Page 2 ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D - LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D - LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
Page 3: Table Of Contents
Wireless Controller User Manual Table of Contents Chapter 1. Introduction ........................... 13 About this User Manual ..................14 Typographical Conventions ................... 14 Chapter 2. Configuring Your Network ....................15 LAN Configuration....................15 2.1.1 LAN DHCP Reserved IPs ..................20 2.1.2 LAN DHCP Leased Clients..................21 2.1.3 LAN DHCP Pools ....................
Page 4 Wireless Controller User Manual System Overview ....................96 4.1.1 Dashboard........................ 96 4.1.2 Device Status ......................97 4.1.3 Wireless LAN AP information ................99 4.1.4 Cluster information ....................101 4.1.5 Resource Utilization ....................103 Traffic Statistics ..................... 105 4.2.1 Wired Port Statistics ..................... 106 Associated Client Status/Statistics ..............
Page 5 Wireless Controller User Manual Local OUI Database Summary ................166 AP Provisioning Summary ................... 167 Manual Management .................... 169 Chapter 6. Connecting to the Internet: Option Setup ............... 172 Internet Connection Setup Wizard ..............172 Option Configuration ..................... 173 6.2.1 Option Port IP address ..................174 6.2.2 Option DNS Servers .....................
Page 6 Wireless Controller User Manual 7.13 IP/MAC Binding ..................... 233 7.14 Switch Settings ...................... 234 7.15 Protecting from Internet Attacks ................. 236 Chapter 8. IPsec / PPTP / L2TP VPN ....................238 VPN Wizard ......................241 Configuring IPsec Policies ................... 244 8.2.1 Extended Authentication (XAUTH) ..............
Page 7 Wireless Controller User Manual 11.7.2 NT Domain Settings ..................... 312 11.7.3 LDAP Settings ....................... 314 11.7.4 Active Directory Settings ..................316 11.7.5 POP3 Settings ....................... 318 Chapter 12. Administration & Management ..................321 12.1 Remote Management ................... 321 12.2 CLI Access ......................321 12.3 SNMP Configuration .....................
Page 8 Wireless Controller User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings (DHCP server) ............18 Figure 2: Setup page for LAN TCP/IP settings (DHCP Relay) ............19 Figure 3: Setup page for LAN TCP/IP settings (continued) ..............20 Figure 4: LAN DHCP Reserved IPs ......................
Page 9 Wireless Controller User Manual Figure 34: Billing Profiles Configuration Settings ................... 58 Figure 35: List of MAC addresses not allowed to authenticate via the Captive Portal ..... 60 Figure 36: Login prompt for Front Desk users ..................62 Figure 37: WLAN global configuration ..................... 64 Figure 38: Configuring the Wireless Discovery ..................
Page 10 Wireless Controller User Manual Figure 70: AP RF Scan Status........................ 127 Figure 71: Global Status (Part 1)......................128 Figure 72: Global Status (Part 2)......................129 Figure 73: Peer Controller Status ......................134 Figure 74: Peer Controller Configuration Status .................. 135 Figure 75: Peer Controller Managed AP Status ...................
Page 11 Wireless Controller User Manual Figure 105: Load Balancing is available when multiple Option ports are configured and Protocol Bindings have been defined ....................190 Figure 106: Protocol binding setup to associate a service and/or LAN source to an Option and/or destination network ........................
Page 12 Figure 146: L2TP tunnel configuration – L2TP Server ................ 252 Figure 147: OpenVPN configuration ...................... 254 Figure 148: Example of clientless SSL VPN connections to the DWC-1000 ........256 Figure 149: List of Groups ........................257 Figure 150: User Group Configuration ....................259 Figure 151: SSLVPN Settings ........................
Page 13 Wireless Controller User Manual Figure 171: Distributed Tunneling ......................293 Figure 172: Distributed Tunneling Clients ..................... 294 Figure 173: Peer Controller Configuration Request Status ..............296 Figure 174: Peer Controller Configuration .................... 297 Figure 175: WIDS AP Configuration ...................... 302 Figure 176: WIDS Client Configuration ....................
Page 14: Chapter 1. Introduction
Application Rules, Firewall Rules, UPNP, IGMP proxy, and ALG/SMTP - 2. AP license upgrades the number of APs controller can manage. You can upgrade up to 3 AP licenses. By default DWC-1000 can manage up to 6 AP's. You increase the number by 6 upon each AP license.
Page 15: About This User Manual
About this User Manual This document is a high level manual to allow new D-Link Wireless Controller users to configure connectivity, WLAN configuration, setup VPN tunnels, establish firewall rules and AP management and perform general administrative tasks. Typical deployment and use case scenarios are described in each section.
Page 16: Chapter 2. Configuring Your Network
Web browser, or an SNMP -based network management system. Once the initial setup is complete, the DWC-1000 can be managed through wired interface connected to controller.
Page 17 Wireless Controller User Manual can be assigned IP addresses, the default gateway, as well as addresses for DNS servers, Windows Internet Name Service (WINS) servers. The PCs in the LAN are assigned IP addresses from a pool of addresses specified in this procedure. Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN.
Page 18 Wireless Controller User Manual DHCP Relay: With this option enabled, DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet. Specify the Relay Gateway, and when LAN clients make a DHCP request it will be passed along to the ser ver accessible via the Relay Gateway IP address.
Page 19: Figure 1: Setup Page For Lan Tcp/Ip Settings (Dhcp Server)
Wireless Controller User Manual Figure 1: Setup page for LAN TCP/IP settings (DHCP server)
Page 20: Figure 2: Setup Page For Lan Tcp/Ip Settings (Dhcp Relay)
Wireless Controller User Manual Figure 2: Setup page for LAN TCP/IP settings (DHCP Relay) When DHCP relay is enabled, DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet. Specify the Relay Gateway, and when LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address.
Page 21: Lan Dhcp Reserved Ips
Wireless Controller User Manual Figure 3: Setup page for LAN TCP/IP settings (continued ) 2.1.1 LAN DHCP Reserved IPs Setup > Network Settings > LAN DHCP Reserved IPs The controller DHCP server can assign TCP/IP configurations to computers in the LAN explicitly by adding client's network interface hardware address and the IP address to be assigned to that client in DHCP server's database.
Page 22: Lan Dhcp Leased Clients
Wireless Controller User Manual The actions that can be taken on list of reserved IP addresses are: Select: Selects all the reserved IP addresses in the list. Edit: Opens the LAN DHCP Reserved IP Configuration page to edit the selected binding rule.
Page 23: Lan Dhcp Pools
Wireless Controller User Manual Figure 5: LAN DHCP Leased Clients IP Addresses: The LAN IP address of a host that matches the reserved IP list. MAC Addresses: The MAC address of a LAN host that has a c onfigured IP address reservation.
Page 24: Lan Configuration In An Ipv6 Network
Wireless Controller User Manual Figure 6: LAN DHCP Pool configuration Once confirgured, the list of DHCP Pools at the bottom of the LAN Setup Configuration page (Figure 3) is updated with the new pool range. 2.1.4 LAN Configuration in an IPv6 Network Advanced >...
Page 25: Figure 7: Ipv6 Lan And Dhcpv6 Configuration
Wireless Controller User Manual Figure 7: IPv6 LAN and DHCPv 6 configuration  If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address.
Page 26 Wireless Controller User Manual DHCP v6 As with an IPv4 LAN network, the router has a DHCPv6 server. If enabled, the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses. The following settings are used to configure the DHCPv6 server: DHCP Status: This allow to Enable/Disable DHCPv6 server.
Page 27: Dhcpv6 Leased Clients
Wireless Controller User Manual Prefix Delegation The following settings are used to configure the Prefix Delegation: Prefix Delegation: Select this option to enable prefix delegation in DHCPv6 server. This option can be selected only in Stateless Address Auto Configuration mode of DHCPv6 server.
Page 28: Configuring Ipv6 Router Advertisements
Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN. By configuring the Router Advertisement Daemon on this router, the DWC-1000 will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements.
Page 29: Figure 9: Configuring The Router Advertisement Daemon
Wireless Controller User Manual Router Preference: this low/medium/high parameter determines the preference associated with the RADVD process of the router. This is useful if there are other RADVD enabled devices on the LAN as it helps avoid conflicts for IPv6 clients. MTU: The router advertisement will set this maximum transmission unit (MTU) value for all nodes in the LAN that are auto configured by the router.
Page 30: Figure 10: Ipv6 Advertisement Prefix Settings
Wireless Controller User Manual advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router. The following prefix options are available for the router advertisements: IPv6 Prefix Type: To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prefix type.
Page 31: Qos
Wireless Controller User Manual 2.2.1 LAN QoS Configuration Setup > QoS > LAN QoS > Trust Mode Configuration Enabling QoS on LAN is an advanced configuration, which is required only if you expect congestion on the traffic on the LAN ports. This page allows you to enable QoS and configure each port to trust a CoS or DSCP values in the packet.
Page 32: Dscp Configuration
Wireless Controller User Manual Figure 12: 801.P Configuration CoS Value: value of the CoS in the PCP part of the LAN traffic. Priority Queue: Priority for the particular CoS value 2.2.3 DSCP Configuration Setup > QoS > IP DSCP Configuration This page allows configuring IP DSCP values to which you can map an internal traffic class.
Page 33: Port Queue Scheduling
Wireless Controller User Manual Figure 13: Port DSCP Mapping DSCP: Lists the IP DSCP values to which you can map an internal traffic class. The values range from 0-63. Queue: This provides the priority of the queue 2.2.4 Port Queue Scheduling Setup >...
Page 34: Port Queue Status
Wireless Controller User Manual Queuing scheduling algorithm: The scheduling algorithm for the LAN controller can be configured here. The supported algorithms are strict and weighted round robin only. The device will be programmed to handle the traffic using the algorithm configured here Figure 14: Port Queue Schedul er 2.2.5 Port Queue Status...
Page 35: Option Qos Configuration
Wireless Controller User Manual Figure 15: Port Queue Status 2.2.6 Option QoS Configuration Setup > QoS > Option QoS Configuration This page allows configuring the Option QoS and defining the bandwidth for Option interfaces.
Page 36: Figure 16: Option Qos Configuration
Wireless Controller User Manual Figure 16: Option QoS Configuration Option QoS: To enable Bandwidth management select the check box and click Apply. Option Configuration: Define the upstream and downstream for bandwidth for Option1 and Option 2 interfaces. Bandwidth Profile: Click Add to define bandwidth profile Bandwidth Management Profile Name: Allows defining a profile name.
Page 37: Traffic Selector Configuration
Wireless Controller User Manual Figure 17: Bandwidth Profile Configuration 2.2.7 Traffic Selector Configuration Setup > QoS > Traffic Selector Configuration After you create a bandwidth profile, you can associate it with a traffic flow .
Page 38: Figure 18: Traffic Selector Configuration
Wireless Controller User Manual Figure 18: Traffic Selector Configuration Available Profiles: Select one of the previously configured bandwidth profiles to associate this traffic selector. Service: Select one of the services from the available services. Traffic Selector Match Type: Choose the method for identifying the host that is controlled by this traffic Selector: IP Address, MAC Address, Port Name, VLAN Name, DSCP value or BSSID.
Page 39: Remark Cos To Dscp
Wireless Controller User Manual 2.2.8 Remark CoS to DSCP Setup > QoS > Remark CoS to DSCP Remarking CoS to DSCP is an advanced QoS configuration, where the Layer 2 quality of service field is translated to a Layer 3 QoS field in the packet, so that upstream routers can make a QoS decision based on the DSCP field set in the packet.
Page 40 Wireless Controller User Manual identifiers. LAN ports can be assigned unique VLAN IDs so that traffic to and from that physical port can be isolated from the general LAN. VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by default in the controller.
Page 41: Vlan Configuration Options
Wireless Controller User Manual Figure 20: Adding VLAN memberships to the LAN 2.3.1 VLAN Configuration Options Setup>VLAN Settings> VLAN Configuration As part of VLAN configuration, the user can enable specific features for clients within that network. Inter VLAN routing allows clients with that VLAN ID to communicate to other clients in different VLANs, as long as the other VLAN also has inter -VLAN routing enabled.
Page 42: Figure 21: Vlan Configuration Options
Wireless Controller User Manual Figure 21: VLAN Configuration Options Captive Portal Type: Select any of the 4 types of access types Free, SLA, Permanent User, and Temporary User. • Free: No authentication is required for users connected to this VLAN . This option means that the VLAN does not have Captive Portal in use for joining this network.
Page 43: Associating Vlans To Ports
Wireless Controller User Manual by front desk user can login from this VLAN. Administrator can create front desk user and front desk user will login to front desk page and he will generate Temporary users. Only Temporary users created by front desk user are allowed to access data outside VLAN Enable Redirect: Selecting this option will enable redirection for captive portal user after login to the captive portal page successfully.
Page 44 Wireless Controller User Manual Setup > VLAN Settings > Port VLAN VLAN membership properties for the LAN and wireless LAN are listed on this pa ge. The VLAN Port table displays the port identifier, the mode setting for that port and VLAN membership information.
