DWC-1000 Wireless Controller FastFind Links User’s Guide Product Overview Unpacking and Installation Basic Configuration Viewing Status and Statistics Maintenance Troubleshooting
CONTENTS Preface.................................................................................................................... vii Audience ................................................................................................................ viii Document Revision Level ......................................................................................... ix Changes in this Revision ..........................................................................................
Contents Authenticating to an Authentication Server......................................................... 23 Logging In to a Captive Portal ............................................................................ 25 Where to Go from Here ........................................................................................... 26 3. Basic Configuration ......................................................................................... 27 Logging In to the Web Management Interface ...........
Contents Additional Advanced Configuration Settings ............................................................ 80 5. Securing Your Network .................................................................................... 82 Managing Clients ..................................................................................................... 83 Viewing Known Clients and Adding Clients ........................................................ 83 Editing Clients ..........................................
Contents LAN-Associated Clients ......................................................................................... 142 WLAN-Associated Clients ...................................................................................... 144 Sessions through the Wireless Controller .............................................................. 145 Associated Clients ................................................................................................. 146 LAN Clients..............................
Contents Restoring Factory Default Settings ........................................................................ 206 Rebooting the Wireless Controller ......................................................................... 207 Upgrading Firmware .............................................................................................. 208 Access Point Firmware Upgrade ...................................................................... 208 Wireless Controller Firmware Upgrade ..................
PREFACE Thank you for purchasing the D-Link DWC-1000 Wireless Controller. The DWC-1000 Wireless Controller lets you configure, manage, monitor, and troubleshoot D-LINK access points in your wireless network (WLAN) from a central point. The DWC-1000 is part of D-Link’s Unified Wireless Solution.
Preface Audience This guide is designed for the person who installs, configures, deploys, and maintains the wireless controller. This document assumes the reader has moderate hardware, computer, and Internet skills.
Preface Document Revision Level This section provides a history of the revision changes to this document. Revision Document Version Date A Version 2 9/27/2012 Description Initial release Changes in this Revision N/A - this is first version of this document.
Preface Document Conventions This guide uses the following conventions to draw your attention to certain information. Safety and Warnings This guide uses the following symbols to draw your attention to certain information. Symbol Meaning Description Note Notes emphasize or supplement important points of the main text. Tip Tips provide helpful information, guidelines, or suggestions for performing tasks more effectively.
1. PRODUCT OVERVIEW The DWC-1000 Wireless Controller is intended to provide small-to-medium-sized businesses with a mechanism for configuring, managing, and monitoring up to 24 D-LINK DWL-2600AP, DWL-3600AP, DWL-6600AP, and/or DWL-8600AP access points from a central location.
Product Overview Features and Benefits The DWC-1000 Wireless Controller is intended for campuses, branch offices, and small-tomedium businesses. In a stacked configuration with the appropriate licenses, a wireless controller can support up to 96 access points. The wireless controller allows you to manage your wireless network from a central point, implement security and QoS features centrally, configure a guest access captive portal, and support Voice over Wi-Fi.
2. UNPACKING AND INSTALLATION A DWC-1000 wireless controller system consists of one or more wireless controllers and a collection of DWL-2600AP, DWL-3600AP, DWL-6600AP, and/or DWL-8600AP access points that are organized into groups based on location or network access. This chapter describes how to unpack and install the wireless controller system.
Unpacking and Installation Unpacking Follow these steps to unpack the wireless controller and prepare it for operation: 1. Open the shipping container and carefully remove the contents. 2. Return all packing materials to the shipping container and save it. 3. Confirm that all items listed in the "Package Contents" section are included in the shipment. Check each item for damage. If any item is damaged or missing, notify your authorized D-Link representative.
Unpacking and Installation Selecting a Location Selecting the proper location for the wireless controller is essential for its successful operation. To ensure optimum performance, D-LINK recommends that you perform a site survey. A site survey should enable you to: Identify how Wi-Fi coverage should be provided. Determine access point placement locations, and identify areas with weak signal or dead spots that require additional access points.
Unpacking and Installation Front Panel Ports and LEDs Figure 2-1. Front Panel Ports and Power LED One RJ-45 Console Port The RJ-45 labeled Console lets you connect a PC console to access the wireless controller’s command-line interface. Two Gigabit Option Ports Two Gigabit Ethernet ports labeled Option let you connect the wireless controller to a backbone (requires DWC-1000-VPN-LIC License Pack upgrade – see page 19).
Unpacking and Installation Four Gigabit Ethernet LAN Ports Four Gigabit Ethernet ports labeled LAN 1 through LAN 4 let you connect Ethernet devices such as computers, switches, and hubs. Each port has an Activity LED (left) and Link LED (right) – see Table 2-2. Two USB 2.0 Ports Two Universal Serial Bus (USB) 2.0 ports are provided for connecting USB flash drives, hard drives, computers, and printers. Each port has an LED. Table 2-2.
Unpacking and Installation Rear Panel Figure 2-2 and Table 2-4 describe the components on the rear panel of the wireless controller. Figure 2-2. Rear Panel Ports Table 2-4. Rear Panel (Viewed from Right to Left) Legend Description ON/OFF switch AC socket Reset button Using the Reset Button Using the reset button on the rear panel, you can perform a factory default reset.
Unpacking and Installation 2. Find the reset button on the back panel, and then use a thin object to press and hold the reset button for at least 15 seconds. 3. Release the reset button. Bottom Panel (Default IP Address) The bottom of the wireless controller enclosure has a product label that shows the wireless controller’s serial number, regulatory compliance, and other information. Licenses Two types of licenses are available for upgrading the wireless controller. DWC-1000-AP6-LIC License Packs.
Unpacking and Installation 2. Use the screws provided with the equipment rack to mount the wireless controller in the rack (see Figure 2-4). Figure 2-4. Install the Wireless Controller in a Standard-Sized Equipment Rack Connecting the Wireless Controller To install the wireless controller, perform the following procedure (and see Figure 2-5 on page 21). 1. Install the switch and access points according to the instructions in their documentation. 2.
Unpacking and Installation Figure 2-5. Wireless Controller Installation 4. If you purchased a VPN/Firewall/Router License Pack, use the Option1 and Option2 ports on the front of the wireless controller as follows: – Option1 = WAN port for connecting to a cable or DSL modem. – Option2 = WAN or DMZ port for dual WAN connections or internal server farm purposes. If used as a DMZ port, the port’s IP address must be different than the IP address of the wireless controller’s LAN interface. 5.
Unpacking and Installation Sample Applications The following sections describe three deployment scenarios to show how the wireless controller can operate in a variety of network configurations. Connecting to a Secured Network Figure 2-6 shows a simple network with a wireless controller, Power over Ethernet (PoE) switch, Layer 3 switch or router, and access points.
Unpacking and Installation To configure the wireless controller for WPA or WPA/WPA2 security, perform the basic configuration procedure described in Chapter 3, and then use the procedure below to configure the wireless controller for WPA or WPA/WPA2 security. Step Configuration 1. Under the SSID column, click an SSID. 2. Change Wireless Network Configuration to desired settings, including security. 3. For Security, click None, WEP, or WPA/WPA2. 4. If using WEP, enter a WEP key. 5.
Unpacking and Installation To configure the wireless controller for this configuration, use the procedure below. Step Configuration 1. Under the SSID column, click an SSID. 2. Edit the SSID name, if necessary. 3. Enter the RADIUS authentication server name. 4. Optional: Enter the RADIUS accounting server name. 5. Optional: Select a RADIUS use network configuration. 6. Optional: Check RADIUS accounting. 7. Optional: Enter a RADIUS authentication server name. 8.
Unpacking and Installation Logging In to a Captive Portal The wireless controller lets you create a captive portal, which allows you to control which web page is viewed when users first log onto a WLAN. Captive portals are used to control Wi-Fi access at locations where users are ―captive,‖ such as hotels, apartments, business centers, coffee houses, and restaurants.
Unpacking and Installation To configure an interface for captive portal access, perform the basic configuration procedure described in Chapter 3, and then use the procedure below to configure an interface for captive portal access. You can associate a configured captive portal with a specific physical interface or wireless network (SSID). Step 1. Configuration Create a captive portal.
3. BASIC CONFIGURATION After you install the wireless controller, perform the basic configuration instructions described in this chapter. A basic configuration includes: Logging In to the Web Management Interface (page 28) Web Management Interface Layout (page 31) Basic Configuration Procedures (page 32) Using the information in this chapter, you can perform the basic information in minutes and get your wireless controller up and running in a short period of time.
Basic Configuration Logging In to the Web Management Interface Configuration procedures using the wireless controller’s web management interface are performed using one of the following supported web browsers: Browser Version Microsoft Internet Explorer 6.0 or higher Mozilla Firefox 3.5 or higher Netscape Navigator 9.0 or higher Apple Safari 4.0 Google Chrome 5.0 Before you perform the following procedure: Configure your PC running the web browser to use an IP address on the 192.168.10.
Basic Configuration 3. If you are logging in for the first time, type the default case-sensitive user name admin and the default case-sensitive password admin in lower-case letters. Note: D-Link recommends that you change the password to a new, more secure password (see ―Editing Users‖ on page 202) and record it in Appendix A. 4. Click Login. The web management interface opens, with the System Status page shown. This page shows general, option, and LAN status information.
Basic Configuration 5. To log out of the web management interface, click LOGOUT, which appears to the right of the name of the currently displayed page.
Basic Configuration Web Management Interface Layout A web management interface screen can include the following components (see Figure 3-1): 1st level: Main navigation menu tab. The main navigation menu tabs in the light gray bar appear across the top of the web management interface. These tabs provide access to all configuration menus and remain constant. The menu names appear in upper-case letters. When you click a tab, the letters change to dark characters against a white background.
Basic Configuration Main Navigation Menu Tab Configuration Menu Tab Helpful Hints Workspace Figure 3-1. Web Management Interface Basic Configuration Procedures To perform a basic configuration: Basic Configuration Step #1. Enable DHCP Server (Optional) – see page 33. Basic Configuration Step #2. Select the Access Points to be Managed – see page 34. Basic Configuration Step #3. Change the SSID Name and Set Up Security – see page 36. Basic Configuration Step #4.
Basic Configuration Basic Configuration Step #1. Enable DHCP Server (Optional) By default, Dynamic Host Configuration Protocol (DHCP) is disabled in the wireless controller. If you are not configuring your access points with static IP addresses, set up a DHCP server or DHCP server relay on the network. If desired, perform the following procedure to configure your wireless controller to act as a DHCP server. 1. Click SETUP > Network Settings > LAN Setup Configuration. The LAN SETUP page appears. 2.
