays the ports on the D-Link Unified Switch. This graphic appears at the top of each page to provide an alternate way to navigate to configuration and monitoring options.
Software User Manual D-Link Unified Access System 02/15/2011 If you click the graphic but do not click a specific port, the main menu appears. This menu contains the same option as the navigation menu on the left side of the page.
D-Link Unified Access System Software User Manual 02/15/2011 Configuration and Monitoring Options The panel directly under the graphic and to the right of the navigation menu displays the configuration information or status for the page you select. On pages that contain configuration options, you can input information into fields or select options from menus.
Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, you need to configure a new user profile. To configure a profile by using the CLI, see the SNMP section in the D-Link CLI Command Reference.
Page 30
D-Link Unified Access System Software User Manual 02/15/2011 • IP Tunneling • Spanning Tree • Auto detection and configuration of APs • Automatic Peer-Switch Discovery • Automatic or Manual RF Channel Assignment • Automatic or Manual AP Power Adjustment •...
Page 31
Each AP supports up to 16 virtual access points (VAPs) per radio for DWL-8600. You can configure a unique SSID and security policy on each VAP. The following list shows some of the D-Link Access Point features and standards support: •...
Page 32
D-Link Unified Access System Software User Manual 02/15/2011 Wireless Statistics Virtual AP with Multiple BSSIDs/SSIDs • WLAN AP Management CLI Management (SSH) Web Management (SSL support) TFTP • WLAN Networking and QoS Switch/AP Discovery Tunneling WMM (802.11e) Note: For the IEEE 802.11e, only Unscheduled Automatic Power Save Delivery (U-APSD), part of the 802.11e, is supported when DWL-8600APs are managed by a DWS-3000 switch.
You accomplish the initial D-Link Unified Switch configuration by using a direct cable connection. After the initial configuration, you can manage the Unified Switch by using a Web-based user interface (UI), command line interface (CLI), or SNMP. The following list describes the minimum requirements you need to install and manage the D-Link Unified Switch: •...
In <Link>Figure 8, the D-Link Unified Switches are both LAN and WLAN switches that handle traffic from end users connected to the wired LAN as well as traffic from the D-Link Access Points. In the diagram, Building 1 and Building 2 have a D-Link Unified Switch on each floor.
To Network Backbone The four D-Link Unified Switches are in the same peer group. This allows wireless clients to roam between floors and between buildings without the need to re-authenticate. Additionally, each Unified Switch shares its list of managed APs and wireless clients with the switches in the peer group so that the APs and wireless clients are not reported as rogues (unknown).
Access Point Placement D-Link Access Points can be on the same subnet as the switch or on a different subnet. You can connect the AP directly to the Unified Switch or to another networking device. The range of the D-Link Access Point is about 100 meters, but the range is affected by various environmental factors.
Routing must be enabled on the switch to support L3 roaming. <Link>Figure 10 shows a single wireless client as it roams among three APs in three different subnets. A D-Link Unified Switch controls the three APs. When the wireless client connects to any of the APs, it receives an IP address from the Unified Switch that is in the L3 Tunnel subnet.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 10: Inter-Subnet Roaming Client IP: 10.20.20.12 AP 1 Unified Switch IP: 192.168.24.173 L3 Tunnel Subnet Client IP: 10.20.20.0 IP: 10.20.20.12 AP 2 IP: 192.168.38.66 AP 3 IP: 192.168.85.49 Client IP: 10.20.20.12 In the tunneling configuration, you can use ACL lists and QoS parameters to ensure that time-sensitive traffic, such as VoIP, takes priority over other WLAN traffic.
S ec t io n 4 : I n stal li n g t he H ar d w ar e This chapter provides instructions for installing the D-Link DWS-3024, DWS-3024L, and DWS-3026 switch hardware. The following sections describe this installation process: •...
D-Link Unified Access System Software User Manual 02/15/2011 Figure 11: Front Panel View of the DWS-3024L as Shipped Figure 12: Front Panel View of the DWS-3024 as Shipped Figure 13: Front Panel View of the DWS-3026 as Shipped LED Indicators The Switch supports LED indicators for Power, Console, RPS, PoE, and Port LEDs including 10GE port LEDs for optional module inserts on the DWS-3026.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 14: LED Indicators on DWS-3024L Figure 15: LED Indicators on DWS-3024 Figure 16: LED Indicators on DWS-3026 The following table describes the LEDs and the Mode Select Button on the front panel of each Switch.
D-Link Unified Access System Software User Manual 02/15/2011 Table 3: LED Description (Cont.) Description Link/Act/Speed and You can change the mode of the LEDs over each port to display the information about the link, PoE Mode activity, and speed of a port or whether 802.3af Power Over Ethernet (PoE) is supporting devices attached to the port.
4 Four rubber feet with adhesive backing 5 RS-232 console cable 6 One CD Kit for DWS-3000 Series D-Link Unified Access System User Manual and D-Link CLI Command Reference 7 Registration card & China Warranty Card (for China only) If any item is missing or damaged, please contact your local D-Link Reseller for replacement.
D-Link Unified Access System Software User Manual 02/15/2011 • The power outlet should be within 1.82 meters (6 feet) of the Switch. • Visually inspect the power cord and see that it is fully secured to the AC power port.
Installing the SFP ports The DWS-3000 series switches are equipped with SFP (Small Form-factor Pluggable) ports, which are to be used with fiber- optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 22: Inserting the Fiber-Optic Transceivers into the Switch Installing the Optional Modules The rear panel of the DWS-3026 includes two open slots that may be equipped with the DEM-410X 1-port 10GE XFP uplink module, or a DEM-410CX 1-port 10GBASE-CX4 uplink module, both sold separately.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 23: Front Panel of the DEM-410X Figure 24: Front Panel of the DEM-410CX Install the Module Unplug the Switch before removing the faceplate covering the empty slot. To install the module, slide it in to the available slot at the rear of the Switch until it reaches the back, as shown in the following figure.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 26: DWS-3026 with optional DEM-410X module installed Connecting to the External Redundant Power System The Switch supports an external redundant power system (RPS). The diagrams below illustrate a proper RPS power connection to the Switch.
Connect a switch supporting a fiber-optic uplink to the Switch's SFP ports via fiber-optic cabling. • Change the Switch to PoE mode using the Mode Select button. When in PoE Mode, the Switch works with all D-Link 802.3af capable devices.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 29: Switch and APs Connected Through Network L2/L3 Network Access Point Access Point Connecting to the Core Network The optional 10GB ports on the DWS-3026 are ideal for uplinking to the core network. Connections to the Gigabit Ethernet ports are made using a fiber-optic cable or Category 5e copper cable, depending on the type of port.
The WLAN features on the switch are enabled by default. The WLAN feature must be enabled in order for the switch to discover and validate D-Link Access Points. If the routing mode is disabled, the Unified Switch function uses the IP address of the network interface.
ETWORK After you perform the physical hardware installation, you need to connect the D-Link Unified Switch to the network. The default IP address of the switch is 10.90.90.90/8, and DHCP is disabled by default. If you want to enable DHCP on the switch or assign a different static IP address, you must connect to the switch and change the default settings.
6 To save these changes so they are retained during a switch reset, enter the following command: write Once the D-Link Unified Switch is connected to the network, you can use the IP address for remote access to the switch by using a Web browser or through Telnet or SSH.
No IP Address—The WLAN interface does not have an IP address. • No SSL Files—The D-Link Unified Switch communicates with the APs it manages by using Secure Sockets Layer (SSL) connections. The first time you power on the Unified Switch, it automatically generates a server certificate that will be used to set up the SSL connections.
