User Manual Wireless Controller D-Link Corporation Copyright © 2011. http://www.dlink.com
Wireless Controller User Manual 9 Chapter 1. Introduction D-Link Wireless Controller (DWC), DWC-1000, is a full-featured wireless LAN co
Wireless Controller User Manual 99 Figure 62: List of Available Schedules to bind to a firewall rule 5.3 Configuring Firewall Rules Advanced &g
Wireless Controller User Manual 100 Service: ANY means all traffic is affected by this rule. For a specific service the drop dow
Wireless Controller User Manual 101 External IP address: The rule can be bound to a specific WAN interface by selecting either the primary WAN
Wireless Controller User Manual 102 Figure 63: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a p
Wireless Controller User Manual 103 Figure 64: The firewall rule configuration page allows you to define the To/From zone, service, action, schedu
Wireless Controller User Manual 104 Service HTTP Action ALLOW always Send to Local Server (DNAT IP) 192.168.5.2 (web server IP address) Destinatio
Wireless Controller User Manual 105 Web server host in the DMZ, IP address: 192.168.12.222 Access to Web server: (simulated) public IP addre
Wireless Controller User Manual 106 Figure 65: Schedule configuration for the above example. 2. Since we are trying to block HTTP requests, it
Wireless Controller User Manual 107 8. The last step is to enable this firewall rule. Select the rule, and click ―enable‖ below the list to make
Wireless Controller User Manual 108 Figure 67: Available ALG support on the controller. 5.6 VPN Passthrough for Firewall Advanced > Firewall
Wireless Controller User Manual 10 1.2 Typographical Conventions The following is a list of the various terms, followed by an example of how that
Wireless Controller User Manual 109 Figure 68: Passthrough options for VPN tunnels 5.7 Application Rules Advanced > Application Rules > A
Wireless Controller User Manual 110 ports. The controller has a list of common applications and games with corresponding outbound and inbound p
Wireless Controller User Manual 111 Figure 70: Content Filtering used to block access to proxy servers and prevent ActiveX controls from being dow
Wireless Controller User Manual 112 Figure 71: Two trusted domains added to the Approved URLs List 5.8.3 Blocked Keywords Advanced > Website
Wireless Controller User Manual 113 Figure 72: One keyword added to the block list 5.8.4 Export Web Filter Advanced > Website Filter > Exp
Wireless Controller User Manual 114 Figure 73: Export Approved URL list 5.9 IP/MAC Binding Advanced > IP/MAC Binding Another available secur
Wireless Controller User Manual 115 Figure 74: The following example binds a LAN host’s MAC Address t o an IP address served by DWC-1000. If there
Wireless Controller User Manual 116 Figure 75: Protecting the controller and LAN from internet attacks
Wireless Controller User Manual 117 Chapter 6. IPsec / PPTP / L2TP VPN A VPN provides a secure communication channel (―tunnel‖) between
Wireless Controller User Manual 118 Figure 77: Example of three IPsec client connections to the internal network through the DWC IPsec gateway
Chapter 2. Configuring Your Network: It is assumed that the user has a machine for management connected to the LAN to the controller. The LAN co
Wireless Controller User Manual 119 6.1 VPN Wizard Setup > Wizard > VPN Wizard You can use the VPN wizard to quickly create both IKE and VP
Wireless Controller User Manual 120 2. Configure Remote and Local WAN address for the tunnel endpoints Remote Gateway Type: identify the
Wireless Controller User Manual 121 Parameter Default value from Wizard Exchange Mode Aggressive (Client policy ) or Main (Gateway policy) ID T
Wireless Controller User Manual 122 Figure 79: IPsec policy configuration Once the tunnel type and endpoints of the tunnel are defined
Wireless Controller User Manual 123 Figure 80: IPsec policy configuration continued (Auto policy via IKE) A Manual policy does not use IKE a
Wireless Controller User Manual 124 Figure 81: IPsec policy configuration continued (Auto / Manual Phase 2) 6.2.1 Extended Authentication (XA
Wireless Controller User Manual 125 6.3 Configuring VPN clients Remote VPN clients must be configured with the same VPN policy parameters used i
Wireless Controller User Manual 126 Figure 82: PPTP tunnel configuration – PPTP Client Figure 83: PPTP VPN connection status Setup > VPN Set
Wireless Controller User Manual 127 Figure 84: PPTP tunnel configuration – PPTP Server 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2
Wireless Controller User Manual 128 Figure 85: L2TP tunnel configuration – L2TP Server 6.4.3 OpenVPN Support Setup > VPN Settings > OpenVP
