Home » D-Link Manuals » Hubs & Switches » D-Link DWC-1000 » Manual Viewer

D-Link DWC-1000 DWC-1000 User's Guide - Page 97

VPN Settings, Checked = enable Mode Config. If you enable Mode Config, con the Mode Config

Add to My Manuals
Save this manual to your list of manuals

Page 97 highlights

VPN Settings Field Description IKE Version IPsec Mode Select Local Gateway Select the IKE version to be used. Choices are: • IKEv1 • IKEv2 Select the IPsec mode. Choices are: • Tunnel Mode = most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. • Transport Mode = used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host - for example, an encrypted Telnet session from a workstation to a router, in which the wireless controller is the actual destination. If two Option ports are configured to connect to an ISP, select the gateway that will be used as the local endpoint for this IPsec tunnel. Remote Endpoint Enable Mode Config Enable NetBIOS Enable RollOver Protocol Select the type of identifier that you want to provide for the gateway at the remote endpoint. Choices are: • IP Address • FQDN Enables or disables the Mode Config feature. Mode Config is similar to DHCP and is used to assign IP addresses to remote VPN clients, like iPhone VPN Client. Choices are: • Checked = enable Mode Config. If you enable Mode Config, configure the Mode Config settings (see "Mode Config Settings" on page 109). • Unchecked = disable Mode Config. Determined whether NetBIOS broadcasts travel over the VPN tunnel. For client policies, the NetBIOS feature is available by default. Choices are: • Checked = allows NetBIOS broadcasts to travel over the VPN tunnel • Unchecked = disables NetBIOS broadcasts over the VPN tunnel. Determines whether the VPN will roll over when Option Mode is set to Auto Rollover on the Option Mode page. Choices are: • Checked = allows the VPN to roll over when Option Mode is set to Auto Rollover on the Option Mode page. • Unchecked = disables VPN rollover. Enable DHCP Determines whether VPN clients obtain an assigned IP address using DHCP when they connect to the wireless controller over IPsec. Choices are: • Checked = VPN clients get an IP address. • Unchecked = VPN clients do not get an IP address. Tunnel mode IPsec policies require local and remote traffic settings to be defined. For both local and remote endpoints configure the following settings. 97 DWC-1000 Wireless Controller User's Guide

