D-Link DWL-3500AP, Administrator'S Manual

Page 1: ...Copyright 2008 All rights reserved Unified Access Point AP Administrator s Guide Product Model DWL 3500AP DWL 8500AP Unified Wired Wireless Access System Release 2 1 February 2008...

Page 2: ...2 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 3: ...c IP Addressing on the AP 23 Recovering an IP Address 23 Discovering a Dynamically Assigned IP Address 23 Using the Reset Button 23 3 Installing the Access Point 25 Installing the Unified Access Point...

Page 4: ...ork Time Protocol Server 79 Enabling or Disabling a Network Time Protocol NTP Server 80 7 Maintaining the Access Point 81 Managing the Configuration File 81 Resetting the Factory Default Configuration...

Page 5: ...ining a TLS EAP Certificate for a Client 119 Configuring the RADIUS Server for VLAN Tags 122 B CLI for AP Configuration 125 How to Access the Access Point CLI 125 Telnet Connection to the AP 125 SSH C...

Page 6: ...6 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 7: ...e 7 Virtual Access Point Page 44 Figure 8 Static WEP Configuration 45 Figure 9 Static WEP Example 48 Figure 10 Providing a Wireless Client with a WEP Key 49 Figure 11 IEEE 802 1X Configuration 50 Figu...

Page 8: ...8 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 9: ...erver Attributes for MAC Authentication 67 Table 20 Load Balancing 68 Table 21 VLAN Priority Tags 74 Table 22 QoS Settings 76 Table 23 SNTP Settings 80 Table 24 Managed Access Point 88 Table 25 Loggin...

Page 10: ...10 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide Table 44 Time Related Commands 149 Table 45 System Management 149 Table 46 CLI Class Instances 150...

Page 11: ...ode Chapter 9 Viewing Access Point Status Appendix A Wireless Client Settings and RADIUS Server Setup Appendix B CLI for AP Configuration Audience This guide is intended for the following audience Sys...

Page 12: ...the UI Table 1 Typographical Conventions Symbol Example Description Bold Click Update to save your settings Menu titles page names and button names Blue Text See Document Conventions on page 11 Hyper...

Page 13: ...and Limitations 13 About This Document Figure 1 shows an example of the online help available from the links on the user interface Figure 1 Administrator UI Online Help Online Help Navigation Click to...

Page 14: ...14 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 15: ...less Access System and you manage it by using the D Link Unified Switch If an AP is in Managed Mode the Administrator Web UI Telnet and SSH services are disabled This document describes how to perform...

Page 16: ...of up to 54 Mbps for IEEE 802 11a or IEEE 802 11g 108 Mbps for IEEE 802 11a Turbo and 11 Mbps for IEEE 802 11b Wireless Features The following list describes some of the DWL 3500AP and DWL 8500AP wire...

Page 17: ...Shell SSH Secure Sockets Layer SSL IEEE 802 1X Supplicant Networking The DWL 3500AP and DWL 8500AP access points have the following networking features Point to Point bridge mode Point to Multipoint b...

Page 18: ...activity levels Reset configuration option Firmware upgrade by using HTTP or TFTP Backup and restore of access point configuration by using HTTP or TFTP Access Point Hardware The Unified Access Point...

Page 19: ...gs for the Unified Access Points Administrator s Computer Requirements Wireless Client Requirements Dynamic and Static IP Addressing on the AP Using the Reset Button Default Settings for the Unified A...

Page 20: ...it Power 100 percent Rate Sets Supported Mbps IEEE 802 1a 54 48 36 24 18 12 9 6 IEEE 802 1g 54 48 36 24 18 12 11 9 6 5 5 2 1 Turbo 5 GHz 108 96 72 48 36 24 18 12 Rate Sets Mbps Basic Advertised IEEE 8...

Page 21: ...Network Time Protocol NTP None Table 3 Requirements for the Administrator s Computer Required Software or Component Description Ethernet Connection to the Access Point The computer used to configure t...

Page 22: ...ctive features of the administration interface Security Settings Ensure that security is disabled on the wireless client used to initially configure the access point Table 4 Requirements for Wireless...

Page 23: ...me network the IP address for each AP will be unique Recovering an IP Address If you experience trouble communicating with the access point you can recover a static IP address by resetting the AP conf...