You can access the AP CLI only through Telnet. The default IP address is 10.90.90.91/8, and DHCP is enabled by default on the D-Link Access Point. When you connect the AP to a network with a DHCP server, the AP automatically acquires an IP address.
D-Link Unified Access System Software User Manual 02/15/2011 For initial configuration with a direct Ethernet connection, make sure your PC has an IP address in the 10.0.0.0/8 subnet so you can access the AP CLI. To use a direct-cable connection, connect one end of an Ethernet straight-through or crossover cable to the network port on the access point and the other end of the cable to the Ethernet port on the PC, as shown in <Link>Figure 31.
Software User Manual D-Link Unified Access System 02/15/2011 Table 5 shows the commands you can use to configure 802.1X supplicant information. Table 5: IEEE 802.1X Supplicant Commands Action Command View 802.1X supplicant settings get dot1x-supplicant Enable 802.1X supplicant set dot1x-supplicant status up Disable 802.1X supplicant...
Rogue APs • Rogue wireless clients. This section describes the procedures you use to discover D-Link Access Points and other D-Link Unified Switches. For information about the discovery of wireless clients, see “” on page 142. For more information about discovering rogue devices, see “Monitoring Rogue and RF Scan Access Points”...
Example 2: IP Address of AP Configured in the Switch Figure 33 shows two access points. One AP is directly connected to the D-Link Unified Switch, and the other AP is connected via a L3 switch. Figure 33: L3 Discovery Example 1...
02/15/2011 Example 3: IP Address of Switch Configured in the AP In this example, the administrator connects to the access point CLI and statically configures the IP addresses of two D-Link Unified Switches that are allowed to manage the AP.
TCP connection with the current switch and starts a new discovery process. You can configure the D-Link Unified Access System so that each AP is allowed to be managed by any of the four switches in a peer group. If the Unified Switch that manages an AP goes down, one of the backup switches takes over the management responsibilities.
Page 62
D-Link Unified Switch with Routing Enabled If the routing mode is enabled on the D-Link Unified Switch, you must create a loopback or routing interface on the switch. Peer switches and APs use the IP Address of the lowest loopback interface index to identify and communicate with the switch.
Page 63
D-Link Access Point On the D-Link Access Points, the default IP address is 10.90.90.91/8, and DHCP is enabled by default. If you do not have a DHCP server on the network, the AP retains its default IP address until you assign a static IP address.
The Wireless Device Discovery Protocol is part of the D-Link Wireless AP Protocol (DWAPP). It is a good discovery method to use if D-Link Unified Switches and D-Link Access Points are located in the same Layer 2 multicast domain. The D-Link Unified Switch periodically sends a multicast packet containing the discovery message on each VLAN enabled for discovery.
Page 65
“Authenticating and Validating Access Points” on page The following example shows how to add a VLAN to the list by using the CLI. 1 From a Telnet, SSH, or serial connection, log on to the D-Link Unified Switch and enter the Wireless Configuration mode. (switch-prompt) >enable...
3 Clear the check box for L2/IP Discovery to prevent the switch from sending L2 Discovery messages. 4 Make sure the check box for L3/IP Discovery is selected and add the range of peer switch or D-Link Access Point IP addresses in the From and To fields next to IP Address Range.
Page 67
The following example shows how to add an address to the L3 Discovery list by using the CLI. 1 From a Telnet, SSH, or serial connection, log on to the D-Link Unified Switch and enter the Wireless Configuration mode. (switch-prompt) >enable...
Page 68
AP. You can connect directly to the AP CLI and configure the IP address of the switch that will manage the AP. If you know the IP address of the D-Link Access Point, you can Telnet to the CLI. The default IP address of the AP is 10.90.90.91 with a default subnet mask of 255.0.0.0.
Page 69
Instead of statically configuring the Unified Switch IP address in the AP, you can configure the DHCP server on your network to pass the IP addresses of up to four D-Link Unified Switches to the access point in DHCP option 43. If you configured a static IP address in the D-Link Access Point, the AP ignores DHCP option 43.
OINTS For a D-Link Unified Switch to manage an AP, you must add the MAC address of the AP to the local or external RADIUS database. When the switch discovers an AP that is not managed by another Unified Switch, it looks up the MAC address of the AP in the local or RADIUS Valid AP database.
Software User Manual D-Link Unified Access System 02/15/2011 and assumes management. If you have not added the MAC address of the AP to the database, the AP appears in the Authentication Failed Access Points list, and the failure type is No Database Entry.
D-Link Unified Access System Software User Manual 02/15/2011 Using the Local Database for AP Validation To use the local Valid AP database, set the AP MAC Validation to local, add APs to the database, and configure the settings for the APs in the database. All of the configuration takes place on the switch.
(switch-prompt) (Config-ap)#password Enter password (8 - 63 characters):****************** Re-enter password:****************** For information about configuring additional database parameters for an AP by using the CLI, see the D-Link CLI Command Reference. Using the RADIUS Database for AP Validation To use a RADIUS server to validate the AP, you must configure settings on both the Unified Switch and the RADIUS server.
Enter secret (16 characters max):****************** Re-enter secret:****************** For information about configuring additional RADIUS parameters by using the CLI, see the D-Link CLI Command Reference. Managing Failed or Rogue APs If an AP attempts to contact a switch but the authentication fails or if the MAC address of an AP is not in the Valid AP database, AP Validation fails and the AP appears in the list on the Authentication Failed Access Points page.
Page 75
Software User Manual D-Link Unified Access System 02/15/2011 learns about an AP that is not in the database, and the AP has not tried to discover the switch, the AP appears in the list on the Rogue/RF Scan Access page.
Page 76
D-Link Unified Access System Software User Manual 02/15/2011 To view the list of failed APs by using the CLI, use the show wireless ap failure status command in Privileged EXEC mode. To view the list of APs detected through the RF scan, use the show wireless ap rfscan status command.
After you validate a D-Link Access Point that associates with a switch, the switch assumes management functions for the AP. You can configure all of the AP settings directly from the switch before or after you validate the AP. The D-Link Unified Access System utilizes the D-Link Wireless AP Protocol (DWAPP) for the switch to discover, configure, manage, and monitor the APs.
In general, a wireless client connects to an access point by choosing a network (identified by the SSID) from a list of available wireless networks. You configure these wireless networks, including their associated SSID, on the D-Link Unified Switch. You manage the networks available on the WLAN by modifying or adding network configurations, which include settings for the SSID, VLAN ID, security, and tunneling parameters.
Software User Manual D-Link Unified Access System 02/15/2011 Configuring AAA and RADIUS Settings In the D-Link Unified Access System, you can use a RADIUS server for the following functions: • Management of client-to-AP authentication and accounting • Management of AP-to-Switch authentication and accounting •...
D-Link Unified Access System Software User Manual 02/15/2011 Note: The MAC list label updates depending on the default action you select. Figure 37: MAC Access Control Allows only MAC addresses that appear in the list Denies only MAC addresses that...
Software User Manual D-Link Unified Access System 02/15/2011 Table 10: MAC Authentication Field Description Client Name Enter the name of the wireless client to allow or deny access to all APs that use this profile. This is a user-friendly name of up to 32 printable ASCII characters assigned to a client entry in the local Client MAC Authentication list.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 38: Radio Settings The following table describes the fields you can configure from the Radio tab on the Basic Setup page. After you change the settings, click Submit to apply the settings.
Page 83
Software User Manual D-Link Unified Access System 02/15/2011 Table 11: Radio Settings Field Description Load Balancing If you enable load balancing, you can control the amount of traffic that is allowed on the AP. Load Utilization This field allows you to set a threshold for the percentage of network bandwidth utilization allowed on the radio.
