Page 3: Table Of Contents
Online Help, Supported Browsers, and Limitations ....1 Overview of the D-Link Access Point ....15 Features and Benefits .
Page 5 Table of Contents Viewing Neighboring Access Points ......A Wireless Client Settings and RADIUS Server Setup..101 Accessing Wireless Client Security Settings .
Page 7: List Of Figures
List of Figures List of Figures Figure 1. Administrator UI Online Help............... 13 Figure 2. LAN Connection for DHCP-Assigned IP ..........26 Figure 3. Ethernet Connection for Static IP Assignment........26 Figure 4. Basic Settings ..................28 Figure 5. LAN Interface Configuration ..............31 Figure 6.
Page 9: List Of Tables
List of Tables List of Tables Table 1. Typographical Conventions ........12 Table 2.
Page 11: About This Document
About This Document About This Document This guide describes setup, configuration, administration and maintenance for the D-Link DWL-3500AP and DWL-8500AP access points on a wireless network. Document Organization The D-Link Access Point Administrator’s Guide contains the following information: • Chapter 1, "Overview of the D-Link Access...
Page 12: Online Help, Supported Browsers, And Limitations
Online Help, Supported Browsers, and Limitations Online help for the D-Link AP Administration Web pages provides information about all fields and features available from the user interface (UI). The information in the online help is a subset of the information available in the D-Link Access Point Administrator’s Guide.
Page 13: Figure 1. Administrator Ui Online Help
About This Document Figure 1 shows an example of the online help available from the links on the user interface. Figure 1. Administrator UI Online Help Online Help Navigation Click to Access Help Table of Contents Online Help, Supported Browsers, and Limitations...
Page 15: Overview Of The D-Link Access Point
Mode, the Unified Access Point is part of the D-Link Unified Wired/Wireless Access System, and you manage it by using the D-Link Unified Switch. If an AP is in Managed Mode, the Administrator Web UI, Telnet, and SSH services are disabled.
Page 16: Features And Benefits
Support for IEEE 802.11d Regulatory Domain selection (country codes for global operation) • Support for IEEE 802.11h, incorporating TPC and DFS • Support for Super AG technology, which can increase WLAN speed and throughput © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 17: Security Features
1 Overview of the D-Link Access Point • SpectraLink Voice Priority (SVP) SpectraLink Voice Priority (SVP) is a QoS approach for Wi-Fi deployments. SVP is an open specification that is compliant with the IEEE 802.11b standard. SVP minimizes delay and prioritizes voice packets over data packets on the WLAN, which increases the probability of better network performance.
Page 18: Access Point Hardware
The Unified Access Point software supports the following hardware features: • Power port and power adapter • Reset button For more information about the specifics of your Access Point, see the information provided by the manufacturer. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 19: Preparing To Install The Access Point
Preparing to Install the Access Point Before you power on a new D-Link Access Point, review the following sections to check required hardware and software components, client configurations, and compatibility issues. Make sure you have everything you need for a successful launch and test of your new or extended wireless network.
Page 20 SSID for all other VAPs is “Virtual Access Point x” where x is the VAP number. Broadcast SSID Allow Security Mode None (plain text) Authentication Type None RADIUS IP Address 10.90.90.1 RADIUS Key secret RADIUS Accounting Disabled © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 21: Administrator's Computer Requirements
2 Preparing to Install the Access Point Table 2. AP Default Settings Feature Default Other Default Settings MAC Authentication No stations in list Load Balancing Disabled Managed Mode Disabled HTTP Access Enabled; disabled in Managed Mode HTTPS Access Enabled; disabled in Managed Mode Telnet Access Enabled;...
Page 22: Wireless Client Requirements
Security modes are Static WEP, IEEE 802.1X, with RADIUS server, and WPA-PSK. For information about configuring security on the access point, see “Configuring Access Point Security” on page 39. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 23: Dynamic And Static Ip Addressing On The Ap
2 Preparing to Install the Access Point Dynamic and Static IP Addressing on the AP When you power on the access point, the built-in DHCP client searches for a DHCP server on the network in order to obtain an IP Address and other network information. If the AP does not find a DHCP server on the network, the AP continues to use its default Static IP Address...
Page 25: Installing The Access Point
Installing the Access Point This chapter describes the basic steps required to setup and deploy the D-Link Access Point and contains the following sections: • Installing the Unified Access Point • Using the CLI to View the IP Address •...
Page 26: Figure 2. Lan Connection For Dhcp-Assigned Ip
AP. Also, many of the initial configuration changes required will cause you to lose connectivity with the AP over a wireless connection. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 27 3 Installing the Access Point 2. Connect the power adapter to the power port on the back of the access point, and then plug the other end of the power cord into a power outlet. 3. Use your Web browser to log on to the access point Administration Web pages. If the AP did not acquire an IP address from a DHCP server on your network, enter 10.90.90.91 in the address field of your browser, which is the default IP address of the AP.
Page 28: Figure 4. Basic Settings
Unified Access Point on the same network, the IP address for each AP will be unique. To change the connection type and assign a static IP address, see “Configuring the Ethernet Interface” on page 31. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 29: Viewing Basic Settings
7. If your network uses VLANs, you might need to configure the management VLAN ID or untagged VLAN ID on the D-Link Access Point in order for it to work with your network. For information about how to configure VLAN information, see “Configuring the...
