D-Link Airspot DSA-3100 Public/Private Gateway Manual June 2004 Rev.
Contents Package Contents ................................................................................3 Introduction...........................................................................................4 Front Panel ...........................................................................................5 Rear Panel ...........................................................................................6 Features .................................................................................
Package Contents Contents of Package: 1 D-Link DSA-3100 Airspot Gateway 2 CD-ROM (containing Manual and Warranty) 3 Quick Installation Guide 4 Two (2) CAT5 UTP/Straight-through (Ethernet) cables 5 One (1) CAT5 UTP/Cross-over cable 6 One (1) Console cable 7 5V DC, 3A Power Adapter If any of the above items are missing, please contact your reseller.
Introduction The D-Link DSA-3100 Airspot Gateway is a simple-to-use network access control system supporting Ethernet, Fast Ethernet or an IEEE 802.11 wireless LAN (WLAN) separately and simultaneously. The DSA-3100 can be configured with a standard HTML browser (i.e., Internet Explorer, Netscape Navigator) operating on Windows 98SE/Me/2000/XP, Macintosh OS 9, Mac OS X (v10.1.5 or later), Linux, or Pocket PC 2000/2002.
Front Panel Power LED - A solid light indicates a proper connection to the power supply. WAN LED Link: A solid light indicates a connection on the WAN port. Act: This LED blinks during data transmission. Private Network - A solid light indicates a connection on the Private Network. This LED blinks during data transmission. Public Network - A solid light indicates a connection from the Authentication port for a Public Network. This LED blinks during data transmission.
Rear Panel Console Port For resetting to factory defaults, or reconfiguring the device. For Advanced users only! Authentication Port (Public LAN or WLAN with Access Point) Connects to a switch or AP. Local Area Network Port (Private LAN)Connects to a switch for a private network. Does not require authentication to access the Internet. 6 Receptor for Power Adapter. WAN Port The port that connects to your WAN connection providing Internet access to the Local and Managed Networks.
Features Creates two separate and discreet networks allowing the owner/ administrator to create a wired or wireless hotspot and provide Internet access to visitors, guests, or customers. Manages up to 250 user accounts with an internal database. Supports at least 50 users accessing the Internet at any given time. Allows ID/Password-based authentication and authorization (can also be combined with MAC address locking for even stricter access control).
Sample Scenarios 8
Sample Scenarios (continued) 3 9
Installation Requirements Standard 10/100Base-T network (UTP/Cat5 Ethernet) cable with RJ45 connectors. TCP/IP network protocol must be installed on all networked computers and related devices.
Setting up the DSA-3100 Make sure the DSA-3100 unit is not connected to the power adapter and is powered OFF. WAN port connection Use 10/100BaseT connections to connect the unmanaged network. The unmanaged network’s interface may be the ADSL router’s LAN port, cable modem’s LAN port or Intranet switch port. Private LAN port connection Use to connect to a local network. All ports are auto-mdix, which means that you can use a straight-through or a crossover cable for connections.
Configure PCs on your LAN After installing the DSA-3100, each computer’s TCP/IP network settings and Internet access configuration may need to be re-configured: TCP/IP network settings If your PC uses the default Windows XP/2000/Me/98SE setting, no changes need to be made. Just restart your PC. If you are running Mac OS 9 or OS X, set your network settings to DHCP and select Apply.
Internet Access Configuration To configure your PCs to use the DSA-3100 for Internet access, follow this procedure. For Windows 98SE/2000 Please select Start Menu - Control Panel Internet Options. Select the Connection tab, and click the Setup button.
Internet Access Configuration (continued) Select “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)” and click Next. Select “I connect through a local area network (LAN)” and click Next. Ensure all of the boxes on the local area network Internet configuration screen are unchecked. Check No, when promoted “Do you want to set up an Internet mail account now?” Click Finish to close the Internet Connection Wizard. Setup is now completed.
Using the Configuration Utility To configure the DSA-3100, use a computer which is connected to the local network port of the DSA-3100 with an Ethernet cable. First, disable the Access the Internet using a proxy server function. To disable this function, go to Control Panel > Internet Options > Connections > LAN Settings and uncheck the enable box. Start your Microsoft Internet Explorer Web browser program. Type https://192.168.0.
Using the Configuration Utility (continued) On the bottom of each configuration screen you will find the buttons shown below. Click Apply in each screen of the Configuration Utility in which you have made changes. Restart the DSA-3100 after completing any changes to its configuration. Home > Wizard The Home>Wizard screen will appear if you logged in as an admin. For more information on the Setup Wizard, please see the Quick Installation Guide, included with your purchase.
