D-Link DWL-2600AP, Administrator'S Manual

Page 1: ...OINT ADMINISTRATOR S GUIDE PRODUCT MODEL DWL 2600AP DWL 3600AP DWL 6600AP DWL 6700AP DWL 8600AP DWL 6610AP DWL 8610AP UNIFIED WIRED WIRELESS ACCESS SYSTEM RELEASE 6 00 January 2015 COPYRIGHT 2015 ALL...

Page 2: ...ng Interface Status 22 Wired Settings Internal Interface 22 Wireless Settings 22 Viewing Events 23 Configuring Persistent Logging Options 23 Configuring the Log Relay Host for Kernel Messages 24 Enabl...

Page 3: ...rforming AP Maintenance 81 Resetting the Factory Default Configuration 81 Rebooting the Access Point 81 Upgrading the Firmware 81 Packet Capture Configuration and Settings 83 Packet Capture Status 83...

Page 4: ...Using SNMP 116 Configuring Radio Settings 117 Radio Configuration from the Web Interface 117 Radio Configuration from the CLI 117 Radio Configuration Using SNMP 118 Configuring the Wireless Distributi...

Page 5: ...tings WPA Enterprise 54 Figure 27 Configure WDS Bridges 57 Figure 28 Configure MAC Authentication 59 Figure 29 Modify Load Balancing Settings 60 Figure 30 Configure Managed AP Wireless Switch Paramete...

Page 6: ...Web Interface 115 Figure 70 Radio Configuration from the Web Interface 117 Figure 71 WDS Configuration from the Web Interface 118 Figure 72 Clustering APs by Using the Web Interface Passive 119 Figure...

Page 7: ...able 24 IEEE 802 1X 53 Table 25 WPA Personal 54 Table 26 WPA Enterprise 56 Table 27 WDS Settings 57 Table 28 WEP on WDS Links 58 Table 29 WPA PSK on WDS Links 58 Table 30 MAC Authentication 60 Table 3...

Page 8: ...Page 8 January 2015 Table 60 Session Management 107 Table 61 Channel Assignments 109 Table 62 Last Proposed Changes 109 Table 63 Advanced Channel Management Settings 110 Table 64 Wireless Neighborhood...

Page 9: ...he command line interface CLI for managing monitoring and configuring the switch The User Manual for the D Link Unified Wired and Wireless System provides information about setting up and managing the...

Page 10: ...ventions Online Help Supported Browsers and Limitations Online help for the UAP Administration Web pages provides information about all fields and features available from the user interface UI The inf...

Page 11: ...test of your new or extended wireless network The DWL 6600AP and DWL 8600AP are dual radio access points and support the IEEE 802 11a 802 11b 802 11g and 802 11n modes The DWL 2600AP and DWL 3600AP ar...

Page 12: ...is disabled on the wireless client used to initially configure the access point Table 2 Requirements for the Administrator s Computer Wireless Client Requirements The UAP provides wireless access to a...

Page 13: ...tatic IP address by resetting the AP configuration to the factory defaults see Resetting the Factory Default Configuration on page 81 or you can get a dynamically assigned address by connecting the AP...

Page 14: ...d will cause you to lose connectivity with the AP over a wireless connection 2 Connect the power adapter to the power port on the back of the access point and then plug the other end of the power cord...

Page 15: ...not have a DHCP server on the management network and do not plan to use one you must change the Connection Type from DHCP to Static IP You can either assign a new Static IP address to the AP or contin...

Page 16: ...s is the address by which the AP is known externally to other networks Firmware Version Shows version information about the firmware currently installed on the AP As new versions of the WLAN AP firmwa...

Page 17: ...e if the AP link local address is fe80 230 abff fe00 2420 and the Windows interface is defined as 6 type the following address into the IE7 address field http fe80 230 abff fe00 2420s6 ipv6 literal ne...

Page 18: ...ccess point For information about using the Web interface to configure the Ethernet settings see Ethernet Settings on page 35 You can also use the CLI to configure the Ethernet settings which the foll...

Page 19: ...e set host dns via dhcp up Table 5 CLI Commands for Ethernet Setting In the following example the administrator uses the CLI to set the management VLAN ID to 123 and to disable the untagged VLAN so th...

