No category

Download Wireless Controller User Manual - D-Link

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

Transcript

Building Networks for People
Wireless Controller
User Manual
DWC-1000
Ver. 1.01
Business Wireless Solution
User Manual
Wireless Controller
D-Link Corporation
Copyright © 2011.
http://www.dlink.com
Wireless Controller
User Manual
User Manual
DWC-1000
Wireless Controller
Version 1.01
Co p y rig h t © 2011
Copyright Notice
Th is p u b licat io n , in clu d in g all p h o t o g rap h s , illu s t rat io n s an d s o ft ware, is p ro t ect ed u n d er
in t ern at io n al co p y rig h t laws , wit h all rig h t s res erv ed . Neit h er t h is man u al, n o r an y o f t h e
mat erial co n t ain ed h erein , may b e rep ro d u ced wit h o u t writ t en co n s en t o f t h e au t h o r.
Disclaimer
Th e in fo rmat io n in t h is d o cumen t is s ubject t o ch ange wit h o ut n o tice. Th e man u fact u rer makes
n o rep res ent at ions o r warran t ies wit h res p ect t o t h e co n t en t s h ereo f an d s p ecifically d is claim
an y imp lied warran t ies o f merch an t ab ilit y o r fit n es s fo r an y p art icu lar p u rp o s e. Th e
man u fact u rer res erv es t h e rig h t t o rev is e t h is p u b licat io n an d t o make ch an g es fro m t ime t o
t ime in t h e co n t ent h ereof wit h o ut o b lig at ion o f t h e man u factu rer t o n o t ify an y p ers o n o f s u ch
rev is io n o r ch an g es .
Limitations of Liability
UNDER NO CIRCUM STA NCES SHA LL D -LINK OR ITS SUPPLIERS BE LIA BLE FOR
DA M A GES OF A NY CHA RA CTER (E.G. DA M A GES FOR LOSS OF PROFIT, SOFTW A RE
RESTORA TION, W ORK STOPPA GE, LOSS OF SA VED DA TA OR A NY OTHER
COM M ERCIA L DA M A GES OR LOSSES) RESULTING FROM THE A PPLICA TION OR
IM PROPER USE OF THE D-LINK PRODUCT OR FA ILURE OF THE PRODUCT, EVEN IF
D-LINK IS INFORM ED OF THE POSSIBILITY OF SUCH DA M A GES. FURTHERM ORE, D LINK W ILL NOT BE LIA BLE FOR THIRD -PA RTY CLA IM S A GA INST CUSTOM ER FOR
LOSSES OR DA M A GES. D-LINK W ILL IN NO EVENT BE LIA BLE FOR A NY DA M A GES
IN EXCESS OF THE A M OUNT D -LINK RECEIVED FROM THE END-USER FOR THE
PRODUCT.
1
Wireless Controller
User Manual
Table of Contents
Chapter 1. Introduction.......................................................................................................................................... 13
1.1
About this User Manual .................................................................................................... 14
1.2
Typographical Conventions ............................................................................................. 15
Chapter 2. Configuring Your Network .............................................................................................................. 17
2.1
LAN Configuration .............................................................................................................. 17
2.1.1 LAN DHCP Reserved IPs ................................................................................................ 21
2.1.2 LAN DHCP Leased Clients.............................................................................................. 22
2.1.3 LAN Configuration in an IP v6 Network ........................................................................ 23
2.1.4 DHCP v6 Leased Clients ................................................................................................... 26
2.1.5 Configuring IP v6 Router Advertisements ................................................................... 27
2.2
LAN QoS ................................................................................................................................ 30
2.2.1 Port Queue Scheduling..................................................................................................... 30
2.2.2 Port Queue Status .............................................................................................................. 31
2.2.3 Option QoS Configuration................................................................................................ 32
2.2.4 Traffic Selector Configuration ......................................................................................... 34
2.2.5 LAN QoS Configuration .................................................................................................... 36
2.2.6 801.p Configuration ............................................................................................................ 36
2.2.7 DSCP Configuration........................................................................................................... 37
2.2.8 Remark CoS to DSCP ....................................................................................................... 39
2.3
VLAN Configuration ........................................................................................................... 40
2.3.1 Associating VLANs to ports ............................................................................................. 41
2.3.2 Multiple VLA N Subnets ..................................................................................................... 43
2.4
Configurable Port: DMZ Setup ....................................................................................... 44
2.5
2.6
2.6.1
2.6.2
2.6.3
2.7
Universal Plug and Play (UP nP).................................................................................... 45
Captive Portal ....................................................................................................................... 48
Captive Portal Setup .......................................................................................................... 48
Captive Portal Session...................................................................................................... 53
WLAN CP Interface Association .................................................................................... 54
WLAN global configuration .............................................................................................. 56
2.8
2.8.1
2.8.2
Wireless Discovery configuration .................................................................................. 59
Wireless Discovery Status ............................................................................................... 61
AP Profile Global Configuration ..................................................................................... 62
Chapter 3. Configuring Wireless LAN .............................................................................................................. 83
3.1
WLAN Setup Wizard .......................................................................................................... 83
Chapter 4. Monitoring Status and Statistics................................................................................................... 84
4.1
System Overview ................................................................................................................ 84
4.1.1 Dashboard ............................................................................................................................. 84
4.1.2 Device Status ....................................................................................................................... 86
4.1.3 Wireless LAN AP information ......................................................................................... 88
4.1.4 Cluster information ............................................................................................................. 90
4.1.5 Resource Utilization ........................................................................................................... 92
4.2
4.2.1
4.3
4.3.1
Traffic Statistics ................................................................................................................... 95
Wired Port Statistics........................................................................................................... 95
Managed AP and Associated Clients Statistics ....................................................... 96
Managed AP Statistics ...................................................................................................... 96
2
Wireless Controller
User Manual
4.3.2
4.3.3
LAN Assoicated Clients .................................................................................................... 97
WLAN Assoicated Clients ................................................................................................ 98
4.4
4.4.1
Active Connections............................................................................................................. 99
Sessions through the Cont roller .................................................................................... 99
4.5
4.5.1
4.5.2
4.5.3
4.6
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.7
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
LAN Client Info................................................................................................................... 100
Associated Clients ............................................................................................................ 100
LAN Clients ......................................................................................................................... 102
Detected Clients ................................................................................................................ 103
Access Point ....................................................................................................................... 105
Access Point Status ......................................................................................................... 105
AP Summary ...................................................................................................................... 108
Managed AP Status ......................................................................................................... 110
Authentication Failure Status ........................................................................................ 111
AP RF Scan Status .......................................................................................................... 113
Global Info ........................................................................................................................... 115
Global status....................................................................................................................... 115
Peer Contorller Status ..................................................................................................... 121
Peer Controller Configuration Status ......................................................................... 122
Peer Controller Managed AP Status .......................................................................... 123
IP Discovery ........................................................................................................................ 124
Configuration Receive Status ....................................................................................... 125
AP Hardware Capability ................................................................................................. 127
4.8
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
Wireless Client Status ..................................................................................................... 128
Client Status ....................................................................................................................... 128
Assocaited Client Status ................................................................................................ 130
Associated Client SSID Status ..................................................................................... 132
Associated Client VAP Status ...................................................................................... 133
Cont roller Associated Client Status ............................................................................ 134
Detected Client Status .................................................................................................... 135
Pre-A uthoriz ation History ............................................................................................... 136
Detected Client Roam History ...................................................................................... 138
Chapter 5. AP Management .............................................................................................................................. 140
5.1
5.2
5.2.1
5.2.2
5.2.3
5.2.4
Valid Access Point Configuration ................................................................................ 140
RF Management................................................................................................................ 144
RF Configuration ............................................................................................................... 144
Channel Plan History ....................................................................................................... 147
Manual Channel Plan ...................................................................................................... 148
Manual Power Adjustment Plan................................................................................... 151
5.3
5.4
Access Point Software Download ............................................................................... 152
Local OUI Database Summary .................................................................................... 154
5.5
5.6
AP Provisioning Summary ............................................................................................. 155
Manual Management ....................................................................................................... 157
Chapter 6. Connecting to the Int ernet: Option Setup ............................................................................... 160
6.1
6.2
6.2.1
6.2.2
6.2.3
6.2.4
Internet Connection Set up Wizard .............................................................................. 160
Option Configuration ........................................................................................................ 161
Option Port IP address.................................................................................................... 162
Option DNS Servers ........................................................................................................ 163
DHCP Option...................................................................................................................... 163
PPPoE .................................................................................................................................. 164
3
Wireless Controller
User Manual
6.2.5
6.2.6
6.2.7
6.3
6.3.1
6.3.2
6.3.3
Russia L2TP and PP TP Option ................................................................................... 167
Option Configuration in an IP v6 Network ................................................................. 169
Checking Option Status .................................................................................................. 172
Features with Multipl e Option Links ........................................................................... 175
Auto Failover ...................................................................................................................... 175
Load Balancing .................................................................................................................. 176
Protocol Bindings .............................................................................................................. 178
6.4
6.4.1
6.4.2
6.4.3
6.5
Routing Configuration...................................................................................................... 180
Routing Mode ..................................................................................................................... 180
Dynamic Routing (RIP) ................................................................................................... 183
Static Routing ..................................................................................................................... 184
OSPF..................................................................................................................................... 185
6.6
6.7
6.8
6to4 Tunneling ................................................................................................................... 188
IGMP Setup ........................................................................................................................ 190
Option Port Settings ......................................................................................................... 191
6.9
IP Aliases ............................................................................................................................. 193
Chapter 7. Securing the Private Network ..................................................................................................... 194
7.1
7.2
7.3
7.3.1
7.4
Firewall Rules ..................................................................................................................... 195
Defining Rule Schedules ................................................................................................ 196
Configuring Firewall Rules ............................................................................................. 197
Firewall Rule Configuration Examples....................................................................... 202
Security on Custom Servic es........................................................................................ 206
7.5
7.6
7.7
ALG support ........................................................................................................................ 207
VPN Passthrough for Firewall ...................................................................................... 208
Client ..................................................................................................................................... 209
7.8
7.9
Application Rules .............................................................................................................. 210
Application Rules Status ................................................................................................ 212
7.10
7.10.1
7.10.2
7.10.3
7.10.4
Web Content Filtering...................................................................................................... 212
Cont ent Filtering ................................................................................................................ 213
Approved URLs ................................................................................................................. 214
Blocked Keywords ............................................................................................................ 215
Export Web Filter .............................................................................................................. 216
7.11
7.12
7.13
IP/MAC Binding ................................................................................................................. 217
RADIUS Settings............................................................................................................... 218
Switch Settings .................................................................................................................. 220
7.14
Protecting from Internet Attacks .................................................................................. 221
Chapter 8. IPsec / PPTP / L2TP VPN ............................................................................................................ 223
8.1
VPN Wizard ........................................................................................................................ 226
8.2
8.2.1
8.2.2
8.3
8.4
8.4.1
8.4.2
8.4.3
Configuring IPsec Policies ............................................................................................. 228
Extended Aut hentication (XAUTH) ............................................................................. 232
Internet over IPS ec tunnel ............................................................................................. 233
Configuring VPN clients .................................................................................................. 233
PPTP / L2TP Tunnels ...................................................................................................... 234
PPTP Tunnel Support ..................................................................................................... 234
L2TP Tunnel Support ...................................................................................................... 236
OpenVPN Support ............................................................................................................ 237
4
Wireless Controller
User Manual
Chapter 9. SSL VPN ............................................................................................................................................ 241
9.1
Groups and Users............................................................................................................. 243
9.1.1 Users and Passwords ..................................................................................................... 251
9.2
Using SSL VPN Policies ................................................................................................. 253
9.2.1 Using Network Res ourc es ............................................................................................. 256
9.3
Application Port Forwarding .......................................................................................... 257
9.4
SSL VPN Client Configuration...................................................................................... 260
9.4.1 Creating Portal Layouts .................................................................................................. 263
9.5
Active VPN Tunnels ......................................................................................................... 265
Chapter 10. Advanced System Functionalities.............................................................................................. 268
10.1 USB Device Setup ............................................................................................................ 268
10.2 USB Share Port ................................................................................................................. 269
10.3
10.4
Authentication Certificates ............................................................................................. 270
®
Intet AMT ........................................................................................................................... 272
Chapter 11. Advanced Wireless Controller Features .................................................................................. 275
11.1
11.2
Advanced Global Wireless Controller Configuration ............................................ 275
Distributed Tunneling....................................................................................................... 278
11.3
11.4
11.4.1
11.4.2
11.5
11.5.1
11.5.2
Distributed Tunneling Status ......................................................................................... 279
Peer Controller Configuration ....................................................................................... 281
Peer Controller Configuraiton Request Status ....................................................... 281
Peer Controller Configuration ....................................................................................... 282
WIDS Configuration ......................................................................................................... 284
WIDS AP configration...................................................................................................... 284
WIDS Client Configuration............................................................................................. 288
Chapter 12. Administration & Management ................................................................................................... 292
12.1
12.2
Remote Management ...................................................................................................... 292
CLI Access .......................................................................................................................... 292
12.3
12.4
12.5
SNMP Configuration ........................................................................................................ 293
SNMP Traps ....................................................................................................................... 295
Configuring Time Zone and NTP ................................................................................. 298
12.6
12.6.1
12.6.2
12.6.3
12.7
Log Configuration.............................................................................................................. 299
Defining What to Log ....................................................................................................... 300
Sending Logs to E-mail or Syslog ............................................................................... 303
E vent Log Viewer in GUI ................................................................................................ 306
Backing up and Restoring Configuration Settings ................................................. 308
12.8
12.9
12.9.1
12.9.2
12.9.3
12.9.4
12.9.5
Upgrading Wirelesss Controller Firmware ............................................................... 310
Dynamic DNS Setup ........................................................................................................ 311
Using Diagnostic Tools ................................................................................................... 313
Ping........................................................................................................................................ 314
Trace Route ........................................................................................................................ 314
DNS Lookup ....................................................................................................................... 315
Rout er Options ................................................................................................................... 315
Chapter 13. License Activation ........................................................................................................................... 316
5
Wireless Controller
User Manual
Appendix A. Glossary ............................................................................................................................................. 318
Appendix B. Factory Default Settings................................................................................................................ 321
6
Wireless Controller
User Manual
List of Figures
Figure 1: Setup page for LA N TCP/IP settings (DHCP server) .................................................................. 20
Figure 2: Setup page for LA N TCP/IP settings (DHCP Relay) ................................................................... 21
Figure 3: LAN DHCP Reserved IPs ..................................................................................................................... 22
Figure 4: LAN DHCP Leased Clients ................................................................................................................... 23
Figure 5: IP v6 LA N and DHCP v6 configuration ............................................................................................... 24
Figure 6: DHCP v6 Leased Clients ........................................................................................................................ 26
Figure 7: Configuring the Router Advertisement Daemon ........................................................................... 29
Figure 8: IP v6 Advertisement Prefix settings .................................................................................................... 30
Figure 9: Port Queue Scheduling .......................................................................................................................... 31
Figure 10: Port Queue Status ................................................................................................................................. 32
Figure 11: Option QoS Configuration ................................................................................................................... 33
Figure 12: Bandwidth Profile Configuration ....................................................................................................... 34
Figure 13: Traffic Selector Configuration ............................................................................................................ 35
Figure 14: LA N QoS Configuration ....................................................................................................................... 36
Figure 15: 801.p Configuration............................................................................................................................... 37
Figure 16: DS CP Configuration ............................................................................................................................. 38
Figure 17: Remark CoS to DS CP ......................................................................................................................... 39
Figure 18: Adding VLA N members hips to the LAN ......................................................................................... 41
Figure 19: Port VLAN list.......................................................................................................................................... 42
Figure 20: Configuring VLA N membership for a port ..................................................................................... 43
Figure 21: Multiple VLAN Subnets........................................................................................................................ 44
Figure 22: DMZ configuration ................................................................................................................................. 45
Figure 23: UP nP Configuration .............................................................................................................................. 47
Figure 24: Captive Port al Setup............................................................................................................................. 49
Figure 25: Configuring a captive portal policy................................................................................................... 50
Figure 26: Captive Port al Configuration (Part -1).............................................................................................. 51
Figure 27: Captive Port al Configuration (Part -2).............................................................................................. 52
Figure 28: Active Runtime sessions ..................................................................................................................... 54
Figure 29: WLAN CP Interface Association ....................................................................................................... 55
Figure 30: WLAN global configuration ................................................................................................................. 57
Figure 31: Configuring the Wireless Discovery ................................................................................................ 60
Figure 32: Wireless Discovery status................................................................................................................... 62
Figure 33: AP Profile Global Configuration ........................................................................................................ 63
Figure 34: AP Profile List ......................................................................................................................................... 64
7
Wireless Controller
User Manual
Figure 35: AP Pofile - Radio configuration (Part-1)......................................................................................... 71
Figure 36: AP Pofile - Radio configuration (Part-2)......................................................................................... 73
Figure 37: AP Pofile - SSID configuration .......................................................................................................... 75
Figure 39: AP Pofile - QoS configuration (P art-2) ........................................................................................... 82
Figure 40: WLAN Setup Wizard............................................................................................................................. 83
Figure 41: Dashboard................................................................................................................................................ 85
Figure 42: Devic e Status display ........................................................................................................................... 87
Figure 43: Devic e Status display (continued) ................................................................................................... 88
Figure 44: Wireless LAN AP information ............................................................................................................ 89
Figure 45: Cluster information ................................................................................................................................ 91
Figure 46: Resource Utilization statistics............................................................................................................ 93
Figure 47: Resource Utilization data (continued) ............................................................................................. 94
Figure 48: Physical port statistics.......................................................................................................................... 95
Fi gu r e 49: M an a g ed A P S t at is t ic s .......................................................................................................... 97
Figure 50: LA N Associated Clients ....................................................................................................................... 98
Figure 51: WLAN Associated Clients ................................................................................................................... 99
Figure 52: List of current Active Firewall Sessions ....................................................................................... 100
Figure 53: Associated Clients ............................................................................................................................... 101
Figure 54: List of LA N hosts.................................................................................................................................. 103
Figure 55: Detected Clients ................................................................................................................................... 104
Figure 57: AP status ................................................................................................................................................ 108
Figure 58: Managed AP status............................................................................................................................. 110
Figure 59: Authentication Failure Status........................................................................................................... 112
Figure 60: AP RF Scan Status ............................................................................................................................. 115
Figure 61: Global Status (Part 1)......................................................................................................................... 116
Figure 62: Global Status (Part 2)......................................................................................................................... 117
Figure 63: Peer Controller Status ........................................................................................................................ 122
Figure 64: Peer Controller Configuration Status ............................................................................................ 123
Figure 65: Peer Controller Managed AP Status............................................................................................. 124
Figure 66: IP Discovery .......................................................................................................................................... 125
Figure 67: Configuration Receive Status .......................................................................................................... 127
Figure 68: AP Hardware Capability .................................................................................................................... 128
Figure 69: Client Status .......................................................................................................................................... 129
Figure 70: Associated Client Status ................................................................................................................... 131
Figure 71: Associated Client SSID Status........................................................................................................ 132
Figure 72: Associated Client VAP Status ......................................................................................................... 133
8
Wireless Controller
User Manual
Figure 73: Controller Associated Client Status............................................................................................... 134
Figure 74: Detected Client Status ....................................................................................................................... 136
Figure 75: Pre-Auth History ................................................................................................................................... 137
Figure 76: Detected Client Roam History ......................................................................................................... 139
Figure 77: Valid Access Point Configuration ................................................................................................... 141
Figure 78: Add a Valid Access Point.................................................................................................................. 142
Figure 79: RF configuration................................................................................................................................... 146
Figure 80: Channel Plan History. ........................................................................................................................ 148
Figure 81: Manual Channel Plan. ........................................................................................................................ 150
Figure 82: Manual Power Adjustment Plan ..................................................................................................... 152
Figure 83: Access Point Software Download .................................................................................................. 154
Figure 84: Local OUI Database ........................................................................................................................... 155
Figure 85: AP Provisioning Summary Status .................................................................................................. 157
Figure 86: Manual Management .......................................................................................................................... 158
Figure 87: Internet Connection Setup Wizard ................................................................................................. 161
Figure 88: Manual Option1 configuration ......................................................................................................... 164
Figure 89: PPPoE configuration for standard ISPs ....................................................................................... 165
Figure 90: Option1 configuration for Japanese Multiple PPPoE (part 1) ............................................... 166
Figure 91: Option1 configuration for Multiple PPPoE (part 2) ................................................................... 167
Figure 92: Russia L2TP ISP configuration ....................................................................................................... 169
Figure 93: IP v6 Option1 Setup page.................................................................................................................. 171
Figure 94: Connection Status information of Option1 .................................................................................. 174
Figure 95: Load Balancing is available when multiple Option ports are configured and Protocol
Bindings have been defined ............................................................................................................. 178
Figure 96: Protocol binding setup to associate a service and/or LAN source to an Option and/or
destination network .............................................................................................................................. 179
Figure 97: Routing Mode is used to configure traffic routing between Option and LAN, as well as
Dynamic routing (RIP) ........................................................................................................................ 182
Figure 98: Static route configuration fields ....................................................................................................... 185
Figure 99: OSPFv2 status – IP v4........................................................................................................................ 186
Figure 100: OSPFv3 status – IP v6 ..................................................................................................................... 186
Figure 101: OSPFv2 Configuration .................................................................................................................... 187
Figure 102: 6to4 Tunneling.................................................................................................................................... 189
Figure 103: IGMP Setup......................................................................................................................................... 190
Figure 104: Physical Option port settings......................................................................................................... 192
Figure 105: IP Aliases ............................................................................................................................................. 193
Figure 106: List of A vailable Firewall Rules ..................................................................................................... 196
9
Wireless Controller
User Manual
Figure 107: List of A vailable Schedules to bind to a firewall rule ............................................................. 197
Figure 108: Example where an outbound SNAT rule is used to map an external IP address
(209.156.200.225) to a private DMZ IP address (10.30.30.30) ........................................... 200
Figure 109: The firewall rule configuration page allows you to define the To/From zone, service,
action, schedules, and specify source/destination IP addresses as needed. ................. 201
Figure 110: Schedule configuration for the above example. ..................................................................... 205
Figure 111: List of user defined services.......................................................................................................... 207
Figure 112: A vailable ALG support on the controller. .................................................................................. 208
Figure 113: Passthrough options for VPN tunnels ........................................................................................ 209
Figure 114: List of Known Clients ....................................................................................................................... 210
Figure 115: List of A vailable Application Rules showing 4 unique rules ................................................ 211
Figure 116: List of A vailable Application Rules and corresponding status ........................................... 212
Figure 117: Content Filtering used to block access to proxy servers and prevent ActiveX controls
from being downloaded...................................................................................................................... 214
Figure 118: Two trusted domains added to the Approved URLs List ..................................................... 215
Figure 119: One keyword added to the block list........................................................................................... 216
Figure 120: Export Approved URL list ............................................................................................................... 217
Figure 121: Example binding a LA N host’s MAC Address to a served IP address ........................... 218
Figure 122: RADIUS Server Configuration ...................................................................................................... 219
Figure 123: Switch settings ................................................................................................................................... 220
Figure 124: Protecting the controller and LA N from internet attacks ...................................................... 222
Figure 125: Example of Gateway-to-Gateway IPsec VPN tunnel using two DWC controllers
connected to the Int ernet ................................................................................................................... 224
Figure 126: Example of three IPsec client connections to the internal network through the DWC
IPsec gateway ....................................................................................................................................... 225
Figure 127: VPN Wizard launch screen ............................................................................................................ 226
Figure 128: IPsec policy configuration ............................................................................................................... 229
Figure 129: IPsec policy configuration continued (Aut o policy via IKE) ................................................. 231
Figure 130: IPsec policy configuration continued (Aut o / Manual Phase 2) ......................................... 232
Figure 131: PPTP tunnel configuration – PP TP Client ................................................................................ 235
Figure 132: PPTP VPN connection status ....................................................................................................... 235
Figure 133: PPTP tunnel configuration – PP TP Server .............................................................................. 236
Figure 134: L2TP tunnel configuration – L2TP Server ................................................................................ 237
Figure 135: OpenVPN configuration .................................................................................................................. 239
Figure 136: Example of clientless SSL VPN connections to the DWC-1000....................................... 242
Figure 137: List of groups ...................................................................................................................................... 243
Figure 138: User group configuration ................................................................................................................ 245
10
Wireless Controller
User Manual
Figure 139: SSLVPN Settings .............................................................................................................................. 247
Figure 140: Group login policies options .......................................................................................................... 248
Figure 141: Browser policies options ................................................................................................................. 249
Figure 142: IP policies options ............................................................................................................................. 250
Figure 143: A vailable Users with login status and associated Group .................................................... 251
Figure 144: User Configuration options ............................................................................................................ 253
Figure 145: List of SSL VPN polices (Global filter) ....................................................................................... 254
Figure 146: SSL VPN policy configuration ....................................................................................................... 255
Figure 147: List of configured resources, whic h are available to assign to SSL VPN poli cies ...... 257
Figure 148: List of A vailable Applications for SSL Port Forwarding ........................................................ 260
Figure 149: SSL VPN client adapter and access configuration ................................................................ 261
Figure 150: Configured client routes only apply in split tunnel mode ..................................................... 263
Figure 151: SSL VPN Portal configuration....................................................................................................... 265
Figure 152: List of current Active VPN Sessions ........................................................................................... 266
Figure 153: USB Device Detection ..................................................................................................................... 269
Figure 154: USB Share Port ................................................................................................................................. 270
Figure 155: Certificate summary for IPsec and HTTPS management ................................................... 272
®
Figure 156: Intet AMT............................................................................................................................................ 273
Fi gu r e 15 7: W i r el es s C on f i gu r at i o n ..................................................................................................... 276
Fi gu r e 15 8: Dis t r ib ut e d Tu nn el in g ........................................................................................................ 279
Fi gu r e 15 9: Dis t r ib ut e d Tu nn el in g C li ent s ...................................................................................... 280
Fi gu r e 16 0: P e e r Co nt r oll e r C on f ig u r at i o n Re q u es t S t at us ............................................... 281
Fi gu r e 16 1: P e e r Co nt r oll e r C on f ig u r ait o n ..................................................................................... 283
Fi gu r e 16 2: W I DS A P C on f ig u r at i o n .................................................................................................... 288
Figure 163: WIDS Client Configuration ............................................................................................................. 291
Figure 164: Remote Management ...................................................................................................................... 292
Figure 165: SNMP Users, Traps, and Access Control ................................................................................ 294
Figure 166: SNMP system information for this controller ........................................................................... 295
Figure 167: SNMP Traps ....................................................................................................................................... 296
Figure 168: Date, Time, and NTP server setup ............................................................................................. 299
Figure 169: Facility settings for Logging ........................................................................................................... 301
Figure 170: Log configuration options for traffic through controller ......................................................... 303
Figure 171: E-mail configuration as a Remote Logging option ................................................................. 305
Figure 172: Syslog server configuration for Remote Logging (continued) ............................................ 306
Figure 173: VPN logs displayed in GUI event viewer .................................................................................. 307
Figure 174: SSL VPN logs displayed in GUI event viewer ......................................................................... 308
11
Wireless Controller
User Manual
Figure 175: Restoring configuration from a saved file will result in the current configuration being
overwritten and a reboot .................................................................................................................... 310
Figure 176: Firmware version information and upgrade option ................................................................ 311
Figure 178: Controller diagnostics tools available in the GUI.................................................................... 314
Figure 179: Installing a License ........................................................................................................................... 317
12
Wireless Controller
User Manual
Chapter 1. Introduction
D-Lin k W ireles s Co n t ro ller (DW C), DW C-1000, is a fu ll-feat u red wireles s LA N
co n t ro ller d esig nin g fo r s mall n et wo rk en v iro n men t . Th e cen t ralized co n t ro l fu n ct io n
co n t ain s v ario us access p oin t man agemen t fu n ctio ns, s uch as fast -roamin g , in t er-s ubn et
ro amin g , au t o mat ic ch an n el an d p o wer ad ju s t men t , s elf -h ealin g et c. Th e ad v an ced
wireles s s ecu rit y fu n ct io n , in clu d in g ro u g e A P d et ect io n , cap t iv e p o rt al, wireles s
in t ru s io n d et ect io n s y s t em (W IDS), o ffers a s t ro n g wireles s n et wo rk p ro t ect io n
av o id in g at t acks fro m h ackers . A ft er licen s e u p g rad e o p t imal n et wo rk s ecu rit y is
p ro v id ed v ia feat u res s u ch as v ir t u al p riv at e n et wo rk (VPN) t u n n els , IP Secu rit y
(IPs ec), Po in t -t o -Poin t Tu n nelin g Pro t ocol (PPTP), Lay er 2 Tu n n elin g Pro t ocol (L2TP),
an d Secu re So cket s Lay er (SSL). Emp o wer y o u r ro ad warrio rs wit h clien t les s remo t e
acces s an y wh ere an d an y t ime u s in g SSL VP N t u n n els .
Th ere are t wo t y p es o f licen s es av ailab le t o act iv at e in creas ed fu n ct io n alit y fo r t h e
DW C. Th es e licen s es are n o t act iv at ed b y d efau lt .
1.
VPN l i cens e u p grade enables t h e fo llo win g feat ures: ISP Co n n ect ion t y p es
(PPPo E, PPTP, L2TP, NA T/ Tran s p aren t mo d e ), Op t io n 2/ DM Z p o rt , IP
A lias in g , Dy n amic Ro u t in g (RIP), VPN (PPTP clien t / s erv er, L2TP clien t
/ s erv er , SSLVPN, Op en VPN) , In t el A M T, Dy n amic DNS, W eb s it e Filt er,
A p p licat io n Ru les , Firewall Ru les , UPNP, IGM P p ro xy , an d A LG/ SM TP A LG
2.
AP l i cens e u p g rad es t h e n u mb er o f A Ps co n t ro ller can man ag e. Yo u can
u p g rad e u p t o 3 A P licen s es . By d efau lt DW C-1000 ca n man ag e u p t o 6
A P's . Yo u in creas e t h e n u mb er b y 6 u p o n each A P licen s e.
13
Wireless Controller
1.1
User Manual
About this User Manual
Th is d o cu men t is a h ig h lev el man u al t o allo w n ew D-Lin k W ireles s Co n t ro ller u s ers
t o co n fig u re co nnectiv ity , W LA N co n fig uratio n, s et up VPN t u n n els, es tablis h firewall
ru les an d A P man ag emen t an d p erfo rm g en eral ad min is t rat iv e t as ks . Ty p ical
d ep lo y men t an d u se case s cen ario s are d es crib ed in each s ect io n . Fo r mo re d et ailed
s et u p in s t ru ct io n s an d exp lan at io n s o f each co n fig u rat io n p aramet er, refer t o t h e
o n lin e h elp t h at can b e acces s ed fro m each p ag e in t h e co n t ro ller GUI.

Fo r t h is u s er man u al all s creen s h o t s are t aken wit h an act iv at ed VPN
licen s e wh ich en ab les VPN / Firewall feat u res .
14
Wireless Controller
1.2
User Manual
Typographical Conventions
Th e fo llo win g is a lis t o f t h e v ario u s t erms , fo llo wed b y an examp le o f h o w t h at t erm
is rep res en t ed in t h is d o cu men t :
 Pro d u ct Name : D-Lin k W ireles s Co n t ro ller
o M o d el n u mb er: DW C-1000
 GUI M en u Pat h / GUI Nav ig at io n – Monitoring > Controller Status
 Imp o rt an t n o t e –

15
Wireless Controller
User Manual
Chapter 2. Configuring Your Network
To en ab le man ag emen t acces s fo r t h e b ro ws er b as ed web GUI acces s
o r SNM P
man ag er, y o u mu s t co nn ect t h e co ntro ller t o t h e n et work. Th e d efault IP ad d ress/sub net
mas k o f t h e co n t ro ller man ag emen t in t erface is 1 9 2 .1 6 8 .1 0 .1 / 2 5 5 .2 5 5 .2 5 5 .0 an d
DHCP s erv er o n t h e LA N is d is ab led b y d efault o n t h e co ntro ller. Yo u mu s t co n nect the
co n t ro ller t o a 1 9 2 .1 6 8 .1 0 .0 n et wo rk.
A ft er y o u co n fig ure n etwo rk in fo rmat io n, s u ch as t h e IP ad d ress an d s u b n et mas k, an d
t h e co n t roller is p h y sically an d lo g ically co n nect ed t o t h e n etwo rk, y o u can man age and
mo n it o r t h e co n t ro ller remo t ely t h ro u g h W eb b ro ws er, o r an SNM P -b as ed n et wo rk
man ag emen t s y stem.On ce t he in it ial s et up is co mp let e, t he DW C-1000 can b e man ag ed
t h ro u g h wired in t erface co n n ect ed t o co n t ro ller.

A cce s s t h e c o n t ro ller‟s GUI fo r man ag emen t b y u s in g an y web b ro ws er,
s u ch as M icro s o ft In t ern et Exp lo rer o r M o zilla Firefo x.
Go t o http:/ / 1 9 2 .1 6 8 .1 0 .1 (d efau lt IP ad d res s ) t o d is p lay t h e co n t ro ller‟s
man ag emen t lo g in s creen .
Defau lt lo g in cred en t ials fo r t h e man ag emen t GUI:

Us ern ame: admi n

Pas s wo rd : admi n

2.1
If t h e co n t ro ller‟s LA N IP ad d ress was ch anged, u s e t h at IP ad d res s in t h e
n av ig at io n b ar o f t h e b ro ws er t o acces s t h e co n t ro ller‟s man ag emen t UI.
LAN Configuration
Setup > Network Settings > LAN Setup Configuration
By d efau lt , in t h e co n tro ller t h e Dy n amic Ho s t Co n fig u rat io n Pro t o co l (DHCP) mo d e
is s et t o “No n e”. Th e DHCP mo d e can b e s et as a DHCP s erv er o r DHCP relay . W h en
DHCP mo d e is s et as DHCP s erv er, t h e co n t ro ller fu n t io n s as a DHCP s erv er fo r
as s ig n in g IP ad d res s leas es t o h o s t s o n t h e W LA N o r LA N. W it h DHCP, PCs an d
17
Wireless Controller
User Manual
o t h er LA N d ev ices can b e as s ig n ed IP ad d res s es , t h e d efau lt g at eway , as well as
ad d res ses fo r DNS s erv ers , W in dows In ternet Name Serv ice (W INS) s erv ers . Th e PCs
in t h e LA N are as s ig n ed IP ad d res s es fro m a p o o l o f ad d res s es s p ecified in t h is
p ro ced u re. Each p o o l ad d res s is t es t ed b efo re it is as s ig n ed t o av o id d u p licat e
ad d res s es o n t h e LA N.
Fo r mo s t ap p licat ion s t he d efault DHCP an d TCP/ IP s et t in g s are s at is fact o ry . If y o u
wan t an o t h er PC o n y o u r n et wo rk t o b e t h e DHCP s erv er o r if y o u are man u ally
co n fig u rin g t h e n et wo rk s et t in g s o f all o f y o u r PCs , s et t h e DHCP mo d e t o „n o n e‟.
DHCP relay can b e u s ed t o fo rward DHCP leas e in fo rmat io n fro m an o t h er LA N
d ev ice t h at is t h e n et wo rk‟s DHCP s erv er; t h is is p art icu larly u s efu l fo r wireles s
clien t s .
In s t ead o f u s in g a DNS s erv er, y o u can u s e a W in d o ws In t ern et Namin g Serv ice
(W INS) s erv er. A W INS s erv er is t h e eq u iv alen t o f a DNS s erv er b u t u s es t h e
Net BIOS p ro t o co l t o reso lve h o stnames. Th e co n t ro ller in clu d es t h e W INS s erv er IP
ad d res s in t h e DHCP co n fig u rat io n wh en ackn o wled g in g a DHCP req u es t fro m a
DHCP clien t .
Yo u can als o en able DNS p ro xy fo r t h e LA N. W h en t h is is e n abled t he co nt roller t h en
as a p ro xy fo r all DNS req u es ts an d co mmu n icat es wit h t h e ISP‟s DNS s erv ers . W h en
d is ab led all DHCP clien t s receiv e t h e DNS IP ad d res s e s o f t h e ISP.
To co n fig u re LA N Co n n ect iv it y , p leas e fo llo w t h e s t ep s b elo w:
1.
In the LAN Setup page, enter the following information for your controller:
IP addres s : (fact o ry d efau lt : 192.168.10.1).

If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t
res p o n d. Op en a n ew co n n ectio n t o t h e n ew IP ad d res s an d lo g in ag ain . Be
s u re t h e LA N h o s t (t he mach in e u sed t o man ag e t h e co n troller) h as o bt ained
IP ad d res s fro m n ewly as s ig n ed p o o l (o r h as a s t at ic IP ad d res s in t h e
co n t ro ller‟s LA N s u b n et ) b efo re acces s in g t h e co n t ro ller v ia ch an g ed IP
ad d res s .
S ubnet mas k : (fact o ry d efau lt : 255.255.255.0).
2.
In the DHCP section, select the DHCP mode:
None: t h e co n t ro ller‟s DHCP s erv er is d is ab led fo r t h e LA N
18
Wireless Controller
User Manual
DHCP S erver . W it h t h is o p t io n t h e co n t ro ller as s ig n s an IP ad d res s wit h in t h e
s p ecified ran g e p lu s ad d it io n al s p ecified in fo rmat io n t o an y LA N d ev ice t h at
req u es t s DHCP s erv ed ad d res s es .
If DHCP is b ein g en ab led , en t er t h e fo llo win g DHCP s erv er p aramet ers :
DHCP Rel ay: W it h t h is o p t io n en ab led , DHCP clien t s o n t h e LA N can receiv e IP
ad d res s leas es an d co rres p o n d in g in fo rmat io n fro m a DHCP s erv er o n a d ifferen t
s u b n et . Sp ecify t h e Relay Gat eway , an d wh en LA N clien t s make a DHCP req u es t it
will b e p as s ed alo n g t o t h e s erv er acces s ib le v ia t h e Relay Gat eway I P ad d res s .
S tarti ng and Endi ng IP Addres s es : En t er t h e firs t an d last co ntin uo us ad dresses in
t h e IP ad d res s p o o l. A n y n ew DHCP clien t jo in in g t h e LA N is as s ig n ed an IP
ad d res s in t h is ran g e. Th e d efau lt s t art in g ad d res s is 192.168.10.100. Th e d efau lt
en d in g ad d ress is 192.168.10.254. Th es e ad dresses s ho uld b e in t h e s ame IP ad d ress
s u b n et as t h e co ntro ller‟s LA N IP ad d ress. Yo u may wis h t o s av e p art o f t h e s u bn et
ran g e fo r d ev ices wit h s t at ically as s ig n ed IP ad d res s es in t h e LA N .
Defaul t Gateway (Opti onal ): En t er t h e IP ad d res s o f t h e co n t ro ller wh ich y o u
wan t t o make it as a d efau lt o t h er t h an DW C-1000
Pri mary and S econdary DNS s ervers : If co n fig u red d o main n ame s y s t em (DNS)
s erv ers are av ailab le o n t h e LA N en t er t h e ir IP ad d res s es h ere.
Domai n Name : En t er d o main n ame
WINS S erver (opti onal ): En t er t h e IP ad d res s fo r t h e W INS s erv er o r, if p res en t in
y o u r n et wo rk, t h e W in d o ws Net Bio s s erv er.
Leas e Ti me : En t er t h e t ime, in h o u rs , fo r wh ich IP ad d res ses are leas ed t o clien t s .
Enabl e DNS Proxy: To en ab le t h e co ntro ller t o act as a p ro xy fo r all DNS req u est s
an d co mmu n icat e wit h t h e ISP‟s DNS s erv ers , click t h e ch eckb o x.
Rel ay Gateway: En t er t h e g at eway ad d res s . Th is is t h e o n ly co n fig u rat io n
p aramet er req u ired in t h is s ectio n wh en DHCP Relay is s elect ed as it s DHCP mo d e
3.
Click Save Settings to apply all changes .
19
Wireless Controller
User Manual
Figure 1 : Se tup page for LAN TCP/IP s e ttings (DHCP s e rve r)
20
Wireless Controller
User Manual
Figure 2 : Se tup page for LAN TCP/IP s e ttings (DHCP Re lay)
W h en DHCP relay is ean ab le d , DHCP clien t s o n t h e LA N can receiv e IP ad d res s
leas es an d co rres p o n d in g in fo rmat io n fro m a DHCP s erv er o n a d ifferen t s u b n et .
Sp ecify t h e Relay Gat eway , an d wh en LA N clien t s make a DHCP req u es t it will b e
p as s ed alo n g t o t h e s erv er acces s ib le v ia t h e Re lay Gat eway IP ad d res s .
2.1.1 LAN DHCP Reserv ed IPs
Setup > Network Settings > LAN DHCP Reserved IPs
Th e co n t ro ller DHCP s erv er can as s ig n TCP/ IP co n fig u rat io n s t o co mp u t ers in t h e
LA N exp licit ly b y ad d in g clien t 's n et wo rk in t erface h ard ware ad d res s an d t h e IP
ad d res s t o b e as s ig n ed t o t h at clien t in DHCP s erv er's d at ab as e. W h en ev er DHCP
s erv er receiv es a req u est fro m clien t , h ard ware ad d ress o f t h at clien t is co mp ared with
t h e h ard ware ad d ress lis t p resen t in t h e d atabase, if an IP ad d res s is alread y as s ig n ed
t o t h at co mp u ter o r d ev ice in t h e d at ab as e , t h e cu s t o mized IP ad d res s is co n fig u red
o t h erwis e an IP ad d ress is ass ig n ed t o t h e clien t au t o mat ically fro m t h e DHCP p o o l.
21
Wireless Controller
User Manual
IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at is res erv ed b y t h e DHCP s erv er.
MAC Addres s es : Th e M A C ad d res s t h at will b e as s ig n ed t h e res erv ed IP ad d res s
wh en it is o n t h e LA N.
Th e act io n s t h at can b e t aken o n lis t o f res erv ed IP ad d res s es are:
S el ect: Select s all t h e res erv ed IP ad d res s es in t h e lis t .
Edi t: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ed it t h e s elect ed
b in d in g ru le.
Del ete : Delet es t h e s elect ed IP ad d res s res erv at io n (s )
Add: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ad d a n ew b in d in g
ru le.
Figure 3 : LAN DHCP Re s e rve d I Ps
.
2.1.2 LAN DHCP Leased Clients
Setup > Network Settings > LAN DHCP Leased Clients
Th is p ag e p ro v id es t h e lis t o f clien t s co n n ect t o LA N DHCP s erv er.
22
Wireless Controller
User Manual
Figure 4 : LAN DHCP Le as e d Clie nts
IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at mat ch es t h e res erv ed IP lis t .
MAC Addres s es : Th e M A C ad d ress o f a LA N h o s t t h at h as a co n figu red IP ad d res s
res erv at io n .
2.1.3 LAN Configuration in an IPv 6 Network
Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config
In IPv 6 mo d e, t h e LA N DHCP s erv er is en ab led b y d efau lt (s imilar t o IPv 4 mo d e).
Th e DHCPv 6 s erv er will s erv e IPv 6 ad d ress es fro m co n fig u red ad d res s p o o ls wit h
t h e IPv 6 Prefix Len g t h as s ig n ed t o t h e LA N.

IPv 4 / IPv 6 mo d e mu s t b e en ab led in t h e Advanced > IPv6 > Routing
mode t o en ab le IPv 6 co n fig u rat io n o p t io n s .
LAN IP Address Setup
Th e d efau lt IPv 6 LA N ad d ress fo r t h e ro u ter is fec0 ::1 . Yo u can ch ang e t h is 128 b it
IPv 6 ad d res s b ased o n y o ur n et wo rk req u iremen t s . Th e o t h er field t h at d efin es t h e
LA N s et t in g s fo r t h e ro u t er is t h e p refix len g t h . Th e IP v 6 n et wo rk (s u b n et ) is
id en t ified b y t h e in it ial b it s o f t h e ad d res s called t h e p refix. By d efau lt t h is is 6 4
b it s lo n g . A ll h o s ts in t h e n etwo rk h av e co mmo n in it ial b it s fo r t h eir IPv 6 ad d res s ;
t h e n u mb er o f co mmo n in it ial b it s in t h e n et wo rk‟s ad d res s es is s et b y t h e p refix
len g t h field .
23
Wireless Controller
User Manual
Figure 5 : IPv6 LAN and DHCPv6 configurat io n

If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t
res p o n d. Op en a n ew co n n ectio n t o t h e n ew IP ad d res s an d lo g in ag ain . Be
s u re t h e LA N h o s t (t he mach in e u sed t o man ag e t h e ro u t er) h as o b t ain ed IP
ad d res s fro m n ewly as s ign ed p o o l (o r h as a s t atic IP ad d ress in t h e ro u t er‟s
LA N s u b n et ) b efo re acces s in g t h e ro u t er v ia ch an g ed IP ad d res s .
24
Wireless Controller
User Manual
DHCP v6
A s wit h an IPv 4 LA N n et wo rk, t h e ro u t er h as a DHCPv 6 s erv er. If en ab led , t h e
ro u t er as s ig n s an IP ad d res s wit h in t h e s p ecified ran g e p lu s ad d it io n al s p ecified
in fo rmat io n t o an y LA N PC t h at req u es t s DHCP s erv ed ad d res s es .
Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e DHCPv 6 s erv er:
DHCP S tatus : Th is allo w t o En ab le/ Dis ab le DHCPv 6 s erv er.
DHCP Mode : Th e IPv 6 DHCP s erv er is eit h er s t at eles s o r s t at efu l. If s t at eles s is
s elect ed an ext ern al IPv 6 DHCP s erv er is n o t req u ired as t h e IPv 6 LA N h o s t s are
au t o -co nfig ured b y t h is co ntro ller. In t h is case t h e co ntro ller ad vert isemen t d aemo n
(RA DVD) mu s t b e co n fig u red o n t h is d ev ice an d ICM Pv 6 co n t ro ller d is co v ery
mes s ag es are u s ed b y t h e h o s t fo r au t o -co n fig u rat io n . Th ere are n o man ag ed
ad d res s es t o s erv e t h e LA N n o d es . If s t at efu l is s elect ed t h e IPv 6 LA N h o s t will
rely o n an ext ern al DHCPv 6 s erv er t o p ro v id e req u ired co n fig u rat io n s et t in g s
Th e Domai n Name o f t h e DHCPv 6 s erv er is an o p t io n al s et t in g
S erver Preference : To in d icat e t h e p referen ce lev el o f t h is DHCP s erv er. DHCP
ad v ert is e mes s ag es wit h t h e h ig h es t s erv er p referen ce v alu e t o a LA N h o s t are
p referred o v er o t h er DHCP s erv er ad v ert is e mes s ag es . Th e d efau lt is 255.
DNS s erver : Th e d et ails can b e man u ally en tered h ere (p rimary / secon dary o p t io n s .
A n alt ern at iv e is t o allo w t h e LA N DHCP clien t t o receiv e t h e DNS s erv er d et ails
fro m t h e ISP d irect ly . By s elect in g Us e DNS p ro xy , t h is ro u t er act s as a p ro xy fo r
all DNS req u es t s an d co mmu n icat es wit h t h e ISP‟s DNS s erv ers (a Op t io n
co n fig u rat io n p aramet er).
Pri mary and S econdary DNS s ervers : If t h ere are co n fig ured d omain n ame s ystem
(DNS) s erv ers av ailab le o n t h e LA N en t er t h e IP ad d res s es h ere.
Leas e/ Rebi nd ti me : It s et s t h e d uratio n o f t h e DHCPv 6 leas e fro m t h is ro u t er t o the
LA N clien t .
IPv6 Address Pools
Th is feat u re allo ws y o u t o d efin e t h e IPv 6 d eleg at io n p refix fo r a ran g e o f IP
ad d res ses t o b e s erv ed b y t h e g at eway ‟s DHCPv 6 s erv er. Us in g a d eleg at io n p refix
y o u can au t omat e t he p ro cess o f in fo rmin g o t h er n et workin g eq uip men t o n t h e LA N
o f DHCP in fo rmat io n s p ecific fo r t h e as s ig n ed p refix.
25
Wireless Controller
User Manual
Prefix Delegation
Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e Prefix Deleg at io n :
Prefi x Del eg ati on: Select t h is o p tio n t o en ab le p refix d eleg at io n in DHCPv 6 s erver.
Th is o p t io n can b e s elected o n ly in St at eless A d dres s A u t o Co n fig u rat io n mo d e o f
DHCPv 6 s erv er.
Prefi x Addres s : IPv 6 p refix ad d res s in t h e DHCPv 6 s erv er p refix p o o l
Prefi x Leng th: Len g t h p refix ad d res s
2.1.4 DHCPv 6 Leased Clients
Advanced > IPv6 > IPv6 LAN > DHCPv6 Leased Clients
Th is p ag e p ro v id es t h e lis t o f DHCPv 6 clien t s co n n ect ed t o t h e LA N DHCPv 6
Serv er an d t o wh o m DHCPv 6 Serv er h as g iv en leas es .
Figure 6 : DHCPv6 Le as e d Clie nts
IP Addres s es : Th is is t h e DHCP s erv er IP ad d res s .
DUID: Each DHCP clien t an d s erv er h as a DUID. DHCP s erv ers u s e DUIDs t o
id en t ify clien t s fo r t h e s elect ion o f co nfig urat ion p aramet ers an d in t h e as s o ciat io n
26
Wireless Controller
User Manual
o f IA s wit h clien t s . DHCP clien t s u s e DUIDs t o id en t ify a s erver in mes s ag es wh ere
a s erv er n eed s t o b e id en t ified .
IAID:A n id en t ifier fo r an IA , ch o s en b y t h e clien t . Each IA h as an IA ID, wh ich is
ch o s en t o b e u niq ue amo n g all IA IDs fo r IA s b elo ng in g t o t hat clien t . : Th is is Dh cp
s erv er IP ad d res s .
2.1.5 Configuring IPv 6 Router Adv ertisements
Ro u t er A d v ertis emen ts are an alo go us t o IPv 4 DHCP as s ig nmen ts fo r LA N clien t s , in
t h at t h e ro u t er will as s ig n an IP ad d res s an d s u p p o rt in g n et wo rk in fo rmat io n t o
d ev ices t hat are co n fig ured t o accept s uch d etails. Ro u t er A dv ert isemen t is req u ired
in an IPv 6 n et wo rk is req u ired fo r s t at eless au to con fig u rat io n o f t h e IPv 6 LA N. By
co n fig u rin g t h e Ro u t er A d v ert is emen t Daemo n o n t h is ro u t er, t h e DW C-1000 will
lis t en o n t h e LA N fo r ro u t er s o licit at io n s an d res p o n d t o t h es e LA N h o s t s wit h
ro u t er ad v is emen t s .
RADVD
Advanced > IPv6 > IPv6 LAN > Router Advertisement
To s u p p ort s tateless IPv 6 au t o co nfig uratio n o n t h e LA N, s et t h e RA DVD s t at u s t o
En ab le. Th e fo llo win g s et t in g s are u s ed t o co n fig u re RA DVD:
RADVD S tatus : Yo u can en ab le t h e RA DVD p ro ces s h ere t o allo w s t at eles s
au t o co n fig u rat io n o f t h e IPv 6 LA N n et wo rk.
Adverti s e Mode : Select Un s o licit ed M u lt ica s t t o s en d ro u t er ad v ert is emen t s
(RA ‟s ) t o all in t erfaces in t h e mu lt icas t g ro u p . To res t rict RA ‟s t o well kn o wn
IPv 6 ad d res ses o n t h e LA N, an d t h ereb y red u ce o v erall n et wo rk t raffic, s elect
Un icas t o n ly .
Adverti s e Interval : W h en ad v ertis emen ts are u n so licit ed mu lt icast p ackets, t h is
in t erv al s et s t he maximu m t ime b et ween ad v ert isemen t s fro m t h e in t erface. Th e
act u al d u rat ion b etween ad vertisemen ts is a ran d o m v alu e b et ween o n e t h ird o f
t h is field an d t h is field . Th e d efau lt is 30 s eco n d s .
RA Fl ag s : Th e ro u t er ad v ert is emen t s (RA ‟s ) can b e s en t wit h o n e o r b o t h o f
t h es e flag s . Ch o s e M an ag ed t o u s e t h e ad min is t ered / s t at efu l p ro t o co l fo r
ad d res s au t o co n fig u rat io n . If t h e Ot h er flag is s elect ed t h e h o s t u s es
ad min is t ered / s t at efu l p ro t o co l fo r n o n -ad d res s au t o co n fig u rat io n .
27
Wireless Controller
User Manual
Router Preference : t h is lo w/ med iu m/ h ig h p aramet er d etermin es t h e p referen ce
as s o ciat ed wit h t h e RA DVD p ro ces s o f t h e ro u t er. Th is is u s efu l if t h ere are
o t h er RA DVD en ab led d evices o n t h e LA N as it h elp s av o id co n flict s fo r IPv 6
clien t s .
MTU: Th e ro u t er ad v ertis emen t will s et t h is maximu m t ran s mis sio n u n it (M TU)
v alu e fo r all n o d es in t h e LA N t h at are au to co nfig ured b y t he ro u ter. Th e d efau lt
is 1500.
Router Li feti me : Th is v alu e is p res en t in RA ‟s an d in d icat es t h e u s efu ln es s o f
t h is ro u t er as a d efau lt ro u t er fo r t h e in t erface. Th e d efau lt is 3600 s eco n d s .
Up o n exp irat io n o f t h is v alu e, a n ew RA DVD exch an g e mu s t t ake p lace b etween
t h e h o s t an d t h is ro u t er.
28
Wireless Controller
User Manual
Figure 7 : Configu ri ng the Route r Adve rtis e me nt Dae mon
Advertisement Prefixes
Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes
Th e ro u t er ad v ert isemen ts co nfig ured wit h ad v ert is emen t p refixes allo w t h is ro u t er
t o in fo rm h o s t s h o w t o p erfo rm s t at eles s ad d res s au t o co n fig u rat io n . Ro u t er
ad v ert is emen ts co n t ain a lis t o f s u b n et p refixes t h at allo w t h e ro u t er t o d et ermin e
n eig h b o rs an d wh et h er t h e h o s t is o n t h e s ame lin k as t h e ro u t er.
Th e fo llo win g p refix o p t io n s are av ailab le fo r t h e ro u t er ad v ert is emen t s :
IPv6 Prefi x Type : To en s u re h o s t s s u p p o rt IPv 6 t o IPv 4 t u n n el s elect t h e 6t o 4
p refix t y p e. Select in g Glo b al/ Lo cal/ ISA TA P will allo w t h e n o d es t o s u p p o rt all
o t h er IPv 6 ro u t in g o p t io n s
S LA ID: Th e SLA ID (Sit e -Lev el A g g reg at io n Id en t ifier) is av ailab le wh en 6t o 4
Prefixes are s elect ed . Th is s ho uld b e t he in t erface ID o f t h e ro u t er‟s LA N in t erface
u s ed fo r ro u t er ad v ert is emen t s .
29
Wireless Controller
User Manual
IPv6 Prefi x: W h en u sin g Glo b al/ Lo cal/ ISA TA P p refixes , t h is field is u s ed t o d efin e
t h e IPv 6 n et wo rk ad v ert is ed b y t h is ro u t er.
IPv6 Prefi x Leng th: Th is v alu e in d icat es t h e n umb er co n tig u o u s , h ig h er o rd er b it s
o f t h e IPv 6 ad d ress t h at d efin e u p t h e n et work p o rt io n o f t h e ad dress. Ty p ically t h is
is 64.
Prefi x Li feti me : Th is d efin es t h e d uratio n (in s eco nds ) t h at t h e req u es t in g n o d e is
allo wed t o u s e t h e ad vertised p refix. It is an alo g o u s t o D HCP leas e t ime in an IPv 4
n et wo rk.
Figure 8 : IPv6 Adve rtis e me nt Pre fix s e ttings
2.2
LAN QoS
2.2.1 Port Queue Scheduling
Setup > LAN QoS > Port Queue Scheduling
Th is p ag e allo ws t o s elect t h e q u eu ein g s ch ed u lin g alg o rit h m.
Queuei ng s chedul i ng al g orithm: Th e s ch ed ulin g alg o rit hm fo r t h e LA N co n t ro ller
can b e co n fig u red h ere. Th e s u p p o rt ed alg o rit h ms are s t rict an d weig h t ed ro u n d
30
Wireless Controller
User Manual
ro b in o n ly . Th e d ev ice will b e p ro g rammed t o h an d le t h e t raffic u s ing t h e alg o rit h m
co n fig u red h ere
Figure 9 : Port Que ue Sche duling
2.2.2 Port Queue Status
Setup > LAN QoS > Port Queue Status
Th is p ag e s h o ws t h e cu rren t q u eu e man ag emen t alg o rit h m t h at is u s ed in t h e LA N
co n t ro ller
Queuei ng Manag ement al g ori thm:
Dis p lay t h e cu rren t q u eu e man ag e men t
alg o rit h m t h at is u s ed in t h e LA N co n t ro ller
31
Wireless Controller
User Manual
Figure 10 : Port Que ue Status
2.2.3 Option QoS Configuration
Setup > LAN QoS > Option QoS Configuration
Th is p ag e allo ws co n fig u rin g t h e Op t io n Qo S an d d efin in g t h e b an d wid t h fo r Op t io n
in t eface s .
32
Wireless Controller
User Manual
Figure 11 : Option QoS Configuratio n
Opti on QoS : To en ab le Ban d wid t h man ag emen t s elect t h e ch eck b o x an d click
A p p ly .
Opti on Confi g urati on: Defin e t h e u p s tream.d o wn s t ream fo r b an d wid t h fo r Op t io n 1
an d Op t io n 2 in t e rfaces .
B andwi dth Profi l e : Click A d d t o d efin e b an d wid t h p ro file
Bandwidth Management
Profi l e Name: A llo ws d efin in g a p ro file n ame .
Pri ori ty: Select t h e p rio rit y o f p ro file .
Maxi mum B andwi dth:Pro v id e t h e maximu m allo wed b an d wid t h o f t h e p ro file
Mi ni mum B andwi dth: Pro v id e t h e min imu m allo wed b an d wid t h o f t h e p ro file
Opti on Interface : Select t h e in t erface Op t io n 1/ Op t io n 2
33
Wireless Controller
User Manual
Figure 12 : B andwid t h Profile Configurat io n
2.2.4 Traffic Selector Configuration
Setup > LAN QoS > Traffic Selector Configuration
A ft er y o u creat e a b an d wid t h p ro file, y o u can as s o ciat e it wit h a t raffic flo w .
34
Wireless Controller
User Manual
Figure 13 : Traffi c Se le ctor Configu rat io n
Avai l abl e Profi l es :Select o n e o f t h e p rev io u s ly co n fig u red b an d wid t h p ro files t o
as s o ciat e t h is t raffic s elect o r.
S ervi ce : Select o n e o f t h e s erv ices fro m t h e av ailab le s erv ices .
Traffi c S el ector Match Type :Ch o o s e t h e met h o d fo rid en t ify in g t h e h o s t t h at is
co n t ro lled b y t h is t raffic Select o r: IP A d d res s , M A C A d d res s , Po rt Name, VLA N
Name, DSCP v alu e o r BSSID.
IP Addres s : En t er IP A d d res s o f LA N h o s t , if y o u ch o s e IP as t h e M at ch Ty p e.
MAC Addres s : En t er a v alid M A C A d d ress, if y o u ch o se M A C A d d ress as t he M at ch
Ty p e.
Port Name : Select t h e LA N p o rt n u mb er, if y o u ch o se Po rt Name as t h e M atch Ty p e .
Avai l abl e VLANs : Select a VLA N, if y o u ch o s e VLA N Name as t h e M at ch Ty p e.
DS CP val ue : En t er a v alid DSCP v alu e b et ween 0 an d 63, if ch o o s e DSCP as t h e
M at ch Ty p e.
35
Wireless Controller
User Manual
2.2.5 LAN QoS Configuration
Setup > LAN QoS > LAN QoS Configuration
En ab lin g Qo S o n LA N is an ad v an ced co n fig u rat io n , wh ich is req u ired o n ly if y o u
exp ect co n g estio n o n t h e t raffic o n t h e LA N p o rt s . Th is p ag e allo ws y o u t o en ab le t h e
co n fig u rat io n an d co n fig u re each p o rt ‟s t o t ru s t a Co S o r DSCP v alu es in t h e
p acket .
Figure 14 : LAN QoS Configuratio n
LAN Port: Th is lis f o u t t h e av ailab le LA N p o rt s
Cl as s i fy Us i ng : Th is p ro v id e t h e lis t o f Qo S s erv ices av ailab le o n t h e p o rt
2.2.6 801.p Configuration
Setup > LAN QoS > 801.p Configuration
Po rt Co S M ap p in g en ab les y o u t o ch an g e t h e p rio rit y o f t h e PCP v alu e .
36
Wireless Controller
User Manual
Figure 15 : 801.p Configu rat io n
CoS Val ue : v alu e o f t h e co s in t h e PCP p art o f t h e LA N t raffic.
Pri ori ty Queue ::Prio rit y fo r t h e p art icu lar Co S v alu e
2.2.7 DSCP Configuration
Setup > LAN QoS > DSCP Configuration
Th is p ag e allo ws co nfig urin g IP DSCP v alu es t o wh ich y ou can map an in t ern al t raffic
clas s .
37
Wireless Controller
User Manual
Figure 16 : DSCP Configuratio n
DS CP: Lis t s t h e IP DSCP v alu es t o wh ich y o u can map an in t ern al t raffic clas s . Th e
v alu es ran g e fro m 0-63.
Queue: Th is p ro v id es t h e p rio rit y o f t h e q u eu e
38
Wireless Controller
User Manual
2.2.8 Remark CoS to DSCP
Setup > LAN QoS > Remark CoS to DSCP
Remarkin g Co S t o DSCP is an ad v an ced Qo S co n fig uratio n, wh ere t h e Lay er 2 q u ality
o f s erv ice field is t ran s lat ed t o a Lay er 3 Qo S field in t h e p acket , s o t h at u p s t ream
ro u t ers can make a Qo S d ecis io n b as ed o n t h e DSCP field s et in t h e p acket .
Figure 17 : Re mark CoS to DSCP
On ce y o u en ab le Co S t o DSCP markin g b y ch o o s in g t h e ch eck b o x, y o u can ch o o s e
t h e ap p ro p riat e v alu e o f t h e DSCP fo r a g iv en Co S v alu e.
39
Wireless Controller
2.3
User Manual
VLAN Configuration
Th e co n t ro ller s up port s v irt ual n et work is o lat ion o n t h e LA N wit h t h e u s e o f VLA Ns .
LA N d ev ices can b e co n fig u red t o co mmu n icat e in a s u b n et wo rk d efin ed b y VLA N
id en t ifiers . LA N p o rt s can b e as s ig n ed u n iq u e VLA N IDs s o t h at t raffic t o an d fro m
t h at p h y s ical p o rt can b e is o lat ed fro m t h e g en eral LA N. VLA N filt erin g is
p art icu larly u s efu l t o limit b ro ad cas t p acket s o f a d ev ice in a larg e n et wo rk
VLA N s u p p o rt is d is ab led b y d efau lt in t h e co n t ro ller. In t h e VLA N Co n fig u rat io n
p ag e, en ab le VLA N s u p p o rt o n t he co nt roller an d t h en p ro ceed t o t h e n ext s ect io n t o
d efin e t h e v irt u al n et wo rk.
Setup > VLAN Settings > Available VLAN
Th e A v ailab le VLA N p ag e s h o ws a lis t o f co n fig ured VLA Ns b y n a me an d VLA N ID.
A VLA N memb ers h ip can b e creat ed b y clickin g t h e A d d b u t t o n b elo w t h e Lis t o f
A v ailab le VLA Ns .
A VLA N memb ers h ip en t ry co n s is t s o f a VLA N id en t ifier an d t h e n u merical VLA N
ID wh ich is as s ig n ed t o t h e VLA N memb ers h ip . Th e VLA N ID v alu e can b e an y
n u mb er fro m 2 t o 255. VLA N ID 1 is res erv ed fo r t h e d efau lt VLA N, wh ich is u s ed
fo r u n t ag ged frames receiv ed o n t h e in t erface. By en ab lin g In t er VLA N Ro u t in g , y o u
will allo w t raffic fro m LA N h o s ts b elo ng ing t o t his VLA N ID t o p as s t h roug h t o o ther
co n fig u red VLA N IDs t h at h av e In t er VLA N Ro u t in g en ab led .
40
Wireless Controller
User Manual
Figure 18 : Adding VLAN me mbe rs hips to the LAN
2.3.1 Associating VLANs to ports
In o rd er t o t ag all t raffic t h ro u g h a s p ecific LA N p o rt wit h a VLA N ID, y o u can
as s o ciat e a VLA N t o a p h y s ical p o rt .
Setup > VLAN Settings > Port VLAN
VLA N memb ers h ip p ro p ert ies fo r t h e LA N an d wireles s LA N are lis t ed o n t h is page.
Th e VLA N Po rt t ab le d is p lay s t he p o rt id en tifier, t h e mo d e s ett ing fo r t h at p o rt an d
VLA N memb ers h ip in fo rmat io n . Th e co n fig u rat io n p ag e is acces s ed b y s elect in g
o n e o f t h e fo u r p h y s ical p o rt s o r a co n fig u red acces s p o in t an d clickin g Ed it .
Th e ed it p ag e o ffers t h e fo llo win g co n fig u rat io n o p t io n s :

M o d e: Th e mo d e o f t h is VLA N can b e General , Acces s , o r Trunk . Th e
d efau lt is acces s .

