D-Link DSA-3600 User Manual
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Gateway
  5. DSA-3600
  6. User manual

D-Link DSA-3600 User Manual

Multi-service business gateway
Hide thumbs Also See for DSA-3600:
Table of Contents

Advertisement

Quick Links

Download this manual
DSA-3600

User Guide

Version DSA-3600-3.00
December, 2007

Advertisement

Table of Contents
loading

Related Manuals for D-Link DSA-3600

Summary of Contents for D-Link DSA-3600

  • Page 1: User Guide

    DSA-3600 User Guide Version DSA-3600-3.00 December, 2007...
  • Page 2 Copyright © 2007 D-Link Corporation All rights reserved. Printed in Taiwan. D-Link Corporation reserves the right to change, modify, and revise this publication without notice. Trademarks Copyright 2007 D-Link Corporation. All rights reserved. D-Link, the D-Link logo, and DSA-3600 are trademarks of D-Link Corporation.

  • Page 3: Table Of Contents

    Table of Contents Chapter 1. Before You Start .............................1 Audience .................................1 Document Conventions............................1 Chapter 2. Overview ................................2 Introduction of DSA-3600 ............................2 System Concept ..............................2 Chapter 3. Hardware Installation .............................4 Panel Function Descriptions ...........................4 Package Contents..............................6 System Requirement ...............................6 Installation Steps..............................6 Chapter 4.
  • Page 4 Appendix A. An Example of User Login........................149 Appendix B. Console Interface Configuration......................151 Appendix C. Proxy Configuration ..........................154 Appendix D. Certificate Settings for IE6 and IE7.......................159 Appendix E. Service Zones – Deployment Examples ....................166 Appendix F. Deploying DSA-3600 Using DWL-2100AP ..................170...
  • Page 5 Appendix G. Network Configuration on PC .......................173 Appendix H. Local VPN .............................178 Appendix I. DHCP Relay ............................184 Appendix J. Session Limit and Session Log......................186 Appendix K. Accepting Payments via PayPal ......................188...

  • Page 7: Chapter 1. Before You Start

    This manual is intended for use by system integrators, field engineers and network administrators to help them set up DSA-3600 Multi-Service Business Gateway in their network environments. It contains step by step procedures and pictures to guide users with basic network system knowledge to complete the installation.

  • Page 8: Chapter 2. Overview

    Internet browser, such as the Internet Explorer, may be opened to connect to any website. When the browser attempts to connect to a website, the DSA-3600 will force the browser to redirect to the user login webpage. The user must then enter the username and password, where upon successful identification and authentication, the user...
  • Page 9 Chapter 2. Overview Figure-2.2a: An example deployment using DSA-3600 Figure-2.2b: An example of SMB environment using DSA-3600...

  • Page 10: Chapter 3. Hardware Installation

    Ethernet ports. The interface ports are installed on the rear panel. Six fast Ethernet (100Mbps) ports are provided by DSA-3600. Two are configured as WAN Ports, and the other four are configured as LAN Ports. Located on the rear panel are a serial console port, a reset button, and the power socket.
  • Page 11 3 WAN1~WAN2: The two WAN ports connected to an external network not managed by the DSA-3600. These ports may be used to connect to the ATU-Router of an ADSL, or the port of a Cable Modem, or a Switch or Hub on the LAN of an organization.

  • Page 12: Package Contents

    After the hardware of the DSA-3600 is installed completely, the system is ready to be configured in the following sections. This manual will guide you step by step to set up the system using a single DSA-3600 to manage the...

  • Page 13: Chapter 4. Web Interface Configuration

    Chapter 4. Web Interface Configuration This chapter provides further detailed information on setting up the DSA-3600. The following table shows all the functions of DSA-3600. In the web management interface, there are three main interface areas: Tools Menu, Main Menu Tree and Working Area.
  • Page 14 Chapter 4. Web Interface Configuration OPTION FUNCTION Network Privilege Monitor IP Walled Garden Proxy Server DDNS Client Mobility System Status Interface Routing Table Online Users User Logs E-mail & SYSLOG Setup Wizard Tools Password Change Backup & Restore System Upgrade Restart Utilities Quick Links...
  • Page 15 1. First, set a PC as DHCP in the network with TCP/IP setting to get an IP address from the DHCP server automatically. Next, connect the PC to the DSA-3600 via any LAN port. An IP address will be assigned to the PC automatically via the DSA-3600 built-in DHCP server.
  • Page 16 Chapter 4. Web Interface Configuration 2. After successfully logging into the DSA-3600, the System Overview page of the web management interface will appear. To logout, simply click the Logout icon on the upper right corner of the interface to return to the...

  • Page 17: System

    Chapter 4.1 System 4.1 System This section provides information on the following functions: General, WAN1, WAN2, WAN Traffic, LAN Port Mapping and Service Zones. It displays the information such as System Time, Up Time and Firmware version.

  • Page 18: General

    For example, if the Internal Domain Name is configured as ashop.com, the URL in the User Login page will be https://ashop.com/loginpages/login.shtml. Homepage Redirect URL: Enter a URL in this field. When the clients are logged-in to the DSA-3600 successfully, their browsers will be directed to this URL regardless of the original homepage setting in their browsers when Local VPN is disabled.
  • Page 19 Management IP Address List: Set the IP addresses within a range which the administrator can use to connect to the web management interface of DSA-3600 via its WAN and/or LAN ports. The administrator can grant the access of the web management interface by specifying a list specific IP address or ranges of IP addresses, no matter the access is from WAN or LAN port.

  • Page 20: Wan1

    Static (Use the following IP Settings): Select Static to specify a static IP address for WAN1 port manually when a static IP address is available for DSA-3600. Fields with red asterisks are required to be filled in. IP Address: The IP address of the WAN1 port.
  • Page 21 Chapter 4.1 System PPPoE: Select the option when PPPoE is the connection protocol provided by the network service providers. When Dial on Demand is enabled, there is a Maximum Idle Time available. The system will disconnect itself from the Internet automatically when the Maximum Idle Time is reached. To properly configure PPPoE connection type, the Username, Password, MTU and Clamp MSS fields are required.
  • Page 22 Chapter 4. Web Interface Configuration...

  • Page 23: Wan2

    Chapter 4.1 System 4.1.3 WAN2 WAN2 can be disabled when selecting None. When WAN2 Port is enabled, it supports 3 connection types: Static, Dynamic and PPPoE. None: The WAN2 Port is disabled. Static: Select the option to specify a static IP address for WAN2 interface manually when a static IP address is available for the system.
  • Page 24 Chapter 4. Web Interface Configuration...

  • Page 25: Wan Traffic

    Uplink: It defines the maximum uplink bandwidth allowed to share by clients within WAN interface. Downlink: It defines the maximum downlink bandwidth allowed to share by clients within WAN interface. WAN Failover & Connection Detection: The DSA-3600 supports WAN Failover, Load Balancing feature and the ability to detect WAN connection.
  • Page 26 Enable WAN Failover: The purpose of WAN Failover is to have a backup link for WAN1 when WAN2 is available. Check the check box of Enable WAN Failover to active the WAN failover function of the DSA-3600. Normally a service zone uses WAN1 as it primary gateway. When WAN Failover is enabled, WAN1's traffic will be routed to WAN2 when WAN1 connection is down.