Page 20: ...access point to the LAN If you configured the access point and administrator PC by connecting both into a network hub then your access point is already connected to the LAN The next step is to test s...

Page 21: ...urity mode to control wireless client access Each radio has 16 VAPs with VAP IDs from 0 15 By default only VAP 0 on each radio is enabled VAP0 has the following default settings VLAN ID 1 Broadcast SS...

Page 22: ...how the DWL 8600AP administration pages Pages for the DWL 2600AP or DWL 3600AP will display information for one radio only Viewing Interface Status To monitor Ethernet LAN wired and wireless LAN WLAN...

Page 23: ...og messages are displayed Set Depth to determine how many log messages are displayed in the Event log Enable a remote log relay host to capture all system events and errors in a Kernel Log Note The AP...

Page 24: ...ror conditions like dropping frames You cannot view kernel log messages directly from the Administration Web UI for an AP You must first set up a remote server running a syslog process and acting as a...

Page 25: ...transmit and receive statistics shown are totals since the AP was last started If you reboot the AP these figures indicate transmit and receive totals since the reboot To view transmit and receive sta...

Page 26: ...nderlying IEEE 802 11 authentication and association status which is present no matter which type of security the client uses to connect to the AP This status does not show IEEE 802 1X authentication...

Page 27: ...ork Radio interface used by the client Station Client station MAC address TS Identifier TSPEC Traffic Session Identifier range 0 7 Access Category TS Access Category voice or video Direction The traff...

Page 28: ...hen no normal traffic is exchanged The client connection drops off the list within 300 seconds if these data packets are not acknowledged even if no disassociation message is received Viewing Rogue AP...

Page 29: ...ifier SSID for the AP The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network It is also referred to as the Network Name The SSID is set on the...

Page 30: ...the IEEE 802 11 mode being used on this AP For example IEEE 802 11a IEEE 802 11b IEEE 802 11g The number shown indicates the mode according to the following map 2 4 indicates IEEE 802 11b 802 11g or...

Page 31: ...CP server to respond to AP DHCP requests with the switch IP address information see the User Manual for the switch Viewing TSPEC Status and Statistics Information The TSPEC Status and Statistics page...

Page 32: ...cess Category Transmit and Receive Statistics Total Packets Indicates the total number of TS packets sent in Transmit table or received in Received table by this Radio for the specified Access Categor...

Page 33: ...ed Total packets received by the AP on this radio interface WLAN Bytes Received Total bytes received by the AP on this radio interface WLAN Packets Transmitted Total packets transmitted by the AP on t...

Page 34: ...essfully transmitted MSDU WEP Undecryptable Count Count of encrypted frames received and the key configuration of the transmitter indicates that the frame should not have been encrypted or that frame...

Page 35: ...t ACL on page 63 The configuration pages for the features in this section are located under the Manage heading on the Administration Web UI Ethernet Settings The default wired interface settings which...

Page 36: ...bled if you use DHCP as the connection type Subnet Mask Enter the Subnet Mask in the text boxes Default Gateway Enter the Default Gateway in the text boxes DNS Nameservers Select the mode for the DNS...

Page 37: ...fields and configuration options available on the Wireless Settings page Field Description TSPEC Violation Interval Specify the time interval in seconds for the AP to report through the system log and...

Page 38: ...ts data rates ranging from 1 to 54 Mbps IEEE 802 11b g n operates in the 2 4 GHz ISM band and includes support for 802 11b 802 11g and 802 11n devices 2 4 GHz IEEE 802 11n is the recommended mode for...

Page 39: ...nd never report detected APs as rogues Table 18 Wireless Settings Note After you configure the wireless settings you must click Apply to apply the changes and to save the settings Changing some settin...

Page 40: ...destined to the APs BSSID This can affect AP throughput Modifying Radio Settings Radio settings directly control the behavior of the radio devices in the AP and its interaction with the physical medi...

Page 41: ...802 11n devices that operate in the 2 4 GHz frequency that do not need to support 802 11b g devices IEEE 802 11n can achieve a higher throughput when it does not need to be compatible with legacy dev...

Page 42: ...ction is enabled in this mode it protects 802 11b clients and APs from 802 11g transmissions Note This setting does not affect the ability of the client to associate with the AP Beacon Interval Beacon...