Using the Configuration Utility (continued) Home > System System Name: DSA-3100 is the default system name. You may wish to rename it to indicate your company, department, or the service you would like to provide. Admin Detail: You can edit the System Administrator’s information here (e.g., name, phone number, and e-mail).
Using the Configuration Utility (continued) Home > WAN > Static IP Address Static IP Address: IP address: Enter the IP address provided to you by your ISP. Subnet mask: Enter the subnet mask provided to you by your ISP. All devices on the network must have the same netmask. Default Gateway: Enter the IP address of the gateway, provided to you by your ISP. Dynamic IP Make this selection if there is a DHCP server in the network. (See the following pages.
Using the Configuration Utility (continued) Home > WAN > Dynamic IP Address Select this option to obtain an IP address automatically from your ISP. Renew Click Renew to renew the IP configuration. Home > WAN > PPPoE Most DSL users will select this option. User Name & Password: Enter the user name and password that is assigned by your ISP. Dial on demand: This field is optional.
Using the Configuration Utility (continued) Home > Public Network The DSA-3100 allows the gateway to be set to one of three Authentication modes. Mode: Select NAT; NAT_IP_PNP or Router NAT: This mode protects the identity of the devices within the LAN from those devices outside the network. NAT_IP_PNP: All devices, regardless of their IP address, can gain access to the Internet through the DSA-3100 in this mode.
Using the Configuration Utility (continued) Home > Public Network (continued) Enable DHCP Server: Selecting this option activates the device’s built-in DHCP server. Configure the DHCP server with the following properties: DHCP Pool Start IP Address: Enter the starting IP address, from which the DHCP server will assign to the DHCP-enabled devices (clients) on the network.
Using the Configuration Utility (continued) Home > Private Network NAT and Router are the two local network port modes. Nat mode: All outbound IP addresses on the local network port will be translated to the IP address of the WAN port to proceed. Router mode: All outbound IP addresses on the local network port will retain their IP addresses.
Using the Configuration Utility (continued) Home > User Manager > General Account User Control: Select Enable or Disable. When disabled, only the MAC Address Control function is available. General Account Session Length: Limit the duration of each session established by the general account from 5 minutes to an unlimited period. Idle Timer: When enabled, on-line users who become inactive on the network after a specified period of time will be logged out automatically. The period can range from 1~1440.
Using the Configuration Utility (continued) Home > User Manager > General Account Define the login time and duration here.
Using the Configuration Utility (continued) Home > User Manager > Guest Account Guest Account: Select Enable or Disable. Guest Account List Up to 10 guest accounts can be defined. To activate a particular Guest Account, simply enter the corresponding password in the Password column and click Apply. Guest Account ACL Define network areas where the Guest Account function is disallowed access, for instance 10.2.3.0/24.
Using the Configuration Utility (continued) Home > User Manager > MAC Address Control MAC Address Control: When MAC address control is enabled, users connected to the Authentication Port can not login to the DSA-3100 unless they have registered their MAC Address at MAC Address Control. In other words, only 40 users will be allowed to login when this function is enabled. Please refer to the configuration screen as follows. Note: MAC address format is XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX.
Using the Configuration Utility (continued) Home > User Manager (continued) Friendly logout: If you enable Friendly logout, a pop-up window asking “Do you want to logout?” will appear after closing the login window. If you disable this function, no pop-up window will appear. User Logon SSL: Allow administrator to choose between activating https (encryption), or http (non-encryption) for the login page. WAN Fail Function: Enter a URL, if you enable this function.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > Local Local Users List: A list of all local user accounts stored in the embedded database for user account management.You can add, edit, and delete users. A sample list is shown here. Delete User: Click the box next to the user name and click Delete. Add Users: Click Add User to create new accounts. The screen below will appear.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > Local > Local Users List Upload User Accounts: Besides adding user accounts one by one through the Web interface, you can prepare a text file, which contains user account information, store it on your hard drive and then upload it to the DSA-3100.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > Local > On-demand User Configuration On-demand User: When you connect the DSA-3100P (the plug and play receipt printer) to the DSA-3100’s console port, you can create a database of up to 2000 on-demand users. By default, the on-demand user database is empty.
Using the Configuration Utility (continued) Home >User Manager >Authentication Server >Local > On-demand User Configuration (continued) Description Field Store Name You can specify the prefix of the user name. The maximum is 8 characters (e.g., D-Link). Account Range You can specify the maximum user amount which cannot exceed 2000. Receipt Header You can configure the receipt’s header in this field. Receipt Footer You can configure the receipt’s footer in this field.
