D-link DWL-8600AP User Manual

Download

Unified Access Point (AP) Administrator’s Guide

Product Model : DWL-8600AP

Unified Wired & Wireless Access System Release 1.0 December 2009

D-Link UAP Software User Manual

12/10/09

Software User Manual D-Link UAP

12/10/09

Section 1: About This Document .....................................................................................11

Document Organization............................................................................................................................. 11

Additional Documentation......................................................................................................................... 11

Document Conventions............................................................................................................................. 12

Online Help, Supported Browsers, and Limitations ............................................................................... 13

Section 2: Getting Started.................................................................................................14

Administrator’s Computer Requirements................................................................................................ 15

Wireless Client Requirements .................................................................................................................. 16

Dynamic and Static IP Addressing on the AP ......................................................................................... 16

Recovering an IP Address .................................................................................................................... 16

Discovering a Dynamically Assigned IP Address.................................................................................. 17

Installing the UAP ...................................................................................................................................... 17

Basic Settings ............................................................................................................................................ 20

Connecting to the AP Web Interface by Using the IPv6 Address ......................................................... 21

Using the CLI to View the IP Address ...................................................................................................... 21

Configuring the Ethernet Settings............................................................................................................ 22

Using the CLI to Configure Ethernet Settings ....................................................................................... 23

Configuring IEEE 802.1X Authentication ................................................................................................. 24

Using the CLI to Configure 802.1X Authentication Information ............................................................ 24

Verifying the Installation ........................................................................................................................... 25

Configuring Security on the Wireless Access Point............................................................................... 26

Section 3: Viewing Access Point Status..........................................................................27

Viewing Interface Status............................................................................................................................ 27

Wired Settings (Internal Interface) ........................................................................................................ 27

Wireless Settings .................................................................................................................................. 28

Viewing Events ........................................................................................................................................... 28

Configuring Persistent Logging Options ............................................................................................... 29

Configuring the Log Relay Host for Kernel Messages .......................................................................... 30

Enabling or Disabling the Log Relay Host on the Events Page ............................................................ 30

Viewing Transmit and Receive Statistics ................................................................................................ 31

Viewing Associated Wireless Client Information .................................................................................... 32

34CSFP6XXUAP-SWUM100-D13 Page 3

D-Link UAP Software User Manual

12/10/09

Link Integrity Monitoring ........................................................................................................................33

Viewing Neighboring Access Points ........................................................................................................34

Viewing Managed AP DHCP Information.................................................................................................. 36

Section 4: Managing the Access Point ........................................................................... 37

Ethernet Settings ........................................................................................................................................ 37

Wireless Settings ........................................................................................................................................ 40

Using the 802.11h Wireless Mode......................................................................................................... 42

Modifying Radio Settings...........................................................................................................................43

Virtual Access Point Settings.................................................................................................................... 46

None (Plain-text)....................................................................................................................................50

Static WEP ............................................................................................................................................51

Static WEP Rules ........................................................................................................................... 52

IEEE 802.1X .......................................................................................................................................... 52

WPA Personal ....................................................................................................................................... 54

WPA Enterprise ..................................................................................................................................... 55

Configuring the Wireless Distribution System ........................................................................................ 56

WEP on WDS Links...............................................................................................................................59

WPA/PSK on WDS Links ......................................................................................................................59

Controlling Access by MAC Authentication ............................................................................................60

Configuring a MAC Filter and Station List on the AP.............................................................................60

Configuring MAC Authentication on the RADIUS Server ......................................................................61

Configuring Load Balancing...................................................................................................................... 62

Managed Access Point Overview.............................................................................................................. 63

Transitioning Between Modes ...............................................................................................................63

Configuring Managed Access Point Settings ........................................................................................64

Configuring 802.1X Authentication...........................................................................................................65

Creating a Management Access Control List .......................................................................................... 66

Section 5: Configuring Access Point Services .............................................................. 67

Configuring the Web Server Settings....................................................................................................... 67

Configuring SNMP on the Access Point................................................................................................... 68

Setting the SSH Status............................................................................................................................... 71

Setting the Telnet Status............................................................................................................................71

Configuring Quality of Service (QoS) ....................................................................................................... 72

Enabling the Network Time Protocol Server............................................................................................ 76

Page 4 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Section 6: Configuring SNMPv3.......................................................................................77

Configuring SNMPv3 Views ...................................................................................................................... 77

Configuring SNMPv3 Groups.................................................................................................................... 78

Configuring SNMPv3 Users ...................................................................................................................... 80

Configuring SNMPv3 Targets.................................................................................................................... 81

Section 7: Maintaining the Access Point .........................................................................82

Saving the Current Configuration to a Backup File................................................................................ 82

Restoring the Configuration from a Previously Saved File.................................................................... 83

Maintenance ............................................................................................................................................... 84

Resetting the Factory Default Configuration ......................................................................................... 84

Rebooting the Access Point.................................................................................................................. 85

Upgrading the Firmware............................................................................................................................ 85

Section 8: Configuring Client Quality of Service ............................................................87

Configuring VAP QoS Parameters............................................................................................................ 87

Managing Client QoS ACLs....................................................................................................................... 89

IPv4 ACLs ............................................................................................................................................. 89

ACL Configuration Process................................................................................................................... 89

Creating a DiffServ Class Map .................................................................................................................. 94

Defining DiffServ ................................................................................................................................... 94

Creating a DiffServ Policy Map ................................................................................................................. 99

Client QoS Status ..................................................................................................................................... 101

Section 9: Clustering Multiple APs ................................................................................103

Managing Access Points in the Cluster ................................................................................................. 103

Clustering Single and Dual Radio APs ............................................................................................... 103

Viewing and Configuring Cluster Members.........................................................................................103

Removing an Access Point from the Cluster.......................................................................................105

Adding an Access Point to a Cluster................................................................................................... 105

Navigating to Configuration Information for a Specific AP .................................................................. 105

Navigating to an AP by Using its IP Address in a URL ....................................................................... 106

Managing Cluster Sessions .................................................................................................................... 106

Sorting Session Information................................................................................................................ 107

Configuring and Viewing Channel Management Settings.................................................................... 107

Stopping/Starting Automatic Channel Assignment ............................................................................. 108

34CSFP6XXUAP-SWUM100-D13 Page 5

D-Link UAP Software User Manual

12/10/09

Viewing Current Channel Assignments and Setting Locks .................................................................109

Viewing the Last Proposed Set of Changes ........................................................................................109

Configuring Advanced Settings ...........................................................................................................109

Viewing Wireless Neighborhood Information ........................................................................................ 110

Viewing Details for a Cluster Member .................................................................................................113

Appendix A: Default AP Settings................................................................................... 114

Appendix B: Configuration Examples........................................................................... 116

Configuring a VAP ....................................................................................................................................116

VAP Configuration from the Web Interface .........................................................................................116

VAP Configuration from the CLI ..........................................................................................................117

VAP Configuration Using SNMP .........................................................................................................117

Configuring Radio Settings .....................................................................................................................119

Radio Configuration from the Web Interface .......................................................................................119

Radio Configuration from the CLI ........................................................................................................120

Radio Configuration Using SNMP .......................................................................................................121

Configuring the Wireless Distribution System ...................................................................................... 121

WDS Configuration from the Web Interface ........................................................................................121

WDS Configuration from the CLI .........................................................................................................123

WDS Configuration Using SNMP ........................................................................................................123

Clustering Access Points ........................................................................................................................124

Clustering APs by Using the Web Interface ........................................................................................124

Clustering APs by Using the CLI ......................................................................................................... 125

Clustering APs by Using SNMP ..........................................................................................................125

Configuring Client QoS ............................................................................................................................ 126

Configuring QoS by Using the Web Interface......................................................................................126

ACL Configuration ........................................................................................................................ 126

DiffServ Configuration .................................................................................................................. 128

ACL Configuration ........................................................................................................................ 131

DiffServ Configuration .................................................................................................................. 131

ACL Configuration ........................................................................................................................ 132

DiffServ Configuration .................................................................................................................. 134

Page 6 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

LIST OF FIGURES

Figure 1: Administrator UI Online Help ........................................................................................................... 13

Figure 2: Viewing Interface Status .................................................................................................................. 27

Figure 3: Viewing Events ................................................................................................................................ 28

Figure 4: Persistent Logging Options.............................................................................................................. 29

Figure 5: Log Relay Host ................................................................................................................................ 30

Figure 6: Viewing Traffic Statistics.................................................................................................................. 31

Figure 7: Viewing Client Association Information............................................................................................ 32

Figure 8: Viewing Neighboring Access Points ................................................................................................ 34

Figure 9: Ethernet Settings ............................................................................................................................. 38

Figure 10: Wireless Interface Configuration...................................................................................................... 40

Figure 11: Configuring Radio Settings .............................................................................................................. 43

Figure 12: Setting Up Virtual Access Points ..................................................................................................... 48

Figure 13: Configuring WDS Settings ............................................................................................................... 57

Figure 14: Configuring MAC Authentication...................................................................................................... 60

Figure 15: Configuring Load Balancing............................................................................................................. 62

Figure 16: Configuring Managed Access Point Settings................................................................................... 64

Figure 17: IEEE 802.1X Authentication ............................................................................................................ 65

Figure 18: Management ACL............................................................................................................................ 66

Figure 19: Configuring Web Server Settings .................................................................................................... 67

Figure 20: Modifying SNMP Settings ................................................................................................................ 69

Figure 21: SSH Status ...................................................................................................................................... 71

Figure 22: Telnet Status.................................................................................................................................... 71

Figure 23: Configuring QoS Settings ................................................................................................................ 73

Figure 24: Enabling Network Time Protocol Server.......................................................................................... 76

Figure 25: SNMPv3 Views ................................................................................................................................ 77

Figure 26: SNMPv3 Groups.............................................................................................................................. 79

Figure 27: SNMPv3 Users ................................................................................................................................ 80

Figure 28: SNMPv3 Target ............................................................................................................................... 81

Figure 29: Maintenance .................................................................................................................................... 84

Figure 30: VAP QoS Parameters ...................................................................................................................... 88

Figure 31: Client QoS ACL ............................................................................................................................... 90

Figure 32: Client QoS DiffServ Class Map........................................................................................................ 95

Figure 33: Client QoS DiffServ Policy Map ..................................................................................................... 100

34CSFP6XXUAP-SWUM100-D13 Page 7

D-Link UAP Software User Manual

12/10/09

Figure 34: Client QoS Status...........................................................................................................................101

Figure 35: Cluster Information and Member Configuration ............................................................................. 104

Figure 36: Session Management ....................................................................................................................106

Figure 37: Channel Management ....................................................................................................................108

Figure 38: Wireless Neighborhood ..................................................................................................................111

Figure 39: Details for a Cluster Member AP....................................................................................................113

Page 8 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

LIST OF TABLES

Table 1: Typographical Conventions ............................................................................................................. 12

Table 2: Requirements for the Administrator’s Computer.............................................................................. 15

Table 3: Requirements for Wireless Clients .................................................................................................. 16

Table 4: Basic Settings Page......................................................................................................................... 20

Table 5: CLI Commands for Ethernet Setting................................................................................................ 23

Table 6: CLI Commands for the 802.1X Supplicant ...................................................................................... 24