Page 43: ...will advertise to the network for the purposes of setting up communication with other APs and client stations on the network It is generally more efficient to have an AP broadcast a subset of its sup...

Page 44: ...th Radio One and Radio Two The settings on the page apply only to the radio that you choose from the Radio drop down list After you configure settings for one of the radios click Apply and then select...

Page 45: ...that can be associated to the VAP or Radio configuration Rules are associated with a named scheduler profile You can define up to 16 scheduler profile names By default no profiles are created The pro...

Page 46: ...the Scheduler Association tab in the Manage section By default there are no Scheduler profiles created so no profile is associated to any radio or VAP The Scheduler profile needs to be explicitly ass...

Page 47: ...l over broadcast and multicast traffic which affects network performance You can configure each VAP to use a different VLAN or you can configure multiple VAPs to use the same VLAN whether the VLAN is...

Page 48: ...ample 2001 0db8 1234 abcd RADIUS IP or IPv6 Address 1 3 Enter up to three IPv4 or IPv6 addresses to use as the backup RADIUS servers The field label is RADIUS IP Address when the IPv4 RADIUS IP Addres...

Page 49: ...ose connectivity to the AP You will need to reconnect to the new SSID after you save this new setting Broadcast SSID Specify whether to allow the AP to broadcast the Service Set Identifier SSID in its...

Page 50: ...EP is a data encryption protocol for 802 11 wireless networks All wireless stations and APs on the network are configured with a static 64 bit 40 bit secret key 24 bit initialization vector IV or 128...

Page 51: ...correct WEP key in order to associate with the AP When the authentication algorithm is set to Shared Key a station with an incorrect WEP key will not be able to associate with the AP Both Open System...

Page 52: ...IUS IPv6 Address Enter the IPv4 or IPv6 address for the primary RADIUS server for this VAP If the IPv4 RADIUS IP Address Type option is selected in the previous field enter the IP address of the RADIU...

Page 53: ...Enterprise WPA security mode The PSK is used for an initial check of credentials only This security mode is backwards compatible for wireless clients that support the original WPA Figure 25 Modify Vir...

Page 54: ...ions you want to support WPA If all client stations on the network support the original WPA but none support the newer WPA2 then select WPA WPA2 If all client stations on the network support WPA2 we s...

Page 55: ...bel is RADIUS IP Address when the IPv4 RADIUS IP Address Type option is selected and RADIUS IPv6 Address when the IPv6 RADIUS IP Address Type option is selected If authentication fails with the primar...

Page 56: ...le APs In this mode the central AP accepts client associations and communicates with the clients and other repeaters All other APs associate only with the central AP that forwards the packets to the a...

Page 57: ...DS link to which data will be sent or handed off and from which data will be received Click the drop down arrow to the right of the Remote Address field to see a list of all the available MAC Addresse...

Page 58: ...settings you must click Apply to apply the changes and to save the settings Changing some settings might cause the AP to stop and restart system processes If this happens wireless clients will tempor...

Page 59: ...ess to the network through the AP All other stations are permitted access Note The filter you select is applied to the clients in the station list regardless of whether that station list is local or o...

Page 60: ...AP click Disable Utilization for No New Associations Provide the percentage of network bandwidth utilization allowed on the radio before the AP stops accepting new client associations The default is...

Page 61: ...is set to Enabled the AP starts discovery procedures If the AP establishes a connection with a wireless switch which may or may not be the same switch it was connected to before the switch sends the A...

Page 62: ...the switch via the wired link Satellite AP Communicates with the switch via a WDS link to the Root AP This mode enables the Satellite AP to discover and establish WDS link with the Root AP WDS Managed...

Page 63: ...er and lower case letters numbers and special symbols such as and Certificate File Status Indicates whether a certificate file is present and when that certificate expires Certificate File Upload Uplo...

Page 64: ...red before enabling Management ACL Mode If enabled only the IP addresses you specify will have Web Telnet SSH and SNMP access to the management interface IP Address 1 5 Enter up to five IPv4 addresses...

Page 65: ...onfigure Web Server Settings Field Description HTTPS Server Status Enable or disable access through a Secure HTTP Server HTTPS HTTP Server Status Enable or disable access through HTTP This setting is...

