Unified Access Point Administrator’s Guide March 2012 Unified Access Point Administrator’s Guide Page 1
Unified Access Point Administrator’s Guide Table of Contents Section 1 - About This Document.............................................................................................9 Document Organization.......................................................................................................................................... 9 Additional Documentation......................................................................................................................................
Unified Access Point Administrator’s Guide Controlling Access by MAC Authentication.......................................................................................................... 59 Configuring a MAC Filter and Station List on the AP..................................................................................... 59 Configuring MAC Authentication on the RADIUS Server............................................................................... 60 Configuring Load Balancing...............
Unified Access Point Administrator’s Guide Viewing the Last Proposed Set of Changes................................................................................................. 109 Configuring Advanced Settings.................................................................................................................... 109 Viewing Wireless Neighborhood Information.....................................................................................................
Unified Access Point Administrator’s Guide List of Figures Figure 1 - Administrator UI Online Help.................................................................................................................... 10 Figure 2 - Web UI Login Prompt............................................................................................................................... 14 Figure 3 - Provide Basic Settings................................................................................................
Unified Access Point Administrator’s Guide Figure 60 - Configure Client QoS DiffServ Class Map Settings............................................................................... 96 Figure 61 - Configure Client QoS DiffServ Policy Map Settings............................................................................. 100 Figure 62 - QoS Configuration Status For Associated Clients...............................................................................
Unified Access Point Administrator’s Guide List of Tables Table 1 - Typographical Conventions....................................................................................................................... 10 Table 2 - Requirements for the Administrator’s Computer........................................................................................ 12 Table 3 - Requirements for Wireless Clients......................................................................................................
Unified Access Point Administrator’s Guide Table 60 - Session Management............................................................................................................................ 107 Table 61 - Channel Assignments............................................................................................................................ 109 Table 62 - Last Proposed Changes....................................................................................................................
Unified Access Point Administrator’s Guide Section 1 - About This Document Section 1 - About This Document This guide describes setup, configuration, administration and maintenance for the D-Link DWL-x600AP Unified Access Point (UAP) on a wireless network.
Unified Access Point Administrator’s Guide Section 1 - About This Document Symbol Example Description Curly Braces {} {Choice1 | Choice2} Indicates that you must select a parameter from the list of choices. Vertical Bars | Choice1 | Choice2 Separates the mutually exclusive choices. Braces within square brackets [{}] [{Choice1 | Choice2}] Indicate a choice within an optional element.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Section 2 - Getting Started The D-Link DWL-x600AP unified access point (UAP) provides continuous, high-speed access between wireless devices and Ethernet devices. It is an advanced, standards-based solution for wireless networking in businesses of any size. The UAP enables wireless local area network (WLAN) deployment while providing state-of-the-art wireless networking features.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Required Software or Component Description Wireless Connection to the Network After initial configuration and launch of the first access point on your new wireless network, you can make subsequent configuration changes through the Administration Web pages using a wireless connection to the internal network.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Dynamic and Static IP Addressing on the AP When you power on the access point, the built-in DHCP client searches for a DHCP server on the network in order to obtain an IP Address and other network information. If the AP does not find a DHCP server on the network, the AP continues to use its default Static IP Address (10.90.90.
Unified Access Point Administrator’s Guide Section 2 - Getting Started •) To use a direct-cable connection, connect one end of an Ethernet straight-through or crossover cable to the network port on the access point and the other end of the cable to the Ethernet port on the PC, as shown in the following figure. You can also use a serial cable to connect the serial port on the AP to a serial port on the administrative computer.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Figure 3 - Provide Basic Settings 5.) Verify the settings on the Basic Settings page. •) Review access point description and provide a new administrator password for the access point if you do not want to use the default password, which is admin. •) Click the Apply button to activate the wireless network with these new settings. Note: The changes you make are not saved or applied until you click Apply.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Basic Settings From the Basic Settings page, you can view various information about the UAP, including IP and MAC address information, and configure the administrator password for the UAP. The following table describes the fields and configuration options on the Basic Settings page. Field Description IP Address Shows the IP address assigned to the AP.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Field Description System Contact Enter the name, e-mail address, or phone number of the person to contact regarding issues related to the AP. System Location Enter the physical location of the AP, for example Conference Room A.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Figure 4 - Command Line Interface (CLI) Connection Configuring the Ethernet Settings The default Ethernet settings, which include DHCP and VLAN information, might not work for all networks. By default, the DHCP client on the UAP automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Action Commands Use DHCP as the connection type set management dhcp-status up set management dhcp-status down Use a Static IP as the connection type set management static-ip Set the Static IP address For example: set management static-ip 10.10.12.221 set management static-mask Set a Subnet Mask For example: set management static-mask 255.255.255.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Using the CLI to Configure 802.1X Authentication Information The following table shows the commands used to configure the 802.1X supplicant information using the CLI. Action Command View 802.1X supplicant settings get dot1x-supplicant set dot1x-supplicant status up Enable 802.1X supplicant set dot1x-supplicant status down Disable 802.1X supplicant set dot1x-supplicant user Set the 802.