Page 45: Figure 22: Port Vlan List
Wireless Controller User Manual Figure 22: Port VLAN list  In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame.
Page 46: Multiple Vlan Subnets
Wireless Controller User Manual Figure 23: Configuring VLAN membership for a port 2.3.3 Multiple VLAN Subnets Setup > VLAN Settings > Multiple VLAN Subnets Each configured VLAN ID can map directly to a subnet within the LAN. Each LAN port can be assigned a unique IP address and a VLAN specific DHCP server can be configured to assign IP address leases to devices on this VLAN.
Page 47: Configurable Port: Dmz Setup
Wireless Controller User Manual Figure 24: Multiple VLAN Subnets Configurable Port: DMZ Setup This controller supports one of the physical ports (Option Ports) to be configured as a secondary Ethernet port or a dedicated DMZ port. A DMZ is a sub network that is open to the public but behind the firewall.
Page 48: Universal Plug And Play (Upnp)
Wireless Controller User Manual Figure 25: DMZ configuration  In order to configure a DMZ port, the controller configurable port must be Setup > Internet Settings > Configurable Port set to DMZ in the page. Universal Plug and Play (UPnP) ...
Page 49 Wireless Controller User Manual Advanced > Advanced Network > UPnP Universal Plug and Play (UPnP) is a feature that allows the controller to discovery devices on the network that can communicate with the controller and allow for auto configuration. If a network device is detected by UPnP, the controller can open internal or external ports for the traffic protocol required by that network device.
Page 50: Figure 26: Upnp Configuration
Wireless Controller User Manual Figure 26: UPnP Configuration UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that respond to the controller advertisements. The following information is displayed for each detected device: Active: A yes/no indicating whether the port of the UPnP device that established a connection is currently active Protocol: The network protocol (i.e.
Page 51: Captive Portal
Wireless Controller User Manual Captive Portal The captive portal technique forces an HTTP client on a network to see a special web page (usually for authentication purposes) before using the Internet normally. A captive portal turns a web browser into an authentication device. LAN users can gain internet access via web portal authenticat ion with the appliance.
Page 52: Figure 27: Captive Portal Setup
Wireless Controller User Manual Figure 27: Captive Portal Setup List of Available Profiles Any one of these profiles can be used for Captive Portal Login page while enabling Captive Portal. Edit: Can edit the added profiles. The default Profile cannot be edited. Delete: Will delete the profile selected.
Page 53: Figure 28: Adding Or Editing A Custom Captive Portal
Wireless Controller User Manual Figure 28: Adding or Editing a Custom Captive Portal Managing an existing or creating a new captive portal profile will direct the admin to the Customized Captive Portal Setup page. This page defines what the wireless client will see (messages, color, background, page titles, web page headers etc.) as part of hitting the Captive Portal page.
Page 54: Captive Portal Ssid Setup
Wireless Controller User Manual 2.6.2 Captive Portal SSID Setup Setup > Captive Portal > Captive Portal SSID Setup This feature allows the administrator to configure existing SSIDs with Captive Portal authentication. These SSID’s can be those hosted by this system or by AP’s managed by this WLAN controller.
Page 55: Captive Portal Session
The Active Runtime internet sessions through the controller firewall are listed in the below table. These users are present in the local or external user database and have had their login credentials approved for internet access. A ‘Disconnect’ button allows the DWC-1000 admin to selectively drop an authenticated user.
Page 56: Service Level Agreement (Sla)
Wireless Controller User Manual Figure 31: Active Runtime sessions 2.6.4 Service Level Agreement (SLA) Setup>Captive Portal>SLA This section allows the administrator to modify the Service Level Agreement, which is the set of rules to be accepted before t he appliance grants internet access in case of temporary and SLA type captive portal users.
Page 57: Billing Profiles
Wireless Controller User Manual Figure 32: Defining the Terms of Service for a Portal 2.6.5 Billing Profiles Setup>Captive Portal>Billing Profiles This feature allows the administrator to create customized accounting and billing types using billing profiles. All profiles created here are displayed to front desk user on their homepage.
Page 58: Figure 33: List Of Configured Billing Profiles
Wireless Controller User Manual Figure 33: List of Configured Billing Profiles Adding or modifying a billing profile will open the selected Profile’s setup page.
Page 59: Figure 34: Billing Profiles Configuration Settings
Wireless Controller User Manual Figure 34: Billing Profiles Configuration Settings Profile Name: Each profile uses a unique Name to identify itself. This profile name will be displayed whenever the front desk user login to the front desk page to create temporary users.
Page 60 Wireless Controller User Manual Allow customized account on Front Desk: This option will let the front desk user (who can administer captive portal credentials) to give customized account name to the captive portal users being created on this profile. Allow batch generation on Front Desk: Selecting this option enables the front desk user to generate a batch of temporary CP users at one click.
Page 61: Block Mac
Wireless Controller User Manual Allow Frontdesk to modify usage: Checking this option enables the Frontdesk user to modify usage limits. 2.6.6 Block MAC Setup>Captive Portal>Block MAC This feature allows the administrator to add a MAC address and description of the corresponding device to a “black list”...
Page 62: Captive Portal Front Desk
Wireless Controller User Manual The typical Hotspot application is an administrator at a front desk or reception granting temporary user accounts for internet access through a captive portal. This portal will have an SLA and associated billing profile. Whenever the front desk admin creat es new temporary user accounts, the admin will have to push these temporary accounts to the peer controller manually via the DWC GUI.
Page 63: Figure 36: Login Prompt For Front Desk Users
Wireless Controller User Manual All created Billing Profiles (described in Section 2.6.5) are available for display on the Front Desk user’s admin page. From this page, create a new temporary user ID and associate a pre-defined Billing Profile to this user. The Front Desk user will b able to leverage the features like batch user generation, customized account names, or modifying usage limits for these temporary CP users if the admin has enabled the Billing Profile with this support.
Page 64: Wlan Global Configuration
Wireless Controller User Manual In the Front Desk configuration page, attributes enabled in the Billing Profile are available for management, such as batch user generation, customized account names, or modifying usage limits. The Generate button is required to create the Temporary User accounts, and the View Accounts section has a summary of all users generated by this Front Desk User.
Page 65: Figure 37: Wlan Global Configuration
Wireless Controller User Manual Figure 37: WLAN global configuration IP Address: This field shows the IP address of the WLAN interface on the controller. If the controller does not have the Routing Package installed, or if routing is disabled, the IP address is the network interface. If the routing package is installed and enabled, this is the IP address of the routing or loopback i nterface you configure for the controller features.
Page 66 Wireless Controller User Manual • Local: If you select this option, you must add the MAC address of each AP to the local Valid AP database. • RADIUS: If you select this option, you must configure the MAC address of each AP in an external RADIUS server. Require Authentication Passphrase: Select this option to require APs to be authenticated before they can associate with the controller.
Page 67: Wireless Discovery Configuration
Wireless Controller User Manual Wireless Discovery configuration The wireless controller can discover, validate, authenticate, or monitor the following system devices: • Peer wireless controllers • APs • Wireless clients • Rogue APs • Rogue wireless clients Setup > AP Management > Poll List The wireless controller can discover peer wireless controller and APs regardless of whether these devices are connected to each other, located in the same Layer 2 broadcast domain, or attached to different IP subnets.
Page 68: Figure 38: Configuring The Wireless Discovery
From address and the To address. Figure 38: Configuring the Wireless Discovery L2/VLAN Discovery: The D-Link Wireless Device Discovery Protocol is a good discovery method to use if the controller and APs are located in the same Layer 2...
Page 69: Wireless Discovery Status
The IP Discovery list can contain the IP addresses of peer controller and APs for the DWC-1000 to discover and associate with as part of the WLAN IP Address: Shows the IP address of the device configured in the IP Discovery list Status: The wireless discovery status is in one of the following states: ...
Page 70: Ap Profile Global Configuration
Wireless Controller User Manual Figure 39: Wireless Discovery status The following actions are supported from this page : Refresh: Updates the page with the latest information 2.8.2 AP Profile Global Configuration Advanced > AP Profile Access Point Profile Summary page, you can Add, Copy, Edit, Delete AP profiles. To add a new profile, click Add in AP Profile Summary page.
Page 71: Figure 40: Ap Profile Global Configuration
Wireless Controller User Manual Figure 40: AP Profile Global Configuration Profile Name: The Access Point profile name you added. Use 0 to 32 characters. Only alphanumeric characters are allowed. No special characters are allowed. Hardware Type: Select the hardware type for the APs that use this profile. The hardware type is determined, in part, b y the number of radios the AP supports (single or dual) and the IEEE 802.11 modes that the radio supports (a/b/g or a/b/g/n).
Page 72: Figure 41: Ap Profile List
Wireless Controller User Manual Figure 41: AP Profile List For each AP profile, you can configure the following features: • Profile settings (Name, Hardware Type ID, Wired Network Discovery VLAN ID) • Radio settings • SSID settings • QoS settings...
Page 73 Wireless Controller User Manual Profile: The Access Point profile name you added. Use 0 to 32 characters. Profile Status: can have one of the following values: • Associated: The profile is configured, and one or more APs managed by the controller are associated with this profile. •...
Page 74 Wireless Controller User Manual Radio Configuration Radio Mode: From this field, you can select the radio that you want to configure. By default, Radio 1 operates in IEEE 802.11a/n mode, and Radio 2 operates in IEEE 802.11b/g/n mode. If you change the mode, the labels for the radios change accordingly.
Page 75 RF Scan Other Channels: The access point can perform RF scans to collect information about other wireless devices within range and then report this information to the DWC-1000 wireless controller. If you select the Scan Other Channels option, the radio periodically moves away from the operational channel to scan other channels.
Page 76 Wireless Controller User Manual technology. IEEE 802.11n supports data ranges of up to 248 Mbps and nearly twice the indoor range of 802.11 b, 802.11g, and 802.11a. • 5 GHz IEEE 802.11n is the recommended mode for networks wi th 802.11n devices that operate in the 5 GHz frequency that do not need to support 802.11a or 802.11b/g devices.
Page 77 Automatic Channel makes the radio of APs assigned to this profile eligible for auto-channel selection. You can automatically or manually run the autochannel selection algorithm to allow the DWC-1000 controller to adjust the channel on APs as WLAN conditions change.
Page 78 Wireless Controller User Manual APSD Mode: Select Enable to enable Automatic Power Save Delivery (APSD), which is a power management method. APSD is recommended if VoIP phones access the network through the AP. RF Scan Interval: This field controls the length of time between channel changes during the RF Scan.
Page 79: Figure 42: Ap Profile - Radio Configuration (Part-1)
Wireless Controller User Manual Figure 42: AP Profile - Radio configuration (Part-1) Transmit Lifetime: Shows the number of milliseconds to wait before terminating attempts to transmit the MSDU after the initial transmission. Rate Limit: Enter the rate limit you want to set for multicast and broadcast traffic.
Page 80 Wireless Controller User Manual Receive Lifetime: Shows the number of milliseconds to wait before terminating attempts to reassemble the MMPDU or MSDU after the initial reception of a fragmented MMPDU or MSDU. Rate Limit Burst: Setting a rate limit burst determines how much traffic bursts can be before all traffic exceeds the rate limit.
Page 81: Figure 43: Ap Profile - Radio Configuration (Part-2)
Wireless Controller User Manual Figure 43: AP Profile - Radio configuration (Part -2) Protection: The protection feature contains rules to guarantee that 802.11 transmissions do not cause interference with legacy stations or applications. By default, these protection mechanisms are enabled (Auto). With protection enabled, protection mechanisms will be invoked if legacy devices are within range of the AP.
Page 82 Wireless Controller User Manual Short Guard Interval: The guard interval is the dead time, in nanoseconds, between OFDM symbols. The guard interval prevents Inter -Symbol and Inter- Carrier Interference (ISI, ICI). The 802.11n mode allows for a reduction in this guard interval from the a and g definition of 800 nanoseconds to 400 nanoseconds.
Page 83: Figure 44: Ap Profile - Ssid Configuration
Wireless Controller User Manual SSID Configuration The SSID Configuration page displays the virtual access point (VAP) settings associated with the selected AP profile. Each VAP is identified by its network number and Service Set Identifier (SSID). Figure 44: AP Profile - SSID configuration Radio Mode: From this field, you can select the radio that you want to configure.
Page 84 Wireless Controller User Manual configure for Radio 1 (802.11a/n) are not applied to the DWL -3600AP. If the selected Hardware Type ID for the AP profile is DWL -3600AP, the radio selectors are not available. Network: Use the option to the left of the network to ena ble or disable the corresponding VAP on the selected radio.
Page 85: Figure 45: Ap Profile - Qos Configuration (Part-1)
IP data over the DWC-1000. Figure 45: AP Profile - QoS configuration (Part -1) Configuring Quality of Service (QoS) on the DWC-1000 consists of setting parameters on existing queues for different types of wireless traffic, and...
Page 86 Wireless Controller User Manual effectively specifying minimum and maximum wait times (through Contention Windows) for transmission. The settings described here apply to data transmission behavior on the access point only, not to that of the client stations. AP Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the access point to the client station.
