Page 2 UWS Administrator’s Guide FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Page 3 UWS Administrator’s Guide CAUTION: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE. DISPLOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Page 4 UWS Administrator’s Guide...
Page 5: Table Of Contents
Software User Manual D-Link Unified Access System 12/10/09 ABLE OF ONTENTS About This Document ..........................43 Audience ............................... 43 Organization............................43 Additional Documentation ........................44 Document Conventions......................... 44 Section 1: Getting Started....................45 Connecting the Switch to the Network..................... 45 Understanding the User Interfaces......................
Page 6 D-Link Unified Access System Software User Manual 12/10/09 Changing User Account Information ....................72 Deleting a User Account.........................72 Authentication List Configuration......................72 Creating an Authentication List ......................74 Configuring an Authentication List....................74 Deleting an Authentication List.......................74 Authentication List Summary........................75 Login Session .............................76 User Login ..............................77 Assigning a User to an Authentication List..................77...
Page 7 Software User Manual D-Link Unified Access System 12/10/09 SNTP Server Configuration ........................98 SNTP Server Status..........................99 SNTP Global Status ..........................100 Time Zone Configuration ........................101 Summer Time Configuration ....................... 103 Summer Time Recurring Configuration ..................104 Clock Detail ............................105 Configuring and Viewing Device Slot Information................
Page 8 D-Link Unified Access System Software User Manual 12/10/09 Switch Detailed............................129 Switch Summary..........................132 Port Detailed............................133 Port Summary Statistics ........................137 Using System Utilities ..........................139 Save All Applied Changes ........................139 System Reset ............................140 Reset Configuration to Defaults......................140 Reset Passwords to Defaults ......................140 Download File To Switch (TFTP)......................142 Downloading a File to the Switch ....................144...
Page 9 Software User Manual D-Link Unified Access System 12/10/09 SNTP Server Configuration ........................ 169 Configuring and Viewing ISDP Information................... 170 Global Configuration ........................... 170 Cache Table............................171 Cache Table............................171 Interface Configuration........................172 Statistics.............................. 172 Section 3: Configuring L2 Features ................175 Configuring DHCP Snooping ........................
Page 10 D-Link Unified Access System Software User Manual 12/10/09 Summary .............................198 Managing MAC-Based VLANs .........................199 MAC-based VLAN Configuration......................199 MAC-based VLAN Summary.......................199 Voice VLAN Configuration........................200 Creating MAC Filters ..........................202 Adding MAC Filters ........................203 Modifying MAC Filters ........................203 Deleting MAC Filters ........................203 MAC Filter Summary ...........................203 Configuring GARP ............................203...
Page 11 Software User Manual D-Link Unified Access System 12/10/09 Configuring MLD Snooping........................227 Configuration and Status ........................227 Interface Configuration........................228 VLAN Status ............................229 VLAN Configuration ..........................229 Multicast Router Configuration......................231 Multicast Router Status ........................231 Multicast Router VLAN Configuration ....................232 Multicast Router VLAN Status ......................
Page 12 D-Link Unified Access System Software User Manual 12/10/09 Port Security Violation Status ......................262 Managing LLDP............................263 Global Configuration..........................264 Interface Configuration ........................265 Interface Summary ..........................266 Statistics ..............................267 Local Device Information ........................268 Local Device Summary........................269 Remote Device Information .........................270 Remote Device Summary........................271 LLDP-MED ............................272 LLDP-MED Global Configuration ....................272...
Page 13 Software User Manual D-Link Unified Access System 12/10/09 RIP Route Redistribution Summary ....................298 Router Discovery ............................. 299 Router Discovery Configuration ......................299 Router Discovery Status ........................301 Router................................ 302 Route Table ............................302 Best Routes Table ..........................304 Configured (Static) Routes........................305 Adding a Static Route ........................
Page 14 D-Link Unified Access System Software User Manual 12/10/09 Section 5: Configuring Quality of Service ..............325 Configuring Differentiated Services .......................326 Defining DiffServ..........................326 Diffserv Configuration ..........................326 Class Configuration ..........................328 Policy Configuration..........................330 Policy Class Definition .........................332 Service Configuration ..........................334 Configuring Class of Service........................335 Mapping 802.1p Priority........................335...
Page 15 Software User Manual D-Link Unified Access System 12/10/09 Adding a Local User ........................370 Configuring Users in the Local Database ..................371 Configuring Users in a Remote RADIUS Server................372 Interface Association........................... 373 CP Global Status ..........................375 Viewing CP Activation and Activity Status ................... 375 Interface Status ...........................
Page 16 Software User Manual 12/10/09 Secure Shell Configuration........................403 Downloading SSH Host Keys.......................404 Section 8: Configuring the Wireless Features.............. 405 D-Link Unified Access System Components ..................405 DWS-4026 Unified Switch ........................406 DWL-8600AP Unified Access Point.....................406 Unified Switch and AP Discovery Methods ..................406 L2 Discovery..........................407 IP Address of AP Configured in the Switch ..................407...
Page 17 Software User Manual D-Link Unified Access System 12/10/09 Managed AP Advanced Settings ......................448 Debugging the AP........................449 Adjusting the Channel and Power ....................450 Monitoring Status and Statistics ......................452 Wireless Global Status/Statistics ......................452 Viewing Switch Status and Statistics Information ................ 455 Viewing IP Discovery Status ......................
Page 18 D-Link Unified Access System Software User Manual 12/10/09 Viewing Detailed Associated Client Association Statistics ............484 Viewing Detailed Associated Client Session Statistics..............484 Peer Switch Status ..........................485 Viewing Peer Switch Configuration Status ...................486 Viewing Peer Switch Managed AP Status..................487 Monitoring and Managing Intrusion Detection ..................488 AP RF Scan Status..........................488...
Page 19 12/10/09 WIDS Client Configuration ......................527 Visualizing the Wireless Network ......................529 Importing and Configuring a Background Image ................530 Setting Up the Graph Components..................... 531 Creating a New Graph ......................... 531 Graphing the WLAN Components ....................533 Understanding the Menu Bar Options....................535 Legend Menu ..........................
Page 20 D-Link Unified Access System Software User Manual 12/10/09 Page 20 34CSFP6XXUWS-SWUM100-D7...
Page 21 Software User Manual D-Link Unified Access System 12/10/09 IST OF IGURES Figure 1: Web Interface Layout ........................49 Figure 2: Device View............................49 Figure 3: Cascading Navigation Menu ......................50 Figure 4: Navigation Tree View ........................50 Figure 5: LAN and WLAN Tabs ........................51 Figure 6: Help Link ............................
Page 22 D-Link Unified Access System Software User Manual 12/10/09 Figure 34: Event Log............................88 Figure 35: Host Configuration ...........................89 Figure 36: Host Configuration with Logging Host .....................89 Figure 37: Persistent Log Configuration ......................90 Figure 38: Persistent Log ..........................91 Figure 39: System Log ............................92 Figure 40: Telnet Session Configuration......................93...
Page 23 Software User Manual D-Link Unified Access System 12/10/09 Figure 69: Switch Summary ........................... 132 Figure 70: Port Detailed..........................133 Figure 71: Port Summary ..........................138 Figure 72: Save All Applied Changes......................139 Figure 73: System Reset ..........................140 Figure 74: Reset Configuration to Defaults ....................140 Figure 75: Reset Passwords to Defaults ......................
Page 24 D-Link Unified Access System Software User Manual 12/10/09 Figure 104: States of Client Binding .......................179 Figure 105: DHCP Snooping Binding Configuration ..................180 Figure 106: DHCP Snooping Statistics ......................181 Figure 107: DHCP L2 Relay Global Configuration..................183 Figure 108: DHCP L2 Relay Interface Configuration ..................183 Figure 109: DHCP L2 Relay VLAN Configuration...................184...
Page 25 Software User Manual D-Link Unified Access System 12/10/09 Figure 139: IGMP Snooping VLAN Status ..................... 218 Figure 140: Multicast Router Configuration ....................219 Figure 141: Multicast Router Status ....................... 219 Figure 142: Multicast Router VLAN Configuration..................221 Figure 143: Multicast Router VLAN Status..................... 222 Figure 144: IGMP Snooping Querier Configuration..................
Page 26 D-Link Unified Access System Software User Manual 12/10/09 Figure 174: Port Security Administration ......................258 Figure 175: Port Security Interface Configuration ...................259 Figure 176: Port Security Static ........................260 Figure 177: Port Security Dynamic .........................261 Figure 178: Port Security Violation Status ......................262 Figure 179: LLDP Global Configuration ......................264...
Page 27 Software User Manual D-Link Unified Access System 12/10/09 Figure 209: Best Routes Table........................304 Figure 210: Configured Routes ........................305 Figure 211: Create Default Route Entry ......................305 Figure 212: Create Static Route Entry......................306 Figure 213: Create Static Reject Route Entry ....................306 Figure 214: Route Preferences Configuration ....................
Page 28 D-Link Unified Access System Software User Manual 12/10/09 Figure 244: IP ACL Rule Configuration (Extended ACL Rule)................347 Figure 245: MAC ACL Configuration ......................351 Figure 246: MAC ACL Rule Configuration (Create Rule)................352 Figure 247: MAC ACL Rule Configuration (Deny Action) ................353 Figure 248: MAC ACL Rule Configuration (Permit Action) ................353...
Page 29 Software User Manual D-Link Unified Access System 12/10/09 Figure 279: RADIUS Server Configuration—Add Server ................393 Figure 280: RADIUS Server Configuration—Server Added ................393 Figure 281: Named Server Status ........................394 Figure 282: Add RADIUS Accounting Server ....................395 Figure 283: RADIUS Accounting Server Configuration—Server Added ............396 Figure 284: RADIUS Server Configuration—Server Added ................
Page 30 D-Link Unified Access System Software User Manual 12/10/09 Figure 314: Configuration Received .......................457 Figure 315: AP Hardware Capability Information....................459 Figure 316: Radio Detail ..........................459 Figure 317: All Access Points .........................460 Figure 318: Managed AP Status ........................462 Figure 319: Managed AP Statistics.........................470 Figure 320: Associated Client Status ......................475...
Page 31 Software User Manual D-Link Unified Access System 12/10/09 Figure 349: AP Authentication Failure Status....................503 Figure 350: AP Authentication Failure Details....................504 Figure 351: AP De-Authentication Attack Status.................... 506 Figure 352: Global Configuration........................507 Figure 353: SNMP Trap Configuration ......................509 Figure 354: Distributed Tunneling Configuration ....................
Page 32 D-Link Unified Access System Software User Manual 12/10/09 Page 32 Document 34CSFP6XXUWS-SWUM100-D7...
Page 33 Software User Manual D-Link Unified Access System 12/10/09 IST OF ABLES Table 1: Typographical Conventions ......................44 Table 2: Common Command Buttons ......................51 Table 3: ARP Cache Fields .......................... 56 Table 4: Dual Image Status Fields........................ 58 Table 5: System Description Fields ......................
Page 34 D-Link Unified Access System Software User Manual 12/10/09 Table 34: SNTP Server Configuration Fields ....................98 Table 35: SNTP Server Status Fields ......................99 Table 36: Global Status Fields ........................101 Table 37: Time Zone Configuration Fields ....................102 Table 38: Summer Time Configuration Fields....................103 Table 39: Summer Time Recurring Configuration Fields ................104...
Page 35 Software User Manual D-Link Unified Access System 12/10/09 Table 69: DHCP Server Global Configuration Fields..................152 Table 70: Pool Configuration Fields......................155 Table 71: Pool Options Fields........................157 Table 72: Reset Configuration Fields ......................158 Table 73: Bindings Information Fields ......................159 Table 74: Server Statistics Fields .........................
Page 36 D-Link Unified Access System Software User Manual 12/10/09 Table 104: IP Subnet-based VLAN Configuration Fields ................197 Table 105: IP Subnet-based VLAN Summary Fields ..................198 Table 106: MAC-based VLAN Configuration Fields..................199 Table 107: MAC-based VLAN Summary Fields....................200 Table 108: Voice VLAN Configuration Fields....................201 Table 109: MAC Filter Configuration Fields ....................202...
Page 37 Software User Manual D-Link Unified Access System 12/10/09 Table 139: MLD Snooping Querier Configuration Fields................234 Table 140: MLD Snooping Querier VLAN Configuration Fields ..............235 Table 141: MLD Snooping Querier VLAN Configuration Summary Fields ............. 236 Table 142: MLD Snooping Querier VLAN Status Fields................. 237 Table 143: Port Channel Configuration Fields....................
Page 38 D-Link Unified Access System Software User Manual 12/10/09 Table 174: ARP Table Configuration Fields....................281 Table 175: ARP Table Fields ..........................282 Table 176: IP Configuration Fields........................283 Table 177: IP Interface Configuration Fields....................285 Table 178: Helper IP Interface Configuration Fields ..................287 Table 179: IP Statistics Fields.........................288 Table 180: BOOTP/DHCP Relay Agent Configuration Fields.................291...
Page 39 Software User Manual D-Link Unified Access System 12/10/09 Table 209: Policy Configuration Fields ......................331 Table 210: Policy Class Definition Fields ....................... 332 Table 211: Service Configuration Fields......................334 Table 212: 802.1p Priority Mapping........................ 336 Table 213: Trust Mode Configuration Fields ....................337 Table 214: IP DSCP Mapping Configuration Fields ..................
Page 40 D-Link Unified Access System Software User Manual 12/10/09 Table 244: PAE Capability Configuration......................387 Table 245: Dot1x Supplicant Port Configuration .....................387 Table 246: Port Access Control user Login Configuration Fields..............389 Table 247: Port Access Privileges Fields......................390 Table 248: RADIUS Configuration Fields .......................391 Table 249: RADIUS Server Configuration Fields ....................393...
Page 41 Software User Manual D-Link Unified Access System 12/10/09 Table 279: AP Hardware Capability Summary ....................459 Table 280: AP Hardware Capability Radio Detail................... 460 Table 281: Monitoring All Access Points ......................461 Table 282: Managed Access Point Status...................... 462 Table 283: Detailed Managed Access Point Status ..................464 Table 284: Managed AP Radio Summary ......................
Page 42 D-Link Unified Access System Software User Manual 12/10/09 Table 314: Detailed Access Point RF Scan Status ..................491 Table 315: Access Point Triangulation Status ....................492 Table 316: WIDS AP Rogue Classification .....................493 Table 317: Detected Client Status ........................495 Table 318: Detailed Detected Client Status ....................496 Table 319: WIDS Client Rogue Classification....................498...
Page 43: About This Document
(GUI). The D-Link 4000 Series switch architecture accommodates a variety of software modules so that a platform running D-Link software can be a Layer 2 switch in a basic network or a Layer 3 router in a large, complex network.
Page 44: Additional Documentation
The D-Link CLI Command Reference describes the commands available from the command-line interface (CLI) for • managing, monitoring, and configuring the switch. The D-Link Wired Configuration Guide contains a variety of configuration examples that show how to configure the • wired features on the switch.
Page 45: Section 1: Getting Started
After a successful login, the screen shows the system prompt(DWS-4026)>. 5 At the (DWS-4026)> prompt, enter enable to enter the Privileged EXEC command mode. There is no default password to enter Privileged EXEC mode. Press ENTER at the password prompt if you did not change the default password.
Page 46 D-Link Unified Access System Software User Manual 12/10/09 network parms 192.168.2.23 255.255.255.0 192.168.2.1 To manually configure the IPv6 address, subnet mask, and (optionally) default gateway, enter: network ipv6 address <address>/<prefix-length> [eui64] network ipv6 gateway <gateway> To view the network information, enter show network.
Page 47: Understanding The User Interfaces
Software User Manual D-Link Unified Access System 12/10/09 NDERSTANDING THE NTERFACES D-Link software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following three methods: • Web User Interface • Command-Line Interface (CLI) •...
Page 48: Using The Web Interface
3 After the system authenticates you, the System Description page displays. Figure 1 shows the layout of the D-Link software Web interface. Each Web page contains three main areas: device view, the navigation tree, and the configuration status and options.
Page 49: Device View
Software User Manual D-Link Unified Access System 12/10/09 Device View Administration Logout Help Page Tools Button Access Navigation Tree Configuration Status and Options Figure 1: Web Interface Layout Device View ® The Device View is a Java applet that displays the ports on the switch. This graphic appears at the top of each page to provide an alternate way to navigate to configuration and monitoring options.
Page 50: Navigation Tree View
D-Link Unified Access System Software User Manual 12/10/09 Figure 3: Cascading Navigation Menu Navigation Tree View The hierarchical-tree view is on the left side of the Web interface. The tree view contains a list of various device features. The branches in the navigation tree can be expanded to view all the components under a specific feature, or retracted to hide the feature's components.
Page 51: Configuration And Monitoring Options
Software User Manual D-Link Unified Access System 12/10/09 The D-Link DWS-4000 Series switch navigation tree also contains a LAN tab for wired features and a WLAN tab for Wireless features, as the following figure shows. LAN Tab WLAN Tab Figure 5: LAN and WLAN Tabs...
Page 52: Using The Command-Line Interface
For more information about the CLI, see the D-Link CLI Command Reference. The D-Link CLI Command Reference lists each command available from the CLI by the command name and provides a brief description of the command. Each command reference also contains the following information: •...
Page 53: Using Snmp
Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, you need to configure a new user profile. To configure a profile by using the CLI, see the SNMP section in the D-Link CLI Command Reference .
Page 54 D-Link Unified Access System Software User Manual 12/10/09 Page 54 Understanding the User Interfaces Document 34CSFP6XXUWS-SWUM100-D7...
Page 55: Section 2: System Administration
Software User Manual D-Link Unified Access System 12/10/09 Se ction 2: Syste m A dm inistra tion Use the features in the Administration navigation tree folder to define the switch’s relationship to its environment. The Administration folder contains links to the following features: •...
Page 56: Viewing Arp Cache
D-Link Unified Access System Software User Manual 12/10/09 ARP C IEWING ACHE The ARP cache is a table maintained locally in each station on a network. ARP cache entries are learned by examining the source information in the ARP packet payload fields, regardless of whether it is an ARP request or response. Thus, when an ARP request is broadcast to all stations on a LAN segment or virtual LAN (VLAN), every recipient has the opportunity to store the sender’s IP and MAC address in their respective ARP cache.
Page 57: Viewing Inventory Information
TATUS The Dual Image feature allows the switch to have two D-Link software images in the permanent storage. One image is the active image, and the second image is the backup. This feature reduces the system down-time during upgrades and downgrades.
Page 58: System Description
D-Link Unified Access System Software User Manual 12/10/09 Figure 9: Dual Image Status Table 4: Dual Image Status Fields Field Description Unit Displays the unit ID of the switch. Image1 Ver Displays the version of the image1 code file. Image2 Ver Displays the version of the image2 code file.
Page 59: Figure 10: System Description
Software User Manual D-Link Unified Access System 12/10/09 Figure 10: System Description Table 5: System Description Fields Field Description System Description The product name of this switch. System Name Enter the name you want to use to identify this switch. You may use up to 31 alpha-numeric characters.
Page 60: Defining System Information
D-Link Unified Access System Software User Manual 12/10/09 Defining System Information 1 Open the System Description page. 2 Define the following fields: System Name, System Contact, and System Location. 3 Click Submit. The system parameters are applied, and the device is updated.
Page 61: Card Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 6: Switch Configuration Fields Field Description Broadcast Storm Enable or disable this option by selecting one of the following options: Recovery Mode • Enable: When the broadcast traffic on on any Ethernet port exceeds the configured threshold, the switch blocks (discards) the broadcast traffic.
Page 62: Poe Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 12: Card Configuration Table 7: Card Configuration Fields Field Description Slot Indicates the slot in the selected unit for which data is to be displayed. Slot Status Indicates whether a card is in the slot (Full or Empty).
Page 63: Figure 13: Poe Configuration
Software User Manual D-Link Unified Access System 12/10/09 To access the PoE Configuration page, click LAN > Administration > PoE Configuration in the navigation menu. The following figure shows the fields that display. Figure 13: PoE Configuration Table 8: PoE Configuration Fields...
Page 64: Poe Status
D-Link Unified Access System Software User Manual 12/10/09 TATUS Power over Ethernet (PoE) technology allows IP telephones, wireless LAN Access Points, Web-Cameras and many other appliances to receive power as well as data over existing LAN cabling, without needing to modify the existing Ethernet infrastructure.
Page 65: Serial Port
Software User Manual D-Link Unified Access System 12/10/09 ERIAL The Serial Port Configuration page allows you to change the switch’s serial port settings. In order for a terminal or terminal emulator to communicate with the switch, the serial port settings on both devices must be the same. Some settings on the switch cannot be changed.
Page 66: Ip Address
D-Link Unified Access System Software User Manual 12/10/09 IP A DDRESS The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
Page 67: Table 10: Network Connectivity Fields
Software User Manual D-Link Unified Access System 12/10/09 Table 10: Network Connectivity Fields Field Description Protocol Selects the IP protocol version you want to configure on the interface. Depending on your selection, different fields display. Both protocols can be configured.
Page 68: Network Dhcp Client Options
D-Link Unified Access System Software User Manual 12/10/09 Table 10: Network Connectivity Fields (Cont.) Field Description IPv6 Fields: These display when IPv6 is selected as the protocol. IPv6 Mode Enables or disables IPv6 mode on the interface. IPv6 Prefix If no IPv6 address displays, select Add and then enter an IPv6 prefix/length.
Page 69: Http Configuration
Software User Manual D-Link Unified Access System 12/10/09 HTTP C ONFIGURATION Use the HTTP Configuration page to configure the HTTP server settings on the system. To access the HTTP Configuration page, click LAN > Administration > HTTP Configuration in the navigation menu.
Page 70: User Accounts
D-Link Unified Access System Software User Manual 12/10/09 CCOUNTS By default, the switch contains two user accounts: • admin, with 'Read/Write' privileges • guest, with 'Read Only' privileges Both of these accounts have blank passwords by default. The names are not case sensitive.
Page 71: Adding A User Account
Software User Manual D-Link Unified Access System 12/10/09 Table 13: User Accounts Fields (Cont.) Field Description User Name Enter the name to give to the account. User names are up to eight characters in length and are not case sensitive. Valid characters include all the alphanumeric characters as well as the dash ('-') and underscore ('_') characters.User name default is not valid.
Page 72: Changing User Account Information
D-Link Unified Access System Software User Manual 12/10/09 Changing User Account Information You cannot add or delete the Read/Write user, but you can change the username and password. To change the password for an existing account or to overwrite the username on an existing account, use the following procedures.
Page 73: Figure 22: Authentication List Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 14: Authentication List Configuration Fields Field Description Authentication List The menu allows you to create a new authentication list or to select an existing list to view or configure. Authentication List Name To create a new login list, enter the name you want to assign.