Page 24: ...24 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 25: ...ess If you use VLANs or IEEE 802 1X Authentication port security on your network you might need to configure additional settings on the AP before it can connect to the network Installing the Unified A...

Page 26: ...address in the same subnet as the default IP address on the access point The default IP address for the access point is 10 90 90 91 If you use this method you will need to reconfigure the cabling for...

Page 27: ...e AP enter the new IP address of the AP into the Web browser If you used a DHCP server and you do not know the new IP address of the AP use the following procedures to obtain the information A Connect...

Page 28: ...this happens wireless clients will temporarily lose connectivity We recommend that you change access point settings when WLAN traffic is low For more information about the fields and configuration op...

Page 29: ...as described in Configuring the Ethernet Interface on page 31 MAC Address Shows the MAC address of the access point The address shown here is the MAC address associated with the management interface...

Page 30: ...ow the IP address use the following steps to view the IP address of the access point 1 Using a null modem cable connect a VT100 ANSI terminal or a workstation to the console serial port If you attache...

Page 31: ...tagged VLAN If you already have a management VLAN configured on your network with a different VLAN ID you must change the VLAN ID of the management VLAN on the access point Using the Web UI to configu...

Page 32: ...gged VLAN This means that all traffic is untagged until you disable untagged VLANs change the untagged traffic VLAN ID or change the VLAN ID for a virtual access point VAP or a client using RADIUS Unt...

Page 33: ...down Set the untagged VLAN ID set untagged vlan vlan id 1 4094 View the connection type get management dhcp status Use DHCP as the connection type set management dhcp client status up Use a Static IP...

Page 34: ...get untagged vlan Property Value vlan id 1 status down DLINK WLAN AP Configuring IEEE 802 1X Authentication On networks that use IEEE 802 1X port based network access control a supplicant client cann...

Page 35: ...gs Changing some access point settings might cause the AP to stop and restart system processes If this happens wireless clients will temporarily lose connectivity We recommend that you change access p...

Page 36: ...y connecting both into a network hub then your access point is already connected to the LAN The next step is to test some wireless clients If you configured the access point by using a direct cable co...

Page 37: ...gned for multiple simultaneous configuration changes If more than one administrator is logged on to the Administration Web pages and making changes to the configuration there is no guarantee that all...

Page 38: ...38 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 39: ...ireless infrastructure is accessed only by the intended users The details of each security mode are described in the following sections Some of the security modes use an external RADIUS server for cli...

Page 40: ...ness of a security protocol How the protocol manages keys What kind of encryption algorithm or formula the protocol uses to encode and decode the data Whether the protocol has integrated user authenti...

Page 41: ...he more advanced encryption methods such as Temporal Key Integrity Protocol TKIP and AES CCMP used in Wi Fi Protected Access WPA or WPA2 Additionally compatibility issues may be cumbersome because of...

Page 42: ...erprise with RADIUS is an implementation of the Wi Fi Alliance IEEE 802 11i standard which includes AES CCMP and TKIP mechanisms This mode requires the use of a RADIUS server to authenticate users On...

Page 43: ...d to select TKIP instead See next bullet 3 The third best choice is WPA Enterprise with the encryption algorithm set to TKIP Some clients have interoperability issues with CCMP and TKIP enabled at sam...

Page 44: ...C Authentication Type None All other VAPs are disabled by default The default SSID for VAPs 1 7 is Virtual Access Point x where x is the VAP ID To prevent unauthorized access to the Unified Access Poi...

Page 45: ...work configuration or for problem solving but it is not recommended for regular use on the internal network because it is not secure Static WEP Static WEP is not the most secure mode available but it...

Page 46: ...ransfer Key Index Select a key index from the drop down menu Key indexes 1 through 4 are available The default is 1 The Transfer Key Index indicates which WEP key the access point will use to encrypt...

Page 47: ...curity mode Specify the authentication algorithm you want to use by choosing one of the following options Open System Shared Key Note You can also select both the Open System and Shared Key check boxe...

Page 48: ...at same string as WEP key 3 Client stations can use different keys to transmit data to the access point Or they can all use the same key but this is less secure because it means one station can decryp...