Basic Configuration 5. In the web browser’s address field, enter the new IP address you recorded in step 2. 6. Click SETUP > Network Settings > LAN Setup Configuration. 7. In the LAN SETUP page, change DHCP Mode to DHCP Server. 8. Complete the fields in in the LAN SETUP page (see Table 3-1) and click Save Settings. Table 3-1. DHCP Server Settings Field Description DHCP Starting IP Address Enter the starting IP address in the IP address pool.
Basic Configuration 2. Under List of APs, check the first access point you want the wireless controller to manage, click Manage, complete the fields in the VALID AP page (see Table 3-2), and click Save Settings. When the confirmation appears, click OK. 3. Repeat step 2 for each additional access point you want the wireless controller to manage. Table 3-2. Fields on the VALID AP Page Field Description MAC Address MAC address of the access point. IP Address Network address of the access point.
Basic Configuration Field Channel Description Operating channel for the radio. Basic Configuration Step #3. Change the SSID Name and Set Up Security You can configure up to 64 separate networks on the wireless controller and apply them across multiple radio and virtual access point interfaces. By default, 16 networks are preconfigured and applied in order to the access points on each radio.
Basic Configuration 3. Complete the fields on the NETWORKS page (see Table 3-3) and click Save Settings. Table 3-3. SSID and Security Settings Field Description SSID Enter the case-sensitive name of the wireless network. Be sure the SSID is the same for all devices in your wireless network. Security The default access point profile does not use any security mechanism.
Basic Configuration Table 3-4. WEP Page Settings Field Security Description If you select WEP for Security, the following two additional security options are displayed. Static WEP = uses static key management. You manually configure the same keys to encrypt data on both the wireless client and the access point. Dynamic WEP (WEP IEEE 802.1x) uses dynamically generated keys to encrypt client-to- access point traffic. WEP IEEE 802.1X = screen refreshes, and there are no more fields to configure.
Basic Configuration Table 3-5. WPA/WPA/2 Page Settings Field Security Description If you select WPA for Security, the following two additional security options are displayed. WPA/WPA2 Personal = uses static key management. You manually configure the same keys to encrypt data on both the wireless client and the access point. WPA/WPA2 Enterprise uses a RADIUS server and dynamically generated keys to encrypt client-to- access point traffic.
Basic Configuration 6. Under Access Point Profile List, check the box to the left of the access point profile you want to update. 7. Click Configure SSID. The AP PROFILES SUMMARY page appears.
Basic Configuration 8. Click the radio button next to the Radio Mode you prefer. 9. Under List of SSID, check the box to the left of the SSID network you want to enable. 10. Click Save Settings.
Basic Configuration Basic Configuration Step #4. Confirm Access Point Profile is Associated Use the following procedure to confirm that the access point profile is associated with the wireless controller. Tip: Each time you change configuration settings, perform this procedure to apply the changes to the access point. 1. Click ADVANCED > AP Profile. The AP PROFILES SUMMARY page appears. 2. Under Access Point Profile List, check the box to the left of the access point profile you want to update. 3.
Basic Configuration Basic Configuration Step #5. Configure Captive Portal Settings Configuring the wireless controller’s captive portal settings is a 4-step process: 1. Create a captive portal group a. Click ADVANCED > Users > Groups. The GROUPS page appears. b. Click Add. The GROUP CONFIGURATION page appears.
Basic Configuration c. Complete the fields in Table 3-6 and click Save Settings. Table 3-6. Captive Portal Settings Field Description Group Configuration Group Name Enter a name for the group. Description Enter a description of the group. User Type Captive Portal User Check this box. 2. Add captive portal users a. Click ADVANCED > Users > Users. The USERS page appears.
Basic Configuration b. Click Add. The USERS CONFIGURATION page appears.
Basic Configuration c. Complete the fields in Table 3-7 and click Save Settings. Table 3-7. Captive Portal User Settings Field Description User Name Enter a unique name for this user. The name should allow you to easily identify this user from others you may add. First Name Enter the first name of the user. This is useful when the authentication domain is an external server, such as RADIUS. Last Name Enter the last name of the user.
Basic Configuration 3. Associate the captive portal group to an interface a. Click ADVANCED > Captive Portal > Wlan CP Interface Association. The CAPTIVE PORTAL page appears. b. In the Interface List, click an interface. Tip: Hold down the Shift key when clicking to select a contiguous range of interfaces. To select non-contiguous interfaces hold down the Ctrl key and click each interface. To deselect an interface, hold down Ctrl and click the highlighted interface. c. Click Add.
Basic Configuration 4. Customize the captive portal login page a. Click ADVANCED > Captive Portal > Captive Portal Setup. The CAPTIVE PORTAL SETUP page appears. b. Under List of Available Profiles, click Add to add a new profile or click the radio button that corresponds to a profile name and click Edit to edit an existing profile. The CUSTOMIZED CAPTIVE PORTAL SETUP page appears.
Basic Configuration c. Complete the fields (see Table 3-8) and click Save Settings. The message Operation Succeeded appears and then the CAPTIVE PORTAL SETUP PAGE appears. Table 3-8. Fields on the CUSTOMIZED CAPTIVE PORTAL SETUP Page Field Description General Details Profile Name Enter a name for this captive portal profile. The name should allow you to differentiate this captive profile from others you may set up.
Basic Configuration Field Description General Details Custom Color (#) Set the background color of the page that appears during the captive portal session. Header Details Background Select whether the login page displayed during the captive portal session will show an image or color. Choices are: Image = show image on the page. Use the Header Background Color field to select a background color. The maximum size of the image is 100 kb. Color = show background color on the page.
Basic Configuration Basic Configuration Step #6. Use SSID with RADIUS To use SSID with RADIUS authentication, perform the following procedure. 1. Click ADVANCED > SSIDs. The NETWORKS page appears. 2. Under the SSID column, click the SSID you want to edit. 3. At the next NETWORKS page, update the SSID name in the SSID field if needed. 4. Complete the fields in Table 3-3 and click Save Settings. Your access point is configured to use RADIUS authentication server. Table 3-9.
4. ADVANCED CONFIGURATION SETTINGS While the basic configuration described in the previous chapter is satisfactory for most users, large wireless networks or a complex setup may require the wireless controller’s advanced configuration settings to be configured. This chapter covers the following commonly used advanced configuration settings.
Advanced Configuration Settings QoS Configuration Configuring QoS settings is a 2-step process: 1. Enable QOS mode (see ―Enabling QoS Mode,‖ below), and 2. Define the DHCP or COS settings (see ―Defining DSCP and CoS Settings‖ on page 55). Enabling QoS Mode Path: SETUP > QoS > LAN QoS > Trust Mode Configuration Using the LAN QOS page, you can enable Quality of Service (QoS) on the wireless controller.
Advanced Configuration Settings 2. Under LAN QoS, check Enable QoS for LAN ports. The fields under LAN QoS configuration become available. 3. Under LAN QoS configuration, use the Classify Using drop-down list to select whether DSCP or CoS will be used for the port. 4. Click Save Settings. 5. Proceed to ―Defining DSCP and CoS Settings‖ on page 55 to configure values for DSCP and CoS and their priority.
Advanced Configuration Settings Defining DSCP and CoS Settings After you enable QoS mode, use the procedures in the following sections to configure the values and priorities used by DSCP and CoS. Configuring DSCP Priorities Path: SETUP > QoS > LAN QoS > IP DSCP Configuration If you selected DSCP for your QoS configuration, use the following procedure to configure and assign priority to the DSCP fields in IP packets. 1. Click SETUP > QoS > LAN QoS > IP DSCP Configuration.
Advanced Configuration Settings 2. On the appropriate row, use the Queue drop-down list to select one of the following priorities: – Highest – Medium – Low – Lowest 3. Repeat step 2 for each additional DSCP field you want to prioritize. 4. When you finish, click Save Settings. Configuring CoS Priorities Path: SETUP > QoS > LAN QoS > 801.P Priority If you selected CoS for your QoS configuration, use the following procedure to configure and assign priority to the CoS fields in the IP packets. 1.
Advanced Configuration Settings 2. On the appropriate row, use the Queue drop-down list to select one of the following priorities: – Highest – Medium – Low – Lowest 3. Repeat step 2 for each additional CoS field you want to prioritize. 4. When you finish, click Save Settings.
Advanced Configuration Settings 5. On the appropriate row, use the Queue drop-down list to select one of the following priorities: – Highest – Medium – Low – Lowest 6. Repeat step 2 for each additional CoS field you want to prioritize. 7. When you finish, click Save Settings.
Advanced Configuration Settings VLANs A virtual Local Area Network (VLAN) is a logical segment in a switched network. It allows independent logical networks to be created within a single physical network. VLANs separate devices into different broadcast domains and Layer 3 subnets. Devices within a VLAN can communicate without routing. The primary use of VLANs is to split large switched networks, which are large broadcast domains.
Advanced Configuration Settings 3. Click Save Settings. Creating VLANs Path: SETUP > VLAN Settings > Available VLANs After you enable the wireless controller’s VLAN function, use the AVAILABLE VLANS page to create VLANs. After you create VLANs, you can use the same page to view, edit, and delete VLANs. To create a VLAN: 1. Click SETUP > VLAN Settings > Available VLANs. The AVAILABLE VLANs page appears. 2. Click Add. The following page appears.
Advanced Configuration Settings 3. Complete the fields in the page (see Table 4-1). 4. Click Save Settings. Table 4-1. Fields on the AVAILABLE VLANS Page Field Description Name Enter a unique name for this VLAN. The name should allow you to easily identify this VLAN from others you may add. Id Enter a unique ID to this VLAN. Range: 2 - 4093 Inter VLAN Routing Enable Allows or denies communication between VLAN networks. Choices are: Checked = allow communications between different VLANs.
Advanced Configuration Settings Editing VLANs Path: SETUP > VLAN Settings > Available VLANs After you add VLANs, there is only one setting you can change: inter-VLAN routing, which allows or prevents communications between VLANs. To edit a VLAN: 1. Click SETUP > VLAN Settings > Available VLANs. The AVAILABLE VLANs page appears. 2. Under List of available VLANs, click the VLAN you want to edit and click Edit. The following page appears.
Advanced Configuration Settings 3. Change the Inter VLAN Routing Enable setting as desired (see Table 4-1 on page 61). 4. Click Save Settings.
Advanced Configuration Settings Deleting VLANs Path: SETUP > VLAN Settings > Available VLANs If you no longer need a VLAN, you can delete it. Note: A precautionary message does not appear before you delete a VLAN. Therefore, be sure you do not need a VLAN before you delete it. To delete a VLAN: 1. Click SETUP > VLAN Settings > Available VLANs. The AVAILABLE VLANs page appears. 2. Under List of available VLANs, click the VLAN you want to delete. (Or click the box next to Name to select all VLANs.) 3.
