D-Link DSA-6100 User Manual

DSA-6100

User Guide

Version DSA-6100-2.10 July, 2009

revise this publication without notice.

Trademarks

D-Link Corporation. All other brand and product names are registered trademarks or trademarks of their respective

holders.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, D-Link Corporation reserves the right

to make any changes to products described in this document without notice. D-Link Corporation shall be indemnified

against any liability that may occur due to the use or application of the product(s) described herein.

Table of Contents

Chapter 1. Before You Start ....................................................................................................................................1

1.1 Audience ................................................................................................................................................1

1.2 Document Conventions.........................................................................................................................1

Chapter 2. Overview................................................................................................................................................2

2.1 Introduction of DSA-6100....................................................................................................................2

2.2 System Concept.....................................................................................................................................2

Chapter 3. Hardware Installation ..........................................................................................................................7

3.1 Panel Function Descriptions ................................................................................................................7

3.2 Package Contents..................................................................................................................................9

3.3 System Requirement.............................................................................................................................9

3.4 Installation Steps.................................................................................................................................10

Chapter 4. Web Interface Configuration .............................................................................................................11

4.1 System Configuration.........................................................................................................................14

4.1.1 Configuration Wizard (Also served as Quick Installation Guide)..................................................15

4.1.2 System Information.............................................................................................................................26

4.1.3 WAN1 Configuration..........................................................................................................................27

4.1.4 WAN2 & Failover................................................................................................................................30

4.1.5 LAN1 Configuration...........................................................................................................................31

4.1.6 LAN2 Configuration...........................................................................................................................35

4.2 Network Configuration ......................................................................................................................36

4.2.1 Network Address Translation.............................................................................................................37

4.2.2 Privilege List........................................................................................................................................40

4.2.3 Monitor IP List....................................................................................................................................43

4.2.4 Walled Garden List.............................................................................................................................45

4.2.5 Proxy Server Properties......................................................................................................................46

4.2.6 Dynamic DNS ......................................................................................................................................47

4.2.7 IP Mobility ...........................................................................................................................................48

4.3 AP Management.................................................................................................................................. 49

4.3.1 AP List..................................................................................................................................................50

4.3.2 AP Discovery........................................................................................................................................57

4.3.3 Manual Configuration ........................................................................................................................60

4.3.4 Template Settings ................................................................................................................................61

4.3.5 Firmware Management ......................................................................................................................76

4.3.6 AP Upgrade..........................................................................................................................................77

4.4 User Authentication............................................................................................................................78

4.4.1 Authentication Configuration ............................................................................................................79

4.4.1.1 Local Server....................................................................................................................................80

4.4.1.2 POP3 Server....................................................................................................................................86

4.4.1.3 RADIUS Server ..............................................................................................................................87

4.4.1.4 LDAP Server...................................................................................................................................90

4.4.1.5 NT Domain Server..........................................................................................................................92

4.4.1.6 On Demand User ............................................................................................................................93

4.4.1.7 PMS User.........................................................................................................................................97

4.4.2 Policy Configuration .........................................................................................................................101

4.4.3 Black List Configuration..................................................................................................................109

4.4.4 Guest User Configuration.................................................................................................................113

4.4.5 Additional Configuration .................................................................................................................114

4.5 Status..................................................................................................................................................134

4.5.1 System Status.....................................................................................................................................135

4.5.2 Interface Status..................................................................................................................................137

4.5.3 Current Users ....................................................................................................................................139

4.5.4 Traffic History ...................................................................................................................................140

4.5.5 Notification Configuration ...............................................................................................................145

4.5.6 Online Report ....................................................................................................................................147

4.6 Tool.....................................................................................................................................................149

4.6.1 Change Password ..............................................................................................................................150

4.6.2 Backup/Restore Setting.....................................................................................................................154

4.6.3 Firmware Upgrade............................................................................................................................155

4.6.4 Ping Utility .........................................................................................................................................156

4.6.5 Restart................................................................................................................................................157

4.7 Help....................................................................................................................................................158

Appendix A. External Network Access .............................................................................................................159

Appendix B. Console Interface Configuration.................................................................................................162

Appendix C. Proxy Configuration.....................................................................................................................165

Appendix D. Certificate Setting for IE6 and IE7.............................................................................................172

Appendix E. VLAN Isolation.............................................................................................................................179

Appendix F. Session Limit and Session Log.....................................................................................................181

Chapter 1. Before You Start

1.1 Audience

This manual is intended for use by system integrators, field engineers and network administrators to help them set

up DSA-6100 Wireless Access Controller in their network environments. It contains step by step procedures and

pictures to guide users with basic network system knowledge to complete the installation.