  • Page 27: Lan Port Mapping

    DSA-3600 supports multiple service zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In the wireless environment, a service zone of the DSA-3600 is mapped to the VLAN with an associated SSID. When the DSA-3600 is set for tag-based VLAN, a managed Access Point with multiple SSIDs turned on can service multiple service zones.
  • Page 28 Chapter 4. Web Interface Configuration Tag-based Service Zones Configuration Example – Enabling Two Service Zones Log in to the web management interface and enter “admin” for both the default username and password in the Username and Password fields of the Administrator Login Page. After logging-in the web management interface, from the Menu Tree, click System and then click LAN Port Mapping to verify that Tag-Based service zone mode is selected.
  • Page 29 Chapter 4.1 System Scroll down to near bottom of page and in the Wireless Settings area enter the SSID (e.g. ssid-staff) for connecting to this service zone. Scroll up to the middle of the page where the Authentication Settings is, and check the Enabled box for the Authentication Required for the Zone option.
  • Page 30 Chapter 4. Web Interface Configuration Remember to enable Authentication requirement for this service zone and enable the On-demand Users authentication options only. Click Apply to activate the changes for the second service zone. Now is the time to restart the system. After the restart, the system will be configured according to Figure-4.1.5a.
  • Page 31 System--Service Zones Port-Based Service Zones Configuration Example After running through Setup Wizard on a factory default system, the DSA-3600 is ready to use the default tag-based VLAN for separating networks.
  • Page 32 Chapter 4. Web Interface Configuration Assume LAN1, LAN2, LAN3 will be used by Default service zone for internal staff while LAN4 is to be assigned to another service zone for external users only. In the above mentioned page, click LAN4’s drop-down menu to select the desired second zone such as ‘SZ1’...
  • Page 33 Chapter 4.1 System For single zone deployment, use the Default service zone with port-based mode. Figure-4.1.5b: An example using Port-Based service zones...

  • Page 34: Service Zones

    Chapter 4. Web Interface Configuration 4.1.6 Service Zones A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices. By associating a unique VLAN Tag and SSID with a Service Zone, administrators can separate wired network and wireless network into different logical zones.
  • Page 35 Chapter 4.1 System Default Authentication Option: Default authentication database/server that is used within the Service Zone. Status: Each service zone can be enabled or disabled. Details: Configurable, detailed settings for each Service Zone. Click the button of Configure to configure each Service Zone: Basic Settings, SIP Interface Configuration, Authentication Settings and Wireless Settings.
  • Page 36 Start IP / End IP: Set a range of IP addresses that built-in DHCP server will assign to clients. Please change it accordingly at System General Management IP Address List to let the administrator to login to the DSA-3600 admin page after the default IP address of Network Interface is changed.
  • Page 37 Chapter 4.1 System Authentication Settings The system supports several authentication databases that are Local, POP3, RADIUS, LDAP, and NT Domain and provides up to four authentication options Server1~4, one On-demand Users authentication option and one SIP authentication. The administrator needs to activate and configure at least one of these authentication databases for an enabled service zone.
  • Page 38 Chapter 4. Web Interface Configuration Default Policy in this Service Zone: Multiple sets of policy are provided by the system. Each policy consists of Firewall Profile, Specific Route Profile, Schedule Profile, QoS Profile, and Privilege Profile. Policies can be defined in the Policy tab. The administrator can select one of the defined policies to apply it to the specific service zone.
  • Page 39 Chapter 4.1 System An example of Template Login Page:...
  • Page 40 Chapter 4. Web Interface Configuration Login Page Uploaded Page Choose Uploaded Page and upload a login page. The user-defined login page must include the following HTML codes to provide the necessary fields for username and password. If the user-defined login page includes an image file, the image file path in the HTML code must be as follows.
  • Page 41 The user-defined login page must include the following HTML codes to provide the necessary fields for username and password. For example, the device name of one DSA-3600 is ”abc.3322.org” then the first line of the html code would be “https://abc.3322.org/loginpages/userlogin.shtml”...
  • Page 42 Chapter 4. Web Interface Configuration Please Note: While this process is similar to that of the Login Page, the HTML code for the user-defined logout interface however is different. The following HTML code must be added in order for the user to enter the username and password.
  • Page 43 Chapter 4.1 System Login Success Page Uploaded Page Choose Uploaded Page to upload the login success page. Click the Browse button to select the file for the login success page upload. Next, click Submit to complete the upload process. After the upload process is completed and applied, the new Login Success Page can be previewed by clicking Preview button at the bottom.
  • Page 44 Chapter 4. Web Interface Configuration 4) Login Success Page for On-demand User The users can apply their own Login Success page for On-demand Users in the menu. As the process is similar to that of the Login Page, please refer to the instructions on Login Page for more details. Login Success Page for On-demand User Default Page Choose Default Page to use the default login success page for On-demand User.
  • Page 45 Chapter 4.1 System Choose Uploaded Page and get the login success page for On-demand User by uploading. Click the Browse button to select the Login Success Page file for instant upload. Then click Submit to complete the upload process.
  • Page 46 Chapter 4. Web Interface Configuration Login Success Page for On-demand User External Page Choose the External Page selection to get the Login Success Page for On-demand User from the specific website. In the External Page Setting, enter the URL of the external Login Success Page and then click Apply.
  • Page 47 Chapter 4.1 System Logout Success Page Uploaded Page Choose Uploaded Page to get the logout success page for upload. Click the Browse button to select the file for the logout success page upload. Next, click Submit to complete the upload process. After the upload process is completed and applied, the new logout success page can be previewed by clicking Preview button at the bottom.
  • Page 48 Chapter 4. Web Interface Configuration Wireless Settings SSID: Each service zone must setup its own SSID. Each SSID as unique name could not be repeated. Security: Each service zone can setup its own Authentication and Encryption support for AP security setting.

  • Page 49: Users

    Chapter 4.2 Users 4.2 Users This section provides information on the following functions: Authentication, Black List, Policy and Additional Control. It displays the information of the User, such as the number of Total Online users and the number of On-demand Users.

  • Page 50: Authentication

    For the Authentication Settings of each Service Zone, please see 4.1.6 Service Zones. Authentication Option: There are several authentication options supported by DSA-3600: Server 1 to Server 4, On-demand Users and SIP. Click the hyperlink of the respective Authentication Option to configure the authentication option.
  • Page 51 Chapter 4.2 Users Name: Set a name for the authentication option by using numbers (0~9), alphabets (a~z or A ~Z), dash (-), underline (_), space and dot (.) only. The length of this field is up to 40 characters. This name is used for the administrator to identify the authentication options easily such as HQ-RADIUS.
  • Page 52 Chapter 4. Web Interface Configuration Add User: Click this button to enter into the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC” and “Remark”. Select a desired Policy and choose whether to enable Local VPN. Only “Username” and “Password”...
  • Page 53 Chapter 4.2 Users Download User: Use this function to create a .txt file with all built-in user account information and then save it on disk. Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search.
  • Page 54 Chapter 4. Web Interface Configuration Edit User: If editing the content of individual user account is needed, click the username of the desired user account to enter the Editing Existing User Data Interface for that particular user, and then modify or add any desired information such as “Username”, “Password”, “MAC”, “Policy”...