Advanced Configuration Settings Port VLANs Path: SETUP > VLAN Settings > Port VLAN After you enable the wireless controller’s VLAN function, use the PORT VLANS page to configure the ports participating in the VLAN. 1. Click SETUP > VLAN Settings > Port VLAN. The PORT VLAN page appears.
Advanced Configuration Settings MultiVLAN Subnets Path: SETUP > VLAN Settings > Multiple VLAN Subnets Each VLAN can be assigned a unique IP address and subnet mask for the virtually isolated network. Unless you enabled inter-VLAN routing for the VLAN, the VLAN subnet determines the network address on the LAN that can communicate with the devices that correspond to the VLAN. Using the MULTI VLAN SUBNETS page, you can view and edit the available multi-VLAN subnets.
Advanced Configuration Settings 3. Edit the settings as desired (see 67). 4. Click Save Settings. Table 4-2. Fields on the MULTI VLAN SUBNET CONFIG Page Field Description MULTI VLAN SUBNET VLAN ID Read-only field that shows the ID you assigned to the VLAN when you created it. IP Address Enter the IP address for the VLAN. Subnet Mask Enter the subnet mask for the VLAN. DHCP DHCP Mode Select a DHCP mode for the VLAN.
Advanced Configuration Settings Field Description MULTI VLAN SUBNET Starting IP Address Enter the starting IP address in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address within the starting and ending IP address range. Starting and ending IP addresses should be in the same IP address subnet as the wireless controller’s LAN IP address. Ending IP Address Enter the ending IP address in the IP address pool.
Advanced Configuration Settings DMZ Settings The wireless controller allows an Option port to be configured as a secondary Ethernet port or dedicated Demilitarized Zone (DMZ) port. A DMZ allows one IP address (computer) to be exposed to the Internet for activities such as Internet gaming and videoconferencing. Configuring DMZ settings is a 2-step process: 1. Configure the wireless controller port to act as a DMZ (see ―Configuring a Port to Operate as a DMZ,‖ below), and 2.
Advanced Configuration Settings Configuring DMZ Settings Path: SETUP > DMZ Setup > DMZ Setup Configuration After you change the configurable port status to DMZ, use the following procedure to configure DMZ settings. Note: Your wireless controller may not display VPN-related menu options without the DWC1000-VPN-LIC License Pack (see ―Licenses‖ on page 19). 1. Click SETUP > DMZ Setup > DMZ Setup Configuration. The DMZ SETUP page appears. 2. Complete the fields in the page (see Table 4-3). 3.
Advanced Configuration Settings Table 4-3. Fields on the DMZ SETUP Page Field Description DMZ Port Setup IP Address Enter the IP address assigned to the wireless controller’s DMZ interface. Subnet Mask Enter the subnet mask assigned to the wireless controller’s DMZ interface. DHCP for DMZ Connected Computers DHCP Mode Select a DHCP mode for the DMZ.
Advanced Configuration Settings Static Routing A static route tells network devices about an exact, fixed (hard-coded) destination. Static routes can work well with small networks. Configuring your wireless controller for static routing allows data transfers between it and a routing device without needing to use dynamic routing protocols. Adding a Static Route Path: ADVANCED > Routing > Static Routing To add a static route: 1. Click ADVANCED > Routing > Static Routing. The STATIC ROUTING page appears.
Advanced Configuration Settings 3. Complete the fields in the page (see Table 4-4). 4. Click Save Settings. Table 4-4. Fields on the STATIC ROUTE CONFIGURATION Page Field Description Route Name Enter a unique name for this static route. The name should allow you to easily identify this static route from others you may add. Active Activates or deactivates the status route. Choices are: Checked = activate static route. Unchecked = deactivate static route.
Advanced Configuration Settings Editing Static Routes Path: ADVANCED > Routing > Static Routing After you add static routes, you can edit it if you need to change settings. To edit a static route: 1. Click ADVANCED > Routing > Static Routing. The STATIC ROUTING page appears. 2. Under List of available static routes, click the static route you want to edit and click Edit. 3. Change the desired settings (see Table 4-4 on page 73). 4. Click Save Settings.
Advanced Configuration Settings Deleting Static Routes Path: ADVANCED > Routing > Static Routing If you no longer need a static route, you can delete it. Note: A precautionary message does not appear before you delete a static route. Therefore, be sure you do not need a static route before you delete it. To delete a static route: 1. Click ADVANCED > Routing > Static Routing. The STATIC ROUTING page appears. 2. Under List of available Static Routes, click the static route you want to delete.
Advanced Configuration Settings Auto-Failover Settings Path: SETUP > Internal Settings > Option Mode You can configure two Option ports to form a redundancy group. You then designate one Option port as the primary Internet link and the other as the secondary port. If the primary port fails or is disconnected from the network, an automatic failover to the redundant port occurs. The Option port then takes over all functions of the primary port.
Advanced Configuration Settings 3. Complete the settings under Option Failure Detection Method (see Table 4-5). 4. Click Save Settings. Table 4-5. Option Failure Detection Method Fields Field Description None Wireless controller does not check for link failures. DNS lookup using Option DNS Servers Detects failure of an Option link using the DNS servers configured in the Dedicated WAN or Configurable Port WAN pages under the Networking menu.
Advanced Configuration Settings Load Balancing Settings Path: SETUP > Internal Settings > Option Mode The wireless controller supports load balancing when: A D-Link VPN license key has been installed (see ―Activating Licenses‖ on page 211). Multiple Option ports are configured. Protocol bindings have been configured (go to ADVANCED > Routing > Protocol Bindings and refer to the online help). Load balancing allows the wireless controller to distribute traffic among multiple Option ports.
Advanced Configuration Settings 2. Under Port Mode, click Load Balancing. Then use the adjacent drop-down list to select one of the following port balancing methods: – Round Robin – new connections to the Internet alternate between available links. If you select this setting, complete the Option Failure Detection Method settings (see Table 4-5 on page 77).
Advanced Configuration Settings Additional Advanced Configuration Settings The wireless controller provides more advanced configuration settings than covered in this chapter. The following table describes these settings. For more information, go to the page in the web management interface and then access the wireless controller online help in the Helpful Hints area (see Figure 3-1 on page 32).
Advanced Configuration Settings Advanced Configuration Setting Path LAN DHCP leased clients SETUP > Network Settings > LAN DHCP Leased Clients LAN DHCP reserved IPs SETUP > Network Settings > LAN DHCP Reserved IPs MAC-based VLANs SETUP > VLAN Settings > MAC-based VLAN > MAC VLAN Option mode* SETUP > Internet Settings > Option Mode Option port setup SETUP > Option Port Settings > Option Setup ADVANCED > Advanced Network > Option Port Setup* Option port status SETUP > Option Port Settings > Opti
5. SECURING YOUR NETWORK The wireless controller supports a number of features for securing your network. This chapter describes the following commonly used security features: Managing Clients (page 83) Content Filtering (page 88) For information about additional security settings not described in this chapter, see ―Additional Security Settings‖ on page 94. Note: The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology.
Securing Your Network Managing Clients Using the KNOWN CLIENTS page, you can view wireless clients in the Known Client database. The data base contains wireless client MAC addresses and names. The database is used to retrieve descriptive client names from the RADIUS server and implement MAC authentication. The KNOWN CLIENTS page also lets you add, edit, and delete clients. Viewing Known Clients and Adding Clients Path: ADVANCED > Client To view known clients: 1. Click ADVANCED > Client.
Securing Your Network 2. Click Add. The STATIC ROUTE CONFIGURATION page appears.
Securing Your Network 3. Complete the fields in the page (see Table 5-1). 4. Click Save Settings. Table 5-1. Fields on the KNOWN CLIENTS Page Field Description MAC Address Enter the MAC address for the known client. Name Enter the name of the known client. The name should allow you to differentiate this known client from others you may add. Authentication Action If MAC authentication is enabled on the network, select the action to take on a wireless client.
Securing Your Network Editing Clients Path: ADVANCED > Client After you add clients, you can edit it if you need to change settings. To edit a client: 1. Click ADVANCED > Client. The KNOWN CLIENTS page appears. 2. Under List of Known Clients, click the client you want to edit and click Edit. 3. Change the desired settings (see Table 5-1 on page 85). 4. Click Save Settings.
Securing Your Network Deleting Clients Path: ADVANCED > Client If you no longer need a client, you can delete it. Note: A precautionary message does not appear before you delete a client. Therefore, be sure you do not need a client before you delete it. To delete a client: 1. Click ADVANCED > Client. The KNOWN CLIENTS page appears. 2. Under List of Known Clients, click the client you want to delete. (Or click the box next to List of Known Clients to select all clients.) 3. Click Delete.
Securing Your Network Content Filtering The wireless controller lets you control access to specific Web site addresses, URLs, and keywords containing certain words or phrases. Using this feature, you can prevent objectionable content from reaching your PCs. Enabling Content Filtering Path: ADVANCED > Website Filter > Content Filtering By default, the wireless controller’s content-filtering function is disabled.
Securing Your Network 3. Under Web Components, check the Web components you want to subject to parental controls. 4. Click Save Settings. Parental control settings are now enabled for the Web components you selected. You can now use the procedures in this section to enforce parental controls. Specifying Approved URLs Path: ADVANCED > Website Filter > Approved URLs With its content-filtering feature, the wireless controller prevents objectionable content from reaching PCs by screening URLs.
Securing Your Network 2. To enter individual URLs, under Approved URLs List, click Add. When the APPROVED URL CONFIGURATION page appears, enter an approved URL in the URL field and click Save Settings. Repeat this step for each additional approved URL you want to add. 3. To import a CSV file of URLs, under Import Approved URLs, click Browse. In the Choose File dialog box, find the file you want to import, click it, and click Open. Click Import on the APPROVED URLs page and click Save Settings.
Securing Your Network Specifying Blocked Keywords Path: ADVANCED > Website Filter > Blocked Keywords You can use the wireless controller to restrict access to Internet content based on keywords. Up to 32 entries are supported. Keywords can be entered individually or imports from CSV files. Alternatively, you can configure the wireless controller to block all URLs. Note: The blocked keywords you define here can be exported to a CSV file (see ―Exporting Web Filters‖ on page 92).
Securing Your Network 3. To enter individual keywords, click Add under Blocked Keywords. When the APPROVED KEYWORD CONFIGURATION page appears, enter a keyword in the Blocked Keyword field and click Save Settings. Repeat this step for each additional keyword you want to add. 4. To import a CSV file of keywords, under Import Blocked Keywords, click Browse. In the Choose File dialog box, find the file you want to import, click it, and click Open.