Page 87 Wireless Controller User Manual  Data 3 (Background): Lowest priority queue, high throughput. Bulk data that requires maximum throughput and is not time -sensitive is sent to this queue (FTP data, for example). AIFS (Inter-Frame Space): The Arbitration Inter-Frame Spacing (AIFS) specifies a wait time for dataframes.
Page 88 WMM Mode: Wi-Fi MultiMedia (WMM) is enabled by default. With WMM enabled, QoS prioritization and coordination of wireless medium access is on. With WMM enabled, QoS settings on the DWC-1000 wireless controller control downstream traffic flowing from the access point to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters).
Page 89 Wireless Controller User Manual random number generated will be a number between 0 and the number specified here. If the first random backoff wait time expires before the data frame is sent, a retry counter is incremen ted and the random backoff value (window) is doubled.
Page 90: Figure 46: Ap Profile - Qos Configuration (Part-2)
Wireless Controller User Manual Figure 46: AP Profile - QoS configuration (Part -2)
Page 91: Chapter 3. Configuring Wireless Lan
Wireless Controller User Manual Chapter 3. Configuring Wireless LAN WLAN Setup Wizard Setup>Wizard>WLAN Settings The WLAN controller can manage external AP’s and also act as an AP for wireless LAN clients. The Wireless Wizard is a user friendly approach to configure a wireless LAN connection using the controller’s built in 802.11 radio.
Page 92 Wireless Controller User Manual Step 3: Wireless Default Radio Configuration Step 4: Wireless Default VAP Configuration Step 5: Valid Access Point Summary Step 6: Save Settings and Connect Wireless Global Configuration Country Code: Select the country code that represents the country where your controller and APs operate.
Page 93 SSID. Security: The default AP profile does not use any security mechanism by default. In order to protect your network, D-Link strongly recommends that you select a security mechanism so that unauthorized wireless clients cannot gain access to your network.
Page 94: Wlan Visualization Support
Wireless Controller User Manual  Static WEP: security require is Static -WEP. Authentication as "shared-key", type "ascii" and length "128"(bits) are used for setting Static WEP key through the WLAN wizard  WPA Personal : This type of security supports version WPA and WPA2, with ciphers ccmp and tkip , bcast-key-refresh-rate 300 are used for setting WPA Personal Key through the WLAN wizard.
Page 95: Visualization Launch
Wireless Controller User Manual Figure 48: WLAN Visualization Image import Deleting Images This option is available only if images are already loaded onto the controller. To delete all images loaded onto the switch, click Delete All Images. Deleting background images is not recommended.
Page 96: Figure 49: The Launched Visualization Page
Wireless Controller User Manual Figure 49: The launched visualization page...
Page 97: Chapter 4. Monitoring Status And Statistics
The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the DWC-1000 Status page, and then the resulting hardware resource and controller usage details are summarized on the controller Dashboard.
Page 98: Device Status
4.1.2 Device Status Status > Device Info > Device Status The DWC-1000 Status page gives a summary of the controller configuration settings configured in the Setup and Advanced menus. The static hardware serial number and current firmware version are presented in the General section. The Option and LAN interface information shown on this page are based on the administrat or configuration parameters.
Page 99: Figure 51: Device Status Display
Wireless Controller User Manual Figure 51: Device Status display...
Page 100: Wireless Lan Ap Information
Wireless Controller User Manual Figure 52: Device Status display (continued) 4.1.3 Wireless LAN AP information Status > Device Info > Wireless LAN AP Information The Managed AP status pages allows to access configuration and association information about managed APs and their neighbors . View AP Details: Shows detailed status information collected from the AP.
Page 101: Figure 53: Wireless Lan Ap Information
Wireless Controller User Manual View Neighbour APs: Shows the neighbour APs that the specified AP has discovered through periodic RF scans on the selected radio interface. View Neighbour Clients: Shows information about wireless clients associated with an AP or detected by the AP radio. View VAP Details: Shows summary information about the vir tual access points (VAPs) for the selected AP and radio interface on the APs that the controller manages.
Page 102: Cluster Information
Wireless Controller User Manual  Discovered: The AP is discovered and by the controller, but is not yet authenticated.  Authenticated: The AP has been validated and authenticated (if authentication is enabled), but it is not configured.  Managed: The AP profile configuration has been applied to the AP and it's operating in managed mode.
Page 103: Figure 54: Cluster Information
Wireless Controller User Manual Figure 54: Cluster information Cluster Controller IP Address: IP address of the controller that controls the cluster. Peer Controllers: Displays the number of peer controllers in the cluster. IP Address: IP address of the peer wireless controller in the cluster. Vendor ID: Vendor ID of the peer controller software.
Page 104: Resource Utilization
Wireless Controller User Manual 4.1.5 Resource Utilization Status > Dashboard > Interface The Dashboard page presents hardware a nd usage statistics. The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the controller. Interface statistics for the wired connections (LAN, Option1, Option 2/DMZ, VLANs) provide indication of packets through and packets dropped by the interface.
Page 105: Figure 55: Resource Utilization Statistics
Wireless Controller User Manual Figure 55: Resource Utilization statistics Figure 56: Resource Utilization data (continued)
Page 106: Traffic Statistics
Wireless Controller User Manual Traffic Statistics...
Page 107: Wired Port Statistics
Wireless Controller User Manual 4.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (Option1, Option 2/DMZ, LAN, and VLANs) have port specific packet level information provided for review.
Page 108: Associated Client Status/Statistics
Wireless Controller User Manual Associated Client Status/Statistics 4.3.1 Managed AP Statistics Status > Traffic Monitor > Managed AP Statistics The managed AP statistics page shows information about traffic on the wired and wireless interfaces of the access point. This information can help diagnose ne twork issues, such as throughput problems.
Page 109: Lan Associated Clients
Wireless Controller User Manual Figure 58: Managed AP Statistics The following actions are supported from this page: View Details: Shows detailed status information collected from the AP. View Radio Details: Shows detailed status for a radio interface View VAP Details: Shows summary information about the virtual access points (VAPs) for the selected AP and radio interface on the APs that the controller manages Refresh: Updates the page with the latest information 4.3.2 LAN Associated Clients...
Page 110: Wlan Associated Clients
Wireless Controller User Manual Figure 59: LAN Associated Clients The following actions are supported from this page: Refresh: Updates the page with the latest information View Details: Shows detailed status associated client. 4.3.3 WLAN Associated Clients Status > Traffic Monitor > Associated Clients Statistics > WLAN Associated Clients The wireless client can roam among APs without interruption in WLAN service.
Page 111: Active Connections
Wireless Controller User Manual Bytes Transmitted: This field shows the bytes transmitted to the client station Bytes Received: This field shows the bytes received to the client station Figure 60: WLAN Associated Clients The following actions are supported from this page: Refresh: Updates the page with the latest information View Details: Shows detailed status associated client.
Page 112: Lan Client Info
Wireless Controller User Manual Figure 61: List of current Active Firewall Sessions LAN Client Info 4.5.1 Associated Clients Status > LAN Client Info > Associated Clients The clients that are associated with the APs the controller manages as displayed.
Page 113: Figure 62: Associated Clients
Wireless Controller User Manual Figure 62: Associated Clients MAC Address: The Ethernet address of the client station. If the MAC address is followed by an asterisk (*), the client is associated with an AP managed by a peer controller. AP MAC Address: The Ethernet address of the AP. SSID: The network on which the client is connected.
Page 114: Lan Clients
Wireless Controller User Manual • Disassociated: The client has disassociated from the managed AP. If the client does not roam to another managed AP within the client roam timeout, it will be deleted. Disassociate: Disassociates the client from the managed AP. View Details: For each client associated with an AP that the controller manages, you can view detailed status information about the client and its associa tion with the access point.
Page 115: Detected Clients
Wireless Controller User Manual Figure 63: List of LAN hosts 4.5.3 Detected Clients Status > LAN Client Info > Detected Clients Wireless clients are detected by the wireless system when the clients either attempt to interact with the system or when the system detects traffic from the clients. The Detected Client Status page contains information about clients that have authenticated with an AP as well information about clients that disassociate and are no longer connected to the system.
Page 116: Figure 64: Detected Clients
Wireless Controller User Manual Figure 64: Detected Clients MAC Address: The Ethernet MAC address of the client. Client Name: Shows the name of the client, if available, from the Known Client Database. If client is not in the database then the field is blank. Client Status: Shows the client status, which can be one of the following: ...
Page 117: Active Vpn Tunnels
Wireless Controller User Manual Age: Time since any event has been received for this client that updated the detected client database entry. Create Time: Time since this entry was first added to the detected clients database. 4.5.4 Active VPN Tunnels ...
Page 118: Figure 65: List Of Current Active Vpn Sessions
Wireless Controller User Manual Figure 65: List of current Active VPN Sessions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are displayed on this page as well. Table fields are as follows. User Name: The SSL VPN user that has an active tunnel or port forwarding session to this controller.
Page 119: Access Point
Wireless Controller User Manual Access Point 4.6.1 Access Point Status Status > General > Access Point The Access Point Status page shows summary information about managed, failed, and rogue access points the controller has discovered or detected. Figure 66: AP Statistics Total Access Points Utilization Total Access Points: Total number of Managed APs in the database.
Page 120 Wireless Controller User Manual Managed Access Points: Number of APs in the managed AP database that are authenticated, configured, and have an active connection with the controller. Discovered Access Points: APs that have a connection with the controller, but haven't been completely configured.
Page 121: Ap Summary
Wireless Controller User Manual 4.6.2 AP Summary Status > Access Point Info> APs Summary The List of AP page shows summary information about managed, failed, and rogue access points the controller has discovered or detected. The status entries can be deleted manually. To clear all APs from the All Access Points status page except Managed Access Points, click Delete All.
Page 122 Wireless Controller User Manual • Managed: The AP profile configuration has been applied to the AP and it's operating in managed mode. • No Database Entry: MAC address of the AP does not appear in the local or RADIUS Valid AP database. •...
Page 123: Managed Ap Status
Wireless Controller User Manual 4.6.3 Managed AP Status Status > Access Point Info> Managed AP Status In the Managed AP Status page, you can access a variety of information about each AP that the controller manages. Figure 68: Managed AP status MAC Address: The Ethernet address of the controller-managed AP.
Page 124: Authentication Failure Status
ID, or because the AP is not configured as a valid AP with the correct local or RADIUS authentication information The AP authentication failure list shows information about APs that failed to establish communication with the DWC-1000 wireless controller The AP can fail due to one of the following reasons:...
Page 125: Figure 69: Authentication Failure Status
Wireless Controller User Manual  No Database Entry: The MAC address of the AP is not in the local Valid AP database or the external RADIUS server database, so the AP has not been validated.  Local Authentication: The authentication password configured in the AP did not match the password configured in the local database.
Page 126: Ap Rf Scan Status
Wireless Controller User Manual MAC Address: The Ethernet address of the AP. If the MAC address of the AP is followed by an asterisk (*), it was reported by a peer controller. IP Address: The IP address of the AP. Last Failure Type: Indicates the last type of failure that occurred, which can be one of the following: ...
Page 127 Wireless Controller User Manual SSID: Service Set ID of the network, which is broadcast in the detected beacon frame. Physical Mode: Indicates the 802.11 mode being used on the AP. Channel: Transmit channel of the AP. Status: Indicates the managed status of the AP, whether this is a valid AP known to the controller or a Rogue on the network.
Page 128: Global Info
4.7.1 Global status Status > Global Info > Global Status The DWC-1000 controller periodically collects information from the APs it manages and from associated peer controller. The information on the Global page shows status and statistics about the controller and all of the objects associated with it.
Page 129: Figure 71: Global Status (Part 1)
Wireless Controller User Manual Figure 71: Global Status (Part 1)
Page 130: Figure 72: Global Status (Part 2)
Wireless Controller User Manual Figure 72: Global Status (Part 2) WLAN Controller Operational Status: This status field displays the operational status of this controller (a WLAN controller). The WLAN Controller may be configured...
Page 131 Wireless Controller User Manual as enabled, but is operationally disabled due to configuration dependencies. If the operational status is disabled, the reason will be displayed in the following status field. IP Address: IP address of the controller. Peer Controller: Number of peer WLAN controllers detected on the network. Cluster Controller: Indicates whether this controller is the Cluster Controller for the cluster.
Page 132 Wireless Controller User Manual Rogue AP Mitigation Count: Number of APs to which the wireless system is currently sending the authentication messages to mitigate against rogue APs. A value of 0 indicates that mitigation is not in progress. Maximum Managed APs in Peer Group: Maximum number of access points that can be managed by the cluster.
Page 133: Peer Controller Status
Wireless Controller User Manual AP Provisioning Count: Current number of AP provisioning entries configured on the system. WLAN Bytes Transmitted: Total bytes transmitted across all APs managed by the controller. WLAN Packets Transmitted: Total packets transmitted across all APs managed by the controller.
Page 134 Wireless Controller User Manual Status > Global Info > Peer Controller > Status The Peer Controller Status page provides information about other Wireless Controllers in the network. Peer wireless controllers within the same cluster exchange data about themselves, their managed APs, and clients. The controller maintains a database with this data so you can view information about a peer, such as its IP address and software version.
