Preface D-Link reserves the right to revise this publication and to make changes in the content hereof without obligation to notify any person or organization of such revisions or changes. Information in this document may become obsolete as our services and websites develop and change.
The power cable must be rated for the product and for the voltage and current marked on the product’s electrical ratings label. The voltage and current rating of the cable should be greater than the ratings marked on the product. • To help prevent electric shock, plug the system and peripheral power cables into properly grounded electrical outlets. D-Link DWC-1000 User Manual...
Page 4
Be sure that nothing rests on any cables. • Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modifications. • Always follow your local/national wiring rules. • When connecting or disconnecting power to hot-pluggable power supplies, if offered with your system, observe the following guidelines: • Install the power supply before connecting the power cable to the power supply. • Unplug the power cable before removing the power supply. • If the system has multiple sources of power, disconnect power from the system by unplugging all power cables from the power supplies. • Move products with care; ensure that all casters and/or stabilizers are firmly connected to the system. Avoid sudden stops and uneven surfaces. D-Link DWC-1000 User Manual...
2. When transporting a sensitive component, first place it in an antistatic container or package. 3. Handle all sensitive components in a static-safe area. If possible, use antistatic floor pads, workbench pads and an antistatic grounding strap. D-Link DWC-1000 User Manual...
Step #1: Enable DHCP Server (Optional) .......................28 Step #2: Configure Country Code ..........................29 Step #3: Select APs to be Managed ........................30 Step #4: Change the SSID and Set Up Security ....................32 Step #5: Select MAC Authentication Mode ......................37 Step #6: Confirm Access Point Profile is Associated ..................39 Step #7: Configure Captive Portal Settings ......................40 Step #8: Use SSID with RADIUS Sever as Authenticator ..................48 Step #9: Configure Guest Management .......................49 Step #10: Configure a BYOD Environment ......................56 Where to Go from Here ................................62 D-Link DWC-1000 User Manual...
Page 7
Manual Change Channel and Power of Managed AP ..................84 Configure AP Debug Mode ............................85 Configure AP Provisioning ............................86 AP Profiles ....................................88 Configure AP Profile ..............................88 Configure AP Profile Radio ............................90 Configure AP Profile SSID ............................96 Configure AP Profile QoS ............................97 SSID Profiles ....................................101 Configure SSID Profiles .............................101 Wireless Distribution System (WDS) ..........................105 Configure WDS Managed AP ..........................107 Configure WDS Managed AP ..........................108 Configure WDS AP Link .............................110 Peer Group ....................................111 Configure Peer Group ..............................111 Synchronize Peer Group ............................112 AP Firmware Download ..............................113 AP Firmware Status..............................115 D-Link DWC-1000 User Manual...
Page 8
NAT or Classical ...............................145 Transparent ................................146 IP Aliasing ..................................147 DMZ DHCP Reserved IPs ............................148 Dynamic DNS ................................149 VLANs .......................................150 Creating VLANs ................................150 Editing VLANs................................152 Deleting VLANs................................152 MultiVLAN Subnets ..............................153 Port VLANs ..................................155 MAC Based VLANs ..............................156 Voice VLANs ................................158 Protocol Based VLANs ............................159 Double VLANs ................................160 GVRP ....................................161 D-Link DWC-1000 User Manual...
Page 9
Client Management ................................191 Viewing/Adding Wireless Known Clients ......................191 Editing/Deleting Clients ............................193 Group Management ................................194 Adding User Groups ..............................194 Editing User Groups ...............................196 Deleting User Groups ............................197 Configuring Login Policies ............................198 Configuring Browser Policies ..........................199 Configuring IP Policies ..............................200 User Management ................................201 Adding Users Manually .............................201 Importing Users ..............................202 Editing Users ................................203 Deleting Users .................................204 D-Link DWC-1000 User Manual...
Page 11
Viewing Captive Portal Sessions ........................282 Viewing Active Sessions ............................283 Viewing VPN Sessions ............................284 Viewing Traffic on Interfaces ............................285 Viewing Controller Status and Statistics ......................287 Controller Associated Clients ..........................288 Distributed Tunnel ..............................289 Peer Controller Receive Status ...........................290 Peer Controller Sent Status ..........................292 Viewing Access Point Information ........................293 Global Status ................................293 All APs ..................................295 Managed ..................................296 D-Link DWC-1000 User Manual...
Page 12
Configure Wireless SNMP Info ..........................329 Backup Configuration Settings ............................332 Restoring Configuration Settings ...........................333 Restoring Factory Default Settings ..........................334 Rebooting the Wireless Controller ..........................335 Upgrading Firmware ................................336 Wireless Controller Firmware Upgrade .......................336 Using the Command Line Interface..........................338 Troubleshooting ............................339 LED Troubleshooting ................................340 Power LED is OFF .................................340 LAN Port LEDs Not ON ...............................340 Web Management Interface ............................340 D-Link DWC-1000 User Manual...
• Discover and configure D-Link access points on the WLAN • Optimize wireless access point performance with centralized RF management, security, Quality of Service (QoS), and other configuration features • Streamline security configuration tasks and set up guest access • Monitor network status and statistics • Perform maintenance tasks and firmware updates for the wireless management system and for D-Link access points on your wireless network • Conduct troubleshooting procedures Configuration is performed using configuration profiles. A configuration profile allows a wireless controller to distribute a set of radio, Service Set Identifier (SSID), and QoS parameters to the access points associated with that profile. D-Link DWC-1000 User Manual...
Page 15
For example: • An office building may have one configuration profile for access points located in one area of a facility (such as a general work area) and a different profile for access points in another area of the facility (for example, in the Human Resources department). • A shopping mall may need several configuration profiles if several businesses share a WLAN, but each business has its own network. • Large networks that need different policies per building or department could have access points configured for security policies for each building and department (for example, one for guests, one for management, one for sales, and so on). D-Link DWC-1000 User Manual...
• DHCP server for dynamic IP address provisioning. • Configurable management VLAN. • Real-time monitoring of access points and associated client stations. • System alarms and statistics reports on managed access points for managing, controlling, and optimizing network performance. security • Identity-based security authentication with an external RADIUS server or an internal authentication server. • Rogue access point detection, classification, and mitigation. • Guest access and captive portal access. • Purchasable license pack (DWC-1000-VPN) enables VPN, router, and firewall functionality via two Gigabit Ethernet Option ports. • Purchasable license pack (DWC-1000-WCF) enables one year dynamic web content filtering to maintain a safe and productive work or study environment. The wireless controller must upgrade VPN license (DWC- 1000-VPN) first before enable this license. D-Link DWC-1000 User Manual...
• One Reference CD-ROM containing product documentation in PDF format • Two rack-mounting brackets • Quick Installation Guide required tools and information You will need the following additional items to install your wireless controller: • D-Link DWL-2600AP, DWL-3600AP, DWL-6600AP, DWL-8600AP, and/or DWL-8610AP access points. • A computer with a supported web browser for configuration: • Microsoft Internet Explorer 9.0 or higher • Mozilla Firefox 23 or higher • Apple Safari 5.1.7 or higher (Windows) • Apple Safari 6.1.3 or higher (iOS) • Google Chrome 26 or higher D-Link DWC-1000 User Manual...
Four Gigabit Ethernet ports labeled 1 through 4 let you connect Ethernet devices such LAN Ports (1-4) as computers, switches, and network storage (NAS) devices. Each port has an Activity LED (left) and Link LED (right). Two Gigabit Ethernet ports labeled Option let you connect the wireless controller to Option Ports (1-2) a backbone (requires DWC-1000-VPN-LIC License Pack upgrade). Each port has an Activity LED (left) and Link LED (right). The RJ-45 console cable lets you connect a PC to access the wireless controller’s Console Port command-line interface. rear Panel Reset Button Press and hold for 10 seconds to reset the switch back to the factory default settings.
Section 2 - Installation installation A DWC-1000 wireless controller system consists of one or more wireless controllers and a collection of DWL- 2600AP, DWL-3600AP, DWL-6600AP, DWL-8600AP, and/or DWL-8610AP access points that are organized into groups based on location or network access. This section describes how to unpack and install the wireless controller system.
The wireless controller can be mounted in a standard 19-inch equipment rack. 1. Attach the mounting brackets to each side of the chassis and secure them with the supplied screws. 2. Use the screws provided with the equipment rack to mount the wireless controller into the rack. D-Link DWC-1000 User Manual...
3. Connect one of the wireless controller ports labeled LAN (1-4) to the network or directly to a PC. 4. If you purchased a VPN/Firewall/Router License Pack, use the Option1 and Option2 ports on the front of the wireless controller as follows: • Option1 = WAN port for connecting to a cable or DSL modem. • Option2 = WAN or DMZ port for dual WAN connections or internal server farm purposes. If used as a DMZ port, the port’s IP address must be different than the IP address of the wireless controller’s LAN interface. 5. Using the supplied power cord, connect the wireless controller to a working AC outlet. 6. The Power LED will illuminate orange during boot up. T he LED will turn green once the wireless controller has booted. D-Link DWC-1000 User Manual...
• “Log in to the Web Management Interface” on page 23 • “Web Management Interface Layout” on page 25 • “Standard Web Management Interface Features” on page 26 • “Basic Configuration Procedures” on page 27 Using the information in this chapter, you can perform the basic information and get your wireless controller up and running in a short period of time. D-Link DWC-1000 User Manual...
3. If you are logging in for the first time, the default user name is admin and the default password is admin. Both the user name and password are case-sensitive. Note: We recommend that you change the password to a new, more secure password (see “Editing Users” on page 203) and record it in Appendix A. D-Link DWC-1000 User Manual...
Page 24
LAN, and WLAN status information. You can return to this page at any time by clicking Status > Dashboard. 5. To log out of the web management interface, click the Logout icon, which is in the top-right corner of the page in the System Menu area. D-Link DWC-1000 User Manual...
Apply: Apply this change to existing configuration. o Copy: Copy the configuration value of this item and create a new item. o Manage: Manage the discovered access point. o View Information: The information would be various depending on the items. D-Link DWC-1000 User Manual...
Table content search allows you to search information in the table by typing in a word into the search box. The search box is always located near the top right corner of the table. Ranking/sort (on table) Rank/sort the relative order of value and information on the table by clicking table header. D-Link DWC-1000 User Manual...
Section 3 - Basic Configuration Basic Configuration Procedures To perform common basic configuration procedures, follow the steps below: • “Step #1: Enable DHCP Server (Optional)” on page 28 • “Step #2: Configure Country Code” on page 29 • “Step #3: Select APs to be Managed” on page 30 • “Step #4: Change the SSID and Set Up Security” on page 32 • “Step #5: Select MAC Authentication Mode” on page 37 • “Step #6: Confirm Access Point Profile is Associated” on page 39 • “Step #7: Configure Captive Portal Settings” on page 40 • “Step #8: Use SSID with RADIUS Sever as Authenticator” on page 48 • “Step #9: Configure Guest Management” on page 49 • “Step #10: Configure a BYOD Environment” on page 56 D-Link DWC-1000 User Manual...
Address Enter the ending IP address in the IP address pool. Default Gateway Enter the IP address of the gateway for your LAN. Domain name Enter the domain name. lease time Enter the lease time of the assigned IP addresses. Configure Dns/ Turn this on to enter the IP address of the DNS or WINS server. Wins Primary Dns If configured Domain Name System (DNS) servers are available on the LAN, enter the IP address of server the primary DNS server. secondary Dns If configured domain name system (DNS) servers are available on the LAN, enter the IP address of server the secondary DNS server. If Windows Internet Name Service (DNS) servers are available on the LAN, enter the IP address of Wins server the WINS server. D-Link DWC-1000 User Manual...
#2: Configure Country Code Each country has its regulation for the radio usage. Use the following procedure to select the country where the wireless networks are. 1. Click Wireless > General > General. The General Setting page will appear. 2. At the bottom, select the Country Code from the drop-down menu and click Save. D-Link DWC-1000 User Manual...
2. Under Discovered AP List, right-click on the access point you want the wireless controller to manage and select Manage. 3. Complete the fields in the Manage AP page (refer to the next page) and click Save. When the confirmation appears, click OK. D-Link DWC-1000 User Manual...
Page 31
WDs If AP Mode = Standalone, the WDS (Wireless Distributed System) mode to be used if you intend Mode to use WDS. This is for reference only. expected security If AP Mode = Standalone, the security mode to be used is displayed. This is for reference only. Mode expected Wired If AP Mode = Standalone, select whether wired networking is going to be allowed. This is for network Mode reference only. Authentication If AP Mode = Managed, turn on to require a password for authentication. Profile If AP Mode = Managed, select a profile to apply for AP configuration. If AP Mode = Managed, this is Wireless radio mode that the access point is using is displayed. The radio fields below appear after you have selected Managed AP Mode. Channel If AP Mode = Managed, this is operating channel for the radio. Power If AP Mode = Managed, this is percentage of power to use for the radio. 4. Repeat steps 2 and 3 for each additional access point you want the wireless controller to manage. D-Link DWC-1000 User Manual...
1. Click Wireless > Access Point > AP Profile > AP Profile SSID. The following page will appear with a list of the wireless networks configured on the wireless controller. 2. Under the SSID Status column, select an SSID by right-clicking on it and clicking Edit. The following page will appear. D-Link DWC-1000 User Manual...
Page 33
To select a transfer key, click the button in front of the key number and the field where you enter the key. You can specify four WEP keys. In each text box, enter a string of characters for each of the RC4 WEP keys shared with the stations using the access point. Use the same number of characters for each key. The number of keys you enter depends on the WEP Key Type and WEP Key Length selections. The following list shows the number of keys to enter in the field: WeP Keys • 64 bit = ASCII: 5 characters; Hex: 10 characters • 128 bit = ASCII: 13 characters; Hex: 26 characters Each client station must be configured to use one of these WEP keys in the same slot as specified here. D-Link DWC-1000 User Manual...
Page 34
If Security= WPA Enterprise, enter the amount of minutes a PMK will be held by the AP. T his applies to Pairwise Master Keys (PMKs) generated by RADIUS, those that come from pre‐authentication, Key Caching Hold and those that are forwarded to the AP. Note that this time limit can be overridden by RADIUS time if the RADIUS server returns a longer time in the Session‐Timeout attribute for a particular user. The valid values of this are from 1 – 1440 minutes. If you do not enter a value, APs will not forward the PMK for the wireless client to other APs in case the client roams to another AP. If Security= WPA Enterprise, enter a value to set the interval at which the AP will refresh session session Key refresh (unicast) keys for each client associated to the VAP. rate The valid range is 0-86400 seconds. A value of 0 indicates that the broadcast key is not refresh. D-Link DWC-1000 User Manual...
Page 35
Section 3 - Basic Configuration 4. To add a new SSID, go to at Wireless > Access Point > SSID Profile and click the Add New SSID Profile button. 5. Fill out the fields below and click Save. D-Link DWC-1000 User Manual...
Page 36
SSID network you want to enable and click Enable on the AP Profile SSID List. Note: SSID ID 1 is always enabled. If you do not want to have the first SSID enabled, you must create a new SSID to be able to swap another SSID in the first slot. D-Link DWC-1000 User Manual...
Black-list: Select this option to deny access to any wireless clients with MAC addresses that are specified in the MAC Authentication database or RADIUS server, and are not explicitly granted access. If the MAC address is not in the database, then access will be granted to the client. 1. Click Wireless > General > General. 2. Next to Client MAC Authentication Mode, select Black-list or White-list. Click Save. D-Link DWC-1000 User Manual...
Page 38
4. Click Add New MAC Authentication. Fill in the client’s MAC address and name, and then click Save. 5. Click Wireless > Access Point > SSID Profiles. 6. Select an SSID by right-clicking on it and clicking Edit. The following pop-up page will appear. Select Local and click Save. D-Link DWC-1000 User Manual...
1. Go to Wireless > Access Point > AP Profile. 2. Under Access Point Profile List, right-click on the AP profile you want to update and click Apply. 3. Wait 30 seconds and then click the refresh icon to verify that the profile is associated. Your associated access point is configured and ready to authenticate wireless users. D-Link DWC-1000 User Manual...
Go to Security > Authentication > User Database > Groups. The Groups List page will appear. b. Click Add New Group. The Group Configuration page will appear. c. Complete the fields in the table below and click Save. Field Description Group name Enter a name for the group. Description Enter a description of the group. Captive Portal User Enable (toggle to ON) this option under User Type. D-Link DWC-1000 User Manual...
Page 41
Section 3 - Basic Configuration 2. Add captive portal users a. Go to Security > Authentication > User Database > Users. The Users List will appear. b. Click Add New User. The User Configuration page will appear. D-Link DWC-1000 User Manual...
Page 42
Enter a case-sensitive password that the user must specify before Password gaining access to the Internet. For security, each typed password character is masked with a dot (•). Enter the same case-sensitive password entered in the Password Confirm Password field. For security, each typed password character is masked with a dot (•). D-Link DWC-1000 User Manual...
Page 43
Section 3 - Basic Configuration 3. Associate the captive portal group to a SSID Profile a. Click Wireless > Access Point > SSID Profiles. b. Under the SSID column, select an SSID that will use the Captive Portal function by right-clicking on it and clicking Edit. The following pop-up page will appear. D-Link DWC-1000 User Manual...
Page 44
If the authentication database is using the RADIUS server, on step c above choose Permanent User on Captive Portal Type and select RADIUS Server on Authentication Server. 4. Customize the captive portal login page. a. Go to Security > Authentication > Login Profiles. The Login Profiles page will appear. D-Link DWC-1000 User Manual...
Page 45
Section 3 - Basic Configuration b. Under the Login Profiles List, click Add New Login Profile to add a new profile or right-click an existing profile and click Edit to edit the profile. The Login Profile Configuration page will appear. D-Link DWC-1000 User Manual...
Page 46
If you choose Custom on Page Background Color, you can choose particular color by filling Custom Color in the HTML color code. Header Caption Enter the text that appears in the header of the login page during the captive portal session. Caption Font Select the font for the header text. Font size Select the font size for the header text. Font Color Select the font color for the header text. D-Link DWC-1000 User Manual...
Page 47
Under Login Profiles List, right-click the profile and click Show Preview to view the profile you just configured. Confirm that the appearance of the login page suits your requirements. If not, repeat steps 4b and 4c as necessary. D-Link DWC-1000 User Manual...
1. Go to Security > Authentication > External Auth Server > RADIUS Server tab. 2. Complete the fields below and click Save. Your access point will be configured to use RADIUS authentication server. 3. Click Server Checking to test the connection between the DWC-1000 and your RADIUS server. Field Description server Checking Click to test the connection between the controller and your RADIUS server.
Complete the fields and select the front desk group you created in the previous step on Selected Group. 3. Create a billing profile. a. Go to Security > Authentication > Billing Profile. Click Add New Billing Profile. b. The billing profile settings include four milestones by timeline: D-Link DWC-1000 User Manual...
Page 50
II. The temporary account usage time is limited by duration. The account has the expiration time. The account is valid while the account first logs in. This billing profile is suitable for the scenario in Coffee Shop, Airport, etc. The customer can use wireless internet service for a period of time counting from first time logs in. D-Link DWC-1000 User Manual...
Page 51
This account allows multiple devices log in at the same time. V. The temporary account has limited usage traffic. The account doesn’t have the expiration time until the usage is run out. This billing profile is suitable for a Hotspot scenario. The service provider charge the wireless service based on usage volume. c. Complete the fields below: D-Link DWC-1000 User Manual...
Page 52
Maximum Usage traffic be considered towards bandwidth usage. Allow Front Desk to Modify If you enable Maximum Usage Time or Maximum Usage Traffic, checking this option Usage enables the front desk user to modify usage limits. D-Link DWC-1000 User Manual...
Page 53
Note: Apply AP Profile from Wireless > Access Point > AP Profiles if the SSID have been associated with a used AP Profile to change the configuration. 5. Generate guest accounts. a. Log in the Front Desk page by entering http://<ip_address>/frontdesk (e.g., http://192.168.10.1/ frontdesk). Enter the username and password of a user you created in a “Front Desk” group. b. Select a billing profile. Modify the usage if you want. Click Generate. D-Link DWC-1000 User Manual...
Page 54
Print out the account information by clicking Print. The information would send to the internet printer. Only one user account can be created at a time. 6. Monitor user account status. a. Monitor temporary account status and extend account usage duration or volume. Click View Account for reviewing generated temporary status. D-Link DWC-1000 User Manual...
Page 55
Select an account and right-click View Details to view more information. 7. Extend user account usage. a. Select an account and right-click Extend Session. Manually change the usage time/traffic. Note: Make sure that Allow Front Desk to Modify Usage is turned on in the “Captive Portal Billing Profile Configuration” page. b. Click Save. D-Link DWC-1000 User Manual...
All connectivity from SSIDs required performing authentication before granted authority. To configure a BYOD environment, perform the following procedures: The authentication methods on each SSID are difference: • dlink_corporate SSID: This SSID is for D-Link employees who works with cooperate-provided drives. It requires device MAC authentication and Captive Portal to complete the authentication process. • dlink_byod SSID: This SSID is for D-Link employees who work with his/her private drive (BYOD device).
Page 57
Section 3 - Basic Configuration 2. Associate VLAN 1 to three memberships in Trunk mode on Port 1. a. Go to Network > VLAN > Port VLAN. b. Right-click port 1 and click Edit. Select Trunk from the Mode drop-down menu and then select VLAN1 to VLAN3 (hold CRTL and click 1, 2, and 3) next to VLAN Membership. c. Click Save. D-Link DWC-1000 User Manual...
Page 58
Go to Wireless > Access Point > SSID Profiles. The SSID Profile List will appear. b. Click Add New SSID Profile. Create “SSID dlink_corporate” and “dlink_byod”. c. Enable Captive Portal on both SSIDs and select the Captive Portal Type as Permanent User. d. Select the Authentication Server. The authentication server can be either local database or external authentication sever (i.e., RADIUS). e. Assign VLAN2 and VLAN3 to “dlink_corporate” and “dlink_byod” respectively. f. Enable MAC authentication on “dlink_corporate”. g. Click Save. D-Link DWC-1000 User Manual...
Page 59
Click the AP Profile SSID tab. Next to AP Profile, make sure BYOD is selected. e. In the SSID list, right-click the dlink_corporate row and select Enable. f. Right-click the dlink_byod row and select Enable. g. Both SSIDs are now associated with the BYOD SSID profile. D-Link DWC-1000 User Manual...
Page 60
Click Add New Group. Create a group called “EMPLOYEE”. Next to User Type select Network, and toggle Captive Portal User to On. Enter an Idle Timeout value (in minutes). c. Click Save. d. Create user accounts. Go to Security > Authentication > User Database > Users tab. e. Click Add New User to create user accounts. Fill in the fields and select EMPLOYEE next to Select Group. f. Click Save. D-Link DWC-1000 User Manual...
Page 61
(i.e., RADIUS), please refer to “Step #8: Use SSID with RADIUS Sever as Authenticator” on page 48. 7. Discover and manage an access point from the network. Please refer to “Step #3: Select APs to be Managed” on page 30. D-Link DWC-1000 User Manual...
The wireless controller also provides advanced configuration settings for users who want to take advantage of the more advanced features of the wireless controller. The following sections list the wireless controller’s advanced settings. Users who do not understand these features should not attempt to reconfigure their wireless controller, unless advised to do so by the technical support staff. D-Link DWC-1000 User Manual...
• “Distributed Tunnel” on page 75 • “WLAN Visualization” on page 76 • “AP Discovery Methods” on page 78 • “Managed APs” on page 81 • “AP Profiles” on page 88 • “SSID Profiles” on page 101 • “Wireless Distribution System (WDS)” on page 105 • “Peer Group” on page 111 • “AP Firmware Download” on page 113 Note: The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology. D-Link DWC-1000 User Manual...
Path: Wireless > General > General To configure the WLAN general settings: 1. Click Wireless > General > General. The WLAN General Settings page will appear. 2. Complete the fields in the table on the next page. 3. Click Save. D-Link DWC-1000 User Manual...
Page 65
0 means that the wireless controller cannot become the Cluster Controller. The highest possible priority is 255. Enable or disable the client QoS feature. If AP Client QoS is disabled, the Client QoS configuration remains in place, but any ACLs or DiffServ policies applied to wireless traffic are not enforced. AP Client Qos The Client QoS feature extends the primary QoS capabilities of the wireless controller to the wireless domain. More specifically, access control lists (ACLs) and differentiated service (DiffServ) policies are applied to wireless clients associated to the AP D-Link DWC-1000 User Manual...
Page 66
Code Country Configuration Select the country code that represents the country where your controller and APs operate. When you click Submit, a pop-up message asks you to confirm the change. Country Code Wireless regulations vary from country to country. Make sure you select the correct country code so that your WLAN system complies with the regulations in your country. D-Link DWC-1000 User Manual...
To configure Channel Algorithm setting: 1. Click Wireless > General > Channel Algorithm > Channel Setting tab. The Channel Setting page will appear. 2. Each AP is dual‐band capable of operating in the 2.4GHz and 5GHz frequencies. The 802.11a/n and 802.11b/g/n modes use different channel plans. Before you configure channel plan settings, select the mode to configure. Click either the 5GHz or 2.4GHz tab. D-Link DWC-1000 User Manual...
Page 68
9. Manual Channel Plan: If you select Manual, click on the Manual Channel Plan tab. Here you can apply and start the channel algorithm on selected access points. 10. Channel Plan History: This field shows whether the controller is using the automatic channel adjustment algorithm on the AP 2.4GHz and 5GHz radio. D-Link DWC-1000 User Manual...
The signal detected below the threshold is ignored. 4. If you select Manual, click on the Manual Power Adjustments tab. Here you can apply and start the power algorithm on selected access points. D-Link DWC-1000 User Manual...
A denser sentry deployment may be desirable in order to improve rogue or interferer signal triangulation. To configure WIDS AP: 1. Go to Wireless > General > WIDS > AP WIDS Security tab. D-Link DWC-1000 User Manual...
Page 71
AP is operating with the expected configuration parameters. You configure the expected parameters for the standalone AP in the local or RADIUS Valid AP database. This test may detect network misconfiguration as well as potential intrusion attempts. standalone AP with The following parameters are checked: Unexpected Configuration • Channel Number • SSID • Security Mode • WDS Mode • Presence on a wired network D-Link DWC-1000 User Manual...
Page 72
If you set the value to 0, wired network detection is disabled. Enable or disable the AP de‐authentication attack. The wireless controller can protect against rogue APs by sending de‐authentication messages to the rogue AP. The de‐ AP De-Authentication Attack authentication attack feature must be globally enabled in order for the wireless system to do this function. Make sure that no legitimate APs are classified as rogues before enabling the attack feature. This feature is disabled by default. D-Link DWC-1000 User Manual...
In order to help determine whether a client is posing a threat to the network by flooding the network with management traffic, the system keeps track of the number of times the AP received each message type and the highest message rate detected in a single RF Scan report. On the WIDS Client Configuration page, you can set thresholds for each type of message sent, and the APs monitor whether any clients exceed those thresholds or tests. To configure WIDS Client: 1. Go to Wireless > General > WIDS > AP WIDS Client Security tab. D-Link DWC-1000 User Manual...
Page 74
Probe requests threshold Value threshold interval before the event is reported as a threat. Authentication Failure Specify the number of 802.1X authentication failures a client is allowed to have threshold Value before the event is reported as a threat. D-Link DWC-1000 User Manual...
• Distributed Tunnel Idle Timeout - Specify the number of seconds of no activity by the client before the tunnel to that client is terminated and the client is forced to change its IP address. • Distributed Tunnel Timeout - Specify the number of seconds before the tunnel to the roamed client is terminated and the client is forced to change its IP address. • Distributed Tunnel Max Multicast Replications Allowed - Specify the maximum number of tunnels to which a multicast frame is copied on the Home AP. 3. Click Save. D-Link DWC-1000 User Manual...
This option is available only if images are already loaded onto the controller. To delete all images loaded onto the controller, click Delete All Images. Deleting background images is not recommended. However, if user uses has to delete the images user will need to refresh the WLAN Visualization tool after deleting images. D-Link DWC-1000 User Manual...
Section 4 - Advanced WLAN Configuration launch Path: Wireless > General > WLAN Visualization To launch the WLAN Visualization tool, click Wireless > General > WLAN Visualization. This will open a new browser window and starts the Java applet that allows the AP and WLAN controller network to be presented as a topology diagram (with or without a custom background image). D-Link DWC-1000 User Manual...
2 bridge. You can enable the discovery protocol on up to 16 VLANs. By default, VLAN 1 is enabled on the AP, and VLAN 1 is enabled for discovery on the wireless controller. If the wireless controller and AP are in the same Layer 2 multicast domain, you might not need to take any action to enable AP discovery. The wireless controller also uses L2/VLAN discovery to find peer controllers within the L2 multicast domain. The APs process the discovery message only when it comes in on the management VLAN. The APs do not forward the L2 discovery messages onto the wireless media. From the wireless controller, you can check the discovery status of APs and peer controllers. To view information about whether the controller discovered any APs, navigate to the Wireless > Access Point > Discovered AP List page. The color of MAC address of the Discovered AP List indicating the AP is: • Green = Managed AP • Red = Connected Fail AP or AP (D-Link UAP) which is not in local or RADIUS Valid AP Database • Gray = Unknown AP or Rogue AP • Orange = Managed AP by peer controller D-Link DWC-1000 User Manual...
Configure l2/ VlAn Discovery Path: Wireless > Access Point > AP Poll List 1. Click Wireless > Access Point > AP Poll List > VLAN Discovery tab. 2. Switch L2/ VLAN Discovery to ON and click Save. 3. Click Add New VLAN to Poll. Enter a VLAN number. 4. Click Save. D-Link DWC-1000 User Manual...
1. Click Wireless > Access Point > AP Poll List > IP Discovery tab. 2. Switch L3/ IP Discovery to On and click Save. 3. Click Add New IP Addresses to Poll. Enter the IP range. 4. Click Save. 5. Navigate to Wireless > Access Point > Discovered AP List. Check the discovered AP via L3/ IP discovery. D-Link DWC-1000 User Manual...
Add a Valid AP 1. Click Wireless > Access Point > Managed APs List > Valid AP tab. 2. Click Add New Valid AP. 3. Complete the fields on the next page and click Save. Note: To add or delete an AP from the valid AP list, right-click the access point and select Edit or Delete. D-Link DWC-1000 User Manual...
Page 82
WDS. This is for reference only. expected security Mode If AP Mode= Standalone, the security mode to be used. This is for reference only. If AP Mode= Standalone, select whether wired networking is going to be allowed. expected Wired network Mode This is for reference only. Authentication Password If AP Mode= Managed, turn on to require a password for authentication. Profile If AP Mode= Managed, select a profile to apply for AP configuration. If AP Mode= Managed, this is Wireless radio mode that the access point is using. The radio fields below appear after you have selected Managed AP Mode. Channel If AP Mode= Managed, this is operating channel for the radio. Power If AP Mode= Managed, this is percentage of power to use for the radio. D-Link DWC-1000 User Manual...
Section 4 - Advanced WLAN Configuration Add a AP from Discovered AP list Path: Wireless > Access Point > Discovered AP List 1. Click Wireless > Access Point > Discovered AP List. 2. Right-click an AP and select Manage. 3. Select an AP Mode and Profile (refer to the previous page) and then click Save. D-Link DWC-1000 User Manual...
1. Click Wireless > Access Point > Managed APs List > Managed APs tab. 2. Right-click on one of the entries and select Channel and Power. 3. Select the channel as your desired. The available channels depend on the radio mode and country in which the APs operate. The manual channel change overrides the channel configured in the AP profile and is not retained when the AP reboots or when the AP profile is reapplied. 4. Change the power as your desired. You can set a new power level for the AP. The manual power change overrides the power setting configured in the AP profile and is not retained when the AP reboots or when the AP profile is reapplied. 5. Click Save. D-Link DWC-1000 User Manual...
Section 4 - Advanced WLAN Configuration Configure AP Debug Mode Path: Wireless > Access Point > Managed APs List > Managed APs When the AP is in Managed mode, remote access to the AP is disabled. However, you can enable Telnet access by enabling the Debug feature on the Managed APs page. 1. Click Wireless > Access Point > Managed APs List > Managed APs tab 2. Right-click on one of the entries and select Debug. 3. Toggle Enable Debug to On. 4. Click Save. D-Link DWC-1000 User Manual...
Use AP Provisioning to connect devices to a network enabled for mutual authentication (Wireless > Peer Group > Peer Configuration). If a network is not enabled for mutual authentication then APs can be attached to the network by properly configuring the local Valid AP database or RADIUS AP database and discovery options. The provisioning feature can optionally be used on networks not enabled for mutual authentication to simplify AP attachment to the cluster. Use the AP Provisioning page to view detailed provisioning information about an AP and use Edit by right-click to specify the IP address of the primary or backup switch that provides provisioning information for the AP. 1. Click Wireless > Access Point > Managed AP List > AP Provisioning tab. 2. Right-click a managed AP from the status list and select Edit. D-Link DWC-1000 User Manual...
Page 87
• Failed - The primary or backup switch wasn’t in the cluster when this switch attempted to send the information. new Primary iP Address Enter the IP address of the wireless controller that should manage the AP. Enter the IP address of switch to which the AP should try to connect if it is unable to new Backup iP Address connect to the primary wireless controller. Profile Select an AP profile you want to use. D-Link DWC-1000 User Manual...
AP Profiles Access point configuration profiles are a useful feature for large wireless networks with APs that serve a variety of different users. You can create multiple AP profiles on the wireless controller to customize APs based on location, function, or other criteria. Profiles are like templates, and once you create an AP profile, you can apply that profile to any AP that the wireless controller manages. For each AP profile, you can configure the following features: • Profile Settings (Name, Hardware Type ID, Wired Network Discovery VLAN ID) • Radio Settings • SSID Settings • QoS Configuration Configure AP Profile Path: Wireless > Access Point > AP Profiles > AP Profiles 1. Click Wireless > Access Point > AP Profiles > AP Profiles tab. 2. Click Add New AP Profile. D-Link DWC-1000 User Manual...
Page 89
Mode 802.11a/n it from AP Profile Radio. Configure AP Profile Radio 2 In a new AP Profile, you can edit the radio 802.11b/g/n from here. You can also radio Mode 802.11b/g/n edit it from AP Profile Radio. Configure AP Profile QoS Radio 1 In a new AP Profile, you can edit the QoS on radio 802.11a/n from here. You can Qos radio Mode 802.11a/n also edit it from AP Profile Radio. Configure AP Profile QoS Radio 2 In a new AP Profile, you can edit the QoS on radio 802.11b/g/n from here. You can Qos radio Mode 802.11b/g/n also edit it from AP Profile Radio. D-Link DWC-1000 User Manual...
Section 4 - Advanced WLAN Configuration Configure AP Profile radio Path: Wireless > Access Point > AP Profile > AP Profile Radio To accommodate a broad range of wireless clients and wireless network requirements, the AP can support up to two radios. By default, Radio 1 operates in the IEEE 802.11a/n mode, and Radio 2 operates in the IEEE 802.11b/g/n mode. The difference between these modes is the frequency in which they operate. IEEE 802.11b/g/n operates in the 2.4 GHz frequency, and IEEE 802.11a/n operates in the 5 GHz frequency of the radio spectrum. 1. Click Wireless > Access Point > AP Profiles > AP Profiles Radio tab. 2. Right-click on the radio you want to change and click Edit. D-Link DWC-1000 User Manual...
Page 91
Channels is set to ON, the radio periodically moves away from the operational channel to rF scan other Channels scan other channels. Enabling this mode causes the radio to interrupt user traffic, which may be noticeable with voice connections. When the Scan Other Channels= OFF is cleared, the AP scans only the operating channel. This field controls the amount of time the radio spends scanning the other channel (in rF scan Duration milliseconds) during an RF scan. D-Link DWC-1000 User Manual...
Page 92
5 GHz frequency that do not need to support 802.11a or 802.11b/g devices. IEEE 802.11n can achieve a higher throughput when it does not need to be compatible with legacy devices (802.11b/g or 802.11a). • 2.4 GHz IEEE 802.11n is the recommended mode for networks with 802.11n devices that operate in the 2.4 GHz frequency that do not need to support 802.11a or 802.11b/g devices. IEEE 802.11n can achieve a higher throughput when it does not need to be compatible with legacy devices (802.11b/g or 802.11a). • IEEE 802.11n/ac operates in 5GHz ISM band and includes support both 11n and 11ac devices. D-Link DWC-1000 User Manual...
Page 93
A value of 2346 means that packets are not fragmented. The value in this field indicates the maximum number of transmission attempts on frame short retries sizes less than or equal to the RTS Threshold. The range is 1‐255. The value in this field indicates the maximum number of transmission attempts on frame long retries sizes greater than the RTS Threshold. The range is 1‐255. D-Link DWC-1000 User Manual...
Page 94
The protection feature contains rules to guarantee that 802.11 transmissions do not cause interference with legacy stations or applications. By default, these protection mechanisms are enabled (Auto). With protection enabled, protection mechanisms will be invoked if legacy devices are within range of the AP. You can disable (Off) these protection Protection mechanisms; however, when 802.11n protection is off, legacy clients or APs within range can be affected by 802.11n transmissions. 802.11 protection is also available when the mode is 802.11b/g. When protection is enabled in this mode, it protects 802.11b clients and APs from 802.11g transmissions. D-Link DWC-1000 User Manual...
Page 95
These numbers indicate the data rates that all stations associating with the AP must Basic rate set (Mbps) support. These numbers indicate rates that the access point supports. You can select multiple supported rate set (Mbps) rates. The AP automatically chooses the most efficient rate based on factors like error rates and distance of client stations from the AP. D-Link DWC-1000 User Manual...
5. Enable/disable the SSID by right-clicking Enable or Disable. Note: SSID ID 1 is always enabled. If you do not want to have the first SSID enabled, you must create a new SSID to be able to swap another SSID in the first slot. D-Link DWC-1000 User Manual...
AP Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the access point to the client station. Station Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the client station to the access point. You can specify custom QoS settings, or you can select a template that configures the AP profile with pre‐defined settings that are optimized for data traffic or voice traffic. 1. Click Wireless > Access Point > AP Profiles > AP Profiles QoS tab. 2. Right-click an AP Profile and select Edit. D-Link DWC-1000 User Manual...
Page 98
Contention Window) If the first random backoff wait time expires before the data frame is sent, a retry counter is incremented and the random backoff value (window) is doubled. Doubling will continue until the size of the random backoff value reaches the number defined in the Maximum Contention Window. Valid values for the cwmin are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024. The value for cwmin must be lower than the value for cwmax. D-Link DWC-1000 User Manual...
Page 99
Valid values for AIFS are 1 through 255. This parameter is used by the algorithm that determines the initial random backoff wait time (window) for data transmission during a period of contention. The value specified in the Minimum Contention W indow is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined. cwMin (Minimum The first random number generated will be a number between 0 and the number Contention Window) specified here. If the first random backoff wait time expires before the data frame is sent, a retry counter is incremented and the random backoff value (window) is doubled. Doubling will continue until the size of the random backoff value reaches the number defined in the Maximum Contention Window. D-Link DWC-1000 User Manual...
Page 100
Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached. Station EDCA Parameter Only (The TXOP Limit applies only to traffic flowing from the client station to the access point.) The Transmission Opportunity (TXOP) is an interval of time when a WME client station tXoP limit has the right to initiate transmissions onto the wireless medium (WM). This value specifies (in milliseconds) the Transmission Opportunity (TXOP) for client stations; that is, the interval of time when a WMM client station has the right to initiate transmissions on the wireless network. D-Link DWC-1000 User Manual...
SSID Profile button. Note: SSID ID 1 is always enabled. If you do not want to have the first SSID enabled, you must create a new SSID to be able to swap another SSID in the first slot. D-Link DWC-1000 User Manual...
Page 102
SSID name configured in the supplicant before it is able to connect. Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting Hide ssiD to your network, but it will not prevent even the simplest of attempts by a hacker to connect or monitor unencrypted traffic. ON = SSID is hidden OFF = SSID is broadcast D-Link DWC-1000 User Manual...
Page 103
When the client re-associates it obtains a new IP address. 3 - If the controller managing the association AP fails, then the scenario is the same as in item 1 above. The AP takes down all radios and the clients disassociate. D-Link DWC-1000 User Manual...
Page 104
The default access point profile does not use any security mechanism. To protect your network, we recommend you select a security mechanism to prevent unauthorized wireless clients from gaining access to your network. Choices are: security • None = No security mechanism is used. • WEP = Enable WEP security. Complete the options in Table 3 4. • WPA/WPA2 = Enable WPA/WPA2 security. Complete the options in Table 3 5. D-Link DWC-1000 User Manual...
The WDS AP group consists of two types of APs: root APs and satellite APs. A root AP acts as a bridge or repeater on the wireless medium and communicates with the controller via the wired link. A satellite AP communicates with the controller via a WDS link to the root AP. The WDS links are secured using WPA2 Personal authentication and AES encryption. When the AP is in Managed mode, remote access to the AP is disabled. However, you can enable Telnet access by enabling the Debug feature on the Managed AP List Settings page. Support for the WDS‐managed AP feature within the Unified Wired and Wireless Access System includes the following: • The wireless system can contain up to 12 WDS‐managed AP groups. • Each WDS‐managed AP group can contain up to four APs. • An AP can be a member of only one WDS AP group. • Each satellite AP can have only one WDS link on the satellite APs. This means that a satellite AP must be connected to a root AP. A satellite AP cannot be connected to another satellite AP. By default, an AP is configured as a root AP. For an AP to be attached to the Wireless System as a satellite AP, configure the following settings on the AP while it is in stand‐alone mode: • Satellite AP mode. This setting enables the satellite AP to discover and establish WDS link with the root AP. By default, the WDS Managed Mode is Root AP. • Password for WPA2 Personal authentication used to establish the WDS links. Only the satellite APs need this configuration. The root APs get the password from the controller when they become managed. • Static Channel. The APs on each end of a WDS link must use the same radio and channel to communicate. Configure the satellite AP to use a static channel. For a root AP, set the static channel when you add the AP to the Valid AP database on the controller. • Optionally, to allow the Ethernet port on a satellite AP to provide wired access to the LAN, you must set the WDS Managed Ethernet Port to Enabled. It is disabled by default. D-Link DWC-1000 User Manual...
Page 106
3. Configure the WDS group password. The password you configure on the controller should be the same as the password you configure on each satellite AP. 4. Add the MAC address of each AP to the WDS group. 5. Configure the WDS links by specifying the MAC address and radio of the AP on each end of the link. Keep the following considerations in mind when you configure and manage a WDS group: • Make sure the radios that participate in the WDS link use the same channel. Use one of the following methods to control the channel: – When you configure the satellite AP in stand‐alone mode, use the Radio page to set a static channel. – When you configure the AP in the Valid AP database, specify the channel that the radio must use. By default, the channel is set to Auto. – On the Radio page for the AP profile, select only one channel in the list of Auto Eligible channels. By default, multiple channels are enabled. • D‐Link recommends that satellite APs do not have wired connectivity to the wireless controller. • A configuration push to WDS APs may take up to three minutes to complete. D-Link DWC-1000 User Manual...
Spanning tree must be enabled if there are any potential loops in the network. For spanning tree example if a satellite AP has links to two root APs then spanning tree must be enabled. Note: The spanning tree protocol running on the APs interacts with the spanning tree protocol running on the edge switches to which the APs are connected. Password used for securing WPA2‐Personal security on the WDS Link. Range: 8 – 63 ASCII characters. To create or change the password, select the Edit checkbox and type a edit Password password in the available field. This password must match the passwords set on the satellite APs in this group. By default, the password is AP‐Group‐n, where n is the AP group ID. D-Link DWC-1000 User Manual...
Section 4 - Advanced WLAN Configuration Configure WDs Managed AP Path: Wireless > Access Point > WDS Groups > WDS Managed AP After you create a WDS‐Managed AP group, use the WDS Managed AP Configuration page to view the APs that are members of the group, add new members, and change STP Priority values for existing members 1. Click Wireless > Access Point > WDS Groups > WDS Managed AP tab. D-Link DWC-1000 User Manual...
Page 109
WDs AP MAC Address Enter the WDS AP MAC address. Spanning Tree Priority for this AP. The STP priority is used only when spanning tree mode is enabled. The STP priority determines which AP is selected as the root of the spanning tree and which AP has preference over another AP when multiple equal cost paths exist in the stP Priority topology. The lower value for the spanning tree priority means that the AP is more likely to be used for bridging data into the campus network. You should assign a lower priority to the APs connected to the wired network than to the satellite APs. The STP priority value is rounded down to a multiple of 4096. The range is 0 – 61440, and the default value is 36864. D-Link DWC-1000 User Manual...
When multiple alternate paths are defined in the WDS group, the link cost is used to link Cost indicate which links are the primary links and which links are the secondary links. The spanning tree selects the path with the lowest link cost. D-Link DWC-1000 User Manual...
General that the controller pushes to its peers. The configuration does not include the controller IP address since that is a unique setting. Enable this field to include the L2 and L3 discovery information, including the VLAN Discovery list and IP list, in the configuration that the controller pushes to its peers. Enable this field to include the RF management information in the configuration that Channel / Power the controller pushes to its peers. Enable this field to include the AP Database (Valid AP) in the configuration that the AP Database controller pushes to its peers. D-Link DWC-1000 User Manual...
Synchronize the settings among the peer group. 1. Click Wireless > Peer Group > Peer Status. Peer Status List will appear 2. Click Start Sync for All Peers to synchronize the settings to all controllers, or synchronize one of the peer group by right-clicking Start Sync. D-Link DWC-1000 User Manual...
Section 4 - Advanced WLAN Configuration AP Firmware Download The Wireless Controller can upgrade software on the APs that it manages. The Cluster Controller can update code on APs managed by peer wireless controllers. Path: Maintenance > Firmware > AP Firmware Download 1. Click Maintenance > Firmware > AP Firmware Download > AP Firmware Download tab. 2. Complete the fields (refer to the table on the next page) and then select the AP(s) you want to upgrade. Use CTRL + click to select multiple APs. 3. Click Save to begin the upgrade process. D-Link DWC-1000 User Manual...
Page 114
Download type • DWL-2600AP • DWL-8610AP Note: To download all images, make sure you specify the file path and file name for both images in the appropriate File Path and File Name fields. The list shows all the APs that the controller manages. If the controller is the Cluster Controller, then the list shows the APs managed by all controllers in the cluster. Each AP is identified by its MAC address, IP address, and Location in the <MAC ‐ IP ‐ Location> format. To upgrade a single AP, select the AP MAC address from the drop Managed AP down list. To upgrade all APs, select All from the top of the list. If All is selected, the Group Size field will limit the number of simultaneous AP upgrades in order not to overwhelm the TFTP server. To select multiple APs to upgrade, CTRL + click the APs to upgrade. Note: D‐Link recommends that you upgrade all managed APs at the same time. D-Link DWC-1000 User Manual...
Download Count number of managed APs at the time the download request was started. The value is 1 if only one AP is being updated. The number of APs that have successfully downloaded the new code. This value success Count starts with 0 at the beginning of the download and increases by one for every AP that successfully downloaded the code. The number of APs that failed to download the new code starting at 0 and incremental Failure Count with each failure. The number of APs for which the download was aborted, starting at 0 and incremental Abort Count each aborted download. D-Link DWC-1000 User Manual...
Page 116
• Code‐Transfer‐In‐Progress: The AP has been told to download the code. • Failure: The AP reported a failing code download. • Aborted: The download was aborted before the AP loaded code from the TFTP status (per-AP) server. • Waiting‐For‐APs‐To‐Download: A download finished on this AP, and it is waiting for other APs to finish download. Reset command is not sent to the AP in this state. • NVRAM‐Update‐In‐Progress: Download completed successfully. The reset command sent to the AP. • Timed‐Out: The AP did not reconnect to the controller in the fixed time interval. AP MAC The managed AP MAC address. location The location of the managed AP. status Refer to Status (per-AP) above. Firmware Version The current firmware version of the managed AP. D-Link DWC-1000 User Manual...
This chapter covers the following commonly used advanced configuration settings. • “IP Mode” on page 118 • “IPv4 LAN Settings” on page 119 • “IPv6 LAN Settings” on page 121 • “VLANs” on page 150 • “Configure IPv4 Static Routing” on page 162 • “Configure IPv6 Static Routing” on page 164 • “QoS Configuration” on page 174 Note: The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology. D-Link DWC-1000 User Manual...
Section 5 - Advanced Network Configuration iP Mode Path: Network > LAN > IP Mode This page allows user to configure the IP protocol version to be used on the controller. In order to support IPv6 on the LAN, you must set the controller to be in IPv4 / IPv6 mode. This mode will allow IPv4 nodes to communicate with IPv6 devices through this controller. 1. Go to Network > IPv6 > IP Mode. 2. Next to IP Mode, select either IPv4 only or IPv4 & IPv6. 3. Click Save. D-Link DWC-1000 User Manual...
You can also enable DNS proxy for the LAN. When this is enabled the controller will act as a proxy for all DNS requests and communicates with the ISP’s DNS servers. When disabled all DHCP clients receive the DNS IP addresses of the ISP. 1. Click Network > LAN > LAN Settings. D-Link DWC-1000 User Manual...
Page 120
DNS servers inaccessible. However, when the DNS proxy is enabled, then clients can make requests to the controller and in turn, sends those requests to the DNS servers of the active connection. D-Link DWC-1000 User Manual...
1. Go to Network > IPv6 > LAN Settings > IPv6 LAN Settings tab. 2. Complete the fields in the table below and on the next page. 3. Click Save. Field Description LAN TCP/IP Setup The Wireless Controller’s LAN IPv6 address. iPv6 Address The IPv6 network (subnet) is identified by the initial bits of the address called the prefix. All hosts in the network have the identical initial bits for their IPv6 iPv6 Prefix length address; the number of common initial bits in the networks addresses is set by the prefix length field. D-Link DWC-1000 User Manual...
Page 122
When this feature is enabled, the controller will act as a proxy for all DNS requests and communicate with the ISP’s DNS servers (as configured in the Dns servers Option settings page) • Use DNS from ISP: This option allows the ISP to define the DNS servers (primary/ secondary) for the LAN DHCP client • Use below: if selected, the below configured Primary and Secondary DNS servers are used for DHCPv6 clients. Primary Dns server Enter the primary DNS server address. secondary Dns server Enter the secondary DNS server address. lease/rebind time Duration (in seconds) for which IP addresses will be leased to clients. Prefix Delegation On/Off button for Enable/Disable Prefix Delegation. D-Link DWC-1000 User Manual...
This feature allows you to define the IPv6 delegation prefix for a range of IP addresses to be served by the gateway’s DHCPv6 server. Using a delegation prefix can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix. 1. Go to Network > IPv6 > LAN Settings > IPv6 Address Pools tab. 2. Click Add New Address Pool. 3. Enter a starting IPv6 address, end IPv6 address, and the prefix length. 4. Click Save. D-Link DWC-1000 User Manual...
Page 124
Section 5 - Advanced Network Configuration 5. Go to Network > IPv6 > LAN Settings > Prefixes for Prefix Delegation tab. 6. Click Add New Prefix Length. 7. Enter the IPv6 Prefix and Prefix Length. Click Save. D-Link DWC-1000 User Manual...