Page 84
D-Link Unified Access System Software User Manual 02/15/2011 Table 11: Radio Settings Field Description Mode The Mode defines the Physical Layer (PHY) standard the radio uses. The DWL-3500AP and Radio 1 on the DWL-8500AP use the IEEE 802.11g mode PHY standard.
Software User Manual D-Link Unified Access System 02/15/2011 Table 11: Radio Settings Field Description Automatic Power The power level affects how far an AP broadcasts its RF signal. If the power level is too low, wireless clients will not detect the signal or experience poor WLAN performance. If the power level is too high, the RF signal might interfere with other APs within range.
D-Link Unified Access System Software User Manual 02/15/2011 Table 12: Advanced Radio Configuration Field Description 802.11n Protection When an IEEE 802.11n mode is selected, configure either Auto or Off for 802.11n protection. Not all countries that allow 802.11b/g/a also allow 802.11n. If the administrator selects a mode other than 802.11n, then the 802.11n Protection field is disabled.
Software User Manual D-Link Unified Access System 02/15/2011 VAPs can help you maintain better control over broadcast and multicast traffic, which affects network performance. You can also configure different security mechanisms for each VAP. A VAP is a “physical” entity. Each VAP maps directly to a MAC address. A network is a logical entity that you apply to a VAP.
Each network is identified by its Service Set Identifier (SSID), which is an alphanumeric key that identifies a wireless local area network. You can configure up to 64 different networks on the D-Link Unified Switch. Each network can have a unique SSID, or you can configure multiple networks with the same SSID.
The nodes in a VLAN share resources and bandwidth, and are isolated on that network. The D-Link Unified Access System supports the configuration of a wireless VLAN. You can configure each VAP to be on a unique VLAN or on the same VLAN as other VAPs.
Page 90
D-Link Unified Access System Software User Manual 02/15/2011 Table 14: Wireless Network Configuration Field Description If you enable MAC authentication, wireless clients must be authenticated by the AP in order Authentication to connect to the network. You must configure the MAC addresses of the clients to accept or deny (based on the default action you set in the AP profile) in one of the following databases: •...
Page 91
Software User Manual D-Link Unified Access System 02/15/2011 Table 14: Wireless Network Configuration Field Description Client QoS The Client QoS parameters allow the switch to apply access control lists (ACLs) and differentiated service (DiffServ) policies to wireless clients associated to the AP and extend the switch QoS features into the wireless domain.
The nodes in a VLAN share resources and bandwidth, and are isolated on that network. The D-Link Unified Access System supports the configuration of a wireless VLAN. You can configure each VAP to be on a unique VLAN or on the same VLAN as other VAPs.
Page 93
Click Refresh to update the Wireless Network Summary page with the most current information. D-Link's Adaptable Wireless technology provides you with the choice to associate a wireless network (SSID) with a VLAN or a tunneled subnet. To associate an SSID with a VLAN, enter a VLAN ID in the VLAN field. To associate an SSID with a tunneled subnet, enable L3 Tunnel and complete the L3 Tunnel Subnet and L3 Tunnel Mask fields.
D-Link Unified Access System Software User Manual 02/15/2011 Enabling and Configuring Additional VAPs When a wireless client searches for available wireless networks, each VAP you enable on the VAP tab appears as a separate network to the wireless client. Figure 41 shows an example of an AP Profile with a VAP enabled.
Although the wireless client finds five different wireless networks, these networks are all on the same access point. The D-Link Access Point looks like five separate access points to the wireless client. In this example, the administrator configured multiple VAPs based on different functional groups within the company. Each VAP has a different SSID, security settings, and VLAN ID to separate traffic.
In general, only clients that transmit and receive time-sensitive data while roaming need to take advantage of this feature. <Link>Figure 43 shows a network with two APs that are controlled by a D-Link Unified Switch. The APs and switch are all on different subnets.
If you select None as your security mode, no further options are configurable on the AP. This mode means that any data transferred between the D-Link Access Point and the associated wireless clients is not encrypted, and any wireless client can associate with the AP.
D-Link Unified Access System Software User Manual 02/15/2011 If you select WEP as the Security Mode, additional fields display, as <Link>Figure 45 shows. Figure 45: Static WEP Configuration <Link>Table 16 describes the configuration options for WEP. Table 16: Static WEP...
Page 99
Software User Manual D-Link Unified Access System 02/15/2011 Table 16: Static WEP Field Description WEP Key Length Specify the length of the key by clicking one of the radio buttons: • 64 bits • 128 bits • 152 bits The Transfer Key Index indicates which WEP key the access point uses to encrypt the data it transmits.
D-Link Unified Access System Software User Manual 02/15/2011 If you select WPA/WPA2 as the security mode, additional fields display, as <Link>Figure 46 shows. Figure 46: WPA Personal Configuration <Link>Table 17 describes the configuration options for the Static WPA security mode.
Software User Manual D-Link Unified Access System 02/15/2011 Table 17: Static WPA Field Description Passphrase The WPA Key is the shared secret key for Personal. Enter a string of at least 8 characters to a maximum of 63 characters. Pre-Authentication If you select WPA/WAP2 Enterprise, you can enable Pre-Authentication.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 47: Adding a Valid AP After you enter the MAC address of the AP to add to the list, click Add to add the AP to the database and to access the configuration page for the AP.
Administrator Web User Interface (UI) or CLI. • WS Managed—The AP is part of the D-Link Unified Access System, and you manage it by using the D-Link Unified Switch. If an AP is in Managed Mode, the Administrator Web UI on the AP are disabled.
Page 104
D-Link Unified Access System Software User Manual 02/15/2011 Table 19: Valid AP Configuration (Cont.) Field Description Channel Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. The range of channels and the default channel are determined by the Mode of the radio interface and the country in which the APs operate.
CCESS OINTS You can manually reset one or all APs from the D-Link Unified Switch. When you issue the command to reset an AP, the AP closes the SSL connection to the switch before resetting the hardware. To reset one or more APs, click AP Management > Reset.
The D-Link Unified Switch software contains a channel plan algorithm that automatically determines which RF channels each D-Link Access Point should use to minimize RF interference. When you enable the channel plan algorithm, the switch periodically evaluates the operational channel on every AP it manages and changes the channel if the current channel is noisy.
Software User Manual D-Link Unified Access System 02/15/2011 To configure Channel Plan and Power Adjustment settings, click AP Management > RF Management. Figure 50: RF Channel Plan and Power Configuration Table 20 describes the RF Channel Plan and Power Adjustment fields you can configure.
Viewing the Channel Plan History The D-Link Unified Switch stores channel assignment information for the APs it manages. To access the Channel Plan History information, click the AP Management > RF Management > Channel Plan History tab.
Operational Status This field shows whether the switch is using the automatic channel adjustment algorithm on the D-Link Access Point radios. Last Iteration The number in this field indicates the last iteration of channel plan adjustments. The APs that received a channel adjustment in previous iterations cannot be assigned new channels in the next iteration to prevent the same APs from being changed time after time.
D-Link Unified Access System Software User Manual 02/15/2011 The Current Status of the plan shows one of the following states: • None—The channel plan algorithm has not been manually run since the last switch reboot. • Algorithm In Progress—The channel plan algorithm is running.
Upgrading the Access Point Software The D-Link Unified Switch can upgrade software on the APs that it manages. To upgrade one or more D-Link Access Point from the switch that manages it, click the WLAN > Administration > AP Management > Software Download.
Software User Manual 02/15/2011 Figure 54: AP Upgrade Note: The APs automatically reset after the code is successfully downloaded. Table 22 describes the fields you must complete to upgrade D-Link Access Points. Table 22: AP Upgrade Field Description Server Address Enter the IP address of the host where the upgrade file is located.