Unified Access Point Administrator’s Guide Section 2 - Getting Started Configuring Security on the Wireless Access Point You configure secure wireless client access by configuring security for each virtual access point (VAP) that you enable. You can configure up to 16 VAPs per radio that simulate multiple APs in one physical access point. By default, only one VAP is enabled. For each VAP, you can configure a unique security mode to control wireless client access.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Section 3 - Viewing Access Point Status This section describes the information you can view from the tabs under the Status heading on the Administration Web UI.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Modify Wireless Settings page. For information about configuring these settings, see “Wireless Settings” on page 37 and “Modifying Radio Settings” on page 40. Viewing Events The Events page shows real-time system events on the AP such as wireless clients associating with the AP and being authenticated. To view system events, click the Events tab.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Field Description Persistence Choose Enabled to save system logs to non-volatile memory so that the logs are not erased when the AP reboots. Choose Disabled to save system logs to volatile memory. Logs in volatile memory are deleted when the system reboots. Severity Specify the severity level of the log messages to write to non-volatile memory.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Note: To apply your changes, click Apply. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN traffic is low. If you enabled the Log Relay Host, clicking Apply will activate remote logging.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Field Description Total Drop Packets Indicates total number of packets sent (in Transmit table) or received (in Received table) by this AP that were dropped. Total Drop Bytes Indicates total number of bytes sent (in Transmit table) or received (in Received table) by this AP that were dropped. Errors Indicates total errors related to sending and receiving data on this AP.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status A TSPEC is a traffic specification that is sent from a QoS-capable wireless client to an AP requesting a certain amount of network access for the traffic stream (TS) it represents. A traffic stream is a collection of data packets identified by the wireless client as belonging to a particular user priority.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Field Description From Station Shows the number of packets and bytes received from the wireless client and the number of packets and bytes that were dropped after being received. Also shows the number of packets: •) in excess of an admitted TSPEC. •) for which no TSPEC has been established when admission is required by the AP.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Field Description AP Detection for Radio To allow the AP radios to perform neighbor AP detection and collect information about neighbor APs, click Enabled. To disable neighbor AP detection on the radios, click Disabled. If you change the AP detection mode, click Apply to save the new settings. Detected Rogue AP List Action Click Grant to move the AP from the Detected Rogue AP List to the Known AP List.
Unified Access Point Administrator’s Guide Field Section 3 - Viewing Access Point Status Description Known AP List Action An AP can appear in the Known AP List if it has been moved from the Detected Rogue AP List by clicking the Grant button or if the MAC address of the AP appears in an AP list that has been imported. To move the AP from the Known AP List to the Detected Rogue AP List, click Delete. Note: The Detected Rouge AP and Known AP lists provide information.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status appear in the Known AP List. Viewing Managed AP DHCP Information The UAP can learn about D-Link Unified Wireless Switches on the network through DHCP responses to its initial DHCP request. The Managed AP DHCP page displays the DNS names or IP addresses of up to four D-Link Unified Wireless Switches that the AP learned about from a DHCP server on your network.
Unified Access Point Administrator’s Guide Field Section 3 - Viewing Access Point Status Description AP and VAP Status Interface Indicates the name of the Radio or VAP interface. Access Category Indicates Current Access Category associated with this Traffic Stream (voice or video). Status Indicates whether the TSPEC session is enabled (up) or not (down) for the corresponding Access Category. Note: This is a configuration status (does not necessarily represent the current session activity).
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Field Description TSPEC Statistics Summary for Voice ACM Indicates the total number of accepted and the total number of rejected voice Traffic Streams. TSPEC Statistics Summary for Video ACM Indicates the total number of accepted and the total number of rejected video Traffic Streams.