LAN hosts with router advisements. 1. Go to Network > IPv6 > LAN Settings > Router Advertisement tab. 2. Complete the fields from the table on the next page. 3. Click Save. D-Link DWC-1000 User Manual...
Page 126
Choose between Low/Medium/High for the preference associated with the RADVD router Preference process of the controller. This feature is useful if there are other RADVD enabled devices on the LAN. The default is high. This is used in RA’s to ensure all nodes on the network use the same MTU value in the cases where the LAN MTU is not well known. The default is 1500 router lifetime The lifetime in seconds of the route. The default is 3600 seconds. D-Link DWC-1000 User Manual...
1. Go to Network > IPv6 > LAN Settings > Advertisement Prefixes tab. 2. Click Add New Advertisement Prefixes. D-Link DWC-1000 User Manual...
Page 128
Prefix length number of contiguous, higher order bits of the address that make up the network portion of the address. Prefix lifetime The length of time over which the requesting controller is allowed to use the prefix. D-Link DWC-1000 User Manual...
The controller’s DHCP server can assign TCP/IP configurations to computers in the LAN explicitly by adding client's network interface hardware address and the IP address to be assigned to that client in DHCP server's database. Whenever DHCP server receives a request from client, hardware address of that client is compared with the hardware address list present in the database, if an IP address is already assigned to that computer or device in the database , the customized IP address is configured otherwise an IP address is assigned to the client automatically from the DHCP pool. 1. Click Network > LAN > LAN DHCP Reserved IPs. 2. Click Add New DHCP Reserved IP. 3. Enter the IP address you want to reserve and the MAC Address of the client you want to assign the IP address to. 4. Click Save D-Link DWC-1000 User Manual...
Binding Path: Network > LAN > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic‘s IP address with the unique MAC Address of the configured LAN node, you can ensure traffic from that IP address is not spoofed. In the event of a violation (i.e., the traffic‘s source IP address doesn‘t match up with the expected MAC address having the same IP address) the packets will be dropped and can be logged for diagnosis. 1. Click Network > LAN > IP/MAC Binding. 2. Click Add New IP/MAC Binding to create a new entry. 3. Enter a name, MAC address, IP address and select whether to turn dropped packet logging on or off. Click Save. D-Link DWC-1000 User Manual...
IGMP snooping (IGMP Proxy) allows the controller to ‘listen’ in on IGMP network traffic. This then allows the controller to filter multicast traffic and direct it only to hosts that need this stream. This is helpful when there is a lot of multicast traffic on the network where all LAN hosts do not need to receive this multicast traffic. To enable IGMP Proxy: 1. Click Network > LAN > IGMP Setup. 2. Toggle IGMP Proxy to On. 3. Click Save. 4. Click Add new Network Address. Enter a network address and mask length. 5. Click Save. D-Link DWC-1000 User Manual...
4. Enter a value for Advertisement Period. This is the frequency that the controller broadcasts UPnP information over the network. A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network. 5. Enter a value for Advertisement Time to Live. This is the number of steps a packet is allowed to propagate before being discarded. Small values will limit the UPnP broadcast range. A default of 4 is typical for networks with a few number of switches. 6. Click Save. 7. Your entry will be displayed in the UPnP Port Map List. To edit or delete, right-click an entry and select the action from the menu. Repeat steps 3-6 to add multiple entries. D-Link DWC-1000 User Manual...
Section 5 - Advanced Network Configuration Configure Jumbo Frames Path: Network > LAN > Jumbo Frame Jumbo frames are Ethernet frames with more than 1500 bytes of payload. When this option is enabled, the LAN devices can exchange information at Jumbo frames rate. 1. Click Network > LAN > Jumbo Frame. 2. Toggle Activate Jumbo Frames to On and enter a MTU value. 3. Click Save. D-Link DWC-1000 User Manual...
The wireless controller has two Option ports that can be used to establish a connection to the Internet or another network subnet. By default, Option1 is enabled and works as a LAN interface but with a dependent MAC address, and Option 2 is disabled. With a VPN license (DWC-1000-VPN/ DWC-1000-VPN-LIC), the controller turn into WAN ports. You can set ISP connection type and NAT/Transparent mode features. 1. Click Network > Internet > Option 1 Settings. 2. Select your connection type and complete the fields from the next page. 3. Click Save. D-Link DWC-1000 User Manual...
Page 135
Enter the secret phrase to log into the server. Enabling split tunnel will prevent you from adding a Gateway IP address and instead you need to add specific split tunnel routes to route LAN traffic. Select one of the following options: • Always On: The connection is always on. reconnect Mode • On Demand: The connection is automatically ended if it is idle for a specified number of minutes. Enter the number of minutes in the Maximum Idle Time field. This feature is useful if your ISP charges you based on the amount of time that you are connected. D-Link DWC-1000 User Manual...
Page 136
• Use this MAC Address: Choose this option if your ISP assigned a MAC address for you to use. Also complete the fields below. Enter a MAC address in the following format: XX:XX:XX:XX:XX:XX where X is a number from 0 to 9 (inclusive) or MAC Address an alphabetical letter between A and F (inclusive). Port settings The MTU (Maximum Transmit Unit) is the size of the largest packet that can be sent over the network. The MtU size standard MTU value for Ethernet networks is usually 1500 Bytes and for PPPoE/PPTP connections, it is 1492 Bytes. For all l2tp connections, it is 1460 Bytes. Custom MtU size Enter a specific MTU size. Port speed The Ethernet port speed can be manually set or specified depending on you Option1/Option 2 requirements. D-Link DWC-1000 User Manual...
1. Go to Network > Internet > Option 2 / DMZ Setting. 2. Next to Configurable Port, select DMZ. 3. Enter the IP address and the subnet mask of the computer/device you want to configure DMZ to. 4. Under DHCP for DMZ, select either None, DHCP Server (and enter the primary and secondary DNS Server addresses), or DHCP Relay. 5. Click Save. D-Link DWC-1000 User Manual...
1/2 settings Path: Network > IPv6 > Option 1 Settings or Option 2 Settings For IPv6 Option (WAN) connections, this controller can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static configuration settings must be completed. In addition to the IPv6 address assigned to your controller, the IPv6 prefix length defined by the ISP is needed. The default IPv6 Gateway address is the server at the ISP that this controller will connect to for accessing the internet. The primary and secondary DNS servers on the ISP’s IPv6 network are used for resolving internet addresses, and these are provided along with the static IP address and prefix length from the ISP. When the ISP allows you to obtain the Option (WAN) IP settings via DHCP, you need to provide details for the DHCPv6 client configuration. The DHCPv6 client on the gateway can be either stateless or stateful. If a stateful client is selected the gateway will connect to the ISP’s DHCPv6 server for a leased address. For stateless DHCP there need not be a DHCPv6 server available at the ISP, rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration. A third option to specify the IP address and prefix length of a preferred DHCPv6 server is available as well. 1. Go to Network > IPv6 > Option 1 Settings or Option 2 Settings. 2. Select your connection type (DHCPv6, PPPoE, or Static) and complete the fields from the next page. 3. Click Save. D-Link DWC-1000 User Manual...
Page 139
Password Enter your PPPoE password. Use this field if you need to distinguish two servers using the same Username and Password combination. service With PPP, as you can’t specify servers using IP address, you can specify the particular server to connect to using this field. Authentication type Select the type of Authentication to use (Auto-Negotiate, PAP, CHAP, MS-CHAP, or MS-CHAPv2). The mode of Dhcpv6 client that will start in this mode : disable dhcpv6/stateless dhcpv6/stateful dhcpv6/ DHCPv6 options stateless dhcpv6 with prefix delegation. Dns server(s) Enter the primary and secondary DNS server IP address(es). D-Link DWC-1000 User Manual...
Port If you do not want to use Auto Failover or Load Balancing, select Single WAN Port from the WAN Mode drop-down menu and select the Option port you want to set. Click Save. D-Link DWC-1000 User Manual...
• Retry Interval is: The number tells the controller how often it should run the above configured failure detection method. • Failover after: This sets the number of retries after which failover is initiated. option 1/option 2 Enter the DNS server or IP address to ping. retry interval Enter the time in seconds to initiate the WAN health check. Default is every 30 seconds. Failover After Enter the number of failures before the controller will enable the failover process. D-Link DWC-1000 User Manual...
Option. For example, if the maximum bandwidth of primary Option is 1Kbps and the load tolerance is set to 70. Now every time a new connection is established the bandwidth increases. After a certain number of connections say bandwidth reached 70% of 1Kbps, the new outbound connections will be spilled over to secondary Option. The maximum value of load tolerance is 80% and the minimum is 20%. Load balancing is particularly useful when the connection speed of one Option port greatly differs from another. In this case you can define protocol bindings to route low-latency services (such as VOIP) over the higher-speed link and let low-volume background traffic (such as SMTP) go over the lower speed link. D-Link DWC-1000 User Manual...
• Retry Interval is: The number tells the controller how often it should run the above configured failure detection method. • Failover after: This sets the number of retries after which failover is initiated. save Click to save and activate your settings. D-Link DWC-1000 User Manual...
• Failover after: This sets the number of retries after which failover is initiated. retry interval is Enter the time in seconds to initiate the DNS Lookup Mode. Default is every 30 seconds. Failover After Enter the number of failures before the controller will enable the failover process. load tolerance Enter the percentage of bandwidth after which the controller switches to the secondary Option. Max Bandwidth This sets the maximum bandwidth tolerable by the primary Option for outbound traffic. save Click to save and activate your settings. D-Link DWC-1000 User Manual...
WAn1 Toggle to ON to use NAT with WAN1 or OFF for classical. nAt with WAn2 Toggle to ON to use NAT with WAN2 or OFF for classical. save Click to save and activate your settings. D-Link DWC-1000 User Manual...
“NAT loopback” since LAN generated traffic is redirected through the firewall to reach LAN servers by their external name. 1. Click Network > Internet > Routing. 2. Complete the fields from the table below and click Save. Field Description routing settings Select Transparent. save Click to save and activate your settings. D-Link DWC-1000 User Manual...
1. Click Network > Internet > IP Aliasing. 2. Click Add New IP Aliasing. 3. Enter the following information and click Save. Field Description interface Select either Option1 or Option2. iP Address Enter an alias IP address for the Option interface you selected. subnet Mask Enter a subnet mask for the Option interface you selected. save Click to save and activate your settings. D-Link DWC-1000 User Manual...
1. Click Network > Internet > DMZ LAN DHCP Reserved IPs. 2. Click Add New DMZ DHCP Reserved IP. 3. Enter the following information and click Save. Field Description Enter the IP address you want to assign to this device. Note that this IP address must be in the iP Address same range as the starting/ending IP address under DHCP Settings. MAC Address Enter the MAC address of this device (xx:xx:xx:xx:xx:xx format). Click Save to save your reservation. save D-Link DWC-1000 User Manual...
Dynamic Dns Path: Network > Internet > Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows controllers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS. org, D-Link DDNS, or Oray.net. Each configured Option port can have a different DDNS service if required. Once configured, the controller will update DDNS services changes in the Option IP address so that features that are dependent on accessing the controller’s WAN via FQDN will be directed to the correct IP address. When you set up an account with a DDNS service, the host and domain name, username, password and wildcard support will be provided by the account provider.
You can create VLANs on the VLAN Settings page. After you create VLANs, you can use the same page to view, edit, and delete VLANs. To create a VLAN: 1. Go to Network > VLAN > VLAN Settings. 2. Click Add New VLAN. The following pop-up box will appear. D-Link DWC-1000 User Manual...
Page 151
Select a captive portal from the drop-down menu. Click Create a Profile to create a login Profile name new profile. iP Address Enter an IP address for the Multi-VLAN subnet. subnet Mask Enter the subnet mask for the Multi-VLAN subnet. DHCP Mode Select whether to enable DHCP Server or DHCP Relay. lAn Proxy Click to enable DNS proxy. D-Link DWC-1000 User Manual...
To delete a VLAN: 1. Go to Network > VLAN > VLAN Settings. 2. In the VLAN List, right-click the VLAN you want to delete and click Delete. (Or right-click on a VLAN and click Select All, then Delete to delete all VLANs.) The selected VLAN(s) will be deleted. D-Link DWC-1000 User Manual...
VLAN. To view and edit the available multi-VLAN subnets: 1. Go to Network > VLAN > VLAN Settings. 2. To edit a multi-subnet VLAN, right-click the VLAN and click Edit. D-Link DWC-1000 User Manual...
Page 154
• Checked - The wireless controller acts as a proxy for all DNS requests and enable Dns Proxy communicates with the ISP’s DNS servers (as configured in the Option settings page). All DHCP clients receive the primary and secondary DNS IP addresses, along with the IP address where the DNS proxy is running (i.e., the wireless controller’s LAN IP). • Unchecked - All DHCP clients receive the DNS IP addresses of the ISP, excluding the DNS proxy IP address. D-Link DWC-1000 User Manual...
• Trunk: Select to multiplex traffic for multiple VLANs over the same physical link. All data going into and out of the port is tagged. Untagged coming into the port is not forwarded, except for the default VLAN with PVID=1, which is untagged. • Interface: Select to make it as a standalone interface. Manually define the interface IP address, subnet mask, and gateway. 4. Click Save. D-Link DWC-1000 User Manual...
Use the MAC‐based V LAN Configuration page to map a MAC entry to the V LAN table. After the source MAC address and the VLAN ID are specified, the MAC‐to‐VLAN configurations are shared across all ports of the controller. 1. Go to Network > VLAN > Advanced VLAN > MAC Based VLAN tab. 2. Toggle Activate MAC-based VLAN to ON and click Save. 3. Click Add New MAC Based VLAN. D-Link DWC-1000 User Manual...
Page 157
Section 5 - Advanced Network Configuration 4. Complete the fields in the table below and click Save. Field Description MAC Address Enter the MAC address of the client you want to add to a VLAN. VlAn Enter the VLAN ID number. interface Select a port from the drop-down menu. D-Link DWC-1000 User Manual...
1. Go to Network > VLAN > Advanced VLAN > Voice VLAN tab. 2. Toggle Activate Voice VLAN to ON and click Save. 3. Click Add New Voice VLAN. 4. Select the interface and Voice VLAN mode. • VLAN: The voice VLAN packets are uniquely identified by a number you assign. All voice traffic carries this VLAN ID to distinguish it from other data traffic which is assigned the port’s default VLAN ID. However, voice traffic is not prioritized differently than other traffic. • Dot1q: This parameter is set by the VoIP device for all voice traffic to distinguish voice data from other traffic. All other traffic is assigned the port’s default priority. 5. Click Save. D-Link DWC-1000 User Manual...
1. Go to Network > VLAN > Advanced VLAN > Protocol Based VLAN tab. 2. Toggle Activate Protocol Based VLAN to ON and click Save. 3. Click Add New Protocol Based VLAN. D-Link DWC-1000 User Manual...
Use the Double VLAN Tunneling page to configure Double VLAN frame tagging on one or more ports. 1. Go to Network > VLAN > Advanced VLAN > Double VLAN tab. 2. Click Add New Double VLAN. 3. Select the Ether Type: Dot1q, VLAN, or Custom Tag. 4. Click Save. D-Link DWC-1000 User Manual...
LAN that support GMRP. 1. Go to Network > VLAN > Advanced VLAN > GVRP tab. 2. Toggle Activate GVRP to ON and click Save. D-Link DWC-1000 User Manual...
Configure iPv4 static routing Path: Network > Routing > Static Routes To add a static route: 1. Click Network > Routing > Static Routes. 2. Click Add New Static Route. The Static Route Configuration page will appear. 3. Complete the fields in the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 163
Destination iP Address Enter the IP address of the static route’s destination. iP subnet Mask Enter the subnet mask of the static route. Select the wireless controller interface that will interface to the static route. Choices are: • Option 1/ Option 2: The wireless controller’s Option port will interface to the static route. interface • LAN > VLAN: The wireless controller’s LAN or VLAN port will interface to the static route. • DMZ: The port configured for DMZ will interface to the static route. Enter the IP address of the gateway router, which is the next hop address for the wireless Gateway iP Address controller. Metric Enter the administrative distance of the route. D-Link DWC-1000 User Manual...
There is no communication between this controller and other devices to account for changes in the path; once configured the static route will be active and effective until the network changes. The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes. The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields (with one exception): To configure IPv6 Static Routing: 1. Go to Network > Routing > IPv6 > Static Routing. 2. Click Add New IPv6 Static Route. D-Link DWC-1000 User Manual...
After you add static routes, you can edit it if you need to change settings. To edit a static route, right-click the static route you want to edit and click Edit. To delete a static route, right-click the static route you want to remove and click Delete. D-Link DWC-1000 User Manual...
The authentication key validity lifetimes are configurable to ensure that the routing information exchange is with current and supported controllers detected on the LAN. save Click Save to save your settings. D-Link DWC-1000 User Manual...