Page 74: Creating An Authentication List
D-Link Unified Access System Software User Manual 12/10/09 Creating an Authentication List To create a new authentication list, use the following procedures. 1 Select Create from the Authentication List field. 2 In the Authentication List Name field, enter a name of 1 to 12 characters.
Page 75: Authentication List Summary
Software User Manual D-Link Unified Access System 12/10/09 UTHENTICATION UMMARY Use the Authentication List Summary page to view information about the authentication lists on the system and which users are associated with each list. The page also displays information about 802.1X port security users.
Page 76: Login Session
D-Link Unified Access System Software User Manual 12/10/09 OGIN ESSION Use the Login Session page to view information about users who have logged on to the switch. To access the Login Session page, click LAN > Monitoring > Login Session in the navigation tree.
Page 77: User Login
Software User Manual D-Link Unified Access System 12/10/09 OGIN Each configured user is assigned to a login list that specifies how the user should be authenticated when attempting to access the switch or a port on the switch. After creating a new user account on the User Account screen, you can use the User Login page to assign the user to a login list for the switch.
Page 78: Denial Of Service Protection
ERVICE ROTECTION Use the Denial of Service (DoS) page to configure DoS control. D-Link software provides support for classifying and blocking specific types of DoS attacks. You can configure your system to monitor and block these types of attacks: •...
Page 79: Multiple Port Mirroring
Software User Manual D-Link Unified Access System 12/10/09 Table 19: Denial of Service Configuration Fields (Cont.) Field Description Denial of Service Max ICMP Specify the Max ICMP Pkt Size allowed. If ICMP DoS prevention is enabled, the switch Size will drop ICMP ping packets that have a size greater than this configured Max ICMP Pkt Size.
Page 80: Adding A Port Mirroring Session
D-Link Unified Access System Software User Manual 12/10/09 Figure 27: Multiple Port Mirroring Table 20: Multiple Port Mirroring Fields Field Description Session Specifies the monitoring session. Mode Enables you to turn on of off Multiple Port Mirroring. The default is Disabled (off).
Page 81: Removing Or Modifying A Port Mirroring Session
Software User Manual D-Link Unified Access System 12/10/09 Table 21: Multiple Port Mirroring—Add Source Fields (Cont.) Field Description Source Port Select the unit and port from which traffic is mirrored. Up to eight source ports can be mirrored to a destination port.
Page 82: Configuring And Searching The Forwarding Database
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING AND EARCHING THE ORWARDING ATABASE The forwarding database maintains a list of MAC addresses after having received a packet from this MAC address. The transparent bridging function uses the forwarding database entries to determine how to forward a received frame.
Page 83: Search
Software User Manual D-Link Unified Access System 12/10/09 EARCH Use the Search page to display information about entries in the forwarding database. To access the Search page, click LAN > Monitoring > MAC Address Table in the navigation tree. Figure 30: Forwarding Database Search...
Page 84: Managing Logs
D-Link Unified Access System Software User Manual 12/10/09 1 Enter the two-byte hexadecimal VLAN ID followed by the six byte hexadecimal MAC address in two-digit groups separated by colons. For example, 01:23:45:67:89:AB:CD:EF where 01:23 is the VLAN ID and 45:67:89:AB:CD:EF is the MAC address.
Page 85: Buffered Log Configuration
Software User Manual D-Link Unified Access System 12/10/09 UFFERED ONFIGURATION The buffered log stores messages in memory based upon the settings for message component and severity. Use the Buffered Log Configuration page to set the administrative status and behavior of logs in the system buffer.
Page 86: Command Logger Configuration
D-Link Unified Access System Software User Manual 12/10/09 This log message has a severity level of 7 (15 mod 8), which is a debug message. The message was generated by the MSTP component running in thread id 2110. The message was generated on August 24 05:34:05 by line 318 of file mstp_api.c.
Page 87: Event Log
Software User Manual D-Link Unified Access System 12/10/09 Figure 33: Console Log Configuration Table 25: Console Log Configuration Fields Field Description Admin Status From the menu, select whether to enable or disable console logging. The default is disabled. • Enabled: Prints log messages to the device attached to the switch serial port.
Page 88: Figure 34: Event Log
The number of the entry within the event log. The most recent entry is first. Filename The D-Link source code filename identifying the code that detected the event. Line The line number within the source file of the code that detected the event.
Page 89: Hosts Configuration
Software User Manual D-Link Unified Access System 12/10/09 OSTS ONFIGURATION Use the Host Configuration page to configure remote logging hosts where the switch can send logs. To enable remote logging, see “Syslog Configuration” on page To access the Host Configuration page, click LAN > Administration > Log > Host Configuration in the navigation tree.
Page 90: Deleting A Remote Logging Host
D-Link Unified Access System Software User Manual 12/10/09 Deleting a Remote Logging Host To delete a remote logging host from the configured list, select the IP address of the host from the Host field, and then click Delete. ERSISTENT ONFIGURATION The persistent log is stored in persistent storage, which means that the log messages are retained across a switch reboot.
Page 91: Persistent Log
Software User Manual D-Link Unified Access System 12/10/09 Table 27: Persistent Log Configuration Fields (Cont.) Field Description Severity Filter Use the menu to select the severity of the logs to print to the console. Logs with the severity level you select and all logs of greater severity print. For example, if you select Error, the logged messages include Error, Critical, Alert, and Emergency.
Page 92: Syslog Configuration
D-Link Unified Access System Software User Manual 12/10/09 <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry This log message has a severity level of 7 (15 mod 8), which is a debug message. The system is not stacked (STK0). The message was generated by the MSTP component running in thread ID 2110.
Page 93: Telnet Sessions
Software User Manual D-Link Unified Access System 12/10/09 ELNET ESSIONS Telnet is a terminal emulation TCP/IP protocol. ASCII terminals can be virtually connected to the local device through a TCP/ IP protocol network. Telnet is an alternative to a local login terminal where a remote login is required.
Page 94: Outbound Telnet Client Configuration
D-Link Unified Access System Software User Manual 12/10/09 UTBOUND ELNET LIENT ONFIGURATION The outbound telnet feature is not available on all platforms. Use the outbound telnet client settings to control the telnet sessions that originate from the switch and connect to a remote system.
Page 95: Ping Test
Software User Manual D-Link Unified Access System 12/10/09 Use the Ping page to tell the switch to send a Ping request to a specified IP address. You can use this feature to check whether the switch can communicate with a particular network host.
Page 96: Configuring Sntp Settings
Time synchronization is performed by a network SNTP server. D-Link software operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
Page 97: Sntp Settings
Software User Manual D-Link Unified Access System 12/10/09 MD5 (Message Digest 5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.
Page 98: Sntp Server Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 33: SNTP Global Configuration Fields (Cont.) Field Description Broadcast Poll Interval Specifies the number of seconds between broadcast poll requests expressed as a power of two when configured in broadcast mode. Broadcasts received prior to the expiry of this interval are discarded.
Page 99: Sntp Server Status
Software User Manual D-Link Unified Access System 12/10/09 Table 34: SNTP Server Configuration Fields (Cont.) Field Description Priority Specifies the priority of this server entry in determining the sequence of servers to which SNTP requests are sent. Values are 1 to 3, and the default is 1. Servers with...
Page 100: Sntp Global Status
D-Link Unified Access System Software User Manual 12/10/09 Table 35: SNTP Server Status Fields (Cont.) Field Description Last Attempt Status Specifies the status of the last SNTP request to this server. If no packet has been received from this server, a status of Other is displayed: •...
Page 101: Time Zone Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 36: Global Status Fields Field Description Version Specifies the SNTP Version the client supports. Supported Mode Specifies the SNTP modes the client supports. Multiple modes may be supported by a client.
Page 102: Figure 47: Time Zone Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 47: Time Zone Configuration Table 37: Time Zone Configuration Fields Field Description Hours-offset Set the hours difference from UTC. (Range: -12 to +13) Minutes-offset Set the minutes difference from UTC. (Range: 0–59 Zone Set the acronym of the time zone.
Page 103: Summer Time Configuration
Software User Manual D-Link Unified Access System 12/10/09 UMMER ONFIGURATION Use the Summer Time Configuration page to specify a defined summer time duration and offset. To display the Summer Time Configuration page, click LAN > Administration > SNTP > Summer Time Configuration in the navigation menu.
Page 104: Summer Time Recurring Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 38: Summer Time Configuration Fields (Cont.) Field Description End Time Select the ending time in hh:mm format. Offset Set the number of minutes to add during summer time in the range 0 to 1440.
Page 105: Clock Detail
Software User Manual D-Link Unified Access System 12/10/09 LOCK ETAIL Use the Clock Detail page to view information about the current time, time zone, and summer time settings. To display the Clock Detail page, click LAN > Monitoring > Clock Detail in the navigation menu. The following figure shows the Clock Detail page when Summertime is enabled.
Page 106: Configuring And Viewing Device Slot Information
The pages in the Slot folder provide information about the cards installed in the slots on the switch. The physical location of the slots depends on the hardware on which D-Link software is running. From the Configuration page, you can also manually configure information about cards on some platforms.
Page 107 Software User Manual D-Link Unified Access System 12/10/09 Table 41: Card Configuration Fields (Cont.) Field Description Inserted Card Model Displays the model identifier of the card plugged into the selected slot. If no card has been plugged in, this field is not shown.
Page 108: Summary
D-Link Unified Access System Software User Manual 12/10/09 UMMARY The Slot Summary page displays information about the different slots in each unit in the stack. To access the Slot Summary page, click LAN > Monitoring > Slot Summary in the navigation tree.
Page 109: Configuring And Viewing Device Port Information
Software User Manual D-Link Unified Access System 12/10/09 ONFIGURING AND IEWING EVICE NFORMATION The pages in the Port folder allow you to view and monitor the physical port information for the ports available on the switch. The Port folder has links to the following pages: •...
Page 110 D-Link Unified Access System Software User Manual 12/10/09 Table 43: Port Configuration Fields (Cont.) Field Description Port Type For most ports this field is blank. Otherwise the possible values are: • Mirrored: Indicates that the port has been configured as a monitoring port and is the source port in a port mirroring session.
Page 111 • <Speed> Half Duplex: The port speeds available from the menu depend on the platform on which the D-Link software is running and which port you select. In half- duplex mode, the transmissions are one-way. In other words, the port does not send and receive traffic at the same time.
Page 112: Port Summary
D-Link Unified Access System Software User Manual 12/10/09 UMMARY Use the Port Summary page to view the settings for all physical ports on the platform. To access the Port Summary page, click LAN > Monitoring > Port Utilization> Summary in the navigation menu.
Page 113 Software User Manual D-Link Unified Access System 12/10/09 Table 44: Port Summary Fields (Cont.) Field Description Forwarding State The port's current state Spanning Tree state. This state controls what action a port takes on receipt of a frame. If the bridge detects a malfunctioning port it will place that port into the broken state.
Page 114 • <Speed> Half Duplex: The port speeds available from the menu depend on the platform on which the D-Link software is running and which port you select. In half- duplex mode, the transmissions are one-way. In other words, the port does not send and receive traffic at the same time.
Page 115: Port Description
Software User Manual D-Link Unified Access System 12/10/09 ESCRIPTION Use the Port Description page to configure a human-readable description of the port. To access the Port Description page, click LAN >Administration > Port Configuration > Port Description in the navigation tree.
Page 116: Adding A Port Mirroring Session
D-Link Unified Access System Software User Manual 12/10/09 The packet that is copied to the destination port is in the same format as the original packet on the wire. This means that if the mirror is copying a received packet, the copied packet is VLAN tagged or untagged as it was received on the source port.
Page 117: Removing Or Modifying A Port Mirroring Session
Software User Manual D-Link Unified Access System 12/10/09 2 Configure the following fields: Table 47: Multiple Port Mirroring—Add Source Fields Field Description Session Specifies the monitoring session. Source Port Select the unit and port from which traffic is mirrored. Up to eight source ports can be mirrored to a destination port.
Page 118: Double Vlan Tunneling Summary
D-Link Unified Access System Software User Manual 12/10/09 Figure 58: Double VLAN Tunneling Table 48: Double VLAN Tunneling Fields Field Description Slot/Port Select the physical interface for which you want to display or configure data. Select All to set the parameters for all ports to same values. For non-stacking platforms, the field name is Slot/Port.
Page 119: Figure 59: Double Vlan Tunneling Summary
Software User Manual D-Link Unified Access System 12/10/09 Figure 59: Double VLAN Tunneling Summary Table 49: Double VLAN Tunneling Summary Fields Field Description Slot/Port Select the physical interface for which you want to display or configure data. For non- stacking platforms, the field name is Slot/Port.
Page 120: Configuring Sflow
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING S ® sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources.
Page 121: Sflow Receiver Configuration
Software User Manual D-Link Unified Access System 12/10/09 • Use the Refresh button to refresh the page with the most current data from the switch. ECEIVER ONFIGURATION Use the sFlow Receiver Configuration page to configure the sFlow Receiver. To access the sFlow Receiver Configuration page, click LAN > Administration > sFlow > Receiver Configuration in the navigation tree.
Page 122: Sflow Poller Configuration
D-Link Unified Access System Software User Manual 12/10/09 Field Description sFlow Receiver The time (in seconds) remaining before the sampler is released and stops sampling. A management Timeout entity wanting to maintain control of the sampler is responsible for setting a new value before the old one expires.
Page 123: Sflow Sampler Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 62: sFlow Poller Configuration Table 52: sFlow Poller Configuration Field Description Slot/Port The sFlow Sampler Datasource for this flow sampler. This Agent will support Physical ports only. Receiver Index The sFlowReceiver for this sFlow Counter Poller. If set to zero, the poller configuration is set to the default and the poller is deleted.
Page 124: Defining Snmp Parameters
D-Link Unified Access System Software User Manual 12/10/09 Figure 63: sFlow Sampler Configuration Table 53: sFlow Sampler Configuration Field Description Slot/Port The sFlow Datasource for this sFlow sampler. This Agent will support Physical ports only. Receiver Index The sFlow Receiver for this sFlow sampler. If set to zero, no packets will be sampled. Only active receivers can be set.
Page 125: Snmp Community Configuration
Software User Manual D-Link Unified Access System 12/10/09 • Privacy: Protects against disclosure of message content. Cipher-Bock-Chaining (CBC) is used for encryption. Either authentication is enabled on an SNMP message, or both authentication and privacy are enabled on an SNMP message.
Page 126: Trap Receiver Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 54: Community Configuration Fields Field Description Community Contains the predefined and user-defined community strings that act as a password and are used to authenticate the SNMP management station to the device. A community string can contain a maximum of 20 characters.
Page 127: Trap Flags
Software User Manual D-Link Unified Access System 12/10/09 Figure 65: Trap Receiver Configuration Table 55: Trap Receiver Configuration Fields Field Description Community When this field is set to Create, you can configure new SNMP trap receiver information in the rest of the fields. If you have already configured an SNMP trap receiver, you can select it from the drop-down menu to change the settings or delete it.
Page 128: Supported Mibs
D-Link Unified Access System Software User Manual 12/10/09 Figure 66: Trap Flags Configuration Table 56: Trap Flags Configuration Fields Field Description ACL Traps Enable or disable activation of ACL traps by selecting the corresponding line on the pulldown entry field. The factory default is disabled.
Page 129: Viewing System Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 67: Supported MIBs Table 57: Supported MIBs Fields Field Description Name The RFC number if applicable and the name of the MIB. Description The RFC title or MIB description. IEWING YSTEM...
Page 130: Figure 68: Switch Detailed
D-Link Unified Access System Software User Manual 12/10/09 Figure 68: Switch Detailed Table 58: Switch Detailed Statistics Fields Field Description fIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
Page 131 Software User Manual D-Link Unified Access System 12/10/09 Table 58: Switch Detailed Statistics Fields (Cont.) Field Description Packets Transmitted Without The total number of packets transmitted out of the interface. Errors Unicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
Page 132: Switch Summary
D-Link Unified Access System Software User Manual 12/10/09 WITCH UMMARY Use the Switch Summary page to view a summary of statistics for traffic on the switch. To access the Switch Summary page, click LAN > Monitoring > System Statistics > Switch Summary in the navigation tree.
Page 133: Port Detailed
Software User Manual D-Link Unified Access System 12/10/09 • Click Clear Counters to clear all the statistics counters, resetting all summary and detailed statistics for this switch to default values. The discarded packets count cannot be cleared. • Click Clear All Counters to clear counters for all switches in the stack.
Page 134 D-Link Unified Access System Software User Manual 12/10/09 Table 60: Port Fields (Cont.) Field Description Packets RX and TX 64 Octets The total number of packets (including bad packets) received or transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
Page 135 Software User Manual D-Link Unified Access System 12/10/09 Table 60: Port Fields (Cont.) Field Description Total Packets Received The total number of packets received that were without errors. Without Errors Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Page 136 D-Link Unified Access System Software User Manual 12/10/09 Table 60: Port Fields (Cont.) Field Description Broadcast Storm Recovery The number of frames discarded that are destined for FF:FF:FF:FF:FF:FF when Broadcast Storm Recovery is enabled. CFI Discards The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format.
Page 137: Port Summary Statistics
Software User Manual D-Link Unified Access System 12/10/09 Table 60: Port Fields (Cont.) Field Description Total Transmit Packets The sum of single collision frames discarded, multiple collision frames discarded, and Discarded excessive frames discarded. Total Output Packets Drops The total number of Aged packets.
Page 138: Figure 71: Port Summary
D-Link Unified Access System Software User Manual 12/10/09 To access the Port Summary Statistics page, click LAN > Monitoring > System Statistics > Port Summary in the navigation tree. Figure 71: Port Summary Table 61: Port Summary Statistics Fields Field...
Page 139: Using System Utilities
Software User Manual D-Link Unified Access System 12/10/09 SING YSTEM TILITIES The System Utilities folder contains links to the following Web pages that help you manage the switch: • “Save All Applied Changes” • “System Reset” • “Reset Configuration to Defaults”...
Page 140: System Reset
D-Link Unified Access System Software User Manual 12/10/09 YSTEM ESET Use the System Reset page to reboot the system. If the platform supports stacking, you can reset any of the switches in the stack, or all switches in the stack from this page.
Page 141: Figure 75: Reset Passwords To Defaults
Software User Manual D-Link Unified Access System 12/10/09 To access the Reset Passwords to Defaults page, click Tool > Reset Password in the navigation tree. Figure 75: Reset Passwords to Defaults • Click Reset to restore the passwords for the default users to the factory defaults.
Page 142: Download File To Switch (Tftp)
D-Link Unified Access System Software User Manual 12/10/09 (TFTP) OWNLOAD WITCH Use the Download File to Switch page to download the image file, the configuration files, CLI banner file, and SSH or SSL files from a TFTP server to the switch.
Page 143: Table 62: Download File To Switch Fields
• Text Configuration: A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed without having to translate the contents for the D-Link software to understand. The most common usage of text-based configuration is to upload a working configuration from a device, edit it offline to personalize it for another similar device (i.e., change the device name, serial number,...
Page 144: Downloading A File To The Switch
1 From the File Type field, select the type of file to download. 2 If you are downloading a D-Link image (Code), select the image on the switch to overwrite. If you are downloading another type of file, the Image Name field is not available.
Page 145: Upload File From Switch (Tftp)
Software User Manual D-Link Unified Access System 12/10/09 (TFTP) PLOAD WITCH Use the Upload File from Switch page to upload configuration (ASCII) and image (binary) files from the switch to the TFTP server. To display the Upload File from Switch page, click Tool > Upload File in the navigation tree.
Page 146: Uploading Files
1 From the File Type field, select the type of file to copy from the switch to the TFTP server. 2 If you are uploading a D-Link image (Code), select the image on the switch to upload. If you are uploading another type of file, the Image Name field is not available.
Page 147: Http File Download
Software User Manual D-Link Unified Access System 12/10/09 The Active Image page contains the following fields: Table 64: Multiple Image Service Fields Field Description Image Name Select Image1 or Image2 from the menu to activate on the next reload or to be deleted.
Page 148: Erase Startup-Config File
D-Link Unified Access System Software User Manual 12/10/09 Table 65: HTTP File Download Fields Field Description File Type Specify the type of file you want to download: • Code: Choose this option to upgrade the operational software in flash (default).
Page 149: Traceroute
Software User Manual D-Link Unified Access System 12/10/09 After obtaining IP addresses for both the switch and the TFTP server, the AutoInstall feature attempts to download a host- specific configuration file using the boot file name specified by the DHCP server. If the switch fails to obtain the file, it will retry indefinitely.
Page 150: Figure 82: Traceroute
D-Link Unified Access System Software User Manual 12/10/09 Figure 82: TraceRoute Table 67: TraceRoute Fields Definition Hostname/IP Address Enter the IP address or the hostname of the station you want the switch to discover path for. Probes Per Hop Enter the number of times each hop should be probed.
Page 151: Trap Log
Software User Manual D-Link Unified Access System 12/10/09 Use the Trap Log page to view the entries in the trap log. For information about how to copy the file to a TFTP server, see “Upload File From Switch (TFTP)” on page 145.
Page 152: Managing The Dhcp Server
D-Link Unified Access System Software User Manual 12/10/09 DHCP S ANAGING THE ERVER DHCP is generally used between clients (e.g., hosts) and servers (e.g., routers) for the purpose of assigning IP addresses, gateways, and other networking definitions such as DNS, NTP, and/or SIP parameters. The DHCP Server folder contains links to web pages that define and display DHCP parameters and data.
Page 153 Software User Manual D-Link Unified Access System 12/10/09 Table 69: DHCP Server Global Configuration Fields (Cont.) Field Description Bootp Automatic Mode Specifies whether to enable or disable Bootp for dynamic pools. Enable Allows the allocation of the addresses in the automatic address pool to the BootP client.
Page 154: Pool Configuration
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURATION Use the DHCP Pool Configuration page to create the pools of addresses that can be assigned by the server. To access the Pool Configuration page, click LAN > Administration > DHCP Server > Pool Configuration in the navigation tree.
Page 155: Table 70: Pool Configuration Fields
Software User Manual D-Link Unified Access System 12/10/09 Table 70: Pool Configuration Fields Field Description Pool Name For a user with read/write permission, this field would show names of all the existing pools along with an additional option Create. When the user selects Create, another text box, Pool Name, appears where the user may enter name for the Pool to be created.For a user with read-only permission, this field would show names of the...
Page 156 D-Link Unified Access System Software User Manual 12/10/09 Table 70: Pool Configuration Fields (Cont.) Field Description Days For a Specified Duration lease time, this field specifies the number of days for the lease period. The default value is 1, and the valid range is 0-59.
Page 157: Pool Options
Software User Manual D-Link Unified Access System 12/10/09 PTIONS Use the Pool Options page to configure DHCP options that the DHCP server can pass to the client. For more information about DHCP options, see RFC 2132. To access the Pool Options page, click LAN > Administration > DHCP Server > Pool Options in the navigation menu.
Page 158: Reset Configuration
D-Link Unified Access System Software User Manual 12/10/09 ESET ONFIGURATION Use the Reset Configuration page to clear IP address bindings between that the DHCP server assigned to the client. To access the Reset Configuration page, click LAN > Administration > DHCP Server > Reset Configuration in the navigation tree.
Page 159: Figure 88: Bindings Information
Software User Manual D-Link Unified Access System 12/10/09 Figure 88: Bindings Information Table 73: Bindings Information Fields Field Description DHCP Binding Select the bindings to display: • All Bindings: Show all bindings. • Specific Binding: Show a specific binding. When you select this option, the screen refreshes, and the Binding IP Address field appears.
Page 160: Server Statistics