Page 30: Using The Cli To View The Ip Address
The login name is admin. The default password is admin. After a successful login, the screen shows the (Access Point Name)# prompt. 4. At the login prompt, enter get management Information similar to the following prints to the screen:. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 31: Configuring The Ethernet Interface
This section describes how to change the default settings. By default, the DHCP client on the D-Link Access Point automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.
Page 32 Changing some access point settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 33: Using The Cli To Configure Ethernet Settings
3 Installing the Access Point Using the CLI to Configure Ethernet Settings Use the commands in Table 8 to view and set values for the Ethernet (wired) interface. For more information about each setting, see the description for the field in Table Table 8.
Page 34: Configuring Ieee 802.1X Authentication
On networks that use IEEE 802.1X port-based network access control, a supplicant (client) cannot gain access to the network until the 802.1X authenticator grants access. If your network uses 802.1X, you must configure 802.1X authentication information that the AP can supply to the authenticator. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 35: Using The Web Ui To Configure 802.1X Authentication Information
3 Installing the Access Point Using the Web UI to Configure 802.1X Authentication Information To configure the Unified Access Point 802.1X supplicant user name and password by using the Web interface, click the Authentication tab and configure the fields shown in Table Figure 6.
Page 36: Using The Cli To Configure 802.1X Authentication Information
For information about requirements for these clients, see “Wireless Client Requirements” on page 22 in the Preparing to Install the Access Point chapter. 3. Secure and configure the access point by using advanced features. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 37 3 Installing the Access Point Once the wireless network is up and you can connect to the AP with some wireless clients, you can add in layers of security, create multiple virtual access points (VAPs), and configure performance settings. NOTE: The Unified Access Point is not designed for multiple, simultaneous configuration changes.
Page 39: Configuring Access Point Security
101. Choosing a Security Mode In general, D-Link recommends that you use the most robust security mode that is feasible on your network. When configuring security on the access point, you first must choose the security mode, then in some modes you select an authentication algorithm and whether to allow clients not using the specified security mode to associate.
Page 40: Comparing Security Modes
When to Use Static WEP Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and access points on the network are configured with a static © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 41 4 Configuring Access Point Security 64-bit (40-bit secret key + 24-bit initialization vector (IV)), 128-bit (104-bit secret key + 24- bit IV), or 152-bit (128-bit secret key + 24-bit IV) Shared Key for data encryption. Key Management Encryption Algorithm User Authentication Static uses a fixed key stream cipher is used...
Page 42 TKIP should be used whenever possible. All WPA modes allow you to use these encryption schemes, so WPA security modes are recommended above the other modes when using WPA is an option. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 43: Enabling Station Isolation
4 Configuring Access Point Security Additionally, this mode incorporates a RADIUS server for user authentication which makes WPA Enterprise more secure than WPA Personal mode. Use the following guidelines for choosing options within the WPA Enterprise mode security mode: 1. Currently, the best security you can have on a wireless network is WPA Enterprise mode using AES-CCMP encryption algorithm.
Page 44: Figure 7. Virtual Access Point Page
VAP 0 through VAP 7 are listed in rows, and the column headings contain the configuration options, which are described in “Configuring Virtual Access Points” on page 62. The drop- down menu in the Security column contains the following security mode options: © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 45: None (Plain-Text)
4 Configuring Access Point Security • None • Static WEP • IEEE 802.1X • WPA Personal • WPA Enterprise When you select a security mode other than None, additional fields appear. The following sections describe how to configure each security mode. None (Plain-text) If you select None as your security mode, no further options are configurable on the AP.
Page 46: Table 11. Static Wep
Specify the length of the key by clicking one of the radio buttons: • 64 bits • 128 bits • 152 bits Key Type Select the key type by clicking one of the radio buttons: • ASCII • © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 47 4 Configuring Access Point Security Table 11. Static WEP Field Description WEP Keys You can specify up to four WEP keys. In each text box, enter a string of characters for each key. If you selected “ASCII”, enter any combination ASCII characters. If you selected “HEX”, enter hexadecimal digits (any combination of Use the same number of characters for each key as specified in the “Characters Required”...
Page 48: Figure 9. Static Wep Example
Figure 9. Static WEP Example The administrator must then set all wireless client stations to use WEP and provide each client with one of the slot/key combinations defined on the AP. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 49: Ieee 802.1X
4 Configuring Access Point Security For this example, the administrator sets WEP key 3 in the wireless network properties of a Windows client. Figure 10. Providing a Wireless Client with a WEP Key Additional wireless clients also need to have one of the WEP keys defined on the AP. The administrator can assign the same WEP key that the first client has, or the administrator can give the second station a different WEP key (key 2, for example) so that the two stations cannot decrypt each other’s transmissions.
Page 50: Wpa Personal