Table 7: Logging Options............................................................................................................................... 29

Table 8: Log Relay Host ................................................................................................................................ 30

Table 9: Transmit/Receive............................................................................................................................. 32

Table 10: Associated Clients ........................................................................................................................... 33

Table 11: Neighboring Access Points.............................................................................................................. 35

Table 12: Ethernet Settings Page.................................................................................................................... 38

Table 13: Wireless Settings ............................................................................................................................. 41

Table 14: Radio Settings ................................................................................................................................. 44

Table 15: Virtual Access Point Settings........................................................................................................... 48

Table 16: Static WEP....................................................................................................................................... 51

Table 17: IEEE 802.1X .................................................................................................................................... 53

Table 18: WPA Personal ................................................................................................................................. 54

Table 19: WPA Enterprise ............................................................................................................................... 55

Table 20: WDS Settings .................................................................................................................................. 58

Table 21: WEP on WDS Links ......................................................................................................................... 59

Table 22: WPA/PSK on WDS Links................................................................................................................. 59

Table 23: MAC Authentication ......................................................................................................................... 61

Table 24: RADIUS Server Attributes for MAC Authentication ......................................................................... 61

Table 25: Load Balancing ................................................................................................................................ 62

Table 26: Managed Access Point .................................................................................................................... 64

Table 27: IEEE 802.1X Supplicant Authentication........................................................................................... 65

Table 28: Management ACL............................................................................................................................ 66

Table 29: Web Server Settings ........................................................................................................................ 68

Table 30: SNMP Settings ................................................................................................................................ 69

Table 31: SSH Settings ................................................................................................................................... 71

Table 32: Telnet Settings................................................................................................................................. 72

Table 33: QoS Settings.................................................................................................................................... 73

34CSFP6XXUAP-SWUM100-D13 Page 9

D-Link UAP Software User Manual

12/10/09

Table 34: SNTP Settings..................................................................................................................................76

Table 35: SNMPv3 Views ................................................................................................................................78

Table 36: SNMPv3 Groups .............................................................................................................................. 79

Table 37: SNMP v3 Users................................................................................................................................80

Table 38: SNMPv3 Targets .............................................................................................................................. 81

Table 39: VAP QoS Parameters ...................................................................................................................... 88

Table 40: ACL Configuration ............................................................................................................................ 90

Table 41: DiffServ Class Map ..........................................................................................................................95

Table 42: DiffServ Policy Map ........................................................................................................................100

Table 43: Client QoS Status...........................................................................................................................102

Table 44: Access Points in the Cluster ..........................................................................................................104

Table 45: Clustering Options..........................................................................................................................105

Table 46: Session Management ....................................................................................................................107

Table 47: Channel Assignments .................................................................................................................... 109

Table 48: Last Proposed Changes.................................................................................................................109

Table 49: Advanced Channel Management Settings .....................................................................................110

Table 50: Wireless Neighborhood Information............................................................................................... 111

Table 51: Cluster Member Details..................................................................................................................113

Table 52: UAP Default Settings .....................................................................................................................114

Page 10 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Section 1: About This Document

This guide describes setup, configuration, administration and maintenance for the D-Link® Unified Access Point (UAP) on a wireless network.

DOCUMENT ORGANIZATION

The

Unified Access Point Administrator’s Guide

• Section 1: “About This Document” on page 11

• Section 2: “Getting Started” on page 14

• Section 3: “Viewing Access Point Status” on page 27

• Section 4: “Managing the Access Point” on page 37

• Section 5: “Configuring Access Point Services” on page 67

• Section 6: “Configuring SNMPv3” on page 77

• Section 7: “Maintaining the Access Point” on page 82

• Section 8: “Configuring Client Quality of Service” on page 87

• Section 9: “Clustering Multiple APs” on page 103

• Appendix A “Default AP Settings” on page 114

• Appendix B “Configuration Examples” on page 116

contains the following sections:

ADDITIONAL DOCUMENTATION

The following documents are also available for the D-Link UAP.

• The

34CSFP6XXUAP-SWUM100-D13 About This Document Page 11

Unified Access Point CLI Command Reference

Unified Access Point Release Notes

describe known issues and limitations.

contains information about using the UAP command-line interface.

D-Link UAP Software User Manual

12/10/09

DOCUMENT CONVENTIONS

This section describes the conventions this document uses.

Note: A note provides more information about a feature or technology and cross-references to related topics.

Caution! A caution provides information about critical aspects of AP configuration, combinations of settings,

events, or procedures that can adversely affect network connectivity, security, and so on.

The following table describes the typographical conventions used in this guide.

Table 1: Typographical Conventions

Symbol Example Description

Bold Click Update to save your

settings.

Blue Text See “Document Conventions”

on page 12.

Menu titles, page names, and button names

Hyperlinked text.

courier font WLAN-AP# show network Screen text, file names, commands, user-typed

command-line entries

courier font italics value Command parameter, which might be a variable or fixed

<> Angle brackets <value> Indicates a parameter is a variable. You must enter a

[ ] Square brackets [value] Indicates an optional fixed parameter.

[< >] Angle brackets within square brackets

{} curly braces {choice1 | choice2} Indicates that you must select a parameter from the list of

| Vertical bars choice1 | choice2 Separates the mutually exclusive choices.

[{}] Braces within square brackets

[<value>] Indicates an optional variable.

[{choice1 | choice2}] Indicate a choice within an optional element.

value.

value in place of the brackets and text inside them.

choices.

Page 12 Document Conventions 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

ONLINE HELP, SUPPORTED BROWSERS, AND LIMITATIONS

Online help for the UAP Administration Web pages provides information about all fields and features available from the user interface (UI). The information in the online help is a subset of the information available in the

Administrator’s Guide

Online help information corresponds to each page on the UAP Administration UI.

For information about the settings on the current page, click the link on the right side of a page or the More... link at the bottom of the help panel on the UI.

The following figure shows an example of the online help available from the links on the user interface.

Unified Access Point

Figure 1: Administrator UI Online Help

34CSFP6XXUAP-SWUM100-D13 Online Help, Supported Browsers, and Limitations Page 13

D-Link UAP Software User Manual

12/10/09

Section 2: Getting Started

The D-Link UAP provides continuous, high-speed access between wireless devices and Ethernet devices. It is an advanced, standards-based solution for wireless networking in businesses of any size. The UAP enables wireless local area network (WLAN) deployment while providing state-of-the-art wireless networking features.

The UAP can operate in two modes: Standalone Mode or Managed Mode. In Standalone Mode, the UAP acts as an individual access point in the network, and you manage it by using the Administrator Web User Interface (UI), command-line interface (CLI), or SNMP. In Managed Mode, the UAP is part of the D-Link Unified Access System, and you manage it by using the D-Link Unified Switch. If an AP is in Managed Mode, the Administrator Web UI, Telnet, SSH, and SNMP services are disabled.

This document describes how to perform the setup, management, and maintenance of the UAP in Standalone Mode. For information about configuring the AP in Managed Mode by using the D-Link Unified Switch, see the the switch.

Before you power on a new UAP, review the following sections to check required hardware and software components, client configurations, and compatibility issues. Make sure you have everything you need for a successful launch and test of your new or extended wireless network.

Administrator Guide

for

This section contains the following topics:

• Administrator’s Computer Requirements

• Wireless Client Requirements

• Dynamic and Static IP Addressing on the AP

• Installing the UAP

• Basic Settings

• Using the CLI to View the IP Address

• Configuring the Ethernet Settings

• Configuring IEEE 802.1X Authentication

• Verifying the Installation

• Configuring Security on the Wireless Access Point

To manage the UAP by using the Web interface or by using the CLI through Telnet or SSH, the AP needs an IP address. If you use VLANs or IEEE 802.1X Authentication (port security) on your network, you might need to configure additional settings on the AP before it can connect to the network.

Note: The WLAN AP is not designed to function as a gateway to the Internet. To connect your WLAN to other LANs or the Internet, you need a gateway device.

Page 14 Getting Started 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

ADMINISTRATOR’S COMPUTER REQUIREMENTS

The following table describes the minimum requirements for the administrator’s computer for configuration and administration of the UAP through a Web-based user interface (UI).

Table 2: Requirements for the Administrator’s Computer

Required Software or Component Description

Serial or Ethernet Connection to the Access Point

Wireless Connection to the Network After initial configuration and launch of the first access point on your new

Web Browser and Operating System Configuration and administration of the UAP is provided through a Web-based

Security Settings Ensure that security is disabled on the wireless client used to initially configure

The computer used to configure the first access point must be connected to the access point by a serial cable or an Ethernet cable.

wireless network, you can make subsequent configuration changes through the Administration Web pages using a wireless connection to the internal network. For wireless connection to the access point, your administration device will need Wi-Fi capability similar to that of any wireless client:

Portable or built-in Wi-Fi client adapter that supports one or more of the IEEE

802.11 modes in which you plan to run the access point. Wireless client software configured to associate with the UAP.

user interface hosted on the access point. We recommend using one of the following supported Web browsers to access the access point Administration Web pages:

• Microsoft for either major version) on Microsoft Windows 2000

• Netscape Mozilla 1.7.x on Redhat® Linux® version 2.4 or later

The administration Web browser must have JavaScript™ enabled to support the interactive features of the administration interface.

the access point.

Internet Explorer® version 5.5 or 6.x (with up-to-date patch level

XP or Microsoft Windows

34CSFP6XXUAP-SWUM100-D13 Administrator’s Computer Requirements Page 15

D-Link UAP Software User Manual

12/10/09

WIRELESS CLIENT REQUIREMENTS

The UAP provides wireless access to any client with a properly configured Wi-Fi client adapter for the 802.11 mode in which the access point is running. The UAP supports multiple client operating systems. Clients can be laptop or desktop computers, personal digital assistants (PDAs), or any other hand-held, portable or stationary device equipped with a Wi-Fi adapter and supporting drivers.

In order to connect to the access point, wireless clients need the software and hardware described in the following table.

Table 3: Requirements for Wireless Clients

Required Component Description

Wi-Fi Client Adapter Portable or built-in Wi-Fi client adapter that supports one or more of the IEEE 802.11 modes

Wireless Client Software Client software, such as Microsoft Windows Supplicant, configured to associate with the UAP.

Client Security Settings Security should be disabled on the client used to do initial configuration of the access point.

in which you plan to run the access point. (IEEE 802.11a, 802.11b, 802.11g, and 802.11n modes are supported.)

If the Security mode on the access point is set to anything other than plain text, wireless clients will need to set a profile to the authentication mode used by the access point and provide a valid username and password, certificate, or similar user identity proof. Security modes are Static WEP, IEEE 802.1X, WPA with RADIUS server, and WPA-PSK.

For information about configuring security on the access point, see “Virtual Access Point

Settings” on page 46.

DYNAMIC AND STATIC IP ADDRESSING ON THE AP

When you power on the access point, the built-in DHCP client searches for a DHCP server on the network in order to obtain an IP Address and other network information. If the AP does not find a DHCP server on the network, the AP continues to use its default Static IP Address (10.90.90.91) until you re-assign it a new static IP address (and specify a static IP addressing policy) or until the AP successfully receives network information from a DHCP server.