1.2 Document Conventions

The following information provides the details of conventions used in this manual.

For cautionary statements or warning requiring special attention by readers, a text box with italic font will be used:

Warning: For security purposes, you should immediately change the administrator’s password.

When any of the button symbol shown below is selected, the following action will be executed accordingly:

Return to the homepage of this section.

Return to the previous page.

Apply all settings configured.

Clear all settings configured prior to applying.

Note: Screen captures and pictures used in this manual may be displaye d in part or in whole, and may vary or differ slightly from the actual product, depending on versioning and menu accessed.

DSA-6100 User Guide

Chapter 2. Overview

2.1 Introduction of DSA-6100

The DSA-6100 is a Network Access Controller designed for medium to large network environments to provide

network “manageability”, “efficiency” and a “friendly interface” suitable for campuses, libraries, gymnasiums,

small and middle enterprises, factories, hotspots and community hospitals.

2.2 System Concept

The DSA-6100 is built for the purpose of controlling all network data passing through its system. Users, under the

managed network, must be authenticated in order to access the network beyond the managed area. The

authentication mechanism at the user’s end is provided by the DSA-6100 server using SSL encryption to protect

the webpage. The DSA-6100 is responsible for the authentication, authorization, and management functions in the

system. User account information may be stored in the DSA-6100 database or in other specified external

authentication databases.

The process of authenticating the user’s identity is executed via the SSL encrypted webpage. The use of web

interface ensures the system is compatible to most desktop systems and palm computers. When a user

authentication is requested, the DSA-6100 server software checks the authentication database at the rear end to

confirm the user’s access right. The authentication database may be the local database of the DSA-6100 or any

external database that the DSA-6100 supports. If the user is not an authorized user, the DSA-6100 will refuse the

user’s request for access and block the user from accessing the network. If the user is an authorized user, the

DSA-6100 will grant the user appropriate access right so that the user can use the network. If the online user

remains idle without using the network for a time exceeding a predetermined idle time on the DSA-6100, or if the

online user logs out of the system, the DSA-6100 will exit the working stage of the user and terminate the user’s

access right of the network.

Chapter 2. Overview

The following picture provides a simple example of setting up middle to large enterprise network. The DSA-6100 is

set to control a part of the company’s intranet. The whole managed network includes cable network users, and

wireless network users. In the beginning, any user located at the managed network is unable to access the

network resource without permission. If the access right to the network beyond the managed area is required, an

Internet browser such as the Internet Explorer must be opened and a connection to any website must be

performed. When the browser attempts to connect to a website, the DSA-6100 will force the browser to redirect to

the user login webpage. The user must enter the username and password for authentication. After the identity is

authenticated successfully, the user will be granted proper access right as defined in the DSA-6100.

Attention: Public LAN Authentication is required for the users to get access of the network. Private LAN is referred to as the LAN port with the authentication function disabled.

is referred to as the LAN port with the authentication function enabled from where the

DSA-6100 User Guide

Another setup example is shown in the following diagram, where the administrator is able to increase the uplink

bandwidth capacity beyond the capacity of any single WAN port. This is done by the DSA-6100’s Bonding feature.

Chapter 2. Overview

The DSA-6100 can be used as the gateway for Internet access, where an external connection can be established

for sharing, accounting, authentication and users management. This solution can be applied for environments such

as hotels, campus, hot spots and others. An example of the network topology is as follows:

DSA-6100 User Guide

The DSA-6100 is able to use a Local Database or authentication servers (NT-Domain, POP3, LDAP and Radius)

to authenticate users. This type of solution is suitable for environments such as hotels, campus, hot spots,

enterprises and others.

Chapter 3. Hardware Installation

3.1 Panel Function Descriptions

Chapter 3. Hardware Installation

Front Panel

1. Reset 3. LED 5. Port: USB 7. Port: LAN1 / LAN2

2. Select / Execute 4. LCD 6. Port: Console 8. Port: WAN1 / WAN2

1. Reset

 Press and hold the Reset Button for 5 seconds to restart the DSA-6100.

