List of Figures List of Figures Figure 1. Administrator UI Online Help............... 13 Figure 2. LAN Connection for DHCP-Assigned IP ..........26 Figure 3. Ethernet Connection for Static IP Assignment........26 Figure 4. Basic Settings ..................28 Figure 5. LAN Interface Configuration ..............31 Figure 6.
About This Document About This Document This guide describes setup, configuration, administration and maintenance for the D-Link DWL-3500AP and DWL-8500AP access points on a wireless network. Document Organization The D-Link Access Point Administrator’s Guide contains the following information: • Chapter 1, "Overview of the D-Link Access...
Online Help, Supported Browsers, and Limitations Online help for the D-Link AP Administration Web pages provides information about all fields and features available from the user interface (UI). The information in the online help is a subset of the information available in the D-Link Access Point Administrator’s Guide.
About This Document Figure 1 shows an example of the online help available from the links on the user interface. Figure 1. Administrator UI Online Help Online Help Navigation Click to Access Help Table of Contents Online Help, Supported Browsers, and Limitations...
Mode, the Unified Access Point is part of the D-Link Unified Wired/Wireless Access System, and you manage it by using the D-Link Unified Switch. If an AP is in Managed Mode, the Administrator Web UI, Telnet, and SSH services are disabled.
1 Overview of the D-Link Access Point • SpectraLink Voice Priority (SVP) SpectraLink Voice Priority (SVP) is a QoS approach for Wi-Fi deployments. SVP is an open specification that is compliant with the IEEE 802.11b standard. SVP minimizes delay and prioritizes voice packets over data packets on the WLAN, which increases the probability of better network performance.
Preparing to Install the Access Point Before you power on a new D-Link Access Point, review the following sections to check required hardware and software components, client configurations, and compatibility issues. Make sure you have everything you need for a successful launch and test of your new or extended wireless network.
2 Preparing to Install the Access Point Table 2. AP Default Settings Feature Default Other Default Settings MAC Authentication No stations in list Load Balancing Disabled Managed Mode Disabled HTTP Access Enabled; disabled in Managed Mode HTTPS Access Enabled; disabled in Managed Mode Telnet Access Enabled;...
2 Preparing to Install the Access Point Dynamic and Static IP Addressing on the AP When you power on the access point, the built-in DHCP client searches for a DHCP server on the network in order to obtain an IP Address and other network information. If the AP does not find a DHCP server on the network, the AP continues to use its default Static IP Address...
Installing the Access Point This chapter describes the basic steps required to setup and deploy the D-Link Access Point and contains the following sections: • Installing the Unified Access Point • Using the CLI to View the IP Address •...
Page 27
3 Installing the Access Point 2. Connect the power adapter to the power port on the back of the access point, and then plug the other end of the power cord into a power outlet. 3. Use your Web browser to log on to the access point Administration Web pages. If the AP did not acquire an IP address from a DHCP server on your network, enter 10.90.90.91 in the address field of your browser, which is the default IP address of the AP.
7. If your network uses VLANs, you might need to configure the management VLAN ID or untagged VLAN ID on the D-Link Access Point in order for it to work with your network. For information about how to configure VLAN information, see “Configuring the...
This section describes how to change the default settings. By default, the DHCP client on the D-Link Access Point automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.
3 Installing the Access Point Using the CLI to Configure Ethernet Settings Use the commands in Table 8 to view and set values for the Ethernet (wired) interface. For more information about each setting, see the description for the field in Table Table 8.
3 Installing the Access Point Using the Web UI to Configure 802.1X Authentication Information To configure the Unified Access Point 802.1X supplicant user name and password by using the Web interface, click the Authentication tab and configure the fields shown in Table Figure 6.
Page 37
3 Installing the Access Point Once the wireless network is up and you can connect to the AP with some wireless clients, you can add in layers of security, create multiple virtual access points (VAPs), and configure performance settings. NOTE: The Unified Access Point is not designed for multiple, simultaneous configuration changes.
101. Choosing a Security Mode In general, D-Link recommends that you use the most robust security mode that is feasible on your network. When configuring security on the access point, you first must choose the security mode, then in some modes you select an authentication algorithm and whether to allow clients not using the specified security mode to associate.
4 Configuring Access Point Security Additionally, this mode incorporates a RADIUS server for user authentication which makes WPA Enterprise more secure than WPA Personal mode. Use the following guidelines for choosing options within the WPA Enterprise mode security mode: 1. Currently, the best security you can have on a wireless network is WPA Enterprise mode using AES-CCMP encryption algorithm.