To change the connection type and assign a static IP address by using the CLI, see “Configuring the Ethernet Settings” on

page 22 or, by using the Web UI, see “Ethernet Settings” on page 37.

Caution! If you do not have a DHCP server on your internal network, and do not plan to use one, the first thing you must do after powering on the access point is change the connection type from DHCP to static IP. You can either assign a new static IP address to the AP or continue using the default address. We recommend assigning a new static IP address so that if you bring up another WLAN AP on the same network, the IP address for each AP will be unique.

RECOVERING AN IP ADDRESS

If you experience trouble communicating with the access point, you can recover a static IP address by resetting the AP configuration to the factory defaults (see “Resetting the Factory Default Configuration” on page 84), or you can get a dynamically assigned address by connecting the AP to a network that has a DHCP server.

Page 16 Wireless Client Requirements 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

DISCOVERING A DYNAMICALLY ASSIGNED IP ADDRESS

If you have access to the DHCP server on your network and know the MAC address of your AP, you can view the new IP address associated with the MAC address of the AP.

If you do not have access to the DHCP server that assigned the IP address to the AP or do not know the MAC address of the AP, you might need to use the CLI to find out what the new IP address is. For information about how to discover a dynamically assigned IP address, see “Using the CLI to View the IP Address” on page 21.

INSTALLING THE UAP

To access the Administration Web UI, you enter the IP address of the AP into a Web browser. You can use the default IP address of the AP (10.90.90.91) to log on to the AP and assign a static IP address, or you can use a DHCP server on you network to assign network information to the AP. The DHCP client on the AP is enabled by default.

To install the UAP, use the following steps:

1. Connect the AP to an administrative PC by using a LAN connection or a direct-cable connection.

• To use a LAN connection, connect one end of an Ethernet cable to the network port on the access point and the other end to the same hub where your PC is connected, as shown in the following figure.

The hub or switch you use must permit broadcast signals from the access point to reach all other devices on the network.

• To use a direct-cable connection, connect one end of an Ethernet straight-through or crossover cable to the network port on the access point and the other end of the cable to the Ethernet port on the PC, as shown in the following figure. You can also use a serial cable to connect the serial port on the AP to a serial port on the administrative computer.

For initial configuration with a direct Ethernet connection and no DHCP server, be sure to set your PC to a static IP address in the same subnet as the default IP address on the access point. (The default IP address for the access point is 10.90.90.91.)

If you use this method, you will need to reconfigure the cabling for subsequent startup and deployment of the access

34CSFP6XXUAP-SWUM100-D13 Installing the UAP Page 17

D-Link UAP Software User Manual

12/10/09

point so that the access point is no longer connected directly to the PC but instead is connected to the LAN (either by using a hub or directly).

Note: It is possible to detect access points on the network with a wireless connection. However, we strongly advise against using this method. In most environments you may have no way of knowing whether you are actually connecting to the intended AP. Also, many of the initial configuration changes required will cause you to lose connectivity with the AP over a wireless connection.

2. Connect the power adapter to the power port on the back of the access point, and then plug the other end of the power cord into a power outlet.

3. Use your Web browser to log on to the UAP Administration Web pages.

- If the AP did not acquire an IP address from a DHCP server on your network, enter 10.90.90.91 in the address field

of your browser, which is the default IP address of the AP.

- If you used a DHCP server on your network to automatically configure network information for the AP, enter the new

IP address of the AP into the Web browser.

- If you used a DHCP server and you do not know the new IP address of the AP, use the following procedures to

obtain the information:

a. Connect a serial cable from the administrative computer to the AP and use a terminal emulation program to access

the command-line interface (CLI).

b. At the login prompt, enter admin for the user name and admin for the password. At the command prompt, enter get

management

- The command output displays the IP address of the AP. Enter this address in the address field of your browser. For

a more detailed explanation about how to log on to the CLI by using the console port, see

IP Address” on page 21.

4. When prompted, enter admin for the user name and admin for the password, then click OK.

“Using the CLI to View the

When you first log in, the Basic Settings page for UAP administration is displayed, as the following figure shows. This page is also accessible from the Tools > Basic Settings menu.

Page 18 Installing the UAP 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

5. Verify the settings on the Basic Settings page.

• Review access point description and provide a new administrator password for the access point if you do not want to use the default password, which is admin.

•Click the Update button to activate the wireless network with these new settings.

Note: The changes you make are not saved or applied until you click Update. Changing some access point settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low.

For more information about the fields and configuration options on the Basic Settings page, see “Basic Settings” on

page 20.

6. If you do not have a DHCP server on the management network and do not plan to use one, you must change the Connection Type from DHCP to Static IP.

You can either assign a new Static IP address to the AP or continue using the default address. We recommend assigning a new Static IP address so that if you bring up another UAP on the same network, the IP address for each AP will be unique. To change the connection type and assign a static IP address, see “Configuring the Ethernet Settings” on

page 22 (CLI) or “Ethernet Settings” on page 37 (Web).

34CSFP6XXUAP-SWUM100-D13 Installing the UAP Page 19

D-Link UAP Software User Manual

12/10/09

7. If your network uses VLANs, you might need to configure the management VLAN ID or untagged VLAN ID on the UAP in order for it to work with your network.

For information about how to configure VLAN information, see “Configuring the Ethernet Settings” on page 22 (CLI) or

“Ethernet Settings” on page 37 (Web).

8. If your network uses IEEE 802.1X port security for network access control, you must configure the 802.1X supplicant information on the AP.

For information about how to configure the 802.1X user name and password, see “Configuring IEEE 802.1X

Authentication” on page 24.

BASIC SETTINGS

From the Basic Settings page, you can view various information about the UAP, including IP and MAC address information, and configure the administrator password for the UAP. Tabl e 4 describes the fields and configuration options on the Basic

Settings page.

Table 4: Basic Settings Page

Field Description

IP Address Shows the IP address assigned to the AP. This field is not editable on this page because the IP

address is already assigned (either by DHCP, or statically through the Ethernet Settings page).

IPv6 Address Shows the IPv6 address assigned to the AP. This field is not editable on this page because the IP

IPv6 Link Local Address

MAC Address Shows the MAC address of the AP. The address shown here is the MAC address associated with

Firmware Version Shows version information about the firmware currently installed on the AP. As new versions of the

Product Identifier Identifies the AP hardware model.

Hardware Version Identifies the AP hardware version.

Device Name Generic name to identify the type of hardware.

Device Description Provides information about the product hardware.

Current Password Enter the current administrator password. You must correctly enter the current password before you

New Password Enter a new administrator password. The characters you enter are displayed as bullet characters to

Confirm New Password

address is already assigned (either by DHCPv6, or statically through the Ethernet Settings page).

Shows the IPv6 Link Local address, which is the IPv6 address used by the local physical link. The link local address is not configurable and is assigned by using the IPv6 Neighbor Discovery process.

the management interface. This is the address by which the AP is known externally to other networks.

WLAN AP firmware become available, you can upgrade the firmware on your APs.

are able to change it.

prevent others from seeing your password as you type. The administrator password must be an alphanumeric string of up to 8 characters. Do not use

special characters or spaces.

Note:

As an immediate first step in securing your wireless network, we recommend that you

change the administrator password from the default.

Re-enter the new administrator password to confirm that you typed it as intended.

Page 20 Basic Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Table 4: Basic Settings Page

Field Description

Baud Rate Select a baud rate for the serial port connection. The baud rate on the AP must match the baud rate

System Name Enter a name for the AP. This name appears only on the Basic Settings page and is a name to

System Contact Enter the name, e-mail address, or phone number of the person to contact regarding issues related

System Location Enter the physical location of the AP, for example Conference Room A.

on the terminal or terminal emulator to connect to the AP command-line interface (CLI) by using a serial (console) connection.

The following baud rates are available:

• 9600

• 19200

• 38400

• 57600

• 115200

identify the AP to the administrator. Use up to 64 alphanumeric characters, for example My AP.

to the AP.

CONNECTING TO THE AP WEB INTERFACE BY USING THE IPV6 ADDRESS

To connect to the AP by using the IPv6 global address or IPv6 link local address, you must enter the AP address into your browser in a special format.

Note: The following instructions and examples work with Microsoft Internet Explorer 7 (IE7) and might not work with other browsers.

To connect to an IPv6 global address, add square brackets around the IPv6 address. For example, if the AP global IPv6 address is 2520::230:abff:fe00:2420, type the following address into the IE7 address field: http://[2520::230:abff:fe00:2420].

To connect to the iPv6 link local address, replace the colons (:) with hyphens (-), add the interface number preceded with an "s," then add ".ipv6-literal.net." For example, if the AP link local address is fe80::230:abff:fe00:2420, and the Windows interface is defined as "%6," type the following address into the IE7 address field: http://fe80--230-abff-fe00-2420s6.ipv6literal.net.

USING THE CLI TO VIEW THE IP ADDRESS

The DHCP client on the UAP is enabled by default. If you connect the UAP to a network with a DHCP server, the AP automatically acquires an IP address. To manage the UAP by using the Administrator UI, you must enter the IP address of the access point into a Web browser.

If a DHCP server on your network assigns an IP address to the UAP, and you do not know the IP address, use the following steps to view the IP address of the UAP:

1. Using a null-modem cable, connect a VT100/ANSI terminal or a workstation to the console (serial) port.

If you attached a PC, Apple, or UNIX workstation, start a terminal-emulation program, such as HyperTerminal or TeraTerm.

2. Configure the terminal-emulation program to use the following settings:

34CSFP6XXUAP-SWUM100-D13 Using the CLI to View the IP Address Page 21

D-Link UAP Software User Manual

12/10/09

• Baud rate: 115200 bps

• Data bits: 8

• Parity: none

• Stop bit: 1

• Flow control: none

3. Press the return key, and a login prompt should appear.

The login name is admin. The default password is admin. After a successful login, the screen shows the (

Access Point Name

4. At the login prompt, enter get management.

Information similar to the following prints to the screen.

)# prompt.

CONFIGURING THE ETHERNET SETTINGS

The default Ethernet settings, which include DHCP and VLAN information, might not work for all networks.

By default, the DHCP client on the UAP automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.

The management VLAN is VLAN 1 by default. This VLAN is also the default untagged VLAN. If you already have a management VLAN configured on your network with a different VLAN ID, you must change the VLAN ID of the management VLAN on the access point.

For information about using the Web interface to configure the Ethernet settings, see “Ethernet Settings” on page 37. You can also use the CLI to configure the Ethernet settings, which the following section describes.

Page 22 Configuring the Ethernet Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

USING THE CLI TO CONFIGURE ETHERNET SETTINGS

Use the commands shown in the following table to view and set values for the Ethernet (wired) interface. For more information about each setting, see the description for the field in Table 12 on page 38.