D-Link Unified Access System Software User Manual 12/10/09 ERVER TATISTICS Use the DHCP Server Statistics page to view information about the DHCP server bindings and messages. To access the Server Statistics page, click LAN > Monitoring > DHCP Server Summary > Server Statistics in the navigation menu.
Page 161: Conflicts Information
Software User Manual D-Link Unified Access System 12/10/09 • Click Refresh to update the information on the screen. • Click Clear Server Statistics to reset all counters to zero. ONFLICTS NFORMATION Use the Conflicts Information page to view information on hosts that have address conflicts; i.e., when the same IP address is assigned to two or more devices on the network.
Page 162: Configuring Dns
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING You can use these pages to configure information about DNS servers the network uses and how the switch/router operates as a DNS client. LOBAL ONFIGURATION Use this page to configure global DNS settings and to view DNS client status information.
Page 163: Server Configuration
Software User Manual D-Link Unified Access System 12/10/09 add multiple domains to the default domain list. • To remove a domain from the default list select the Remove option next to the item you want to remove and click Submit.
Page 164: Dns Host Name Ip Mapping Summary
D-Link Unified Access System Software User Manual 12/10/09 Figure 93: DNS Host Name Mapping Configuration Table 78: DNS Host Name Mapping Configuration Fields Field Description Host Name Enter the host name to assign to the static entry. Inet Address Enter the IP4 or IPv6 address associated with the host name.
Page 165 Software User Manual D-Link Unified Access System 12/10/09 Table 79: DNS Host Name IP Mapping Summary Fields (Cont.) Field Description Host Name The host name of the static entry. Inet Address The IP4 or IPv6 address of the static entry.
Page 166: Configuring Sntp Settings
Time synchronization is performed by a network SNTP server. D-Link software operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
Page 167: Sntp Global Configuration
Software User Manual D-Link Unified Access System 12/10/09 MD5 (Message Digest 5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.
Page 168 D-Link Unified Access System Software User Manual 12/10/09 Table 80: SNTP Global Configuration Fields (Cont.) Field Description Broadcast Poll Interval Specifies the number of seconds between broadcast poll requests expressed as a power of two when configured in broadcast mode. Broadcasts received prior to the expiry of this interval are discarded.
Page 169: Sntp Server Configuration
Software User Manual D-Link Unified Access System 12/10/09 SNTP S ERVER ONFIGURATION Use the SNTP Server Configuration page to view and modify information for adding and modifying Simple Network Time Protocol SNTP servers. To display the SNTP Server Configuration page, click LAN > Administration > SNTP > SNTP Server Configuration in the navigation tree.
Page 170: Configuring And Viewing Isdp Information
D-Link Unified Access System Software User Manual 12/10/09 ISDP I ONFIGURING AND IEWING NFORMATION ® The Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco devices running the Cisco Discovery Protocol (CDP). ISDP is used to share information between neighboring devices. D- Link software participates in the CDP protocol and is able to both discover and be discovered by other CDP supporting devices.
Page 171: Cache Table
Software User Manual D-Link Unified Access System 12/10/09 Table 82: ISDP Global Configuration Field Description Device ID The Device ID advertised by this device. The format of this Device ID is characterized by the value of Device ID Format object.
Page 172: Interface Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 83: ISDP Cache Table Field Description Version Displays the Version string for the neighbor. Holdtime Displays the ISDP holdtime for the neighbor. Capability Displays the ISDP Functional Capabilities for the neighbor.
Page 173: Figure 100: Isdp Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 100: ISDP Statistics The following table describes the fields available on the ISDP Statistics page. Table 85: ISDP Statistics Field Description ISDP Packets Received Displays the number of all ISDP protocol data units (PDUs) received.
Page 174 D-Link Unified Access System Software User Manual 12/10/09 Page 174 Configuring and Viewing ISDP Information Document 34CSFP6XXUWS-SWUM100-D7...
Page 175: Section 3: Configuring L2 Features
Software User Manual D-Link Unified Access System 12/10/09 S e c t i on 3 : C on f i gu r i ng L2 F e a t ur e s • “Configuring DHCP Snooping” • “Managing VLANs” •...
Page 176: Configuring Dhcp Snooping
D-Link Unified Access System Software User Manual 12/10/09 DHCP S ONFIGURING NOOPING DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers to filter harmful DHCP messages and to build a bindings database of {MAC address, IP address, VLAN ID, port} tuples that are considered authorized.
Page 177: Dhcp Snooping Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 DHCP S VLAN C NOOPING ONFIGURATION The DHCP snooping application does not forward server messages because they are forwarded in hardware. DHCP snooping forwards valid DHCP client messages received on non-routing VLANs. The message is forwarded on all trusted interfaces in the VLAN.
Page 178: Dhcp Snooping Binding Configuration
D-Link Unified Access System Software User Manual 12/10/09 The DHCP snooping application processes incoming DHCP messages. For DHCPRELEASE and DHCPDECLINE messages, the application compares the receive interface and VLAN with the client’s interface and VLAN in the binding database. If the interfaces do not match, the application logs the event and drops the message. For valid client messages, DHCP snooping compares the source MAC address to the DHCP client hardware address.
Page 179: Figure 104: States Of Client Binding
Software User Manual D-Link Unified Access System 12/10/09 REQUEST messages. Tentative bindings tie a client to a port (the port where the DHCP client message was received). Tentative bindings are completed when DHCP snooping learns the client’s IP address from a DHCP ACK message on a trusted port.
Page 180: Figure 105: Dhcp Snooping Binding Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 105: DHCP Snooping Binding Configuration Table 89: DHCP Snooping Static Binding Configuration Field Description Slot/Port Select the interface to add a binding into the DHCP snooping database. MAC Address Specify the MAC address for the binding to be added. This is the Key to the binding database.
Page 181: Dhcp Snooping Statistics
Software User Manual D-Link Unified Access System 12/10/09 Table 90: DHCP Snooping Static Binding List Field Description Page Lists the number of pages the static binding entries occupy. Select the Page Number from this list to display the particular Page entries.
Page 182: Configuring Dhcp L2 Relay
D-Link Unified Access System Software User Manual 12/10/09 Table 92: DHCP Snooping Statistics Field Description Client Ifc Mismatch The number of DHCP messages that are dropped based on the source MAC address and client hardware address verification. DHCP Server Msgs Received The number of server messages that are dropped on an untrusted port.
Page 183: Dhcp L2 Relay Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 107: DHCP L2 Relay Global Configuration If you enable or disable this feature, click Submit to apply the changes to system. DHCP L2 Relay Interface Configuration Use this page to enable L2 DHCP relay on individual ports. Note that L2 DHCP relay must also be enabled globally on the switch.
Page 184: Dhcp L2 Relay Vlan Configuration
D-Link Unified Access System Software User Manual 12/10/09 DHCP L2 Relay VLAN Configuration You can enable L2 DHCP relay on a particular VLAN. The VLAN is identified by a service VLAN ID (S-VID), which a service provider uses to identify a customer’s traffic while traversing the provider network to multiple remote sites. The switch uses the VLAN membership of the switch port client (the customer VLAN ID, or C-VID) to perform a lookup a corresponding S-VID.
Page 185: Figure 110: Dhcp L2 Relay Interface Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 110: DHCP L2 Relay Interface Statistics Table 95: DHCP L2 Relay Interface Statistics Field Description Slot/Port Select the slot/port to configure this feature on. Untrusted Server Msgs If the selected interface is configured in untrusted mode, this field shows the number of messages received on the interface from a DHCP server With Option—82...
Page 186: Managing Vlans
D-Link Unified Access System Software User Manual 12/10/09 Click Refresh to display the page with the latest information from the switch. Click Clear to set statistics for this port to their initial values. Click Clear All to set statistics for all ports to their initial values.
Page 187: Figure 111: Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 111: VLAN Configuration Table 96: VLAN Configuration Fields Field Description VLAN ID and Name You can use this screen to reconfigure an existing VLAN, or to create a new one. Use this pulldown menu to select one of the existing VLANs, or select Create to add a new one.
Page 188: Vlan Status
D-Link Unified Access System Software User Manual 12/10/09 • If you make any changes to the page, click Submit to apply the changes to the system. To delete a VLAN, select the VLAN from the VLAN ID and Name field, and then click Delete. You cannot delete the default VLAN.
Page 189: Vlan Port Configuration
Software User Manual D-Link Unified Access System 12/10/09 VLAN P ONFIGURATION Use the VLAN Port Configuration page to configure a virtual LAN on a port. To access the VLAN Port Configuration page, click LAN > L2 Features > VLAN > Port Configuration in the navigation tree.
Page 190: Vlan Port Summary
D-Link Unified Access System Software User Manual 12/10/09 VLAN P UMMARY Use the VLAN Port Summary page to view VLAN configuration information for all the ports on the system. To access the VLAN Port Summary page, click LAN > Monitoring > VLAN Summary > VLAN Port Status in the navigation menu.
Page 191: Reset Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 VLAN C ESET ONFIGURATION Use the Reset Configuration page to return all VLAN parameters for all interfaces to the factory default values. To access the Reset Configuration page, click LAN > L2 Features > VLAN > Reset Configuration in the navigation tree.
Page 192: Configuring Protected Ports
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING ROTECTED ORTS The Protected Ports feature assists in Layer 2 security. Ports that are configured to be protected cannot forward traffic to other protected ports in the same group, regardless of having the same VLAN membership. However, protected ports can forward traffic to ports which are unprotected as well as ports in other protected groups.
Page 193: Assigning Ports To A Group
Software User Manual D-Link Unified Access System 12/10/09 Assigning Ports to a Group 1 Select a group ID from the Group ID field. 2 From the Protected Port(s) field, click one port to add a single port to the group, or hold the CTRL key and click multiple ports to add more than one port to the group.
Page 194: Managing Protocol-Based Vlans
D-Link Unified Access System Software User Manual 12/10/09 VLAN ANAGING ROTOCOL ASED In a protocol-based VLAN, traffic is bridged through specified ports based on the protocol associated with the VLAN. User- defined packet filters determine whether a particular packet belongs to a particular VLAN. Protocol-based VLANs are most often used in situations where network segments contain hosts running multiple protocols.
Page 195: Protocol-Based Vlan Summary
Software User Manual D-Link Unified Access System 12/10/09 Table 102: Protocol Group Fields Field Description Group Use the drop-down menu to create or modify a protocol group. You can create up to 128 groups. Group Name When creating a group, enter a name to associate with protocol group ID. You can modify the name of an existing group.
Page 196 D-Link Unified Access System Software User Manual 12/10/09 Table 103: Protocol-based VLAN Summary Fields (Cont.) Field Description Protocols Shows the protocols to associate with this group, which can be one or more of the following: • IP: IP is a network layer protocol that provides a connectionless service for the delivery of data.
Page 197: Managing Ip Subnet-Based Vlans
Software User Manual D-Link Unified Access System 12/10/09 IP S VLAN ANAGING UBNET ASED If a packet is untagged or priority- tagged, the device associates the packet with any matching IP subnet classification. If no IP subnet classification can be made, then the packet is subjected to the normal VLAN classification rules of the device. An IP subnet-to-VLAN mapping is defined by configuring an entry in the IP subnet-to-VLAN table.
Page 198: Summary
D-Link Unified Access System Software User Manual 12/10/09 UMMARY Use the IP Subnet-based VLAN Summary page to view information about IP subnet to VLAN mappings configured on your system. If no mappings are configured, the screen displays a “No IP Subnet-based VLAN Configured” message.
Page 199: Managing Mac-Based Vlans
Software User Manual D-Link Unified Access System 12/10/09 MAC-B VLAN ANAGING ASED MAC- VLAN C BASED ONFIGURATION If a packet is untagged or priority tagged, the device shall associate it with the VLAN which corresponds to the source MAC address in its MAC-based VLAN tables. If there is no matching entry in the table, then the packet is subject to normal VLAN classification rules of the device.
Page 200: Voice Vlan Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 123: MAC-based VLAN Summary Table 107: MAC-based VLAN Summary Fields Field Description MAC Address Specifies the MAC address to map to a VLAN. VLAN ID Specifies the VLAN to which the MAC is to be bound.
Page 201: Table 108: Voice Vlan Configuration Fields
Software User Manual D-Link Unified Access System 12/10/09 Table 108: Voice VLAN Configuration Fields Field Description Voice VLAN Admin Mode Click Enable or Disable to administratively turn the Voice VLAN feature on or off for all ports. Slot/Port Select the slot and port to configure this service on.
Page 202: Creating Mac Filters
D-Link Unified Access System Software User Manual 12/10/09 MAC F REATING ILTERS Use the MAC Filtering Configuration page to associate a MAC address with a VLAN and set of source ports and destination ports. Any packet with a static MAC address in a specific VLAN is admitted only if the ingress port is included in the set of source ports;...
Page 203: Adding Mac Filters
Software User Manual D-Link Unified Access System 12/10/09 Adding MAC Filters 1 To add a MAC filter, select Create Filter from the MAC Filter drop-down menu. 2 Enter a valid MAC address and select a VLAN ID from the drop-down menu.
Page 204: Garp Status
D-Link Unified Access System Software User Manual 12/10/09 With the GARP Multicast Registration Protocol (GMRP), networking devices can dynamically register and de-register group membership information with the networking devices attached to the same segment. GMRP enables the group membership information to be disseminated across all networking devices in the bridged LAN that support GMRP.
Page 205: Table 110: Garp Status Fields
Software User Manual D-Link Unified Access System 12/10/09 The GARP Status page contains the following fields: Table 110: GARP Status Fields Field Description Switch GVRP Shows whether the switch GVRP protocol is enabled or disabled. Switch GMRP Shows whether the switch GMRP protocol is enabled or disabled.
Page 206: Garp Switch Configuration
D-Link Unified Access System Software User Manual 12/10/09 GARP S WITCH ONFIGURATION Use the GARP Switch Configuration page to configure GARP settings for the system. To access the GARP Switch Configuration page, click LAN > L2 Features > GARP > Switch Configuration in the navigation tree.
Page 207: Garp Port Configuration
Software User Manual D-Link Unified Access System 12/10/09 GARP P ONFIGURATION Use the GARP Port Configuration page to configure GARP settings for a specific interface. To access the GARP Port Configuration page, click LAN > L2 Features > GARP > Port Configuration in the navigation tree.
Page 208: Configuring Dynamic Arp Inspection
D-Link Unified Access System Software User Manual 12/10/09 Table 112: GARP Port Configuration Fields (Cont.) Field Description GARP Leave All Timer Displays time lapse, in centiseconds, that all switches wait before leaving the GARP (centisecs) state. The leave all time must be greater than the leave time. The possible field value is 200-6000.
Page 209: Dai Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 113: Dynamic ARP Inspection Configuration Field Description Validate Source Select the DAI Source MAC Validation Mode for the switch. If you select Enable, Sender MAC validation for the ARP packets will be enabled. The default is Disable.
Page 210: Dai Interface Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 114: Dynamic ARP Inspection VLAN Configuration Field Description Static Flag Use this flag to determine whether the ARP packet needs validation using the DHCP snooping database, in case the ARP ACL rules do not match. If Enabled, then the ARP Packet will be validated by the ARP ACL Rules only.
Page 211: Dai Arp Acl Configuration
Software User Manual D-Link Unified Access System 12/10/09 DAI ARP ACL C ONFIGURATION Use the DAI ARP ACL Configuration page to add or remove DAI ARP ACLs. To display the DAI ARP ACL Configuration page, click LAN > L2 Features > Dynamic ARP Inspection > DAI ARP ACL Configuration in the navigation tree.
Page 212: Dynamic Arp Inspection Statistics
D-Link Unified Access System Software User Manual 12/10/09 Figure 134: Dynamic ARP Inspection ARP ACL Rule Configuration Table 117: Dynamic ARP Inspection ARP ACL Rule Configuration Field Description ARP ACL Name Select the ARP ACL for which information is to be displayed or configured.
Page 213: Figure 135: Dynamic Arp Inspection Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 135: Dynamic ARP Inspection Statistics Table 118: Dynamic ARP Inspection Statistics Field Description VLAN ID Select the DAI-enabled VLAN ID for which to display statistics. DHCP Drops The number of ARP packets that were dropped by DAI because there was no matching DHCP snooping binding entry found.
Page 214: Configuring Igmp Snooping
D-Link Unified Access System Software User Manual 12/10/09 IGMP S ONFIGURING NOOPING Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
Page 215: Global Configuration And Status
Software User Manual D-Link Unified Access System 12/10/09 LOBAL ONFIGURATION AND TATUS Use the IGMP Snooping Global Configuration and Status page to enable IGMP snooping on the switch and view information about the current IGMP configuration. To access the IGMP Snooping Configuration and Status page, click LAN > L2 Features > IGMP Snooping > Configuration and Status in the navigation tree.
Page 216: Interface Configuration
D-Link Unified Access System Software User Manual 12/10/09 NTERFACE ONFIGURATION Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific interfaces. To access the IGMP Snooping Interface Configuration page, click LAN > L2 Features > IGMP Snooping > Interface Configuration in the navigation tree.
Page 217: Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 VLAN C ONFIGURATION Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system. To access the IGMP Snooping VLAN Configuration page, click LAN > L2 Features > IGMP Snooping > VLAN Configuration in the navigation tree.
Page 218: Vlan Status
D-Link Unified Access System Software User Manual 12/10/09 Table 121: IGMP Snooping VLAN Configuration Fields (Cont.) Field Description Multicast Router Expiry Time Enter the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 219: Multicast Router Configuration
Software User Manual D-Link Unified Access System 12/10/09 ULTICAST OUTER ONFIGURATION If a multicast router is attached to the switch, its existence can be learned dynamically. You can also statically configure a switch port as a multicast router interface. Use the Multicast Router Configuration page to manually configure an interface as a static multicast router interface.
Page 220: Table 124: Multicast Router Status Fields
D-Link Unified Access System Software User Manual 12/10/09 Table 124: Multicast Router Status Fields Field Description Slot/Port Select the physical or LAG interface to display. Multicast Router Shows whether the specified interface is configured as a multicast router interface. •...
Page 221: Multicast Router Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 VLAN C ULTICAST OUTER ONFIGURATION Use the IGMP Snooping Multicast Router VLAN Configuration page to configure multicast router settings for VLANs on an interface. To access the IGMP Snooping Multicast Router VLAN Configuration page, click LAN > L2 Features > IGMP Snooping >...
Page 222: Multicast Router Vlan Status
D-Link Unified Access System Software User Manual 12/10/09 VLAN S ULTICAST OUTER TATUS Use the IGMP Snooping Multicast Router VLAN Status page to view multicast router settings for VLANs on a specific interface. To access the IGMP Snooping Multicast Router VLAN Status page, click LAN > Monitoring > IGMP Snooping Status >...
Page 223: Configuring Igmp Snooping Queriers
Software User Manual D-Link Unified Access System 12/10/09 IGMP S ONFIGURING NOOPING UERIERS IGMP snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the 'IGMP querier'. The IGMP query responses, known as IGMP reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
Page 224: Igmp Snooping Querier Vlan Configuration
D-Link Unified Access System Software User Manual 12/10/09 • If you configure an IGMP snooping querier, click Submit to apply the new settings to the switch. • Click Refresh to re-display the page with the latest information from the switch.
Page 225: Igmp Snooping Querier Vlan Configuration Summary
Software User Manual D-Link Unified Access System 12/10/09 IGMP S VLAN C NOOPING UERIER ONFIGURATION UMMARY Use this page to view summary information for IGMP snooping queriers for on VLANs in the network. To access this page, click LAN > L2 Features > IGMP Snooping Querier > Querier VLAN Configuration Summary in the navigation tree.
Page 226: Igmp Snooping Querier Vlan Status
D-Link Unified Access System Software User Manual 12/10/09 IGMP S VLAN S NOOPING UERIER TATUS Use this page to view the operational state and other information for IGMP snooping queriers for VLANs on the network. To access this page, click LAN > Monitoring > Querier VLAN Status in the navigation tree.
Page 227: Configuring Mld Snooping
Software User Manual D-Link Unified Access System 12/10/09 MLD S ONFIGURING NOOPING In IPv4, Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically configuring Layer-2 interfaces so that multicast traffic is forwarded to only those interfaces associated with an IP multicast address. In IPv6, Multicast Listener Discovery (MLD) snooping performs a similar function.
Page 228: Interface Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 131: MLD Snooping Global Configuration and Status Fields (Cont.) Field Description VLAN Ids Enabled For MLD Displays VLAN Ids enabled for MLD snooping. To enable interfaces for MLD snooping, Snooping “VLAN Configuration” on page 229.
Page 229: Vlan Status
Software User Manual D-Link Unified Access System 12/10/09 Table 132: MLD Snooping Interface Configuration Fields (Cont.) Field Description Fast Leave Admin Mode Select the Fast Leave mode for the a particular interface from the pulldown menu. The default is Disable.
Page 230: Figure 151: Mld Snooping Vlan Configuration
D-Link Unified Access System Software User Manual 12/10/09 To access the MLD Snooping VLAN Configuration page, click LAN > L2 Features > MLD Snooping > VLAN Configuration in the navigation tree. Figure 151: MLD Snooping VLAN Configuration Table 134: MLD Snooping VLAN Configuration Fields...
Page 231: Multicast Router Configuration
Software User Manual D-Link Unified Access System 12/10/09 ULTICAST OUTER ONFIGURATION The switch can dynamically learn of an attached multicast router, or you can configure a switch port as a multicast router interface. Use the MLD Snooping Multicast Router Configuration page to configure an interface as a static multicast router interface.
Page 232: Multicast Router Vlan Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 136: MLD Snooping Multicast Router Status Fields Field Description Slot/Port Select the slot and port number with the information to view. Multicast Router Indicates whether the specified interface is configured to perform multicast routing.
Page 233: Figure 155: Mld Snooping Multicast Router Vlan Status
Software User Manual D-Link Unified Access System 12/10/09 Figure 155: MLD Snooping Multicast Router VLAN Status The MLD Snooping Multicast Router VLAN Statistics page contains the following fields: Table 138: MLD Snooping Multicast Router VLAN Status Fields Description Slot/Port Select the physical or LAG interface to display.
Page 234: Configuring Mld Snooping Queriers
D-Link Unified Access System Software User Manual 12/10/09 MLD S ONFIGURING NOOPING UERIERS In an IPv6 environment, MLD Snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the 'MLD querier'. The MLD query responses, known as MLD reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
Page 235: Mld Snooping Querier Vlan Configuration
Software User Manual D-Link Unified Access System 12/10/09 • If you configure an MLD Snooping querier, click Submit to apply the new settings to the switch. • Click Refresh to display the page with the latest information from the switch.
Page 236: Mld Snooping Querier Vlan Configuration Summary
D-Link Unified Access System Software User Manual 12/10/09 MLD S VLAN C NOOPING UERIER ONFIGURATION UMMARY Use this page to view summary information for MLD Snooping queriers for on VLANs in the network. To access this page, click LAN > Monitoring > MLD Snooping Querier > Querier VLAN Configuration Summary in the navigation tree.
Page 237: Mld Snooping Querier Vlan Status
Software User Manual D-Link Unified Access System 12/10/09 MLD S VLAN S NOOPING UERIER TATUS Use this page to view the operational state and other information for MLD Snooping queriers for VLANs on the network. To access this page, click LAN > Monitoring > MLD Snooping Querier > Querier VLAN Status in the navigation tree.
Page 238: Creating Port Channels (Trunking)
D-Link Unified Access System Software User Manual 12/10/09 REATING HANNELS RUNKING Port-trunks, which are also known as link aggregation groups (LAGs), allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing.
Page 239 Software User Manual D-Link Unified Access System 12/10/09 Table 143: Port Channel Configuration Fields (Cont.) Field Description Port Channel Name Enter the name you want assigned to the Port Channel. You may enter any string of up to 15 alphanumeric characters. You must specify a valid name in order to create the Port Channel.
Page 240: Port Channel Status
D-Link Unified Access System Software User Manual 12/10/09 HANNEL TATUS Use the Port Channel Status page to group one or more full duplex Ethernet links to be aggregated together to form a port- channel, which is also known as a link aggregation group (LAG). The switch can treat the port-channel as if it were a single link.
Page 241: Viewing Multicast Forwarding Database Information
Software User Manual D-Link Unified Access System 12/10/09 Table 144: Port Channel Status Fields (Cont.) Field Description Load Balance Shows the hashing algorithm used to distribute the traffic load among available physical ports in the LAG. The range of possible values may vary with the type of switch.
Page 242: Mfdb Gmrp Table
D-Link Unified Access System Software User Manual 12/10/09 Table 145: MFDB Table Fields Field Description MAC Address Enter the VLAN ID/MAC Address pair whose MFDB table entry you want displayed. Enter eight two-digit hexadecimal numbers separated by colons, for example 00:01:23:43:45:67:89:AB.
Page 243: Mfdb Igmp Snooping Table
Software User Manual D-Link Unified Access System 12/10/09 Table 146: GMRP Table Fields Field Description Type This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol.