  • Page 55: Authentication Database - Pop3

    Chapter 4.2 Users Account Roaming Out: The system’s local user database can also be an external RADIUS database to another system. When Account Roaming Out is enabled, local users can login from other domains with their original local user accounts. The authentication database with their original local user accounts acts as a RADIUS Server and roaming out local users act as RADIUS clients.

  • Page 56: Authentication Database - Radius

    Chapter 4. Web Interface Configuration supports end-users’ devices under Windows 2000 and Windows XP SP1, SP2. Server: The IP address of the external POP3 Server. Port: The authentication port of the external POP3 Server. SSL Setting: The system supports POP3. Check the check box of the SSL Connection to enable POP3.
  • Page 57 RADIUS server. RAP (Password Authentication Protocol) transmits password in plain text without encryption. CHAP (Challenge Handshake Authentication Protocol) is a more secured authentication protocol with hash encryption. Notice: If the RADIUS Server does not assign idle-timeout value, the DSA-3600 will use the local idle-timeout.

  • Page 58: Authentication Database - Ldap

    Chapter 4. Web Interface Configuration 4.2.1.4 Authentication Database – LDAP The system supports authentication by an external LDAP authentication database. There are two sets of LDAP server provided by the system, primary and secondary, which are for fault tolerance. Click the hyperlink Configure for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required).

  • Page 59: Authentication Database - Nt Domain

    Chapter 4.2 Users 4.2.1.5 Authentication Database – NT Domain The system supports authentication by an external NT Domain authentication database. Server: The IP address of the external NT Domain Server. Transparent Login: Transparent Login means Windows NT Domain single sign on. When Transparent Login is enabled, clients will log in the system automatically after they have logged in the NT domain.

  • Page 60: Authentication Database - Ondemand

    Chapter 4. Web Interface Configuration 4.2.1.6 Authentication Database – ONDEMAND There are some deployment scenarios (for example, at venues such as coffee shops, hotels, restaurants, etc.) where retail customers or casual visitors want to get wireless Internet access. To offer the Wi-Fi access (either for commercial use or for free), user accounts should be able to be created upon request and account tickets/receipts should also be provided.
  • Page 61 Chapter 4.2 Users ticket printer which is connected to the serial port. Ticket Customization On-demand account ticket can be customized here and previewed on the screen. Receipt Header 1/2: The entered content will be printed on the header area. These headers are optional.
  • Page 62 Chapter 4. Web Interface Configuration Uploaded Image: click on edit button to upload the picture in the popup Preview: Click Preview button to see the ticket with the items that are customized above. Please Note: A dimension of 460x480 image is recommended.
  • Page 63 Chapter 4.2 Users Billing Plans With the billing plans configured and enabled, administrators are able to control and charge the network usage of On-demand users. Plan: The number of the specific plan. Type: This is the type (Time, Volume, or Cut-off) of the plan, based on which it defines how the account can be used.
  • Page 64 Chapter 4. Web Interface Configuration without paying additional fee. Price: The unit price of each plan. Enable: Click the check box to activate the plan. Function: Click the Edit button to add or edit the specific billing plan. External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on-line.
  • Page 65 Chapter 4.2 Users PayPal Payment Page Configuration Business Account: This is the “Login ID” (email address) that is associated with the PayPal Business Account. Payment Gateway URL: This is the default website address to post all transaction data. Identity Token: This is the key used by PayPal to validate all the transactions. Verify SSL Certificate: This is to help protect the system from accessing a website other than PayPal Currency: It is the currency to be used for the payment transactions.
  • Page 66 Chapter 4. Web Interface Configuration can be further enabled or disabled here, as needed. Enable/Disable: Choose to enable or cancel the plan. Quota: The usage time or condition of each plan. Price: The price charged for this plan. Client’s Purchasing Record Starting Invoice Number: An invoice number may be provided as additional information with a transaction.
  • Page 67 Chapter 4.2 Users Note: In order to printout the ticket with the background picture, the web browser should configure as show below: • First: Open the internet Explorer and select “Tools” for the drop down menu then click on “Internet Options” •...
  • Page 68 Chapter 4. Web Interface Configuration • Last: Printout the ticket and it will show the ticket together with the background. On-demand Account List All created On-demand accounts are listed and related information on is also provided. Search: A keyword can be used to search for the matching accounts that have been created (the contents of "Username"...

  • Page 69: Authentication Database - Sip

    Chapter 4.2 Users Delete: This will delete the account individually. 4.2.1.7 Authentication Database – SIP The system provides SIP proxy functionality, which allows SIP clients to pass through NAT. When enabled, all SIP traffic can pass through NAT via a fixed WAN interface. Administrators are able to add up to four trusted SIP Registrars in order to authenticate SIP clients.

  • Page 70: Black List

    The administrator may select one black list from the drop-down menu and this black list can be applied to this specific authentication option. Select Black List: There are 5 lists supported by DSA-3600 for selections. Name: Set the name of the black list and it will show in the pull-down menu above.

  • Page 71: Policy

    Policies can be selected in the Policy tab. The administrator can select one of the defined policies to have policy-based user management supported by the DSA-3600. All user clients’ access to this service zone will be bound to this policy.

  • Page 72: Global Policy

    Chapter 4. Web Interface Configuration 4.2.3.1 Global Policy Global is the system’s universal policy including Firewall Rules, Specific Routes and Privilege which will be applied to all users unless the user has been regulated and applied to another policy. Select Policy: Select Global to set the Firewall Profile, Specific Route Profile and Privilege Profile. Firewall Profile: Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules.
  • Page 73 Chapter 4.2 Users b. Firewall Rules: Click the number of Filter Rule No. to edit individual rules and click Apply to save the settings. The rule status will show on the list. Check “Active” box and click Apply to enable that rule.

  • Page 74: Policy 1 ~ Policy 12

    Chapter 4. Web Interface Configuration Action for Matched Packets: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing. B. Specific Route Profile: Click the button of Setting for Specific Route Profile, the Specific Route Profile list will appear.
  • Page 75 Chapter 4.2 Users Select Policy: Select a desired individual policy for configuration. Firewall Profile: Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules. Specific Route Profile: The default gateway of WAN1, WAN2, or a desired IP address can be defined in a policy.
  • Page 76 Chapter 4. Web Interface Configuration A. Firewall Profile: Click the button of Setting for Firewall Profile, the Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. Please refer to Global Policy section A for the same operations. a.
  • Page 77 Chapter 4.2 Users Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. Rule Name: The rule name can be changed here. Source/Destination – Interface/Zone: There are choices of ALL, WAN1, WAN2, Default, and the named Service Zones to be applied for the traffic interface.
  • Page 78 Chapter 4. Web Interface Configuration Default Gateway: Select the default gateway as WAN1, WAN2 or an assigned IP Address. IP Address (Destination): The destination IP address of the host or the network. Subnet Netmask: Select a destination subnet netmask of the host or the network. IP Address (Gateway): The IP address of the next router to the destination.
  • Page 79 Chapter 4.2 Users within the same policy. Individual Maximum Uplink: The Individual Maximum Uplink defines the maximum bandwidth allowed for an individual client; the Individual Maximum Uplink can not exceed the value of Total Uplink. Individual Request Uplink: The Individual Request Uplink Bandwidth defines the guaranteed minimum bandwidth allowed for an individual client;...