Securing Your Network 2. To export the approved URLs you defined under ―Specifying Approved URLs‖ on page 89, under Export Web Filter, click the Export button next to Export Approved URLs. When the File Download dialog box appears, click Save and save the file to a location. 3. To export the blocked keywords you defined under ―Specifying Blocked Keywords‖ on page 91, under Export Web Filter, click the Export button next to Export Blocked Keywords.
Securing Your Network Additional Security Settings The wireless controller provides more security settings than those covered in this chapter. The following table describes these settings. For more information, go to the page in the web management interface and then access the wireless controller online help in the Helpful Hints area (see Figure 3-1 on page 32). Note: Asterisks in the table below indicate settings that require a DWC-1000-VPN-LIC License Pack.
6. VPN SETTINGS A Virtual Private Network (VPN) is a technology designed to increase the security of information transferred over the Internet. A VPN creates a private encrypted tunnel from the user's computer, through the local wireless network and Internet, all the way to the remote endpoint, such as corporate servers and databases. The wireless controller uses the Internet Protocol Security (IPSec) to secure IP traffic.
VPN Settings Configuring VPN Clients The wireless controller supports the following types of tunnels: Gateway-to-gateway VPN. This setup connects two or more wireless controllers to secure traffic between remote sites. Figure 6-1 shows an example of this configuration. Remote Client (client-to-gateway VPN tunnel). In this setup, the IP address of the remote PC is not known. Therefore, the remote client initiates the VPN tunnel and the gateway acts as a responder.
VPN Settings Figure 6-2 shows an example of a configuration where three IPsec clients are connected to an internal network through the wireless controller IPsec gateway. Figure 6-2.
VPN Settings Configuring IPsec Policies IP Security (IPsec) is a suite of related protocols for cryptographically securing communications at the IP Packet Layer. IPsec also provides methods for the manual and automatic negotiation of security associations (SAs) and key distribution. An IPsec tunnel consists of a pair of unidirectional SAs – one at each end of the tunnel – that specify the security parameter index (SPI), destination IP address, and security protocol.
VPN Settings 3. Complete the fields in the page (see Table 6-1). 4. Click Save Settings. Table 6-1. Fields on the IPSEC CONFIGURATION Page Field Description General Policy Name Enter a unique name for this policy. The name should allow you to easily identify this policy from others you may add. Policy Type Select a policy type. Choices are: Auto Policy = some parameters for the VPN tunnel are generated automatically.
VPN Settings Field IKE Version Description Select the IKE version to be used. Choices are: IKEv1 IKEv2 IPsec Mode Select the IPsec mode. Choices are: Tunnel Mode = most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.
VPN Settings Field Local / Remote IP Description Select the type of identifier that you want to provide for the endpoint. Choices are: Any = policy is for traffic from the given end point (local or remote). Note that selecting Any for both local and remote end points is not valid. Single = limits the policy to one host. Enter the IP address of the host that will be part of the VPN in the Start IP Address field. Range = allows computers within an IP address range to connect to the VPN.
VPN Settings Field Description NAT Keep Alive Frequency If NAT Traversal = On, use this option to control the keep-alive-frequency value. Keep-alive packets are sent at the specified time interval and are used to keep the NAT mappings alive on the NAT device. Setting this value to 0 disables this feature. Local Identifier Type Select the ISAKMP identifier for this router.
VPN Settings Field Authentication Method Description Select an authentication method. Choices are: Pre-Shared Key = simple password-based key. RSA-Signature = disables the Pre-shared key field and uses the Active Self Certificate uploaded in the Certificates page. A certificate must be configured in order for RSA-Signature to work. Pre-shared key If Authentication Mode = Pre-Shared Key, enter an alpha-numeric key to be shared with IKE peer. The key does not support double-quotation marks.
VPN Settings Field Description SPI-Incoming Enter a hexadecimal value from 3 and 8 characters. For example: 0x1234. SPI-Outgoing Enter a hexadecimal value from 3 and 8 characters. For example: 0x1234. Encryption Algorithm Select an algorithm to encrypt the data. Key Length If Encryption Algorithm = BLOWFISH or CAST12, enter a key length. For BLOWFISH, the Key Length must be a value between 40 and 448, and a multiple of 8.
VPN Settings Field Description This section is used when Policy Type = Auto Policy under the General section of this page. These settings configure Phase 2 negotiations and should match the Phase 2 settings on the remote tunnel endpoint. SA Lifetime Enter the duration of the Security Association and select the unit (seconds or Kbytes) from the drop-down list. Seconds = measures the SA Lifetime in seconds. After the specified number of seconds passes, the Security Association is renegotiated.
VPN Settings Example of a Manual Policy The following example shows settings on the IPSEC CONFIGURATION page for creating a VPN tunnel between two routers: Router 1: Option=10.0.0.1 LAN=192.168.10.1 Subnet=255.255.255.0 Policy Name: manualVPN Policy Type: Manual Policy Local Gateway: Option Remote Endpoint: 10.0.0.2 Local IP: Subnet 192.168.10.0 255.255.255.0 Remote IP: Subnet 192.168.20.0 255.255.255.
VPN Settings Editing IPsec Policies Path: SETUP > VPN Settings > IPsec > IPsec Policies After you add IPsec policies, you may need to change their settings. To edit an IPsec policy: 1. Click SETUP > VPN Settings > IPsec > IPsec Policies. The IPSEC POLICIES page appears. 2. Under List of VPN Policies, check the IPsec auto policy or manual policy you want to edit and click Edit. The IPSEC CONFIGURATION page appears. 3. Complete the fields in the page (see Table 6-1). 4. Click Save Settings.
VPN Settings Enabling IPsec Policies Path: SETUP > VPN Settings > IPsec > IPsec Policies To enable an IPsec policy: 1. Click SETUP > VPN Settings > IPsec > IPsec Policies. The IPSEC POLICIES page appears. 2. Under List of VPN Policies, check the IPsec auto policy or manual policy you want to enable and click Enable.
VPN Settings Disabling IPsec Policies Path: SETUP > VPN Settings > IPsec > IPsec Policies To disable an IPsec policy: 1. Click SETUP > VPN Settings > IPsec > IPsec Policies. The IPSEC POLICIES page appears. 2. Under List of VPN Policies, check the IPsec auto policy or manual policy you want to disable and click Disable.
VPN Settings Exporting IPsec Policies Path: SETUP > VPN Settings > IPsec > IPsec Policies You can export an IPsec policy to a local host. To export an IPsec policy: 1. Click SETUP > VPN Settings > IPsec > IPsec Policies. The IPSEC POLICIES page appears. 2. Under List of VPN Policies, check the IPsec auto policy or manual policy you want to export and click Export. The VPN CONFIG EXPORT WIZARD FOR REMOTE DSR appears. 3. Review and complete the settings as needed. 4.
VPN Settings Deleting IPsec Policies Path: SETUP > VPN Settings > IPsec > IPsec Policies If you no longer need an IPsec policy, you can delete it. Note: A precautionary message does not appear before you delete an IPsec policy. Therefore, be sure you do not need an IPsec before you delete it. 1. Click SETUP > VPN Settings > IPsec > IPsec Policies. The IPSEC POLICIES page appears. 2. Under List of VPN Policies, check the IPsec auto policy or manual policy you want to delete and click Delete.
VPN Settings Mode Config Settings Path: SETUP > VPN Settings > IPsec > IPsec Mode Config If you enabled Mode Config settings on the IPSEC CONFIGURATION page, use the following procedure to configure the Mode Config settings. 1. Click SETUP > VPN Settings > IPsec > IPsec Mode Config. The IPSEC MODE CONFIG page appears. 2. Complete the fields in the page (see Table 6-2). 3. Click Save Settings. 4. To split DNS names, under Split DNS Names, click Add.
VPN Settings name server for name resolution. When you click Add, the SPLIT DNS NAMES page appears. Enter a Domain Name in the Domain Name field and click Save Settings. The Split DNS Name section provides Edit and Delete buttons for changing or deleting split DNS name configurations.
VPN Settings Table 6-2. Fields on the IPSEC MODE CONFIG Page Field Tunnel Mode Description Select a tunnel mode. Choices are: Full Tunnel = every packet destined to the Internet or remote server goes through the tunnel. Split Tunnel = traffic destined to the Internet does not pass through the tunnel. Start IP Address Enter the first address to be allocated in this pool. End IP Address Enter the last address to be allocated in this pool.
VPN Settings DHCP Range Path: SETUP > VPN Settings > IPsec > DHCP Range If clients will connect to the IPsec VPN using DHCP, use the IP RANGE FOR DHCP OVER IPSEC to configure the DHCP settings. 1. Click SETUP > VPN Settings > IPsec > SHCP Range. The IP RANGE FOR DHCP OVER IPSEC page appears. 2. Complete the fields in the page (see Table 6-3). 3. Click Save Settings. Table 6-3.
VPN Settings PPTP/LT2P Tunnels The wireless controller supports VPN tunnels from either PPTP or L2TP ISP servers. In this role, the wireless controller acts as a broker to allow the ISP's server to create a TCP control connection between the LAN VPN client and the VPN server. PPTP Tunnel Support Configuring PPTP Clients Path: SETUP > VPN Settings > PPTP > PPTP Client PPTP VPN clients can be configured on the wireless controller.
VPN Settings 3. Click Save Settings. Table 6-4. Fields on the PPTP CLIENT Page Field Description PPTP Client Configuration Enable PPTP Client Enables or disables the PPTP client. Choices are: Checked = enable PPTP client. Unchecked = disable PPTP client. PPTP Client Configuration Server IP Enter the IP address of the PPTP server. Remote Network Enter the network address of the remote network that is local to the PPTP server.
VPN Settings Path: SETUP > VPN Settings > PPTP > PPTP Server After you configure the PPTP clients for the PPTP VPN, use the following procedure to configure the PPTP server. Once enabled, a PPTP server is available on the wireless controller for LAN and Option PPTP client users to access. PPTP clients within range of configured IP addresses of allowed clients can reach the wireless controller’s PPTP server.
VPN Settings Table 6-5. Fields on the PPTP SERVER Page Field Description PPTP Client Configuration Enable PPTP Server Enables or disable the PPTP server. Choices are: Checked = enable PPTP server. Unchecked = disable PPTP server. PPTP Routing Mode Nat NAT is a technique that allows several computers on a LAN to share an Internet connection. The computers on the LAN use a "private" IP address range while the Option port on the router is configured with a single "public" IP address.