Software User Manual D-Link Unified Access System 02/15/2011 Table 22: AP Upgrade Field Description Managed AP The combination box lists the APs that the switch manages. Each AP is identified by its MAC address and location (if specified). To upgrade one or more APs, select the AP MAC address from the list.
RF channel and power for each radio on an AP. Figure 56: Advanced AP Management Each AP managed by the D-Link Unified Switch is listed by its MAC address and location. The location is based on the value in the RADIUS or local Valid AP database.
Software User Manual D-Link Unified Access System 02/15/2011 Table 24: Advanced AP Management Field Description Debug To help you troubleshoot, you can enable Telnet access to the AP so that you can debug the device from the CLI. The Debug field shows the debug status and can be one of the following: •...
D-Link Unified Access System Software User Manual 02/15/2011 Table 25: AP Debug Field Description Enable Debug Select or clear the Enable check box to enable or disable debugging. Once once you Telnet to the AP, you get an AP interface login prompt. The user name is admin.
Page 117
Software User Manual D-Link Unified Access System 02/15/2011 Table 26: Managed AP Channel/Power Adjust Field Description Channel Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. The range of channels and the default channel are determined by the Mode of the radio interface.
Page 118
D-Link Unified Access System Software User Manual 02/15/2011 Page 118 Document 34CS3000-SWUM104-D10...
“Viewing Client Authentication Failure Status” • “Monitoring and Managing Ad Hoc Clients” For information about the commands you use to view WLAN status and statistics by using the CLI, see the D-Link CLI Command Reference. Monitoring Wireless Global Information The D-Link Unified Switch periodically collects information from the D-Link Access Points it manages and from peer switches that are associated with it.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 57: Global WLAN Status Table 27 describes the fields on the Wireless Global Status page. Table 27: Global WLAN Statistics Field Description WLAN Switch This status field displays the operational status of the WLAN Switch. The WLAN Switch may Operation Status be configured as enabled, but is operationally disabled due to configuration dependencies.
Page 121
“Managed Access Points,” “Connection Failed Access Points,” and “Discovered Access Points.” Standalone Access Total number of detected D-Link Access Points that are in Standalone Mode. APs in Points Standalone Mode are not currently managed by a D-Link Unified Switch. Managed Access...
Switch” on page Monitoring Peer Switch Status The Peer Switch page provides information about other D-Link Unified Switches in the network. To access the peer switch information, click Monitoring > Peer Switch. Peer Unified Switches within the same peer group exchange data about themselves, their managed APs, and clients. The switch maintains a database with this data so you can view information about a peer, such as its IP address and software version.
Software User Manual D-Link Unified Access System 02/15/2011 Peer switches do not exchange configuration profiles or additional data about their managed APs. This means that you cannot view any other status or statistics for a managed AP from a peer switch. However, switches do use shared information for rogue AP detection.
D-Link Unified Access System Software User Manual 02/15/2011 Monitoring All Access Points The Monitoring > Access Points > All Access Points page shows summary information about managed, failed, and rogue access points the switch has discovered or detected. Figure 60: All Access Points In the AP listing, a green font color indicates a Managed AP.
Radio Shows the wireless radio mode that each radio on the AP is using. The D-Link DWL-3500AP access point has one radio, and the D-Link DWL-8500AP access point has two radios. Channel Shows the operating channel for the radio.
D-Link Unified Access System Software User Manual 02/15/2011 ONITORING ANAGED CCESS OINT TATUS From the Monitoring > Access Points > Managed Access Points page, you can access a variety of information about each AP that the switch manages. The pages you access from the Status tab provide configuration and association information about managed APs and their neighbors.
Page 127
AP database (either locally or on the RADIUS server) the AP must be reset to configure with the new profile. Radio Shows the wireless radio mode that each radio on the AP is using. The D-Link DWL-3500AP access point has one radio, and the D-Link DWL-8500AP access point has two radios. Channel Shows the operating channel for the radio.
• Switch IP Configured - The managed AP is configured with the Unified Switch IP address. • Switch IP DHCP - The managed AP learned the current Unified Switch IP address through DHCP option 43. • L2 Poll Received - The AP was discovered through the D-Link Wireless Device Discovery protocol. Configuration Status This status indicates if the AP is configured successfully with the assigned profile.
Software User Manual D-Link Unified Access System 02/15/2011 Table 31: Detailed Managed Access Point Status Field Description Software Version Indicates the version of software on the AP, this is learned from the AP during discovery. Last Failing If the configuration status indicates a partial success or complete failure, this field indicates Configuration Element the last element that failed during configuration.
D-Link Unified Access System Software User Manual 02/15/2011 Table 32: Managed AP Radio Summary Field Description Associated Clients Total count of clients associated on the physical radio, this is a sum of all the clients associated to each VAP enabled on the radio.
The Ethernet MAC address of the neighbor AP network, this could be a physical radio interface or VAP MAC address. For D-Link Access Points this is always a VAP MAC address. The neighbor AP MAC address may be cross-referenced in the RF Scan status.
Viewing Clients Associated with Neighbor Access Points The Neighbor Clients page shows information about wireless clients that have been discovered by the selected AP. D-Link Access Points can store information for up to 1024 wireless clients. If the information exceeds the capacity, the oldest data in the neighbor client list is overwritten.
Software User Manual D-Link Unified Access System 02/15/2011 Table 36: Managed Access Point VAP Status Field Description MAC Address -Location Shows the MAC address and location of the AP to which the values on the page apply. To (Menu) view details about a different AP, select its MAC address from the menu.
D-Link Unified Access System Software User Manual 02/15/2011 On the WLAN Summary and Ethernet Summary pages, click the MAC address of the AP to view detailed statistics about the AP. Table 37: Managed Access Point WLAN Summary Statistics Field Description MAC Address The Ethernet address of the Unified Switch managed AP.
Software User Manual D-Link Unified Access System 02/15/2011 Table 39 describes the fields you see on the Detail page for the managed access point statistics. Table 39: Detailed Managed Access Point Statistics Field Description MAC Address -Location Shows the MAC address and location of the AP to which the values on the Menu) page apply.
D-Link Unified Access System Software User Manual 02/15/2011 Table 40: Managed Access Point Radio Statistics (Cont.) Field Description Duplicate Frame Count Number of times a frame is received and the Sequence Control field indicates is a duplicate. Failed Transmit Count Number of times a MSDU is not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit.
For more information, see Appendix B:, “Configuring the External RADIUS Server” on page 207. Click the MAC address of the AP to view more information about the AP. If the AP is not a D-Link Access Point, some values are unknown.
“Configuring Wireless Radio Settings” on page The D-Link Unified Switch considers an access point to be a Rogue if is detected during the RF scan process and the MAC address of the detected AP is not in the local or RADIUS Valid AP database or if the AP is not managed by a peer switch.
Software User Manual D-Link Unified Access System 02/15/2011 Note: You cannot sort the list in the Under Mitigation column. Status entries in the RF Scan list are collected at a point in time and eventually age out. The age value for each entry shows how long ago the switch recorded the entry.
MAC Address The Ethernet MAC address of the detected AP, this could be a physical radio interface or VAP MAC. For D-Link Access Points this is always a VAP MAC address. SSID Service Set ID of the network, this is broadcast in detected beacon frame.
