Home » D-Link Manuals » Hubs & Switches » D-Link DWC-1000 » Manual Viewer

D-Link DWC-1000 DWC-1000 User's Guide - Page 99

DWC-1000 Wireless Controller User's Guide, NAT Keep Alive Frequency

Add to My Manuals
Save this manual to your list of manuals

Page 99 highlights

Field NAT Keep Alive Frequency Local Identifier Type Local Identifier Remote Identifier Type Remote Identifier Encryption Algorithm Authentication Algorithm VPN Settings Description If NAT Traversal = On, use this option to control the keep-alive-frequency value. Keep-alive packets are sent at the specified time interval and are used to keep the NAT mappings alive on the NAT device. Setting this value to 0 disables this feature. Select the ISAKMP identifier for this router. Choices are: • Local WAN IP • FQDN • User-FQDN • DER ASN1 DN Enter the appropriate value for the local identifier. If the Local or Remote Identifier is not an IP address, negotiation is only possible in aggressive mode. If FQDN, User FQDN or DER ASN1 DN is selected, the wireless controller disables main mode and sets the default setting to aggressive mode. Select the ISAKMP identifier for this router. Choices are: • Remote WAN IP • FQDN • User-FQDN • DER ASN1 DN Enter the appropriate value for the remote identifier. If the Local or Remote Identifier is not an IP address, negotiation is only possible in aggressive mode. If FQDN, User FQDN or DER ASN1 DN is selected, the wireless controller disables main mode and sets the default setting to aggressive mode. Check the algorithm used to negotiate the SA. Choices are: • DES = faster than 3DES, but less secure. • 3DES = triple DES. More secure method than DES, but with lower throughput. • Advanced Encryption Standard is a block cipher that can be used at 128, 192, or 256 bits. The higher the bit rate, the stronger the encryption but the trade-off is lower throughput. It is more secure than DES or 3DES. The following AES choices are supported: − AES-128 − AES-192 − AES-256 • BLOWFISH = a symmetric encryption algorithm that uses the same secret key to both encrypt and decrypt messages. Blowfish is also a block cipher that divides a message into fixed length blocks during encryption and decryption. Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits, and uses 16 rounds of main algorithm. • CAST128 = a 128-bit block cipher. CAST is a strong, military-grade encryption algorithm that has a solid reputation for its ability to withstand unauthorized access. Specify the authentication algorithm for the VPN header. Ensure that the same authentication algorithm is configured on both sides of the tunnel. Choices are: • MD5 = Message-Digest algorithm 5 (MD5). MD5 is less secure than SHA, but faster. • SHA-1 = Secure Hash Algorithm (SHA-1) hash function. SHA-1 uses a 160-bit encryption key and is stronger than MD5. • SHA2-256 = SHA-256 hash function that uses 32-bit words. • SHA2-384 = SHA-384 hash function. • SHA2-512 = SHA-512 hash function that uses 64-bit words. 99 DWC-1000 Wireless Controller User's Guide