In General mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns .
Th e p o rt s en ds an d receiv es d at a t h at is t ag g ed o r u n t ag g ed wit h a VLA N
ID. If t h e d at a in t o t h e p ort is u n tagged, it is as sig n ed t h e d efin ed PVID. In
t h e co n fig u rat io n fro m Fig u re 6, Po rt 3 is a Gen eral p o rt wit h PVID 3, s o
41
Wireless Controller
User Manual
u n t ag ged d at a in t o Po rt 3 will b e as s ig ned PVID 3. A ll t ag g ed d ata s ent o u t
o f t h e p o rt wit h t h e s ame PVID will b e u n t ag ged. Th is is mo d e is t y p ically
u s ed wit h IP Ph o n es t h at h ave d ual Et h ern et p o rts. Dat a co min g fro m p h o ne
t o t h e co n t roller p o rt o n t h e co ntro ller will b e t ag g ed. Dat a p assing t hro ug h
t h e p h o n e fro m a co n n ect ed d ev ice will b e u n t ag g ed .
Figure 19 : Port VLAN lis t

In Acces s mo d e t h e p o rt is a memb e r o f a s in g le VLA N (an d o n ly o n e). A ll
d at a g o in g in t o an d o u t o f t h e p o rt is u n t ag g ed . Traffic t h ro u g h a p o rt in
acces s mo d e lo o ks like an y o t h er Et h ern et frame.

In Trunk mo d e t h e p o rt is a memb er o f a u s er s electable s et o f VLA Ns . A ll
d at a g o in g in t o an d o u t o f t h e p o rt is t ag ged. Un t agged co min g in t o t he p o rt
is n o t fo rward ed , excep t fo r t h e d efau lt VLA N wit h PVID=1, wh ich is
u n t ag ged. Tru n k p o rt s mu lt ip lex t raffic fo r mu lt ip le VLA Ns o v er t h e s ame
p h y s ical lin k.

Select PVID fo r t h e p o rt wh en t h e Gen eral mo d e is s elect ed .

Co n fig u red
VLA N memb ers h ip s
will b e
d is p lay ed
on
t h e VLA N
M emb ers h ip Co n fig u rat io n fo r t h e p o rt . By s elect in g o n e mo re VLA N
42
Wireless Controller
User Manual
memb ers h ip o p t io n s fo r a Gen eral o r Tru n k p o rt , t raffic can b e ro u t ed
b et ween t h e s elect ed VLA N memb ers h ip IDs
Figure 20 : Configu ri ng VLAN me mbe rs hip for a port
2.3.2 Multiple VLAN Subnets
Setup > VLAN Settings > Multiple VLAN Subnets
Each co n fig u red VLA N ID can map d irect ly t o a s u b n et wit h in t h e LA N. Each LA N
p o rt can b e as sig ned a u n iq ue IP ad d ress an d a VLA N s p ecific DHCP s erv er can b e
co n fig u red t o as s ig n IP ad d res s leas es t o d ev ices o n t h is VLA N.
VLAN ID: Th e PVID o f t h e VLA N t h at will h av e all memb er d ev ices b e p art o f t he
s ame s u b n et ran g e.
IP Addres s : Th e IP ad d res s as s o ciat ed wit h a p o rt as s ig n ed t h is VLA N ID.
S ubnet Mas k : Su b n et M as k fo r t h e ab o v e IP A d d res s .
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
43
Wireless Controller
User Manual
Edi t: Th e Ed it b u t t o n will lin k t o t h e Po rt VLA N Co n fig u rat io n p ag e, allo win g y o u
t o make ch an g es t o t h e s elect ed p o rt VLA N at t rib u t es .
Figure 21 : M ultiple VLAN Subne ts
2.4
Configurable Port: DMZ Setup
Th is co n t roller s u pp orts o n e o f t h e p h ysical p o rts (Op t io n Po rt s) t o b e co nfig ured as a
s eco n d ary Et h ern et p o rt o r a d ed icat ed DM Z p o rt . A DM Z is a s u b n et wo rk t h at is
o p en t o t h e p u b lic b u t b eh in d t h e firewall. Th e DM Z ad d s an ad d it io n al lay er o f
s ecu rit y t o t h e LA N, as s p ecific s ervices/po rts t h at are exp o sed t o t h e in t ern et o n t h e
DM Z d o n o t h av e t o b e exp o sed o n t h e LA N. It is reco mmen d ed t h at h o s t s t h at mu s t
b e exp o s ed t o t h e in t ern et (s u ch as web o r email s erv ers ) b e p laced in t h e DM Z
n et wo rk. Firewall ru les can b e allo wed t o p ermit access s p ecific s ervices/p o rt s t o t h e
DM Z fro m b o t h t h e LA N o r Op t io n . In t h e ev en t o f an at t ack t o an y o f t h e DM Z
n o d es , t h e LA N is n o t n eces s arily v u ln erab le as well.
Setup > DMZ Setup > DMZ Setup Configuration
DM Z co n fig u ratio n is id en tical t o t h e LA N co n fig u ratio n. Th ere are n o rest rictio ns on
t h e IP ad d res s o r s u bnet as sign ed t o t h e DM Z p o rt , o t h er t h an t h e fact t h at it can n o t
b e id en t ical t o t h e IP ad d res s g iv en t o t h e LA N in t erface o f t h is g at eway .
44
Wireless Controller
User Manual
Figure 22 : DM Z configuratio n

2.5
In o rd er t o co n fig u re a DM Z p o rt , t h e co n tro ller co n fig u rab le p o rt mu s t b e
s et t o DM Z in t h e Setup > Internet Settings > Configurable Port p ag e.
Universal Plug and Play (UPnP)

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
45
Wireless Controller
User Manual
Advanced > Advanced Network > UPnP
Un iv ers al Plu g a n d Play (UPn P) is a feat u re t h at allo ws t h e co n t ro ller t o d is co v ery
d ev ices o n t h e n etwo rk t h at can co mmu n icat e wit h t h e co n t ro ller an d allo w fo r au t o
co n fig u rat io n . If a n et wo rk d ev ice is d et ect ed b y UPn P, t h e co n t ro ller can o p en
in t ern al o r ext ern al p o rt s fo r t h e t raffic p ro t o co l req u ired b y t h at n et wo rk d ev ice.
On ce UPn P is en ab led , y o u can co n fig u re t h e co n t ro ller t o d et ect UPn P-s u p p o rt in g
d ev ices o n t h e LA N (o r a co n fig u red VLA N). If d is ab led , t he co ntro ller will n o t allo w
fo r au t o mat ic d ev ice co n fig u rat io n .
Co n fig u re t h e fo llo win g s et t in g s t o u s e UPn P:
Adverti s ement Peri od: Th is is t h e freq u en cy t h at t h e co n t ro ller b ro ad cas t s UPn P
in fo rmat io n o v er t h e n et wo rk. A larg e v alu e will min imize n et wo rk t raffic b u t cau s e
d elay s in id en t ify in g n ew UPn P d ev ices t o t h e n et wo rk.
Adverti s ement Ti me to Li ve: Th is is exp res s ed in h o p s fo r each UPn P p acket . Th is
is t h e n u mb er o f s t ep s a p acket is allo wed t o p ro pagate b efore b ein g d is card ed . Small
v alu es will limit t h e UPn P b ro ad cast ran g e. A d efault o f 4 is t y p ical fo r n et wo rks with
few co n t o ro llers .
46
Wireless Controller
User Manual
Figure 23 : UPnP Configuratio n
UPnP Port map Table
Th e UPn P Po rt map Tab le h as t h e d et ails o f UPn P d ev ices t h at res p o n d t o t h e
co n t ro ller ad v ert isemen ts. Th e fo llo win g in fo rmat io n is d is p lay ed fo r each d et ect ed
d ev ice:
Acti ve : A y es / no in d icat in g wh et h er t h e p o rt o f t h e UPn P d ev ice t h at es t ab lis h ed a
co n n ect io n is cu rren t ly act iv e
Protocol : Th e n et wo rk p ro t o co l (i.e. HTTP, FTP, et c.) u s ed b y t h e DW C
Int. Port (Internal Port): Th e in t ern al p o rt s o p en ed b y UPn P (if an y )
Ext. Port (External Port): Th e ext ern al p o rt s o p en ed b y UPn P (if an y )
IP Addres s : Th e IP ad d res s o f t h e UPn P d ev ice d et ect ed b y t h is co n t ro ller
Click Refres h t o refres h t h e p o rt map t ab le an d s earch fo r an y n ew UPn P d ev ices
47
Wireless Controller
2.6
User Manual
Captive Portal
LA N an d W LA N u s ers can g ain in t ernet acces s v ia web p o rt al au t h en t icat io n wit h
t h e DW C. A ls o referred t o as Ru n -Time A u t h en t icat io n , a Cap t iv e Po rt al is id eal
fo r a web café s cen ario wh ere u s ers in it iat e HTTP co n n ect io n req u es t s fo r web
acces s b u t are n o t in t erested in accessin g an y LA N s erv ices . Th e LA N an d W LA N
u s ers can access cap tiv e p ort al u s in g HTTP. Firewall p o licies u n d ern eath will d efin e
wh ich u s ers req u ire au t h en t icat io n fo r HTTP acces s , an d wh en a mat ch in g u s er
req u es t is mad e t h e DW C will in t ercep t t h e req u es t an d p ro mp t fo r a u s ern ame /
p as s word . Th e lo g in cred en t ials are co mp ared ag ain s t t h e Ru n TimeA u t h u s ers in
u s er d at ab as e p rio r t o g ran t in g HTTP acces s .

Cap t iv e Po rt al is av ailab le fo r LA N an d W LA N u s ers o n ly an d n ot fo r DMZ
hos ts .
2.6.1 Captiv e Portal Setup
Advanced > Captive Portal > Setup
Captive Portal Policies
Th e Lis t o f A v ailab le Cap t iv ePo rt al Po licies are s h o wn in t h is t ab le.
Pol i cy Name: Set t h e Name o f t h e Part icu lar Po licy wh ich is t o b e co n fig u red .
S tatus : Th e s t at us o f t h e Po licy can b e en abled (activ e) o r Dis ab led (co nfig ured b ut
n o t in u s e).
In Interface : Th e s o u rce In t erface o f t h e t raffic t h at is co n t ro lled b y t h is Cap t iv e
Po rt al: LA N o r VLA NS.
Out Interface : Th e d es t in at io n In t erface o f t h e t raffic t h at is co n t ro lled b y t h is
Cap t iv e Po rt al: Op t io n o r DM Z.
48
Wireless Controller
User Manual
Figure 24 : Captive Portal Se tup
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Edi t: Can ed it t h e ad d ed p o licies .
Enabl e : Can en ab le t h e ad d ed p o licies .
Di s abl e : Can d is ab le t h e ad d ed Po licies .
Del ete : W ill d elet e t h e Po licy s elect ed .
Add: W ill let y o u ad d a n ew p o licy .
List of Available Profiles
A n y o n e o f t h ese p ro files can b e u sed fo r Cap t iv e Po rt al Lo g in p ag e wh ile en ab lin g
Cap t iv e Po rt al.
Enabl e : Can en ab le t h e ad d ed p ro files .
Edi t: Can ed it t h e ad d ed p ro files . Th e d efau lt Pro file can t b e ed it ed .
Del ete : W ill d elet e t h e p ro file s elect ed . Yo u can n o t d elet e t h e d efau lt p ro file an d
t h e cu rren t p ro file b ein g u s ed .
49
Wireless Controller
User Manual
Add: W ill let y o u ad d a n ew p ro file. M aximu m allo wed n u mb er o f p ro files are 5
exclu d in g d efau lt .
S how Previ ew: W ill s h o w p rev iew o f t h e p ag e, if a p ro file is s elect ed .
Configure Captive Portal Policies
Th is allo ws t o ad d a cap t iv e p o rt al p o licy o r t o ed it t h e co n fig u rat io n o f an
exis it in g p o licy .
Pol i cy Name: Set t h e Name o f t h e Part icu lar Po licy wh ich is t o b e co n fig u red .
From Interface : Th e s o u rce In t erface o f t h e t raffic t h at is co n t ro lled b y t h is
Cap t iv e Po rt al: LA N o r VLA N‟s
To Interface : Th e d es t in at io n In t erface o f t h e t raffic t h at is co n t ro lled b y t h is
Cap t iv e Po rt al: Op t io n o r DM Z.
Enabl e : Th is en ab les t h e cap t iv e p o rt al p o licy .
Figure 25 : Configu ri ng a captive portal policy
50
Wireless Controller
User Manual
Captive Portal Configuration
Cap t iv e p o rt al lo g in p age d isp lay can b e alt ered b y mo d ify in g t he s ettin gs av ailable
h ere.
General Detai l s :
Profi l eName : Name o f t h e p ro file t h at is b ein g ad d ed .
B rows er Ti tl e : It is t h e b ro ws er t it le.
Pag e B ack g round Col or : Set s t h e b ackg ro u n d co lo r o f t h e p ag e.
Cus tom Col or : It allo ws ch o o s in g t h e cu s t o m b ackg ro u n d co lo r
Figure 26 : Captive Portal Configuratio n (Part -1)
51
Wireless Controller
User Manual
Figure 27 : Captive Portal Configuratio n (Part -2)
Header Detai l s : It allo ws u s er t o co n fig u re h o w t h e h ead er p o rt io n o f t h e p ag e
s h o u ld b e d is p lay ed .
B ack g r ound: Set s t h e b ackg ro u n d fo r t h e h ead er p o rt io n .
Add: W ill let y o u ad d a n ew imag e.Th is imag e can b e s et as h ead er imag e fo r t h is
p ro file.
Header B ack g round Col or :
Cus tom Col or : It allo ws ch o o s in g t h e cu s t o m h ead er b ackg ro u n d co lo r
Header Capti on: Text t o b e d is p lay ed in t h e h ead er p o rt io n .
Capti on Font: Fo n t o f t h e h ead er t ext t o b e d is p lay ed .
Font S i ze : Fo n t s ize fo r t h e h ead er t ext t o b e d is p lay ed .
52
Wireless Controller
User Manual
Font Col or : Co lo r in wh ich t h e t ext is t o b e d is p lay ed .
Log i n Detai l s :
Log i n S ecti on Ti tl e : Tit le fo r t h e Lo g in Bo x
Wel come Mes s ag e : M es s ag e wh ich is d is p lay ed wh en a u s er v is it s t h e p ag e.
Error Mes s ag e : Erro r M es s ag e d is p lay ed wh en u s er en t ers in v alid cred en t ials .
Adverti s ement Detai l s :
Enabl e Adverti s ement: Th is is t o en ab le ad v ert is emen t in lo g in p ag e, wh ere u s er
can co n fig u re t he cu sto m mes s ag es / in fo rmat io n t h at is n eed ed t o b e d is p lay ed in
t h e Cap t iv ePo rt al lo g in p ag e.
Ad Pl ace : Th e lo cat io n o f t h e ad v ert is emen t co n t en t t o b e d is p lay ed
Ad Content: Th e co n t en t o f t h e ad v ert is emen t in t h e lo g in p ag e.
Font: Fo n t fo r t h e in fo rmat io n t o b e d is p lay ed .
Font S i ze : Fo n t s ize fo r t h e in fo rmat io n t o b e d is p lay ed .
Font Col or : Co lo r in wh ich t h e in fo rmat io n is t o b e d is p lay e d .
Footer Detai l s :
Chang e Footer Content: It allo ws u s er t o co n fig ure t he fo o ter p ort io n o f t h e p ag e.
Footer Content: It allo ws u s er t o ad d t h e fo o t er co n t en t .
Footer Font Col or : Co lo r in wh ich t h e fo o t er is t o b e d is p lay ed .
2.6.2 Captiv e Portal Session
Advanced > Captive Portal > Captive Portal Sessions
Th e A ct iv e Ru n t ime in t ern et s essio ns t h rou gh t h e con tro ller firewall are lis t ed in t h e
b elo w t ab le. Th es e u s ers are p resent in t h e lo cal o r ext ern al u s er d at ab ase an d h av e
h ad t h eir lo g in cred en t ials ap p ro v ed fo r in t ern et acces s . A „Dis co n n ect ‟ b u t t o n
allo ws t h e DW C-1000 ad min t o s elect iv ely d ro p an au t h en t icat ed u s er.
53
Wireless Controller
User Manual
Figure 28 : Active Runtime s e s s ions
2.6.3 W LAN CP Interface Association
Advanced > Captive Portal > WLAN CP Interface Association
Fro m t h e In t erface A sso ciat ion p ag e, y o u can as s o ciat e a co n fig u red cap t iv e p o rt al
wit h a s p ecific p h y s ical in t erface o r wireles s n et wo rk (SSID). Th e CP feat u re o n ly
ru n s o n t h e wired o r wireles s in t erfaces t h at y o u s p ecify . A CP can h av e mu lt ip le
in t erfaces associated wit h it , b u t an in t erface can b e as s o ciat ed t o o n ly o n e CP at a
t ime.
CP Confi g urati on: Lis t s t h e cap tiv e p o rt als co n fig u red o n t h e co n t ro ller b y n u mb er
an d n ame.
As s oci ated Interfaces : Lis t s t h e in t erfaces t h at are cu rren t ly as s o ciat ed wit h t h e
s elect ed cap t iv e p o rt al. W ireles s in t erfaces are id en t ified b y t h e wireles s n et wo rk
n u mb er an d SSID. Ph y s ical (wired ) in t erfaces are id en t ified b y t h e Po rt Des crip t io n
t h at in clu d es s lo t n u mb er, p o rt n u mb er, an d in t erface t y p e.
Interface Li s t: Lis t s t h e in t erfaces av ailab le o n t h e co n t ro ller t h at are n o t cu rren t ly
as s o ciat ed wit h a CP. W ireles s in t erfaces are id en t ified b y t h e wireles s n et wo rk
54
Wireless Controller
User Manual
n u mb er an d SSID. Ph y s ical (wired ) in t erfaces are id en t ified b y t h e Po rt Des crip t io n
t h at in clu d es s lo t n u mb er, p o rt n u mb er, an d in t erface t y p e.
Figure 29 : WLAN CP Inte rface As s ociation
Us e t h e fo llo win g s t ep s t o as s o ciat e o n e o r mo re in t erfaces wit h a cap t iv e p o rt al.
1. Select t h e d es ired cap t iv e p o rt al fro m t h e CP Co n fig u rat io n lis t .
2. Select t h e in t erface o r in t erfaces fro m t h e In t erface Lis t . To s elect mo re t h an o n e
in t erface, h o ld CTRL an d click mu lt ip le in t erfaces .
3. Click Add
55
Wireless Controller
User Manual
Us e t h e fo llo win g s t eps t o remo v e an in t erface fro m t h e A s sociated In t erfaces lis t fo r
a cap t iv e p o rt al.
1. Select t h e d es ired c ap t iv e p o rt al fro m t h e CP Co n fig u rat io n lis t .
2. In t h e A s sociated In t erfaces field , s elect t h e in t erface o r in t erfaces t o remo v e. To
s elect mo re t h an o n e in t erface, h o ld CTRL an d click mu lt ip le in t erfaces .
3. Click Del ete . Th e in t erface is remo v ed fro m t h e A s s o ciat ed In t erface lis t an d
ap p ears in t h e In t erface Lis t .
2.7
WLAN global configuration
Setup > WLAN Global Settings
Fo llo win g are t h e o p t io n s av ailab le t o en ab le t h e W LA N fu n ct io n o n DW C -1000
Enabl e WLAN Control l er :
Select t h is o p t io n t o en ab le W LA N co n t ro ller
fu n ct io n alit y o n t he s ystem. Clear t h e o p t io n t o ad min is trat iv ely d is ab le t h e W LA N
co n t ro ller. If y o u clear t h e o p t io n , all p eer co n t ro ller an d A Ps t h at are as s o ciat ed
wit h t h is co n t ro ller are d is as s o ciat ed . Dis ab lin g t h e W LA N co n t ro ller d o es n o t
affect n o n -W LA N feat u res o n t h e co n t ro ller, s u ch as VLA N o r STP fu n ct io n alit y .
WLAN Control l er Operati onal S tatus : Sh o ws t h e o p erat io n al s t at u s o f t h e
co n t ro ller. Th e s t at u s can b e o n e o f t h e fo llo win g v alu es :
• En ab led
• En ab le -Pen d in g
• Dis ab led
• Dis ab le -Pen d in g
56
Wireless Controller
User Manual
Figure 30 : WLAN global configurat io n
IP Addres s : Th is field s h o ws t h e IP ad d res s o f t h e W LA N in t erface o n t h e
co n t ro ller. If t h e co n t ro ller d o es n o t h av e t h e Ro u t in g Packag e in s t alled , o r if
ro u t in g is d is abled, t h e IP ad d ress is t h e n etwo rk in t erface. If t h e ro u t ing p ackag e is
in s t alled an d en abled , t his is t h e IP ad d ress o f t h e ro u tin g o r lo o p back i n t erface y o u
co n fig u re fo r t h e co n t ro ller feat u res .
AP MAC Val i dati on Method: A d d t h e M A C ad d res s o f t h e A P t o t h e Valid A P
d at ab as e, wh ich can b e kep t lo cally o n t h e co n t ro ller o r in an ext ern al RA DIUS
s erv er. W h en t h e co n t ro ller d is co v ers an A P t h at is n o t man ag ed b y an o t h er
57
Wireless Controller
User Manual
cco n t ro ller, it lo o ks u p t h e M A C ad d res s o f t h e A P in t h e Valid A P d at ab as e. If it
fin d s t h e M A C ad d ress in t h e d at ab ase, t he co nt roller v alid ates t h e A P an d as s u mes
man ag emen t . Select t h e d at ab as e t o u s e fo r A P v alid at io n an d , o p t io n ally , fo r
au t h en t icat io n if t h e Req u ire A u t h en t icat io n Pas s p h ra s e o p t io n is s elect ed .

Local : If y o u s elect t h is o p tio n, y o u mu s t ad d t h e M A C ad d res s o f each A P
t o t h e lo cal Valid A P d at ab as e.

RADIUS : If y o u s elect t h is o p tio n, y o u mu s t co nfig ure t h e M A C ad d res s o f
each A P in an ext ern al RA DIUS s erv er.
Requi re Authenti cati on Pas s phras e : Select t h is o p t io n t o req u ire A Ps t o b e
au t h en ticat ed b efore t h ey can asso ciat e wit h t h e co ntro ller. If y o u s elect t h is o p t io n ,
y o u mu s t co n fig ure t he p assphrase o n t h e A P wh ile it is in s t an d alo n e mo d e as well
as in t h e Valid A P d at ab as e.
RADIUS Authenti cati on S erver Name : En t er t h e n ame o f t h e RA DIUS s erv er u s ed
fo r A P an d clien t au t h en t icat io n s . Th e n ame can co n t ain u p t o 32 alp h an u meric
ch aract ers. Sp aces, u nd erscores, an d d ashes are als o p ermit t ed . Th e co n t ro ller act s
as t h e RA DIUS clien t an d p erfo rms all RA DIUS t ran s act io n s o n b eh alf o f t h e A Ps
an d wireles s clien t s .
RADIUS Authenti cati on S erver Confi g ured: In d icat es wh et h er t h e RA DIUS
au t h en t icat io n s erv er is co n fig u red .
RADIUS Accounti ng S erver Name : En t er t h e n ame o f t h e RA DIUS s erv er u sed fo r
rep o rt in g wireles s clien t associatio ns an d d is asso ciatio ns. Th e n ame can co n t ain u p
t o 32 alp h an u meric ch aracters. Sp aces, u nd erscores, an d d as h es are als o p ermit t ed .
RADIUS
Accounti ng
S erver
Confi g ured: In d icat es
wh et h er t h e RA DIUS
acco u n t in g s erv er is co n fig u red .
RADIUS Accounti ng : Select t o en ab le RA DIUS acco u n t in g fo r wireles s clien t s .
Country Code : Select t h e co u n t ry co d e t h at rep res en t s t h e co u n t ry wh ere y o u r
co n t ro ller an d A Ps o p erate. W h en y o u click Su b mit , a p o p -u p mes s ag e as ks y o u t o
co n firm t h e ch an ge. W ireless reg ulat ion s v ary fro m co u n t ry t o co u n t ry . M ake s u re
y o u s elect t h e co rrect co u n t ry co d e s o t h at y o u r W LA N s y s t em co mp lies wit h t h e
reg u lat io n s in y o u r co u n t ry .
58
Wireless Controller
2.8
User Manual
Wireless Discovery configuration
Th e wireles s c o n t ro ller can d is co v er, v alid at e, au t h en t icat e, o r mo n it o r t h e
fo llo win g s y s t em d ev ices :
• Peer wireles s co n t ro llers
• A Ps
• W ireles s clien t s
• Ro g u e A Ps
• Ro g u e wireles s clien t s
Setup > AP Management > Poll List
Th e wireles s co n t ro ller can d is co v er p eer wireles s co n t ro ller an d A Ps
reg ard les s o f wh et her t h ese d evices are co n nect ed t o each o t h er, lo cat ed in t h e
s ame Lay er 2 b ro ad cast d o main , o r at t ached t o d ifferent IP s u b nets. In o rd er for
t h e co n t roller t o d is co v er o t h er W LA N d ev ices an d es t ab lis h co mmu n ic at io n
wit h t h em, t h e d ev ices mu s t h av e t h eir o wn IP ad d res s , mu s t b e ab le t o fin d
o t h er W LA N d ev ices, an d mu s t b e co mp at ib le. W h en t h e co n t ro ller d is co v ers
an d v alid at es A Ps, t h e co nt roller t akes o v er t h e man ag emen t o f t h e A P. If y o u
co n fig u re t h e A P in St an d alo ne mo d e, t h e exis t in g A P co nfig urat ion is rep laced
b y t h e d efau lt A P Pro file co n fig u rat io n o n t h e co n t ro ller.
L3 / IP Di s covery: Select o r clear t h is o p t io n t o en ab le o r d is ab le IP -b as ed
d is co v ery o f acces s p o in t s an d p eer wireles s co n t ro ller. W h en t h e L3/ IP
Dis co v ery o p t io n is s elect ed , IP p o llin g is en ab led an d t h e co n t ro ller will
p erio d ically p o ll each ad d res s in t h e co n fig u red IP Lis t . By d efau lt , L3/ IP
Dis co v ery is en ab led .
Li s t of IP Addres s : Sh o ws t h e lis t o f IP ad d res s es co n fig u red fo r d is co v ery .
To remo v e en t ries fro m t h e lis t , s elect o n e o r mo re en t ries an d click Delet e.
Ho ld t h e " s h ift " key o r “co n t ro l” key t o s elect s p ecific en t ry .
IP Addres s Rang e : Th is t ext field is u s ed t o ad d a ran g e o f IP ad d ress en t ries
t o t h e IP Lis t . En t er t h e IP ad d res s at t h e s t art o f t h e ad d ress ran ge in t h e Fro m
field , an d en t er t h e IP ad d res s at t h e en d o f t h e ran g e in t h e To field , t h en
59
Wireless Controller
User Manual
click A d d . A ll IP ad d res ses in t h e ran ge are ad ded t o t he IP Lis t . On ly t h e las t
o ct et is allo wed t o d iffer b et ween t h e Fro m ad d res s an d t h e To ad d res s .
Figure 31 : Configu ri ng the Wire le s s Dis cove ry
L2 / VLAN Di s covery: Th e D-Lin k W ireles s Dev ice Dis co v ery Pro t o co l is a g o o d
d is co v ery met h o d t o u se if t h e co n t ro ller an d A Ps are lo cat ed in t h e s ame Lay er 2
60
Wireless Controller
User Manual
mu lt icas t d o main . Th e wireles s co n t ro ller p erio d ically s en d s a mu lt icas t p acket
co n t ain in g t h e d is co v ery mes s ag e o n each VLA N en ab led fo r d is co v ery
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Add: A d d s t h e d at a in t h e IP A d d res s o r VLA N field t o t h e ap p ro p riat e lis t .
Del ete : Delet es t h e s elect ed en t ry fro m t h e IP o r VLA N lis t .
2.8.1 W ireless Discov ery Status
Status > Global Info > IP Discovery
Th e IP Dis co v ery lis t can co n tain t h e IP ad d res s es o f p eer co n t ro ller an d A Ps fo r
t h e DW C-1000 t o d is co v er an d as s o ciat e wit h as p art o f t h e W LA N
IP Addres s : Sh o ws t h e IP ad d res s o f t h e d ev ice co nfig ured in t h e IP Dis co v ery lis t
S tatus : Th e wireles s d is co v ery s t at u s is in o n e o f t h e fo llo win g s t at es :

Not Pol l ed: Th e co n t ro ller h as n ot at temp ted t o co nt act t h e IP ad d ress in t h e
L3/ IP Dis co v ery lis t .

Pol l ed: Th e co n t ro ller h as at t emp t ed t o co n t act t h e IP ad d res s .

Di s covered: Th e co n t ro ller co n t act ed t h e p eer co n t ro ller o r t h e A P in t h e
L3/ IP Dis co v ery lis t an d h a s au t h en t icat ed o r v alid at ed t h e d ev ice.

Di s covered - Fai l ed: Th e co n t ro ller co nt acted t h e p eer co n t ro ller o r t h e A P
wit h IP ad d ress in t h e L3/ IP Dis co v ery lis t an d was u nable t o au th en ticate or
v alid at e t h e d ev ice.
If t h e d ev ice is an access p oin t, an e n t ry ap pears in t h e A P failu re lis t wit h a failu re
reas o n .
61
Wireless Controller
User Manual
Figure 32 : Wire le s s Dis cove ry s tatus
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
2.8.2 AP Profile Global Configuration
Advanced > AP Profile
A cces s Po in t Pro file Su mmary p ag e, y o u can A d d , Co p y , Ed it , Delet e A P p ro files .
To ad d a n ew p ro file, click A d d in A P Pro file Su mmary p ag e. In t h e A P Pro file
Glo b al Co n fig u rat io n p ag e , en t er t h e n ame o f t h e p ro file in t h e Pro file Name field ,
s elect Hard ware t y p e an d en t er t h e v alid VLA N ID an d t h en click Su b mit .
62
Wireless Controller
User Manual
Figure 33 : AP Profile Global Configuratio n
Profi l e Name : Th e A cces s Po in t p ro file n ame y o u a d d ed . Us e 0 t o 32 ch aract ers . On ly
alp h an u meric ch aract ers are allo wed . No s p ecial ch aract ers are allo wed .
Hardware Type :
Select t h e h ard ware t y pe fo r t h e A Ps t hat u se t h is p ro file. Th e h ardware
t y p e is d et ermin ed , in p art , b y t h e n umb er o f rad io s t h e A P s up port s (s ing le o r d u al) an d the
IEEE 802.11 mo d es t h at t h e rad io s up port s (a/ b / g o r a/ b / g / n ). Th e o p t io n av ailab le in t h e
Hard ware Ty p e ID is :
•
DW L-8600A P Du al Rad io a/ b / g / n

DW L-3600A P Sin g le Rad io b / g / n

DW L-6600A P Du al Rad io a/ b / g / n
Wi red Network Di s covery VLAN ID: En t er t h e VLA N ID t h at t h e co ntro ller u ses t o s en d
t racer p acket s in o rd er t o d et ect A Ps co n n ect ed t o t h e wired n et wo rk.
AP Profile
Advanced > AP Profile
A cces s p oin t con fig uratio n p ro files are a u s eful feat u re fo r larg e wireles s n etwo rks with
A Ps t h at s erv e a v ariet y o f d ifferen t u sers . Yo u can creat e mu lt ip le A P p ro files o n t h e
Co n t ro ller t o cu s to mize A Ps b ased o n lo catio n , fu n ct io n , o r o t h er crit eria. Pro files are
like t emp lat es , an d o n ce y o u create an A P p ro file, y o u can ap ply t h at p ro file t o an y A P.
63
Wireless Controller
User Manual
Figure 34 : AP Profile Lis t
Fo r each A P p ro file, y o u can co nfig ure t h e fo llo win g feat ures:
•
Pro file s et t in gs
(Name, Hard ware Ty p e ID, W ired Net wo rk Dis co v ery VLA N ID)
•
Rad io s et t in gs
•
SSID s et t ing s
•
Qo S s et t in gs
64
Wireless Controller
User Manual
Profi l e : Th e A cces s Po in t p ro file n ame y o u ad ded. Us e 0 t o 32
ch aract ers.
Profi l e S tatus : can h av e o n e o f t h e fo llo win g v alu es:
•
As s oci ated: Th e p ro file is co n fig u red, an d o ne o r mo re A Ps
man ag ed b y t h e co ntro ller are as sociated wit h t h is p ro file.
•
As s oci ated-Modi fi ed: Th e p ro file h as b een mo d ified s in ce it
was ap p lied t o o n e o r mo re as so ciat ed A Ps; t h e p rofile mu s t b e re ap p lied fo r t h e ch an ges t o t ake effect.
•
Appl y Reques ted: A ft er y o u s elect a p ro file an d click A p p ly ,
t h e s creen refres hes and s hows t h at an ap ply h as b een req uested .
•
Appl y In Prog res s : Th e p ro file is b ein g ap plied t o all A Ps t h at
u s e t h is p ro file. Du rin g t his p rocess t h e A Ps reset, an d all wireles s
clien t s are d is associated fro m t h e A P.
•
Confi g ured: Th e p ro file is co n fig u red , b u t n o A Ps man ag ed b y
t h e co n t roller cu rren tly u se t his p rofile.

A s s o ciat e a p ro file wit h an A P. En t ry o f t h e A P is v alid an d av ailab le in
d at ab as e o f t h e co n t ro ller.
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Edi t: To ed it t h e exis t in g A P p ro file .
Del ete : To d elet e t h e exis t in g A P p ro file .
Add: A d d a n ew A P p ro file
Copy: Co p y t h e exis t in g A P p ro file .
Appl y: Up d at e t h e A P p ro file c o n fig u rat io n d et ails en t ered .
Confi g ure Radi o: A llo ws co n fig u rat ion o f t h e A P p ro file Rad io co n fig u rat ion .
Confi g ure S S ID: A llo ws co n fig u rat io n o f t h e A P p ro file VA P co n fig u rat io n .
Confi g ure QoS : A llo ws co n fig u rat io n o f t h e A P p ro file Qo S co n fig u rat io n .
65
Wireless Controller
User Manual
Radio Configuration
Radi o Mode : Fro m t h is field , y o u can s elect t h e rad io t h at y o u wan t t o
co n fig u re. By d efau lt , Rad io 1 o p erat es in IEEE 802.11a/ n mo d e, an d Rad io
2 o p erat es in IEEE 802.11b / g / n mo d e. If y o u ch an g e t h e mo d e, t h e lab els for
t h e rad io s ch an g e acco rd in g ly . Ch an g es t o t h e s et t in g s ap p ly o n ly t o t h e
s elect ed rad io .Th e DW L-3600A P is a s in g le -rad io A P. A n y s et t in g s y o u
co n fig u re fo r Rad io 1 (802.11a/ n ) are n o t ap p lied t o t h e DW L -3600A P. If
t h e s elect ed Hard ware Ty pe ID fo r t h e A P p ro file is DW L-3600A P, t h e radio
s elect o rs are n o t av ailab le.
S tate : Sp ecify wh et h er y o u wan t t h e rad io o n o r o ff b y clickin g On o r Off.
If y o u t u rn o ff a rad io , t h e A P s en ds d is associatio n frames t o all t h e wireless
clien t s it is cu rren t ly s u p p o rt in g s o t h at t h e rad io can b e g racefu lly
s h u t d o wn an d t h e clien t s can s t art t h e as s o ciat io n p ro ces s wit h o t h er
av ailab le A Ps
RTS : Th res h o ld Sp ecify a Req u est t o Sen d (RTS) Th res h o ld v alu e b et ween
0 an d 2347. Th e RTS t h res h old in d icat es t h e n umb er o f o ct et s in an M PDU,
b elo w wh ich an RTS/ CTS h an d s h ake is n o t p erfo rmed . Ch an g in g t h e RTS
t h res h old can h elp co ntro l t raffic flo w t h ro u gh t h e A P, es pecially o n e wit h a
lo t o f clien t s . If y o u s pecify a lo w t h res h old v alue, RTS p acket s wil l b e s en t
mo re freq u en t ly . Th is will co n s u me mo re b an d wid t h an d red u ce t h e
t h ro u g hp ut o f t h e p acket . On t h e o th er h an d, s endin g mo re RTS p acket s can
h elp t h e n et wo rk reco ver fro m in t erferen ce o r co llis io n s wh ich mig h t o ccu r
o n a b u s y n et wo rk, o r o n a n et wo rk exp erien cin g elect ro mag n et ic
in t erferen ce.
Load B al anci ng : If y o u en ab le lo ad b alan cin g, y o u can co n t ro l t h e amo u n t
o f t raffic t h at is allo wed o n each o f t h e act iv e A P‟s .
Load Uti l i zati on: Th is field allo ws y o u t o s et a t h resh old fo r t h e p ercent ag e
o f n et wo rk b an d wid t h u t ilizat io n allo wed o n t h e rad io . On ce t h e lev el y o u
s p ecify is reach ed , t he A P s to ps accep t in g n ew clien t as s o ciat io n s . En t er a
p ercen t ag e o f u t ilizat io n fro m 1 t o 100.
Maxi mum Cl i ents : Sp ecify t h e maximu m n u mb er o f s t at io n s allo wed t o
as s o ciat e wit h t h is acces s p o in t at an y o n e t ime. Yo u can en t er a v alu e
b et ween 0 an d 200.
66
Wireless Controller
User Manual
RF S can Other Channel s : Th e acces s p oin t can p erform RF s can s t o co llect
in fo rmat io n ab o u t o t her wireles s d ev ices wit h in ran g e an d t h en rep o rt t h is
in fo rmat io n t o t h e DW C-1000 wireles s co n t ro ller. If y o u s elect t h e Scan
Ot h er Ch an n els o p t io n , t h e rad io p erio d ically mo v es away fro m
t h e o p erat ion al ch ann el t o s can o t h er ch an n els . En ab lin g t h is mo d e cau s es
t h e rad io t o in t erru p t u s er t raffic, wh ich may b e n o t iceab le w it h v o ice
co n n ectio ns. W h en t he Scan Ot h er Ch an nels o p tio n is cleared , t he A P s can s
o n ly t h e o p erat in g ch an n el.
RF S can S entry: Select t h is o p t io n t o allo w t h e rad io t o o p erat e in s en t ry
mo d e. W h en t h e RF Scan Sen t ry o p t io n is s elect ed , t h e rad io p rimarily
p erfo rms d ed icat ed RF s can nin g. Th e rad io p assiv ely lis t ens fo r b eacons and
t raffic exch an g e b et ween clien t s and o t her access p oin ts b u t d o es n o t accep t
co n n ect io n s fro m wireles s clien t s . In s en t ry mo d e, all VA Ps are d is ab led .
Net wo rks t h at d eplo y s entry A Ps o r rad io s can d etect d ev ices o n t h e n etwork
q u icker an d p erfo rm mo re t h ro u gh s ecurit y an alysis . In t h is mo d e, t h e rad io
co n t ro llers fro m o n e ch an nel t o t h e n ext . Th e len g t h o f t ime s p en t o n each
ch an n el is co n trolled b y t h e s can d u rat io n . Th e d efau lt s can d u rat io n is 10
millis eco n d s .
Mode : Th e M o d e d efin es t h e Ph ysical Lay er (PHY) s t an dard t h e rad io u s es .
Select o n e o f t h e fo llo win g mo d es fo r each rad io in t erface.
Radi o 1 s upports :
• IEEE 802.11a is a PHY s t an dard t h at s pecifies o peratin g in t h e 5 GHz
U-NII b an d u s ing o rt hog onal freq u en cy d iv isio n mu lt ip lexin g (OFDM ).
It s u p p o rt s d at a rat es ran g in g fro m 6 t o 54 M b p s .
• IEEE 802.11a/ n o p erat es in t h e 5 GHz ISM b an d an d in clu des su ppo rt
fo r b o t h 802.11a an d 802.11n d ev ices . IEEE 802.11n is an ext en s io n o f
t h e 802.11 s t an d ard t h at in clu d es mu lt ip le -in p u t mu lt ip le -o u t p u t
(M IM O) t ech n o lo g y . IEEE 802.11n s u p p o rt s d at a ran g es o f u p t o 248
M b p s an d n early t wice t h e in d o o r ran g e o f 802.11 b , 802.11g , an d
802.11a.
• 5 GHz IEEE 802.11n is t h e reco mmen d ed mo d e fo r n et wo rks wit h
802.11n d ev ices t hat o p erat e in t h e 5 GHz freq u en cy t h at d o n ot n eed to
s u p p o rt 802.11a o r 802.11b / g d ev ices . IEEE 802.11n can ach iev e a
67
Wireless Controller
User Manual
h ig h er t h ro u ghp ut wh en it d o es n o t n eed t o b e co mp at ib le wit h leg acy
d ev ices (802.11b / g o r 802.11a).
Radi o 2 s upports :
• IEEE 802.11b / g o p erat es in t h e 2.4 GHz ISM b an d . IEEE 802.11b is
an en h an cemen t o f t h e in it ial 802.11 PHY t o in clu d e 5.5 M b p s an d 11
M b p s d at a rat es . It u s es d irect s eq u en ce s p read s p ect ru m (DSSS) o r
freq u en cy h o pp ing s p read s p ect ru m (FHSS ) as well as co mp lemen t ary
co d e key in g (CCK) t o p ro v id e t h e h ig h er d at a rat es . It s u p p o rt s d at a
rat es ran g in g fro m 1 t o 11 M b p s . IEEE 802.11g is a h ig h er s p eed
ext en s io n (u p t o 54 M b p s ) t o t h e 802.11b PHY. It u s es o rt h o g o n al
freq u en cy d iv is ion mu lt ip lexin g (OFDM ). It s u p p orts d at a rat es ran ging
fro m 1 t o 54 M b p s .
• IEEE 802.11b / g / n o p erat es in t h e 2.4 GHz ISM b an d an d in clu d es
s u p p o rt fo r 802.11b , 802.11g , an d 802.11n d ev ices .
• 2.4 GHz IEEE 802.11n is t h e reco mmen d ed mo d e fo r n et wo rks wit h
802.11n d ev ices t hat o p erat e in t h e 2.4 GHz freq u en cy t hat d o n o t n eed
t o s u p p o rt 802.11a o r 802.11b / g d ev ices . IEEE 802.11n can ach iev e a
h ig h er t h ro u ghp ut wh en it d o es n o t n eed t o b e co mp at ib le wit h leg acy
d ev ices (802.11b / g o r 802.11a).
DTIM Peri od: Th e Deliv ery Traffic In fo rmat io n M ap (DTIM ) mes s age is an
elemen t in clu d ed in s o me
B eacon frames . It in d icat es wh ich clien t s tatio ns, cu rrent ly s leepin g in lo w p o wer mo d e, h av e d at a b uffered o n t h e acces s p o in t await in g p ick -u p . Th e
DTIM p erio d y o u s p ecify in d icat es h o w o ft e n t h e clien t s s erv ed b y t h is
acces s p o int s hou ld ch eck fo r b u ffered d ata s till o n t h e A P await in g p icku p .
Sp ecify a DTIM p erio d wit h in t h e g iv en ran g e (1 – 255). Th e meas u remen t is
in b eaco n s . Fo r examp le, if y o u s et t h is field t o 1, clien t s will ch eck fo r
b u ffered d at a o n t h e A P at ev ery b eaco n . If y o u s et t h is field t o 10, clien t s
will ch eck o n ev ery 10t h b eaco n .
B eacon Interval : Beaco n frames are t ran s mit t ed b y an acces s p o in t at
reg u lar in t erv als t o an n o u n ce t h e exis t en ce o f t h e wireles s n et wo rk. Th e
d efau lt b eh avio r is t o s end a b eaco n frame o n ce ev ery 100 millis eco n d s (o r
68
Wireless Controller
User Manual
10 p er s eco n d ). Th e Beaco n In t erv al v alu e is s et in millis eco n d s . En t er a
v alu e fro m 20 t o 2000.
Automati c Channel : Th e ch an n el d efin es t h e p ort io n o f t h e rad io s p ect ru m
t h at t h e rad io u ses fo r t ran smit t in g an d receivin g. Th e ran ge o f ch ann els an d
t h e d efau lt ch annel are d et ermin ed b y t h e M o de o f t h e rad io in t erface. W hen
t h e A P b o o t s, each A P rad io s can s t h e RF area fo r o ccu p ied ch an n els an d
s elect s a ch an n el fro m t h e av ailab le n o n -in t erferin g o r clear ch an n els .
Ho wev er, ch an n el co n d it io n s can ch an g e d u rin g o p erat io n . En ab lin g t h e
A u t o mat ic Ch an nel makes t h e rad io o f A Ps as s ig n ed t o t h is p ro file elig ib le
fo r au t o -ch an n el s elect io n . Yo u can au t o mat ically o r man u ally ru n t h e
au t o ch ann el s electio n alg o rit hm t o allo w t h e DW C-1000 co n t ro ller t o ad ju s t
t h e ch an n el o n A Ps as W LA N co n d it io n s ch an g e.
Automati c Power : Th e p o wer lev el affect s h o w far an A P b ro ad casts it s RF
s ig n al. If t h e p o wer lev el is t o o lo w, wireles s clien t s will n o t d et ect t h e
s ig n al o r exp erien ce p o o r W LA N p erfo rman ce. If t h e p o wer lev el is t o o
h ig h , t h e RF s ig n al mig h t in t erfere wit h o t h er A Ps wit h in ran g e. A u t o mat ic
p o wer u s es a p ro p rietary alg orit hm t o au t o mat ically ad ju s t t h e RF s ig n al t o
b ro ad cas t far en o u g h t o rea ch wireles s clien t s , b u t n o t s o far t h at it
in t erferes wit h RF s ig n als b ro ad cas t b y o t h er A Ps . Th e p o wer lev el
alg o rit h m in creas es o r d ecreas es t h e p o wer lev el in 10% in cremen t s b as ed
o n p res en ce o r ab s en ce o f p acket ret ran s mis s io n erro rs .
Ini ti al Power : Th e au t o mat ic p o wer alg o rit h m will n o t red u ce t h e p o wer
b elo w t h e n u mb er y o u s et in t h e in it ial p o wer field . By d efau lt , t h e p o wer
lev el is 100%. Th erefo re, ev en if y o u en able t h e au t omat ic p o wer, t h e p o wer
o f t h e RF s ig n al will n o t d ecreas e. Th e p o wer lev e l is a p ercen t ag e o f t h e
maximu m t ran s mis s io n p o wer fo r t h e RF s ig n al.
APS D Mode : Select En ab le t o en ab le A u t o mat ic Po wer Sav e Deliv ery
(A PSD), wh ich is a p o wer man ag emen t met h o d . A PSD is reco mmen d ed if
Vo IP p h o n es acces s t h e n et wo rk t h ro u g h t h e A P.
RF S can Interval : Th is field co n t ro ls t h e len g t h o f t ime b et ween ch an n el
ch an g es d u rin g t h e RF Scan .
Long Retri es Th e v alu e in t h is field in d icat es t h e maximu m n u mb er o f
t ran s mis sio n at t emp t s o n frame s izes g reat er t h an t h e RTS Th res h o ld . Th e
ran g e is 1-255.
69
Wireless Controller
User Manual
Rate Li mi ti ng : En ab lin g mu lt icas t an d b ro ad cas t rat e limit in g can imp ro v e
o v erall n et wo rk p erfo rman ce b y limit in g t h e n u mb er o f p acket s t ran s mit t ed
acro s s t h e n et wo rk. Th is feat u re is d is ab led b y d efau lt .