Software User Manual D-Link Unified Access System 02/15/2011 Monitoring WIDS AP De-Authentication Attack Status The basic technique employed by the wireless system for automatically protecting the network against rogue APs is to send de-authentication messages to clients by faking the rogue AP MAC address as the source MAC and BSSID of the de- authentication frame and using the broadcast MAC address as the destination of the de-authentication packet.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 65: AP De-Authentication Attack Status Table 44: AP De-Authentication Attack Status Field Description BSSID BSSID of the AP against which the attack is launched. The range is MAC Address. Channel The channel on which the rogue AP is operating. The range is 1-161.
D-Link Unified Access System 02/15/2011 • VAP Status—Shows the clients associated with a specific VAP on a D-Link Access Point • Statistics—Shows statistics about wireless clients that are associated with APs managed by the switch and contains the following information: Association Summary—Shows the statistics for a wireless client while it is associated with a single AP.
D-Link Unified Access System Software User Manual 02/15/2011 WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down that are used by 802.1X-authenticated wireless clients to supply the necessary rate limiting information to the AP. Similar bandwidth maximum up and down rate limit parameters are included in the wireless network configuration to be used for clients without valid RADIUS attributes of their own.
Software User Manual D-Link Unified Access System 02/15/2011 Table 46: Associated Client QoS Status Field Description Bandwidth Limit Down Shows the maximum rate at which the client receives traffic from the AP in bits per second. The rate shown in this field is the configured value rounded down to the nearest 64 kbps.
D-Link Unified Access System Software User Manual 02/15/2011 Table 47: Detailed Associated Client Status Field Description Captive Portal This field appears only if the wireless client has accessed the network through a captive portal and has been authenticated by the switch.
Viewing Associated Client Statistics A wireless client can roam among APs without interruption in WLAN service. The D-Link Unified Switch tracks the traffic the client sends and receives during the entire wireless session while the client roams among APs that the switch manages. The switch stores statistics about client traffic while it is associated with a single AP as well as throughout the roaming session.
D-Link Unified Access System Software User Manual 02/15/2011 Table 51: Associated Client Association Summary Statistics Field Description Packets Received Packets received from the client station. Bytes Received Bytes received from the client station. Packets Transmitted Packets transmitted to the client station.
Software User Manual D-Link Unified Access System 02/15/2011 Table 53: Associated Client Association Detail Statistics Field Description Duplicates Received Total duplicate packets received from the client station. • Click Refresh to update the screen with the most current information. •...
D-Link Unified Access System Software User Manual 02/15/2011 To view a list of clients that fail to associate or authenticate with the a D-Link Access Point, click the Failed Clients page. Figure 68: Client Authentication Failure Status • To delete all clients from the list, click Delete All.
Software User Manual D-Link Unified Access System 02/15/2011 The client authentication failure status for an individual client shows information about the client that failed to authenticate or associate with an AP and list the number of authentication or association failures. A client with a high number of failed authentications might indicate a possible threat to the WLAN.
D-Link Unified Access System Software User Manual 02/15/2011 • If you select the check box and click Allow MAC, the MAC address is added to the Allow MAC List in the AP Profile MAC Authentication settings. Note: The MAC address is added to the local MAC authentication list for all profiles where the global default action is set to allow (for Allow MAC), or deny (for Deny MAC).
Access point configuration profiles are a useful feature for large wireless networks with APs that serve a variety of different users. You can create multiple AP profiles on the D-Link Unified Switch to customize APs based on location, function, or other criteria.
From the Access Point Profile Summary page, you can create, copy, or delete AP profiles. You can create up to 16 AP Profiles on the D-Link Unified Switch. To create a new profile, enter the name of the profile in the Profile Name field, and then click Add.
To access an existing profile, click the tab with the name of the profile. When you add a new profile, it has the default AP settings, which are listed in Appendix A “D-Link Unified Access System Default Settings”. When you copy a profile, it has the AP settings configured in the original profile.
D-Link Unified Access System Software User Manual 02/15/2011 For more information about the fields on the QoS page, see “Click Submit to update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.” on page 159.
Software User Manual D-Link Unified Access System 02/15/2011 Configuring Global Settings The fields on the Administration > Advanced Configuration > Global > General tab are settings that apply to the D-Link Unified Switch. Figure 74: Global Configuration Table 58 describes the fields on the Wireless Global Configuration page.
Enabling SNMP Traps If you use Simple Network Management Protocol (SNMP) to manage the D-Link Unified Switch, you can configure the SNMP agent on the switch to send traps to the SNMP manager on your network from the Administration > Advanced Configuration >...
If you enable this field, the SNMP agent sends a trap when the switch discovers a rogue AP. Wireless Status Traps If you enable this field, the SNMP agent sends a trap if the operational status of the D-Link Unified Switch changes or of any of the following databases or lists has reached the maximum number of entries: •...
Service”. Figure 76: QoS Configuration Configuring QoS on the D-Link Unified Access System consists of setting parameters on existing queues for different types of wireless traffic, and effectively specifying minimum and maximum wait times (through Contention Windows) for transmission. The settings described here apply to data transmission behavior on the access point only, not to that of the client stations.
Software User Manual D-Link Unified Access System 02/15/2011 Table 60 describes the QoS settings you can configure. Table 60: QoS Settings Field Description Queue Queues are defined for different types of data transmitted from AP-to-station: Data 0 (Voice) High priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.
Page 162
With WMM enabled, QoS settings on the D-Link Unified Access System control downstream traffic flowing from the access point to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters).
Page 163
Software User Manual D-Link Unified Access System 02/15/2011 Table 60: QoS Settings (Cont.) Field Description TXOP Limit Station EDCA Parameter Only (The TXOP Limit applies only to traffic flowing from the client station to the access point.) The Transmission Opportunity (TXOP) is an interval of time when a WME client station has the right to initiate transmissions onto the wireless medium (WM).
Page 164
D-Link Unified Access System Software User Manual 02/15/2011 Page 164 Document 34CS3000-SWUM104-D10...
• “SNMP Trap Configuration” For information about the commands you use to manage and maintain the APs by using the CLI, see the D-Link CLI Command Reference. Note: The captive portal configuration pages are available from the Security folder under both the LAN and WLAN tabs.
D-Link Unified Access System Software User Manual 02/15/2011 Configuring Global Captive Portal Settings Use the CP Global Configuration page to control the administrative state of the CP feature and configure global settings that affect all captive portals configured on the switch. To configure the global CP settings, click Security > Captive Portal >...
Software User Manual D-Link Unified Access System 02/15/2011 Configuring the Captive Portal Use the CP Summary page to create or delete captive portal configurations. The switch supports 10 CP configurations. CP configuration 1 is created by default and can not be deleted. Each CP configuration can contain up to 5 locale specific web configurations.
Changing the Captive Portal Settings By default, the D-Link Unified Switch has one captive portal. You can change the settings for that captive portal, and you can also create and configure up to nine additional portals. After you create a captive portal from the CP Summary page, you can change its settings.
Page 169
Software User Manual D-Link Unified Access System 02/15/2011 Table 63: CP Configuration (Cont.) Field Description Protocol Mode Choose whether to use HTTP or HTTPs as the protocol for the portal to use during the verification process. • HTTP: Does not use encryption during verification •...
D-Link Unified Access System Software User Manual 02/15/2011 Table 63: CP Configuration (Cont.) Field Description Session Timeout (secs) Enter the number of seconds to wait before terminating a session. A user is logged out once the session timeout is reached. If the value is set to 0 then the timeout is not enforced.
Software User Manual D-Link Unified Access System 02/15/2011 You can create up to five locale-specific web pages for each captive portal as long as the pages all use the same verification type; either guest or authorized user web pages. This allows you to create pages in a variety of languages to accommodate a diverse group of users.