AES- CCMP and TKIP mechanisms. The Personal version of WPA employs a pre-shared key (PSK) instead of using IEEE 802.1X as is used in the Enterprise WPA security mode). The © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 51: Figure 12. Wpa Personal Configuration
4 Configuring Access Point Security PSK is used for an initial check of credentials only. This security mode is backwards- compatible for wireless clients that support the original WPA. If you select WPA Personal as the Security Mode, additional fields display, as Figure 12 shows.
Page 52: Wpa Enterprise
Enabling this feature can help speed up authentication for roaming clients who connect to multiple access points. This option does not apply if you selected “WPA” for WPA Versions because the original does not support this feature. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 53: Prohibiting The Ssid Broadcast
4 Configuring Access Point Security Table 14. WPA Enterprise Field Description Cipher Suites Select the cipher suite you want to use: • TKIP • CCMP (AES) • TKIP and CCMP (AES) By default both TKIP and CCMP are selected. When both TKIP and CCMP are selected, client stations configured to use WPA with RADIUS must have one of the following: •...
Page 54 Suppressing the SSID broadcast offers a very minimal level of protection on an otherwise exposed network (such as a guest network) where the priority is making it easy for clients to get a connection and where no sensitive information is available. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 55: Managing The Access Point
Managing the Access Point This chapter describes how to manage the Unified Access Point and contains the following sections: • Setting the Wireless Interface • Configuring Radio Settings • Configuring Virtual Access Points • Controlling Access by MAC Authentication • Configuring Load Balancing The configuration pages for the features in this chapter are located under the Manage heading on the Administration Web UI.
Page 56: Table 15. Wireless Settings
Changing some access point settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 57: Using The 802.11H Wireless Mode
5 Managing the Access Point Using the 802.11h Wireless Mode There are a number of key points about the IEEE 802.11h standard: • 802.11h only works for the 802.11a band. It is not required for 802.11b or 802.11g. • If you are operating in an 802.11h enabled domain, the AP attempts to use the channel you assign.
Page 58: Configuring Radio Settings
Radio settings directly control the behavior of an IEEE 802.11-compliant radio device in the access point. Specifically, a user can control operational mode, power level, frequency, and other per-radio IEEE 802.11 configuration options. To specify radio settings, click the Radio tab. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 59: Table 16. Radio Settings
5 Managing the Access Point Table 16 describes the fields and configuration options for the Radio Settings page. Table 16. Radio Settings Field Description Radio Select Radio 1 or Radio 2 to specify which radio to configure. The (DWL-8500AP only) rest of the settings on this tab apply to the radio you select in this field.
Page 60 By default, fragmentation is off. We recommend not using fragmentation unless you suspect radio interference. The additional headers applied to each fragment increase the overhead on the network and can greatly reduce throughput. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 61 5 Managing the Access Point Table 16. Radio Settings Field Description RTS Threshold Specify an RTS Threshold value between 0 and 2347. The RTS threshold specifies the packet size of the minimum packet for which a request to send (RTS) frame will be sent. This helps control traffic flow through the access point, especially one with a lot of clients.
Page 62: Configuring Virtual Access Points
VLAN ID specified in the VAP to all wireless clients that connect to the AP through that VAP. NOTE: Before you configure VLANs on the AP, be sure to verify that the switch and DHCP server the Unified Access Point uses can support IEEE 802.1Q VLAN encapsulation. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 63: Table 17. Vap Configuration
5 Managing the Access Point To set up multiple virtual access points, Click the VAP tab. Table 17 describes the fields and configuration options on the VAP page. Table 17. VAP Configuration Field Description RADIUS IP By default each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page.
Page 64 To enable the SSID broadcast, click the Broadcast SSID option. By default, the access point broadcasts (allows) the Service Set Identifier (SSID) in its beacon frames. For information about turing off the SSID broadcast, see “Prohibiting the SSID Broadcast” on page 53. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 65 5 Managing the Access Point Table 17. VAP Configuration Field Description Security Select one of the following Security modes for this VAP: • None • Static WEP • WPA Personal • IEEE 802.1X • WPA Enterprise If you select a security mode other than None, additional fields appear. Note: The Security mode you set here is specifically for this Virtual Access Point.
Page 66: Controlling Access By Mac Authentication
To enable filtering by MAC address, click the MAC Authentication tab. NOTE: Global MAC Authentication settings apply to all VAPs. For the DWL-8500AP, the settings apply to all VAPs on both radios. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 67: Configuring Mac Authentication On The Radius Server
5 Managing the Access Point Table 18 describes the fields and configuration options available on the MAC Authentication page. Table 18. MAC Authentication Field Description Filter To set the MAC Address Filter, click one of the following buttons: • Allow only stations in the list •...
Page 68: Configuring Load Balancing
AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 69: Configuring Access Point Services
Configuring Access Point Services This chapter describes how to configure services on the DWL-3500AP and DWL-8500AP and contains the following sections: • Configuring Quality of Service (QoS) • Enabling the Network Time Protocol Server Configuring Quality of Service (QoS) Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the Unified Access Point.