Page 66: ...file path then click Upload Table 36 Web Server Settings Note Click Apply to apply the changes and to save the settings If you disable the protocol you are currently using to access the AP management...

Page 67: ...default an SNMP agent only listens to requests from port 161 However you can configure this so the agent listens to requests on another port Enter the port number on which you want the SNMP agents to...

Page 68: ...1 129 through 10 10 1 254 can execute SNMP requests on managed devices In this example 10 10 1 128 is the network address and 10 10 1 255 is the broadcast address 126 addresses would be designated IP...

Page 69: ...rformance of differentiated wireless traffic like Voice over IP VoIP other types of audio video and streaming media as well as traditional IP data over the UAP Configuring QoS on the UAP consists of s...

Page 70: ...Window This parameter is input to the algorithm that determines the initial random back off wait time window for retry of a transmission The value specified for Minimum Contention Window is the upper...

Page 71: ...maximum throughput and is not time sensitive is sent to this queue FTP data for example AIFS Inter Frame Space The Arbitration Inter Frame Spacing AIFS specifies a wait time for data frames The wait...

Page 72: ...iguration Field Description Email Alert Global Configuration Admin Mode Globally enable or disable the Email Alert feature on the AP By default email alerts are disabled From Address Specify the email...

Page 73: ...econd email address to which alert messages are sent The address must be a valid email address By default no address is configured To Address 3 Optionally configure the third email address to which al...

Page 74: ...quirements The length must be between 1 63 characters Upper and lower case characters numbers and hyphens are accepted The first character must be a letter a z or A Z and the last character cannot be...

Page 75: ...he OID 1 3 6 1 4 Then create an included entry with OID 1 with the same view name Figure 40 SNMPv3 Views Configuration The following table describes the fields you can configure on the SNMPv3 Views pa...

Page 76: ...ed by the user RW and RO groups are defined by default Note The UAP supports maximum of eight groups To define additional groups navigate to the SNMPv3 Groups page and configure the settings that the...

Page 77: ...ure SNMPv3 users Field Description Name Enter the user name to identify the SNMPv3 user User names can contain up to 32 alphanumeric characters Group Map the user to a group The default groups are RWA...

Page 78: ...ss UDP port and SNMP user name Figure 43 SNMPv3 Targets Configuration Field Description IPv4 IPv6 Address Enter the IP address of the remote SNMP manager to receive the target Port Enter the UDP port...

Page 79: ...to save as a back up copy You can use HTTP or TFTP to transfer files to and from the UAP After you download a configuration file to the management station you can manually edit the file which is in X...

Page 80: ...edited configuration file to apply those configuration settings to the AP Use the following procedures to restore the configuration on an AP to previously saved settings by using TFTP 1 Select TFTP f...

Page 81: ...ance Resetting the Factory Default Configuration If you are experiencing problems with the UAP and have tried all other troubleshooting measures click Reset This restores factory defaults and clears a...

Page 82: ...resumes normal operation with the same configuration settings it had before the upgrade 6 To verify that the firmware upgrade completed successfully check the firmware version shown on the Upgrade pag...

Page 83: ...tools such as Wireshark and OmniPeek For remote capture mode the captured packets are redirected in real time to an external PC running the Wireshark tool The AP can capture the following types of pac...

Page 84: ...the capture is active In promiscuous mode the radio receives all traffic on the channel including traffic that is not destined to this AP While the radio is operating in promiscuous mode it continues...

Page 85: ...acket File Capture Remote Packet Capture Remote Packet Capture allows you to specify a remote port as the destination for packet captures This feature works in conjunction with the Wireshark network a...

Page 86: ...58004 Enabling the packet capture feature impacts performance of the AP and can create a security issue unauthorized clients may be able to connect to the AP and trace user data The AP performance is...

Page 87: ...stem it disappears if the AP is reset Figure 57 Packet Capture File Download The following table describes the fields to configure the packet capture status Field Description Use TFTP to download the...

Page 88: ...ic subnet you can configure ACLs and assign them to one or more VAPs In addition to controlling general traffic categories Client QoS allows you to configure per client conditioning of various micro f...

Page 89: ...the outbound down direction After switching the packet or frame to the outbound interface the ACL s rules are checked for a match The packet or frame is transmitted if it is permitted and discarded if...