D-Link Unified Access System Software User Manual 02/15/2011 Table 64: CP Web Page Customization - Global Parameters Field Description Available Images The menu shows the images that are available to use for the page branding and the account image. To add images, click Browse and select an image on your local system (or accessible from your local system).
Software User Manual D-Link Unified Access System 02/15/2011 Figure 82: CP Web Page Customization - Authentication Page The following table describes the additional fields on the CP Web Page Customization - Authentication page. Table 65: CP Web Page Customization - Authentication Page...
Page 174
D-Link Unified Access System Software User Manual 02/15/2011 Table 65: CP Web Page Customization - Authentication Page (Cont.) Field Description Account Image Select the optional account image that is stretched across the account column. To download a new image to the switch, use the Available Image field. The image name is 0-32 characters.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 83: CP Web Page Customization - Welcome Page The following table describes the additional fields on the CP Web Page Customization - Welcome page. Table 66: CP Web Page Customization - Welcome Page...
D-Link Unified Access System Software User Manual 02/15/2011 Table 67: CP Web Page Customization - Logout Page Field Description Browser Title Title text displayed in client’s logout browser title bar. The range is 1-128 Unicode characters. The default is Captive Portal – Logout.
You can configure a portal to accommodate guest users and authorized users. Guest users do not have assigned user names and passwords. Authorized users provide a valid user name and password that must first be validated against a local database or RADIUS server. Authorized users can gain network access once the D-Link Unified Switch confirms the user’s credentials.
D-Link Unified Access System Software User Manual 02/15/2011 Table 69: Local User Summary Field Description Idle Timeout Shows the number of seconds the user can remain idle before the switch automatically logs the user out. A value of 0 means that the user will not be logged out automatically.
Configuring Users in a Remote RADIUS Server You can use a remote RADIUS server client authorization. You must add all users to the RADIUS server. The local database in the D-Link Unified Switch does not share any information with the remote RADIUS database. Table 71 indicates the RADIUS attributes you use to configure authorized captive portal clients.
D-Link Unified Access System Software User Manual 02/15/2011 Table 71: Captive Portal User RADIUS Attributes Attribute Number Description Range Usage Default User-Password User password 8-64 Required None characters DLink-Captive- 6132, 127 A comma-delimited list of String Optional None. The Portal-Groups...
Software User Manual D-Link Unified Access System 02/15/2011 Table 72 describes the fields on the Interface Association page. Table 72: Global Captive Portal Configuration Field Description CP Configuration Lists the captive portals configured on the switch by number and name.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 89: Global Captive Portal Status Table 73 describes the fields displayed on the CP Global Status page. Table 73: Global Captive Portal Status Field Description CP Global Operational Shows whether the CP feature is enabled. The default is disabled.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 90: CP Activation and Activity Status The CP Activation and Activity Status page has a menu that contains all captive portals configured on the switch. When you select a captive portal, the activation and activity status for that portal displays.
D-Link Unified Access System Software User Manual 02/15/2011 Viewing Interface Activation Status The Interface Activation Status page shows information for every interface assigned to a captive portal instance. Use the menus to select the portal or interface with the information you want to view.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 92: Interface Capability Status The menu contains all the physical interfaces and wireless interfaces available on the switch. Physical (wired) interfaces are identified by the Port Description that includes slot number, port number, and interface type. Wireless interfaces are identified by the wireless network number and SSID.
D-Link Unified Access System Software User Manual 02/15/2011 To view information about the clients connected to the D-Link Unified Access System through the captive portal, click Security > Captive Portal > Client Connection Status. Figure 93: Client Summary Table 77 describes the fields on the Client Summary page.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 94: Client Detail The menu lists each associated client by MAC address. To view status information for a client, select it from the list. Table 78 describes the fields on the Client Detail page.
D-Link Unified Access System Software User Manual 02/15/2011 Figure 95: Client Statistics The menu lists each associated client by MAC address. To view statistical information for a client, select it from the list. Table 79 describes the fields on the Client Statistics page.
Software User Manual D-Link Unified Access System 02/15/2011 The menu lists each interface on the switch. To view information about the clients connected to a CP on this interface, select it from the list. Table 80 describes the fields on the Interface - Client Status page.
D-Link Unified Access System Software User Manual 02/15/2011 Click Refresh to update the screen with the most current information. SNMP T ONFIGURATION Use the SNMP Trap Configuration page to configure whether or not SNMP traps are sent from the Captive Portal and to specify captive portal events that will generate a trap.
• “Managing the Graph” Figure 99 shows an example of a floor plan with a D-Link Unified Switch that manages two APs. The figure also shows two switches and a rogue AP. Figure 99: Sample WLAN Visualization Importing and Configuring a Background Image By default, the WLAN Visualization graph does not have a background image.
D-Link Unified Access System Software User Manual 02/15/2011 Images that you upload should be in one of the following two file formats: • GIF (Graphics Interchange Format) • JPG (Joint Photographic Experts Group) Additionally, we recommend that you do not use color images since the WLAN components might not show up as well.
Page 193
Software User Manual D-Link Unified Access System 02/15/2011 Background Image” on page 191. 3 Enter the represented length for one of the graph dimensions (height or width). Use the Selection and Measurement menus to specify whether the length is the height or width, and whether it is in meters or feet.
D-Link Unified Access System Software User Manual 02/15/2011 and the other image was set up with a graph definition length of 800 feet. Graph Definition Length = 200’ Graph Definition Length = 800’ 4 Click Save to complete the graph setup.
Figure 101: List View and Tabbed View List View Tab View Wireless clients do not appear in the panel. Instead, they are automatically graphed based on their association with (or disassociation from) a D-Link Access Point that is graphed. Document 34CS3000-SWUM104-D10 Page 195...
D-Link Unified Access System Software User Manual 02/15/2011 If you mouse-over an ungraphed component, a tool tip appears to provide additional information about the ungraphed component, as shown in Figure 102. Figure 102: Component Tool Tip To graph a component that is listed in the panel, click the component and drag it to the location in the graph that represents the physical location of the component in the building.
Software User Manual D-Link Unified Access System 02/15/2011 NDERSTANDING THE PTIONS The following table provides an overview of the menu items available in the WLAN Visualization tool. Table 83: WLAN Visualization Menu Bar Options Menu Item Description File Force Refresh Resynchronizes the Java client application.
RF noise. Options Show Managed APs Controls whether to display D-Link Access Point on the graph. Clearing the check box hides but does not un-graph the objects. Show RF Scan APs Controls whether to display the APs detected through the RF scan. Clearing the check box hides but does not un-graph the objects.
Software User Manual D-Link Unified Access System 02/15/2011 The Images menu item shows the icons that represent the WLAN components on the graph. Figure 104: Legend As the legend shows, the Managed AP icon can be blue, green, or red, depending on the status of the AP: •...
D-Link Unified Access System Software User Manual 02/15/2011 The Channel Color legend maps the color of the power display image to the channel that the image color represents. The color corresponds to the channel that the radio is using for transmission. The available channels depend on the mode and country of operation.
Software User Manual D-Link Unified Access System 02/15/2011 ANAGING THE RAPH After you place a component on the graph, you can right-click the component to learn more information about it, un-graph it, or link to a page on the Web UI to manage or monitor the component.
Page 202
D-Link Unified Access System Software User Manual 02/15/2011 Table 84: Component Information Component Attributes Links/Commands Other AP MAC Address Status Status—Rogue, Standalone, Peer Managed, Commands: or Acknowledged AP Manage RF Channel Acknowledge Wireless Client MAC Address Associated Client Status Detail Radio—1 or 2...