Page 70 AP. Based on the value in a packet’s DSCP field, the AP prioritizes the packet for transmission by assigning it to one of the queues. This process occurs automatically, regardless of whether you deliberately configure QoS or not. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 71 6 Configuring Access Point Services A different type of data is associated with each queue. The queue and associated priorities and parameters for transmission are as follows: • Data 0 (Voice). Highest priority queue, minimum delay. Time-sensitive data such as Voice over IP (VoIP) is automatically sent to this queue.
Page 72 The value specified in the Maximum Contention Window is the upper limit for this doubling of the random backoff. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 73 6 Configuring Access Point Services Packet Bursting for Better Performance The Unified Access Point includes 802.11e based packet bursting technology that increases data throughput and speed of transmission over the wireless network. Packet bursting enables the transmission of multiple packets without the extra overhead of header information. The effect of this is to increase network speed and data throughput.
Page 74: Figure 15. Traffic Prioritization
Take priority from tag DSCP Table 21 outlines the VLAN priority and DSCP values. Table 21. VLAN Priority Tags VLAN Priority Priority DSCP Value Best Effort Background Background Best Effort Video Video Voice Voice © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 75: Configuring Qos Settings
6 Configuring Access Point Services Configuring QoS Settings Configuring Quality of Service (QoS) on the Unified Access Point consists of setting parameters on existing queues for different types of wireless traffic, and effectively specifying minimum and maximum wait times (through Contention Windows) for transmission. The settings described here apply to data transmission behavior on the access point only, not to that of the client stations.
Page 76: Table 22. Qos Settings
Valid values for cwMin are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023. The value for cwMin can be equal to or lower than the value for cwMax. For more information, see “Random Backoff and Minimum / Maximum Contention Windows” on page 72. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 77 6 Configuring Access Point Services Table 22. QoS Settings Field Description cwMax The value specified for the Maximum Contention Window is the upper (Maximum Contention limit (in milliseconds) for the doubling of the random backoff value. Window) This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.
Page 78 Valid values for cwMin are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023. The value for cwMin can be equal to or lower than the value for cwMax. For more information, see “Random Backoff and Minimum / Maximum Contention Windows” on page 72. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 79: Enabling The Network Time Protocol Server
6 Configuring Access Point Services Table 22. QoS Settings Field Description cwMax The value specified here in the Maximum Contention Window is the (Maximum Contention upper limit (in milliseconds) for the doubling of the random backoff Window) value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.
Page 80: Enabling Or Disabling A Network Time Protocol (Ntp) Server
Changing some access point settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 81: Maintaining The Access Point
Maintaining the Access Point This chapter describes how to maintain the Unified Access Point and contains the following sections: • Managing the Configuration File • Upgrading the Firmware From the access point Administrator UI, you can perform the following maintenance tasks: •...
Page 82: Resetting The Factory Default Configuration
You can also use the reset button on the back panel to reset the system to the default configuration. For information about the reset button, see “Using the Reset Button” on page 23. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 83: Saving The Current Configuration To A Backup File
7 Maintaining the Access Point Saving the Current Configuration to a Backup File You can use HTTP or TFTP to transfer files to and from the Unified Access Point. After you download a configuration file to the management station, you can manually edit the file, which is in XML format.
Page 84 A “reboot” confirmation dialog and follow-on “rebooting” status message displays. Please wait for the reboot process to complete, which might take several minutes. The Administration Web UI is not accessible until the AP has rebooted. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 85: Rebooting The Access Point
7 Maintaining the Access Point Rebooting the Access Point For maintenance purposes or as a troubleshooting measure, you can reboot the Unified Access Point. To reboot the access point, click the Reboot button on the Configuration page. Upgrading the Firmware As new versions of the DWL-3500AP and DWL-8500AP firmware become available, you can upgrade the firmware on your devices to take advantages of new features and enhancements.
Page 86 5. To verify that the firmware upgrade completed successfully, check the firmware version shown on the Upgrade tab (and also on the Basic Settings tab). If the upgrade was successful, the updated version name or number is indicated. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 87: Configuring The Access Point For Managed Mode
Mode, the access point is part of the D-Link Unified Wired/Wireless Access System and you manage it by using the D-Link Unified Switch. If an AP is in Managed Mode, the Administrator Web UI, Telnet, and SSH services are disabled.
Page 88: Configuring Managed Access Point Settings
Standalone Mode is one way to enable switch-to-AP discovery. To add the IP address of a D-Link Unified Switch to the AP, click the Managed Access Point tab under the Manage heading and update the fields shown in Table Figure 17. Managed Access Point Settings Table 24.
Page 89: Viewing Managed Ap Dhcp Information
The Unified Access Point can learn about D-Link Unified Switches on the network through DHCP responses to its initial DHCP request. The Managed AP DHCP page displays the DNS names or IP addresses of up to four D-Link Unified Switches that the AP learned about from a DHCP server on your network.
Page 91: Viewing Access Point Status