  • Page 80: Additional Control

    Chapter 4. Web Interface Configuration 4.2.4 Additional Control In this section, additional settings are provided for the administrator to the following for user management. User Session Control: Functions under this section applies for all general users. Idle Timeout: Define the time that the system will log out users when users have been inactive for the time period set in this field.
  • Page 81 Chapter 4.2 Users Customization: The system supports upload customized certificate to system. Remaining Time Reminder: There is a Remaining Time Reminder supported by the system to remind users that their accounts are about to cut-off within the set time. When Remaining Time Reminder is enabled, there will be a message appearing on user’s screen to remind them.

  • Page 82: Access Points

    Chapter 4. Web Interface Configuration 4.3 Access Points This section provides information on the following functions: List, Discovery, Adding, Templates, Firmware and Upgrade. It displays the information of the Access Points, such as the number of Total Managed AP, the number of Down AP and the number of Associated Clients.

  • Page 83: List

    APs, or apply template or apply service zone to them by checking the check box in front of each individual AP or selecting all the APs together by checking the top check box. Please Note: The supported managed AP may be varied for different DSA-3600 firmware version. After adding an AP:...
  • Page 84 Chapter 4. Web Interface Configuration (5) Lost/Unknown: After DSA-3600’s rebooting and before it tries to probe the AP and determine the exact status, the status will be displayed as Lost or Unknown temporarily. Enter the hyperlink of AP Name: General Setting: Click Setting to enter the General Setting interface. Revise the AP Name, Admin Password and Remark here if desired.
  • Page 85 Chapter 4.3 Access Points Properties: SSID Broadcast: Select this option to enable the SSID to broadcast in your network. When configuring the network, it is suggested to enable this function but disable it when the configuration is complete. With this enabled, someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network.
  • Page 86 Chapter 4. Web Interface Configuration DTIM Interval: Delivery Traffic Indication Message. Enter a value between 1 and 255. Preamble: Select Long Only or Short and Long. A short preamble is recommended for high-traffic networks. Transmit Power: Select either Full, Half(-3dB), Quarter(-6dB), Eighth (-9dB) or Minimum (minimum power).
  • Page 87 Chapter 4.3 Access Points Last Reporting Time: The time when this summary is last updated. LAN Interface Status: The table shows the information about IP Address, Subnet Mask and Gateway. Wireless LAN Status: The table shows all of the related wireless information. Access Control Status: The table shows the lists of MAC of clients under the control of the AP.

  • Page 88: Discovery

    Chapter 4. Web Interface Configuration 4.3.2 Discovery Use this function to detect and manage all the supported APs in the network segment. Discovery Settings When the administrator tries to discover a new AP, select the AP Type and select the Interface (Service Zone) first.
  • Page 89 Chapter 4.3 Access Points the APs. IP Addresses of APs after Discovery: It is the start IP address that will be assigned to the discovered APs and it must be in the same segment of the selected ALN interface (Service Zone). Scan Now: Click the Scan Now button and the APs that match the given settings will be shown in the Discovered Results below.
  • Page 90 Chapter 4. Web Interface Configuration New IP Address Assignment: Service Zone is the service zone where APs are connected to. Start IP Address is the start IP address that will be assigned to the discovered APs and it must be in the same segment of the selected LAN interface.

  • Page 91: Adding

    Chapter 4.3 Access Points 4.3.3 Adding The administrator can add supported APs into the List table manually here. Enter the related information of the AP and select a Template Applied. Click ADD and then the AP will be added to the List. Similar to the AP added after discovery, a manually added AP will show up with a status of “configuring”...

  • Page 92: Templates

    Chapter 4. Web Interface Configuration 4.3.4 Templates A template is a model that can be copied to every AP without having to configure the each AP individually. The administrator can configure the setting together in the template instead of logging the AP management interface to set the configurations one by one.
  • Page 93 Chapter 4.3 Access Points DWL-2100AP DWL-2100AP includes all standards 802.11b/g only. The connection could be select to enable 802.11b/g or disable. The DWL-2100AP is fully compatible with the IEEE 802.11b and 802.11g standards. Subnet Mask: The default is 255.255.255.0. All devices in the network must share the same subnet mask. Default Gateway: The default is 192.168.1.1.
  • Page 94 Chapter 4. Web Interface Configuration the Server. The embedded memory can only have up to 300 logs. Properties SSID Broadcast: Select this option to enable the SSID to broadcast in your network. When configuring the network, it is suggested to enable this function but disable it when the configuration is complete. With this enabled, someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network.
  • Page 95 Chapter 4.3 Access Points DWL-3200AP v2.2 DWL-3200AP version 2.2 Templates settings allow users to configure General, Wireless Properties, Access Control and wireless 802.11b/g mode settings. Compatible with the 802.11b standard to provide a wireless data rate up to 11 Mbps, users can migrate the system to the 802.11g standard on their own schedule without sacrificing connectivity.
  • Page 96 Chapter 4. Web Interface Configuration SNTP/NTP Server IP: Enter the IP address of a SNTP/NTP server. Daylight Saving Time: Check the box to enable daylight saving time. SNMP Public Community: When enabled, change the Public Community Name here. Private Community: When enabled, change the Private Community Name here. SYSLOG System Activity: Select “Enable”...
  • Page 97 Chapter 4.3 Access Points receive packets. Right Antenna: AP won’t switch antenna and the radio will use the right antenna to transmit and receive packets. WMM: WMM stands for Wi-Fi Multimedia, by enabling this feature. It will improve the user experience for audio and video applications over a Wi-Fi network.
  • Page 98 Chapter 4. Web Interface Configuration III. DWL-3200AP v2.3+ DWL-3200AP version 2.3 Templates settings allow users to configure wireless 802.11b/g mode settings. Compared with DWL-3200 v2.2, DWL-3200AP 2.3+ enables users to configure SNMP of General settings and adding the properties of Load Balance and Link Integrate. Due to firmware upgrade issues between DWL-3200AP v2.20 and v2.30 itself, the system treats DWL-3200AP v2.20 and v2.30 as two different AP types and names DWL-3200AP v2.20 as DWL-3200AP-v2.2 and DWL-3200AP v2.30 as DWL-3200AP-v2.3+.
  • Page 99 Chapter 4.3 Access Points SNMP Public Community: When enabled, change the Public Community Name here. Private Community: When enabled, change the Private Community Name here. SYSLOG System Activity: Select “Enable” to allow the logging of system actions, such as logging a firmware upgrade.
  • Page 100 Chapter 4. Web Interface Configuration receive packets. Right Antenna: AP won’t switch antenna and the radio will use the right antenna to transmit and receive packets. WMM: WMM stands for Wi-Fi Multimedia, by enabling this feature. It will improve the user experience for audio and video applications over a Wi-Fi network.
  • Page 101 Chapter 4.3 Access Points IV DWL-8200AP DWL-8200AP Templates settings allows users to configure 802.11a and 802.11b and g mode settings. The connection could be select to enable 802.11a, 802.11b/g, or disable. Compatible with 802.11a, 802.11b and 802.11g Devices that is fully compatible with the IEEE 802.11a, 802.11b and 802.11g standards, the DWL-8200AP can connect with existing 802.11b-, 802.11g- or 802.11a-compliant wireless network adapter cards.
  • Page 102 Chapter 4. Web Interface Configuration Time Zone: Select your time zone from the drop-down menu. SNTP/NTP Server IP: Enter the IP address of a SNTP/NTP server. Daylight Saving Time: Check the box to enable daylight saving time. SNMP Public Community: When enabled, change the Public Community Name here. Private Community: When enabled, change the Private Community Name here.
  • Page 103 Chapter 4.3 Access Points RTS Length: Enter a value between 256 and 2346. When wireless clients would like to send a packet which is larger than this value, it transmits an RTS and waits for reply. Beacon Interval (ms): Enter a value between 20 and 1000 msec. The default value is 100 milliseconds. The entered time means how often the beacon signal transmission between the access point and the wireless network.
  • Page 104 Chapter 4. Web Interface Configuration Status column and enter the desired clients’ MAC addresses in the MAC Address List. When this function is enabled, please make sure the MAC Address List is not empty.