Page 135: Peer Controller Configuration Status
Wireless Controller User Manual Figure 73: Peer Controller Status The following actions are supported from this page Refresh: Updates the page with the latest information 4.7.3 Peer Controller Configuration Status Status > Global Info > Peer Controller > Configuration You can push portions of the controller configuration from one controller to another controller in the cluster.
Page 136: Peer Controller Managed Ap Status
Wireless Controller User Manual Configuration Controller IP Address: Shows the IP Address of the controller that sent the configuration information. Configuration: Identifies which parts of the configuration the controller received from the peer controller. Timestamp: Shows when the configuration was applied to the controller. The time is displayed as UTC time and therefore only useful if the administrator has configured each peer controller to use NTP.
Page 137: Ip Discovery
Wireless Controller User Manual Peer Controller IP: Shows the IP address of the peer controller that manages the AP. This field displays when “All” is selected from the drop -down menu. Location: The descriptive location configured for the managed AP. AP IP Address: The IP address of the AP.
Page 138: Configuration Receive Status
Wireless Controller User Manual  Discovered: The controller contacted the peer controller or the AP in the L3/IP Discovery list and has authenticated or validated the device.  Discovered - Failed: The controller contacted the peer controller or the AP with IP address in the L3/IP Discovery list and was unable to authenticate or validate the device.
Page 139 Wireless Controller User Manual  Not Started  Receiving Configuration  Saving Configuration,  Applying AP Profile Configuration  Success  Failure - Invalid Code Version  Failure - Invalid Hardware Version  Failure - Invalid Configuration Last Configuration Received: Peer controller IP Address indicates the last controller from which this controller received any wireless configuration data.
Page 140: Ap Hardware Capability
Wireless Controller User Manual menu above the table to select the peer control ler with the AP information to display. Each peer controller is identified by its IP address Figure 77: Configuration Receive Status 4.7.7 AP Hardware Capability Status > Global Info > AP H/W Capability The controller can support APs that have different hardware capabilities, such as the supported number of radios, the supported IEEE 802.11 modes, and the software image required by the AP.
Page 141: Figure 78: Ap Hardware Capability
Wireless Controller User Manual Figure 78: AP Hardware Capability Each Radio will allow you to find out more information in the “View Radio Details” button. The following information is captured for each radio: 802.11a Support: Shows whether support for IEEE 802.11a mode is enabled. Radio Type Description: Displays the type of radio, which might contain information such as the manufacturer name and supported IEEE 802.11 modes.
Page 142: Wireless Client Status
Wireless Controller User Manual Wireless Client Status 4.8.1 Client Status Status > General > Clients This page shows information about all the clients which are c onnected through our managed AP. Figure 79: Client Statistics...
Page 143 Wireless Controller User Manual 802.11 Clients – Data 802.11a Clients: Total number of IEEE 802.11a only clients that are authenticated. 802.11b/g Clients: Total number of IEEE 802.11b/g only clients that are authenticated. 802.11n Clients: Total number of clients that are IEEE 802.11n capable and are authenticated.
Page 144: Associated Client Status
Wireless Controller User Manual 4.8.2 Associated Client Status Status > Wireless Client Info> Associated Clients > Status You can view a variety of information about the wireless clients that are associated with the APs the controller manages. MAC Address: The Ethernet address of the client station. If the MAC address is followed by an asterisk (*), the client is associated with an AP managed by a peer controller.
Page 145: Associated Client Ssid Status
Wireless Controller User Manual Disassociate: Disassociates the selected client from the managed AP. View Details: Display associated client details. View AP Details: Display associated AP details. Lists the SSIDs of the networks that each wireless client View SSID Details: associated with a managed AP has used for WLAN access Shows information about the VAPs on the managed AP View VAP Details: that have associated wireless clients...
Page 146: Associated Client Vap Status
Wireless Controller User Manual The following actions are supported from this page : Disassociate: Disassociates the client from the managed AP. View Client Details: Display associated client details. Refresh: Updates the page with the latest information 4.8.4 Associated Client VAP Status Status >...
Page 147: Controller Associated Client Status
Wireless Controller User Manual Figure 82: Associated Client VAP Status The following actions are supported from this page : Disassociate: Disassociates the client from the managed AP. Refresh: Updates the page with the latest information 4.8.5 Controller Associated Client Status Status >...
Page 148: Detected Client Status
Wireless Controller User Manual Figure 83: Controller Associated Client Status The following actions are supported from this page : Disassociate: Disassociates the client from the managed AP. View Client Details: Display associated client details. Refresh: Updates the page with the latest information 4.8.6 Detected Client Status Status >...
Page 149: Figure 84: Detected Client Status
Wireless Controller User Manual  Authenticated: The wireless client is authenticated with the wireless system.  Detected: The wireless client is detected by the wireless system but is not a security threat.  Black-Listed: The client with this MAC address is specifically denied access via MAC Authentication.
Page 150: Pre-Authorization History
Wireless Controller User Manual Delete All: Deletes all non-authenticated clients from the Detected Client database. As clients are detected, they are added to the database and appear in the list. Acknowledge All Rogues: Clear the rogue status of all clients listed as rogues in the Detected Client database, The status of an acknowledge client is returned to the status it had when it was first detected.
Page 151: Detected Client Roam History
Wireless Controller User Manual Figure 85: Pre-Auth History This page includes the following button: Refresh: Updates the page with the latest information. 4.8.8 Detected Client Roam History Status > Wireless Client Info> Roam History The wireless system keeps a record of clients as they roam from one managed AP to another managed AP.
Page 152: Figure 86: Detected Client Roam History
Wireless Controller User Manual Figure 86: Detected Client Roam History This page includes the following button: Refresh: Updates the page with the latest information. Purge History: To purge the history when the list of entries is full. View Details: Shows the details of the detected clients.
Page 153: Chapter 5. Ap Management
Wireless Controller User Manual Chapter 5. AP Management The AP Management contains links to the following pages that help you manage and maintain the APs on your DWC-1000 wireless controller network:  Valid Access Point Configuration  RF Management ...
Page 154: Figure 87: Valid Access Point Configuration
Wireless Controller User Manual Figure 87: Valid Access Point Configuration...
Page 155: Figure 88: Add A Valid Access Point
Wireless Controller User Manual The following actions are supported from this page: Edit: To edit AP details in Valid AP page. Delete: To delete a valid AP provide valid MAC address in Valid AP page. Add: To add an AP in Valid AP page. Figure 88: Add a Valid Access Point MAC Address: This field shows the MAC address of the AP.
Page 156 Expected Wired Network Mode.  Managed: The AP is part of the D-Link Wireless Controller, and you manage it by using the Wireless Controller. If an AP is in Managed Mode, the Administrator Web UI and SNMP services on the AP are disabled.
Page 157: Rf Management
Wireless Controller User Manual  Any: Select this option if the standalone AP might use a WDS link. Expected Security Mode: Select the option to specify the type of security the AP uses:  Any: Any security mode  Open: No security ...
Page 158 Wireless Controller User Manual channel plan algorithm, the controller periodically evaluates the operational channel on every AP it manages and changes the channel if the current channel is noisy Channel Plan: Each AP is dual-band capable of operating in the 2.4 GHz and 5 GHz frequencies.
Page 159: Figure 89: Rf Configuration
Wireless Controller User Manual Figure 89: RF configuration Ignore Unmanaged APs: Enable this option to exclude unmanaged APs from the channel plan configuration settings from this section. Channel Change Threshold: This is the threshold strength, in dBm, for neighbor to be considered "noisy”. If this threshold is exceeded the Channel Plan will be run.
Page 160: Channel Plan History
Wireless Controller User Manual percentage of maximum power, where the maximum power is the minimum of power level allowed for the channel by the regulatory domain or the hardware capability.  Manual: In this mode, you run the proposed power adjustments manually from the Manual Power Adjustments page.
Page 161: Manual Channel Plan
Wireless Controller User Manual Last Algorithm Time: Shows the date and time when the channel plan algorithm last ran. AP MAC Address: This table displays the channel assigned to an AP in an iteration of the channel plan (Location, Radio,Iteration, Channel) Figure 90: Channel Plan History 5.2.3 Manual Channel Plan Setup >...
Page 162 Wireless Controller User Manual  None: The channel plan algorithm has not been manually run since the last controller reboot.  Algorithm in Progress: The channel plan algorithm is running.  Algorithm Complete: The channel plan algorithm has finished running. A table displays to indicate proposed channel assignments.
Page 163: Figure 91: Manual Channel Plan
Wireless Controller User Manual Figure 91: Manual Channel Plan...
Page 164: Manual Power Adjustment Plan
Wireless Controller User Manual 5.2.4 Manual Power Adjustment Plan Setup > AP Management > RF Management > Manual Power Adjustment Plan If you select Manual as the Power Adjustment Mode on the Configuration tab, you can manually initiate the power adjustment algorithm on the Manual Power Adjustments page.
Page 165: Access Point Software Download
The wireless controller can upgrade software on the APs that it manages.  The AP firmware version must as same as DWC-1000 WLAN module version Server Address: Enter the IP address of the host where the upgrade file is located.
Page 166 Wireless Controller User Manual enter the number of APs that can be upgraded at the same time. When one group completes the upgrade, the next group begins t he process Image Download Type: Type of the image to be downloaded, which can be one of the following: ...
Page 167: Local Oui Database Summary
Wireless Controller User Manual Figure 93: Access Point Software Download Local OUI Database Summary Setup > AP Management > Local OUI Database To help identify AP and Wireless Client adapter manufacturers detected in the wireless network, the wireless controller contains a database of registered Organizationally Unique Identifiers (OUIs).
Page 168: Ap Provisioning Summary
Wireless Controller User Manual user-defined OUIs. The local list is searched first, so the same OUI can be located in the local list as well as the read-only list. OUI Value: Enter the OUI that represents the company ID in the format XX:XX:XX where XX is a hexadecimal number between 00 and FF.
Page 169 Wireless Controller User Manual local Valid AP database or RADIUS AP database and discovery options. The provisioning feature can optionally be used on networks not enabled for mutual authentication to simplify AP attachment to the cluster. MAC Address: MAC address of the AP IP Address: IP Address of the AP.
Page 170: Manual Management
Wireless Controller User Manual Figure 95: AP Provisioning Summary Status The following actions are supported from this page: Delete: Remove the selected AP from the AP provisioning list. Delete All: Remove all APs from the AP provisioning list. Provision: Initiate provisioning for the selected AP. You can provision an AP only from the cluster controller.
Page 171: Figure 96: Manual Management
Wireless Controller User Manual configured in the AP profile (including automatic channel selection) and take effect immediately. The manual channel and power assignments are not retained when the AP is reset or if the profile is reapplied to the AP, such as when the AP disassociates and re-associates with the controller.
Page 172 Wireless Controller User Manual Radio Interface: Identifies the radio to which the channel and power settings apply. Channel: Select the AP and click the Edit Channel/Power button to access the Managed AP Channel/Power Adjust page. From that page, you can set a new channel for Radio 1 or Radio 2.
Page 173: Chapter 6. Connecting To The Internet: Option Setup
Wireless Controller User Manual Chapter 6. Connecting to the Internet: Option Setup This controller has two Option ports that can be used to establish a connection to the internet. The following ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP.
Page 174: Option Configuration
Wireless Controller User Manual Figure 97: Internet Connection Setup Wizard You can start using the Wizard by logging in with the administrator password for the controller. Once authenticated set the time zone that you are located in, and then choose the type of internet connection type: DHCP, Static, PPPoE, PPTP, L2TP.
Page 175: Option Port Ip Address
Wireless Controller User Manual (L2TP). Required fields for the selected ISP type become highlighted. Enter the following information as needed and as provided by your ISP: PPPoE Profile Name. This menu lists configured PPPoE profiles, particularl y useful when configuring multiple PPPoE connections (i.e. for Japan ISPs that have multiple PPPoE support).
Page 176: Option Dns Servers
Wireless Controller User Manual 6.2.2 Option DNS Servers The IP Addresses of Option Domain Name Servers (DNS) are typically provided dynamically from the ISP but in some cases you can define the static IP address es of servers. servers Internet domain names (example:...
Page 177: Pppoe
Setup > Internet Settings > Option1 Settings > Option1 Setup The PPPoE ISP settings are defined on the Option Configuration page. There are two types of PPPoE ISP’s supported by the DWC-1000: the standard username/password PPPoE and Japan Multiple PPPoE.
Page 178: Figure 99: Pppoe Configuration For Standard Isps
For some ISP’s, most popular in Japan, the use of “Japanese Multiple PPPoE” is required in order to establish concurrent primary and secondary PPPoE connections between the DWC-1000 and the ISP. The Primary connection is used for the bulk of data and internet traffic and the Secondary PPPoE connection carries ISP specific (i.e.
Page 179: Figure 100: Option1 Configuration For Japanese Multiple Pppoe (Part 1)
Primary and secondary connections are concurrent  Each session has a DNS server source for domain name lookup, this can be assigned by the ISP or configured through the GUI  The DWC-1000 acts as a DNS proxy for LAN users...