Page 49: ...Authentication Protocol EAP messages are sent over an IEEE 802 11 wireless network using a protocol called EAP Encapsulation Over LANs EAPOL IEEE 802 1X provides dynamically generated keys that are pe...

Page 50: ...ngs By default each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page To use the global RADIUS server settings make sure the check box is selected To use a sepa...

Page 51: ...PA If all client stations on the network support the original WPA but none support the newer WPA2 then select WPA WPA2 If all client stations on the network support WPA2 we suggest using WPA2 which pr...

Page 52: ...ations on the network support WPA2 we suggest using WPA2 which provides the best security per the IEEE 802 11i standard WPA and WPA2 If you have a mix of clients some of which support WPA2 and others...

Page 53: ...lowing A valid TKIP RADIUS IP address and RADIUS Key A valid CCMP AES IP address and RADIUS Key Use Global RADIUS Server Settings By default each VAP uses the global RADIUS settings that you define fo...

Page 54: ...connecting to your network but it will not prevent even the simplest of attempts by a hacker to connect or monitor unencrypted traffic Suppressing the SSID broadcast offers a very minimal level of pr...

Page 55: ...e configuration pages for the features in this chapter are located under the Manage heading on the Administration Web UI Setting the Wireless Interface Wireless settings describe aspects of the LAN re...

Page 56: ...d For more information see Using the 802 11h Wireless Mode on page 57 IEEE 802 11h is a standard that provides two services required to satisfy certain regulatory domains for the 5 GHz band These two...

Page 57: ...2 11g If you are operating in an 802 11h enabled domain the AP attempts to use the channel you assign If the channel has been blocked by a previous radar detection or if the AP detects a radar on the...

Page 58: ...onfiguring Radio Settings Radio settings directly control the behavior of an IEEE 802 11 compliant radio device in the access point Specifically a user can control operational mode power level frequen...

Page 59: ...Dynamic Turbo 2 4 GHz Super AG Super AG is a radio mode that attempts to increases performance through bursting and frame compression Performance increases when the AP communicates with Super AG enab...

Page 60: ...reshold Specify a number between 256 and 2 346 to set the frame size threshold in bytes The fragmentation threshold is a way of limiting the size of frames transmitted over the network If a packet exc...

Page 61: ...een 0 and 256 Transmit Power Enter a percentage value for the transmit power level for this access point The default value which is 100 can be more cost efficient than a lower percentage since it give...

Page 62: ...affects network performance You can configure each VAP to use a different VLAN or you can configure multiple VAPs to use the same VLAN VAP0 is always enabled and is assigned to VLAN 1 by default For t...

Page 63: ...t The RADIUS IP is the IP address of the global RADIUS server RADIUS Key Enter the RADIUS Key in the text box The RADIUS Key is the shared secret key for the global RADIUS server The text you enter wi...

Page 64: ...nel Private Group ID The RADIUS assigned VLAN ID overrides the VLAN ID you configure on the VAP page Note Any RADIUS assigned VLAN cannot be the same as the management VLAN You configure the untagged...

Page 65: ...an None additional fields appear Note The Security mode you set here is specifically for this Virtual Access Point For more information about the security options see Configuring Virtual Access Point...

Page 66: ...When a wireless client attempts to associate with an AP the AP looks up the client s MAC address on the RADIUS server If it is found the global allow or deny setting is applied If it is not found the...

Page 67: ...ADIUS server as described in Table 19 Table 18 MAC Authentication Field Description Filter To set the MAC Address Filter click one of the following buttons Allow only stations in the list Block all st...

Page 68: ...e Load Balancing page you must click Update to apply the changes and to save the settings Changing some access point settings might cause the AP to stop and restart system processes If this happens wi...

Page 69: ...affic volume competing for bandwidth during a busy time of day The most noticeable degradation in service on a busy overloaded network will be evident in time sensitive applications like Video Voice o...

Page 70: ...automatically provide minimum transmission delay for Voice Video multimedia and mission critical applications and rely on best effort parameters for traditional IP data For example time sensitive Voi...

Page 71: ...t the first two of these downstream traffic flowing from the access point to client station AP EDCA parameters and the upstream traffic flowing from the station to the access point station EDCA parame...

Page 72: ...that would occur if multiple APs got access to the medium at the same time and tried to transmit data simultaneously The more active users you have on a network the more significant the performance ga...