  • Page 105: Firmware

    Chapter 4.3 Access Points 4.3.5 Firmware This is where AP’s firmware can be uploaded. The current firmware can also be downloaded to the local storage if required. The system supports the firmware management of APs to upload new firmware, delete the existing firmware, and download the firmware to managed APs.

  • Page 106: Upgrade

    Chapter 4. Web Interface Configuration 4.3.6 Upgrade The administrator can upgrade the firmware of selected APs individually or at the same time by checking the check box of the APs in Selection column. Note that both the version before upgrade and the next version must be ones that have been integrated with the system.

  • Page 107: Network

    Chapter 4.4 Network 4.4 Network This section provides information on NAT, Privilege, Monitor IP, Walled Garden, Proxy Server, DDNS, Client Mobility and VPN. It displays the information of the interfaces. For WAN1 and WAN2, it will show the IP Address and the connection Status.

  • Page 108: Nat

    The administrator can set up virtual servers using this function, so that the computers not belonging to the managed network can access the servers in the managed network via WAN port IP of DSA-3600. Enter the External Service Port, Local Server IP Address and Local Server Port accordingly. Depending on the different services selected, the network service will be able to use the TCP protocol or the UDP protocol.
  • Page 109 Chapter 4.4 Network Port and IP Redirect When users attempt to connect to the port of a Destination IP Address listed here, the connection packet will be converted and redirected to the port of the Translated to Destination IP Address. Enter the IP Address and Port of Destination, and the IP Address and Port of Translated to Destination accordingly.

  • Page 110: Privilege

    Chapter 4. Web Interface Configuration 4.4.2 Privilege The DSA-3600 provides two Privilege Lists, IP Address List and MAC Address List. The administrator can add desired IP addresses and MAC addresses in these lists using the Privilege List function. The IP addresses and MAC addresses in these lists are allowed to access the network without authentication.
  • Page 111 Chapter 4.4 Network Warning: Permitting specific MAC addresses to have network access rights without going through standard authentication process may result in security problems.

  • Page 112: Monitor Ip

    4.4.3 Monitor IP The DSA-3600 will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable.
  • Page 113 Chapter 4.4 Network When the Monitor Now button is clicked, Monitor IP Results page will appear. If the entered IP address is unreachable, a red dot under Result field will appear. A green dot indicates that the IP address is reachable and alive.

  • Page 114: Walled Garden

    Chapter 4. Web Interface Configuration 4.4.4 Walled Garden This function allows clients of specified addresses or domain names to access the Internet before login and authentication. Users without network access right in this list can make use of the actual network service free of charge.

  • Page 115: Proxy Server

    Redirect Outgoing Proxy Traffic To Built-in Proxy Server: The DSA-3600 has a built-in proxy server. If this function is enabled, the clients will be forced to treat the DSA-3600 as the proxy server regardless of the clients’ original proxy settings, and all traffic will be redirected through the built-in proxy server.

  • Page 116: Ddns

    Chapter 4. Web Interface Configuration 4.4.6 DDNS The system provides a convenient dynamic DNS function to translate the IP address of WAN port to a domain name that helps the administrator memorize and connect to WAN1 port. When the DDNS is enabled, the system will update the newest IP address regularly to the DNS server if the WAN1 interface is set to Dynamic.

  • Page 117: Client Mobility

    The DSA-3600 supports IP PNP function. When enabled, this function allows clients with fixed or assigned IP address to authenticate through the DSA-3600 to access the network. By enabling IP PNP, a PC with a static IP address will be able to access the network even if the system enables the built-in DHCP server. No TCP/IP reconfiguration is needed.

  • Page 118: Vpn

    Local VPN Local VPN allows a user to create the VPN tunnel between the user's device and DSA-3600, to encrypt the data transmission. In addition, only when this function is enabled (Active) here do users of the entire system are able to use Local VPN.
  • Page 119 Chapter 4.4 Network SIP transparent proxy will help the SIP traffic of authenticated Remote VPN users when the SIP service is enabled in the last service zone. Remote users can use SIP when SIP Configuration here is enabled. Site-to-Site VPN When the setting is enabled, the system will enable the IPSec VPN tunnel between two remote networks/sites to encrypt the data transmission.
  • Page 120 Chapter 4. Web Interface Configuration Click Add a Local Site to enter the Local Site Information page for further configuration. Click Add a New Host to enter the screen of Remote VPN Gateway.
  • Page 121 Chapter 4.4 Network...

  • Page 122: Status

    Chapter 4. Web Interface Configuration 4.5 Status This section covers the description of system status information and online user status, which include System, Interface, Online Users, User Logs, and E-mail & SYSLOG. An overview of the system is also provided here for the administrator's reference.

  • Page 123: System

    Chapter 4.5 Status 4.5.1 System This section provides an overview of the system administration.
  • Page 124 Item The present firmware version of DSA-3600 Firmware Version The build version of firmware Build The system name. The default is DSA-3600 System Name The page to which the users are directed after initial login Homepage Redirect URL success. The IP address and port number of the external SYSLOG SYSLOG server - System Log Server.

  • Page 125: Interface

    Chapter 4.5 Status 4.5.2 Interface This section provides an overview of the all interfaces for the administrator such as WAN1, WAN2, Service Zone - Default, Service Zone - Default DHCP Server. Each service zone represents a virtual system. Therefore, the information of the system’s network interface is grouped by service zone.
  • Page 126 Chapter 4. Web Interface Configuration The description of the table is as follows: Description Item The MAC address of WAN1 port. MAC Address The IP address of the WAN1 port. IP Address WAN1 The Subnet Mask of the WAN1 port. Subnet Mask The MAC address of WAN2 port.

  • Page 127: Routing Table

    Chapter 4.5 Status 4.5.3 Routing Table All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface. Policy 1~8: Shows the information of the individual Policy from 1 to 8. Global Policy: Shows the information of the Global Policy.
  • Page 128 Chapter 4. Web Interface Configuration Destination: The destination IP address of the device. Subnet Mask: The Subnet Mask IP address of the port. Gateway: The Gateway IP address of the port. Interface: The choice of interface network, including WAN1, WAN2, Default, or the named Service Zones to be applied for the traffic interface.