Viewing Access Point Status This chapter describes the information you can view from the tabs under the Status heading on the Administration Web UI. This chapter contains the following sections: • Viewing Interface Status • Viewing Events Logs • Viewing Transmit and Receive Statistics •...
Page 92: Ethernet (Wired) Settings
NOTE: The Unified Access Point acquires its date and time information using the network time protocol (NTP). This data is reported in UTC format (also known as Greenwich Mean Time). You need to convert the reported time to © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 93: Configuring Persistent Logging Options
9 Viewing Access Point Status your local time. For information on setting the network time protocol, see “Enabling the Network Time Protocol Server” on page 79. Configuring Persistent Logging Options If the system unexpectedly reboots, log messages can be useful to diagnose the cause. However, log messages are erased when the system reboots unless you enable persistent logging.
Page 94: Configuring The Log Relay Host For Kernel Messages
NOTE: The syslog process will default to use port 514. We recommend keeping this default port. However; If you choose to reconfigure the log port, make sure that the port number you assign to syslog is not being used by another process. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 95: Enabling Or Disabling The Log Relay Host On The Events Page
9 Viewing Access Point Status Enabling or Disabling the Log Relay Host on the Events Page To enable and configure Log Relaying on the Events page, set the Log Relay options as described in Table 26, and then click Update. Table 26.
Page 96: Table 27. Transmit/Receive Statistics
You can use VLANs to establish multiple internal and guest networks on the same access point. The VLAN ID is set on the VAP tab. (See “Configuring Virtual Access Points” on page 62.) © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 97: Viewing Client Association Information
9 Viewing Access Point Status Table 27. Transmit/Receive Statistics Field Description Name (SSID) Wireless network name. Also known as the SSID, this alphanumeric key uniquely identifies a wireless local area network. The SSID is set on the VAP tab. (See “Configuring Virtual Access Points”...
Page 98: Link Integrity Monitoring
To view information about other access points on the wireless network, click the Neighboring Access Points tab. You must enable the AP detection on the AP in order to collect information about other APs within range. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 99: Table 29. Neighboring Access Points
9 Viewing Access Point Status Table 29 describes the information provided on neighboring access points. Table 29. Neighboring Access Points Field Description AP Detection To enable neighbor access point detection and collect information about neighbor APs, click Enabled. To disable neighbor AP detection, click Disabled. MAC Address Shows the address of the neighboring access point.
Page 100 Rates are shown in megabits per second (Mbps). All Supported Rates are listed, with Basic Rates shown in bold. Rate sets are configured on the Radio Settings page. (See “Configuring Radio Settings” on page 58.) © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 101: A Wireless Client Settings And Radius Server Setup
Wireless Client Settings and RADIUS Server Setup Typically, users configure security on their wireless clients for access to many different networks (access points). The list of available wireless networks changes depending on the location of the client and which APs are online and detectable in that location. Once an AP has been detected by the client and security is configured for it, it remains in the client’s list of networks but shows as either reachable or unreachable depending on the situation.
Page 102: Accessing Wireless Client Security Settings
Select the SSID of the network to which you want to connect and click Advanced to bring up the Wireless Network Connection Properties dialog. The Wireless Networks tab (which should be automatically displayed) lists Available networks and Preferred networks. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 103 A Wireless Client Settings and RADIUS Server Setup List of available networks will change depending on client location. Each network (or access point) that that is detected by the client shows up in this list. (“Refresh” updates the list with current information.) For each network you want to connect to, configure security settings on the client to match the security mode being used by...
Page 104: Configuring A Client To Access An Unsecure Network
(non-changing) key. The encryption algorithm is a “stream” cipher called RC4. The access point uses a key to transmit data to the client stations. Each client must use that same © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 105 A Wireless Client Settings and RADIUS Server Setup key to decrypt data it receives from the access point. Different clients can use different keys to transmit data to the access point. (Or they can all use the same key, but this is less secure because it means one station can decrypt the data being sent by another.) If you configured the Unified Access Point to use Static WEP security mode, perform the following steps:...
Page 106: Configuring Wpa/Wpa2 Personal On A Client
Counter mode/CBC-MAC Protocol (CCMP) mechanisms. PSK employs a pre-shared key for an initial check of client credentials. If you configured the Unified Access Point to use WPA/WPA2 Personal (PSK) security mode, perform the following steps: © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 107 A Wireless Client Settings and RADIUS Server Setup 1. Configure WPA/WPA2 Personal (PSK) security on each client as follows. Choose WPA-PSK Choose either TKIP or AES for the Data Encryption mode Enter a network key that matches the one specified on the access point (and confirm by re-typing) 2.
Page 108: Using An External Authentication Server
RADIUS server, PKI, and CA server. Consult the documentation for those products. For more information about Microsoft Windows PKI software, see the Microsoft Web site: http://support.microsoft.com. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 109 A Wireless Client Settings and RADIUS Server Setup To use this type of security, you must perform the following steps: 1. Add the access point to the list of RADIUS server clients. (See “Configuring the RADIUS Server for Authentication” on page 116.) 2.