Table 5: CLI Commands for Ethernet Setting

Action Command

Get the DNS Name get host id

Set the DNS Name set host id

For example:

set host id vicky-ap

Get Current Settings for the Ethernet (Wired) Internal Interface

Set the management VLAN ID set management vlan-id

View untagged VLAN information get untagged-vlan

Enable the untagged VLAN set untagged-vlan status up

Disable the untagged VLAN set untagged-vlan status down

Set the untagged VLAN ID set untagged-vlan vlan-id

View the connection type get management dhcp-status

Use DHCP as the connection type set management dhcp-client status up

Use a Static IP as the connection type set management dhcp-client status down

Set the Static IP address set management static-ip <ip_address>

Set a Subnet Mask set management static-mask

Set the Default Gateway

View the DNS Nameserver mode Dynamic= up Manual=down

Set DNS Nameservers to Use Static IP Addresses (Dynamic to Manual Mode)

Set DNS Nameservers to Use DHCP IP Addressing (Manual to Dynamic Mode)

get management

Example: set management static-ip 10.10.12.221

Example: set management static-mask 255.255.255.0

set static-ip-route gateway

Example: set static-ip-route gateway 10.10.12.1

get host dns-via-dhcp

set host dns-via-dhcp down set host static-dns-1 <ip_address> set host static-dns-2 <ip_address>

Example: set host static-dns-1 192.168.23.45

set host dns-via-dhcp up

<host_name>

<1-4094>

<ip_address>

34CSFP6XXUAP-SWUM100-D13 Configuring the Ethernet Settings Page 23

D-Link UAP Software User Manual

12/10/09

In the following example, the administrator uses the CLI to set the management VLAN ID to 123 and to disable the untagged VLAN so that all traffic is tagged with a VLAN ID.

D-Link-WLAN-AP# set management vlan-id 123 D-Link-WLAN-AP# set untagged-vlan status down

D-Link-WLAN-AP# get management Property Value

------------------------------

vlan-id 123 interface brvlan123 static-ip 10.90.90.91 static-mask 255.0.0.0 ip 10.254.24.43 mask 255.255.248.0 mac 00:02:BC:00:14:E8 dhcp-status up

D-Link-WLAN-AP# get untagged-vlan Property Value

---------------

vlan-id 1 status down D-Link-WLAN-AP#

CONFIGURING IEEE 802.1X AUTHENTICATION

On networks that use IEEE 802.1X, port-based network access control, a supplicant (client) cannot gain access to the network until the 802.1X authenticator grants access. If your network uses 802.1X, you must configure 802.1X authentication information that the AP can supply to the authenticator.

If your network uses IEEE 802.1X see “Configuring 802.1X Authentication” on page 65 for information about how to configure

802.1X by using the Web interface.

USING THE CLI TO CONFIGURE 802.1X AUTHENTICATION INFORMATION

The following table shows the commands used to configure the 802.1X supplicant information using the CLI.

Table 6: CLI Commands for the 802.1X Supplicant

Action Command

View 802.1X supplicant settings get dot1x-supplicant

Enable 802.1X supplicant set dot1x-supplicant status up

Disable 802.1X supplicant set dot1x-supplicant status down

Set the 802.1X user name set dot1x-supplicant user

Set the 802.1s password set dot1x-supplicant password

<name>

In the following example, the administrator enables the 802.1X supplicant and sets the user name to wlanAP and the password to test1234.

Page 24 Configuring IEEE 802.1X Authentication 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

D-Link-WLAN-AP# set dot1x-supplicant status up D-Link-WLAN-AP# set dot1x-supplicant user wlanAP D-Link-WLAN-AP# set dot1x-supplicant password test1234 D-Link-WLAN-AP# get dot1x-supplicant Property Value

---------------status up user wlanAP

VERIFYING THE INSTALLATION

Make sure the access point is connected to the LAN and associate some wireless clients with the network. Once you have tested the basics of your wireless network, you can enable more security and fine-tune the AP by modifying advanced configuration features.

1. Connect the access point to the LAN.

• If you configured the access point and administrator PC by connecting both into a network hub, then your access point is already connected to the LAN. The next step is to test some wireless clients.

• If you configured the access point by using a direct cable connection from your computer to the access point, do the following procedures:

a. Disconnect the cable from the computer and the access point.

b. Connect an Ethernet cable from the access point to the LAN.

c. Connect your computer to the LAN by using an Ethernet cable or a wireless card.

2. Test LAN connectivity with wireless clients.

Test the UAP by trying to detect it and associate with it from some wireless client devices. For information about requirements for these clients, see “Wireless Client Requirements” on page 16.

3. Secure and configure the access point by using advanced features.

Once the wireless network is up and you can connect to the AP with some wireless clients, you can add in layers of security, create multiple virtual access points (VAPs), and configure performance settings.

Note: The WLAN AP is not designed for multiple, simultaneous configuration changes. If more than one administrator is logged onto the Administration Web pages and making changes to the configuration, there is no guarantee that all configuration changes specified by multiple users will be applied.

By default, no security is in place on the access point, so any wireless client can associate with it and access your LAN. An important next step is to configure security, as described in “Virtual Access Point Settings” on page 46.

34CSFP6XXUAP-SWUM100-D13 Verifying the Installation Page 25

D-Link UAP Software User Manual

12/10/09

CONFIGURING SECURITY ON THE WIRELESS ACCESS POINT

You configure secure wireless client access by configuring security for each virtual access point (VAP) that you enable. You can configure up to 16 VAPs per radio that simulate multiple APs in one physical access point. By default, only one VAP is enabled. For each VAP, you can configure a unique security mode to control wireless client access.

Each radio has 16 VAPs, with VAP IDs from 0-15. By default, only VAP 0 on each radio is enabled. VAP0 has the following default settings:

• VLAN ID: 1

• Broadcast SSID: Enabled

• SSID: dlink1

• Security: None

• MAC Authentication Type: None

• Redirect Mode: None

All other VAPs are disabled by default. The default SSID for VAPs 1–15 is dlinkx where x is the VAP ID.

To prevent unauthorized access to the UAP, we recommend that you select and configure a security option other than None for the default VAP and for each VAP that you enable.

For information about how to configure the security settings on each VAP, see “Virtual Access Point Settings” on page 46.

Page 26 Configuring Security on the Wireless Access Point 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Section 3: Viewing Access Point Status

This section describes the information you can view from the tabs under the Status heading on the navigation tree of the UAP Web UI. This section contains the following subsections:

• Viewing Interface Status

• Viewing Events

• Viewing Transmit and Receive Statistics

• Viewing Associated Wireless Client Information

• Viewing Neighboring Access Points

• Viewing Managed AP DHCP Information

VIEWING INTERFACE STATUS

To monitor Ethernet LAN and wireless LAN (WLAN) settings, click the Interfaces tab.

Figure 2: Viewing Interface Status

This page displays the current settings of the UAP. It displays the Wired Settings and the Wireless Settings.

WIRED SETTINGS (INTERNAL INTERFACE)

The Internal interface includes the Ethernet MAC Address, Management VLAN ID, IP Address (IPv4 and IPv6), Subnet

Mask, and DNS information. If you want to change any of these settings, click the Edit link. After you click Edit, you are

redirected to the Ethernet Settings page.

34CSFP6XXUAP-SWUM100-D13 Viewing Access Point Status Page 27

D-Link UAP Software User Manual

12/10/09

For information about configuring these settings, see “Configuring the Ethernet Settings” on page 22.

WIRELESS SETTINGS

The Radio Interface includes the Radio Mode and Channel. The Wireless Settings section also shows the MAC address (read-only) associated with each radio interface.

If you want to change the Radio Mode or Channel settings, click the Edit link. After you click Edit, you are redirected to the Wireless Settings page.

For information about configuring these settings, see “Wireless Settings” on page 40 and “Modifying Radio Settings” on

page 43.

VIEWING EVENTS

The Events page shows real-time system events on the AP such as wireless clients associating with the AP and being authenticated.

To view system events, click the Events tab.

Figure 3: Viewing Events

From the Events page, you can view the most recent events generated by this AP and configure logging settings. You can enable and configure persistent logging to write system event logs to non-volatile memory so that the events are not erased when the system reboots. This page also gives you the option of enabling a remote log relay host to capture all system events and errors in a Kernel Log.

Page 28 Viewing Events 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Note: The AP acquires its date and time information using the network time protocol (NTP). This data is reported in UTC format (also known as Greenwich Mean Time). You need to convert the reported time to your local time. For information on setting the network time protocol, see “Enabling the Network Time Protocol Server” on page 76.

CONFIGURING PERSISTENT LOGGING OPTIONS

If the system unexpectedly reboots, log messages can be useful to diagnose the cause. However, log messages are erased when the system reboots unless you enable persistent logging.

Caution! Enabling persistent logging can wear out the flash (non-volatile) memory and degrade network performance. You should only enable persistent logging to debug a problem. Make sure you disable persistent logging after you finish debugging the problem.

To configure persistent logging on the Events page, set the persistence, severity, and depth options as described in Tab le 7, and then click Update.

Figure 4: Persistent Logging Options

Table 7: Logging Options

Field Description

Persistence Choose Enabled to save system logs to non-volatile memory so that the logs are not

Severity Specify the severity level of the log messages to write to non-volatile memory. For

Depth You can store up to 128 messages in non-volatile memory. Once the number you

erased when the AP reboots. Choose Disabled to save system logs to volatile memory. Logs in volatile memory are deleted when the system reboots.

example, if you specify 2, critical, alert, and emergency logs are written to non-volatile memory. Error messages with a severity level of 3–7 are written to volatile memory.

• 0—emergency

• 1—alert

• 2—critical

• 3—error

• 4—warning

• 5—notice

• 6—info

• 7—debug

configure in this field is reached, the oldest log event is overwritten by the new log event.

34CSFP6XXUAP-SWUM100-D13 Viewing Events Page 29

D-Link UAP Software User Manual

12/10/09

Note: To apply your changes, click Apply. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN traffic is low.

CONFIGURING THE LOG RELAY HOST FOR KERNEL MESSAGES

The Kernel Log is a comprehensive list of system events (shown in the System Log) and kernel messages such as error conditions, like dropping frames.

You cannot view kernel log messages directly from the Administration Web UI for an AP. You must first set up a remote server running a syslog process and acting as a syslog log relay host on your network. Then, you can configure the UAP to send syslog messages to the remote server.

Remote log server collection for AP syslog messages provides the following features:

• Allows aggregation of syslog messages from multiple APs

• Stores a longer history of messages than kept on a single AP

• Triggers scripted management operations and alerts

To use Kernel Log relaying, you must configure a remote server to receive the syslog messages. The procedure to configure a remote log host depends on the type of system you use as the remote host.

Note: The syslog process will default to use port 514. We recommend keeping this default port. However; If you choose to reconfigure the log port, make sure that the port number you assign to syslog is not being used by another process.

ENABLING OR DISABLING THE LOG RELAY HOST ON THE EVENTS PAGE

To enable and configure Log Relaying on the Events page, set the Log Relay options as described in the following table, and then click Apply.

Figure 5: Log Relay Host

Table 8: Log Relay Host

Field Description

Relay Log Select Enabled to allow the UAP to send log messages to a remote host. Select Disabled to keep

Relay Host Specify the IP Address or DNS name of the remote log server.

Page 30 Viewing Events 34CSFP6XXUAP-SWUM100-D13

all log messages on the local system.

Software User Manual D-Link UAP

12/10/09

Table 8: Log Relay Host

Field Description

Relay Port Specify the Port number for the syslog process on the Relay Host.

The default port is 514.

If you enabled the Log Relay Host, clicking Apply will activate remote logging. The AP will send its kernel messages realtime for display to the remote log server monitor, a specified kernel log file, or other storage, depending on how you configured the Log Relay Host.