Page 90: ...ified VAP on the AP QoS Parameters page step 6 Use the following general steps to configure ACLs 1 Specify a name for the ACL 2 Select the type of ACL to add 3 Add the ACL 4 Add new rules to the ACL 5...

Page 91: ...permitted is dropped Match Every Indicates that the rule which either has a permit or deny action will match the frame or packet regardless of its contents If you select this field you cannot configur...

Page 92: ...tes that no bit is important A wildcard of 0 0 0 0 indicates that all of the bits are important This field is required when Source IP Address is checked A wild card mask is in essence the inverse of a...

Page 93: ...IP TOS field in a packet The TOS Mask value is a two digit hexadecimal number from 00 to ff representing an inverted i e wildcard mask The zero valued bits in the TOS Mask denote the bit positions in...

Page 94: ...Length Enter the prefix length of the destination IPv6 address Destination Port Select this option to include a destination port in the match condition for the rule The destination port is identified...

Page 95: ...nter the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame A 0 indicates that the address bit is significant and an f indicates that the ad...

Page 96: ...urs A policy can contain multiple classes When the policy is active the actions taken depend on which class matches the packet Packet processing begins by testing the class match criteria for a packet...

Page 97: ...content A DiffServ mask of 255 255 255 255 indicates that all bits are important and a mask of 0 0 0 0 indicates that no bits are important The opposite is true with an ACL wild card mask For example...

Page 98: ...its equivalent port number Match to Port Enter the IANA port number to match to the source port identified in the datagram header The port range is 0 65535 and includes three different types of ports...

Page 99: ...t frame An f indicates that the address bit is significant and a 0 indicates that the address bit is to be ignored A MAC mask of ff ff ff ff ff ff matches a single MAC address VLAN ID Select the field...

Page 100: ...the class match criteria for a packet A policy is applied to a packet when a class match within that policy is found To create a DiffServ policy click the Policy Map tab Figure 61 Configure Client Qo...

Page 101: ...the selected policy If no class is associated with the policy the field is empty Delete Policy Map Select this field to delete the policy map showing in the Policy Map Name menu Table 55 DiffServ Pol...

Page 102: ...RADIUS server can include bandwidth limits and identify the ACLs and DiffServ policies to apply to the specific wireless client ACLs and DiffServ policies referenced in the RADIUS client database mus...

Page 103: ...e 1 31 alphanumeric characters specifying the ACL number IPV4 or name IPV6 MAC Vendor Specific 26 LVL7 Wireless Client Policy Dn 6132 122 Name of DiffServ policy to be applied to 802 1X authenticated...

Page 104: ...he cluster have the same Cluster Name Clustering mode is enabled on both APs Note For two APs to be in the same cluster they do not need to have the same number of radios however the supported capabil...

Page 105: ...o other networks IP Address Specifies the IP address for the access point Each IP address is a link to the Administration Web pages for that access point You can use the links to navigate to the Admin...

Page 106: ...ment of clustered access points For access points in a cluster all access points in the cluster reflect the same configuration In this case it does not matter which access point you actually connect t...

Page 107: ...uely identifies each node of a network Idle Indicates the amount of time this station has remained inactive A station is considered to be idle when it is not receiving or transmitting data Rate The sp...

Page 108: ...By default automatic channel assignment is disabled You can start channel management to optimize channel usage across the cluster on a scheduled interval To configure and view the channel assignments...

Page 109: ...last channel plan The plan lists all access points in the cluster by IP Address and shows the current and proposed channels for each AP Locked channels will not be re assigned and the optimization of...

Page 110: ...tings Click Apply under Advanced settings to apply these settings Advanced settings will take effect when they are applied and influence how automatic channel management is performed Viewing Wireless...

Page 111: ...are also cluster members are always shown at the top of the list with a heavy bar above and include a location indicator The colored bars to the right of each AP in the Neighbors list shows the signal...

Page 112: ...network names MAC Address Shows the MAC address of the neighboring access point A MAC address is a hardware address that uniquely identifies each node of a network Channel Shows the channel on which t...

Page 113: ...EE 802 11 Mode 802 11b g n 802 11a n Channel Auto 802 11b g n Channel Auto Radio 1 Channel Bandwidth 40 MHz Radio 2 Channel Bandwidth 20 MHz Primary Channel Lower Short Guard Interval Supported Yes ST...