Default Settings This chapter identifies the default values for the D-Link Unified Switch, the default D-Link Access Point settings, and the default AP Profile setting that the switch assigns to the AP after it is discovered and authenticated (when the AP uses the default profile).
ETTINGS Table 87 shows the AP settings for the default profile. By default, when a D-Link Access Point associates with the switch, the settings in this table are assigned to the AP upon successful AP validation. Note: Only the settings for Radio 2 will be applied to DWL-3500APs if they are managed by a DWS-3000 switch.
Server You can store the Valid AP configuration on a local database on the D-Link Unified Switch or on an external RADIUS server. This appendix describes the attributes you must define for each feature to setup their configuration on the RADIUS server.
The example in this section describes the files you need to configure in order to authenticate the D-Link Unified Switch and the D-Link Access Point with the RADIUS server and to configure the Valid AP settings in the RADIUS database.
Page 209
1—name-to-number mapping for the attribute The following code is an example of the D-Link attribute dictionary. The code shows the complete file. You can create your own dictionary and configure the attributes and values that your WLAN requires. The VENDOR field has the vendor-specific attribute name-to-number mapping.
LIENTS You can configure D-Link Access Points to use 802.1X authentication on the RADIUS server to allow or deny specific users on client stations access to the wireless network. If you enable 802.1X authentication, the client entry on a RADIUS server can support user-based VLANs and subnet assignments for IP tunneling.
Software User Manual D-Link Unified Access System 02/15/2011 Table 91 indicates the attributes that you configure in the RADIUS server entry. Table 91: RADIUS Attributes for Wireless Client MAC Authentication RADIUS Server Attribute Description Range Usage User-Name (1) Ethernet Address of the client station.
D-Link Unified Access System Software User Manual 02/15/2011 Note: Do not use the management VLAN ID of the AP for the value of the Tunnel-Private-Group-ID. The dynamically-assigned RADIUS VLAN cannot be the same as the management VLAN. If the RADIUS server attempts to assign a dynamic VLAN that is also the management VLAN, the AP ignores the dynamic VLAN assignment, and a newly associated client is assigned to the default VLAN for that VAP.
L3 Roaming can be achieved by using VLAN trunking (associate the SSID with a VLAN) or by using an L3 Tunnel (associate the SSID with a tunnel subnet). The example in this appendix describes how to configure a D-Link Unified Switch by using an L3 Tunnel for a network that needs L3 roaming capabilities.
Caution! APs, peer Unified Switches, and other routers must not be connected to the tunneling routing interface. Some phone system require placement of a call server on the same subnet as the phones. The D-Link tunneling feature supports this configuration.
Creating the VLAN Routing Interface The D-Link Unified Switch and the D-Link Access Point support Virtual LANs (VLANs) to provide the logical separation of a physical network. You can use VLANs to segment the wireless network on a per-VAP basis. VLAN routing interfaces allow VLANs to span across different subnets, which is useful for L3 Tunneling.
Page 216
D-Link Unified Access System Software User Manual 02/15/2011 MAC Address used by Routing VLANs: 00:00:00:01:00:02 Logical VLAN ID Interface IP Address Subnet Mask ------- -------------- --------------- --------------- 0/4/1 0.0.0.0 0.0.0.0 The new VLAN routing interface is 0/4/1 in unit/slot/port format. For non-stacking platforms, the interface would be 4/1.
Page 217
Software User Manual D-Link Unified Access System 02/15/2011 3 From the L3 Features > IP > Interface Configuration page, assign an IP address and subnet mask to the interface, and make sure routing is enabled. 4 From the Monitoring > L3 Status > VLAN Routing Summary page, view the summary information for the VLAN routing interface.
WPA Enterprise. Example of Configuring L3 Roaming by Using the CLI The following procedures show how to configure the D-Link Unified Switch by using the CLI. The Web interface configuration procedures follow this example. 1 Enter the network configuration mode for network 3.
Page 219
Software User Manual D-Link Unified Access System 02/15/2011 VAP 0 is the default network and is the only network enabled by default. In this example, the Guest networks is on VAP 0, the Corporate Network is on VAP 1, and the L3 Tunnel Network is on VAP 2.
D-Link Unified Access System Software User Manual 02/15/2011 Table 92: L3 Tunnel Status Values L3 Tunnel Status Description None The status might be None for one of the following reasons: • The WLAN Operational Status is disabled • L3 Tunnel is Disabled •...
Page 221
Software User Manual D-Link Unified Access System 02/15/2011 2 From Wireless Network Configuration page, configure the following settings: SSID—L3 Tunnel L3 Tunnel check box—Selected L3 Tunnel Subnet—192.168.60.0 L3 Tunnel Mask—255.255.255.0. Security—WPA/WPA2 The L3 Tunnel Subnet is the network IP address of the VLAN routing interface configured in the procedures for “Creating...
Page 222
D-Link Unified Access System Software User Manual 02/15/2011 3 Click Submit to save the changes to the L3 Tunnel network configuration. 4 Check the L3 Tunnel Status to make sure the L3 Tunnel Status is Configured. 5 To apply the profile changes to the APs, click Administration > Advanced Configuration > AP Profiles.
Software User Manual D-Link Unified Access System 02/15/2011 When you update the profile, the Unified Switch adds the L3 Tunnel network to the Managed APs that use the default profile. DHCP R DHCP S ONFIGURING ELAY AND THE ERVER Unless you use the Unified Switch as a DHCP server or use static IP addresses for all devices, you must enable DHCP relay on the switch so that the switch can forward DHCP requests from the roaming wireless clients to the DHCP server on your network.
Configuring the DHCP Server To configure DHCP on the D-Link Unified Switch, you configure the global DHCP settings and the address pool for the clients. The following example shows how to create an address pool for the wireless clients on the L3 Tunnel network. You can create additional address pools so that the DHCP server on the Unified Switch can serve IP addresses to wireless clients that use other networks (such as the Guest Network or Corporate LAN).
Page 225
Software User Manual D-Link Unified Access System 02/15/2011 Document 34CS3000-SWUM104-D10 Page 225...
Page 226
D-Link Unified Access System Software User Manual 02/15/2011 Page 226 Document 34CS3000-SWUM104-D10...
OORDINATING RAFFIC Configuring QoS options on the D-Link Unified Access System consists of setting parameters on existing queues for different types of wireless traffic. You can configure different minimum and maximum wait times for the transmission of packets in Document...
Downstream from network to access point With WMM enabled, QoS settings on the D-Link Unified Access System affect the first two of these; downstream traffic flowing from the access point to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters).
Management and control frames wait a minimum amount of time for transmission; they wait a short interframe space (SIF). These wait times are built-in to 802.11 as infrastructure support and are not configurable. The D-Link Unified Access System supports the Enhanced Distribution Coordination Function (EDCF) as defined by the 802.11e standard.
ETTER ERFORMANCE The D-Link Unified Access System includes 802.11e based packet bursting technology that increases data throughput and speed of transmission over the wireless network. Packet bursting enables the transmission of multiple packets without the extra overhead of header information. The effect of this is to increase network speed and data throughput. The size of packet bursts allowed (maximum burst length) is a configurable parameter.
Software User Manual D-Link Unified Access System 02/15/2011 Figure 110: Traffic Prioritization START Is VLAN tag? Take Priority from Is VLAN priority tag DSCP (VLAN id = 0) Is priority tag = 0 Take priority from tag Take Priority from...
Page 232
D-Link Unified Access System Software User Manual 02/15/2011 Page 232 Document 34CS3000-SWUM104-D10...
D-Link’s option, to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund the actual purchase price paid. Any repair or replacement will be rendered by D-Link at an Authorized D- Link Service Office.