Page 110 5. To complete the client configuration you must now obtain a certificate from the RADIUS server and install it on this client. For information on how to do this see “Obtaining a TLS- EAP Certificate for a Client” on page 119. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 111: Configuring Wpa/Wpa2 Enterprise (Radius)
A Wireless Client Settings and RADIUS Server Setup IEEE 802.1X clients should now be able to connect to the access point using their TLS certificates. The certificate you installed is used when you connect, so you will not be prompted for login information. The certificate is automatically sent to the RADIUS server for authentication and authorization.
Page 112 Choose Protected EAP (PEAP) Choose WPA ...then, click “Properties” Data Encryption mode Disable (click to uncheck) Choose “secured password (EAP-MSCHAP v2)” “Validate server certificate” ...then click “Configure” Disable (click to uncheck) this option © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 113: Wpa/Wpa2 Enterprise (Radius) Client Using Eap-Tls Certificate
A Wireless Client Settings and RADIUS Server Setup 2. Configure the following settings on the Association and Authentication tabs on the Network Properties dialog. Network Authentication Data Encryption TKIP or AES depending on how this option is configured on the access point.
Page 114 1. Configure WPA security with certificate authentication on each client as follows. Choose Smart Card or other ...then, click Choose either TKIP or AES for the Choose WPA certificate and enable “Authenticate “Properties” Data Encryption mode as computer when info is available” © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 115 A Wireless Client Settings and RADIUS Server Setup Enable (click to check) “Validate server certificate” Select (check) the name of certificate on this client (downloaded from RADIUS server in a prerequisite procedure) 2. Configure the following settings on the Association tab on the Network Properties dialog. Network Authentication Data Encryption TKIP or AES depending on how this option is configured on the...
Page 116: Configuring The Radius Server For Authentication
Access Point software, the RADIUS server User Datagram Protocol (UDP) ports used by the access point are not configurable. (The Unified Access Point is hard-coded to use RADIUS server UDP port 1812 for authentication and port 1813 for accounting.) © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 117 A Wireless Client Settings and RADIUS Server Setup To configure the external RADIUS server, perform the following steps: 1. Log on to the system hosting your RADIUS server and bring up the Internet Authentication Service. 2. In the left panel, right click on “RADIUS Clients” node and choose New > RADIUS Client from the popup menu.
Page 118 D-Link Unified Access Point Administrator’s Guide IP address for the access point. Click Next. 4. For the “Shared secret” enter the RADIUS Key you provided to the access point (on the Security page). Re-type the key to confirm. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 119: Obtaining A Tls-Eap Certificate For A Client
A Wireless Client Settings and RADIUS Server Setup 5. Click Finish. The access point is now displayed as a client of the Authentication Server. Obtaining a TLS-EAP Certificate for a Client If you want to use IEEE 802.1X mode with EAP-TLS certificates for authentication and authorization of clients, you must have an external RADIUS server and a Public Key Authority Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network.
Page 120 The Welcome screen for the Certificate Server is displayed in the browser. 3. Click “Request a certificate” to get the login prompt for the RADIUS server. 4. Provide a valid user name and password to access the RADIUS server. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 121 A Wireless Client Settings and RADIUS Server Setup NOTE: The user name and password you need to provide here is for access to the RADIUS server, for which you will already have user accounts configured at this point. This document does not describe how to set up Administrative user accounts on the RADIUS server.
Page 122: Configuring The Radius Server For Vlan Tags
In the case of the Unified Access Point, if you configure an external RADIUS server on the VAP page, then an External RADIUS server will try to authenticate the user. A user’s authentication credentials are passed to a RADIUS server. If these credentials are found to be © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 123 A Wireless Client Settings and RADIUS Server Setup valid, the NAS configures the port to the VLAN indicated by the RADIUS authentication server. A RADIUS server needs to be configured to use Tunnel attributes in Access-Accept messages, in order to inform the access point about the selected VLAN. These attributes are defined in RFC 2868 and their use for dynamic VLAN is specified in RFC 3580.
Page 125: B Cli For Ap Configuration
CLI for AP Configuration In addition to the Web based user interface, the Unified Access Point includes a command line interface (CLI) for administering the access point. The CLI lets you view and modify status and configuration information. The following topics provide an introduction to the class structure upon which the CLI is based, CLI commands, and examples of using the CLI to get or set configuration information on an access point: •...
Page 126: Ssh Connection To The Ap
To use an SSH connection, you need to have SSH software installed on your PC. The examples in this guide use PuTTY, which is available as a free download from the Internet. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 127: Commands And Syntax
B CLI for AP Configuration 1. Start your SSH application. (We use PuTTY as an example.) 2. Enter the IP address of access point and click Open (If your Domain Name Server is configured to map domain names to IP addresses via DHCP, you can enter the domain name of the AP instead of an IP address.) This brings up the SSH command window and establishes a connection to the access point.
Page 128: Using The Get Command