Unified Access Point Administrator’s Guide Section 3 - Viewing Access Point Status Field Description Multicast Frames Transmitted Count of successfully transmitted MSDU frames where the multicast bit is set in the destination MAC address. Duplicate Frame Count Number of times a frame is received and the Sequence Control field indicates is a duplicate.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Section 4 - Managing the Access Point This section describes how to manage the UAP and contains the following subsections: •) “Ethernet Settings” on page 35 •) “Wireless Settings” on page 37 •) “Modifying Radio Settings” on page 40 •) “Configuring Radio and VAP Scheduler” on page 44 •) “Scheduler Association Settings” on page 46 •) “Virtual Access Point Settings” on page 47 •) “Configuring the Wireless Distribution System (WD
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Hostname Enter a hostname for the AP. The hostname appears in the CLI prompt. •) The hostname has the following requirements: •) The length must be between 1 – 63 characters. •) Upper and lower case characters, numbers, and hyphens are accepted. •) The first character must be a letter (a – z or A – Z), and the last character cannot be a hyphen.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Wireless Settings Wireless settings describe aspects of the local area network (LAN) related specifically to the radio device in the access point (802.11 Mode and Channel) and to the network interface to the access point (MAC address for access point and Wireless Network name, also known as SSID). To configure the wireless interface, click the Manage > Wireless Settings tab.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Mode The Mode defines the Physical Layer (PHY) standard the radio uses. Note: The modes available depend on the country code setting and the radio selected. Select one of the following modes for radio 1: •) IEEE 802.11a is a PHY standard that specifies operating in the 5 GHz U-NII band using orthogonal frequency division multiplexing (OFDM). It supports data rates ranging from 6 to 54 Mbps. •) IEEE 802.
Unified Access Point Administrator’s Guide Field Section 4 - Managing the Access Point Description AeroScout™ Engine AeroScout Engine support provides location-based services for wireless networks. Specify Protocol Support whether to enable support for the AeroScout protocol. Options are Enabled or Disabled. The default is Disabled. When enabled, Aeroscout devices are recognized and data is sent to an Aeroscout Engine (AE) for analysis. The AE determines the geographical location of 802.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point information. The DWS-4000 Series switch does not communicate with the AE. AeroScout tags operate only in 802.11b/g mode. Therefore, network administrators who use the AeroScout tags must configure at least one radio on APs that are expected to detect tags in either 802.11b/g or 802.11b/g/n mode. The radios configured in 2.4 GHz IEEE 802.11n mode cannot detect AeroScout tags.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Mode The Mode defines the Physical Layer (PHY) standard the radio uses. Note: The modes available depend on the country code setting and the radio selected. Select one of the following modes for radio 1: •) IEEE 802.11a is a PHY standard that specifies operating in the 5 GHz U-NII band using orthogonal frequency division multiplexing (OFDM). It supports data rates ranging from 6 to 54 Mbps. •) IEEE 802.
Unified Access Point Administrator’s Guide Field Section 4 - Managing the Access Point Description Short Guard Interval This field is available only if the selected radio mode includes 802.11n. Supported The guard interval is the dead time, in nanoseconds, between OFDM symbols. The guard interval prevents Inter-Symbol and Inter-Carrier Interference (ISI, ICI). The 802.11n mode allows for a reduction in this guard interval from the a and g definition of 800 nanoseconds to 400 nanoseconds.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description RTS Threshold Specify a Request to Send (RTS) Threshold value between 0 and 2347. The RTS threshold indicates the number of octets in an MPDU, below which an RTS/CTS handshake is not performed. Changing the RTS threshold can help control traffic flow through the AP, especially one with a lot of clients. If you specify a low threshold value, RTS packets will be sent more frequently.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description TSPEC Voice ACM Limit Specify an upper limit on the amount of traffic the AP attempts to transmit on the wireless medium using a voice AC to gain access. TSPEC Video ACM Mode Regulates mandatory admission control for the video access category. The options are: •) On — A station is required to send a TSPEC request for bandwidth to the AP before sending or receiving a video traffic stream.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Figure 19 - Scheduler Configuration Field Description Global Scheduler Mode A global switch to enable or disable the scheduler feature. The default is Disable. Scheduler Operational Status Status The operational status of the Scheduler. The range is Up or Down. The default is Down. Reason Provides additional information about the status.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Figure 20 - Scheduler Configuration (Modify Rule) Click Apply to save the new configuration settings. Note: After making any modifications, you must click Apply to apply the changes and to save the settings. Scheduler Association Settings For a Scheduler profile to take effect, you must associate it with at least one radio or VAP interface.