Page 234
Submitting A Claim: The customer shall return the product to the original purchase point based on its return policy. In case the return policy period has expired and the product is within warranty, the customer shall submit a claim to D-Link as outlined below: •...
Page 235
LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR, REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON-CONFORMING PRODUCT.
D-Link at an Authorized D-Link Service Office. The replacement Hardware need not be new or of an identical make, model or part; D-Link may in its discretion may replace the defective Hardware (or any part thereof) with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware.
The packaged product shall be insured and shipped to Authorized D-Link Service Office with all shipping costs prepaid. D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package. The product owner agrees to pay D-Link’s reasonable handling and return shipping charges for any product that is not packaged and shipped...
02/15/2011 Technical Support You can find software updates and user documentation on the D-Link websites. If you require product support, we encourage you to browse our FAQ section on the website before contacting the support line. We have many FAQ’s that we...
Page 241
0,12€/Min aus dem Festnetz der Deutschen Telekom. Telefonische technische Unterstützung erhalten Sie Montags bis Freitags von 09.00 bis 17.30 Uhr. Unterstützung erhalten Sie auch bei der Premiumhotline für D-Link Produkte unter der Rufnummer 09001-475767 Montag bis Freitag von 6-22 Uhr und am Wochenende von 11-18 Uhr.
Page 242
Vous trouverez la documentation et les logiciels les plus récents sur le site web D-Link. Vous pouvez contacter le service technique de D-Link par notre site internet ou par téléphone. Support technique destiné aux clients établis en France: Assistance technique D-Link par téléphone : 0820 0803 03 N°...
Page 243
D-Link Unified Access System 02/15/2011 Asistencia Técnica Puede encontrar las últimas versiones de software así como documentación técnica en el sitio web de D-Link. D-Link ofrece asistencia técnica gratuita para clientes residentes en España durante el periodo de garantía del producto.
Page 244
D-Link Unified Access System Software User Manual 02/15/2011 Supporto tecnico Gli ultimi aggiornamenti e la documentazione sono disponibili sul sito D-Link. Supporto tecnico per i clienti residenti in Italia D-Link Mediterraneo S.r.L. Via N. Bonnet 6/B 20154 Milano Supporto Tecnico dal lunedì al venerdì dalle ore 9.00 alle ore 19.00 con orario continuato...
Page 245
D-Link Unified Access System 02/15/2011 Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within Benelux for the duration of the warranty period on this product. Benelux customers can contact D-Link technical support through our website, or by phone.
Page 246
Pomoc techniczna Najnowsze wersje oprogramowania i dokumentacji użytkownika można znaleźć w serwisie internetowym firmy D-Link. D-Link zapewnia bezpłatną pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu. Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D-Link za pośrednictwem Internetu lub telefonicznie.
Page 247
D-Link Unified Access System 02/15/2011 Technická podpora Aktualizované verze software a uživatelských příruček najdete na webové stránce firmy D-Link. D-Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky, mailem nebo telefonicky Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz...
Page 248
D-Link Unified Access System Software User Manual 02/15/2011 Technikai Támogatás Meghajtó programokat és frissítéseket a D-Link Magyarország weblapjáról tölthet le. Telefonon technikai segítséget munkanapokon hétfőtől-csütörtökig 9.00 – 16.00 óráig és pénteken 9.00 – 14.00 óráig kérhet a (1) 461-3001 telefonszámon vagy a support@dlink.hu emailcímen.
Page 249
D-Link Unified Access System 02/15/2011 Teknisk Support Du kan finne programvare oppdateringer og bruker dokumentasjon på D-Links web sider. D-Link tilbyr sine kunder gratis teknisk support under produktets garantitid. Kunder kan kontakte D-Links teknisk support via våre hjemmesider, eller på tlf. Teknisk Support:...
Page 250
02/15/2011 Teknisk Support Du finder software opdateringer og bruger- dokumentation på D-Link’s hjemmeside. D-Link tilbyder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode. Danske kunder kan kontakte D-Link’s tekniske support via vores hjemmeside eller telefonisk. D-Link teknisk support over telefonen: Tlf.
Page 251
Software User Manual D-Link Unified Access System 02/15/2011 Teknistä tukea asiakkaille Suomessa: D-Link tarjoaa teknistä tukea asiakkailleen. Tuotteen takuun voimassaoloajan. Tekninen tuki palvelee seuraavasti: Arkisin klo. 9 - 21 numerosta 0800-114 677 Internetin kautta Ajurit ja lisätietoja tuotteista. http://www.dlink.fi Sähköpostin kautta voit myös tehdä...
Page 252
Teknisk Support På vår hemsida kan du hitta mer information om mjukvaru uppdateringar och annan användarinformation. D-Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt. Teknisk Support för kunder i Sverige: D-Link Teknisk Support via telefon: 0770-33 00 35 Vardagar 08.00-20.00...
Page 253
Você pode encontrar atualizações de software e documentação de utilizador no site de D-Link Portugal http://www.dlink.pt. A D-Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto. Suporte Técnico para clientes no Portugal: Assistência Técnica:...
Page 254
Τεχνική Υποστήριξη Μπορείτε να βρείτε software updates και πληροφορίες για τη χρήση των προϊόντων στις ιστοσελίδες της D-Link Η D-Link προσφέρει στους πελάτες της δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε με το τμήμα τεχνικής υποστήριξης μέσω της ιστοσελίδας...
Page 255
Software User Manual D-Link Unified Access System 02/15/2011 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 24/7(24Hrs, 7days a week) technical support http://www.dlink.com.au e-mail: support@dlink.com.au India: Tel: 1800-222-002 9.00 AM to 9.00 PM.
Page 256
D-Link Unified Access System Software User Manual 02/15/2011 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035 or +202-2919047 Sunday to Thursday 9:00am to 5:00pm http://support.dlink-me.com Email: support.eg@dlink-me.com...
Page 257
D-Link Unified Access System 02/15/2011 Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: +7(495) 744-00-99 Техническая...
Page 258
SOPORTE TÉCNICO Usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.dlinkla.com SOPORTE TÉCNICO PARA USUARIOS EN LATINO AMERICA Soporte técnico a través de los siguientes teléfonos de D-Link PAIS NUMERO HORARIO...
Page 259
Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Horários de atendimento:...
Page 260
D-Link Unified Access System Software User Manual 02/15/2011 Page 260 Document 34CS3000-SWUM104-D10...
Page 261
Software User Manual D-Link Unified Access System 02/15/2011 Document 34CS3000-SWUM104-D10 Page 261...
Page 262
D-Link Unified Access System Software User Manual 02/15/2011 Technical Support この度は弊社製品をお買い上げいただき、誠にありがとうございます。 下記弊社Webサイトからユーザ登録及び新製品登録を 行っていただくと、ダウンロードサービスにて サポート情報、ファームウェア、ユーザマニュアルを ダウンロードすることができます。 ディーリンクジャパン Webサイト URL:http://www.dlink-jp.com Page 262 Document 34CS3000-SWUM104-D10...
8. What category best describes your company? Aerospace Engineering Education Finance Hospital Legal Insurance/Real Estate Manufacturing Retail/Chainstore/Wholesale Government Transportation/Utilities/Communication System house/company Other________________________________ 9. Would you recommend your D-Link product to a friend? Don't know yet 10. Your comments on this product? _______________________________________________________________________________ Page 264 Document 34CS3000-SWUM104-D10...
Page 265
Software User Manual D-Link Unified Access System 02/15/2011 Document 34CS3000-SWUM104-D10 Page 265...
Page 266
D-Link Unified Access System Software User Manual 02/15/2011 Page 266 Document 34CS3000-SWUM104-D10...