Page 73: ...al of time when a Wi Fi Multimedia WMM client station has the right to initiate transmissions onto the wireless medium WM 802 1p and DSCP tags IEEE 802 1p is an extension of the IEEE 802 standard and...

Page 74: ...oritization Table 21 outlines the VLAN priority and DSCP values Table 21 VLAN Priority Tags VLAN Priority Priority DSCP Value 0 Best Effort 0 1 Background 16 2 Background 8 3 Best Effort 24 4 Video 32...

Page 75: ...uted Channel Access EDCA Parameters affect traffic flowing from the access point to the client station Station Enhanced Distributed Channel Access EDCA Parameters affect traffic flowing from the clien...

Page 76: ...pacing AIFS specifies a wait time in milliseconds for data frames Valid values for AIFS are 1 through 255 For more information see EDCF Control of Data Frames and Arbitration Interframe Spaces on page...

Page 77: ...acket bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information The decreased overhead results in higher throughput and better performance...

Page 78: ...illiseconds for data frames Valid values for AIFS are 1 through 255 For more information see EDCF Control of Data Frames and Arbitration Interframe Spaces on page 71 cwMin Minimum Contention Window Th...

Page 79: ...here in the Maximum Contention Window is the upper limit in milliseconds for the doubling of the random backoff value This doubling continues until either the data frame is sent or the Maximum Conten...

Page 80: ...ses If this happens wireless clients will temporarily lose connectivity We recommend that you change access point settings when WLAN traffic is low Table 23 SNTP Settings Field Description Network Tim...

Page 81: ...ation Create a backup of the running configuration file on to a management station Restore the AP configuration from a backup file Upgrade the firmware Reboot the AP Managing the Configuration File Th...

Page 82: ...the Configuration page Resetting the Factory Default Configuration If you are experiencing problems with the Unified Access Point and have tried all other troubleshooting measures click Reset This re...

Page 83: ...4 Click Download to save the file Use the following steps to save a copy of the current settings on an access point to a backup configuration file by using HTTP 1 Uncheck the Use TFTP to download the...

Page 84: ...ministration Web UI is not accessible until the AP has rebooted Use the following steps to save a copy of the current settings on an access point to a backup configuration file by using HTTP 1 Uncheck...

Page 85: ...the firmware on an access point by using TFTP 1 Click the Upgrade tab in the Maintenance section Information about the current firmware version is displayed and an option to upgrade a new firmware im...

Page 86: ...are Image file enter it in the New Firmware Image textbox Otherwise click the Browse button and locate the firmware image file The firmware upgrade file supplied must be in the format FileName tar Do...

Page 87: ...Modes Every 30 seconds the D Link Unified Switch sends a keepalive message to all of the access points it manages Each AP checks for the keepalive messages on the SSL TCP connection As long as the AP...

Page 88: ...ss Point you can configure the IP addresses of up to four D Link Unified Switches that can manage it In order to manage the AP the Unified Switch and AP must discover each other There are multiple way...

Page 89: ...ge displays the DNS names or IP addresses of up to four D Link Unified Switches that the AP learned about from a DHCP server on your network For information about how to configure a DHCP server to res...

Page 90: ...90 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 91: ...ollowing sections Viewing Interface Status Viewing Events Logs Viewing Transmit and Receive Statistics Viewing Client Association Information Viewing Neighboring Access Points Viewing Interface Status...

Page 92: ...ss Interface on page 55 and Configuring Radio Settings on page 58 Viewing Events Logs The Events Log shows real time system events on the access point such as wireless clients associating with the AP...

Page 93: ...ate Changing some access point settings might cause the AP to stop and restart system processes If this happens wireless clients will temporarily lose connectivity We recommend that you change access...

Page 94: ...re a remote Linux server using the syslog daemon Example of Using Linux syslogd The following steps activate the syslog daemon on a Linux server Make sure you have root user identity for these tasks 1...

Page 95: ...Relay Host If you disabled the Log Relay Host clicking Update will disable remote logging Viewing Transmit and Receive Statistics The Transmit Receive page provides some basic information about the c...

Page 96: ...r VAP interface Status Shows whether the interface is up or down MAC Address MAC address for the specified interface The access point has a unique MAC address for each interface For the DWL 8500AP eac...