Page 180: Russia L2Tp And Pptp Option
Wireless Controller User Manual  Only HTTP requests that specifically identify the secondary connection’s domain name (for example *.flets) will use the secondary profile to access the content available through this secondary PPPoE terminal. All other HTTP / HTTPS requests go through the primary PPPoE connection.
Page 181 Wireless Controller User Manual by the ISP. For DHCP client connections, you can choose the MAC address o f the controller to register with the ISP. In some cases you may need to clone the LAN host’s MAC address if the ISP is registered with that LAN host.
Page 182: Option Configuration In An Ipv6 Network
Wireless Controller User Manual Figure 102: Russia L2TP ISP configuration 6.2.6 Option Configuration in an IPv6 Network Advanced > IPv6 > IPv6 Option1 Config For IPv6 Option connections, this controller can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static configuration settings must be completed.
Page 183 Wireless Controller User Manual IPv6 prefix length defined by the ISP is needed. The default IPv6 Gateway address is the server at the ISP that this controller will connect to for accessing the internet. The primary and secondary DNS servers on the ISP’s IPv6 network are used for resolving internet addresses, and these are provided along with the static IP address and prefix length from the ISP.
Page 184: Figure 103: Ipv6 Option1 Setup Page
Wireless Controller User Manual Figure 103: IPv6 Option1 Setup page Prefix Delegation: Select this option to request controller advertisement prefix from any available DHCPv6 servers available on the ISP, the obtained prefix is updated to the advertised prefixes on the LAN side. This option can be selected only in Stateless Address Auto Configuration mode of DHCPv6 Client.
Page 185: Checking Option Status
Wireless Controller User Manual Password: Enter the password required to login to the ISP. Authentication Type: The type of Authentication in use by the profile: Auto- Negotiate/PAP/CHAP/MS-CHAP/MS-CHAPv2. Dhcpv6 Options: The mode of Dhcpv6 client that will start in this mode: disable dhcpv6/stateless dhcpv6/stateful dhcpv6/stateless dhcpv6 with prefix delegation.
Page 186 Wireless Controller User Manual Primary DNS: Primary DNS server IP address of the Option port. Secondary DNS: Secondary DNS server IP address of the Option port. If the Connection Status indicated that the association with the ISP is acti ve, then the Option can be disconnected by clicking the Disable button.
Page 187: Figure 104: Connection Status Information Of Option1
Wireless Controller User Manual Figure 104: Connection Status information of Option1 The Option status page allows you to Enable or Disable static Option links. For Option settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required.
Page 188: Features With Multiple Option Links
Wireless Controller User Manual Features with Multiple Option Links This controller supports multiple Option links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable Option connectivity on one of the ports. Setup >...
Page 189: Load Balancing
The configured failure detect ion method is used at regular intervals on all configured Option ports when in Load Balancing mode. DWC-1000 currently supports three algorithms for Load Balancing: Round Robin: This algorithm is particularly useful when the connection speed of one Option port greatly differs from another.
Page 190 Wireless Controller User Manual For example, if the maximum bandwidth of primary Option is 1 Kbps and the load tolerance is set to 70. Now every time a new connection is established the bandwidth increases. After a certain number of connections say bandwidth reached 70% of 1Kbps, the new connections will be spilled -over to secondary Option.
Page 191: Protocol Bindings
Wireless Controller User Manual Figure 105: Load Balancing is available when multiple Option ports are configured and Protocol Bindings have been defined 6.3.3 Protocol Bindings...
Page 192: Figure 106: Protocol Binding Setup To Associate A Service And/Or Lan Source To An Option And/Or Destination Network
Wireless Controller User Manual Advanced > Routing > Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use. Choosing from a list of configured services or any of the user -defined services, the type of traffic can be assigned to go over only one of the available Option ports. For increased flexibility the source network or machines can be specified as well as the destination network or machines.
Page 193: Routing Configuration
Wireless Controller User Manual Single Address: Limit to one computer. Requires the IP address of the computer that will be part of the source network for this protocol binding Address Range: Select if you want to allow computers within an IP address range to be a part of the source network.
Page 194 Wireless Controller User Manual  NAT is a technique which allows several computers on a LAN to share an Internet connection. The computers on the LAN use a "private" IP address range while the Option port on the controller is configured with a single "public" IP address. Along with connection sharing, NAT also hides internal IP addresses from the computers on the Internet.
Page 195: Figure 107: Routing Mode Is Used To Configure Traffic Routing Between Option And Lan, As Well As Dynamic Routing (Rip)
Wireless Controller User Manual Figure 107: Routing Mode is used to conf igu re traffic routing between Option and LAN, as well as Dynamic routing (RIP)
Page 196: Dynamic Routing (Rip)
Wireless Controller User Manual 6.4.2 Dynamic Routing (RIP)  The following feature is available upon licensed activation of VPN / Firewall features for the system. Setup > Internet Settings > Routing Mode Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs.
Page 197: Static Routing
Wireless Controller User Manual If RIP-2B or RIP-2M is the selected version, authentication between this controller and other controllers (configured with the same RIP version) is require d. MD5 authentication is used in a first/second key exchange process. The authentication key validity lifetimes are configurable to ensure that the routing information exchange is with current and supported controllers detected on the LAN.
Page 198: Ospf
Wireless Controller User Manual Gateway: IP address of the gateway through which the destination host or network can be reached. Metric: Determines the priority of the route. If multiple routes to the same destination exist, the route with the lowest metric is chosen. Figure 108: Static route configuration fields OSPF Advanced >...
Page 199: Figure 109: Ospfv2 Status - Ipv4
Wireless Controller User Manual Figure 109: OSPFv2 status – IPv4 Figure 110: OSPFv3 status – IPv6...
Page 200: Figure 111: Ospfv2 Configuration
Wireless Controller User Manual Figure 111: OSPFv2 Configuration OSPFv2 Enable: A check box to enable/disable OSPFv2. Interface: The physical network interface on which OSPFv2 is Enabled/Disabled. Area: The area to which the interface belongs. Enter values from 1 to 255.Two routers having a common segment;...
Page 201: 6To4 Tunneling
Wireless Controller User Manual value must be the same for all routers attached to a common network. The default value is 10 seconds. DeadInterval: The number of seconds that a device’s hello packets must not have been seen before its neighbors declare the OSPF router down. This value must be the same for all routers attached to a common network.
Page 202: Ipv6 Tunnels Status
Wireless Controller User Manual Figure 112: 6to4 Tunneling IPv6 Tunnels Status Advanced>IPv6>IPv6 Tunnels Status This status page displays the IPv6 tunnels (6to4 and ISATAP) status in the GUI. Figure 113: IPv6 Tunnel Status display...
Page 203: Isatap Tunnels
Wireless Controller User Manual Tunnel Name: The active IPv6 to IPv4 tunnel identifier. IPv6 Addresses: the source IPv6 address(es) in your LAN that have data being sent over this tunnel. ISATAP Tunnels Advanced>IPv6>ISATAP Tunnels This feature allows the administrator to configure ISATAP (Intra -Site Automatic Tunnel Addressing Protocol) is an IPv6 transmission mechanism meant to transmit IPv6 packets between dual-stack nodes over an IPv4 network.
Page 204: Igmp Setup
Wireless Controller User Manual ISATAP Subnet Prefix: This is the 64-bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet. This can be obtained from your ISP or internet registry, or derived from RFC 4193. Figure 114: ISATAP Tunnel Configuration End Point Address: This is the endpoint address for the tunnel that starts with this router.
Page 205: Figure 115: Igmp Setup
Wireless Controller User Manual Advanced > Advanced Network > IGMP Setup Active IGMP snooping is referred to as IGMP proxy. When in use IGMP packets through the LAN are filtered in order to reduce the amount of multicast traffic in the network..
Page 206: Option Port Settings
Wireless Controller User Manual 6.10 Option Port Settings Advanced > Advanced Network > Option Port Setup The physical port settings for each Option link can be defined here. If your ISP account defines the Option port speed or is associated with a MAC address, this information is required by the controller to ensure a smooth connection with the network.
Page 207: Figure 116: Physical Option Port Settings
Wireless Controller User Manual Figure 116: Physical Option port settings...
Page 208: Ip Aliases
Wireless Controller User Manual 6.11 IP Aliases  The following feature is available upon licensed activation of VPN / Firewall features for the system. Setup > Internet Settings >IP Aliases The List of IP Aliases displays the configured IP Aliases on the controller. Figure 117: IP Aliases Interface Name: The interface on which the Alias was configured.
Page 209: Chapter 7. Securing The Private Network
Wireless Controller User Manual Chapter 7. Securing the Private Network  The following feature is available upon licensed activation of VPN / Firewall features for the system. You can secure your network by creating and applying rules that your controller uses to selectively block and allow inbound and outbound Internet traffic.
Page 210: Firewall Rules
Wireless Controller User Manual Firewall Rules Advanced > Firewall Settings > Firewall Rules Inbound (Option to LAN/DMZ) rules restrict access to traffic entering your network, selectively allowing only specific outside users to access specific local resources. By default all access from the insecure Option side are blocked from accessing the secure LAN, except in response to requests from the Option or DMZ.
Page 211: Defining Rule Schedules
Wireless Controller User Manual Figure 118: List of Available Firewall Rules Defining Rule Schedules Tools > Schedules Firewall rules can be enabled or disabled automatically if they are associated with a configured schedule. The schedule configuration page allows you to define days of the week and the time of day for a new schedule, and then this schedule can be selected in the firewall rule configuration page.
Page 212: Configuring Firewall Rules
Wireless Controller User Manual Figure 119: List of Available Schedules to bind to a firewall rule Configuring Firewall Rules  The following feature is available upon licensed activation of VPN / Firewall features for the system. Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the controller are displayed in the Firewall Rules list.
Page 213 Wireless Controller User Manual Chose the From Zone to be the source of originating traffic: either the secure LAN, public DMZ, or insecure Option. For an inbound rule Option should be selected as the From Zone. Choose the To Zone to be the destination of traffic covered by this rule. If the From Zone is the Option, the To Zone can be the public DMZ or secure LAN.
Page 214 Wireless Controller User Manual Inbound rules can use Destination NAT (DNAT) for managing traffic from the Option. Destination NAT is available when the To Zone = DMZ or secure LAN.  With an inbound allow rule you can enter the internal server address that is hosting the selected service.
Page 215: Figure 120: Example Where An Outbound Snat Rule Is Used To Map An External Ip Address (209.156.200.225) To A Private Dmz Ip Address (10.30.30.30)
Wireless Controller User Manual Figure 120: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.30)
Page 216: Figure 121: The Firewall Rule Configuration Page Allows You To Define The To/From Zone, Service, Action, Schedules, And Specify Source/Destination Ip Addresses As Needed
Wireless Controller User Manual Figure 121: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules, and specify source/destination IP addresses as needed.
Page 217: Firewall Rule Configuration Examples
Wireless Controller User Manual 7.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day.
Page 218 Wireless Controller User Manual Parameter Value From Zone Insecure (Option 1/ Option2) To Zone Secure (LAN) Service CU-SEEME:UDP Action ALLOW always Send to Local Server (DNAT IP) 192.168.10.11 Destination Users Address Range From 132.177.88.2 134.177.88.254 Enable Port Forwarding Yes (enabled) Example 3: Multi-NAT configuration Situation: You want to configure multi-NAT to support multiple public IP addresses on one Option port interface.
Page 219 Wireless Controller User Manual  LAN IP address: 192.168.10.1; subnet 255.255.255.0  Web server host in the DMZ, IP address: 192.168.12.2 22  Access to Web server: (simulated) public IP address 10.1.0.52 Parameter Value From Zone Insecure ( Option 1/ Option 2) To Zone Public (DMZ) Service...
Page 220: Figure 122: Schedule Configuration For The Above Example
Wireless Controller User Manual  To setup a schedule that affects traffic on weekends only, navigate to Security: Schedule, and name the schedule “Weekend”  Define “weekend” to mean 12 am Saturday morning to 12 am Monday morning – all day Saturday & Sunday ...
Page 221: Security On Custom Services
Wireless Controller User Manual Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. All other times outside the schedule will not be affected by this firewall blocking rule As we defined our schedule in schedule “Weekend”, this is available in the dropdown menu We want to block the IP range assigned to the marketing group.
Page 222: Alg Support
Wireless Controller User Manual Figure 123: List of user defined services. ALG support Advanced > Firewall Settings > ALGs Application Level Gateways (ALGs) are security component that enhance the firewall and NAT support of this controller to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports a particular client application (such as H.323 or RTSP) requires, without which the admin would have to open large number...
Page 223: Vpn Passthrough For Firewall
Wireless Controller User Manual Figure 124: Available ALG support on the controller. VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough This controller’s firewall settings can be configured to allow encrypted VPN traffic for IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support;...
Page 224: Client
Wireless Controller User Manual Figure 125: Passthrough options for VPN tunnels Client Advanced > Client The Known Client Summary shows the wireless clients currently in the Known Client Database and allows you to add new clients or modify existing clients to the database. MAC Address: Shows the MAC address of the known client.