Section	Page
Front Page	1
Contents	2
Preface	7
Audience	7
Document Revision Level	8
Changes in this Revision	8
Related Documents	8
Document Conventions	9
Safety and Warnings	9
Typographic Conventions	9
1. Product Overview	10
Features and Benefits	11
Scalable architecture with stacking and redundancy	11
Centralized management and configuration	11
Security	11
2. Unpacking and Installation	12
Unpacking	13
Package Contents	13
Required Tools and Information	13
Selecting a Location	14
Front Panel Ports and LEDs	15
Rear Panel	17
Using the Reset Button	17
Bottom Panel (Default IP Address)	18
Licenses	18
Installing the Wireless Controller	18
Rack-Mounting the Wireless Controller	18
Connecting the Wireless Controller	19
Sample Applications	21
Connecting to a Secured Network	21
Authenticating to an Authentication Server	22
Logging In to a Captive Portal	24
Where to Go from Here	25
3. Basic Configuration	26
Logging In to the Web Management Interface	27
Web Management Interface Layout	30
Basic Configuration Procedures	31
Basic Configuration Step #1. Enable DHCP Server (Optional)	32
Basic Configuration Step #2. Select the Access Points to be Managed	33
Basic Configuration Step #3. Change the SSID Name and Set Up Security	35
Basic Configuration Step #4. Confirm Access Point Profile is Associated	39
Basic Configuration Step #5. Configure Captive Portal Settings	40
1. Create a captive portal group	40
2. Add captive portal users	41
3. Associate the captive portal group to an interface	44
4. Customize the captive portal login page	45
Basic Configuration Step #6. Use SSID with RADIUS	48
Where to Go from Here	48
4. Advanced Configuration Settings	49
QoS Configuration	50
Enabling QoS Mode	50
Defining DSCP and CoS Settings	52
Configuring DSCP Priorities	52
Configuring CoS Priorities	53
VLANs	56
Enabling VLANs	56
Creating VLANs	57
Editing VLANs	59
Deleting VLANs	61
Port VLANs	62
MultiVLAN Subnets	63
DMZ Settings	66
Configuring a Port to Operate as a DMZ	66
Configuring DMZ Settings	67
Static Routing	69
Adding a Static Route	69
Editing Static Routes	71
Deleting Static Routes	72
Auto-Failover Settings	73
Load Balancing Settings	75
Additional Advanced Configuration Settings	77
5. Securing Your Network	79
Managing Clients	80
Viewing Known Clients and Adding Clients	80
Editing Clients	83
Deleting Clients	84
Content Filtering	85
Enabling Content Filtering	85
Specifying Approved URLs	86
Specifying Blocked Keywords	88
Exporting Web Filters	89
Additional Security Settings	91
6. VPN Settings	92
Configuring VPN Clients	93
Configuring IPsec Policies	95
Adding IPsec Policies	95
Example of a Manual Policy	103
Editing IPsec Policies	104
Enabling IPsec Policies	105
Disabling IPsec Policies	106
Exporting IPsec Policies	107
Deleting IPsec Policies	108
Mode Config Settings	109
DHCP Range	112
PPTP/LT2P Tunnels	113
PPTP Tunnel Support	113
Configuring PPTP Clients	113
Configuring PPTP Servers	114
L2TP Tunnel Support	118
OpenVPN Support	121
Additional VPN Settings	123
7. Viewing Status and Statistics	124
Viewing CPU and Memory Utilization	126
Viewing System Status	128
Viewing Managed Access Point Information	130
Viewing Cluster Information	132
Viewing Hardware and Usage Statistics	134
Wired Port Statistics	136
Managed Access Points and Associated Clients Statistics	137
LAN-Associated Clients	139
WLAN-Associated Clients	141
Sessions through the Wireless Controller	142
Associated Clients	143
LAN Clients	145
Detected Clients	146
Access Point Status	148
Access Point Summary	150
Managed Access Point	152
Authentication Failure Status	154
AP RF Scan Status	156
Global Status	158
Peer Controller Status	161
Peer Controller Configuration Status	163
Peer Controller Managed AP Status	164
IP Discovery	166
Configuration Receive Status	168
AP Hardware Capability	170
Client Status	171
Associated Client Status	173
Associated Client SSID Status	175
Associated Client VAP Status	177
Controller Associated Client Status	179
Detected Client Status	181
Pre-Authorization History	183
Detected Client Roam History	184
8. Maintenance	185
Group Management	186
Adding User Groups	186
Editing User Groups	189
Deleting User Groups	189
Configuring Login Policies	190
Configuring Browser Policies	191
Configuring IP Policies	193
User Management	196
Adding Users Manually	196
Importing Users	198
Editing Users	199
Deleting Users	200
Backing Up Configuration Settings	201
Restoring Configuration Settings	202
Restoring Factory Default Settings	203
Rebooting the Wireless Controller	204
Upgrading Firmware	205
Access Point Firmware Upgrade	205
Wireless Controller Firmware Upgrade	206
Activating Licenses	208
Using the Command Line Interface	210
9. Troubleshooting	211
LED Troubleshooting	212
Power LED is OFF	212
LAN Port LEDs Not ON	212
Troubleshooting the Web Management Interface	213
Using the Reset Button to Restore Default Settings	213
Problems with Date and Time	214
Discovery Problems with Access Points	214
Connection Problems	214
Network Performance and Rogue Access Point Detection	215
Using Diagnostic Tools on the Wireless Controller	215
Pinging an IP Address	215
Using Traceroute	216
Performing DNS Lookups	217
Capturing Log Packets	218
Checking Log Settings	219
Defining What to Log	219
Tracking Traffic	221
Accepted Packets Example	222
Dropped Packets Example	222
Remote Logging	223
Wireless Controller Event Log	226
IPsec VPN Log Messages	227
(USA and Canada Only)	235
Appendix D. Limited Lifetime Warranty	235