VPN Settings Field Description PPTP Client Configuration MS-CHAPv2 Enables or disables support for MS-CHAPv2 authentication method. Introduces an additional feature not available with MSCHAP or standard CHAP authentication: the change password feature. This feature lets the client change the account password if the RADIUS server reports that the password has expired. Choices are: Checked = enable support for MS-CHAPv2. Unchecked = disable support for MS-CHAPv2.
VPN Settings L2TP Tunnel Support Path: SETUP > VPN Settings > L2TP > L2TP Server After you configure PPTP tunnel support, then configure L2TP tunnel support. Once enabled, a L2TP server is available on the wireless controller for LAN and Option L2TP client users to access. After the L2TP server is enabled, L2TP clients within the range of configured IP addresses of allowed clients can reach the wireless controller’s L2TP server.
VPN Settings Table 6-6. Fields on the L2TP SERVER Page Field Description L2TP Server Configuration Enable L2TP Server Enables or disable the L2TP server. Choices are: Checked = enable L2TP server. Unchecked = disable L2TP server. L2TP Routing Mode Nat NAT is a technique that allows several computers on a LAN to share an Internet connection. The computers on the LAN use a "private" IP address range while the Option port on the router is configured with a single "public" IP address.
VPN Settings Field Description L2TP Server Configuration MS-CHAPv2 Enables or disables support for MS-CHAPv2 authentication method. Introduces an additional feature not available with MSCHAP or standard CHAP authentication, the change password feature. This feature lets the client change the account password if the RADIUS server reports that the password has expired. Choices are: Checked = enable support for MS-CHAPv2. Unchecked = disable support for MS-CHAPv2.
VPN Settings OpenVPN Support Path: SETUP > VPN Settings > OpenVPN > Open VPN Configuration An Open VPN session can be established through the wireless controller. OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, OpenVPN lets the server release an authentication certificate for every client, using signature and Certificate authority. To configure OpenVPN support: 1.
VPN Settings Table 6-7. Fields on the OPENVPN CONFIGURATION Page Field Description OpenVPN Server/Client Configuration Enable Openvpn Enables or disables OpenVPN support. Choices are: Checked = enable OpenVPN support. Unchecked = disable OpenVPN support. Mode Select an OpenVPN daemon mode. Choices are: Server = run OpenVPN daemon in server mode. Client = run OpenVPN daemon in client mode.
VPN Settings Certificates Select the set of certificates OpenVPN server uses: First Row = set of certificates and keys the server uses. Second Row = set of newly uploaded certificates and keys. Enable TLS Authentication Key Enabling this option adds Transport Layer Security (TLS) authentication, which adds a layer of authentication. TLS uses public key infrastructure (PKI) to acquire and validate digital certificates.
7. VIEWING STATUS AND STATISTICS This chapter describes the following pages, which display wireless controller and access point status information and statistics. Path Description See Page STATUS > Dashboard > General Shows CPU and memory utilization. 129 STATUS > Device Info > System Status Summarizes the wireless controller configuration settings. 131 STATUS > Device Info > Wireless LAN AP Info Shows details about the managed access points.
Viewing Status and Statistics Path Description See Page Status > Access Point Info > AP RF Scan Status Shows information about other access points and wireless clients that the wireless controller has detected. 159 Path: STATUS > Global Info > Global Status Shows status and statistics about the wireless controller and the objects associated with it. 161 Status > Global Info > Peer Controller > Status Shows information about other wireless controllers in the network.
Viewing Status and Statistics Viewing CPU and Memory Utilization Path: STATUS > Dashboard > General The wireless controller provides a dashboard that displays CPU and memory utilization. The DASHBOARD page is organized into the following sections (see Table 7-1): CPU Utilization – shows statistics for the wireless controller’s processor. Memory Utilization – shows the system’s memory status. Figure 7-1.
Viewing Status and Statistics Table 7-1. Fields on the DASHBOARD Page Field Description CPU Utilization CPU usage by user Percent of the CPU utilization currently consumed by all user space processes, such as SSL VPN or management operations. CPU usage by kernel Percent of the CPU utilization currently consumed by kernel space processes, such as firewall operations. CPU idle Percent of CPU cycles currently not in use. CPU waiting for IO Percent of CPU cycles allocated to input/output devices.
Viewing Status and Statistics Viewing System Status Path: STATUS > Device Info > System Status The SYSTEM STATUS page summarizes the wireless controller configuration settings configured in the Setup and Advanced menus. This page is organized into the following sections: General - shows system name, firmware and WLAN module version, and serial number. Option Information and LAN Information – shows information based on the administrator configuration parameters.
Viewing Status and Statistics Figure 7-2.
Viewing Status and Statistics Viewing Managed Access Point Information Path: STATUS > Device Info > Wireless LAN AP Info The WIRELESS LAN AP INFORMATION page shows details about the managed access points (see Table 7-2). Checking a managed access point enables the buttons described in Table 7-3. Figure 7-3.
Viewing Status and Statistics Table 7-2. Fields on the WIRELESS LAN AP INFORMATION Page Field Description MAC Address (*) Peer Managed Ethernet address of the managed access point. If an asterisk (*) follows the MAC address, the access point is managed by a peer controller. IP Address Network IP address of the managed access point. Age Time since last communication occurred between the wireless controller and the access point. Status Current managed state of the access point.
Viewing Status and Statistics Viewing Cluster Information Path: STATUS > Device Info > Cluster Information The CLUSTER INFORMATION page shows information about other wireless controllers in the network. Peer wireless controllers within the same cluster exchange data about themselves, their managed access points, and their clients. The wireless controller maintains a database with this data, so you can view information about a peer, such as its IP address and software version.
Viewing Status and Statistics Table 7-4. Fields on the CLUSTER Page Field Description Cluster Information Cluster Controller Identifies whether the wireless controller is part of a cluster. Yes = wireless controller is part of a cluster. No = wireless controller is not part of a cluster. Cluster Controller IP Address IP address of the controller that controls the cluster. Cluster Priority Connected Peer Controllers IP Address IP address of the peer wireless controller in the cluster.
Viewing Status and Statistics Viewing Hardware and Usage Statistics Path: STATUS > Dashboard > Interface The wireless controller provides a dashboard that displays information about the resources the system is using. Bandwidth usage and application usage are shown as graphs. A drop-down list lets you filter the graphs to show all, LAN, or option interfaces.
Viewing Status and Statistics Figure 7-5.
Viewing Status and Statistics Wired Port Statistics Path: STATUS > Traffic Monitor > Device Statistics The DEVICE STATISTICS page shows detailed transmit and receive statistics for each physical port.
Viewing Status and Statistics Managed Access Points and Associated Clients Statistics Path: STATUS > Traffic Monitor > Managed AP Statistics The MANAGED AP STATISTICS page shows information about traffic on the access point’s wired and wireless interfaces. This information can help diagnose network issues, such as throughput problems. Figure 7-7. MANAGED AP STATISTICS Page Table 7-5. Fields on the MANAGED AP STATISTICS Page Field Description MAC Address MAC address of the client station.
Viewing Status and Statistics Table 7-6. Buttons on the MANAGED AP STATISTICS Information Button Description View Details Shows detailed status information collected from the access point View Radio Details Shows detailed status for a radio interface. View VAP Details Shows summary information about the virtual access points (VAPs) for the selected access point and radio interface on the access points that the wireless controller manages.
Viewing Status and Statistics LAN-Associated Clients Path: STATUS > Traffic Monitor > Associated Clients Statistics > WLAN Associated Clients The ASSOCIATED CLIENTS STATISTICS page tracks the traffic associated with the client connected to the wireless controller. A Refresh button lets you update the information shown on the page. Checking a client and clicking the View Details button displays detailed information about the selected client.
Viewing Status and Statistics Table 7-7. Fields on the ASSOCIATED CLIENTS STATISTICS Page Field Description Packets Received Total number of packets received from the client station. Bytes Received Total number of bytes received from the client station. Packets Transmitted Total number of packets transmitted to the client station. Bytes Transmitted Total number of bytes transmitted to the client station.
Viewing Status and Statistics WLAN-Associated Clients Path: STATUS > Wireless Client Info > Associated Clients > Status The wireless client can roam among access points without interruption in WLAN service. The wireless controller tracks the traffic the client sends and receives during the entire wireless session while the client roams among access points being managed by the wireless controller.
Viewing Status and Statistics Field Description Bytes Transmitted Number of bytes transmitted to the client station. Bytes Received Number of bytes received by the client station. Sessions through the Wireless Controller Path: STATUS > Active Sessions The ACTIVE SESSIONS page shows the following information about the active Internet sessions through the wireless controller: Local and remote IP addresses Protocol used during the Internet sessions State Figure 7-10.
Viewing Status and Statistics Associated Clients Path: STATUS > Associated Clients > Status The ASSOCIATED CLIENTS STATUS page shows clients that are associated with the access points being managed by the wireless controller. Figure 7-11. ASSOCIATED CLIENTS STATUS Page Table 7-10. Fields on the ASSOCIATED CLIENTS STATUS Page Field Description MAC Address Ethernet address of the client station.
Viewing Status and Statistics Field Status Description Indicates whether the client is associated and/or authenticated. The valid values are: Associated = client is currently associated to the managed access point. Authenticated = client is currently associated and authenticated to the managed access point. Disassociated = client has disassociated from the managed access point. If the client does not roam to another managed access point within the client roam timeout, it is deleted. Table 7-11.
Viewing Status and Statistics LAN Clients Path: STATUS > LAN Clients Info > LAN Clients LAN clients to the wireless controller are identified by an address resolution protocol (ARP) scan through the LAN controller. The LAN CLIENTS page shows the: NetBios name (if available) IP address of discovered LAN hosts MAC address of discovered LAN hosts Figure 7-12.
Viewing Status and Statistics Detected Clients Path: STATUS > LAN Clients Info > Detected Clients Wireless clients are detected by the wireless system either when the clients attempt to interact with the system or when the system detects traffic from the clients. The Detected Client Status page shows information about clients that have authenticated with an access point as well information about clients that disassociate and are no longer connected to the system. Figure 7-13.
Viewing Status and Statistics Table 7-12. Fields on the DETECTED CLIENT STATUS Page Field Description MAC Address Ethernet MAC address of the client. Client Name Name of the client, if available, from the Known Client Database. If the client is not in the database, the field is blank. Client Status Client status, which can be one of the following values: Authenticated = wireless client is authenticated with the wireless system.
Viewing Status and Statistics Access Point Status Path: STATUS > Dashboard > Access Point The ACCESS POINT page shows summary information about managed, failed, and rogue access points the wireless controller has discovered or detected. A pie chart at the bottom of the page provides a graphical representation of the total access point utilization. Figure 7-14.