  • Page 129: Online Users

    Chapter 4.5 Status 4.5.4 Online Users Each online user’s information can be obtained using this function. These include Username, IP Address, MAC Address, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle, Access From and Kick Out. All online users will be listed here.

  • Page 130: User Logs

    4.5.5 User Logs This function is used to check the history of DSA-3600. There are several types of log provided by the system. The log will be saved separately by day in the DRAM and the system supports up to 3 days. These logs are stored in volatile memory and will lose when the system is turn off.
  • Page 131 Chapter 4.5 Status On-demand User Log The On-demand User Log provides the login and logout activities of on-demand users such as Date, System Name, IP address, MAC address, Packets In, Packets Out, Bytes In, Bytes Out, 1 Login Expiration Time, and Account Valid Through.
  • Page 132 Chapter 4. Web Interface Configuration Roaming In User Log The Roaming In User Log provides the login and logout activities of roaming in users. Type: The authentication and accounting type of the external RADIUS server. There is a type called Accept for authentication.
  • Page 133 Chapter 4.5 Status Username: Username of the local user account. Connection Time Usage: The total time used by the user. Pkts In / Pkts Out: The total number of packets received and sent by the user. Bytes In / Bytes Out: The total number of bytes received and sent by the user.

  • Page 134: E-Mail & Syslog

    Chapter 4. Web Interface Configuration 4.5.6 E-mail & SYSLOG The system supports sending notification e-mails of Monitor IP Report, Users Log, On-demand Users Log, Session Log and AP Status Change up to 3 email accounts automatically. The notification of AP Status Change is triggered by event when a managed AP becomes unreachable, while the other three types of e-mails are sent periodically in given intervals such as one hour.
  • Page 135 Chapter 4.6 Tools Plain and CRAM-MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms. Only Plain and Login can use the UNIX login password. Netscape uses Plain. Outlook and Outlook express uses Login as default, although they can be set to use NTLMv1.

  • Page 136: Tools

    Chapter 4. Web Interface Configuration 4.6 Tools This section provides information on utilities used for customizing and maintaining the system, including Setup Wizard, Password Change, Backup & Restore, System Upgrade, Restart, Utilities, and Quick Links.

  • Page 137: Setup Wizard

    Upon completing the Setup Wizard procedures, the system has to be restarted to have the setting take effort. The system is ready for operation after restart. Please refer to the Quick Install Guide of DSA-3600 if step-by-step screen images could help the process.
  • Page 138 Select an Internet connection type for WAN1 interface. Contact your ISP or the network administrator to make sure the connection type for WAN1. There are three connection types provided by DSA-3600: Static, Dynamic and PPPoE. Enter the Username and Password provided by the ISP. Click Next to continue, or click Back to change configurations in previous step.
  • Page 139 Chapter 4.6 Tools Static IP Address: Set WAN1 Port’s Static IP Address Enter the IP Address, Subnet Mask and Default Gateway provided by the ISP. Click Next to continue. PPPoE: Set PPPoE Client’s Information Enter the Username and Password provided by the ISP. Click Next to continue.
  • Page 140 3 or click Next to validate added local accounts and continue. Step 4: Confirm and Restart Click Finish button to save the current settings and restart the DSA-3600. A confirming message will appear after clicking Finish. Click OK to continue. The Setup Wizard is now completed.
  • Page 141 Chapter 4.6 Tools During the DSA-3600 restarting, a Confirm and Restart page will appear on the screen. Please do not interrupt the DSA-3600 until the DSA-3600 Administrator Login Page reappears. This indicates that the restart process has been completed.
  • Page 142 Settings page. Next, click the Server 1 hyperlink. The DSA-3600 uses Virtual LAN (VLAN) along with a SSID to separate service zones. At this stage, the system is ready for use in minimum configuration. The factory default configuration uses tag-based VLAN. The ‘Default’...
  • Page 143 Chapter 4.6 Tools Figure-4.6.1a: An example using Tag-Based service zones...

  • Page 144: Password Change

    Chapter 4. Web Interface Configuration 4.6.2 Password Change DSA-3600 supports three accounts with different access privileges. Choose to log in as admin, manager or operator. The default password and access privilege for each account are as follow: Admin: The administrator can access all configuration pages of the DSA-3600.

  • Page 145: Backup & Restore

    Chapter 4.6 Tools 4.6.3 Backup & Restore This function is used to backup/restore the DSA-3600 settings. The DSA-3600 can also be restored to the factory default settings using this function. Backup System Setting: Click Backup button to save the current system configurations to a backup file on a local disk of the management console.
  • Page 146 Reset to the Factory Default: Click Reset to load the factory default settings of the DSA-3600. Note that a Reset action will wipe out the existing local user accounts. To back up the local user accounts, please export the local user accounts to a text first.

  • Page 147: System Upgrade

    Chapter 4.6 Tools 4.6.4 System Upgrade To upgrade the system firmware, click the Browse button to choose the new firmware file and then click Apply to execute the process. There will be a prompt confirmation message appearing to notify the administrator to restart the system upon successful firmware upgrade.

  • Page 148: Restart

    This function allows the administrator to safely restart the DSA-3600. The process should take about three minutes. Click YES to restart the DSA-3600; click NO to go back to the previous screen. If turning off the power is necessary, restart the DSA-3600 and wait for it to complete the restart process before turning off.

  • Page 149: Utilities

    Chapter 4.6 Tools 4.6.6 Utilities The Utilities allows the administrators to manage functions including Wake-on-LAN, Ping, Trace Route, and showing ARP Table by entering IP or Domain Name. Wake-on-LAN: It supports to boot up a power-down computer with Wake-on-LAN feature connected on the LAN side remotely from the system.

  • Page 150: Quick Links

    Chapter 4. Web Interface Configuration 4.6.7 Quick Links The Quick Links provide the shortcut to eight links for administrators to directly access frequently used functions of the web management interface. The eight functional links are: System Status, Local User Management, Policy Management, AP Management, Online User List, On-demand Account Management, Authentication Configuration and Firmware Management.
  • Page 151 Chapter 4.6 Tools Link 1. System Status The System Status quick link provides at a glance, the System Setting Overview, a shortcut to 4.5.1 System in Status section. It provides a summary of system information to the administrator in a single page. Please refer to the section on System for details.
  • Page 152 Chapter 4. Web Interface Configuration Link 4. On-demand Account Management On-demand Account Management provides information from the On-demand Account Configuration, a shortcut to 4.2.1 Authentication in Users sections and 4.1.6 Service Zone On-demand User. It lets the customers use wireless Internet with username and password from retail environment for access. Please refer to the section on On-demand Account Configuration for details.
  • Page 153 Chapter 4.6 Tools Link 6. Authentication Configuration Authentication Configuration provides information from the Authentication Settings, a shortcut to 4.2.1 Authentication in Users sections and 4.1.6 Service Zone: Authentication Settings . It lets the administrator configure a list of authentication options which can be enabled or disabled within each service zone’s management.

  • Page 154: Help

    Chapter 4. Web Interface Configuration 4.7 Help The Help button is at the upper right corner of the DSA-3600 display screen. Click Help for the Online Help window, then click the hyperlink of the relevant information required.