4 Configuring Access Point Security • None • Static WEP • IEEE 802.1X • WPA Personal • WPA Enterprise When you select a security mode other than None, additional fields appear. The following sections describe how to configure each security mode. None (Plain-text) If you select None as your security mode, no further options are configurable on the AP.
Page 47
4 Configuring Access Point Security Table 11. Static WEP Field Description WEP Keys You can specify up to four WEP keys. In each text box, enter a string of characters for each key. If you selected “ASCII”, enter any combination ASCII characters. If you selected “HEX”, enter hexadecimal digits (any combination of Use the same number of characters for each key as specified in the “Characters Required”...
4 Configuring Access Point Security For this example, the administrator sets WEP key 3 in the wireless network properties of a Windows client. Figure 10. Providing a Wireless Client with a WEP Key Additional wireless clients also need to have one of the WEP keys defined on the AP. The administrator can assign the same WEP key that the first client has, or the administrator can give the second station a different WEP key (key 2, for example) so that the two stations cannot decrypt each other’s transmissions.
4 Configuring Access Point Security PSK is used for an initial check of credentials only. This security mode is backwards- compatible for wireless clients that support the original WPA. If you select WPA Personal as the Security Mode, additional fields display, as Figure 12 shows.
4 Configuring Access Point Security Table 14. WPA Enterprise Field Description Cipher Suites Select the cipher suite you want to use: • TKIP • CCMP (AES) • TKIP and CCMP (AES) By default both TKIP and CCMP are selected. When both TKIP and CCMP are selected, client stations configured to use WPA with RADIUS must have one of the following: •...
Managing the Access Point This chapter describes how to manage the Unified Access Point and contains the following sections: • Setting the Wireless Interface • Configuring Radio Settings • Configuring Virtual Access Points • Controlling Access by MAC Authentication • Configuring Load Balancing The configuration pages for the features in this chapter are located under the Manage heading on the Administration Web UI.
5 Managing the Access Point Using the 802.11h Wireless Mode There are a number of key points about the IEEE 802.11h standard: • 802.11h only works for the 802.11a band. It is not required for 802.11b or 802.11g. • If you are operating in an 802.11h enabled domain, the AP attempts to use the channel you assign.
5 Managing the Access Point Table 16 describes the fields and configuration options for the Radio Settings page. Table 16. Radio Settings Field Description Radio Select Radio 1 or Radio 2 to specify which radio to configure. The (DWL-8500AP only) rest of the settings on this tab apply to the radio you select in this field.
Page 61
5 Managing the Access Point Table 16. Radio Settings Field Description RTS Threshold Specify an RTS Threshold value between 0 and 2347. The RTS threshold specifies the packet size of the minimum packet for which a request to send (RTS) frame will be sent. This helps control traffic flow through the access point, especially one with a lot of clients.
5 Managing the Access Point To set up multiple virtual access points, Click the VAP tab. Table 17 describes the fields and configuration options on the VAP page. Table 17. VAP Configuration Field Description RADIUS IP By default each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page.
Page 65
5 Managing the Access Point Table 17. VAP Configuration Field Description Security Select one of the following Security modes for this VAP: • None • Static WEP • WPA Personal • IEEE 802.1X • WPA Enterprise If you select a security mode other than None, additional fields appear. Note: The Security mode you set here is specifically for this Virtual Access Point.
5 Managing the Access Point Table 18 describes the fields and configuration options available on the MAC Authentication page. Table 18. MAC Authentication Field Description Filter To set the MAC Address Filter, click one of the following buttons: • Allow only stations in the list •...
Configuring Access Point Services This chapter describes how to configure services on the DWL-3500AP and DWL-8500AP and contains the following sections: • Configuring Quality of Service (QoS) • Enabling the Network Time Protocol Server Configuring Quality of Service (QoS) Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the Unified Access Point.
Page 71
6 Configuring Access Point Services A different type of data is associated with each queue. The queue and associated priorities and parameters for transmission are as follows: • Data 0 (Voice). Highest priority queue, minimum delay. Time-sensitive data such as Voice over IP (VoIP) is automatically sent to this queue.
Page 73
6 Configuring Access Point Services Packet Bursting for Better Performance The Unified Access Point includes 802.11e based packet bursting technology that increases data throughput and speed of transmission over the wireless network. Packet bursting enables the transmission of multiple packets without the extra overhead of header information. The effect of this is to increase network speed and data throughput.
6 Configuring Access Point Services Configuring QoS Settings Configuring Quality of Service (QoS) on the Unified Access Point consists of setting parameters on existing queues for different types of wireless traffic, and effectively specifying minimum and maximum wait times (through Contention Windows) for transmission. The settings described here apply to data transmission behavior on the access point only, not to that of the client stations.