 Press and hold the Reset Button for more than 10 seconds to restart the DSA-6100 in default

configuration.

2. Select / Execute

4 2 1 6 3 5 8 7 8 7

 Esc: Cancel selected function  Enter: Execute selected function in menu  Arro w Up: Navigate upward to select required function in menu  Arro w Down: Navigate downward to select required function in menu

3. LED

 Power: ON indicates that power is on and OFF indicates that power is off.  Status: OFF indicates BIOS is running, BLINKING indicates the OS is running, and ON indicates

system is ready.

 Hard Disk: Reserved for future usage.  Port Speed:

¾ Upper left indicator: OFF indicates no connection, ON (orange color) indicates connection and

BLINKING indicates transmitting data.

¾ Upper right indicator: OFF indicates 10Mbps connection, ON (green color) indicates 100Mbps

connection and ON (orange color) indicates 1000Mbps connection.

DSA-6100 User Guide

4. LCD: Shows the information about the System and Network listed below:

 System Info:

H.W. Status (CPU Temperature)

Utilization (CPU (%) and Memory (%))

System Time

Boot-up Time

Firmware

 Network Info: WAN 1 / WAN 2 / LAN 1 / LAN 2

¾ Setting (IP Address and Netmask)

¾ Loading (In/Out Pkts/s and In/Out Bytes/s)

¾ Status (Connected or Disconnected)

5. USB Port: Reserved for future use.

6. Console Port: The system can be configured via HyperTerminal. For example, if you need to set the

Administrator’s Password, you can connect a PC to this port as a Console Serial Port via a terminal

connection program (the terminal’s configuration must be 9600bps, 8, N, 1, flow control - none) to change

the Administrator’s Password.

7. LAN1 / LAN2 Ports: The two LAN ports can be independently configured and set to disallow users to

access Internet before authentication. Administrators can therefore choose to force authentication on

users connected to these ports.

8. WAN1 / WAN2 Ports: The two WAN ports are connected to a network which is not managed by the

DSA-6100, and this port can be used to connect to the ATU-Router of an ADSL, or the port of a Cable

Modem, or the Switch or Hub on the LAN of an organization.

Rear Panel

Power Fan: Keeps the power cool. Power Socket: The power cord is attached here. Power Switch: Turns on and off the machine.

Chapter 3. Hardware Installation

3.2 Package Contents

The standard package of the DSA-6100 includes:

y DSA-6100 x 1

y Console Cable x 1

y Crossover Ethernet Cable x 1

y Straight-through Ethernet Cable x 1

y Power Cord x 1

y CD-ROM x 1

y Quick Installation Guide x 1

y Screw Set x 1

y Rack Mount Bracket x 1

3.3 System Requirement

y Standard 10/100BaseT including network cables with RJ-45 connectors

y All PCs need to install the TCP/IP network protocol

3.4 Installation Steps

Please follow the steps mentioned below to install the DSA-6100:

1. Connect the power cord to the power socket on the rear panel.

2. Turn on the power switch at the rear panel. The Power LED will light up.

DSA-6100 User Guide

3. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable

to an ADSL modem, a cable modem or a switch/hub of the internal network. The LED of this WAN1 should

light up to indicate a proper connection.

4. Connect an Ethernet cable to LAN1 port with the user authentication function enabled on the front panel. The

default port is LAN1 port. The LAN1 port with authentication function is referred to as Public LAN. Connect

the other end of the Ethernet cable to an AP or switch. The LED of this LAN1 should light up to indicate a

proper connection.

5. Connect an Ethernet cable to LAN2 Port with the user authentication function disabled on the front panel. The

LAN2 port without authentication function is referred to as Private LAN and the administrator can enter the

administrative user interface to perform configurations via Private LAN. Connect the other end of the Ethernet

cable to a client’s PC. The LED of this LAN2 should light up to indicate a proper connection.

Attention: Usually a straight RJ-45 can be applied if the DSA-6100 is connected to a hub/computer which supports automatic crossover, such as the Access Point. However, after the Access Point hardware resets, the DSA-6100 may not be able to connect to the Access Point while conne cting with a straight cable, unless the cable is pulled out and plug-in again. This scenario does NOT occur while using a crossover cable.