Page 244: Mfdb Mld Snooping Table
D-Link Unified Access System Software User Manual 12/10/09 MFDB MLD S NOOPING ABLE Use the MLD Snooping Table page to view all of the entries in the Multicast Forwarding Database that were created for MLD Snooping. To access the MLD Snooping Table page, click LAN > Monitoring > Multicast Forwarding Database > MLD Snooping Table in the navigation tree.
Page 245: Figure 166: Multicast Forwarding Database Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 166: Multicast Forwarding Database Statistics Table 149: Multicast Forwarding Database Statistics Fields Field Description Max MFDB Entries Shows the maximum number of entries that the Multicast Forwarding Database table can hold.
Page 246: Configuring Spanning Tree Protocol
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING PANNING ROTOCOL The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Common STP, Multiple STP, and Rapid STP.
Page 247: Switch Configuration/Status
Software User Manual D-Link Unified Access System 12/10/09 WITCH ONFIGURATION TATUS The Spanning Tree Switch Configuration/Status page contains fields for enabling STP on the switch. To display the Spanning Tree Switch Configuration/Status page, click LAN > L2 Features > Spanning Tree > Switch Configuration in the navigation tree.
Page 248: Cst Configuration/Status
D-Link Unified Access System Software User Manual 12/10/09 CST C ONFIGURATION TATUS Use the Spanning Tree CST Configuration/Status page to configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch. To display the Spanning Tree CST Configuration/Status page, click LAN > L2 Features > Spanning Tree > CST Configuration in the navigation tree.
Page 249 Software User Manual D-Link Unified Access System 12/10/09 Table 151: Spanning Tree CST Configuration/Status Fields (Cont.) Field Description Bridge Hello Time (secs) Specifies the switch Hello time, which indicates the amount of time in seconds a root bridge waits between configuration messages. The valid range is 1-10, and the default value is 2.
Page 250: Mst Configuration/Status
D-Link Unified Access System Software User Manual 12/10/09 MST C ONFIGURATION TATUS Use the Spanning Tree MST Configuration/Status page to configure Multiple Spanning Tree (MST) on the switch. To display the Spanning Tree MST Configuration/Status page, click LAN > L2 Features > Spanning Tree > MST Configuration Identification in the navigation tree.
Page 251 Software User Manual D-Link Unified Access System 12/10/09 Table 152: Spanning Tree MST Configuration/Status Field Description MST ID This is only visible when Create is selected from the MST field drop-down menu. The ID of the MST being created. Valid values for this are between 1 and 4094.
Page 252: Cst Port Configuration/Status
D-Link Unified Access System Software User Manual 12/10/09 CST P ONFIGURATION TATUS Use the Spanning Tree CST Port Configuration/Status page to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Configuration/Status page, click LAN > L2 Features > Spanning Tree > CST Port Configuration in the navigation tree.
Page 253: Table 153: Spanning Tree Cst Port Configuration/Status Fields
Software User Manual D-Link Unified Access System 12/10/09 Table 153: Spanning Tree CST Port Configuration/Status Fields Field Description Slot/Port Select a physical or port channel interface to configure. The port is associated with the VLAN(s) associated with the CST. Port Priority The priority for a particular port within the CST.
Page 254: Mst Port Configuration/Status
D-Link Unified Access System Software User Manual 12/10/09 Table 153: Spanning Tree CST Port Configuration/Status Fields (Cont.) Field Description Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree. The port role will be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port or Disabled Port.
Page 255: Figure 172: Spanning Tree Mst Port Configuration/Status
Software User Manual D-Link Unified Access System 12/10/09 To display the Spanning Tree MST Port Configuration/Status page, click LAN > L2 Features > Spanning Tree > MST Port Configuration in the navigation tree. If no MST instances have been configured on the switch, the page displays a “No MSTs Available”...
Page 256 D-Link Unified Access System Software User Manual 12/10/09 Table 154: Spanning Tree MST Port Configuration/Status Fields (Cont.) Field Description Port Up Time Since Counters Time since the counters were last cleared, displayed in Days, Hours, Minutes, and Last Cleared Seconds.
Page 257: Statistics
Software User Manual D-Link Unified Access System 12/10/09 TATISTICS Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page, click LAN > Monitoring > Spanning Tree > Statistics > Statistics in the navigation tree.
Page 258: Configuring Port Security
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING ECURITY Port Security can be enabled on a per-port basis. When a port is locked, only packets with allowable source MAC addresses can be forwarded. All other packets are discarded. A MAC address can be defined as allowable by one of two methods: dynamically or statically.
Page 259: Port Security Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 ECURITY NTERFACE ONFIGURATION Use this page to configure the port security feature on a selected interface. To access the Port Security Interface Configuration page, click LAN > Security > Port Security Interface Configuration in the navigation tree.
Page 260: Port Security Static
D-Link Unified Access System Software User Manual 12/10/09 • If you make any changes to the page, click Submit to apply the new settings to the system. ECURITY TATIC Use the Port Security Static page to view static MAC addresses configured on an interface.
Page 261: Port Security Dynamic
Software User Manual D-Link Unified Access System 12/10/09 ECURITY YNAMIC Use the Port Security Dynamic page to view a table with the dynamically learned MAC addresses on an interface. With dynamic locking, MAC addresses are learned on a “first arrival” basis. You specify how many addresses can be learned on the locked port.
Page 262: Port Security Violation Status
D-Link Unified Access System Software User Manual 12/10/09 ECURITY IOLATION TATUS Use the Port Security Violation Status page to enable or disable the port security feature on your switch. To access the Port Security Violation Status page, click LAN > Monitoring > Port Security > Port Security Violation in the navigation tree.
Page 263: Managing Lldp
D-Link allows LLDP to have multiple LLDP neighbors per interface. The number of such neighbors is limited by the memory constraints. A product-specific constant defines the maximum number of neighbors supported by the switch. There is no restriction on the number of neighbors supported on a per LLDP port.
Page 264: Global Configuration
D-Link Unified Access System Software User Manual 12/10/09 LOBAL ONFIGURATION Use the LLDP Global Configuration page to specify LLDP parameters that are applied to the switch. To display the LLDP Global Configuration page, click LAN > L2 Features > LLDP > Global Configuration in the navigation tree.
Page 265: Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 NTERFACE ONFIGURATION Use the LLDP Interface Configuration page to specify LLDP parameters that are applied to a specific interface. To display the LLDP Interface Configuration page, click LAN > L2 Features > LLDP > Interface Configuration in the navigation tree.
Page 266: Interface Summary
D-Link Unified Access System Software User Manual 12/10/09 NTERFACE UMMARY Use the LLDP Interface Summary page to view the LLDP parameters configured on each physical port on the system. To display the LLDP Interface Summary page, click LAN > Monitoring > LLDP Status > Interface Summary in the navigation tree.
Page 267: Statistics
Software User Manual D-Link Unified Access System 12/10/09 TATISTICS Use the LLDP Statistics page to view the global and interface LLDP statistics. To display the LLDP Statistics page, click LAN > Monitoring > LLDP Status > Statistics in the navigation tree.
Page 268: Local Device Information
D-Link Unified Access System Software User Manual 12/10/09 Table 163: LLDP Statistics Fields (Cont.) Field Description Errors Displays the number of invalid LLDP frames received by the LLDP agent on the corresponding port, while the LLDP agent is enabled. Ageouts Displays the number of age-outs that occurred on a given port.
Page 269: Local Device Summary
Software User Manual D-Link Unified Access System 12/10/09 Table 164: LLDP Local Device Information Fields Field Description Interface Select from the list of all the ports on which LLDP-802.1AB frames can be transmitted. Chassis ID Subtype Displays the string that describes the source of the chassis identifier.
Page 270: Remote Device Information
D-Link Unified Access System Software User Manual 12/10/09 • Click Refresh to update the information on the screen with the most current data. EMOTE EVICE NFORMATION Use the LLDP Remote Device Information page to view the data that a specified interface has received from other LLDP- enabled systems.
Page 271: Remote Device Summary
Software User Manual D-Link Unified Access System 12/10/09 EMOTE EVICE UMMARY Use the LLDP Remote Device Summary page to view information about all interfaces on the device that are enabled to transmit LLDP information. To display the LLDP Remote Device Summary page, click LAN > Monitoring > LLDP Status > Remote Device Summary in the navigation tree.
Page 272: Lldp-Med
D-Link Unified Access System Software User Manual 12/10/09 LLDP-MED The Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) is an enhancement to LLDP that features: • Auto-discovery of LAN policies (such as VLAN, Layer 2 Priority and DiffServ settings), enabling plug and play networking.
Page 273: Lldp-Med Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 LLDP-MED Interface Configuration Use this page to enable LLDP-MED mode on an interface and configure its properties. To display this page, click LAN > L2 Features > LLDP > LLDP-MED > Interface Configuration in the navigation tree.
Page 274: Lldp-Med Interface Summary
D-Link Unified Access System Software User Manual 12/10/09 LLDP-MED Interface Summary This page lists each switch interface and its LLDP configuration status. To display this page, click LAN > Monitoring > LLDP Status > LLDP-MED > Interface Summary in the navigation tree.
Page 275: Figure 190: Lldp-Med Local Device Information
Software User Manual D-Link Unified Access System 12/10/09 Figure 190: LLDP-MED Local Device Information Table 171: LLDP-MED Local Device Information Fields Field Description Interface Select from the list of all the ports on which LLDP-MED frames can be transmitted. Network Policy Information Specifies if network policy TLV is present in the LLDP frames: •...
Page 276: Lldp-Med Remote Device Information
D-Link Unified Access System Software User Manual 12/10/09 Table 171: LLDP-MED Local Device Information Fields (Cont.) Field Description Extended PoE Specifies if local device is a PoE device. • Device Type. Specifies power device type. Extended PoE PSE Specifies if extended PSE TLV is present in LLDP frame: •...
Page 277 Software User Manual D-Link Unified Access System 12/10/09 Table 172: LLDP-MED Local Device Information Fields (Cont.) Field Description Network Policy Information Specifies if network policy TLV is received in the LLDP frames on this port: • Media Application Type: Specifies the application type. Types of application types are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling.
Page 278 D-Link Unified Access System Software User Manual 12/10/09 Page 278 Managing LLDP Document 34CSFP6XXUWS-SWUM100-D7...
Page 279: Section 4: Configuring L3 Features
S e c t i on 4 : C on f i gu r i ng L3 F e a t ur e s D-Link Unified Access System supports IP routing. Use the links in the LAN > L3 Features navigation tree folder to manage routing on the system.
Page 280: Arp Create
D-Link Unified Access System Software User Manual 12/10/09 reconfigured, disconnected, or powered off). This leads to stale information in the ARP cache unless entries are updated in reaction to new information seen on the network, periodically refreshed to determine if an address still exists, or removed from the cache if the entry has not been identified as a sender of an ARP packet during the course of an ageout interval, usually specified via configuration.
Page 281: Arp Table Configuration
Software User Manual D-Link Unified Access System 12/10/09 ARP T ABLE ONFIGURATION Use this page to change the configuration parameters for the Address Resolution Protocol Table. You can also use this screen to display the contents of the table. To display the page, click LAN > L3 Features > ARP > ARP Table Configuration in the navigation tree.
Page 282: Table 175: Arp Table Fields
D-Link Unified Access System Software User Manual 12/10/09 Table 174: ARP Table Configuration Fields (Cont.) Field Description Active Static Entries Total number of active static entries in the ARP table. Configured Static Entries Total number of configured static entries in the ARP table.
Page 283: Configuring Global And Interface Ip Settings
Software User Manual D-Link Unified Access System 12/10/09 IP S ONFIGURING LOBAL AND NTERFACE ETTINGS The LAN > L3 Features > IP folder contains links to the following web pages that configure IP routing data: • “IP Configuration” • “IP Interface Configuration”...
Page 284 D-Link Unified Access System Software User Manual 12/10/09 Table 176: IP Configuration Fields (Cont.) Field Description ICMP Rate Limit Burst Size To control the ICMP error packets, you can specify the number of ICMP error packets that are allowed per burst interval. By default, the burst size is 100 packets. When the burst interval is zero, then configuring this field is not a valid option.
Page 285: Ip Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 IP I NTERFACE ONFIGURATION Use the IP Interface Configuration page to update IP interface data for this switch. To display the page, click LAN > L3 Features > IP > Interface Configuration in the navigation tree.
Page 286: Helper Ip Interface Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 177: IP Interface Configuration Fields (Cont.) Field Description MAC Address The burned-in physical address of the specified interface. The format is six two-digit hexadecimal numbers separated by colons, for example 00:06:29:32:81:40. This value is valid for physical interfaces.
Page 287: Ip Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 196: Helper IP Interface Configuration Table 178: Helper IP Interface Configuration Fields Field Description Slot/Port The interface for which data is to be displayed or configured. Helper IP Address The IP address for which data is to be displayed. You must select Create to add a Helper ID address to the interface.
Page 288: Table 179: Ip Statistics Fields
D-Link Unified Access System Software User Manual 12/10/09 Table 179: IP Statistics Fields Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
Page 289 Software User Manual D-Link Unified Access System 12/10/09 Table 179: IP Statistics Fields (Cont.) Field Description IpRoutingDiscards The number of routing entries which were chosen to be discarded even though they are valid. One possible reason for discarding such an entry could be to free-up buffer space for other routing entries.
Page 290: Managing The Bootp/Dhcp Relay Agent
D-Link Unified Access System Software User Manual 12/10/09 BOOTP/DHCP R ANAGING THE ELAY GENT BootP/DHCP Relay Agent enables BootP/DHCP clients and servers to exchange BootP/DHCP messages across different subnets. The relay agent receives the requests from the clients, and checks the valid hops and giaddr fields. If the number of hops is greater than the configured, the agent assumes the packet has looped through the agents and discards the packet.
Page 291: Bootp/Dhcp Relay Agent Configuration
Software User Manual D-Link Unified Access System 12/10/09 BOOTP/DHCP R ELAY GENT ONFIGURATION Use the BOOTP/DHCP Relay Agent Configuration page to configure and display a BOOTP/DHCP relay agent. To display the page, click LAN > L3 Features > BOOTP/DHCP Relay Agent Configuration in the navigation tree.
Page 292: Bootp/Dhcp Relay Agent Status
D-Link Unified Access System Software User Manual 12/10/09 BOOTP/DHCP R ELAY GENT TATUS Use the BOOTP/DHCP Relay Agent Status page to display the BOOTP/DHCP Relay Agent configuration and status information. To display the page, click LAN > Monitoring > L3 Status > BOOTP/DHCP Relay Agent Status in the navigation tree.
Page 293: Configuring Rip
Software User Manual D-Link Unified Access System 12/10/09 ONFIGURING RIP is an Interior Gateway Protocol (IGP) based on the Bellman-Ford algorithm and targeted at smaller networks (network diameter no greater than 15 hops). The routing information is propagated in RIP update packets that are sent out both periodically and in the event of a network topology change.
Page 294: Rip Interface Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 182: RIP Configuration Fields (Cont.) Field Description Split Horizon Mode Select None, Simple, or Poison Reverse from the dropdown menu. The default is Simple. Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned.
Page 295: Configuring The Rip Interface
Software User Manual D-Link Unified Access System 12/10/09 Table 183: RIP Interface Configuration Fields Field Description Slot/Port Select the interface for which data is to be configured from the menu. Send Version RIP Version that router sends with its routing updates. The default is RIP-2. Possible values are: •...
Page 296: Rip Interface Summary
D-Link Unified Access System Software User Manual 12/10/09 Figure 202: RIP Interface Authentication Configuration 5 Select the type of authentication to use. If you select Simple or Encrypt as the authentication, the screen refreshes, and additional fields display. Enter the required information into the new fields.
Page 297: Rip Route Redistribution Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 184: RIP Interface Summary Fields (Cont.) Field Description Receive Version Specifies which RIP version control packets are accepted by the interface. The default is Both. Possible values are: • RIP-1: only RIP version 1 formatted packets are received.
Page 298: Rip Route Redistribution Summary
D-Link Unified Access System Software User Manual 12/10/09 Table 185: RIP Route Redistribution Configuration Fields (Cont.) Field Description Metric Sets the metric value to be used as the metric of redistributed routes. This field displays the metric if the source was pre-configured and can be modified. The valid values are 1 to 15.
Page 299: Router Discovery
Software User Manual D-Link Unified Access System 12/10/09 Table 186: RIP Route Redistribution Summary Fields (Cont.) Field Description Metric The Metric of redistributed routes for the given source route. Displays Unconfigured when not configured. Distribute List The Access List that filters the routes to be redistributed by the Destination Protocol.
Page 300: Table 187: Router Discovery Configuration Fields
D-Link Unified Access System Software User Manual 12/10/09 Table 187: Router Discovery Configuration Fields Field Description Slot/Port Select the router interface for which data is to be configured. Advertise Mode Select Enable or Disable from the dropdown menu. If you select Enable, Router Advertisements are transmitted from the selected interface.
Page 301: Router Discovery Status
Software User Manual D-Link Unified Access System 12/10/09 OUTER ISCOVERY TATUS Use the Router Discovery Status page to display Router Discovery data for each port. To display the page, click LAN > L3 Features > Router Discovery > Status in the navigation tree.
Page 302: Router
D-Link Unified Access System Software User Manual 12/10/09 Table 188: Router Discovery Status Fields (Cont.) Field Description Maximum Advertise The maximum time (in seconds) allowed between router advertisements sent from Interval(secs) the interface. Minimum Advertise The minimum time (in seconds) allowed between router advertisements sent from the Interval(secs) interface.
Page 303 Software User Manual D-Link Unified Access System 12/10/09 Table 189: Route Table Fields (Cont.) Field Description Network Address The IP route prefix for the destination. Subnet Mask Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network.
Page 304: Best Routes Table
D-Link Unified Access System Software User Manual 12/10/09 OUTES ABLE The route table manager collects routes from multiple sources: static routes, RIP routes, and local routes. The route table manager may learn multiple routes to the same destination from multiple sources. In that case, the route table manager selects the route with the lowest route preference value to use for forwarding to that destination.
Page 305: Configured (Static) Routes
Software User Manual D-Link Unified Access System 12/10/09 ONFIGURED TATIC OUTES Use the Configured Routes page to create and display static routes. To display the page, click LAN > L3 Features > Router > Configured Routes in the navigation tree.
Page 306: Figure 212: Create Static Route Entry
D-Link Unified Access System Software User Manual 12/10/09 Figure 212: Create Static Route Entry Figure 213: Create Static Reject Route Entry Table 192: Route Entry Create Fields Field Description Network Address Specify the IP route prefix for the destination from the dropdown menu. In order to create a route, a valid routing interface must exist and the next hop IP Address must be on the same network as the routing interface.
Page 307: Deleting A Route
Software User Manual D-Link Unified Access System 12/10/09 Table 192: Route Entry Create Fields (Cont.) Field Description Route Type Specifies whether the route is to be a Default route or a Static route. 4 Click Submit. The new route is added, and you are returned to the Configured Routes page.
Page 308: Route Preferences Configuration
D-Link Unified Access System Software User Manual 12/10/09 OUTE REFERENCES ONFIGURATION Use the Route Preferences Configuration page to configure the default preference for each protocol. These values are arbitrary values that range from 1 to 255, and are independent of route metrics. Most routing protocols use a route metric to determine the shortest path known to the protocol, independent of any other protocol.
Page 309: Vlan Routing
VLAN spans multiple physical networks, or when additional segmentation or security is required. This section shows how to configure D-Link Unified Switch software to support VLAN routing. A port can be either a VLAN port or a router port, but not both.
Page 310: Creating A Vlan Routing Interface
D-Link Unified Access System Software User Manual 12/10/09 Table 194: VLAN Routing Configuration Fields Field Description VLAN ID Enter the ID of a VLAN to configure for VLAN Routing. Initially, the field will display the ID of the first VLAN. After you enter a new VLAN ID and click Create, the non- configurable data will be displayed.
Page 311: Vlan Routing Summary
Software User Manual D-Link Unified Access System 12/10/09 VLAN R OUTING UMMARY Use the VLAN Routing Summary page to display information about the VLAN Routing interfaces configured on the system. To display the page, click LAN > Monitoring > L3 Status > VLAN Routing Summary in the navigation tree.
Page 312: Virtual Router Redundancy Protocol (Vrrp)
D-Link Unified Access System Software User Manual 12/10/09 (VRRP) IRTUAL OUTER EDUNDANCY ROTOCOL The Virtual Router Redundancy protocol is designed to handle default router failures by providing a scheme to dynamically elect a backup router. The driving force was to minimize “black hole” periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is detected.
Page 313: Virtual Router Configuration
Software User Manual D-Link Unified Access System 12/10/09 IRTUAL OUTER ONFIGURATION Use the Virtual Router Configuration page to create a new virtual router or to configure an existing one. To display the page, click LAN > L3 Features > VRRP > Virtual Router Configuration in the navigation tree.
Page 314: Configuring A Secondary Vrrp Address
D-Link Unified Access System Software User Manual 12/10/09 Table 197: Virtual Router Configuration Fields (Cont.) Field Description IP Address Enter the IP Address associated with the Virtual Router. The default is 0.0.0.0, which you must change prior to clicking Create.
Page 315: Vrrp Interface Tracking Configuration
Software User Manual D-Link Unified Access System 12/10/09 VRRP Interface Tracking Configuration Use VRRP Interface Tracking to track a specific interface IP state within the router that can alter the priority level of a virtual router for a VRRP group. An exception to this is, if that VRRP group is the IP address owner, its priority is fixed at 255 and cannot be reduced through the tracking process.
Page 316: Vrrp Interface Tracking
D-Link Unified Access System Software User Manual 12/10/09 VRRP Interface Tracking Use the VRRP Interface Tracking page to add an interface to the tracking list. Figure 220: VRRP Interface Tracking Table 199: VRRP Track Interface Fields Field Description Slot/Port The interface associated with the Virtual Router ID.
Page 317: Vrrp Route Tracking
Software User Manual D-Link Unified Access System 12/10/09 Table 200: VRRP Route Tracking Configuration Fields Field Description Slot/Port The interface associated with the Virtual Router ID. Virtual Router ID The Virtual Router ID for which tracking data is to be displayed.
Page 318: Virtual Router Status
D-Link Unified Access System Software User Manual 12/10/09 changes will not be retained across a power cycle unless a Save is performed. • Click Cancel to return to the VRRP Route Tracking Configuration page. IRTUAL OUTER TATUS Use the Virtual Router Status page to display virtual router status.
Page 319: Virtual Router Statistics
Software User Manual D-Link Unified Access System 12/10/09 Table 202: Virtual Router Status Fields (Cont.) Field Description Status The current status of the Virtual Router: • Inactive • Active Secondary IP Address A secondary VRRP address configured for the primary VRRP.
Page 320: Table 203: Virtual Router Statistics Fields
D-Link Unified Access System Software User Manual 12/10/09 Table 203: Virtual Router Statistics Fields Field Description Router Checksum Errors The total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors The total number of VRRP packets received with an unknown or unsupported version number.
Page 321: Loopback Interfaces
OOPBACK NTERFACES D-Link software provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted via user-configuration. D-Link software supports multiple loopback interfaces. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device that may be referred to by other switches.
Page 322: Creating A New Loopback (Ipv4)
D-Link Unified Access System Software User Manual 12/10/09 Figure 226: Configured Loopback Interface The fields available on the Loopbacks Configuration page depend on whether any loopback interfaces exist. The following table describes all fields, which are not all on the same screen at the same time.
Page 323: Configuring An Existing Loopback
Software User Manual D-Link Unified Access System 12/10/09 3 Click Submit. The Loopback ID field goes away, and additional loopback fields display, as Figure 227 shows. Figure 227: Loopbacks Configuration—IPv4 Entry 4 In the Protocol field, select IPv4 5 Enter desired values in the remaining fields.
Page 324: Loopback Summary
D-Link Unified Access System Software User Manual 12/10/09 OOPBACK UMMARY Use the Loopback Summary page to display a summary of configured loopbacks. To display the page, click LAN > Monitoring > L3 Status > Loopback Summary in the navigation tree.
Page 325: Section 5: Configuring Quality Of Service
Software User Manual D-Link Unified Access System 12/10/09 Section 5: C onfiguring Quality of Ser v ic e This section gives an overview of Quality of Service (QoS) and explains the QoS features available from the Quality of Service navigation tree menu. This section contains the following subsections: •...
Page 326: Configuring Differentiated Services
