How it Works
D-Link
Loading...
DWC-2000
Datasheet
5 pgs351.47 Kb0
Instructions
48 pgs3.31 Mb0
Quick Installation Manual
8 pgs1.73 Mb0
Service Manual
48 pgs3.48 Mb0
User Manual
5 pgs436.59 Kb0
User Manual [de]
5 pgs497.67 Kb0
User Manual [ru]
113 pgs1.85 Mb0

D-Link DWC-2000 Service Manual

Download
Wireless Controller
User Manual
DWC-2000
Version 1.00
BUSINESS WIRELESS SOLUTION
Preface
D-Link reserves the right to revise this publication and to make changes in the content hereof without obligation to notify any person or organization of such revisions or changes. Information in this document may become obsolete as our services and websites develop and change.
Manual Revisions
Revision Date Description
1.00 April 28, 2014 • DWC-2000 revision A1 initial release
Trademarks
D-Link and the D-Link logo are trademarks or registered trademarks of D-Link Corporation or its subsidiaries in the United States or other countries. All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies.
© 2014 D-Link Corporation.
All rights reserved. This publication may not be reproduced, in whole or in part, without prior expressed written permission from D-Link Corporation.
D-Link DWC-2000 User Manual 2
Safety Instructions
Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage.
Safety Cautions
To reduce the risk of bodily injury, electrical shock, re, and damage to the equipment, observe the following precautions:
• Observe and follow service markings.
• Do not service any product except as explained in your system documentation.
• Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock.
• Only a trained service technician should service components inside these compartments.
• If any of the following conditions occur, unplug the product from the electrical outlet and replace the part or contact your trained service provider:
• The power cable, extension cable, or plug is damaged.
• An object has fallen into the product.
• The product has been exposed to water.
• The product has been dropped or damaged.
• The product does not operate correctly when you follow the operating instructions.
• Keep your system away from radiators and heat sources. Also, do not block cooling vents.
• Do not spill food or liquids on your system components, and never operate the product in a wet environment. If the system gets wet, see the appropriate section in your troubleshooting guide or contact your trained service provider.
• Do not push any objects into the openings of your system. Doing so can cause re or electric shock by shorting out interior components.
• Use the product only with approved equipment.
• Allow the product to cool before removing covers or touching internal components.
• Operate the product only from the type of external power source indicated on the electrical ratings label. If you are not sure of the type of power source required, consult your service provider or local power company.
• Also, be sure that attached devices are electrically rated to operate with the power available in your location.
• Use only approved power cable(s). If you have not been provided with a power cable for your system or for any AC powered option intended for your system, purchase a power cable that is approved for use in your country. The power cable must be rated for the product and for the voltage and current marked on the product’s electrical ratings label. The voltage and current rating of the cable should be greater than the ratings marked on the product.
• To help prevent electric shock, plug the system and peripheral power cables into properly grounded electrical outlets.
D-Link DWC-2000 User Manual 3
• These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter plugs or remove the grounding prong from a cable. If you must use an extension cable, use a 3-wire cable with properly grounded plugs.
• Observe extension cable and power strip ratings. Make sure that the total ampere rating of all products plugged into the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or power strip.
• To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).
• Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.
• Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modications.
• Always follow your local/national wiring rules.
• When connecting or disconnecting power to hot-pluggable power supplies, if oered with your system, observe the following guidelines:
• Install the power supply before connecting the power cable to the power supply.
• Unplug the power cable before removing the power supply.
• If the system has multiple sources of power, disconnect power from the system by unplugging all power cables from the power supplies.
• Move products with care; ensure that all casters and/or stabilizers are rmly connected to the system. Avoid sudden stops and uneven surfaces.
D-Link DWC-2000 User Manual 4
Protecting Against Electrostatic Discharge
Static electricity can harm delicate components inside your system. To prevent static damage, discharge static electricity from your body before you touch any of the electronic components, such as the microprocessor. You can do so by periodically touching an unpainted metal surface on the chassis.
You can also take the following steps to prevent damage from electrostatic discharge (ESD):
1. When unpacking a static-sensitive component from its shipping carton, do not remove the component from the antistatic packing material until you are ready to install the component in your system. Just before unwrapping the antistatic packaging, be sure to discharge static electricity from your body.
2. When transporting a sensitive component, rst place it in an antistatic container or package.
3. Handle all sensitive components in a static-safe area. If possible, use antistatic oor pads, workbench pads and an antistatic grounding strap.
D-Link DWC-2000 User Manual 5
Table of Contents
Preface .......................................................................................................................................................... 2
Manual Revisions ...................................................................................................................................................................... 2
Trademarks ................................................................................................................................................................................. 2
Safety Instructions ................................................................................................................................................................... 3
Safety Cautions ................................................................................................................................................................ 3
Protecting Against Electrostatic Discharge ........................................................................................................... 5
Product Overview ...................................................................................................................................... 12
Introduction ............................................................................................................................................................................. 12
Features and Benets ...........................................................................................................................................................13
Package Contents .................................................................................................................................................................14
Required Tools and Information ....................................................................................................................................... 14
Front Panel ................................................................................................................................................................................ 15
Rear Panel .................................................................................................................................................................................15
Installation ................................................................................................................................................. 16
Unpacking.................................................................................................................................................................................16
Selecting a Location .............................................................................................................................................................. 16
Rack Mount ..............................................................................................................................................................................17
Connecting the Wireless Controller ................................................................................................................................. 18
Basic Conguration ................................................................................................................................... 19
Log in to the Web Management Interface .................................................................................................................... 20
Web Management Interface Layout ................................................................................................................................22
Standard Web Management Interface Features .........................................................................................................23
Basic Conguration Procedures ........................................................................................................................................ 24
Step #1: Enable DHCP Server (Optional) ...............................................................................................................25
Step #2: Congure Country Code ..........................................................................................................................26
Step #3: Select APs to be Managed ........................................................................................................................ 27
Step #4: Change the SSID and Set Up Security .................................................................................................. 29
Step #5: Select MAC Authentication Mode .........................................................................................................34
Step #6: Conrm Access Point Prole is Associated .........................................................................................36
Step #7: Congure Captive Portal Settings ..........................................................................................................37
Step #8: Use SSID with RADIUS Sever as Authenticator ..................................................................................45
Step #9: Congure Guest Management ...............................................................................................................46
Step #10: Congure a BYOD Environment ...........................................................................................................53
Where to Go from Here ........................................................................................................................................................59
Advanced WLAN Conguration ................................................................................................................ 60
WLAN General Settings ........................................................................................................................................................61
Channel Plan and Power Settings ....................................................................................................................................64
D-Link DWC-2000 User Manual 6
Congure Channel Plan .............................................................................................................................................. 64
Congure Power Settings ..........................................................................................................................................66
WIDS ............................................................................................................................................................................................67
Congure AP WIDS Settings ......................................................................................................................................67
Congure Client WIDS Settings ...............................................................................................................................70
Distributed Tunnel .................................................................................................................................................................72
Congure Distributed Tunnel ................................................................................................................................... 72
WLAN Visualization ................................................................................................................................................................ 73
Upload Images ............................................................................................................................................................... 73
Deleting Images ............................................................................................................................................................73
Launch .............................................................................................................................................................................74
AP Discovery Methods ......................................................................................................................................................... 75
L2/ VLAN Discovery ...................................................................................................................................................... 75
Congure L2/ VLAN Discovery .............................................................................................................................76
L3/ IP Discovery .............................................................................................................................................................77
Congure L3/ IP Discovery .................................................................................................................................... 77
Managed APs ........................................................................................................................................................................... 78
Add a Valid AP ................................................................................................................................................................78
Add a AP from Discovered AP List ..........................................................................................................................80
Manual Change Channel and Power of Managed AP ...................................................................................... 81
Congure AP Debug Mode .......................................................................................................................................82
Congure AP Provisioning ......................................................................................................................................... 83
AP Proles .................................................................................................................................................................................85
Congure AP Prole .....................................................................................................................................................85
Congure AP Prole Radio ........................................................................................................................................87
Congure AP Prole SSID ...........................................................................................................................................93
Congure AP Prole QoS ............................................................................................................................................94
SSID Proles ..............................................................................................................................................................................98
Congure SSID Proles ...............................................................................................................................................98
Wireless Distribution System (WDS) ..............................................................................................................................102
Congure WDS Managed AP Group ....................................................................................................................104
Congure WDS Managed AP ..................................................................................................................................105
Congure WDS AP Link .............................................................................................................................................107
Peer Group ..............................................................................................................................................................................108
Congure Peer Group ................................................................................................................................................108
Synchronize Peer Group ...........................................................................................................................................109
AP Firmware Download .....................................................................................................................................................110
Advanced Network Conguration .........................................................................................................114
IP Mode ....................................................................................................................................................................................115
LAN Conguration ...............................................................................................................................................................116
IPv4 LAN Settings ........................................................................................................................................................116
IPv6 LAN Settings ........................................................................................................................................................118
D-Link DWC-2000 User Manual 7
IPv6 Address Pools ......................................................................................................................................................120
IPv6 Router Advertisement .....................................................................................................................................122
IPv6 Advertisement Prexes ...................................................................................................................................124
LAN DHCP Reserved IPs ............................................................................................................................................126
Congure IGMP Setup ...............................................................................................................................................127
Congure Jumbo Frames .........................................................................................................................................128
Link Aggregation .........................................................................................................................................................129
VLANs .......................................................................................................................................................................................130
Creating VLANs ............................................................................................................................................................130
Editing VLANs...........................................................................................................................................................132
Deleting VLANs........................................................................................................................................................132
MultiVLAN Subnets ................................................................................................................................................133
Port VLANs .....................................................................................................................................................................135
MAC Based VLANs ..................................................................................................................................................136
Voice VLANs ..............................................................................................................................................................138
Protocol Based VLANs ...........................................................................................................................................139
Double VLANs ..........................................................................................................................................................140
GVRP ................................................................................................................................................................................141
Routing ....................................................................................................................................................................................142
Congure IPv4 Static Routing.................................................................................................................................142
Congure IPv6 Static Routing.................................................................................................................................144
Editing/Deleting Static Routes ..........................................................................................................................146
QoS Conguration ...............................................................................................................................................................147
QoS Priority ...................................................................................................................................................................147
Enabling QoS Mode ...............................................................................................................................................148
Dening DSCP and CoS on each port .............................................................................................................150
Conguring 802.1p Priority ................................................................................................................................151
Conguring DSCP Priority ...................................................................................................................................152
Port Shaping Rate ...................................................................................................................................................153
QoS Policy ......................................................................................................................................................................154
Congure Policy Based QoS ...............................................................................................................................154
Congure Flow-based Control ...........................................................................................................................156
Congure Auto VoIP QoS .....................................................................................................................................157
Congure Queue Scheduler ...............................................................................................................................158
Queue Management .............................................................................................................................................159
Setup CoS and DSCP Marking ............................................................................................................................160
Securing Your Network ...........................................................................................................................161
Client Management .............................................................................................................................................................162
Viewing/Adding Wireless Known Clients ...........................................................................................................162
Editing/Deleting Clients ...........................................................................................................................................164
Group Management ............................................................................................................................................................165
Adding User Groups ...................................................................................................................................................165
Editing User Groups ...............................................................................................................................................167
D-Link DWC-2000 User Manual 8
Deleting User Groups ............................................................................................................................................168
Conguring Login Policies .......................................................................................................................................169
Conguring Browser Policies ..................................................................................................................................170
Conguring IP Policies ..............................................................................................................................................171
User Management ...............................................................................................................................................................172
Adding Users Manually .............................................................................................................................................172
Importing Users ......................................................................................................................................................173
Editing Users ............................................................................................................................................................174
Deleting Users .........................................................................................................................................................175
Password Rules ......................................................................................................................................................................176
Guest Account Usage Management .............................................................................................................................177
Payment Gateway .......................................................................................................................................................181
Login Proles ................................................................................................................................................................182
Customize the Captive Portal Login Page .....................................................................................................182
Customize the SLA of the Captive Portal ............................................................................................................185
External Authentication .....................................................................................................................................................186
Congure RADIUS Server .........................................................................................................................................186
Congure POP3 Server ..............................................................................................................................................188
Congure POP3 Trusted CA .....................................................................................................................................189
Congure LDAP Server ..............................................................................................................................................190
Blocked Clients ......................................................................................................................................................................192
Status and Statistics ................................................................................................................................ 193
Viewing Statistic and Utilization .....................................................................................................................................195
Manage Dashboard ............................................................................................................................................................196
Viewing System Status ..............................................................................................................................................198
Viewing USB Status ................................................................................................................................................199
Viewing DHCP Clients ...........................................................................................................................................200
Viewing Captive Portal Sessions .......................................................................................................................201
Viewing Trac on Interfaces ............................................................................................................................................202
Viewing Link Aggregation .......................................................................................................................................204
Viewing Controller Status and Statistics .............................................................................................................205
Controller Associated Clients .............................................................................................................................206
Distributed Tunnel .................................................................................................................................................207
Peer Controller Receive Status ...........................................................................................................................208
Peer Controller Sent Status .................................................................................................................................210
Viewing Access Point Information ........................................................................................................................211
Global Status ............................................................................................................................................................211
All APs .........................................................................................................................................................................213
Managed ....................................................................................................................................................................214
Peer Managed ..........................................................................................................................................................216
Authentication Failed ............................................................................................................................................217
RF Scan .......................................................................................................................................................................218
De-Authentication Attacks .................................................................................................................................219
D-Link DWC-2000 User Manual 9
Hardware Capability ..............................................................................................................................................221
Associated Clients Global Status ...........................................................................................................................223
Associated Clients ..................................................................................................................................................224
Ad Hoc Clients .........................................................................................................................................................228
Detected Clients .....................................................................................................................................................229
Viewing Cluster Information ...................................................................................................................................231
Viewing WDS Group Status .................................................................................................................................232
WDS Group AP Status ...........................................................................................................................................233
Viewing WDS AP Status ........................................................................................................................................235
Viewing WDS Link Status .....................................................................................................................................236
Viewing WDS Link Statistics ................................................................................................................................237
Maintenance ............................................................................................................................................238
System Settings ....................................................................................................................................................................239
Set System Name .......................................................................................................................................................239
Set System Date and Time ......................................................................................................................................239
Set Login Session Timeout .......................................................................................................................................240
Set USB Share Ports ....................................................................................................................................................240
Activating Licenses ..............................................................................................................................................................241
Remote Management .........................................................................................................................................................242
Using SNMP ............................................................................................................................................................................243
Congure SNMP v3 User List...................................................................................................................................243
Congure SNMP Trap List .........................................................................................................................................244
Congure SNMP Access Control List ....................................................................................................................245
Congure SNMP System Info ..................................................................................................................................246
Congure Wireless SNMP Info ................................................................................................................................246
Backup Conguration Settings .......................................................................................................................................249
Restoring Conguration Settings ...................................................................................................................................250
Restoring Factory Default Settings ................................................................................................................................251
Rebooting the Wireless Controller .................................................................................................................................252
Upgrading Firmware ...........................................................................................................................................................253
Wireless Controller Firmware Upgrade ...............................................................................................................253
Using the Command Line Interface...............................................................................................................................255
Troubleshooting ...................................................................................................................................... 256
LED Troubleshooting ..........................................................................................................................................................257
Power LED is OFF .........................................................................................................................................................257
LAN Port LEDs Not ON ...............................................................................................................................................257
Web Management Interface ............................................................................................................................................257
Using the Reset Button to Restore Default Settings ................................................................................................258
Problems with Date and Time .........................................................................................................................................258
Discovery Problems with Access Points .......................................................................................................................258
Connection Problems .........................................................................................................................................................259
D-Link DWC-2000 User Manual 10
Network Performance and Rogue Access Point Detection ...................................................................................259
Using Diagnostic Tools on the Wireless Controller ..................................................................................................260
Ping an IP Address ......................................................................................................................................................260
Using Traceroute .........................................................................................................................................................261
Performing DNS Lookups .........................................................................................................................................262
Capturing Log Packets ..............................................................................................................................................263
Conducting a System Check ...................................................................................................................................264
Log Settings ...........................................................................................................................................................................265
Dening What to Log .................................................................................................................................................265
Tracking Trac/Routing Logs .................................................................................................................................267
System Logging ......................................................................................................................................................268
Remote Logging .....................................................................................................................................................269
Syslog Server Conguration....................................................................................................................................271
Event Log .......................................................................................................................................................................272
Current Logs .............................................................................................................................................................273
WLAN Logs ................................................................................................................................................................274
LAN Logs ....................................................................................................................................................................275
Appendix A - Basic Planning Worksheet ................................................................................................276
Appendix B - Factory Default Settings ................................................................................................... 279
Appendix C - Glossary ............................................................................................................................. 280
Appendix D - Technical Specications ................................................................................................... 282
D-Link DWC-2000 User Manual 11
Section 1 - Product Overview
Product Overview
Introduction
The DWC-2000 Wireless Controller is intended to provide medium-to-large-sized businesses with a solution for conguring, managing, and monitoring up to 256 D-Link DWL-2600AP, DWL-3600AP, DWL-6600AP, DWL-8600AP, and/or DWL-8610AP access points from a central location.