Page 97: ...t and Receive Information Total Packets Indicates total packets sent in Transmit table or received in Received table by this access point Total Bytes Indicates total bytes sent in Transmit table or re...

Page 98: ...e AP in order to collect information about other APs within range Status The Authenticated and Associated Status shows the underlying IEEE 802 11 authentication and association status which is present...

Page 99: ...boring device is an access point that supports the IEEE 802 11 Wireless Networking Framework in Infrastructure Mode Ad hoc indicates a neighboring station running in Ad hoc Mode Stations set to ad hoc...

Page 100: ...radio uses for transmitting and receiving The channel is set in Radio Settings See Configuring Radio Settings on page 58 Rate Shows the rate in megabits per second at which this access point is curren...

Page 101: ...lient Configuring WPA WPA2 Personal on a Client Using an External Authentication Server Configuring IEEE 802 1X Security on a Client Configuring WPA WPA2 Enterprise RADIUS Configuring the RADIUS Serve...

Page 102: ...he factory with the latest drivers Accessing Wireless Client Security Settings The procedures in this section describe how to access the wireless security settings on a Microsoft Windows XP system and...

Page 103: ...ociation and Authentication tabs for the selected network displays List of available networks will change depending on client location Each network or access point that that is detected by the client...

Page 104: ...Encryption Disabled as described below If you do have security configured on a client for properties of an unsecure network the security settings can prevent successful access to the network because o...

Page 105: ...can associate with the AP Clients configured to use WEP in Shared mode must have a valid WEP key in order to associate with the AP Clients configured to use WEP as an Open system can associate with th...

Page 106: ...ty Protocol TKIP Advanced Encryption Algorithm AES and Counter mode CBC MAC Protocol CCMP mechanisms PSK employs a pre shared key for an initial check of client credentials If you configured the Unifi...

Page 107: ...w this option is configured on the access point Note When the Cipher Suite on the access point is set to Both then TKIP clients with a valid TKIP key and AES clients with a valid CCMP AES key can asso...

Page 108: ...cate for a Client This appendix does not describe how to configure an EAP PEAP client with a RADIUS server Configuring IEEE 802 1X Security on a Client IEEE 802 1X is the standard defining port based...

Page 109: ...ettings 3 Configure wireless clients to use IEEE 802 1X security and Smart Card or other Certificate as described in this section 4 Obtain a certificate for this client as described in Obtaining a TLS...

Page 110: ...page 119 Network Authentication Open Data Encryption WEP Note An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking CRC of each IEEE 802 11 frame This is the same encr...

Page 111: ...l Key Integrity Protocol TKIP mechanisms This mode requires the use of a RADIUS server to authenticate users This security mode also provides backwards compatibility for wireless clients that support...

Page 112: ...ty with PEAP authentication on each client as follows Choose either TKIP or AES for the Data Encryption mode Choose WPA Choose Protected EAP PEAP then click Properties 1 2 Disable click to uncheck Cho...

Page 113: ...n external RADIUS server on the network to support it If you want to use IEEE 802 1X mode with EAP TLS certificates for authentication and authorization of clients you must have an external RADIUS ser...

Page 114: ...ettings 3 Configure wireless clients to use WPA security and Smart Card or other Certificate as described in this section 4 Obtain a certificate for this client as described in Obtaining a TLS EAP Cer...

Page 115: ...tificates The certificate you installed is used when you connect so you will not be prompted for login Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured...

Page 116: ...ame and password for both this procedure and the following one that describes how to obtain and install a certificate on the wireless client Please consult the documentation for your RADIUS server for...

Page 117: ...g your RADIUS server and bring up the Internet Authentication Service 2 In the left panel right click on RADIUS Clients node and choose New RADIUS Client from the popup menu 3 On the first screen of t...

Page 118: ...Rights Reserved D Link Unified Access Point Administrator s Guide IP address for the access point Click Next 4 For the Shared secret enter the RADIUS Key you provided to the access point on the Secur...

Page 119: ...e configuration of the RADIUS server PKI and CA server Consult the documentation for those products For information about configuring Microsoft Windows PKI software or installing a CA see the Microsof...

Page 120: ...ver or of the Certificate Authority CA depending on the configuration of your infrastructure 2 Click Yes to proceed to the secure Web page for the server The Welcome screen for the Certificate Server...