It gathers link state information from available controllers and constructs a topology map of the network. OSPF version 2 is a routing protocol which described in RFC2328 - OSPF Version 2. OSPF is IGP (Interior Gateway Protocols). OSPF is widely used in large networks such as ISP backbone and enterprise networks. To configure OSPF: 1. Click Network > Routing > OSPF. 2. Right-click the port you want to edit (LAN/Option1/Option2) and select Edit. 3. Complete the fields in the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 168
Cost Enter the cost of sending a packet on an OSPFv2 interface. Select one of the following authentication types: • None: The interface does not authenticate OSPF packets. Authentication type • Simple: OSPF packets are authenticated using simple text key. • MD5: The interface authenticates OSPF packets with MD5 authentication. Md5 Key iD If MD5 authentication is selected, enter the MD5 key ID. Md5 Authentication Key If MD5 authentication is selected, enter the MD5 authentication key. save Click Save to save your settings. D-Link DWC-1000 User Manual...
It gathers link state information from available controllers and constructs a topology map of the network. OSPFv3 supports IPv6. To enable an OSPFv3 process on a controller, you need to enable the OSPFv3 process globally, assign the OSPFv3 process a controller ID, and enable the OSPFv3 process on related interfaces. To configure OSPFv3: 1. Click Network > IPv6 > OSPFv3. 2. Right-click the port you want to edit (LAN/Option1/Option2) and select Edit. 3. Complete the fields in the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 170
The number of seconds that a device’s hello packets must not have been seen before its neighbors declare the OSPF controller down. This value must be the same for all controllers attached to a Dead interval common network. The default value is 40 seconds. OSPF requires these intervals to be exactly the same between two neighbors. If any of these intervals are different, these controllers will not become neighbors on a particular segment. Cost Enter the cost of sending a packet on an OSPFv3 interface. save Click Save to save your settings. D-Link DWC-1000 User Manual...
Section 5 - Advanced Network Configuration 6 to 4 tunneling (iPv6) Path: Network > IPv6> 6 to 4 Tunneling 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network. When enabled, traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network. To enable 6 to 4 Tunneling: 1. Click Network > IPv6 > 6 to 4 Tunneling. 2. Toggle Activate Auto Tunneling to On and click Save. D-Link DWC-1000 User Manual...
Prefix be obtained from your ISP or internet registry, or derived from RFC 4193. This is the endpoint address for the tunnel that starts with this controller. The endpoint can be the end Point Address LAN interface (assuming the LAN is an IPv4 network), or a specific LAN IPv4 address. iPv4 Address If you selected LAN IPv4 Address, then enter the end point address. save Click Save to save your settings. D-Link DWC-1000 User Manual...
Select the source network: Any, Single Address, or Address Range. If Single Address or Address source network Range is selected, enter the IP address or IP range. Select the destination network: Any, Single Address, or Address Range. If Single Address or Destination network Address Range is selected, enter the IP address or IP range. save Click Save to save your settings. D-Link DWC-1000 User Manual...
QoS is a means of providing consistent, predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay. Packets with strict timing requirements are given “special treatment” in a QoS capable network. With this in mind, all elements of the network must be QoS‐capable. The presence of at least one node which is not QoS‐capable creates a deficiency in the network path and the performance of the entire packet flow is compromised. Qos Priority Configuring QoS Priority settings is a 3-step process: 1. Enable QoS mode (next page), and 2. Define the Trust Mode on each port (refer to “Defining DSCP and CoS on each port” on page 177) 3. Define the DHCP or COS settings (refer to “Configuring DSCP Priority” on page 179 or “Configuring 802.1p Priority” on page 178). D-Link DWC-1000 User Manual...
Note: The wireless controller also provides a CoS-to-DSCP map to map CoS values in incoming packets to a DSCP value that QoS uses internally to represent the priority of the traffic. To access this feature, click Network > QoS > QoS Priority. To configure QoS mode: 1. Click Network > QoS > LAN QoS Priority. D-Link DWC-1000 User Manual...
Page 176
3. On the middle menu on the LAN QoS Priority page, click the Trust Mode Settings tab. In the Trust Mode List, select a port by right-clicking it and clicking Edit. This brings up a pop-up box called Trust Mode Configuration. 4. Type in the port number for LAN Port and select either CoS or DSCP next to Classify Using. 5. Click Save. 6. Proceed to “Configuring DSCP Priority” on page 179 or “Configuring 802.1p Priority” on page 178 to configure values for DSCP and CoS and their priority. D-Link DWC-1000 User Manual...
DSCP and CoS and the priority that they should be given are set by the Port Cos Mapping & Port DSCP Mapping pages under QoS. 1. Go to Network > QoS > LAN QoS Priority. On the middle menu on the LAN QoS Priority page, click the Trust Mode Settings tab. 2. In the Trust Mode List, select the mode by right-clicking it and clicking Edit. 3. Select the LAN port, CoS or DSCP mode, and the percentage. 4. Click Save. After you enable QoS mode, use the procedures in the following sections to configure the values and priorities used by DSCP and CoS. D-Link DWC-1000 User Manual...
1. Go to Network > QoS > LAN QoS Priority > 802.1P Priority tab. 2. In the 802.1p Priority List, each row corresponds to a CoS field in an IP packet. Select a CoS field by right-clicking on it and clicking Edit. 3. On the Queue drop-down list, select one of the following priorities: – Highest – Medium – Low – Lowest 4. Repeat step 3 for each additional CoS field you want to prioritize. 5. When you finish, click Save. D-Link DWC-1000 User Manual...
1 Go to Network > QoS > LAN QoS Priority > IP DSCP Settings tab. 2. In the IP DSCP List, select a DSCP by right-clicking it and clicking Edit. 3. From the Queue drop-down list, select one of the following priorities: – Highest – Medium – Low – Lowest 4. Repeat step 2 for each additional DSCP field you want to prioritize. 5. When you finish, click Save. D-Link DWC-1000 User Manual...
1. Go to Network > QoS > LAN QoS Policy > Policy Based QoS tab. 2. Click Add New Policy Based QoS. 3. Complete the fields in the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 181
If Profile Type = Destination MAC Address or Source MAC Address, enter a defined MAC Address MAC Address. If Profile Type = Destination IP Address or Source IP Address, enter a defined IP iP Address Address. If Profile Type= Source TCP Port, Destination TCP Port, Source UDP Port or Destination l4 Port UDP Address, enter a defined port number. Priority of the QoS rule. The priority choices are: • Highest Priority • High • Low • Lowest D-Link DWC-1000 User Manual...
Address The source IP address Destination iP Address The destination IP address Bandwidth Limit the Bandwidth for a particular service. D-Link DWC-1000 User Manual...
Section 5 - Advanced Network Configuration Configure Auto VoiP Qos Path: Network > QoS > LAN QoS Policy > Auto VoIP Enables the QoS rule for prioritizing. Changes here affect the SIP and H.323 traffic priority in the LAN. 1. Go to Network > QoS > LAN QoS Policy > Auto VoIP tab. 2. Enable Active Auto VoIP and click Save. D-Link DWC-1000 User Manual...
The supported algorithms are strict and weighted round robin only. The device will be programmed to handle the traffic using the algorithm configured here. 1. Go to Network > QoS > LAN QoS Policy > Queue Scheduler tab. 2. Next to Scheduling Algorithm, select either Strict or Weighted Round Robin. 3. Click Save. D-Link DWC-1000 User Manual...
This page shows the current queue management algorithm that is used in the wireless controller. 1. Go to Network > QoS > LAN QoS Policy > Queue Management tab. This page displays the current queue management algorithm that is used. We currently do not support configuration of queue management algorithm. D-Link DWC-1000 User Manual...
Layer 3 QoS field in the packet, so that upstream routers can make a QoS decision based on the DSCP field set in the packet. Once you enable CoS to DSCP marking by choosing the check box, you can choose the appropriate value of the DSCP for a given CoS value. 1. Go to Network > QoS > CoS DSCP Marking. 2. Enable CoS and DSCP Marking and click Save. 3. Right-click on the CoS and select Edit. 4. Select the CoS and DSCP values, and then click Save. D-Link DWC-1000 User Manual...
3. Define the upstream and downstream bandwidth for the Option 1 and Option 2 interfaces and click Save. 4. To create a new profile, click Add New Option QoS Profile. 5. Complete the fields on the next page and click Save. D-Link DWC-1000 User Manual...
Page 188
Select which Option interface to apply this profile to. 6. Go to Network > QoS > Option Traffic Shaping. 7. Click Add New Traffic Selector. Complete the fields on the next page and then click Save. D-Link DWC-1000 User Manual...
Page 189
Select the profile you created from the drop-down menu. service Select a service from the drop-down menu. Select a match type from the drop-down menu. Choices are IP Address, MAC Address, traffic selector Match type Port Name, VLAN, and DSCP value. iP Address If you selected IP Address, enter the IP address of the LAN host. MAC Address If you selected MAC Address, enter a valid MAC address. Port name If you selected Port, enter a port number. Available VlAns If you selected VLAN, select a VLAN. DsCP Value If you selected DSCP, enter a valid DSCP value between 0 and 63. D-Link DWC-1000 User Manual...
• “Client Management” on page 191 • “Group Management” on page 194 • “User Management” on page 201 • “Guest Account Usage Management” on page 205 • “External Authentication” on page 216 • “Blocked Clients” on page 234 • “WIDS” on page 70 Note: The procedures in this chapter should only be performed by expert users who understand networking concepts and terminology. D-Link DWC-1000 User Manual...
2. Click on the MAC Authentication tab in the middle menu. The MAC Authentication page will appear displaying a list of the wireless clients in the MAC Authentication database. 3. Next to List Type the current global setting is displayed. MAC authentication is a feature that grants or denies a client access to the network if the client’s MAC address in the white-list or black-list. MAC Authentication is enable at the network level. The network configuration also defines whether MAC addresses are looked up on the local database or on the RADIUS server. D-Link DWC-1000 User Manual...
Page 192
Section 6 - Securing Your Network 4. Click on Add New MAC Authentication. The MAC Authentication Configuration page will appear. 5. Complete the fields in the table below and click Save. Field Description MAC Address Enter the MAC address for the known client. Enter the name of the known client. The name should allow you to differentiate this name known client from others you may add. D-Link DWC-1000 User Manual...
To edit or delete a client: 1. Go to Security > Authentication > User Database > MAC Authentication. 2. Under MAC Authentication List, right-click the client and select either Edit or Delete. 3. Change the desired settings (refer to the table on the previous page). 4. Click Save. D-Link DWC-1000 User Manual...
When you add a user group, you assign: • A name that identifies the user group • An optional user group description • At least one privilege (or “user type”) • An idle timeout value After you define user groups, you can use the procedure under “User Management” on page 201 to populate the groups with users. To add a user group: 1. Go to Security > Authentication > User Database > Groups. D-Link DWC-1000 User Manual...
Page 195
Internet/Network by using Hotspot. The users of the group having Guest User privilege will only have view only permissions. Guest Such users cannot configure the device. Enter the number of minutes of inactivity that must occur before the users in this user idle timeout group are logged out of their web management session automatically. Entering an Idle Timeout value of 0 (zero) means never log out. D-Link DWC-1000 User Manual...
1. Go to Security > Authentication > User Database > Groups. The Groups List page will appear. 2. Right-click the user group you want to edit and click Edit. The Group Configuration pop-up page will appear. 3. Complete the fields in the previous page and click Save. D-Link DWC-1000 User Manual...
To delete a user group: 1. Go to Security > Authentication > User Database > Groups. The Groups page will appear. 2. Right-click on the user group you want to delete and click Delete. To delete all groups, click Select All and then Delete. D-Link DWC-1000 User Manual...
Grants or denies login access to the web management interface for all users in this user group. Choices are: Disable login • On: Disable login access. • Off: Enable login access. Grants or denies login access from the wireless controller’s Option port. Choices are: Deny login from option • On: Disable login access. interface • Off: Enable login access. D-Link DWC-1000 User Manual...
3. Select a group and a browser from the drop-down menus and click Add. The selected browser will appear in the Defined Browsers area. Field Description Group name Select the group name from the drop-down menu. Client Browser Select a web browser from the drop-down menu. 4. Right-click your entry from the list and select Allow or Deny. D-Link DWC-1000 User Manual...
3. Complete the fields in the table below and click Save. The address you defined will appear in the Defined Addresses area. Field Description Group name Select a group name from the drop-down menu. Choices are: source Address type • IP Address = specifies a particular IP address. • IP Network = specifies an entire IP network. network Address/iP Address Enter the network or IP address. Mask length Enter a subnet mask. D-Link DWC-1000 User Manual...
Path: Security > Authentication > User Database > Users One way of adding users is to add users individually. 1. Go to Security > Authentication > User Database > Users tab. 2. Click Add New User. The User Configuration pop-up page will appear. D-Link DWC-1000 User Manual...
1. Click Security > Authentication > User Database > Get User DB tab. 2. Click the Browse button. 3. In the Choose File dialog box, navigate to the location of the CSV file, and then click the file. 4. Click Open and then click Upload. D-Link DWC-1000 User Manual...
Current logged in Enter the current case-sensitive login password. For security, each typed password Administrator Password character is masked with a dot (•). Enter the new case-sensitive login password. For security, each typed password new Password character is masked with a dot (•). Record the new password in Appendix A. Confirm Password Enter the new password again. D-Link DWC-1000 User Manual...
To delete a user: 1. Click Security > Authentication > User Database > Users tab. The Users List page will appear. 2. Right-click on the user you want to delete and click Delete. To delete all users, click Select All and then Delete. D-Link DWC-1000 User Manual...
1. The temporary account usage time is limited by duration. The account has the expiration time. The account is valid while the account is created. This billing profile is suitable for the scenario in Hotel. The temporary account is created and valid while cus- tomers check-in. D-Link DWC-1000 User Manual...
Page 206
This account allows multiple devices log in at the same time. 5. The temporary account has limited usage traffic. The account doesn’t have the expiration time until the usage is run out. This billing profile is suitable for a Hotspot scenario. The service provider charge the wireless service based on usage volume. D-Link DWC-1000 User Manual...
Page 207
Checking this option enables front desk user to generate a batch of temporary captive Front Desk portal users at one click. session idle timeout Idle timeout for CP users generated for this profile. show Alert Message on login Enter a value here in Hours/Days/MB/GB to get an alert message when usage time/ Page while rest of Usage traffic left reaches the desired limit. By default if 0 is entered it implies no alert message time/ traffic Under is required. D-Link DWC-1000 User Manual...
Page 208
Maximum Usage traffic considered towards bandwidth usage. Allow frontdesk to modify Enabling this option enables frontdesk user to modify usage limits. duration Ticket Pricing Options Header Enable this option to set a header value for ticket. Customized note Enable this option to display extra details on ticket like location. time stamp Enable this option to show the current time on tickets. Footer Enable this option to set a value for ticket footer like service provider name. Unit Price Enable the option to set the price for this billing profile. The price will be shown on the set Price Captive Portal which is set the Captive Portal Type as Billing User Price Enter a price. Select the Monetary Unit from drop down menu. The available options are from the Monetary Unit Currency setting on Payment Gateway. D-Link DWC-1000 User Manual...
3. Complete the fields in the table below and click Save. Field Description Payment Processor Select the payment agent (Paypal). Paypal Payment receiver email iD Enter your Paypal account email used for receiving payments. APi Username Enter the API username of the Paypal Premier/Business/Website Payment Pro account. APi Password Enter the API password of the Paypal account. APi signature Enter the API signature of the Paypal Premier/Business/Website Payment Pro account. APP iD Enter the APP ID which Paypal provided to you. Currency Select the currency type. D-Link DWC-1000 User Manual...
Page 210
Section 6 - Securing Your Network Field Description Payment Processor Select the payment agent (Authorize.net). Paypal login iD Enter the API account ID used for receiving payments. transaction Key Enter your transaction key. MD5 Hash Enter your MD5 Hash value. transaction server Live is selected. Select Live or Test. transaction Mode Currency Select the currency type. D-Link DWC-1000 User Manual...
Customize the Captive Portal login Page Path: Security> Authentication> Login Profiles> Login Profiles 1. Go to Security > Authentication > Login Profiles > Login Profiles tab. 2. Click Add New Login Profile. 3. Complete the fields in the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 212
If you choose Custom on Page Background Color, you can choose particular color by filling Custom Color in the HTML color code. Header Caption Enter the text that appears in the header of the login page during the captive portal session. Caption Font Select the font for the header text. Font size Select the font size for the header text. Font Color Select the font color for the header text. D-Link DWC-1000 User Manual...
Page 213
Select the billing profile which will be shown on the login page. The table only listed the enable Billing Profile billing profiles which are set Unit Price. Enable the billing profile by switch ON on STATUS. Enter the service disclaimer text which is shown before user select and purchase wireless service Disclaimer text service. Payment server Select the payment received account and its payment agent. D-Link DWC-1000 User Manual...
Enter the text that will appear in the title of the browser during the captive portal Browser title session. Shows the set of rules on Captive Portal which is set for temporary and SLA type users. term of service rule The user needs to accept before accessing internet. D-Link DWC-1000 User Manual...
• Authentication Port - The port for the RADIUS server connection • Secret - Enter the shared secret that allows this controller to log into the specified RADIUS server(s). This key must match the shared secret on the RADIUS Server. • The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached, or to give up the RADIUS authentication attempt if communication with the server is not possible. To configure RADIUS Server: 1. Go to Security > Authentication > External Auth Server > RADIUS Server tab. D-Link DWC-1000 User Manual...