After the hardware of the DSA-6100 is installed completely, the system is ready to be configured in the following

sections. This manual will guide you step by step to set up the system using a single DSA-6100 to manage the

network.

Chapter 4. Web Interface Configuration

This chapter provides further detailed information on setting up the DSA-6100. The administration system allows

you to set various networking parameters, such as to enable and to customize network services, to manage user

accounts and to monitor user status. The following table shows all the functions of DSA-6100. The administration

functions are separated into several categories: System Configuration, Network Configuration, AP Management,

User Authentication, Status and Tool.

OPTION FUNCTION

System Configuration

Network Configuration

AP Management

Configuration Wizard

System Information

WAN1 Configuration

WAN2 & Failover

LAN1 Configuration

LAN 2 Configuration

Network Address Translation

Privilege List

Monitor IP List

Walled Garden List

Proxy Server Properties

Dynamic DNS

IP Mobility

AP List

AP Discovery

Manual Configuration

Template Settings

Firmware Management

AP Upgrade

User Authentication

Authentication Configuration

Policy Configuration

Black List Configuration

Guest User Configuration

Additional Configuration

DSA-6100 User Guide

OPTION FUNCTION

Status

Tool

System Status

Interface Status

Current Users

Traffic History

Notification Configuration

Online report

Change Password

Backup /Restore Setting

Firmware Upgrade

Ping Utility

Restart

Note: After finishing the configuration, please click Apply and pay attention to see if a restart message appears at the bottom of the screen. If the message appears, the system must be restarted to allow the configurations to take effect. All on-line users will be disconnected during restart.

 Web Management Interface

The DSA-6100 provides a web management interface for configuration. After completing the hardware installation,

the administrator can configure the DSA-6100 via web browsers with JavaScript enabled such as Internet Explorer

version 6.0.

After the basic installation has been completed according to the instructions of the previous chapter, the DSA-6100

can further be configured with the following steps:

1. Use the network cable of the 10/100BaseT to connect a PC to the Private LAN (LAN2), and then start a

browser (such as Microsoft IE). Next, enter the gateway address for that port in the opened webpage, the

default which is https://192.168.1.1

. A login screen will then appear. Enter “admin” for the default username

and password and click Enter to log in.

Once the DSA-6100 has been connected, the Administrator Login Page will appear. Enter “admin” for both

the default username and password in the Username and Password fields. Select the Enter button to log in.

Chapter 4. Web Interface Configuration

Note: If you are unable to get to the login screen, please check the IP address used. The IP address should be in the same subnet of the default gateway. For using static IP in TCP/IP setting, set a static IP address such as

192.168.1.x for your network interface and then open a new browser again.

2. After successfully logging into the DSA-6100, the Administration System page of the web management

interface will appear. To log out of the system when completed, select the Logout icon on the upper right

corner of the interface to return to the Administrator Login Page.

DSA-6100 User Guide

4.1 System Configuration

This section relates to system configuration and provides the information on the following functions: Configuration Wizard, System Information, WAN Configuration and LAN Configuration.

Chapter 4. Web Interface Configuration

4.1.1 Configuration Wizard (Also served as Quick Installation Guide)

There are two ways to configure the system. One is by using the Configuration Wizard, and the other is by

changing the setting manually. The Configuration Wizard uses seven simple steps to provide the easy set up of the

DSA-6100. These steps may also be used as the Quick Installation Guide. The 7 steps are listed below:

1. Change the Admin Password

2. Choose the System’s Time Zone

3. Set the System Information

4. Select the Connection Type for WAN1 Port

5. Configure LAN1

6. Select Authentication Method

7. Restart

Click System Configuration to go to the System Configuration page. Click the System Configuration from the left menu, and the System Configuration page will appear. Next, click on the buttons, Configuration Wizard then Run Wizard to start the wizard.

y Running the Wizard

A welcome screen that briefly introduces the 7 steps will appear. Click Next to begin.

DSA-6100 User Guide

y Step 1: Change Admin’s Password

Enter a new password for the admin account and retype it in the Verify Password field (twenty-character maximum and no spaces). Click Next to continue.

y Step 2: Choose System’s Time Zone

Select a proper time zone via the pull-down menu. Click Next to continue.

y Step 3: Set System Information

Home Page: Enter the URL to where the clients should be directed when they are properly authenticated. NTP Server: Enter the URL of the external time server for the DSA-6100 time synchronization or use the

default.