No t e: Th e av ailab le rat e limit v alu es are v ery lo w fo r mo s t en v iro n men t s ,
s o en ab lin g t h is feat u re is n o t reco mmen d ed excep t fo r ad v an ced u s ers .
•
To en ab le M u lt icas t an d Bro ad cas t Rat e Limit in g , click Enabl ed.
•
To d is ab le M u lt icast an d Bro ad cast Rat e Dis abled, click Di s abl ed.
70
Wireless Controller
User Manual
Figure 35 : AP Pofile - Radio configurat io n (Part-1)
Trans mi t Li feti me : Sh o ws t h e n u mb er o f millis eco n d s t o wait b efo re
t ermin at in g at t emp t s t o t ran s mit t h e M SDU aft er t h e in it ial t ran s mis s io n .
Rate Li mi t: En t er t h e rat e limit y o u wan t t o s et fo r mu lt ic as t an d b ro ad cas t
t raffic. Th e limit s h o u ld b e g reat er t h an 1, b u t les s t h an 50 p acket s p er
s eco n d . A n y t raffic t h at falls b elo w t h is rat e limit will alway s co n fo rm t o
an d b e t ran smit t ed t o t h e app rop riate d est in at io n . Th e d efau lt an d maximu m
71
Wireless Controller
User Manual
rat e limit s e t t in g is 50 p acket s p er s eco n d . Th is field is d is ab led if Rat e
Limit in g is d is ab led .
Recei ve Li feti me: Sh o ws t h e n u mb er o f millis eco n d s t o wait b efo re
t ermin at in g at t emp t s t o reas s emb le t h e M M PDU o r M SDU aft er t h e in it ial
recep t io n o f a frag men t ed M M PDU o r M SDU.
Rate Li mi t B urs t: Set t in g a rat e limit b u rs t d et ermin es h o w mu ch t raffic
b u rs t s can b e b efo re all t raffic exceed s t h e rat e limit . Th is b u rs t limit allo ws
in t ermit t en t b u rs t s o f t raffic o n a n et wo rk ab o v e t h e s et rat e limit . Th e
d efau lt an d maximu m rat e limit b u rs t s et tin g is 75 p acket s p er s eco n d . Th is
field is d is ab led if Rat e Limit in g is d is ab led .
S tati on Is ol ati on: W h en
t h is
o p t io n
is
s elect ed , t h e A P b lo cks
co mmu n icat io n b et ween wireles s clien ts. It s t ill allo ws d at a t raffic b et ween
it s wireles s clien t s an d wired d ev ices o n t h e n et wo rk, b u t n o t amo n g
wireles s clien t s . Th is feat u re is d is ab led b y d efau lt .
•
To en ab le M u lt icas t an d Bro ad cas t Rat e Limit in g , click Enabl ed.
•
To d is ab le M u lt icast an d Bro ad cast Rat e Dis abled, click Di s abl ed.
Channel B andwi dth: Th e 802.11n s p ecificat io n allo ws t h e u s e o f a 40 M Hz-wid e ch an n el in ad d it io n t o t he leg acy 20 -M Hz ch an n el av ailab le wit h
o t h er mo d es . Th e 40-M Hz ch an n el en ab les h ig h er d at a rat es b u t leav es
fewer ch an n els av ailab le fo r u s e b y o t h er 2.4 GHz an d 5 GHz d ev ices . Th e
40-M Hz o p t io n is en ab led b y d efau lt fo r 802.11a/ n mo d es an d 20 M Hz fo r
802.11b / g / n mo d es . Yo u can u s e t h is s et t in g t o res t rict t h e u s e o f t h e
ch an n el b an d wid t h t o a 20-M Hz ch an n el.
Pri mary Channel : Th is s et t ing is ed it ab le o n ly wh en a ch an n el is s elect ed
an d t h e ch an n el b an d wid t h is s et t o 40 M Hz. A 40 -M Hz ch an n el can b e
co n s id ered t o co n s is t o f t wo 20-M Hz ch an n els t h at are co n t ig u o u s in t h e
freq u en cy d o main . Th ese t wo 20-M Hz ch an n els are o ft en referred t o as t h e
Primary an d Seco n dary ch an n els . Th e Primary Ch an n el is u s ed fo r 802.11n
clien t s t h at s u p p o rt o n ly a 20-M Hz ch an n el b an d wid t h an d fo r leg acy
clien t s . Us e t h is s ettin g t o s et t h e Primary Ch an n el as t h e u pp er o r lo wer 20 M Hz ch an n el in t h e 40-M Hz b an d .
72
Wireless Controller
User Manual
Figure 36 : AP Pofile - Radio configurat io n (Part-2)
Protecti on: Th e p ro t ect ion feat u re co n t ain s ru les t o g u aran t ee t h at 802.11
t ran s mis sio ns d o n o t cause in t erferen ce wit h leg acy s tatio ns o r ap p licatio n s .
By d efau lt , t h ese p ro t ectio n mech an isms are en abled ( A u to ). W it h p ro tection
en ab led , p ro tect io n mech anis ms will b e in v o ked if leg acy d ev ices are wit h in
ran g e o f t h e A P. Yo u can d is ab le (Off) t h es e p ro t ect io n mech an is ms ;
h o wev er, wh en 802.11n p ro t ect io n is o ff, leg acy clien ts o r A Ps wit h in ran g e
can b e affect ed b y 802.11n t ran s mis s io ns. 802.11 p ro t ect io n is als o available
wh en t h e mo d e is 802.11b / g . W h en p ro t ect io n is en ab led in t h is mo d e, it
p ro t ect s 802.11b clien t s an d A Ps fro m 802.11g t ran s mis s io n s .
73
Wireless Controller
User Manual
S hort Guard Interval : Th e g u ard in t erv al is t h e d ead t ime, in n an o second s ,
b et ween OFDM s y mb o ls . Th e g u ard in t erv al p rev en t s In t er -Sy mb o l an d
In t er-Carrier In t erferen ce (ISI, ICI). Th e 802.11n mo d e allo ws fo r a
red u ct io n in t h is g u ard in t erv al fro m t h e a an d g d efin it io n o f 800
n an o second s t o 400 n an o s eco n d s . Red u cin g t h e g u ard in t erv al can y ield a
10% imp ro v emen t in d at a t h ro ugh p u t . Select o n e o f t h e fo llo win g o p t io n s :
•
Enabl e : Th e A P t ran s mit s d at a u s in g a 400 n s g u ard In t erv al
wh en co mmu n icat in g wit h clien t s t h at als o s u p p o rt t h e 400 n s
g u ard in t erv al.
•
Di s abl e : Th e A P t ran s mit s d at a u s in g an 800 n s g u ard in t erv al.
S pace Ti me B l ock Code : Sp ace Time Blo ck Co d in g (STBC) is an 802.11n
t ech n iq ue in t ended t o imp ro v e t h e reliab ilit y o f d at a t ransmis sio ns. Th e d ata
s t ream is t ran s mit t ed o n mu lt ip le an t en n as s o t h e receiv in g s y s t em h as a
b et t er ch ance o f d et ect ing at least o n e o f t h e d at a s t reams . Select o n e o f t h e
fo llo win g o p t io n s :
•
Enabl e :
Th e A P t ran s mit s t h e s ame d at a s t ream o n mu lt ip le
an t en n as at t h e s ame t ime.
•
Di s abl e : Th e A P d o es n o t t ran s mit s t h e s ame d at a o n mu lt ip le
an t en n as .
Radi o Res ource Manag ement: Rad io Re s o u rce M eas u remen t (RRM ) mo d e
req u ires t h e W ireles s Sy s t em t o s en d ad d it io n al in fo rmat io n in b eaco n s ,
p ro b e res p onses, an d associat io n res p o n s es . En ab le o r d is ab le t h e s u p p o rt
fo r rad io res o u rce meas uremen t feat ure in t h e A P p ro file. Th e feat u re is s et
in d ep en d en t ly fo r each rad io an d is en ab led b y d efau lt .
No ACK: Select En ab le t o s p ecify t h at t h e A P s h o u ld n o t ackn o wled g e
frames wit h Qo s No A ck as t h e s erv ice clas s v alu e.
Mul ti cas t Tx Rate (Mbps ): Select t h e 802.11 rat e at wh ich t h e rad io
t ran s mit s mu lt icas t frames . Th e rat e is in M b p s . Th e lo wes t rat e in t h e 5
GHz b an d is 6 M b p s .
74
Wireless Controller
User Manual
SSID Configuration
Th e SSID Co n fig u rat io n p age d isp lays t he v irt u al acces s p o in t (VA P) s et t in g s
as s o ciat ed wit h t h e s elect ed A P p ro file. Each VA P is id en t ified b y it s n et wo rk
n u mb er an d Serv ice Set Id en t ifier (SSID).
Figure 37 : AP Pofile - SSID configurat ion
75
Wireless Controller
User Manual
Radi o Mode : Fro m t h is field , y o u can s elect t h e rad io t h at y o u wan t t o
co n fig u re. By d efau lt , Rad io 1 o p erat es in IEEE 802.11a/ n mo d e, an d Rad io
2 o p erat es in IEEE 802.11b / g / n mo d e. If y o u ch an g e t h e mo d e, t h e lab els for
t h e rad io s ch an g e acco rd in g ly . Ch an g es t o t h e s et t in g s ap p ly o n ly t o t h e
s elect ed rad io .Th e DW L-3600A P is a s in g le -rad io A P. A n y s et t in g s y o u
co n fig u re fo r Rad io 1 (802.11a/ n ) are n o t ap p lied t o t h e DW L-3600A P. If
t h e s elect ed Hard ware Ty pe ID fo r t h e A P p ro file is DW L-3600A P, t h e radio
s elect o rs are n o t av ailab le.
Network : Us e t h e o p t ion t o t he left o f t h e n et wo rk t o en ab le o r d is ab le t h e
co rres p on din g VA P o n t h e s elect ed rad io . W h en en ab led , u s e t h e men u t o
s elect a n et wo rks t o assig n t o t h e VA P. Yo u can co n fig u re u p t o 64 s ep arate
n et wo rks o n t h e co n t ro ller an d ap p ly t h em acro s s mu lt ip le rad io an d VA P
in t erfaces . By d efau lt , 16 n et wo rks are p re -co n fig u red an d ap p lied in
o rd er t o t h e VA Ps o n each rad io . En ab lin g a VA P o n o n e rad io d o es n o t
au t o mat ically en ab le it o n t h e o t h er rad io .
VLAN: Sh o ws t h e VLA N ID o f t h e VA P. To ch an g e t his s et t in g , click Ed it .
L3 Tu n n el: Sh o ws wh et h er L3 Tu n n elin g is e n ab led o n t h e n et wo rk.
No t e: W h en L3 t u n n elin g is en abled, t h e VLA N ID co n fig u red ab o v e is n o t
u s ed . In fact , t h e co n t ro ller p u t s t h e man ag emen t VLA N ID, if an y , o n t h e
t u n n eled p acket s d es t in ed t o t h e A P.
Hi de S S ID: Sh o ws wh et h er t h e VA P b ro ad cas t s t h e S SID. If en ab led , t h e
SSID fo r t h is n et wo rk is n o t in clu ded in A P b eaco ns. To ch an ge t his sett in g,
click Ed it .
S ecuri ty: Sh o ws t h e cu rrent s ecu rit y s et t in g s fo r t h e VA P. To ch an g e t h is
s et t in g , click Ed it . Red irect Sh o ws wh et h er HTTP red irect is en ab led . T h e
p o s s ib le v alu es fo r t h e field are as fo llo ws :
•
HTTP: HTTP Red irect is en ab led
•
None : HTTP Red irect is d is ab led
Edi t: Click Ed it t o mo d ify s et t in g s fo r t h e co rres p o n d in g n et wo rk. W h en
y o u click Ed it , t h e W ireles s Net wo rk Co n fig u rat io n p ag e ap p ears .
76
Wireless Controller
User Manual
QoS Configuration
Qu alit y o f Serv ice (Qo S) p ro v id es y o u wit h t h e ab ilit y t o s pecify p aramet ers o n
mu lt ip le q u eu es fo r in creas ed t h ro u g h p u t an d b et t er p erfo rman ce o f
d ifferen t iat ed wireles s t raffic , d ifferen t t y p es o f au d io , v id eo , an d s t reamin g
med ia as well as t rad it io n al IP d at a o v er t h e DW C-1000.
Figure 38 : AP Pofile - QoS configuratio n (Part-1)
Co n fig u rin g Qu alit y o f Serv ice (Qo S) o n t h e DW C-1000 co n s is t s o f s et t in g
p aramet ers o n exis t in g q u eu es fo r d ifferen t t y p es o f w ireles s t raffic, an d
77
Wireless Controller
User Manual
effect iv ely s p ecify in g min imu m an d maximu m wait t imes (t h ro u g h Co n t en t io n
W in d o ws ) fo r t ran s mis s io n . Th e s et t in g s d es crib ed h ere ap p ly t o d at a
t ran s mis sio n b eh av ior o n t h e access p oin t o n ly , n ot t o t h at o f t h e clien t s t at io n s .
AP Enhanced Di s tri buted Channel Acces s (EDCA ) Paramet ers affect t raffic
flo win g fro m t h e acces s p o in t t o t h e clien t s t at io n . S tati on Enhanced
Di s tri buted Channel Acces s (EDCA ) Paramet ers affect t raffic flo win g fro m t h e
clien t s t at io n t o t he access p o in t . Yo u can s p ecify cu s t o m Qo S s et t in g s , o r y o u
can s elect a t emp lat e t hat co n figu res t h e A P p ro file wit h p re -d efin ed sett ing s t hat
are o p t imized fo r d at a t raffic o r v o ice t raffic.
Radi o Mode : Fro m t h is field , y o u can s elect t h e rad io fo r wh ich y o u wan t
t o co n fig u re Qo S s ett ing s. Set tin gs fo r each rad io are co n fig ured s eparat ely .
By d efau lt , Rad io 1 o p erat es in IEEE 802.11a/ n mo d e, an d Rad io 2 o p erat es
in IEEE 802.11b / g / n mo d e. If y o u ch an ge t h e mo d e, t h e lab els fo r t h e rad io s
ch an g e accordin gly . Ch an ges t o t h e s et tin gs ap ply o nly t o t h e s elect ed rad io.
Th e DW L--3600A P is a s in g le - rad io A P. A n y s et t in g s y o u c o n fig u re fo r
Rad io 1 (802.11a/ n ) are n o t ap p lied t o t h e DW L--3600A P. If t h e s elect ed
Hard ware Ty p e ID fo r t h e A P p ro file is DW L--3600A P, t h e rad io s elect o rs
are n o t av ailab le.
Templ ate : Select t h e Qo S t emp lat e t o ap p ly t o t h e A P p ro file. If y o u s elect
Cu s t o m, y o u can ch ange t h e A P an d s tatio n p aramet ers . If y o u s elect Vo ice
o r Fact o ry Defau lt s, t h e co ntro ller will u s e t h e p re -d efin ed s et t in g s fo r t h e
t emp lat e y o u s elect .
AP EDCA Parameters :
Queue :Qu eu es are d efin ed fo r d ifferen t t y p es o f d at a t ran s mit t ed fro m A Pt o -s t at io n :

Data 0 (Voi ce): Hig h p rio rit y q u eu e, min imu m d elay . Time -s en s it iv e
d at a s u ch as Vo IP an d s t reamin g med ia are au t o mat ically s en t t o t h is
q u eu e.

Data 1 (Vi deo): Hig h p rio rit y q u eu e, min imu m d elay . Time -s en s it iv e
v id eo d at a is au t o mat ically s en t t o t h is q u eu e.

Data 2 (bes t effort): M ed iu m p rio rit y q u eu e, med iu m t h ro u g h p u t an d
d elay . M o s t t rad it io n al IP d at a is s en t t o t h is q u eu e.
78
Wireless Controller

User Manual
Data 3 (B ack g round): Lo wes t p rio rit y q u eu e, h ig h t h ro u g h p u t . Bu lk
d at a t h at req uires maximu m t h ro u gh put an d is n o t t ime -s en sitiv e is s en t
t o t h is q u eu e (FTP d at a, fo r examp le).
AIFS (Inter -Frame S pace): Th e A rb it rat io n In t er-Frame Sp acin g (A IFS)
s p ecifies a wait t ime fo r d at aframes . Th e wait t ime is meas u red in s lo t s .
Valid v alu es fo r A IFS are 1 t h ro u g h 255.
cwMi n (Mi ni mum Contenti on Wi ndow) : Th is p aramet er is in p u t t o t h e
alg o rit h m t h at d et ermin es t he in it ial ran d o m b acko ff wait t ime (win d o w) fo r
ret ry o f a t ran s mis sio n. Th e v alue s pecified h ere in t h e M in i mu m Co n t en tion
W in d o w is t h e u p per limit (in millis eco n d s ) o f a ran g e fro m wh ich t h e in it ial
ran d o m b acko ff wait t ime is d et ermin ed . Th e firs t ran d om n u mb er g en erated
will b e a n u mb er b et ween 0 an d t h e n u mb er s p ecified h ere. If t h e firs t
ran d o m b acko ff wait t ime exp ires b efo re t h e d at a frame is s en t , a ret ry
co u n t er is in cremen ted an d t h e ran d o m b acko ff v alu e (win d o w) is d o u b led .
Do u b lin g will co n t in u e u n t il t h e s ize o f t h e ran d o m b acko ff v alu e reach es
t h e n u mb er d efin ed in t h e M aximu m Co n t en t io n W in d o w. Va lid v alu es fo r
t h e cwmin are 1, 3, 7, 15, 31, 63, 127, 255, 511, o r 1024. Th e v alu e fo r
cwmin mu s t b e lo wer t h an t h e v alu e fo r cwmax.
cwMax (Maxi mum Contenti on Wi ndow) : Th e v alu e s p ecified h ere in t h e
M aximu m Co n t en t io n W in d o w is t h e u p p er limit (in millis eco n d s ) fo r t h e
d o u b lin g o f t h e ran dom b acko ff v alu e. Th is d o u b lin g co n t in u es u n t il eit h er
t h e d at a frame is s en t o r t h e M aximu m Co n t en t io n W in d o w s ize is reach ed .
On ce t h e M aximu m Co n t en t io n W in d o w s ize is reach ed , ret ries will
co n t in u e u n t il a maximu m n u mb er o f ret ries allo wed is reach ed . Valid
v alu es fo r t h e cwmax are 1, 3, 7, 15, 31, 63, 127, 255, 511, o r 1024. Th e
v alu e fo r cwmax mu s t b e h ig h er t h an t h e v alu e fo r cwmin .
Max. B urs t Leng th: A P EDCA Paramet er On ly (Th e M ax. Bu rs t Len g t h
ap p lies o n ly t o t raffic flo win g fro m t h e acces s p o in t t o t h e clien t s t at io n .)
Th is v alu e s p ecifies (in millis eco n d s ) t h e M aximu m Bu rs t Len g t h allo wed
fo r p acket b u rsts o n t h e wireles s n et wo rk. A p acket b u rs t is a co llect io n o f
mu lt ip le frames t ran s mit t ed wit h o u t h ead er in f o rmat io n . Th e d ecreas ed
o v erh ead res ult s in h ig h er t h ro ugh put an d b et t er p erfo rman ce. Valid v alu es
fo r maximu m b u rs t len g t h are 0.0 t h ro u g h 999
79
Wireless Controller
User Manual
WMM Mode : W i-Fi M u lt iM ed ia (W M M ) is en abled b y d efault . W it h W MM
en ab led , Qo S p rio rit izat io n an d co o rd in at io n o f wireles s med iu m acces s is
o n . W it h W M M en abled, Qo S s et tin gs o n t h e DW C-1000 wireles s co n t ro ller
co n t ro l d o wn s t ream t raffic flo win g fro m t h e acces s p o in t t o clien t s t at io n
(A P EDCA p aramet ers ) an d t h e u p stream t raffic flo win g fro m t h e s t at io n t o
t h e access p o in t (s t at io n EDCA p aramet ers ). Dis ab lin g W M M d eact iv at es
Qo S co n t ro l o f s t at io n EDCA p aramet ers o n u p s t ream t raffic flo win g fro m
t h e s t atio n t o t h e access p oin t W it h W M M d is ab led , y o u can s t ill s et s o me
p aramet ers o n t h e d o wn s t ream t raffic flo win g fro m t h e acces s p o in t t o t h e
clien t s t at io n (A P EDCA p aramet ers ).

To d is ab le W M M ext en s io n s , click Di s abl ed.

To en ab le W M M ext en s io n s , click Enabl ed
S tati on EDCA Parameters
Queue : Qu eu es are d efin ed fo r d ifferen t t y p es o f d at a t ran s mit t ed fro m
s t at io n -t o -A P:

Data 0 (Voi ce): Hig h p rio rit y q u eu e, min imu m d elay . Time -s en s it iv e
d at a s u ch as Vo IP an d s t reamin g med ia are au t o mat ically s en t t o t h is
q u eu e.

Data 1 (Vi deo): Hig h p rio rit y q u eu e, min imu m d elay . Time -s en s it iv e
v id eo d at a is au t o mat ically s en t t o t h is q u eu e .

Data 2 (bes t effort): M ed iu m p rio rit y q u eu e, med iu m t h ro u g h p u t an d
d elay . M o s t t rad it io n al IP d at a is s en t t o t h is q u eu e.

Data 3 (B ack g round): Lo wes t p rio rit y q u eu e, h ig h t h ro u g h p u t . Bu lk
d at a t h at req uires maximu m t h ro u gh put an d is n o t t ime -s en sitiv e is s en t
t o t h is q u eu e (FTP d at a, fo r examp le).
AIFS (Inter -Frame S pace): Th e A rb it rat io n In t er-Frame Sp acin g (A IFS)
s p ecifies a wait t ime fo r d at a frames . Th e wait t ime is meas u red in s lo t s .
Valid v alu es fo r A IFS are 1 t h ro u g h 255.
cwMi n (Mi ni mum Contenti on Wi ndow): Th is p aramet er is u s ed b y t h e
alg o rit h m t h at d et ermin es t h e in it ial ran d o m b acko ff wait t ime (win d o w)
fo r d at a t ran smis sio n d u ring a p erio d o f co n tent ion fo r Th e v alu e s p ecified
in t h e M in imu m Co n t en t io n W in do w is t h e u p p er limit (in millis eco n d s ) o f
a ran g e fro m wh ich t h e in it ial ran d o m b acko ff wait t ime is d et ermin ed . Th e
80
Wireless Controller
User Manual
firs t ran d o m n u mb er g en erated will b e a n u mb er b et ween 0 an d t h e n u mb er
s p ecified h ere. If t h e firs t ran do m b acko ff wait t ime exp ires b efo re t h e d at a
frame is s en t , a ret ry co un ter is in cremen ted an d t h e ran d o m b acko ff v alu e
(win d o w) is d o u b led . Do u b lin g will co n t in u e u n t il t h e s ize o f t h e ran d o m
b acko ff v alu e reach es t h e n u mb er d efin ed in t h e M aximu m Co n t en t io n
W in d o w. cwMax (Maxi mum Contenti on Wi ndow) : Th e v alu e s p ecified in
t h e M aximu m Co n t en t io n W in d o w is t h e u p p er limit (in millis eco n d s ) fo r
t h e d o u b lin g o f t h e ran d o m b acko ff v alu e. Th is d o u b lin g co n t in u es u n t il
eit h er t h e d at a frame is s en t o r t h e M aximu m Co n t en t io n W in d o w s ize is
reach ed . On ce t h e M aximu m Co n t en t io n W in d o w s ize is reach ed , ret ries
will co n t in u e u nt il a maximu m n u mb er o f ret ries allo wed is reach ed. TXOP
Li mi t: St at io n EDCA Paramet er On ly (Th e TXOP Limit ap p lies o n ly t o
t raffic flo win g fro m t h e clien t s t at io n t o t h e acces s p o in t .) Th e
Tran s mis s io n Op p o rt u n it y (TXOP) is an in t erv al o f t ime wh en a W M E
clien t s t at io n h as t h e rig h t t o in it iat e t ran s mis s io n s o n t o t h e wireles s
med iu m (W M ). Th is v alu e s p ecifies (in millis eco n d s ) t h e Tran s mis s io n
Op p o rt u nit y (TXOP) fo r clien t s t at ion s; t h at is , t h e in t erv al o f t ime wh en a
W M M clien t s t atio n h as t h e rig h t t o in it iat e t ran s mis s io n s o n t h e wireles s
n et wo rk.
81
Wireless Controller
User Manual
Figure 39 : AP Pofile - QoS configuratio n (Part-2)
82
Wireless Controller
User Manual
Chapter 3. Configuring Wireless LAN
3.1
WLAN Setup Wizard
Setup > Wizard > WLAN Setup Wizard
Th e W LA N Set u p W izard is av ailab le fo r u s ers fo r co n fig u rin g t h e b as ic wireles s
co n t ro ller s et t in g s s u ch as rad io , SSID an d A cces s Po in t .
Figure 4 0 : WLAN Se tup Wizard
Yo u can s t art u sin g t h e W izard b y lo g g ing in wit h t h e ad min is trato r p as s wo rd fo r t h e
co n t ro ller. On ce au t h en t icat ed s et Co u n t ry Co d e t h at y o u are lo cat ed in , an d t h en
co n fig u re t h e Rad io Co n fig u ratio n, VA P co n fig u ratio n an d A cces p oin t. Th e las t s t ep
in t h e W izard is t o click t h e Connect b u t t o n .
83
Wireless Controller
User Manual
Chapter 4. Monitoring Status and
Statistics
4.1
System Overview
Th e St at u s p ag e allo ws y o u t o g et a d et ailed o v erv iew o f t h e s y s t em co n fig u rat io n .
Th e s et t in g s fo r t h e wired an d wireles s in t erfaces are d is p lay ed in t h e DW C-1000
St at u s p age, an d t hen t h e resu ltin g h ard ware res ou rce an d co nt roller u s ag e d et ails are
s u mmarized o n t h e co n t ro ller Das h b o ard .
4.1.1 Dashboard
Status > Dashboard > General
Th e DW C-1000 d as h b o ard p ag e g iv es a s u mmary o f t h e CPU an d M emo ry
u t ilizat io n .
84
Wireless Controller
User Manual
Figure 41 : Das hboard
CPU Uti l i zati on
Th is s ect io n d is p lay s t h e ro u t er's p ro ces s o r s t at is t ics .
CPU us ag e by us er : Percen t o f t h e CPU u t ilizat io n b ein g co nsu med cu rren tly b y all
u s er s p ace p ro ces s es , s u ch as SSL VPN o r man ag emen t o p erat io n s .
CPU us ag e by k ernel : p ercent o f t h e CPU u t ilizat io n b ein g co n s u med cu rren t ly b y
kern el s p ace p ro ces s es , s u ch as firewall o p erat io n s .
CPU i dl e : p ercen t o f CPU cy cles t h at are cu rren t ly n o t in u s e.
CPU wai ti ng for IO: p ercen t o f CPU cy cles t h at are allo cat ed t o in p u t / o u t p u t
d ev ices .
Memory Uti l i zati on
Th is s ect io n d is p lay s memo ry s t at u s o f s y s t em.
Total Memory: In d icat es t o t al av ailab le v o lat ile p h y s ical memo ry .
Us ed Memory: In d icat es memo ry u s ed b y all p ro ces s es in s y s t em.
85
Wireless Controller
User Manual
Free Memory: In d icat es av ailab le free memo ry in s y s t em.
Cached Memory: In d icat es cach ed memo ry in s y s t em.
B uffer Memory: In d icat es b u ffered memo ry in s y s t em
4.1.2 Dev ice Status
Status > Device Info > Device Status
Th e DW C-1000 St at u s p age g iv es a s u mmary o f t h e co n t roller co n fig uratio n s et tings
co n fig u red in t h e Set u p an d A d vanced men u s. Th e s tatic h ardware s erial n u mb er and
cu rren t firmware v ers io n are p resen ted in t h e Gen eral s ectio n. Th e Op t io n an d LA N
in t erface in fo rmat io n s h o wn o n t h is p ag e are b as ed o n t h e ad min is t rat o r
co n fig u ratio n p aramet ers. Th e rad io b and an d ch anne l s ett in g s are p res en t ed b elo w
alo n g wit h all co n fig u red an d act iv e A Ps t h at are en ab led o n t h is co n t ro ller.
86
Wireless Controller
User Manual
Figure 42 : De vice Status dis play
87
Wireless Controller
User Manual
Figure 43 : De vice Status dis play (continue d)
4.1.3 W ireless LAN AP information
Status > Device Info > Wireless LAN AP Information
Th e M an ag ed A P s t at u s p ag es allo ws t o acces s co n fig u rat io n an d as s o ciat io n
in fo rmat io n ab o u t man ag ed A Ps an d t h eir n eig h b o rs .
Vi ew AP Detai l s : Sh o ws d et ailed s t at u s in fo rmat io n co llect ed fro m t h e A P.
Vi ew Radi o Detai l s : Sh o ws d et ailed s t at u s fo r a rad io in t erface. Us e t h e rad io
b u t t o n t o n av ig at e b et ween t h e t wo rad io in t erfaces .
88
Wireless Controller
User Manual
Vi ew Nei g hbor APs : Sh o ws t h e n eigh bor A Ps t h at t he s pecified A P h as d is co v ered
t h ro u g h p erio d ic RF s c an s o n t h e s elect ed rad io in t erface.
Vi ew Nei g hbor Cl i ents : Sh o ws in fo rmat io n abo u t wireles s clien t s as s o ciat ed wit h
an A P o r d et ect ed b y t h e A P rad io .
Vi ew VAP Detai l s : Sh o ws s u mmary in fo rmat io n ab o u t t h e v irt u al acces s p o in t s
(VA Ps ) fo r t h e s elect ed A P an d rad io in t erface o n t h e A Ps t h at t h e co n t ro ller
man ag es .
Vi ew Di s tri buted Tunnel i ng Detai l s : Sh o ws in fo rmat io n ab o u t t h e L2 t u n n els
cu rren t ly in u s e o n t h e A P.
Figure 44 : Wire le s s LAN AP inform atio n
MAC Addres s : Th e Et h ern et ad dress o f t h e co n toller man ag ed A P. If t h e M A C ad d ress
o f t h e A P is fo llo wed b y an as t eris k (* ), it is man ag ed b y a p eer co n t ro ller.
IP Addres s : Th e n et wo rk IP ad d res s o f t h e man ag ed A P
Ag e: Time s in ce las t co mmu n icat io n b et ween t h e co n t ro ller an d t h e A P.
S tatus : Th e cu rren t man ag ed s t at e o f t h e A P. Th e p o s s ib le v alu es are:
89
Wireless Controller

User Manual
Di s covered: Th e A P is d is co v ered an d b y t he co n t ro ller, b u t is n o t y et
au t h en t icat ed .

Authenti cated: Th e A P h as b een v alid at ed an d au t h en t icat ed (if
au t h en t icat io n is e n ab led ), b u t it is n o t co n fig u red .

Manag ed: Th e A P p ro file co n fig u ratio n h as b een ap plied t o t he A P and
it 's o p erat in g in man ag ed mo d e.

Fai l ed: Th e co n t ro ller lo s t co n t act wit h t h e A P, a failed en t ry will
remain in t h e man ag ed A P d at ab as e u n les s y o u remo v e it . No t e t h at a
man ag ed A P will t emp o rarily s h o w a failed s t at u s d u rin g a res et .

No t e: W h en man ag emen t co n nectiv it y is lo s t fo r a man ag ed A P, t h en b o t h
rad io s o f t h e A P are t u rn ed d o wn. A ll t h e clien t s as sociat ed wit h t h e A P g et
d is as s o ciat ed . Th e rad io s b eco me o p erat io n al if an d wh en t h at A P is
man ag ed ag ain b y a co n t ro ller.
Profi l e : Th e A P p ro file co n fig u rat io n cu rren t ly ap p lied t o t h e man ag ed A P. Th e
p ro file is as s ig n ed t o t h e A P in t h e v alid A P d at ab as e.
Radi o Interface : Sh o ws t h e wireles s rad io mo d e t h at each rad io o n t h e A P is u s in g .
4.1.4 Cluster information
Status > Device Info > Cluster Information
Th e Peer Co n t ro ller St at u s p age p ro vid es in fo rmat io n ab out o th er wireles s co n tro ller
in t h e n et wo rk.Peer wireles s co nto reller wit h in t h e s ame clu s ter e xch ang e d at a ab out
t h ems elv es , t h eir man ag ed A Ps , an d clien t s . Th e co n t ro ller main t ain s a d at ab as e
wit h t h is d at a s o y o u can v iew in fo rmat io n ab out a p eer, s u ch as it s IP ad d res s an d
s o ft ware v ersio n. If t h e co n tro ller lo s es co n t act wit h a p eer, all o f t h e d at a fo r t h at
p eer is d elet ed .
On e o f t h e co n t ro ller in a clu s t er is elect ed as a Clu s t er Co n t ro ller. Th e Clu s t er
Co n t ro ller co llect s st at us an d s tatis tics fro m all t h e o t h er co n t ro llers in t h e clu s t er,
in clu d in g in fo rmat io n ab o u t t h e A Ps p eer co n t ro ller man ag e an d t h e clien t s
as s o ciat ed t o t h o s e A Ps .
90
Wireless Controller
User Manual
Figure 45 : Clus te r inform at ion
Cl us ter Control l er IP Addres s : IP ad d res s o f t h e co n t ro ller t h at co n t ro ls t h e
clu s t er.
Peer Control l ers : Dis p lay s t h e n u mb er o f p eer co n t ro llers in t h e clu s t er.
IP Addres s : IP ad d res s o f t h e p eer wireles s co n t ro ller in t h e clu s t er.
Vendor ID: Ven d o r ID o f t h e p eer co n t ro ller s o ft ware.
S oftware Vers i on: Th e s o ft ware v ers io n fo r t h e g iv en p eer co n t ro llers
Protocol Vers i on: In d icat es t h e p ro t ocol v e rsio n s u p p o rt ed b y t h e s o ft ware o n t h e
p eer co n t ro llers
Di s covery Reas on: Th e d is co v ery met h od o f t h e g iv en p eer co nt roller, wh ich can be
t h ro u g h an L2 Po ll o r IP Po ll
Manag ed AP Count: Sh o ws t h e n u mb er o f A Ps t h at t h e co n t ro ller cu rren t ly
man ag es .
Ag e : Time s in ce las t co mmu n icat io n wit h t h e co n t o rller in Ho u rs , M in u t es , an d
Seco n d s .
91
Wireless Controller
User Manual
4.1.5 Resource Utilization
Status > Dashboard > Interface
Th e Das h b oard p ag e p resents h ard ware an d u sag e s t at is t ics . Th e CPU an d M emo ry
u t ilizat io n is a fu n ct io n o f t h e av ailab le h a rd ware an d cu rren t co n fig u rat io n an d
t raffic t h ro u g h t h e co nt ro ller. In t erface s t at is t ics fo r t h e wired co n n ect io n s (LA N,
Op t io n 1, Op t io n 2/ DM Z, VLA Ns ) p ro v id e in d icatio n o f p ackets t h rou gh an d p ackets
d ro p p ed b y t h e in t erface. Click refres h t o h av e t h is p ag e ret riev e t h e mo s t cu rren t
s t at is t ics .
92
Wireless Controller
User Manual
Figure 46 : Re s ource Utilizatio n s tatis tics
93
Wireless Controller
User Manual
Figure 47 : Re s ource Utilizatio n data (continue d)
94
Wireless Controller
4.2
User Manual
Traffic Statistics
4.2.1 W ired Port Statistics
Status > Traffic Monitor > Device Statistics
Det ailed t ran s mit an d receiv e s t at is t ics fo r each p h y s ical p o rt are p res en t ed h ere.
Each in t erface (Op t io n 1, Op t io n 2/ DM Z, LA N, an d VLA Ns ) h av e p o rt s p ecific
p acket lev el in fo rmat io n p ro v id ed fo r rev iew. Tran s mit t ed / receiv ed p acket s , p o rt
co llis io n s , an d t h e cu mu lat in g b y tes/sec fo r t ran smit / receiv e d irectio ns are p ro v id ed
fo r each in t erface alo n g wit h t h e p o rt u p t ime. If y o u s u sp ect is s u es wit h an y o f t h e
wired p o rt s , t h is t ab le will h elp d iag n o s e u p t ime o r t ran s mit lev el is s u es wit h t h e
p o rt .
Th e s t at ist ics t ab le h as au t o-refresh co ntro l wh ich allo ws d is play o f t h e mo s t cu rrent
p o rt lev el d at a at each p ag e refres h . Th e d efau lt au t o -refres h fo r t h is p ag e is 10
s eco n d s .
Figure 48 : Phys ical port s tatis tics
95
Wireless Controller
4.3
User Manual
Managed AP and Associated Clients
Statistics
4.3.1 Managed AP Statistics
Status > Traffic Monitor > Managed AP Statistics
Th e man ag ed A P s t atist ics p ag e s h o ws in fo rmat io n ab o u t t raffic o n t h e wired an d
wireles s in t erfaces o f t h e access p o in t. Th is in fo rmat io n can h elp d iag nose n et wo rk
is s u es , s u ch as t h ro u g h p u t p ro b lems . Th e fo llo win g fig u re s h o ws t h e M an ag ed
A cces s Po in t St at is t ics p ag e wit h a man ag ed A P.
MAC Addres s : Th is field s h o ws t h e M A C ad d res s o f t h e clien t s t at io n
Interface: Th is field s h o ws t h e in t erface t y p e W LA N o r Et h ern et .
Pack et Trans mi tted: Th is field s h o ws t h e p acket t ran s mit t ed t o t h e clien t s t at io n
Pack et Recei ved: Th is field s h o ws t h e p acket receiv ed t o t h e clien t s t at io n
B ytes Trans mi tted: Th is field s h o ws t h e b y t es t ran s mit t ed t o t h e clien t s t at io n
B ytes Recei ved: Th is field s h o ws t h e b y t es receiv ed t o t h e clien t s t at io n
96
Wireless Controller
User Manual
Figure 49 : M anage d AP Statis tics
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
Vi ew Detai l s : Sh o ws d et ailed s t at u s in fo rmat io n co llect ed fro m t h e A P.
Vi ew Radi o Detai l s : Sh o ws d et ailed s t at u s fo r a rad io in t erface
Vi ew VAP Detai l s :
Sh o ws s u mmary in fo rmat io n ab o u t t h e v irt u al acces s p o in t s
(VA Ps ) fo r t h e s elect ed A P an d rad io in t erface o n t he A Ps t h at t h e co n t ro ller man ag es
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
4.3.2 LAN Assoicated Clients
Status > Traffic Monitor > Associated Clients Statistics > LAN Associated
Clients
Th e co n t ro ller t racks t h e t raffic t h e clien t co n n ect ed wireles s co n t ro ller.
Name: Th e LA N h o s t n ame if av ailab le t h ro u g h Net BIOS.
IP Addres s : Th e LA N d ev ice's IP ad d res s .
MAC Addres s : Th e M A C ad d res s o f t h e co n n ect ed LA N clien t .
97
Wireless Controller
User Manual
Figure 50 : LAN As s ociate d Clie nts
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
Vi ew Detai l s : Sh o ws d et ailed s t at u s as s o ciat ed clien t .
4.3.3 W LAN Assoicated Clients
Status > Traffic Monitor > Associated Clients Statistics > WLAN Associated
Clients
Th e wireles s clien t can ro am amo n g A Ps wit h o u t in t erru p t io n in W LA N s erv ice.
Th e co n t ro ller t racks t h e t raffic t h e clien t s en d s an d receiv es d u rin g t h e en t ire
wireles s s essio n wh ile t h e clien t ro ams amo n g A Ps t h at t he co nt roller man ag es. The
co n t ro ller s t ores s tat istics ab o ut clien t t raffic wh ile it is as s o ciat ed wit h a s in gle AP
as well as t h ro u g h o u t t h e ro amin g s es s io n .
MAC Addres s : Th is field s h o ws t h e M A C ad d res s o f t h e clien t s t at io n
Pack et Trans mi tted: Th is field s h o ws t h e p acket t ran s mit t ed t o t h e clien t s t at io n
Pack et Recei ved: Th is field s h o ws t h e p acket receiv ed t o t h e clien t s t at io n
98
Wireless Controller
User Manual
B ytes Trans mi tted: Th is field s h o ws t h e b y t es t ran s mit t ed t o t h e clien t s t at io n
B ytes Recei ved: Th is field s h o ws t h e b y t es receiv ed t o t h e clien t s t at io n
Figure 51 : WLAN As s ociate d Clie nts
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
Vi ew Detai l s : Sh o ws d et ailed s t at u s as s o ciat ed clien t .
4.4
Active Connections
4.4.1 Sessions through the Controller
Status > Active Sessions
Th is t ab le lis t s t h e act iv e in t ern et s es s io n s t h ro u g h t h e co n t ro llers firewall. Th e
s es s io n ‟s p ro t o co l, s t at e, lo cal an d remo t e IP ad d res s es are s h o wn .
99
Wireless Controller
User Manual
Figure 52 : Lis t of curre nt Active Fire wall Se s s ions
4.5
LAN Client Info
4.5.1 Associated Clients
Status > LAN Client Info > Associated Clients
Th e clien t s t h at are as s o ciat ed wit h t h e A Ps t h e co n t ro ller man ag es as d is p lay ed .
100
Wireless Controller
User Manual
Figure 53 : As s ociate d C lie nts
MAC Addres s : Th e Et h ern et ad d res s o f t h e clien t s t at io n . If t h e M A C ad d res s is
fo llo wed b y an as t erisk (* ), t h e clien t is as s o ciat ed wit h an A P man ag ed b y a p eer
co n t ro ller.
AP MAC Addres s : Th e Et h ern et ad d res s o f t h e A P.
S S ID: Th e n et wo rk o n wh ic h t h e clien t is co n n ect ed .
B S S ID: Th e Et h ern et M A C ad d res s fo r t h e man ag ed A P VA P wh ere t h is clien t is
as s o ciat ed .
Detected IP Addres s : Id en t ifies t h e IPv 4 ad d res s o f t h e clien t , if av ailab le.
S tatus : In d icat es wh eth er o r n o t t h e clien t h as associated an d/ or au t h en t icat ed . Th e
v alid v alu es are:
•
As s oci ated: Th e clien t is cu rren t ly as s o ciat ed t o t h e man ag ed A P.
•
Authenti cated: Th e clien t is cu rren t ly associated an d au t h en t icat ed
t o t h e man ag ed A P.
101
Wireless Controller
User Manual
•
Di s as s ociated: Th e clien t h as d isasso ciat ed fro m t h e man a g ed A P. If
t h e clien t d o es n o t ro am t o an o t h er man ag ed A P wit h in t h e clien t
ro am t imeo u t , it will b e d elet ed .
Di s as s oci ate : Dis as s o ciat es t h e clien t fro m t h e man ag ed A P.
Vi ew Detai l s : Fo r each clien t as s o ciat ed wit h an A P t h at t h e co n t ro ller man ag es ,
y o u can v iew d et ailed s tatus in fo rmat io n ab o ut t h e clien t an d it s asso ciat ion wit h t he
acces s p o in t .
Vi ew Nei g hbor S tatus : Th e as s o ciat ed clien t s tatus s h ows in fo rmat io n ab o ut access
p o in t s t hat t h e clien t d et ects. Th e in fo rmat io n o n t h is p ag e can h elp y o u d et ermin e
t h e man ag ed A P an as s o ciat ed clien t mig h t u s e fo r ro amin g .
Vi ew Di s tri buted Tunnel i ng S tatus :
Th e as s o ciat ed clien t s t at u s s h o ws
in fo rmat io n ab o u t access p o in ts t h at t he clien t d et ect s . Th e A P -A P t u n n elin g mo d e
is u s ed t o s u p p o rt L3 ro amin g fo r wireles s clien t s wit h o u t fo rward in g an y d at a
t raffic t o t h e wireles s co n t ro ller
Vi ew S S ID Detai l s : Each man ag ed A P can b e fro m d ifferen t n et wo rks t h at each
h av e a u n iq u e SSID. A lt h o u g h s ev eral wireles s clien t s mig h t b e co n n ect ed t o t h e
s ame p h y s ical A P, t h ey mig h t n o t co n n ect b y u s in g t h e s ame SSID. Th e W LA N >
M o n it o rin g > Clien t > A s s o ciat ed Clien t s > SSID St at u s p ag e lis t s t h e SSIDs o f t h e
n et wo rks t h at each wireles s clien t as s o ciat ed wit h a man ag ed A P h as u s ed fo r
W LA N acces s .
Vi ew VAP Detai l s : Each A P h as s et o f Virt u al A ccess Po in t s (VA Ps ) p er rad io , an d
ev ery VA P h as a u n iq u e M A C ad d ress (BSSID). Th is d is p lay s t h e VA P A s s o ciat ed
Clien t St at u s p age wh ich s ho ws in fo rmat io n ab ou t t h e VA Ps o n t h e man ag ed AP that
h av e as s o ciat ed wireles s clien t s .
4.5.2 LAN Clients
Status > LAN Client Info > LAN Clients
Th e LA N clien t s t o t h e co n t ro ller are id en t ified b y an A RP s can t h ro u g h t h e LA N
co n t ro ller. Th e Net Bio s n ame (if av ailab le), IP ad d res s an d M A C ad d res s o f
d is co v ered LA N h o s t s are d is p lay ed .
102
Wireless Controller
User Manual
Figure 54 : Lis t of LAN hos ts
4.5.3 Detected Clients
Status > LAN Client Info > Detected Clients
W ireles s clien ts are d etect ed b y t h e wireles s sy stem wh en t h e clien t s eit h er at t emp t
t o in t eract wit h t h e s ystem o r wh en t h e s y s t em d et ect s t raffic fro m t h e clien t s . Th e
Det ect ed Clien t St at u s p ag e co n t ain s in fo rmat io n ab o u t clien t s t h at h av e
au t h en ticat ed wit h an A P as well in fo rmat io n ab o ut clien ts t h at d is asso ciat e an d are
n o lo n g er co n n ect ed t o t h e s y s t em.
103
Wireless Controller
User Manual
Figure 55 : De te cte d Clie nts
MAC Addres s : Th e Et h ern et M A C ad d res s o f t h e clien t .
Cl i ent Name : Sh o ws t h e n ame o f t h e clien t , if av ailab le, fro m t h e Kn o wn Clien t
Dat ab as e. If clien t is n o t in t h e d at ab as e t h en t h e field is b lan k.
Cl i ent S tatus : Sh o ws t h e clien t s t at u s , wh ich ca n b e o n e o f t h e fo llo win g :

A u t h ent icat ed.Th e wireles s clien t is au th en ticated wit h t h e wireles s s y s t em.

Det ect ed .The wireles s clien t is d et ected b y t h e wireles s s y s t em b u t is n o t a
s ecu rit y t h reat .

Black-Lis t ed .Th e clien t wit h t h is M AC ad d ress is s pecifica lly d en ied acces s
v ia

M A C A u t h en t icat io n .

Ro g u e.Th e clien t is clas s ified as a t h reat b y o n e o f t h e t h reat d et ect io n
alg o rit h ms .
104
Wireless Controller
User Manual
Ag e : Time s in ce an y ev ent h as b een receiv ed fo r t h is clien t t h at u pd at ed t he d etected
clien t d at ab as e en t ry .
Create Ti me : Time s in ce t h is en try was firs t ad ded t o t h e d et ected clien ts d at ab as e.
4.6
Access Point
4.6.1 Access Point Status
Status > General > Access Point
Th e A cces s Po in t St at u s p ag e s h o ws s u mmary in fo rmat io n ab o u t man ag ed , failed ,
an d ro g u e acces s p o in t s t h e co n t ro ller h as d is co v ered o r d et ect ed .
105
Wireless Controller
User Manual
Figure 56 : AP s tatus
Total Acces s Poi nts Uti l i zati on
Total Acces s Poi nts : To t al n u mb er o f M an ag ed A Ps in t h e d at ab as e. Th is v alu e is
alway s eq u al t o t h e s u m o f M an ag ed A cces s Po in t s , Co n n ect io n Failed A cces s
Po in t s , an d Dis co v ered A cces s Po in t s .
Manag ed Acces s Poi nts : Nu mb er o f A Ps in t h e man ag ed A P d at ab as e t h at are
au t h en t icat ed , co n fig u red , an d h av e an act iv e co n n ect io n wit h t h e co n t ro ller.
106
Wireless Controller
User Manual
Di s covered Acces s Poi nts : A Ps t h at h av e a co n n ect io n wit h t h e co n t ro ller, b u t
h av en 't b een co mp let ely co n fig u red . Th is v alu e in clu d es all man ag ed A Ps wit h a
Dis co v ered o r A u t h en t icat ed s t at u s .
Connecti on Fai l ed Acces s Poi nts : Nu mb er o f A Ps t h at were p rev io u s ly
au t h en ticat ed an d man ag ed, b u t cu rrently d o n't h av e co n nect ion wit h t h e co n t ro ller.
Acces s Poi nts Uti l i zati on
S tandal one Acces s Poi nts : Nu mb er o f t ru s t ed A Ps in St an d alo n e mo d e. A Ps in
St an d alo n e mo d e are n o t man ag ed b y a co n t ro ller.
Rog ue Acces s Poi nts : Nu mb er o f Ro g u e A Ps cu rren t ly d et ect ed o n t h e W LA N.
W h en an A P p erfo rms an RF s can , it mig h t d et ect access p o in t s t h at h av e n o t b een
v alid at ed . It rep o rt s t h es e A Ps as ro g u es .
Authenti cati on Fai l ed Acces s Poi nts :
Nu mb er o f A Ps t h at failed t o es t ab lis h co mmu n icat io n wit h t h e co n t ro ller.
Unk nown Acces s Poi nts : Nu mb er o f Un kn o wn A Ps cu rren t ly d et ect ed o n t h e
W LA N. If an A P co n fig u red t o b e man ag ed b y t h e co nt roller is d et ect ed t h ro u g h an
RF s can at an y t ime t h at it is n o t act iv ely man ag ed it is clas s ified as an Un kn o wn
A P.
Rog ue AP Mi ti g ati on Li mi t: M aximu m n u mb er o f A Ps fo r wh ich t h e s y s t em can
s en d d e -au t h en t icat io n frames .
Rog ue AP Mi ti g ati on Count: Nu mb er o f A Ps t o wh ich t h e wireles s s y s t em is
cu rren t ly s endin g d e -aut he nticatio n mes s ag es t o mit ig at e ag ain st ro g ue A Ps. A v alue
o f 0 in d icat es t h at mit ig at io n is n o t in p ro g res s .
Maxi mum Manag ed APs i n Peer Group: M aximu m n u mb er o f acces s p o in t s t h at
can b e man ag ed b y t h e clu s t er.
WLAN Uti l i zati on: To t al n et wo rk u t ilizat io n acro s s all A Ps man ag ed b y t h is
co n t ro ller. Th is is b as ed o n g lo b al s t at is t ics .
107
Wireless Controller
User Manual
4.6.2 AP Summary
Status > Access Point Info> APs Summary
Th e Lis t o f A P p ag e s h o ws s u mmary in fo rma t io n ab o u t man ag ed , failed , an d
ro g u e access p oin ts t h e co ntro ller h as d is co vere d o r d et ect ed . Th e s t at us en tries can
b e d elet ed man u ally . To clear all A Ps fro m t h e A ll A cces s Po in ts s tatu s p ag e except
M an ag ed A cces s Po in t s , click Del ete Al l .
To co n fig u re an A u th ent icat ion Failed A P t o b e man ag ed b y t he co n t ro ller t h e n ext
t ime it is d is co v ered , s elect t h e ch eck b o x n ext t o t h e M A C ad d res s o f t h e A P
an d \ click M an age. Yo u will b e p res en ted wit h t h e Valid A cces s Po in t Co n fig u ration
p ag e.
Figure 57 : AP s tatus
MAC Addres s :
Sh o ws t h e M A C ad d res s o f t h e a cces s p o in t .
IP Addres s : Th e n et wo rk ad d res s o f t h e acces s p o in t .
Ag e :
Sh o ws h o w mu ch t ime h as p as s ed s in ce t h e A P was las t d et ect ed an d t h e
in fo rmat io n was las t u p d at ed .
S tatus : Sh o ws t h e acces s p o in t s t at u s
108
Wireless Controller
User Manual
•
Manag ed: Th e A P p ro file co n fig u ratio n h as b een ap p lied t o t h e A P
an d it 's o p erat in g in man ag ed mo d e.
•
No Databas e Entry: M A C ad d res s o f t h e A P d o es n o t ap p ear in t h e
lo cal o r RA DIUS Valid A P d at ab as e.
•
Authenti cati on (Fai l ed AP): Th e A P failed t o b e au t h en t icat ed b y
t h e co n t ro ller o r RA DIUS s erv er. Sin ce A P is n o t co n fig u red as a
v alid A P wh ich t h e co rrect lo cal o r RA DIUS au t h en t icat io n
in fo rmat io n .
•
Fai l ed: Th e co n t ro ller lo s t co n t act wit h t h e A P; a failed en t ry will
remain in t h e man ag ed A P d at abase u nless y o u remo v e it . No t e t h at
a man ag ed A P will t emp o rarily s h o w a failed s t at u s d u rin g a res et .
•
Rog ue : Th e A P h as n o t at temp t ed t o co n t act t h e co n t ro ller an d t h e
M A C ad d res s o f t h e A P is n o t in t h e Valid A P d at ab as e.
Radi o: Sh o ws t h e wireles s rad io mo d e t h e A P is u s in g .
Channel : Sh o ws t h e o p erat in g ch an n el fo r t h e rad io .
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e
Del ete Al l : M an u ally clear all A Ps fro m t h e A ll A cces s Po in t s s t at u s p ag e excep t
M an ag ed A cces s Po in t s .
Manag e : Co n fig u re an A u t h en ticatio n Failed A P t o b e man ag ed b y t h e co n t ro ller
t h e n ext t ime it is d is co v ered . Select t h e ch eck b o x n ext t o t h e M A C ad d res s o f t h e
A P b efo re y o u click M an ag e Yo u will b e p res en t ed wit h t h e Valid A cces s Po in t
Co n fig u rat io n p ag e. Yo u can t h en co n fig ure t he A P an d click Su b mit t o s av e the AP
in t h e lo cal Valid A P d at ab ase. If y o u u se a RA DIUS s erv er fo r A P v alid at io n , y o u
mu s t ad d t h e M A C ad d res s o f t h e A P t o t h e A P d at ab as e o n t h e RA DIUS s erv er.
Ack nowl edg e : Id en t ify an A P as an A ckn o wled g ed Ro g u e. Select t h e ch eck b o x
n ext t o t h e M A C ad d ress o f t h e A P b efo re y o u click A ckn o wled g e. Th e co n t ro ller
ad d s t h e A P t o t h e Valid A P d at ab as e as an A ckn o wled g ed Ro g u e.
Vi ew Detai l s : To v iew t h e d et ails co n fig ured A Ps . Select t he ch eck b o x n ext t o t h e
M A C ad d res s o f t h e A P b e fo re y o u click View Det ails .
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
109
Wireless Controller
User Manual
4.6.3 Managed AP Status
Status > Access Point Info> Managed AP Status
In t h e M an ag ed A P St at u s p ag e, y o u can acces s a v ariet y o f in fo rmat io n ab o u t
each A P t h at t h e co n t ro ller man ag es .
Figure 58 : M anage d AP s tatus
MAC Addres s : Th e Et h ern et ad d res s o f t h e co n t ro ller-man ag ed A P.
IP Addres s :
Ag e:
Th e n et wo rk IP ad d res s o f t h e man ag ed A P.
Time s in ce las t co mmu n icat io n b et ween t h e Co n t ro ller an d t h e A P.
S tatus : Th e cu rren t man ag ed s t at e o f t h e A P. Th e p o s s ib le v alu es are
•
Di s covered: Th e A P is d is co v ered an d b y t h e co n t ro ller, b u t is n o t
y et au t h en t icat ed .
•
Authenti cated: Th e A P h as b een v alid at ed an d au t h en t icat ed (if
au t h en t icat io n is en ab led ), b u t it is n o t co n fig u red .
110
Wireless Controller
User Manual
•
Manag ed: Th e A P p ro file co n fig u ratio n h as b een ap p lied t o t h e A P
an d it 's o p erat in g in man ag ed mo d e.
•
Fai l ed: Th e Co n t ro ller lo s t co n t act wit h t h e A P, a failed en t ry will
remain in t h e man ag ed A P d at abase u nless y o u remo v e it . No t e t h at
a man ag ed A P will t emp o rarily s h o w a failed s t at u s d u rin g a res et .
Profi l e : Th e A P p ro file co n fig u ratio n cu rrent ly ap p lied t o t h e man ag ed A P. Th e
p ro file is as s ig n ed t o t h e A P in t h e v alid A P d at ab as e.
Radi o Interface: Sh o ws t h e wireles s rad io mo d e t h at each rad io o n t h e A P is
u s in g .
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Del ete : M an u ally clear exis t in g A Ps
Vi ew AP Detai l s : Sh o ws d et ailed s t at u s in fo rmat io n co llect ed fro m t h e A P.
Vi ew Radi o Detai l s : Sh o ws d et ailed s t at u s fo r a rad io in t erface
Vi ew Nei g hbor Detai l s : Sh o ws t h e n eig h b o r A Ps t h at t h e s p ecified A P h as
d is co v ered t h ro u g h p erio d ic RF s can s o n t h e s elect ed rad io in t erface
Vi ew Nei g hbor Cl i ents : Sh o ws in fo rmat io n ab o u t wireles s clien t s as s o ciat ed
wit h an A P o r d et ect ed b y t h e A P rad io
Vi ew VAP Detai l s : Sh o ws s ummary in fo rmat io n ab o ut t h e v irt u al access p oin ts
(VA Ps ) fo r t h e s elect ed A P an d rad io in t erface o n t h e A Ps t h at t h e co n t ro ller
man ag es
4.6.4 Authentication Failure Status
Status > Access Point Info> Authentication Failure Status
A n A P mig h t fail t o as s ociate t o t he co ntro ller d u e t o erro rs s u ch as in v alid p acket
fo rmat o r v en d o r ID, o r b ecau s e t h e A P is n o t co n fig u red as a v alid A P wit h t h e
co rrect lo cal o r RA DIUS au t h en ticatio n in fo rmat io n Th e A P au t h en t icat io n failu re
lis t s h o ws in fo rmat io n ab ou t A Ps t h at failed t o es t ab lis h co mmu n icat io n wit h t h e
DW C-1000 wireles s co n t o rller
Th e A P can fail d u e t o o n e o f t h e fo llo win g reas o n s :
111
Wireless Controller

User Manual
No Databas e Entry: Th e M A C ad d res s o f t h e A P is n o t in t h e lo cal
Valid A P d at ab ase o r t h e ext ern al RA DIUS s erv er d at ab as e, s o t h e A P
h as n o t b een v alid at ed .

Local Authenti cati on: Th e au t h ent icat ion p as s wo rd co n fig u red in t h e
A P d id n o t ma t ch t h e p as s wo rd co n fig u red in t h e lo cal d at ab as e.

Not Manag ed: Th e A P is in t h e Valid A P d at ab ase, b u t t h e A P M o de in
t h e lo cal d at ab as e is n o t s et t o M an ag ed .

RADIUS Authenti cati on: Th e p as s wo rd co n fig u red in t h e RA DIUS
clien t fo r t h e RA DIUS s erv er was r eject ed b y t h e s erv er.