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING IFFERENTIATED ERVICES The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
Page 327: Figure 229: Diffserv Configuration
Software User Manual D-Link Unified Access System 12/10/09 Packet processing begins by testing the match criteria for a packet. The ‘all’ class type option defines that each match criteria within a class must evaluate to true for a packet to match that class. The ‘any’ class type option defines that at least one match criteria must evaluate to true for a packet to match that class.
Page 328: Class Configuration
D-Link Unified Access System Software User Manual 12/10/09 LASS ONFIGURATION Use the Class Configuration page to add a new Diffserv class name, or to rename or delete an existing class. The page also allows you to define the criteria to associate with a DiffServ class. As packets are received, these DiffServ classes are used to prioritize packets.
Page 329: Table 208: Diffserv Class Configuration Fields
Software User Manual D-Link Unified Access System 12/10/09 Table 208: Diffserv Class Configuration Fields Field Description Class Selector To configure a new DiffServ class, select Create. To modify or view an existing class, select the name of the class from the dropdown menu.
Page 330: Policy Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 208: Diffserv Class Configuration Fields (Cont.) Field Description Class Match Selector (cont.) • EtherType: Requires a frames’ Ethertype to match the Ethertype listed you select. (IPv4) OLICY ONFIGURATION Use the Policy Configuration page to associate a collection of classes with one or more policy statements.
Page 331: Figure 232: Policy Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 232 shows the Policy Configuration page when the Policy Selector option is Create. Figure 232: Policy Configuration Figure 233 shows the Policy Configuration page when the Policy Selector option shows a configured policy that has a member class.
Page 332: Policy Class Definition
D-Link Unified Access System Software User Manual 12/10/09 Table 209: Policy Configuration Fields (Cont.) Field Description Member Class List The menu lists all DiffServ classes that have been added to the policy. names. To remove a DiffServ class from a policy, select the name of the class from the list, and then click Remove Selected Class.
Page 333 Software User Manual D-Link Unified Access System 12/10/09 Table 210: Policy Class Definition Fields (Cont.) Field Description Policy Attribute The menu lists all attributes supported for this type of policy, from which one can be selected. To Selector configure the attributes, select an attribute from the list, and then click Configure Selected Attribute.
Page 334: Service Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 210: Policy Class Definition Fields (Cont.) Field Description Violate Action Determines what happens to packets that are considered non-conforming (above the police rate). Select one of the following actions: • Drop: (default) These packets are immediately dropped.
Page 335: Configuring Class Of Service
Software User Manual D-Link Unified Access System 12/10/09 To activate a policy on an interface, select the interface and the policy, and then click Submit. ONFIGURING LASS OF ERVICE The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required.
Page 336: Trust Mode Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 212: 802.1p Priority Mapping Field Description Slot/Port Selects the interface to which the class of service configuration is applied. 802.1p Priority Displays the 802.1p priority to be mapped. Priority goes from low (0) to high (7). For example, traffic with a priority of 0 is for most data traffic and is sent using “best effort.”...
Page 337: Figure 237: Trust Mode Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 237: Trust Mode Configuration Table 213: Trust Mode Configuration Fields Field Description Slot/Port The menu contains all CoS configurable interfaces. Select the Global option to apply the same trust mode to all interfaces. Select an individual interface from the menu to override the global settings on a per-interface basis.
Page 338: Ip Dscp Mapping Configuration
D-Link Unified Access System Software User Manual 12/10/09 IP DSCP M APPING ONFIGURATION Use the IP DSCP Mapping Configuration page to map an IP DSCP value to an internal traffic class. To display the IP DSCP Mapping Configuration page, click LAN >QoS > Class of Service > IP DSCP Mapping Configuration in the navigation menu.
Page 339: Figure 239: Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 239: Interface Configuration Table 215: Interface Configuration Fields Field Description Slot/Port Selects the CoS configurable interface to be affected by the Interface Shaping Rate. Select Global to apply a rate to all interfaces. Select an individual port to override the global setting.
Page 340: Cos Interface Queue Configuration
D-Link Unified Access System Software User Manual 12/10/09 NTERFACE UEUE ONFIGURATION Use the CoS Interface Queue Configuration page to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port.
Page 341 Software User Manual D-Link Unified Access System 12/10/09 Table 216: Interface Queue Configuration Fields (Cont.) Field Description Queue Management Type Displays the type of queue depth management techniques used for all queues on this interface. Queue Management Type can only be Taildrop. The default value is Taildrop.
Page 342: Configuring Auto Voip
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING Voice over Internet Protocol (VoIP) allows you to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration will ensure high-quality application performance.
Page 343 Software User Manual D-Link Unified Access System 12/10/09 is performed. • Click Refresh to update the page with the most current data from the switch. Document 34CSFP6XXUWS-SWUM100-D7 Configuring Auto VoIP Page 343...
Page 344: Section 6: Configuring Access Control Lists
D-Link software supports IPv4 and MAC ACLs. The total number of MAC and IP ACLs supported by D-Link software is 100. The Access Control Lists folder contains links to the following folders and web pages: •...
Page 345: Ip Access Control Lists
Software User Manual D-Link Unified Access System 12/10/09 IP A CCESS ONTROL ISTS IP access control lists (ACL) allow network managers to define classification actions and rules for specific ports. ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications. The total number of rules that can be defined for each ACL is 12.
Page 346: Ip Acl Rule Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 218: IP ACL Configuration Fields Field Description IP ACL Select a type of ACL to create, or select an existing ACL to delete from the dropdown menu. You can create the following types of IP ACLs: •...
Page 347: Figure 243: Ip Acl Rule Configuration (Create Rule)
Software User Manual D-Link Unified Access System 12/10/09 Figure 243: IP ACL Rule Configuration (Create Rule) Figure 244 shows the fields available when you create a rule for an extended IP ACL. Figure 244: IP ACL Rule Configuration (Extended ACL Rule) Table 219 shows all possible fields on the IP ACL Rule Configuration page.
Page 348 D-Link Unified Access System Software User Manual 12/10/09 Table 219: IP ACL Rule Configuration Fields (Cont.) Field Description Rule Select an existing Rule ID to modify or select Create Rule to configure a new ACL Rule. New rules cannot be created if the maximum number of rules has been reached.
Page 349 Software User Manual D-Link Unified Access System 12/10/09 Table 219: IP ACL Rule Configuration Fields (Cont.) Field Description Source IP Mask Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important.
Page 350 D-Link Unified Access System Software User Manual 12/10/09 Table 219: IP ACL Rule Configuration Fields (Cont.) Field Description Service Type Select one of the following three Match conditions for the extended IP ACL rule. These are alternative ways of specifying a match condition for the same Service Type field in the IP header, however each uses a different user notation.
Page 351: Mac Access Control Lists
Software User Manual D-Link Unified Access System 12/10/09 Deleting a Rule from an IP-based ACL 1 Open the IP ACL Rule Configuration page. 2 Select the desired ACL from the IP ACL menu. 3 Select the rule to delete from the Rule field.
Page 352: Mac Acl Rule Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 220: MAC ACL Configuration Fields Field Description MAC ACL The options in the dropdown menu allow you to create a new MAC ACL or select an existing MAC ACL that you want to rename.
Page 353: Figure 247: Mac Acl Rule Configuration (Deny Action)
Software User Manual D-Link Unified Access System 12/10/09 Figure 247: MAC ACL Rule Configuration (Deny Action) Figure 248 shows the fields available when you create a rule for a MAC ACL. Figure 248: MAC ACL Rule Configuration (Permit Action) Table 221 shows all possible fields on the MAC ACL Rule Configuration page.
Page 354: Table 221: Mac Acl Rule Configuration Fields
D-Link Unified Access System Software User Manual 12/10/09 Table 221: MAC ACL Rule Configuration Fields Field Description MAC ACL Specifies an existing MAC ACL. To set up a new MAC ACL use the “MAC Access Control Lists” page. Rule Select an existing Rule ID to modify or select Create Rule to configure a new ACL Rule.
Page 355: Acl Interface Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 221: MAC ACL Rule Configuration Fields (Cont.) Field Description Ethertype User Value This field only appears if you select User Value from the EtherType dropdown list. The value you enter specifies a customized Ethertype to compare against an Ethernet frame.
Page 356: Assigning An Acl To An Interface
D-Link Unified Access System Software User Manual 12/10/09 Figure 249: ACL Interface Configuration If an ACL has been assigned to the interface, it displays in the table at the bottom of the page. Table 222: ACL Interface Configuration Fields Field...
Page 357: Removing An Acl From An Interface
Software User Manual D-Link Unified Access System 12/10/09 Removing an ACL from an Interface If an ACL is bound to an interface, the Remove button appears on the page when you select the interface from the Slot/Port menu. To remove the ACL from the interface, select the type of ACL to remove and its ID or name, and then click Remove.
Page 358 D-Link Unified Access System Software User Manual 12/10/09 Page 358 Configuring Access Control Lists Document 34CSFP6XXUWS-SWUM100-D7...
Page 359: Section 7: Managing Device Security
Software User Manual D-Link Unified Access System 12/10/09 S e c t io n 7 : M a nag in g D ev i c e S e c ur it y Use the features in the Security folder on the navigation tree menu to set management security parameters for port, user, and server security.
Page 360: Figure 250: Captive Portal Global Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 250: Captive Portal Global Configuration The following table describes the global CP fields you can view or configure. Table 223: Captive Portal Global Configuration Field Description Enable Captive Select the check box to enable the CP feature on the switch. Clear the check box to disable the Portal captive portal feature.
Page 361: Cp Configuration
Software User Manual D-Link Unified Access System 12/10/09 CP C ONFIGURATION From the CP Configuration page, you can view summary information about captive portals on the system, add a captive portal, and configure existing captive portals. Use the CP Summary page to create or delete captive portal configurations. The switch supports 10 CP configurations. CP configuration 1 is created by default and can not be deleted.
Page 362: Changing The Captive Portal Settings
D-Link Unified Access System Software User Manual 12/10/09 Table 224: Captive Portal Summary Field Description Verification Specifies which type of user verification to perform: • Guest: The user does not need to be authenticated by a database. • Local: The switch uses a local database to authenticated users.
Page 363: Table 225: Cp Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 225: CP Configuration Field Description Enable Captive Select the check box to enable the CP. Clear the check box to disable it. Portal Configuration This field allows you to change the name of the portal added from the CP Summary page.
Page 364: Customizing The Captive Portal Web Page
D-Link Unified Access System Software User Manual 12/10/09 Table 225: CP Configuration Field Description User Group If the Verification Mode is Local or RADIUS, assign an existing User Group to the captive portal or create a new group. All users who belong to the group are permitted to access the network through this portal.
Page 365: Figure 253: Cp Web Page Customization-Global Parameters
Software User Manual D-Link Unified Access System 12/10/09 Figure 253: CP Web Page Customization—Global Parameters Figure 254: CP Web Page Customization—Authentication page Document 34CSFP6XXUWS-SWUM100-D7 Captive Portal Configuration Page 365...
Page 366: Figure 255: Cp Web Page Customization-Welcome Page
D-Link Unified Access System Software User Manual 12/10/09 Figure 255: CP Web Page Customization—Welcome Page Figure 256: CP Web Page Customization—Logout Page Page 366 Captive Portal Configuration Document 34CSFP6XXUWS-SWUM100-D7...
Page 367: Figure 257: Cp Web Page Customization-Logout Success Page
Software User Manual D-Link Unified Access System 12/10/09 Figure 257: CP Web Page Customization—Logout Success Page Table 226 describes the fields on the CP Web Page Customization page. Table 226: CP Web Page Customization Field Description Global Parameters Available Images The menu shows the images that are available to use for the page background, branding and the account image.
Page 368 D-Link Unified Access System Software User Manual 12/10/09 Table 226: CP Web Page Customization Field Description Branding Image Shows the name of the current branding image on the Authentication Page. This field can be modified from the CP WEB Customization Global Parameters page.
Page 369: Local User
Software User Manual D-Link Unified Access System 12/10/09 Table 226: CP Web Page Customization Field Description Page Title Enter the text to use as the page title. This is the text that identifies the page. Instructional Text Enter the detailed text to display that confirms that the user has been authenticated and instructs the user how to deauthenticate.
Page 370: Adding A Local User
D-Link Unified Access System Software User Manual 12/10/09 Table 227: Local User Summary Field Description User Identifies the name of the user. Session Timeout Shows the number of seconds a user is permitted to remain connected to the network. Once the Session Timeout value is reached, the user is logged out automatically.
Page 371: Configuring Users In The Local Database
Software User Manual D-Link Unified Access System 12/10/09 Table 228: Local User Configuration Field Description Password Enter a password for the user. The password length can be from 8 to 64 characters. User Group Assign the user to at least one User Group. To assign a user to more than one group, press the Ctrl key and click each group.
Page 372: Configuring Users In A Remote Radius Server
D-Link Unified Access System Software User Manual 12/10/09 Table 229: Local User Configuration Field Description Max Up Rate Enter the maximum speed, in bytes per second, that the user can transmit traffic when using the captive portal. This setting limits the bandwidth at which the user can send data into the network.
Page 373: Interface Association
Software User Manual D-Link Unified Access System 12/10/09 Table 230: Captive Portal User RADIUS Attributes Attribute Number Description Range Usage Default WISPr-Bandwidth- 14122, 8 Maximum client receive rate (b/ Integer Optional – Max-Down s). Limits the bandwidth at which the client can receive data from the network.
Page 374: Figure 261: Interface Association
D-Link Unified Access System Software User Manual 12/10/09 Figure 261: Interface Association Table 231 describes the fields on the Interface Association page. Table 231: Global Captive Portal Configuration Field Description CP Configuration Lists the captive portals configured on the switch by number and name.
Page 375: Cp Global Status
Software User Manual D-Link Unified Access System 12/10/09 CP G LOBAL TATUS The CP Global Status page contains a variety of information about the CP feature. From the CP Global Status page, you can access information about the CP activity and interfaces.
Page 376: Figure 263: Cp Activation And Activity Status
D-Link Unified Access System Software User Manual 12/10/09 Figure 263: CP Activation and Activity Status The CP Activation and Activity Status page has a drop-down menu that contains all captive portals configured on the switch. When you select a captive portal, the activation and activity status for that portal displays.
Page 377: Interface Status
Software User Manual D-Link Unified Access System 12/10/09 NTERFACE TATUS The pages available from the Interface Status link provide information about the captive portal interfaces and their capabilities. Viewing Interface Activation Status The Interface Activation Status page shows information for every interface assigned to a captive portal instance. Use the drop-down menus to select the portal or interface for which you want to view information.
Page 378: Client Connection Status
D-Link Unified Access System Software User Manual 12/10/09 Figure 265: Interface Capability Status The drop-down menu contains all the wired and wireless interfaces available on the switch. Each wireless interface is identified by its wireless network number and SSID. Physical (wired) interfaces are identified by the Port Description that includes slot number, port number, and interface type.
Page 379: Viewing Client Details
Software User Manual D-Link Unified Access System 12/10/09 If the switch supports clustering and there are peer switches in the cluster, some of the clients displayed on the page might be connected to the network through other switches. For more information about the client, and to view information about which switch handled the authentication for the client, click the MAC address of the client.
Page 380: Viewing The Client Statistics
D-Link Unified Access System Software User Manual 12/10/09 Figure 267: Client Detail The drop-down menu lists each associated client by MAC address. To view status information for a different client, select its MAC address from the list. Table 237 describes the fields on the Client Detail page.
Page 381: Viewing The Client Interface Association Status
Software User Manual D-Link Unified Access System 12/10/09 Figure 268: Client Statistics The drop-down menu lists each associated client by MAC address. To view statistical information for a client, select it from the list. Table 238 describes the fields on the Client Statistics page.
Page 382: Viewing The Client Cp Association Status
D-Link Unified Access System Software User Manual 12/10/09 Table 239: Interface - Client Status Field Description MAC Address Identifies the MAC address of the wireless client. If the MAC address is marked with an asterisk (*), the authenticated client is authenticated by a peer switch. In order words, the cluster controller was not the authenticator.
Page 383: Port Access Control
Software User Manual D-Link Unified Access System 12/10/09 You can configure the Captive Portal traps only if the Captive Portal Trap Mode is enabled, which you configure on the LAN > Administration > SNMP Manager > Trap Flags page. All CP SNMP traps are disabled by default.
Page 384: Global Port Access Control Configuration
D-Link Unified Access System Software User Manual 12/10/09 • Authenticators: Specifies the port that is authenticated before permitting system access. • Supplicants: Specifies host connected to the authenticated port requesting access to the system services. • Authentication Server: Specifies the external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the user is authorized to access system services.
Page 385: Port Configuration
Software User Manual D-Link Unified Access System 12/10/09 ONFIGURATION Use the Port Access Control Port Configuration page to enable and configure port access control on one or more ports. To access the Port Based Access Control Port Configuration page, click LAN > Security > Port Access Control > Port Configuration in the navigation menu.
Page 386: Port Access Entity Capability Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 243: Port Access Control Port Configuration Fields (Cont.) Field Description Transmit Period (secs) Defines the transmit period for the selected port. The transmit period is the value, in seconds, of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant.
Page 387: Supplicant Port Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 274: PAE Capability Configuration Table 244: PAE Capability Configuration Field Description Port Select the Slot/Port to configure. PAE Capabilities Select authenticator or supplicant from the list. Click Submit to set the PAE capability. Note that these changes will not be retained across a power cycle unless you...
Page 388 D-Link Unified Access System Software User Manual 12/10/09 Table 245: Dot1x Supplicant Port Configuration Field Description ControlMode Select the port authorization state. The control mode is set only if the link status of the port is link up. The possible field values are: Auto: The ports mode (Authorized, Unauthorized, etc.) is determined by...
Page 389: User Login Configuration
Software User Manual D-Link Unified Access System 12/10/09 OGIN ONFIGURATION Use the Port Access Control User Login Configuration page to associate system users with authentication lists configured on your system. For more information about authentication lists, see “Authentication List Configuration” on page 72.
Page 390: Port Access Privileges
D-Link Unified Access System Software User Manual 12/10/09 CCESS RIVILEGES Use the Port Access Control Privileges page to grant or deny port access to users configured on the system. To access the Port Based Access Control Privileges page, click LAN > Security > Port Access Control > Port Access Privileges in the navigation menu.
Page 391: Radius Settings
Software User Manual D-Link Unified Access System 12/10/09 RADIUS S ETTINGS Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. RADIUS servers provide a centralized authentication method for: •...
Page 392: Radius Server Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 248: RADIUS Configuration Fields (Cont.) Field Description Number of Configured The number of RADIUS accounting servers configured on the system. The value can Accounting Servers range from 0 to 32. Number of Named The number of authentication server groups configured on the system.
Page 393: Figure 279: Radius Server Configuration-Add Server
Software User Manual D-Link Unified Access System 12/10/09 Figure 279: RADIUS Server Configuration—Add Server If at least one RADIUS server is configured on the switch, and a host address is selected in the RADIUS Server Host Address field, then additional fields are available on the RADIUS Server Configuration page.
Page 394: Viewing Named Server Status Information
D-Link Unified Access System Software User Manual 12/10/09 Table 249: RADIUS Server Configuration Fields (Cont.) Field Description Primary Server Sets the selected server to the Primary (Yes) or Secondary (No) server. If you configure multiple RADIUS servers with the same RAIDUS Server Name, designate one server as the primary and the other(s) as the backup server(s).
Page 395: Radius Accounting Server Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 250: RADIUS Server Configuration Fields Field Description Current An asterisk (*) in the column Indicates that the server is the current server for the authentication server group. If no asterisk is present, the server is a backup server.
Page 396: Viewing Named Accounting Server Status
D-Link Unified Access System Software User Manual 12/10/09 If at least one RADIUS accounting server is configured on the switch, and a host address is selected in the Accounting Server Host Address field, then additional fields are available on the Accounting Server Configuration page.
Page 397: Clear Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 284: RADIUS Server Configuration—Server Added Table 252: Named Accounting Server Fields Field Description RADIUS Accounting Server Shows the RADIUS accounting server name. Name Multiple RADIUS accounting servers can have the same name. In this case, RADIUS clients can use RADIUS servers with the same name as backups for each other.
Page 398: Tacacs+ Settings
TACACS+ S ETTINGS D-Link software provides Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.
Page 399: Tacacs+ Server Configuration
Software User Manual D-Link Unified Access System 12/10/09 TACACS+ S ERVER ONFIGURATION Use the TACACS+ Server Configuration page to configure up to five TACACS+ servers with which the switch can communicate. To display the TACACS+ Server Configuration page, click LAN > Security > TACACS+ > Server Configuration in the navigation menu.
Page 400: Secure Http
D-Link Unified Access System Software User Manual 12/10/09 HTTP ECURE Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using a Web interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
Page 401 Software User Manual D-Link Unified Access System 12/10/09 Table 255: Secure HTTP Configuration Fields (Cont.) Field Description HTTPS Session Hard Timeout Sets the hard timeout for HTTPS sessions. This timeout is unaffected by the activity level of the session. The value must be in the range of (1 to 168) hours. The default value is 24 hours.
Page 402: Figure 289: File Download
D-Link Unified Access System Software User Manual 12/10/09 Figure 289: File Download 2 From the File Type field on the File Download page, select one of the following types of SSL files to download: SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded).
Page 403: Secure Shell
Software User Manual D-Link Unified Access System 12/10/09 ECURE HELL If you use the command-line interface (CLI) to manage the switch from a remote system, you can use Secure Shell (SSH) to establish a secure connection. SSH uses public-key cryptography to authenticate the remote computer.
Page 404: Downloading Ssh Host Keys
D-Link Unified Access System Software User Manual 12/10/09 Table 256: Secure Shell Configuration Fields (Cont.) Field Description Key Generation Status Displays which keys: RSA or DSA, are being generated. • Click Refresh to update the current page with the most current settings and status.
Page 405: Section 8: Configuring The Wireless Features
S e c t i on 8 : C on f i gu r i ng t he W ir e l e s s F e a t ur e s The D-Link Unified Switch is a wireless local area network (WLAN) solution that enables...
Page 406: Dws-4026 Unified Switch
UAP and using the Administrator Web User Interface (UI), command-line interface (CLI) or SNMP. In Managed Mode, the UAP is part of the D-Link Unified Access System, and you manage it by using the Unified Switch.
Page 407: L2 Discovery
1 Use a serial or Telnet connection to log on to the access point. 2 Use the to enter the IP address of up to four switches that are set managed-ap switch-address-<1–4> Document 34CSFP6XXUWS-SWUM100-D7 D-Link Unified Access System Components Page 407...
Page 408: Configuring The Dhcp Option
If you use a Microsoft Windows 2000 or Microsoft Windows 2003 DHCP Server, you configure the scope you use with the access points with DHCP Option 43, as the following procedures describe. 1 From the DHCP manager, right-click the applicable scope and select Configure Options... Page 408 D-Link Unified Access System Components Document 34CSFP6XXUWS-SWUM100-D7...
Page 409 01 04 0C A8 01 0A 01 04 0C A8 02 0A 01 04 0C A8 03 0A 01 04 0C A8 04 10 The following image shows the four IP addresses entered into the Data Entry field on the Windows DHCP server. Document 34CSFP6XXUWS-SWUM100-D7 D-Link Unified Access System Components Page 409...
Page 410 D-Link Unified Access System Software User Manual 12/10/09 4 Click OK. The following figure shows a scope with Option 43 configured. Page 410 D-Link Unified Access System Components Document 34CSFP6XXUWS-SWUM100-D7...