Using the wireless controller and the access points with which it is associated lets you:
• Discover and congure D-Link access points on the WLAN
• Optimize wireless access point performance with centralized RF management, security, Quality of Service (QoS), and other conguration features
• Streamline security conguration tasks and set up guest access
• Monitor network status and statistics
• Perform maintenance tasks and rmware updates for the wireless management system and for D-Link access points on your wireless network
• Conduct troubleshooting procedures
Conguration is performed using conguration proles. A conguration prole allows a wireless controller to distribute a set of radio, Service Set Identier (SSID), and QoS parameters to the access points associated with that prole.
The wireless controller comes with one prole predened. You can use this prole as is, edit it to suit your requirements, or create new conguration proles as necessary. For example:
• An oce building may have one conguration prole for access points located in one area of a facility (such as a general work area) and a dierent prole for access points in another area of the facility (for example, in the Human Resources department).
• A shopping mall may need several conguration proles if several businesses share a WLAN, but each business has its own network.
• Large networks that need dierent policies per building or department could have access points congured for security policies for each building and department (for example, one for guests, one for management, one for sales, and so on).
D-Link DWC-2000 User Manual 12
Section 1 - Product Overview
Features and Benets
The DWC-2000 Wireless Controller is intended for campuses, hospitality, and medium-to-large businesses. In a stacked conguration with the appropriate licenses, a wireless controller can support up to 256 access points. The wireless controller allows you to manage your wireless network from a central point, implement security and QoS features centrally, congure a guest access captive portal, and support Voice over Wi-Fi.
Scalable Architecture with Stacking and Redundancy
• Supports for 64 access points on a single wireless controller with no additional license.
• Purchased license packs (DWC-2000-AP32 / DWC-2000-AP32-LIC / DWC-2000-AP64 / DWC-2000-AP64­LIC / DWC-2000-AP128/ DWC-2000-AP128-LIC) in increments of 32/64/128 access points which allows for support of up to 256 access points on a single wireless controller.
• Up to 1,024 access point in a clustering group network.
• Maximum of 8 wireless controllers and support auto-failover redundancy while access points in full capacity.
• Supports IEEE 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac protocols.
Centralized Management and Conguration
• Auto-discovery of access points in L2 and L3 domains.
• Single point of management for the entire wireless network.
• Simplied prole-based conguration.
• DHCP server for dynamic IP address provisioning.
• Congurable management VLAN.
• Real-time monitoring of access points and associated client stations.
• System alarms and statistics reports on managed access points for managing, controlling, and optimizing network performance.
Security
• Identity-based security authentication with an external RADIUS server or an internal authentication server.
• Rogue access point detection, classication, and mitigation.
• Captive Portal for user authentication.
• Guest Management and ticket generation.
D-Link DWC-2000 User Manual 13
Section 1 - Product Overview
After the site survey is complete, use the collected data to set up an RF plan using the Basic Planning Worksheet in Appendix A.
After you complete the Basic Planning Worksheet, select a location for the wireless controller. The ideal location should:
• Be at and clean, with no dust, water, moisture, or exposure to direct sunlight or vibrations.
• Be fairly cool and dry, and does not exceed 104° F (40° C).
• Not be prone to variations in temperature and humidity, or close to strong magnetic elds or a device that generates electric noise.
• Not place the wireless controller next to, on top o, or below any device that generates heat or will block the free ow of air through the wireless controller’s ventilation slots. Leave at least 3 feet (91.4 cm) clear on both sides and rear of the controller.
• Allow you to reach the wireless controller and all cables attached to it.
• Have a working AC power outlet that is not controlled by a wall switch that can accidentally remove power to the outlet.
Package Contents
Each wireless controller package contains the following items:
• One D-Link DWC-2000 Wireless Controller
• One power cord
• One RJ-45 to DB-9 console cable
• One 3-foot Ethernet Category 5 UTP/straight-through cable
• One Reference CD-ROM containing product documentation in PDF format
• Two rack-mounting brackets
• Quick Installation Guide
Required Tools and Information
You will need the following additional items to install your wireless controller:
• D-Link DWL-2600AP, DWL-3600AP, DWL-6600AP, DWL-8600AP, and/or DWL-8610AP access points.
• A computer with a supported web browser for conguration (refer to page 20).
D-Link DWC-2000 User Manual 14
Section 1 - Product Overview
1
2
3
Front Panel
4 5
1 Power LED
2 Reset Button
3 Fan LED Indicates the fan status on the wireless controller.
4 USB Ports
5 Module Bay Slot for the hard disk drive module. 6 Fiber Ports (1-4) Four 100/1000 SFP combo ports labeled 1 through 4
7 LAN Ports (1-4)
8 Console Port
A solid green light indicates a good connect to a power source. This LED will be orange during bootup.
Press and hold for 10 seconds to reset the wireless controller back to the factory default settings.
Two Universal Serial Bus (USB) 2.0 ports are provided for connecting USB ash drives, hard drives, and printers. A solid LED indicates the USB device is attached. This LED will blink during data transmission.
Four Gigabit Ethernet ports labeled 1 through 4 let you connect Ethernet devices such as computers, switches, and network storage (NAS) devices. Each port has an Activity LED (left) and Link LED (right).
The RJ-45 console cable lets you connect a PC to access the wireless controller’s command-line interface.
6 7 8
Rear Panel
1
2
1 On/O Switch Press to turn the wireless controller on and o. 2 Power Port Connect the supplied power cord to a power outlet or surge protector.
D-Link DWC-2000 User Manual 15
Section 2 - Installation
Installation
A DWC-2000 wireless controller system consists of one or more wireless controllers and a collection of DWL­2600AP, DWL-3600AP, DWL-6600AP, DWL-8600AP, and/or DWL-8610AP access points that are organized into groups based on location or network access. This section describes how to unpack and install the wireless controller system.
Unpacking
Follow these steps to unpack the wireless controller and prepare it for operation:
1. Open the shipping container and carefully remove the contents.
2. Return all packing materials to the shipping container and save it.
3. Conrm that all items listed on page 14 are included in the shipment. Check each item for damage. If
any item is damaged or missing, notify your authorized D-Link representative.
Selecting a Location
Selecting the proper location for the wireless controller is essential for its successful operation. To ensure optimum performance, D-Link recommends that you perform a site survey. A site survey should enable you to:
• Identify how Wi-Fi coverage should be provided.
• Determine access point placement locations, and identify areas with weak signal or dead spots that require additional access points.
• Determine areas of heavier usage that might require dense access point coverage.
• Determine the indoor propagation of RF signals.
• Identify potential RF obstructions and interference sources.
• Run a spectrum analysis of channels of the site to ascertain current RF behavior, and detect both 802.11 and non-802.11 noise.
• Run an access point-to-client connectivity test to determine maximum throughput achievable on the client.
After the site survey is complete, use the collected data to set up an RF plan using the Basic Planning Worksheet in Appendix A. After you complete the Basic Planning Worksheet, select a location for the wireless controller. The ideal location should:
• Be at and clean, with no dust, water, moisture, or exposure to direct sunlight or vibrations.
• Be fairly cool and dry, and does not exceed 104
• Not be prone to variations in temperature and humidity, or close to strong magnetic elds or a device that generates electric noise.
• Not place the wireless controller next to, on top o, or below any device that generates heat or will block the free ow of air through the wireless controller’s ventilation slots. Leave at least 3 feet (91.4 cm) clear on both sides and rear of the controller.
• Allow you to reach the wireless controller and all cables attached to it.
• Have a working AC power outlet that is not controlled by a wall switch that can accidentally remove power to the outlet.
0
F (400 C).
D-Link DWC-2000 User Manual 16
Section 2 - Installation
Rack Mount
The wireless controller can be mounted in a standard 19-inch equipment rack.
1. Attach the mounting brackets to each side of the chassis and secure them with the supplied screws.
2. Use the screws provided with the equipment rack to mount the wireless controller into the rack.
D-Link DWC-2000 User Manual 17
Section 2 - Installation
Connecting the Wireless Controller
To install the wireless controller, perform the following procedure:
1. Install the switch and access points according to the instructions in their documentation.
2. Connect one end of an Ethernet LAN cable to one of the ports labeled LAN (1-4) on the front of the
wireless controller. Connect the other end of the cable to an available RJ-45 port on a switch in the LAN network segment.
3. Connect one of the wireless controller ports labeled LAN (1-4) to the network or directly to a PC.
4. Using the supplied power cord, connect the wireless controller to a working AC outlet.
5. The Power LED will illuminate orange during boot up. The LED will turn green once the wireless controller
has booted.
D-Link DWC-2000 User Manual 18
Section 3 - Basic Conguration
Basic Conguration
After you install the wireless controller, perform the basic conguration instructions described in this section which includes:
• “Log in to the Web Management Interface” on page 20
• “Web Management Interface Layout” on page 22
• “Standard Web Management Interface Features” on page 23
• “Basic Conguration Procedures” on page 24
Using the information in this chapter, you can perform the basic information and get your wireless controller up and running in a short period of time.
D-Link DWC-2000 User Manual 19
Section 3 - Basic Conguration
Log in to the Web Management Interface
Conguration procedures using the wireless controller’s web management interface are performed using one of the following supported web browsers:
• Microsoft Internet Explorer 9.0 or higher
• Mozilla Firefox 23 or higher
• Apple Safari 5.1.7 or higher (Windows)
• Apple Safari 6.1.3 or higher (iOS)
• Google Chrome 26 or higher
Before you perform the following procedure:
• Congure your PC running the web browser to use an IP address on the 192.168.10.x network, with a subnet mask of 255.255.255.0.
• Congure your web browser to accept cookies, prompt for pop-ups, and allow sites to run JavaScript.
• Upgrade the rmware for your wireless controller (see “Upgrading Firmware” on page 20).
• Upgrade the rmware for your access points after you upgrade the wireless controller rmware (refer to the documentation for your access points).
To log in to the web management interface:
1. Launch a web browser on the PC.
2. In the address eld of your web browser, type the IP address for the wireless controller web
management interface. The default IP address is http://192.168.10.1. A login prompt will appear. If the login prompt does not appear, see “Web Management Interface” on page 257.
3. If you are logging in for the rst time, the default user name is admin and the default password is
admin. Both the user name and password are case-sensitive.
Note: We recommend that you change the password to a new, more secure password (see “Editing Users” on
page 174) and record it in Appendix A.
D-Link DWC-2000 User Manual 20
Section 3 - Basic Conguration
4. Click Login. The web management interface opens with the System Status page. This page displays
general, LAN, and WLAN status information. You can return to this page at any time by clicking Status > Dashboard.
5. To log out of the web management interface, click the Logout icon, which is in the top-right corner of
the page in the System Menu area.
D-Link DWC-2000 User Manual 21
Section 3 - Basic Conguration
Web Management Interface Layout
A web management interface screen can include the following components:
1st level: Main navigation menu tab. The main navigation menu tabs appear across the top of the web management interface. These tabs provide access to all conguration menus and remain constant.
2nd level: Main navigation submenu tab. The main navigation submenu tabs appear on drop-down menus when you move your mouse over the main navigation menu tabs.
3rd level: Middle menu tabs. Some pages have menu tabs below the main navigation menu tab which lead to other pages when you click on them.
4th level: Workspace. The workspace shows the parameters associated with the selected menu and submenu.
Action buttons: Action buttons change the conguration or allow you to make changes to the conguration. Common action buttons are:
Save: Saves all conguration changes made on the current screen. Saved settings are retained
when the wireless controller is powered o or rebooted, while unsaved conguration changes are
lost. – Cancel: Resets options on the current screen to the last-applied or last-saved settings. – Add: Adds a new item to the current screen. – Right-click: Right-clicking list table items allow you to do more action for the existing items.
o Edit: Modify the conguration of this item. o Delete: Delete this item. o Move: Move this item to specic position. o Enable: Enable this item. o Disable: Disable this item. o Apply: Apply this change to existing conguration. o Copy: Copy the conguration value of this item and create a new item. o Manage: Manage the discovered access point. o View Information: The information would be various depending on the items.
D-Link DWC-2000 User Manual 22
Section 3 - Basic Conguration
Standard Web Management Interface Features
There are several standard features in the web management interface.
The Help feature has explanations for the various functions and settings on the interface. Click on the question mark icon to bring up the Help menu. It is always located near the top right corner of the screen.
System Search allows you to search for a function or feature by typing in a word into the search box. The search box is always located near the top-right corner of the screen.
The Wizard feature provides a number of helpful guides to common conguration task such as setting up the device, connecting to the internet, conguring wired and wireless networking, setting security options, and creating new users. Click on the Wizard wand icon to bring up the wizard. It is always located near the top-right corner of the screen, on the left of the System Search box.
Refresh allows you to refresh the interface in order for changes to take eect immediately. Click on the refresh icon near the top-right corner of the screen, to the right of the Help icon.
Logout allows you to log out of the interface securely after you have nished. Click on the Logout icon at the top-right corner of the screen.
Menu Navigation Route - Displays the menu route for the current page.
Displays the number of items on the table in one page. The system can list 10, 25, 50, 100 entries in one page.
First/ Previous/ Next/ Last (on table) Information would be shown in multiple pages. Use First/ Previous/ Next/ Last to switch pages. The page change function is always located near the bottom right corner of the table
Search bar (on table) Table content search allows you to search information in the table by typing in a word into the search box. The search box is always located near the top right corner of the table.
Ranking/sort (on table) Rank/sort the relative order of value and information on the table by clicking table header.