If you disabled the Log Relay Host, clicking Apply will disable remote logging.

VIEWING TRANSMIT AND RECEIVE STATISTICS

The Transmit/Receive page provides some basic information about the current AP and a real-time display of the transmit and receive statistics for the Ethernet interface on the AP and for the VAPs on both radio interfaces. All transmit and receive statistics shown are totals since the AP was last started. If you reboot the AP, these figures indicate transmit and receive totals since the reboot.

To view transmit and receive statistics for the AP, click the Transmit/Receive tab.

Figure 6: Viewing Traffic Statistics

34CSFP6XXUAP-SWUM100-D13 Viewing Transmit and Receive Statistics Page 31

D-Link UAP Software User Manual

12/10/09

Table 9: Transmit/Receive

Field Description

Interface The name of the Ethernet or VAP interface.

Status Shows whether the interface is up or down.

MAC Address MAC address for the specified interface.

The UAP has a unique MAC address for each interface. Each radio has a different MAC address for each interface on each of its two radios.

VLAN ID Virtual LAN (VLAN) ID.

You can use VLANs to establish multiple internal and guest networks on the same AP. The VLAN ID is set on the VAP tab. (See “Configuring Load Balancing” on page 62.)

Name (SSID) Wireless network name. Also known as the SSID, this alphanumeric key uniquely

Transmit and Receive Information

Total Packets Indicates total packets sent (in Transmit table) or received (in Received table) by this AP.

Total Bytes Indicates total bytes sent (in Transmit table) or received (in Received table) by this AP.

Total Drop Packets Indicates total number of packets sent (in Transmit table) or received (in Received table)

Total Drop Bytes Indicates total number of bytes sent (in Transmit table) or received (in Received table) by

Errors Indicates total errors related to sending and receiving data on this AP.

identifies a wireless local area network. The SSID is set on the VAP tab. (See “Configuring Load Balancing” on page 62.)

by this AP that were dropped.

this AP that were dropped.

VIEWING ASSOCIATED WIRELESS CLIENT INFORMATION

To view the client stations associated with a particular access point, click the Client Associations tab.

Figure 7: Viewing Client Association Information

The associated stations are displayed along with information about packet traffic transmitted and received for each station.

Table 10 describes the fields on the Client Associations page.

Page 32 Viewing Associated Wireless Client Information 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Table 10: Associated Clients

Field Description

Network Shows which VAP the client is associated with. For example, an entry of wlan0vap2 means the

client is associated with Radio 1, VAP 2. An entry of wlan0 means the client is associated with VAP 0 on Radio 1. An entry of wlan1

means the client is associated with VAP 0 on Radio 2.

Station Shows the MAC address of the associated wireless client.

Status The Authenticated and Associated Status shows the underlying IEEE 802.11 authentication

and association status, which is present no matter which type of security the client uses to connect to the AP. This status does not show IEEE 802.1X authentication or association status.

Some points to keep in mind with regard to this field are:

• If the AP security mode is None or Static WEP, the authentication and association status of clients showing on the Client Associations tab will be in line with what is expected; that is, if a client shows as authenticated to the AP, it will be able to transmit and receive data. (This is because Static WEP uses only IEEE 802.11 authentication.)

• If the AP uses IEEE 802.1X or WPA security, however, it is possible for a client association to show on this tab as authenticated (via the IEEE 802.11 security) but actually not be authenticated to the AP via the second layer of security.

From Station Shows the number of packets and bytes received from the wireless client and the number of

To Station Shows the number of packets and bytes transmitted from the AP to the wireless client and the

packets and bytes that were dropped after being received.

number of packets and bytes that were dropped upon transmission.

LINK INTEGRITY MONITORING

The UAP provides link integrity monitoring to continually verify its connection to each associated client. To do this, the AP sends data packets to clients every few seconds when no other traffic is passing. This allows the AP to detect when a client goes out of range, even during periods when no normal traffic is exchanged. The client connection drops off the list within 300 seconds if these data packets are not acknowledged, even if no disassociation message is received.

34CSFP6XXUAP-SWUM100-D13 Viewing Associated Wireless Client Information Page 33

D-Link UAP Software User Manual

12/10/09

VIEWING NEIGHBORING ACCESS POINTS

The status page for Neighboring Access Points provides real-time statistics for all APs within range of the AP on which you are viewing the Administration Web pages. Click Apply to refresh the screen and display the most current information.

To view information about other access points on the wireless network, click the Neighboring Access Points tab.

Figure 8: Viewing Neighboring Access Points

You must enable the AP detection on the AP in order to collect information about other APs within range.

Page 34 Viewing Neighboring Access Points 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Table 11 describes the information provided on neighboring access points.

Table 11: Neighboring Access Points

Field Description

AP Detection To enable neighbor AP detection and collect information about neighbor APs, click Enabled.

To disable neighbor AP detection, click Disabled.

MAC Shows the MAC address of the neighboring AP.

Radio The Radio field indicates which radio detected the neighboring AP:

• wlan0 (Radio One)

• wlan1 (Radio Two)

Beacon Int. Shows the Beacon interval being used by this AP.

Beacon frames are transmitted by an AP at regular intervals to announce the existence of the wireless network. The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second).

The Beacon Interval is set on the Radio tab page.(See “Modifying Radio Settings” on page 43.)

Type Indicates the type of device:

•AP indicates the neighboring device is an AP that supports the IEEE 802.11 Wireless

Networking Framework in Infrastructure Mode.

• Ad hoc indicates a neighboring station running in Ad hoc Mode. Stations set to ad hoc mode communicate with each other directly, without the use of a traditional AP. Ad-hoc mode is an IEEE

802.11 Wireless Networking Framework also referred to as

Independent Basic Service Set

SSID The

Privacy Indicates whether there is any security on the neighboring device.

WPA Indicates whether WPA security is on or off for this AP.

Band This indicates the IEEE 802.11 mode being used on this AP. (For example, IEEE 802.11a, IEEE

Channel Shows the Channel on which the AP is currently broadcasting.

Rate Shows the rate (in megabits per second) at which this AP is currently transmitting.

Signal Indicates the strength of the radio signal emitting from this AP. If you hover the mouse pointer over

Beacons Shows the total number of beacons received from this AP since it was first discovered.

Last Beacon Shows the date and time of the last beacon received from this AP.

Service Set Identifier

The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network. It is also referred to as the

The SSID is set on the VAP tab. (See “Configuring Load Balancing” on page 62.)

•Off indicates that the Security mode on the neighboring device is set to None (no security).

•On indicates that the neighboring device has some security in place.

Security is configured on the AP from the VAP page.

802.11b, IEEE 802.11g.)

The number shown indicates the mode according to the following map:

•2.4 indicates IEEE 802.11b, 802.11g, or 802.11n mode (or a combination of the modes)

•5 indicates IEEE 802.11a or 802.11n mode (or both modes)

The channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving.

The channel is set in Radio Settings. (See “Modifying Radio Settings” on page 43.)

The current rate will always be one of the rates shown in Supported Rates.

the bars, a number appears and shows the strength in decibels (dB).

(SSID) for the AP.

(IBSS).

Network Name

peer-to-peer

mode or an

34CSFP6XXUAP-SWUM100-D13 Viewing Neighboring Access Points Page 35

D-Link UAP Software User Manual

12/10/09

Table 11: Neighboring Access Points (Cont.)

Field Description

Rates Shows supported and basic (advertised) rate sets for the neighboring AP. Rates are shown in

megabits per second (Mbps). All Supported Rates are listed, with Basic Rates shown in bold. Rate sets are configured on the Radio Settings page. (See “Modifying Radio Settings” on

page 43.)

VIEWING MANAGED AP DHCP INFORMATION

The UAP can learn about D-Link Unified Switches on the network through DHCP responses to its initial DHCP request. The Managed AP DHCP page displays the DNS names or IP addresses of up to four D-Link Unified Switches that the AP learned about from a DHCP server on your network.

For information about how to configure a DHCP server to respond to AP DHCP requests with the switch IP address information, see the

Administrator Guide

for the switch.

Page 36 Viewing Managed AP DHCP Information 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Section 4: Managing the Access Point

This section describes how to manage the UAP and contains the following subsections:

• Ethernet Settings

• Modifying Radio Settings

• Virtual Access Point Settings

• Configuring Load Balancing

• Controlling Access by MAC Authentication

• Configuring Load Balancing

The configuration pages for the features in this section are located under the Manage heading on the navigation tree of the UAP Web UI.

ETHERNET SETTINGS

The default wired interface settings, which include DHCP and VLAN information, might not work for all networks.

To configure the LAN settings, click the Ethernet Settings tab.

34CSFP6XXUAP-SWUM100-D13 Managing the Access Point Page 37

D-Link UAP Software User Manual

12/10/09

Figure 9: Ethernet Settings

The following table describes the fields to view or configure on the Ethernet Settings page.

Table 12: Ethernet Settings Page

Field Description

DNS Name Enter the DNS name (host name) for the AP in the text box.

The DNS name has the following requirements:

• Maximum of 20 characters

• Only letters, numbers and dashes

• Must start with a letter and end with either a letter or a number

MAC Address Shows the MAC address for the LAN interface for the Ethernet port on this AP. This is a read-only

field that you cannot change.

Management VLAN ID The management VLAN is the VLAN associated with the IP address you use to access the AP. The

Untagged VLAN If you disable the untagged VLAN, all traffic is tagged with a VLAN ID.

Untagged VLAN ID Provide a number between 1 and 4094 for the untagged VLAN ID. Traffic on the VLAN that you

default management VLAN ID is 1. Provide a number between 1 and 4094 for the management VLAN ID.

By default all traffic on the UAP uses VLAN 1, which is the default untagged VLAN. This means that all traffic is untagged until you disable the untagged VLAN, change the untagged traffic VLAN ID, or change the VLAN ID for a VAP or client using RADIUS.

specify in this field will not be tagged with a VLAN ID.

Page 38 Ethernet Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Table 12: Ethernet Settings Page (Cont.)

Field Description

Connection Type If you select DHCP, the UAP acquires its IP address, subnet mask, DNS, and gateway information

Static IP Address Enter the static IP address in the text boxes. This field is disabled if you use DHCP as the connection

Subnet Mask Enter the Subnet Mask in the text boxes.

Default Gateway Enter the Default Gateway in the text boxes.

DNS Nameservers Select the mode for the DNS.

IPv6 Admin Mode Enable or disable IPv6 management access to the AP

IPv6 Auto Config Admin Mode

Static IPv6 Address Enter a static IPv6 address. The AP can have a static IPv6 address even if addresses have already

Static IPv6 Address Prefix Length

IPv6 Autoconfigured Global Addresses

IPv6 Link Local Address

Default IPv6 Gateway Enter the default IPv6 gateway.

from a DHCP server. If you select Static IP, you must enter information in the Static IP Address, Subnet Mask, and Default

Gateway fields.

type.

In Dynamic mode, the IP addresses for the DNS servers are assigned automatically via DHCP. This option is only available if you specified DHCP for the Connection Type.

In Manual mode, you must assign static IP addresses to resolve domain names.