Page 411: Discovery And Peer Switches
Software User Manual D-Link Unified Access System 12/10/09 ISCOVERY AND WITCHES When multiple peer switches are present in the network, you can control which switch or switches are allowed to discover a particular AP by the discovery method you use.
Page 412: Figure 291: Wireless Global Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 291: Wireless Global Configuration The following table describes the fields available on the Wireless Global Configuration page. Table 257: Basic Wireless Global Configuration Field Description Enable WLAN Switch Select this option to enable WLAN switching functionality on the system. Clear the option to administratively disable the WLAN switch.
Page 413 Software User Manual D-Link Unified Access System 12/10/09 Table 257: Basic Wireless Global Configuration Field Description WLAN Switch If the status is disabled, this field appears and one of the following reasons is listed: Disable Reason • None: The cause for the disabled status is unknown.
Page 414: Wireless Discovery Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 257: Basic Wireless Global Configuration Field Description RADIUS Authentication Enter the name of the RADIUS server used for AP and client authentications when a network- Server Name level RADIUS server is not defined on the Basic Setup > SSID > Wireless Network Configuration page.
Page 415: L3/Ip Discovery
Software User Manual D-Link Unified Access System 12/10/09 With this method, multiple peer switches might find the same access point. The first association always takes precedence. The AP does not change its association unless the connectivity to the current wireless switch fails or the switch tells the AP to disassociate and associate with another switch.
Page 416: L2/Vlan Discovery
L2/VLAN Discovery The D-Link Wireless Device Discovery Protocol is a good discovery method to use if the Unified Switch and APs are located in the same Layer 2 multicast domain. The Unified Switch periodically sends a multicast packet containing the discovery message on each VLAN enabled for discovery.
Page 417: Radio
VLAN ID The tracer packets help the switch identify unauthorized APs that do not belong to the D-Link Unified Access System but are connected to the wired network. To add a new profile, go to the WLAN > Administration > Advanced Configuration > AP Profile page, enter a name for the new profile in the available field, and click Add.
Page 418: Figure 294: Radio Settings
D-Link Unified Access System Software User Manual 12/10/09 Figure 294: Radio Settings The following table describes the fields you can configure from the Radio tab on the Basic Setup page. To change the settings on this page, you must first select the radio you want to configure (1 or 2). After you change the settings, click Submit to apply the settings.
Page 419 Software User Manual D-Link Unified Access System 12/10/09 Table 260: Radio Settings (Cont.) Field Description Mode The Mode defines the Physical Layer (PHY) standard the radio uses. Select one of the following modes for each radio interface. Radio 1 supports: •...
Page 420 D-Link Unified Access System Software User Manual 12/10/09 Table 260: Radio Settings (Cont.) Field Description Load Utilization This field allows you to set a threshold for the percentage of network bandwidth utilization allowed on the radio. Once the level you specify is reached, the AP stops accepting new client associations.
Page 421: Table 261: Advanced Radio Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 260: Radio Settings (Cont.) Field Description Auto Eligible Select the Auto Eligible option beneath each channel to include the channel in the automatic channel assignment process. Rate Sets Select the transmission rate sets you want the access point to support and the basic rate sets you want the access point to advertise.
Page 422 D-Link Unified Access System Software User Manual 12/10/09 Table 261: Advanced Radio Configuration Field Description Protection The protection feature contains rules to guarantee that 802.11 transmissions do not cause interference with legacy stations or applications. By default, these protection mechanisms are enabled (Auto).
Page 423: Ssid Configuration
Software User Manual D-Link Unified Access System 12/10/09 SSID C ONFIGURATION The SSID tab displays the virtual access point (VAP) settings associated with the default AP profile. Each VAP has an associated network, which is identified by its network number and Service Set Identifier (SSID). You can configure and enable up to 16 VAPs per radio on each physical access point.
Page 424: Configuring The Default Network
D-Link Unified Access System Software User Manual 12/10/09 Table 262: Default VAP Configuration Field Description Network Use the option to the left of the network to enable or disable the corresponding VAP on the selected radio. When enabled, use the menu to select a networks to assign to the VAP. You can configure up to 64 separate networks on the switch and apply them across multiple radio and VAP interfaces.
Page 425: Figure 296: Configuring Network Settings
Software User Manual D-Link Unified Access System 12/10/09 Figure 296: Configuring Network Settings Table 263 describes the fields on the Wireless Network Configuration page. After you change the wireless network settings, click Submit to save the changes. Document 34CSFP6XXUWS-SWUM100-D7 Basic Setup...
Page 426: Table 263: Wireless Network Configuration
The nodes in a VLAN share resources and bandwidth and are isolated on that network. The D-Link Unified Switch supports the configuration of a wireless VLAN. You can configure each VAP to be on a unique VLAN or on the same VLAN as other VAPs.
Page 427 Software User Manual D-Link Unified Access System 12/10/09 Table 263: Wireless Network Configuration (Cont.) Field Description MAC Authentication If you enable MAC authentication, wireless clients must be authenticated by the AP in order to connect to the network. To use MAC authentication, configure the client MAC addresses in one of the following databases: •...
Page 428 Security The default AP profile does not use any security mechanism by default. In order to protect your network, D-Link strongly recommends that you select a security mechanism so that unauthorized wireless clients cannot gain access to your network. The following WLAN network security options are available: •...
Page 429 Software User Manual D-Link Unified Access System 12/10/09 Table 263: Wireless Network Configuration (Cont.) Field Description Client QoS The Client QoS parameters allow the switch to apply access control lists (ACLs) and differentiated service (DiffServ) policies to wireless clients associated to the AP and extend the switch QoS features into the wireless domain.
Page 430 D-Link Unified Access System Software User Manual 12/10/09 Table 263: Wireless Network Configuration (Cont.) Field Description Client QoS DiffServ Select the name of the DiffServ policy applied to traffic from the AP in the outbound (down) Policy Down direction. Only existing DiffServ policies are listed in the menu. To create a DiffServ policy, use the pages in the LAN >...
Page 431: Configuring Ap Security
Configuring AP Security The Default AP profile does not use any security mechanism by default. In order to protect your network, D-Link strongly recommends that you select a security mechanism so that unauthorized wireless clients cannot gain access to your network.
Page 432: Figure 298: Static Wep Configuration
D-Link Unified Access System Software User Manual 12/10/09 If you select WEP as the Security Mode, additional fields display, as the following figure shows. Figure 298: Static WEP Configuration Table 264 describes the configuration options for WEP. Table 264: Static WEP...
Page 433 Software User Manual D-Link Unified Access System 12/10/09 Table 264: Static WEP Field Description WEP Key Length Specify the length of the key by clicking one of the radio buttons: • 64 bits • 128 bits The Transfer Key Index indicates which WEP key the access point uses to encrypt the data it transmits.
Page 434: Figure 299: Wpa Personal Configuration
• WPA: If all client stations on the network support the original WPA but none support the newer WPA2, then select WPA. • WPA2: If all client stations on the network support WPA2, D-Link suggests using WPA2 which provides the best security per the IEEE 802.11i standard.
Page 435 Software User Manual D-Link Unified Access System 12/10/09 Table 265: WPA Security Field Description Bcast Key Refresh Rate Enter a value to set the interval at which the broadcast (group) key is refreshed for clients associated to this VAP. The valid range is 0-86400 seconds. A value of 0 indicates that the broadcast key is not refreshed.
Page 436: Valid Access Point Summary
D-Link Unified Access System Software User Manual 12/10/09 ALID CCESS OINT UMMARY The Wireless Global Configuration page contains a field to select whether to use a local or RADIUS database for AP Validation. The Valid Access Point Summary page contains information about APs configured in the local database. If the AP Validation is set to RADIUS, information about the APs to be managed by the switch must be added to the external RADIUS database.
Page 437: Valid Access Point Configuration
Software User Manual D-Link Unified Access System 12/10/09 Table 266: Valid Access Point Summary Field Description Profile This field displays the AP profile assigned to the AP. To assign a different profile to the AP, click the MAC address of the AP to go to the Valid Access Point Configuration page.
Page 438: Table 267: Valid Ap Configuration
See the following table for the Standalone mode field descriptions. • Managed: The AP is part of the D-Link Unified Switch, and you manage it by using the Unified Switch. If an AP is in Managed Mode, the Administrator Web UI and SNMP services on the AP are disabled.
Page 439: Local Oui Database Summary
AP or the switch. Standalone APs are managed individually, and not by using a D-Link Unified Switch. By including standalone APs in the Valid AP database and specifying their expected settings, you can help ensure that only legitimate APs are on your network.
Page 440: Figure 302: Local Oui Database Summary
D-Link Unified Access System Software User Manual 12/10/09 Figure 302: Local OUI Database Summary Table 269: Local OUI Database Summary Field Description OUI Value Enter the OUI that represents the company ID in the format XX:XX:XX where XX is a hexadecimal number between 00 and FF.
Page 441: Ap Management
Software User Manual D-Link Unified Access System 12/10/09 AP M ANAGEMENT The AP Management folder contains links to the following pages that help you manage and maintain the APs on your D-Link Unified Switch network: • Reset • RF Management •...
Page 442: Configuring Channel Plan And Power Settings
D-Link Unified Access System Software User Manual 12/10/09 data and media traffic is competing for bandwidth. For the b/g radio band, the classical set of non-interfering channels is 1, 6, 11. Channels 1, 4, 8, 11 produce minimal overlap. A similar set of non-interfering channels is used for the a radio band, which includes all channels for that mode since they are not overlapping.
Page 443: Table 270: Rf Channel Plan And Power Adjustment
Software User Manual D-Link Unified Access System 12/10/09 When the AP changes its channel, all associated wireless clients temporarily lose their connection to the AP and must re-associate. The re-association can take several seconds, which can affect time-sensitive traffic such as voice and video.
Page 444: Viewing The Channel Plan History
D-Link Unified Access System Software User Manual 12/10/09 Table 270: RF Channel Plan and Power Adjustment (Cont.) Field Description Power Adjustment This field determines how often the switch runs the power adjustment algorithm. The algorithm Interval runs automatically only if you set the power adjustment mode to Interval.
Page 445: Initiating Manual Channel Plan Assignments
Software User Manual D-Link Unified Access System 12/10/09 Table 271: Channel Plan History (Cont.) Field Description AP MAC Address This table displays the channel assigned to an AP in an iteration of the channel plan. Location Radio Iteration Channel Initiating Manual Channel Plan Assignments If you specify Manual as the Channel Plan Mode on the Configuration tab, the Manual Channel Plan page allows you to initiate the Channel Plan algorithm.
Page 446: Initiating Manual Power Adjustments
D-Link Unified Access System Software User Manual 12/10/09 • The AP has been rebooted since the channel plan was computed and acquires a static channel that has been set statically via local database. • The channel has been set manually through the advanced page.
Page 447: Figure 308: Software Download
In the Group Size field, enter the number of APs that can be upgraded at the same time. When one group completes the upgrade, the next group begins the process. Image Download Type Type of the image to be downloaded. D-Link Unified Switch supports only one type - that for the DWL-8600AP. Document...
Page 448: Managed Ap Advanced Settings
AP upgrades in order not to overwhelm the TFTP server. To select multiple APs to upgrade, CTRL + click the APs to upgrade. Note: D-Link recommends that you upgrade all managed APs at the same time. The following fields display after you click Start:...
Page 449: Debugging The Ap
Software User Manual D-Link Unified Access System 12/10/09 you can also manually change the RF channel and power for each radio on an AP. The manual power and channel changes override the settings configured in the AP profile (including automatic channel selection) and take effect immediately. The manual channel and power assignments are not retained when the AP is reset or if the profile is reapplied to the AP, such as when the AP disassociates and reassociates with the switch.
Page 450: Adjusting The Channel And Power
D-Link Unified Access System Software User Manual 12/10/09 The fields in Table 274 on page 450 appear when you click the Debug link for a managed AP on the Managed AP Advanced page. Figure 310: Managed AP Debug Table 274: Managed AP Debug...
Page 451: Table 275: Managed Ap Channel/Power Adjust
Software User Manual D-Link Unified Access System 12/10/09 Table 275: Managed AP Channel/Power Adjust Field Description AP MAC Address Shows the MAC address of the access point. Radio Displays the radio and its mode. The changes apply only to this radio.
Page 452: Monitoring Status And Statistics
D-Link Unified Access System Software User Manual 12/10/09 ONITORING TATUS AND TATISTICS The Status/Statistics folder contains links to the following pages that help you monitor the status and statistics for your D- Link Unified Switch network: • Wireless Global Status/Statistics •...
Page 453: Table 276: Global Wlan Status/Statistics
Software User Manual D-Link Unified Access System 12/10/09 Table 276: Global WLAN Status/Statistics Field Description WLAN Switch This status field displays the operational status of the WLAN Switch. The WLAN Switch may Operational Status be configured as enabled, but is operationally disabled due to configuration dependencies. If the operational status is disabled, the reason will be displayed in the following status field.
Page 454 D-Link Unified Access System Software User Manual 12/10/09 Table 276: Global WLAN Status/Statistics Field Description Unknown Access Number of Unknown APs currently detected on the WLAN. If an AP configured to be managed Points by the Unified Switch is detected through an RF scan at any time that it is not actively managed it is classified as an Unknown AP.
Page 455: Viewing Switch Status And Statistics Information
Software User Manual D-Link Unified Access System 12/10/09 Table 276: Global WLAN Status/Statistics Field Description WLAN Packets Receive Total packets received across all APs managed by the switch that were dropped. Dropped Distributed Tunnel Total number of packets sent by all APs via distributed tunnels.
Page 456: Viewing Ip Discovery Status
D-Link Unified Access System Software User Manual 12/10/09 Table 277: Switch Status/Statistics Field Description Total Access Points Total number of Managed APs in the database. This value is always equal to the sum of Managed Access Points, Connection Failed Access Points, and Discovered Access Points.
Page 457: Viewing The Peer Switch Configuration Received Status
Software User Manual D-Link Unified Access System 12/10/09 Figure 313: Wireless Discovery Status The status is in one of the following states: • Not Polled: The switch has not attempted to contact the IP address in the L3/IP Discovery list.
Page 458: Viewing The Ap Hardware Capability List
D-Link Unified Access System Software User Manual 12/10/09 Table 278: Peer Switch Configuration Field Description Current Receive Status Indicates the global status when wireless configuration is received from a peer switch. The possible status values are as follows: • Not Started •...
Page 459: Figure 315: Ap Hardware Capability Information
Software User Manual D-Link Unified Access System 12/10/09 Figure 315: AP Hardware Capability Information Table 279 describes the fields available on the AP Hardware Capabilities page. Table 279: AP Hardware Capability Summary Field Description Hardware Type Includes a description of the platform and the supported IEEE 802.11 modes.
Page 460: All Ap Status
D-Link Unified Access System Software User Manual 12/10/09 Table 280: AP Hardware Capability Radio Detail Field Description 802.11a Shows whether support for IEEE 802.11a mode is enabled. Support 802.11bg Shows whether support for IEEE 802.11bg mode is enabled. Support 802.11n Shows whether support for IEEE 802.11n mode is enabled.
Page 461: Table 281: Monitoring All Access Points
The network address of the access point. Software Version Shows the version of D-Link Access Point software that the AP is running. Shows how much time has passed since the AP was last detected and the information was last updated.
Page 462: Managed Ap Status
D-Link Unified Access System Software User Manual 12/10/09 AP S ANAGED TATUS From the WLAN > Monitoring > Access Point > Managed AP Status page, you can access a variety of information about each AP that the switch manages. The pages you access from the Status tab provide configuration and association information about managed APs and their neighbors.
Page 463 Software User Manual D-Link Unified Access System 12/10/09 Table 282: Managed Access Point Status Field Description Location A location description for the AP. This is the value configured in the valid AP database (either locally or on the RADIUS server).
Page 464: Viewing Detailed Managed Access Point Status
D-Link Unified Access System Software User Manual 12/10/09 Viewing Detailed Managed Access Point Status To view detailed information about an AP that the switch manages, click the MAC address of the AP from the Summary page or select the MAC address of the AP from the drop-down menu on the Detail page.
Page 465 • Switch IP Configured: The managed AP is configured with the Unified Switch IP address. • Switch IP DHCP: The managed AP learned the current DWL-8600AP IP address through DHCP option 43. • L2 Poll Received: The AP was discovered through the D-Link Wireless Device Discovery protocol. Protocol Version Indicates the protocol version supported by the software on the AP, which is learned from the AP during discovery.
Page 466: Viewing Managed Access Point Radio Summary Information
D-Link Unified Access System Software User Manual 12/10/09 Viewing Managed Access Point Radio Summary Information You can view general information about each operational radio on all APs managed by the switch. The Managed Access Point Radio Summary page shows the channel, transmit power, and number of associated wireless clients for all managed APs.
Page 467: Viewing Managed Access Point Neighbor Aps
Software User Manual D-Link Unified Access System 12/10/09 Table 285: Managed AP Radio Detail (Cont.) Field Description Authenticated Clients Total count of clients authenticated with the AP on the physical radio. This is a sum of all the clients authenticated with the AP for each VAP enabled on the radio.
Page 468: Viewing Clients Associated With Neighbor Access Points
The Ethernet MAC address of the neighbor AP network, this could be a physical radio interface or VAP MAC address. For D-Link APs this is always a VAP MAC address. The neighbor AP MAC address may be cross-referenced in the RF Scan status.
Page 469: Viewing Managed Access Point Vaps
Software User Manual D-Link Unified Access System 12/10/09 Table 288: Neighbor AP Clients Field Description Discovery Reason Indicates one or more discovery methods for the neighbor client. One or more of the following values may be displayed: • RF Scan Discovered: The client was reported from an RF scan on the radio. Note that client stations are difficult to detect via RF scan, the other methods are more common for client neighbor detection.
Page 470: Managed Access Point Statistics
D-Link Unified Access System Software User Manual 12/10/09 Use the menu above the table to select the AP with the distributed tunneling information to view. The AP is identified by its MAC address and location. Table 290 describes the fields you see on the Managed Access Point Distributed Tunneling Status page for the managed access point status.
Page 471: Viewing Managed Access Point Ethernet Statistics
Software User Manual D-Link Unified Access System 12/10/09 • Distributed Tunneling: Shows information about the L2 tunnels currently in use on the AP. On the WLAN Summary and Ethernet Summary pages, click the MAC address of the AP to view detailed statistics about the AP.
Page 472: Viewing Managed Access Point Radio Statistics
D-Link Unified Access System Software User Manual 12/10/09 Table 293: Detailed Managed Access Point Statistics Field Description WLAN Bytes Received Total bytes received by the AP on the wireless network. WLAN Packets Transmitted Total packets transmitted by the AP on the wireless network.
Page 473 Software User Manual D-Link Unified Access System 12/10/09 Table 294: Managed Access Point Radio Statistics Field Description WLAN Bytes Transmitted Total bytes transmitted by the AP on this radio interface. WLAN Packets Receive Dropped Number of packets received by the AP on this radio interface that were dropped.
Page 474: Viewing Managed Access Point Vap Statistics
D-Link Unified Access System Software User Manual 12/10/09 Viewing Managed Access Point VAP Statistics The VAP statistics show information about the client failures and number of packets and bytes transmitted and received on each VAP on radio one or two for a particular access point managed by the switch.
Page 475: Associated Client Status/Statistics
Software User Manual D-Link Unified Access System 12/10/09 Table 296: Managed Access Point Distributed Tunneling Statistics Field Description Total Roamed Clients of AP Number of Clients that used this AP for distributed tunneling. The count include clients that roamed away and roamed to this AP.
Page 476: Viewing Associated Client Summary Status
D-Link Unified Access System Software User Manual 12/10/09 Association Detail: Shows additional information about packets the associated client transmits and receives during association with a single managed AP. Session Detail: Shows additional information about packets the associated client transmits and receives during a session, which can include statistics for one or more managed AP associations if the client has roamed.
Page 477: Viewing Detailed Associated Client Status
Software User Manual D-Link Unified Access System 12/10/09 Table 297: Associated Client Status Summary Field Description Indicates the amount of time that has passed since this client first authenticated with the network. Viewing Detailed Associated Client Status For each client associated with an AP that the switch manages, you can view detailed status information about the client and its association with the access point.
Page 478: Viewing Associated Client Qos Status
D-Link Unified Access System Software User Manual 12/10/09 Table 298: Detailed Associated Client Status (Cont.) Field Description NetBIOS Name Identifies the NetBIOS name of the wireless client. For Microsoft Windows hosts, the NetBIOS name is typically the same as, or based on the host name.
Page 479: Viewing Associated Client Neighbor Ap Status
Software User Manual D-Link Unified Access System 12/10/09 Table 299: Associated Client QoS Status Field Description Actual Use the selector to determine the source of the information the page displays: RADIUS (Cached) • Select Actual to display either the actual status parameters configured on the AP.
Page 480: Viewing Associated Client Distributed Tunneling Status
D-Link Unified Access System Software User Manual 12/10/09 Table 300: Associated Client Neighbor AP Status Field Description Discovery Reason Indicates one or more discovery methods for the neighbor client. One or more of the following values may be displayed: • RF Scan: The client was reported from an RF scan on the radio. Note that client stations are difficult to detect via RF scan, the other methods are more common for client neighbor detection.
Page 481: Viewing Ssid Associated Client Status
Software User Manual D-Link Unified Access System 12/10/09 Table 301: Associated Client Distributed Tunneling Status Field Description Home AP MAC Address Shows the MAC Address of the Home AP for the client. The value is meaningful only for clients that are associated with networks enabled for distributed tunneling.
Page 482: Viewing Switch Associated Client Status
D-Link Unified Access System Software User Manual 12/10/09 Table 303: VAP Associated Client Status Field Description BSSID Indicates the Ethernet MAC address for the managed AP VAP where this client is associated. SSID Indicates the SSID for the managed AP VAP where this client is associated.
Page 483: Figure 329: Associated Client Association Summary Statistics
Software User Manual D-Link Unified Access System 12/10/09 Figure 329: Associated Client Association Summary Statistics Table 305: Associated Client Association Summary Statistics Field Description MAC Address The Ethernet address of the client station. Packets Received Packets received from the client station.
Page 484: Viewing Detailed Associated Client Association Statistics
D-Link Unified Access System Software User Manual 12/10/09 Viewing Detailed Associated Client Association Statistics The statistics on the WLAN > Monitoring > Client > Associated Clients > Statistics > Association Detail tab displays the Associated Client Statistics page. This page shows information about the traffic a wireless client receives and transmits while it is associated with a single AP.
Page 485: Peer Switch Status
Software User Manual D-Link Unified Access System 12/10/09 Figure 332: Associated Client Session Detail Statistics Table 308: Associated Client Session Detail Statistics Field Description Packets Received Total packets received from the client station. Bytes Received Total bytes received from the client station.
Page 486: Viewing Peer Switch Configuration Status
D-Link Unified Access System Software User Manual 12/10/09 Figure 333: Peer Switch Status Table 309: Peer Switch Status Field Description IP Address IP address of the peer wireless switch in the cluster. Vendor ID Vendor ID of the peer switch software.
Page 487: Viewing Peer Switch Managed Ap Status
Software User Manual D-Link Unified Access System 12/10/09 Table 310: Peer Switch Configuration Status Field Description Peer IP Address Shows the IP address of each peer wireless switch in the cluster that received configuration information. Configuration Switch IP Shows the IP Address of the switch that sent the configuration information.
Page 488: Monitoring And Managing Intrusion Detection
The Hardware ID associated with the AP hardware platform . ONITORING AND ANAGING NTRUSION ETECTION This section contains the following subsections to help manage and monitor the APs and wireless clients in the D-Link Unified Switch network and to protect against rogue devices: • AP RF Scan Status •...