D-Link DWC-2000 User Manual 23
Section 3 - Basic Conguration
Basic Conguration Procedures
To perform common basic conguration procedures, follow the steps below:
• “Step #1: Enable DHCP Server (Optional)” on page 25
• “Step #2: Congure Country Code” on page 26
• “Step #3: Select APs to be Managed” on page 27
• “Step #4: Change the SSID and Set Up Security” on page 29
• “Step #5: Select MAC Authentication Mode” on page 34
• “Step #6: Conrm Access Point Prole is Associated” on page 36
• “Step #7: Congure Captive Portal Settings” on page 37
• “Step #8: Use SSID with RADIUS Sever as Authenticator” on page 45
• “Step #9: Congure Guest Management” on page 46
• “Step #10: Congure a BYOD Environment” on page 53
D-Link DWC-2000 User Manual 24
Section 3 - Basic Conguration
Step #1: Enable DHCP Server (Optional)
By default, Dynamic Host Conguration Protocol (DHCP) is disabled on the wireless controller. If you are not conguring your access points with static IP addresses, set up a DHCP server, or DHCP server relay on the network. If desired, perform the following procedure to congure your wireless controller to act as a DHCP server.
1. Click Network > LAN > LAN Settings > IPv4 LAN Settings. The LAN Settings page will appear.
2. Under IP Address Setup, change the IP Address and Subnet Mask to values used within your network. Record the settings; you will refer to them later in this procedure.
3. Click Save.
4. Wait 60 seconds and then relaunch your web browser.
5. In the web browser’s address eld, enter the new IP address you recorded in step 2.
6. Click Network > LAN > LAN Settings >IPv4 LAN Settings.
7. In the LAN Settings page, change DHCP Mode to DHCP Server. This will bring up several new elds below DHCP Mode.
8. Complete the elds below and click Save.
Field Description
Starting IP
Address
Ending IP Address Enter the ending IP address in the IP address pool.
Default Gateway Enter the IP address of the gateway for your LAN.
Domain Name Enter the domain name.
Lease Time Enter the lease time of the assigned IP addresses.
Congure DNS/
WINS
Primary DNS
Server
Secondary DNS
Server
WINS Server
Enter the starting IP address in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address within the starting and ending IP address range. Starting and ending IP addresses should be in the same IP address subnet as the wireless controller’s LAN IP address.
Turn this on to enter the IP address of the DNS or WINS server.
If congured Domain Name System (DNS) servers are available on the LAN, enter the IP address of the primary DNS server.
If congured domain name system (DNS) servers are available on the LAN, enter the IP address of the secondary DNS server.
If Windows Internet Name Service (DNS) servers are available on the LAN, enter the IP address of the WINS server.
D-Link DWC-2000 User Manual 25
Section 3 - Basic Conguration
Step #2: Congure Country Code
Each country has its regulation for the radio usage. Use the following procedure to select the country where the wireless networks are.
1. Click Wireless > General > General. The General Setting page will appear.
2. At the bottom, select the Country Code from the drop-down menu and click Save.
D-Link DWC-2000 User Manual 26
Section 3 - Basic Conguration
Step #3: Select APs to be Managed
The wireless controller automatically discovers managed and unmanaged access points on the WLAN that are in the same IP subnet. Use the following procedure to select the access points that the wireless controller will manage.
1. Click Wireless > Access Point > Discovered AP List. The Discovered AP List page will appear with a list of access points that the wireless controller has discovered.
2. Under Discovered AP List, right-click on the access point you want the wireless controller to manage and select Manage.
3. Complete the elds in the Manage AP page (refer to the next page) and click Save. When the conrmation appears, click OK.
D-Link DWC-2000 User Manual 27
Section 3 - Basic Conguration
Field Description
MAC Address MAC address of the access point.
Select standalone, managed, or rogue. Selecting standalone will require you to ll out the elds below from Location to Expected Wired Network Mode.
• Standalone
AP Mode
Location Optional eld to identify location of the access point being managed.
Expected SSID
Expected Channel
Expected WDS
Mode
Expected Security
Mode
Expected Wired
Network Mode
Authentication If AP Mode = Managed, turn on to require a password for authentication.
Prole If AP Mode = Managed, select a prole to apply for AP conguration.
Radio
Channel If AP Mode = Managed, this is operating channel for the radio.
Power If AP Mode = Managed, this is percentage of power to use for the radio.
• Managed = Access point prole conguration has been applied to the access point and the access point operating in managed mode.
• Rogue = Access point has not tried to contact the wireless controller and the access point’s MAC address is not in the Valid AP database.
If AP Mode = Standalone, the SSID that the access point should be set to is displayed. This is for reference only.
If AP Mode = Standalone, the channel to be used for wireless communication is displayed. This is for reference only.
If AP Mode = Standalone, the WDS (Wireless Distributed System) mode to be used if you intend to use WDS. This is for reference only.
If AP Mode = Standalone, the security mode to be used is displayed. This is for reference only.
If AP Mode = Standalone, select whether wired networking is going to be allowed. This is for reference only.
If AP Mode = Managed, this is Wireless radio mode that the access point is using is displayed. The elds below appear after you have selected Managed AP Mode.
4. Repeat steps 2 and 3 for each additional access point you want the wireless controller to manage.
D-Link DWC-2000 User Manual 28
Section 3 - Basic Conguration
Step #4: Change the SSID and Set Up Security
You can congure up to 50 separate networks on the wireless controller and apply them across multiple radio and virtual access point interfaces. By default, 16 networks are pre-congured and applied in order to the access points on each radio. In this procedure, you will edit one of the pre-congured networks and change its SSID and security settings to suit your requirements.
1. Click Wireless > Access Point > AP Prole > AP Prole SSID. The following page will appear with a list of the wireless networks congured on the wireless controller.
2. Under the SSID Status column, select an SSID by right-clicking on it and clicking Edit. The following page will appear.
D-Link DWC-2000 User Manual 29
Section 3 - Basic Conguration
3. Complete the Security elds on the SSID Prole Conguration page.
Field Description
SSID
VLAN
Security
Enter the case-sensitive name of the wireless network. Be sure the SSID is the same for all device in your wireless network.
Enter a VLAN ID. Be sure this VLAN ID had been created on VLAN Setting (Network > VLAN > VLAN Setting).
The default access point prole does not use any security mechanism. To protect your network, we recommend you select a security mechanism to prevent unauthorized wireless clients from gaining access to your network. Choices are:
• None = no security mechanism is used.
• WEP = enable WEP security. Complete the options in Table 3-1.
• WPA/WPA2 = enable WPA/WPA2 security. Complete the options in Table 3-2.
Table 3-1 WEP Page Settings
Field Description
• Static WEP = uses static key management. You manually congure the same keys to encrypt data on both the wireless client and the access point. Dynamic WEP (WEP IEEE
Security
Authentication
WEP Key
WEP Key
Length (bits)
802.1x) uses dynamically generated keys to encrypt client-to- access point trac.
• WEP IEEE 802.1X = screen refreshes, and there are no more elds to congure. The access point uses the global RADIUS server or the RADIUS server you specied for the wireless network.
Select the authentication type. Choices are:
• Open System = any wireless station can request authentication. The station that needs to authenticate with another wireless station sends an authentication management frame that contains the identity of the sending station. The receiving station returns a frame that indicates whether it recognizes the sending station.
• Shared Key = each wireless station is assumed to have received a secret shared key over a secure channel that is independent from the 802.11 wireless network communications channel.
Select the key type. Choices are:
• ASCII = upper- and lower-case alphabetic letters, numeric digits, and special symbols such as @ and #.
• HEX = digits 0 to 9 and letters A to F.
Select the length of the WEP key. Choices are:
• 64 = 64 bits
• 128 = 128 bits
Transfer Key Index. Indicates which WEP key the access point uses to encrypt the data it
Tx
WEP Keys
transmits. To select a transfer key, click the button in front of the key number and the eld where you enter the key.
You can specify four WEP keys. In each text box, enter a string of characters for each of the RC4 WEP keys shared with the stations using the access point. Use the same number of characters for each key. The number of keys you enter depends on the WEP Key Type and WEP Key Length selections. The following list shows the number of keys to enter in the eld:
• 64 bit = ASCII: 5 characters; Hex: 10 characters
• 128 bit = ASCII: 13 characters; Hex: 26 characters
Each client station must be congured to use one of these WEP keys in the same slot as specied here.
D-Link DWC-2000 User Manual 30
Section 3 - Basic Conguration
Table 3-2 WPA/WPA2 Page Settings
Field Description
If you select WPA for Security, the following two additional security options are displayed.
• WPA Personal = uses static key management. You manually congure the same keys to encrypt data on both the wireless client and the access point. WPA Enterprise uses a RADIUS server and dynamically generated keys to encrypt client-to- access point trac. WPA
Security
WPA Versions
WPA Ciphers
WPA Key Type
Enterprise is more secure than WPA Personal, but you need a RADIUS server to manage the keys.
• WPA Enterprise = more secure than WPA Personal, but you need a RADIUS server to manage the keys. If you click this option, the screen refreshes and the WPA Key Type and WPA Key elds are hidden. The access point uses the global RADIUS server or the RADIUS server you specied for the wireless network.
Select the types of client stations you want to support. Choices are: WPA = if all client stations on the network support the original WPA but none supports WPA2,
select WPA. WPA2 = if all client stations on the network support WPA2, use WPA2, which provides the best
security per the IEEE 802.11i standard. WPA and WPA2 = if you have a mix of clients that support WPA2 or WPA, select both boxes. This
lets both WPA and WPA2 client stations associate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA conguration allows more interoperability, at the expense of some security.
Select the cipher suite you want to use. Choices are:
• TKIP
• CCMP (AES)
• TKIP and CCMP (AES)
Both TKIP and AES clients can associate with the access point. WPA clients must have a valid TKIP key or AES-CCMP key to associate with the access point.
802.11n clients cannot use the TKIP cipher. If you enable TKIP only, 802.11 clients cannot authenticate with the network.
Enter a WPA key type. Range: ASCII, including upper- and lower-case alphabetic letters, numeric digits, and special symbols such as @ and #
Enter the shared secret key for WPA Personal.
WPA Key
Bcast Key Refresh
Rate (seconds)
Pre-Authentication If Security= WPA Enterprise, turn on to enable pre-authentication.
Pre-Authentication
Limit
Key Caching Hold
Time
Session Key Refresh
Rate
Range: 8 – 62 characters, including upper- and lower-case alphabetic letters, numeric digits, and special symbols such as @ and #
Enter a value to set the interval at which the broadcast (group) key is refreshed for clients associated to this VAP. Range: 0 - 86400 seconds (0 = broadcast key is not refreshed)
If Security= WPA Enterprise, the Pre-Authentication Limit eld will appear below for you to enter a value between 0 and 192.
If Security= WPA Enterprise, enter the amount of minutes a PMK will be held by the AP. This applies to Pairwise Master Keys (PMKs) generated by RADIUS, those that come from pre‐authentication, and those that are forwarded to the AP. Note that this time limit can be overridden by RADIUS if the RADIUS server returns a longer time in the Session‐Timeout attribute for a particular user. The valid values of this are from 1 – 1440 minutes. If you do not enter a value, APs will not forward the PMK for the wireless client to other APs in case the client roams to another AP.
If Security= WPA Enterprise, enter a value to set the interval at which the AP will refresh session (unicast) keys for each client associated to the VAP. The valid range is 0-86400 seconds. A value of 0 indicates that the broadcast key is not refresh.
D-Link DWC-2000 User Manual 31
Section 3 - Basic Conguration
4. To add a new SSID, go to at Wireless > Access Point > SSID Prole and click the Add New SSID Prole button.
5. Fill out the elds below and click Save.
D-Link DWC-2000 User Manual 32
Section 3 - Basic Conguration
6. Click Wireless > Access Point > AP Prole. Click on the AP Prole SSID tab on the middle menu. The Access Point Proles SSID List will appear.
7. Select the SSID you wish to edit from the AP Prole drop-down menu.
8. Click the radio button next to the Radio Mode you prefer.
9. Select the SSID you wish to congure on the radio from SSID Name drop-down menu or right-click the SSID network you want to enable and click Enable on the AP Prole SSID List.
Note: SSID ID 1 is always enabled. If you do not want to have the rst SSID enabled, you must
create a new SSID to be able to swap another SSID in the rst slot.
D-Link DWC-2000 User Manual 33
Section 3 - Basic Conguration
Step #5: Select MAC Authentication Mode
MAC authentication is useful in networks that operate in Open mode to grant and deny access to clients with specic MAC addresses. MAC Authentication can also be used in conjunction with 802.1X security methods, in which case MAC Authentication is done prior to 802.1X authentication. To enable MAC authentication, wireless clients must rst be authenticated by the Unied Access Point (UAP) in order to connect to the network.
The wireless controller provides two MAC Authentication Mode, the white-list or the black-list.
White-list: Select this option to grant access to any wireless clients with MAC addresses that are specied in the MAC Authentication database or RADIUS server, and are not explicitly denied access. If the MAC address is not in the database, then access will be denied to the client.
Black-list: Select this option to deny access to any wireless clients with MAC addresses that are specied in the MAC Authentication database or RADIUS server, and are not explicitly granted access. If the MAC address is not in the database, then access will be granted to the client.
1. Click Wireless > General > General.
2. Next to Client MAC Authentication Mode, select Black-list or White-list. Click Save.
D-Link DWC-2000 User Manual 34
Section 3 - Basic Conguration
3. Click Security > Authentication > User Database > MAC Authentication. The MAC Authentication setting page will appear. The List Type will display what your selection was in Step 2.
4. Click Add New MAC Authentication. Fill in the client’s MAC address and name, and then click Save.
5. Click Wireless > Access Point > SSID Proles.
6. Select an SSID by right-clicking on it and clicking Edit. The following pop-up page will appear. Select Local and click Save.
D-Link DWC-2000 User Manual 35
Section 3 - Basic Conguration
Step #6: Conrm Access Point Prole is Associated
Use the following procedure to conrm that the access point prole is associated with the wireless controller.
Note: Each time you change conguration settings, perform this procedure to apply the changes to the access point.
1. Go to Wireless > Access Point > AP Prole.
2. Under Access Point Prole List, right-click on the AP prole you want to update and click Apply.
3. Wait 30 seconds and then click the refresh icon to verify that the prole is associated. Your associated access point is congured and ready to authenticate wireless users.
D-Link DWC-2000 User Manual 36
Section 3 - Basic Conguration
Step #7: Congure Captive Portal Settings
Conguring the wireless controller’s captive portal settings with local database is a 4-step process:
1. Create a captive portal group
a. Go to Security > Authentication > User Database > Groups. The Groups List page will appear.
b. Click Add New Group. The Group Conguration page will appear.
c. Complete the elds in the table below and click Save.
Field Description
Group Name Enter a name for the group.
Description Enter a description of the group.
Captive Portal User Enable this option under User Type.
D-Link DWC-2000 User Manual 37
Section 3 - Basic Conguration
2. Add captive portal users
a. Go to Security > Authentication > User Database > Users. The Users List will appear.
b. Click Add New User. The User Conguration page will appear.
D-Link DWC-2000 User Manual 38
Section 3 - Basic Conguration
c. Complete the elds in the table below and click Save.
Field Description
User Name
First Name
Last Name
Select Group Select the captive portal group to which this user will belong.
Enable Password Change
MultiLogin More than one device can login with the same username/ password.
Password
Conrm Password
Enter a unique name for this user. The name should allow you to easily identify this user from others you may add.
Enter the rst name of the user. This is useful when the authentication domain is an external server, such as RADIUS.
Enter the last name of the user. This is useful when the authentication domain is an external server, such as RADIUS.
This is the option for administrator to enable/ disable “change Password” link in Captive Portal page.
Enter a case-sensitive password that the user must specify before gaining access to the Internet. For security, each typed password character is masked with a dot (•).
Enter the same case-sensitive password entered in the Password eld. For security, each typed password character is masked with a dot (•).