Using the Configuration Utility (continued) Home > User Manager > Management Type > Local > Ondemand User Configuration (continued) On-demand Users List Click On-demand Users List in the screen above and the screen below will appear showing a list of the on-demand users. You can delete users in this window. Local > Local User Group Configuration The DSA-3100 provides 5 local user groups; each group can designate a different outbound traffic bandwidth.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > POP3 To use POP3 as the authentication method, input the POP3 server IP address or domain name and its POP3 server port. The settings will take effect immediately after you click the Apply button. It is recommended that you restart the DSA-3100 after these changes if there are any online users.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > RADIUS > 802.1x Select Enable to use the 802.1x feature. The DSA-3100 supports integrated single sign-on when used with 802.1x enabled access points. By using the integrated RADIUS proxy function in the DSA-3100, users can use the EAP methods such as EAP-MD5 or EAP-TLS to login and get the service depending on the authentication methods which the backend RADIUS server and APs support.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > RADIUS > 802.1x (continued) Input the IP addresses and secret keys for the devices on the network. If you are using the 802.1x supplicant provided by Microsoft, the idle time out will be longer than the settings in RADIUS/AP and DSA3100. Except for the idle timer, there is no way for the user to logoff from 802.1x Access Point in the current 802.1x implementation by Microsoft.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > LDAP LDAP: To use LDAP as the authentication method, input the LDAP server IP address or domain name and its LDAP server port. The settings will take effect immediately after you click the Apply button. It is recommended that you restart the DSA-3100 after these changes, if there are any online users.
Using the Configuration Utility (continued) Advanced > Port and IP Redirect Up to 10 sets of traffic redirection criteria can be defined through this interface. Clients who try to access a specific destination that matches one of the defined destinations will be forced to a matching redirection target. These settings will take effect immediately after you click the Apply button.
Using the Configuration Utility (continued) Advanced > Pass-Through To maintain an adequate level of security, each client on the network can be managed. To allow some devices to be unmanaged, input their IP addresses or MAC addresses in this interface. Up to 20 IP addresses and 10 MAC addresses can be assigned unmanaged access. MAC address format is XX:XX:XX:XX:XX:XX Caution: Allowing unmanaged access from specific IP or MAC addresses could adversely affect the security of your network.
Using the Configuration Utility (continued) Advanced > DMZ If you have multiple IP addresses available to assign to the DSA-3100’s WAN interface, you could define up to 10 pairs of Ethernet side (Private IP) and WAN side (Public IP) addresses. The WAN interface will bind the extra public IP addresses automatically. Advanced > Free Surfing Area To allow users access to a few websites before they log in, enter the IP addresses of those sites in the Free Surfing Area list. Up to 20 sites can be defined.
Using the Configuration Utility (continued) Advanced > Static Route In this example, if you want the 192.168.202.0/24 and 192.168.100.0/ 24 network to have access to each other, you should add a static route in the DSA-3100 and also in the 192.168.200.253 IP router. These settings show the DSA-3100’s static route configurations. Destination Network ID: 192.168.202.0 255.255.255.0 192.168.0.253 Specifies the target network or host IP. In this example we use network 192.168.202.0 as the routed target.
Using the Configuration Utility (continued) Advanced > Firewall . Click the Filter Rule number to enter the firewall page for each filter. The chart on the following page explains each configurable item in detail. Edit the filter rule Filter rule is a set of filters that determine whether traffic will be allowed to pass between the source and destination or whether it will be dropped. To display the detail, click the index number in the screen above.
Using the Configuration Utility (continued) Advanced > Firewall (continued) Filter Description Name Gives a name to the IP Filter rule Check to enable this rule Enables this rule if it is marked Action Specifies the action to be taken when packets match the rule Block: Packets matching the rule will be dropped Pass: Packets matching the rule will be passed Protocol Specifies the protocol(s) this filter rule will apply to Source MAC Source MAC address (optional) Source/ Destination IF Source/Des
Using the Configuration Utility (continued) Admin E-mail Send From: Enter the E-mail address from which you wish to send the DSA-3100 history log. Send To: Enter the E-mail address here to which you wish to send the DSA-3100 history log. Interval: Enter the interval at which you would like the history to be sent. Monitor IP List The DSA-3100 can monitor up to 20 IP addresses on the network.
Using the Configuration Utility (continued) Tools > Upload Upload customer key To provide a custom key page in order to support a specific certificate, please click Browse to search for the file name for the customer key. Click Apply to upload it onto the DSA-3100. Upload customer certificate To provide a custom key page in order to support a specific certificate, please click Browse to search for the file name for the customer certificate. Click Apply to upload it onto the DSA-3100.