Page 489: Figure 336: Rf Scan
MAC Address The Ethernet MAC address of the detected AP. This could be a physical radio interface or VAP MAC. For D-Link APs this is always a VAP MAC address. SSID Service Set ID of the network, which is broadcast in the detected beacon frame.
Page 490: Figure 337: Rf Scan Ap Details
D-Link Unified Access System Software User Manual 12/10/09 Table 313: RF Scan Buttons Button Description Delete All Clears all APs from the RF scan list. The list repopulates as the APs are discovered. Manage To configure a Rogue AP to be managed by the switch the next time it is discovered, select the check box next to the MAC address of a detected AP and click Manage.
Page 491: Viewing Access Point Triangulation Status
MAC Address The Ethernet MAC address of the detected AP. This could be a physical radio interface or VAP MAC. For D-Link APs this is always a VAP MAC address. SSID Service Set ID of the network, which is broadcast in the detected beacon frame.
Page 492: Viewing Wids Ap Rogue Classification Information
The Ethernet MAC address of the detected AP. This could be a physical radio interface or VAP Address MAC. For D-Link APs this is always a VAP MAC address. Sentry Identifies whether the AP that detected the entry is in sentry or non-sentry mode.
Page 493: Figure 339: Wids Ap Rogue Classification
MAC Address The Ethernet MAC address of the detected AP. This could be a physical radio interface or VAP MAC. For D-Link APs this is always a VAP MAC address. Test Description Identifies the tests that were performed, which includes the following: •...
Page 494: Detected Client Status
D-Link Unified Access System Software User Manual 12/10/09 Table 316: WIDS AP Rogue Classification Field Description Test Result Shows whether this test reported the device as rogue. In some cases the test may report a positive result, be enabled, but not report the device as rogue because the device is allowed to operate in this mode.
Page 495: Viewing Detailed Detected Client Status
Software User Manual D-Link Unified Access System 12/10/09 Table 317: Detected Client Status Field Description MAC Address The Ethernet address of the client. Client Name Shows the name of the client, if available, from the Known Client Database. If client is not in the database then the field is blank.
Page 496: Table 318: Detailed Detected Client Status
D-Link Unified Access System Software User Manual 12/10/09 Table 318: Detailed Detected Client Status Field Description MAC Address The Ethernet address of the client. Client Status Shows the client status, which can be one of the following: • Authenticated—Client is Authenticated with the system and is not Rogue.
Page 497: Viewing Wids Client Rogue Classification
Software User Manual D-Link Unified Access System 12/10/09 Table 318: Detailed Detected Client Status (Cont.) Field Description De-Auth Collection Shows the amount of time spent in each de-authentication collection period. The Interval deauthentication collection helps the switch decide whether the client is a threat.
Page 498: Viewing Detected Client Pre-Authentication History
D-Link Unified Access System Software User Manual 12/10/09 Table 319: WIDS Client Rogue Classification Field Description MAC Address The Ethernet MAC address of the detected wireless client. Test Description Identifies the tests that were performed, which includes the following: • Client is not listed in the Known Clients database.
Page 499: Viewing Detected Client Triangulation
Software User Manual D-Link Unified Access System 12/10/09 Table 320: Detected Client Pre-Authentication History Field Description MAC Address MAC address of the client. AP MAC Address MAC Address of the managed AP to which the client has pre-authenticated. Radio Interface Number Radio number to which the client is authenticated, which is either Radio 1 or Radio 2.
Page 500: Viewing Detected Client Roam History
D-Link Unified Access System Software User Manual 12/10/09 Table 321: Detected Client Triangulation Field Description Signal Strength Received signal strength in dBm. The possible range is –127 to 127. However, realistically, this value is expected to range from –95 to –10.
Page 501: Detected Client Roam History Summary
Software User Manual D-Link Unified Access System 12/10/09 The Detected Client Pre-Authentication History Summary page lists detected clients that have made pre-authentication requests and identifies the APs that have received the requests. Figure 346: Detected Client Pre-Authentication History Summary Table 323 describes the fields on the Detected Client Pre-Authentication History Summary page.
Page 502: Ad Hoc Client Status
D-Link Unified Access System Software User Manual 12/10/09 LIENT TATUS An ad hoc client is a wireless client that gains access to the WLAN through a wireless client that is associated with an access point. The ad hoc client does not communicate directly with the AP. Ad hoc networks are a particular concern because they consume RF bandwidth and can present a security risk.
Page 503: Ap Authentication Failure Status
Software User Manual D-Link Unified Access System 12/10/09 Table 325: Ad Hoc Client Status Field Description Detection Mode The mechanism of detecting this Ad Hoc device. The possible values are Beacon Frame or Data Frame. Time since last detection of the ad hoc network.
Page 504: Figure 350: Ap Authentication Failure Details
AP configuration. If you use a RADIUS server for AP validation, you must add the MAC address of the AP to the RADIUS server database. Click the MAC address of the AP to view more information about the AP. If the AP is not a D-Link AP, some values are unknown.
Page 505: Ap De-Authentication Attack Status
Software User Manual D-Link Unified Access System 12/10/09 Table 327: Access Point Authentication Failure Details Field Description MAC Address The Ethernet address of the AP. IP Address The network IP address of the AP. Last Failure Type Indicates the last type of failure that occurred, which can be one of the following: •...
Page 506: Configuring Advanced Settings
D-Link Unified Access System Software User Manual 12/10/09 • The de-authentication attack is not effective against Ad hoc networks because these networks do not use authentication. • The APs operating on channels outside of the country domain are not attacked because sending any traffic on illegal channels is against the law.
Page 507: Figure 352: Global Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 352: Global Configuration Table 329 describes the fields on the Wireless Global Configuration page. Table 329: General Global Configurations Field Description Peer Group ID In order to support larger networks, you can configure wireless switches as peers, with up to 64 switches in a cluster (peer group).
Page 508: Wireless Snmp Trap Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 329: General Global Configurations Field Description Detected Clients Status This value determines how long to keep an entry in the Detected Client Status list. Each entry Timeout in the status list shows an age, and when the age reaches the value you configure in the timeout field, the entry is deleted.
Page 509: Figure 353: Snmp Trap Configuration
Software User Manual D-Link Unified Access System 12/10/09 Figure 353: SNMP Trap Configuration When an AP is managed by a switch, it does not send out any traps. The switch generates all SNMP traps based on its own events and the events it learns about through updates from the APs it manages.
Page 510: Distributed Tunneling Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 330: SNMP Traps (Cont.) Field Description Peer Switch Traps If you enable this field, the SNMP agent sends a trap for one of the following reasons associated with a peer switch •...
Page 511: Known Client
Software User Manual D-Link Unified Access System 12/10/09 Figure 354: Distributed Tunneling Configuration Table 331 shows the fields on the Distributed Tunneling Configuration page. Table 331: Distributed Tunneling Configuration Field Description Distributed Tunnel Clients Specify the maximum number of distributed tunneling clients that can roam away from the Home AP at the same time.
Page 512: Known Client Configuration
D-Link Unified Access System Software User Manual 12/10/09 Table 332: Known Client Summary Field Description MAC Address Shows the MAC address of the known client. Name Shows the descriptive name configured for the client when it was added to the Known Client database.
Page 513: Wireless Network List
Software User Manual D-Link Unified Access System 12/10/09 Table 333: Known Client Configuration Field Description Authentication Action Specify the action to take on a wireless client when MAC authentication is enabled on the network. The following options are available: • Grant—Allow the client with the specified MAC address to access the network.
Page 514: Ap Profiles
D-Link Unified Access System Software User Manual 12/10/09 AP P ROFILES Access point configuration profiles are a useful feature for large wireless networks with APs that serve a variety of different users. You can create multiple AP profiles on the Unified Switch to customize APs based on location, function, or other criteria.
Page 515: Creating, Copying, And Deleting Ap Profiles
Software User Manual D-Link Unified Access System 12/10/09 It is recommended that in a switch cluster, the profiles should be synchronized on all the switches in the cluster in order to get consistent information from the wireless system. Creating, Copying, and Deleting AP Profiles From the WLAN >...
Page 516: Applying An Ap Profile
D-Link Unified Access System Software User Manual 12/10/09 Table 335: Access Point Profile List Field Description Profile Name The Access Point profile name you added. Use 0 to 32 characters. Only alphanumeric characters are allowed. No special characters are allowed.
Page 517: Figure 360: Applying The Ap Profile
When you apply new AP Profile settings to an AP, the access point stops and restarts system processes. If this happens, wireless clients will temporarily lose connectivity. D-Link recommends that you change access point settings when WLAN traffic is low.
Page 518: Access Point Profile Qos Configuration
VLAN ID The tracer packets help the switch identify unauthorized APs that do not belong to the D-Link Unified Access System but are connected to the wired network. When you select a profile and click Clear, all configurations will be set to to the default values for the profile except the profile name.
Page 519: Figure 362: Qos Configuration
12/10/09 Figure 362: QoS Configuration Configuring Quality of Service (QoS) on the D-Link Unified Switch consists of setting parameters on existing queues for different types of wireless traffic, and effectively specifying minimum and maximum wait times (through Contention Windows) for transmission. The settings described here apply to data transmission behavior on the access point only, not to that of the client stations.
Page 520 With WMM enabled, QoS settings on the D-Link Unified Switch control downstream traffic flowing from the access point to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters).
Page 521: Peer Switch
Software User Manual D-Link Unified Access System 12/10/09 Table 337: QoS Settings (Cont.) Field Description Station EDCA Parameters Queue Queues are defined for different types of data transmitted from station-to-AP: • Data 0 (Voice)—Highest priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.
Page 522: Figure 363: Peer Switch Configuration Request Status
D-Link Unified Access System Software User Manual 12/10/09 Figure 363: Peer Switch Configuration Request Status To initiate a configuration update on a specific peer switch, select the box next to the IP address of the peer switch to update, and then click Start. To update all peer switches, click Start All.
Page 523: Figure 364: Peer Switch Configuration Enable/Disable
Software User Manual D-Link Unified Access System 12/10/09 Figure 364: Peer Switch Configuration Enable/Disable You can make changes to a configuration that has been sent to one or more peer switches, and you can make changes to a configuration received from a peer switch. No changes automatically propagate from one switch to the cluster; you must manually initiate a request on one switch in order to copy any configuration to its peers.
Page 524: Wids Security
LAN > QoS > Differentiated Services folder. WIDS S ECURITY The D-Link Unified Switch Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network and take automatic actions to protect the network. WIDS AP Configuration The WIDS AP Configuration page allows you to activate or deactivate various threat detection tests and set threat detection thresholds in order to help detect rogue APs on the wireless network.
Page 525: Figure 365: Wids Ap Configuration
Software User Manual D-Link Unified Access System 12/10/09 Although operational mode radios can detect most threats, the sentry radios detect the threats faster, especially when a potential rogue is operating on a different channel from any of the managed AP radios. The number of deployed sentry radios should be sufficient to provide coverage by one sentry radio in every geographical location within the network.
Page 526 D-Link Unified Access System Software User Manual 12/10/09 Table 340: WIDS AP Configuration Field Description AP without an SSID SSID is an optional field in beacon frames. To avoid detection a hacker may set up an AP with the managed network SSID, but disable SSID transmission in the beacon frames.
Page 527: Wids Client Configuration
This feature is disabled by default. WIDS Client Configuration The D-Link Unified Switch Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network and take automatic actions to protect the network. The settings you configure on the WIDS Client Configuration page help determine whether a detected client is classified as a rogue.
Page 528: Figure 366: Wids Client Configuration
D-Link Unified Access System Software User Manual 12/10/09 Figure 366: WIDS Client Configuration Table 341 describes the fields on the WIDS Client Configuration page. Table 341: WIDS Client Configuration Field Description Not Present in Known Client Database This test checks whether the client, which is identified by its MAC address, is...
Page 529: Visualizing The Wireless Network
WLAN Visualization graph, you can access information about the object and links to configuration pages on the Web interface. This section contains the following subsections to help you manage the WLAN Visualization component of the D-Link Unified Switch: •...
Page 530: Importing And Configuring A Background Image
JPG (Joint Photographic Experts Group) Additionally, D-Link recommends that you do not use color images since the WLAN components might not show up as well. To load an image onto the switch to use as a background for the WLAN Visualization graph, use the following procedures: 1 Click WLAN Visualization >...
Page 531: Setting Up The Graph Components
Software User Manual D-Link Unified Access System 12/10/09 Once you upload an image file and save the running configuration, the image remains on the switch and you can assign it to an existing graph using the WLAN Visualization application. ETTING...
Page 532 D-Link Unified Access System Software User Manual 12/10/09 it is in meters or feet. The length you enter determines the scale of the background image in relation to the network components. The scale of the background image affects the way the WLAN Visualization tool presents the radio frequency (RF) coverage of the access points, so it is important to be as accurate as possible when you specify the length.
Page 533: Graphing The Wlan Components
Software User Manual D-Link Unified Access System 12/10/09 4 Click Save to complete the graph setup. The background you uploaded to the switch appears in the background of the graph. You can create multiple graphs. For example, if your network spans multiple floors or buildings, you might have a graph for each area.
Page 534: Figure 369: List View And Tabbed View
D-Link Unified Access System Software User Manual 12/10/09 List View Tab View Figure 369: List View and Tabbed View Wireless clients do not appear in the panel. Instead, they are automatically graphed based on their association with (or disassociation from) a AP that is graphed.
Page 535: Understanding The Menu Bar Options
Software User Manual D-Link Unified Access System 12/10/09 Figure 371: Graphed Components To remove a component from the graph, right-click the component, the select Edit > Un-Graph. NDERSTANDING THE PTIONS The following table provides an overview of the menu items available in the WLAN Visualization tool.
Page 536: Legend Menu
D-Link Unified Access System Software User Manual 12/10/09 Table 342: WLAN Visualization Menu Bar Options (Cont.) Menu Item Ungraphed Components Allows you to change the view of the ungraphed components in the panel on the left: • Tab View: Shows one type of component at a time, organized by tabs.
Page 537: Figure 372: Legend
Software User Manual D-Link Unified Access System 12/10/09 The Images menu item shows the icons that represent the WLAN components on the graph. Figure 372: Legend As the legend shows, the Managed AP icon can be blue, green, or red, depending on the status of the AP: •...
Page 538: Managing The Graph
D-Link Unified Access System Software User Manual 12/10/09 The Channel Color legend maps the color of the power display image to the channel that the image color represents. The color corresponds to the channel that the radio is using for transmission. The available channels depend on the mode and country of operation.
Page 539: Appendix A: Configuration Examples
A pp e n di x A : C o nfi g ur a t io n E x a m p l e s This appendix contains examples of how to configure selected features available in the D-Link Unified Access System software.
Page 540 D-Link Unified Access System Software User Manual 12/10/09 1 Access the LAN > L2 Features > VLAN > VLAN Configuration page. 2 Select the Create option in the VLAN field. 3 Select the VLAN ID-Range option and enter 2 to 3 in the range fields.
Page 541 Software User Manual D-Link Unified Access System 12/10/09 18 From the Slot/Port menu, select 0/2. 19 In the Port VLAN ID field, enter 3 to assign VLAN 3 as the default VLAN for the port. 20 In the Acceptable Frame Types field, select VLAN Only to specify that untagged frames will be rejected on receipt.
Page 542: Configuring Multiple Spanning Tree Protocol
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING ULTIPLE PANNING ROTOCOL This example shows how to enable IEEE 802.1s Multiple Spanning Tree (MST) protocol on the switch and all of the ports and to set the bridge priority. To make multiple switches be part of the same MSTP region, make sure the Force Protocol Version setting for all switches is IEEE 802.1s.
Page 543 Software User Manual D-Link Unified Access System 12/10/09 a. Select MST 10 from the MST menu. b. Enter 16384 in the Bridge Priority field. c. Click VLAN 10 to select it from the VLAN ID field. d. Click Submit. 6 Use similar procedures to associate MST instance 20 to VLAN 20 and assign it a bridge priority value of 61440.
Page 544 D-Link Unified Access System Software User Manual 12/10/09 8 Use similar procedures to enable STP on port 0/2. 9 Force port 0/2 to be the root port for MST 20, which is the non-root bridge. a. Go to the LAN > L2 Features > Spanning Tree > MST Port Configuration/Status page.
Page 545: Configuring Vlan Routing
The diagram in this section shows a Layer 3 switch configured for port routing. It connects two VLANs, with two ports participating in one VLAN, and one port in the other. The script shows the commands you would use to configure D-Link Unified Access System software to provide the VLAN routing support shown in the diagram.
Page 546 D-Link Unified Access System Software User Manual 12/10/09 5 Enter 20 in the VLAN ID field, and then click Create. 6 Go to the LAN > L2 Features > Monitoring > VLAN Summary > VLAN Port Status page to view the logical interface IDs assigned to the VLAN routing interfaces.
Page 547 Software User Manual D-Link Unified Access System 12/10/09 Select interface 4/2 from the Slot/Port menu and configure it with an IP address of 192.150.4.1 and subnet mask of 255.255.255.0. Document 34CSFP6XXUWS-SWUM100-D7 Configuring VLAN Routing Page 547...
Page 548: Configuring 802.1X Network Access Control
D-Link Unified Access System Software User Manual 12/10/09 802.1X N ONFIGURING ETWORK CCESS ONTROL This example configures a single RADIUS server used for authentication and accounting at 10.10.10.10. The shared secret is configured to be secret . The process creates a new authentication list, called radiusList, which uses RADIUS as the authentication method.
Page 549 Software User Manual D-Link Unified Access System 12/10/09 8 Configure the RADIUS accounting server information. a. Go to the LAN > Security > RADIUS > Accounting Server page. b. Select Add from Accounting Server Host Address field. c. Enter 10.10.10.10 in the Accounting Server Host Address field.
Page 550: Configuring A Virtual Access Point
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING A IRTUAL CCESS OINT The following example shows how to configure the default virtual access point (VAP) profile on the switch. After the switch authenticates an AP it discovers on the network, it assigns the default profile to the AP. In order for the switch and AP to discover each other, the WLAN Switch feature must be enabled on the UWS, and the Managed Mode must be enabled on the AP.
Page 551 Software User Manual D-Link Unified Access System 12/10/09 3 Click the SSID tab to return to the Wireless Default VAP Configuration page. 4 Select the check box next to network 2, and then click Edit. 5 Configure the second VAP.
Page 552 D-Link Unified Access System Software User Manual 12/10/09 8 Configure the third VAP. Because this VAP uses WPA Enterprise, wireless clients must authenticate by using an external RADIUS server. Make sure that the RADIUS Authentication Server Configured field shows the status as Configured.
Page 553 Software User Manual D-Link Unified Access System 12/10/09 Document 34CSFP6XXUWS-SWUM100-D7 Configuring a Virtual Access Point Page 553...
Page 554: Configuring Differentiated Services For Voip
D-Link Unified Access System Software User Manual 12/10/09 ONFIGURING IFFERENTIATED ERVICES FOR One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time-sensitive: for a network to provide acceptable service, a guaranteed transmission rate is vital. This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side.
Page 555 Software User Manual D-Link Unified Access System 12/10/09 3 Go to the LAN > QoS > Differentiated Services > DiffServ Configuration page and enable DiffServ for the switch. 4 Go to the LAN > QoS > Differentiated Services > Class Configuration page, select Create from the Class Selector field, enter class_voip in the Class Name field, select All as the Class Type, and then click Submit.
Page 556 D-Link Unified Access System Software User Manual 12/10/09 9 Go to the Policy Configuration page, select Create from the Policy Selector menu, enter pol_voip in the Policy Name field, and then click Submit. 10 From the Available Class List menu, select class_voip, and then click Add Selected Class.
Page 557: Appendix B: Limited Warranty (Usa Only)
The customer must submit with the product as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same, along with proof of purchase of the product (such as a copy of the dated purchase invoice for the product).
Page 558 D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject to change without prior notice. Copyright 2009 by D-Link Corporation/D-Link Systems, Inc.
Page 559: Product Registration
Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
Page 560: Appendix C: Technical Support
You can find software updates and user documentation on the D- Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the service period, and warranty confirmation service, during the warranty period on this product.
Page 561: Technical Support
Technical Support United Kingdom (Mon-Fri) Home Wireless/Broadband 0871 873 3000 (9.00am–06.00pm, Sat 10.00am-02.00pm) Managed, Smart, & Wireless Switches, or Firewalls 0871 873 0909 (09.00am – 05.30pm) (BT 10ppm, other carriers may vary.) Ireland (Mon-Fri) All Products 1890 886 899 (09.00am-06.00pm, Sat 10.00am-02.00pm) €0.05ppm peak, €0.045ppm off peak Times Internet http://www.dlink.co.uk...
Page 562: Assistance Technique
0.12 € la minute : Du lundi au vendredi de 9h à 19h Assistance technique D-Link sur internet : http://www.dlink.fr Asistencia Técnica Asistencia Técnica Telefónica de D-Link: +34 902 30 45 45 0,067 €/min De Lunes a Viernes de 9:00 a 19:00 http://www.dlink.es Supporto tecnico Supporto Tecnico dal lunedì...
Page 563: Pomoc Techniczna
Pomoc techniczna Telefoniczna pomoc techniczna firmy D-Link: 0 801 022 021 Pomoc techniczna firmy D-Link świadczona przez Internet: URL: http://www.dlink.pl e-mail: serwis@dlink.pl Technická podpora Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz Telefon: 225 281 553 Telefonická podpora je v provozu: PO- PÁ od 09.00 do 17.00 Pevna linka 1,78 CZK/min - mobil 5.40 CZK/min...
Page 564 Teknistä tukea asiakkaille Suomessa: Arkisin klo. 9 - 21 numerosta : 06001 5557 Internetin kautta : http://www.dlink.fi Teknisk Support D-Link Teknisk Support via telefon: 0900-100 77 00 Vardagar 08.00-20.00 D-Link Teknisk Support via Internet: http://www.dlink.se Assistência Técnica Assistência Técnica da D-Link na Internet: http://www.dlink.pt...
Page 565 D-Link - ovo spletno stran www.dlink.eu www.dlink.biz/sl Suport tehnica Vă mulţumim pentru alegerea produselor D-Link. Pentru mai multe informaţii, suport şi manuale ale produselor vă rugăm să vizitaţi site-ul D-Link www.dlink.eu www.dlink.ro...
Page 566 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 24/7 Technical Support Web: http://www.dlink.com.au E-mail: support@dlink.com.au India: Tel: 1800-233-0000 (MTNL & BSNL Toll Free) +91-832-2885700 (GSM, CDMA & Others) Web: www.dlink.co.in...
Page 567 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035, +202-2919047 Sunday to Thursday 9:00am to 5:00pm Web: http://support.dlink-me.com E-mail: support.eg@dlink-me.com Iran: Tel: +98-21-88880918,19 Saturday to Thursday 9:00am to 5:00pm Web: http://support.dlink-me.com...
Page 568 Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: +7(495) 744-00-99 Техническая поддержка через Интернет...
Page 569 SOPORTE TÉCNICO Usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.dlinkla.com SOPORTE TÉCNICO PARA USUARIOS EN LATINO AMERICA Soporte técnico a través de los siguientes teléfonos de D-Link PAIS NUMERO HORARIO...
Page 570 Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Website para suporte: www.dlink.com.br/suporte...
Page 571 D-Link D-Link...
Page 572 Dukungan Teknis Update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web D-Link. Dukungan Teknis untuk pelanggan: Dukungan Teknis D-Link melalui telepon: Tel: +62-21-5731610 Dukungan Teknis D-Link melalui Internet: Email : support@dlink.co.id Website : http://support.dlink.co.id...
Page 573 Technical Support この度は弊社製品をお買い上げいただき、誠にありがとうございます。下記弊社 Web サイトからユーザ登録及び新製品登録を行っていただくと、ダウンロードサービスにてサポート情報、ファームウェア、ユーザマニュアルをダウンロードすることができます。ディーリンクジャパン Web サイト URL:http://www.dlink-jp.com...
Page 574 技术支持办公地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-05 室邮编: 100013 技术支持中心电话：8008296688/ (028)66052968 技术支持中心传真：(028)85176948 各地维修中心地址请登陆官方网站查询网址：http://www.dlink.com.cn 办公时间：周一到周五，早09:00到晚18:00...
Page 575: Registration Card
8. What category best describes your company? Aerospace Engineering Education Finance Hospital Legal Insurance/Real Estate Manufacturing Retail/Chain store/Wholesale Government Transportation/Utilities/Communication System house/company Other________________________________ 9. Would you recommend your D-Link product to a friend? Don't know yet 10.Your comments on this product? __________________________________________________________________________________________ __________________________________________________________________________________________...