DNS Server: Enter a DNS Server provided by the ISP (Internet Service Provider). Contact the ISP if the DNS

IP Address is unknown.

Click Next to continue.

Chapter 4. Web Interface Configuration

y Step 4: Select the Connection Type for WAN1 Port

There are three types of WAN port to select: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type and click Next to continue.

 Dynamic IP Address

If this option is selected, an appropriate IP address and related information will be assigned automatically.

Click Next to continue.

 Static IP Address: Set WAN1 Port’s Static IP Address

Enter the “IP Address”, “Subnet Mask” and “Default Gateway” provided by the ISP. Click Next to continue.

DSA-6100 User Guide

 PPPoE Client: Set PPPoE Client’s Information

Enter the “Username” and “Password” provided by the ISP. Click Next to continue.

Chapter 4. Web Interface Configuration

y Step 5: Configure LAN1’s Information

IP Address: Enter the Public LAN port IP Address or use the default. Subnet Mask: Enter the Public port Subnet Mask or use the default. Disable DHCP Server: If the DHCP server is disabled, the Public LAN clients must be configured with an IP

address manually.

Enable DHCP Server: When the option is selected, the DSA-6100 will automatically provide the necessary

IP address to all Public LAN clients.

Click Next to continue.

DSA-6100 User Guide

y Step 5 (cont.): Set LAN1 DHCP Server

If the Enable DHCP Server option is selected, more information about the LAN1 DHCP server will be needed.

Fields marked with red asterisks must be filled in.

Start IP Address: The start IP address of the DHCP scope of LAN1. End IP Address: The end IP address of the DHCP scope of LAN1.

These IP address will be assigned to the LAN1 clients. (Note: Be sure that IP address assigned in this range is NOT used in other setting of DSA-6100.)

Domain Name: Enter a domain name provided by your ISP (e.g. dlink.com). WINS Server: Enter the IP address of the WINS server.(Windows Internet Naming Service Server) This field

is optional.

Preferred DNS Server: The DNS Server settings are provided by your ISP. Only the Preferred DNS Server

field is mandatory. Contact your ISP if you are unsure of the DNS Server settings.

Alternate DNS Server: The DNS Server settings are provided by your ISP. The field is optional. Click Next to

continue.

Chapter 4. Web Interface Configuration

y Step 6: Select Default Authentication Server

Please specify the postfix name for this authentication method. The Postfix Name field (e.g. Local) will be

used as the postfix name (e.g. username@Local). An authentication method has to be selected from one of

the five options appeared in this window (Local User is selected for this setup example).

Click Next to continue.

 Local User - Add User

A new user can be added to the local user data base. To add a user, enter the Username (e.g. test), Password (e.g. test), MAC (optional) and assign it a policy (or use the default). Upon completing a user adding, more users can be added to this authentication method by clicking the ADD button. Click Next to continue.

DSA-6100 User Guide

 User Authentication Method-POP3

Enter IP/Domain Name and server port of the POP3 server provided by the ISP, and then choose enable

SSL or not.

Click Next to continue.

 User Authentication Method-RADIUS

Enter RADIUS server IP/Domain Name, authentication port, accounting port and secret key, then

choose whether to enable accounting service. Next, choose the desired authentication method.

Click Next to continue.

Chapter 4. Web Interface Configuration

 User Authentication Method-LDAP

Add a new user to the LDAP user database. Enter the “LDAP Server”, “Server Port” and “Base DN” and select one kind of Binding Type and Account Attribute to access the LDAP server. If the User Account binding type is selected, the system will use the Base DN to be the user account to

access the LDAP server.

 If Anonymous binding type is selected, the system will access the LDAP servers without requiring

authentication.

DSA-6100 User Guide

 If Specific DN binding type is selected, username and password in the “Bind RDN” and “Bind

Password” fields must be entered to access the LDAP server.

 If Windows AD binding type is selected, please enter the domain name of Windows AD to access the

LDAP server.

Click Next to continue.

 User Authentication Method-NT Domain

When NT Domain User is selected, enter the information for “Server IP Address”, and enable/disable “Transparent Login”. After this setup is completed, click Next to continue.

+ 158 hidden pages

D-Link DSA-6100 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual