Configure an ACL to prevent wireless clients from accessing the WS1 management interface. • Configure DHCP on the wireless switch for wireless client address assignment. • Understand some of the D-LINK Unified Access Point features. 10.90.90.90/8 SSID: Guest Network SSID: Guest Network 10.90.90.91/8...
The table below gives the IP addresses used in this scenario. The following steps will guide you through the configuration of the Wireless Switch and the Access Point. Device Subnet Wireless Switch 10.90.90.90/8 (default) 10.90.90.91/8 (default) 10.90.90.92/8 Client Address Pool 10.90.91.1 –...
10. Enter the command “save-running” to save the current AP configuration. 11. Enter the command “Exit” to logout the AP. 1.2. Configure the DHCP Server The wireless switch can function as a DHCP server to assign addresses to wireless (or wired) clients that connect to each AP.
1.2.2. Pool Configuration This section describes how to configure the address pool for the wireless clients. 1. Select Pool Configuration in the Navigation tree. 2. Select create and specify the following settings: a. Pool Name – GuestPool b. Type of Binding - Dynamic c.
1.3. ACL Configuration The ACL in this scenario prevents wireless clients from accessing the web management interface of the switch. All other types of traffic is allowed. 1. From the LAN menu, navigate to the Access Control Lists > IP ACL > Access Profile Settings page.
Page 8
Rule 1 Next, you must attach the ACL to port 0/1 and port 0/13 (the physical ports to which the APs will be connected) so that the rules are applied to the appropriate wireless client traffic that goes through the APs connected to the switch. 1.
1.4. Wireless Configuration You configure and monitor all wireless settings from the WLAN tab on the navigation panel. Since the deployment is an L2 Edge and there are no subnet boundaries to cross, the switch can use the network management IP address for the wireless functions (Note: the wireless switch component uses an IP address to manage the APs and peer-switches.
1.5. Device Connections At this point, all the devices are ready to be connected. After the switch discovers the APs, they will appear on the Failed list because the MAC addresses of the APs are not configured in the Valid AP database (i.e. the switch has not been configured to accept any valid APs).
1.7. Verify the Configuration 1. From a wireless client, verify that you can see the Guest Network SSID. 2. Using a wireless client, connect to the Guest Network. 3. Check the IP address that the switch DHCP server assigned. 4. Try pinging from a client on the Guest Network to the switch or AP IP address. The ping should pass.
Page 13
the profile or an AP comes online into managed state after the profile changes are submitted. The Channel adjustment algorithm may be triggered periodically or manually. To manually adjust the channel plan, use the fol l owing steps: 1. Select the WLAN tab from the navigation panel and navigate to Administration à...
You may also manually change the operational channel from the Administration à AP Management à Advanced page. Select the appropriate channel of the AP radio and change it to the desired channel on the next screen. 1.8.3. Rogue AP Detection To check the rogue AP list, select the WLAN tab from the navigation panel and navigate to Monitoring à...
1.8.4. Power Adjustment To check power level, select the WLAN tab from the navigation panel and click Monitoring à Access Points à Managed Access Points . Select Radio Details tab to check the power level. The Automatic Power Adjustment algorithm works by setting the initial po wer of the AP to the value specified in the AP profile.
Page 16
The power adjustment may be manually triggered by selecting the WLAN tab from the navigation panel and traversing down to Administration à AP Management à RF Management. Select the Manual Power Adjustments tab and then the Start button to start the process (click the Apply button to apply new power adjustment) You may change the power of the AP radio by selecting the Radio tab of the Basic Setup and changing the Initial Power to the desired setting and click on submit.
1.8.5. Load Balancing The Wireless Switch performs load balancing on a per radio basis by tracking the wireless bandwidth utilization. The maximum bandwidth utilization is configured in the Radio tab of the Basic Setup. If the utilization reaches the configured threshold then new client associations are rejected.
Configure multiple SSIDs with different VLAN s. • Enable wireless encryption. Network: 10.90.90.90/8 Port 0/13 Loopback: 192.168.10.254 VLAN 30 Port 0/1 VLAN 20 SSID: D-LINK-NET1: VLAN 100 D-LINK-NET2: VLAN 200 Guest Network SSID: D-LINK-NET1: VLAN 100 192.168.20.x D-LINK-NET2: VLAN 200 Guest Network 192.168.30.x Seamless Roaming An overview of the configuration steps needed to complete this scenario is as follows: 1.