Page 121: ...have user accounts configured at this point This document does not describe how to set up Administrative user accounts on the RADIUS server Please consult the documentation for your RADIUS server for...

Page 122: ...assign a user to a VLAN and switches dynamically use this information to configure the port on the switch automatically Selection of the VLAN is usually based on the identity of the user The RADIUS s...

Page 123: ...up ID VLANID In the case of FreeRADIUS server the following options may be set in the users file to add the necessary attributes example user Auth Type EAP User Password nopassword Tunnel Type 13 Tunn...

Page 124: ...124 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...

Page 125: ...CLI You can use any of the following methods to access the command line interface CLI for the access point or wireless network Telnet Connection to the AP SSH Connection to the AP Telnet Connection t...

Page 126: ...password The login name is admin and the default password is admin After a successful login the screen shows the Access Point Name prompt You are now ready to enter CLI commands at the command line p...

Page 127: ...rname and password The login name is admin If you did not change the default password press ENTER when you are prompted for a password The default password is blank After a successful login the screen...

Page 128: ...bssvap0 There are multiple BSSes and they are named so this command returns information on the BSS named wlan0bssvap0 The following example uses the get command on a named class to get all instances g...

Page 129: ...et vap vap2 with radio wlan0 to vlan id 123 NOTE For information on interfaces used in this example such as wlan0 or vap2 see Interface Naming Convention on page 132 Using the add Command The add comm...

Page 130: ...be displayed Enter TAB again to display all available completions Example 1 At a blank command line enter TAB twice to get a list of all commands DLINK WLAN AP add Add an instance to the running conf...

Page 131: ...available from the CLI Table 32 Keyboard Shortcuts Keyboard Shortcut Action on CLI Ctrl a Move the cursor to the beginning of the current line Ctrl e Move the cursor to the end of the current line Ctr...

Page 132: ...also work for this Ctrl d Exit the CLI At a blank command prompt typing Ctrl d closes the CLI Typing Ctrl d within command text also removes characters one at a time at cursor location like Ctrl h Ta...

Page 133: ...configuration settings through the command line interface CLI using get set add and remove commands you are viewing and changing values on the running configuration only If you do not save the configu...

Page 134: ...re information see CLI Classes and Properties Reference on page 150 Configuring Basic Settings The following CLI command examples correspond to tasks you can accomplish on the Basic Settings tab of th...

Page 135: ...nterface wlan0 mac Get the VLAN ID for the wired interface get management vlan id Get the Network Name SSID for the default virtual access point get interface wlan0 ssid Get the Current IEEE 802 11 Ra...

Page 136: ...ost id Set the DNS Name set host id host_name For example set host id vicky ap Get Current Settings for the Ethernet Wired Internal Interface get management Set the management VLAN ID set management v...

Page 137: ...dhcp up Table 37 Wireless Setting Commands Action Command Enable or Disable 802 11d regulatory domain support set dot11 dot11d up set dot11 dot11d down Enable or Disable Station Isolation set radio w...

Page 138: ...set radio wlan0 mode dynamic turbo g only applicable for radio interface wlan1 Enable Super AG Mode set radio wlan0 super ag yes Disable Super AG Mode set radio wlan0 super ag no View the radio channe...

Page 139: ...ting on set global radius server radius accounting off View information about all VAPs get vap all detail Enable or disable a VAP on both radios set vap vapID status up set vap vapID status down Examp...

Page 140: ...ector in the length On the Web UI longer Key Length values may be shown which include the 24 bit initialization vector To set the WEP Key Length to 64 bits enter the following command set interface wl...

Page 141: ...y Type is Hex then each WEP Key must be 26 characters long If Key Length is 128 bits and Key Type is ASCII then each WEP Key must be 16 characters long If Key Length is 128 bits and Key Type is Hex th...

Page 142: ...of the following commands 1 Set the security mode DLINK AP set interface wlan0 security dot1x 2 Set the Authentication Server If you do not want to use the global RADIUS server for this VAP you must...

Page 143: ...et bss wlan0bssvap0 wpa2 allowed on WPA and WPA2 If you have a mix of clients some of which support WPA2 and others which support only the original WPA select both This lets both WPA and WPA2 client s...