Unified Access Point Administrator’s Guide Field Section 4 - Managing the Access Point Description Radio Scheduler Profile Operational Status 1 or 2 From the menu, select the Scheduler profile to associate with Radio 1 or Radio 2. Scheduler Profile From the menu, select the Scheduler profile to associate with the Radio. Status The operational status of the Scheduler. The range is Up or Down.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Figure 22 - Modify Virtual Access Point Settings The following table describes the fields and configuration options on the VAP page. Field Description RADIUS IP Address Type Specify the IP version that the RADIUS server uses.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Radio Select the radio to configure. VAPs are configured independently on each radio. VAP You can configure up to 16 VAPs for each radio. VAP0 is the physical radio interface, so to disable VAP0, you must disable the radio. Enabled You can enable or disable a configured network. •) To enable the specified network, select the Enabled option beside the appropriate VAP.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Redirect Mode Enable the HTTP redirect feature to redirect wireless clients to a custom Web page. When redirect mode is enabled, the user will be redirected to the URL you specify after the wireless client associates with an AP and the user opens a Web browser on the client to access the Internet.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Key Type Select the key type by clicking one of the radio buttons: •) ASCII •) Hex WEP Keys You can specify up to four WEP keys. In each text box, enter a string of characters for each key. The keys you enter depend on the key type selected: •) ASCII — Includes upper and lower case alphabetic letters, the numeric digits, and special symbols such as @ and #.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically-generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame. This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Enable RADIUS Accounting Select this option to track and measure the resources a particular user has consumed such as system time, amount of data transmitted and received, and so on. If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Cipher Suites Select the cipher suite you want to use: •) TKIP •) CCMP (AES) •) TKIP and CCMP (AES) Both TKIP and AES clients can associate with the AP. WPA clients must have one of the following to be able to associate with the AP: •) A valid TKIP key •) A valid AES-CCMP key Clients not configured to use a WPA Personal will not be able to associate with the AP.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Enable preauthentication If for WPA Versions you select only WPA2 or both WPA and WPA2, you can enable preauthentication for WPA2 clients. Click Enable pre-authentication if you want WPA2 wireless clients to send preauthentication packet. The pre-authentication information will be relayed from the AP the client is currently using to the target AP.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Session Key Refresh Rate Enter a value to set the interval at which the AP will refresh session (unicast) keys for each client associated to the VAP. The valid range is 0–86400 seconds. A value of 0 indicates that the broadcast key is not refreshed. Table 26 - WPA Enterprise Note: After you configure the security settings, you must click Apply to apply the changes and to save the settings.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Figure 27 - Configure WDS Bridges Before you configure WDS on the AP, note the following guidelines: •) When using WDS, be sure to configure WDS settings on both APs participating in the WDS link. •) You can have only one WDS link between any pair of APs. That is, a remote MAC address may appear only once on the WDS page for a particular AP.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point If you select None as your preferred WDS encryption option, you will not be asked to fill in any more fields on the WDS page. All data transferred between the two APs on the WDS link will be unencrypted. Note: To disable a WDS link, you must remove the value configured in the Remote Address field. WEP on WDS Links The following table describes the additional fields that appear when you select WEP as the encryption type.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Controlling Access by MAC Authentication A Media Access Control (MAC) address is a hardware address that uniquely identifies each node of a network. All IEEE 802 network devices share a common 48-bit MAC address format, usually displayed as a string of 12 hexadecimal digits separated by colons, for example 00:DC:BA:09:87:65. Each wireless network interface card (NIC) used by a wireless client has a unique MAC address.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Filter To set the MAC Address Filter, select one of the following options: •) Allow only stations in the list. Any station that is not in the Stations List is denied access to the network through the AP. •) Block all stations in list. Only the stations that appear in the list are denied access to the network through the AP. All other stations are permitted access.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Field Description Load Balancing Enable or disable load balancing: To enable load balancing on this AP, click Enable. To disable load balancing on this AP, click Disable. Utilization for No New Associations Provide the percentage of network bandwidth utilization allowed on the radio before the AP stops accepting new client associations.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Configuring Managed Access Point Settings To add the IP address of a D-Link Unified Wireless Switch to the AP, click the Managed Access Point tab under the Manage heading and update the fields shown in the table below. Figure 30 - Configure Managed AP Wireless Switch Parameters Field Description Managed AP Administrative Mode Click Enabled to allow the AP and switch to discover each other.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Configuring 802.1X Authentication On networks that use IEEE 802.1X, port-based network access control, a supplicant (client) cannot gain access to the network until the 802.1X authenticator grants access. If your network uses 802.1X, you must configure 802.1X authentication information that the AP can supply to the authenticator. To configure the UAP 802.