192.168.200.x/24 2.1. Configuring LAN Settings All of the features you configure in this section are within the LAN tab on the D-LINK Wireless Switch. In this scenario, the switch is a L3 device with a total of four VLAN routing interfaces. Each connected AP is in a different subnet, so you need to configure two separate VLAN routing interfaces and configure an IP address for each interface.
Page 20
1. From the LAN tab on the switch Web interface, click L2 Features à VLAN à VLAN Configuration. 2. Select Create from VLAN ID and Name pull down menu. 3. Enter the VLAN ID. 4. Enter VLAN Name . On the Slot/Port row for the port to include in the VLAN, select Include from the Participation drop-down menu.
Page 21
After you have repeated the steps to configure all four VLANs, use the Monitoring à VLAN Summaryà VLAN Status and VLAN Port Status pages to verify that the VLANs and the ports are configured properly. VLAN Status...
VLAN Port Status 2.1.2. Configure VLAN Routing To configure the VLAN routing interfaces for AP1, AP2, and the two D-LINK-NET networks, use the following steps. 1. Select the LAN tab from the navigation panel and click L3 Features à VLAN Routing Configuration.
Page 23
5. Select interface 4/1 from the Slot/Port drop-down menu and enter the following information: a. IP Address: 192.168.20.254 b. Subnet Mask: 255.255.255.0 c. Routing Mode: Enable 6. Click Submit. 7. Repeat the steps for interface 4/2 (VLAN 30), 4/3 (VLAN 100), and 4/4 (VLAN 200). Refer to the following table for IP address information: Interface IP Address...
2.1.3. Enable Global Routing You need to enable the routing mode to allow the switch to operate as a L3 device in this scenario. To do this, navigate to the L3 Features à IP à Configuration page. Select Enable from the Routing Mode drop-down menu and click Submit.
2.1.6. DHCP Server You need to configure IP address pools for each AP and for the clients that connect to the APs through the D-LINK NET1 and DLINK-NET2 SSIDs. 1. From the LAN menu, click Administration à DHCP Server à Global Configuration 2.
11. The screen refreshes with additional fields. Click the Configure button associated with the appropriate fields and enter the following criteria to deny IP traffic from clients on the D-LINK-NET1 network to clients on the D-LINK-NET2 network: • Protocol Keyword: IP •...
Page 27
13. The screen refreshes with additional fields. Click the Configure button associated with the appropriate fields and enter the following criteria to deny IP traffic from clients on the D-LINK-NET2 network to clients on the D-LINK-NET1 network: • Protocol Keyword: IP •...
Page 28
14. Create Rule 3 to allow all other type of traffic between any source and any destination since as mentioned earlier, there is an implicit “deny all” rule at the end of every ACL. 15. From the Rule drop-down menu, select Create. 16.
2.2. Configuring WLAN Settings All of the features you configure in this section are within the WLAN tab on the D-LINK Wireless Switch. Use the following steps to configure the Wireless Switch and the APs. 1. On the Global tab of the Administration à Basic Setup page, make sure the switch IP address is the Loopback interface address (192.168.10.254), the country code is...
Page 30
5. Select the 802.11b/g radio. 6. Select the check box next to Managed SSID 2 and click Edit. 7. Change the following Network parameters and select Submit: a. SSID – D-LINK-NET1 b. VLAN – 100 c. Security – WEP •...
Page 31
SSID tab. 9. Select the check box next to Managed SSID 3 and click Edit. Change the follow ing parameters and select Submit: a. SSID – D-LINK-NET2 b. VLAN – 200 c. Security – WEP •...
8. Try pinging from a client on D-LINK-NET1 to D- LINK-NET2. The ping should fail because of the ACL. 9. Perform a “fast roam” from one AP to the other on one of the D-LINK-NET SSIDs (this can be simulated by pulling power on the AP you are currently associated with)
Page 33
and observe that your IP address does not change even though you have now associated with an AP on a different subnet. Fast roams will not function on the Guest Network SSID because the client will be forced to acquire a new IP address.