Section	Page
Front Page	1
Contents	2
Preface	7
Audience	7
Document Revision Level	8
Changes in this Revision	8
Related Documents	8
Document Conventions	9
Safety and Warnings	9
Typographic Conventions	9
1. Product Overview	10
Features and Benefits	11
Scalable architecture with stacking and redundancy	11
Centralized management and configuration	11
Security	11
2. Unpacking and Installation	12
Unpacking	13
Package Contents	13
Required Tools and Information	13
Selecting a Location	14
Front Panel Ports and LEDs	15
Rear Panel	17
Using the Reset Button	17
Bottom Panel (Default IP Address)	18
Licenses	18
Installing the Wireless Controller	18
Rack-Mounting the Wireless Controller	18
Connecting the Wireless Controller	19
Sample Applications	21
Connecting to a Secured Network	21
Authenticating to an Authentication Server	22
Logging In to a Captive Portal	24
Where to Go from Here	25
3. Basic Configuration	26
Logging In to the Web Management Interface	27
Web Management Interface Layout	30
Basic Configuration Procedures	31
Basic Configuration Step #1. Enable DHCP Server (Optional)	32
Basic Configuration Step #2. Select the Access Points to be Managed	33
Basic Configuration Step #3. Change the SSID Name and Set Up Security	35
Basic Configuration Step #4. Confirm Access Point Profile is Associated	39
Basic Configuration Step #5. Configure Captive Portal Settings	40
1. Create a captive portal group	40
2. Add captive portal users	41
3. Associate the captive portal group to an interface	44
4. Customize the captive portal login page	45
Basic Configuration Step #6. Use SSID with RADIUS	48
Where to Go from Here	48
4. Advanced Configuration Settings	49
QoS Configuration	50
Enabling QoS Mode	50
Defining DSCP and CoS Settings	52
Configuring DSCP Priorities	52
Configuring CoS Priorities	53
VLANs	56
Enabling VLANs	56
Creating VLANs	57
Editing VLANs	59
Deleting VLANs	61
Port VLANs	62
MultiVLAN Subnets	63
DMZ Settings	66
Configuring a Port to Operate as a DMZ	66
Configuring DMZ Settings	67
Static Routing	69
Adding a Static Route	69
Editing Static Routes	71
Deleting Static Routes	72
Auto-Failover Settings	73
Load Balancing Settings	75
Additional Advanced Configuration Settings	77
5. Securing Your Network	79
Managing Clients	80
Viewing Known Clients and Adding Clients	80
Editing Clients	83
Deleting Clients	84
Content Filtering	85
Enabling Content Filtering	85
Specifying Approved URLs	86
Specifying Blocked Keywords	88
Exporting Web Filters	89
Additional Security Settings	91
6. VPN Settings	92
Configuring VPN Clients	93
Configuring IPsec Policies	95
Adding IPsec Policies	95
Example of a Manual Policy	103
Editing IPsec Policies	104
Enabling IPsec Policies	105
Disabling IPsec Policies	106
Exporting IPsec Policies	107
Deleting IPsec Policies	108
Mode Config Settings	109
DHCP Range	112
PPTP/LT2P Tunnels	113
PPTP Tunnel Support	113
Configuring PPTP Clients	113
Configuring PPTP Servers	114
L2TP Tunnel Support	118
OpenVPN Support	121
Additional VPN Settings	123
7. Viewing Status and Statistics	124
Viewing CPU and Memory Utilization	126
Viewing System Status	128
Viewing Managed Access Point Information	130
Viewing Cluster Information	132
Viewing Hardware and Usage Statistics	134
Wired Port Statistics	136
Managed Access Points and Associated Clients Statistics	137
LAN-Associated Clients	139
WLAN-Associated Clients	141
Sessions through the Wireless Controller	142
Associated Clients	143
LAN Clients	145
Detected Clients	146
Access Point Status	148
Access Point Summary	150
Managed Access Point	152
Authentication Failure Status	154
AP RF Scan Status	156
Global Status	158
Peer Controller Status	161
Peer Controller Configuration Status	163
Peer Controller Managed AP Status	164
IP Discovery	166
Configuration Receive Status	168
AP Hardware Capability	170
Client Status	171
Associated Client Status	173
Associated Client SSID Status	175
Associated Client VAP Status	177
Controller Associated Client Status	179
Detected Client Status	181
Pre-Authorization History	183
Detected Client Roam History	184
8. Maintenance	185
Group Management	186
Adding User Groups	186
Editing User Groups	189
Deleting User Groups	189
Configuring Login Policies	190
Configuring Browser Policies	191
Configuring IP Policies	193
User Management	196
Adding Users Manually	196
Importing Users	198
Editing Users	199
Deleting Users	200
Backing Up Configuration Settings	201
Restoring Configuration Settings	202
Restoring Factory Default Settings	203
Rebooting the Wireless Controller	204
Upgrading Firmware	205
Access Point Firmware Upgrade	205
Wireless Controller Firmware Upgrade	206
Activating Licenses	208
Using the Command Line Interface	210
9. Troubleshooting	211
LED Troubleshooting	212
Power LED is OFF	212
LAN Port LEDs Not ON	212
Troubleshooting the Web Management Interface	213
Using the Reset Button to Restore Default Settings	213
Problems with Date and Time	214
Discovery Problems with Access Points	214
Connection Problems	214
Network Performance and Rogue Access Point Detection	215
Using Diagnostic Tools on the Wireless Controller	215
Pinging an IP Address	215
Using Traceroute	216
Performing DNS Lookups	217
Capturing Log Packets	218
Checking Log Settings	219
Defining What to Log	219
Tracking Traffic	221
Accepted Packets Example	222
Dropped Packets Example	222
Remote Logging	223
Wireless Controller Event Log	226
IPsec VPN Log Messages	227
(USA and Canada Only)	235
Appendix D. Limited Lifetime Warranty	235

Match case Limit results 1 per page

VPN Settings

DWC-1000 Wireless Controller User’s Guide

Field

Description

IKE Version

Select the IKE version to be used. Choices are:

•

IKEv1

•

IKEv2

IPsec Mode

Select the IPsec mode. Choices are:

•

Tunnel Mode = most commonly used between gateways, or at an end-station to a gateway,

the gateway acting as a proxy for the hosts behind it.

•

Transport Mode = used between end-stations or between an end-station and a gateway, if the

gateway is being treated as a host — for example, an encrypted Telnet session from a

workstation to a router, in which the wireless controller is the actual destination.

Select Local Gateway

If two Option ports are configured to connect to an ISP, select the gateway that will be used as

the local endpoint for this IPsec tunnel.

Remote Endpoint

Select the type of identifier that you want to provide for the gateway at the remote endpoint.

Choices are:

•

IP Address

•

FQDN

Enable Mode Config

Enables or disables the Mode Config feature. Mode Config is similar to DHCP and is used to

assign IP addresses to remote VPN clients, like iPhone VPN Client. Choices are:

•

Checked = enable Mode Config. If you enable Mode Config, configure the Mode Config

settings (see “Mode Config Settings” on page 109).

•

Unchecked = disable Mode Config.

Enable NetBIOS

Determined whether NetBIOS broadcasts travel over the VPN tunnel. For client policies, the

NetBIOS feature is available by default. Choices are:

•

Checked = allows NetBIOS broadcasts to travel over the VPN tunnel

•

Unchecked = disables NetBIOS broadcasts over the VPN tunnel.

Enable RollOver

Determines whether the VPN will roll over when Option Mode is set to Auto Rollover on the

Option Mode page. Choices are:

•

Checked = allows the VPN to roll over when Option Mode is set to Auto Rollover on the Option

Mode page.

•

Unchecked = disables VPN rollover.

Protocol

Enable DHCP

Determines whether VPN clients obtain an assigned IP address using DHCP when they connect

to the wireless controller over IPsec. Choices are:

•

Checked = VPN clients get an IP address.

•

Unchecked = VPN clients do not get an IP address.

Tunnel mode IPsec policies require local and remote traffic settings to be defined. For both local and remote endpoints configure the

following settings.