Wireless Controller User Manual 12 To configure LAN Connectivity, please follow the steps below: 1. In the LAN Setup page, enter the following i
Wireless Controller User Manual 129 Port: The port number on which openvpn server(or Access Server) runs. Tunnel Protocol: The protocol
Wireless Controller User Manual 130 Figure 86: OpenVPN configuration
Chapter 7. SSL VPN The controller provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from
Wireless Controller User Manual 132 Figure 87: Example of clientless SSL VPN connections to the DWC-1000
Wireless Controller User Manual 133 7.1 Groups and Users Advanced > Users > Groups The group page allows creating, editing and dele
Wireless Controller User Manual 134 Guest User (read-only): The guest user gains read only access to the GUI to observe and review
Wireless Controller User Manual 135 Active Directory Domain: If the domain uses the Active Directory authentication, the Active Dir
Wireless Controller User Manual 136 Disable Login: Enable to prevent the users of this group from logging into the devices management interface
Wireless Controller User Manual 137 Figure 92: Browser policies options Policy by IP To set policies bye IP for the group, select the co
Wireless Controller User Manual 138 Figure 93: IP policies options Login Policies, Policy by Browsers, Policy by IP are applicable SS
Wireless Controller User Manual 13 Domain Name: Enter domain name WINS Server (optional): Enter the IP address for the WINS server
Wireless Controller User Manual 139 Figure 94: Available Users with login status and associated Group 7.1.1 Users and Passwords Advanced > Us
Wireless Controller User Manual 140 Figure 95: User configuration options 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server
Wireless Controller User Manual 141 Figure 96: List of SSL VPN polices (Global filter) To add a SSL VPN policy, you must first assign it to a us
Wireless Controller User Manual 142 Figure 97: SSL VPN policy configuration To configure a policy for a single user or group of users,
Wireless Controller User Manual 143 the starting and ending port range blank corresponds to all UDP and TCP traffic. Service: This
Wireless Controller User Manual 144 Figure 98: List of configured resources, which are available to assign to SSL VPN policies 7.3 Application
Wireless Controller User Manual 145 VNC (virtual network computing) 5900 or 5800 As a convenience for remote users, the hostname (FQDN) of the
Wireless Controller User Manual 146 Figure 99: List of Available Applications for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup &g
Wireless Controller User Manual 147 Figure 100: SSL VPN client adapter and access configuration The controller allows full tunnel and split tunne
Wireless Controller User Manual 148 Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is assig
Wireless Controller User Manual 14 2.1.1 LAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config In IPv6 mode,
Wireless Controller User Manual 149 The controller administrator creates and edits portal layouts from the configuration pages in the SS
Wireless Controller User Manual 150 Figure 102: SSL VPN Portal configuration
Wireless Controller User Manual 151 Chapter 8. Advanced Configuration Tools 8.1 USB Device Setup Setup > USB Settings > USB Status The DW
Wireless Controller User Manual 152 Figure 103: USB Device Detection 8.2 Authentication Certificates Advanced > Certificates This gateway
Wireless Controller User Manual 153 A self certificate is a certificate issued by a CA identifying your device (or self-signed if y
Wireless Controller User Manual 154 Figure 104: Certificate summary for IPsec and HTTPS management 8.3 WIDS Security 8.3.1 WIDS AP configrati
Wireless Controller User Manual 155 Managed SSID from an unknown AP: This test checks whether an unknown AP is using the managed network SSID. A h
Wireless Controller User Manual 156 AP is operating on an illegal channel: The purpose of this test is to detect hackers or incorrectly configured
Wireless Controller User Manual 157 AP De-Authentication Attack: Enable or disable the AP de-authentication attack. The wireless controller can p
Wireless Controller User Manual 158 In order to help determine whether a client is posing a threat to the network by flooding t
Wireless Controller User Manual 15 Figure 2: IPv6 LAN and DHCPv6 configuration If you change the IP address and click Save Settings,
Wireless Controller User Manual 159 Rogue Detected Trap Interval: Specify the interval, in seconds, between transmissions of the SNMP tra
Wireless Controller User Manual 160 Figure 106: WIDS Client Configuration