Viewing Status and Statistics Table 7-13. Fields on the ACCESS POINT Page Field Description Total Access Points Utilization - Data Total Access Points Total number of managed access points in the database. This value equals the sum of Managed Access Points, Connection Failed Access Points, and Discovered Access Points. Managed Access Points Number of access points in the Managed AP database that are authenticated, configured, and have an active connection with the controller.
Viewing Status and Statistics Access Point Summary Path: STATUS > Access Points Info > APs Summary The ACCESS POINTS SUMMARY page shows summary information about managed, failed, and rogue access points the wireless controller has discovered or detected. Status entries can be deleted manually. Figure 7-15.
Viewing Status and Statistics Table 7-14. Fields on the ACCESS POINTS SUMMARY Page Field Description MAC Address MAC address of the access point. IP Address Network address of the access point. Age Amount of time that has passed since the access point was last detected and the information was last updated. Status Access point status. Possible values are: Managed = access point profile configuration has been applied to the access point and the access point is operating in managed mode.
Viewing Status and Statistics Managed Access Point Path: STATUS > Access Point Info > Managed AP Status The MANAGED AP STATUS page shows a variety of information about each access point that the wireless controller is managing. Figure 7-16.
Viewing Status and Statistics Table 7-16. Fields on the MANAGED AP STATUS Page Field Description MAC Address Ethernet address of the access point being managed by the wireless controller. IP Address Network IP address of the managed access point. Age Time of the last communication between the wireless controller and the access point. Status Current managed state of the access point.
Viewing Status and Statistics Authentication Failure Status Path: STATUS > Access Point Info > Authentication Failure Status An access point might fail to associate to the wireless controller due to errors such as invalid packet format or vendor ID, or because the access point is not configured as a valid access point with the correct local or RADIUS authentication information.
Viewing Status and Statistics Table 7-18. Reasons for Access Point Failures Failure Description No Database Entry MAC address of the access point is not in the local Valid AP database or the external RADIUS server database, so the access point has not been validated. Local Authorization Authentication password configured in the access point did not match the password configured in the local database.
Viewing Status and Statistics AP RF Scan Status Path: STATUS > Access Point Info > AP RF Scan Status The radios on each access point can scan the radio frequency periodically to collect information about other access points and wireless clients that are within range. In normal operating mode, the access point always scans on the operational channel for the radio. The AP RF SCAN STATUS page shows information about other access points and wireless clients that the wireless controller has detected.
Viewing Status and Statistics Table 7-20. Fields on the AP RF SCAN STATUS Page Field Description MAC Address Ethernet MAC address of the detected access point. This could be a physical radio interface or VAP MAC. SSID Service Set ID of the network, which is broadcast in the detected beacon frame. Physical Mode 802.11 mode used on the access point. Channel Transmit channel of the access point. Status Managed status of the access point.
Viewing Status and Statistics Global Status Path: STATUS > Global Info > Global Status The wireless controller collects information periodically from the access points it manages and from the associated peer controller. The SUMMARY page shows status and statistics about the wireless controller and the objects associated with it. Figure 7-19.
Viewing Status and Statistics Table 7-21. Fields on the SUMMARY Page Field Description General WLAN Controller Operational Status Operational status of this wireless (WLAN) controller. The controller might be configured as enabled, but is operationally disabled due to configuration dependencies. If the operational status is disabled, the reason appears in the following status field. IP Address IP address of the wireless controller.
Viewing Status and Statistics Field Description 802.11b/g Clients Total number of IEEE 802.11b/g-only clients that are authenticated. 802.11n Clients Total number of clients that are IEEE 802.11n-capable and are authenticated. These include IEEE 802.11a/n, IEEE 802.11b/g/n, 5 GHz IEEE 802.11n, and 2.4GHz IEEE 802.11n. Maximum Associated Clients Maximum number of clients that can associate with the wireless system. This is the maximum number of entries allowed in the Associated Client database.
Viewing Status and Statistics Peer Controller Status Path: STATUS > Global Info > Peer Controller > Status The PEER CONTROLLER STATUS page provides information about other wireless controllers in the network. Peer wireless controllers in the same cluster exchange data about themselves, their managed access points, and clients. The controller maintains a database with this data so you can view information about a peer, such as its IP address and software version.
Viewing Status and Statistics Table 7-23. Fields on the PEER CONTROLLER STATUS Page Field Description Peer Controller Status Cluster Controller IP Address IP address of the wireless controller that controls the cluster. Peer Controllers Number of peer controllers in the cluster. List of Peer Controllers IP Address IP address of the peer wireless controller in the cluster. Vendor ID Vendor ID of the peer controller software. Software Version Software version for the given peer controller.
Viewing Status and Statistics Peer Controller Configuration Status Path: STATUS > Global Info > Peer Controller > Configuration The PEER CONTROLLER CONFIGURATION STATUS page provides information about the access points that each peer controller in the cluster manages. Use the menu above the table to select the peer controller with the access point information to display. Each peer controller is identified by its IP address. Table 7-24.
Viewing Status and Statistics Peer Controller Managed AP Status Path: STATUS > Global Info > Peer Controller > Managed AP The PEER CONTROLLER MANAGED AP STATUS page provides information about the access points that each peer controller in the cluster manages. Use the drop-down list at the top of this page to select the peer controller associated with the access point whose information you want to display. Each peer controller is identified by its IP address.
Viewing Status and Statistics Table 7-25. Fields on the PEER CONTROLLER MANAGED AP STATUS Page Field Description MAC Address MAC address of each access point managed by the peer controller. Peer Controller IP IP address of the peer controller that manages the access point. This field appears when All is selected from the drop-down menu. Location Descriptive location configured for the managed access point. AP IP Address IP address of the access point.
Viewing Status and Statistics IP Discovery Path: STATUS > Global Info > IP Discovery The IP DISCOVERY page shows IP addresses of peer controllers and access points for the wireless controller to discover and associate with as part of the WLAN.
Viewing Status and Statistics Table 7-26. Fields on the IP DISCOVERY Page Field Description IP Address IP address of the device configured in the IP discovery list. Status One of the following states: Not Polled = wireless controller has not tried to contact the IP address in the L3/IP discovery list. Polled = wireless controller tried to contact the IP address.
Viewing Status and Statistics Configuration Receive Status Path: STATUS > Global Info > Config Receive Status The Peer Controller Configuration feature lets you send a wireless configuration from one wireless controller to all other controllers. In addition to keeping the controllers synchronized, this function lets you manage all wireless controllers in the cluster from one controller.
Viewing Status and Statistics Table 7-27. Fields on the CONFIGURATION RECEIVE STATUS Page Field Description Current Receive Status Current Receive Status Global status when wireless configuration is received from a peer controller.
Viewing Status and Statistics AP Hardware Capability Path: STATUS > Global Info > AP H/W Capability The wireless controller supports access points that have different hardware capabilities, such as number of radios, supported IEEE 802.11 modes, and software images. Using the AP HARDWARE CAPABILITY page, you view information about the radio hardware and IEEE modes supported by access points, as well as software images that are available for download to the access point. Table 7-28.
Viewing Status and Statistics Client Status Path: STATUS > Dashboard > Client The CLIENT STATISTICS page shows information about all the clients connected through managed access points.
Viewing Status and Statistics Table 7-29. Fields on the CLIENT STATISTICS Page Field Description 802.11 Clients BAR Graph The bar graph provides a graphical representation of clients connected through access points managed by the wireless controller. 802.11 Clients - Data 802.11a Clients Total number of IEEE 802.11a only clients that are authenticated. 802.11b/g Clients Total number of IEEE 802.11b/g only clients that are authenticated. 802.11n Clients Total number of clients that are IEEE 802.
Viewing Status and Statistics Associated Client Status Path: STATUS > Wireless Client Info > Associated Clients > Status The ASSOCIATED CLIENT STATUS page shows a variety of information about the wireless clients that are associated with the access points the wireless controller is managing. Table 7-30. Fields on the ASSOCIATED CLIENT STATUS Page Field Description MAC Address Ethernet address of the client station.
Viewing Status and Statistics Table 7-31. Buttons on the ASSOCIATED CLIENT STATUS Page Field Description Disassociate Disassociates the selected client from the managed access point. View Details Shows associated client details. View AP Details Shows associated access point details. View SSID Details Lists the SSIDs of the networks that each wireless client associated with a managed access point has used for WLAN access.
Viewing Status and Statistics Associated Client SSID Status Path: STATUS > Wireless Client Info > Associated Clients > SSID Status The SSID ASSOCIATED CLIENT STATUS page shows SSID information for the wireless clients on the WLAN. Table 7-32. Fields on the SSID ASSOCIATED CLIENT STATUS Page Field Description SSID Network on which the client is connected. Client MAC Address Ethernet address of the client station.
Viewing Status and Statistics Table 7-33. Buttons on the SSID ASSOCIATED CLIENT STATUS Page Field Description Disassociate Disassociates the selected client from the managed access point. View Client Details Shows associated client details. Refresh Updates the information on the page.
Viewing Status and Statistics Associated Client VAP Status Path: STATUS > Wireless Client Info > Associated Clients > VAP Status Each AP has 16 virtual access points (VAPs) per radio, and every VAP has a unique MAC address (BSSID). The VAP ASSOCIATED CLIENT STATUS page shows information about the VAPs on the managed access point that have associated wireless clients. To disconnect a client from an access point, check the box next to the BSSID and click Disassociate.
Viewing Status and Statistics Table 7-34. Fields on the VAP ASSOCIATED CLIENT STATUS Page Field Description BSSID Ethernet MAC address for the managed access point VAP where this client is associated. SSID SSID for the managed access point VAP where this client is associated. AP MAC Address Base access point Ethernet MAC address for the managed access point. Radio Managed access point radio interface with which the client is associated and its configured mode.
Viewing Status and Statistics Controller Associated Client Status Path: STATUS > Wireless Client Info > Associated Clients > Controller Status The CONTROLLER ASSOCIATED CLIENT STATUS page shows information about the controller that manages the access point to which the client is associated. Table 7-36. Fields on the CONTROLLER ASSOCIATED CLIENT STATUS Page Field Description Controller IP Address IP address of the controller that manages the access point to which the client is associated.
Viewing Status and Statistics Table 7-37. Buttons on the CONTROLLER ASSOCIATED CLIENT STATUS Page Field Description Disassociate Disassociates the selected client from the managed access point. View Client Details Displays associated client details. Refresh Updates the information on the page.