RADIUS Chal l eng ed: Th e RA DIUS s erv er is co n fig u red t o u s e t h e
Ch allen g e -Res p o n s e au t h en t icat io n mo d e, wh ich is in co mp at ib le wit h
t h e A P.

RADIUS Unreachabl e : Th e RA DIUS s erv er t h at t h e A P is co n fig u red
t o u s e is u n reach ab le.

Inval i d RADIUS Res pons e : Th e A P receiv ed a res p o n s e p acket fro m
t h e RA DIUS s erv er t h at was n o t reco g n ized o r in v alid .

Inval i d Profi l e ID: Th e p ro file ID s p ecified in t h e RA DIUS d at ab as e
may n o t exis t o n t h e co n t ro ller. Th is can als o h ap p en wit h t h e lo cal
d at ab as e wh en t h e co n fig u rat io n h as b een receiv ed fro m a p eer
co n t ro ller.

Profi l e Mi s match•-Hard ware Ty p e: Th e A P h ard ware t y p e s p ecified
in t h e A P Pro file is n o t co mp at ib le wit h t h e act u al A P h ard ware.
Figure 59 : Authe nticat io n Failure St atus
112
Wireless Controller
User Manual
M AC Address: The Ethernet address of the AP . If the MAC address of the
AP is followed by an asterisk (*), it was reported by a peer controller.
IP Addre s s : The IP address of the AP .
Las t Failure Type : Indicates the last type of failure that occurre d, which
can be one of the following:

Local Authentication

No Database Entry

Not Managed

RADIUS Authentication

RADIUS Challenged

RADIUS Unreachable

Invalid RADIUS Response

Invalid P rofile ID

P rofile Mismatch-Hardware Type
Age : Time since failure occurred.
4.6.5 AP RF Scan Status
Status > Access Point Info> AP RF Scan Status
The radios on each AP can periodically scan the radio frequency to collect
information about other AP s and wireless clients that are within range. In
normal operating mode the AP always scans on the operational channel for
the radio.
MAC Addres s : Th e Et h ern et M A C ad d res s o f t h e d et ect ed A P. Th is co u ld b e a
p h y s ical rad io in t erface o r VA P M A C.
113
Wireless Controller
User Manual
S S ID: Serv ice Set ID o f t h e n et wo rk, wh ich is b ro ad cas t in t h e d et ect ed b eaco n
frame.
Phys i cal Mode : In d icat es t h e 802.11 mo d e b ein g u s ed o n t h e A P.
Channel : Tran s mit ch an n el o f t h e A P.
S tatus : In d icat es t h e man ag ed s tatus o f t h e A P, wh et her t h is is a v alid A P kn o wn to
t h e co n t ro ller o r a Ro g u e o n t h e n et wo rk. Th e v alid v alu es are:

Manag ed: Th e n eig h b o r A P is man ag ed b y t h e wireles s s y s t em.

S tandal one : Th e A P is man ag ed in s t an d alo n e mo d e an d co n fig u red as a
v alid A P en t ry (lo cal o r RA DIUS).

Rog ue : Th e A P is clas s ified as a t h reat b y o n e o f t h e t h reat d et ect io n
alg o rit h ms .

Unk nown: Th e A P is d et ec t ed in t h e n etwo rk b u t is n o t classified as a t h reat
b y t h e t h reat d et ect io n alg o rit h ms .
Ag e : Time s in ce t h is A P was las t d etected in an RF s can . St at u s en t ries fo r t h e RF
Scan St at u s p age are co llect ed at a p o in t in t ime an d ev en t u ally ag e o u t . Th e ag e
v alu e fo r each en t ry s h o ws h o w lo n g ag o t h e co n t ro ller reco rd ed t h e en t ry .
114
Wireless Controller
User Manual
Figure 60 : AP RF Scan Status
4.7
Global Info
4.7.1 Global status
Status > Global Info > Global Status
Th e DW C-1000 co n t ro ller p erio d ically co llect s in fo rmat io n fro m t h e A Ps it
man ag es an d fro m as s ociat ed p eer co n t ro ller. Th e in fo rmat io n o n t h e Glo b al p ag e
s h o ws s tatus an d s t at is t ics ab o u t t h e co n t ro ller an d all o f t h e o b ject s as s o ciat ed
wit h it .
115
Wireless Controller
User Manual
Figure 61 : Global Status (Part 1)
116
Wireless Controller
User Manual
Figure 62 : Global Status (Part 2)
117
Wireless Controller
User Manual
WLAN Control l er Operati onal S tatus : Th is s t at us field d is p lays t he o p eratio nal
s t at us o f t h is co ntro ller (a W LA N co n t ro ller). Th e W LA N Co n t ro ller may b e co n figured
as en ab led , b ut is o p eratio nally d is abled d ue t o co nfig uratio n d ep end en cies. If t h e
o p erat io nal s t at us is d is abled , t he reaso n will b e d is p lay ed in t h e fo llo win g s tatu s field .
IP Addres s : IP ad d ress o f t h e co nt roller.
Peer Control l er : Nu mb er o f p eer W LA N co n t ro llers d et ected o n t h e n et work.
Cl us ter Control l er : In d icat es wh et her t his co ntro ller is t h e Clu s ter Co n t roller fo r t h e
clu s t er.
Cl us ter Control l er IP Addres s : Th e IP ad d res s o f t h e p eer co nt roller t h at is t h e
Clu s t er Co n t ro ller.
Total Acces s Poi nts : To t al n u mb er o f M an ag ed A Ps in t h e d atabase. Th is v alu e is
alway s eq u al t o t h e s um o f M an ag ed A ccess Po in ts, Co n n ect ion Failed A ccess Po in ts,
an d Dis co v ered A ccess Po in t s.
Manag ed Acces s Poi nts : Nu mb er o f A Ps in t h e man ag ed A P d at ab ase t hat are
au t h en ticat ed , co nfig ured, an d h av e an act iv e co nn ectio n wit h t h e co nt roller.
S tandal one Acces s Poi nts : Nu mb er o f t ru s ted A Ps in St an dalon e mo d e. A Ps in
St an d alo ne mo d e are n o t man aged b y a co n tro ller.
Rog ue Acces s Poi nts : Nu mb er o f Ro g u e A Ps cu rrently d etected o n t he W LA N. W h e n
an A P p erfo rms an RFs can , it mig h t d et ect access p o int s t hat h ave n o t b een v alid ated. It
rep o rt s t hese A Ps as ro g ues.
Di s covered Acces s Poi nts : A Ps t hat h av e a co n nectio n wit h t h e co ntro ller, b u t h aven't
b een co mp let ely co nfig ured. Th is v alue in clu des al l man ag ed A Ps wit h a Dis co v ered o r
A u t h ent icat ed s t at us.
Connecti on Fai l ed Acces s Poi nts : Nu mb er o f A Ps t h at were p rev io usly au thent icat ed
an d man ag ed , b u t cu rrent ly d o n't h ave co nnect ion wit h t h e Un ified Co n t ro ller.
Authenti cati on Fai l ed Acces s Poi nts : Nu mb er o f A Ps t h at failed t o est ab lish
co mmu n icat io n wit h t h e Un ified Co n t ro ller.
Unk nown Acces s Poi nts : Nu mb er o f Un kn o wn A Ps cu rren tly d etect ed o n t h e W LA N.
If an A P co n fig u red t o b e man ag ed b y t h e Un ified Co n t ro ller is d et ected t h ro ugh an RF
s can at an y t ime t h at it is n ot activ ely man ag ed it is clas sified as an Un kn o wn A P.
118
Wireless Controller
User Manual
Rog ue AP Mi ti g ati on Li mi t: M aximu m n u mb er o f A Ps fo r wh ich t h e s y s tem can s end
d e-au t h en ticatio n frames .
Rog ue AP Mi ti g ati on Count: Nu mb er o f A Ps t o wh ich t h e wireles s s yst em is cu rr en t ly
s en d in g t h e au t henticatio n mes s ag es t o mit ig at e ag ain st ro g ue A Ps. A v alu e o f 0
in d icat es t h at mit ig at io n is n o t in p ro g ress.
Maxi mum Manag ed APs i n Peer Group: M aximu m n u mb er o f acces s p o int s t hat can
b e man ag ed b y t h e clu ster.
WLAN Uti l i zati on: To t al n et wo rk u t ilizat io n acro ss all A Ps man ag ed b y t his
co n t ro ller. Th is is b ased o n g lo bal s tatist ics.
Total Cl i ents : To t al n u mb er o f clien t s in t h e d atabase. Th is t ot al in clu d es clien t s wit h
an A s s ociated, A u thent icat ed , o r Dis associated s tatus.
Authenti c ated Cl i ents : To t al n u mb er o f clien t s in t h e associated clien t d atabase wit h
an A u t h ent icated s t at us.
8 0 2 .1 1 a Cl i ents: To t al n u mb er o f IEEE 802.11a o n ly clien t s t h at are au t henticated.
8 0 2 .1 1 b/ g Cl i ents: To t al n u mb er o f IEEE 802.11b / g o n ly clien t s t h at are au t henticated.
8 0 2 .1 1 n Cl i ents: To t al n u mb er o f clien t s t h at are IEEE 802.11n cap ab le an d are
au t h en ticat ed . Th ese in clu de IEEE 802.11a/ n , IEEE 802.11b / g / n , 5 GHz IEEE 802.11n ,
2.4GHz IEEE 802.11n .
Maxi mum As s oci ated Cl i ents : M aximu m n u mb er o f clien t s t h a t can associate wit h t h e
wireles s s y stem. Th is is t h e maximu m n u mb er o f en t ries allo wed in t h e A ssociated
Clien t d at ab ase.
Detected Cl i ents : Nu mb er o f wireles s clien t s d etect ed in t h e wireles s n et wo rk
en v iro n men t .
Maxi mum Detected Cl i ents : M aximu m n u mb er o f clien t s t h at can b e d etected b y t h e
co n t ro ller. Th e n u mb er is limit ed b y t h e s ize o f t h e Det ect ed Clien t Dat abase.
Maxi mum Pre -authenti cati on Hi s tory Entri es : M aximu m n u mb er o f Clien t
PreA u t h enticatio n ev ents t h at can b e record ed b y t h e sy stem.
Total Preauthenti cati on Hi s tory: En t ries Cu rren t n u mb er o f p re -au t henticatio n h is tory
en t ries in u s e b y t h e s ystem.
Maxi mum Roam Hi s tory Entri es : M aximu m n u mb er o f en t ries t h at can b e record ed in
t h e ro am h is t o ry fo r all d et ect ed clien ts.
119
Wireless Controller
User Manual
Total Roam Hi s tory Entri es : Cu rren t n u mb er o f ro am h is t o ry en tries in u s e b y t h e
s y s tem.
AP Provi s i oni ng Count: Cu rren t n u mb er o f A P p ro v is io nin g ent ries co nfig ured o n t h e
s y s tem.
WLAN B ytes Trans mi tted: To t al b y t es t ran smit t ed across all A Ps man ag ed b y t h e
co n t ro ller.
WLAN Pac k ets Trans mi tted: To t al p acket s t ransmit t ed across all A Ps man ag ed b y t he
co n t ro ller.
WLAN B ytes Recei ved To t al b y t es receiv ed across all A Ps man ag ed b y t h e co n troller.
WLAN Pack ets Recei ved: To t al p acket s receiv ed acro ss all A Ps man ag ed b y t h e
co n t ro ller.
WLAN B ytes Trans mi t Dropped: To t al b y t es t ransmit t ed acro ss all A Ps man ag ed b y
t h e co n t roller t h at were d ro p p ed.
WLAN Pack ets Trans mi t Dropped: To t al p acket s t ransmit t ed acro ss all A Ps man ag ed
b y t h e co n t roller t h at were d ro p ped.
WLAN B ytes Recei ve Droppe d: To t al b y t es receiv ed across all A Ps man ag ed b y t h e
co n t ro ller t h at were d ro p ped.
WLAN Pack ets Recei ve Dropped: To t al p acket s receiv ed acro ss all A Ps man ag ed b y
t h e co n t roller t h at were d ro p p ed.
Di s tri buted Tunnel Pack ets Trans mi tted: To t al n u mb er o f p ac ket s s en t b y all A Ps v ia
d is t rib u ted t u nn els .
Di s tri buted Tunnel Roamed Cl i ents : To t al n u mb er o f clien t s t h at s uccessfu lly ro amed
away fro m Ho me A P u s in g d is trib ut ed t un nelin g.
Di s tri buted Tunnel Cl i ents : To t al n u mb er o f clien t s t hat are as sociated wit h an A P
t h at are u s in g d is trib ut ed t un nelin g.
Di s tri buted Tunnel Cl i ent Deni al s : To t al n u mb er o f clien t s fo r wh ich t h e s yst em was
u n ab le t o s et u p a d is trib ut ed t un nel wh en clien t ro amed
Th e fo llo win g act io n s are s u ppo rted fro m t h is p ag e:
Refres h: Up d at es t h e p age wit h t h e lat est in fo rmat io n.
Cl ear S tati s ti cs: Res et all co u n t ers o n t h e p age t o zero
120
Wireless Controller
User Manual
4.7.2 Peer Contorller Status
Status > Global Info > Peer Controller > Status
Th e Peer Co n t ro ller St at u s p ag e p ro v id es in fo rmat io n ab o u t o t h er W ireles s
Co n t ro llers in t h e n et wo rk. Peer wireles s co n t ro llers wit h in t h e s ame clu s t er
exch an g e d at a ab o u t t h ems elv es , t h eir man ag ed A Ps , an d clien t s . Th e co n t ro ller
main t ain s a d at ab ase wit h t h is d ata s o y o u can v iew in fo rmat io n ab out a p eer, s u ch
as it s IP ad d res s an d s oft ware v ersio n. If t h e co n t roller lo s es co n tact wit h a p eer, all
o f t h e d at a fo r t h at p eer is d elet ed. On e co nt roller in a clu s t er is elect ed as a Clu s ter
Co n t ro ller. Th e Clu s t er Co n t ro ller co llect s s t at u s an d s t at is t ics fro m all t h e o t h er
co n t ro llers in t h e clu s t er, in clu d in g in fo rmat io n ab o u t t h e A Ps p eer co n t ro llers
man ag e an d t h e clien t s as s o ciat ed t o t h o s e A Ps .
Cl us ter Control l er IP Addres s : IP ad d res s o f t h e co n t ro ller t h at co n t ro ls t h e
clu s t er.
Peer Control l ers : Dis p lay s t h e n u mb er o f p eer co n t ro ller in t h e clu s t er.
Li s t of Peer Control l ers
IP Addres s : IP ad d res s o f t h e p eer wireles s co n t ro ller in t h e clu s t er.
Vendor ID: Ven d o r ID o f t h e p eer co n t ro ller s o ft ware.
S oftware Vers i on: Th e s o ft ware v ers io n fo r t h e g iv en p eer co n t ro ller.
Protocol Vers i on: In d icat es t h e p ro t ocol v ersio n s up port ed b y t h e s o ft ware o n
t h e p eer co n t ro ller.
Di s covery Reas on: Th e d is co v ery met h o d o f t h e g iv en p eer co n t ro ller, wh ich
can b e t h ro u g h an L2 Po ll o r IP Po ll
Manag ed AP Count: Sh o ws t h e n u mb er o f A Ps t h at t h e co n t ro ller cu rren t ly
man ag es .
Ag e: Time s in ce las t co mmu n icat io n wit h t h e co ntro ller in Ho u rs , M in ut es, an d
Seco n d s .
121
Wireless Controller
User Manual
Figure 63 : Pe e r Controlle r Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
4.7.3 Peer Controller Configuration Status
Status > Global Info > Peer Controller > Configuration
Yo u can p u s h p o rt io n s o f t h e co n t ro ller co n fig u rat io n fro m o n e co n t ro ller t o
an o t h er co n t ro ller in t h e clu s t er. Th e Peer Co n t ro ller Co n fig u rat io n St at u s p ag e
d is p lay s in fo rmat io n ab o ut t h e co nfig uratio n s ent b y a p eer co n troller in t h e clu s ter.
It als o id en t ifies t h e IP ad d res s o f each p eer co n t ro ller t h at receiv ed t h e
co n fig u rat io n in fo rmat io n
Peer IP Addres s : Sh o ws t h e IP ad d res s o f each p eer wireles s co n t ro ller in t h e
clu s t er t h at receiv ed co n fig u rat io n in fo rmat io n .
122
Wireless Controller
User Manual
Confi g urati on Control l er IP Addres s : Sh o ws t h e IP A d d ress o f t h e co nt roller t h at
s en t t h e co n fig u rat io n in fo rmat io n .
Confi g urati on: Id en t ifies wh ich p art s o f t h e con fig u rat io n t h e co n t ro ller receiv ed
fro m t h e p eer co n t ro ller.
Ti mes tamp: Sh o ws wh en t h e co n figu rat io n was ap plied t o t h e co n t ro ller. Th e t ime
is d is p lay ed as UTC t ime an d t h erefo re o n ly u s efu l if t h e ad min is t rat o r h as
co n fig u red each p eer co n t ro ller t o u s e NTP.
Figure 64 : Pe e r Controlle r Configuratio n Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
4.7.4 Peer Controller Managed AP Status
Status > Global Info > Peer Controller > Managed AP
Th e Peer Co n t ro ller M an ag ed A P St at us p ag e d is p lay s in fo rmat io n ab o u t t h e A Ps
t h at each p eer co n troller in t h e clu s t er man ag es . Us e t h e men u ab o v e t h e t ab le t o
s elect t h e p eer co n troller wit h t h e A P in fo rmat io n t o d is p lay . Each p eer co n t ro ller
is id en t ified b y it s IP ad d res s
123
Wireless Controller
User Manual
MAC Addres s : Sh o ws t h e M A C ad d res s o f each A P man ag ed b y t h e p eer
co n t ro ller.
Peer Control l er IP: Sh o ws t h e IP ad d ress o f t h e p eer co n t ro ller t h at man ag es t h e
A P. Th is field d is p lay s wh en “A ll” is s elect ed fro m t h e d ro p -d o wn men u .
Locati on: Th e d es crip t iv e lo cat io n co n fig u red fo r t h e man ag ed A P.
AP IP Addres s : Th e IP ad d res s o f t h e A P.
Profi l e: Th e A P p ro file ap p lied t o t h e A P b y t h e co n t ro ller.
Hardware ID: Th e Hard ware ID as s o ciat ed wit h t h e A P h ard ware p lat fo rm
Figure 65 : Pe e r Controlle r M anage d AP Status
4.7.5 IP Discov ery
Status > Global Info > IP Discovery
Th e IP Dis co v ery lis t can co n tain t h e IP ad d resses o f p eer co n t o rllers an d A Ps fo r
t h e wireles s co n t ro ller t o d is co v er an d as s o ciat e wit h as p art o f t h e W LA N
IP Addres s : Sh o ws t h e IP ad d res s o f t h e d ev ice co nfig ured in t h e IP Dis co v ery lis t.
S tatus : Th e s t at u s is in o n e o f t h e fo llo win g s t at es :

Not Pol l ed: Th e co n t ro ller h as n ot at temp ted t o co n t act t h e IP ad d res s
in t h e L3/ IP Dis co v ery lis t .
124
Wireless Controller
User Manual

Po lled : Th e co n t ro ller h as at t emp t ed t o co n t act t h e IP ad d res s .

Dis co v ered: Th e co n t ro ller co n t act ed t h e p eer co n t ro ller o r t h e A P in
t h e L3/ IP Dis co v ery lis t an d h as au th ent icat ed o r v alid at ed t h e d ev ice.

Dis co v ered - Failed : Th e co n t ro ller co n tact ed t he p eer co n t ro ller o r t h e
A P wit h IP ad d res s in t h e L3/ IP Dis co v ery lis t an d was u n ab le t o
au t h en t icat e o r v alid at e t h e d ev ice.

No t e: If t h e d ev ice is an access p oin t, an en t ry ap pears in t h e A P failu re lis t
wit h a failu re reas o n .
Figure 66 : IP Dis cove ry
4.7.6 Configuration Receiv e Status
Status > Global Info > Config Receive Status
Th e Peer Co n t ro ller Co n fig u rat io n feat ure allo ws y o u t o s en d t h e crit ical wireles s
co n fig u ratio n fro m o n e co n troller t o all o t h er co n tro llers. In ad d it ion t o keep in g t he
co n t ro llers s y n ch ro n ized , t h is fu n ct io n en ab les t h e ad min is t rat o r t o man ag e all
wireles s co n t ro llers in t h e clu s t er fro m o n e co n t ro ller. Th e Peer Co n t ro ller
Co n fig u rat io n Receiv ed St at us p age p ro vid es in fo rmat io n abo ut t he co nfig urat io n a
co n t ro ller h as receiv ed fro m o n e o f it s p eers
125
Wireless Controller
User Manual
Current Recei ve S tatus : In d icat es t he g lo bal s tatu s wh en wireles s co nfig u rat ion i s
receiv ed fro m a p eer co n t ro ller. Th e p o s s ib le s t at u s v alu es are as fo llo ws :

No t St art ed

Receiv in g Co n fig u rat io n

Sav in g Co n fig u rat io n ,

A p p ly in g A P Pro file Co n fig u rat io n

Su cces s

Failu re - In v alid Co d e Vers io n

Failu re - In v alid Hard ware Vers io n

Failu re - In v alid Co n fig u rat io n
Las t Confi g urati on Recei ved: Peer co n t ro ller IP A d d res s in d icat es t h e las t
co n t ro ller fro m wh ich t h is co n t ro ller receiv ed an y wireles s co n fig u rat io n d at a.
Confi g urati on: In d icat es wh ich p ort io ns o f co nfig u rat ion were las t receiv ed fro m a
p eer co n t ro ller, wh ich can b e o n e o r mo re o f t h e fo llo win g :

Glo b al

Dis co v ery

Ch an n el/ Po wer

A P Dat ab as e

A P Pro files

Kn o wn Clien t

Cap t iv e Po rt al

RA DIUS Clien t

Qo S A CL

Qo S DiffServ
If t h e co n t ro ller h as n o t received an y c o nfig uratio n fo r an o th er co n tro ller, t h e v alu e
is None .
126
Wireless Controller
User Manual
Ti mes tamp: In d icat es t he las t t ime t h is co n tro ller receiv ed an y co n fig u rat io n d at a
fro m a p eer co n t ro ller. Th e Peer Co n t ro ller M an ag ed A P St at u s p ag e d is p lay s
in fo rmat io n ab o u t t h e A Ps t h at each p eer co n troller in t h e clu s ter man ag es. Us e t h e
men u ab o v e t h e t ab le t o s elect t h e p eer co n t ro ller wit h t h e A P in fo rmat io n t o
d is p lay . Each p eer co n t ro ller is id en t ified b y it s IP ad d res s
Figure 67 : Configu rat ion Re ce ive Status
4.7.7 AP Hardware Capability
Status > Global Info > AP H/W Capability
Th e co n t ro ller can s upp ort A Ps t h at h av e d ifferen t h ard ware cap ab ilit ies , s u ch as
t h e s u p p o rt ed n u mb er o f rad io s , t h e s u p p o rt ed IEEE 802.11 mo d es , an d t h e
s o ft ware imag e req u ired b y t he A P. Fr o m t h e A P Hard ware Cap ab ilit y t ab , y o u can
acces s s ummary in fo rmat io n ab o ut t h e A P Hard ware s u p p o rt , t h e rad io s an d IEEE
mo d es s u p port ed b y t h e h ard ware, an d t h e s o ft ware imag es t h at are av ailab le fo r
d o wn lo ad t o t h e A Ps
Hardware Type : Id en t ifies t h e ID n u mb er as s ign ed t o each A P h ard ware t yp e. Th e
co n t ro ller s u p p o rt s u p t o s ix d ifferen t A P h ard ware t y p es .
Hardware Type Des cri pti on : In clu d es a d es crip t io n o f t h e p lat fo rm an d t h e
s u p p o rt ed IEEE 802.11 mo d es .
Radi o Count: Sp ecifies wh et h er t h e h ard ware s u p p o rt s o n e rad io o r t wo rad io s .
127
Wireless Controller
User Manual
Imag e Type : Sp ecifies t h e t y p e o f s o ft ware t h e h ard ware req u ires .
Figure 68 : AP Hardware Capabil it y
4.8
Wireless Client Status
4.8.1 Client Status
Status > Dashboard > Client
Th is p ag e s ho ws in fo rmat io n ab o ut all t h e clien t s wh ich are c o n nect ed t h ro u g h o u r
man ag ed A P.
128
Wireless Controller
User Manual
Figure 69 : Clie nt Status
8 0 2 .1 1 Cl i ents – Data
8 0 2 .1 1 a Cl i ents: To t al n u mb er o f IEEE 802.11a o n ly clien t s t h at are au t henticat ed .
8 0 2 .1 1 b/ g Cl i ents : To t al n u mb er o f IEEE 802.11b / g o n ly clien t s t h at are
au t h en t icat ed .
8 0 2 .1 1 n Cl i ents : To t al n u mb er o f clien t s t h at are IEEE 802.11n cap ab le an d are
129
Wireless Controller
User Manual
au t h en t icat ed . Th es e in clu d e IEEE 802.11a/ n , IEEE 802.11b / g / n , 5 GHz IEEE
802.11n , 2.4GHz IEEE 802.11n .
Cl i ents – Data
Total Cl i ents : To t al n u mb er o f clien t s in t h e d at ab as e. Th is t o t al in clu d es clien t s
wit h an A s s o ciat ed , A u t h en t icat ed , o r Dis as s o ciat ed s t at u s .
Authenti cated Cl i ents : To t al n u mb er o f clien t s in t h e as s o ciat ed clien t d at ab as e
wit h an A u t h en t icat ed s t at u s .
Maxi mum As s oci ated Cl i ents : M aximu m n u mb er o f clien t s t h at can associate wit h
t h e wireles s s y s t em. Th is is t h e maximu m n u mb er o f en t ries allo wed in t h e
A s s o ciat ed Clien t d at ab as e.
Detected Cl i ents : Nu mb er o f wireles s clien t s d et ect ed in t h e W LA N.
Maxi mum Detected Cl i ents : M aximu m n u mb er o f clien t s t h at can b e d et ect ed b y
t h e co n t roller. Th e n u mb er is limit ed b y t h e s ize o f t h e Det ect ed Clien t Dat ab as e.
Maxi mum Pre -authenti cati on Hi s tory Entri es : M aximu m n u mb er o f Clien t Pre A u t h en t icat io n ev en t s t h a t can b e reco rd ed b y t h e s y s t em.
Total Pre -authenti cati on Hi s tory Entri es : Cu rren t n u mb er o f p re -au t h en t icat io n
h is t o ry en t ries in u s e b y t h e s y s t em.
Maxi mum Roam Hi s tory Entri es : M aximu m n u mb er o f en t ries t h at can b e
reco rd ed in t h e ro am h is t o ry fo r all d et ect ed clien t s .
Total Roam Hi s tory Entri es : Cu rren t n u mb er o f p re -au t henticatio n h is to ry en t ries
in u s e b y t h e s y s t em.
4.8.2 Assocaited Client Status
Status > Wireless Client Info> Associated Clients > Status
Yo u can v iew a v ariet y o f in fo rmat io n ab ou t t h e wir eles s clien t s t h at are asso ciat ed
wit h t h e A Ps t h e co n t ro ller man ag es .
MAC Addres s : Th e Et h ern et ad dres s o f t h e clien t s t at io n . If t h e M A C ad d res s is
fo llo wed b y an as t erisk (* ), t h e clien t is asso ciat ed wit h an A P man ag ed b y a p eer
co n t ro ller.
130
Wireless Controller
User Manual
AP MAC Addres s : Th e Et h ern et ad d res s o f t h e A P.
S S ID: Th e n et wo rk o n wh ich t h e clien t is co n n ect ed .
B S S ID: Th e Et h ern et M A C ad d res s fo r t h e man ag ed A P VA P wh ere t h is clien t is
as s o ciat ed .
Detected IP Addres s : Id en t ifies t h e IPv 4 ad d res s o f t h e clien t , if av ailab le.
Figure 70 : As s ociate d Clie nt Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Di s as s oci ate : Dis as s o ciat es t h e s elect ed clien t fro m t h e man ag ed A P.
Vi ew Detai l s : Dis p lay as s o ciat ed clien t d et ails .
Vi ew AP Detai l s : Dis p lay as s o ciat ed A P d et ails .
Vi ew S S ID Detai l s : Lists the SSIDs of the networks that each wireless client
associated with a managed AP has used for WLAN access
Vi ew VAP Detai l s : Shows information about the VAP s on the managed AP
that have associated wireless clients
131
Wireless Controller
User Manual
Vi ew Nei g hbor AP S tatus : Shows information about access points that the
client detects.
4.8.3 Associated Client SSID Status
Status > Wireless Client Info> Associated Clients > SSID Status
Each man ag ed A P can h av e u p t o 16 d ifferen t n et wo rks t h at each h as a u n iq u e
SSID. A lt h o u gh s everal wireles s clien t s mig h t b e co n n ect ed t o t h e s ame p h y s ical
A P, t h ey mig h t n o t co n n ect b y u s in g t h e s ame SSID
S S ID: In d icat es t h e n et wo rk o n wh ich t h e clien t is co n n ect ed .
Cl i ent MAC Addres s : Th e Et h ern et ad d res s o f t h e clien t s t at io n .
Figure 71 : As s ociate d Clie nt SSID Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Di s as s oci ate : Dis as s o ciat es t h e clien t fro m t h e man ag ed A P.
Vi ew Cl i ent Detai l s : Dis p lay as s o ciat ed clien t d et ails .
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
132
Wireless Controller
User Manual
4.8.4 Associated Client VAP Status
Status > Wireless Client Info> Associated Cl ients > VAP Status
Each A P h as 16 Virt u al A cces s Po in t s (VA Ps ) p er rad io , an d ev ery VA P h as a
u n iq u e M A C ad d ress (BSSID).Th e VA P A s s o ciated Clien t St at u s p age wh ich s hows
in fo rmat io n ab o u t t h e VA Ps o n t h e man ag ed A P t h at h av e as s o ciat ed wireles s
clien t s . To d is co n n ect a clien t fro m an A P, s elect t h e b o x n ext t o t h e BSSID, an d
t h en click Dis as s o ciat e
B S S ID: In d icat es t h e Et h ern et M A C ad d res s fo r t h e man ag ed A P VA P wh ere t h is
clien t is as s o ciat ed .
S S ID: In d icat es t h e SSID fo r t h e man ag ed A P VA P wh ere t h is cli en t is as s o ciat ed .
AP MAC Addres s : Th is field in d icat es t h e b ase A P Et h ern et M A C ad d res s fo r t h e
man ag ed A P.
Radi o: Dis p lay s t h e man ag ed A P rad io in t erface t he clien t is as s o ciat ed t o an d it s
co n fig u red mo d e.
Cl i ent MAC Addres s : Th e Et h ern et ad d res s o f t h e clien t s t at io n .
Cl i ent IP Addres s : Th e IP ad d res s o f t h e clien t s t at io n .
Figure 72 : As s ociate d Clie nt VAP Status
133
Wireless Controller
User Manual
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Di s as s oci ate : Dis as s o ciat es t h e clien t fro m t h e man ag ed A P.
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
4.8.5 Controller Associated Client Status
Status > Wireless Client Info> Associated Clients > Controller Status
Th is s h o ws in fo rmat io n ab o u t t h e co n t ro ller t h at man ag es t h e A P t o wh ich t h e
clien t is as s o ciat ed
Control l er IP Addres s : Sh o ws t h e IP ad d ress o f t h e co nt roller t h at man ag es the AP
t o wh ic h t h e clien t is as s o ciat ed .
Cl i ent MAC Addres s : Sh o ws t h e M A C ad d res s o f t h e as s o ciat ed clien t .
Figure 73 : Controlle r As s ociate d Clie nt Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Di s as s oci ate : Dis as s o ciat es t h e clien t fro m t h e man ag ed A P.
Vi ew Cl i ent Detai l s : Dis p lay as s o ciat ed clien t d et ails .
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
134
Wireless Controller
User Manual
4.8.6 Detected Client Status
Status > Wireless Client Info> Detected Clients
W ireles s clien ts are d etect ed b y t h e wireles s sy stem wh en t h e clien ts eit h er at t emp t
t o in t eract wit h t h e s ystem o r wh en t h e s yst em d et ects t raffic fro m t h e clien t s . Th e
Det ect ed Clien t St at u s p ag e co n t ain s in fo rmat io n ab o u t clien t s t h at h av e
au t h en ticat ed wit h an A P as well in fo rmat io n ab o ut clien ts t h at d is associate an d are
n o lo n g er co n n ect ed t o t h e s y s t em.
MAC Addres s : Th e Et h ern et ad d res s o f t h e clien t .
Cl i ent Name : Sh o ws t h e n ame o f t h e clien t , if av ailab le, fro m t h e Kn o wn Clien t
Dat ab as e. If clien t is n o t in t h e d at ab as e t h en t h e field is b lan k.
Cl i ent S tatus : Sh o ws t h e clien t s t at u s , wh ich can b e o n e o f t h e fo llo win g :

Authenti cated: Th e wireles s clien t is au t h en t icat ed wit h t h e wireles s
s y s t em.

Detected: Th e wireles s clien t is d et ect ed b y t h e wireles s s ys t em b u t i s
n o t a s ecu rit y t h reat .

B l ack -Li s ted: Th e clien t wit h t h is M A C ad dress is s pecifically d en ied
acces s v ia M A C A u t h en t icat io n .

Rog ue :
Th e clien t is clas s ified as a t h reat b y o n e o f t h e t h reat
d et ect io n alg o rit h ms .
Ag e : Time s in ce an y ev en t h as b een receiv ed fo r t h is clien t t h at u p d at ed t h e
d et ect ed clien t d at ab as e en t ry .
Create Ti me : Time s in ce t h is en t ry was firs t ad d ed t o t h e d et ect ed clien t ‟s
d at ab as e.
135
Wireless Controller
User Manual
Figure 74 : De te cte d Clie nt Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Del ete : Delet e t h e s elected clien t fro m t h e lis t . If t h e clien t is d et ected ag ain, it will
b e ad d ed t o t h e lis t .
Del ete Al l : Delet es all n o n -au th en ticated clien ts fro m t h e Det ect ed Clie n t d at abase.
A s clien t s are d et ect ed , t h ey are ad d ed t o t h e d at ab as e an d ap p ear in t h e lis t .
Ack nowl edg e Al l Rog ues : Clear t h e ro g u e s tatus o f all clien t s lis t ed as ro g u es in
t h e Det ect ed Clien t d at abase, Th e s tat us o f an ackn o wledg e clien t is ret urn ed t o t h e
s t at us it h ad wh en it was firs t d et ected. If t h e d et ect ed clien t fails an y o f t h e t es t s
t h at clas s ify it as a t h reat , it will b e lis t ed as a Ro g u e ag ain
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n .
4.8.7 Pre-Authorization History
Status > Wireless Client Info> Pre -Auth History
To h elp au t h en t icat ed clien t s ro am wit h o u t lo s in g s es s io n s an d n eed in g t o re au t h en ticat e, wireles s clien t s can att emp t t o au th ent icat e t o o t her A Ps wit h in ran g e
t h at t h e clien t co uld p ossib ly as sociate wit h . Fo r s u ccessfu l p re -auth en t icat io n , t h e
136
Wireless Controller
User Manual
t arg et A P mu s t h av e a VA P wit h an SSID an d s ecu rit y co n fig u rat io n t h at mat ch es
t h at o f t h e clien t , in clu d in g M A C au t h en t icat io n , en cry p t io n met h o d , an d p re s h ared key o r RA DIUS p aramet ers . Th e A P t h at t h e clien t is as s o c iat ed wit h
cap t u res all p re -au t h en t icat io n req u es t s an d s en d s t h em t o t h e co n t ro ller.
MAC Addres s : M A C ad d res s o f t h e clien t .
AP MAC Addres s : M A C A d d res s o f t h e man ag ed A P t o wh ich t h e clien t h as p re au t h en t icat ed .
Radi o Interface Number : Rad io n u mb er t o wh ich t h e clien t is au t h en t icat ed ,
wh ich is eit h er Rad io 1 o r Rad io 2.
VAP MAC Addres s : VA P M A C ad d res s t o wh ich t h e clien t ro amed .
S S ID: SSID Name u s ed b y t h e VA P.
Ag e : Time s in ce t h e h is t o ry en t ry was ad d ed .
Us er Name: In d icat es t h e u s er n ame o f clien t t h at au t h en t icat ed v ia 802.1X.
Pre -Authenti cati on S tatus : In d icat es wh eth er t h e clien t s u ccessfully au t henticated
an d s h o ws a s t at u s o f Su cces s o r Failu re.
Figure 75 : Pre -Auth His tory
Th is p ag e in clu d es t h e fo llo win g b u t t o n :
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n .
137
Wireless Controller
User Manual
4.8.8 Detected Client Roam History
Status > Wireless Client Info> Roam History
Th e wireles s s y stem keep s a reco rd o f clien t s as t hey ro am fro m o n e man ag ed AP to
an o t h er man ag ed A P.
MAC Addres s : M A C ad d re s s o f t h e d et ect ed clien t .
AP MAC Addres s : M A C A d d res s o f t h e man ag ed A P t o wh ich t h e clien t
au t h en t icat ed .
Radi o Interface Number : Rad io Nu mb er t o wh ich t h e clien t is au t h en t icat ed .
VAP MAC Addres s : VA P M A C ad d res s t o wh ich t h e clien t ro amed .
S S ID SSID Na me u s ed b y t h e VA P.
New Authenti cati on: A flag in d icat in g wh eth er t h e h ist ory ent ry rep res en t s a n ew
au t h en t icat io n o r a ro am ev en t .
Ag e : Time s in ce t h e h is t o ry en t ry was ad d ed .
138
Wireless Controller
User Manual
Figure 76 : De te cte d Clie nt Roam His tory
Th is p a g e in clu d es t h e fo llo win g b u t t o n :
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n .
Purg e Hi s tory: To p u rg e t h e h is t o ry wh en t h e lis t o f en t ries is fu ll.
Vi ew Detai l s : Sh o ws t h e d et ails o f t h e d et ect ed clien t s .
139
Wireless Controller
User Manual
Chapter 5. AP Management
Th e A P M an ag emen t co n t ain s lin ks t o t h e fo llo win g p ag es t h at h elp y o u man ag e
an d main t ain t h e A Ps o n y o u r DW C-1000 wireles s co n t ro ller n et wo rk:
5.1

Valid A cces s Po in t Co n fig u rat io n

RF M an ag emen t

A cces s Po in t So ft ware Do wn lo ad

Lo cal OUI Dat ab as e

A P Pro v is io n in g

M an u al M an ag emen t
Valid Access Point Configuration
Setup > AP Management > Valid AP
MAC Addres s Th is field s h o ws t h e M A C ad d ress o f t h e A P. To ch an g e t h is field ,
y o u mu s t d elet e t h e en tire Valid A P co n fig u ratio n an d t h en en t er t h e co rrect M A C
ad d res s fro m t h e p ag e t h at lis t s all Valid A P‟s
Locati on: To h elp y o u id en t ify t he A P, y o u can en ter a lo cat io n. Th is field accep t s
u p t o 32 alp h an u meric ch aract ers
AP Mode Yo u can co n fig u re t h e A P t o b e in o n e o f t h ree mo d es :

S tandal one : Th e A P act s as an in d iv id u al acces s p o in t in t h e n et wo rk.

Manag ed: If an A P is in M an ag ed M o d e, t h e A d min is t rat o r W eb UI an d
SNM P s erv ices o n t h e A P are d is ab led .

Rog ue : Select Ro g u e as t h e A P mo d e if y o u wis h t o b e n o tified (t h rou gh an
SNM P t rap , if en ab led ) wh en t h is A P is d et ect ed i n t h e n et wo rk.
Profi l e: If y o u co n fig ure mu lt ip le A P Pro files , y o u can s elect t h e p ro file t o as s ig n
t o t h is A P
140
Wireless Controller
User Manual
Figure 77 : Valid Acce s s Point Configu rat io n
141
Wireless Controller
User Manual
Th e fo llo win g act io n s are s u p p o rt e d fro m t h is p ag e:
Edi t: To ed it A P d et ails in Valid A P p ag e.
Del ete : To d elet e a v alid A P p ro v id e v alid M A C ad d res s in Valid A P p ag e.
Add: To ad d an A P in Valid A P p ag e.
Figure 78 : Add a Valid Acce s s Point
MAC Addres s : Th is field s h o ws t h e M A C ad d ress o f t h e A P. To ch an g e t h is field ,
y o u mu s t d elet e t h e en tire Valid A P co n fig u rat io n an d t h en en t er t h e co rrect M A C
ad d res s fro m t h e p ag e t h at lis t s all Valid A Ps .
AP Mode: Yo u can co n fig u re t h e A P t o b e in o n e o f t h ree mo d es :
 S tandal one : Th e A P act s as an in d ivid u al access p o in t in t h e n et wo rk. Yo u d o
n o t man ag e t h e A P b y u s in g t h e co n t ro ller. In s t ead , y o u lo g o n t o t h e A P
it s elf an d man ag e it b y u s in g t h e A d min is trato r W eb Us er In t erface (UI), CLI,
142
Wireless Controller
User Manual
o r SNM P. If y o u s elect t h e St an d alo n e mo d e, t h e s creen refres h es an d
d ifferen t field s ap p ear. Fo r St an dalo ne mo d e t h e fo llo win g field s are en ab led
Exp ect ed SSID, Exp ect ed Ch an n el, Exp ect ed W DS M o d e, Exp ect ed Secu rit y
M o d e an d Exp ect ed W ired Net wo rk M o d e.
 Manag ed: Th e A P is p art o f t h e D-Lin k W ireles s Co n t roller, an d y o u man ag e it
b y u s in g t h e W ireles s Co n t ro ller. If an A P is in M an ag ed M o d e, t h e
A d min is t rat o r W eb UI an d SNM P s erv ices o n t h e A P are d is ab led .
 Rog ue : Select Ro g u e as t h e A P mo d e if y o u wis h t o b e n o t ified (t h ro u g h an
SNM P t rap , if en ab led ) wh en t his A P is d et ected in t h e n etwo rk. A d dit io nally,
t h e wh en t h is A P is d et ected t h rou gh an RF s can , t h e st at us is lis t ed as Ro gue.
If y o u s elect t h e Ro g u e mo d e, t h e s creen refres h es , an d field s t h at d o n o t
ap p ly t o t h is mo d e are h id d en .
Locati on: To h elp y o u id en t ify t he A P, y o u can en ter a lo cat io n . Th is field accep t s
u p t o 32 alp h an u meric ch aract ers .
Authenti cati on Pas s word: Yo u can req u ire t h at t he A P au t h en t icat e it s elf wit h t h e
co n t ro ller u p o n d isc ov ery . Ed it o p t ion an d en ter t h e p asswo rd in t h is field . Th e v alid
p as s word ran ge is b etween 8 an d 63 alp h an u meric ch aracters . Th e p as s wo rd in t h is
field mu s t mat ch t h e p as s wo rd co n fig u red o n t h e A P.
Profi l e: If y o u co n fig ure mu lt ip le A P Pro files , y o u can s elect t he p ro file t o assign to
t h is A P
Expected S S ID: En t er t h e SSID t h at id en t ifies t h e wireles s n et wo rk o n t h e
s t an d alo n e A P.
Expected Channel : Select t h e ch an n el t h at t h e s t an d alo n e A P u s es . If t h e A P is
co n fig u red t o au t o mat ically s elect a ch an n el, o r if y o u d o n o t wan t t o s p ecify a
ch an n el, s elect A n y
Expected WDS Mode : St an d alo n e A Ps can u s e a W ireles s Dis t rib u t io n Sy s t em
(W DS) lin k t o co mmu n icat e wit h each o t h er wit h o u t wires . Th e men u co n t ain s t h e
fo llo win g o p t io n s :

B ri dg e : Select t h is o p t io n if t h e s t an d alo n e A P y o u ad d t o t h e Valid A P
d at ab as e is co n fig u red t o u s e o n e o r mo re W DS lin ks .

Normal : Select t h is o p t ion if t h e s t an dalon e A P is n o t co nfig ured t o u se an y
W DS lin ks .
143
Wireless Controller

User Manual
Any: Select t h is o p t io n if t h e s t an d alo n e A P mig h t u s e a W DS lin k.
Expected S ecuri ty Mode : Select t h e o p t io n t o s p ecify t h e t y p e o f s ecu rit y t h e A P
u s es :

Any: A n y s ecu rit y mo d e

Open: No s ecu rit y

WEP: St at ic W EP o r W EP 802.1X

WPA/ WPA2 : W PA an d / o r W PA 2 (Pers o n al o r En t erp ris e)
Expected Wi red Network Mode : If t h e s t an d alo n e A P is allo wed o n t h e wired
n et wo rk, s elect A llo wed. If t h e A P is n o t p ermit t ed o n t h e wired n et work, s elect No t
A llo wed
Channel : Th e Ch an n el d efin es t h e p o rtio n o f t h e rad io s pect rum t h at t h e rad io u s es
fo r t ran s mit t in g an d receiv in g . Th e ran g e o f ch an n els an d t h e d efau lt ch an n el are
d et ermin ed b y t h e M o d e o f t h e rad io in t erface an d t h e co u n t ry in wh ich t h e A Ps
o p erat e.
Power: Th e p o wer lev el affect s h ow far an A P b ro ad cast s it s RF s ig n al. If t h e p o wer
lev el is t o o lo w, wireles s clien t s will n o t d et ect t h e s ign al o r exp erien ce p o or W LAN
p erfo rman ce. If t h e p o wer lev el is t o o h ig h , t h e RF s ig n al mig h t in t erfere wit h o t h er
A Ps wit h in ran g e.
5.2
RF Management
5.2.1 RF Configuration
Setup > AP Management > RF Management > RF Configuration
Th e rad io freq u en c y (RF) b ro ad cas t ch an n el d efin es t h e p o rt io n o f t h e rad io
s p ect rum t h at t h e rad io o n t he access p o int u ses fo r t ran s mit t in g an d receiv in g . Th e
ran g e o f av ailab le ch an n els fo r an acces s p o in t is d et ermin ed b y t h e IEEE 802.11
mo d e (als o referred t o as b an d ) o f t h e acces s p o in t .
Th e co n t ro ller co n t ain s a ch an n el p lan alg o rit h m t h at au t o mat ically d et ermin es
wh ich RF ch an n els each A P s h o u ld u s e t o min imize RF in t erferen ce. W h en y o u
en ab le t h e ch an n el p lan alg o rit h m, t h e co n t ro ller p erio d ically ev alu at es t h e
144
Wireless Controller
User Manual
o p erat io nal ch ann el o n ev ery A P it man ag es an d ch an g es t h e ch an n el if t h e cu rren t
ch an n el is n o is y
Channel Pl an: Each A P is d u al-b an d capable o f o p erat in g in t h e 2.4 GHz an d 5
GHz freq u en cies . Th e 802.11a/ n an d 802.11b / g / n mo d es u s e d ifferen t ch an n el
p lan s . Befo re y o u co nfig ure ch an nel p lan s et tin gs, s elect t h e mo d e t o co n fig u re.
Channel Pl an Mode: Th is field in d icat es t h e ch an n el as s ig n men t mo d e. Th e
mo d e o f ch an n el p lan as s ig n men t can b e o n e o f t h e fo llo win g :

Fi xed Ti me : If y o u s elect t h e fixed t ime ch an n e l p lan mo d e, y o u s pecify
t h e t ime fo r t h e ch an n el p lan an d ch an n el as s ig n men t . In t h is mo d e t h e
p lan is ap p lied o n ce ev ery 24 h o u rs at t h e s p ecified t ime.

Manual : W it h t h e man u al ch an n el p lan mo d e, y o u co n t ro l an d in it iat e
t h e calcu lat io n an d as sign men t o f t h e ch an n el p lan . Yo u mu s t man u ally
ru n t h e ch an nel p lan alg o rit h m an d ap p ly t h e ch an n el p lan t o t h e A Ps .

Interval : In t h e in t erv al ch ann el p lan mo d e, t h e co n t ro ller p erio d ically
calcu lat es an d app lies t h e ch ann el p lan . Yo u can co n fig u re t h e in t erv al
t o b e fro m ev ery 6 t o ev ery 24 h o u rs . Th e in t erv al p erio d b eg in s wh en
y o u click Su b mit .
145
Wireless Controller
User Manual
Figure 79 : RF configurat io n
Channel Pl an Hi s tory Depth : Th e ch an n el p lan h is t o ry lis t s t h e ch an n els t h e
co n t ro ller as s ig n s each o f t h e A Ps it man ag es aft er a ch an n el p lan is ap p lied .
En t ries are ad d ed t o t h e h is t o ry reg ard les s o f in t erv al, t ime, o r ch an n el p lan
mo d e. Th e n u mb er y o u s p ecify in t h is field co n tro ls t h e n u mb er o f it erat io n s o f
t h e ch an n el as s ig n men t .

A Ps ch an ged in p rev io us it erat ion s cann ot b e assig n ed n ew ch an n els in t h e
n ext it erat io n . Th is h is to ry p rev en ts t he s ame A Ps fro m b ein g ch an ged t ime
aft er t ime .
Channel Pl an Interval : If y o u s elect t h e In t erv al ch an n el p lan mo d e, y o u can
s p ecify t h e freq u en cy at wh ich t h e ch an n e l p lan calcu lat io n an d as s ig n men t
o ccu rs . Th e in t erv al t ime is in h o u rs , an d y o u can s pecify an in t erval t h at ran ges
b et ween ev ery 6 h o u rs t o ev ery 24 h o u rs .
Channel Pl an Fi xed Ti me : If y o u s elect t h e Fixed Time ch an n el p lan mo d e, you
can s p ecify t h e t ime at wh ich t h e ch an n el p lan calcu lat io n an d as s ig n men t
o ccu rs . Th e chann el p lan calcu latio n will o ccu r o n ce ev ery 24 h o u rs at t h e t ime
y o u s p ecify .
Power Adjus tment Mode : Yo u can s et t h e p o wer o f t h e A P rad io freq u en cy
t ran s mis sio n in t h e A P p ro file, t h e lo cal d at abase o r in t h e RA DIUS s erv er. Th e
146
Wireless Controller
User Manual
p o wer lev el in t h e A P p ro file is t h e d efau lt lev el fo r t h e A P, an d t h e p o wer will
n o t b e ad ju s t ed b elo w t h e v alu e in t h e A P p ro file. Th e s et t in g s in t h e lo cal
d at ab ase an d RA DIUS s erv er alway s o verrid e p ower s et in t h e p ro file s et t in g . If
y o u man u ally s et t h e p o wer, t h e lev el is fixed an d t h e A P will n o t u s e t h e
au t o mat ic p o wer ad ju s t men t alg o rit h m. Yo u can co n fig u re t h e p o wer as a
p ercen t ag e o f maximu m p o wer, wh ere t h e maximu m p o wer is t h e min imu m o f
p o wer lev el allo wed fo r t h e ch an n el b y t h e reg u lat o ry d o main o r t h e h ard ware
cap ab ilit y .
Manual : In t h is mo d e, y o u ru n t h e p rop os ed p o wer ad ju s t men t s man u ally fro m
t h e M an u al Po wer A d ju s t men t s p ag e.
Interval : In t h is mo d e, t h e co n t ro ller p erio d ically calcu lat es t h e p o wer
ad ju s t men ts an d ap p lies t he p o wer fo r all A Ps . Th e in t erv al p erio d b eg in s wh en
y o u click Su b mit .
Power Adjus tment Interval : Th is field d et ermin es h o w o ft en t h e co n t ro ller
ru n s t h e p o wer ad just men t alg o rit h m. Th e alg o rit h m ru n s au t o mat ically o n ly if
y o u s et t h e p o wer ad ju s t men t mo d e t o In t erv al.

Th is s et t in g g et s ap p lied t o b o t h rad io s o f t h e A P.
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
S ubmi t: Up d at es t h e co n t ro ller wit h t h e v alu es y o u en t er.
5.2.2 Channel Plan History
Setup > AP Management > RF Management > Channel Plan History
Th e wireles s co n t ro ller s t o res ch an n el as s ig n men t in fo rmat io n fo r t h e A Ps it
man ag es . Th e Clu s t er Co n t ro ller t h at co n t ro ls t h e clu s t er main t ain s t h e ch an n el
h is t o ry in fo rmat io n fo r all co n t ro llers in t h e clu s t er. On t h e Clu s t er Co n t ro ller, t h e
p ag e s h ows in fo rmat io n ab out t h e rad io s o n all A Ps man ag ed b y co n t ro lle rs in t h e
clu s t er t h at are elig ib le fo r ch an n el as s ig n men t an d were s u cces s fu lly as s ig n ed a
n ew ch an n el.
Channel Pl an: Th e 5 GHz an d 2.4 GHz rad io s u s e d ifferen t ch an n el p lan s , s o
t h e co n t roller t racks t he ch an nel h is tory s ep arat ely fo r each rad io . Th e ch an n el
in fo rmat io n t h at d is p lay s o n t h e p ag e is o n ly fo r t h e rad io y o u s elect .
147
Wireless Controller
User Manual
Operati onal S tatus : Th is field s h o ws wh et h er t h e co n t ro ller is u s in g t h e
au t o mat ic ch an n el ad ju s t men t alg o rit h m o n t h e A P rad io s .
Las t Iterati on: Th e n u mb er in t h is field in d icat es t h e mo s t recen t it erat io n o f
ch an n el p lan ad ju s t men t s . Th e A Ps t h at receiv ed a ch an n el ad ju s t men t in
p rev io u s it erat io n s can n o t b e as s ig n ed n ew ch an n els in t h e n ext it erat io n t o
p rev en t t h e s ame A Ps fro m b ein g ch an g ed t ime aft er t ime.
Las t Al g ori thm Ti me : Sh o ws t h e d at e an d t ime wh en t h e ch an n el p lan
alg o rit h m las t ran .
AP MAC Addres s : Th is t ab le d is p lay s t h e ch an n el as s ig n ed t o an A P in an
it erat io n o f t h e ch an n el p lan (Lo cat io n , Rad io ,It erat io n , Ch an n el)
Figure 80 : Channe l Plan His tory.
5.2.3 Manual Channel Plan
Setup > AP Management > RF Management > Manual Channel Plan
If y o u s p ecify M an u al as t h e Ch an n el Plan M o d e o n t h e Co n fig u rat io n t ab , t h e
M an u al Ch an n el Plan p ag e allo ws y o u t o in it iat e t h e ch an n el p lan alg o rit h m. To
148
Wireless Controller
User Manual
man u ally ru n t h e ch an n el p lan ad ju s t men t feat u re, s elect t h e rad io t o u p d at e t h e
ch an n els o n (5 GHz o r 2.4 GHz) an d click St art .
Channel Pl an: Th e 5 GHz an d 2.4 GHz rad io s u s e d ifferen t ch an n el p lan s , s o
t h e co n t roller t racks t he ch an nel h is tory s ep arat ely fo r each rad io . Th e ch an n el
in fo rmat io n t h at d is p lay s o n t h e p ag e is o n ly fo r t h e rad io y o u s elect .
Channel pl an al g ori thm (Cu rren t St at u s): Sh o ws t he Cu rren t St at us o f t h e p lan,
wh ich is o n e o f t h e fo llo win g s t at es :

None : Th e ch an n el p lan alg o rit hm h as n o t b een man u ally ru n s in ce t h e
las t co n t ro ller reb o o t .

Al g ori thm i n Prog res s : Th e ch an n el p lan alg o rit h m is ru n n in g .

Al g ori thm Compl ete : Th e ch an n el p lan alg o rit hm h as fin is hed ru n n in g .
A t ab le d is p lay s t o in d icate p ro posed ch annel as sign men ts. Each en try s hows the
A P alo n g wit h t h e cu rren t an d n ew ch an n el. To accep t t h e p ro p o s ed ch an n el
ch an g e, click A p p ly . Yo u mu s t man u ally ap p ly t h e ch an n el p lan fo r t h e
p ro p o s ed as s ig n men t s t o b e ap p lied .

Appl y In Prog res s : Th e co n t ro ller is ap p ly in g t h e p ro p o s ed ch an n el
p lan an d ad ju s t in g t h e ch an n el o n t h e A Ps lis t ed in t h e t ab le.

Appl y Compl ete : Th e alg o rit h m an d ch an n el ad ju s t men t are co mp let e
Propos ed Channel As s i g nments : If n o A Ps ap p ear in t h e t ab le aft er t h e
alg o rit h m is co mp let e, t h e alg o rit hm d o es n ot recommen d an y ch an n el ch an g es .

Current Channel : Sh o ws t h e cu rrent o p erat ing ch an n el fo r t h e A P t h at
t h e alg o rit h m re co mmen d s fo r n ew ch an n el as s ig n men t s .

New Channel : Sh o ws t h e p ro p o s ed o p erat in g ch an n el fo r t h e A P.
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
S tart: To in it iat e t h e ch an n el p lan alg o rit h m
149
Wireless Controller
User Manual
Figure 81 : M anual Channe l Plan.
150
Wireless Controller
User Manual
5.2.4 Manual Power Adjustment Plan
Setup > AP Management > RF Management > Manual Power Adjustment
Plan
If y o u s elect M anual as t h e Po wer A d ju stmen t M o d e o n t h e Co n fig u rat io n t ab , y o u
can man u ally in it iat e t h e p o wer ad ju s t men t alg o rit h m o n t h e M an u al Po wer
A d ju s t men t s p ag e .
Current S tatus : Sh o ws t h e Cu rren t St at u s o f t h e p lan , wh ich is o n e o f t h e
fo llo win g s t at es :

None : Th e p o wer ad ju s tmen t alg o rit hm h as n o t b een man u ally ru n s in ce
t h e las t co n t ro ller reb o o t .