D-Link DWC-2000 User Manual 39
Section 3 - Basic Conguration
3. Associate the captive portal group to a SSID Prole
a. Click Wireless > Access Point > AP Prole > AP Prole SSID.
b. Under the SSID column, select an SSID that will use the Captive Portal function by right-clicking
on it and clicking Edit. The following pop-up page will appear.
D-Link DWC-2000 User Manual 40
Section 3 - Basic Conguration
c. Select a user type from the drop-down menu next to Captive Portal Type. Choosing Free will allow
immediate access through the Captive Portal; choosing SLA will require the end user to agree to a service level agreement before being allowed access. Choosing Permanent User will allow for selecting an authentication method such as local user database, RADIUS, LDAP, or POP3. Choosing Temporary User or Billing User the authentication method is local user database.
In this case, the user account in the local database is a permanent user account. Select Permanent
User on Captive Portal Type and select Local User Database on Authentication Server.
d. Select the customized login page from the Login Prole Name drop-down menu.
e. Click Save.
The captive portal is now associated to the selected SSID. To test your conguration from a client, connect to the captive portal SSID to log in to the captive portal. Enter an IP address on the captive portal network to see the controller redirect request to the captive portal page.
If the authentication database is using the RADIUS server, on step c above choose Permanent User on Captive Portal Type and select RADIUS Server on Authentication Server.
4. Customize the captive portal login page.
a. Go to Security > Authentication > Login Proles. The Login Proles page will appear.
D-Link DWC-2000 User Manual 41
Section 3 - Basic Conguration
b. Under the Login Proles List, click Add New Login Prole to add a new prole or right-click an
existing prole and click Edit to edit the prole. The Login Prole Conguration page will appear.
D-Link DWC-2000 User Manual 42
Section 3 - Basic Conguration
c. Complete the elds in the table below and click Save. The message Operation Succeeded will
appear.
Field Description
General Details
Prole Name
Browser Title Enter the text that will appear in the title of the browser during the captive portal session.
Background
Page Background
Image
Page Background
Color
Enter a name for this captive portal prole. The name should allow you to dierentiate this captive prole from others you may set up.
Select whether the login page displayed during the captive portal session will show an image or color. Choices are:
• Image = displays an image as the background on the page. Use the Page Background Image eld to select a background image.
• Color = sets the background color on the page. Select the color from the drop-down menu
If you set Background to Image, upload the image le by clicking Add > Browse. Select an image, click Open and then click the Upload button. The maximum size of the image is 100 kb.
If you set Background to Color, select the background color of the page that will appear during the captive portal session from the drop-down menu.
Custom Color If you choose Custom on Page Background Color, enter the HTML color code.
Header Details
Select whether the login page displayed during the captive portal session will show an image or color. Choices are:
Background
Header Background
Image
Header Background
Color
Custom Color
Header Caption Enter the text that appears in the header of the login page during the captive portal session.
Caption Font Select the font for the header text.
Font Size Select the font size for the header text.
Font Color Select the font color for the header text.
• Image = show image on the page. Use the Header Background Color eld to select a background color. The maximum size of the image is 100 kb.
• Color = show background color on the page. Use the radio buttons to select an image.
If you set Background to Image, upload the image le by clicking Add > Browse. Select an image, click Open and then click the Upload button. The maximum size of the image is 100 kb.
If you set Background to Color, select the header color from the drop-down menu.
If you choose Custom on Page Background Color, you can choose particular color by lling in the HTML color code.
D-Link DWC-2000 User Manual 43
Section 3 - Basic Conguration
Field Description
Login Details
Login Section Title
Welcome Message
Error Message
Enter the text that appears in the title of the login box when the user logs in to the captive portal session. This eld is optional.
Enter the welcome message that appears when users log in to the captive session successfully. This eld is optional.
Enter the error message that appears when users fail to log in to the captive session successfully. This eld is optional.
Footer Details
Change Footer
Content
Footer Content If Change Footer Content is checked, enter the text that appears in the footer.
Enables or disables changes to the footer content on the login page.
Footer Font Color
d. Under Login Proles List, right-click the prole and click Show Preview to view the prole you just
congured. Conrm that the appearance of the login page suits your requirements. If not, repeat steps 4b and 4c as necessary.
If Change Footer Content is checked, select the color of the text that appears in the footer.
D-Link DWC-2000 User Manual 44
Section 3 - Basic Conguration
Step #8: Use SSID with RADIUS Sever as Authenticator
To use SSID with RADIUS authentication, perform the following procedure.
1. Go to Security > External Auth Server > RADIUS Server.
2. Complete the elds below and click Save. Your access point will be congured to use RADIUS authentication server.
3. Click Server Checking to test the connection between the DWC-2000 and your RADIUS server.
Field Description
Server Checking Click to test the connection between the controller and your RADIUS server.
Authentication Server
IP Address
Authentication Port RADIUS authentication port number to send RADIUS messages.
Secret
Timeout Set the timeout in seconds. The controller should wait for a response from the RADIUS server.
Retries The number of tries the controller will make to the RADIUS server before giving up.
IP address of your RADIUS authentication server.
Enter the secret key that allows the device to log into the congured RADIUS server. It must match the secret on RADIUS server.
D-Link DWC-2000 User Manual 45
Section 3 - Basic Conguration
Step #9: Congure Guest Management
The wireless controller can generate temporary guest accounts from front desk manage accounts. To congure guest management, perform the following procedure.
1. Create a front desk group.
a. Go to Security > Authentication > User Database > Groups. The Groups List page will appear. b. Click Add New Group. The Group Conguration page will appear. c. Fill in group name and description, and select Front Desk on User Type.
2. Add front desk users.
a. Go to Security > Authentication > User Database > Users. The Users List will appear. b. Click Add New User. The User Conguration page will appear. c. Complete the elds and select the front desk group you created in the previous step on Selected
Group.
3. Create a billing prole.
a. Go to Security > Authentication > Billing Prole. Click Add New Billing Prole. b. The billing prole settings include four milestones by timeline:
D-Link DWC-2000 User Manual 46
Section 3 - Basic Conguration
• Account Creation: the temporary account is generated by front desk account in the local database.
• Account Activation: the temporary account is activated and it is valid for use.
• Account Depletion: the temporary account is run out usage time or usage volume.
• Account Expiration: the temporary account is expired no matter usage time/ volume running out or not, and it is removed from the local database.
Below are ve most common types of billing proles:
I. The temporary account usage time is limited by duration. The account has the expiration time. The
account is valid while the account is created.
This billing prole is suitable for the scenario in Hotel. The temporary account is created and valid while
customers check-in.
II. The temporary account usage time is limited by duration. The account has the expiration time. The
account is valid while the account rst logs in.
This billing prole is suitable for the scenario in Coee Shop, Airport, etc. The customer can use wireless
internet service for a period of time counting from rst time logs in.
D-Link DWC-2000 User Manual 47
Section 3 - Basic Conguration
III. The temporary account is valid with specic date and time. The account has the expiration time.
This billing prole is suitable for the scenario in Press Conference. The organizer generates accounts
before the event and delivery account information to participator in advanced if necessary. The temporary account would be only valid from specic date and time.
IV. The temporary account has limited time usage. The account doesn’t have the expiration time until the
usage is run out.
This billing prole is suitable for the scenario in Hotspot. The service provider charge the wireless service
based on usage time. This account allows multiple devices log in at the same time.
V. The temporary account has limited usage trac. The account doesn’t have the expiration time until the
usage is run out.
This billing prole is suitable for a Hotspot scenario. The service provider charge the wireless service
based on usage volume.
c. Complete the elds below:
D-Link DWC-2000 User Manual 48
Section 3 - Basic Conguration
Field Description
Prole Details
Prole Name Each prole will be having a prole Name to identify itself.
Prole Description This is the description of the prole
Allow Multiple Login
Allow Customized Account on
Front Desk
Allow Batch Generation on
Front Desk
Session Idle Timeout Idle timeout for CP users generated for this prole.
Show Alert Message on Login
Page while Rest of Usage Time/
Trac Under
Checking this option will allow multiple users to use same captive portal login credentials created for this prole to login simultaneously.
Checking this option enables front desk user to give customized account name to the captive portal users being created on this prole.
Checking this option enables front desk user to generate a batch of temporary captive portal users at one click.
Enter a value here in Hours/Days/MB/GB to get an alert message when usage time/ trac left reaches the desired limit. By default if 0 is entered it implies no alert message is required.
Basic Limit by Duration
Valid with Begin and End Time Limitations on Duration basis
If you enable Valid with Begin and End Time, There are 3 types of limiting user access by duration:
Valid Begin
Start While Account Created
1. Start While Account Created: Activate account when user is created
2. Start While Account Login: Activate account when user rst login using his credentials.
3. Begin From: Activate account from this date
If you select Start While Account Created, enter a value in Hours/Days to set duration of usage time.
Start While Account Login
Begin From If you choose Begin From, select a specic time and date for the account valid begin.
Allow Front Desk to Modify
Duration
If you select Start While Account Login, enter a value in Hours/Days to set duration of usage time.
If you enable Valid with Begin and End Time, checking this option enables the front desk user to modify duration limits.
Basic Limit by Usage
Maximum Usage Time Maximum time user can stay login before his account expires.
Maximum Usage Trac
Allow Front Desk to Modify
Usage
Maximum trac user can use before his account expires. Only inbound trac shall be considered towards bandwidth usage.
If you enable Maximum Usage Time or Maximum Usage Trac, checking this option enables the front desk user to modify usage limits.
D-Link DWC-2000 User Manual 49
Section 3 - Basic Conguration
4. Select an Interface for the guest captive portal. a. Click Wireless > Access Point > SSID Proles. The SSID Prole List page will appear. b. Under the SSID column, select an SSID that will use the Captive Portal function by right-clicking
on it and clicking Edit. c. Select a Captive Portal Type from the drop-down menu. d. Click Save.
Note: Apply AP Prole from Wireless > Access Point > AP Proles if the SSID have been associated with
a used AP Prole to change the conguration.
5. Generate guest accounts. a. Log in the Front Desk page by entering http://<ip_address>/frontdesk (e.g., http://192.168.10.1/
frontdesk). Enter the username and password of a user you created in a “Front Desk” group.
b. Select a billing prole. Modify the usage if you want. Click Generate.
D-Link DWC-2000 User Manual 50
Section 3 - Basic Conguration
c. Print out the account information by clicking Print. The information would send to the internet
printer. Only one user account can be created at a time.
6. Monitor user account status. a. Monitor temporary account status and extend account usage duration or volume. Click View
Account for reviewing generated temporary status.
D-Link DWC-2000 User Manual 51
Section 3 - Basic Conguration
b. Select an account and right-click View Details to view more information.
7. Extend user account usage.
a. Select an account and right-click Extend Session. Manually change the usage time/trac.
Note: Make sure that Allow Front Desk to Modify Usage is turned on in the “Captive Portal Billing Prole
Conguration” page.
b. Click Save.
D-Link DWC-2000 User Manual 52
Section 3 - Basic Conguration
Step #10: Congure a BYOD Environment
The trend of Bring Your Own Device (BYOD) in the work place is a new challenge on network security and management. Many corporations that allow employees to use their own devices at work expect to have better performance and productivity; however, on the downside, corporations also are concerned with network security and information leakage by using private devices. How to distinguish between corporate-provided devices and private devices (BYOD device) is a major task for IT teams.
Use device MAC authentication to enforce client associating specic SSIDs based on the device which is corporate­provided or private. All connectivity from SSIDs required performing authentication before granted authority. To congure a BYOD environment, perform the following procedures:
The authentication methods on each SSID are dierence:
dlink_corporate SSID: This SSID is for D-Link employees who works with cooperate-provided drives. It requires device MAC authentication and Captive Portal to complete the authentication process.
dlink_byod SSID: This SSID is for D-Link employees who work with his/her private drive (BYOD device). It requires Captive Portal to complete the authentication process.
1. Set up VLANs based on the network architecture. Create three VLANs. VLAN1 is the default VLAN for AP
management, VLAN2 is for the trac associated from SSID dlink_corporate, and VLAN3 is for the trac associated from SSID dlink_byod. Associate VLAN 1 to 3 memberships on Port1.
a. Go to Network > VLAN > VLAN Settings. The VLAN List will appear. b. Click Add New VLAN. The VLAN Conguration page will appear. c. Enter a VLAN ID and name. d. Enter the IP range for your VLAN.
D-Link DWC-2000 User Manual 53
Section 3 - Basic Conguration
2. Associate VLAN 1 to three memberships in Trunk mode on Port1.
a. Go to Network > VLAN > Port VLAN. b. Right-click port 1 and click Edit. Select Trunk from the Mode drop-down menu and then select
VLAN1 to VLAN3 (hold CRTL and click 1, 2, and 3) next to VLAN Membership.
c. Click Save.
D-Link DWC-2000 User Manual 54
Section 3 - Basic Conguration
3. Create two SSIDs: dlink_corporate and dlink_byod, and assign VLAN 2 and 3 on these two SSIDs
respectively. Enable MAC authentication on SSID dlink_corporate.
a. Go to Wireless > Access Point > SSID Proles. The SSID Prole List will appear. b. Click Add New SSID Prole. Create “SSID dlink_corporate” and “dlink byod”. c. Enable Captive Portal on both SSIDs and select the Captive Portal Type as Permanent User. d. Select the Authentication Server. The authentication server can be either local database or
external authentication sever (i.e., RADIUS). e. Assign VLAN2 and VLAN3 to “dlink_corporate” and “dlink_byod” respectively. f. Enable MAC authentication on “dlink_corporate”. g. Click Save.
D-Link DWC-2000 User Manual 55
Section 3 - Basic Conguration
4. Create an AP Prole “BYOD”. Associate SSIDs on this prole. a. Go to Wireless > Access Point > AP Prole. b. Click Add New AP Prole. Create a prole called BYOD. c. Click Save.
d. Click the AP Prole SSID tab. Next to AP Prole, make sure BYOD is selected. e. In the SSID list, right-click the dlink_corporate row and select Enable. f. Right-click the dlink_byod row and select Enable. g. Both SSIDs are now associated with the BYOD SSID prole.
D-Link DWC-2000 User Manual 56
Section 3 - Basic Conguration
5. Create Captive Portal accounts on the local database. a. To create a user group, go to Security > Authentication > User Database > Group tab. b. Click Add New Group. Create a group called “EMPLOYEE”. Next to User Type select Network,
and toggle Captive Portal User to On. Enter an Idle Timeout value (in minutes).
c. Click Save.
d. Create user accounts. Go to Security > Authentication > User Database > Users tab. e. Click Add New User to create user accounts. Fill in the elds and select EMPLOYEE next to
Select Group.
f. Click Save.
D-Link DWC-2000 User Manual 57
Section 3 - Basic Conguration
6. Create device MAC authentication database on local database.
a. Go to Security > Authentication > User Database > MAC Authentication tab. b. Next to List Type, the current type is displayed. To change the setting, refer to “Step #5: Select
MAC Authentication Mode” on page 34.
c. Click Add New MAC Authentication. Enter the MAC address of the device and a name. d. Click Save.
Note: If the user authentication and MAC authentication database is external authentication server
(i.e., RADIUS), please refer to “Step #8: Use SSID with RADIUS Sever as Authenticator” on page 45.
7. Discover and manage an access point from the network. Please refer to “Step #3: Select APs to be
Managed” on page 27.
D-Link DWC-2000 User Manual 58
Section 3 - Basic Conguration
Where to Go from Here
After installing the basic conguration procedures, the wireless controller is ready for operation using the factory default settings in Appendix B. These settings should be suitable for most users and most situations.