Page 77
6 Configuring Access Point Services Table 22. QoS Settings Field Description cwMax The value specified for the Maximum Contention Window is the upper (Maximum Contention limit (in milliseconds) for the doubling of the random backoff value. Window) This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.
6 Configuring Access Point Services Table 22. QoS Settings Field Description cwMax The value specified here in the Maximum Contention Window is the (Maximum Contention upper limit (in milliseconds) for the doubling of the random backoff Window) value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.
Maintaining the Access Point This chapter describes how to maintain the Unified Access Point and contains the following sections: • Managing the Configuration File • Upgrading the Firmware From the access point Administrator UI, you can perform the following maintenance tasks: •...
7 Maintaining the Access Point Saving the Current Configuration to a Backup File You can use HTTP or TFTP to transfer files to and from the Unified Access Point. After you download a configuration file to the management station, you can manually edit the file, which is in XML format.
7 Maintaining the Access Point Rebooting the Access Point For maintenance purposes or as a troubleshooting measure, you can reboot the Unified Access Point. To reboot the access point, click the Reboot button on the Configuration page. Upgrading the Firmware As new versions of the DWL-3500AP and DWL-8500AP firmware become available, you can upgrade the firmware on your devices to take advantages of new features and enhancements.
Mode, the access point is part of the D-Link Unified Wired/Wireless Access System and you manage it by using the D-Link Unified Switch. If an AP is in Managed Mode, the Administrator Web UI, Telnet, and SSH services are disabled.
Standalone Mode is one way to enable switch-to-AP discovery. To add the IP address of a D-Link Unified Switch to the AP, click the Managed Access Point tab under the Manage heading and update the fields shown in Table Figure 17. Managed Access Point Settings Table 24.
The Unified Access Point can learn about D-Link Unified Switches on the network through DHCP responses to its initial DHCP request. The Managed AP DHCP page displays the DNS names or IP addresses of up to four D-Link Unified Switches that the AP learned about from a DHCP server on your network.
Viewing Access Point Status This chapter describes the information you can view from the tabs under the Status heading on the Administration Web UI. This chapter contains the following sections: • Viewing Interface Status • Viewing Events Logs • Viewing Transmit and Receive Statistics •...
9 Viewing Access Point Status your local time. For information on setting the network time protocol, see “Enabling the Network Time Protocol Server” on page 79. Configuring Persistent Logging Options If the system unexpectedly reboots, log messages can be useful to diagnose the cause. However, log messages are erased when the system reboots unless you enable persistent logging.
9 Viewing Access Point Status Enabling or Disabling the Log Relay Host on the Events Page To enable and configure Log Relaying on the Events page, set the Log Relay options as described in Table 26, and then click Update. Table 26.
9 Viewing Access Point Status Table 27. Transmit/Receive Statistics Field Description Name (SSID) Wireless network name. Also known as the SSID, this alphanumeric key uniquely identifies a wireless local area network. The SSID is set on the VAP tab. (See “Configuring Virtual Access Points”...
9 Viewing Access Point Status Table 29 describes the information provided on neighboring access points. Table 29. Neighboring Access Points Field Description AP Detection To enable neighbor access point detection and collect information about neighbor APs, click Enabled. To disable neighbor AP detection, click Disabled. MAC Address Shows the address of the neighboring access point.
Wireless Client Settings and RADIUS Server Setup Typically, users configure security on their wireless clients for access to many different networks (access points). The list of available wireless networks changes depending on the location of the client and which APs are online and detectable in that location. Once an AP has been detected by the client and security is configured for it, it remains in the client’s list of networks but shows as either reachable or unreachable depending on the situation.
Page 103
A Wireless Client Settings and RADIUS Server Setup List of available networks will change depending on client location. Each network (or access point) that that is detected by the client shows up in this list. (“Refresh” updates the list with current information.) For each network you want to connect to, configure security settings on the client to match the security mode being used by...
Page 105
A Wireless Client Settings and RADIUS Server Setup key to decrypt data it receives from the access point. Different clients can use different keys to transmit data to the access point. (Or they can all use the same key, but this is less secure because it means one station can decrypt the data being sent by another.) If you configured the Unified Access Point to use Static WEP security mode, perform the following steps:...
Page 107
A Wireless Client Settings and RADIUS Server Setup 1. Configure WPA/WPA2 Personal (PSK) security on each client as follows. Choose WPA-PSK Choose either TKIP or AES for the Data Encryption mode Enter a network key that matches the one specified on the access point (and confirm by re-typing) 2.