Al g ori thm In Prog res s : Th e p o wer ad ju s t men t alg o rit h m is ru n n in g .

Al g ori thm Compl ete : Th e p o wer ad ju s t men t alg o rit h m h as fin is h ed
ru n n in g .

A t ab le d is p lay s t o in d icat e p ro p o s ed p o wer ad ju s t men t s . Each en t ry
s h o ws t h e A P alo n g wit h t h e cu rren t an d n ew p o wer lev els .

Appl y In Prog res s : Th e co nt roller is ad ju st in g t h e p o wer lev els t h at t h e
A Ps u s e.

Appl y Compl ete : Th e alg o rit h m an d p o wer ad ju s t men t are co mp let e.
A P M A C A d d res s Id en t ifies t h e
AP MAC addres s : Identifies the AP MAC address.
Locati on: Id en t ifies t h e lo catio n o f t h e A P, wh ich is s et in t h e Valid A P d at ab as e.
Radi o Interface : Id en t ifies t h e rad io .
Ol d Power: Sh o ws t h e earlier p o wer lev el fo r t h e A P.
New Power : Sh o ws t h e p ro p o s ed p o wer lev el fo r t h e A P .
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
S tart: To in it iat e t h e p o wer ad ju s t men t alg o rit h m.
151
Wireless Controller
User Manual
Figure 82 : M anual Powe r Adjus tme nt Plan
5.3
Access Point Software Download
Setup > AP Management > Software Download
Th e wireles s co n t ro ller can u p g rad e s o ft ware o n t h e A Ps t h at it man ag es .

Th e A P firmware v ers io n mu s t as s ame as DW C-1000 W LA N mo d u le
v ers io n
S erver Addres s : En t er t h e IP ad d res s o f t h e h o s t wh ere t h e u p g rad e file is
lo cat ed . Th e h o s t mu s t h av e a TFTP s erv er in s t alled an d ru n n in g .
File Pat h : En t er t h e file p at h o n t h e TFTP s erver wh ere t h e s o ft ware is lo cat ed .
Yo u may en t er u p t o 96 ch aract ers .
Fi l e Name: En t er t h e n ame o f t h e u p g rad e file. Yo u may en t er u p t o 32
ch aract ers , an d t h e file ext en s io n .t ar mu s t b e in clu d ed .
Group S i ze: W h en y o u u p g rad e mu lt ip le A Ps , each A P co n t act s t h e TFTP
s erv er t o d o wn lo ad t h e u p g rad e file. To p rev en t t h e TFTP s erv er fro m b ein g
o v erlo ad ed , y o u can limit t h e n u mb er o f A Ps t o b e u p g rad ed at a t ime. In t h e
152
Wireless Controller
User Manual
Gro u p Size field , en t er t h e n u mb er o f A Ps t h at can b e u p g rad ed at t h e s ame
t ime. W h en o n e g ro up co mp letes t he u p grade, t he n ext g ro u p b egin s t h e p ro ces s
Imag e Downl oad Type : Ty p e o f t h e imag e t o b e d o wn lo aded, wh ich can b e o n e
o f t h e fo llo win g :
• A ll imag es (img _ d wl8600 an d img _ d wl3600/ 6600)
• img _ d wl8600
• img _ d wl3600/ 6600

To d o wn lo ad all imag es , make s u re y o u s pecify t h e file p at h an d file n ame
fo r b o t h imag es in t h e ap p ro p riat e File Pat h an d File Name field s .
Manag ed AP: Th e lis t s h o ws all t h e A Ps t h at t h e co n t ro ller man ag es . If t h e
co n t ro ller is t h e Clu s t er Co n t roller, t h en t h e lis t s h o ws t h e A Ps man ag ed b y all
co n t ro llers in t h e clu s ter. Each A P is id en t ified b y it s M AC ad d ress, IP ad d res s ,
an d Lo cat io n in t h e <M A C - IP - Lo cat io n > fo rmat . To u p g rad e a s in g le A P,
s elect t h e A P M A C ad d ress fro m t h e d ro p d o wn lis t . To u p g rad e all A Ps , s elect
A ll fro m t h e t o p o f t h e lis t . If A ll is s elect ed , t h e Gro u p Size field will limit t h e
n u mb er o f s imu lt an eo u s A P u p grades in o rd er n o t t o o v erwhelm t h e TFTP s erv er
153
Wireless Controller
User Manual
Figure 83 : Acce s s Point Software Download
5.4
Local OUI Database Summary
Setup > AP Management > Local OUI Database
To h elp id en t ify A P an d W ireles s Clien t ad ap t er man u fact u rers d et ect ed in t h e
wireles s n et wo rk, t h e wireles s co n t ro ller co n t ain s a d at ab a s e o f reg is t ered
Org an izat io n ally Un iq u e Id entifiers (OUIs ). Th is is a read -o nly lis t wit h o v er 10,000
reg is t rat ion s. Fro m t h e Lo cal OUI Dat ab as e Su mmary p ag e, y o u can en t er u p t o 64
u s er-d efin ed OUIs . Th e lo cal lis t is s earch ed firs t , s o t h e s ame OUI can b e lo cat ed in
t h e lo cal lis t as well as t h e read -o n ly lis t .
OUI Val ue : En t er t h e OUI t h at rep resen ts t h e co mp any ID in t h e fo rmat XX:XX:XX
wh ere XX is a h exad ecimal n u mb er b et ween 00 an d FF. Th e firs t t h ree b y t es o f t h e
M A C ad d res s rep res en t s t h e co mp an y I D as s ig n men t .

Th e firs t b y t e o f t h e OUI mu s t h av e t h e leas t s ig n ifican t b it s et t o 0. Fo r
examp le 02:FF:FF is a v alid OUI, b u t 03:FF:FF is n o t .
OUI Des cri pti on: En t er t h e o rg an izat ion n ame as s o ciat ed wit h t h e OUI. Th e n ame
can b e u p t o 32alp h an u meric ch ara ct ers ..
154
Wireless Controller
User Manual
Figure 84 : Local OUI Databas e
5.5
AP Provisioning Summary
Setup > AP Management > AP Provisioning Summary Status
Th e A P Pro v is io n in g feat u re h elp s y o u ad d n ew A Ps t o an exis t in g co n t ro ller
clu s t er. W it h A P Pro v isio nin g, y o u can co nfig ure t h e access p o in t s wit h p aramet ers
t h at are n eed ed t o co n nect t o t h e wireles s n etwo rk . Us e A P Pro v isio n in g t o co n n ect
d ev ices t o a n et wo rk en abled fo r mu t u al au th en ticatio n . If a n et wo rk is n o t en ab led
fo r mu t u al au t h en t icat io n t h en A Ps can b e at t ach ed t o t h e n et wo rk b y p ro p erly
co n fig u rin g t h e lo cal Valid A P d at ab as e o r RA DIUS A P d at ab as e an d d is co v ery
o p t io n s. Th e p rov isio nin g feat ure can o p t io n ally b e u s ed o n n et wo rks n o t en ab led
fo r mu t u al au t h en t icat io n t o s imp lify A P at t ach men t t o t h e c lu s t er.
MAC Addres s : M A C ad d res s o f t h e A P
IP Addres s : IP A d d res s o f t h e A P.
Pri mary IP Addres s : Th e IP ad d res s o f t h e p rimary p ro v is io n ed co n t ro ller as
rep o rt ed b y t h e A P.
B ack up IP Addres s : Th e IP ad d res s o f t h e b acku p p ro v is io n ed co n t ro ller as
rep o rt ed b y t h e A P.
155
Wireless Controller
User Manual
New Pri mary IP Addres s : En t er t h e IP ad d res s o f p rimary co n t ro ller t o wh ich t h e
A P s h o u ld t ry t o co n n ect .
New B ack up IP Addres s : En t er t h e IP ad d res s o f co nt roller t o wh ich t h e A P s ho u ld
t ry t o co n n ect if it is u n ab le t o co n n ect t o t h e p rimary co n t ro ller.
S tatus : St at u s o f t h e mo s t recent ly is su ed A P p ro visio nin g co mman d , wh ich h as o n e
o f t h e fo llo win g v alu es :

Not S tarted: Pro v is io n in g h as n o t b een s t art ed fo r t h is A P.

S ucces s : Pro v is io n in g fin is h ed s u cces s fu lly fo r t h is co n t ro ller. Th e A P
Pro v is io n in g
St at u s
t ab le
s h o u ld
reflect
the
lat es t
p ro v is io n in g
co n fig u rat io n .

In Prog res s : Pro v is io n in g is in p ro g res s fo r t h is A P.

Inval i d Control l er IP Addres s : Eit h er p rimary o r b acku p co n t ro ller IP
ad d res s is n o t in t h e clu s t er o r t h e mu t u al au t h en t icat io n mo d e is en ab led
an d t h e p rimary co n t ro ller IP ad d res s is n o t s p ecified .

Provi s i oni ng Rejected: A P is n o t man ag ed an d is co n fig u red n o t t o accep t
p ro v is io n in g d at a in u n man ag ed mo d e.

Ti med Out: Th e las t p ro v is io n in g req u e s t t imed o u t .
156
Wireless Controller
User Manual
Figure 85 : AP Provis ioning Summary Status
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e:
Del ete : Remo v e t h e s elect ed A P fro m t h e A P p ro v is io n in g lis t .
Del ete Al l : Remo v e all A Ps fro m t h e A P p ro v is io n in g lis t .
Provi s i on: In it iat e p ro v is io nin g fo r t h e s elected A P. Yo u can p ro v isio n an A P o n ly
fro m t h e clu s ter co nt roller. A ft er t h e A P is p ro v isio ned, it s h o uld b eco me man ag ed
b y t h e co n t ro ller wit h t h e co n fig u re d Primary IP A d d res s an d ap p ear in t h e A P
p ro v is io n in g d at ab as e as a man ag ed A P.
Edi t: Ed it t h e p aramet ers o f s elect ed A P fro m t h e A P p ro v is io n in g lis t
Refres h: Up d at es t h e p ag e wit h t h e lat es t in fo rmat io n
5.6
Manual Management
Setup > AP Management > Manual Management
W h en t h e A P is in M an ag ed mo d e, remo t e acces s t o t h e A P is d is ab led . Fro m t h e
M an au al M an ag emen t p ag e, y o u can als o man u ally ch an g e t h e RF ch an n el an d
p o wer fo r each rad io o n an A P. Th e man u al p o wer an d ch annel ch anges o verrid e t h e
157
Wireless Controller
User Manual
s et t in gs co n fig u red in t h e A P p ro file (in clu d in g au t o mat ic ch an n el s elect io n ) an d
t ake effect immed iat ely . Th e man u al ch an n el an d p o wer as s ig n men t s are n o t
ret ain ed wh en t h e A P is res et o r if t h e p ro file is reap p lied t o t h e A P, s u ch as wh en
t h e A P d is as s o ciat es a n d reas s o ciat es wit h t h e co n t ro ller.
Figure 86 : M anual M anage me nt
MAC Addres s : Sh o ws t h e M A C ad d res s o f t h e A P.
Locati on: Sh o ws t h e A P lo cat io n, wh ich is b ased o n t he v alu e co nfig u red in t h e
RA DIUS o r lo cal Valid A P d at ab as e .
Debug : To h elp y o u t ro u blesho ot, y o u can en ab le Teln et access t o t h e A P s o that
y o u can d eb ug t h e d evice fro m t h e CLI.Th e Deb u g field s h o ws t h e d eb ug s t at u s
an d can b e o n e o f t h e fo llo win g :
•
Dis ab led
•
Set Req u es t ed
•
Set in Pro g res s
•
En ab led
To ch an g e t h e s t at u s , s elect t h e A P an d click t h e M an ag ed A P Deb u g b u t t o n .
158
Wireless Controller
User Manual
Radi o Interface: Id en t ifies t h e rad io t o wh ich t h e ch an n el an d p o wer s et t in g s
ap p ly .
Channel : Select t h e A P an d click t h e Ed it Ch an n el/ Po wer b u t t o n t o acces s t h e
M an ag ed A P Ch an n el/ Po wer A d ju s t p ag e. Fro m t h at p ag e, y o u can s et a n ew
ch an n el fo r Rad io 1 o r Rad io 2. Th e av ailab le ch an n els d ep en d o n t h e rad io
mo d e an d co u n t ry in wh ich t h e A Ps o p erat e. Th e man u al ch an n el ch an g e
o v errid es t he ch an nel co nfig u red in t h e A P p ro file an d is n o t ret ain ed wh en t h e
A P reb o o t s o r wh en t h e A P p ro file is reap p lied .
Power : Select t h e A P an d click t h e Ed it Ch an n el/ Po wer b u t t o n t o acces s t h e
M an ag ed A P Ch an n el/ Po wer A d ju s t p ag e. Fro m t h at p ag e, y o u can s et a n ew
p o wer lev el fo r t h e A P. Th e man u al p o wer ch an g e o v errid es t h e p o wer s et t in g
co n fig u red in t h e A P p ro file an d is n o t ret ain ed wh en t h e A P reb o o t s o r wh en
t h e A P p ro file is reap p lied
159
Wireless Controller
User Manual
Chapter 6. Connecting to the Internet:
Option Setup
Th is co n t oller h as t wo Op t ion p ort s t h at can b e u s ed t o es t ab lis h a co n n ect io n t o t h e
in t ern et . Th e fo llo win g ISP co n n ect io n t y p es are s u p p o rt ed : DHCP, St at ic, PPPo E,
PPTP, L2TP.
It is as s u med t h at y o u h av e arran g ed fo r in t ern et s erv ice wit h y o u r In t ern et Serv ice
Pro v id er (ISP). Pleas e co n tact y o ur ISP o r n et wo rk ad min is t rat o r fo r t h e co n fig u rat io n
in fo rmat io n t h at will b e req u ired t o s et u p t h e co n t ro ller.

6.1
Th e ISP Co n n ect io n t y p es : PPPo E, PPTP, L2TP, NA T/ Tran s p aren t mo d e
feat u re are av ailab le u p on licen s ed activ at ion o f VPN / Firewall feat u res for
t h e s y s t em.
Internet Connection Setup Wizard
Setup > Wizard > Internet
Th e In t ern et Co n nect io n Set u p W izard is av ailab le fo r u s ers n ew t o n et wo rkin g . By
g o in g t h ro ug h a few s t raig ht forward co nfig uratio n p ag es y o u can t ake t h e in fo rmat io n
p ro v id ed b y y o ur ISP t o g et y o u r Op t io n co nn ectio n u p a n d en able in t ernet acces s fo r
y o u r n et wo rk.
160
Wireless Controller
User Manual
Figure 87 : Inte rne t Conne ction Se tup Wizard
Yo u can s t art u sin g t h e W izard b y lo g g ing in wit h t h e ad min is trato r p as s wo rd fo r t h e
co n t ro ller. On ce au t h en t icat ed s et t h e t ime zo n e t h at y o u are lo cat ed in , an d t h en
ch o o s e t h e t y p e o f in t ern et co n n ect io n t y p e: DHCP, St at ic, PPPo E, PPTP, L2TP.
Dep en d in g o n t h e con nect ion t yp e a u s ern ame/ p as s wo rd may b e req u ired t o reg is t er
t h is co n t roller wit h t h e ISP. In mo s t cas es t h e d efault s et t in g s ca n b e u s ed if t h e ISP
d id n o t s p ecify t h at p aramet er. Th e las t s t ep in t h e W izard is t o click t h e Co n n ect
b u t t o n , wh ich co n firms t h e s et t in g s b y es t ab lis h in g a lin k wit h t h e ISP. On ce
co n n ect ed , y o u can mo v e o n an d co n fig u re o t h er feat u res in t h is co n t ro lle r.
6.2
Option Configuration
Setup > Internet Settings > Option1 Settings > Option1 Setup
Yo u mu s t eit h er allo w t h e co n t roller t o d et ect Op t io n co n n ect io n t y p e au t o mat ically
o r co n fig u re man u ally t h e fo llo win g b as ic s et t in g s t o en ab le In t ern et co n n ect iv it y :
Connecti on type : Bas ed o n t h e ISP y o u h av e s elect ed fo r t h e p rimary Op t io n lin k fo r t h is
co n t ro ller, ch o o s e St at ic IP ad d res s , DHCP clien t , Po in t -t o -Po in t Tu n n elin g Pro t o co l
(PPTP), Po in t -t o -Po in t Pro t o co l o v er Et h ern et (PPPo E), Lay er 2 Tu n n elin g Pro t o co l
161
Wireless Controller
User Manual
(L2TP). Req u ired field s fo r t h e s elected ISP t y p e b ecome h ig h lig h ted . En t er t h e fo llo wing
in fo rmat io n as n eed ed an d as p ro v id ed b y y o u r ISP:
PPPoE Profi l e Name . Th is men u lis t s co n fig u red PPPo E p ro files , p art icu larly u s efu l
wh en co n fig u rin g mu lt ip le PPPo E co n n ect io n s (i.e. fo r Jap an ISPs t h at h av e mu lt ip le
PPPo E s u p p o rt ).
IS P l og i n i nformati on. Th is is req u ired fo r PPTP an d L2TP ISPs .

Us er Name

Pas s wo rd

Secret (req u ired fo r L2TP o n ly )
MPPE Encrypti on: Fo r PPTP lin ks , y o u r ISP may req u ire y o u t o en able M icro soft Po in t t o -Po in t En cry p t io n (M PPE).
S pl i t Tunnel (s u p p ort ed fo r PPTP an d L2TP co n n ect io n ). Th is s et t in g allo ws y o u r LA N
h o s t s t o access in t ern et sit es o ver t h is Op t io n lin k wh ile s t ill p ermit t in g VPN t raffic t o b e
d irect ed t o a VPN co n fig u red o n t h is Op t io n p o rt .

If s p lit t u n n el is en ab led , DW C wo n ‟t exp ect a d efau lt ro u t e fro m t h e ISP
s erv er. In s u ch cas e, u s er h as t o t ake care o f ro u t in g man u ally b y
co n fig u rin g t h e ro u t in g fro m St at ic Ro u t in g p ag e.
To keep t h e co n n ect io n alway s o n , click Keep Connected. To lo g o u t aft er t h e co n n ect io n is
id le fo r a p erio d o f t ime (u s efu l if y o u r ISP co s t s are b ased o n lo g o n t imes ), click Id le Timeo u t
an d en t er t h e t ime, in min u t es , t o wait b efo re d is co n n ect in g in t h e Id le Time field .
6.2.1 Option Port IP address
Yo u r ISP a s s ig n s y o u an IP ad d res s t h at is eit h er d y n amic (n ewly g en erat ed each
t ime y o u lo g in ) o r s t at ic (p erman ent). Th e IP A d d ress So u rce o p t io n allo ws y o u t o
d efin e wh et h er t h e ad d ress is s t at ically p ro v id ed b y t h e ISP o r s h o u ld b e receiv ed
d y n amically at each lo g in . If s t at ic, en t er y o ur IP ad d ress, IPv 4 s u b net mas k, and the
ISP g at eway ‟s IP ad d ress. PPTP an d L2TP ISPs als o can p ro v ide a s t at ic IP ad d res s
an d s u b n et t o co n fig u re, h o wev er t h e d efau lt is t o receiv e t h at in fo rmat io n
d y n amically fro m t h e ISP.
162
Wireless Controller
User Manual
6.2.2 Option DNS Serv ers
Th e IP A d d res s es o f Op t io n Do main Name Serv ers (DNS) are t y p ically p ro v id ed
d y n amically fro m t h e ISP b u t in s o me cas es y ou can d efin e t h e s tatic IP ad d resses of
the
DNS
s erv ers .
DNS
s erv ers
map
In t ern et
d o main
n ames
(examp le:
www.g o o g le.co m) t o IP ad d res s es . Click t o in d icat e wh et h er t o g et DNS s erv er
ad d res s es au t o mat ically fro m y o u r ISP o r t o u s e ISP -s p ecified ad d res s es . If it s
lat t er, en t er ad d res s es fo r t h e p rimary an d s eco n d ary DNS s erv ers . To av o id
co n n ect iv it y p ro b lems , en s u re t h at y o u en t er t h e ad d res s es co rrect ly .
6.2.3 DHCP Option
Fo r DHCP clien t co n n ect ions, y o u can ch oose t h e M A C ad d ress o f t h e co n t ro ller t o
reg is t er wit h t h e ISP. In s o me cas es y o u may n eed t o clo n e t h e LA N h o s t ‟s M A C
ad d res s if t h e ISP is reg is t ered wit h t h at LA N h o s t .
163
Wireless Controller
User Manual
Figure 88 : M anual Option1 configurat io n
6.2.4 PPPoE
Setup > Internet Settings > Option1 Settings > Option1 Setup
Th e PPPo E ISP s et t in g s are d efin ed o n t h e Op t io n Co n fig u rat io n p ag e. Th ere are
t wo
t y p es
o f PPPo E ISP‟s
s u p p o rt ed
by
the
u s ern ame/ p as s wo rd PPPo E an d Jap an M u lt ip le PPPo E.
164
DW C-1000: t h e
s t an d ard
Wireless Controller
User Manual
Figure 89 : PPPoE configuratio n for s tandard ISPs
M o s t PPPo E ISP‟s u s e a s in g le co nt rol an d d ata co nnect ion , an d req u ire u s ern ame /
p as s word cre dent ials t o lo g in an d au thent icate t h e DW C-1000 wit h t h e ISP. Th e ISP
co n n ect io n t y p e fo r t h is cas e is “PPPo E (Us ern ame/ Pas s wo rd )”. Th e GUI will
p ro mp t y o u fo r au t h en ticatio n, s erv ice, an d co nnect io n s et tin gs in o rd er t o es t ab lis h
t h e PPPo E lin k.
Fo r s o me ISP‟s , mo s t p o p u lar in Jap an , t h e u s e o f “Jap an es e M u lt ip le PPPo E” is
req u ired in o rd er t o es t ablis h co n cu rren t p rimary an d s eco ndary PPPo E co n n ect io n s
b et ween t h e DW C-1000 an d t h e ISP. Th e Primary co n n ectio n is u s ed fo r t h e b ulk o f
d at a an d in t ernet t raffic an d t h e Seco n d ary PPPo E co n n ect io n carries ISP s p ecific
(i.e. co n t ro l) t raffic b et ween t h e DW C-1000 an d t h e ISP.
165
Wireless Controller
User Manual
Figure 90 : Option1 configu rat ion for Japane s e M ultiple PPPoE (part 1)
Th ere are a few key elemen t s o f a mu lt ip le PPPo E co n n ect io n :

Primary an d s eco n d ary co n n ect io n s are co n cu rren t

Each s es sio n h as a DNS s erv er s ou rce fo r d o main n ame lo o ku p , t h is can b e assig ned b y
t h e ISP o r co n fig u red t h ro u g h t h e GUI

Th e DW C-1000 act s as a DNS p ro xy fo r LA N u s ers
166
Wireless Controller

User Manual
On ly HTTP req u es ts t h at s pecifically id en t ify t h e s econd ary co nnectio n‟s d o main n ame
(fo r examp le * .flet s ) will u s e t h e s eco n d ary p ro file t o acces s t h e co n t en t av ailab le
t h ro u g h t h is s econ dary PPPo E t ermin al. A ll o t h er HTTP / HTTPS req u es ts g o t h ro u g h
t h e p rimary PPPo E co n n ect io n .
W h en Jap anese mu lt ip le PPPo E is co n fig u red an d s eco ndary con nect ion is u p , so me p red efin ed
ro u t es are ad ded o n t hat in t erface. Th ese ro u tes are n eeded t o access t he in t ern al d o main o f t h e
ISP wh ere h e h o s t s v ario us s erv ices . Th es e ro u t e s can ev en b e co n fig u red t h ro u g h t h e s t at ic
ro u t in g p ag e as well.
Figure 91 : Option1 configu rat ion for M ultiple PPPoE (part 2)
6.2.5 Russia L2TP and PPTP Option
Fo r Ru s s ia L2TP Op t io n co n n ect io n s , y o u can ch o o s e t h e ad d res s mo d e o f t h e
co n n ect io n t o g et an IP ad d res s fro m t h e ISP o r co n fig u re a s t at ic IP ad d res s
167
Wireless Controller
User Manual
p ro v id ed b y t h e ISP. Fo r DHCP clien t co n n ect io n s , y o u can ch o o s e t h e M A C
ad d res s o f t h e co n t ro ller t o reg is t er wit h t h e ISP. In s o me cas es y o u may n eed t o
clo n e t h e LA N h o s t ‟s M A C ad d res s if t h e ISP is reg is t ered wit h t h at LA N h o s t .
168
Wireless Controller
User Manual
Figure 92 : Rus s ia L2TP ISP configurat io n
6.2.6 Option Configuration in an IPv 6 Network
Advanced > IPv6 > IPv6 Option1 Config
Fo r IPv 6 Op t io n co n n ect io n s , t h is co n t ro ller can h av e a s t at ic IPv 6 ad d res s o r
receiv e co n n ect io n in fo rmat io n wh en co n fig u red as a DHCPv 6 clien t . In t h e cas e
wh ere t h e ISP as s ig n s y o u a fixed ad d res s t o acces s t h e in t ern et , t h e s t at ic
co n fig u ratio n sett ing s mu s t b e co mp let ed . In ad dit io n t o t h e IPv 6 ad d res s as s ig n ed
169
Wireless Controller
User Manual
t o y o u r co n tro ller, t h e IPv 6 p refix len g t h d efin ed b y t h e ISP is n eed ed . Th e d efau lt
IPv 6 Gat eway ad d res s is t h e s erver at t he ISP t h at t h is co nt roller will co n n ect t o fo r
acces sin g t h e in t ern et . Th e p rimary an d s eco n d ary DNS s erv ers o n t h e ISP‟s IPv 6
n et wo rk are u s ed fo r res olv in g in t ernet ad dresses, an d t h ese are p ro v ided alo n g wit h
t h e s t at ic IP ad d res s an d p refix len g t h fro m t h e ISP.
W h en t h e ISP allo ws y o u t o o b t ain t h e Op t io n IP s et t in g s v ia DHCP, y o u n eed t o
p ro v id e d et ails fo r t h e DHCPv 6 clien t co n fig u rat io n . Th e DHCPv 6 clien t o n t h e
g at eway can b e eit her s tateless o r s t ateful. If a s t at eful clien t is s elected t h e g at eway
will co n n ect t o t h e ISP‟s DHCPv 6 s erv er fo r a leas ed ad d res s . Fo r s t at eles s DHCP
t h ere n eed n o t b e a DHCPv 6 s erv er av ailab le at t h e ISP, rat h er ICM Pv 6 d is co v er
mes s ag es will o rig in at e fro m t h is g at eway an d will b e u s ed fo r au t o co nfig u rat ion. A
t h ird o p t io n t o s p ecify t h e IP ad d res s an d p refix len g t h o f a p referred DHCPv 6
s erv er is av ailab le as well.
170
Wireless Controller
User Manual
Figure 93 : IPv6 Option1 Se tup page
Prefix Deleg at io n : Select t his o pt ion t o req uest co ntro ller ad v ert is emen t p refix fro m
an y av ailab le DHCPv 6 s erv ers av ailab le o n t h e ISP, t h e o b t ain ed p refix is u p d at ed
t o t h e ad v ert is ed p refixes o n t h e LA N s id e. Th is o p t io n can b e s elect ed o n ly in
St at es les s A d d res s A u t o Co n fig u rat io n mo d e o f DHCPv 6 Clien t .
W h en IPv 6 is PPPo E t y p e, t h e fo llo win g PPPo E field s are en ab led .
Us ername : En t er t h e u s ern ame req u ired t o lo g in t o t h e ISP.
171
Wireless Controller
User Manual
Pas s word: En t er t h e p as s wo rd req u ired t o lo g in t o t h e ISP.
Authenti cati on Type : Th e t y p e o f A u t h en t icat io n in u s e b y t h e p ro file: A u t o Neg o t iat e/ PA P/ CHA P/ M S-CHA P/ M S-CHA Pv 2.
Dhcpv6 Opti ons : Th e mo d e o f Dh cp v 6 clien t t h at will s t art in t h is mo d e: d is ab le
d h cp v 6/ stat eless d h cp v 6/ s t at efu l d h cp v 6/ s t at eles s d h cp v 6 wit h p refix d eleg at io n .
Pri mary DNS S erver : En t er a v alid p rimary DNS Serv er IP A d d res s .
S econdary DNS S erver : En t er a v alid s eco n d ary DNS Serv er IP A d d res s .
Click S ave S etti ng s t o s av e y o u r ch an g es .
6.2.7 Checking Option Status
Setup > Internet Settings > Option1 Settings > Option 1 Status
Th e s t at us an d s u mmary o f co n fig u red s et t in g s fo r b o t h Op t io n 1an d Op t io n 2 are
av ailab le o n t h e Op t io n St at u s p ag e. Yo u can v iew t h e fo llo win g key co n n ect io n
s t at u s in fo rmat io n fo r each Op t io n p o rt :
MAC Addres s : M A C A d d res s o f t h e Op t io n p o rt .
IPv4 Addres s : IP ad d res s o f t h e Op t io n p o rt fo llo wed b y t h e Op t io n s u b n et .
Opti on S tate : In d icat es t h e s t at e o f t h e Op t io n p o rt (UP o r DOW N)
NAT (IPv4 onl y): In d icat es if t h e s ecu rit y ap p lian ce is in NA T mo d e (en ab led ) o r
ro u t in g mo d e (d is ab led ).
IPv4 Connecti on Type: In d icat es if t h e Op t io n IPv 4 ad d res s is o b t ain ed
d y n amically t h ro u gh a DHCP s erv er o r as s ig n ed s t at ically b y t h e u s er o r o b t ain ed
t h ro u g h
a
PPPo E
(Us ern ame/ Pas s wo rd )/ PPTP
(Us ern ame/ Pas s wo rd )/ L2TP
(Us ern ame/ Passwo rd)/ Jap an ese mu lt ip le PPPo E/ Ru s sian d u al access PPPo E/ Ru ss ian
d u al acces s PPTP/ Ru s s ian d u al acces s L2TP ISP co n n ect io n .
IPv4 Connecti on S tate : In d icat es if t h e Op t io n is co nn ected t o t h e In t ern et Serv ice
Pro v id er.
Li nk S tate: Det ect s if a lin k is p res en t o n t h e Op t io n In t erface
Opti on Mode: In d icat es if Op t io n 1 o r Op t io n 2 is in u s e
Gateway: Gat eway IP ad d res s o f t h e Op t io n p o rt .
172
Wireless Controller
User Manual
Pri mary DNS : Primary DNS s erv er IP ad d res s o f t h e Op t io n p o rt .
S econdary DNS : Seco n d ary DNS s erv er IP ad d res s o f t h e Op t io n p o rt . If t h e
Co n n ect io n St at u s in d icat ed t h at t h e as s o ciat io n wit h t h e ISP is act iv e, t h en t h e
Op t io n can b e d is co n n ect ed b y clickin g t h e Dis ab le b u t t o n .
If t h e Co n n ect ion St atus in d icated t h at t h e as s o ciat io n wit h t h e ISP is act iv e, t h en
t h e Op t io n can b e d is co n n ect ed b y clickin g t h e Di s abl e b u t t o n .
173
Wireless Controller
User Manual
Figure 94 : Conne ction Status inform at io n of Option1
Th e Op t io n s t at u s p ag e allo ws y o u t o En ab le o r Dis ab le s t at ic Op t io n lin ks . Fo r
Op t io n s et t in g s t h at are d y n amically receiv ed fro m t h e ISP, y o u can Ren ew o r
Releas e t h e lin k p aramet ers if req u ired .
174
Wireless Controller
6.3
User Manual
Features with Multiple Option Links
Th is co n t roller s u pp orts mu lt ip le Op t io n lin ks . Th is allo ws y o u t o t ake ad v an t ag e o f
failo v er an d lo ad b alan cing featu res t o en s ure certain in t ern et d epend en t s erv ices are
p rio rit ized in t h e ev en t o f u n s t ab le Op t io n co n n ect iv it y o n o n e o f t h e p o rt s .
Setup > Internet Settings > Option Mode
To u s e A u t o Failo v er o r Lo ad Balan cin g , Op t io n lin k failu re d et ect io n mu s t b e
co n fig u red. Th is in v olv es accessin g DNS s erv ers o n t h e in t ern et o r p in g t o an in t ernet
ad d res s (u s er d efin ed ). If req u ired , y o u can co n fig u re t h e n u mb er o f ret ry at t emp t s
wh en t h e lin k s eems t o b e d is con nect ed o r t h e t h reshold o f failu res t h at d et ermin es if
a Op t io n p o rt is d o wn .
6.3.1 Auto Failov er
In t h is cas e o n e o f y o u r Op t io n p o rts is assig n ed as t h e p rimary in t ern et lin k fo r all
in t ern et t raffic. Th e s eco n d ary Op t io n p o rt is u s ed fo r red u n d an cy in cas e t h e
p rimary lin k g o es d o wn fo r an y reason. Bo t h Op t io n p o rt s (p rimary an d s eco n d ary )
mu s t b e co n fig u red t o co nnect t o t he res p ect iv e ISP‟s b efo re en ab lin g t h is feat u re.
Th e s eco nd ary Op t io n p o rt will remain u n co nn ected u n til a failu re is d et ect ed o n t h e
p rimary lin k (eit h er p o rt can b e as sign ed as t h e p rimary ). In t h e ev en t o f a failu re o n
t h e p rimary p o rt , all in t ern et t raffic will b e ro lled o v er t o t h e b acku p p o rt . W h en
co n fig u red in A u t o Failo v er mo d e, t h e lin k s t at u s o f t h e p rimary Op t io n p o rt is
ch ecked at reg u lar in t erv als as d efin ed b y t h e failu re d et ect io n s et t in g s .
No t e t h at b o th Op t ion 1 an d Op t io n2 can b e co n fig u red as t h e p rimary in t ern et lin k.

Auto-Rol l over u s in g Op t io n p o rt

Pri mary Opti on: Select ed Op t io n is t h e p rimary lin k (Op t io n 1/ Op t io n 2)

S econdary Opti on: Select ed Op t io n is t h e s eco n d ary lin k.
Failo v er De t ect io n Set tin gs: To ch eck co nn ectiv it y o f t h e p rimary in t ern et lin k, o n e
o f t h e fo llo win g failu re d et ect io n met h o d s can b e s elect ed :

DNS l ook up us i ng Opti on DNS S ervers : DNS Lo o ku p o f t h e DNS Serv ers
o f t h e p rimary lin k are u s ed t o d et ect p rimary Op t io n co n n ect iv it y .
175
Wireless Controller

User Manual
DNS l ook up us i ng Opti on S ervers : DNS Lo o ku p o f t h e cu s t o m DNS
Serv ers can b e s p ecified t o ch eck t h e co n n ect iv it y o f t h e p rimary lin k.

Pi ng thes e IP addres s es : Th es e IP's will b e p in g ed at reg u lar in t erv als t o
ch eck t h e co n n ect iv it y o f t h e p rimary lin k.

Retry Interval i s : Th e n u mb er t ells t h e co n t ro ller h o w o ft en it s h o u ld ru n
t h e ab o v e co n fig u red failu re d et ect io n met h o d .

Fai l over after : Th is s et s t h e n u mb er o f ret ries aft er wh ich failo v er is
in it iat ed .
6.3.2 Load Balancing
Th is feat u re allo ws y o u t o u s e mu lt ip le Op t io n lin ks (an d p res u mab ly mu lt ip le
ISP‟s ) s imu lt an eo u s ly . A ft er co n fig u rin g mo re t h an o n e Op t io n p o rt , t h e lo ad
b alan cin g o p t io n is av ailab le t o carry t raffic o v er mo re t h an o n e lin k. Pro t o co l
b in d in g s are u s ed t o s egregate an d assig n s e rvices o v er o n e Op t io n p o rt in o rd er t o
man ag e in t ern et flo w. Th e co n fig u red failu re d et ect io n met h o d is u s ed at reg u lar
in t erv als o n all co n fig u red Op t io n p o rt s wh en in Lo ad Balan cin g mo d e.
DW C-1000 cu rren t ly s u p p o rt s t h ree alg o rit h ms fo r Lo ad Balan cin g :
Round Robi n: Th is alg o rit h m is p art icu larly u s efu l wh en t h e co n n ect io n s p eed o f
o n e Op t io n p o rt g reat ly d iffers fro m an o t h er. In t h is cas e y o u can d efin e p ro t o co l
b in d in g s t o ro u t e lo w-lat en cy s erv ices (s u ch as VOIP) o v er t h e h ig h er -s p eed lin k
an d let lo w-v o lu me b ackg ro u nd t raffic (s u ch as SM TP) g o o v er t h e lo wer s p eed lin k.
Pro t o co l b in d in g is exp lain ed in n ext s ect io n .
S pi l l Over : If Sp ill Ov er met h o d is s elect ed , Op t io n 1act s as a d ed icat ed lin k t ill a
t h res h old is reached. A ft er t h is, Op t io n 2 will b e u s ed fo r n ew co n n ectio ns. Yo u can
co n fig u re s p ill-o v er mo d e b y u s in g fo llo in g o p t io n s :

Load Tol erance : It is t h e p ercen t ag e o f b an d wid t h aft er wh ich t h e co n t ro ller
co n t ro llers t o s eco n d ary Op t io n .

Max B andwi dth: Th is s et s t h e maximu m b an d wid t h t o lerab le b y t h e p rimary
Op t io n .
If t h e lin k b an d wid t h g o es ab o v e t h e lo ad t o leran ce v alu e o f max b an d wid t h , t h e
co n t ro ller will s p ill-o v er t h e n ext co n n ect io n s t o s eco n d ary Op t io n .
176
Wireless Controller
User Manual
Fo r examp le, if t h e maximu m b an d wid t h o f p rimary Op t io n is 1 Kb p s an d t h e lo ad
t o leran ce is s et t o 70. No w ev ery t ime a n ew co n n ect io n is es t ab lis h ed t h e
b an d wid t h in creases. A ft er a cert ain n u mb er o f co n nect ions s ay b an d wid t h reach ed
70% o f 1Kb p s , t h e n ew co n nect io n s will b e s p illed -o v er t o s eco n d ary Op t io n . Th e
maximu m v alu e o f lo ad t o leran ce is 80 an d t h e leas t is 20.
Protocol B i ndi ng s : Refer Sect io n 6.3.3 fo r d et ails
Lo ad b alan cin g is p art icularly u sefu l wh en t h e co nn ectio n s p eed o f o n e Op t io n p o rt
g reat ly d iffers fro m an o t h er. In t h is case y o u can d efin e p ro t o co l b in d in g s t o ro u t e
lo w-lat en cy s ervices (s uch as VOIP) o v er t h e h ig h er -s p eed lin k an d let lo w-v o lu me
b ackg ro u n d t raffic (s u ch as SM TP) g o o v er t h e lo wer s p eed lin k.
177
Wireless Controller
User Manual
Figure 95 : Load B alancing is available whe n multiple Option ports are
configure d and Protocol B indings have be e n de fine d
6.3.3 Protocol Bindings
178
Wireless Controller
User Manual
Advanced > Routing > Protocol Bindings
Pro t o co l b in d in gs are req uired wh en t h e Lo ad Balan cin g feat ure is in u s e. Ch o o s in g
fro m a lis t o f co n fig u red s erv ices o r an y o f t h e u s er -d efin ed s erv ices , t h e t y p e o f
t raffic can b e as s ig n ed t o g o o v er o n ly o n e o f t h e av ailab le Op t io n p o rt s . Fo r
in creas ed flexib ilit y t h e s o u rce n et work o r mach in es can b e s p ecified as well as t h e
d es t in at io n n et wo rk o r mach in es . Fo r examp le t h e VOIP t raffic fo r a s et o f LA N IP
ad d res ses can b e assig ned t o o ne Op t io n an d an y VOIP t raffic fro m t h e remain in g IP
ad d res s es can b e as s ig n ed t o t h e o t h er Op t io n lin k. Pro t o co l b in d in g s are o n ly
ap p licab le wh en lo ad b alan cin g mo d e is en ab led an d mo re t h an o n e Op t io n is
co n fig u red .
Figure 96 : Protocol binding s e tup to as s ociate a s e rvice and/or LAN
s ource to an Option and/or de s tination ne twork
S ervi ce : Select o n e o f t h e v ario us s ervices av ailab le fo r p ro to col b in d in g
Local Gateway: s elect t h e p o rt t h at s e ts t h e lo cal g at eway fo r t h is p ro tocol
b in d in g (eit h er o p tio n1 o r o p t io n2)
S ource Network : Select o n e o f t h e fo llo win g :
179
Wireless Controller
User Manual
Any: No s p ecific n et work n eed s t o b e g iv en.
S i ng l e Addres s : Limit t o o n e co mp u t er. Req u ires t h e IP ad d ress o f t h e co mp u ter
t h at will b e p art o f t h e s o u rce n etwo rk fo r t h is p ro tocol b in d in g
Addres s Rang e: Select if y o u wan t t o allo w co mp u t ers wit h in an IP ad d ress
ran g e t o b e a p art o f t h e s o urce n etwo rk. Req u ires St art ad dress and En d ad d ress
S tart Addres s : IP ad d res s fro m wh ere t h e ra n g e n eeds t o b egin , o r t h e s ing le
ad d res s if t h at is t h e s o urce n etwo rk s elected.
End Addres s : IP ad d ress wh ere t h e ran ge n eeds t o en d
Des ti nati on Network : Select o n e o f t h e fo llo win g :
Any: No s p ecific n et work n eed s t o b e g iv en.
S i ng l e Addres s : Limit t o o n e co mp u t er. Req u ires t h e IP ad d ress o f t h e co mp u ter
t h at will b e p art o f t h e d es tin atio n n etwo rk fo r t h is p ro tocol b in d in g
Addres s Rang e : Select if y o u wan t t o allo w co mp u t ers wit h in an IP ad d ress
ran g e t o b e a p art o f t h e d est inatio n n et work. Req u ire s St art ad dress and En d
ad d res s
S tart Addres s : IP ad d res s fro m wh ere t h e ran g e n eeds t o b egin , o r t h e s ing le
ad d res s if t h at is t h e d est inatio n n et work s elected.
End Addres s : IP ad d ress wh ere t h e ran ge n eeds t o en d
6.4
Routing Configuration
Ro u t in g b et ween t h e LA N an d Op t io n will imp act t h e way t h is co n t ro ller h an d les
t raffic t h at is receiv ed o n an y o f it s p h y s ical in t erfaces . Th e ro u t in g mo d e o f t h e
g at eway is co re t o t he b ehavio ur o f t h e t raffic flo w b et ween t h e s ecu re LA N an d t h e
in t ern et .
6.4.1 Routing Mode
Setup > Internet Settings > Routing Mode
Th is d ev ice s u p p o rt s clas s ical ro u t in g , n et wo rk ad d res s t ran s lat io n (NA T), an d
t ran s p o rt mo d e ro u t in g .

W it h cl a ssi ca l ro ut ing, d ev ices o n t h e LA N can b e d irect ly acces s ed fro m t h e
in t ern et b y t heir p u b lic IP ad d res ses (as sumin g ap pro priat e firewall s et t in gs). If
180
Wireless Controller
User Manual
y o u r ISP h as as s ig n ed an IP ad d res s fo r each o f t h e co mp u t ers t h at y o u u s e,
s elect Clas s ic Ro u t in g .

NA T is a t ech n iq u e wh ich allo ws s ev eral co mp u t ers o n a LA N t o s h are an
In t ern et co n n ect io n . Th e co mp u t ers o n t h e LA N u s e a " p riv at e" IP ad d res s
ran g e wh ile t h e Op t io n p o rt o n t h e co n t ro ller is co n fig u red wit h a s in g le
" p u b lic" IP ad d ress. A lo n g wit h co n nect ion s haring , NA T als o h id es in t ern al IP
ad d res ses fro m t h e co mp u t ers o n t h e In tern et . NA T is req u ired if y o u r ISP h as
as s ig ned o n ly o ne IP ad d ress t o y ou . Th e co mp u t ers t h at co n n ect t h ro u g h t h e
co n t ro ller will n eed t o b e as s ig n ed IP ad d res s es fro m a p riv at e s u b n et .

Tra nsp a rent ro ut i ng b et ween t h e LA N an d Op t io n d o es n o t p erfo rm NA T.
Bro ad cas t an d mu lt icast p ackets t h at arriv e o n t h e LA N in t erface are s wit ch ed
t o t h e Op t io n an d v ice v ers a, if t h ey d o n o t g et filt ered b y firewall o r VPN
p o licies . To main t ain t h e LA N an d Op t io n in t h e s ame b ro adcast d o main s elect
Tran s p aren t mo d e, wh ich allo ws b rid g in g o f t raffic fro m LA N t o Op t io n an d
v ice v ers a, excep t fo r co n t ro ller -t ermin at ed t raffic an d o t h er man ag emen t
t raffic . A ll DW C feat u res are s up port ed in t ran sparen t mo d e as sumin g t h e LAN
an d Op t io n are co n fig u red t o b e in t h e s ame b ro ad cas t d o main .

NA T ro u t in g h as a feat u re called “NA T Hair-p in n in g ” t h at allo ws in t ern al
n et wo rk u s ers o n t h e LA N an d DM Z t o acces s in t ern al s erv ers (eg . an
in t ern al FTP s erv er) u s in g t h eir ext ern ally -kn o wn d o main n ame. Th is is
als o referred t o as “NA T lo o p b ack” s in ce LA N g en erat ed t raffi c is
red irect ed t h ro u g h t h e firewall t o reach LA N s erv ers b y t h eir ext ern al
n ame.
181
Wireless Controller
User Manual
Figure 97 : Routing M ode is us e d to configure traffic routing be twe e n
Option and LAN, as we ll as Dynamic routing (RIP)
182
Wireless Controller
User Manual
6.4.2 Dynamic Routing (RIP)

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Setup > Internet Settings > Routing Mode
Dy n amic ro u t in g u s in g t h e Ro u t in g In fo rmat io n Pro t o co l (RIP) is an In t erio r
Gat eway Pro t o co l (IGP) t h at is co mmo n in LA Ns . W it h RIP t h is co n t ro ller can
exch an g e ro u t in g in fo rmat io n wit h o t h er s u ppo rted co nt rollers in t h e LA N an d allo w
fo r d y n amic ad ju s tmen t o f ro u t in g t ab les in o rd er t o ad ap t t o mo d ificat io n s in t h e
LA N wit h o u t in t erru p t in g t raffic flo w.
Th e RIP d irect io n will d efin e h o w t h is co n t ro ller s en d s an d receiv es RIP p acket s .
Ch o o s e b et ween :

B oth: Th e co n t ro ller b o t h b ro ad cas t s it s ro u t in g t ab le an d als o p ro ces s es
RIP in fo rmat io n receiv ed fro m o t h er co n t ro llers . Th is is t h e reco mmen d ed
s et t in g in o rd er t o fu lly u t ilize RIP cap ab ilit ies .

Out Onl y: Th e co n t ro ller b ro adcast s it s ro u tin g t ab le p erio d ically b u t d o es
n o t accep t RIP in fo rmat io n fro m o t h er co n t ro llers .

In Onl y: Th e co n t ro ller accep t s RIP in fo rmat io n fro m o t h er co n t ro ller, b u t
d o es n o t b ro ad cas t it s ro u t in g t ab le.

None : Th e co n t ro ller n eit her b roadcast s it s ro u te t able n o r d o es it accep t any
RIP p acket s fro m o t h er co n t ro llers . Th is effect iv ely d is ab les RIP.

Th e RIP v ers io n is d ep en d en t o n t h e RIP s u p p o rt o f o t h er ro u t in g
d ev ices in t h e LA N.

Di s abl ed: Th is is t h e s et t in g wh en RIP is d is ab led .
RIP-1 is a clas s -b ased ro u tin g v ersio n t h at d o es n o t in clu de s ub net in fo rmat io n. This
is t h e mo s t co mmo n ly s u p p o rt ed v ers io n .
RIP-2 in clu d es all t h e fu n ct io n alit y o f RIPv 1 p lu s it s u p p o rt s s u b n et in fo rmat io n .
Th o u g h t h e d at a is s en t in RIP -2 fo rmat fo r b o t h RIP-2B an d RIP-2M , t h e mo d e in
wh ich p acket s are s en t is d ifferen t . RIP-2B b ro ad cas t s d at a in t h e en t ire s u b n et
wh ile RIP-2M s en d s d at a t o mu lt icas t ad d res s es .
183
Wireless Controller
User Manual
If RIP-2B o r RIP-2M is t h e s elect ed v ersio n, au th en ticat io n b et ween t h is co n t ro ller
an d o t h er co n t ro llers (co n fig u red wit h t h e s ame RIP v ers io n ) is req u ired . M D5
au t h en ticat io n is u sed in a firs t / s eco n d key exch an g e p ro ces s . Th e au t h en t icat io n
key v alid it y lifet imes are co n fig u rab le t o en s u re t h at t h e r o u t in g in fo rmat io n
exch an g e is wit h cu rren t an d s u p p o rt ed co n t ro llers d et ect ed o n t h e LA N.
6.4.3 Static Routing
Advanced > Routing > Static Routing
Advanced > IPv6 > IPv6 Static Routing
M an u ally ad d ing s tatic ro u tes t o t h is d evice allo ws y o u t o d efin e t h e p at h s elect io n
o f t raffic fro m o n e in t erface t o an o t h er. Th ere is n o co mmu n icat io n b et ween t h is
co n t ro ller an d o t her d ev ices t o accoun t fo r ch ang es in t h e p at h; o n ce co n fig u red t h e
s t at ic ro u t e will b e act iv e an d effect iv e u n t il t h e n et wo rk ch an g es .
Th e Lis t o f St at ic Ro u t es d is play s all ro u t es t h at h av e b een ad d ed man u ally b y an
ad min is t rat o r an d allo ws s ev eral o p erat io n s o n t h e s t at ic ro u t es . Th e Lis t o f IPv 4
St at ic Ro u t es an d Lis t o f IPv 6 St at ic Ro u t es s h are t h e s ame field s (wit h o n e
excep t io n ):
Name : Name o f t h e ro u t e, fo r id en t ificat io n an d man ag emen t .
Acti ve : Det ermin es wh et h er t h e ro u te is activ e o r in activ e. A ro u t e can b e ad d ed t o
t h e t ab le an d mad e in act ive, if n o t n eeded. Th is allo ws ro u t es t o b e u s ed as n eed ed
wit h o u t d elet ing an d re -ad din g t h e en t ry. A n in activ e ro u t e is n o t b ro adcast if RIP is
en ab led .
Pri vate : Det ermin es wh et h er t h e ro u t e can b e s h ared wit h o t h er co n t ro llers wh en
RIP is en ab led . If t h e ro u t e is mad e p riv at e, t h en t h e ro u t e will n o t b e s h ared in a
RIP b ro ad cas t o r mu lt icas t . Th is is o n ly ap p licab le fo r IPv 4 s t at ic ro u t es .
Des ti nati on: t h e ro u t e will lead t o t h is d es t in at io n h o s t o r IP ad d res s .
IP S ubnet Mas k : Th is is v alid fo r IPv 4 n et wo rks o n ly, an d id ent ifies t h e s ub net that
is affect ed b y t h is s t at ic ro u t e
Interface : Th e p h y s ic al n et wo rk in t erface (Op t io n 1, Op t io n 2, DM Z o r LA N),
t h ro u g h wh ich t h is ro u t e is acces s ib le.
184
Wireless Controller
User Manual
Gateway: IP ad d ress o f t h e g ateway t h rou gh wh ich t h e d es t in at io n h o s t o r n et wo rk
can b e reach ed .
Metri c : Det ermin es t h e p rio rit y o f t h e ro u t e. If mu lt ip le ro u t es t o t h e s ame
d es t in at io n exis t , t h e ro u t e wit h t h e lo wes t met ric is ch o s en .
Figure 98 : Static route configurat io n fie lds
6.5
OSPF
Advanced > Routing > OSPF
Advanced > IPv6 > OSPF
Th is p ag e s ho ws t h e OSPFv 2 an d OSPFv 3 p aramet ers co nfig u red o n t h e co n t ro ller.
Yo u can als o ed it t h e co n fig u red p aramet ers fro m t h e OSPF co n fig u rat io n p ag e.
185
Wireless Controller
User Manual
Figure 99 : OSPFv2 s tatus – IPv4
Figure 100 : OSPFv3 s tatus – IPv6
186
Wireless Controller
User Manual
Figure 101 : OSPFv2 Configuratio n
OS PFv2 Enabl e : A ch eck b o x t o en ab le/ d is ab le OSPFv 2.
Interface : Th e p h y s ical n et wo rk in t erface o n wh ich OSPFv 2 is En ab led / Dis ab led .
Area: Th e area t o wh ich t h e in t erface b elo n g s .En t er v alu es fro m 1 t o 255 .Two
ro u t ers h avin g a co mmo n s eg men t; t h eir in t erfaces h av e t o b elo n g t o t h e s ame area
o n t h at s egmen t. Th e in t erfaces s hou ld b elo n g t o t h e s ame s u b n et an d h av e s imilar
mas k.
Pri ori ty:Help s t o d etermin e t h e OSPFv 2 d es ign at ed ro ut er fo r a n et wo rk.Th e ro u t er
wit h t h e h ig h es t p rio rit y will b e mo re elig ib le t o b eco me Des ig n ated Ro u t er. Set t in g
t h e v alu e t o 0, makes t h e ro u t er in elig ib le t o b eco me Des ig nated Ro u t er. Th e d efault
v alu e is 1.Lo wer v alu e mean s h ig h er p rio rit y .
Hel l oInterval :Th e n u mb er o f s eco n d s fo r Hello In t erv al t imer v alu e. Set t in g t h is
v alu e, Hello p acket will b e s en t ev ery t imer v alu e s eco nds o n t he s pecified in t erface.
187
Wireless Controller
User Manual
Th is v alu e mu s t b e t h e s ame fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e
d efau lt v alu e is 10 s eco n d s .
DeadInterval : Th e n u mb er o f s eco n d s t h at a d ev iceâ€™s h ello p acket s mu s t n o t
h av e b een s een b efore it s n eigh bors d eclare t h e OSPF ro u t er d o wn .Th is v alu e mu s t
b e t h e s ame fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk.Th e d efau lt v alu e is 40
s eco n d s . OSPF req u ires t h es e in t erv als t o b e exact ly t h e s ame b et ween t wo
n eig h b o rs . If an y o f t h es e in t erv als are d ifferen t , t h es e ro u t ers will n o t b eco me
n eig h b o rs o n a p art icu lar s eg men t
Cos t:Th e co s t o f s en d in g a p acket o n an OSPFv 2 in t erface.
Authenti cati on Type : Th is co lu mn d is p lay s t h e t y p e o f au t h en t icat io n t o b e u s ed
fo r OSPFv 2.If A u t h ent icat ion t yp e is n o n e t h e in t erface d o es n o t au t h en t icat e o s p f
p acket s .If A u thent icatio n Ty pe is Simp le t h en o sp f p acket s are au t h en t icat ed u s in g
s imp le t ext key .If A u t h enticatio n Ty p e is M D5 t h en t h e i n t erface au t henticat es o s p f
p acket s wit h M D5 au t h en t icat io n .
Authenti cati on Key: A s s ig n a s p ecific p as s wo rd t o b e u s ed b y n eig h b o rin g OSPF
ro u t ers o n a n et wo rk s egmen t t h at is u s ing A ut henticatio n. Ro u t ers in t h e s ame area
t h at wan t t o p art icip at e in t h e r o u t in g d o main will h av e t o b e co n fig u red wit h t h e
s ame key .
Md5 Key Id: In p u t t h e u n iq u e M D-5 key ID t o b e u s ed b y n eig h b o rin g OSPF
ro u t ers o n a n et wo rk s eg men t t h at is u s in g A u t h en t icat io n . Ty p e as M D5
Md5 Authenti cati on Key: In p u t t h e au t h key fo r t h is M D5 key t o b e u s ed b y
n eig h b o ring OSPF ro u t ers o n a n et work s eg ment t h at is u s in g A u t h en t icat io n Ty p e
as M D5
6.6
6to4 Tunneling
Advanced > IPv6 > 6to4 Tunneling
6t o 4 is an In t ern et t ran s it io n mech an is m fo r mig rat in g fro m IPv 4 t o IPv 6, a s y s t em
t h at allo ws IPv 6 p acket s t o b e t ran s mit t ed o v er an IPv 4 n et wo rk . Select t h e ch eck
b o x t o Enabl e Automati c Tunnel i ng an d allo w t raffic fro m an IPv 6 LA N t o b e s en t
o v er a IPv 4 Op t io n t o reach a remo t e IPv 6 n et wo rk.
188
Wireless Controller
User Manual
Figure 102 : 6to4 Tunne ling
189
Wireless Controller
6.7
User Manual
IGMP Setup