Page 225: Application Rules
Wireless Controller User Manual Global Action: Use the global white-list or black-list action configured on the Advanced Global Configuration page to determine how to handle the client. Figure 126: List of Known Clients The following actions are supported from this page : Add: Add a client with the MAC address you enter in the field to the Known Client database.
Page 226: Figure 127: List Of Available Application Rules Showing 4 Unique Rules
Wireless Controller User Manual waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic. This can be thought of as a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming port(s).
Page 227: Application Rules Status
Wireless Controller User Manual The application rule status page will list any active rules, i.e. incoming ports that are being triggered based on outbound requests from a defined outgoing port. Application Rules Status Advanced > Application Rules > Application Rules Status This page allows displaying the list of available application rules and corresponding status Figure 128: List of Available Application Rules and corresponding status...
Page 228: Content Filtering
Wireless Controller User Manual 7.10.1 Content Filtering  The following feature is available upon licensed activation of VPN / Firewall features for the system. Advanced > Website Filter > Content Filtering Content filtering must be enabled to configure and use the subsequent features (list of Trusted Domains, filtering on Blocked Keywords, etc.).
Page 229: Approved Urls
Wireless Controller User Manual Figure 129: Content Filtering used to block acces s to proxy servers and prevent ActiveX controls from being downloaded 7.10.2 Approved URLs Advanced > Website Filter > Approved URLs The Approved URLs is an acceptance list for all URL domain names. Domains added to this list are allowed in any form.
Page 230: Blocked Keywords
Wireless Controller User Manual Figure 130: Two trusted domains added to the Approved URLs List 7.10.3 Blocked Keywords Advanced > Website Filter > Blocked Keywords Keyword blocking allows you to block all website URL’s or site content that contains the keywords in the configured list. This is lower priority than the Approved URL List; i.e.
Page 231: Export Web Filter
Wireless Controller User Manual Figure 131: One keyword added to the block list 7.10.4 Export Web Filter Advanced > Website Filter > Export Export Approved URLs: Feature enables the user to export the URLs to be allowed to a csv file which can then be downloaded to the local host. The user has to click the export button to get the csv file.
Page 232: Content Keeper Support (Web Content Filtering)
Wireless Controller User Manual Figure 132: Export Approved URL list 7.11 Content Keeper Support (Web Content Filtering) Web Content Filtering (WCF) is branded as Content Keeper. It monitors, manages and controls all web traffic and fully examines new and/or unknown sites in real time as the data passes through the appliance.
Page 233 Wireless Controller User Manual The Dynamic Content Filtering configuration page will let the administrator choose from a range of pre-defined categories to be blocked. When enabled, ac cess to a website belonging to one of these configured categories will be blocked with an error page. ...
Page 234: Ip/Mac Binding
Wireless Controller User Manual  www Email Sites: Websites that allow users to send and/or receive email through a web accessible email account. Figure 133: Category Filtering options 7.13 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to Option) when the LAN node has an IP address matching the MAC address bound to it.
Page 235: Switch Settings
Wireless Controller User Manual the traffic’s source IP address doesn’t match up with the expected MAC address having the same IP address) the packets will be dropped and can be logged for diagnosis. Figure 134: Example binding a LAN host’s MAC Address to a served IP address I n t he ab o ve e x a mp l e, i f t here i s a n I P /M AC B i n d in g vio lat io n, t he v io l a ti n g p a c ke t wi l l b e d ro p p ed a nd lo g s wi l l b e cap t ured .
Page 236: Figure 135: Switch Settings
Wireless Controller User Manual Figure 135: Switch settings Power Saving State: When enabled, the total power to the LAN controller is dependent on the number of connected ports. The overall current draw when a single port is connected is less than when all of the available LAN ports have an active Ethernet connection.
Page 237: Protecting From Internet Attacks
Wireless Controller User Manual 7.15 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the controller unusable. Attack checks allow you to manage Option security threats such as continual ping requests and discovery via ARP scans.
Page 238: Figure 136: Protecting The Controller And Lan From Internet Attacks
Wireless Controller User Manual Figure 136: Protecting the controller and LAN from internet attacks...
Page 239: Chapter 8. Ipsec / Pptp / L2Tp Vpn
Wireless Controller User Manual Chapter 8. IPsec / PPTP / L2TP VPN  The following feature is available upon licensed activation of VPN / Firewall features for the system. A VPN provides a secure communication channel (“tunnel”) between two gateway controller or a remote PC client.
Page 240: Figure 137: Example Of Gateway-To-Gateway Ipsec Vpn Tunnel Using Two Dwc Controllers Connected To The Internet
Wireless Controller User Manual Figure 137: Example of Gateway -to-Gateway IPsec VPN tunnel using two DWC controllers connected to the Internet...
Page 241: Figure 138: Example Of Three Ipsec Client Connections To The Internal Network Through The Dwc Ipsec Gateway
Wireless Controller User Manual Figure 138: Example of three IPsec client connections to the internal network through the DWC IPsec gateway...
Page 242: Vpn Wizard
Wireless Controller User Manual VPN Wizard Setup > Wizard > VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies. Once the IKE or VPN policy is created, you can modify it as required. Figure 139: VPN Wizard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: Select the VPN tunnel type to create...
Page 243 Wireless Controller User Manual Set the Connection Name and pre-shared key: the connection name is used for management, and the pre-shared key will be required on the VPN client or gateway to establish the tun nel Determine the local gateway for this tunnel; if there is more than 1 Option configured the tunnel can be configured for either of the gateways.
Page 244 Wireless Controller User Manual Parameter Default value from Wizard Exchange Mode Aggressive (Client policy ) or Main (Gateway policy) ID Type FQDN Local Option ID wan_local.com (only applies to Client policies) Remote Option ID wan_remote.com (only applies to Client policies) Encryption Algorithm 3DES Authentication Algorithm...
Page 245: Configuring Ipsec Policies
Wireless Controller User Manual Configuring IPsec Policies Setup > VPN Settings > IPsec > IPsec Policies An IPsec policy is between this controller and another gateway or this controller and a IPsec client on a remote host. The IPsec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints.
Page 246: Figure 140: Ipsec Policy Configuration
Wireless Controller User Manual Figure 140: IPsec policy configuration Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode setting, as the policy can be Manual or Auto.
Page 247: Figure 141: Ipsec Policy Configuration Continued (Auto Policy Via Ike)
Wireless Controller User Manual Figure 141: IPsec policy configuration continued (Auto policy via IKE) A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPsec hosts. The incoming and outgoing security parameter index (SPI) values must be mirrored on the remote tunnel endpoint.
Page 248: Extended Authentication (Xauth)
IKE are preferred as in some IPsec implementations the SPI (security parameter index) values require conversion at each endpoint. DWC-1000 supports VPN roll-over feature. This means that policies configured on primary Option will rollover to the secondary Option in case of a link failure on a primary Option.
Page 249: Internet Over Ipsec Tunnel
Wireless Controller User Manual connection between the controller and the RADIUS server with the authentication protocol supported by the server (PAP or CHAP). For RADIUS – PAP, the controller first checks in the user database to see if the user credentials are available; if they are not, the controller connects to the RADIUS server.
Page 250: Pptp Tunnel Support
Wireless Controller User Manual 8.4.1 PPTP Tunnel Support Setup > VPN Settings > PPTP > PPTP Client PPTP VPN Client can be configured on this controller. Using this client we can access remote network which is local to PPTP server. Once client is enabled, the user can Status >...
Page 251: Figure 143: Pptp Tunnel Configuration - Pptp Client
Wireless Controller User Manual Figure 143: PPTP tunnel configuration – PPTP Client Figure 144: PPTP VPN connection status Setup > VPN Settings > PPTP > PPTP Server A PPTP VPN can be established through this controller. Once enabled a PPTP server is available on the controller for LAN and Option PPTP client users to access.
Page 252: L2Tp Tunnel Support
Wireless Controller User Manual Figure 145: PPTP tunnel configuration – PPTP Server 8.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this controller. Once enabled a L2TP server is available on the controller for LAN and Option L2TP client users to access. Once the L2TP server is enabled, L2TP clients that are within the range of configured IP addresses of allowed clients can reach the controller’s L2TP server.
Page 253: Openvpn Support
Wireless Controller User Manual Figure 146: L2TP tunnel configuration – L2TP Server 8.4.3 OpenVPN Support Setup > VPN Settings > OpenVPN > OpenVPN Configuration OpenVPN allows peers to authenticate each other using a pre -shared secret key, certificates, or username/password. When used in a multiclient -server configuration, it allows the server to release an authentication certificate for every client , using signature and Certificate authority.
Page 254 Wireless Controller User Manual Mode: OpenVPN daemon mode. It can run in server mode, client mode or access server client mode. In access server client mode, the user has to download the a uto login profile from the OpenVPN Access Server and upload the same to connect. Server IP: OpenVPN server IP address to which the client connects(Applicable in client mode).
Page 255: Figure 147: Openvpn Configuration
Wireless Controller User Manual Figure 147: OpenVPN configuration...
Page 256: Chapter 9. Ssl Vpn
Chapter 9. SSL VPN  The following feature is available upon licensed activation of VPN / Firewall features for the system. The controller provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre -installed VPN client on the remote host.
Page 257: Figure 148: Example Of Clientless Ssl Vpn Connections To The Dwc-1000
Wireless Controller User Manual Figure 148: Example of clientless SSL VPN connections to the DWC-1000...
Page 258: Groups And Users
Wireless Controller User Manual Groups and Users Advanced > Users > Groups The group page allows creating, editing and deleting groups. The groups are associated to set of user types. The lists of available groups are displayed in the “List of Group” page with Group name and description of group.
Page 259 Wireless Controller User Manual  Xauth User: This user’s authentication is performed by an externally configured RADIUS or other Enterprise server. It is not part of the local user database.  SSLVPN User: This user has access to the SSL VPN services as d etermined by the group policies and authentication domain of which it is a member.
Page 260: Figure 150: User Group Configuration
Wireless Controller User Manual Figure 150: User Group Configuration When SSLVPN users are selected, the SSLVPN settings are displayed with the following parameters as captured in SSLVPN Settings. As per the Authentication Type SSL VPN details are configured.  Authentication Type: The authentication Type can be one of the following: Local User Database (default), Radius-PAP, Radius-CHAP, Radius-MSCHAP, Radius-MSCHAPv2, NT Domain, Active Directory and LDAP.
Page 261: Figure 151: Sslvpn Settings
Directory domains, user can enter the details for up to two authentication domains.  Timeout: The timeout period for reaching the authentication server.  Retries: The number of retries to authenticate with the authentication server after which the DWC-1000 stops trying to reach the server. Figure 151: SSLVPN Settings...
Page 262: Figure 152: Group Login Policies Options
Wireless Controller User Manual Login Policies To set login policies for the group, select the corresponding group click “Login policies”. The following parameters are configured: Group Name: This is the name of the group that can have its login policy edited Disable Login: Enable to prevent the users of this group from logging into the devices management interface(s) Deny Login from Option interface: Enable to prevent the users of this group from...
Page 263 Wireless Controller User Manual Deny Login from Defined Browsers: The list of defined browsers below will be used to prevent the users of this group from logging in to the controller’s GUI. All non- defined browsers will be allowed for login for this group. Allow Login from Defined Browsers: The list of defined browsers below will be used to allow the users of this group from logging in to the controllers GUI.
Page 264: Figure 153: Browser Policies Options
Wireless Controller User Manual Figure 153: Browser policies options Policy by IP To set policies bye IP for the group, select the corresponding group click “Policy by IP”. The following parameters are configured: Group Name: This is the name of the group that can have its login policy edited Deny Login from Defined Browsers: The list of defined browsers below will be used to prevent the users of this group from logging in to the controller GUI.
Page 265: Figure 154: Ip Policies Options
Wireless Controller User Manual Delete: Deletes the selected browser(s). You can add to the list of Defined Browsers by selecting a client browser from the drop down menu and clicking Add. This browser will then appear in the above list of Defined Browsers.
Page 266: Users And Passwords
Wireless Controller User Manual Figure 155: Available Users with login status and associated Group 9.1.1 Users and Passwords Advanced > Users > Users The user configurations allow creating users associated to group. The user settings contain the following key components: User Name: This is unique identifier of the user.
Page 267: User Database
Wireless Controller User Manual It is recommended that passwords contains no dict ionary words from any language, and is a mixture of letters (both uppercase and lowercase), numbers, and symbols. The password can be up to 30 characters. Figure 156: User Configuration options 9.1.2 User Database Advanced>Users>Get User DB This feature allows the administrator to import a CSV formatted user database to the...
Page 268: Figure 157: User Database Export
Wireless Controller User Manual Figure 157: User Database export The user may only add system users using the CSV file upload mechanism. Before adding users to different groups, the groups must be created using GUI. Also edit and delete operations on users can be more conveniently handled through GUI as it is much easier to select a particular user for edit/delete.
Page 269 Wireless Controller User Manual 1. Each line corresponds to a single entry. 2. All the fields must be enclosed within double quotes. Consecutive fields must beseperated by commas. There cannot be any leading or trailing spaces in aline. 3. There should be no spaces between fields. 4.