The wireless controller also provides advanced conguration settings for users who want to take advantage of the more advanced features of the wireless controller. The following sections list the wireless controller’s advanced settings. Users who do not understand these features should not attempt to recongure their wireless controller, unless advised to do so by the technical support sta.
D-Link DWC-2000 User Manual 59
Section 4 - Advanced WLAN Conguration
Advanced WLAN Conguration
While the basic conguration described in the previous chapter is satisfactory for most users, large wireless networks or a complex setup may require the wireless controller’s advanced conguration settings to be congured.
This chapter covers the following commonly used advanced wireless conguration settings.
• “WLAN General Settings” on page 61
• “Channel Plan and Power Settings” on page 64
• “WIDS” on page 67
• “Distributed Tunnel” on page 72
• “WLAN Visualization” on page 73
• “AP Discovery Methods” on page 75
• “Managed APs” on page 78
• “AP Proles” on page 85
• “SSID Proles” on page 98
• “Wireless Distribution System (WDS)” on page 102
• “Peer Group” on page 108
• “AP Firmware Download” on page 110
Note: The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology.
D-Link DWC-2000 User Manual 60
Section 4 - Advanced WLAN Conguration
WLAN General Settings
The WLAN General Conguration page contains the global conguration settings for all managed APs and the wireless controller including WLAN Global Setup, AP Validation, and Country Conguration.
Path: Wireless > General > General
To congure the WLAN general settings:
1. Click Wireless > General > General. The WLAN General Settings page will appear.
2. Complete the elds in the table on the next page.
3. Click Save.
D-Link DWC-2000 User Manual 61
Section 4 - Advanced WLAN Conguration
Field Description
WLAN Global Setup
IP Address Displays the current IP address of the wireless controller.
In order to support larger networks, you can congure wireless controllers as peers,
Peer Group ID
Client Roam Timeout
Ad Hoc Client Status Timeout
AP Failure Status Timeout
Client MAC Authentication Select either White-list or Black-list.
RF Scan Status Timeout
Detected Clients Status Timeout
Tunnel IP MTU Size
Cluster Priority
AP Client QoS
with up to eight controllers in a cluster (peer group). Peer controllers share some information about APs and allow L3 roaming among them. Peers are grouped according to the group ID.
This value determines how long to keep an entry in the Associated Client Status list after a client has disassociated. Each entry in the status list shows an age, and when the age reaches the value you congure in the timeout eld, the entry is deleted.
This value determines how long to keep an entry in the Ad Hoc Client Status list. Each entry in the status list shows an age, and when the age reaches the value you congure in the timeout eld, the entry is deleted.
This value determines how long to keep an entry in the Ad Failure Client Status list. Each entry in the status list shows an age, and when the age reaches the value you congure in the timeout eld, the entry is deleted.
This value determines how long to keep an entry in the RF Scan Status list. Each entry in the status list shows an age, and when the age reaches the value you congure in the timeout eld, the entry is deleted.
This value determines how long to keep an entry in the Detected Client Status list. Each entry in the status list shows an age, and when the age reaches the value you congure in the timeout eld, the entry is deleted.
Select the maximum size of an IP packet handled by the network. The MTU is enforced only on tunneled VAPs. When IP packets are tunneled between the APs and the wireless controller, the packet size is increased by 20 bytes during transit. This means that clients congured for 1500 byte IP MTU size may exceed the maximum MTU size of existing network infrastructure which is set up to switch and route 1518 (1522‐tagged) byte frames. If you increase the tunnel IP MTU size, you must also increase the physical MTU of the ports on which the trac ows. Note: if any of the following conditions are true, you do not need to increase the tunnel IP MTU size:
• The wireless network does not use L3 tunneling.
• The tunneling mode is used only for voice trac, which typically has small packets.
• The tunneling mode is used only for TCP based protocols, such as HTTP. This is because the AP automatically reduces the maximum segment size for all TCP connections to t within the tunnel.
Specify the priority of this controller for the Cluster Controller election. The wireless controller with highest priority in a cluster becomes the Cluster Controller. If the priority is the same for all wireless controllers, then the wireless controller with lowest IP address becomes the Cluster Controller. A priority of 0 means that the wireless controller cannot become the Cluster Controller. The highest possible priority is 255.
Enable or disable the client QoS feature. If AP Client QoS is disabled, the Client QoS conguration remains in place, but any ACLs or DiServ policies applied to wireless trac are not enforced. The Client QoS feature extends the primary QoS capabilities of the wireless controller to the wireless domain. More specically, access control lists (ACLs) and dierentiated service (DiServ) policies are applied to wireless clients associated to the AP
D-Link DWC-2000 User Manual 62
Section 4 - Advanced WLAN Conguration
Field Description
For a wireless controller to manage an AP, you must add the MAC address of the AP to the Valid AP database, which can be kept locally on the controller or in an external RADIUS server. When the controller discovers an AP that is not managed by another wireless controller, it looks up the MAC address of the AP in the Valid AP
AP MAC Validation
Require Authentication
Passphrase
database. If it nds the MAC address in the database, the controller validates the AP and assumes management. Select the database to use for AP validation. Choices are:
• Local: Add the MAC address of each AP to the local Valid AP database.
• RADIUS: Congure the MAC address of each AP in an external RADIUS server.
Select this option to require APs to be authenticated before they can associate with the controller. If you select this option, you must congure the passphrase on the AP while it is in standalone mode as well as in the Valid AP database. To congure the pass phrase on a standalone AP, log onto the AP Administration Web UI and go to the Managed Access Point page, or log onto the AP CLI and use the set managed-ap pass-phrase command. To congure the passphrase for an AP in the local Valid AP database, click the Valid AP page from the Basic Setup page. Then, click the MAC address of the AP and enter the passphrase in the Authentication Password eld. If you enable authentication, it takes place immediately after the controller validates the AP.
AP Validation
Manage AP with Previous
Release Code
Country Code
Discover and manage APs with older rmware.
Country Conguration
Select the country code that represents the country where your controller and APs operate. When you click Submit, a pop-up message asks you to conrm the change. Wireless regulations vary from country to country. Make sure you select the correct country code so that your WLAN system complies with the regulations in your country.
D-Link DWC-2000 User Manual 63
Section 4 - Advanced WLAN Conguration
Channel Plan and Power Settings
The wireless controller software contains a channel plan algorithm that automatically determines which RF channels each AP should use to minimize RF interference. When you enable the channel plan algorithm, the wireless controller periodically evaluates the operational channel on every AP it manages and changes the channel if the current channel is noisy.
Congure Channel Plan
Path: Wireless > General > Channel Algorithm
To congure Channel Algorithm setting:
1. Click Wireless > General > Channel Algorithm > Channel Setting tab. The Channel Setting page will appear.
2. Each AP is dual‐band capable of operating in the 2.4GHz and 5GHz frequencies. The 802.11a/n and
802.11b/g/n modes use dierent channel plans. Before you congure channel plan settings, select the mode to congure. Click either the 5GHz or 2.4GHz tab.
D-Link DWC-2000 User Manual 64
Section 4 - Advanced WLAN Conguration
3. Select Channel Plan Mode. There are three type of modes:
Manual - With the manual channel plan mode, you control and initiate the calculation and assignment of the channel plan. You must manually run the channel plan algorithm and apply the channel plan to the APs.
Interval - In the interval channel plan mode, the controller periodically calculates and applies the channel plan. You can congure the interval to be from every 6 to every 24 hours. The interval period begins when you click Submit.
Fixed Time - If you select the xed time channel plan mode, you specify the time for the channel plan and channel assignment. In this mode the plan is applied once every 24 hours at the specied time.
4. Channel Plan Interval: If you select the Interval channel plan mode, you can specify the frequency at which the channel plan calculation and assignment occurs. The interval time is in hours, and you can specify an interval that ranges between every 6 hours to every 24 hours.
5. Channel Plan Fixed Time: If you select the Fixed Time channel plan mode, you can specify the time at which the channel plan calculation and assignment occurs. The channel plan calculation will occur once every 24 hours at the time you specify.
6. Ignore Unmanaged APs: This function indicates whether the controller should pay attention only to APs managed by the cluster or all detected APs when deciding what channel select for the radio. The setting is enabled by default.
7. Channel Change Threshold: Congure the detected neighbor signal strength that triggers the channel plan to re-evaluate the current operation channel. If the operating channel detects neighbor APs operating on the same channel with signal below this threshold then the AP does not try to select a new channel for the radio. The default value for this threshold is -82dBm. The range is -99dBm to
-1dBm.
8. Managed AP CH Conict Threshold: Once the controller channel interference calculation has done, AP will prepare to change the radio to the less interference channel. To avoid two or more nearing APs change to the same channel at the same time. AP will cancel the channel changing if there have any nearing AP which the signal strength is above the “Managed AP CH conict Threshold” are also attempt change to the same channel.
9. Manual Channel Plan: If you select Manual, click on the Manual Channel Plan tab. Here you can apply and start the channel algorithm on selected access points.
10. Channel Plan History: This eld shows whether the controller is using the automatic channel
adjustment algorithm on the AP 2.4GHz and 5GHz radio.
D-Link DWC-2000 User Manual 65
Section 4 - Advanced WLAN Conguration
Congure Power Settings
Path: Wireless > General > Power Algorithm
You can set the power of the AP radio frequency transmission in the AP prole, the local database or in the RADIUS server. The power level in the AP prole is the default level for the AP, and the power will not be adjusted below the value in the AP prole. The settings in the local database and RADIUS server always override power set in the prole setting. If you manually set the power, the level is xed and the AP will not use the automatic power adjustment algorithm.
To congure Channel Algorithm setting:
1. Click Wireless > General > Power Algorithm > Power Setting tab.
2. You can congure the power as a percentage of maximum power, where the maximum power is the minimum of power level allowed for the channel by the regulatory domain or the hardware capability. Select Manual or Auto Mode.
3. Enter the power change threshold. The default value is -85dBm. The power changes are initiated only if the neighbor radio hears the transmitting radio with the signal strength equal or above the threshold. The signal detected below the threshold is ignored.
4. If you select Manual, click on the Manual Power Adjustments tab. Here you can apply and start the power algorithm on selected access points.
D-Link DWC-2000 User Manual 66
Section 6 - Securing Your Network
WIDS
The Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network and take automatic actions to protect the network.
Congure AP WIDS Settings
Path: Wireless > General > WIDS > AP WIDS Security
The WIDS AP Conguration page allows you to activate or deactivate various threat detection tests and set threat detection thresholds in order to help detect rogue APs on the wireless network. These changes can be done without disrupting network connectivity. Since some of the work is done by access points, the controller needs to send messages to the APs to modify its WIDS operational properties.
Note: The classication settings on the WIDS AP Conguration page are part of the global conguration on the controller and must be manually pushed to other controllers in order to synchronize that conguration.
Many of the tests are focused on identifying APs that are advertising managed SSIDs, but are not in fact managed APs. Detecting such an AP means that a network is either miss‐congured or that a hacker set up a honeypot AP in the attempt to collect passwords or other secure information.
Although operational mode radios can detect most threats, the sentry radios detect the threats faster, especially when a potential rogue is operating on a dierent channel from any of the managed AP radios. The number of deployed sentry radios should be sucient to provide coverage by one sentry radio in every geographical location within the network. A denser sentry deployment may be desirable in order to improve rogue or interferer signal triangulation.
To congure WIDS AP:
1. Go to Wireless > General > WIDS > AP WIDS Security tab.
D-Link DWC-2000 User Manual 67
Section 6 - Securing Your Network
2. Enable or disable the security options as desired (refer to the table below) and click Save.
Field Description
Administrator Congured
Rogue AP
Managed SSID from an
Unknown AP
Managed SSID from a Fake
Managed AP
AP without a SSID
Fake Managed AP on an
Invalid Channel
Managed SSID Detection with
Incorrect Security
Invalid SSID from a Managed
AP
AP is Operating on an Illegal
Channel
Standalone AP with
Unexpected Conguration
If the source MAC address is in the valid‐AP database on the controller or on the RADIUS server, and the AP type is marked as Rogue, then the AP state is Rogue.
This test checks whether an unknown AP is using the managed network SSID. A hacker may set up an AP with managed SSID to fool users into associating with the AP and revealing password and other secure information.
Administrators with large networks who are using multiple clusters should either use dierent network names in each cluster or disable this test. Otherwise, if an AP in the rst cluster detects APs in the second cluster transmitting the same SSID as APs in the rst cluster then these APs are reported as rogues.
A hacker may set up an AP with the same MAC address as one of the managed APs and congure it to send one of the managed SSIDs. This test checks for a vendor eld in the beacons which is always transmitted by managed APs. If the vendor eld is not present, then the AP is identied as a fake AP.
SSID is an optional eld in beacon frames. To avoid detection a hacker may set up an AP with the managed network SSID, but disable SSID transmission in the beacon frames. The AP would still send probe responses to clients that send probe requests for the managed SSID fooling the clients into associating with the hacker’s AP.
This test detects and ags APs that transmit beacons without the SSID eld. The test is automatically disabled if any of the radios in the proles are congured not to send SSID eld, which is not recommended because it does not provide any real security and disables this test.
This test detects rogue APs that transmit beacons from the source MAC address of one of the managed APs, but on dierent channel from which the AP is supposed to be operating.
During RF Scan the AP examines beacon frames received from other APs and determines whether the detected AP is advertising an open network, WEP, or WPA.
If the SSID reported in the RF Scan is one of the managed networks and its congured security not match the detected security then this test marks the AP as rogue.
This test checks whether a known managed AP is sending an unexpected SSID. The SSID reported in the RF Scan is compared to the list of all congured SSIDs that are used by the prole assigned to the managed AP. If the detected SSID doesn’t match any congured SSID then the AP is marked as rogue.
The purpose of this test is to detect hackers or incorrectly congured devices that are operating on channels that are not legal in the country where the wireless system is set up.
Note: In order for the wireless system to detect this threat, the wireless network must contain one or more radios that operate in sentry mode.
If the AP is classied as a known standalone AP, then the controller checks whether the AP is operating with the expected conguration parameters. You congure the expected parameters for the standalone AP in the local or RADIUS Valid AP database. This test may detect network misconguration as well as potential intrusion attempts. The following parameters are checked:
• Channel Number
• SSID
• Security Mode
• WDS Mode
• Presence on a wired network
D-Link DWC-2000 User Manual 68
Section 6 - Securing Your Network
Field Description
If the AP is classied as a Managed or Unknown AP and wireless distribution system
Unexpected WDS Device
Detection on Network
Unmanaged AP Detection on
Wired Network
Rogue Detected Trap Interval
Wired Network Detection
Interval
AP De-Authentication Attack
(WDS) trac is detected on the AP, then the AP is considered to be Rogue. Only stand‐ alone APs that are explicitly allowed to operate in WDS mode are not reported as rogues by this test.
This test checks whether the AP is detected on the wired network. If the AP state is Unknown, then the test changes the AP state to Rogue. The ag indicating whether AP is detected on the wired network is reported as part of the RF Scan report. If AP is managed and is detected on the network then the controller simply reports this fact and doesn’t change the AP state to Rogue. In order for the wireless system to detect this threat, the wireless network must contain one or more radios that operate in sentry mode.
Specify the interval, in seconds, between transmissions of the SNMP trap telling the administrator that rogue APs are present in the RF Scan database. If you set the value to 0, the trap is never sent.
Specify the number of seconds that the AP waits before starting a new wired network detection cycle. If you set the value to 0, wired network detection is disabled.