Page 217
2. Complete the RADIUS server information from the table below and click Save. Field Description Authentication server IP address of the RADIUS authentication server. Authentication Port RADIUS authentication server port to send RADIUS messages. Secret key that allows the device to log into the configured RADIUS server. It must secret match the secret on RADIUS server. Set the amount of time in seconds, the controller should wait for a response from the timeout RADIUS server. This determines the number of tries the controller will make to the RADIUS server retries before giving up. D-Link DWC-1000 User Manual...
1. Go to Security > Authentication > External Auth Server > RADIUS Accounting tab. 2. Click Add New Account. Complete the information from the table below and click Save. Field Description Accounting server iP Address IP address of the RADIUS accounting server. Accounting server name Enter a name for the server. Port Enter the port to use. secret Secret key that allows the device to log into the configured RADIUS server. D-Link DWC-1000 User Manual...
Accounting Mode Toggle to ON to enable accounting mode. Toggle to ON to send Radius Accounting (Interim-Update) based on Interim Interval Accounting interim Update Mode Period. By default this mode is disabled. rADiUs Accounting interim The interim Interval at which Radius Accounting (Interim-Update) packets should be interval sent by the controller. The value should be in the range 300 - 3600. D-Link DWC-1000 User Manual...
IP address of the POP3 authentication server. Authentication Port RADIUS authentication server port to send POP3 messages. Enable SSL support for POP3. If this option is enabled, it is mandatory to select a ssl enable certificate authority for it. CA File Certificate Authority to verify POP3 server’s certificate. Set the amount of time in seconds, the controller should wait for a response from timeout the POP3 server. This determines the number of tries the controller will make to the POP3 server retries before giving up. D-Link DWC-1000 User Manual...
1. Go to Security > Authentication > External Auth Server > POP3 Trusted CA tab. 2. Add the CA file by click Add CA File. 3. Click Choose File and browse to the CA file. Once selected, click Save. D-Link DWC-1000 User Manual...
NT Domain or Active Directory servers for user authentication. The details configured on the controller will be passed for authenticating the controller and its hosts. The LDAP attributes, domain name (DN), and in some cases the administrator account & password are key fields in allowing the LDAP server to authenticate the controller. To configure your LDAP Server: 1. Go to Security > Authentication > External Auth Server > LDAP Server tab. 2. Complete the fields in the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 223
Set the amount of time in seconds, the controller should wait for a response from the timeout LDAP server. This determines the number of tries the controller will make to the LDAP server retries before giving up. Admin account in LDAP server that will be used when LDAP authentication is required Administrator Account for PPTP/L2TP connection. Password Enter the admin password. D-Link DWC-1000 User Manual...
Set the amount of time in seconds that the controller should wait for a response from timeout the AD server. This determines the number of tries the controller will make to the AD server before retries giving up. D-Link DWC-1000 User Manual...
Set the amount of time in seconds that the controller should wait for a response from timeout the NT Domain server. This determines the number of tries the controller will make to the NT Domain server retries before giving up. D-Link DWC-1000 User Manual...
Once the controller are registered, you must pair your merchant page with the registration Url Registration Url. Configuration status Displays whether the controller is paired with the merchant page or not. reset Click to unregister the controller. D-Link DWC-1000 User Manual...
To configure: 1. Go to Security > Web Content Filter > Static Filtering. 2. Toggle which service you want to filter to On and click Save. D-Link DWC-1000 User Manual...
1. Go to Security > Web Content Filter > Static Filtering > Approved URL tab. 2. To import a list from a text/CSV file, click Upload URLs List from File. If you want to export the current list, click Export URLs List to File. To add a new URL, click Add New Approved URL. 3. Enter a URL and click Save. D-Link DWC-1000 User Manual...
1. Click Security > Web Content Filter > Static Filtering > Blocked Keywords tab. 2. To import a list from a text/CSV file, click Upload Keywords List from File. If you want to export the current list, click Export Keywords List to File. To add a new URL, click Add New Keyword. 3. Enter a keyword and click Save. D-Link DWC-1000 User Manual...
LAN from accessing internet services by creating an outbound firewall rule for each service. To create a new firewall rule: 1. Click Security > Firewall > Firewall Rules. 2. Right-click an entry and select either Edit or Delete. To add a new group, click Add New IPv4 Firewall Rule. D-Link DWC-1000 User Manual...
Page 231
Select a Destination host. If you select Single Address or Address Range, you will need to enter the IP Destination Hosts address or IP range. Select whether to log firewall traffic or not. Outbound rules (where To Zone = insecure WAN only) can have the traffic marked with a QoS priority tag. Select a priority level: • Normal-Service: ToS=0 (lowest QoS) Qos Priority (iPv4 only) • Minimize-Cost: ToS=1 • Maximize-Reliability: ToS=2 • Maximize-Throughput: ToS=4 • Minimize-Delay: ToS=16 D-Link DWC-1000 User Manual...
Note: All schedules will follow the time in the controller’s configured time zone. Refer to the section on choosing your Time Zone and configuring NTP servers for more information. To add a schedule profile: 1. Click Security > Firewall > Schedules Profiles. 2. Click Add New Schedule Profile. Enter a name for the profile and click Save. D-Link DWC-1000 User Manual...
Page 233
If you selected Specific Times, use the mouse on the blue boxes representing the hour, minutes, and am/ start time/end time pm to select the start time and end time. Click, hold, and move up to decrease the value or move down to increase the value. save Click to save your settings. D-Link DWC-1000 User Manual...
This page displays a list of blocked clients. You may add new clients to block. To configure blocked clients: 1. Go to Security > Firewall > Blocked Clients. 2. Click Add New Blocked Clients. Enter the client’s MAC address and a description. 3. Click Save. D-Link DWC-1000 User Manual...
2. Right-click an entry and select either Edit or Delete. To add a new schedule, click Add New Custom Service. Field Description name Enter a name for your custom service. type Enter the layer 3 protocol that the service uses (TCP, UDP, BOTH, or ICMP). Port type Select Port Range or Multiple Ports. start Port If you selected Port Range, enter the first (TCP, UDP or BOTH) port of a range that the service uses. Finish Port If you selected Port Range, enter the last port of a range that the service uses. Ports If you selected Multiple Ports, enter the port or ports separated by a comma. iCMP type The ICMP type is a numeric value that can range between 0 and 40. save Click to save your settings. D-Link DWC-1000 User Manual...
Because the ALG understands the protocol used by the specific application that it supports, it is a very secure and efficient way of introducing support for client applications through the controller’s firewall. 1. Click Security > Firewall > ALGs tab. 2. Toggle the protocol(s) to ON that you want to allow through the controller. D-Link DWC-1000 User Manual...
Local users will then use email client software to retrieve their email from the local SMTP server. SMTP is also used when clients are sending email and SMTP ALG can be used to monitor SMTP traffic originating from both clients and servers. 1. Click Security > Firewall > ALGs > SMTP ALGs tab. 2. Toggle Status to ON. 3. Enter the port at which the SMTP packets are inspected. 4. Click Save. D-Link DWC-1000 User Manual...
1. Click Security > Firewall > ALGs > Mail Filtering tab. 2. Right-click an entry and select either Edit or Delete. To add a new mail ID, click Add New Mail Filter. 3. Enter a subject and a mail ID. 4. Select to allow or block. 5. Click Save. D-Link DWC-1000 User Manual...
This switch’s firewall settings can be configured to allow encrypted V PN traffic for IPSec, PPTP, and L2TP V PN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support; instead the options in the VPN Passthrough page must be toggled to ON. 1. Click Security > Firewall > VPN Passthrough. 2. Toggle the VPN protocol you want to allow to ON and click Save. D-Link DWC-1000 User Manual...
You can also specify a port triggering rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to open when enabled. 1. Click Security > Firewall > Dynamic Port Forwarding > Application Rules tab. 2. Right-click an entry and select either Edit or Delete. To add a new schedule, click Add New Application Rule. D-Link DWC-1000 User Manual...
Page 241
Select either LAN or DMZ. outgoing (trigger) Port range Enter the start and end trigger port range. incoming Port range Enter the port range to open. save Click to save your settings. 4. Click on the Application Rules Status tab to see a list of rules and their status. D-Link DWC-1000 User Manual...
Toggle to ON to drop multicast packets, which could indicate a spoof attack, through or to the controller. Block Multicast Packets Toggle to ON to block any spoofed IP packets. Block spoofed iP Packets sYn Flood Detect rate The rate at which the SYN Flood can be detected. The number of ping packets per second at which the controller detects an Echo storm attack from the echo storm WAN and prevents further ping traffic from that external address. The number of ICMP packets per second at which the controller detects an ICMP flood attack from the iCMP Flood WAN and prevents further ICMP traffic from that external address. D-Link DWC-1000 User Manual...
The following types of tunnels can be created: • Gateway-to-gateway VPN: To connect two or more routers to secure traffic between remote sites. • Remote Client (client-to-gateway VPN tunnel): A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance. The gateway in this case acts as a responder. • Remote client behind a NAT router: The client has a dynamic IP address and is behind a NAT Router. The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance. The gateway WAN port acts as responder. • PPTP server for LAN / WAN PPTP client connections. • L2TP server for LAN / WAN L2TP client connections. D-Link DWC-1000 User Manual...
Section 7 - VPN Settings iPsec VPn Policies Path: VPN > IPSec VPN > Policies An IPSec policy is between the DWC-1000 and another gateway/router and an IPSec client on a remote host. The IPSec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints. • Transport: This is used for end-to-end communication between the DWC-1000 and the tunnel endpoint, either another IPSec gateway or an IPSec VPN client on a host. Only the data payload is encrypted and the IP header is not modified or encrypted. • Tunnel: This mode is used for network-to-network IPSec tunnels where this gateway is one endpoint of the tunnel. In this mode the entire IP packet including the header is encrypted and/or authenticated. When tunnel mode is selected, you can enable NetBIOS and DHCP over IPSec. DHCP over IPSec allows this switch to serve IP leases to hosts on the remote LAN. As well in this mode you can define the single IP address, range of IPs, or subnet on both the local and remote private networks that can communicate over the tunnel. To configure the radio settings: 1.
Page 245
• Range: Allows computers within an IP address range to connect to the VPN. Enter the Start IP Address and End IP Address in the provided fields. • Subnet: Allows an entire subnet to connect to the VPN. Enter the network address and subnet mask in the provided fields. Toggle to ON to periodically send ping packets to the host on the peer side of the network to keep the enable Keepalive tunnel alive. D-Link DWC-1000 User Manual...
Page 246
Section 7 - VPN Settings 3. Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1/Phase 2 negotiation to use for the tunnel. This is covered in the IPSec mode setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key Exchange (IKE) protocol dynamically exchanges keys between two IPSec hosts. The Phase 1 IKE parameters are used to define the tunnel’s security association details. The Phase 2 Auto policy parameters cover the security association lifetime and encryption/authentication details of the phase 2 key negotiation. The VPN policy is one half of the IKE/VPN policy pair required to establish an Auto IPSec VPN tunnel. The IP addresses of the machine or machines on the two VPN endpoints are configured here, along with the policy parameters required to secure the tunnel. D-Link DWC-1000 User Manual...
Page 247
SPI (security parameter index) values require conversion at each endpoint. The DWC-1000 supports VPN roll-over feature. This means that policies configured on the primary Option port will rollover to the secondary port in case of a link failure. This feature can be used only if your WAN is configured in Auto-Rollover mode. Note: Once you have created an IPSec policy, you may right-click the policy and select Export to save as a file.
2. Complete the fields in the table below and click Save. Field Description tunnel Mode Select either Full Tunnel or Split Tunnel. start/end iP Address Enter the starting and ending IP addresses. Primary/secondary Dns Enter the primary and secondary DNS server addresses. Primary/secondary Wins Enter the primary and secondary WINS server addresses. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
To add a DNS name: 1. Click VPN > IPSec VPN > Tunnel Mode > Split DNS Names tab. 2. Click Add New Split DNS name. You can right-click any created entries to edit or delete. 3. Enter a domain name and click Save. D-Link DWC-1000 User Manual...
1. Click VPN > IPSec VPN > DHCP Range. 2. Complete the fields in the table below and click Save. Field Description starting iP Address Enter the starting IP address to issue your clients connecting using DHCP over IPSec. ending iP Address Enter the ending IP address. subnet Mask Enter the subnet mask. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
Expiry Time: The date after which this Trusted certificate becomes invalid To upload a certificate: 1. Click VPN > IPSec VPN > Certificate > Trusted Certificates tab. 2. Click the Browse button. Locate your certificate and click Open. 3. Click Upload. D-Link DWC-1000 User Manual...
Expiry Time: The date after which this signed certificate becomes invalid. You should renew the certificate before it expires. To upload a certificate: 1. Click VPN > IPSec VPN > Certificate > Active Self Certificates tab. 2. Click the Browse button. Locate your certificate and click Open. 3. Click Upload. D-Link DWC-1000 User Manual...
Key length Application type Select the application type from the drop-down menu. Select either HTTPS or IPSec. iP Address Enter an IP address (optional). Domain name Enter a domain name (optional). email Address Enter your email address. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
1. Click VPN > IPSec VPN > Easy VPN Setup. 2. Click Browse and navigate to the policy file you want to upload. Select it and click Open. 3. Click Upload. 4. Once uploaded, go to VPN > IPSec VPN > Policies and the loaded VPN will be listed. Right-click it to edit or delete. D-Link DWC-1000 User Manual...
If you selected IPv6, enter the IPv6 prefix length. Authentication Select the authentication type from the drop-down menu. Authentication supported Toggle which type of authentication you want to enable to ON. idle timeout Enter the amount of time in seconds that the connection will disconnect when idle. netBios Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel. save Click to save your settings. D-Link DWC-1000 User Manual...
2. Toggle Client to ON and complete the fields in the table below. Field Description Client Toggle to ON to enable PPTP client. server iP Enter the IP address of the PPTP server you want to connect to. remote network Enter the remote network address. This address is local for the PPTP Server. remote netmask Enter the remote network subnet mask. Username Enter your PPTP user name. Password Enter your PPTP password. MPPe encryption Toggle to ON to enable Microsoft Point-to-Point Encryption (MPPE). idle time out Enter the amount of time (in seconds) that you will disconnect from the PPTP server when idle. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
Section 7 - VPN PPtP Active Users list A list of PPTP connections will be displayed on this page. Right-click the connection to connect and disconnect. D-Link DWC-1000 User Manual...
If you selected IPv6, enter the IPv6 prefix length. Authentication Select the authentication type from the drop-down menu. Toggle which type of authentication you want to enable to ON. Authentication supported idle timeout Enter the amount of time in seconds that the connection will disconnect when idle. netBios Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel. save Click to save your settings. D-Link DWC-1000 User Manual...
Section 7 - VPN l2tP Active Users list A list of L2TP connections will be displayed on this page. Right-click the connection to connect and disconnect. D-Link DWC-1000 User Manual...
To create a new SSL VPN policy: 1. Make sure you have enabled remote management and have created user(s) and group(s) to assign to this policy. 2. Click VPN > SSL VPN > SSL VPN Server Policy. Next to SSL VPN Server Policy, toggle to On and click Save. 3. Click Add New SSL VPN Server Policy. D-Link DWC-1000 User Manual...
Page 261
If you selected Network Resource, select the resource for the Defined Resource drop- Defined resources down menu. If you have not created a resource, refer to “Resources” on page 264 to create a defined resource. Select either VPN Tunnel, Port Forwarding, or All. This field is not available when service selecting Network Resource. Select either Permit or Deny. Permission save Click to save your settings. D-Link DWC-1000 User Manual...
2. Click Add New SSL VPN Portal Layout. Note: You may right-click a layout from the list and edit or delete a layout. 3. Complete the fields from the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 263
Select what group to include from the drop-down menu. VPn tunnel Page Toggle to ON to allow remote users to view this page. Toggle to ON to allow remote users to view this page. Port Forwarding save Click to save your settings. D-Link DWC-1000 User Manual...
Length, and Port Range/Port Number can all be defined for this resource as required. Add new resource To add a new resource: 1. Click VPN > SSL VPN > Resources. 2. Click Add New Resource. 3. Complete the fields from the table on the next page and click Save. D-Link DWC-1000 User Manual...
Page 265
Enter a unique name for this resource. service Select VPN Tunnel, Port Forwarding, or All. iCMP Toggle to ON to include ICMP traffic. object type Select Single IP Address or IP Network. object Address Enter the IP address. Mask length If you selected IP Network, enter the mask length (0-32). Begin/end Enter a port range for the object. save Click to save your settings. D-Link DWC-1000 User Manual...
To add a port forwarding rule: 1. Click VPN > SSL VPN > Resources. 2. Click Add New Rule under either Port Forwarding List for Configured Applications (TCP Port) or under Port Forwarding List for Configured Host Names (FQDN). 3. Enter the IP address of the local server. 4. Next enter either the TCP port number or the domain name (FQDN). 5. Click Save. D-Link DWC-1000 User Manual...
1. Click VPN > SSL VPN > SSL VPN Client. 2. Toggle Full Tunnel Support to ON to support full tunnel or OFF to enable split tunnel. 3. Enter a DNS suffix to assign to this client (optional). 3. Enter a primary and secondary DNS server addresses (optional). 4. Enter the range of IP addresses clients will be assigned (DHCP). 5. Next to LCP Timeout, set the value for LCP echo interval (in seconds). 6. Click Save. D-Link DWC-1000 User Manual...