Wireless Controller User Manual 161 Chapter 9. Administration & Management 9.1 Remote Management Both HTTPS and telnet access can be
Wireless Controller User Manual 162 9.3 SNMP Configuration Tools > Admin > SNMP SNMP is an additional management tool that is useful w
Wireless Controller User Manual 163 Figure 109: SNMP system information for this controller 9.4 Configuring Time Zone and NTP Tools > Date a
Wireless Controller User Manual 164 Figure 110: Date, Time, and NTP server setup 9.5 Log Configuration This controller allows you to captu
Wireless Controller User Manual 165 9.5.1 Defining What to Log Tools > Log Settings > Logs Facility The Logs Facility page allows you
Wireless Controller User Manual 166 Figure 111: Facility settings for Logging The display for logging can be customized based on where the logs
Wireless Controller User Manual 167 Example: If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SS
Wireless Controller User Manual 168 Figure 112: Log configuration options for traffic through controller 9.5.2 Sending Logs to E-mail or Syslog
Wireless Controller User Manual 16 The following settings are used to configure the DHCPv6 server: DHCP Mode: The IPv6 DHCP server is either st
Wireless Controller User Manual 169 send a valid e-mail that is accepted by one of the configured ―send -to‖ addresses. Up to three e
Wireless Controller User Manual 170 Figure 113: E-mail configuration as a Remote Logging option An external Syslog server is often used by netwo
Wireless Controller User Manual 171 Figure 114: Syslog server configuration for Remote Logging (continued) 9.5.3 Event Log Viewer in GUI Statu
Wireless Controller User Manual 172 Figure 115: VPN logs displayed in GUI event viewer 9.6 Backing up and Restoring Configuration Settings Tool
Wireless Controller User Manual 173 9. To restore your saved settings from a backup file, click Browse then locate the file on the host. After cl
Wireless Controller User Manual 174 IMPORTANT! During firmware upgrade, do NOT try to go online, turn off the DWC-1000, shut down
Wireless Controller User Manual 175 directed to the correct IP address. When you set up an account with a DDNS service, the host and domain name,
Wireless Controller User Manual 176 Figure 119: Controller diagnostics tools available in the GUI 9.9.1 Ping This utility can be used to
Wireless Controller User Manual 177 9.9.4 Router Options The static and dynamic routes configured on this controller can be shown by
Wireless Controller User Manual 178 Appendix A. Glossary ARP Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addr
Wireless Controller User Manual 17 2.1.2 Configuring IPv6 Router Advertisements Router Advertisements are analogous to IPv4 DHCP assignments for
Wireless Controller User Manual 179 PPPoE Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP without the
Appendix B. Factory Default Settings Feature Description Default Setting Device login User login URL http://192.168.10.1 User name (case sensitive)
Wireless Controller User Manual 18 Figure 3: Configuring the Router Advertisement Daemon Advertisement Prefixes Advanced > IPv6 > IPv6 LAN
Wireless Controller User Manual 1 User Manual DWC-1000 Wireless Controller Version 1.3 Copyright © 2011 Copyright Notice This publication,
Wireless Controller User Manual 19 IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6
Wireless Controller User Manual 20 will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that h
Wireless Controller User Manual 21 to the switch port on the controller will be tagged. Data passing through the phone from a connected device wil
Wireless Controller User Manual 22 Figure 7: Configuring VLAN membership for a port 2.3 Configurable Port: DMZ Setup This controller supports
Wireless Controller User Manual 23 Figure 8: DMZ configuration In order to configure a DMZ port, the controller configurable port mu
Wireless Controller User Manual 24 Advertisement Period: This is the frequency that the controller broadcasts UPnP information over
Wireless Controller User Manual 25 2.5 Captive Portal LAN users can gain internet access via web portal authentication with the DWC.
Wireless Controller User Manual 26 Disabling the WLAN controller does not affect non-WLAN features on the controller, such as VLAN or ST
Wireless Controller User Manual 27 installed and enabled, this is the IP address of the routing or loopback interface you configure for the contro
Wireless Controller User Manual 28 2.6.1 Wireless Discovery configuration The wireless controller can discover, validate, authenticate, or
Wireless Controller User Manual 2 Table of Contents Chapter 1. Introduction ...