Viewing Status and Statistics Detected Client Status Path: STATUS > Wireless Client Info > Detected Clients Wireless clients are detected by the wireless system when the clients attempt to interact with the system or when the system detects traffic from the clients. The DETECTED CLIENT STATUS page shows information about clients that have authenticated with an access point, as well information about clients that disassociate and are no longer connected to the system.
Viewing Status and Statistics Table 7-38. Fields on the DETECTED CLIENT STATUS Page Field Description MAC Address Ethernet address of the client. Client Name Name of the client, if available, from the Known Client Database. If client is not in the database, this field is blank. Client Status Client status, which can be one of the following: Authenticated = wireless client is authenticated with the wireless system.
Viewing Status and Statistics Pre-Authorization History Path: STATUS > Wireless Client Info > Pre-Auth History To help authenticated clients roam without losing sessions and needing to re-authenticate, wireless clients can try to authenticate to other access points within range of the client.
Viewing Status and Statistics Detected Client Roam History Path: STATUS > Wireless Client Info > Roam History The wireless system keeps a record of clients as they roam from one managed access point to another, and displays this information on the ROAM HISTORY page. Table 7-42. Fields on the ROAM HISTORY Page Field Description MAC Address MAC address of the detected client. AP MAC Address MAC address of the managed access point to which the client has pre-authenticated.
8.
Maintenance Group Management A user group is a collection of users who share the same privileges. The following section describes how to add user groups. After you add a user group, you can configure its login policies, policies for browsers, and policies by IP. You can also edit user groups when changes are required and delete user groups you no longer need.
Maintenance 2. Click the Add button. The GROUP CONFIGURATION page appears. 3. Complete the fields in the page (see Table 8-1) and click Save Settings.
Maintenance Table 8-1. GROUP CONFIGURATION Page Settings Field Description Group Configuration Group Name Enter a unique name for this group. The name should allow you to easily identify this group from others you may add. Description Enter an optional description for this user group. User Type Admin Check this box to grant all users in this group super-user privileges.
Maintenance Editing User Groups Path: ADVANCED > Users > Groups There may be times when you need to edit a user group. For example, you might want to change the privileges for the user group or idle timeout. To edit a user group: 1. Click ADVANCED > Users > Groups. The GROUPS page appears. 2. Check the box next to the user group you want to edit. 3. Click the Edit button. The GROUP CONFIGURATION page appears. Complete the fields in the page (see Table 8-1) and click Save Settings.
Maintenance Configuring Login Policies Path: ADVANCED > Users > Groups Using the following procedure, you can grant or deny a user group log in access to the web management interface and to the wireless controller Option port. 1. Click ADVANCED > Users > Groups. The GROUPS page appears. 2. Check the box next to a user group. 3. Click the Login Policies button. The GROUPS page appears. 4. Complete the fields in the page (see Table 8-2) and click Save Settings.
Maintenance Table 8-2. GROUPS Page Settings Field Description Group Name Name of the group. Disable Login Grants or denies login access to the web management interface for all users in this user group. Choices are: Checked = disable login access. Unchecked = enable login access. Deny Login from Option Interface Grants or denies login access from the wireless controller’s Option port. Choices are: Checked = disable login access. Unchecked = enable login access.
Maintenance 4. To prevent the users in this user group from using a browser to access the web management interface: a. Under Group Policy By Client Browser, click Deny Login from Defined Browser. b. Under Add Defined Browser, click a browser from the Client Browser dropdown list, and then click Add. The selected browser appears in the Defined Browsers area. c. To prevent additional browsers from logging in to the web management interface, repeat the previous step. d. When you finish, click Save Settings.
Maintenance d. When you finish, click Save Settings. 6. To remove browsers from the Defined Browsers area: a. Click each browser. (Or click the box next to Added Client Browser to select all browsers.) b. Click Delete. A precautionary message does not appear prior to deleting the browsers. Configuring IP Policies Path: ADVANCED > Users > Groups The following procedure describes how to configure IP-specific policies for user groups.
Maintenance a. Under Group Policy By Source IP Address, click Deny Login from Defined Addresses. b. Click the Add button. The DEFINED ADDRESSES page appears. c. Complete the fields in the page (see Table 8-3) and click Save Settings. The address you defined appears in the Defined Addresses area. 5. To allow the users in this user group to log in to the web management interface using a particular network or IP address: a. Under Group Policy By Source IP Address, click Allow Login from Defined Addresses. b.
Maintenance Table 8-3. DEFINED ADDRESSES Page Settings Field Source Address Type Description Name of the group. Choices are: IP Address = specifies a particular IP address. IP Network = specifies an entire IP network. Network Address / IP Address Enter the network or IP address. Mask Length Enter a subnet mask.
Maintenance User Management After you add user groups, you can add users to the user groups. Users can be added individually, or they can be imported from a comma-separated-value (CSV) formatted file. After you add users, you can edit them when changes are required and delete users when you no longer need them. Adding Users Manually Path: ADVANCED > Users > Users One way of adding users is to add users individually. 1. Click ADVANCED > Users > Users. The USERS page appears. 2. Click the Add button.
Maintenance 3. Complete the fields in the page (see Table 8-4) and click Save Settings. Table 8-4. USERS CONFIGURATION Page Settings Field Description User Name Enter a unique name for this user. The name should allow you to easily identify this user from others you may add. First Name Enter the first name of the user. This is useful when the authentication domain is an external server, such as RADIUS. Last Name Enter the last name of the user.
Maintenance Importing Users Path: ADVANCED > Users > Get Users DB A faster alternative to adding individual users is to import users from a CSV-formatted file. 1. Click ADVANCED > Users > Get Users DB. The GET USERS DB page appears. 2. Click the Browse button. 3. In the Choose File dialog box, navigate to the location of the CSV file, and then click the file and click Open. 4. Click Upload.
Maintenance Editing Users Path: ADVANCED > Users > Users There may be times when you need to edit a user. For example, you might want to change the user’s login password or idle timeout. To edit a user: 1. Click ADVANCED > Users > Users. The USERS page appears. 2. Check the box next to the user you want to edit. 3. Click the Edit button. The USERS CONFIGURATION page appears. 4. Complete the fields in the page (see Table 8-5) and click Save Settings.
Maintenance Table 8-5. USERS CONFIGURATION Page Settings Field Description User Name Enter a unique name for this user. The name should allow you to easily identify this user from others you may add. First Name Enter the first name of the user. This is useful when the authentication domain is an external server, such as RADIUS. Last Name Enter the last name of the user. This is useful when the authentication domain is an external server, such as RADIUS.
Maintenance Backing Up Configuration Settings Path: TOOLS > System After you configure the wireless controller as desired, back up the configuration settings. When you back up the settings, they are saved as a file. You can then use the file to restore the settings on the same wireless controller if something goes wrong or on a different wireless controller that will replace or work with other wireless controllers. 1. Click TOOLS > System. The SYSTEM page appears. 2. Click the Backup button.
Maintenance Restoring Configuration Settings Path: TOOLS > System After you use the procedure on the previous page to back up a wireless controller’s configuration settings, you can restore the settings using the following procedure. 1. Click TOOLS > System. The SYSTEM page appears. 2. In the Restore Saved Settings field, either: – Enter the complete path where the backup file is located. – Click the Browse button. Use the Choose file dialog box to find the backup file.
Maintenance Restoring Factory Default Settings Path: TOOLS > System If you reset a wireless controller to its factory default settings, it returns to the state when it was new — all changes you made to the default configuration are lost. Examples of settings that get restored include critical things you need to get online, such as login password, SSID, IP addresses, and wireless security keys.
Maintenance Rebooting the Wireless Controller Path: TOOLS > System You can reboot the wireless controller. Rebooting performs a power cycle and keeps any customized overrides you made to the default settings. 1. Click TOOLS > System. The SYSTEM page appears. 2. Next to Reboot, click the Reboot message. 3. At the confirmation message, click OK to reboot the wireless controller. (Or click Cancel to not reboot.
Maintenance Upgrading Firmware Access Point Firmware Upgrade As new versions of the access point firmware become available, you can upgrade the firmware on your devices to take advantage of new features and enhancements. The access point uses the Hypertext Transfer Protocol (HTTP) to perform firmware upgrades. You can also use a Trivial File Transfer Protocol (TFTP) client or USB to perform firmware upgrades. This guide covers the HTTP upgrade procedure.
Maintenance The upgrade process may take several minutes during which time the access point will be unavailable. Do not interrupt the upgrade or turn off the system; otherwise, you can damage the firmware. Wait for the upgrade to complete before browsing any sites from your browser. The access point resumes normal operation with the same configuration settings it had before the upgrade. 7.
Maintenance 3. If the firmware version on the D-Link support website has a higher number than the firmware version shown under Firmware Information, continue with this procedure. 4. Download the new firmware from the D-Link website. 5. Under Firmware Upgrade, click the Browse button. 6. In the Choose File dialog box, navigate to the firmware file, and then click the file and click Open. 7. Click Upgrade. 8. At the confirmation message, click OK to start the firmware upgrade.
Maintenance Activating Licenses Path: TOOLS > License The LICENSES page lets you activate licenses for additional access points and VPN, firewall, and routing functions on the wireless controller. 1. Obtain an Activation Key from D-Link: a. Find the wireless controller serial number on the bottom of the device. b. Obtain a license key from D-Link via e-mail after purchasing the license. c. Open a Web browser and go https://register.dlink.com to register with D-Link. d.
Maintenance 4. Click Activate. The activation code appears under List of Available Licenses. Sample Activated License 5. In the Activation Code text box, enter the Activation Key. 6. Click Activate. After the license is activated, a page similar to the following shows the activated license. 7. Reboot the wireless controller to have the license take effect (see‖Rebooting the Wireless Controller‖ on page 207).
Maintenance Using the Command Line Interface The wireless controller supports a command-line interface (CLI). The CLI lets you use a VT100 terminal-emulation program to locally or remotely configure, monitor, and control the wireless controller and its managed access points via a simple text-based, tree-structured interface. The wireless controller supports SSH and Telnet management for command-line interaction.
9. TROUBLESHOOTING In the unlikely event you encounter a problem using the wireless controller, refer to the troubleshooting suggestions in this chapter to identify and resolve the problem.
Troubleshooting LED Troubleshooting After you apply power and turn on the wireless controller, the following sequence of events should occur: 1. When power is first applied, verify that the front panel (green) Power LED to the left of the USB ports is ON. 2. After approximately 2 minutes, verify that the right LAN port LED is ON for any local ports that are connected. This indicates that a link has been established to the connected device. 3.
Troubleshooting Troubleshooting the Web Management Interface If you cannot access the wireless controller’s web management interface from a PC on your local network: Check the Ethernet connection between the PC and the wireless controller. Be sure your PC’s IP address is on the same subnet as the wireless controller. If you are using the recommended addressing scheme, be sure your PC is configured to use a static IP v4 address of 192.168.10.