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Advanced > Advanced Network > IGPM Setup
A ct iv e IGM P s n o o p in g is referred t o as IGM P p ro xy . W h en in u s e IGM P p acket s
t h ro u g h t h e LA N are filt ered in o rd er t o red u ce t h e amo u n t o f mu lt icas t t raffic in t h e
n et wo rk..
Figure 103 : IGM P Se tup
Enabl e IGMP Proxy: Ch eck t h is t o en ab le IGM P p ro xy o n t h is LA N
Al l owed Network Addres s es : A ll t h e IP n et wo rk ad d res s es / h o s t ad d res s es o f t h e
mu lt icas t s o u rces are lis t ed h ere.
Network Addres s : Th e IP n et wo rk o r t h e h o s t ad d res s o f t h e mu lt icas t s o u rce.
Mas k Leng th: Th e len g t h o f t h e s u b n et mas k.
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
190
Wireless Controller
User Manual
Add: To ad d a n et wo rk/ h o s t ad d res s alo n g wit h mas k len g t h .
Edi t: To ed it a n et wo rk/ h o s t ad d res s alo n g wit h mas k len g t h .
Del ete: To d elet e a n et wo rk/ h o s t ad d res s alo n g wit h mas k len g t h ..
6.8
Option Port Settings
Advanced > Advanced Network > Option Port Setup
Th e p h y s ical p o rt s et t in g s fo r each Op t io n lin k can b e d efin ed h ere. If y o u r ISP
acco u n t d efin es t h e Op t io n p o rt s p eed o r is as s o ciat ed wit h a M A C ad d res s , t h is
in fo rmat io n is req u ired b y t h e co n t ro ller t o en s u re a s mo o t h co n n ect io n wit h t h e
n et wo rk.
Th e d efau lt M TU s ize s u p p o rt ed b y all p o rt s is 1500. Th is is t h e larg es t p acket s ize
t h at can p ass t h roug h t h e in t erface wit h o ut frag men t at io n. Th is s ize can b e in creas ed ,
h o wev er larg e p ackets can in t rod uce n etwo rk lag an d b rin g d own t h e in t erface s p eed .
No t e t h at a 1500 b y t e s ize p acket is t h e larg est allo wed b y t h e Et h ernet p ro to co l at the
n et wo rk lay er.
Th e p o rt s p eed can b e s en s ed b y t h e co n t ro ller wh en A u t o is s elect ed . W it h t h is
o p t io n t h e o p t imal p o rt s et t in g s are d et ermin ed b y t h e co n t ro ller an d n et wo rk. Th e
d u p lex (h alf o r fu ll) can b e d efin ed b ased o n t h e p o rt su ppo rt, as well as o n e o f t h ree
p o rt s p eeds: 10 M b p s , 100 M b p s an d 1000 M b p s (i.e. 1 Gb p s ). Th e d efau lt s et t in g is
100 M b p s fo r all p o rt s .
Th e d efau lt M A C ad d res s is d efin ed d u rin g t h e man u fact u rin g p ro ces s fo r t h e
in t erfaces , and can u n iq uely id en tify t h is co n t ro ller. Yo u can cu s t o mize each Op t io n
p o rt ‟s M A C ad d ress as n eeded, eit h er b y let t in g t h e Op t io n p o rt as s u me t h e cu rren t
LA N h o s t ‟s M A C ad d res s o r b y en t erin g a M A C ad d res s man u ally .
191
Wireless Controller
User Manual
Figure 104 : Phys ical Option port s e ttings
192
Wireless Controller
6.9
User Manual
IP Aliases

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Setup > Internet Settings > IP Aliases
Th e Lis t o f IP A lias es d is p lay s t h e co n fig u red IP A lias es o n t h e co n t ro ller.
Figure 105 : IP Alias e s
Interface Name : Th e in t erface o n wh ich t h e A lias was co n fig u red .
IP Addres s : Th e IP A d d res s o f t h e co n fig u red IP A lias .
S ubnet Mas k : Th e Su b n et M as k o f t h e co n fig u red IP A lias .
Th e fo llo win g act io n s are s u p p o rt ed fro m t h is p ag e :
Edi t: Op en s t h e IP A lias co n fig u rat io n p ag e t o ed it t h e s elect ed IP A lias
Add: Op en s t h e IP A lias co n fig u rat io n p ag e t o ad d a n ew IP A lias .
Del ete : Delet es t h e s elect ed IP A lias es .
193
Wireless Controller
User Manual
Chapter 7. Securing the Private
Network

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Yo u can s ecu re y ou r n etwo rk b y creatin g an d ap p lyin g ru les t hat y o ur co n troller u s es to
s elect iv ely b lo ck an d allo w in b o u n d an d o u t b o u n d In t ern et t raffic. Yo u t h en s p ecify
h o w an d t o wh o m t h e ru les ap p ly . To d o s o , y o u mu s t d efin e t h e fo llo win g :

Serv ices o r t raffic t y p es (examp le s : web b ro ws in g , Vo IP, o t h er s t an d ard s erv ices
an d als o cu s t o m s erv ices t h at y o u d efin e)

Direct io n fo r t h e t raffic b y s p ecifyin g t h e s ource an d d es t in at io n o f t raffic; t h is is
d o n e b y s pecify in g t h e “Fro m Zo n e” (LA N/ Op t io n / DM Z) an d “To Zo n e” (LA N/
Op t io n / DM Z)

Sch ed u les as t o wh en t h e co n t ro ller s h o u ld ap p ly ru les

A n y Key wo rd s (in a d o main n ame o r o n a URL o f a web p ag e) t h at t h e co n t ro ller
s h o u ld allo w o r b lo ck

Ru les fo r allo win g o r b lo ckin g in b o un d an d o u tb oun d In t ern et t raffic fo r s p ecified
s erv ices o n s p ecified s ch ed u les

M A C ad d res s es o f d ev ices t h at s h o u ld n o t acces s t h e in t ern et

Po rt t rig g ers t h at s ign al t h e co ntro ller t o allo w o r b lo ck acces s t o s pecified s ervices
as d efin ed b y p o rt n u mb er

Rep o rt s an d alert s t h at y o u wan t t h e co n t ro ller t o s en d t o y o u
Yo u can , fo r examp le, es t ab lis h res t rict ed -acces s p o licies b as ed o n t ime -o f-d ay , web
ad d res ses, an d web ad d ress key wo rd s . Yo u can b lo ck In t ern et acces s b y ap p licat io n s
an d s erv ices o n t h e LA N, s u ch as ch at ro o ms o r g ames . Yo u can b lo ck ju s t cert ain
g ro u p s o f PCs o n y o u r n et wo rk fro m b ein g acces s ed b y t h e Op t io n o r p u b lic DM Z
n et wo rk.
194
Wireless Controller
7.1
User Manual
Firewall Rules
Advanced > Firewall Settings > Firewall Rules
In b o u n d (Op t io n t o LA N/ DM Z) ru les rest rict access t o t raffic en t erin g y o u r n et wo rk,
s elect iv ely allo win g o n ly s pecific o u t side u sers t o access s p ecific lo cal res o u rces . By
d efau lt all acces s fro m t h e in s ecure Op t io n s ide are b lo cked fro m acces sin g t h e s ecu re
LA N, excep t in res p o n s e t o req u es t s fro m t h e Op t io n o r DM Z. To allo w o u t s id e
d ev ices t o access s erv ices o n t h e s ecu re LA N, y o u mu s t creat e an in b o u n d fire wall
ru le fo r each s erv ice.
If y o u wan t t o allo w in co min g t raffic, y o u mu s t make t h e co n t ro llers Op t io n p o rt IP
ad d res s kn o wn t o t h e p u blic. Th is is called “exp o sin g y o ur h o st.” Ho w y o u make y o u r
ad d res s kn o wn d ep en ds o n h o w t h e Op t io n p o rt s are co n fig u red ; fo r t h is co n t ro ller
y o u may u s e t h e IP ad d ress if a s t at ic ad dress is assig ned t o t h e Op t io n p o rt , o r if y our
Op t io n ad d res s is d y n amic a DDNS (Dy n amic DNS) n ame can b e u s ed .
Ou t b o u nd (LA N/ DM Z t o Op t io n) ru les res trict access t o t raffic leav ing y ou r n et w o rk,
s elect iv ely allo win g o n ly s pecific lo cal u s ers t o access s p ecific o u tsid e res ou rces. The
d efau lt o u t b o u n d ru le is t o allo w acces s fro m t h e s ecu re zo n e (LA N) t o eit h er t h e
p u b lic DM Z o r in s ecu re Op t io n. On o t h er h an d t h e d efau lt o u t b o u n d ru le is t o d en y
acces s fro m DM Z t o in s ecu re Op t io n. Yo u can ch an g e t h is d efau lt b eh av io u r in t h e
Firewall Settings > Default Outbound Policy p ag e. W h en t h e d efau lt o u t b o u n d
p o licy is allo w alway s , y o u can t o b lo ck h o s t s o n t h e LA N fro m acces s in g in t ern et
s erv ices b y creat in g an o u t b o u n d firewall ru le fo r each s erv ice.
195
Wireless Controller
User Manual
Figure 106 : Lis t of Available Fire wal l Rule s
7.2
Defining Rule Schedules
Tools > Schedules
Firewall ru les can b e en abled o r d is ab led au t o mat ically if t h ey are as s o ciat ed wit h a
co n fig u red s chedule. Th e s ched u le co n fig u rat io n p ag e allo ws y o u t o d efin e d ay s o f
t h e week an d t h e t ime o f d ay fo r a n ew s ch ed u le, an d t h en t h is s ch ed u le can b e
s elect ed in t h e firewall ru le co n fig u rat io n p ag e.

A ll s ch ed ules will fo llo w t h e t ime in t h e co n tro ller‟s co n fig u red t ime zo n e.
Refer t o t h e s ect io n o n ch o o s in g y o u r Time Zo n e an d co n fig u rin g NTP
s erv ers fo r mo re in fo rmat io n .
196
Wireless Controller
User Manual
Figure 107 : Lis t of Available Sche dule s to bind to a fire wal l rule
7.3
Configuring Firewall Rules

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Advanced > Firewall Settings > Firewall Rules
A ll co n fig u red firewall ru les o n t h e con tro ller are d is play ed in t h e Firewall Ru les lis t .
Th is lis t als o in d icat es wh et h er t h e ru le is en ab led (act iv e) o r n o t , an d g iv es a
s u mmary o f t h e Fro m/ To zo n e as well as t h e s erv ices o r u s ers t h at t h e ru le affect s .
To creat e a n ew firewall ru les , fo llo w t h e s t ep s b elo w:
1. View the existing rules in the List of Available Firewall Rules table.
2. To edit or add an outbound or inbound services rule, do the following:

To ed it a ru le, click t h e ch eckb o x n ext t o t h e ru le an d click Ed it t o
reach t h at ru le‟s co n fig u rat io n p ag e.

To ad d a n ew ru le, click A d d t o b e t aken t o a n ew ru le‟s co n fig u rat io n
p ag e. On ce creat ed, t h e n ew ru le is au t o mat ically ad d ed t o t h e o rig in al
t ab le.
197
Wireless Controller
User Manual
3. Chose the From Zone to be the source of originating traffic: either the secure LAN, public
DMZ, or insecure Option. For an inbound rule Option should be selected as the From
Zone.
4. Choose the To Zone to be the destination of traffic covered by this rule. If the From Zone
is the Option, the to Zone can be the public DMZ or secure LAN. Similarly if the From
Zone is the LAN, then the To Zone can be the public DMZ or insecure Option.
5. Parameters that define the firewall rule include the following:

Serv ice: A NY mean s all t raffic is affect ed b y t h is ru le. Fo r a s p ecific
s erv ice t h e d ro p d o wn lis t h as co mmo n s erv ices , o r y o u can s elect a
cu s t o m d efin ed s erv ice.

A ct io n & Sch ed u le: Select o n e o f t h e 4 act io n s t h at t h is ru le d efin es :
BLOCK alway s , A LLOW alway s , BLOCK b y s ch ed u le o t h erwis e
A LLOW , o r A LLOW b y s ch ed u le o t h erwis e BLOCK. A s ch ed u le mu s t
b e p reco n fig ured in o rd er fo r it t o b e av ailab le in t h e d ro p d o wn lis t t o
as s ig n t o t h is ru le.

So u rce & Des t in at io n u sers: Fo r each relev an t cat ego ry, s elect t he u sers
t o wh ich t h e ru le ap p lies :


A n y (all u s ers )

Sin g le A d d res s (en t er an IP ad d res s )

A d d res s Ran g e (en t er t h e ap p ro p riat e IP ad d res s ran g e)
Lo g : t raffic t h at is filt ered b y t h is ru le can b e lo g g ed ; t h is req u ires
co n fig u rin g t h e co n t ro ller‟s lo g g in g feat u re s ep arat ely .

Qo S Prio rit y : Ou t b o u n d ru les (wh ere To Zo n e = in s ecu re Op t io n o n ly )
can h av e t h e t raffic marked wit h a Qo S p rio rit y t ag . Select a p rio rit y
lev el:


No rmal-Serv ice: To S=0 (lo wes t Qo S)

M in imize -Co s t : To S=1

M aximize -Reliab ilit y : To S=2

M aximize -Th ro u g h p u t : To S=4
M in imize -Delay : To S=8 (h ig h es t Qo S)
198
Wireless Controller
User Manual
6. Inbound rules can use Destination NAT (DNAT) for managing traffic from the Option.
Destination NAT is available when the To Zone = DMZ or secure LAN.

W it h an in b o u n d allo w ru le y o u can en t er t h e in t ern al s erv er ad d res s
t h at is h o s t in g t h e s elect ed s erv ice.

Yo u can en ab le p o rt fo rward in g fo r an in co min g s erv ice s p ecific ru le
(Fro m Zo n e = Op t io n ) b y s electin g t h e app rop riat e ch eckb o x. Th is will
allo w t h e s elect ed s erv ice t raffic fro m t h e in t ern et t o reach t h e
ap p ro p riat e LA N p o rt v ia a p o rt fo rward in g ru le.

Tran s lat e Po rt Nu mb er: W it h p o rt fo rward in g , t h e in co min g t raffic t o
b e fo rward ed t o t h e p o rt n u mb er en t ered h ere.

Ext ern al IP ad d res s : Th e ru le can b e b o u n d t o a s p ecific Op t io n
in t erface b y s elect in g eit h er t h e p rimary Op t io n o r co n fig u rab le p o rt
Op t io n as t h e s o u rce IP ad d res s fo r in co min g t raffic.

Th is co n t roller s u pp orts mu lt i-NA T an d s o t h e Ext ern al IP ad d res s d oes n ot
n eces s arily h av e t o b e t h e Op t io n ad d res s . On a s in g le Op t io n in t erface,
mu lt ip le p u b lic IP ad d res s es are s u p p o rt ed . If y o u r ISP as s ig n s y o u mo re
t h an o n e p u b lic IP ad d res s , o n e o f t h es e can b e u s ed as y o u r p rimary IP
ad d res s o n t h e Op t ion p ort , an d t h e o t hers can b e as sign ed t o s ervers o n t h e
LA N o r DM Z. In t h is way t h e LA N/ DM Z s erv er can b e acces s ed fro m t h e
in t ern et b y it s alias ed p u b lic IP ad d res s .
7. Outbound rules can use Source NAT (SNAT) in order to map (bind) all LAN/DMZ traffic
matching the rule parameters to a specific Option interface or external IP address (usually
provided by your ISP).
On ce t h e n ew o r mo d ified ru le p aramet ers are s av ed , it ap p ears in t h e mas t er lis t o f
firewall ru les . To en ab le o r d is ab le a ru le, click t h e ch eckb o x n ext t o t h e ru le in t h e
lis t o f firewall ru les an d ch o o s e En ab le o r Dis ab le.

Th e co n t ro ller ap p lies firewall ru les in t h e o rd er lis t ed . A s a g en eral ru le,
y o u s h o uld mo v e t h e s trict est ru les (t h ose wit h t h e mo s t s pecific s erv ices or
ad d res ses) t o t h e t o p o f t h e lis t . To reo rd er ru les , click t h e ch eckb ox n ext t o
a ru le an d click u p o r d o wn .
199
Wireless Controller
User Manual
Figure 108 : Example whe re an outbound SNAT rule is us e d to map an
e xte rnal IP addre s s (209.156.200.225) to a private DM Z IP
addre s s (10.30.30.30 )
200
Wireless Controller
User Manual
Figure 109 : The fire wal l rule configuratio n page allows you to de fine the
To/From zone , s e rvice , action, s che dule s , and s pe cify
s ource /de s tination IP addre s s e s as ne e de d.
201
Wireless Controller
User Manual
7.3.1 Firewall Rule Configuration Examples
Exampl e 1 : A llo w in b o u n d HTTP t raffic t o t h e DM Z
S i tuati on: Yo u h o s t a p u b lic web s erv er o n y o u r lo cal DM Z n et wo rk. Yo u wan t t o
allo w in b o u n d HTTP req u ests fro m an y o u t sid e IP ad d ress t o t h e IP ad d res s o f y o u r
web s erv er at an y t ime o f d ay .
S ol uti on: Creat e an in b o u n d ru le as fo llo ws .
Par am eter
V alu e
From Zone
Insecure (Option 1/ Option2)
To Zone
Public (DMZ)
Service
HTTP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.5.2 (w eb server IP address)
Destination Users
Any
Log
Never
Exampl e 2 : A llo w v id eo co n feren cin g fro m ran g e o f o u t s id e IP ad d res s es
S i tuati on: Yo u wan t t o allo w in co min g v id eo co n feren cin g t o b e in it iat ed fro m a
res t rict ed ran g e o f o u t s id e IP ad d res s es (132.177.88.2 - 132.177.88.254), fro m a
b ran ch o ffice.
S ol uti on: Creat e an in b o u n d ru le as fo llo ws . In t h e examp le, CUSeeM e (t h e v id eo
co n feren ce s erv ice u s ed ) co n n ect io n s are allo wed o n ly fro m a s p ecified ran g e o f
ext ern al IP ad d res s es .
202
Wireless Controller
User Manual
Par am eter
V alu e
From Zone
Insecure (Option 1/ Option2)
To Zone
Secure (LAN)
Service
CU-SEEME:UDP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.10.11
Destination Users
Address Range
From
132.177.88.2
To
134.177.88.254
Enable Port Forw arding
Yes (enabled)
Exampl e 3 : M u lt i-NA T co n fig u rat io n
S i tuati on: Yo u wan t t o co n fig u re mu lt i-NA T t o s u p p o rt mu lt ip le p u b lic IP
ad d res s es o n o n e Op t io n p o rt in t erface.
S ol uti on: Creat e an in b o u n d ru le t h at co n fig u res t h e firewall t o h o s t an ad d it io n al
p u b lic IP ad d res s . A s s o ciat e t h is ad d res s wit h a web s erv er o n t h e DM Z. If y o u
arran g e wit h y o u r ISP t o h av e mo re t h an o ne p u blic IP ad d ress fo r y o u r u se, y ou can
u s e t h e ad dit io nal p u blic IP ad d resses t o map t o s erv ers o n y o u r LA N. On e o f t h es e
p u b lic IP ad d resses is u sed as t h e p rimary IP ad d res s o f t h e co n troller. Th is ad d res s
is u s ed t o p ro v id e In t ern et acces s t o y o u r LA N PCs t h ro u g h NA T. Th e o t h er
ad d res s es are av ailab le t o map t o y o u r DM Z s erv ers .
Th e fo llo win g ad d res s in g s ch eme is u s ed t o illu s t rat e t h is p ro ced u re:

Op t io n IP ad d res s : 10.1.0.118
203
Wireless Controller
User Manual

LA N IP ad d res s : 192.168.10.1; s u b n et 255.255.255. 0

W eb s erv er h o s t in t h e DM Z, IP ad d res s : 192.168.12.222

A cces s t o W eb s erv er: (s imu lat ed ) p u b lic IP ad d res s 10.1.0.52
E am eter
Par
V alu e
x
a
From Zone
Insecure ( Option 1/ Option 2)
m
p
To Zone
Public (DMZ)
l
e
Service
HTTP
4
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.12.222 ( w eb server local IP address)
:
B
l
Destination
Users
o
Single Address
c
From
10.1.0.52
E Users
Option
Any
x
a
Log
Never
m
pl e 4 : Blo ck t raffic b y s ch ed u le if g en erat ed fro m s p ecific ran g e o f mach in es
Us e Cas e: Blo ck all HTTP t raffic o n t h e weeken d s if t h e req u es t o rig in at es fro m a
s p ecific g ro u p o f mach in es in t h e LA N h av in g a kn o wn ran g e o f IP ad d res s es , an d
an y o n e co min g in t h ro u g h t h e Net wo rk fro m t h e Op t io n (i.e. all remo t e u s ers ).
Confi g urati on:
1. Setup a schedule:

To s et u p a s ch ed u le t h at affect s t raffic o n weeken d s o n ly , n av ig at e t o
Secu rit y : Sch ed u le, an d n ame t h e s ch ed u le “W eeken d ”
204
Wireless Controller

User Manual
Defin e “weeken d ” t o mean 12 am Sat u rd ay mo rn in g t o 12 am M o n d ay
mo rn in g – all d ay Sat u rd ay & Su n d ay

In t h e Sch ed u led d ays b o x, ch eck t h at y ou wan t t h e s chedu le t o b e act ive fo r
“s p ecific d ay s ”. Select “Sat u rd ay ” an d “Su n d ay ”

In t h e s ch edu led t ime o f d ay , s elect “all d ay ” – t h is will ap p ly t h e s ch ed u le
b et ween 12 am t o 11:59 p m o f t h e s elect ed d ay .

Click ap p ly – n o w s ch ed u le “W eeken d ” is o lat es all d ay Sat u rd ay an d
Su n d ay fro m t h e res t o f t h e week.
Figure 110 : Sche dule configurat io n for the above e xample .
2. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (Option
1/ Option2) that is to be blocked according to schedule “Weekend”.
3. Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined
schedule and make sure the rule is a blocking rule during the defined dates/times. All
other times outside the schedule will not be affected by this firewall blocking rule
205
Wireless Controller
User Manual
4. As we defined our schedule in schedule “Weekend”, this is available in the dropdown
menu
5. We want to block the IP range assigned to the marketing group. Let‟s say they have IP
192.168.10.20 to 192.168.10.30. On the Source Users dropdown, select Address Range
and add this IP range as the from and To IP addresses.
6. We want to block all HTTP traffic to any services going to the insecure zone. The
Destination Users dropdown should be “any”.
7. We don‟t need to change default QoS priority or Logging (unless desired) – clicking apply
will add this firewall rule to the list of firewall rules.
8. The last step is to enable this firewall rule. Select the rule, and click “enable” below the
list to make sure the firewall rule is active
7.4
Security on Custom Services
Advanced > Firewall Settings > Custom Services
Cu s t o m s erv ices can b e d efin ed t o ad d t o t he lis t o f s ervices av ailab le d u rin g firewall
ru le co n fig u rat io n . W h ile co mmo n s erv ices h av e kn o wn TCP/ UDP/ ICM P p o rt s fo r
t raffic, man y cu s t o m o r u n co mmo n ap p licat io n s exis t in t h e LA N o r Op t io n . In t h e
cu s t om s erv ice co nfig uratio n men u y o u can d efin e a ran g e o f p o rt s an d id en t ify t h e
t raffic t y p e (TCP/ UDP/ ICM P) fo r t h is s erv ice. On ce d efin ed , t h e n ew s erv ice will
ap p ear in t h e s erv ices lis t o f t h e firewall ru les co n fig u rat io n men u .
206
Wireless Controller
User Manual
Figure 111 : Lis t of us e r de fine d s e rvice s .
7.5
ALG support
Advanced > Firewall Settings > ALGs
A p p licat io n Lev el Gat eway s (A LGs ) are s ecu rit y co mp o nent t hat en h ance t h e firewall
an d NA T s u p p ort o f t h is co ntro ller t o s eamles sly s u ppo rt ap plicat ion lay er p ro t o co ls .
In s o me cas es en ab lin g t h e A LG will allo w t h e firewall t o u s e d y n amic ep h emeral
TCP/ UDP p o rt s t o co mmu n icat e wit h t h e kn o wn p ort s a p art icu lar clien t ap p licat i o n
(s u ch as H.323 o r RTSP) req u ires , wit h o ut wh ich t he ad min wo u ld h av e t o o p en larg e
n u mb er o f p o rt s t o accomp lis h t h e s ame s u p p o rt . Becau s e t h e A LG u n d ers t an d s t h e
p ro t o co l u s ed b y t h e s p ecific ap p licat io n t h at it s u p p o rt s , it is a v ery s ecu re an d
efficien t way o f in t ro d u cin g s upp o rt fo r clien t ap p licat io n s t h ro u g h t h e co n t ro ller‟s
firewall.
207
Wireless Controller
User Manual
Figure 112 : Available ALG s upport on the controlle r.
7.6
VPN Passthrough for Firewall
Advanced > Firewall Settings > VPN Passthrough
Th is co n t roller‟s firewall s et t in g s can b e co n fig u red t o allo w en cry p t ed VPN t raffic
fo r IPs ec, PPTP, an d L2TP VPN t u n n el co nn ectio ns b et ween t h e LA N an d in t ern et . A
s p ecific firewall ru le o r s erv ice is n o t ap p ro p riat e t o in t ro d u ce t h is p as s t h ro u g h
s u p p ort ; in s tead t he ap p ro p riat e ch eck b o xes in t h e VPN Pas s t h ro u g h p ag e mu s t b e
en ab led .
208
Wireless Controller
User Manual
Figure 113 : Pas s through options for VPN tunne ls
7.7
Client
Advanced > Client
Th e Kn o wn Clien t Su mmary s h o ws t h e wireles s clien ts cu rrently in t h e Kn o wn Clien t
Dat ab as e an d allo ws y o u t o ad d n ew clien t s o r mo d ify exis t in g clien t s t o t h e d atabase.
MAC Addres s : Sh o ws t h e M A C ad d res s o f t h e kn o wn clien t .
Name : Sh o ws t h e d escrip tiv e n ame co n fig ured fo r t h e clien t wh en it was ad ded t o t h e
Kn o wn Clien t d at ab a s e.
Authenti cati on Acti on: W h en M A C au t h en t icat io n is en ab led o n t h e n et wo rk, t h is
field s h o ws t h e act io n t o t ake o n a wireles s clien t . Th e fo llo win g o p t io n s are
av ailab le.
Grant: A llo w t h e clien t wit h t h e s p ecified M A C ad d res s t o acces s t h e n et wo rk.
Deny: Pro h ib it t h e clien t wit h t h e sp ecified M A C ad dress fro m acces sing t he n etwo rk.
209
Wireless Controller
User Manual
Gl obal Acti on: Us e t h e g lo b al wh it e -lis t o r b lack-lis t act io n co n fig u red o n t h e
A d v an ced Glo b al Co n fig u rat io n p ag e t o d et ermin e h o w t o h an d le t h e clien t .
Figure 114 : Lis t of Known Clie nts
Th e fo llo win g act io n s are s u ppo rted fro m t h is p ag e:
Add: A d d ‟s a clien t wit h t h e M A C ad dress y ou en ter in t h e field t o t h e Kn o wn Clien t
d at ab ase.
Del ete : Remo v es t h e s elected clien t fro m t h e Kn o wn Clien t d at ab ase.
Edi t: ch an g es t h e s ett ing o f p art icular M A C ad d ress
7.8
Application Rules

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Advanced > Application Rules > Application Rules
A p p licat io n ru les are als o referred t o as p o rt t rig g erin g . Th is feat u re allo ws d ev ices
o n t h e LA N o r DM Z t o req u es t o n e o r mo re p o rt s t o b e fo rward ed t o t h em. Po rt
210
Wireless Controller
User Manual
t rig g erin g wait s fo r an o u t b o u n d req u es t fro m t h e LA N/ DM Z o n o n e o f t h e d efin ed
o u t g o ing p ort s, an d t h en o pens an in co min g p ort fo r t h at s pecified t y pe o f t raffic. This
can b e t h o u g h t o f as a fo rm o f d y n amic p o rt fo rward in g wh ile an ap p licat io n is
t ran s mit t in g d at a o v er t h e o p en ed o u t g o in g o r in co min g p o r t (s ).
Po rt t rig g erin g ap plicat ion ru les are mo re flexib le t h an s t at ic p o rt fo rward in g t h at is
an av ailab le o p t io n wh en co nfig urin g firewall ru les . Th is is b ecaus e a p o rt t rig g erin g
ru le d o es n o t h ave t o referen ce a s p ecific LA N IP o r IP ran g e. A s well p o r t s are n o t
left o p en wh en n o t in u s e, t h ereby p ro vid in g a lev el o f s ecu rit y t h at p o rt fo rward in g
d o es n o t o ffer.

Po rt t rig g erin g is n o t ap p ro p riat e fo r s erv ers o n t h e LA N, s in ce t h ere is a
d ep en d en cy o n t h e LA N d ev ice makin g an o u t g o in g co n n ect io n b efo re
in co min g p o rt s are o p en ed .
So me ap p licat io n s req uire t h at wh en ext ern al d ev ices co n n ect t o t h em, t h ey receiv e
d at a o n a s p ecific p o rt o r ran g e o f p o rts in o rd er t o fu n ct io n p ro p erly . Th e co n t ro ller
mu s t s en d all in co min g d at a fo r t h at ap plicatio n o nly o n t he req uired p o rt o r ran g e o f
p o rt s . Th e co ntro ller h as a lis t o f co mmo n ap p licat io ns an d g ames wit h co rrespo ndin g
o u t b o und an d in b ou nd p o rt s t o o p en . Yo u can als o s p ecify a p o rt t rig g erin g ru le b y
d efin in g t h e t y p e o f t raffic (TCP o r UDP) an d t h e ran g e o f in co min g an d o u t g o in g
p o rt s t o o p en wh en en ab led .
Figure 115 : Lis t of Available Applicat io n Rule s s howing 4 unique rule s
211
Wireless Controller
User Manual
Th e ap p licat io n ru le s t atus p age will lis t an y act iv e ru les , i.e. in co min g p o rt s t h at are
b ein g t rig g ered b as ed o n o u t b o u n d req u es t s fro m a d efin ed o u t g o in g p o rt .
7.9
Application Rules Status
Advanced > Application Rules > Application Rules Status
Th is p ag e allo ws d is playin g t h e lis t o f av ailable ap plicat ion ru les an d co rres p o n d in g
s at u s
Figure 116 : Lis t of Available Applicat io n Rule s and corre s ponding s tatus
.
7.10 Web Content Filtering
Th e g at eway o ffers s ome s t andard web filt erin g o p t io n s t o allo w t h e ad min t o eas ily
creat e in t ern et access p o licies b etween t h e s ecu re LA N an d in s ecu re Op t io n . In s t ead
o f creat in g p o licies b as ed o n t h e t y p e o f t raffic (as is t h e cas e wh en u s in g firewall
ru les ), web b as ed co n t en t it s elf can b e u s ed t o d et ermin e if t raffic is allo wed o r
d ro p p ed .
212
Wireless Controller
User Manual
7.10.1 Content Filtering

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Advanced > Website Filter > Content Filtering
Co n t en t filt erin g mu s t b e en abled t o co n figu re an d u se t h e s ubsequent featu res (lis t o f
Tru s t ed Do main s , filt erin g o n Blo cked Key wo rds , et c.). Pro xy s erv ers , wh ich can b e
u s ed t o circu mv en t cert ain firewall ru les an d t h u s a p o t en t ial s ecu rit y g ap , can b e
b lo cked fo r all LA N d ev ices . Jav a ap p let s can b e p rev en t ed fro m b ein g d o wn lo ad ed
fro m in t ern et s it es , an d s imilarly t h e g at eway can p rev en t A ct iv eX co n t ro ls fro m
b ein g d o wn lo aded v ia In t ernet Exp lo rer. Fo r ad d ed s ecu rit y co o kies , wh ich t y p ically
co n t ain s es s io n in fo rmat io n , can b e b lo cked as well fo r all d ev ices o n t h e p riv at e
n et wo rk.
213
Wireless Controller
User Manual
Figure 117 : Conte nt Filte ring us e d to block acce s s to proxy s e rve rs and
pre ve nt Active X controls from be ing downloade d
7.10.2 Approv ed URLs
Advanced > Website Filter > Approved URLs
Th e A p p ro ved URLs is an accep t ance lis t fo r all URL d o main n ames . Do main s ad d ed
t o t h is lis t are allo wed in an y fo rm. Fo r examp le, if t h e d o main “y ah o o ” is ad d ed t o
t h is lis t t h en all o f t h e fo llo win g URL‟s are p ermit t ed acces s fro m t h e LA N:
www.yahoo.com, yahoo.co.uk, et c. Imp o rt / exp o rt fro m a t ext o r CSV file fo r
A p p ro v ed URLs is als o s u p p o rt ed
214
Wireless Controller
User Manual
Figure 118 : Two trus te d domains adde d to the Approve d URLs Lis t
7.10.3 Blocked Keywords
Advanced > Website Filter > Blocked Keywords
Key wo rd b lo ckin g allo ws y o u t o b lo ck all web s it e URL‟s o r s it e co n t ent t h at con tains
t h e key wo rd s in t h e co n fig u red lis t . Th is is lo wer p rio rit y t h an t h e A p p ro v ed URL
Lis t ; i.e. if t h e b lo cked key wo rd is p res en t in a s it e allo wed b y a Tru s t ed Do main in
t h e A p p ro ved URL Lis t , t h en access t o t hat s it e will b e allo wed . Imp o rt / exp o rt fro m a
t ext o r CSV file fo r key wo rd b lo ckin g is als o s u p p o rt ed .
215
Wireless Controller
User Manual
Figure 119 : One k e yword adde d to the block lis t
7.10.4 Export W eb Filter
Advanced > Website Filter > Export
Export Approved URLs : Feat u re en ab les t h e u s er t o exp o rt t h e URLs t o b e allo wed
t o a cs v file wh ich c an t h en b e d own lo aded t o t h e lo cal h o st . Th e u s er h as t o click t h e
exp o rt b u t t o n t o g et t h e cs v file.
Export B l ock ed Keywords : Th is feat u re en ables t h e u s er t o exp o rt t h e key wo rd s t o
b e b lo cked t o a cs v file wh ich can t h en b e d o wn loaded t o t h e lo cal h o st. Th e u s er h as
t o click t h e exp o rt b u t t o n t o g et t h e cs v file .
216
Wireless Controller
User Manual
Figure 120 : Export Approve d URL lis t
7.11 IP/MAC Binding
Advanced > IP/MAC Binding
A n o t h er av ailab le securit y meas u re is t o o n ly allo w o u t bou nd t raffic (fro m t h e LA N to
Op t io n ) wh en t h e LA N n o d e h as an IP ad d ress mat ch ing t he M A C ad d ress b o und t o it.
Th is is IP/ M A C Bin d in g , an d b y en fo rcin g t h e g ateway t o v alid ate t h e s ou rce t raffic‟s
IP ad d res s wit h t h e u n iq u e M A C A d d res s o f t h e co n fig u red LA N n o d e, t h e
ad min is t rat o r can en sure t raffic fro m t h at IP ad d res s is n ot s poo fed . In t h e ev en t o f a
v io lat io n (i.e. t h e t raffic‟s s ou rce IP ad d ress d oesn‟t mat ch u p wit h t h e exp ect ed MAC
ad d res s h avin g t h e s ame IP ad d ress) t h e p ackets will b e d ro p p ed an d can b e lo g ged for
d iag n o s is .
217
Wireless Controller
User Manual
Figure 121 : Example binding a LAN hos t’s M AC Addre s s to a s e rve d IP
addre s s
In t h e ab o v e examp le , if t h ere is an IP/ M A C Bin d in g v io lat io n , t h e v io lat in g p acket
will b e d ro p p ed an d lo g s will b e cap t u red .
7.12 RADIUS Settings
Advanced > RADUIS Settings
Fro m t h e RA DIUS Serv er Co n fig u rat io n p ag e, y o u can ad d a n ew RA DIUS s erv er,
co n fig u re s et t in g s fo r a n ew o r exis t in g RA DIUS s erv er, an d v iew RA DIUS s erv er
s t at u s in fo rmat io n .
218
Wireless Controller
User Manual
Figure 122 : RADIUS Se rve r Configuratio n
Authenti cati on S erver IP Addres s (Pri mary) : IP ad d res s o f t h e p rimary RA DIUS
au t h en t icat io n s erv e r.
Authenti cati on S erver IP Addres s (S econdary) : IP ad d res s o f t h e s eco n d ary
RA DIUS au t h en t icat io n s erv er.
Authenti cati on Port: RA DIUS au t h en ticatio n s erver p o rt t o s en d RA DIUS mes s ag es .
S ecret: Secret key t h at allo ws t h e d ev ice t o lo g in t o t h e co nfig ured RA DIUS s erv er. It
mu s t mat ch t h e s ecret o n RA DIUS s erv er.
Ti meout: Set t h e amo u n t o f t ime in s eco n d s , t h e ro u t er s h o u ld wait fo r a res p o n s e
fro m t h e RA DIUS s erv er.
219
Wireless Controller
User Manual
Retri es : Th is d et ermin es t h e n u mb er o f t ries t h e ro u t er will make t o t h e RA DIUS
s erv er b efo re g iv in g u p .
7.13 Switch Settings
Advanced > Switch Settings
Th is p ag e allo ws u s er t o en ab le/ d is ab le p o wer s av in g , ju mb o frames in t h e ro u t er.
Figure 123 : Switch s e ttings
Power S avi ng S tate: W h en en ab led , t h e t o t al p o wer t o t h e LA N co n t ro ller is
d ep en d ent o n t h e n umb er o f co n n ected p o rts. Th e o v erall cu rren t d raw wh en a s in g le
220
Wireless Controller
User Manual
p o rt is co n n ect ed is les s t h an wh en all o f t h e av ailab le LA N p o rt s h a v e an act iv e
Et h ern et co n n ect io n .
Leng th Detecti on S tate: W h en en ab led t h e LA N co n t ro ller will red u ce t h e o v erall
cu rren t s u pplied t o t he LA N p o rt wh en a s mall cab le len g t h is co nn ected t o t h at p o rt .
Lo n g er cab les h ave h ig her resis tance t h an s h o rt er ca b les an d req u ire mo re p o wer t o
t ran s mit p acket s o ver t h at d ist an ce. Th is o p t io n will red u ce t h e p o wer t o a LA N p o rt
if an Et h ern et cab le o f les s t h an 10 ft is d et ect ed as b ein g co n n ect ed t o t h at p o rt .
J umbo Frames Opti on: W h en en ab led , LA N s id e d ev ices can exch an g e t raffic
co n t an in g ju mb o frames .
7.14 Protecting from Internet Attacks
Advanced > Advanced Network > Attack Checks
A t t acks can b e malicio u s s ecu rit y b reach es o r u n in t en t io n al n et wo rk is s u es t h at
ren d er t h e co n troller u n u sab le. A tt ack ch ecks allo w y o u t o man ag e Op t io n s ecu rit y
t h reat s s uch as co ntin ual p in g req uests an d d is co very v ia A RP s can s . TCP an d UDP
flo o d at t ack ch ecks can b e en ab led t o man ag e ext reme u s ag e o f Op t io n res o u rces .
A d d it io n ally cert ain Den ial-o f-Serv ice (Do S) at t acks can b e b lo cked. Th ese at t acks ,
if u n in h ib it ed , can u s e u p p ro ces s in g p o wer an d b an d wid t h an d p rev en t reg u lar
n et wo rk s erv ices fro m ru n n in g n o rmally . ICM P p acket flo o d in g , SYN t raffic
flo o d in g , an d Ech o s torm t h res ho lds can b e con fig ured t o t emp orarily s usp ect t raffic
fro m t h e o ffen d in g s o u rce.
221
Wireless Controller
User Manual
Figure 124 : Prote cting the controlle r and LAN from inte rne t attack s
222
Wireless Controller
User Manual
Chapter 8. IPsec / PPTP / L2TP VPN

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
A VPN p ro v id es a s ecu re co mmu n icat io n ch an n el (“t u n n el”) b et ween t wo g at eway
co n t ro ller o r a remo t e PC clien t . Th e fo llo win g t y p es o f t u n n els can b e creat ed :

Gateway-to-g ateway VPN: t o co n n ect t wo o r mo re co n t ro ller t o s ecu re t raffic
b et ween remo t e s it es .

Remote Cl i ent (clien t -t o -g at eway VPN t u n n el): A remo t e clien t in it iat es a VPN
t u n n el as t h e IP ad d res s o f t h e remo t e PC clien t is n o t kn o wn in ad v an ce. Th e
g at eway in t h is cas e act s as a res p o n d er.
Remo t e clien t b eh in d a NA T co n t ro ller: Th e clien t h as a d y n amic IP ad d res s an d is b eh in d a
NA T co n t ro ller. Th e remo t e PC clien t at t h e NA T co n t ro ller in it iat es a VPN t u n n el as t h e IP
ad d res s o f t h e remo t e NA T co n t roller is n o t kn o wn in ad v ance. T h e g ateway Op t io n p o rt act s as
res p o n d er.
223
Wireless Controller
User Manual
Figure 125 : Example of Gate way-to - Gate way IPs e c VPN tunne l us ing two
DWC controlle rs conne cte d to the Inte rne t
224
Wireless Controller
User Manual
Figure 126 : Example of thre e IPs e c clie nt conne ctions to the inte rnal
ne twork through the DWC IPs e c gate way
225
Wireless Controller
8.1
User Manual
VPN Wizard
Setup > Wizard > VPN Wizard
Yo u can u s e t h e VPN wizard t o q u ickly creat e b o t h IKE an d VPN p o licies . On ce t h e
IKE o r VPN p o licy is crea t ed , y o u can mo d ify it as req u ired .
Figure 127 : VPN Wizard launch s cre e n
To eas ily es t ab lis h a VPN t u n n el u s in g VPN W izard , fo llo w t h e s t ep s b elo w:
1. Select the VPN tunnel type to create
Th e t u n n el can eit her b e a g at eway t o g at eway co n nect ion (s ite -to -site) o r a t u n n el t o a h o s t o n
t h e in t ern et (remo t e acces s ).
226
Wireless Controller
User Manual
Set t h e Co n n ectio n Name an d p re -sh ared key : t h e co nn ectio n n ame is u s ed fo r man ag emen t, and
t h e p re -s h ared key will b e req u ired o n t h e VPN clien t o r g at eway t o es t ab lis h t h e t u n n el
Det ermin e t h e lo cal g at eway fo r t h is t u n n el; if t h ere is mo re t h an 1 Op t io n co n fig u red t h e
t u n n el can b e co n fig u red fo r eit h er o f t h e g at eway s .
2. Configure Remote and Local Option address for the tunnel endpoints
Remo t e Gat eway Ty p e: id en t ify t h e remo t e en dp oin t o f t h e t u nnel b y FQDN o r s t at ic IP ad d ress
Remo t e Op t io n IP ad d res s / FQDN: Th is field is en ab led o n ly if t h e p eer y o u are t ry in g t o
co n n ect t o is a Gat eway . Fo r VPN Clien t s , t h is IP ad d ress o r In t ern et Name is d et ermin ed wh en
a co n n e ct io n req u es t is receiv ed fro m a clien t .
Lo cal Gat eway Ty p e: id en t ify t h is co n t ro ller‟s en d p o in t o f t h e t u n n el b y FQDN o r s t at ic IP
ad d res s
Lo cal Op t io n IP ad d res s / FQDN: Th is field can b e left b lan k if y o u are n o t u s in g a d ifferen t
FQDN o r IP ad d res s t h a n t h e o n e s p ecified in t h e Op t io n p o rt ‟s co n fig u rat io n .
3. Configure the Secure Connection Remote Accessibility fields to identify the remote
network:
Remo t e LA N IP ad d res s : ad d res s o f t h e LA N b eh in d t h e p eer g at eway
Remo t e LA N Su b n et M as k: t h e s u b n et mas k o f t h e LA N b eh in d t h e p eer

Note: Th e IP ad d res s ran ge u sed o n t h e remo t e LA N mu s t b e d ifferen t fro m
t h e IP ad d res s ran g e u s ed o n t h e lo cal LA N.
4. Review the settings and click Connect to establish the tunnel.
Th e W izard will creat e an A u t o IPs ec p o licy wit h t h e fo llo win g d efau lt v alu es fo r a
VPN Clien t o r Gat eway p o licy (t h es e can b e acces s ed fro m a lin k o n t h e W izard
p ag e):
Par am eter
De f au lt value f rom Wizard
Exchange Mode
Aggressive (Client policy ) or Main (Gatew ay policy)
ID Type
FQDN
227
Wireless Controller
User Manual
Local Option ID
w an_local.com (only applies to Client policies)
Remote Option ID
w an_remote.com (only applies to Client policies)
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-shared Key
PFS Key-Group
DH-Group 2(1024 bit)
Life Time (Phase 1)
24 hours
Life Time (Phase 2)
8 hours
NETBIOS
Enabled (only applies to Gatew ay policies)

Th e VPN W izard is t h e reco mmen d ed met h o d t o s et u p an A u t o IPs ec
p o licy .
On ce t h e W izard creat es t h e mat ch in g IKE an d VPN p o licies
req u ired b y t h e A ut o p o licy, o n e can mo d ify t h e req uired field s t h ro ugh t h e
ed it lin k. Refer t o t h e o n lin e h elp fo r d et ails .
Eas y S etup S i te to S i te VPN Tunnel
If y o u fin d it d ifficu lt t o co n fig u re VPN p o licies t h ro ugh VPN wizard u s e easy s et up
s it e t o s it e VPN t u n n el. Th is will ad d VPN p o licies b y imp o rt in g a file co n t ain in g v pn
p o licies .
8.2
Configuring IPsec Policies
Setup > VPN Settings > IPsec > IPsec Policies
A n IPs ec p o licy is b et ween t his con tro ller an d an o ther g ateway o r t h is co n t ro ller an d
a IPs ec clien t o n a remo t e h o s t . Th e IPs ec mo d e can b e eit h er t u n n el o r t ran s p o rt
d ep en d in g o n t h e n et wo rk b ein g t rav ers ed b et ween t h e t wo p o licy en d p o in t s .
228
Wireless Controller
User Manual
Tran s p ort : Th is is u sed fo r en d -t o -en d co mmu n icat io n b et ween t h is co n t ro ller an d t h e t u n n el
en d p o in t, eit h er an o ther IPs ec g at eway o r an IPs ec VPN clien t o n a h o s t . On ly t h e d ata p ayload
is en cry p t ed an d t h e IP h ead er is n o t mo d ified o r en cry p t ed .
Tu n n el: Th is mo d e is u s ed fo r n et wo rk -t o -n et wo rk IPs ec t u n n els wh ere t h is g at eway is o n e
en d p o in t o f t h e t u n n el. In t h is mo d e t h e en t ire IP p acket in clu d in g t h e h ead er is en cry p t ed
an d / o r au t h en t icat ed .
W h en t u n n el mo d e is s elect ed , y o u can en ab le Net BIOS an d DHCP o v er IPs ec. DHCP o v er
IPs ec allo ws t h is co nt roller t o s erve IP leas es t o h o sts o n t h e remo t e LA N. A s well in t h is mo d e
y o u can d efin e t h e s in g le IP ad d res s , ran g e o f IPs , o r s u b n et o n b o t h t h e lo cal an d remo t e
p riv at e n et wo rks t h at can co mmu n icat e o v er t h e t u n n el.
Figure 128 : IPs e c policy configurat ion
229
Wireless Controller
User Manual
On ce t h e t u n nel t y p e an d en d poin t s o f t h e t u n n el are d efin ed y o u can d et ermin e t h e
Ph as e 1 / Ph as e 2 n eg o t iatio n t o u se fo r t h e t un nel. Th is is co v ered in t h e IPs ec mode
s et t in g , as t h e p o licy can b e M an u al o r A u t o . Fo r A u t o p o licies , t h e In t ern et Key
Exch an g e (IKE) p ro t o co l d y namically exch an g es key s b et ween t wo IPs ec h o s t s . Th e
Ph as e 1 IKE p aramet ers are u s ed t o d efin e t h e t u n n el‟s s ecu rit y as s o ciat io n d et ails .
Th e Ph as e 2 A u t o p o licy p aramet ers co v er t h e s ecu rit y as s o ciat io n lifet ime an d
en cry p t io n / au t h en t icat io n d et ails o f t h e p h as e 2 key n eg o t iat io n .
Th e VPN p o licy is o n e h alf o f t h e IKE/ VPN p o licy p air req u ired t o est ab lis h an A u t o
IPs ec VPN t u n n el. Th e IP ad d res s es o f t h e mach in e o r mach in es o n t h e t wo VPN
en d p o in ts are co nfig u red h ere, alo n g wit h t h e p o licy p aramet ers req u ired t o s ecure t he
t u n n el
230
Wireless Controller
User Manual
Figure 129 : IPs e c policy configurat ion continue d (Auto policy via IKE)
A M an u al p o licy d o es n ot u s e IKE an d in s t ead relies o n man u al key in g t o exch an g e
au t h en ticat io n p aramet ers b etween t h e t wo IPs ec h o s t s . Th e in co min g an d o u t g o in g
s ecu rit y p aramet er in d ex (SPI) v alu es mu s t b e mirro red o n t h e remo t e t u n n el
en d p o in t. A s well t h e en cry pt io n an d in t egrit y alg o rit hms an d key s mu s t mat ch on the
remo t e IPs ec h o s t exact ly in o rd er fo r t h e t u nn el t o es t ab lis h s u c ces s fu lly . No t e t h at
231
Wireless Controller
User Manual
u s in g A u to p olicies wit h IKE are p referred as in s o me IPs ec imp lemen t at io n s t h e SPI
(s ecu rit y p aramet er in d ex) v alu es req u ire co n v ers io n at each en d p o in t .
DW C-1000 s u p p o rt s VPN ro ll-o v er feat u re. Th is mean s t h at p o licies co n fig u red o n
p rimary Op t io n will ro llo v er t o t h e s eco n d ary Op t io n in cas e o f a lin k failu re o n a
p rimary Op t io n . Th is feat ure can b e u s ed o n ly if y o u r Op t io n is co n fig u red in A u t o Ro llo v er mo d e.
Figure 130 : IPs e c policy configurat ion continue d (Auto / M anual Phas e
2)
8.2.1 Extended Authentication (XAUTH)
Yo u can als o co n fig ure ext en ded au t hen ticatio n (XA UTH). Rat h er t h an co n fig u re a
u n iq u e VPN p o licy fo r each u s er, y o u can co n fig u re t h e VPN g at eway co n t ro ller t o
au t h en t icat e u s ers fro m a s t o red lis t o f u s er acco u n t s o r wit h an ext ern al
au t h en ticat io n s erv er s u ch as a RA DIUS s erv er. W it h a u s er d atabase, u ser accou n t s
creat ed in t h e co n t ro ller are u s ed t o au t h en t icat e u s ers .
232
Wireless Controller
User Manual
W it h a co n fig u red RA DIUS s erv er, t h e co nt roller co n nects t o a RA DIUS s erv er an d
p as s es t o it t h e credent ials t h at it receiv es fro m t h e VPN clien t . Yo u can s ecu re t h e
co n n ectio n b etween t h e co n t ro ller an d t h e RA DIUS s erv er wit h t h e au t h en t icat io n
p ro t o co l s u p p o rt ed b y t h e s erv er (PA P o r CHA P). Fo r RA DIUS – PA P, t h e
co n t ro ller firs t ch ecks in t h e u s er d at ab as e t o s ee if t h e u s er cred en t ials are
av ailab le; if t h ey are n o t , t h e co n t ro ller co n n ect s t o t h e RA DIUS s erv er.
8.2.2 Internet ov er IPSec tunnel
In t h is feat u re all t h e t raffic will p as s t h rou gh t h e VPN Tu n n el an d fro m t h e Rem o t e
Gat eway t h e p acket will b e ro u t ed t o In t ern et . On t h e remo t e g at eway s id e, t h e
o u t g o in g p acket will b e SNA T'ed .
8.3
Configuring VPN clients
Remo t e VPN clien t s mu s t b e co nfig u red wit h t h e s ame VPN p o licy p aramet ers used in
t h e VPN t u n n el t h at t h e clien t wis h es t o u se: en crypt io n, au thent icat ion , life t ime, an d
PFS key -g ro u p . Up o n es t ab lis h in g t h es e au t h en t icat io n p aramet ers , t h e VPN Clien t
u s er d at ab as e mu s t als o b e p o p u lat ed wit h an acco u n t t o g iv e a u s er acces s t o t h e
t u n n el.

VPN clien t s o ft ware is req u ired t o es t ab lis h a VPN t u n n el b et ween t h e
co n t ro ller an d remo t e en dpo int . Op en s o urce s oft ware (su ch as Op en VPN or
Op en s wan ) as well as M icro s o ft IPs ec VPN s o ft ware can b e co n fig u red
wit h t h e req u ired IKE p o licy p aramet ers t o es t ab lis h an IPs ec VPN t u n n e l.
Refer t o t h e clien t s o ftware g u ide fo r d et ailed in s tructio ns o n s et u p as well
as t h e co n t ro ller‟s o n lin e h elp .
Th e u s er d at abase co nt ain s t he lis t o f VPN u s er acco un ts t h at are au t h o rized t o u s e a
g iv en VPN t u n n el. A lt ern at iv ely VPN t u n n el u s ers can b e au t h en t icat ed u s in g a
co n fig u red Rad iu s d at ab ase. Refer t o t h e o nlin e h elp t o d et ermin e h o w t o p o pu late the
u s er d at ab as e an d / o r co n fig u re RA DIUS au t h en t icat io n .
233
Wireless Controller
8.4
User Manual
PPTP / L2TP Tunnels
Th is co n t ro ller s u p p o rt s VPN t u n n els fro m eit h er PPTP o r L2TP ISP s erv e rs . Th e
co n t ro ller act s as a b ro ker d ev ice t o allo w t h e ISP's s erv er t o creat e a TCP co n t ro l
co n n ect io n b et ween t h e LA N VPN clien t an d t h e VPN s erv er.
8.4.1 PPTP Tunnel Support
Setup > VPN Settings > PPTP > PPTP Client
PPTP VPN Clien t can b e co n fig u red o n t h is co n t ro ller. Us in g t h is clien t we can
acces s remo t e n et wo rk wh ich is lo cal t o PPTP s erv er. On ce clien t is en ab led , t h e
u s er can acces s Status > Active VPNs p ag e an d es t ab lis h PPTP VPN t u n n el
clickin g Co n n ect . To d is co n n ect t h e t u n n el, click Dro p .
234
Wireless Controller
User Manual
Figure 131 : PPTP tunne l configuratio n – PPTP Clie nt
Figure 132 : PPTP VPN conne ction s tatus
Setup > VPN Settings > PPTP > PPTP Server
A PPTP VPN can b e es t ablis hed t h rou gh t h is co nt roller. On ce en abled a PPTP s erver
is av ailab le o n t h e co n troller fo r LA N an d Op t io n PPTP clien t u s ers t o access . On ce
t h e PPTP s erv er is en ab led, PPTP clien t s t h at are wit h in t h e ran g e o f co n fig u red IP
ad d res s es o f allo wed clien t s can reach t h e co n t ro ller‟s PPTP s erv er. On ce
au t h en ticat ed b y t h e PPTP s erv er (t h e t u nnel en dp oin t), PPTP clien t s h ave acces s t o
t h e n et wo rk man ag ed b y t h e co n t ro ller.
235
Wireless Controller
User Manual
Figure 133 : PPTP tunne l configuratio n – PPTP Se rve r
8.4.2 L2TP Tunnel Support
Setup > VPN Settings > L2TP > L2TP Server
A L2TP VPN can b e es t ablis hed t h rou gh t h is co nt roller. On ce en abled a L2TP s erver
is av ailab le o n t h e co n troller fo r LA N an d Op t io n L2TP clien t u s ers t o access . On ce
t h e L2TP s erv er is en ab led, L2TP clien t s t h at are wit h in t h e ran g e o f co n fig u red IP
ad d res s es o f allo wed clien t s can reach t h e co n t ro ller‟s L2TP s erv er. On ce
au t h en ticat ed b y t h e L2TP s erv er (t h e t u nnel en dp oin t), L2TP clien t s h av e acces s t o
t h e n et wo rk man ag ed b y t h e co n t ro ller.
236
Wireless Controller
User Manual
Figure 134 : L2TP tunne l configuratio n – L2TP Se rve r
8.4.3 OpenVPN Support
Setup > VPN Settings > OpenVPN > OpenVPN Configuration
Op en VPN allo ws p eers t o au t h en t icat e each o t h er u s in g a p re -s h ared s ecret key ,
cert ificat es , o r u sername/ passwo rd . W hen u sed in a mu lt iclien t -s erv er co n figu rat ion,
it allo ws t h e s erv er t o releas e an au t h en t icat io n cert ificat e fo r ev ery clien t , u s in g
s ig n at ure an d Cert ificat e au th o rit y . A n Op en VPN can b e es t ab lis h ed t h ro u g h t h is
co n t ro ller. Ch eck/ Un check t h is an d click s av e s ettin gs t o s tart/ stop o p en v p n s erv er.
237
Wireless Controller
User Manual
Mode: Op en VPN d aemo n mo d e. It can ru n in s erv er mo d e, clien t mo d e o r acces s
s erv er clien t mo d e. In access s erv er clien t mo d e, t h e u ser h as t o d o wn lo ad t h e au t o
lo g in p ro file fro m t h e Op en v p n A cces s Serv er an d u p lo ad t h e s ame t o co n n ect .
S erver IP: Op en VPN s erv er IP ad d res s t o wh ich t h e clien t co n n ect s (A p p licab le in
clien t mo d e).
VPN Network : A d d res s o f t h e Virt u al Net wo rk.
VPN Netmas k : Net mas k o f t h e Virt u al Net wo rk.
Port: Th e p o rt n u mb er o n wh ich o p en v p n s erv er(o r A cces s Serv er) ru n s .
Tunne l Protocol : Th e p ro t o co l u sed t o co mmu n icat e wit h t h e remo t e h o s t . Ex: Tcp ,
Ud p . Ud p is t h e d efau lt .
Encrypti on Al g ori thm: Th e cip h er wit h wh ich t h e p acket s are en cry p t ed . Ex: BF CBC, A ES-128,A ES-192 an d A ES-256. BF-CBC is t h e d efau lt
Has h al g ori thm: M es s ag e d ig est alg o rit hm u s ed t o au th en ticat e p acket s . Ex: SHA 1,
SHA 256 an d SHA 512. SHA 1 is t h e d efau lt .
Tunnel Type : Select Fu ll Tu n n el t o red irect all t h e t raffic t h ro ug h t h e t u nn el. Select
Sp lit Tu n n el t o red irect t raffic t o o n ly s p ecified res o u rces (ad d ed f ro m
o p en Vp n Clien t Ro u t es ) t h ro u g h t h e t u n n el. Fu ll Tu n n el is t h e d efau lt .
Enabl e Cl i ent to Cl i ent communi cati on : En ab le t h is t o allo w o p en v p n clien t s t o
co mmu n icat e wit h each o t h er in s p lit t u n n el cas e. Dis ab led b y d efau lt .
Upl oad Acces s S erver Cl i ent Conf i g urati on: Th e u s er h as t o d o wn lo ad t h e au t o
lo g in p ro file an d u p lo ad h ere t o co n n ect t h is co n t ro ller t o t h e Op en VPN A cces s
Serv er.
Certi fi cates : Select t h e s et o f cert ificat es o p en v p n s erv er u s es . Firs t Ro w: Set o f
cert ificat es and key s t h e s erver u ses. S eco nd Ro w: Set o f cert ificat es an d key s n ewly
u p lo ad ed .
Enabl e TLS Authenti cati on Key: En ab lin g t h is ad d s Tls au thent icat ion wh ich ad ds
an ad d it io n al lay er o f au t h en t icat io n . Can b e ch ecked o n ly wh en t h e t ls key is
u p lo ad ed . Dis ab led b y d efau lt .
Click S ave S etti ng s t o s av e t h e co n fig u rat io n en t ered .
238
Wireless Controller
User Manual
Figure 135 : Ope nVPN configuratio n
239
Chapter 9. SSL VPN

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Th e co n t ro ller p ro vid es an in t rin sic SSL VPN feat u re as an alt ernate t o t he s tandard IPs ec VPN.
SSL VPN d iffers fro m IPs ec VPN main ly b y remo v in g t h e req u iremen t o f a p re -in s t alled VPN
clien t o n t h e remo t e h o st . In stead , u sers can s ecurely lo g in t hro ugh t he SSL Us er Po rt al u s in g a
s t an dard web b ro wser an d receive access t o co nfig ured n etwo rk res ou rces wit h in t h e co rp o rat e
LA N. Th e co n t ro ller s u pp orts mu lt ip le co n current s essio ns t o allo w remo t e u s ers t o acces s t h e
LA N o v er an en cry p t ed lin k t h ro u g h a cu s t o mizab le u s er p o rt al i n t erface, an d each SSL VPN
u s er can b e as s ig n ed u n iq u e p riv ileg es an d n et wo rk res o u rce acces s lev els .
Th e remo t e u s er can b e p ro v id ed d ifferen t o p t io n s fo r SSL s erv ice t h ro u g h t h is co n t ro ller:
VPN Tunnel : Th e remo t e u s er‟s SSL en ab led b ro ws er is u s ed in p lace o f a VPN clien t o n t h e
remo t e h o s t t o es t ab lis h a s ecu re VPN t u n n el. A SSL VPN clien t (A ct iv e -X o r Jav a b as ed ) is
in s t alled in t h e remo t e h o st t o allo w t h e clien t t o jo in t h e co rp o rat e LA N wit h p re -co n fig u red
acces s/p olicy p riv ileg es. A t t his p oin t a v irt u al n et work in t erface is creat ed o n t h e u s er‟s h o s t
an d t h is will b e as s ig n ed an IP ad d res s an d DNS s erv er ad d res s fro m t h e co n t ro ller. On ce
es t ab lis h ed , t h e h o s t mach in e can acces s allo cat ed n et wo rk res o u rces .
Port Forwardi ng : A web -b as ed (A ct iv eX o r Jav a) clien t is in s t alled o n t h e clien t mach in e
ag ain . No t e t h at Po rt Fo rward in g s ervice o n ly s u p p o rt s TCP co n n ect io n s b et ween t h e remo t e
u s er an d t h e co n tro ller. Th e co ntro ller ad min is t rat or can d efin e s pecific s erv ices o r ap p lications
t h at are av ailab le t o remo t e p o rt fo rward in g u s ers in s t ead o f acces s t o t h e fu ll LA N like t h e
VPN t u n n el.