Page 109
A Wireless Client Settings and RADIUS Server Setup To use this type of security, you must perform the following steps: 1. Add the access point to the list of RADIUS server clients. (See “Configuring the RADIUS Server for Authentication” on page 116.) 2.
A Wireless Client Settings and RADIUS Server Setup IEEE 802.1X clients should now be able to connect to the access point using their TLS certificates. The certificate you installed is used when you connect, so you will not be prompted for login information. The certificate is automatically sent to the RADIUS server for authentication and authorization.
A Wireless Client Settings and RADIUS Server Setup 2. Configure the following settings on the Association and Authentication tabs on the Network Properties dialog. Network Authentication Data Encryption TKIP or AES depending on how this option is configured on the access point.
Page 115
A Wireless Client Settings and RADIUS Server Setup Enable (click to check) “Validate server certificate” Select (check) the name of certificate on this client (downloaded from RADIUS server in a prerequisite procedure) 2. Configure the following settings on the Association tab on the Network Properties dialog. Network Authentication Data Encryption TKIP or AES depending on how this option is configured on the...
Page 117
A Wireless Client Settings and RADIUS Server Setup To configure the external RADIUS server, perform the following steps: 1. Log on to the system hosting your RADIUS server and bring up the Internet Authentication Service. 2. In the left panel, right click on “RADIUS Clients” node and choose New > RADIUS Client from the popup menu.
A Wireless Client Settings and RADIUS Server Setup 5. Click Finish. The access point is now displayed as a client of the Authentication Server. Obtaining a TLS-EAP Certificate for a Client If you want to use IEEE 802.1X mode with EAP-TLS certificates for authentication and authorization of clients, you must have an external RADIUS server and a Public Key Authority Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network.
Page 121
A Wireless Client Settings and RADIUS Server Setup NOTE: The user name and password you need to provide here is for access to the RADIUS server, for which you will already have user accounts configured at this point. This document does not describe how to set up Administrative user accounts on the RADIUS server.
Page 123
A Wireless Client Settings and RADIUS Server Setup valid, the NAS configures the port to the VLAN indicated by the RADIUS authentication server. A RADIUS server needs to be configured to use Tunnel attributes in Access-Accept messages, in order to inform the access point about the selected VLAN. These attributes are defined in RFC 2868 and their use for dynamic VLAN is specified in RFC 3580.
CLI for AP Configuration In addition to the Web based user interface, the Unified Access Point includes a command line interface (CLI) for administering the access point. The CLI lets you view and modify status and configuration information. The following topics provide an introduction to the class structure upon which the CLI is based, CLI commands, and examples of using the CLI to get or set configuration information on an access point: •...
B CLI for AP Configuration 1. Start your SSH application. (We use PuTTY as an example.) 2. Enter the IP address of access point and click Open (If your Domain Name Server is configured to map domain names to IP addresses via DHCP, you can enter the domain name of the AP instead of an IP address.) This brings up the SSH command window and establishes a connection to the access point.
B CLI for AP Configuration The rest of the command line contains property-value pairs. set named-class instance | all [ with qualifier-property qualifier-value ... to ] property value... The first argument is either a named class in the configuration. The next argument is either the name of the instance to set, or the keyword all, which indicates that all instances should be set.
B CLI for AP Configuration Example 2: Type TAB TAB (including a space after ) to see a list of all remove remove property options for the command. remove DLINK-WLAN-AP# remove basic-rate Basic rates of radios bridge-port Bridge ports of bridge interfaces Basic Service Set of radios interface Network interface...
B CLI for AP Configuration Table 33. Interface Naming Convention Interface Description wlan0bssvapx The basic service set interface for the x VAP on radio 1 - 802.11a radio. The value for x ranges from 0-7. The DWL-3500AP does not have this interface. wlan1bssvapx The basic service set interface for the x VAP on radio 2 - 802.11b/g radio.
B CLI for AP Configuration Table 34. Basic Setting Commands Action Command Get the serial number get system serial-number Set the Password set system password <password> Example: set system password test1234 Status The command tasks and examples in this section show status information on access points. These settings correspond to what is shown on the Status tabs in the Web UI.
B CLI for AP Configuration Table 36. Ethernet Setting Commands Action Command Use DHCP as the connection type set management dhcp-client status up Use a Static IP as the connection set management dhcp-client status down type Set the Static IP address set management static-ip <ip_address>...