Wireless Controller User Manual 29 Figure 12: Configuring the Wireless Discovery L2/VLAN Discovery: The D-Link Wireless Device Discovery
Wireless Controller User Manual 30 Wireless Discovery status Status > Global Info > IP Discovery The IP Discovery list can contain the
Wireless Controller User Manual 31 2.6.2 AP Profile Global Configuration Advanced > AP Profile Access Point Profile Summary page, you
Wireless Controller User Manual 32 Wired Network Discovery VLAN ID: Enter the VLAN ID that the controller uses to send tracer packets in
Wireless Controller User Manual 33 Figure 15: AP Profile List For each AP profile, you can configure the following features: • Profile settings
Wireless Controller User Manual 34 During this process the APs reset, and all wireless clients are disassociated from the AP. • Configured: The
Wireless Controller User Manual 35 Chapter 3. Connecting to the Internet: WAN Setup This contoller has two WAN ports that can be used t
Wireless Controller User Manual 36 button, which confirms the settings by establishing a link with the ISP. Once connected, you can mo
Wireless Controller User Manual 37 Server IP Address: Enter the IP address of the PPTP or L2TP server. 3.2.1 WAN Port IP address Your ISP as
Wireless Controller User Manual 38 Figure 17: Manual Option1 configuration 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings
Wireless Controller User Manual 3 4.4 Access Point status ...
Wireless Controller User Manual 39 Figure 18: PPPoE configuration for standard ISPs Most PPPoE ISP‘s use a single control and data connection,
Wireless Controller User Manual 40 Figure 19: Option1 configuration for Japanese Multiple PPPoE (part 1) There are a few key elements of a multi
Wireless Controller User Manual 41 When Japanese multiple PPPoE is configured and secondary connection is up, some predefined routes are added on
Wireless Controller User Manual 42 Figure 21: Russia L2TP ISP configuration 3.2.6 WAN Configuration in an IPv6 Network Advanced > IPv6 >
Wireless Controller User Manual 43 When the ISP allows you to obtain the WAN IP settings via DHCP, you need to provide details fo
Wireless Controller User Manual 44 When IPv6 is PPPoE type, the following PPPoE fields are enabled. Username: Enter the username required to l
Wireless Controller User Manual 45 Figure 23: Connection Status information of Option1 The WAN status page allows you to Enable or Disable stati
Wireless Controller User Manual 46 Setup > Internet Settings > Option Mode To use Auto Failover or Load Balancing, WAN link failure
Wireless Controller User Manual 47 and let low-volume background traffic (such as SMTP) go over the lower speed link. Protocol binding is explaine
Wireless Controller User Manual 48 Figure 24: Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been d
Wireless Controller User Manual 4 8.3.1 WIDS AP configration ...
Wireless Controller User Manual 49 applicable when load balancing mode is enabled and more than one WAN is configured. Figure 25: Pro
Wireless Controller User Manual 50 NAT is a technique which allows several computers on a LAN to share an Internet connection. T
Wireless Controller User Manual 51 Figure 26: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (R
Wireless Controller User Manual 52 3.4.2 Dynamic Routing (RIP) Setup > Internet Settings > Routing Mode Dynamic routing using the Routi
Wireless Controller User Manual 53 3.4.3 Static Routing Advanced > Routing > Static Routing Advanced > IPv6 > IPv6 Static Routing Man
Wireless Controller User Manual 54 Figure 27: Static route configuration fields 3.5 WAN Port Settings Advanced > Advanced Network > Option
Wireless Controller User Manual 55 Figure 28: Physical WAN port settings
Wireless Controller User Manual 56 Chapter 4. Monitoring Status and Statistics 4.1 System Overview The Status page allows you to get a d
Wireless Controller User Manual 57 Figure 29: Device Status display
Wireless Controller User Manual 58 Figure 30: Device Status display (continued) 4.1.2 Resource Utilization Status > Device Info > Dashboar
Wireless Controller User Manual 5 List of Figures Figure 1: Setup page for LAN TCP/IP settings ...
Wireless Controller User Manual 59 Figure 31: Resource Utilization statistics Figure 32: Resource Utilization data (continued)
Wireless Controller User Manual 60 4.2 Traffic Statistics 4.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detail
Wireless Controller User Manual 61 The statistics table has auto-refresh control which allows display of the most current port level data at e
Wireless Controller User Manual 62 Figure 34: List of current Active Firewall Sessions
Wireless Controller User Manual 63 4.3.2 LAN Clients Status > LAN Client Info >LAN Clients The LAN clients to the controller are identi
Wireless Controller User Manual 64 Figure 36: List of current Active VPN Sessions All active SSL VPN connections, both for VPN tunnel and VP N P
Wireless Controller User Manual 65 To configure an Authentication Failed AP to be managed by the controller the next time it is discovered, selec
Wireless Controller User Manual 66 • Rogue—The AP has not attempted to contact the controller and the MAC address of the AP is not in the Valid A
Wireless Controller User Manual 67 Figure 38: Managed AP status MAC Address: The Ethernet address of the controller-managed AP. IP Address: Th
Wireless Controller User Manual 68 • View AP details — Shows detailed status information collected from the AP. • View Radio details — Shows detai
Wireless Controller User Manual 6 Figure 33: Physical port statistics ...