A ct iv eX clien t s are u s ed wh en t h e remo t e u ser accesses t h e p o rt al u s ing t he
In t ern et Exp lo rer b ro ws er. Th e Jav a clien t is u s ed fo r o t h er b ro ws ers like
M o zilla Firefo x, Net s cap e Nav ig at o r, Go o g le Ch ro me, an d A p p le Safari.
Wireless Controller
User Manual
Figure 136 : Example of clie ntle s s SSL VPN conne ctions to the DWC-1000
242
Wireless Controller
9.1
User Manual
Groups and Users
Advanced > Users > Groups
Th e g ro u p p ag e allo ws creat in g , ed it in g an d d elet in g g ro u p s . Th e g ro u p s are
as s o ciat ed t o s et o f u s er t y pes. Th e lis ts o f av ailab le g ro ups are d is p layed in t h e “Lis t
o f Gro u p ” p ag e wit h Gro u p n ame an d d es crip t io n o f g ro u p .
 Click Add t o creat e a g ro u p .
 Click Edi t t o u p d at e an exis t in g g ro u p .
 Click Del ete t o clear an exis it in g g ro u p .
Figure 137 : Lis t of groups
Gro u p co n fig u rat io n p age allo ws t o creat e a g ro u p wit h a d ifferen t t y pe o f u s ers . Th e
u s er t y p es are as fo llo ws :
 PPTP Us er : Th es e are PPTP VPN t u n n el LA N u s ers t h at can esta blis h a t u n n el
wit h t h e PPTP s erv er o n t h e Op t io n .
 L2 TP Us er : Th es e are L2TP VPN t u n n el LA N u s ers t hat can est ab lish a t u n n el
wit h t h e L2TP s erv er o n t h e Op t io n .
243
Wireless Controller
User Manual
 Xauth Us er : Th is u s er‟s au t h en t icat io n is p erfo rmed b y an ext ern ally
co n fig u red RA DIUS o r o t h e r En t erp rise s erv er. It is n o t p art o f t h e lo cal u s er
d at ab as e.
 S S LVPN Us er : Th is u s er h as access t o t he SSL VPN s erv ices as d et ermin ed b y
t h e g ro u p p o licies an d au t h en t icat io n d o main o f wh ich it is a memb er. Th e
d o main -d et ermin ed SSL VPN p o rt al will b e d is p lay ed wh en lo g g in g in wit h
t h is u s er t y p e.
 Admi n: Th is is t h e co n t roller‟s s u per-user, an d can man ag e t h e co n t ro ller, u s e
SSL VPN t o access n et work res o urces, an d lo g in t o L2TP/ PPTP s erv ers on the
Op t io n . Th ere will alway s b e o n e d efau lt ad min is t rat o r u s er fo r t h e GUI
 Gues t Us er (read-onl y): Th e g u es t u s er g ain s read o n ly acces s t o t h e GUI t o
o b s erv e an d rev iew co n fig uratio n s ettin gs. Th e g u est d oes n o t h av e SSL VPN
acces s .
 Capti ve Portal Us er : Th es e cap t iv e p o rt al u s ers h as acces s t h ro u g h t h e
co n t ro ller. Th e acces s is d et ermin ed b as ed o n cap t iv e p o rt al p o licies .
Idl e Ti meout: Th is t h e lo g in t imeo u t p erio d fo r u s ers o f t h is g ro u p .
244
Wireless Controller
User Manual
Figure 138 : Us e r group configu rat ion
W h en SSLVPN u s ers are s elect ed , t h e SSLVPN s et t in g s are d is p lay ed wit h t h e
fo llo win g p aramet ers as cap t u red in SSLVPN Set t in g s . A s p er t h e A u t h en t icat io n
Ty p e SSL VPN d et ails are co n fig u red .
 Authenti cati on Type : Th e au t h en t icat io n Ty p e can b e o n e o f t h e fo llo win g :
Lo cal Us er Dat ab ase (d efault ), Rad iu s -PAP, Rad iu s-CHA P, Rad iu s -MSCHAP,
Rad iu s -M SCHA Pv 2, NT Do main , A ct iv e Direct o ry an d LDA P.
 Authenti cati on S ecret: If t h e d o main u s es RA DIUS au t h en t icat io n t h en t h e
au t h en ticat io n s ecret is req u ired (an d t h is h as t o mat ch t h e s ecret co n fig u red
o n t h e RA DIUS s erv er).
 Work g roup: Th is is req u ired is fo r NT d o main au t h en t icat io n . If t h ere are
mu lt ip le wo rkg ro u p s , u s er can en t er t h e d et ails fo r u p t o t wo wo rkg ro u p s .
245
Wireless Controller
User Manual
 LDAP B as e DN: Th is is t h e b as e d o main n ame fo r t h e LDA P au t h en t icat io n
s erv er. If t h ere are mu lt ip le LDA P au t h e n ticatio n s erv ers , u s er can en t er t h e
d et ails fo r u p t o t wo LDA P Bas e DN.
 Acti ve
Di rectory Domai n: If t h e d o main u s es t h e A ct iv e Direct o ry
au t h en t icat io n , t h e A ct iv e Direct o ry d o main n ame is req u ired . Us ers
co n fig u red in t h e A ct ive Direct o ry d atabase are g iv en acces s t o t h e SSL VPN
p o rt al wit h t h eir A ct iv e Direct o ry u s ern ame an d p as s wo rd . If t h ere are
mu lt ip le A ct iv e Direct o ry d o main s , u s er can en t er t h e d et ails fo r u p t o t wo
au t h en t icat io n d o main s .
 Ti meout: Th e t imeo u t p erio d fo r reach in g t h e au t h en t icat io n s erv er.
 Retri es : Th e n u mb er o f ret ries t o au t h en t icat e wit h t h e au t h en t icat io n s erv er
aft er wh ich t h e DW C-1000 s t o p s t ry in g t o reach t h e s erv er.
246
Wireless Controller
User Manual
Figure 139 : SSLVPN Se ttings
Log i n Pol i ci es
To s et lo g in p o licies fo r t h e g r o u p , s elect t h e co rres p o n d in g g ro u p click “Lo g in
p o licies ”. Th e fo llo win g p aramet ers are co n fig u red :
Group Name : Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy ed it ed
Di s abl e Log i n: En ab le t o p rev en t t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e
d ev ices man ag emen t in t erface(s )
247
Wireless Controller
User Manual
Deny Log i n from Opti on i nterface : En ab le t o p rev en t t h e u s ers o f t h is g ro u p fro m
lo g g in g in fro m a Op t io n (wid e area n et wo rk) in t erface. In t h is cas e o n ly lo g in
t h ro u g h LA N is allo wed .
Figure 140 : Group login policie s options
Pol i cy by B rows ers
To s et b ro ws er p olicies fo r t h e g ro up , s elect t h e co rrespo ndin g g ro u p click “Po licy b y
Bro ws ers ”. Th e fo llo win g p aramet ers are co n fig u red :
Group Name : Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy ed it ed
Deny Log i n from Defi ned B rows ers : Th e lis t o f d efin ed b ro wsers b elo w will b e u sed
t o p rev en t t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e co n t ro ller‟s GUI. A ll n o n d efin ed b ro ws ers will b e allo wed fo r lo g in fo r t h is g ro u p .
Al l ow Log i n from Defi ned B rows ers : Th e lis t o f d efin ed b ro ws ers b elo w will b e
u s ed t o allo w t h e u sers o f t h is g ro up fro m lo g g in g in t o t h e co n t ro llers GUI. A ll n o n d efin ed b ro ws ers will b e d en ied fo r lo g in fo r t h is g ro u p .
Defi ned B rows ers : Th is lis t d is play s t he web b ro ws ers t h at h av e b een ad d ed t o t h e
Defin ed Bro ws ers lis t , u p o n wh ich g ro u p lo g in p o licies can b e d efin ed . (Ch eck Bo x
A t Firs t Co lu mn Head er): Select s all t h e d efin ed b ro ws ers in t h e t ab le.
Del ete : Delet es t h e s elect ed b ro ws er(s ).
248
Wireless Controller
User Manual
Yo u can ad d t o t h e lis t o f Defin ed Bro ws ers b y s elect in g a clien t b ro ws er fro m t h e
d ro p d o wn men u an d clickin g A d d. Th is b rows er will t h en ap p ear in t h e ab o v e lis t o f
Defin ed Bro ws ers .
Click S ave S etti ng s t o s av e y o u r ch an g es .
Figure 141 : B rows e r policie s options
Pol i cy by IP
To s et p o licies b ye IP fo r t h e g ro u p , select t h e co rres p o n d in g g ro u p click “Po licy b y
IP”. Th e fo llo win g p aramet ers are co n fig u red :
Group Name : Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy ed it ed
Deny Log i n from Defi ned B rows ers : Th e lis t o f d efin ed b ro wsers b elo w will b e u sed
t o p rev en t t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e co n t ro ller GUI. A ll n o n d efin ed b ro ws ers will b e allo wed fo r lo g in fo r t h is g ro u p .
249
Wireless Controller
User Manual
Al l ow Log i n from Defi ned B rows ers : Th e lis t o f d efin ed b ro ws ers b elo w will b e
u s ed t o allo w t h e u sers o f t h is g ro u p fro m lo g g in g in t o t h e co n t ro ller GUI. A ll n o n d efin ed b ro ws ers will b e d en ied fo r lo g in fo r t h is g ro u p .
Defi ned B rows ers : Th is lis t d is play s t he web b ro ws ers t h at h av e b een ad d ed t o t h e
Defin ed Bro ws ers lis t , u p o n wh ich g ro u p lo g in p o licies can b e d efin ed . (Ch eck Bo x
A t Firs t Co lu mn Head er): Select s all t h e d efin ed b ro ws ers in t h e t ab le.
Del ete : Delet es t h e s elect ed b ro ws er(s ).
Yo u can ad d t o t h e lis t o f Defin ed Bro ws ers b y s elect in g a clien t b ro ws er fro m t h e
d ro p d o wn men u an d clickin g A d d. Th is b rows er will t h en ap p ear in t h e ab o v e lis t o f
Defin ed Bro ws ers .
Click S ave S etti ng s t o s av e y o u r ch an g es .
Figure 142 : IP policie s options

Lo g in Po licies , Po lic y b y Bro ws ers , Po licy b y IP are ap p licab le SSL VPN
u s er o n ly .
250
Wireless Controller
User Manual
Advanced > Users > Users
Th e u s ers p ag e allo ws ad d in g , ed it in g an d d elet in g exis t in g g ro u p s . Th e u s er are
as s o ciat ed t o co nfig u red g rou ps. Th e lis t s o f av ailable u sers are d is played in t h e “Li s t
o f Us ers ” p ag e wit h Us er n ame, as s o ciat ed g ro u p an d Lo g in s t at u s .
 Click Add t o creat e a u s er.
 Click Edi t t o u p d at e an exis t in g u s er.
 Click Del ete t o clear an exis t in g u s er
Figure 143 : Available Us e rs with login s tatus and as s ociate d Group
9.1.1 Users and Passwords
Advanced > Users > Users
Th e u s er co n fig uratio ns allo w creat in g u sers asso ciat ed t o g ro u p . Th e u s er s et t in g s
co n t ain t h e fo llo win g key co mp o n en t s :
Us er Name : Th is is u n iq u e id en t ifier o f t h e u s er.
Fi rs t Name : Th is is t h e u s er‟s firs t n ame
Las t Name : Th is is t h e u s er‟s las t n ame
251
Wireless Controller
User Manual
S el ect Group: A g ro u p is ch o s en fro m a lis t o f co n fig u red g ro u p s .
Pas s word: Th e p as s wo rd as s o ciat ed wit h t h e u s er n ame.
Confi rm Pas s word: Th e s ame p as s wo rd as ab o v e is req u ired t o mit ig at e ag ai n s t
t y p in g erro rs .
Idl e Ti meout: Th e s es s io n t imeo u t fo r t h e u s er.
It is reco mmen d ed t h at p asswo rds co nt ain s n o d ict io nary wo rd s fro m an y lan g u ag e,
an d is a mixt u re o f let t ers (b o th u p p ercas e an d lo wercas e), n u mb ers , an d s y mb o ls .
Th e p as s wo rd can b e u p t o 30 ch aract ers .
252
Wireless Controller
User Manual
Figure 144 : Us e r Configu rat io n options
9.2
Using SSL VPN Policies
Setup > VPN Settings > SSL VPN Server > SSL VPN Policies
SSL VPN Po licies can b e creat ed o n a Glo b al, Gro u p , o r Us er lev el. Us er l ev el
p o licies t ake p reced en ce o v er Gro u p lev el p o licies an d Gro u p lev el p o licies t ake
p reced ence o ver Glo b al p o licies . Th ese p o licies can b e ap p lied t o a s p ecific n et wo rk
res o u rce, IP ad d res s o r ran g es o n t h e LA N, o r t o d ifferen t SSL VPN s erv ices
s u p p ort ed b y t h e co n t ro ller. Th e Lis t o f A v ailab le Po licies can b e filt ered b as ed o n
wh et h er it ap p lies t o a u s er, g ro u p , o r all u s ers (g lo b al).

A mo re s p ecific p o licy t akes p reced en ce o v er a g en eric p o licy wh en b o t h
are ap p lied t o t h e s ame u s er/ g ro u p / g lo b al d o mai n . I.e. a p o licy fo r a
s p ecific IP ad d res s t akes p recedence o v er a p o licy fo r a ran g e o f ad d res s es
co n t ain in g t h e IP ad d res s alread y referen ced .
253
Wireless Controller
User Manual
Figure 14 5: Lis t of SSL VPN police s (Global filte r)
To ad d a SSL VPN p o licy , y o u mu s t firs t as sig n it t o a u s er, g ro u p , o r make it g lo b al
(i.e. ap p licab le t o all SSL VPN u s ers ). If t h e p o licy is fo r a g ro u p , t h e av ailab le
co n fig u red g ro u p s are s h o wn in a d ro p d o wn men u an d o n e mu s t b e s elect ed .
Similarly , fo r a u s er d efin ed p o licy a SSL VPN u s er mu s t b e ch o s en fro m t h e
av ailab le lis t o f co n fig u red u s ers .
Th e n ext s t ep is t o d efin e t h e p o licy d et ails . Th e p olicy n ame is a u n iq u e id ent ifier for
t h is ru le. Th e p o licy can b e assig ned t o a s p ecific Net wo rk Res o urce (d etails fo llo w in
t h e s u b s eq u en t s ect io n ), IP ad d res s , IP n et wo rk, o r all d ev ices o n t h e LA N o f t h e
co n t ro ller. Bas ed o n t h e s elect io n o f o n e o f t h es e fo u r o p t io n s , t h e ap p ro p riat e
co n fig u ratio n field s are req u ired (i.e. ch o o s in g t h e n et wo rk res o u rces fro m a lis t o f
d efin ed res o urces, o r d efin in g t h e IP ad d resses). Fo r ap p ly ing t he p o licy t o ad d res s es
t h e p o rt ran g e/ p o rt n u mb er can b e d efin ed .
Th e fin al s t ep s req uire t h e p o licy p ermis sio n t o b e s et t o eit h er p ermit o r d en y acces s
t o t h e s elected ad d resses o r n et wo rk res ources. A s well t h e p o licy can b e sp ecified for
o n e o r all o f t h e s u p p o rt ed SSL VPN s erv ices (i.e. VPN t u n n el)
254
Wireless Controller
User Manual
On ce d efin ed , t h e p olicy g o es in t o effect immed iat ely . Th e p o licy n ame, SSL s erv ice
it ap p lies t o , d es t in at io n (n et wo rk res o u rce o r IP ad d res s es ) an d p er mis s io n
(d en y / p ermit ) is o u t lin ed in a lis t o f co n fig u red p o licies fo r t h e co n t ro ller.
Figure 146 : SSL VPN policy configurat io n
To co n fig u re a p o licy fo r a s in g le u s er o r g ro u p o f u s ers , en t er t h e fo llo win g
in fo rmat io n :
Pol i cy For: Th e p o licy can b e as sign ed t o a g ro u p o f u sers, a s in gle u s er, o r all u s ers
(makin g it a g lo b al p o licy ). To cu s t omize t h e p o licy fo r s p ecific u s ers o r g ro u p s , t h e
u s er can s elect fro m t h e A v ailab le Gro u p s an d A v ailab le Us ers d ro p d o wn .
255
Wireless Controller
User Manual
Appl y Pol i cy To: Th is refers t o t h e LA N res o u rces man ag ed b y t h e DW C-1000, an d
t h e p o licy can p ro v id e (o r p rev en t ) acces s t o n et wo rk res o u rces , IP ad d res s , IP
n et wo rk, et c.
Pol i cy Name: Th is field is a u n iq u e n ame fo r id en t ify in g t h e p o licy . IP ad d re s s :
Req u ired wh en t h e g o v ern ed res o u rce is id en t ified b y it s IP ad d res s o r ran g e o f
ad d res s es .
Mas k Leng th: Req u ired wh en t h e g o v ern ed res o u rce is id en t ified b y a ran g e o f
ad d res s es wit h in a s u b n et .
Port Rang e : If t h e p o licy g o v ern s a t y pe o f t raffic, t h is field is u s ed fo r d efin in g TCP
o r UDP p o rt n u mb er(s ) co rrespo n d in g t o t h e g o v ern ed t raffic. Leav in g t h e s t art in g
an d en d in g p o rt ran g e b lan k co rres p o n d s t o all UDP an d TCP t raffic.
S ervi ce : Th is is t h e SSL VPN s erv ice mad e av ailab le b y t h is p o licy . T h e s erv ices
o ffered are VPN t u n n el, p o rt fo rward in g o r b o t h .
Defi ned Res ources : Th is p o licy can p ro v id e acces s t o s p ecific n et wo rk res o u rces .
Net wo rk res o u rces mu s t b e co n figu red in ad v an ce o f creatin g t he p o licy t o make t h em
av ailab le fo r s elect io n as a d efin ed reso urce. Net wo rk res o u rces are creat ed wit h t h e
fo llo win g in fo rmat io n
Permi s s ion: Th e as sig ned res ources d efin ed b y t his p olicy can b e exp licit ly p ermit t ed
o r d en ied .
9.2.1 Using Network Resources
Setup > VPN Settings > SSL VPN Server > Resou rces
Net wo rk res o u rces are s erv ices o r g ro u p s o f LA N IP ad d res s es t h at are u s ed t o
eas ily creat e an d co n fig u re SSL VPN p o licies . Th is s h o rt cu t s av es t ime wh en
creat in g s imilar p o licies fo r mu lt ip le remo t e SSL VPN u s ers .
A d d in g a Net wo rk Res o u rce in v o lv es creat in g a u n iq u e n ame t o id en t ify t h e
res o u rce and assig nin g it t o o n e o r all o f t h e s u p p o rt ed SSL s erv ices . On ce t h is is
d o n e, ed it in g o n e o f t h e creat ed n et wo rk res o u rces allo ws y o u t o co n fig u re t h e
o b ject t y p e (eit h er IP ad d ress o r IP ran g e) as sociat ed wit h t h e s erv ice. Th e Net wo rk
A d d res s , M as k Len g t h , an d Po rt Ran g e/ Po rt Nu mb er can all b e d efin ed fo r t h is
256
Wireless Controller
User Manual
res o u rce as req u ired . A n et wo rk res o u rce can b e d efin ed b y co n fig u rin g t h e
fo llo win g in t h e GUI:
Res ource Name: A u n iq u e id en t ifier n ame fo r t h e re s o u rce.
S ervi ce : Th e SSL VPN s erv ice co rres p o n d in g t o t h e res o u rce (VPN t u n n el, Po rt
Fo rward in g o r A ll).
Figure 147 : Lis t of configure d re s ource s , which are availab le to as s ign to
SSL VPN policie s
9.3
Application Port Forwarding
Setup > VPN Settings > SSL VPN Server > Port Forwarding
Po rt fo rward in g allo ws remo t e SSL u s ers t o access s pecified n et wo rk ap p licat io n s o r
s erv ices aft er t h ey lo g in t o t h e Us er Po rt al an d lau n ch t h e Po rt Fo rward in g s erv ice.
Traffic fro m t h e remo t e u s er t o t h e co n t ro ller is d et ect ed an d re -ro u t ed b as ed o n
co n fig u red p o rt fo rward in g ru les .
In t ern al h o st s erv ers o r TCP ap p licat io n s mu s t b e s pecified as b ein g mad e acces s ib le
t o remo t e u s ers . A llo win g access t o a LA N s erv er req u ires en terin g t h e lo cal s erver IP
257
Wireless Controller
User Manual
ad d res s an d TCP p o rt n u mb er o f t h e ap plicat ion t o b e t u nn elled . Th e t able b elo w lis t s
s o me co mmo n ap p licat io n s an d co rres p o n d in g TCP p o rt n u mb ers :
T CP Ap p lication
Po r t Num ber
FTP Data (usually not needed)
20
FTP Control Protocol
21
SSH
22
Telnet
23
SMTP (send mail)
25
HTTP (w eb)
80
POP3 (receive mail)
110
NTP (netw ork time protocol)
123
Citrix
1494
Terminal Services
3389
VNC (virtual netw ork computing)
5900 or 5800
A s a co n v enien ce fo r remo t e u s ers , t h e h o s t n ame (FQDN) o f t h e n et wo rk s erv er can
b e co n fig u red t o allo w fo r IP ad d ress res olu tio n . Th is h o s t n ame res o lu t io n p ro v id es
u s ers wit h eas y -t o -rememb er FQDN‟s t o acces s TCP ap p licat io n s in s t ead o f erro r p ro n e IP ad d res s es wh en u s in g t h e Po rt Fo rward in g s erv ice t h ro u g h t h e SSL Us er
Po rt al.
To co n fig u re p o rt fo rward in g , fo llo win g are req u ired :
258
Wireless Controller
User Manual
Local S erver IP addres s : Th e IP ad d res s o f t h e lo cal s erv er wh ich is h o s t in g t h e
ap p licat io n .
TCP port: Th e TCP p o rt o f t h e ap p licat io n
On ce t h e n ew ap p licat io n is d efin ed it is d is p layed i n a lis t o f co n fig u red ap plicat ion s
fo r p o rt fo rward in g .
allo w u s ers t o access t he p riv ate n et work s erv ers b y u sin g a h o st name in s tead o f an IP
ad d res s, t he FQDN co rres p on din g t o t he IP ad d ress is d efin ed in t h e p o rt fo rward in g
h o s t co n fig u rat io n s ect io n .
Local s erver IP addres s : Th e IP ad d res s o f t h e lo cal s erv er h o s t in g t h e ap p licat io n .
Th e ap p licat io n s h o u ld b e co n fig u red in ad v an ce.
Ful l y qual i fi ed domai n name : Th e d o main n a me o f t h e in t ern al s erv er is t o b e
s p ecified
On ce t h e n ew FQDN is co n fig u red, it is d is p layed in a lis t o f co n fig u red h o sts fo r port
fo rward in g .

Defin in g t h e h o s t n ame is o p t io n al as min imu m req u iremen t fo r p o rt
fo rward in g is id en t ify in g t h e TCP ap p licat io n an d lo cal s erv er IP ad d res s .
Th e lo cal s erv er IP ad d ress o f t h e co n fig u red h o s t n ame mu s t mat ch t h e IP
ad d res s o f t h e co n fig u red ap p licat io n fo r p o rt fo rward in g .
259
Wireless Controller
User Manual
Figure 148 : Lis t of Available Applicat io ns for SSL Port Forward i ng
9.4
SSL VPN Client Configuration
Setup > VPN Settings > SSL VPN Client > S SL VPN Client
A n SSL VPN t u n n el clien t p ro vid es a p o in t-to -po int co nnect ion b etween t h e b ro ws er s id e mach in e an d t h is co n t ro ller. W h en a SSL VPN clien t is lau n ch ed fro m t h e u s er
p o rt al, a " n et wo rk ad ap t er" wit h an IP ad d res s fro m t h e co rp o rat e s u b n et , DNS an d
W INS s et t in g s is au t o mat ically creat ed . Th is allo ws lo cal ap p licat io n s t o acces s
s erv ices o n t h e p riv at e n et wo rk wit h o u t an y s p ecial n et wo rk co n fig u rat io n o n t h e
remo t e SSL VPN clien t mach in e.
It is imp o rt an t t o en s u re t h at t h e v irt u al (PPP) in t erface ad d res s o f t h e VPN t u n n el
clien t d o es n ot co nflict wit h p h ys ical d ev ices o n t h e LA N. Th e IP ad d res s ran g e fo r
t h e SSL VPN v irt u al n et wo rk ad ap t er s h o u ld b e eit h er in a d ifferen t s u b n et o r n o n o v erlap p in g ran g e as t h e co rp o rat e LA N.
260
Wireless Controller

User Manual
Th e IP ad d res s es o f t h e clien t ‟s n et wo rk in t erfaces (Et h ern et , W ireles s ,
et c.) can n o t b e id en t ical t o t h e co n t ro ller‟s IP ad d res s o r a s erv er o n t h e
co rp o rat e LA N t h at is b ein g acces s ed t h ro u g h t h e SSL VPN t u n n el.
Figure 149 : SSL VPN clie nt adapte r and acce s s configuratio n
Th e co n t ro ller allo ws fu ll t u n n el an d s plit t u nn el s u ppo rt. Fu ll t u n n el mo d e ju s t s en d s
all t raffic fro m t h e clien t acro s s t h e VPN t u n n el t o t h e co n t ro ller. Sp lit t u n n el mo d e
o n ly s en d s t raffic t o t h e p riv at e LA N b as ed o n p re -s p ecified clien t ro u t es . Th es e
clien t ro u t es g iv e t h e SSL clien t acces s t o sp ecific p riv at e n etwo rks, t h ereb y allo win g
acces s co n t ro l o v er s p ecific LA N s erv ices .
Clien t lev el co n fig u rat io n s u p p o rt s t h e fo llo win g :
Enabl e S pl i t Tunnel S upport:
W it h a s p lit t u n n el, o n ly res o u rces wh ich are
referen ced b y clien t ro u t es can b e acces s ed o v er t h e VPN t u n n el. W it h fu ll t u n n el
s u p p ort (if t h e s p lit t u nnel o p tio n is d is abled t h e DW C-1000 act s in fu ll t u n n el mo d e)
261
Wireless Controller
User Manual
all ad d res ses o n t h e p riv at e n etwo rk are accessib le o ver t h e VPN t u n n el. Clien t routes
are n o t req u ired .
DNS S uffi x: Th e DNS s u ffix n ame wh ich will b e g iv en t o t h e SSL VPN clien t . Th is
co n fig u rat io n is o p t io n al.
Pri mary DNS S erver : DNS s erv er IP ad d res s t o s et o n t h e n et wo rk ad ap t o r creat ed
o n t h e clien t h o s t . Th is co n fig u rat io n is o p t io n al.
S econdary DNS S erver : Seco n d ary DNS s erv er IP ad d res s t o s et o n t h e n et wo rk
ad ap t o r creat ed o n t h e clien t h o s t . Th is co n fig u rat io n is o p t io n al.
Cl i ent Addres s Rang e B eg i n : Clien t s wh o co n nect t o t h e t u n n el g et a DHCP s er v ed
IP ad d res s as s ig n ed t o t h e n et wo rk ad ap t o r fro m t h e ran g e o f ad d res s es b eg in n in g
wit h t h is IP ad d res s
Clien t A d d ress Ran g e En d : Th e en d in g IP ad d res s o f t h e DHCP ran g e o f ad d res s es
s erv ed t o t h e clien t n et wo rk ad ap t o r.
Setup > VPN Settings > SSL VPN Client > Configured Client Routes
If t h e SSL VPN clien t is as s ig n ed an IP ad d res s in a d ifferen t s u b n et t h an t h e
co rp o rat e n et work, a clien t ro u t e mu s t b e ad d ed t o allo w acces s t o t h e p riv at e LA N
t h ro u g h t h e VPN t u n n el. A s well a s t at ic ro u t e o n t h e p riv at e LA N‟s firewall
(t y p ically t h is co n t ro ller) is n eed ed t o fo rward p riv at e t raffic t h ro u g h t h e VPN
Firewall t o t h e remo t e SSL VPN clien t . W h en s plit t u nnel mo d e is en ab led, t h e u s er is
req u ired t o co n fig u re ro u t es fo r VPN t u n n el clien t s :
Des ti nati on Networ k : Th e n et wo rk ad d ress o f t h e LA N o r t h e s u b n et in fo rmat io n o f
t h e d es t in at io n n et wo rk fro m t h e VPN t u n n el clien t s ‟ p ers p ect iv e is s et h ere.
S ubnet Mas k : Th e s u b n et in fo rmat io n o f t h e d es t in at io n n et wo rk is s et h ere.
262
Wireless Controller
User Manual
Figure 150 : Configu re d clie nt route s only apply in s plit tunne l mode
9.4.1 Creating Portal Layouts
Setup > VPN Settings > SSL VPN Server > Portal Layouts
Th e co n t ro ller allo ws y o u t o create a cu sto m p ag e fo r remo t e SSL VPN u s ers t h at is
p res en t ed u p o n au t h en t icat io n . Th ere are v ario u s field s in t h e p o rt al t h at are
cu s t o mizab le fo r t h e d o main , an d t h is allo ws t h e co n t ro ller ad min is t rat o r t o
co mmu n icat e d et ails s uch as lo g in in s tructio ns, av ailable s erv ices , an d o t h er u s ag e
d et ails in t h e p o rt al v is ib le t o remo t e u ser s. Du rin g d o main s etup , co n fig u red p o rt al
lay o u t s are av ailab le t o s elect fo r all u s ers au t h en t icat ed b y t h e d o main .

Th e d efau lt p o rt al LA N IP ad d res s is https://192.168.10.1/scgibin/userPortal/portal. Th is is t h e s ame p ag e t h at o p ens wh en t h e “Us er
Po rt al” lin k is clicked o n t h e SSL VPN men u o f t h e co n t ro ller GUI.
Th e co n t ro ller ad min is t rat or creates an d ed it s p o rt al lay o u t s fro m t h e co n fig u rat io n
p ag es in t h e SSL VPN men u . Th e p o rt al n ame, t it le, b an n er n ame, an d b an ner contents
are all cu s t omizab le t o t h e in t ended u sers fo r t h is p ort al. Th e p o rt al n ame is ap p en ded
t o t h e SSL VPN p o rt al URL. A s well, t h e u s ers as sign ed t o t h is p o rt al (t h ro u g h t h eir
au t h en t icat io n d o main ) can b e p res en t e d wit h o n e o r mo re o f t h e co n t ro ller‟s
s u p p o rt ed SSL s erv ices s u ch as t h e VPN Tu n n el p ag e o r Po rt Fo rward in g p ag e.
To co n fig u re a p o rt al lay o u t an d t h eme, fo llo win g in fo rmat io n is n eed ed :
263
Wireless Controller
User Manual
Portal Layout Name: A d es crip t iv e n ame fo r t h e cu s t o m p o r t al t h at is b ein g
co n fig u red . It is u s ed as p art o f t h e SSL p o rt al URL.
Portal S i te Ti tl e: Th e p o rt al web b ro ws er win d o w t it le t h at ap p ears wh en t h e
clien t acces s es t h is p o rt al. Th is field is o p t io n al.
B anner Ti tl e: Th e b an n er t it le t h at is d is p lay ed t o SSL VPN clien t s p rio r t o
lo g in . Th is field is o p t io n al.
B anner Mes s ag e : Th e b an n er mes s ag e t h at is d is p lay ed t o SSL VPN clien t s
p rio r t o lo g in . Th is field is o p t io n al.
Di s pl ay banner mes s ag e on the l og i n pag e : Th e u s er h as t h e o p t io n t o eit h er
d is p lay o r h id e t h e b an n er mes s ag e in t h e lo g in p ag e.
HTTP meta tag s for cache control : Th is s ecu rit y feat ure p revent s exp ired web
p ag es an d d at a fro m b ein g s t o red in t h e clien t ‟s web b ro ws er cach e. It is
reco mmen d ed t h at t h e u s er s elect s t h is o p t io n .
Acti veX web cache cl eaner : A n A ct iv eX cach e co n t ro l web clean er can b e
p u s h ed fro m t h e g at eway t o t he clien t b ro wser wh en ev er u sers lo g in t o t his SSL
VPN p o rt al.
S S L VPN portal pag e to di s pl ay: Th e Us er can eit h er en able VPN t u n n el p ag e
o r Po rt Fo rward in g , o r b o t h d ep en d in g o n t h e SSL s erv ices t o d is p lay o n t h is
p o rt al.
On ce t h e p o rt al s ettin gs are co n fig u red , t h e n ewly co n fig u red p o rt al is ad d ed t o t h e
lis t o f p o rt al lay o u t s .
264
Wireless Controller
User Manual
Figure 151 : SSL VPN Portal configu rat ion
9.5
Active VPN Tunnels

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Status > Active VPNs
Yo u can v iew an d ch an g e t h e s t at u s (co n n ect o r d ro p ) o f t h e co n t ro llers IPs ec
s ecu rit y associatio ns. Here, t h e act iv e I Ps ec SA s (s ecu rit y as s o ciat io n s ) are lis t ed
alo n g wit h t h e t raffic d et ails an d t un nel s tate. Th e t raffic is a cu mu lat iv e meas ure o f
t ran s mit t ed / receiv ed p acket s s in ce t h e t u n n el was es t ab lis h ed .
If a VPN p o licy s t at e is “IPs ec SA No t Es t ab lis h ed ”, it can b e en ab led b y clickin g
t h e Co n n ect b u tt on o f t h e co rrespo ndin g p o licy . Th e A ct ive IPs ec SA s t ab le d isp lays
a lis t o f act iv e IPs ec SA s . Tab le field s are as fo llo ws .
265
Wireless Controller
User Manual
Pol i cy Name : IKE o r VPN p o licy as s o ciat ed wit h t h is SA .
Endpoi nt: IP ad d res s o f t h e remo t e VPN g at eway o r clien t .
Tx (KB ): Kilo b y t es o f d at a t ran s mit t ed o v er t h is SA .
Tx (Pack ets ): Nu mb er o f IP p acket s t ran s mit t ed o v er t h is SA .
S tate : St at u s o f t h e SA fo r IKE p o licies : No t Co n n ect ed o r IPs ec SA Es t ab lis h ed .
Acti on: Click Co n n ect t o es t ab lis h an in act iv e SA (co n n ect io n ) o r Dis co n n ect t o
t ermin at e an act iv e SA (co n n ect io n ).
Figure 152 : Lis t of curre nt Active VPN Se s s ions
A ll act iv e SSL VPN co n n ect ion s, b ot h fo r VPN t u n n el an d VPN Po rt fo rward in g , are
d is p lay ed o n t h is p ag e as well. Tab le field s are as fo llo ws .
Us er Name : Th e SSL VPN u s er t h at h as an act iv e t u nn el o r p o rt fo rward in g s es s io n
t o t h is co n t ro ller.
IP Addres s : IP ad d res s o f t h e remo t e VPN clien t .
Local PPP Interface : Th e in t erface (Op t io n 1o r Op t io n 2) t h ro ug h wh ich t h e s essio n
is act iv e.
Peer PPP Interface IP: Th e as s ig n ed IP ad d res s o f t h e v irt u al n et wo rk ad ap t er.
266
Wireless Controller
User Manual
Connect S tatus : St at u s o f t h e SSL co n n ect io n b et ween t h is co n t ro ller an d t h e
remo t e VPN clien t : No t Co n n ect ed o r Co n n ect ed .
267
Wireless Controller
User Manual
Chapter 10. Advanced System
Functionalities
10.1 USB Device Setup
Setup > USB Settings > USB Status
Th e DW C-1000 W ireles s co n t ro ller h as a USB in t erface fo r p rin t er acces s , file
s h arin g .

USB M as s St o rag e: als o referred t o as a “s h are p o rt ”, files o n a USB d is k
co n n ect ed t o t h e DW C can b e acc es s ed b y LA N u s ers as a n et wo rk d riv e.

USB Prin t er: Th e DW C can p ro v id e t h e LA N wit h acces s t o p rin t ers co n n ect ed
t h ro u g h t h e USB. Th e p rin t er d riv er will h av e t o b e in s t alled o n t h e LA N h o s t
an d t raffic will b e ro u t ed t h ro u g h t h e DW C b et ween t h e LA N an d p rin t er.
To co n fig u re p rin t er o n a W in d o ws mach in e, fo llo w b elo w g iv en s t ep s :
1. Click ' S tart' o n t h e d es kt o p .
2. Select „Pri nters and faxes ’ o p t io n .
3. Rig h t click an d s elect ' add pri nter' o r click o n ' Add pri nter' p res en t at t h e
left men u .
4. Select t h e 'Network Pri nter' rad io b u t t o n an d click n ext (s elect " d ev ice is n 't
lis t ed in cas e o f W in d o ws 7" ).
5. Select t h e ' Connect to pri nter us i ng URL' rad io b u t t o n ('Select a s h ared
p rin t er b y n ame „in cas e o f W in d o ws 7) an d g iv e t h e fo llo win g URL h t t p :/ / <
co n t ro ller‟s LA N IP ad d res s>:631/ p rin ters / <M o d el Name> (M o d el Name can
b e fo u n d in t h e USB s t at u s p ag e o f co n t ro ller‟s GUI).
6. Click ' next' an d s elect t h e ap p ro p riat e d riv er fro m t h e d is p lay ed lis t .
7. Click o n ' next' an d 'fin is h ' t o co mp let e ad d in g t h e p rin t er.
268
Wireless Controller
User Manual
Figure 153 : USB De vice De te ction
10.2 USB Share Port
Setup > USB Settings > USB Status
Th e DW C-1000 W ireles s co n troller h as a USB in t erface fo r p rin t er acces s t h is p ag e
allo ws y o u t o en able USB d ev ice s u p p o rt fo r b o t h in t erface USB1 an d USB2. It als o
allo ws y o u t o en ab le p rin t er acces s fro m a p art icu lar VLA N.
269
Wireless Controller
User Manual
Figure 154 : USB Share Port
10.3 Authentication Certificates
Advanced > Certificates
Th is g at eway u s es d ig it al cert ificat es fo r IPs ec VPN au t h en t icat io n as well as SSL
v alid at io n (fo r HTTPS an d SSL VPN au t h en t icat io n ). Yo u can o b t ain a d ig it al
cert ificat e fro m a well-kn o wn Cert ificat e A u t h o rit y (CA ) s u ch as VeriSig n , o r
g en erat e and s ign y ou r o wn certificat e u s ing fu nctio nalit y av ailab le o n t h is g at eway .
Th e g at eway co mes wit h a s elf -s ig n ed cert ificat e, an d t h is can b e rep laced b y o n e
s ig n ed b y a CA as p er y o u r n et wo rkin g req u iremen t s . A CA cert ificat e p ro v id es
s t ro n g as s u ran ce o f t h e s erv er‟s id en t it y an d is a req u iremen t fo r mo s t co rp o rat e
n et wo rk VPN s o lu t io n s .
Th e cert ificat es men u allo ws y o u t o v iew a lis t o f cert ificat es (b o t h fro m a CA an d
s elf-s ig n ed ) cu rren t ly lo ad ed o n t h e g at eway . Th e fo llo win g cert ificat e d at a is
d is p lay ed in t h e lis t o f Tru s t ed (CA ) cert ificat es :
CA Identi ty (S ubject Name): Th e cert ificat e is is s ued t o t h is p ers o n o r o rg an izat io n
Is s uer Name : Th is is t h e CA n ame t h at is s u ed t h is cert ificat e
270
Wireless Controller
User Manual
Expi ry Ti me : Th e d at e aft er wh ich t h is Tru s t ed cert ificat e b eco mes in v alid
A s elf cert ificat e is a cert ificat e is s u ed b y a CA id en t ify in g y o u r d ev ice (o r s elfs ig n ed if y o u d o n‟t wan t t h e id ent ity p ro tect ion o f a CA ). Th e A ct iv e Self Cert ificat e
t ab le lis t s t h e s elf cert ificat es cu rren t ly lo ad ed o n t h e g at eway . Th e fo llo win g
in fo rmat io n is d is p lay ed fo r each u p lo ad ed s elf cert ificat e:
Name : Th e n ame y o u u s e t o id en tify t h is cert ificate, it is n o t d is p lay ed t o IPs ec VPN
p eers o r SSL u s ers .
S ubject Name : Th is is t h e n ame t h at will b e d is p lay ed as t h e o wn er o f t h is cert ificate.
Th is s h o uld b e y o ur o fficial reg is t ered o r co mp an y n ame, as IPs ec o r SSL VPN p eers
are s h o wn t h is field .
S eri al Number : Th e s erial n u mb er is main t ain ed b y t h e CA an d u s ed t o id en t ify t h is
s ig n ed cert ificat e.
Is s uer Name : Th is is t h e CA n ame t h at is s u ed (s ig n ed ) t h is cert ificat e
Expi ry Ti me: Th e d at e aft er wh ich t h is s ig n e d cert ificat e b eco mes in v alid – y o u
s h o u ld ren ew t h e cert ificat e b efo re it exp ires .
To req u es t a s elf cert ificat e t o b e s ig n ed b y a CA , y o u can g en erat e a Cert ificat e
Sig n in g Req u est fro m t h e g at eway b y ent erin g id ent ificatio n p aramet ers an d p assing it
alo n g t o t h e CA fo r s ig n in g . On ce s ig n ed , t h e CA ‟s Tru s t ed Cert ificat e an d s ig n ed
cert ificat e fro m t h e CA are u p lo ad ed t o act iv at e t h e s elf -cert ificat e v alid at in g t h e
id en t it y o f t h is g at eway . Th e s elf cert ificat e is t h en u s ed in IPs ec an d SSL
co n n ect io n s wit h p eers t o v alid at e t h e g at eway ‟s au t h en t icit y .
271
Wireless Controller
User Manual
Figure 155 : Ce rtificate s ummary for IPs e c and HTTPS manage me nt
10.4 Intet ® AMT

Th is feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN / Firewall
feat u res fo r t h e s y s t em.
Advanced > Intet ®AMT
In t el ® A ct iv e M anagemen t Techn olo gy en ab les IT man ag ers t o remo t ely acces s an d
man ag e ev ery n et worked co mp ut ing s ystem, ev en t ho se t h at lack a wo rkin g o p erat in g
s y s tem o r h ard d riv e, o r are t u rn ed o ff as lo n g as t h e PC/ No t eb o o k is co n n ect ed t o
lin e p o wer an d t o t h e n et wo rk ev en if PC/ No t eb o o k is o ff o r OS is cras h ed . In t el ®
A M T u s es a s ep arat e man ag emen t p ro ces s o r t h at ru n s in d ep en d et ly o n t h e clien t
mach in e an d can b e reach ed t hro ug h t h e wired o r wireles s n et work. W it h D -Lin k DSR
272
Wireless Controller
User Manual
Ro u t ers , In t el ® A M T Tech n o lo g y co u ld cro s s In t ern et s eamles s ly an d it 's an id eal
s o lu t io n t o h elp IT man ag ers fo r as s et man ag emen t o v er In t ern et . .
Figure 156 : Inte t
®
AM T
Enabl e Ports : W h en en abled , in b ou nd/ ou t b o u n d firewall ru les are ad d ed fo r cert ain
p o rt s t o en ab le In t el® A M T s erv ice.
Opti on Hos ts : If t h e u s er s elects A NY, all Op t io n s id e h osts are g ran t ed access t o t h e
lo cal s erv er. If t h e u s er s elect s " Sp ecify Op t io n IPs " , h e mu s t p ro v id e a co mma
273
Wireless Controller
User Manual
s ep arat ed lis t o f Op t io n h o s t ad d res s es t h at are t o b e allo wed acces s t o t h e Lo cal
Serv er (LA N Ho s t ).
Opti on Hos t Addres s es : Th e u s er mu s t p ro vid e a co mma s ep arat ed lis t o f Op t io n IP
ad d res s es t h at mu s t b e allo wed acces s t o t h e Lo cal Serv er in cas e h e h as s elect ed
" Sp ecify Op t io n IPs " in t h e Dro p d o wn men u . On ly co mmas are allo wed an d t h ere
s h o u ld b e n o s p aces b et ween t h e co mma an d t h e IP ad d res s
Internal IP Addres s : Th e u s er mu s t p ro v id e a s in g le I P ad d res s o f t h e LA N h o s t
(Lo cal Serv er).
Enabl e Intel ® Amt Refl ector : Ch eck t h is b o x t o reflect b ack t h e d at a o n s elect ed
p o rt s t o t h e clien t in it iat in g t h e co n n ect io n .
Redi rect to Port 1 6 9 9 2 : Ch eck t h is b o x t o red irect t o p o rt 16992 o f t h e clien t
in it iat in g t h e co n n ect io n .
Li s ten on Port: En t er t h e p o rt o n wh ich s erv er s h o u ld lis t en fo r in co min g
co n n ect io n s .
Redi rect to Port 1 6 9 9 3 : Ch eck t h is b o x t o red irect t o p o rt 16993 o f t h e clien t
in it iat in g t h e co n n ect io n .
Li s ten on Port: En t er t h e p o rt o n wh ich s er v er s h o u ld lis t en fo r in co min g
co n n ect io n s .
Redi rect to Port 1 6 9 9 4 : Ch eck t h is b o x t o red irect t o p o rt 16994 o f t h e clien t
in it iat in g t h e co n n ect io n .
Li s ten on Port: En t er t h e p o rt o n wh ich s erv er s h o u ld lis t en fo r in co min g
co n n ect io n s .
Redi rect to Port 1 6 9 9 5 : Ch eck t h is b o x t o red irect t o p o rt 16995 o f t h e clien t
in it iat in g t h e co n n ect io n .
Li s ten on Port: En t er t h e p o rt o n wh ich s erv er s h o u ld lis t en fo r in co min g
co n n ect io n s .
Redi rect to Port 9 9 7 1 : Ch eck t h is b ox t o red irect t o p o rt 9971 o f t h e clien t in i t iat in g
t h e co n n ect io n .
Li s ten on Port: En t er t h e p o rt o n wh ich s erv er s h o u ld lis t en fo r in co min g
co n n ect io n s .
274
Wireless Controller
User Manual
Chapter 11. Advanced Wireless
Controller Features
11.1 Advanced Global Wireless Controller
Configuration
Advanced > Global > General
Th e field s o n t h e ad v an ced W ireles s Glo b al Co n fig u rat io n p ag e are s et t in g s t h at
ap p ly t o t h e DW C-1000 W ireles s Co n t ro ller.
275
Wireless Controller
User Manual
Figure 157 : Wire le s s Configu rat io n
Peer Group ID: In o rd er t o s u p p o rt larg er n et wo rks , y o u can co n fig u re wireles s
co n t ro llers as p eers , wit h u p t o 8 co n t ro llers in a clu s t er (p eer g ro u p ). Peer
co n t ro llers s h are s o me in fo rmat io n ab o u t A Ps an d allo w L3 ro amin g amo n g
t h em.Peers are g ro u p ed acco rd in g t o t h e Gro u p ID.
Cl i ent Roam Ti meout: Th is v alu e d et ermin es h o w lo n g t o keep an en t ry in t h e
A s s o ciat ed Clien t St at u s lis t aft er a clien t h as d is as s o ciat ed . Each en t ry in t h e
s t at us lis t s h ows an ag e, and wh en t h e ag e reach es t h e v alu e y o u co n fig u re in t h e
t imeo u t field , t h e en t ry is d elet ed .
Ad Hoc Cl i ent S tatus Ti meout: Th is v alu e d et ermin es h o w lo n g t o keep an en t ry
in t h e A d Ho c Clien t St at u s lis t . Each en t ry in t h e s t at u s lis t s h o ws an ag e, an d
wh en t h e ag e reach es t h e v alu e y o u co n fig u re in t h e t imeo u t field , t h e en t ry is
d elet ed .
276
Wireless Controller
User Manual
AP Fai l ure S tatus Ti meout: Th is v alu e d et ermin es h o w lo n g t o keep an en t ry in
t h e A P A u t h enticatio n Failu re St at us lis t . Each en t ry in t h e s t at us lis t s hows an ag e,
an d wh en t h e ag e reaches t h e v alue y ou co nfig ure in t h e t imeo u t field , t h e en t ry is
d elet ed .
MAC Authenti cati on Mode : Select t h e g lo b al act io n t o t ake o n wireles s clien t s in
t h e wh it e -lis t : Select t h is o p t io n t o s p ecify t h at an y wireles s clien t s wit h M A C
ad d res ses t h at are s p ecified in t h e Kn o wn Clien t d at ab as e, an d are n o t exp licit ly
d en ied access, are g rant ed access. If t h e M A C ad d res s is n o t in t h e d at ab as e t h en
t h e acces s t o t h e clien t is d en ied .
Detected Cl i ents S tatus Ti meout : Th is v alu e d et ermin es h o w lo n g t o keep an entry
in t h e Det ect ed Clien t St at u s lis t . Each en t ry in t h e s t at u s lis t s h o ws an ag e, an d
wh en t h e ag e reach es t h e v alu e y o u co n fig u re in t h e t imeo u t field , t h e en t ry is
d elet ed .
Tunnel IP MTU S i ze : Select t h e maximu m s ize o f an IP p acket h an d led b y t h e
n et wo rk.
Th e
M TU
is
en fo rced
o n ly
on
t u n n eled
VA Ps .
W h en IP p acket s are t u n neled b etween t h e A Ps an d t h e Un ified W ireles s co ntro ll er,
t h e p acket s ize is in creas ed b y 20 b y t es d u rin g t ran s it . Th is mean s t h at clien t s
co n fig u red fo r 1500 b y t e IP M TU s ize may exceed t h e maximu m M TU s ize o f
exis t in g n et wo rk in fras t ructure wh ich is s et u p t o co n t ro ller an d ro u t e 1518 (1522 t ag g ed ) b yt e fra mes . If y o u in crease t h e t u nn el IP M TU s ize, y o u mu s t als o in crease
t h e p h y s ical M TU o f t h e p o rt s o n wh ich t h e t raffic flo ws . No t e: f an y o f t h e
fo llo win g co n d it io ns are t ru e, y o u d o n ot n eed t o in creas e t h e t u n n el IP M TU s ize:
Th e
wireles s
n et wo rk
d o es
no t
use
L3
t u n n elin g .
Th e t u n n elin g mo d e is u s ed o n ly fo r v o ice t raffic, wh ich t y p ically h as s mall
p acket s .Th e t u nn elin g mo d e is u s ed o n ly fo r TCP b as ed p ro t o co ls , s u ch as HTTP.
Th is is b ecau s e t h e A P au t o mat ically red u ces t h e maximu m s eg men t s ize fo r all
TCP co n n ect io n s t o fit wit h in t h e t u n n el.
Cl us ter Pri ori ty: Sp ecify t h e p rio rit y o f t h is co n t ro ller fo r t h e Clu s t er Co n t ro ller
elect io n . Th e co n t ro ller wit h h ig h es t p rio rit y in a clu s t er b eco mes t h e Clu s t er
Co n t ro ller. If t h e p rio rit y is t h e s ame fo r all co n t ro llers , t h en t h e co n t ro ller wit h
lo wes t IP ad d res s b eco mes t h e Clu s t er Co n t ro ller. A p rio rit y o f 0 mean s t h at t h e
co n t ro ller can n o t b eco me t h e Clu s t er Co n t ro ller. Th e h ig h es t p o s s ib le p rio rit y is
255.
AP Cl i ent QoS : En ab le o r d is ab le t h e clien t Qo S feat u re. If A P Clien t Qo S is
d is ab led , t h e Clien t Qo S co n fig u ratio n remain s in p lace, b u t an y A CLs o r DiffServ
p o licies
ap p lied
to
wireles s
277
t raffic
are
not
en fo rced .
Wireless Controller
User Manual
Th e Clien t Qo S feat u re ext en d s t h e p rimary Qo S cap ab ilit ies o f t h e Un ified
W ireles s co nt roller t o t h e wireles s d o main . M o re s p ecifically , acces s co n t ro l lis t s
(A CLs ) an d d ifferen t iated s ervice (DiffServ ) p o licies are ap plied t o wireles s clien ts
as s o ciat ed t o t h e A P.t h e maximu m M TU s ize o f exis t in g n et wo rk in fras t ru ct u re
wh ich is s et u p t o co n t ro ller an d ro u t e 1518 (1522-t ag g ed ) b y t e frames . If y o u
in creas e t h e t u nn el IP M TU s ize, y o u mu s t als o in creas e t h e p h y s ical M TU o f t h e
p o rt s o n wh ich t h e t raffic flo ws .
11.2 Distributed Tunneling
Advanced > Global > Distributed Tunneling
Th e Dis t rib u t ed Tu n nelin g mo d e, als o kn o wn as A P-AP t u nn elin g mo d e, is u s ed t o
s u p p ort L3 ro amin g fo r wireles s clien t s wit h o u t fo rward in g an y d at a t raffic t o t h e
wireles s co n t ro ller. In t h e A P-A P t u n n elin g mo d e, wh en a clien t firs t as s o ciat es
wit h an A P in t h e wireles s s y s t em t h e A P fo rward s it s d at a u s in g t h e VLA N
fo rward in g mo d e. Th e A P t o wh ich t h e clien t in it ially as s o ciat es is t h e Ho me A P.
Th e A P t o wh ich t h e clien t ro ams is t h e A s s o ciat io n A P.
278
Wireless Controller
User Manual
Figure 158 : Dis tribute d Tunne ling
Di s tri buted Tunnel Cl i ents : Sp ecify t h e maximu m n u mb er o f d is t rib u t ed t u n neling
clien t s t h at can ro am away fro m t h e Ho me A P at t h e s ame t ime.
Di s tri buted Tunnel Idl e Ti meout: Sp ecify t h e n u mb er o f s eco nds o f n o act iv ity by
t h e clien t b efo re t h e t u n n el t o t h at clien t is t ermin at ed an d t h e clien t is fo rced t o
ch an g e it s IP ad d res s .
Di s tri buted Tunnel Ti meout: Sp ecify t h e n u mb er o f s econd s b efo re t h e t u n n el t o
t h e ro amed clien t is t ermin at ed an d t h e clien t is fo rced t o ch an g e it s IP ad d res s .
Di s tri buted Tunnel Max Mul ti cas t Repl i cati ons Al l owed: Sp ecify t h e maximu m
n u mb er o f t u n n els t o wh ich a mu lt icas t frame is co p ied o n t h e Ho me A P.
11.3 Distributed Tunneling Status
Status > Dashboard > Distributed Tunneling
Th is p ag e s h o ws in fo rmat io n ab o u t all t h e d is t rib u t ed t u n n el clien t s .
279
Wireless Controller
User Manual
Fig ure 159 : Dis tribute d Tunne ling Clie nts
Di s tri buted Tunnel Pack ets : Tran s mit t ed: To t al n u mb er o f p acket s sent b y all A Ps
v ia d is t rib u t ed t u n n els .
Di s tri buted Tunnel Roamed Cl i ents : To t al n u mb er o f clien t s t h at s u cces s fu lly
ro amed away fro m Ho me A P u s in g d is t rib u t ed t u n n elin g .
Di s tri buted Tunnel Cl i ents : To t al n u mb er o f clien t s t hat are as sociated wit h an AP
t h at are u s in g d is t rib u t ed t u n n elin g .
Di s tri buted Tunnel Cl i ent Deni al s : To t al n u mb er o f clien t s fo r wh ich t h e s y s t em
was u n ab le t o s et u p a d is t rib u t ed t u n n el wh en clien t ro amed .
280
Wireless Controller
User Manual
11.4 Peer Controller Configuration
11.4.1 Peer Controller Configuraiton Request Status
Advanced > Peer Controller > Configuraiton Request Status
Th e Peer Co n t ro ller Co n fig u rat io n feat u re allo ws y o u t o s en d a v ariet y o f
co n fig u ratio n in fo rmat io n fro m o n e co n tro ller t o all o t h er co nt rollers. In ad d it ion to
keep in g t h e co n t ro llers s y n ch ro n ized , t h is fu n ct io n allo ws y o u t o man ag e all
wireles s co n t ro llers in t h e clu s t er fro m o n e co n t ro ller. Th e Peer Co n t ro ller
Co n fig u rat io n Req u es t St at u s p ag e p ro v id es in fo rmat io n ab o u t t h e s t at u s o f t h e
co n fig u rat io n u p g rad e o n t h e co n t ro llers in t h e clu s t er
Figure 160 : Pe e r Controlle r Configura tio n Re que s t Status
Peer Co n t ro ller Co n fig u rat io n Req u e s t St at u s :
Confi g urati on Reques t S tatus : In d icat es t h e g lo b al s t atus fo r a co n fig u rat io n p ush
o p erat io n t o o n e o r mo re p eer co n t ro llers. Th e s t at u s can b e o n e o f t h e fo llo win g :
281
Wireless Controller
User Manual

No t St art ed .