Using the Configuration Utility (continued) Tools > Upload Login Page To provide a custom user login page, please specify the file name to upload onto the DSA-3100. If you want to get back to the default user login page, simply click the Use Default Page button. If you want to display the Login page, simply click the Preview button The uploaded custom login page must contain the following HTML codes to provide users a place to input the user name and password. Required HTML code
Using the Configuration Utility (continued) Tools > Upload Logout Page To provide a custom user logout page, please click Browse to specify the file name and upload it onto the DSA-3100 by clicking Apply. If you want to get back to the default user logout page, simply click the Use Default Page button. If you want to display the Logout page, simply click the Preview button. The uploaded custom logout page must contain the following HTML codes to provide users a place to input the user name and password.
Using the Configuration Utility (continued) Tools > Upload Tools > Upload Error Page Upload Error Page: To provide a custom error page, please specify the file name to upload it onto the DSA-3100. If you want to get back to the default user login page, simply click the Use Default Page button. If you want to display the Error Page, simply click the Preview button.
Using the Configuration Utility (continued) Allows you to make a backup image and restore the backup copy to the DSA-3100. This page also enables you to restore the DSA-3100 back to the factory default settings. Tools > System Create Backup Image: Make a backup image file. Restore Setting From File: Browse the hard drive to locate and restore the backup image file. (Important:The image must be created by the DSA-3100.
Using the Configuration Utility (continued) Tools > Misc. Remote Manage IP: Specify 0.0.0.0/ 0.0.0.0 as the IP address here, in order to manage the device from any location. Or you can enter an IP address to specify a single computer or network. 0.0.0.0/0.0.0.0 SNMP: The DSA-3100 provides SNMP v2 Read-only (RO) management, • Manager IP: A trap manager is a management station that receives and processes traps. When you configure a trap manager, assign an IP address to the management station.
Using the Configuration Utility (continued) Tools > Restart Reboots the DSA-3100. It takes about 75 seconds for the DSA-3100 to reboot. If you have to turn off the power of the DSA-3100 for some time, please reboot it, and after you hear a beep, remove the power adapter. Note: On-line user sessions will be terminated when the system restarts. Status > Device Info This feature displays a system configuration summary. For a chart defining each term, please see the following page.
Using the Configuration Utility (continued) Status > Device Info (continued) Current Firmware Version Displays the current firmware version System Name System name; DSA-3100 is the default Admin Detail Information about the admin Succeed Page The URL that appears after a successful user login–usually a corporation’s homepage External Syslog Server Shows the IP address and the Port of the Syslog server Console Port Baud Rate 9600bps Manage SSH The IP address that connects to the WAN port for co
Using the Configuration Utility (continued) With this feature, you can get Interface management information about the WAN port, Authentication port, and Local Network port.
Using the Configuration Utility (continued) Status > Interface (continued) 53
Using the Configuration Utility (continued) Status > Current Users With this feature, you can get information about online users including Username, IP, MAC, packet count, byte count and idle time. It also allows the administrator to force an on-line user to get off-line by clicking the log out link beside a user’s data. Status > Traffic History History E-mail The DSA-3100 keeps traffic history in its volatile memory.
Using the Configuration Utility (continued) Help This feature provides online instructions for operating the DSA-3100, you can click the hyperlink for a more detailed description.
Networking Basics Using the Network Setup Wizard in Windows XP In this section you will learn how to establish a network at home or work, using Microsoft Windows XP. Note: Please refer to websites such as http://www.homenethelp.com and http://www.microsoft.com/windows2000 for information about networking computers using Windows 2000, ME or 98. Go to Start>Control Panel>Network Connections Select Set up a home or small office network When this screen appears, Click Next.
Networking Basics (continued) Please follow all the instructions in this window: Click Next In the following window, select the best description of your computer. If your computer connects to the internet through a gateway/router, select the second option as shown.
Networking Basics (continued) Enter a Computer description and a Computer name (optional.) Click Next Enter a Workgroup name. All computers on your network should have the same Workgroup name.
Networking Basics (continued) Please wait while the Network Setup Wizard applies the changes. When the changes are complete, Click Next. Please wait while the Network Setup Wizard configures the computer. This may take a few minutes.
Networking Basics (continued) In the window below, select the option that fits your needs. In this example, Create a Network Setup Disk has been selected. You will run this disk on each of the computers on your network. Click Next. Insert a disk into the Floppy Disk Drive, in this case drive A.
Networking Basics (continued) Please read the information under Here’s how in the screen below. After you complete the Network Setup Wizard you will use the Network Setup Disk to run the Network Setup Wizard once on each of the computers on your network. Click Next.