  • Page 155: Appendix A. An Example Of User Login

    An Example of User Login Normally, users will be authenticated before they get network access through DSA-3600. This section presents the basic authentication flow for end users. Please make sure that the DSA-3600 is configured properly and network related settings are finished.
  • Page 156 Appendix A. An Example of User Login Note: When On-demand accounts are used (for example, we use v8ch@ondemand here), the system will display additional information and function. (1) Remaining usage/Expiration time: The remaining quota of this On-demand account that the user can surf the Internet.

  • Page 157: Appendix B. Console Interface Configuration

    Enter key to make selection or confirm what you enter. 3. Once the console port of the DSA-3600 is connected properly, the console main screen will appear automatically. If the screen does not appear in the terminal simulation program automatically, press the arrow keys of the keyboard to enable the terminal simulation program to send out some messages.
  • Page 158 Interface via the browser or when it fails inexplicitly. The administrator can choose this utility and set the DSA-3600 into safe mode to manage the device using a browser. Synchronize clock with NTP server: Immediately synchronize the clock through the NTP protocol and the specified network time server.
  • Page 159 (3) Reload factory default Choose this option to reset the system configuration to the factory default settings. (4) Restart the DSA-3600...

  • Page 160: Appendix C. Proxy Configuration

    Proxy Configuration Basically, a proxy server can help clients access the network resources more quickly. This section presents basic examples for configuring the proxy server settings of the DSA-3600. Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet. For example, the...
  • Page 161 1. It is required that the proxy server setting of the clients match with at least one of the proxy server setting of the DSA-3600. Otherwise, users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser.
  • Page 162 Appendix C. Proxy Configuration setting.
  • Page 163 Note: A special scenario is that a proxy server is placed in a zone like Intranet – where users can reach each other without going through the DSA-3600. In this case, whenever any one of users in the Intranet has been authenticated and connects to the network via the proxy server, other users using the same proxy setting in their browsers will be able to access the network without any authentication.
  • Page 164 Default Gateway (192.168.1.254). Note: It is required that the proxy server setting of the clients match with the proxy server setting of the DSA-3600. Otherwise, users will not be able to get the Login page for authentication via browsers and it will show an error page...

  • Page 165: Appendix D. Certificate Settings For Ie6 And Ie7

    As long as the SSL function is enabled in the DSA-3600, there must be a public SSL certificate signed by an established certificate authority. To avoid the error message in the browser, a company should have its own Certificate Authority (CA).
  • Page 166 Appendix D. Certificate Settings for IE6 and IE7 Certificate setting for Internet Explorer 7 For IE7, certificate issues caused by certificate publisher not being trusted by IE7, the following steps may be taken to provide a workaround or to bypass the issue. (1) Open the IE7 browser, and you will be redirected to the default login page.
  • Page 167 Appendix D. Certificate Settings for IE6 and IE7 For installing a trusted certificate to solve the IE7 certificate issue, please follow the instructions stated below. (1) When the User Login page appears, click “Certificate Error” at the top. (2) Click “View Certificate”. (3) Click “Certification path”.
  • Page 168 Appendix D. Certificate Settings for IE6 and IE7 (4) Select root certification, then click “View Certificate”. (5) Click “Install Certificate”.
  • Page 169 Appendix D. Certificate Settings for IE6 and IE7 (6) Click “Next”. (7) Select “Automatically select the certificate store based on the type of certificate”, then click “Next”. (8) Click “Finish”.
  • Page 170 Appendix D. Certificate Settings for IE6 and IE7 (9) Click “Yes”. (10) Click “OK”. (11) Launch a new IE7 browser. The certificate is now trusted via IE7 according to the key symbol shown at top next to the address field.
  • Page 171 Appendix D. Certificate Settings for IE6 and IE7 Certificate setting for Internet Explorer 6 For issues relating to IE6 certificate error, the following information provides the step to take when the certificate publisher is not trusted by IE6. (1) Open an IE6 browser, the Security Alert message will be appeared if the certificate is not trusted. Click “Yes” to proceed.

  • Page 172: Appendix E. Service Zones - Deployment Examples

    − Appendix E. Service Zones Deployment Examples Appendix E. Service Zones – Deployment Examples Typical Application Scenario: Employees vs. Guests Typical service zone settings will separate users groups into Employee and Guests for the purpose of different authentication level. Application Network Diagram: As shown in the diagram, assign service zone 1 to Employees and service zone 2 to Guest.
  • Page 173 4. Apply different access control policies to separated groups Employee and Guests. Solution and Configuration in DSA-3600 Configure two service zones to map to the two groups Step 1: Select “Tag-Based mode“ for all “service zones“...
  • Page 174 − Appendix E. Service Zones Deployment Examples Step 3: Configure the “service zone“ accordingly Configure the SSID Choose the authentication option and configure the login page Choose the appropriate policy for this “service zone“...
  • Page 175 Appendix E. Service Zones – Deployment Examples Finished Configuration – Service Zone Settings: Once the settings of two service zones are completed, the configured result will be displayed on screen in the Service Zone Settings. The name of the service zone and the enabled status should appear in the display.

  • Page 176: Appendix F. Deploying Dsa-3600 Using Dwl-2100Ap

    II. Guest (Up to 7 for each DWL-2100AP) – Does not support "Open System/Shared Key“ mode for security Caution: If an existing SSID is already using Guest type, the wireless security of a Service Zone which is associated with this SSID cannot be set in the Open System or Shared Key mode in DSA-3600.
  • Page 177 Caution: If two or more SSIDs belong to the same DWL-2100AP and the wireless security of the associated Service Zones is set in the “Shared Key” mode in the DSA-3600, those SSIDs cannot be mapped to the Service Zones that have different sets of WEP Keys in the DSA-3600.
  • Page 178 “Passphrase“ for the SSID of Guest type is 8 to 34 characters. Caution: The “HEX“ (the other Key type) should NOT be enabled in DSA-3600 if any DWL-2100AP exists in the Service Zone and the associated SSID is in the mode of WPA, WPA2 or WPA/WPA2 Mixed. Also, administrators will have to ensure the length of “Passphrase“...

  • Page 179: Appendix G. Network Configuration On Pc

    Appendix G. Network Configuration on PC Appendix G. Network Configuration on PC After the DSA-3600 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. Internet Connection Setup If the Internet Connection of this client PC has been configured as use local area network already, you can skip this setup.
  • Page 180 Appendix G. Network Configuration on PC 3. Click Next when Welcome to the New Connection Wizard screen appears. 4. Choose “Connect to the Internet” and then click Next. 5. Choose “Set up my connection manually” and then click Next.
  • Page 181 DHCP to obtain IP address automatically. Windows 95/98/2000/XP configures IP setup to “Obtain an IP address automatically” in default settings. To check the TCP/IP setup or use a static IP to connect to the DSA-3600 LAN port, please follow the following steps:...
  • Page 182 Appendix G. Network Configuration on PC Check the TCP/IP Setup of Window XP 1. Select Start Control Panel Network Connection. 2. Click the right button of the mouse on the “Local Area Connection” icon and select “Properties” 3. Select “General” label and choose “Internet Protocol (TCP/IP)”...
  • Page 183 Using Specific IP Address: To use specific IP address, please request from your network administrator the following information of the DSA-3600: IP address, Subnet Mask, New gateway and DNS server address. Choose “Use the following IP address” and enter the information given from the network administrator in “IP address”, “Subnet mask”...