B CLI for AP Configuration Table 38. Radio Setting Commands Action Command Set the power transmission set radio wlan0 tx-power <0-100> level (percent) Select the antenna to use for set radio wlan0 antenna-diversity {auto | primary | secondary} sending and receiving traffic Add a basic rate set add basic-rate wlan0 rate integer Get current basic rates...
Page 141
B CLI for AP Configuration Index to 4. set interface wlan0 wep-default-key 4 DLINK-AP# 3. Set the Key Length For the CLI, valid values for Key Length are 40 bits, 104 bits, or 128 bits.The Key Length values used by the CLI do not include the initialization vector in the length. On the Web UI, longer Key Length values may be shown which include the 24-bit initialization vector.
Page 143
B CLI for AP Configuration and so on. To enable RADIUS accounting on the VAP, enter the following command: set bss wlan0bssvap0 radius-accounting on 3. View the security settings. Use the “get” command to view the updated security configuration and see the results of the new settings.
Page 145
B CLI for AP Configuration 1. Set the Security Mode set interface wlan0 security wpa-enterprise DLINK-AP# 2. Set the WPA versions based on what types of client stations you want to support. WPA—If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA.
AP mode from Standalone to Managed and how to configure the IP address of a D-Link Unified Switch so that the AP can discover it. You can configure a pass phrase on the AP and on the switch so that only authenticated APs can associate with the switch.
<password> to-switch authentication Note: The phrase you enter must match the local authentication password you configure for Valid APs on the D-Link Unified Switch Configure the IP address of set managed-ap switch-address-1 <ip_address> up to four D-Link Unified set managed-ap switch-address-2 <ip_address>...
B CLI for AP Configuration The same types of queues are defined for different kinds of data transmitted from AP-to- station and station-to-AP but they are referenced by differently depending on whether you are configuring AP or station parameters. Table 43. Valid Queue Name Values Data Station Voice - High priority queue, minimum delay.
Page 151
B CLI for AP Configuration Table 46. CLI Class Instances has name? \ # of instances? multiple yes - unique unique named yes - non-unique group named Each class defines a set of properties that describe the actual information associated with a class.
Glossary Glossary portable, and moving stations within a local area. It uses direct sequence spread spectrum (DSSS) in the 2.4 GHz ISM band and supports raw data rates of 1 and 2 Mbps. It was formally adopted in 1997 but has 0-9 A B C D E F G H I J K L M N O been mostly superseded by 802.11b.
Page 155
Glossary over layer 2 switched networks. It uses tag frames for the prioritization scheme. The Advanced Encryption Standard (AES) is a symmetric 128-bit block data encryption technique To be compliant with this standard, layer 2 switches developed to replace DES encryption. AES works at must be capable of grouping incoming LAN packets multiple network layers simultaneously.
Page 157
Glossary detection whereas with CSMA/CA the emphasis is A domain name identifies one or more IP addresses. on collision avoidance. Conversely, an IP address may map to more than one domain name. A domain name has a suffix that indicates which top A clear to send (CTS) message is a signal sent by an level domain (TLD) it belongs to.
Page 159
Glossary standards, see http://standards.ieee.org/. HTTP Infrastructure Mode The Hypertext Transfer Protocol (HTTP) defines Infrastructure Mode is a Wireless Networking how messages are formatted and transmitted on the Framework in which wireless stations communicate World Wide Web. An HTTP message consists of a with each other by first going through an Access and a command (...
Page 161
Managed Mode stations (MAC addresses) on the network. In Managed Mode, the D-Link Access Point is part of the D-Link Unified Wired/Wireless Access Some wireless security modes distinguish between System, and you manage it by using the D-Link how unicast, multicast, and broadcast frames are Unified Switch.
Page 163
Glossary PPPoE inspected by each node. The node to which it is addressed is the ultimate recipient. Point-to-Point Protocol over Ethernet (PPPoE) is a specification for connecting the users on a Packet Loss the Internet through a common broadband medium, such as a single DSL or cable modem line.
Page 165
The bitwise AND operator compares two bits and assigns 1 to the result only if both bits are 1. Standalone Mode In Standalone Mode, the D-Link AP acts as an Supported Rate Set individual access point in the network, and you...
Page 166
“best-effort” settings depending upon the requirements of the data. The ToS field is used by the D-Link AP to provide configuration control over Quality of Service (QoS) queues for data VLAN transmitted from the AP to client stations.
Page 167
Glossary are organized in an extended service set (ESS). WLAN A Wide Area Network (WAN) is a communications Wireless Local Area Network (WLAN) is a that network that spans a relatively large geographical uses high-frequency radio waves rather than wires to area, extending over distances greater than one communicate between its nodes.