• Destination network: The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients‘ perspective is set here. • Subnet mask: The subnet information of the destination network is set here. To configure a client route: 1. Click VPN > SSL VPN > Client Routes. 2. Click Add New Client Route. 3. Enter the destination network and subnet mask. 4. Click Save. D-Link DWC-1000 User Manual...
Select the encryption algorithm from the drop-down menu. Hash Algorithm Select the hash algorithm from the drop-down menu. Select either Full Tunnel or Split Tunnel. Full Tunnel mode just sends all traffic from the client across the tunnel type VPN tunnel to the controller. Split Tunnel mode only sends traffic to the private LAN based on pre-specified client routes. If you select Split Tunnel, refer to “LAN Configuration” on page 119 to create local networks. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
Select either TCP or UDP. tunnel Protocol encryption Algorithm Select the encryption algorithm from the drop-down menu. Hash Algorithm Select the hash algorithm from the drop-down menu. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
Select Access Server Client. Port Enter what port to use. The default port is 1194. Upload status Displays if a configuration file has been uploaded. File Click Browse and locate the configuration file. Click Open and then click Upload. save Click Save to save and activate your settings. D-Link DWC-1000 User Manual...
Section 7 - VPN local networks If you selected Split Tunnel (from OpenVPN Server), you can create a local network by following the steps below: 1. Click VPN > OpenVPN > Local Networks. 2. Click Add New OpenVPN Local Network. 3. Enter a local IP network. 4. Enter the subnet mask. 5. Click Save. D-Link DWC-1000 User Manual...
Section 7 - VPN remote networks To create remote networks: 1. Click VPN > OpenVPN > Remote Networks. 2. Click Add New OpenVPN Remote Network. 3. Enter a name of the remote network. 4. Enter a local IP network. 5. Enter the subnet mask. 6. Click Save. D-Link DWC-1000 User Manual...
Section 7 - VPN Authentication This page will allow you to upload certificates and keys. Click Browse and select the file you want to upload. Click Open and then click Upload. D-Link DWC-1000 User Manual...
Section 8 - Viewing Status and Statistics status and statistics This chapter describes the following pages, which display wireless controller and access point status information and statistics. D-Link DWC-1000 User Manual...
Percent of the CPU utilization currently consumed by the device. The CPU CPU Utilization utilization is broken down into specifics such as all user space processes, such as management operations, kernel space processes, and CPU idle time or IO. Displays a breakdown of memory usage by the amount used, free, cached, Memory Utilization and currently in the system buffer. traffic information Displays a grid of traffic statistics for each interface. D-Link DWC-1000 User Manual...
1. Click on the Manage Dashboard button. 2. The following window will pop out and allow you to enable or disable the overview panels shown on the dashboard. Toggle the panel to On or Off and click Save. D-Link DWC-1000 User Manual...
Page 278
If you suspect issues with any of the wired ports, use this table to identify uptime or transmit level issues with the port. The statistics table has an auto-refresh control for displaying the most current port level data at each page refresh. The default auto-refresh for this page is 10 seconds. D-Link DWC-1000 User Manual...
Advanced menus. This page is organized into the following sections: • General - Shows system name, firmware version, WLAN module version, and serial number. • Port Information – Shows information based on the administrator configuration parameters. Note that LAN1 will display the local interface of the controller. If you set any of the LAN ports to Standalone, information will be displayed under the corresponding LAN heading. D-Link DWC-1000 User Manual...
Section 8 - Viewing Status and Statistics Viewing UsB status Path: Status > System Information > USB Status The USB Status page summarizes the USB devices connected to the wireless controller. The wireless controller allows to connect USB printer and USB disk (for firmware upgrade only) directly. There are two USB ports. D-Link DWC-1000 User Manual...
Section 8 - Viewing Status and Statistics Viewing DHCP Clients Path: Status > Network Information > DHCP Clients Two separated tabs shows a list of clients whom get IP leased from the wireless controller: LAN leased clients and LAN IPv6 leased clients. D-Link DWC-1000 User Manual...
If Internet session passthrough is enabled, select the session and right-click Disconnect allowing the admin to selectively drop an authenticated user. Select the session and right-click Block device. The “Block Device” button will result in the selected client being added to the blocked list (Security > Firewall > Blocked Clients), and the current and future sessions from this client will be prevented. D-Link DWC-1000 User Manual...
Section 8 - Viewing Status and Statistics Viewing Active sessions Path: Status > Network Information > Active Sessions The Active Sessions page shows the following information about the active Internet sessions through the wireless controller: • Source • Destination • Protocol used during the Internet sessions • State D-Link DWC-1000 User Manual...
Section 8 - Viewing Status and Statistics Viewing VPn sessions Path: Status > Network Information > Active VPN Sessions Note: This feature is only available when the DCS-1000-VPN license is activated. The Active VPN Sessions page displays the following information about the active VPN sessions through the wireless controller: • Policy Name • Endpoint • Transfer Rate (KB and Packets) • Configuration State Click the tab of the VPN session you want to view (IPSec, SSL, PPTP, or Open VPN). D-Link DWC-1000 User Manual...
Section 8 - Viewing Status and Statistics Viewing traffic on interfaces Path: Status > Network Information > Interfaces This page shows the incoming/outgoing packets on each interface. Table fields are shown on the next page. D-Link DWC-1000 User Manual...
Page 286
Dropped in Packets Packets dropped on the inbound path of the interface. Dropped out Packets Packets dropped on the outbound path of the interface. WLAN Info transmitted Total packets transmitted across all APs managed by the controller. received Total packets received across all APs managed by the controller. Total packets transmitted across all APs managed by the controller that were transmit Dropped dropped. receive Dropped Packets dropped on the inbound path of the interface. Total packets received across all APs managed by the controller that were Dropped out Packets dropped. D-Link DWC-1000 User Manual...
Note: Only the Cluster Controller controller can display managed APs, clients, statistics, and RF Scan databases for the whole cluster. The Controllers that are not Cluster Controllers can display information only about locally attached devices. Cluster Controller iP Address The IP address of the peer controller that is the Cluster Controller. D-Link DWC-1000 User Manual...
Field Description Shows the IP address of the Controller that manages the AP to which the Controller iP Address client is associated. Client MAC Address Shows the MAC address of the associated client. D-Link DWC-1000 User Manual...
Distributed tunnel Packets Total number of packets sent by all APs via distributed tunnels. transmitted Total number of client that successfully roamed away from Home AP using Distributed tunnel roamed Clients distributed tunneling. Total number of clients that are associated with an AP that are using distributed tunnel Clients tunneling. Total number of clients for which the system was unable to setup a distributed tunnel Client Denials tunnel when client roamed. D-Link DWC-1000 User Manual...
Field Description Current Receive Status Global status when wireless configuration is received from a peer controller. Possible status values are: • Not Started • Receiving Configuration • Saving Configuration Current receive status • Applying AP Profile Configuration • Success • Failure - Invalid Code Version • Failure - Invalid Hardware Version • Failure - Invalid Configuration D-Link DWC-1000 User Manual...
Page 291
Use the drop-down list at the top of this page to select a peer controller whose access point information you want to view. Each peer controller is identified by its IP address. D-Link DWC-1000 User Manual...
Identifies which parts of the configuration the controller received from the Configuration peer controller. Shows when the configuration was applied to the controller. The time is timestamp displayed as UTC time and therefore only useful if the administrator has configured each peer controller to use NTP. D-Link DWC-1000 User Manual...
Number of APs that were previously authenticated and managed, but Connection Failed APs currently don’t have connection with the Wireless controller. Number of APs that failed to establish communication with the FASTPATH Authentication Failed APs Unified Wireless controller. D-Link DWC-1000 User Manual...
Page 294
AP Mitigation Count authentication messages to mitigate against rogue APs. A value of 0 indicates that mitigation is not in progress. Maximum Managed APs in Peer Group Maximum number of access points that can be managed by the cluster. Total network utilization across all APs managed by this controller. This is WlAn Utilization based on global statistics. D-Link DWC-1000 User Manual...
• Failed = wireless controller lost contact with the access point. A failed entry will remain in the Managed AP database unless you remove it. Note: a managed access point shows a failed status temporarily during a reset. • Rogue = access point has not tried to contact the wireless controller and the access point’s MAC address is not in the Valid AP database. radio Wireless radio mode the access point is using. Channel Operating channel for the radio. D-Link DWC-1000 User Manual...
The radios resume operation when that access point is managed again by a wireless controller. Shows whether the configuration profile applied to the managed access point Configuration status is successful or not. D-Link DWC-1000 User Manual...
Page 297
Shows per-radio information about the number and type of packets radio statistics transmitted and received for a specific access point. Shows per-VAP information about the number of packets transmitted and VAP statistics received and the number of wireless client failures for a specific access point. D-Link DWC-1000 User Manual...
All is selected from the drop-down menu. location Descriptive location configured for the managed access point. Profile Access point profile that the wireless controller applies to the access point. Hardware iD Hardware ID associated with the access point hardware platform. D-Link DWC-1000 User Manual...
Profile iD This can also happen with the local database when the configuration has been received from a peer controller. Hardware Type: The access point hardware type specified in the access point Profile Mismatch Profile is not compatible with the actual access point hardware. D-Link DWC-1000 User Manual...
• Invalid Profile ID • Profile Mismatch-Hardware Type Time since failure occurred. rF scan Path: Status > Wireless Information > Access Point > RF Scan The radio(s) on each access point can scan the radio frequency periodically to collect information about other access points and wireless clients that are within range. In normal operating mode, the access point always scans on the operational channel for the radio. The RF Scan page shows information about other access points and wireless clients that the wireless controller has detected. Right-click on an AP or client to bring up options to view details. D-Link DWC-1000 User Manual...
This feature is disabled by default. The wireless system can conduct the de‐authentication attack against 16 APs at the same time. The intent of this attack is to serve as a temporary measure until the rogue AP is located and disabled. The de‐authentication attack is not effective for all rogue types, and therefore is not used on every detected rogue. The following rogues are not subjected to the attack: • If the detected rogue is spoofing the BSSID of the valid managed AP then the wireless system does not attempt to use the attack because that attack may deny service to a legitimate AP and provide another avenue for a hacker to attack the system. • The de-authentication attack is not effective against Ad hoc networks because these networks do not use authentication. • The APs operating on channels outside of the country domain are not attacked because sending any traffic on illegal channels is against the law. The wireless controller maintains a list of BSSIDs against which it is conducting a de‐authentication attack. The controller sends the list of BSSIDs and channels on which the rogue APs are operating to every managed AP. D-Link DWC-1000 User Manual...
Page 302
Section 8 - Viewing Status and Statistics Field Description Shows the BSSID of the AP against which the attack is launched. The BSSID is a BssiD MAC address. Channel Identifies the channel on which the rogue AP is operating. time since Attack started Shows the amount of time that has passed since the attack started on the AP. rF scan report Age Shows the amount of time that has passed since the RF Scan reported this AP. D-Link DWC-1000 User Manual...
Describes the platform and the supported IEEE 802.11 modes. radio Count Shows whether the hardware supports one radio or two radios. image type Shows the type of software the hardware requires. The right-click option will display the radio Information for the selected hardware type. D-Link DWC-1000 User Manual...
Page 304
Shows whether the hardware supports one radio or two radios. 802.11a support Shows whether support for IEEE 802.11a mode is enabled. Displays the type of radio, which might contain information such as the radio type Description manufacturer name and supported IEEE 802.11 modes. 802.11bg support Shows whether support for IEEE 802.11bg mode is enabled. VAP Count Displays the number of VAPs the radio supports. 802.11n support Shows whether support for IEEE 802.11n mode is enabled. 802.11ac support Shows whether support for IEEE 802.11ac mode is enabled. D-Link DWC-1000 User Manual...
Pre-auth History entries Current number of pre-authentication history entries in use by the system. Maximum number of entries that can be recorded in the roam history for all Maximum roam History entries detected clients. total roam History entries Current number of pre-authentication history entries in use by the system. D-Link DWC-1000 User Manual...
Ethernet MAC address of the client station. Client iP Address The IP address of the client station. ssiD Name of the wireless network on which the client is connected. MAC address for the managed access point/virtual access point where this BssiD client is associated. AP MAC Address Ethernet MAC address of the access point. D-Link DWC-1000 User Manual...
Page 307
AP status Shows information about the neighbor AP status. Shows detailed statistic information about the associated client and its Client statistics bandwidth usage. Shows a history of the different APs the client has been connected to that are roam History Details managed by the DWC-1000. Purge roam History Will purge the roam history for the selected client. After right-clicking next to the MAC address, the Client Statistic page shows the fields in the table on the next page. This page shows information about the traffic a wireless client receives and transmits while it is associated with a single access point. Use the table to view details about an associated client. Each client is identified by its MAC address.
Page 308
SSID and security configuration that match the client, including MAC authentication, encryption method, and pre-shared key or RADIUS parameters. The access point that the client is associated with captures all pre-authentication requests and sends them to the controller. The WLAN Associated Detected Clients Pre-Authentication History List page shows detected clients that have made pre-authentication requests and identifies the access points that received the requests. Right-clicking next to the MAC address, the Pre-Auth History page shows the fields in the table on the next page. D-Link DWC-1000 User Manual...
Page 309
AP MAC Address authenticated. radio Radio number to which the client is authenticated. VAP MAC Address VAP MAC address to which the client roamed. ssiD SSID name used by the VAP. A flag indicating whether the history entry represents a new authentication status or a roam event. time since event Time since the history entry was added. D-Link DWC-1000 User Manual...
Deletes all ad hoc client entries from the list. Clearing the list does not Delete All disassociate any of the ad hoc clients, and the clients might still be involved in the ad hoc network. Blocks an ad hoc client from WLAN access. The MAC address is added to the Deny Known Client database where the default action is Deny. Allows an ad hoc client access to the WLAN. The MAC address is added to the Allow Known Client database where the default action is Allow. D-Link DWC-1000 User Manual...
• Rogue = client is classified as a threat by one of the threat-detection algorithms. Time since any event has been received for this client that updated the detected client database entry. Create time Time since this entry was first added to the detected client database. D-Link DWC-1000 User Manual...
Page 312
Client Rogue Classification page provides information about the results of these tests. If a client has been classified as a rogue, this page provides information about which tests the client might have failed to trigger the classification. Purge Pre-auth History Clears pre auth data from Pre-Auth History section. D-Link DWC-1000 User Manual...
Discovery method of the given peer wireless controller, either through an L2 Discovery reason Poll or IP Poll. Managed AP Count Number of access points that the wireless controller manages currently. Time since last communication with the wireless controller, in hours, minutes, and seconds. D-Link DWC-1000 User Manual...
Connected satellite AP members of this WDS AP Group. Configured WDs link Count Number of configured bidirectional links in the WDS AP Group. Number of WDS links detected in the system.APs on both sides of the link Detected WDs links Count must detect each other in order for the link to be counted. D-Link DWC-1000 User Manual...
00:00:00:00:00:00. The type of device elected as the Spanning Tree Root bridge: • None (STP is disabled) source Device type • Root AP • Satellite AP • External Device (STP Root is not one of the APs) Config WDs link Count Number of configured bidirectional links in the WDS AP Group. Number of WDS links detected in the system. APs on both sides of the link Detect WDs links Count must detect each other in order for the link to be counted. D-Link DWC-1000 User Manual...
Page 316
Status of the last attempt to configure the password for the WDS Group: • Not Started • Success WDs Group Password Change status • Invalid Password • Requested • Timed Out To change the password for all controllers and APs in this WDS Group, select the Edit checkbox, type the new password, and then click Apply Password. edit Password Password must be minimum of 8 characters and can be up to 63 characters in length. D-Link DWC-1000 User Manual...
If spanning tree is disabled the value is also 0. When spanning tree is enabled on the APs in the WDS group this status ethernet Port stP state parameter reports the spanning tree status of the Ethernet port. On Satellite APs the Ethernet port can be manually disabled. On root APs the ethernet Port Mode port is always enabled. ethernet Port link state When the Ethernet port is enabled, this status reports the link state of the port. D-Link DWC-1000 User Manual...
AP stP • Learning • Listening • Blocking Spanning Tree State of the link on the destination AP, which is one of the following: • Disabled (STP is disable or Link is down) Destination AP stP • Forwarding • Learning • Listening • Blocking D-Link DWC-1000 User Manual...
The MAC address of the Source AP in the group. Destination AP radio The radio number of the WDS link endpoint on the destination AP. Indicates whether the AP specified by the destination MAC detected source AP end-Point the AP specified by the source MAC. Indicates whether the AP specified by the source MAC detected the AP Destination AP end-Point specified by the destination MAC. source AP Packets/ Bytes sent Number of packets/bytes sent by the source AP. source AP Packets/Bytes received Number of packets/bytes received by the source AP. Destination AP Packets/Bytes sent Number of packets/bytes sent by the destination AP. Destination AP Packets/Bytes received Number of packets/bytes received by the destination AP. D-Link DWC-1000 User Manual...
You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time. You can choose to set Date and Time manually, which will store the information on the controller’s real time clock (RTC). If the controller has access to the internet, the most accurate mechanism to set the controller time is to enable NTP server communication. To configure the date and time, following below steps: 1. Select the controller’s time zone, relative to Greenwich Mean Time (GMT). 2. If supported for your region, click to Enable Daylight Savings. 3. Determine whether to use default or custom Network Time Protocol (NTP) servers. If custom, enter the server addresses or FQDN. D-Link DWC-1000 User Manual...