Enable or disable the AP de‐authentication attack. The wireless controller can protect against rogue APs by sending de‐authentication messages to the rogue AP. The de‐ authentication attack feature must be globally enabled in order for the wireless system to do this function. Make sure that no legitimate APs are classied as rogues before enabling the attack feature. This feature is disabled by default.
D-Link DWC-2000 User Manual 69
Section 6 - Securing Your Network
Congure Client WIDS Settings
Path: Wireless > General > WIDS > AP WIDS Client Security
The Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network and take automatic actions to protect the network. The settings you congure on the WIDS Client Conguration page help determine whether a detected client is classied as a rogue. Clients classied as rogues are considered to be a threat to network security.
Note: The classication settings on the WIDS Client Conguration page are part of the global conguration on the controller and must be manually pushed to other controllers in order to synchronize that conguration.
As part of the general association and authentication process, wireless clients send 802.11 management messages to APs. The WIDS feature tracks the following types of management messages that each detected client sends:
• Probe Requests
• 802.11 Authentication Requests.
• 802.11 De‐Authentication Requests.
In order to help determine whether a client is posing a threat to the network by ooding the network with management trac, the system keeps track of the number of times the AP received each message type and the highest message rate detected in a single RF Scan report. On the WIDS Client Conguration page, you can set thresholds for each type of message sent, and the APs monitor whether any clients exceed those thresholds or tests.
To congure WIDS Client:
1. Go to Wireless > General > WIDS > AP WIDS Client Security tab.
D-Link DWC-2000 User Manual 70
Section 6 - Securing Your Network
2. Enable or disable the security options as desired (refer to the table below) and click Save.
Field Description
Not Present in OUI Database
Test
Not Present in Known Client
Database Test
Congured Authentication Rate
Test
Congured Probe Requests
Rate Test
Congured De-Authentication
Requests Rate Test
Maximum Authentication
Failures Test
Authentication with Unknown
AP Test
Client Threat Mitigation
Known Client Database Lookup
Method
Known Client Database Radius
Server Name
Rogue Detected Trap Interval
De-Authentication Requests
Threshold Interval
De-Authentication Requests
Threshold Value
Authentication Requests
Threshold Interval
Authentication Requests
Threshold Value
Probe Requests Threshold
Interval
Probe Requests Threshold Value
Authentication Failure
Threshold Value
This test checks whether the MAC address of the client is from a registered manufacturer identied in the OUI database.
This test checks whether the client, which is identied by its MAC address, is listed in the Known Client Database and is allowed access to the AP either through the Authentication Action of Grant or through the White List global action.
If the client is in the Known Client Database and has an action of Deny, or if the action is Global Action and it is globally set to Black List, the client fails this test.
This test checks whether the client has exceeded the congured rate for transmitting
802.11 authentication requests.
This test checks whether the client has exceeded the congured rate for transmitting probe requests.
This test checks whether the client has exceeded the congured rate for transmitting de‐authentication requests.
This test checks whether the client has exceeded the maximum number of failed authentications.
This test checks whether a client in the Known Client database is authenticated with an unknown AP.
Select enable to send de‐authentication messages to clients that are in the Known Clients database but are associated with unknown APs. The Authentication with Unknown AP Test must also be enabled in order for the mitigation to take place. Select disable to allow clients in the Known Clients database to remain authenticated with an unknown AP.
When the controller detects a client on the network it performs a lookup in the Known Client database. Specify whether the controller should use the local or RADIUS database for these lookups.
If the known client database lookup method is RADIUS then this eld species the RADIUS server name.
Specify the interval, in seconds, between transmissions of the SNMP trap telling the administrator that rogue APs are present in the RF Scan database. If you set the value to 0, the trap is never sent.
Specify the number of seconds an AP should spend counting the de‐authentication messages sent by wireless clients.
If the controller receives more than specied messages during the threshold interval the test triggers.
Specify the number of seconds an AP should spend counting the authentication messages sent by wireless clients.
If the controller receives more than specied messages during the threshold interval the test triggers.
Specify the number of seconds an AP should spend counting the probe messages sent by wireless clients.
Specify the number of probe requests a wireless client is allowed to send during the threshold interval before the event is reported as a threat.
Specify the number of 802.1X authentication failures a client is allowed to have before the event is reported as a threat.
D-Link DWC-2000 User Manual 71
Section 4 - Advanced WLAN Conguration
Distributed Tunnel
The Distributed Tunneling mode, also known as AP‐AP tunneling mode, is used to support L3 roaming for wireless clients without forwarding any data trac to the wireless controller.
In the AP‐AP tunneling mode, when a client rst associates with an AP in the wireless system, the AP forwards its data using the VLAN forwarding mode. The AP to which the client initially associates is the Home AP. The AP to which the client roams is the Association AP.
When a client roams to another AP in a dierent subnet the Association AP tunnels all trac from the client to the Home AP using a CAPWAP L2 tunnel. The Home AP injects the trac received over the tunnel into the wired network. If a client roams to another AP in the same subnet then the tunnel is not created, and the new AP becomes the Home AP for the client.
Congure Distributed Tunnel
Path: Wireless > General > Distributed Tunnel
1. Click Wireless > General > Distributed Tunnel.
2. Congure the following settings:
Distributed Tunnel Clients - Specify the maximum number of distributed tunneling clients that can roam away from the Home AP at the same time.
Distributed Tunnel Idle Timeout - Specify the number of seconds of no activity by the client before the tunnel to that client is terminated and the client is forced to change its IP address.
Distributed Tunnel Timeout - Specify the number of seconds before the tunnel to the roamed client is terminated and the client is forced to change its IP address.
Distributed Tunnel Max Multicast Replications Allowed - Specify the maximum number of tunnels to which a multicast frame is copied on the Home AP.
3. Click Save.
D-Link DWC-2000 User Manual 72
Section 4 - Advanced WLAN Conguration
WLAN Visualization
WLAN Visualization is a tool that provides a graphical representation of the wireless network through a Web browser. The WLAN Visualization graph does not have a background image of its own, and so the administrator can upload a static graphic image that provides the wireless topology of the APs and controllers in the wireless network.
Upload Images
General > WLAN Visualization Image
User can upload one or more images, such as your oce oor plan, to provide customized information for the WLAN Visualization feature. Images le formats that are recommended to upload should be in one of the following formats:
• GIF (Graphics Interchange Format)
• JPG (Joint Photographic Experts Group)
It is also recommended that you do not use color images since the WLAN components might not show up well. Once user uploads an image le and save the running conguration, the image remains on the controller and you can assign it to an existing graph using the WLAN Deployment application.
Deleting Images
This option is available only if images are already loaded onto the controller. To delete all images loaded onto the controller, click Delete All Images. Deleting background images is not recommended. However, if user uses has to delete the images user will need to refresh the WLAN Visualization tool after deleting images.
D-Link DWC-2000 User Manual 73
Section 4 - Advanced WLAN Conguration
Launch
Path: Wireless > General > WLAN Visualization
To launch the WLAN Visulization tool, click Wireless > General > WLAN Visualization. This will open a new browser window and starts the Java applet that allows the AP and WLAN controller network to be presented as a topology diagram (with or without a custom background image).
D-Link DWC-2000 User Manual 74
Section 4 - Advanced WLAN Conguration
AP Discovery Methods
The wireless controller and AP can use the following methods to discover each other:
• L2 Discovery
• IP Address of AP Congured in the wireless controller
• IP Address of the wireless controller Congured in the AP
L2/ VLAN Discovery
When the AP and the wireless controller are directly connected or in the same layer 2 broadcast domain and use the default VLAN settings, the wireless controller automatically discovers the AP through its broadcast of a L2 discovery message. The L2 discovery works automatically when the devices are directly connected or connected by using a layer 2 bridge. You can enable the discovery protocol on up to 16 VLANs.
By default, VLAN 1 is enabled on the AP, and VLAN 1 is enabled for discovery on the wireless controller. If the wireless controller and AP are in the same Layer 2 multicast domain, you might not need to take any action to enable AP discovery. The wireless controller also uses L2/VLAN discovery to nd peer controllers within the L2 multicast domain.
The APs process the discovery message only when it comes in on the management VLAN. The APs do not forward the L2 discovery messages onto the wireless media.
From the wireless controller, you can check the discovery status of APs and peer controllers. To view information about whether the controller discovered any APs, navigate to the Wireless > Access Point > Discovered AP List page. The color of MAC address of the Discovered AP List indicating the AP is:
• Green = Managed AP
• Red = Connected Fail AP or AP (D-Link UAP) which is not in local or RADIUS Valid AP Database
• Gray = Unknown AP or Rogue AP
• Orange = Managed AP by peer controller
D-Link DWC-2000 User Manual 75
Section 4 - Advanced WLAN Conguration
Congure L2/ VLAN Discovery
Path: Wireless > Access Point > AP Poll List
1. Click Wireless > Access Point > AP Poll List > VLAN Discovery tab.
2. Switch L2/ VLAN Discovery to ON and click Save.
3. Click Add New VLAN to Poll. Enter a VLAN number.
4. Click Save.
D-Link DWC-2000 User Manual 76
Section 4 - Advanced WLAN Conguration
L3/ IP Discovery
You can congure up to 256 IP addresses in the wireless controller for potential peer controllers and APs. The wireless controller sends association invitations to all IP addresses in this list. If the device accepts the invitation and is successfully validated by the controller, the controller and the AP or peer wireless controller are associated.
This discovery method mechanism is useful for peer wireless controller discovery and AP discovery when the devices are in dierent IP subnets. In fact, for a wireless controller to recognize a peer that is not on the same subnet, you must congure the IP addresses of each controller in the peer’s L3 discovery list.
Congure L3/ IP Discovery
Path: Wireless > Access Point > AP Poll List
1. Click Wireless > Access Point > AP Poll List > IP Discovery tab.
2. Switch L3/ IP Discovery to On and click Save.
3. Click Add New IP Addresses to Poll. Enter the IP range.
4. Click Save.
5. Navigate to Wireless > Access Point > Discovered AP List. Check the discovered AP via L3/ IP discovery.
D-Link DWC-2000 User Manual 77
Section 4 - Advanced WLAN Conguration
Managed APs
The managed AP information stores in controller local database. You can add/delete, change power/channel, or change the AP prole individually.
The Wireless Global Conguration page contains a eld to select whether to use a local or RADIUS database for AP Validation. The Valid Access Point List page contains information about APs congured in the local database. If the AP Validation is set to RADIUS, information about the APs to be managed by the controller must be added to the external RADIUS database.
Add a Valid AP
1. Click Wireless > Access Point > Managed APs List > Valid AP tab.
2. Click Add New Valid AP.
3. Complete the elds on the next page and click Save.
Note: To add or delete an AP from the valid AP list, right-click the access point and select Edit or Delete.
D-Link DWC-2000 User Manual 78
Section 4 - Advanced WLAN Conguration
Managed Mode
Standalone Mode
Rogue Mode
Field Description
MAC Address MAC address of the access point.
Select standalone, managed, or rogue. Selecting standalone or managed will require you to ll out the elds (refer to the next page).
• Standalone
AP Mode
Location Optional eld to identify location of the access point being managed.
Expected SSID
Expected Channel
Expected WDS Mode
Expected Security Mode If AP Mode= Standalone, the security mode to be used. This is for reference only.
Expected Wired Network Mode
Authentication Password If AP Mode= Managed, turn on to require a password for authentication.
Prole If AP Mode= Managed, select a prole to apply for AP conguration.
Radio
Channel If AP Mode= Managed, this is operating channel for the radio.
Power If AP Mode= Managed, this is percentage of power to use for the radio.
• Managed = access point prole conguration has been applied to the access point and the access point operating in managed mode.
• Rogue = access point has not tried to contact the wireless controller and the access point’s MAC address is not in the Valid AP database.
If AP Mode= Standalone, the SSID that the access point should be set to. This is for reference only.
If AP Mode= Standalone, the channel to be used for wireless communication. This is for reference only.
If AP Mode= Standalone, the WDS (Wireless Distributed System) mode to be used if you intend to use WDS. This is for reference only.
If AP Mode= Standalone, select whether wired networking is going to be allowed. This is for reference only.
If AP Mode= Managed, this is Wireless radio mode that the access point is using. The elds below appear after you have selected Managed AP Mode.
D-Link DWC-2000 User Manual 79
Section 4 - Advanced WLAN Conguration
Add a AP from Discovered AP List
Path: Wireless > Access Point > Discovered AP List
1. Click Wireless > Access Point > Discovered AP List.
2. Right-click an AP and select Manage.
3. Select an AP Mode and Prole (refer to the previous page) and then click Save.
D-Link DWC-2000 User Manual 80
Section 4 - Advanced WLAN Conguration
Manual Change Channel and Power of Managed AP
Path: Wireless > Access Point > Managed APs List > Managed APs
From the Managed AP page, you can also manually change the RF channel and power for each radio on an AP. The manual power and channel changes override the settings congured in the AP prole (including automatic channel selection) and take eect immediately. The manual channel and power assignments are not retained when the AP is reset or if the prole is reapplied to the AP, such as when the AP disassociates and re-associates with the controller.
1. Click Wireless > Access Point > Managed APs List > Managed APs tab.
2. Right-click on one of the entries and select Channel and Power.
3. Select the channel as your desired. The available channels depend on the radio mode and country in which the APs operate. The manual channel change overrides the channel congured in the AP prole and is not retained when the AP reboots or when the AP prole is reapplied.
4. Change the power as your desired. You can set a new power level for the AP. The manual power change overrides the power setting congured in the AP prole and is not retained when the AP reboots or when the AP prole is reapplied.
5. Click Save.
D-Link DWC-2000 User Manual 81
Section 4 - Advanced WLAN Conguration
Congure AP Debug Mode
Path: Wireless > Access Point > Managed APs List > Managed APs
When the AP is in Managed mode, remote access to the AP is disabled. However, you can enable Telnet access by enabling the Debug feature on the Managed APs page.
1. Click Wireless > Access Point > Managed APs List > Managed APs tab
2. Right-click on one of the entries and select Debug.
3. Toggle Enable Debug to On.
4. Click Save.
D-Link DWC-2000 User Manual 82
Section 4 - Advanced WLAN Conguration
Congure AP Provisioning
Path: Wireless > Access Point > Managed AP List > AP Provisioning
The AP Provisioning feature helps you add new APs to an existing switch cluster. With AP Provisioning, you can congure the access points with parameters that are needed to connect to the wireless network.
Use AP Provisioning to connect devices to a network enabled for mutual authentication (Wireless > Peer Group > Peer Conguration). If a network is not enabled for mutual authentication then APs can be attached to the network by properly conguring the local Valid AP database or RADIUS AP database and discovery options. The provisioning feature can optionally be used on networks not enabled for mutual authentication to simplify AP attachment to the cluster.
Use the AP Provisioning page to view detailed provisioning information about an AP and use Edit by right-click to specify the IP address of the primary or backup switch that provides provisioning information for the AP.
1. Click Wireless > Access Point > Managed AP List > AP Provisioning tab.
2. Right-click a managed AP and select Edit.
D-Link DWC-2000 User Manual 83
Section 4 - Advanced WLAN Conguration
3. Enter the new primary address, new backup address and AP Prole.
4. Click Save.
Field Description
MAC Address MAC address of the access point.
IP Address IP address of the access point.
Time Since Last Update Time since any information has been received from this access point.
Primary IP Address The IP address of the primary provisioned switch as reported by the AP.
Backup IP Address The IP address of the backup provisioned switch as reported by the AP.
Mutual Authentication Mode Shows whether the Mutual Authentication mode is currently enabled.