Enable or disable IPv6 auto address configuration on the AP. When IPv6 Auto Config Mode is enabled, automatic IPv6 address configuration and gateway

configuration is allowed by processing the Router Advertisements received on the LAN port. The AP can have multiple auto configured IPv6 addresses.

been configured automatically.

Enter the static IPv6 prefix length, which is an integer in the range of 0–128.

If the AP has been assigned one or more IPv6 addresses automatically, the addresses are listed.

Shows the IPv6 Link Local address, which is the IPv6 address used by the local physical link. The link local address is not configurable and is assigned by using the IPv6 Neighbor Discovery process.

34CSFP6XXUAP-SWUM100-D13 Ethernet Settings Page 39

D-Link UAP Software User Manual

12/10/09

WIRELESS SETTINGS

Wireless settings describe aspects of the LAN related specifically to the radio device in the AP (802.11 Mode and Channel) and to the network interface to the AP (AP MAC address).

To configure the wireless interface, click the Wireless Settings tab.

Figure 10: Wireless Interface Configuration

Note: Radio interface settings apply to both Radio Interface One and Radio Interface Two.

Page 40 Wireless Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Table 13 describes the fields and configuration options available on the Wireless Settings page.

Table 13: Wireless Settings

Field Description

802.11d Regulatory Domain Support

IEEE 802.11h Support

Station Isolation To enable station isolation, select the check box directly beside it.

Radio Interface Specify whether you want the radio interface on or off.

MAC Address Indicates the Media Access Control (MAC) addresses for the interface.

Mode The Mode defines the Physical Layer (PHY) standard the radio uses.

Enabling support for IEEE 802.11d (World Mode) on the AP causes the AP to broadcast which country it is operating in as a part of its beacons and probe responses. This allows client stations to operate in any country without reconfiguration.

Disabling 802.11d prevents the country code setting from being broadcast in the beacons. However,

this only applies to radios configured to operate in the

band (5 GHz band), the AP software configures support for 802.11h. When 802.11h is

the supported, the country code information is broadcast in the beacons.

To enable 802.11d regulatory domain support, click Enabled. To disable 802.11d regulatory domain support, click Disabled.

The Administration UI shows whether IEEE 802.11h regulatory domain control is in effect on the AP. IEEE 802.11h cannot be disabled by an end user Administrator. For more information, see “Using the

802.11h Wireless Mode” on page 42.

IEEE 802.11h is a standard that provides two services required to satisfy certain regulatory domains for the 5-GHz band. These two services are Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).

Note: The 802.11h mode is automatically enabled if the AP is configured to work in any country that requires 802.11h as a minimum standard. This standard is currently only required by those countries which fall into the European Telecommunications Standard Institute (ETSI) category. 802.11h is also enabled for Japan.

When Station Isolation is disabled, wireless clients can communicate with one another normally by sending traffic through the AP.

When Station Isolation is enabled, the AP blocks communication between wireless clients on the same VAP. The AP still allows data traffic between its wireless clients and wired devices on the network, across a WDS link, and with other wireless clients associated with a different VAP, but not among wireless clients.

This page shows the MAC addresses for Radio Interface One and Radio Interface Two. A MAC address is a permanent, unique hardware address for any device that represents an interface

to the network. The MAC address is assigned by the manufacturer. You cannot change the MAC address. It is provided here for informational purposes as a unique identifier for an interface.

Note: The modes available on your AP depend on the country code setting. Select one of the following modes for each radio interface:

• IEEE 802.11a—Only 802.11a clients can connect to the AP.

• IEEE 802.11b/g—802.11b and 802.11g clients can connect to the AP.

• IEEE 802.11a/n—802.11a clients and 802.11n clients operating in the 5-GHz frequency can

connect to the AP.

• IEEE 802.11b/g/n (default)—802.11b, 802.11g, and 802.11n clients operating in the 2.4-GHz

frequency can connect to the AP.

• 5 GHz IEEE 802.11n—Only 802.11n clients operating in the 2.4-GHz frequency can connect to the AP.

• 2.4 GHz IEEE 802.11n—Only 802.11n clients operating in the 5-GHz frequency can connect to the AP.

band (2.4 GHz band). For radios operating in

34CSFP6XXUAP-SWUM100-D13 Wireless Settings Page 41

D-Link UAP Software User Manual

12/10/09

Table 13: Wireless Settings (Cont.)

Field Description

Channel Select the Channel.

The range of available channels is determined by the mode of the radio interface and the country code setting. If you select Auto for the channel setting, the AP scans available channels and selects a channel where no traffic is detected.

The Channel defines the portion of the radio spectrum the radio uses for transmitting and receiving. Each mode offers a number of channels, depending on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission (FCC) or the International Telecommunication Union (ITU-R).

Note: After you configure the wireless settings, you must click Apply to apply the changes and to save the settings. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN traffic is low.

USING THE 802.11H WIRELESS MODE

There are a number of key points about the IEEE 802.11h standard:

• 802.11h only works for the 802.11a band. It is not required for 802.11b or 802.11g.

• If you are operating in an 802.11h enabled domain, the AP attempts to use the channel you assign. If the channel has

been blocked by a previous radar detection, or if the AP detects a radar on the channel, then the AP automatically selects a different channel.

• When 802.11h is enabled, the AP will not be operational in the 5GHz band for at least 60 seconds due to radar scanning.

• Setting up WDS links may be difficult when 802.11h is operational. This is because the operating channels of the two APs on the WDS link may keep changing depending on channel usage and radar interference. WDS will only work if both the APs operate on the same channel. For more information on WDS, see

page 62.

“Configuring Load Balancing” on

Page 42 Wireless Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

MODIFYING RADIO SETTINGS

Radio settings directly control the behavior of the radio devices in the AP and its interaction with the physical medium; that is, how and what type of electromagnetic waves the AP emits.

To specify radio settings, click the Radio tab.

Different settings display depending on the mode you select. All settings are described in Table 14 on page 44.

Figure 11: Configuring Radio Settings

34CSFP6XXUAP-SWUM100-D13 Modifying Radio Settings Page 43

D-Link UAP Software User Manual

12/10/09

Table 14 describes the fields and configuration options for the Radio Settings page

Table 14: Radio Settings

Field Description

Radio Select Radio 1 or Radio 2 to specify which radio to configure. The rest of the settings on this tab

apply to the radio you select in this field. Be sure to configure settings for both radios. Radio 1 operates in the 5 GHz band (802.11a/n), and Radio 2 operates in the 2.4 GHz band

(802.11b/g/n)

Status (On/Off) Specify whether you want the radio on or off by clicking On or Off.

If you turn off a radio, the AP sends disassociation frames to all the wireless clients it is currently supporting so that the radio can be gracefully shutdown and the clients can start the association process with other available APs.

Mode The Mode defines the Physical Layer (PHY) standard the radio uses.

Note:

The modes available depend on the country code setting and the radio selected.

Select one of the following modes for each radio interface:

• IEEE 802.11a

• IEEE 802.11b/g

• IEEE 802.11a/n

• IEEE 802.11b/g/n

• 5 GHz IEEE 802.11n

• 2.4 GHz IEEE 802.11n

Channel Select the Channel.

The channel defines the portion of the radio spectrum the radio uses for transmitting and receiving. Each mode offers a number of channels, depending on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission (FCC) or the International Telecommunication Union (ITU-R).

Channel Bandwidth (802.11n modes only)

Primary Channel (802.11n modes only)

Short Guard Interval Supported

The 802.11n specification allows a 40-MHz-wide channel in addition to the legacy 20-MHz channel available with other modes. The 40-MHz channel enables higher data rates but leaves fewer channels available for use by other 2.4 GHz and 5 GHz devices.

Set the field to 20-MHz to restrict the use of the channel bandwidth to a 20-MHz channel.

This setting can be changed only when the channel bandwidth is set to 40 MHz. A 40-MHz channel can be considered to consist of two 20-MHz channels that are contiguous in the frequency domain. These two 20-MHz channels are often referred to as the Primary and Secondary channels. The Primary Channel is used for 802.11n clients that support only a 20-MHz channel bandwidth and for legacy clients.

Select one of the following options:

• Upper—Set the Primary Channel as the upper 20-MHz channel in the 40-MHz band.

• Lower—Set the Primary Channel as the lower 20-MHz channel in the 40-MHz band.

This field is available only if the selected radio mode includes 802.11n. The guard interval is the dead time, in nanoseconds, between OFDM symbols. The guard interval

prevents Inter-Symbol and Inter-Carrier Interference (ISI, ICI). The 802.11n mode allows for a reduction in this guard interval from the a and g definition of 800 nanoseconds to 400 nanoseconds. Reducing the guard interval can yield a 10% improvement in data throughput.

Select one of the following options:

• Yes—The AP transmits data using a 400 ns guard Interval when communicating with clients that also support the short guard interval.

• No—The AP transmits data using an 800 ns guard interval.

Page 44 Modifying Radio Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

Table 14: Radio Settings (Cont.)

Field Description

Protection The protection feature contains rules to guarantee that 802.11 transmissions do not cause

Beacon Interval Beacon frames are transmitted by an AP at regular intervals to announce the existence of the

DTIM Period Specify a DTIM period from 1 to 255 beacons.

Fragmentation Threshold

RTS Threshold Specify a Request to Send (RTS) Threshold value between 0 and 2347.

Maximum Stations Specify the maximum number of stations allowed to access this AP at any one time.

interference with legacy stations or applications. By default, these protection mechanisms are enabled (Auto). With protection enabled, protection mechanisms will be invoked if legacy devices are within range of the AP.

You can disable (Off) these protection mechanisms; however, when protection is off, legacy clients or APs within range can be affected by 802.11n transmissions. Protection is also available when the mode is 802.11b/g. When protection is enabled in this mode, it protects 802.11b clients and APs from 802.11g transmissions.

Note: This setting does not affect the ability of the client to associate with the AP.

wireless network. The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second).

Enter a value from 20 to 2000 milliseconds.

The Delivery Traffic Information Map (DTIM) message is an element included in some Beacon frames. It indicates which client stations, currently sleeping in low-power mode, have data buffered on the AP awaiting pick-up.

The DTIM period you specify indicates how often the clients served by this AP should check for buffered data still on the AP awaiting pickup.

The measurement is in beacons. For example, if you set this field to 1, clients will check for buffered data on the AP at every beacon. If you set this field to 10, clients will check on every 10th beacon.

Specify a number between 256 and 2,346 to set the frame size threshold in bytes. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the

network. If a packet exceeds the fragmentation threshold you set, the fragmentation function is activated and the packet is sent as multiple 802.11 frames.

If the packet being transmitted is equal to or less than the threshold, fragmentation is not used. Setting the threshold to the largest value (2,346 bytes) effectively disables fragmentation.

Fragmentation plays no role when Aggregation is enabled. Fragmentation involves more overhead both because of the extra work of dividing up and

reassembling of frames it requires, and because it increases message traffic on the network. However, fragmentation can help

Sending smaller frames (by using lower fragmentation threshold) might help with some interference problems; for example, with microwave ovens.

By default, fragmentation is off. We recommend not using fragmentation unless you suspect radio interference. The additional headers applied to each fragment increase the overhead on the network and can greatly reduce throughput.

The RTS threshold indicates the number of octets in an MPDU, below which an RTS/CTS handshake is not performed.