Page 114: ...MAC Authentication No stations in list Load Balancing Disabled SNMP Enabled RO SNMP Community Name public SNMP Agent Port 161 SNMP Set Requests Enabled Managed AP Mode Enabled Authentication 802 1X S...

Page 115: ...0AP 1 3 6 1 4 1 171 10 38 29 1 26 DWL 6610AP 1 3 6 1 4 1 171 10 143 1 1 26 DWL 8600AP 1 3 6 1 4 1 171 10 37 29 1 26 DWL 6700AP 1 3 6 1 4 1 171 10 142 1 1 26 DWL 6600AP 1 3 6 1 4 1 171 10 128 1 1 26 DW...

Page 116: ...ollowing commands to view and verify the settings get interface wlan0vap1 detail get vap vap1 detail VAP Configuration Using SNMP 1 Load the DLINK WLAN ACCESS POINT X600 MIB module 2 From the MIB tree...

Page 117: ...11b g n 4 From the Channel field select 6 5 From the Channel Bandwidth field select 40 MHz 6 In the Maximum Stations field change the value to 100 7 In the Transmit Power field change the value to 75...

Page 118: ...m allowed stations to 100 Configuring the Wireless Distribution System This examples shows how to configure a WDS link between two APs The local AP is MyAP1 and has a MAC address of 00 1B E9 16 32 40...

Page 119: ...link wlan0wds0 The first WDS link is instance 1 4 Set the value of instance 1 in the apIfConfigRemoteMac object to 00 30 AB 00 00 B0 In the MG Soft browser the format for the MAC address value to set...

Page 120: ...anges are applied Clustering APs by Using the CLI 1 Connect to the AP by using Telnet SSH or a serial connection 2 Stop clustering so you can change the location and cluster name set cluster clustered...

Page 121: ...olicy in this example shows how to establish default DiffServ behavior for clients associating with the VAP that do not obtain a DiffServ policy name through the RADIUS server Voice traffic UDP packet...

Page 122: ...the following settings Action Permit Match Every Clear the option Protocol IP Address 192 168 1 23 Wild Card Mask 0 0 0 0 9 Click Apply to save the rule 10 Navigate to the Client QoS VAP QoS Paramete...

Page 123: ...st be satisfied in order for a packet to be considered a match 4 Select Protocol and then select UDP from the Select From List field to define UDP as a match criteria 5 Select Source IP Address and en...

Page 124: ...o save the policy 13 Navigate to the Client QoS VAP QoS Parameters page Figure 82 Configure Client QoS VAP Settings 14 Select VAP 2 from the VAP menu 15 Make sure that the Client QoS Global Admin Mode...

Page 125: ...odule 2 From the MIB tree navigate to the objects in the apQos apAclTable 3 Use the apQosAclStatus object to create a row entry with apQosAclName and apQosAclType as the indexes for apQosAclEntry The...

Page 126: ...apQosDsClassMapMatchEvery to true 1 Set apQosDsClassMapMatchProtocol to UDP 17 Set apQosDsClassMapMatchSrcIpAddress to 192 168 1 0 Set apQosDsClassMapMatchSrcIpMask to 255 255 255 0 Set apQosDsClassM...

Page 127: ...es DTIM Period Yes Yes Beacon Interval Yes Yes Automatic Channel Yes Yes Automatic Power Yes Yes Initial Power Yes Yes APSD mode NO Yes RF Scan Interval secs Yes Yes Frag Threshold bytes Yes Yes RF Sc...

Page 128: ...ame NO Yes RADIUS Autentication Server Status NO N A RADIUS Accounting Server Name NO Yes RADIUS Accounting Server Status NO N A RADIUS Use Network Configuraiton NO Yes RADIUS Accounting NO Yes Securi...

Page 129: ...roduct available in the USA Canada market only channel 1 11 can be operated Selection of other channels is not possible This device is going to be operated in 5 15 5 25GHz frequency range it is restri...

Page 130: ...talled and operated with minimum distance 20cm between the radiator your body Declaration d exposition aux radiations Cet equipement est conforme aux limites d exposition aux rayonnements IC etablies...