Unmanaged AP Reprovisioning
Mode
AP Provisioning Status
AP Certicate and Prole Transmit
Status
New Primary IP Address Enter the IP address of the wireless controller that should manage the AP.
New Backup IP Address
Prole Select an AP prole you want to use.
The congured re‐provisioning mode in the AP, which is one of the following:
• Enable - The AP can be reprovisioned when it is not managed.
• Disable - The AP cannot be reprovisioned when it is not managed.
Status of the most recently issued AP provisioning command, which is one of the following:
• Not Started - Provisioning has not been done for this AP.
• Success - Provisioning nished successfully for this wireless controller. The AP Provisioning Status Table should reect the latest provisioning conguration.
• In Progress - Provisioning is executing for this AP.
• Invalid Switch IP Address - Either primary or backup wireless controller IP address is not in the cluster or the mutual authentication mode is enabled and the primary wireless controller IP address is not specied.
• Provisioning Rejected - AP is not managed and is congured not to accept provisioning data in unmanaged mode.
• Timed Out - The last provisioning request timed out.
Status of the last AP prole and X.509 Certicate distribution to the Primary and Backup switches. This status is changed as a result of the AP provisioning command. The X.509 certicate is sent to the primary and backup switches only if mutual authentication is enabled. The status is one of the following:
• Not Started - No information for this AP has been sent to the primary and backup switch.
• Success - AP Prole and X.509 Certicate is sent to Primary and Backup Switches.
• Failed - The primary or backup switch wasn’t in the cluster when this switch attempted to send the information.
Enter the IP address of switch to which the AP should try to connect if it is unable to connect to the primary wireless controller.
D-Link DWC-2000 User Manual 84
Section 4 - Advanced WLAN Conguration
AP Proles
Access point conguration proles are a useful feature for large wireless networks with APs that serve a variety of dierent users. You can create multiple AP proles on the wireless controller to customize APs based on location, function, or other criteria. Proles are like templates, and once you create an AP prole, you can apply that prole to any AP that the wireless controller manages. For each AP prole, you can congure the following features:
• Prole Settings (Name, Hardware Type ID, Wired Network Discovery VLAN ID)
• Radio Settings
• SSID Settings
• QoS Conguration
Congure AP Prole
Path: Wireless > Access Point > AP Prole > AP Proles
1. Click Wireless > Access Point > AP Proles > AP Proles tab.
2. Click Add New AP Prole.
D-Link DWC-2000 User Manual 85
Section 4 - Advanced WLAN Conguration
3. Complete the elds in the table below and click Save.
Field Description
AP Prole Global Conguration
Prole Name Identies the name of the congured prole.
Hardware type for the APs that use this prole. The hardware type is determined, in part, by the number of radios the AP supports (single or dual) and the IEEE
802.11 modes that the radio supports (a/b/g or a/b/g/n). The available options are:
Hardware Type
Wired network Discovery VLAN ID
• Any.
• DWL-8600AP Dual Radio a/b/g/n.
• DWL-6600AP Dual Radio a/b/g/n.
• DWL-3600AP Single Radio b/g/n.
• DWL-2600AP Single Radio b/g/n.
• DWL-8610AP Dual Radio a/b/g/n/ac
LAN ID that the controller uses to send tracer packets in order to detect APs connected to the wired network.
Congure AP Prole Radio 1
Radio Mode 802.11a/n
In a new AP Prole, you can edit the radio 802.11a/n from here. You can also edit it from AP Prole Radio.
Radio Mode 802.11b/g/n
QoS Radio Mode 802.11a/n
QoS Radio Mode 802.11b/g/n
Congure AP Prole Radio 2
In a new AP Prole, you can edit the radio 802.11b/g/n from here. You can also edit it from AP Prole Radio.
Congure AP Prole QoS Radio 1
In a new AP Prole, you can edit the QoS on radio 802.11a/n from here. You can also edit it from AP Prole Radio.
Congure AP Prole QoS Radio 2
In a new AP Prole, you can edit the QoS on radio 802.11b/g/n from here. You can also edit it from AP Prole Radio.
D-Link DWC-2000 User Manual 86
Section 4 - Advanced WLAN Conguration
Congure AP Prole Radio
Path: Wireless > Access Point >AP Prole> AP Prole Radio
To accommodate a broad range of wireless clients and wireless network requirements, the AP can support up to two radios. By default, Radio 1 operates in the IEEE 802.11a/n mode, and Radio 2 operates in the IEEE 802.11b/g/n mode. The dierence between these modes is the frequency in which they operate. IEEE 802.11b/g/n operates in the 2.4 GHz frequency, and IEEE 802.11a/n operates in the 5 GHz frequency of the radio spectrum.
1. Click Wireless > Access Point > AP Proles > AP Proles Radio tab.
2. Select the radio you want to change and right-click the row to edit.
D-Link DWC-2000 User Manual 87
Section 4 - Advanced WLAN Conguration
3. Complete the elds in the table below and click Save.
Field Description
AP Prole The name of AP Prole
Radio Mode The radio mode. 802.11a/n or 802.b/g/n
Specify whether you want the radio on or o by clicking On or O. If you turn o a radio, the AP sends disassociation frames to all the wireless clients it is
State
Mode
RTS Threshold
currently supporting so that the radio can be gracefully shutdown and the clients can start the association process with other available APs. ON= Radio ON OFF= Radio OFF
The Mode denes the Physical Layer (PHY) standard the radio uses. Select one of the following modes for each radio interface:
• IEEE 802.11a is a PHY standard that species operating in the 5 GHz U‐NII band using orthogonal frequency division multiplexing (OFDM). It supports data rates ranging from 6 to 54 Mbps.
• IEEE 802.11b/g operates in the 2.4 GHz ISM band. IEEE 802.11b is an enhancement of the initial 802.11 PHY to include 5.5 Mbps and 11 Mbps data rates. It uses direct sequence spread spectrum (DSSS) or frequency hopping spread spectrum (FHSS) as well as complementary code keying (CCK) to provide the higher data rates. It supports data rates ranging from 1 to 11 Mbps. IEEE 802.11g is a higher speed extension (up to 54 Mbps) to the 802.11b PHY. It uses orthogonal frequency division multiplexing (OFDM). It supports data rates ranging from 1 to 54 Mbps.
• IEEE 802.11a/n operates in the 5 GHz ISM band and includes support for both 802.11a and 802.11n devices. IEEE 802.11n is an extension of the 802.11 standard that includes multiple‐input multiple‐output (MIMO) technology. IEEE 802.11n supports data ranges of up to 248 Mbps and nearly twice the indoor range of 802.11 b, 802.11g, and 802.11a.
• IEEE 802.11b/g/n operates in the 2.4 GHz ISM band and includes support for 802.11b,
802.11g, and 802.11n devices.
• 5 GHz IEEE 802.11n is the recommended mode for networks with 802.11n devices that operate in the 5 GHz frequency that do not need to support 802.11a or 802.11b/g devices. IEEE 802.11n can achieve a higher throughput when it does not need to be compatible with legacy devices (802.11b/g or 802.11a).
• 2.4 GHz IEEE 802.11n is the recommended mode for networks with 802.11n devices that operate in the 2.4 GHz frequency that do not need to support 802.11a or 802.11b/g devices. IEEE 802.11n can achieve a higher throughput when it does not need to be compatible with legacy devices (802.11b/g or 802.11a).
• IEEE 802.11n/ac operates in 5GHz ISM band and includes support both 11n and 11ac devices.
Specify a Request to Send (RTS) Threshold value between 0 and 2347. The RTS threshold indicates the number of octets in an MPDU, below which an RTS/CTS handshake is not performed. Changing the RTS threshold can help control trac ow through the AP, especially one with a lot of clients. If you specify a low threshold value, RTS packets will be sent more frequently. This will consume more bandwidth and reduce the throughput of the packet. On the other hand, sending more RTS packets can help the network recover from interference or collisions which might occur on a busy network, or on a network experiencing electromagnetic interference.
Radio Conguration
D-Link DWC-2000 User Manual 88
Section 4 - Advanced WLAN Conguration
Field Description
Load Balancing
Load Utilization
Maximum Clients
RF Scan Other Channels
RF Scan Sentry
RF Scan Interval
RF Scan Sentry Channels
RF Scan Duration
Rate Limiting
Rate Limit
Rate Limit Burst
If you enable load balancing, you can control the amount of trac that is allowed on the AP.
If Load Balancing is set to ON, this eld allows you to set a threshold for the percentage of network bandwidth utilization allowed on the radio. Once the level you specify is reached, the AP stops accepting new client associations. Enter a percentage of utilization from 1 to 100.
Specify the maximum number of stations allowed to associate with this access point at any one time. You can enter a value between 0 and 200.
The access point can perform RF scans to collect information about other wireless devices within range and then report this information to the wireless controller. If Scan Other Channels is set to ON, the radio periodically moves away from the operational channel to scan other channels. Enabling this mode causes the radio to interrupt user trac, which may be noticeable with voice connections. When the Scan Other Channels= OFF is cleared, the AP scans only the operating channel.
Select this option to allow the radio to operate in sentry mode. When the RF Scan Sentry option= ON, the radio primarily performs dedicated RF scanning. The radio passively listens for beacons and trac exchange between clients and other access points but does not accept connections from wireless clients. In sentry mode, all VAPs are disabled. Networks that deploy sentry APs or radios can detect devices on the network quicker and perform more thorough security analysis. In this mode, the radio switches from one channel to the next. The length of time spent on each channel is controlled by the scan duration. The default scan duration is 10 milliseconds.
This eld controls the length of time between channel changes during the RF Scan.
The radio can scan channels in the radio frequency used by the 802.11b/g band (2.4 GHz), the 802.11a band (5 GHz), or both bands. Select the channel band for the radio to scan. Note: The band selection applies only to radios in sentry mode and is dependent upon the capabilities of the radio.
This eld controls the amount of time the radio spends scanning the other channel (in milliseconds) during an RF scan.
Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network. This feature is disabled by default. Note: The available rate limit values are very low for most environments, so enabling this feature is not recommended.
• To enable Multicast and Broadcast Rate Limiting, switch ON.
• To disable Multicast and Broadcast Rate Disabled, switch OFF.
Enter the rate limit you want to set for multicast and broadcast trac. The limit should be greater than 1, but less than 50 packets per second. Any trac that falls below this rate limit will always conform to and be transmitted to the appropriate destination. The default and maximum rate limit setting is 50 packets per second. This eld is disabled if Rate Limiting is disabled.
Setting a rate limit burst determines how much trac bursts can be before all trac exceeds the rate limit. This burst limit allows intermittent bursts of trac on a network above the set rate limit. The default and maximum rate limit burst setting is 75 packets per second. This eld is disabled if Rate Limiting is disabled.
D-Link DWC-2000 User Manual 89
Section 4 - Advanced WLAN Conguration
Field Description
Load Balancing
Channel Bandwidth
Protection
Space Time Block Code
No Ack
DTIM Period
Beacon Interval
Automatic Channel
If you enable load balancing, you can control the amount of trac that is allowed on the A P.
The 802.11n specication allows the use of a 40‐MHz‐wide channel in addition to the legacy 20‐MHz channel available with other modes. The 40‐MHz channel enables higher data rates but leaves fewer channels available for use by other 2.4 GHz and 5 GHz devices. The 40‐MHz option is enabled by default for 802.11a/n modes and 20 MHz for
802.11b/g/n modes. You can use this setting to restrict the use of the channel bandwidth to a 20‐MHz channel.
The protection feature contains rules to guarantee that 802.11 transmissions do not cause interference with legacy stations or applications. By default, these protection mechanisms are enabled (Auto). With protection enabled, protection mechanisms will be invoked if legacy devices are within range of the AP. You can disable (O) these protection mechanisms; however, when 802.11n protection is o, legacy clients or APs within range can be aected by 802.11n transmissions. 802.11 protection is also available when the mode is 802.11b/g. When protection is enabled in this mode, it protects 802.11b clients and APs from 802.11g transmissions.
Space Time Block Coding (STBC) is an 802.11n technique intended to improve the reliability of data transmissions. The data stream is transmitted on multiple antennas so the receiving system has a better chance of detecting at least one of the data streams. Select one of the following options:
• ON=The AP transmits the same data stream on multiple antennas at the same time.
• OFF=The AP does not transmits the same data on multiple antennas.
Select Enable to specify that the AP should not acknowledge frames with QosNoAck as the service class value.
The Delivery Trac Information Map (DTIM) message is an element included in some Beacon frames. It indicates which client stations, currently sleeping in low‐power mode, have data buered on the access point awaiting pick‐up. The DTIM period you specify indicates how often the clients served by this access point should check for buered data still on the AP awaiting pickup. Specify a DTIM period within the given range (1–255). The measurement is in beacons. For example, if you set this eld to 1, clients will check for buered data on the AP at every beacon. If you set this eld to 10, clients will check on every 10th beacon.
Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network. The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second). The Beacon Interval value is set in milliseconds. Enter a value from 20 to 2000.
The channel denes the portion of the radio spectrum that the radio uses for transmitting and receiving. The range of channels and the default channel are determined by the Mode of the radio interface. When the AP boots, the AP scans the RF area for occupied channels and selects a channel from the available non‐interfering or clear channels. However, channel conditions can change during operation. Enabling the Automatic Channel makes APs assigned to this prole eligible for auto‐ channel selection. You can automatically or manually run the auto‐channel selection algorithm to allow the controller to adjust the channel on APs as WLAN conditions change. By default, the global auto‐channel mode is set to manual. To enable the automatic channel selection mode, go to the AP Management > RF Management page and select Fixed or Interval for the Channel Plan mode. You can also run the automatic channel selection algorithm manually from the Manual Channel Plan page. Note: If you assign a static channel to an AP in the Valid AP database or on the Advanced AP Management page, the AP will not participate in the auto‐channel selection.
D-Link DWC-2000 User Manual 90
Section 4 - Advanced WLAN Conguration
Field Description
The power level aects how far an AP broadcasts its RF signal. If the power level is too low, wireless clients will not detect the signal or experience poor WLAN performance. If the power level is too high, the RF signal might interfere with other APs within range.
Automatic Power
Default Power
APSD Mode
Frag Threshold
Short Retries
Long Retries
Transmit Lifetime
Receive Lifetime
Station Isolation
Primary Channel
Short Guard Interval
Radio Resource
Management
Automatic power uses a proprietary algorithm to automatically adjust the RF signal to broadcast far enough to reach wireless clients, but not so far that it interferes with RF signals broadcast by other APs. The power level algorithm increases or decreases the power level in 10% increments based on presence or absence of packet retransmission errors.
The automatic power algorithm will not reduce the power below the number you set in the default power eld. By default, the power level is 100%. Therefore, even if you enable the automatic power, the power of the RF signal will not decrease. The power level is a percentage of the maximum transmission power for the RF signal.
Select Enable to enable Automatic Power Save Delivery (APSD), which is a power management method. APSD is recommended if VoIP phones access the network through the AP.
The fragmentation threshold limits the size of packets transmitted over the network. Acceptable values are even numbers from 256‐2345. Packets that are under the congured size are not fragmented. A value of 2346 means that packets are not fragmented.
The value in this eld indicates the maximum number of transmission attempts on frame sizes less than or equal to the RTS Threshold. The range is 1‐255.
The value in this eld indicates the maximum number of transmission attempts on frame sizes greater than the RTS Threshold. The range is 1‐255.
Shows the number of milliseconds to wait before terminating attempts to transmit the MSDU after the initial transmission.