This manual is also suitable for:

Dwl-8600ap Dws-4000 series

D-Link DWS-4026 User Manual

About this Document

Section 1: Getting Started

Connecting the Switch to the Network

Understanding the User Interfaces

Section 2: System Administration

Viewing ARP Cache

Viewing Inventory Information

Viewing the Dual Image Status

System Description

Switch Configuration

Card Configuration

Poe Configuration

Poe Status

Serial Port

IP Address

Network DHCP Client Options

HTTP Configuration

User Accounts

D-Link Unified Access System

Authentication List Configuration

Authentication List Summary

Login Session

User Login

Denial of Service Protection

Multiple Port Mirroring

Configuring and Searching the Forwarding Database

Managing Logs

D-Link Unified Access System

Telnet Sessions

Outbound Telnet Client Configuration

Ping Test

Configuring SNTP Settings

Software User Manual

Configuring and Viewing Device Slot Information

Configuring and Viewing Device Port Information

Port Summary

Multiple Port Mirroring

Configuring Sflow

Defining SNMP Parameters

D-Link Unified Access System

Viewing System Statistics

Software User Manual

Using System Utilities

Software User Manual

Managing the DHCP Server

DHCP Server Summary

Quick Links

User Manual

Related Manuals for D-Link DWS-4026

Summary of Contents for D-Link DWS-4026