Wireless Controller User Manual 69 Figure 39: AP RF Scan Status 4.5 Global Status Peer Controller Status Status > Global Info > Peer Contr
Wireless Controller User Manual 70 Software Version: The software version for the given peer controller. Protocol Version: Indicates the protocol
Wireless Controller User Manual 71 Peer IP Address: Shows the IP address of each peer wireless controller in the cluster that receive
Wireless Controller User Manual 72 Peer Controller IP: Shows the IP address of the peer controller that manages the AP. This field display
Wireless Controller User Manual 73 • Saving Configuration, • Applying AP Profile Configuration • Success • Failure - Invalid Code Version • Failur
Wireless Controller User Manual 74 Figure 43: Configuration Receive Status
Wireless Controller User Manual 75 4.6 Wireless Client Status Assocaited Client Status Status > Wireless Client Info> Associated Clients &g
Wireless Controller User Manual 76 • View SSID Details— Lists the SSIDs of the networks that each wireless client associated with a ma
Wireless Controller User Manual 77 Assocaited Client VAP Status Status > Wireless Client Info> Associated Clients > VAP Status Each AP
Wireless Controller User Manual 78 Controller Assocaited Client Status Status > Wireless Client Info> Associated Clients > Controller St
Wireless Controller User Manual 7 Figure 67: Available ALG support on the controller. ...
Wireless Controller User Manual 79 Client Name: Shows the name of the client, if available, from the Known Client Database. If client
Wireless Controller User Manual 80 • Acknowledge All Rogues — Clear the rogue status of all clients listed as rogues in the Detected Client dat
Wireless Controller User Manual 81 Figure 49: Pre-Auth History This page includes the following button: • Refresh—Updates the page with the late
Wireless Controller User Manual 82 Figure 50: Detected Client Roam History This page includes the following button: • Refresh—Updates the page w
Wireless Controller User Manual 83 4.7 AP Management Valid Access Point Configuration Setup > AP Management > Valid AP MAC Address This fi
Wireless Controller User Manual 84 This page has the following buttons: • Edit - To edit AP details in Valid AP page. • Delete - To delete a valid
Wireless Controller User Manual 85 Location: To help you identify the AP, you can enter a location. This field accepts up to 32 alphanumeric char
Wireless Controller User Manual 86 The controller contains a channel plan algorithm that automatically determines which RF channels ea
Wireless Controller User Manual 87 Figure 53: RF configuration Channel Plan History Depth: The channel plan history lists the channels
Wireless Controller User Manual 88 not be adjusted below the value in the AP profile. The settings in the local database and RADIUS
Wireless Controller User Manual 8 Figure 99: List of Available Applications for SSL Port Forwarding ...
Wireless Controller User Manual 89 previous iterations cannot be assigned new channels in the next iteration to prevent the same APs fr
Wireless Controller User Manual 90 • Algorithm Complete: The channel plan algorithm has finished running. A table displays to indicate proposed
Wireless Controller User Manual 91 RF Management (Manual Power Adjustment Plan) Setup > AP Management > RF Management > Manual Power
Wireless Controller User Manual 92 Figure 56: Manual Power Adjustment Plan Access Point Software Download Setup > AP Management > Softwar
Wireless Controller User Manual 93 To download all images, make sure you specify the file path and file name for both images in the appropriate
Wireless Controller User Manual 94 The first byte of the OUI must have the least significant bit set to 0. For example 02:FF:FF i
Wireless Controller User Manual 95 4.8 Associated Client Status/Statistics Managed AP Statistics Status > Traffic Monitor > Managed AP St
Wireless Controller User Manual 96 • View VAP details — Shows summary information about the virtual access points (VAPs) for the se
Wireless Controller User Manual 97 Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your
Wireless Controller User Manual 98 may use the IP address if a static address is assigned to the WAN port, or if your WAN address
Comments to this Manuals