Page 270: Using Ssl Vpn Policies
Wireless Controller User Manual b. "pptp" with PPTP VPN capability. "cp" with Captive Portal capabality. 2. Here is a compatible CSV file: "test","te","st","pptp","0","0","test" "test1","tes","st1","l2tp","0","0","test1" "test2","ee","ff","ADMIN","0","0","test2" "test3","dd","gg","GUEST","1","0","test3" "test4","qq","ss","cp","1","1","test4" Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level.
Page 271: Figure 158: List Of Ssl Vpn Polices (Global Filter)
Wireless Controller User Manual Figure 158: List of SSL VPN polices (Global filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the availab le configured groups are shown in a drop down menu and one must be selected.
Page 272: Figure 159: Ssl Vpn Policy Configuration
Wireless Controller User Manual Once defined, the policy goes into effect immediately. The policy name, SSL service it applies to, destination (network resource or IP addresses) and permission (deny/permit) is outlined in a list of configured policies for the controller. Figure 159: SSL VPN policy configuration To configure a policy for a single user or group of users, enter the following information: Policy For: The policy can be assigned to a group of users, a single user, or all users...
Page 273: Using Network Resources
Wireless Controller User Manual Apply Policy To: This refers to the LAN resources managed by the DWC-1000, and the policy can provide (or prevent) access to network resources, IP address , IP network, etc. Policy Name: This field is a unique name for identifying the policy. IP address: Required when the governed resource is identified by its IP address or range of addresses.
Page 274: Application Port Forwarding
Wireless Controller User Manual Resource Name: A unique identifier name for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). Figure 160: List of conf igured resources, which are available to assign to SSL VPN policies Application Port Forwarding Setup >...
Page 275 Wireless Controller User Manual TCP Application Port Number FTP Data (usually not needed) FTP Control Protocol Telnet SMTP (send mail) HTTP (web) POP3 (receive mail) NTP (network time protocol) Citrix 1494 Terminal Services 3389 VNC (virtual network computing) 5900 or 5800 As a convenience for remote users, the hostname (FQDN) of the network server can be configured to allow for IP address resolution.
Page 276 Wireless Controller User Manual Once the new application is defined it is displayed in a list of configured applications for port forwarding. allow users to access the private network servers by using a hostname instead of an IP address, the FQDN corresponding to the IP addr ess is defined in the port forwarding host configuration section.
Page 277: Ssl Vpn Client Configuration
Wireless Controller User Manual Figure 161: List of Available Applications for SSL Port Forwarding SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point -to-point connection between the browser- side machine and this controller.
Page 278: Figure 162: Ssl Vpn Client Adapter And Access Configuration
VPN tunnel. With full tunnel support (if the split tunnel option is disabled the DWC-1000 acts in full tunnel mode) all addresses on the private network are accessible over the VPN tunnel. Client routes are not r equired.
Page 279 Wireless Controller User Manual DNS Suffix: The DNS suffix name which will be given to the SSL VPN client. This configuration is optional. Primary DNS Server: DNS server IP address to set on the network adaptor created on the client host. This configuration is optional. Secondary DNS Server: Secondary DNS server IP address to set on the network adaptor created on the client host.
Page 280: Creating Portal Layouts
Wireless Controller User Manual Figure 163: Configured client routes only apply in split tunnel mode 9.4.1 Creating Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The controller allows you to create a custom page for remote SSL VPN users that is presented upon authentication.
Page 281 Wireless Controller User Manual Portal Layout Name: A descriptive name for the custom portal that is being configured. It is used as part of the SSL portal URL. Portal Site Title: The portal web browser window title that appears when the client accesses this portal.
Page 282: Figure 164: Ssl Vpn Portal Configuration
Wireless Controller User Manual Figure 164: SSL VPN Portal configuration...
Page 283: Chapter 10. Advanced System Functionalities
10.1 USB Device Setup Setup > USB Settings > USB Status The DWC-1000 Wireless controller has a USB interface for printer access, file sharing.  USB Mass Storage: also referred to as a “share port”, files on a USB disk connected to the DWC can be accessed by LAN users as a network drive.
Page 284: Usb Share Port
10.2 USB Share Port Setup > USB Settings > USB Status The DWC-1000 Wireless controller has a USB interface for printer access this page allows you to enable USB device support for both interface USB1 and USB2. It also allows you to enable printer access from a particular VLAN.
Page 285: Authentication Certificates
Wireless Controller User Manual Figure 166: USB Share Port 10.3 Authentication Certificates Advanced > Certificates This gateway uses digital certificates for IPsec VPN authentication as well as SSL validation (for HTTPS and SSL VPN authentication). You can obtain a digital certificate from a well-known Certificate Authority (CA) such as VeriSign, or generate and sign your own certificate using functionality available on this gateway.
Page 286 Wireless Controller User Manual A self certificate is a certificate issued by a CA identifying your device (or self -signed if you don’t want the identity protection of a CA). The Active Self Certificate table lists the self certificates currently loaded on the gateway. The following information is displayed for each uploaded self certificate: Name: The name you use to identify this certificate, it is not displayed to IPsec VPN peers or SSL users.
Page 287: Amt
Wireless Controller User Manual Figure 167: Certificate summary for IPsec and HTTPS management ® 10.4 Intel  This feature is available upon licensed activation of VPN / Firewall features for the system. ® Advanced > Intel ® Intel Active Management Technology enables IT managers to remotely access and manage every networked computing system, even those that lack a working operating system or hard drive, or are turned off as long as the PC/Notebook is connected to line ®...
Page 288: Figure 168: Intel Amt
Wireless Controller User Manual AMT Technology could cross Internet seamlessly and it's an ideal solution to help IT managers for asset management over Internet. . ® Figure 168: Intel Enable Ports: When enabled, inbound/outbound firewall rules are added for certain ports to enable Intel®...
Page 289 Wireless Controller User Manual separated list of Option host addresses that are to be all owed access to the Local Server (LAN Host). Option Host Addresses: The user must provide a comma separated list of Option IP addresses that must be allowed access to the Local Server in case he has selected "Specify Option IPs"...
Page 290: Chapter 11. Advanced Wireless Controller Features
Wireless Controller User Manual Chapter 11. Advanced Wireless Controller Features 11.1 General Advanced > Global > General The fields on the advanced Wireless Global Configuration page are settings that apply to the DWC-1000 Wireless Controller. Figure 169: Wireless Configuration...
Page 291 Wireless Controller User Manual Peer Group ID: In order to support larger networks, you can configure wireless controllers as peers, with up to 8 controllers in a cluster (peer group). Peer controllers share some information about APs and allow L3 roaming among them. Peers are grouped according to the Group ID.
Page 292: Snmp Trap
SNMP message. The device can act as an agent and can send asynchronous notification when certain events happen . DWC-1000 supports both public and private traps:  Public traps include traps specified in RFC-1215. Details are in the SNMPv2 - MIB.txt MIB file available with the DWC -1000 firmware.
Page 293: Figure 170: Snmp Trap Settings
Wireless Controller User Manual Figure 170: SNMP Trap settings To user SNMP traps, associate the device to a trap manager. Add the trap manager IP Maintenance > Management > SNMP > SNMP Trap List address and port in the page: ...
Page 294: Distributed Tunneling
Wireless Controller User Manual 11.3 Distributed Tunneling Advanced > Global > Distributed Tunneling The Distributed Tunneling mode, also known as AP -AP tunneling mode, is used to support L3 roaming for wireless clients without forwarding any data traffic to the wireless controller.
Page 295: Distributed Tunneling Status
Wireless Controller User Manual Distributed Tunnel Max Multicast Replications Allowed: Specify the maximum number of tunnels to which a multicast frame is copied on the Home AP. 11.3.1 Distributed Tunneling Status Status > Dashboard > Distributed Tunneling This page shows information about all the distrib uted tunnel clients. Figure 172: Distributed Tunneling Clients Distributed Tunnel Packets: Transmitted: Total number of packets sent by all APs via distributed tunnels.
Page 296: Peer Controller Configuration
Wireless Controller User Manual Distributed Tunnel Clients: Total number of clients that are associated with an AP that are using distributed tunneling. Distributed Tunnel Client Denials: Total number of clients for which the system was unable to set up a distributed tunnel when client roamed. 11.4 Peer Controller Configuration 11.4.1 Peer Controller Configuration Request Status Advanced >...
Page 297: Figure 173: Peer Controller Configuration Request Status
Wireless Controller User Manual Figure 173: Peer Controller Configurat ion Request Status Peer Controller Configuration Request Status: Configuration Request Status: Indicates the global status for a configuration push operation to one or more peer controllers. The status can be one of the following: ...
Page 298: Peer Controller Configuration
Wireless Controller User Manual Success Count: Indicates the total number of peer controllers that have successfully completed a configuration download. Failure Count: Indicates the total number of peer controllers that have failed to complete a configuration download. List of Peers Peer IP Address: Lists the IP address of each controller in the cluster indicates configuration request...
Page 299: Wids Configuration
RADIUS Client: Enable this field to include the Client RADIUS information in the configuration that the controller pushes to its peers. 11.5 WIDS Configuration The D-Link Wireless Controller Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network and take automatic actions to protect the network.
Page 300 Wireless Controller User Manual connectivity. Since some of the work is done by access points, the controller needs to send messages to the APs to modify its WIDS operational properties Administrator configured rogue AP: If the source MAC address is in the valid -AP database on the controller or on the RADIUS server and the AP type is marked as Rogue, then the AP state is Rogue.
Page 301 Wireless Controller User Manual Invalid SSID from a managed AP: This test checks whether a known managed AP is sending an unexpected SSID. The SSID reported in the RF Scan is compared to the list of all configured SSIDs that are used by the profil e assigned to the managed AP. If the detected SSID doesn't match any configured SSID then the AP is marked as rogue.
Page 302 Wireless Controller User Manual Rogue Detected Trap Interval: Specify the interval, in seconds, between transmissions of the SNMP trap telling the administrator that rogue APs are present in the RF Scan database. If you set the value to 0, the trap is never sent. Wired Network Detection Interval: Specify the number of seconds that the AP waits before starting a new wired network detection cycle.
Page 303: Wids Client Configuration
Wireless Controller User Manual Figure 175: WIDS AP Configuration 11.5.2 WIDS Client Configuration Advanced > WIDS Security > Client The settings you configure on the WIDS Client Configuration page help determine whether a detected client is classified as a rogue. Clients classified as rogues are considered to be a threat to network security The WIDS feature tracks the following types of management messages that each detected client sends:...
Page 304 Wireless Controller User Manual • Probe Requests • 802.11 Authentication Requests • 802.11 De-Authentication Requests. In order to help determine whether a client is posing a threat to the network by flooding the network with management traffic, the system keeps track of the number of times the AP received each message type and the highest message rate detected in a single RF Scan report.
Page 305 Wireless Controller User Manual Known Client Database Lookup Method: When the controller detects a client on the network it performs a lookup in the Known Client database. Specify whether the controller should use the local or RADIUS database for these lookups. Known Client Database RADIUS Server Name: If the known client database lookup method is RADIUS then this field specifies the RADIUS server name.
Page 306: Wds Settings
Wireless Controller User Manual Figure 176: WIDS Client Configuration 11.6 WDS Settings Advanced>WDS Configuration The Wireless Distribution System (WDS) Managed AP feature allows administrator to add managed APs to the cluster using over -the-air WDS links through other managed APs. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks.
Page 307 Wireless Controller User Manual The WDS AP group consists of two types of APs: root APs and satellite APs. A root AP acts as a bridge or repeater on the wireless medium and communicates with the controller via the wired link. A satellite AP communicates with the controller via a WDS link to the root AP.
Page 308: Group Configuration
Wireless Controller User Manual 11.6.1 Group Configuration WDS Group ID: Define the group’s ID, which will be used in AP and Link configuration pages to identify this group. Figure 177: WDS Group Configuration 11.6.2 AP Configuration After creating a WDS-Managed AP group, use the WDS Managed AP Configuration page to view the APs that are members of the group, add new members, and change STP Priority values for existing members.
Page 309: Link Configuration
Wireless Controller User Manual Figure 178: WIDS Managed AP Configuration The following fields are available on the WDS Managed AP Summary page. WDS Group ID: Select the ID associated with the group to configure. AP MAC Address: MAC Address of the AP. STP Priority: Spanning Tree Priority for this AP.
Page 310: Figure 179: Wds Ap Link Configuration
Wireless Controller User Manual After creating a WDS-Managed AP group, we can use the WDS AP Link Configuration page to configure the WDS links between the APs that are members of the group. Figure 179: WDS AP Link Configuration The following fields are available on the WDS AP Link Configuration page : ...
Page 311: External Authentications
Wireless Controller User Manual Destination Radio: The radio number of the WDS link endpoint on the destination STP Link Cost: Spanning Tree Path cost for the WDS link. The range is 0â€“255. When multiple alternate paths are defined in the WDS group, the link cost is used to indicate which links are the primary links and which links are the secondary links.