  • Page 184: Appendix H. Local Vpn

    VPN tunneling technology between client’s windows devices and the DSA-3600 itself regardless of wired or wireless network. By pushing down ActiveX to the client’s Windows device from the DSA-3600, no extra client software is required to be installed except ActiveX, in which a so-called “clientless” IPSec VPN setting is then configured automatically. At the end of this setup, a build-in IPSec VPN feature will be enabled and ready to serve once it is launched for setup.
  • Page 185 Appendix H. IPSec VPN During the first login to the DSA-3600, Internet Explorer will ask user to download the ActiveX component of IPSec VPN. This ActiveX component once downloaded will be running parallel with the “Login Success” page. The ActiveX component helps to setup the IPSec VPN tunnel between client’s device and the DSA-3600. It also helps to check the validity of the IPSec VPN tunnel between them.
  • Page 186 Appendix H. IPSec VPN 3. Internet Connection Firewall In Windows XP and Windows XP SP1, the Internet Connection Firewall is not compatible with IPSec. Internet Connection Firewall will drop packets from tunneling of IPSec VPN. Suggestion: Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2.
  • Page 187 The ActiveX component for IPSec VPN is running parallel with the “Login Success” web page. Unless user decides to close the session and to disconnect with DSA-3600, the following conditions or behaviors of user’s browser can be avoided in order to maintain the built IPSec VPN tunnel always alive.
  • Page 188 Appendix H. IPSec VPN c. There are some cases of Windows messages by which DSA-3600 will hint current user to: Close the Windows Internet Explorer, Click “logout” button on “login success” page, Click “back” or “refresh” of the same Internet Explorer, Enter new URL in the same Internet Explorer, Open a URL from the other application (e.g.
  • Page 189 Appendix H. IPsec VPN 7. FAQ a. How to clean IPSec client? ANS: Open a command prompt window and type the commands as follows. C:\> cd %windir%\system32 C:\> Clean_IPSEC.bat C:\> cd %windir%\system32 C:\> ipsec2k.exe stop b. How to remove ActiveX component in client’s computer? ANS: (1) Uninstall and delete ActiveX component (2) Close all Internet Explorer windows...

  • Page 190: Appendix I. Dhcp Relay

    DSA-3600, the DHCP server will receive a DHCP REQUEST packet with Option 82 (a code defined in RFC 3046). A Circuit ID will be sent by the DSA-3600 when the DHCP relay is enabled to define where the packet is sent from, and this Circuit ID will have a format of MAC_IP, such as 00:E0:22:DF:AC:DF_192.168.1.254.
  • Page 191 Here is an example of configuration file of the DHCP server: Based on the above example, the client that connects to the DSA-3600 sends out a DHCP request. The DHCP relay function being enabled in the DSA-3600 sends a Circuit ID 00:90:0B:07:60:91_192.168.1.254 to the external DHCP server.

  • Page 192: Appendix J. Session Limit And Session Log

    Appendix J. Session Limit and Session Log Appendix J. Session Limit and Session Log Session Limit To prevent ill-behaved clients or malicious software from using up system’s connection resources, administrators will have to restrict the number of concurrent sessions that a user can establish. The maximum number of concurrent sessions (TCP and UDP) for each user can be specified in the Global policy, which applies to authenticated users, users on a non-authenticated port, privileged users, and clients in DMZ zones.
  • Page 193 Appendix J. Session Limit and Session Log The following table shows an example of the session log data. Jul 20 12:35:05 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1626 DIP=203.125.164.132 DPort=80 Jul 20 12:35:05 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1627 DIP=203.125.164.132 DPort=80 Jul 20 12:35:06 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1628 DIP=203.125.164.142 DPort=80 Jul 20 12:35:06 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1629 DIP=203.125.164.142 DPort=80 Jul 20 12:35:07 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1630 DIP=67.18.163.154 DPort=80...

  • Page 194: Appendix K. Accepting Payments Via Paypal

    Appendix J. Session Limit and Session Log Appendix K. Accepting Payments via PayPal This section is to show independent Hotspot owners how to configure related settings in order to accept payments via PayPal, making the Hotspot an e-commerce environment for end users to pay for and obtain Internet access using their PayPal accounts or credit cards.
  • Page 195 Appendix K. Accepting Payments via PayPal 1. Setting Up As follows are the basic steps to open and configure a “Business Account” on PayPal. 1.1 Open An Account Step 1: Sign up for a PayPal Business Account and login. Here is a link: https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run Step 2: Edit necessary settings in “Website Payment Preferences”...
  • Page 196 Appendix K. Accepting Payments via PayPal Settings Screenshots Auto Return (On) Return URL (Redirect Webpage) Type http://www.www.com or other URL. Payment Data Transfer (On) Block Non-encrypted Website Payment (Off) PayPal Account Optional (Off) Contact Telephone Number (Off) Click Save.
  • Page 197 Appendix K. Accepting Payments via PayPal 1.2 Configure DSA-3600 with a PayPal Business Account Please log in DSA-3600: Click the Option On-demand User Click Configure Users Authentication External Payment Gateway Select PayPal External Payment Gateway...
  • Page 198 → Scroll down to the section, Payment Data Transfer (optional). Copy the Identity Token in the above page to the section “PayPal Payment Page Configuration” of DSA-3600. 1.3 Requirements for Building a Secure PayPal-based E-Commerce Site To deploy the PayPal function properly, it is required that the merchant register an Internet domain name (for example, www.StoreName.com) for this subscriber gateway device.

  • Page 199: Basic Maintenance

    Locate the specific payment listing in the activity history log Click Details of the payment listing Username can be found in the “Item Title” field b. To find the password associated with a specific username, please log in DSA-3600: Click the Option On-demand User Click View Users...
  • Page 200 If a valid email address is provided, an email receipt with payment details for each successful transaction will be automatically sent to the customer via PayPal. To change the information on the receipt for customer, please log in DSA-3600: Click the Option On-demand User...
  • Page 201 Appendix K. Accepting Payments via PayPal 3. Reporting During normal operation, the following steps will be necessary to generate transaction reports. 3.1 Transaction activity during a period Please log in PayPal Click History Choose activity type from the Show field as the search criteria Specify the dates (From and To fields) for the period Click Search 3.2 Search for the transaction details for a specific customer...
  • Page 202 Appendix K. Accepting Payments via PayPal 4. An Example of Making Payments via PayPal Step 1: Click the link below the login window to pay for the service via PayPal. Step 2: Choose I agree to accept the terms of use and click Next. Step 3: Please fill out the form and click Buy Now to send out this transaction.
  • Page 203 Appendix K. Accepting Payments via PayPal Step 4: You will be redirected to PayPal website to complete the payment process.
  • Page 204 Appendix K. Accepting Payments via PayPal Step 5: Click Start Internet Access to use the Internet access service. Note: 1. Payment is accepted via PayPal. PayPal enables you to send payments securely online using PayPal account, a credit card or bank account. Clicking on Buy Now button, you will be redirected to PayPal’s site to make payment.

Table of Contents