If these are included, then only instances whose present value of qualifier-property is qualifier-value will be set. The qualifier-value arguments cannot contain spaces. Therefore, you cannot select instances whose desired qualifier-value has a space in it. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 129: Using The Add Command
B CLI for AP Configuration The rest of the command line contains property-value pairs. set named-class instance | all [ with qualifier-property qualifier-value ... to ] property value... The first argument is either a named class in the configuration. The next argument is either the name of the instance to set, or the keyword all, which indicates that all instances should be set.
Page 130: Additional Cli Commands
Upgrade the firmware Get property values of the running configuration reboot Reboot the system remove Remove instances in the running configuration save-running Save the running configuration Set property values of the running configuration © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 131: Keyboard Shortcuts
B CLI for AP Configuration Example 2: Type TAB TAB (including a space after ) to see a list of all remove remove property options for the command. remove DLINK-WLAN-AP# remove basic-rate Basic rates of radios bridge-port Bridge ports of bridge interfaces Basic Service Set of radios interface Network interface...
Page 132: Interface Naming Conventions
The wireless interface for the x VAP on radio 1 - 802.11a radio. The value for x ranges from 1-7. The DWL-3500AP does not have this interface. wlan1vapx The wireless interface for the x VAP on radio 2 - 802.11b/g radio. The value for x ranges from 1-7. © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 133: Saving Configuration Changes
B CLI for AP Configuration Table 33. Interface Naming Convention Interface Description wlan0bssvapx The basic service set interface for the x VAP on radio 1 - 802.11a radio. The value for x ranges from 0-7. The DWL-3500AP does not have this interface. wlan1bssvapx The basic service set interface for the x VAP on radio 2 - 802.11b/g radio.
Page 134: Access Point Cli Commands
IP Address get management static-mask • Subnet Mask get management ip • MAC Address get management mask • DHCP Status get management mac get management dhcp-status Get the Firmware Version get system version © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 135: Status
B CLI for AP Configuration Table 34. Basic Setting Commands Action Command Get the serial number get system serial-number Set the Password set system password <password> Example: set system password test1234 Status The command tasks and examples in this section show status information on access points. These settings correspond to what is shown on the Status tabs in the Web UI.
Page 136: Ethernet Settings
Enable the untagged VLAN set untagged-vlan status up Disable the untagged VLAN set untagged-vlan status down Set the untagged VLAN ID set untagged-vlan vlan-id <1-4094> View the connection type get management dhcp-status © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 137: Wireless Interface
B CLI for AP Configuration Table 36. Ethernet Setting Commands Action Command Use DHCP as the connection type set management dhcp-client status up Use a Static IP as the connection set management dhcp-client status down type Set the Static IP address set management static-ip <ip_address>...
Page 138: Radio Settings
<256-2346> Length Threshold Set the RTS Threshold set radio wlan0 rts-threshold <0-2347> Set the maximum number of set bss wlan0bssvap0 max-stations <0-256> clients allowed to associate (VAP 0 radio 0) © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 139: Virtual Access Points
B CLI for AP Configuration Table 38. Radio Setting Commands Action Command Set the power transmission set radio wlan0 tx-power <0-100> level (percent) Select the antenna to use for set radio wlan0 antenna-diversity {auto | primary | secondary} sending and receiving traffic Add a basic rate set add basic-rate wlan0 rate integer Get current basic rates...
Page 140 1. Set the security mode. set interface wlan0 security static-wep DLINK-AP# 2. Set the Transfer Key Index. The range for the transfer key index is 1-4. The following command sets the Transfer Key © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 141 B CLI for AP Configuration Index to 4. set interface wlan0 wep-default-key 4 DLINK-AP# 3. Set the Key Length For the CLI, valid values for Key Length are 40 bits, 104 bits, or 128 bits.The Key Length values used by the CLI do not include the initialization vector in the length. On the Web UI, longer Key Length values may be shown which include the 24-bit initialization vector.
Page 142 DLINK-AP# set bss wlan0bssvap0 radius-key thisISmyKey You can enable RADIUS Accounting if you want to track and measure the resources a particular user has consumed such system time, amount of data transmitted and received, © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 143 B CLI for AP Configuration and so on. To enable RADIUS accounting on the VAP, enter the following command: set bss wlan0bssvap0 radius-accounting on 3. View the security settings. Use the “get” command to view the updated security configuration and see the results of the new settings.
Page 144 , where is the radio, and wlan0 wlanxvapy the VAP ID. For example, to configure security on VAP 3 on radio 2, use instead of in all of the following commands. wlan1vap3 wlan0 © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 145 B CLI for AP Configuration 1. Set the Security Mode set interface wlan0 security wpa-enterprise DLINK-AP# 2. Set the WPA versions based on what types of client stations you want to support. WPA—If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA.
Page 146: Managed Access Point
AP mode from Standalone to Managed and how to configure the IP address of a D-Link Unified Switch so that the AP can discover it. You can configure a pass phrase on the AP and on the switch so that only authenticated APs can associate with the switch.
Page 147: Ieee 802.1X Supplicant Authentication
<password> to-switch authentication Note: The phrase you enter must match the local authentication password you configure for Valid APs on the D-Link Unified Switch Configure the IP address of set managed-ap switch-address-1 <ip_address> up to four D-Link Unified set managed-ap switch-address-2 <ip_address>...