Page 312: Radius Settings
Wireless Controller User Manual 11.7.1 RADIUS Settings Setup > External Authentications > RADUIS Settings From the RADIUS Server Configuration page, you can add a new RADIUS server, configure settings for a new or existing RADIUS server, and view RADIUS server status information.
Page 313: Nt Domain Settings
Wireless Controller User Manual Authentication Port: RADIUS authentication server port to send RADIUS messages. Secret: Secret key that allows the device to log into the configured RADIUS server. It must match the secret on RADIUS server. Timeout: Set the amount of time in seconds, the router should wait for a response from the RADIUS server.
Page 314 Wireless Controller User Manual After configuring NT Domain Settings, users in to the configured domain are able to authenticate. The following fields needs to be configured in NT Domain configuration. Authentication Server 1: The IP Address of the primary authentication server. Authentication Server 2: The IP Address of the secondary authentication server;...
Page 315: Ldap Settings
Wireless Controller User Manual Timeout: Set the amount of time in seconds, the appliance s hould wait for a response from the authentication server. Retries: The number of attempts the appliance will make to the authentication server before giving considering authentication attempt failed.
Page 316: Figure 182: Ldap Authentication Configuration
Wireless Controller User Manual Figure 182: LDAP Authentication Configuration The administrator can configure authentication servers for LDAP authentication. After configuring the servers with the below listed parameters, whenever user tries to authenticate the client will send an LDAP Request to server and server sends backs the LDAP Response determining authentication success.
Page 317: Active Directory Settings
Wireless Controller User Manual SAM account name, Associated Domain Name and so on. These can be used to distinguish between different users having same user name. LDAP Base DN: LDAP authentication requires the base domain name; contact your administrator for the Base DN to use LDAP authentication for this domain. This Domain name is for Authentication Server1 Second LDAP Base DN (optional): Base domain name for Authentication Server2 (if in use).
Page 318: Figure 183: Active Directory Configuration
Wireless Controller User Manual unique security identifiers. The AD client on the appliance will use Authentication port 88 to communicate with server. Figure 183: Active Directory Configuration After configuring the AD server(s), whenever user tries to authenticate with credentials the client will send AS Request to server and server sends backs the AS Response. Authentication Server 1: The IP Address of the primary authentication server.
Page 319: Pop3 Settings
Wireless Controller User Manual Second Active Directory Domain (optional): Active Directory Domain for Authentication Server2 (if in use) Third Active Directory Domain (optional): Active Directory Domain for Authentication Server3 (if in use) Timeout: Set the amount of time in seconds, the appliance should wait for a response from the authentication server.
Page 320: Figure 184: Pop3 Server Configuration
Wireless Controller User Manual Figure 184: POP3 Server Configuration Authentication Server 1: The IP Address of the primary authentication server. Authentication Server 2: The IP Address of the secondary authentication server; it is an optional field. Authentication Server 3: The IP Address of the tertiary authentication server; it is an optional field.
Page 321: Figure 185: Pop3 Ca File List
Wireless Controller User Manual After configuring all fields in Active Directory settings, to check the server reachability the administrator can use Server Checking option . When the administrator clicks on server checking button the server reachability status for the configured servers is returned.
Page 322: Chapter 12. Administration & Management
Wireless Controller User Manual Chapter 12. Administration & Management 12.1 Remote Management Both HTTPS and telnet access can be restricted to a subset of IP addresses. The controller administrator can define a known PC, single IP address or range of IP addresses that are allowed to access the GUI with HTTPS.
Page 323: Snmp Configuration
Wireless Controller User Manual 12.3 SNMP Configuration Tools > Admin > SNMP SNMP is an additional management tool that is useful when multiple controller in a network are being managed by a central Master system. When an extern al SNMP manager is provided with this controller Management Information Base (MIB) file, the manager can update the controller hierarchal variables to view or update configuration parameters.
Page 324: Figure 187: Snmp Users, Traps, And Access Control
Wireless Controller User Manual Figure 187: SNMP Users, Traps, and Access Control Tools > Admin > SNMP System Info The controller is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the controller for SysLog logging.
Page 325: Snmp Traps
12.4 SNMP Traps Advanced > Global > SNMP Traps If you use Simple Network Management Protocol (SNMP) to manage the DWC-1000 wireless controller, you can configure the SNMP agent on the controller to send traps to the SNMP manager on your network. When an AP is managed by a controller, it does not send out any traps.
Page 326: Figure 189: Snmp Traps
Wireless Controller User Manual Figure 189: SNMP Traps AP Failure Traps: If you enable this field, the SNMP agent sends a trap if an AP fails to associate or authenticate with the controller. AP State Change Traps: If you enable this field, the SNMP agent sends a trap for one of the following reasons, each containing location objects: ...
Page 327 Wireless Controller User Manual  Client Association Failure  Client Authentication Failure Client State Change Traps: If you enable this field, the SNMP agent sends a trap for one of the following reasons associated with the wireless client, each containing location objects: ...
Page 328: Configuring Time Zone And Ntp
Wireless Controller User Manual 5- RF Scan AP List. 6- Client Association Database. 7- Ad Hoc Clients List. 8- Detected Clients List. 12.5 Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time.
Page 329: Log Configuration
Wireless Controller User Manual Figure 190: Date, Time, and NTP server setup 12.6 Log Configuration This controller allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor the type of traffic that goes through the controller and also be notified of potential attacks or errors when they are detected by the controller.
Page 330: Defining What To Log
Wireless Controller User Manual 12.6.1 Defining What to Log Tools > Log Settings > Logs Facility The Logs Facility page allows you to determine the granularity of logs to receive from the controller. There are three core components of the controller, referred to as Facilities: Kernel: This refers to the Linux kernel.
Page 331: Figure 191: Facility Settings For Logging
Wireless Controller User Manual Figure 191: Facility settings for Logging The display for logging can be customized based on where the logs are sent, either Status > Logs the Event Log viewer in the GUI (the Event Log viewer is in the page) or a remote Syslog server for later review.
Page 332 Wireless Controller User Manual Accepted Packets are those that were successfully transferred through the corresponding network segment (i.e. LAN to Option). This option is particularly useful when the Default Outbound Policy is “Block Always” so the IT admin can monitor traffic that is passed through the firewall. ...
Page 333: Sending Logs To E-Mail Or Syslog
Wireless Controller User Manual Figure 192: Log configuration opti ons for traffic through controller 12.6.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the controller to collect, they can be sent to either a Syslog server or an E -Mail address.
Page 334 Wireless Controller User Manual sending e-mails out to the configured addresses. The SMT P port and return e-mail addresses are required fields to allow the controller to package the logs and send a valid e-mail that is accepted by one of the configured “send -to” addresses. Up to three e-mail addresses can be configured as log recipients.
Page 335: Figure 193: E-Mail Configuration As A Remote Logging Option
Wireless Controller User Manual Figure 193: E-mail configuration as a Remote Logging option An external Syslog server is often used by network administrator to collect and store logs from the controller. This remote device typically has less memory constraints than the local Event Viewer on the controller GUI, and thus can collect a considerable number of logs over a sustained period.
Page 336: Event Log Viewer In Gui
Wireless Controller User Manual select the checkbox next to an empty Syslog server field and assign the IP address or FQDN to the Name field. The selected facility and severity level messages will be sent to the configured (and enabled) Syslog server once you save this configuration page’s settings.
Page 337: Figure 195: Vpn Logs Displayed In Gui Event Viewer
Wireless Controller User Manual Status > Logs > VPN Logs  The following feature is available upon licensed activation of VPN / Firewall features for the system. This page displays IPsec VPN log messages as determined by the configuration settings for facility and severity. This data is useful when evaluating IPsec VPN traffic and tunnel health.
Page 338: Backing Up And Restoring Configuration Settings
Wireless Controller User Manual Figure 196: SSL VPN logs displayed in GUI event viewer 12.7 Backing up and Restoring Configuration Settings Tools > System You can back up the controller custom configuration settings to restore them to a different device or the same controller after some other changes. During backup, your settings are saved as a file on your host.
Page 339 Wireless Controller User Manual For backing up configuration or restoring a previously saved configuration, please follow the steps below: To save a copy of your current settings, click the Backup button in the Save Current Settings option. The browser initiates an export of the configuration file and prompts to save the file on your host.
Page 340: Upgrading Wirelesss Controller Firmware
Wireless Controller User Manual Figure 197: Restoring configuration from a saved file will result in the current configuration being overwritten 12.8 Upgrading Wirelesss Controller Firmware Tools > Firmware You can upgrade to a newer software version from the Administration web page. In the Firmware Upgrade section, to upgrade your firmware, clic k Browse, locate and select the firmware image on your host, and click Upgrade.
Page 341: Figure 198: Firmware Version Information And Upgrade Option
By clicking the Check Now button in the notification section, the controller will check a D-Link server to see if a newer firmware version for this controller is available for download and update the Status field below.
Page 342: Dynamic Dns Setup
Wireless Controller User Manual 12.9 Dynamic DNS Setup Tools > Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows controller with varying public IP addresses to be located using Internet domain name s. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, D -Link DDNS, or Oray.net.
Page 343: Using Diagnostic Tools
Wireless Controller User Manual Figure 199: Dynamic DNS configuration 12.9.1 Using Diagnostic Tools Tools > System Check The controller has built in tools to allow an administrator to evaluate the communication status and overall network health.
Page 344: Ping
Wireless Controller User Manual Figure 200: Controller diagnostics tools available in the GUI 12.9.2 Ping This utility can be used to test connectivity between this controller and another device on the network connected to this controller. Enter an IP address and click PING. The command output will appear indicating the ICMP echo request status.
Page 345: Dns Lookup
Wireless Controller User Manual 12.9.4 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address.
Page 346: Chapter 13. License Activation
The DWC-1000 can be upgraded with three optional license packs: 1. The DWC-1000-AP6/DWC-1000-AP6-LIC License Packs enable the Wireless Controller to manage 6 extra access points. The DWC-1000 can be upgraded up to 3 times with this license pack, enabling it to support up to 24 access points in total.
Page 347: Figure 201: Installing A License
Wireless Controller User Manual Figure 201: Installing a License Figure 202: Available Licenses Display a fter installing a License  The newly licensed features will be enabled after system reboot.
Page 348: Appendix A. Glossary
Wireless Controller User Manual Appendix A. Glossary Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. Dynamic DNS. System for updating domain names in real time. Allows a domain name to be DDNS assigned to a device with a dynamic IP address.
Page 349 Wireless Controller User Manual Internet Key Exchange Security Protocol. Protocol for establishing security associations and ISAKMP cryptographic keys on the Internet. Internet service provider. Media-access-control address. Unique physical-address identifier attached to a network MAC Address adapter. Maximum transmission unit. Size, in bytes, of the largest packet that can be passed on. The MTU for Ethernet is a 1500-byte packet.
Page 350 Wireless Controller User Manual Remote Authentication Dial-In User Service. Protocol for remote user authentication and RADIUS accounting. Provides centralized management of usernames and passwords. Rivest-Shamir-Adleman. Public key encryption algorithm. Transmission Control Protocol. Protocol for transmitting data over the Internet with guaranteed reliability and in-order delivery.
Page 351: Appendix B. Factory Default Settings
Wireless Controller User Manual Appendix B. Factory Default Settings Feature Description Default Setting User login URL http://192.168.10.1 Device login User name (case sensitive) admin Login password (case sensitive) admin Option MAC address Use default address Internet Option MTU size 1500 Connection Port speed Autosense...
Page 352 Wireless Controller User Manual DHCP starting IP address 192.168.10.2 DHCP ending IP address 192.168.10.100 Time zone Time zone adjusted for Daylight Saving Time Disabled SNMP Disabled Remote management Disabled Disabled (except traffic on port Inbound communications from the Internet 80, the HTTP port) Outbound communications to the Internet Enabled (all) Firewall...
Page 353: Appendix C. Recovery From Upgrade Failure
LED will flash 5 times. This indicates that recovery mode has been entered. 3. The DWC-1000 LAN IP address is 192.168.1.1 and open this site with any browser . 4. Select the firmware image on your host – these screens will allow you to upload the full DWC-1000 firmware image to restore full system functionality prior to the upgrade issue.
Page 354 Wireless Controller User Manual Upgrade in Progress: After a successful upgrade, the unit will reboot:...
Page 355: Appendix D. Product Statement
Wireless Controller User Manual Appendix D. Product Statement Power Usage This device is an Energy Related Product (ErP) with High Network Availability (HiNA), and automatically switches to a power -saving Network Standby mode within 1 minute of no packets being transmitted. It can also be turned off through a power switch to save energy when it is not needed.

D-Link DWC-1000 User Manual

Chapter 1. Introduction

Chapter 2. Configuring Your Network

Chapter 3. Configuring Wireless LAN

Chapter 4. Monitoring Status and Statistics

Chapter 5. AP Management

Chapter 6. Connecting to the Internet: Option Setup

Chapter 7. Securing the Private Network

Chapter 8. Ipsec / PPTP / L2TP VPN

Quick Links

User Manual

Related Manuals for D-Link DWC-1000

Summary of Contents for D-Link DWC-1000