Troubleshooting Problems with Date and Time The DATE AND TIME page shows the current date and time of day. The wireless controller uses the Network Time Protocol (NTP) to obtain the current time from one of several network time servers on the Internet. Each entry in the log is stamped with the date and time of day. If you find that the date and time stamps are not accurate, confirm that the wireless controller can reach the Internet.
Troubleshooting 1. Click Tools > System. The SYSTEM page appears. 2. Click Reboot. Network Performance and Rogue Access Point Detection When rogue access point detection is enabled, access points intermittently go off channel for short periods, which can affect network performance. If security concerns are more important than network performance, you can enable rogue access point detection.
Troubleshooting 2. Under Ping or Trace an IP Address, in the IP Address / Domain Name field, enter an IP address to be pinged. 3. Click Ping. The results appear in the Command Output page. 4. Click Back to return to the SYSTEM CHECK page. Using Traceroute Path: TOOLS > System Check The wireless controller provides a Traceroute function that lets you map the network path to a public host. Up to 30 intermediate controllers (or ―hops‖) between this wireless controller and the destination will be displayed.
Troubleshooting 2. Under Ping or Trace an IP Address, in the IP Address / Domain Name field, enter an IP address. 3. Click Traceroute. The results appear in the Command Output page. 4. Click Back to return to the SYSTEM CHECK page.
Troubleshooting Performing DNS Lookups Path: TOOLS > System Check The wireless controller provides a DNS lookup function that lets you retrieve the IP address of a Web, FTP, Mail, or any other server on the Internet. 1. Click TOOLS > System Check. The SYSTEM CHECK page appears. 2. Under Perform a DMS Lookup, in the Internet Name field, enter an Internet name. 3. Click Lookup. The results appear in the Command Output page. If the host or domain entry exists, a response appears with the IP address.
Troubleshooting Capturing Log Packets Path: TOOLS > System Check The wireless controller lets you capture all packets that pass through the LAN or Option interface. The packet trace is limited to 1 MB of data per capture session. If the capture file size exceeds 1MB, it is deleted automatically and a new capture file is created. To capture packets: 1. Click TOOLS > System Check. The SYSTEM CHECK page appears. 2. Under Router Options, in the Capture Packets field, enter an Internet name. 3. Click Lookup.
Troubleshooting Checking Log Settings The wireless controller lets you capture log messages for traffic through the firewall, VPN, and over the wireless access point. You can monitor the type of traffic that goes through the wireless controller and be notified of potential attacks or errors when they are detected by the controller. The following sections describe the log configuration settings and the ways you can access these logs.
Troubleshooting For each facility, the following events (in order of severity) can be logged: Severity Description Emergency System is unusable Alert Action must be taken immediately Critical Critical conditions Error Error conditions Warning Warning conditions Notification Normal but significant condition Information Informational Debugging Debug-level messages The display for logging can be customized based on whether the logs are sent to the Event Log viewer in the web management inter
Troubleshooting Tracking Traffic TOOLS > Log Settings > Logs Configuration The LOGS CONFIGURATION page lets you select the type of traffic passing through the wireless controller that you want to log for display in Syslog, E-mailed logs, or the Event Viewer. This page helps you capture suspicious activity such as denial-of-service attacks, general attack information, login attempts, dropped packets, and similar events.
Troubleshooting Option Accepted Packets Description If checked, tracks packets that were transferred through the segment successfully. This option is useful when the Default Outbound Policy is set to Block Always, so traffic that passes through the firewall can be monitored using the Firewall Rules page (ADVANCED > Firewall Settings > Firewall Rules). Also, see ―Accepted Packets Example‖ on page 226.
Troubleshooting Remote Logging TOOLS > Log Settings > Remote Logging An external Syslog server is often used by network administrator to collect and store logs from the wireless controller. This remote device typically has less memory constraints than the local Event Viewer on the wireless controller’s web management interface (see ―Wireless Controller Event Log‖ on page 230). Therefore, a number of logs can be collected over a sustained period.
Troubleshooting The following table describes the options on this page. Option Description Log Options Remote Log Identifier Enter a prefix used to identify the source of the message. This identifier is prefixed to both e-mail and Syslog messages. Routing Logs Enable E-Mail Logs Enables or disables email logs. Choices are: Checked = enable email logs. Complete the remaining fields on this page. Unchecked = disable email logs. The remaining fields on this page are unavailable.
Troubleshooting Option Unit Description Select the period of time that you need to send the log. This option is useful when you do not want to receive logs by e-mail, but want to keep e-mail options configured, so you can use the Send Log function Event Log viewer pages. Choices are: Never = disable sending of logs. Hourly = send logs every hour. Daily = send logs every day at the Time specified. Weekly = send logs weekly, at the Day and Time specified.
Troubleshooting Wireless Controller Event Log STATUS > Logs > View All Logs The wireless controller’s web management interface displays configured log messages from the Status menu.
Troubleshooting IPsec VPN Log Messages STATUS > Logs > VPN Logs If you activated the VPN / Firewall license for the wireless controller, you can use the VPN VPN LOGS page to view IPsec VPN log messages based on the facility and severity configuration settings. This data is useful when evaluating IPsec VPN traffic and tunnel health.
APPENDIX A. BASIC PLANNING WORKSHEET RF planning enables you to specify how Wi-Fi coverage will be provided. It provides coverage maps and locations prone to weak signals or dead spots that might require additional access points to provide adequate Wi-Fi coverage. A Basic Planning Worksheet similar to the one in this appendix allows you to collect the following critical information to expedite your planning efforts.
Basic Planning Worksheet Access Point Planning 1. Frequency band: 2. Expected signal quality: 3. Number of clients per access point: 4. Total number of clients per floor: 5. Desired access point data rate: Wireless Controller Planning 1. Change the wireless controller default password and record it here: 2. Configure your timezone and record it here: ___________________________________ 3.
Basic Planning Worksheet 13. WINS server: __________________________________________________________ 14. Are you connected to the Internet: 15.
APPENDIX B. FACTORY DEFAULT SETTINGS Feature Device login Internet Connection Local area network (LAN) Description Default Setting User login URL http://192.168.10.1 User name (case sensitive) admin Login password (case sensitive) admin Option MAC address Use default address Option MTU size 1500 Port speed Autosense IP address 192.168.10.1 IPv4 subnet mask 255.255.255.
Factory Default Settings Feature Description Default Setting Source MAC filtering Disabled Stealth mode Enabled 236 DWC-1000 Wireless Controller User’s Guide
APPENDIX C. GLOSSARY Term Definition Access point A device that provides network access to wireless devices. ARP Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. DDNS Dynamic DNS. System for updating domain names in real time. Allows a domain name to be assigned to a device with a dynamic IP address. DHCP Dynamic Host Configuration Protocol.
Glossary Term Definition RADIUS Remote Authentication Dial-In User Service. Protocol for remote user authentication and accounting. Provides centralized management of usernames and passwords. RSA Rivest-Shamir-Adleman. Public key encryption algorithm. SSID Service Set Identifier. A case-sensitive, 32-alphanumeric character unique identifier used for naming wireless networks. The SSID differentiates one wireless network from another.
APPENDIX D. LIMITED LIFETIME WARRANTY (USA and Canada Only) Subject to the terms and conditions set forth herein, D-Link provides this Limited Lifetime Warranty: Only to the person or entity that originally purchased the product from D-Link or its authorized reseller or distributor, and Only for products purchased and delivered within the fifty states of the United States, the District of Columbia, Canada, U.S. Possessions or Protectorates, U.S. Military Installations, or addresses with an APO or FPO.
Limited Lifetime Warranty D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package. The customer agrees to pay D-Link’s reasonable handling and return shipping charges for any product that is not packaged and shipped in accordance with the foregoing requirements, or that is determined by D-Link not to be defective or non-conforming.
INDEX A Access points Authenticating to an authentication server, 22 Authentication failure status, 156 Auto-failover, 75 AP RF scan status, 158 B firmware upgrade, 207 hardware capability, 172 Backing up configuration settings, 203 managed, 132, 154 Basic configuration management, 33 access point management, 33 peer controller access point profile, 41 managed AP status, 166 captive portal, 42 profile, 41 DHCP server, 32 rogue detection, 217 SSID and RADIUS, 50 statistics, 139 SSID name a
Index F restoring, 204 restoring factory default, 205 Factory defaults Connections, 19 restoring, 17, 205 troubleshooting, 216 Features, 11 Content filtering, 87 Controller associated client status, 181 Filtering, 87 Firmware upgrade Conventions in this document, ix access points, 207 CoS wireless controller, 208 priorities, 55 G CoS settings, 54 CPU utilization, 128 Global status, 160 D H Date and time troubleshooting, 216 Default IP address, 18 Hardware capability, 172 Deleting Hardwa
Index Load balancing, 77 DSCP, 54 Log packets, 221 Profiles, 10, 41 Log settings, 222 Q Logging, 226 Logging in to web management interface, 27 QoS, 52 Login policies for user groups, 192 R M Rack-mounting, 18 Managed access points, 132, 154 RADIUS and SSID, 50 Managed access points and associated clients statistics, 139 Rear panel, 17 Rebooting, 206 Managing access points, 33 Managing clients, 82 Related documents, viii Remote logging, 226 Memory utilization, 128 Required tools, 13 Mode
Index access points, 150 access point firmware, 207 AP RF scan, 158 wireless controller firmware, 208 associated client, 175 URLs, appoved, 88 associated client SSID, 177 Usage statistics, 136 associated client VAP, 179 User groups authentication failure, 156 adding, 188 client, 173 browser policies, 193 confiiguration receive, 170 deleting, 191 controller associated client, 181 editing, 191 detected clients, 183 IP policies, 195 global, 160 login policies, 192 peer controller, 163, 1
Index event log, 229 rear panel, 17 features and benefits, 11 rebooting, 206 firmware upgrade, 208 sample applications, 21 installation, 18 selecting a location, 14 LEDs, 15 sessions, 144 licenses, 18, 210 troubleshooting, 213 overview, 10 unpacking, 13 ports, 15 WLAN associated clients, 143 245 DWC-1000 Wireless Controller User’s Guide
D-Link Corporation 17595 Mount Hermann Street Fountain Valley, CA. 92708 Phone: 714.885.6000 www.dlink.com D-Link has made a good faith effort to ensure the accuracy of the information in this document and disclaims the implied warranties of merchantability and fitness for a particular purpose and makes no express warranties, except as may be stated in its written agreement with and for its customers.