Shows the number of milliseconds to wait before terminating attempts to reassemble the MMPDU or MSDU after the initial reception of a fragmented MMPDU or MSDU.
When this option is selected, the AP blocks communication between wireless clients. It still allows data trac between its wireless clients and wired devices on the network, but not among wireless clients. This feature is disabled by default.
• To enable Multicast and Broadcast Rate Limiting, click ON.
• To disable Multicast and Broadcast Rate Disabled, click OFF.
This setting is editable only when a channel is selected and the channel bandwidth is set to 40 MHz. A 40‐MHz channel can be considered to consist of two 20‐MHz channels that are contiguous in the frequency domain. These two 20‐MHz channels are often referred to as the Primary and Secondary channels. The Primary Channel is used for 802.11n clients that support only a 20‐MHz channel bandwidth and for legacy clients. Use this setting to set the Primary Channel as the upper or lower 20‐MHz channel in the 40‐MHz band.
The guard interval is the dead time, in nanoseconds, between OFDM symbols. The guard interval prevents Inter‐Symbol and Inter‐Carrier Interference (ISI, ICI). The 802.11n mode allows for a reduction in this guard interval from the a and g denition of 800 nanoseconds to 400 nanoseconds. Reducing the guard interval can yield a 10% improvement in data throughput. Select one of the following options:
• ON= The AP transmits data using a 400 ns guard Interval when communicating with clients that also support the 400 ns guard interval.
• OFF= The AP transmits data using an 800 ns guard interval.
Radio Resource Measurement (RRM) mode requires the Wireless System to send additional information in beacons, probe responses, and association responses.Enable or disable the support for radio resource measurement feature in the AP prole. The feature is set independently for each radio and is enabled by default.
D-Link DWC-2000 User Manual 91
Section 4 - Advanced WLAN Conguration
Field Description
Multicast Tx Rate (Mbps)
Auto Eligible Channels
Basic Rate Set (Mbps)
Supported Rate Set (Mbps)
Select the 802.11 rate at which the radio transmits multicast frames. The rate is in Mbps. The lowest rate in the 5 GHz band is 6 Mbps.
This eld displays the channels that are supported for the radio mode currently selected on the page and for the country congured on the General Settings page. Press Crtl to select multiple channels.
These numbers indicate the data rates that all stations associating with the AP must support.
These numbers indicate rates that the access point supports. You can select multiple rates. The AP automatically chooses the most ecient rate based on factors like error rates and distance of client stations from the AP.
Channel
D-Link DWC-2000 User Manual 92
Section 4 - Advanced WLAN Conguration
Congure AP Prole SSID
Path: Wireless > Access Point > AP Prole> AP Prole SSID
The AP Prole SSID List page displays the virtual access point (VAP) settings associated with the selected AP prole. Each VAP is identied by its network number and Service Set Identier (SSID). You can congure and enable up to 16 VAPs per radio on each physical access point.
1. Click Wireless > Access Point > AP Proles > AP Proles SSID tab.
2. Select the AP Prole from the drop-down menu.
3. Select the Radio Mode (either 802.11a/n or 802.11b/g/n).
4. Select the SSID name from the drop-down menu.
5. Enable/disable the SSID by right-clicking Enable or Disable.
Note: SSID ID 1 is always enabled. If you do not want to have the rst SSID enabled, you must
create a new SSID to be able to swap another SSID in the rst slot.
D-Link DWC-2000 User Manual 93
Section 4 - Advanced WLAN Conguration
Congure AP Prole QoS
Path: Wireless > Access Point > AP Prole > AP Prole QoS
Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of dierentiated wireless trac like Voice‐over‐IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the wireless controller.
Conguring Quality of Service (QoS) on the wireless controller consists of setting parameters on existing queues for dierent types of wireless trac, and eectively specifying minimum and maximum wait times (through Contention Windows) for transmission. The settings described here apply to data transmission behavior on the access point only, not to that of the client stations.
AP Enhanced Distributed Channel Access (EDCA) Parameters aect trac owing from the access point to the client station. Station Enhanced Distributed Channel Access (EDCA) Parameters aect trac owing from the client station to the access point.
You can specify custom QoS settings, or you can select a template that congures the AP prole with pre‐dened settings that are optimized for data trac or voice trac.
1. Click Wireless > Access Point > AP Proles > AP Proles QoS tab.
2. Right-click the AP Prole and select Edit.
D-Link DWC-2000 User Manual 94
Section 4 - Advanced WLAN Conguration
3. Complete the elds below and click Save.
Field Description
AP Prole The name of AP Prole
Radio Mode The radio mode. 802.11a/n or 802.b/g/n
Select the QoS template to apply to the AP prole. If you select Custom, you can change
Template
the AP and station parameters. If you select Voice or Factory Defaults, the wireless controller will use the pre‐dened settings for the template you select.
Queue
AIFS (Inter-Frame Space)
cwMin (Minimum
Contention Window)
AP EDCA Parameters
Queues are dened for dierent types of data transmitted from AP‐to‐station:
• Data 0 (Voice)—High priority queue, minimum delay. Time‐sensitive data such as VoIP and streaming media are automatically sent to this queue.
• Data 1(Video)—High priority queue, minimum delay. Time‐sensitive video data is automatically sent to this queue.
• Data 2 (best eort)—Medium priority queue, medium throughput and delay. Most traditional IP data is sent to this queue.
• Data 3 (Background)—Lowest priority queue, high throughput. Bulk data that requires maximum throughput and is not time‐sensitive is sent to this queue (FTP data, for example).
The Arbitration Inter‐Frame Spacing (AIFS) species a wait time for data frames. The wait time is measured in slots. Valid values for AIFS are 1 through 255.
This parameter is input to the algorithm that determines the initial random backo wait time (window) for retry of a transmission. The value specied here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backo wait time is determined. The rst random number generated will be a number between 0 and the number specied here. If the rst random backo wait time expires before the data frame is sent, a retry counter is incremented and the random backo value (window) is doubled. Doubling will continue until the size of the random backo value reaches the number dened in the Maximum Contention Window. Valid values for the cwmin are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024. The value for cwmin must be lower than the value for cwmax.
D-Link DWC-2000 User Manual 95
Section 4 - Advanced WLAN Conguration
Field Description
The value specied here in the Maximum Contention Window is the upper limit (in milliseconds) for the doubling of the random backo value. This doubling continues until
cwMan (Maximum
Contention Window)
Max. Burst Length
WMM Mode
either the data frame is sent or the Maximum Contention Window size is reached. Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached. Valid values for the cwmax are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024. The value for cwmax must be higher than the value for cwmin.
AP EDCA Parameter Only (The Max. Burst Length applies only to trac owing from the access point to the client station.) This value species (in milliseconds) the Maximum Burst Length allowed for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information. The decreased overhead results in higher throughput and better performance. Valid values for maximum burst length are 0.0 through 999.
Wi‐Fi MultiMedia (WMM) is enabled by default. With WMM enabled, QoS prioritization and coordination of wireless medium access is on. With WMM enabled, QoS settings on the D‐Link controller control downstream trac owing from the access point to client station (AP EDCA parameters) and the upstream trac owing from the station to the access point (station EDCA parameters). Disabling WMM deactivates QoS control of station EDCA parameters on upstream trac owing from the station to the access point. With WMM disabled, you can still set some parameters on the downstream trac owing from the access point to the client station (AP EDCA parameters). To disable WMM extensions, switch OFF. To enable WMM extensions, switch ON.
General Parameters
Queue
AIDS (Inter-Frame Space)
cwMin (Minimum
Contention Window)
Station EDCA Parameters
Queues are dened for dierent types of data transmitted from station‐to‐AP:
• Data 0 (Voice)—Highest priority queue, minimum delay. Time‐sensitive data such as VoIP and streaming media are automatically sent to this queue.
• Data 1(Video)—Highest priority queue, minimum delay. Time‐sensitive video data is automatically sent to this queue.
• Data 2 (best eort)—Medium priority queue, medium throughput and delay. Most traditional IP data is sent to this queue.
• Data 3 (Background)—Lowest priority queue, high throughput. Bulk data that requires maximum throughput and is not time‐sensitive is sent to this queue (FTP data, for example).
The Arbitration Inter‐Frame Spacing (AIFS) species a wait time for data frames. The wait time is measured in slots. Valid values for AIFS are 1 through 255.
This parameter is used by the algorithm that determines the initial random backo wait time (window) for data transmission during a period of contention. The value specied in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backo wait time is determined. The rst random number generated will be a number between 0 and the number specied here. If the rst random backo wait time expires before the data frame is sent, a retry counter is incremented and the random backo value (window) is doubled. Doubling will continue until the size of the random backo value reaches the number dened in the Maximum Contention Window.
D-Link DWC-2000 User Manual 96
Section 4 - Advanced WLAN Conguration
Field Description
The value specied in the Maximum Contention Window is the upper limit (in milliseconds)
cwMan (Maximum
Contention Window)
TXOP Limit
for the doubling of the random backo value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached.
Station EDCA Parameter Only (The TXOP Limit applies only to trac owing from the client station to the access point.) The Transmission Opportunity (TXOP) is an interval of time when a WME client station has the right to initiate transmissions onto the wireless medium (WM). This value species (in milliseconds) the Transmission Opportunity (TXOP) for client stations; that is, the interval of time when a WMM client station has the right to initiate transmissions on the wireless network.
D-Link DWC-2000 User Manual 97
Section 4 - Advanced WLAN Conguration
SSID Proles
The SSID Prole list shows all the wireless networks congured on the controller. The rst 16 networks are cre­ated by default. You can modify the default networks, but you cannot delete them. You can add and congure up to 16 additional networks for a total of 50 wireless networks. Multiple networks can have the same SSID.
Congure SSID Proles
Path: Wireless > Access Point > SSID Proles
1. Click Wireless > Access Point > SSID Proles. The SSID Prole List page will appear.
2. To edit an existing SSID, right-click it and select Edit. To create a new SSID Prole, click the Add New SSID Prole button.
Note: SSID ID 1 is always enabled. If you do not want to have the rst SSID enabled, you must
create a new SSID to be able to swap another SSID in the rst slot.
D-Link DWC-2000 User Manual 98
Section 4 - Advanced WLAN Conguration
3. Complete the elds in the table below and click Save.
Field Description
SSID
Captive Portal Type
Authentication Server
Authentication Type
Login Prole Name
Hide SSID
Enter a name of your wireless network. Be sure SSID is the same for all device in your wireless network and is case-sensitive.
Captive Portal type is selected per SSID basis. There are four types of access on a SSID:
• Free: No authentication is required for users connected to this SSID if this option is selected.
• SLA (Service Level Agreement): If this is selected, users connected to this SSID needs to accept Service Level Agreement before accessing anything outside this SSID.
• Permanent User: When this option is selected users need to get authenticated before accessing data outside this SSID. Only permanent Captive Portal users can login from this SSID.
• Temporary User: When this option is selected users need to get authenticated before accessing data outside this SSID. Only temporary Captive Portal users created by frontdesk user can login from this SSID.
• Billing User: When this option is selected users need to get authenticated before accessing data outside this SSID. The temporary Captive Portal billing users created via online wireless service purchasing. The wireless service packages are dened in Login Prole.
If Captive Portal Type = Permanent User, select the authentication server. All users that log in to the captive portal for this SSID are authenticated through the
selected server. The available authentication servers are Local User Databass, Radius Server, LDAP Server, or POP3.
If Captive Portal Type = Permanent User and Authentication Server = RADIUS server, select the authentication type: PAP, CHAP, MSCHAP, or MSCHAPV2.
If Captive Portal Type = Permanent User or Temporary User, select the Login Prole. Any of the available proles can be used for this SSID.
You can hide the SSID broadcast to discourage stations from automatically discovering your access point(s). When the broadcast SSID of the AP is hidden, the SSID name is not displayed in the list of available SSID on a client station. Instead, the client must have the exact SSID name congured in the supplicant before it is able to connect.
Disabling the broadcast SSID is sucient to prevent clients from accidentally connecting to your network, but it will not prevent even the simplest of attempts by a hacker to connect or monitor unencrypted trac.
ON = SSID is hidden OFF = SSID is broadcast
D-Link DWC-2000 User Manual 99
Section 4 - Advanced WLAN Conguration
Field Description
If a wireless client broadcasts probe requests to all available SSIDs, this option controls
Ignore Broadcast
VLAN Enter a VLAN ID. Be sure this VLAN ID has been created (Network > VLAN > VLAN Setting)
MAC Authentication
Authentication Type
Redirect
Redirect URL
Wireless ARP
Suppression Mode
L2 Distributed
Tunneling Mode
whether the AP will respond to the probe request. ON = Prohibits the AP from responding to client probe requests. OFF = Allow the AP to respond to client probe requests.
If enabled, wireless clients must be authenticated by the AP in order to connect to the network. To use MAC authentication, congure the client MAC addresses in one of the databases: Local or RADIUS. In the database, set a default action to either accept or deny that client or use the global action congured.
MAC authentication is useful in networks that operate in Open mode to grant or deny access to clients with specic MAC addresses. MAC Authentication can also be used in conjunction with 802.1X security methods, in which the MAC Authentication is done prior to the 802.1X authentication.
If Captive Portal Type = Permanent User and Authentication Server = RADIUS server, select the authentication type: PAP, CHAP, MSCHAP, or MSCHAPV2.
Select the HTTP option in the Redirect eld to redirect wireless clients to a custom Web page. When redirect mode is enabled, the user will be redirected to the URL you specify after the wireless client associates with an AP and the user opens a web browser to access the Internet. The custom Web page must be located on an external web server and might contain information such as the company logo and network usage policy.
Note: The wireless client is redirected to the external Web server only once while it associated with the AP.
Redirect functionality allows you to implement captive portal functionality; a captive portal is often used at Wi-Fi hotspots to provide branding for the hotspot provider and/ or display a legal disclaimer, which the user can click-through to access the Internet.
HTTP=HTTP Redirect is enabled None=HTTP Redirect is disabled
If Redirect = HTTP, enter the URL where all initial HTTP accesses should be redirected to. This eld is accessible only when HTTP is selected as the redirect type.
Enable the mode to allow APs to reduce the number of broadcasted ARP requests on the wireless interfaces. Reducing broadcasts helps conserve power on the wireless clients. The wireless clients that use power-save mode must wake up and use more power when they detect broadcast frames.
Note: Enabling this feature slightly degrades AP packet forwarding performance due to extra packet ltering to nd DHCP packets and extra processing for ARP request and reply packets. Networks that do not use IPv4 should not enable this feature.
The distributed L2 tunneling mode supports L3 roaming for wireless clients without forwarding any data trac to the Unied Wireless controller. Use the menu to enable or disable the mode. L2 tunneling is recommended when the Unied Wireless controller does not support hardware forwarding acceleration or hardware-based L2 tunnels.
Note:
1 - When there is only one controller managing all APs and that controller goes down, all APs shut down their radios and the tunnel is terminated. After the controller recovers and the AP becomes managed again, the client that was previously tunneling trac will re-associate and obtain an IP address on the network where its currently located. This IP address will be dierent from the IP address it was using when it was tunneling, and the trac will not be tunneled. 2 - If the network has peer controllers and the tunnel is established between the APs managed by the peer controller then, when a controller managing the home AP fails, the controller managing the association AP detects the failure and terminates the tunnel. At this point the client is disassociated. When the client re-associates it obtains a new IP address. 3 - If the controller managing the association AP fails, then the scenario is the same as in item 1 above. The AP takes down all radios and the clients disassociate.
D-Link DWC-2000 User Manual 100
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use