Unified Access Point Administrator’s Guide Section 4 - Managing the Access Point Creating a Management Access Control List (ACL) You can create an access control list (ACL) that lists up to five IPv4 hosts and five IPv6 hosts that are authorized to access the AP management interface. If this feature is disabled, anyone can access the management interface from any network client by supplying the correct AP username and password. To create an access list, click the Management ACL tab.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Section 5 - Configuring Access Point Services This section describes how to configure services on the UAP and contains the following subsections: •) “Web Server Settings” on page 65 •) “Configuring SNMP on the Access Point” on page 66 •) “Setting the SSH Status” on page 68 •) “Setting the Telnet Status” on page 69 •) “Configuring Quality of Service” on page 69 •) “Configuring Email Alert” on page 72 •) “Enabling the T
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Field Description Generate HTTP SSL Certificate Select this option to generate a new SSL certificate for the secure Web server. This should be done once the access point has an IP address to ensure that the common name for the certificate matches the IP address of the UAP. Generating a new SSL certificate will restart the secure Web server.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Figure 34 - SNMP Configuration Field Description SNMP Enabled/ Disabled You can specify the SNMP administrative mode on your network. By default SNMP is enabled. To enable SNMP, click Enabled. To disable SNMP, click Disabled. After changing the mode, you must click Apply to save your configuration changes. Note: If SNMP is disabled, all remaining fields on the SNMP page are disabled.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Field Description Hostname, address or subnet of Network Management System Specify the IPv4 DNS hostname or subnet of the machines that can execute get and set requests to the managed devices. The valid range is 1-256 characters. As with community names, this provides a level of security on SNMP settings. The SNMP agent will only accept requests from the hostname or subnet specified here.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Field Description SSH Status Choose to either enable or disable SSH access to the AP CLI: •) To permit remote access to the AP by using SSH, click Enabled. •) To prevent remote access to the AP by using SSH, click Disabled. Table 38 - SSH Settings Setting the Telnet Status Telnet is a program that provides access to the DWL-x600AP CLI from a remote host.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Figure 37 - Modify QoS Queue Parameters Field Description EDCA Template Possible options are: Default, Optimized for Voice, and Custom. AP EDCA Parameters Queue Queues are defined for different types of data transmitted from AP-to-station: •) Data 0 (Voice) — High priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Field Description Max. Burst Length The Max. Burst Length is an AP EDCA parameter and only applies to traffic flowing from the AP to the client station. This value specifies (in milliseconds) the maximum burst length allowed for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services Note: After you configure the QoS settings, you must click Apply to apply the changes and to save the settings. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN traffic is low.
Unified Access Point Administrator’s Guide Field Section 5 - Configuring Access Point Services Description Non Urgent Severity Configures the severity level for log messages that are considered to be non-urgent. Messages in this category are collected and sent in a digest form at the time interval specified by the Log Duration field. The security level you select and all levels up to, but not including the lowest Urgent level are considered non-urgent.
Unified Access Point Administrator’s Guide Section 5 - Configuring Access Point Services To set the system time either manually or by specifying the address of the NTP server for the AP to use, click the Services > Time Settings (NTP) tab and update the fields as described in the table below. Figure 39 - Time Settings (NTP) Field Description Set System Time NTP provides a way for the AP to obtain and maintain its time from a server on the network.
Unified Access Point Administrator’s Guide Section 6 - Configuring SNMPv3 Section 6 - Configuring SNMPv3 This section describes how to configure the SNMPv3 settings on the UAP and contains the following subsections: •) “Configuring SNMPv3 Views” on page 75 •) “Configuring SNMPv3 Groups” on page 76 •) “Configuring SNMPv3 Users” on page 77 •) “Configuring SNMPv3 Targets” on page 78 Configuring SNMPv3 Views A MIB view is a combination of a set of view subtrees or a family of view subtrees where each view su
Unified Access Point Administrator’s Guide Section 6 - Configuring SNMPv3 Note: After you configure the SNMPv3 Views settings, you must click Apply to apply the changes and to save the settings. Configuring SNMPv3 Groups SNMPv3 groups allow you to combine users into groups of different authorization and access privileges. By default, the UAP has two groups: •) RO — A read-only group using authentication and data encryption.
Unified Access Point Administrator’s Guide Section 6 - Configuring SNMPv3 Field Description Read Views Select the read access to management objects (MIBs) for the group: •) view-all — The group is allowed to view and read all MIBs. •) view-none — The group cannot view or read MIBs. SNMPv3 Groups This field shows the default groups and the groups that you have defined on the AP. To remove a group, select the group and click Remove.
Unified Access Point Administrator’s Guide Section 6 - Configuring SNMPv3 Note: After you configure the SNMPv3 Users settings, you must click Apply to apply the changes and to save the settings. Configuring SNMPv3 Targets SNMPv3 Targets send “inform” messages to the SNMP manager. Each target is identified by a target name and associated with target IP address, UDP port, and SNMP user name.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point Section 7 - Maintaining the Access Point This section describes how to maintain the UAP.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point Figure 46 - Confirmation Prompt 3.) To proceed with the download, select OK. A dialog box opens allowing you to view or save the file. 4.) Select the Save File option and select OK. 5.) Use the file browser to navigate to the directory where you want to save the file, and click OK to save the file. You can keep the default file name (config.xml) or rename the backup file, but be sure to save the file with an .