Changing the RTS threshold can help control traffic flow through the AP, especially one with a lot of clients. If you specify a low threshold value, RTS packets will be sent more frequently. This will consume more bandwidth and reduce the throughput of the packet. On the other hand, sending more RTS packets can help the network recover from interference or collisions which might occur on a busy network, or on a network experiencing electromagnetic interference.

You can enter a value between 0 and 200.

improve

network performance and reliability if properly configured.

34CSFP6XXUAP-SWUM100-D13 Modifying Radio Settings Page 45

D-Link UAP Software User Manual

12/10/09

Table 14: Radio Settings (Cont.)

Field Description

Transmit Power Enter a percentage value for the transmit power level for this AP.

The default value, which is 100%, can be more cost-efficient than a lower percentage since it gives the AP a maximum broadcast range and reduces the number of APs needed.

To increase capacity of the network, place APs closer together and reduce the value of the transmit power. This helps reduce overlap and interference among APs. A lower transmit power setting can also keep your network more secure because weaker wireless signals are less likely to propagate outside of the physical location of your network.

Fixed Multicast Rate Select the multicast traffic transmission rate you want the AP to support.

Rate Sets Check the transmission rate sets you want the AP to support and the basic rate sets you want the

Broadcast/Multicast Rate Limiting

Broadcast/Multicast Rate Limit

Broadcast/Multicast Rate Limit Burst

AP to advertise:

•Rates are expressed in megabits per second.

• Supported Rate Sets indicate rates that the AP supports. You can check multiple rates (click a

check box to select or de-select a rate). The AP will automatically choose the most efficient rate based on factors like error rates and distance of client stations from the AP.

• Basic Rate Sets indicate rates that the AP will advertise to the network for the purposes of setting up communication with other APs and client stations on the network. It is generally more efficient to have an AP broadcast a subset of its supported rate sets.

Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network.

By default the Multicast/Broadcast Rate Limiting option is disabled. Until you enable Multicast/ Broadcast Rate Limiting, the following fields will be disabled.

Enter the rate limit you want to set for multicast and broadcast traffic. The limit should be greater than 1, but less than 50 packets per second. Any traffic that falls below this rate limit will always conform and be transmitted to the appropriate destination.

The default and maximum rate limit setting is 50 packets per second.

Setting a rate limit burst determines how much traffic bursts can be before all traffic exceeds the rate limit. This burst limit allows intermittent bursts of traffic on a network above the set rate limit.

The default and maximum rate limit burst setting is 75 packets per second.

Use the Radio page to configure both Radio One and Radio Two. The settings on the page apply only to the radio that you choose from the Radio drop-down list. After you configure settings for one of the radios, click Apply and then select and configure the other radio. Be sure to click Apply to apply the second set of configuration settings for the other radio.

VIRTUAL ACCESS POINT SETTINGS

To change VAP 0 or to enable and configure additional VAPs, select the VAP tab in the Manage section.

VAPs segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs. VAPs simulate multiple APs in one physical AP. Each radio supports up to 16 VAPs.

For each VAP, you can customize the security mode to control wireless client access. Each VAP can also have a unique SSID. Multiple SSIDs make a single AP look like two or more APs to other systems on the network. By configuring VAPs, you can maintain better control over broadcast and multicast traffic, which affects network performance.

Page 46 Virtual Access Point Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

You can configure each VAP to use a different VLAN, or you can configure multiple VAPs to use the same VLAN, whether the VLAN is on the same radio or on a different radio. VAP0, which is always enabled on both radios, is assigned to the default VLAN 1.

The AP adds VLAN ID tags to wireless client traffic based on the VLAN ID you configure on the VAP page or by using the RADIUS server assignment. If you use an external RADIUS server, you can configure multiple VLANs on each VAP. The external RADIUS server assigns wireless clients to the VLAN when the clients associate and authenticate.

You can configure up to four global IPv4 or IPv6 RADIUS servers. One of the servers always acts as a primary while the others act as backup servers. The network type (IPv4 or IPv6) and accounting mode are common across all configured RADIUS servers. You can configure each VAP to use the global RADIUS server settings, which is the default, or you can configure a per-VAP RADIUS server set. You can also configure separate RADIUS server settings for each VAP. For example, you can configure one VAP to use an IPv6 RADIUS server while other VAPs use the global IPv4 RADIUS server settings you configure.

If wireless clients use a security mode that does not communicate with the RAIDUS server, or if the RADIUS server does not provide the VLAN information, you can assign a VLAN ID to each VAP. The AP assigns the VLAN to all wireless clients that connect to the AP through that VAP.

Note: Before you configure VLANs on the AP, be sure to verify that the switch and DHCP server the AP uses can support IEEE 802.1Q VLAN encapsulation.

To set up multiple VAPs, click Manage > VAP.

34CSFP6XXUAP-SWUM100-D13 Virtual Access Point Settings Page 47

D-Link UAP Software User Manual

12/10/09

Figure 12: Setting Up Virtual Access Points

Table 15 describes the fields and configuration options on the VAP page.

Table 15: Virtual Access Point Settings

Field Description

RADIUS IP Address Type

Page 48 Virtual Access Point Settings 34CSFP6XXUAP-SWUM100-D13

Specify the IP version that the RADIUS server uses. You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address

settings, but the AP contacts only the RADIUS server or servers for the address type you select in this field.

Software User Manual D-Link UAP

12/10/09

Table 15: Virtual Access Point Settings (Cont.)

Field Description

RADIUS IP Address RADIUS IPv6 Address

RADIUS IP or IPv6 Address 1–3

RADIUS Key Enter the RADIUS key in the text box.

RADIUS Key 1–3 Enter the RADIUS key associated with the configured backup RADIUS servers. The server at

Enable RADIUS Accounting

Radio Select the radio to configure. VAPs are configured independently on each radio.

VAP You can configure up to 16 VAPs for each radio. VAP0 is the physical radio interface, so to disable

Enabled You can enable or disable a configured network.

VLAN ID When a wireless client connects to the AP by using this VAP, the AP tags all traffic from the wireless

SSID Enter a name for the wireless network. The SSID is an alphanumeric string of up to 32 characters.

Enter the IPv4 or IPv6 address for the primary global RADIUS server. By default, each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page.

When the first wireless client tries to authenticate with the AP, the AP sends an authentication request to the primary server. If the primary server responds to the authentication request, the AP continues to use this RADIUS server as the primary server, and authentication requests are sent to the address you specify.

If the IPv4 RADIUS IP Address Type option is selected in the previous field, enter the IP address of the RADIUS server that all VAPs use by default, for example 192.168.10.23. If the IPv6 RADIUS IP Address Type option is selected, enter the IPv6 address of the primary global RADIUS server, for example 2001:0db8:1234::abcd.

Enter up to three IPv4 or IPv6 addresses to use as the backup RADIUS servers. The field label is RADIUS IP Address when the IPv4 RADIUS IP Address Type option is selected and RADIUS IPv6 Address when the IPv6 RADIUS IP Address Type option is selected.

If authentication fails with the primary server, each configured backup server is tried in sequence. The IPv4 or IPv6 address must be valid in order for the AP to attempt to contact the server.

RADIUS Key

The standard alphanumeric and special characters. The key is case sensitive, and you must configure the same key on the AP and on your RADIUS server. The text you enter will be displayed as "*" characters to prevent others from seeing the RADIUS key as you type.

RADIUS IP Address-1 uses RADIUS Key-1, RADIUS IP Address-2 uses RADIUS Key-2, and so on.

Select this option to track and measure the resources a particular user has consumed such as system time, amount of data transmitted and received, and so on.

If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers.

VAP0, you must disable the radio.

• To enable the specified network, select the Enabled option beside the appropriate VAP.

• To disable the specified network, clear the Enabled option beside the appropriate VAP.

If you disable the specified network, you will lose the VLAN ID you entered.

client with the VLAN ID you enter in this field unless you enter the untagged VLAN ID or use a RADIUS server to assign a wireless client to a VLAN. The range for the VLAN ID is 1–4094.

If you use RADIUS-based authentication for clients, you can optionally add the following attributes to the appropriate file in the RADIUS or AAA server to configure a VLAN for the client:

• "Tunnel-Type"

• "Tunnel-Medium-Type"

• "Tunnel-Private-Group-ID"

The RADIUS-assigned VLAN ID overrides the VLAN ID you configure on the VAP page. You configure the untagged and management VLAN IDs on the Ethernet Settings page. For more

information, see “Ethernet Settings” on page 37.

You can use the same SSID for multiple VAPs, or you can choose a unique SSID for each VAP. Note: If you are connected as a wireless client to the same AP that you are administering, resetting

the SSID will cause you to lose connectivity to the AP. You will need to reconnect to the new SSID after you save this new setting.

is the shared secret key for the global RADIUS server. You can use up to 63

34CSFP6XXUAP-SWUM100-D13 Virtual Access Point Settings Page 49

D-Link UAP Software User Manual

12/10/09

Table 15: Virtual Access Point Settings (Cont.)

Field Description

Broadcast SSID Specify whether to allow the AP to broadcast the Service Set Identifier (SSID) in its beacon frames.

Security Select one of the following Security modes for this VAP:

MAC Authentication Type

Redirect Mode Enable the HTTP redirect feature to redirect wireless clients to a custom Web page.

Redirect URL Specify the URL where the Web browser is to be redirected after the wireless client associates with

The Broadcast SSID parameter is enabled by default. When the VAP does not broadcast its SSID, the network name is not displayed in the list of available networks on a client station. Instead, the client must have the exact network name configured in the supplicant before it is able to connect.

• To enable the SSID broadcast, select the Broadcast SSID check box.

• To prohibit the SSID broadcast, clear the Broadcast SSID check box.

Note:

Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting to your network, but it will not prevent even the simplest of attempts by a hacker to connect or monitor unencrypted traffic. Suppressing the SSID broadcast offers a very minimal level of protection on an otherwise exposed network (such as a guest network) where the priority is making it easy for clients to get a connection and where no sensitive information is available.

• None

• Static WEP

• WPA Personal

• IEEE 802.1X

• WPA Enterprise

If you select a security mode other than None, additional fields appear. These fields are explained below.

Note: The Security mode you set here is specifically for this VAP.

You can configure a global list of MAC addresses that are allowed or denied access to the network. The drop-down menu for this feature allows you to select the type of MAC Authentication to use:

• Disabled: Do not use MAC Authentication.

• Local: Use the MAC Authentication list that you configure on the MAC Authentication page.

• RADIUS: Use the MAC Authentication list on the external RADIUS server.

For more information about MAC Authentication, see “Controlling Access by MAC Authentication”

on page 60.

When redirect mode is enabled, the user will be redirected to the URL you specify after the wireless client associates with an AP and the user opens a Web browser on the client to access the Internet.

The custom Web page must be located on an external Web server and might contain information such as the company logo and network usage policy.

Note: The wireless client is redirected to the external Web server only once while it is associated with the AP.

the AP and sends HTTP traffic.

Note: After you configure the VAP settings, you must click Apply to apply the changes and to save the settings. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN traffic is low.

NONE (PLAIN-TEXT)

If you select None as your security mode, no further options are configurable on the AP. This mode means that any data transferred to and from the UAP is not encrypted.This security mode can be useful during initial network configuration or for problem solving, but it is not recommended for regular use on the Internal network because it is not secure.