Receiv in g Co n fig u rat io n .

Sav in g Co n fig u rat io n .

Su cces s .
Failu re In v alid Co d e Vers io n .

Failu re In v alid Hard ware Vers io n .

Failu re In v alid Co n fig u rat io n
Total Count: In d icat es t h e n u mb er o f p eer co n t ro llers in clu d ed at t h e t ime a
co n fig u ratio n d own lo ad req u es t is s t art ed , t h e v alu e is 1 if a d o wn lo ad req u es t is
fo r a s in g le co n t ro ller.
S ucces s Count: In d icat es t h e t o t al n u mb er o f p eer co n t ro llers t h at h av e
s u cces s fu lly co mp let ed a co n fig u rat io n d o wn lo ad .
Fai l ure Count: In d icat es t h e t o t al n u mb er o f p eer co n t ro llers t h at h av e failed t o
co mp let e a co n fig u rat io n d o wn lo ad .
Li s t of Peers Peer IP Addres s : Lis t s t h e IP ad d res s o f each co n t ro ller in t h e
clu s t er an d in d icat es t h e co n fig u rat io n req u es t s t at u s o f t h at co n t ro ller.
11.4.2 Peer Controller Configuration
Advanced > Peer Controller > Configuraiton Items
Th e Peer Co n t ro ller Co n fig u rat io n it esm p ag es allo ws t o En ab le/Dis able allo ws y ou
t o s elect wh ich p art s o f t h e co n fig u rat io n t o co p y t o o n e
282
Wireless Controller
User Manual
Figure 161 : Pe e r Controlle r Configuraito n
Gl obal : En ab le t h is field t o in clu d e t h e b as ic an d ad v an ced g lo b al s et t in g s in t h e
co n fig u ratio n t hat t h e co n t ro ller p u s h es t o it s p eers . Th e co n fig u rat io n d o es n o t
in clu d e t h e co n t ro ller IP ad d res s s in ce t h at is a u n iq u e s et t in g .
Di s covery: En ab le t h is field t o in clu d e t h e L2 an d L3 d is co v ery in fo rmat io n ,
in clu d in g t h e VLA N lis t an d IP lis t , in t h e co n fig uratio n t h at t h e co n t ro ller p u s h es
t o it s p eers .
Channel / Power : En ab le t h is field t o in clu d e t h e RF man ag emen t in fo rmat io n in the
co n fig u rat io n t h at t h e co n t ro ller p u s h es t o it s p eers .
AP Databas e : En ab le t h is field t o in c lu d e t h e A P Dat ab ase in t h e co nfig uratio n that
t h e co n t ro ller p u s h es t o it s p eers .
AP Profi l es : En ab le t h is field t o in clu d e all A P p ro files in t h e co n fig u rat io n t h at
t h e co n t roller p u sh es t o it s p eers. Th e A P p ro file in clu d es t h e g lo b al A P s et t in g s ,
s u ch as t he h ardware t y pe, Rad io s ett in gs, VA P an d W ireles s Net wo rk s ettin gs, an d
Qo S s et t in g s .
283
Wireless Controller
User Manual
Known Cl i ent: En ab le t h is field t o in clu d e t h e Kn o wn Clien t Dat ab as e in t h e
co n fig u rat io n
t h at
the
co n t ro ller
p u s h es
to
it s
p eers .
RADIUS Cl i ent: En ab le t h is field t o in clu d e t h e Clien t RA DIUS in fo rmat io n in t h e
co n fig u rat io n t h at t h e co n t ro ller p u s h es t o it s p eers .
11.5 WIDS Configuration
Th e D-Lin k W ireles s Co n t ro ller W ireles s In t ru s io n Det ect io n Sy s t em (W IDS) can
h elp d et ect in t ru sio n at temp ts in t o t h e wireles s n et work an d t ake au tomat ic act io n s t o
p ro t ect t h e n et wo rk.
11.5.1 W IDS AP configration
Advanced > WIDS Security > AP
Th e W IDS A P Co n fig u rat io n p ag e allo ws y o u t o act iv at e o r d eact iv at e v ario u s
t h reat d et ect io n t es t s an d s et t h reat d et ect io n t h res h o ld s in o rd er t o h elp d et ect
ro g u e A Ps o n t he wireles s n etwo rk. Th ese chang es can b e d o n e wit h o u t d is ru p t in g
n et wo rk co n n ect iv it y . Sin ce s o me o f t h e wo rk is d o n e b y acces s p o in t s , t h e
co n t ro ller n eed s t o s en d mes s ag es t o t h e A Ps t o mo d ify it s W IDS o p erat io n al
p ro p ert ies
Admi ni s trator confi g ured rog ue AP : If t h e s o u rce M A C ad d res s is in t h e v alid A P d at ab ase o n t h e co ntro ller o r o n t h e RA DIUS s erv er an d t h e A P t y p e is marked
as Ro g u e, t h en t h e A P s t at e is Ro g u e.
Manag ed S S ID from an unk nown AP : Th is t es t ch ecks wh et her an u nkn own A P is
u s in g t h e man aged n et work SSID. A h acker may s et u p an A P wit h man ag ed SSID
t o fo o l u s ers in t o asso ciat ing wit h t h e A P an d rev ealin g p asswo rd an d o t h er s ecu re
in fo rmat io n . A d min is t rat o rs wit h larg e n et wo rks wh o are u s in g mu lt ip le clu s t ers
s h o u ld e it h er u s e d ifferen t n et wo rk n ames in each clu s t er o r d is ab le t h is t es t .
Ot h erwis e, if an A P in t h e firs t clu s t er d et ect s A Ps in t h e s eco n d clu s t er
t ran s mit t in g t h e s ame SSID as A Ps in t h e firs t clu s t er t h en t h es e A Ps are rep o rt ed
as ro g u es .
284
Wireless Controller
User Manual
Manag ed S S ID from a fak e manag ed AP : A h acker may s et u p an A P wit h t h e
s ame M A C ad d res s as o ne o f t h e man ag ed A Ps an d co n fig u re it t o s en d o n e o f t h e
man ag ed SSIDs . Th is t est ch ecks fo r a v en d or field in t h e b eaco ns wh ich is alway s
t ran s mit t ed b y man ag ed A Ps . If t h e v e n d o r field is n o t p res en t , t h en t h e A P is
id en t ified as a fake A P.
AP wi thout an S S ID: SSID is an o p t io n al field in b eaco n frames . To av o id
d et ect io n a h acker may s et u p an A P wit h t h e man ag ed n et wo rk SSID, b u t d is ab le
SSID t ran s mis sio n in t h e b eacon frame s . Th e A P wo u ld s till s en d p ro b e res p o n s es
t o clien t s t h at s en d p ro b e req u es t s fo r t h e man ag ed SSID fo o lin g t h e clien t s in t o
as s o ciat in g wit h t h e h acker's A P. Th is t es t d et ect s an d flag s A Ps t h at t ran s mit
b eaco n s wit h o u t t h e SSID field . Th e t es t is au t o mat ically d is ab led if an y o f t h e
rad io s in t h e p ro files are co n fig u red n o t t o s en d SSID field , wh ich is n o t
reco mmen d ed b ecause it d o es n ot p rov id e an y real s ecu rit y an d d is ab les t h is t es t .
Fak e manag ed AP on an i nval i d channel : Th is t es t d et ect s ro g u e A Ps t h at
t ran s mit b eacon s fro m t h e s o urce M A C ad d ress o f o n e o f t h e man ag ed A Ps , b u t o n
d ifferen t ch an n el fro m wh ich t h e A P is s u p p o s ed t o b e o p erat in g .
Manag ed S S ID detected wi th i ncorrect s ecuri ty : Du rin g RF Scan t h e A P
examin es b eaco n frames receiv ed fro m o t h er A Ps an d d et ermin es wh et h er t h e
d et ect ed A P is ad v ert isin g an o p en n et work, W EP, o r W PA . If t h e SSID rep o rt ed in
t h e RF Scan is o n e o f t h e man ag ed n etwo rks an d it s co nfig u red s ecu rit y n o t mat ch
t h e d et ect ed s ecu rit y t h en t h is t es t marks t h e A P as ro g u e.
Inval i d S S ID from a manag ed AP : Th is t es t checks wh eth er a kn o wn man ag ed A P
is s en d in g an u n exp ect ed SSID. Th e SSID rep o rt ed in t h e RF Scan is co mp ared t o
t h e lis t o f all co n fig u red SSIDs t h at are u sed b y t he p ro file as sign ed t o t h e man aged
A P. If t h e d et ect ed SSID d o esn 't mat ch an y co n figu red SSID t h en t h e A P is marked
as ro g u e.
AP i s operati ng on an i l l eg al channel : Th e p u rpose o f t h is t est is t o d et ect h ackers
o r in co rrect ly co n fig ured d evices t hat are o p eratin g o n ch an nels t hat are n o t leg al in
t h e co u n t ry wh ere t h e wireles s s y s t em is s et u p . No t e: In o rd er fo r t h e wireles s
s y s tem t o d et ect t his t hreat, t h e wireles s n et wo rk mu s t co n t ain o n e o r mo re rad io s
t h at o p erat e in s en t ry mo d e.
S tandal one AP wi th unexpected confi g urati on : If t h e A P is clas s ified as a kn own
s t an d alo n e A P, t h en t h e co n t ro ller ch ecks wh et h er t h e A P is o p erat in g wit h t h e
exp ect ed co n fig uratio n p aramet ers. Yo u co n fig u re t h e exp ect ed p aramet ers fo r t h e
285
Wireless Controller
User Manual
s t an d alo n e A P in t h e lo cal o r RA DIUS Valid A P d at ab as e. Th is t es t may d et ect
n et wo rk mis co n fig u rat io n as well as p o t en t ial in t ru s io n at t emp t s . Th e fo llo win g
p aramet ers are ch ecked :
•
Ch an n el Nu mb er
•
SSID
•
Secu rit y M o d e
•
W DS M o d e.
•
Pres en ce o n a wired n et wo rk.
Unexpected WDS devi ce detected on network : If t h e A P is clas s ified as a
M an ag ed o r Un kn o wn A P an d wireles s d is t rib u t io n s y s t em (W DS) t raffic is
d et ect ed o n t h e A P, t h en t he A P is co n sid ered t o b e Ro g u e. On ly s t an d -alo n e A Ps
t h at are exp licit ly allo wed t o o p erat e in W DS mo d e are n o t rep o rt ed as ro g u es b y
t h is t es t .
Unmanag ed AP dete cted on wi red network : Th is t es t ch ecks wh et h er t h e A P is
d et ect ed o n t h e wired n et work. If t h e A P s t at e is Un kn o wn , t h en t h e t es t ch an g es
t h e A P s t at e t o Ro g u e. Th e flag in d icat in g wh et h er A P is d et ect ed o n t h e wired
n et wo rk is rep o rt ed as p art o f t h e RF Scan rep o rt . If A P is man ag ed an d is d et ect ed
o n t h e n et wo rk t h en t h e co n troller s imp ly rep o rt s t h is fact an d d o es n 't ch an g e t h e
A P s t at e t o Ro g u e. In o rd er fo r t h e wireles s s y s t em t o d et ect t h is t h reat , t h e
wireles s n et wo rk mu s t co n t ain o n e o r mo re rad io s t h at o p erat e in s en t ry mo d e
Rog ue Detected Trap Interval : Sp ecify t h e in t erv al, in s eco n d s , b et ween
t ran s mis sio ns o f t h e SNM P t rap t ellin g t h e admin is t rator t h at ro g ue A Ps are p resent
in t h e RF Scan d at ab as e. If y o u s et t h e v alu e t o 0, t h e t rap is n ev er s en t .
Wi red Network Detecti on Interval : Sp ecify t h e n u mb er o f s eco n d s t h at t h e A P
wait s b efo re s t art in g a n ew wired n et wo rk d et ect ion cy cle. If y o u s et t h e v alu e t o 0,
wired n et wo rk d et ect io n is d is ab led
AP De -Authenti cati on Attack : En ab le o r d is ab le t h e A P d e-aut hen t icat io n at t ack.
Th e wireles s co n tro ller can p ro tect again st ro g ue A Ps b y send ing DE au t h ent icat ion
mes s ag es t o t h e ro g u e A P. Th e d e -au t h en t icat io n at t ack feat u re mu s t b e g lo b ally
en ab led in o rd er fo r t h e wireles s s y s t em t o d o t h is fu n ct io n . M ake s u re t h at n o
286
Wireless Controller
User Manual
leg it imat e A Ps are clas s ified as ro g u es b efo re en ab lin g t h e at t ack feat u re. Th is
feat u re is d is ab led b y d efau lt .
287
Wireless Controller
User Manual
Figure 162 : WIDS AP Configuratio n
11.5.2 W IDS Client Configuration
Advanced > WIDS Security > Client
Th e s et t in gs y o u co nfig ure o n t he W IDS Clien t Co n fig u rat io n p ag e h elp d et ermin e
wh et h er a d et ected clien t is clas s ified as a ro g u e. Clien t s clas s ified as ro g u es are
co n s id ered t o b e a t h reat t o n et wo rk s ecu rit y
Th e W IDS feat u re t racks t h e fo llo win g t y p es o f man ag emen t mes s ag es t h at each
d et ect ed clien t s en d s :
288
Wireless Controller
User Manual
•
Pro b e Req u es t s
•
802.11 A u t h en t icat io n Req u es t s
•
802.11 De -A u t h en t icat io n Req u es t s .
In o rd er t o h elp d et ermin e wh et h er a clien t is p o s in g a t h reat t o t h e n et wo rk b y flo o d in g t h e
n et wo rk wit h man ag emen t t raffic, t h e s y s t em keep s t rack o f t h e n u mb er o f t imes t h e A P
receiv ed each mes sage t y p e an d t h e h ig hest mes s ag e rat e d et ect ed in a s in g le RF Scan rep o rt .
On t h e W IDS Clien t Co n fig u rat io n p age, y ou can s et t h resh old s fo r each t y pe o f mes s ag e s en t ,
an d t h e A Ps mo n it o r wh et h er an y clien t s exceed t h o s e t h res h o ld s o r t es t s .
Not Pres ent i n OUI Databas e Tes t: Th is t es t ch ecks wh et her t he M A C ad d res s o f
t h e clien t is fro m a reg is t ered man u fact u rer id en t ified in t h e OUI d at ab as e.
Known Cl i ent Databas e Tes t: Th is t es t ch ecks wh et h er t h e clien t , wh ich is
id en t ified b y it s M A C ad d res s , is lis t ed in t h e Kn o wn Clien t Dat ab as e an d is
allo wed acces s t o t h e A P eit h er t h ro u g h t h e A u t h en t icat io n A ct io n o f Gran t o r
t h ro u g h t h e W h it e Lis t g lo b al act ion . If t h e clien t is in t h e Kn o wn Clien t Dat ab as e
an d h as an act ion o f Den y , o r if t h e act io n is Glo b al A ct io n an d it is g lo b ally s et t o
Black Lis t , t h e clien t fails t h is t es t .
Confi g ured Authenti cati on Rate Tes t : Th is t es t ch ecks wh et h er t h e clien t h as
exceed ed t h e co n fig u red rat e fo r t ran s mit t in g 802.11 au t h en t icat io n req u es t s .
Confi g ured Probe Reques ts Rate Tes t: Th is t es t ch ecks wh et h er t h e clien t h as
exceed ed t h e co n fig u red rat e fo r t ran s mit t in g p ro b e req u es t s .
Confi g ured De -Authenti cati on Reques ts Rate Tes t : Th is t es t ch ecks wh et h er t h e
clien t h as exceed ed t h e co nfig ured rat e fo r t ran smit t ing d e -au thent icat ion req u es t s .
Maxi mum Authenti cati on Fai l ures Tes t: Th is t est ch ecks wh et h er t h e clien t h as
exceed ed t h e maximu m n u mb er o f failed au t h en t icat io n s .
Authenti cati on wi th Unk nown AP Tes t : Th is t es t ch ecks wh et h er a clien t in t h e
Kn o wn Clien t d at ab as e is au t h en t icat ed wit h an u n kn o wn A P.
Cl i ent Threat Mi ti g ati on: Select en ab le t o s en d d e -au t h en t icat io n mes s ag es t o
clien t s t h at are in t h e Kn o wn Clien t s d at ab as e b u t are as s o ciat ed wit h u n kn o wn
A Ps . Th e A u t hent icat ion wit h Un kn o wn A P Tes t mu s t als o b e en ab led in o rd er fo r
t h e mit ig at io n t o t ake p lace. Select d is ab le t o allo w clien t s in t h e Kn o wn Clien t s
d at ab as e t o remain au t h en t icat ed wit h an u n kn o wn A P.
289
Wireless Controller
User Manual
Known Cl i ent Databas e Look up Method: W h en t h e co n t ro ller d et ect s a clien t o n
t h e n et wo rk it p erfo rms a lo o ku p in t h e Kn o wn Clien t d at ab as e. Sp ecify wh et h er
t h e co n t ro ller s h o u ld u s e t h e lo cal o r RA DIUS d at ab as e fo r t h es e lo o ku p s .
Known Cl i ent Databas e RADIUS S erver Name : If t h e kn o wn clien t d at ab as e
lo o ku p met h o d is RA DIUS t h en t h is field s p e cifies t h e RA DIUS s erv er n ame.
Rog ue Detected Trap Interval : Sp ecify t h e in t erv al, in s eco n d s , b et ween
t ran s mis sio ns o f t h e SNM P t rap t ellin g t h e admin is t rator t h at ro g ue A Ps are p resent
in t h e RF Scan d at ab as e. If y o u s et t h e v alu e t o 0, t h e t rap is n ev er s en t .
De-Authenti cati on Reques ts Thres hol d Interval : Sp ecify t h e n u mb er o f s eco n d s
an A P s h o u ld s p en d co u n t in g t h e DE au t h en t icat io n mes s ag es s en t b y wireles s
clien t s .
De-Authenti cati on Reques ts Thres hol d Val ue: If co n t ro ller receiv es mo re t h an
s p ecified mes s ag es d u rin g t h e t h res h o ld in t erv al t h e t es t t rig g ers .
Authenti cati on Reques ts Thres hol d Interval : Sp ecify t h e n u mb er o f s eco n d s an
A P s h o u ld s pen d co u n t in g t h e au t h en t icat io n mes s ag es s en t b y wireles s clien t s .
Authenti cati on Reques ts Thres hol d Val ue : If co n t ro ller receiv es mo re t h an
s p ecified mes s ages d u ring t he t h resh old in t erv al t h e t es t t rig g ers . Pro b e Req u es t s
Th res h old In t erval Sp ecify t h e n umb er o f s econ ds an A P s ho uld sp en d co un tin g t h e
p ro b e mes s ag es s en t b y wireles s clien t s .
Probe Reques ts Thre s hol d Val ue : Sp ecify t h e n u mb er o f p ro b e req u ests a wireless
clien t is allo wed t o s en d d urin g t h e t hresho ld in t erv al b efo re t h e ev en t is rep o rt ed
as a t h reat .
Authenti cati on Fai l ure Thres hol d Val ue : Sp ecify t h e n u mb er o f 802.1X
au t h en ticat io n failu res a clien t is allo wed t o h av e b efo re t h e ev en t is rep o rt ed as a
t h reat .
290
Wireless Controller
User Manual
Figure 163 : WIDS Clie nt Configuratio n
291
Wireless Controller
User Manual
Chapter 12. Administration &
Management
12.1 Remote Management
Bo t h HTTPS an d t eln et acces s can b e res t rict ed t o a s u b s et o f IP ad d res s es . Th e
co n t ro ller ad min is t rat o r can d efin e a kn o wn PC, s in g le IP ad d res s o r ran g e o f IP
ad d res ses t h at are allo wed t o access t he GUI wit h HTTPS. Th e o p en ed p o rt fo r SSL
t raffic can b e ch an g ed fro m t h e d efau lt o f 443 at t h e s ame t ime as d efin in g t h e
allo we d remo t e man ag emen t IP ad d res s ran g e.
Figure 164 : Re mote M anage me nt
12.2 CLI Access
In ad d it io n t o t h e web -b as ed GUI, t h e g at eway s u p p o rt s SSH an d Teln et
man ag emen t fo r co mman d -lin e in t eract io n . Th e CLI lo g in cred en t ials are s h a red
292
Wireless Controller
User Manual
wit h t h e GUI fo r ad min is t rat o r u s ers . To acces s t h e CLI, t y p e “cli” in t h e SSH o r
co n s o le p ro mp t an d lo g in wit h ad min is t rat o r u s er cred en t ials .
12.3 SNMP Configuration
Tools > Admin > SNMP
SNM P is an ad d it io n al man ag emen t t o o l t h at is u s efu l wh en mu lt ip l e co n t ro ller in a
n et wo rk are b ein g man ag ed b y a cen t ral M as t er s y s t em. W h en an ext ern al SNM P
man ag er is p ro v id ed wit h t h is co n t ro ller M an ag emen t In fo rmat io n Bas e (M IB) file,
t h e man ag er can u p d at e t h e co n t ro ller h ierarch al v ariab les t o v iew o r u p d at e
co n fig u ratio n p aramet ers. Th e co n tro ller as a man ag ed d evice h as an SNM P ag en t that
allo ws t h e M IB co n fig u rat io n v ariab les t o b e acces s ed b y t h e M as t er (t h e SNM P
man ag er). Th e A cces s Co n t ro l Lis t o n t h e co n t ro ller id en t ifies man ag ers in t h e
n et wo rk t h at h ave read -only o r read -writ e SNM P cred en tials. Th e Trap s Lis t o u t lin es
t h e p o rt o v er wh ich n o t ificat io n s fro m t h is co n t ro ller are p ro v id ed t o t h e SNM P
co mmu n it y (man ag ers ) an d als o t h e SNM P v ers io n (v 1, v 2c, v 3) fo r t h e t rap .
293
Wireless Controller
User Manual
Figure 165 : SNM P Us e rs , Traps , and Acce s s Control
Tools > Admin > SNMP System Info
Th e co n t ro ller is id en t ified b y an SNM P man ag er v ia t h e Sy s t em In fo rmat io n . Th e
id en t ifier s et t in g s Th e Sy s Name s et h ere is als o u s ed t o id en t ify t h e co n t ro ller fo r
Sy s Lo g lo g g in g .
294
Wireless Controller
User Manual
Figure 166 : SNM P s ys te m inform at io n for this controlle r
12.4 SNMP Traps
Advanced > Global > SNMP Traps
If y o u u s e Simp le Net wo rk M an ag emen t Pro t o co l (SNM P) t o man ag e t h e DW C-1000
wireles s co n t roller, y o u can co nfig u re t h e SNM P ag ent o n t h e co ntro ller t o s en d t rap s
t o t h e SNM P man ag er o n y o u r n et wo rk. W h en an A P is man ag ed b y a co n t ro ller, it
d o es n o t s end o u t an y t raps. Th e co ntro ller g enerates all SNM P t rap s b ased o n it s o wn
ev en t s an d t h e ev en t s it learn s ab o u t t h ro u g h u p d a t es fro m t h e A Ps it man ag es .
295
Wireless Controller
User Manual
Figure 167 : SNM P Traps
AP Fai l ure Traps : If y o u en ab le t h is field , t h e SNM P ag en t s en d s a t rap if an A P
fails t o as s o ciat e o r au t h en t icat e wit h t h e co n t ro ller.
AP S tate Chang e Traps : If y o u en ab le t h is field , t h e SNM P ag en t s en d s a t rap fo r
o n e o f t h e fo llo win g reas o n s :
 M an ag ed A P Dis co v ered
 M an ag ed A P Failed
 M an ag ed A P Un kn o wn Pro t o co l Dis co v ered .
 M an ag ed A P Lo ad Balan cin g Ut ilizat io n Exceed ed .
Cl i ent Fai l ure Traps : If y o u en ab le t h is field , t h e S NM P ag en t s en d s a t rap if a
wireles s clien t fails t o as s o ciat e o r au t h en t icat e wit h an A P t h at is man ag ed b y t h e
co n t ro ller.
296
Wireless Controller
User Manual
Cl i ent S tate Chang e Traps : If y o u en ab le t his field , t h e SNM P ag en t s en ds a t rap fo r
o n e o f t h e fo llo win g reas o n s as s o ciat ed wit h t h e wireles s clien t :
 Clien t A s s o ciat io n Det ect ed .
 Clien t Dis as s o ciat io n Det ect ed .
 Clien t Ro am Det ect ed .
Peer Control l er Traps : If y o u en ab le t h is field , t h e SNM P ag en t s ends a t rap fo r o n e
o f t h e fo llo win g reas o n s as s o ciat ed wit h a p eer co n t ro ller.
 Peer Co n t ro ller Dis co v ered
 Peer Co n t ro ller Failed
 Peer Co n t ro ller Un kn o wn Pro t o co l Dis co v ered .
Co n fig u rat io n co mman d receiv ed fro m p eer co n t ro ller. (Th e co n t ro ller n eed n o t b e
Clu s t er Co n t ro ller fo r g en erat in g t h is t rap .
RF S can Traps : If y o u en ab le t h is field , t h e SNM P ag en t s en d s a t rap wh en t h e RF
s can d et ect s a n ew A P, wireles s clien t , o r ad -h o c clien t .
Rog ue AP Traps : If y o u en ab le t h is field , t h e SNM P ag en t s en d s a t rap wh en t h e
co n t ro ller d is covers a ro g u e A P. Th e ag en t als o s en d s a t rap ev ery Ro g u e Det ect e d
Trap In t erv al s eco n d s if an y ro g u e A P co n t in u es t o b e p res en t in t h e n et wo rk.
Wi rel ess S tatus Traps : If y o u en able t h is field , t h e SNM P ag en t s en d s a t rap if t h e
o p erat io nal s t at us o f t h e Un ified W ireles s co nt roller (it n eed n o t b e Clu s t er Co n t roller
fo r t h is t rap ) ch an g es . It s en d s a t rap if t h e Ch an n el A lg o rit h m is co mp let e o r t h e
Po wer A lg o rit h m is co mp let e. It als o s en ds a t rap if an y o f t h e fo llo win g d at ab ases o r
lis t s h as reach ed t h e maximu m n u mb er o f en t ries :
1- M an ag ed A P d at ab as e.
2- A P Neig h b o r Lis t .
3- Clien t Neig h b o r Lis t .
4- A P A u t h en t icat io n Failu re Lis t .
5- RF Scan A P Lis t .
6- Clien t A s s o ciat io n Dat ab as e.
7- A d Ho c Clien t s Lis t .
297
Wireless Controller
User Manual
8- Det ect ed Clien t s Lis t .
12.5 Configuring Time Zone and NTP
Tools > Date and Time
Yo u can co n fig u re y o u r t ime zo n e , wh et h er o r n o t t o ad ju s t fo r Day lig h t Sav in g s
Time, an d wit h wh ich Net wo rk Time Pro t o co l (NTP) s erv er t o s y n ch ro n ize t h e d at e
an d t ime. Yo u can ch o o s e t o s et Dat e an d Time man u ally , wh ich will s t o re t h e
in fo rmat io n o n t h e co n troller real t ime clo ck (RTC). If t h e co n t ro ller h as access t o t he
in t ern et , t h e mo s t accu rat e mech an is m t o s et t h e co n t ro ller t ime is t o en ab le NTP
s erv er co mmu n icat io n .

A ccu rat e d at e an d t ime o n t h e co n t ro ller is crit ical fo r firewall s ch ed u les ,
W i-Fi p o wer s av in g s upp ort t o d is ab le A Ps at certain t imes o f t h e d ay , an d
accu rat e lo g g in g .
Pleas e fo llo w t h e s t ep s b elo w t o co n fig u re t h e NTP s erv er:
1. Select the controller time zone, relative to Greenwich Mean Time (GMT).
2. If supported for your region, click to Enable Daylight Savings.
3. Determine whether to use default or custom Network Time Protocol (NTP) servers. If
custom, enter the server addresses or FQDN.
298
Wireless Controller
User Manual
Figure 168 : Date , Time , and NTP s e rve r s e tup
12.6 Log Configuration
Th is co n t ro ller allo ws y o u t o cap t u re lo g mes s ag es fo r t raffic t h ro u g h t h e firewall,
VPN, an d o v er t h e wireles s A P. A s an ad min is t rat o r y o u can mo n it o r t h e t y p e o f
t raffic t h at g o es t h ro u g h t h e co n t ro ller an d als o b e n o t ified o f p o t en t ial at t acks o r
erro rs wh en t h ey are d et ected b y t h e co n t ro ller. Th e fo llo win g s ect io n s d es crib e t h e
lo g co n fig u rat io n s et t in g s an d t h e way s y o u can acces s t h es e lo g s .
299
Wireless Controller
User Manual
12.6.1 Defining W hat to Log
Tools > Log Settings > Logs Facility
Th e Lo g s Facilit y p ag e allo ws y o u t o d et ermin e t h e g ran u larit y o f lo g s t o receiv e
fro m t h e co n t roller. Th ere are t h ree co re co mp on en ts o f t h e co ntro ller, referred t o as
Facilit ies :
Kernel : Th is refers t o t h e Lin u x kern el. Lo g mes s ag es t h at co rres p o n d t o t h is
facilit y wo u ld co rres p o n d t o t raffic t h ro u g h t h e firewall o r n et wo rk s t ack.
S ys tem: Th is refers t o ap p licatio n an d man ag emen t lev el feat u res av ailab le o n t h is
co n t ro ller, in clu d in g SSL VPN an d ad min is t rat o r ch an g es fo r man ag in g t h e u n it .
Wi rel es s : Th is facilit y co rres p o n d s t o t h e 802.11 d riv er u s ed fo r p ro v id in g A P
fu n ct io n alit y t o y o u r n et wo rk.
Local 1 -UTM: Th is facilit y co rres p onds t o IPS (In t ru s ion Prev en tio n Sy s t em) wh ich
h elp s in d et ect in g malicio u s in t ru s io n at t emp t s fro m t h e Op t io n .
Fo r each facilit y , t h e fo llo win g ev en t s (in o rd er o f s ev erit y ) can b e lo g g ed :
Emerg en cy , A lert , Crit ica l, Erro r, W arn in g , No t ificat io n , In fo rmat io n , Deb u g g in g .
W h en a p art icu lar s ev erit y lev el is s elect ed , all ev en t s wit h s ev erit y eq u al t o an d
g reat er t h an t h e ch osen s ev erit y are cap t u red . Fo r examp le if y o u h av e co n fig u red
CRITICA L lev el lo g g in g fo r t h e W ireles s facilit y , t h en 802.11 lo g s wit h s ev erit ies
CRITICA L, A LERT, an d EM ERGENCY are lo g g ed . Th e s ev erit y lev els av ailab le
fo r lo g g in g are:

EM ERGENC Y: s y s t em is u n u s ab le

A LERT: act io n mu s t b e t aken immed iat ely

CRITICA L: crit ical co n d it io n s

ERROR: erro r co n d it io n s

W A RNING: warn in g co n d it io n s

NOTIFICA TION: n o rmal b u t s ig n ifican t co n d it io n

INFORM A TION: in fo rmat io n al

DEBUGGIN G: d eb u g -lev el mes s ag es
300
Wireless Controller
User Manual
Figure 169 : Facility s e ttings for Logging
Th e d is p lay fo r lo g g in g can b e cu s t omized b as ed o n wh ere t h e lo g s are s en t , eit h er
t h e Ev en t Lo g v iewer in t h e GUI (t h e Ev en t Lo g v iewer is in t h e Status > Logs
p ag e ) o r a remo t e Sy s lo g s erv er fo r lat er rev iew. E-mail lo g s , d is cu s s ed in a
s u b sequ en t s ectio n, fo llo w t h e s ame co n fig u rat io n a s lo g s co n fig u red fo r a Sy s lo g
s erv er.
Tools > Log Settings > Logs Configuration
Th is p ag e allo ws y o u t o d etermin e t h e t y p e o f t raffic t h ro u g h t h e co n t ro ller t h at is
lo g g ed fo r d is p lay in Sy s lo g, E-mailed lo g s , o r t h e Ev en t Viewer. Den ial o f s erv ice
at t acks , g en eral at t ack in fo rmat io n , lo g in at t emp t s , d ro p p ed p acket s , an d s imilar
ev en t s can b e cap t u red fo r rev iew b y t h e IT ad min is t rat o r.
301
Wireless Controller
User Manual
Traffic t h ro u g h each n etwo rk s egmen t (LA N, Op t io n , DM Z) can b e t racked b ased on
wh et h er t h e p acket was accep t ed o r d ro p p ed b y t h e firewall.
A ccep t ed Packet s are t h o s e t h at were s u cces s fu lly t ran s ferred t h ro u g h t h e
co rres p o n d in g n et wo rk s eg men t (i.e. LA N t o Op t io n ). Th is o p t io n is p art icu larly
u s efu l wh en t h e Defau lt Ou t b o u n d Po licy is “Blo ck A lway s ” s o t h e IT ad min can
mo n it o r t raffic t h at is p as s ed t h ro u g h t h e firewall.

Exampl e : If A ccep t Packet s fro m LA N t o Op t io n is en ab led an d t h ere is a
firewall ru le t o allo w SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e
t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e accep t ed an d a
mes s ag e will b e lo g g ed . (A s s u min g t h e lo g o p t io n is s et t o A llo w fo r t h e
SSH firewall ru le.)
Dro p p ed Packet s are p acket s t hat were in t en tio nally b lo cked fro m b ein g t ran s ferred
t h ro u g h t h e co rrespo ndin g n et work s eg men t. Th is o p tio n is u s efu l wh en t h e Defau lt
Ou t b o u n d Po licy is “A llo w A lway s ”.

Exampl e : If Dro p Packet s fro m LA N t o Op t io n is en ab led an d t h ere is a
firewall ru le t o b lo ck SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e
t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e d ro p p ed a n d a
mes s ag e will b e lo g g ed . (M ake s u re t h e lo g o p t io n is s et t o allo w fo r t h is
firewall ru le.)

En ab lin g accep t ed p acket lo g g in g t h ro u g h t h e firewall may g en erat e a
s ig n ifican t v o lu me o f lo g mes s ag es d ep en d in g o n t h e t y p ical n et wo rk
t raffic. Th is is reco mmen d ed fo r d eb u g g in g p u rp o s es o n ly .
In ad d it io n t o n et work s egmen t lo g gin g, u n icast an d mu lt icast t raffic can b e lo g g ed .
Un icas t p acket s h av e a s in g le d es t in at io n o n t h e n et wo rk, wh ereas b ro ad cas t (o r
mu lt icas t ) p acket s are s en t t o all p o s s ib le d es t in at io n s s imu lt an eo u s ly . On e o t h er
u s efu l lo g co n tro l is t o lo g p acket s t h at are d ro p p ed d u e t o co n fig u red b an d wid t h
p ro files o v er a p art icu lar in t erface. Th is d ata will in d icat e t o t h e ad min wh et h er t h e
b an d wid t h p ro file h as t o b e mo d ified t o acco u n t fo r t h e d es ired in t ern et t raffic o f
LA N u s ers .
302
Wireless Controller
User Manual
Figure 170 : Log configuratio n options for traffic through controlle r
12.6.2 Sending Logs to E-mail or Syslog
Tools > Log Settings > Remote Logging
On ce y o u h av e co nfig ured t h e t y p e o f lo g s t h at y o u wan t t h e co n t ro ller t o co llect ,
t h ey can b e s ent t o eit h er a Sy s lo g s erver o r an E-M ail ad d res s. Fo r remo t e lo g ging a
key co n fig u rat io n field is t h e Remo t e Lo g Id en t ifier. Ev ery lo g g ed mes s ag e will
co n t ain t h e co nfig u red p refix o f t h e Remo t e Lo g Id en t if ier, s o t h at s y slog serv ers o r
email ad d res s es t h at receiv e lo g s fro m mo re t h an o n e co n t ro ller can s o rt fo r t h e
relev an t d ev ice‟s lo g s .
303
Wireless Controller
User Manual
On ce y o u en ab le t h e o p t io n t o e -mail lo g s , en t er t h e e -mail s erv er‟s ad d res s (IP
ad d res s o r FQDN) o f t h e SM TP s erv er. T h e co n t ro ller will co n n ect t o t h is s erv er
wh en s en d ing e -mails o u t t o t h e co nfig ured ad dresses. Th e SM T P p o rt an d ret u rn e mail ad d res s es are req u ired field s t o allo w t h e co n t ro ller t o p ackag e t h e lo g s an d
s en d a v alid e -mail t h at is accept ed b y o n e o f t h e co n fig u red “s en d -t o ” ad d res s es .
Up t o t h ree e -mail ad d res s es can b e co n fig u red as lo g recip ien t s .
In o rd er t o es t ablis h a co n n ectio n wit h t h e co nfig ured SM TP p o rt an d s erv er, d efin e
t h e s erv er‟s au t h en t icat io n req u iremen t s . Th e co n t ro ller s u p p o rt s Lo g in Plain (n o
en cry p t ion ) o r CRA M -M D5 (en cry p ted) fo r t h e u s ern ame an d p as s wo rd d at a t o b e
s en t t o t h e SM TP s erv er. A u th en ticat io n can b e d is ab led if t h e s erv er d o es n o t h av e
t h is req u iremen t . In s ome cas es t h e SM TP s erver may s en d o u t IDENT req u es ts, an d
t h is co n t ro ller can h av e t h is res p o n s e o p t io n en ab led as n eed ed .
On ce t h e e -mail s erv er an d recip ient d etails are d efin ed y o u can d etermin e wh en t h e
co n t ro ller s h o u ld s en d o u t lo g s . E-mail lo g s can b e s en t o u t b as ed o n a d efin ed
s ch ed u le b y firs t ch o o s in g t h e u n it (i.e. t h e freq u en cy ) o f s en d in g lo g s : Ho u rly ,
Daily , o r W eekly . Select in g Nev er will d is ab le lo g e -mails b u t will p res erv e t h e e mail s erv er s et t in g s .
304
Wireless Controller
User Manual
Figure 171 : E-mail configurat io n as a Re mote Logging option
A n ext ern al Sy s lo g s erver is o ft en u sed b y n etwo rk ad min is trato r t o collect an d s tore
lo g s fro m t h e co n tro ller. Th is remo t e d evice t y p ically h as les s memo ry co n s t rain t s
t h an t h e lo cal Ev en t Viewer o n t h e co n t ro ller GUI, an d t h u s can co llect a
co n s id erable n u mb er o f lo g s o v er a s u s t ain ed p erio d . Th is is t y p ically v ery u s efu l
fo r d eb u gg in g n etwo rk is su es o r t o mo n it o r co n t ro ller t raffic o v er a lo n g d u rat io n .
Th is co n t roller s u pp orts u p t o 8 co n curren t Sy slo g s erv ers . Each can b e co n fig u red
t o receiv e d ifferen t lo g facilit y mes s ag es o f v ary in g s ev erit y . To en ab le a Sy s lo g
305
Wireless Controller
User Manual
s erv er s elect t h e ch eckb o x n ext t o an emp t y Sy s lo g s erv er field an d as s ig n t h e IP
ad d res s o r FQDN t o t h e Name field . Th e s elect ed facilit y an d s ev erit y lev el
mes s ag es will b e s en t t o t h e co n figu red ( an d en abled) Sy s lo g s erv er o n ce y o u s av e
t h is co n fig u rat io n p ag e‟s s et t in g s .
Figure 172 : Sys log s e rve r configuratio n for Re mote Logging ( continue d)
12.6.3 Ev ent Log Viewer in GUI
Status > Logs > View All Logs
Th e co n t ro ller GUI le t s y o u o b serv e co n figu red lo g mes sages fro m t h e St at u s men u .
W h en ever t raffic t h ro ugh o r t o t he co nt roller mat ch es t h e s ettin gs d et ermin ed in t h e
Tools > Log Settings > Logs Facility o r Tools > Log Settings > Logs
Configuration p ag es , t h e co rres p o n d in g lo g mes s ag e will b e d is p lay ed in t h is
win d o w wit h a t imes t amp .

It is v ery imp o rt an t t o h av e accu rat e s y s t em t ime (man u ally s et o r fro m a
NTP s erv er) in o rd er t o u n d ers t an d lo g mes s ag es .
306
Wireless Controller
User Manual
Status > Logs > VPN Logs

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Th is p ag e d is p lay s IPs ec VPN lo g mes s ag es as d et ermin ed b y t h e co n fig u rat io n
s et t in g s fo r facilit y an d s ev erit y . Th is d at a is u s efu l wh en ev alu at in g IPs ec VPN
t raffic an d t u n n el h ealt h .
Figure 173 : VPN logs dis playe d in GUI e ve nt vie we r
Status > Logs > SSLVPN Logs

Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN /
Firewall feat u res fo r t h e s y s t em.
Th is p ag e d is p lay s SSLVPN lo g mes s ag es as d et ermin ed b y t h e co n fig u rat io n
s et t in g s fo r facilit y an d s ev erit y . Th is d at a is u s efu l wh en ev alu at in g SSL VPN
t raffic an d t u n n el h ealt h .
307
Wireless Controller
User Manual
Figure 174 : SSL VPN logs dis playe d in GUI e ve nt vie we r
12.7 Backing up and Restoring Configuration
Settings
Tools > System
Yo u can b ack u p t h e co n t ro ller cu s t o m co n fig u rat io n s et t in g s t o res t o re t h em t o a
d ifferen t d ev ice o r t h e s ame co n tro ller aft er s ome o t h er ch ang es. Du rin g b acku p, y o u r
s et t in gs are s aved as a file o n y o u r h o st. Yo u can res t ore t he co nt roller s aved s et t in g s
fro m t h is file as well. Th is p ag e will als o allo w y o u rev ert t o facto ry d efau lt s et t in g s
o r execu t e a s o ft reb o o t o f t h e co n t ro ller.

IMPORTANT! Du rin g a res t o re o p erat io n , d o NOT t ry t o g o o n lin e, t u rn
o ff t h e co n tro ller, s h ut d o wn t h e PC, o r d o an y t h in g els e t o t h e co n t ro ller
u n t il t h e o p erat io n is co mp let e. Th is will t ake ap p ro ximat ely 1 min u t e.
On ce t h e LEDs are t u rn ed o ff, wait a few mo re s eco n d s b efo re d o in g
an y t h in g wit h t h e co n t ro ller.
308
Wireless Controller
User Manual
Fo r b ackin g u p co nfig u rat io n o r res t o rin g a p rev io u s ly s av ed co n fig u rat io n , p leas e
fo llo w t h e s t ep s b elo w:
1. To save a copy of your current settings, click the Backup button in the Save Current
Settings option. The browser initiates an export of the configuration file and prompts to
save the file on your host.
2. To restore your saved settings from a backup file, click Browse then locate the file on the
host. After clicking Restore, the controller begins importing the file‟s saved configuration
settings. After the restore, the controller reboots automatically with the restored settings.
3. To erase your current settings and revert to factory default settings, click the Default
button. The controller will then restore configuration settings to factory defaults and will
reboot automatically. (See Appendix B for the factory default parameters for the
controller).
309
Wireless Controller
User Manual
Figure 175 : Re s toring configuratio n from a s ave d file will re s ult in the
curre nt configurat io n be ing ove rwritte n and a re boot
12.8 Upgrading Wirelesss Controller Firmware
Tools > Firmware
Yo u can u p g rad e t o a n ewer s o ft ware v ers io n fro m t h e A d min is t rat io n web p ag e. In
t h e Firmware Up g rad e s ect io n , t o u p g rad e y o u r firmware, click Bro ws e, lo cat e an d
s elect t h e firmware imag e o n y o u r h o s t , an d click Up g rad e. A ft er t h e n ew firmware
imag e is v alid at ed , t h e n ew imag e is writ t en t o flas h , an d t h e co n t ro ller is
au t o mat ically reb o o t ed wit h t h e n ew firmware. Th e Firmware In fo rmat io n an d als o
t h e Status > Device Info > Device Status p ag e will reflect t h e n ew firmware
v ers io n .

IMPORTANT! Du rin g firmware u p g rad e, d o NOT t ry t o g o o n lin e, t u rn off
t h e DW C-1000, s h u t d own t h e PC, o r in t erru p t t h e p ro cess in an y way u n t il
t h e o p erat ion is co mp let e. Th is s h o u ld t ake o n ly a min u t e o r s o in clu d in g
t h e reb o o t p ro cess. In t erru pt ing t he u p grade p ro cess at s p ecific p o in ts wh en
t h e flas h is b ein g writ t en t o may co rru p t t h e flas h memo ry an d ren d er t h e
co n t ro ller u n u s ab le wit h o u t a lo w-lev el p ro ces s o f res t o rin g t h e flas h
firmware (n o t t h ro u g h t h e web GUI).
310
Wireless Controller
User Manual
Figure 176 : Firmware ve rs ion inform atio n and upgrade option
Th is co n t ro ller als o s u p p o rt s an au t o mat ed n o t ificat io n t o d et ermin e if a n ewer
firmware v ers io n is av ailab le fo r t h is co nt roller. By clickin g t h e Ch eck No w b u t t o n in
t h e n o t ificat io n s ect io n , t h e co n t ro ller will ch eck a D-Lin k s erv er t o s ee if a n ewer
firmware v ers io n fo r t h is co ntro ller is av ailab le fo r d o wn lo ad an d u p d at e t h e St at u s
field b elo w.
12.9 Dynamic DNS Setup
Tools > Dynamic DNS
Dy n amic DNS (DDNS) is an In t ern et s erv ice t h at allo ws co n t ro ller wit h v ary in g
p u b lic IP ad d res s es t o b e lo cat ed u s in g In t ern et d o main n ames . To u s e DDNS, y o u
mu s t s et u p an accoun t wit h a DDNS p ro v id er s u ch as Dy n DNS.o rg , D -Lin k DDNS, o r
Oray .n et .
311
Wireless Controller
User Manual
Each co n fig u red Op t io n can h av e a d ifferen t DDNS s erv ice if req u ir ed . On ce
co n fig u red , t h e co n t ro ller will u p d at e DDNS s erv ices ch an g es in t h e Op t io n IP
ad d res s s o t h at feat u res t h at are d ep en d en t o n acces s in g t h e co n t ro ller Op t io n v ia
FQDN will b e d irect ed t o t h e co rrect IP ad d ress. W h en y o u s et u p an acco u n t wit h a
DDNS s erv ice, t h e h ost an d d o main n ame, u s ern ame, p as sword an d wild card s u p p o rt
will b e p ro v id ed b y t h e acco u n t p ro v id er.
312
Wireless Controller
User Manual
Figure 177 : Dynamic DNS configurat ion
12.9.1 Using Diagnostic Tools
Tools > System Check
Th e co n t ro ller h as b u ilt in t o o ls t o allo w an ad min is t rat o r t o ev alu at e t h e
co mmu n icat io n s t at u s an d o v erall n et wo rk h ealt h .
313
Wireless Controller
User Manual
Figure 178 : Controlle r diagnos tics tools available in the GUI
12.9.2 Ping
Th is u t ilit y can b e u s ed t o t es t co n n ect iv it y b et ween t h is co n t ro ller an d an o t h er
d ev ice o n t h e n et wo rk co n n ect ed t o t h is co n t ro ller. En t er an IP ad d res s an d click
PING. Th e co mman d o u t p u t will ap p ear in d icat in g t h e ICM P ech o req u es t s t at u s .
12.9.3 Trace Route
Th is u t ilit y will d is p lay all t h e co n t roller p res en t b e tween t h e d estin atio n IP ad d res s
an d t h is co nt roller. Up t o 30 “h o p s” (in t ermed iate co ntro ller) b et ween t h is co n troller
an d t h e d es t in at io n will b e d is p lay ed .
314
Wireless Controller
User Manual
12.9.4 DNS Lookup
To ret riev e t h e IP ad d ress o f a W eb , FTP, M ail o r an y o t h er s erv er o n t h e In t ern et ,
t y p e t h e In t ern et Name in t h e t ext b o x an d click Lo o ku p . If t h e h o s t o r d o main en t ry
exis t s , y o u will s ee a res p o n s e wit h t h e IP ad d res s . A mes s ag e s t at in g “Un kn o wn
Ho s t ” in d icat es t h at t h e s p ecified In t ern et Name d o es n o t exis t .

Th is feat u re as s u mes t h ere is in t ern et acces s av ailab le o n t h e Op t io n
lin k(s ).
12.9.5 Router Options
Th e s t at ic an d d y n amic ro u t es co n fig u red o n t h is co n t ro ller can b e s h o wn b y
clickin g Dis p lay fo r t h e co rres p o n d in g ro u t in g t ab le. Clickin g t h e Packet Trace
b u t t o n will allo w t h e co n t ro ller t o cap ture an d d is play t raffic t h ro ug h t h e DW C-1000
b et ween t h e LA N an d Op t io n in t erface as well. Th is in fo rmat io n is o ft en v ery u seful
in d eb u g g in g t raffic an d ro u t in g is s u es .
315
Wireless Controller
User Manual
Chapter 13. License Activation
Tools > License
Yo u can act iv at e A P6 an d VPN licen s e s in t h is co n t ro ller b y p ro v id in g v alid
A ct iv at io n Key an d click A ct iv at e key . A ft er act iv at in g licen s e A P6 licen s e y o u
s h o u ld b e ab le t o man ag e 6 mo re A P‟s . VPN licen s e act iv at es t h e VPN licen s e
fu n ct io n alit y o n t h e DW C-1000 d ev ice .

Th e A P firmware v ers io n mu s t as s ame as DW C-1000 W LA N mo d u le
v ers io n
316
Wireless Controller
User Manual
Figure 179 : Ins talling a Lice ns e
Figure 180 : Available Lice ns e s Dis play afte r ins talling a Lice ns e
Th e n ew feat u re s will b e en ab le d aft er s y s t em reb o o t .
317
Wireless Controller
User Manual
Appendix A. Glossary
ARP
Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses.
CHAP
Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP.
DDNS
DHCP
Dynamic DNS. System for updating domain names in real time. Allow s a domain name to be
assigned to a device w ith a dynamic IP address.
Dynamic Host Configuration Protocol. Protocol for allocating IP addresses dynamically so that
addresses can be reused w hen hosts no longer need them.
Domain Name System. Mechanism for translating H.323 IDs, URLs, or e-mail IDs into IP
DNS
addresses. Also used to assist in locating remote gatekeepers and to map IP addresses to
hostnames of administrative domains.
FQDN
Fully qualified domain name. Complete domain name, including the host portion. Example:
serverA.companyA.com.
FTP
File Transfer Protocol. Protocol for transferring files between network nodes.
HTTP
Hypertext Transfer Protocol. Protocol used by w eb browsers and web servers to transfer files.
IKE
Internet Key Exchange. Mode for securely exchanging encryption keys in ISAKMP as part of
building a VPN tunnel.
IP security. Suite of protocols for securing VPN tunnels by authenticating or encrypting IP
IPsec
packets in a data stream. IPsec operates in either transport mode (encrypts payload but not
packet headers) or tunnel mode (encrypts both payload and packet headers).
318
Wireless Controller
ISAKMP
ISP
MAC Address
MTU
User Manual
Internet Key Exchange Security Protocol. Protocol for establishing security associations and
cryptographic keys on the Internet.
Internet service provider.
Media-access-control address. Unique physical-address identifier attached to a netw ork
adapter.
Maximum transmission unit. Size, in bytes, of the largest packet that can be passed on. The
MTU for Ethernet is a 1500-byte packet.
Netw ork Address Translation. Process of rewriting IP addresses as a packet passes through a
NAT
controller or firew all. NAT enables multiple hosts on a LAN to access the Internet using the
single public IP address of the LAN’s gatew ay controller.
NetBIOS
NTP
PAP
PPPoE
PPTP
Microsoft Window s protocol for file sharing, printer sharing, messaging, authentication, and
name resolution.
Netw ork Time Protocol. Protocol for synchronizing a controller to a single clock on the netw ork,
know n as the clock master.
Passw ord Authentication Protocol. Protocol for authenticating users to a remote access server
or ISP.
Point-to-Point Protocol over Ethernet. Protocol for connecting a netw ork of hosts to an ISP
w ithout the ISP having to manage the allocation of IP addresses.
Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data
from remote clients to private servers over the Internet.
319
Wireless Controller
RADIUS
RSA
TCP
UDP
User Manual
Remote Authentication Dial-In User Service. Protocol for remote user authentication and
accounting. Provides centralized management of usernames and passw ords.
Rivest-Shamir-Adleman. Public key encryption algorithm.
Transmission Control Protocol. Protocol for transmitting data over the Internet w ith guaranteed
reliability and in-order delivery.
User Data Protocol. Protocol for transmitting data over the Internet quickly but w ith no
guarantee of reliability or in-order delivery.
Virtual private netw ork. Netw ork that enables IP traffic to travel securely over a public TCP/IP
VPN
netw ork by encrypting all traffic from one netw ork to another. Uses tunneling to encrypt all
information at the IP level.
Window s Internet Name Service. Service for name resolution. Allow s clients on different IP
WINS
subnets to dynamically resolve addresses, register themselves, and browse the network without
sending broadcasts.
320
Appendix B. Factory Default Settings
Fe at u re
Device login
Internet
Connection
De s cription
De f au lt Setting
User login URL
http://192.168.10.1
User name (case sensitive)
admin
Login password (case sensitive)
admin
Option MAC address
Use default address
Option MTU size
1500
Port speed
Autosense
IP address
192.168.10.1
IPv4 subnet mask
255.255.255.0
RIP direction
None
RIP version
Disabled
RIP authentication
Disabled
DHCP server
Enabled
Local area network
(LAN)
Wireless Controller
User Manual
DHCP starting IP address
192.168.10.2
DHCP ending IP address
192.168.10.100
Time zone
GMT
Time zone adjusted for Daylight Saving Time
Disabled
SNMP
Disabled
Remote management
Disabled
Inbound communications from the Internet
Disabled (except traffic on port
80, the HTTP port)
Outbound communications to the Internet
Enabled (all)
Source MAC filtering
Disabled
Stealth mode
Enabled
Firew all
322

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Top types

Top brands

Download Wireless Controller User Manual - D-Link