Networking Basics (continued) Please read the information on this screen, then click Finish to complete the Network Setup Wizard. The new settings will take effect when you restart the computer. Click Yes to restart the computer. You have completed configuring this computer. Next, you will need to run the Network Setup Disk on all the other computers on your network. After running the Network Setup Disk on all your computers, your new wireless network will be ready to use.
Networking Basics (continued) Naming your Computer To name your computer In Windows XP, please follow these directions: Click Start (in the lower left corner of the screen) Right-click on My Computer Select Properties Select the Computer Name Tab in the System Properties window. You may enter a Computer Description if you wish; this field is optional. To rename the computer and join a domain, click Change.
Networking Basics (continued) Naming your Computer (continued) In this window, enter the Computer name. Select Workgroup and enter the name of the Workgroup. All computers on your network must have the same Workgroup name. Click OK Checking the IP Address in Windows XP The adapter-equipped computers in your network must be in the same IP Address range (see Getting Started in this manual for a definition of IP Address Range.
Networking Basics (continued) Checking the IP Address in Windows XP (continued) This window will appear. Click the Support tab Click Close Assigning a Static IP Address in Windows XP/2000 Note: Residential Gateways/Broadband Routers will automatically assign IP Addresses to the computers on the network, using DHCP (Dynamic Host Configuration Protocol) technology. If you are using a DHCP-capable Gateway/Router you will not need to assign Static IP Addresses.
Networking Basics (continued) Assigning a Static IP Address in Windows XP/2000 (continued) Double-click on Network Connections Right-click on Local Area Connections Click on Properties 66
Networking Basics (continued) Assigning a Static IP Address in Windows XP/2000 Click on Internet Protocol (TCP/IP) Click Properties Input your IP Address and subnet mask. (The IP Addresses on your network must be within the same range. For example, if one computer has an IP Address of 192.168.0.2, the other computers should have IP Addresses that are sequential, like 192.168.0.3 and 192.168.0.4. The subnet mask must be the same for all the computers on the network.
Networking Basics (continued) Assigning a Static IP Address with Macintosh OSX Go to the Apple Menu and select System Preferences cClick on Network Select Built-in Ethernet in the Show pull-down menu Select Manually in the Configure pull-down menu Input the Static IP Address, the Subnet Mask and the Router IP Address in the appropriate fields Click Apply Now 68
Networking Basics (continued) Selecting a Dynamic IP Address with Macintosh OSX Go to the Apple Menu and select System Preferences Click on Network Select Built-in Ethernet in the Show pull-down menu Select Using DHCP in the Configure pull-down menu Click Apply Now The IP Address, Subnet mask, and the Router’s IP Address will appear in a few seconds 69
Networking Basics (continued) Checking the Wireless Connection by Pinging in Windows XP/2000 Note: The following illustrations are examples only. The IP Address that you are pinging may be different from those in the following examples. Go to Start > Run > type cmd. A window similar to this one will appear. Type ping xxx.xxx.xxx.xxx, where xxx is the IP Address of the Wireless Router or Access Point. A good wireless connection will show four replies from the Wireless Router or Acess Point, as shown.
Technical Specifications Functions Provided 3 10/100Mbps Fast Ethernet ports for WAN connection, trusted LAN connection and untrusted LAN connection Manages up to 250 user account data with internal user account database Supports up to 50 on-line users ID/Password based authentication and authorization- Can be combined with MAC Address locking to provide stricter access control POP3, RADIUS and LDAP external authentication mechanism support - Only one of these can be selected at a time On-line status monito
Technical Specifications (continued) Device Ports - All ports (except the console port) are auto-mdix, which means that you can use a straight-through or a crossover cable for connections.
Techni cal Support echnical You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the warranty period on this product. U.S. and Canadian customers can contact D-Link technical support through our web site, or by phone.
Limited Warranty (USA only) Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limited warranty for its product only to the person or entity that originally purchased the product from: • • D-Link or its authorized reseller or distributor and Products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, U.S. Military Installations, addresses with an APO or FPO.
• The customer must submit with the product as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same. • The original product owner must obtain a Return Material Authorization (“RMA”) number from the Authorized D-Link Service Office and, if requested, provide written proof of purchase of the product (such as a copy of the dated purchase invoice for the product) before the warranty service is provided.
Governing Law: This Limited Warranty shall be governed by the laws of the State of California. Some states do not allow exclusion or limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and exclusions may not apply. This limited warranty provides specific legal rights and the product owner may also have other rights which vary from state to state. Trademarks: D-Link is a registered trademark of D-Link Systems, Inc.