Page 148: Table 42. Qos Commands
0.5 Set Transmission set wme-queue wlan0 with queue <Queue_Name> to txop- Opportunity Limit (txop- txop-limit_Value> limit < limit) for WMM client Example: stations set wme-queue wlan0 with queue vo to txop-limit 49 © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 149: Time
B CLI for AP Configuration The same types of queues are defined for different kinds of data transmitted from AP-to- station and station-to-AP but they are referenced by differently depending on whether you are configuring AP or station parameters. Table 43. Valid Queue Name Values Data Station Voice - High priority queue, minimum delay.
Page 151 B CLI for AP Configuration Table 46. CLI Class Instances has name? \ # of instances? multiple yes - unique unique named yes - non-unique group named Each class defines a set of properties that describe the actual information associated with a class.
Page 153: Glossary
Glossary Glossary portable, and moving stations within a local area. It uses direct sequence spread spectrum (DSSS) in the 2.4 GHz ISM band and supports raw data rates of 1 and 2 Mbps. It was formally adopted in 1997 but has 0-9 A B C D E F G H I J K L M N O been mostly superseded by 802.11b.
Page 154 802.1p is to prioritize network traffic at 802.11i the data link/ MAC layer. 802.1p offers the ability to filter multicast traffic to ensure it doesn’t increase IEEE 802.11i is a comprehensive IEEE standard for © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 155 Glossary over layer 2 switched networks. It uses tag frames for the prioritization scheme. The Advanced Encryption Standard (AES) is a symmetric 128-bit block data encryption technique To be compliant with this standard, layer 2 switches developed to replace DES encryption. AES works at must be capable of grouping incoming LAN packets multiple network layers simultaneously.
Page 156 CCM mode of operation, combining the a variation on CSMA/CD (used by Ethernet Cipher Block Chaining Counter mode (CBC-CTR) networks). In CSMA/CD the emphasis is on collision and the Cipher Block Chaining Message © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 157 Glossary detection whereas with CSMA/CA the emphasis is A domain name identifies one or more IP addresses. on collision avoidance. Conversely, an IP address may map to more than one domain name. A domain name has a suffix that indicates which top A clear to send (CTS) message is a signal sent by an level domain (TLD) it belongs to.
Page 158 (OFDM). Built into ERP and the IEEE 802.11g standard is a scheme for effective interoperability of IEEE 802.11g stations with IEEE 802.11b nodes on © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 159 Glossary standards, see http://standards.ieee.org/. HTTP Infrastructure Mode The Hypertext Transfer Protocol (HTTP) defines Infrastructure Mode is a Wireless Networking how messages are formatted and transmitted on the Framework in which wireless stations communicate World Wide Web. An HTTP message consists of a with each other by first going through an Access and a command (...
Page 161 Managed Mode stations (MAC addresses) on the network. In Managed Mode, the D-Link Access Point is part of the D-Link Unified Wired/Wireless Access Some wireless security modes distinguish between System, and you manage it by using the D-Link how unicast, multicast, and broadcast frames are Unified Switch.
Page 162 Layer 2, the Data-Link layer, defines how data sent along with its destination address and sender for transmission will be structured and formatted, address. Packets are pushed out onto the network and along with low-level protocols for © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 163 Glossary PPPoE inspected by each node. The node to which it is addressed is the ultimate recipient. Point-to-Point Protocol over Ethernet (PPPoE) is a specification for connecting the users on a Packet Loss the Internet through a common broadband medium, such as a single DSL or cable modem line.
Page 164 The router performs little filtering of data it passes. SSID The Service Set Identifier (SSID) is a thirty-two character alphanumeric key that uniquely identifies a © 2001-2008 D-Link Corporation. All Rights Reserved.
Page 165 The bitwise AND operator compares two bits and assigns 1 to the result only if both bits are 1. Standalone Mode In Standalone Mode, the D-Link AP acts as an Supported Rate Set individual access point in the network, and you...
Page 166 “best-effort” settings depending upon the requirements of the data. The ToS field is used by the D-Link AP to provide configuration control over Quality of Service (QoS) queues for data VLAN transmitted from the AP to client stations.
Page 167 Glossary are organized in an extended service set (ESS). WLAN A Wide Area Network (WAN) is a communications Wireless Local Area Network (WLAN) is a that network that spans a relatively large geographical uses high-frequency radio waves rather than wires to area, extending over distances greater than one communicate between its nodes.
Page 168 The Extensible Markup Language (XML) is a specification developed by the W3C. XML is a simple, flexible text format derived from Standard Generalized Markup Language (SGML), which is defined in 8879:1986, designed especially for electronic publishing. © 2001-2008 D-Link Corporation. All Rights Reserved.

This manual is also suitable for:

Dwl-3500ap

D-Link DWL-8500AP - AirPremier AG Wireless Switching 108 Dualband Access Point Administrator's Manual

List of Figures

List of Tables

About this Document

1 Overview of the D-Link Access Point

2 Preparing to Install the Access Point

3 Installing the Access Point

4 Configuring Access Point Security

5 Managing the Access Point

6 Configuring Access Point Services

7 Maintaining the Access Point

8 Configuring the Access Point for Managed Mode

9 Viewing Access Point Status

A Wireless Client Settings and RADIUS Server Setup

B CLI for AP Configuration

Glossary

Quick Links

Related Manuals for D-Link DWL-8500AP - AirPremier AG Wireless Switching 108 Dualband Access Point

Summary of Contents for D-Link DWL-8500AP - AirPremier AG Wireless Switching 108 Dualband Access Point

This manual is also suitable for:

Table of Contents