Section 9 - Maintenance set login session timeout Path: Maintenance > Administration > Session Settings Enter the session timeout value for administrator and guest users and then click Save. set UsB share Ports Path: Maintenance > Administration > USB Share Ports Enable USB port sharing on USB port 1, 2, or both and click Save. D-Link DWC-1000 User Manual...
2. After obtaining the Activation Key, go to Maintenance > Administration > License Update. The License Update page will appear. 3. Under Activation Setup, enter the D-Link-supplied code for the license you want to activate in the Activation Code field.
Section 9 - Maintenance remote Management Path: Maintenance > Administration > Remote Management Note: This feature is only available with the DCS-1000-VPN license activation. The Remote Access page allows you to enable remote management from outside your local network to configure your wireless controller. Select HTTP and/or HTTPS. Note: When remote management is enabled, the controller is accessible to anyone who knows its IP address. It is HIGHLY RECOMMENDED that you change the default administrator and guest passwords before continuing. 1. Go to Maintenance > Management > Remote Management. 2. Set HTTP and/or HTTPS to On. If you select HTTPS, you may enter a port (4443 is the default setting). 3. Click Save. D-Link DWC-1000 User Manual...
LAN port when a small cable length is connected to that port. Longer cables have higher resistance than shorter cables and require more power to transmit packets over that distance. This option will reduce the power to a LAN port if an Ethernet cable of less than 10 ft is detected as being connected to that port. D-Link DWC-1000 User Manual...
Master system. When an external SNMP manager is provided with this controller’s Management Information Base (MIB) file, the manager can update the controller’s hierarchal variables to view or update configuration parameters. The controller as a managed device has an SNMP agent that allows the MIB configuration variables to be accessed by the Master (the SNMP manager). The Access Control List on the controller identifies managers in the network that have read-only or read-write SNMP credentials. The Traps List outlines the port over which notifications from this controller are provided to the SNMP community (managers) and also the SNMP version (v1, v2c, v3) for the trap. Configure snMP v3 User list Go to Maintenance > Management > SNMP > SNMP tab. 1. Right-click either admin or guest and select Edit. D-Link DWC-1000 User Manual...
1. Go to Maintenance > Management > SNMP > SNMP Trap List tab. 2. Click Add SNMP Trap. 3. Complete the information on fields (refer to the table below). 4. Click Save. Field Description iP Address The IP Address of the SNMP trap agent. The SNMP trap port of the IP address to which the trap messages will Port be sent. The community string to which the agent belongs. Most agents are Community configured to listen for traps in the Public community. Authentication type The SNMP version used by the trap agent. The choices are v1, v2c, or v3. D-Link DWC-1000 User Manual...
1. Go to Maintenance > Management > SNMP > Access Control List tab. 2. Click Add Access Control. 3. Complete the information on fields (refer to the table below). 4. Click Save. Field Description iP Address The IP Address of the SNMP trap agent. subnet Mask The network mask used to determine the list of allowed SNMP managers. Community The community string to which the agent belongs. Access type Access will be either read only (ROcommunity) or read-write (RWcommunity). D-Link DWC-1000 User Manual...
1. Go to Maintenance > Management > SNMP> SNMP System Info tab. 2. Enter the information as desired. • SysContact: The name of the contact person for this controller. Examples: admin, John Doe. • SysLocation: The physical location of the controller: Example: Rack #2, 4th Floor. • SysName: A name given for easy identification of the controller. 3. Click Save. Configure Wireless snMP info If you use Simple Network Management Protocol (SNMP) to manage the controller, you can configure the SNMP agent on the controller to send traps to the SNMP manager on your network from this page. When an AP is managed by a controller, it does not send out any traps. The controller generates all SNMP traps based on its own events and the events it learns about through updates from the APs it manages. All Wireless SNMP traps are disabled by default. 1. Go to Maintenance > Management > SNMP > SNMP Trap tab. D-Link DWC-1000 User Manual...
Page 330
Client state Change traps • Client Association Detected • Client Disassociation Detected • Client Roam Detected If you enable this field, the SNMP agent sends a trap for one of the following reasons associated with a peer controller • Peer Controller Discovered Peer Controller traps • Peer Controller Failed • Peer Controller Unknown Protocol Discovered • Configuration command received from peer controller. (The controller does not need to be Cluster Controller for generating this trap.) If you enable this field, the SNMP agent sends a trap when the RF scan detects a new rF scan traps AP, wireless client, or ad‐hoc client. If you enable this field, the SNMP agent sends a trap when the controller discovers a rogue AP traps rogue AP. The agent also sends a trap every Rogue Detected Trap Interval seconds if any rogue AP continues to be present in the network. D-Link DWC-1000 User Manual...
Page 331
• Managed AP database Wireless status traps • AP Neighbor List • Client Neighbor List • AP Authentication Failure List • RF Scan AP List • Client Association Database • Ad Hoc Clients List • Detected Clients List D-Link DWC-1000 User Manual...
A. If Save from System (PC) is chosen, a dialog box message will appear. Afterwards the browser will automatically begin the download to the default download location. B. If Save from USB Port 1, or Save from USB Port 2 is chosen, the file will immediately be backed up to the corresponding USB flash drive without further prompts. If no USB flash medium is present, these options will do nothing. D-Link DWC-1000 User Manual...
Open. You may also restore from a thumb drive connected to one of the USB ports. 3. Click Restore. A message will appear. 4. Click OK to close the message and restore the configuration settings from the selected file. D-Link DWC-1000 User Manual...
3. At the confirmation message, click OK to restore factory default settings; or click Cancel to retain your current settings. Note: After restoring the factory default configuration, the wireless controller’s default LAN IP address is 192.168.10.1, the default login user name is admin, and the default login password is admin. D-Link DWC-1000 User Manual...
1. Go to Maintenance > Firmware > Soft Reboot. 2. Next to Soft Reboot, click Soft Reboot. To reboot to the original factory default, click Default. 3. At the confirmation message, click OK to reboot the wireless controller or click Cancel to not reboot. D-Link DWC-1000 User Manual...
Upgrading Firmware Wireless Controller Firmware Upgrade Path: Maintenance > Firmware > Firmware Upgrade > Using System (PC) D-Link is constantly improving the operation and performance of the wireless controller. When improvements are available, they are offered to customers as firmware upgrade releases. After you install the wireless controller, check that it has the latest firmware. Thereafter, check for firmware releases and install them as they become available.
Page 337
To use a USB drive to update the firmware, click the Using USB tab. 2. If the firmware version on the D-Link support website has a higher number than the firmware version shown under Firmware Information, continue with this procedure.
An RJ-45-to-DB9M cable is included with the wireless controller. 1. Connect a PC with a VT-100 terminal-emulation program to the Console port on the front panel of the wireless controller. 2. CLI login credentials are shared with the GUI for administrator users. When prompted, type cli in the SSH or console prompt and login with administrator user credentials. For more information, refer to the Wireless Controller CLI Reference Guide: DWC-1000. D-Link DWC-1000 User Manual...
In the unlikely event you encounter a problem using the wireless controller, refer to the troubleshooting suggestions in this chapter to identify and resolve the problem. The topics covered in this chapter are: • “LED Troubleshooting” on page 340 • “Web Management Interface” on page 340 • “Using the Reset Button to Restore Default Settings” on page 341 • “Problems with Date and Time” on page 341 • “Discovery Problems with Access Points” on page 341 • “Connection Problems” on page 342 • “Network Performance and Rogue Access Point Detection” on page 342 • “Using Diagnostic Tools on the Wireless Controller” on page 343 D-Link DWC-1000 User Manual...
If the error persists, please contact D-Link technical support. lAn Port leDs not on If the LAN LEDs do not go ON when the Ethernet connection is made: 1. Check that the Ethernet cable connections are secure at the wireless controller and at the switch.
If the wireless controller does not discover any or all access points: • Be sure the wireless controller is connected to the LAN (see “LAN Port LEDs Not ON” on page 340). • Be sure you entered the appropriate IP address range if the access points operate in different VLANs, reside behind an IP subnet, or operate in standalone mode (see “ Step #1: Enable DHCP Server (Optional)” on page 28). • If you are using a firewall, unblock the UDP port number for each access port in the firewall. • Be sure each access point is using a unique IP address (see “AP Discovery Methods” on page 78). If more than one access point has the same IP address, only one of them is discovered. In this case, add the access point to the managed list, change its IP address, and then run discovery again to discover the next access point with that IP address (see “Step #3: Select APs to be Managed” on page 30). D-Link DWC-1000 User Manual...
2. Click Soft Reboot. network Performance and rogue Access Point Detection When rogue access point detection is enabled, access points intermittently go off channel for short periods, which can affect network performance. If security concerns are more important than network performance, you can enable rogue access point detection. If network performance is more important than security concerns, you can temporarily disable rogue access point detection. D-Link DWC-1000 User Manual...
1. Go to Maintenance > Management > Diagnostics > Network Tools. 2. Under Command Output for Ping and Traceroute, in the IP Address / Domain Name field, enter an IP address or domain name. 3. Click Ping. The results will appear in the Command Output display below. D-Link DWC-1000 User Manual...
1. Go to Maintenance > Management > Diagnostics > Network Tools. 2. Under Command Output for Ping and Traceroute, in the IP Address / Domain Name field, enter an IP address or domain name. 3. Click Traceroute. The results will appear in the Command Output display below. D-Link DWC-1000 User Manual...
2. Under DNS Lookup, in the Domain Name field, enter an Internet name. 3. Click Lookup. The results will appear in the Command Output display below. If the host or domain entry exists, a response will appear with the IP address. If the message Host Unknown appears, the Internet name does not exist. D-Link DWC-1000 User Manual...
2. Select an interface (LAN or Option 1) from the drop-down menu. 3. Click Start Trace. The results are shown in the Command Output page. The trace can be downloaded by clicking the Download button, which will immediately begin the download to the browsers default download location. D-Link DWC-1000 User Manual...
1. Go to Maintenance > Management > Diagnostics > System Check. 2. Click Display IPv4 Table or Display IPv6 Table. The results will appear in the Command Output display below. D-Link DWC-1000 User Manual...
Path: Maintenance > Logs Settings > Facility Logs The Facility Logs page lets you determine the granularity of logs to receive from the wireless controller. Select one of the following facilities: • Kernel = the Linux kernel. Log messages that correspond to this facility would correspond to traffic through the firewall or network stack. • System = application and management-level features available on this wireless controller for managing the unit. D-Link DWC-1000 User Manual...
Page 349
System is unusable Alert Action must be taken immediately Critical Critical conditions error Error conditions Warning Warning conditions notification Normal but significant condition information Informational Debugging Debug-level messages The display for logging can be customized based on whether the logs are sent to the Event Log viewer in the web management interface (the Event Log viewer is in the Status > System Information > All Logs > Current Logs) or a remote Syslog server for later review. E-mail logs, discussed in a subsequent section, follow the same configuration as logs configured for a Syslog server. D-Link DWC-1000 User Manual...
If enabled, tracks packets that were blocked from being transferred through the Dropped Packets segment. Routing Logs inter VlAn: If enable, tracks traffic from inter VLAN routing logs. After making your selections on this page, click Save to save your changes or click Cancel to revert to the previous settings. D-Link DWC-1000 User Manual...
All Broadcast / Multicast traffic If enabled, tracks all broadcast or multicast packets directed to the wireless controller. FtP logs If checked, logged information is sent to FTP logs. If checked, tracks the number of redirected Internet Control Message Protocol (ICMP) redirected iCMP Packets packets. invalid Packets If checked, tracks the number of invalid packets received. D-Link DWC-1000 User Manual...
Address(1-3) alerts are to be sent. If Enable E-Mail Logs is enabled, select an authentication if the SMTP server requires authentication before accepting connections. Choices are: • None = no authentication is used. The User Name and Password fields are not available. Authentication with sMtP • Login Plain = authentication used to log in using Base64-encoded passwords server over non-encrypted communication session. Base64-encoded passwords offer no cryptographic protection, making them vulnerable. • CRAM-MD5 = a challenge-response authentication mechanism defined in RFC 2195 based on the HMAC-MD5 MAC algorithm. CRAM-MD5 offers a higher level of authentication than Login Plain. D-Link DWC-1000 User Manual...
Page 353
• Hourly = send logs every hour. • Daily = send logs every day at the Time specified. • Weekly = send logs weekly, at the Day and Time specified. If Unit is set to Weekly, select the day when logs will be sent. time If Unit is set to Daily or Weekly, select the time when logs will be sent. D-Link DWC-1000 User Manual...
• All • Kernel • System Select the appropriate Syslog severity. When a severity is selected, all Syslogs with syslog severity severity equal to or greater than the chosen severity are logged on the configured Syslog Server. D-Link DWC-1000 User Manual...
Wireless logs If enabled, the controller will log information relative to wireless activities. Note: To understand log messages, it is very important to have accurate system time that has been set manually or from a NTP server. D-Link DWC-1000 User Manual...
Click Refresh to refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. Click Send Logs to send all logs in the Display Logs screen to preconfigured e-mail recipients. D-Link DWC-1000 User Manual...
The Display Logs window allows you to view configured log messages from the controller on WLAN interface as they appear. Each log will appear with a timestamp as determined by the controller's configured time. The same logs are sent to the WLAN interface while being displayed here. Click Refresh (Right side on the page) for refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. D-Link DWC-1000 User Manual...
Syslog server or e-mail logging is configured, the same logs are sent to the remote interface while being displayed here. Click Refresh (Right side on the page) for refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. D-Link DWC-1000 User Manual...
Syslog server or e-mail logging is configured, the same logs are sent to the remote interface while being displayed here. Click Refresh (Right side on the page) for refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. D-Link DWC-1000 User Manual...
Syslog server or e-mail logging is configured, the same logs are sent to the remote interface while being displayed here. Click Refresh (Right side on the page) for refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. D-Link DWC-1000 User Manual...
Syslog server or e-mail logging is configured, the same logs are sent to the remote interface while being displayed here. Click Refresh (Right side on the page) for refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. D-Link DWC-1000 User Manual...
Syslog server or e-mail logging is configured, the same logs are sent to the remote interface while being displayed here. Click Refresh (Right side on the page) for refresh logs or reload page again. Click Clear All to remove all entries in the Display Logs screen. D-Link DWC-1000 User Manual...
A Basic Planning Worksheet similar to the one in this appendix allows you to collect the following critical information to expedite your planning efforts. • Building dimensions • Walls and possible obstructions to wireless coverage • Number of floors • Distance between floors • Total number of users and number of users per access point • Radio type(s) • Desired access point data rates • Areas where you want to deploy access points • Areas where you cannot deploy an access point • Areas where you do not want coverage D-Link DWC-1000 User Manual...
Page 364
802.11 n: 802.11 b/g/n: 802.11 a – 5 GHz Only: 802.11 a/n – 5 GHz Only: 802.11 a/n/ac - 5 GHz Only: SSID information Service Set Identifier (SSID) name:_________________________________ Security (none, WEP, WPA, or WPA2):________________________________ Use wireless controller as a DHCP server? Yes = host name and IP address should be assigned dynamically. No = use DHCP relay or configure static IP addresses and record them below. IP address: IP subnet mask: Gateway IP address: Primary DNS server: Secondary DNS server: D-Link DWC-1000 User Manual...
Page 365
Are you connected to the Internet? Confirm and record firmware levels for the wireless controller and all access points: DWC-1000 wireless controller: DWL-2600AP access point: DWL-3600AP access point: DWL-6600AP access point: DWL-8600AP access point: DWL-8610AP access point: Record MAC addresses for the wireless controller and all access points: DWC-1000 wireless controller: DWL-2600AP access point(s): DWL-3600AP access point(s): DWL-6600AP access point(s): DWL-8600AP access point(s): DWL-8610AP access point(s): D-Link DWC-1000 User Manual...
User login URL http://192.168.10.1 User name (case sensitive) Device login admin Login password (case sensitive) admin IP address 192.168.10.1 IPv4 subnet mask 255.255.255.0 DHCP server Disabled DHCP starting IP address 192.168.10.100 local area network DHCP ending IP address 192.168.10.254 (lAn) Time zone Time zone adjusted for Daylight Savings Time Disabled SNMP Disabled Remote management Disabled D-Link DWC-1000 User Manual...
Internet. ISP - Internet service provider. MAC Address - Media-access-control address. Unique physical-address identifier attached to a network adapter. MTU - Maximum transmission unit. Size, in bytes, of the largest packet that can be passed on. The MTU for Ethernet is a 1500-byte packet. NAT - Network Address Translation. Process of rewriting IP addresses as a packet passes through a controller or firewall. NAT enables multiple hosts on a LAN to access the Internet using the single public IP address of the LAN’s gateway controller. D-Link DWC-1000 User Manual...
Page 368
WINS - Windows Internet Name Service. Service for name resolution. Allows clients on different IP subnets to dynamically resolve addresses, register themselves, and browse the network without sending broadcasts. Wireless Controller - D-Link device that centralizes and simplifies network management of a wireless LAN by consolidating individually managed access points into a single, unified solution. D-Link DWC-1000 User Manual...