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point 2.) Use the Browse button to select the file to restore. 3.) Click the Restore button. A File Upload or Choose File dialog box displays. 4.) Navigate to the directory that contains the file, then select the file to upload and click Open. (Only those files created with the Backup function and saved as .xml backup configuration files are valid to use with Restore; for example, ap_config.xml.) 5.) Click the Restore button.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point Figure 50 - Manage Firmware (TFTP) 2.) Enter a name (1 to 63 characters) for the image file in the Image Filename field, including the path to the directory that contains the image to upload. For example, to upload the ap_upgrade.tar image located in the /share/builds/ap directory, enter / share/builds/ap/ap_upgrade.tar in the Image Filename field. The firmware upgrade file supplied must be a tar file.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point 5.) To verify that the firmware upgrade completed successfully, check the firmware version shown on the Upgrade page (or the Basic Settings page). If the upgrade was successful, the updated version name or number is indicated. Packet Capture Configuration and Settings Wireless packet capture operates in two modes: •) Capture file mode. •) Remote capture mode.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point Figure 53 - Packet Capture Status The following table describes information the packet capture status fields display. Field Description Current Capture Status Shows whether packet capture is running or stopped. Packet Capture Time Shows elapsed capture time. Packet Capture File Size Shows the current capture file size.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point Upon activation, the packet capture proceeds until one of the following occurs: •) The capture time reaches configured duration. •) The capture file reaches its maximum size. •) The administrator stops the capture. During the capture, you can monitor the capture status, elapsed capture time, and the current capture file size. This information can be updated, while the capture is in progress, by clicking Refresh.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point To capture packets on the Ethernet interface of the AP and VAP0 on radio 1 using IP port 58000, start two Wireshark sessions and specify the following interfaces: rpcap://192.168.1.10:58000/eth0 rpcap://192.168.1.10:58000/wlan0 When you are capturing traffic on the radio interface, you can disable beacon capture, but other 802.11 control frames are still sent to Wireshark.
Unified Access Point Administrator’s Guide Section 7 - Maintaining the Access Point Field Description Remote Capture Port Specify the remote port to use as the destination for packet captures. (range 1 to 65530). Table 50 - Remote Packet Capture Packet Capture File Download Packet Capture File Download allows you to download the capture file by TFTP to a configured TFTP server or by HTTP(S) to a PC. The captured packets are stored in file /tmp/apcapture.pcap on the AP.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Section 8 - Configuring Client Quality of Service (QoS) This section describes how to configure QoS settings that affect traffic from the wireless clients to the AP. By using the UAP Client QoS features, you can limit bandwidth and apply ACLs and DiffServ policies to the wireless interface.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description Client QoS Mode Enable or disable QoS operation on the VAP selected in the VAP menu. QoS must be enabled globally (from the Client QoS Global Admin Mode field) and on the VAP (QoS Mode field) for the Client QoS settings to be applied to wireless clients. Bandwidth Limit Down Enter the maximum allowed transmission rate from the AP to the wireless client in bits per second.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect fields of a frame such as the source or destination MAC address, the VLAN ID, or the Class of Service 802.1p priority. When a frame enters or exits the AP port (depending on whether the ACL is applied in the up or down direction), the AP inspects the frame and checks the ACL rules against the content of the frame.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description ACL Type Select the type of ACL to configure: •) IPv4 •) IPv6 •) MAC IPv4 and IPv6 ACLs control access to network resources based on Layer 3 and Layer 4 criteria. MAC ACLs control access based on Layer 2 criteria. ACL Rule Configuration ACL Name - ACL Type Select the ACL to configure with the new rule. The list contains all ACLs added in the ACL Configuration section.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description Source Port Select this field to include a source port in the match condition for the rule. The source port is identified in the datagram header. Once you select the field, choose the port name or enter the port number.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description IP Precedence Select this option and enter a value to use the packet’s IP Precedence value in the IP header as match criteria. You can select only one service type (DSCP, IP Precedence or TOS bits) to use for match criteria. The IP Precedence range is 0 – 7. IP TOS Bits Select this option and enter a value to use the packet’s Type of Service bits in the IP header as match criteria.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description Source Port Select this option to include a source port in the match condition for the rule. The source port is identified in the datagram header. Once you select the field, choose the port name or enter the port number.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description EtherType Select the EtherType field to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Defining DiffServ To use DiffServ for Client QoS, use the Class Map and Policy Map pages to define the following categories and their criteria: •) Class: create classes and define class criteria •) Policy: create policies, associate classes with policies, and define policy statements Once you define the class and associate it with a policy, apply the policy to a specified VAP on the VAP QoS Parameters page.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description Class Map Name Select name of the class to configure. Use the fields in the Match Criteria Configuration area to match packets to a class. Select the check box for each field to be used as a criterion for a class and enter data in the related field. You can have multiple match criteria in a class.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description IP DSCP To use IP DSCP as a match criteria, select the check box and select a DSCP value keyword or enter a DSCP. Select from List Select from a list of DSCP types. Match to Value Enter a DSCP Value to match (0 – 63). IPv4 and IPv6 Class Maps Source Port Select this field to include a source port in the match condition for the rule. The source port is identified in the datagram header.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description EtherType Select the EtherType field to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Creating a DiffServ Policy Map Use the Policy Map page to create DiffServ policies and to associate a collection of classes with one or more policy statements. The UAP supports up to 50 Policy Maps. Packets are classified and processed based on defined criteria. The classification criteria is defined by a class on the Class Map page. The processing is defined by a policy’s attributes on the Policy Map page.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description Drop Select Drop to specify that all packets for the associated traffic stream are to be dropped if the class map criteria is met. Mark Class of Service Select this field to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header. If the packet does not already contain this header, one is inserted.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) Field Description ACL Type Up Shows the type of ACL that is applied to traffic in the inbound (client-to-AP) direction, which can be one of the following: •) IPv4: The ACL examines IPv4 packets for matches to ACL rules. •) IPv6: The ACL examines IPv6 packets for matches to ACL rules. •) MAC: The ACL examines layer 2 frames for matches to ACL rules.