Page 50 Virtual Access Point Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

STATIC WEP

Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and APs on the network are configured with a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption.

Static WEP is not the most secure mode available, but it offers more protection than setting the security mode to None (Plaintext) as it does prevent an outsider from easily sniffing out unencrypted wireless traffic.

WEP encrypts data moving across the wireless network based on a static key. (The encryption algorithm is a stream cipher called RC4.)

Table 16: Static WEP

Field Description

Transfer Key Index Select a key index from the drop-down menu. Key indexes 1 through 4 are available. The default is 1.

The Transfer Key Index indicates which WEP key the AP will use to encrypt the data it transmits.

Key Length Specify the length of the key by clicking one of the radio buttons:

• 64 bits

• 128 bits

Key Type Select the key type by clicking one of the radio buttons:

• ASCII

• Hex

WEP Keys You can specify up to four WEP keys. In each text box, enter a string of characters for each key. The

keys you enter depend on the key type selected:

• ASCII—Includes upper and lower case alphabetic letters, the numeric digits, and special symbols such as @ and #.

• Hex—Includes digits 0 to 9 and the letters A to F.

Use the same number of characters for each key as specified in the Characters Required field. These are the RC4 WEP keys shared with the stations using the AP.

Each client station must be configured to use one of these same WEP keys in the same slot as specified here on the AP.

Characters Required: The number of characters you enter into the WEP Key fields is determined by the Key length and Key type you select. For example, if you use 128-bit ASCII keys, you must enter 26 characters in the WEP key. The number of characters required updates automatically based on how you set Key Length and Key Type.

34CSFP6XXUAP-SWUM100-D13 Virtual Access Point Settings Page 51

D-Link UAP Software User Manual

12/10/09

Table 16: Static WEP (Cont.)

Field Description

Authentication The authentication algorithm defines the method used to determine whether a client station is

allowed to associate with an AP when static WEP is the security mode. Specify the authentication algorithm you want to use by choosing one of the following options:

• Open System authentication allows any client station to associate with the AP whether that client station has the correct WEP key or not. This algorithm is also used in plaintext, IEEE 802.1X, and WPA modes. When the authentication algorithm is set to Open System, any client can associate with the AP.

Note:

Just because a client station is allowed to with an AP. A station must have the correct WEP key to be able to successfully access and decrypt data from an AP, and to transmit readable data to the AP.

•Shared Key authentication requires the client station to have the correct WEP key in order to associate with the AP. When the authentication algorithm is set to Shared Key, a station with an incorrect WEP key will not be able to associate with the AP.

•Both Open System and Shared Key. When you select both authentication algorithms:

- Client stations configured to use WEP in shared key mode must have a valid WEP key in order

to associate with the AP.

- Client stations configured to use WEP as an open system (shared key mode not enabled) will be able to associate with the AP even if they do not have the correct WEP key.

associate

does not ensure it can exchange traffic

Static WEP Rules

If you use Static WEP, the following rules apply:

• All client stations must have the Wireless LAN (WLAN) security set to WEP, and all clients must have one of the WEP keys specified on the AP in order to de-code AP-to-station data transmissions.

• The AP must have all keys used by clients for station-to-AP transmit so that it can de-code the station transmissions.

• The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines abc123 key as

WEP key 3, then the client stations must define that same string as WEP key 3.

• Client stations can use different keys to transmit data to the access point. (Or they can all use the same key, but this is less secure because it means one station can decrypt the data being sent by another.)

• On some wireless client software, you can configure multiple WEP keys and define a client station “transfer key index”, and then set the stations to encrypt the data they transmit using different keys. This ensures that neighboring APs cannot decode each other’s transmissions.

• You cannot mix 64-bit and 128-bit WEP keys between the access point and its client stations.

IEEE 802.1X

IEEE 802.1X is the standard defining port-based authentication and infrastructure for doing key management. Extensible

Authentication Protocol (EAP) messages sent over an IEEE 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically-generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2.

Page 52 Virtual Access Point Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

You can use any of a variety of authentication methods that the IEEE 802.1X mode supports, including certificates, Kerberos, and public key authentication. You must configure the client stations to use the same authentication method the AP uses.

Table 17: IEEE 802.1X

Field Description

Use Global RADIUS Server Settings

RADIUS IP Address Type

RADIUS IP Address RADIUS IPv6

Address

RADIUS IP or IPv6 Address 1–3

RADIUS Key Enter the RADIUS key in the text box.

RADIUS Key 1–3 Enter the RADIUS key associated with the configured backup RADIUS servers. The server at

Enable RADIUS Accounting

Broadcast Key Refresh Rate

Session Key Refresh Rate

By default each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page. However, you can configure each VAP to use a different set of RADIUS servers.

To use the global RADIUS server settings, make sure the check box is selected. To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS server IP

address and key in the following fields.

Specify the IP version that the RADIUS server uses. You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address

settings, but the AP contacts only the RADIUS server or servers for the address type you select in this field.

Enter the IPv4 or IPv6 address for the primary RADIUS server for this VAP. If the IPv4 RADIUS IP Address Type option is selected in the previous field, enter the IP address of

the RADIUS server that all VAPs use by default, for example 192.168.10.23. If the IPv6 RADIUS IP Address Type option is selected, enter the IPv6 address of the primary global RADIUS server, for example 2001:0db8:1234::abcd.

Enter up to three IPv4 and/or IPv6 addresses to use as the backup RADIUS servers for this VAP.The field label is RADIUS IP Address when the IPv4 RADIUS IP Address Type option is selected and RADIUS IPv6 Address when the IPv6 RADIUS IP Address Type option is selected.

If authentication fails with the primary server, each configured backup server is tried in sequence.

RADIUS Key

RADIUS IP Address-1 uses RADIUS Key-1, RADIUS IP Address-2 uses RADIUS Key-2, and so on.

Select this option to track and measure the resources a particular user has consumed such as system time, amount of data transmitted and received, and so on.

If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers.

Enter a value to set the interval at which the broadcast (group) key is refreshed for clients associated to this VAP.

The valid range is 0–86400 seconds. A value of 0 indicates that the broadcast key is not refreshed.

Enter a value to set the interval at which the AP will refresh session (unicast) keys for each client associated to the VAP.

The valid range is 0–86400 seconds. A value of 0 indicates that the broadcast key is not refreshed.

is the shared secret key for the global RADIUS server. You can use up to 63

Note: After you configure the security settings, you must click Apply to apply the changes and to save the settings.

34CSFP6XXUAP-SWUM100-D13 Virtual Access Point Settings Page 53

D-Link UAP Software User Manual

12/10/09

WPA PERSONAL

WPA Personal is a Wi-Fi Alliance IEEE 802.11i standard, which includes AES-CCMP and TKIP mechanisms. The Personal version of WPA employs a pre-shared key (instead of using IEEE 802.1X and EAP as is used in the Enterprise WPA security mode). The PSK is used for an initial check of credentials only.

This security mode is backwards-compatible for wireless clients that support the original WPA.

Table 18: WPA Personal

Field Description

WPA Versions Select the types of client stations you want to support:

WPA. If all client stations on the network support the original WPA but none support the newer

WPA2, then select WPA.

WPA2. If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard.

WPA and WPA2. If you have a mix of clients, some of which support WPA2 and others which support only the original WPA, select both of the check boxes. This lets both WPA and WPA2 client stations associate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at the expense of some security.

Cipher Suites Select the cipher suite you want to use:

• TKIP

• CCMP (AES)

• TKIP and CCMP (AES)

Both TKIP and AES clients can associate with the AP. WPA clients must have one of the following to be able to associate with the AP:

• A valid TKIP key

• A valid AES-CCMP key

Clients not configured to use a WPA Personal will not be able to associate with the AP.

Key The Pre-shared Key is the shared secret key for WPA Personal. Enter a string of at least 8 characters

Broadcast Key Refresh Rate

to a maximum of 63 characters. Acceptable characters include upper and lower case alphabetic letters, the numeric digits, and special symbols such as @ and #.

Enter a value to set the interval at which the broadcast (group) key is refreshed for clients associated to this VAP.

The valid range is 0–86400 seconds. A value of 0 indicates that the broadcast key is not refreshed.

Page 54 Virtual Access Point Settings 34CSFP6XXUAP-SWUM100-D13

Software User Manual D-Link UAP

12/10/09

WPA ENTERPRISE

WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes CCMP (AES), and TKIP mechanisms. The Enterprise mode requires the use of a RADIUS server to authenticate users.

This security mode is backwards-compatible with wireless clients that support the original WPA.

Table 19: WPA Enterprise

Field Description

WPA Versions Select the types of client stations you want to support:

•WPA. If all client stations on the network support the original WPA but none support the newer

WPA2, then select WPA.

•WPA2. If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard.

•WPA and WPA2. If you have a mix of clients, some of which support WPA2 and others which

support only the original WPA, select both WPA and WPA2. This lets both WPA and WPA2 client stations associate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at the expense of some security.

Enable pre-authentication

Cipher Suites Select the cipher suite you want to use:

Use Global RADIUS Server Settings

RADIUS IP Address Type

RADIUS IP Address RADIUS IPv6

Address

If for WPA Versions you select only WPA2 or both WPA and WPA2, you can enable preauthentication for WPA2 clients.

Click Enable pre-authentication if you want WPA2 wireless clients to send pre-authentication packet. The pre-authentication information will be relayed from the AP the client is currently using to the target AP. Enabling this feature can help speed up authentication for roaming clients who connect to multiple APs.

This option does not apply if you selected WPA for WPA Versions because the original WPA does not support this feature.

• TKIP

• CCMP (AES)

• TKIP and CCMP (AES)

By default both TKIP and CCMP are selected. When both TKIP and CCMP are selected, client stations configured to use WPA with RADIUS must have one of the following:

• A valid TKIP RADIUS IP address and RADIUS Key

• A valid CCMP (AES) IP address and RADIUS Key

By default each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page. However, you can configure each VAP to use a different set of RADIUS servers.

To use the global RADIUS server settings, make sure the check box is selected. To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS server IP

address and key in the following fields.

Specify the IP version that the RADIUS server uses. You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address

settings, but the AP contacts only the RADIUS server or servers for the address type you select in this field.

Enter the IPv4 or IPv6 address for the primary RADIUS server for this VAP. If the IPv4 RADIUS IP Address Type option is selected in the previous field, enter the IP address of

34CSFP6XXUAP-SWUM100-D13 Virtual Access Point Settings Page 55

D-Link UAP Software User Manual

12/10/09

Table 19: WPA Enterprise (Cont.)

Field Description

RADIUS IP or IPv6 Address 1–3

RADIUS Key Enter the RADIUS key in the text box.

RADIUS Key 1–3 Enter the RADIUS key associated with the configured backup RADIUS servers. The server at

Enable RADIUS Accounting

Broadcast Key Refresh Rate

Session Key Refresh Rate

If authentication fails with the primary server, each configured backup server is tried in sequence.

The

RADIUS Key

standard alphanumeric and special characters. The key is case sensitive, and you must configure the same key on the AP and on your RADIUS server. The text you enter will be displayed as "*" characters to prevent others from seeing the RADIUS key as you type.