Page 144: ...ommand gets details about the interface and shows the WEP Key settings specifically DLINK AP get interface wlan0 detail Set Security to WPA WPA2 Enterprise RADIUS To configure WPA WPA2 Enterprise as t...

Page 145: ...n on The pre authentication option does not apply if you set the WPA Version to support WPA clients because the original WPA does not support this pre authentication 4 Set the Cipher Suite you want to...

Page 146: ...ust discover each other The commands in Table 40 show how to change the AP mode from Standalone to Managed and how to configure the IP address of a D Link Unified Switch so that the AP can discover it...

Page 147: ...ic flowing from the client station to the access point station to AP Keep in mind that station to AP parameters apply only when WMM is enabled To get and set QoS settings on the client station use the...

Page 148: ...511 or 1024 The value for cwmin must be lower than the value for cwmax Valid values for the cwmax are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmax must be higher than the value for cwmin Set...

Page 149: ...set ntp status down Set the NTP server hostname or IP address set ntp server server hostname ip_address Example set ntp server server time foo com or set ntp server server 192 168 34 201 Table 45 Syst...

Page 150: ...Classes that can have multiple instances but do not have a name are called anonymous classes Together singleton and anonymous classes are called unnamed classes Some classes require their instances t...

Page 151: ...es of 1 and 2 Mbps It was formally adopted in 1997 but has been mostly superseded by 802 11b IEEE 802 11 is also used generically to refer to the family of IEEE standards for wireless local area netwo...

Page 152: ...mprehensive IEEE standard for security in a wireless local area network WLAN that describes Wi Fi Protected Access 2 WPA2 It defines enhancements to the MAC Layer to counter the some of the weaknesses...

Page 153: ...etwork in situations where formal infrastructure is not required Ad hoc mode is also referred to as peer to peer mode or an independent basic service set IBSS AES The Advanced Encryption Standard AES...

Page 154: ...for encryption and message integrity AES CCMP requires a hardware coprocessor to operate CGI The Common Gateway Interface CGI is a standard for running external programs from an HTTP server It specifi...

Page 155: ...me of a Web server and www dlink com is the fully qualified name of that server DNS translates the domain name www dlink com to some IP address for example 66 93 138 219 A domain name identifies one o...

Page 156: ...EE 802 11g stations over 20 Mbps transmission rates at 2 4GHz when paired with Orthogonal Frequency Division Multiplexing OFDM Built into ERP and the IEEE 802 11g standard is a scheme for effective in...

Page 157: ...org Infrastructure Mode Infrastructure Mode is a Wireless Networking Framework in which wireless stations communicate with each other by first going through an Access Point In this mode the wireless s...

Page 158: ...related services such as virtual hosting network consulting Web design etc J Jitter Jitter is the difference between the latency or delay in packet transmission from one node to another across a netwo...

Page 159: ...ware devices Built in twisted pair cabling and auto sensing enable connection between like devices with the use of a standard Ethernet cable For example if a wireless access point supports MDI MDIX on...

Page 160: ...data for transmission will be structured and formatted along with low level protocols for communication and addressing For example protocols such as CSMA CA and components like MAC addresses and Frame...

Page 161: ...to point links PPP is designed to operate both over asynchronous connections and bit oriented synchronous systems PPPoE Point to Point Protocol over Ethernet PPPoE is a specification for connecting t...

Page 162: ...otocol IRDP to communicate with other routers to configure the best route between any two hosts The router performs little filtering of data it passes RSSI The Received Signal Strength Indication RSSI...

Page 163: ...24 The subnet mask allows a router to quickly determine if an IP address is local or needs to be forwarded by performing a bitwise AND operation on the mask and the IP address For example if an IP add...

Page 164: ...A Unicast sends a message to a single specified receiver In wireless networks unicast usually refers to an interaction in which the access point sends data traffic in the form of IEEE 802 1X Frames di...

Page 165: ...ngle access point creates an infrastructure basic service set BSS whereas multiple access points are organized in an extended service set ESS WLAN Wireless Local Area Network WLAN is a LAN that uses h...

Page 166: ...authentication WRAP Wireless Robust Authentication Protocol WRAP is an encryption method for 802 11i that uses AES but another encryption mode OCB for encryption and integrity X XML The Extensible Ma...