Unified Access Point Administrator’s Guide Section 8 - Configuring Client Quality of Service (QoS) RADIUS Attribute ID Description Type/Range Vendor-Specific (26), LVL7-Wireless-ClientACL-Up 6132,121 Access list identifier to be applied to 802.1X authenticated wireless client traffic in the inbound (up) direction. If this attribute refers to an ACL that does not exist on the AP, all packets for this client will be dropped until the ACL is defined.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Section 9 - Clustering Multiple APs The UAP supports AP clusters. A cluster provides a single point of administration and lets you view, deploy, configure, and secure the wireless network as a single entity rather than a series of separate wireless devices. Managing Cluster Access Points in the Cluster The AP cluster is a dynamic, configuration-aware group of APs in the same subnet of a network.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Figure 64 - Manage Access Points In The Cluster (Active) If clustering is currently disabled on the AP, the Start Clustering button is visible. If clustering is enabled, the Stop Clustering button is visible. You can edit the clustering option information when clustering is disabled. The following table describes the configuration and status information available on the cluster Access Points page.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Removing an Access Point from the Cluster To remove an access point from the cluster, do the following. 1.) Go to the Administration Web pages for the clustered access point. The Administration Web pages for the standalone access point are displayed. 2.) Click the Cluster > Access Points link in the Administration pages. 3.) Click Stop Clustering. 4.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs A session in this context is the period of time in which a user on a client device (station) with a unique MAC address maintains a connection with the wireless network. The session begins when the client logs on to the network, and the session ends when the client either logs off intentionally or loses the connection for some other reason.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Configuring and Viewing Channel Management Settings When Channel Management is enabled, the UAP automatically assigns radio channels used by clustered access points. The automatic channel assignment reduces mutual interference (or interference with other access points outside of its cluster) and maximizes Wi-Fi bandwidth to help maintain the efficiency of communication over the wireless network.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Viewing Current Channel Assignments and Setting Locks The Current Channel Assignments section shows a list of all access points in the cluster by IP Address. The display shows the band on which each AP is broadcasting (a/b/g/n), the current channel used by each AP, and an option to lock an AP on its current radio channel so that it cannot be re-assigned to another.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Field Description Change channels if interference is reduced by at least Specify the minimum percentage of interference reduction a proposed plan must achieve in order to be applied. The default is 75 percent. Use the drop-down menu to choose percentages ranging from 5 percent to 75 percent.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Figure 67 - View Neighboring Access Points The following table describes details about the Wireless Neighborhood information.
Unified Access Point Administrator’s Guide Section 9 - Clustering Multiple APs Viewing Details for a Cluster Member To view details on a cluster member AP, click on the IP address of a cluster member at the top of the page. The following figure shows the Neighbor Details of the AP with an IP address of 10.90.90.91. Figure 68 - Viewing Details For A Cluster Member The following table explains the details shown about the selected AP.
Unified Access Point Administrator’s Guide Appendix A - Default AP Settings Appendix A - Default AP Settings When you first power on a UAP, it has the default settings shown in the following table. Feature Default System Information User Name admin Password admin Ethernet Interface Settings Connection Type DHCP DHCP Enabled IP Address 10.90.90.91 (if no DHCP server is available) Subnet Mask 255.0.0.