Match case Limit results 1 per page

VPN Settings

DWC-1000 Wireless Controller User’s Guide

Field

Description

NAT Keep Alive Frequency

If NAT Traversal = On, use this option to control the keep-alive-frequency value. Keep-alive

packets are sent at the specified time interval and are used to keep the NAT mappings alive on

the NAT device. Setting this value to 0 disables this feature.

Local Identifier Type

Select the ISAKMP identifier for this router. Choices are:

•

Local WAN IP

•

FQDN

•

User-FQDN

•

DER ASN1 DN

Local Identifier

Enter the appropriate value for the local identifier.

If the Local or Remote Identifier is not an IP address, negotiation is only possible in aggressive

mode. If FQDN, User FQDN or DER ASN1 DN is selected, the wireless controller disables main

mode and sets the default setting to aggressive mode.

Remote Identifier Type

Select the ISAKMP identifier for this router. Choices are:

•

Remote WAN IP

•

FQDN

•

User-FQDN

•

DER ASN1 DN

Remote Identifier

Enter the appropriate value for the remote identifier.

If the Local or Remote Identifier is not an IP address, negotiation is only possible in aggressive

mode. If FQDN, User FQDN or DER ASN1 DN is selected, the wireless controller disables main

mode and sets the default setting to aggressive mode.

Encryption Algorithm

Check the algorithm used to negotiate the SA. Choices are:

•

DES = faster than 3DES, but less secure.

•

3DES = triple DES. More secure method than DES, but with lower throughput.

•

Advanced Encryption Standard is a block cipher that can be used at 128, 192, or 256 bits. The

higher the bit rate, the stronger the encryption but the trade-off is lower throughput. It is more

secure than DES or 3DES. The following AES choices are supported:

−

AES-128

−

AES-192

−

AES-256

•

BLOWFISH = a symmetric encryption algorithm that uses the same secret key to both encrypt

and decrypt messages. Blowfish is also a block cipher that divides a message into fixed length

blocks during encryption and decryption. Blowfish has a 64-bit block size and a key length of

anywhere from 32 bits to 448 bits, and uses 16 rounds of main algorithm.

•

CAST128 = a 128-bit block cipher. CAST is a strong, military-grade encryption algorithm that

has a solid reputation for its ability to withstand unauthorized access.

Authentication Algorithm

Specify the authentication algorithm for the VPN header. Ensure that the same authentication

algorithm is configured on both sides of the tunnel. Choices are:

•

MD5 = Message-Digest algorithm 5 (MD5). MD5 is less secure than SHA, but faster.

•

SHA-1 = Secure Hash Algorithm (SHA-1) hash function. SHA-1 uses a 160-bit encryption key

and is stronger than MD5.

•

SHA2-256 = SHA-256 hash function that uses 32-bit words.

•

SHA2-384 = SHA-384 hash function.

•

SHA2-512 = SHA-512 hash function that uses 64-bit words.