Unified Access Point Administrator’s Guide Appendix A - Default AP Settings Feature Default VLAN ID 1 Network Name (SSID) dlink1 through dlink16 Broadcast SSID Allow Security Mode None (plain text) MAC Authentication Type None RADIUS IP Address 10.90.90.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples Appendix B - Configuration Examples This appendix contains examples of how to configure selected features available on the UAP. Each example contains procedures on how to configure the feature by using the Web interface, CLI, and SNMP.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples set vap vap1 vlan-id 2 Note: The previous command sets the VLAN ID to 2 for VAP 1 on both radios. To set the VLAN ID for VAP 1 on radio one only, use the following command: set vap 1 with radio wlan0 to vlan-id 2. 4.) Set the SSID to Marketing. set interface wlan0vap1 ssid Marketing 5.) Set the Security Mode to WPA Personal. set interface wlan0vap1 security wpa-personal 6.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples Radio Configuration from the Web Interface 1.) Log onto the AP and navigate to the Manage > Radio page. Figure 70 - Radio Configuration from the Web Interface 2.) 3.) 4.) 5.) 6.) 7.) 8.) Make sure that the Status is On. From the Mode menu, select IEEE 802.11b/g/n. From the Channel field, select 6. From the Channel Bandwidth field, select 40 MHz. In the Maximum Stations field, change the value to 100.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples Radio Configuration Using SNMP 1.) 2.) 3.) 4.) 5.) Load the DLINK-WLAN-ACCESS-POINT-X600-MIB module. From the MIB tree, navigate to the objects in the apRadio table (apRadioBss > apRadioTable). Use the apRadioStatus object to set the status of Radio 12 to up (1). Use the apRadioMode object to set the Radio 12 mode to IEEE 802.11b/g/n, which is bg-n (4).
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples WDS Configuration from the CLI 1.) Connect to the MyAP1 by using Telnet, SSH, or a serial connection. 2.) Configure the remote MAC address for MyAP2. set interface wlan0wds0 status up remote-mac 00:30:AB:00:00:B0 3.) Set WPA (PSK) as the encryption type for the link. set interface wlan0wds0 wds-security-policy wpa-personal 4.) Set the SSID on the WDS link. set interface wlan0wds0 wds-ssid wds-link 5.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples 5.) Click Start Clustering to enable the clustering feature. After you refresh the page, other APs that are on the same bridged segment, have radios in the same operating mode, are enabled for clustering, and have the same cluster name appear in the Access Points table. 6.) Go to the Channel Management page to view the channel assignments.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples Configuring Client QoS This example shows how to enable client QoS, configure an ACL and a DiffServ policy on the AP, and to apply the ACL and the Policy to traffic transmitted from clients associated with VAP 2 and received by the AP. The IPv4 ACL is named acl1 and contains two rules. The first rule allows HTTP traffic from the 192.168.1.0 subnet. The second rule allows all IP traffic from the management station (192.168.1.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples •) Wild Card Mask: 0.0.0.255 •) Source Port: Select the option •) Select From List (Source Port): www 7.) Click Apply to save the rule. Figure 76 - Configuring QoS by Using the Web Interface (Rule2) 8.) Select New Rule from the Rule menu and create another rule with the following settings: •) Action: Permit •) Match Every: Clear the option •) Protocol: IP •) Address: 192.168.1.23 •) Wild Card Mask: 0.0.0.0 9.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples 1.) Log onto the AP and navigate to the Client QoS > Class Map page. Figure 78 - Configuring QoS by Using the Web Interface (Class Map Name) 2.) Enter class_voip in the Class Map Name field and click Add Class Map. The page refreshes and additional fields appear. Figure 79 - Configuring QoS by Using the Web Interface (Rule) 3.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples Figure 81 - Configure Client QoS DiffServ Policy Map Settings (Rule) 10.) For the class_voip Class Map, select the Mark IP Dscp option, and then select ef from the Select From List menu. 11.) Traffic that meets the criteria defined in the class_voip class is marked with a DSCP value of EF (expedited forwarding). 12.) Click Apply to save the policy. 13.) Navigate to the Client QoS > VAP QoS Parameters page.
Unified Access Point Administrator’s Guide Appendix B - Configuration Examples 4.) Add another rule to acl1 that allows all traffic from the host with an IP address of 192.168.1.23. add rule acl-name acl2 acl-type ipv4 action permit protocol ip src-ip 192.168.1.23 src-ipmask 0.0.0.0 5.) Enable Client QoS on the AP. set client-qos mode up 6.) Enable Client QoS on VAP2 set vap wlan0vap2 qos-mode up 7.) Apply acl1 to VAP2 in the inbound direction (from the client to the AP).
Unified Access Point Administrator’s Guide 6.) 7.) 8.) 9.) Appendix B - Configuration Examples •) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.16.1.4.97.99.108.49.2 to set apQosAclRuleCommit to a value of 1 (true), which saves the rule. Use the apQosGlobalMode object to set the status to up (1), which enables Client QoS on the AP. Walk the apVapDescription object to view the instance ID for VAP 2 (wlan0vap2). VAP 2 on Radio 1 is instance 5. Use the apVapQosMode object to set the status of VAP 2 to up (1).
Unified Access Point Administrator’s Guide Appendix C - Statements Appendix C - Statements Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
Unified Access Point Administrator’s Guide Appendix C - Statements NCC Statement: 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特 性及功能。 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應改善至無干擾時方得繼續使用。前 項合法通信,指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電 機設備之干擾。 March 2012 Unified Access Point Administrator’s Guide Page 128
