Home » D-Link Manuals » Wireless » D-Link DWL-3600AP » Manual Viewer

D-Link DWL-3600AP Users Manual - Page 76

Static WEP Rules, IEEE 802.1X

Add to My Manuals
Save this manual to your list of manuals

Page 76 highlights

Unified Access Point Administrator's Guide Virtual Access Point Settings Static WEP Rules If you use Static WEP, the following rules apply: • All client stations must have the Wireless LAN (WLAN) security set to WEP, and all clients must have one of the WEP keys specified on the AP in order to de‐code AP‐to‐station data transmissions. • The AP must have all keys used by clients for station‐to‐AP transmit so that it can de‐code the station transmissions. • The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines abc123 key as WEP key 3, then the client stations must define that same string as WEP key 3. • Client stations can use different keys to transmit data to the access point. (Or they can all use the same key, but this is less secure because it means one station can decrypt the data being sent by another.) • On some wireless client software, you can configure multiple WEP keys and define a client station "transfer key index", and then set the stations to encrypt the data they transmit using different keys. This ensures that neighboring APs cannot decode each other's transmissions. • You cannot mix 64‐bit and 128‐bit WEP keys between the access point and its client stations. IEEE 802.1X IEEE 802.1X is the standard defining port‐based authentication and infrastructure for doing key management. Extensible Authentication Protocol (EAP) messages sent over an IEEE 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically‐generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame. This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2. You can use any of a variety of authentication methods that the IEEE 802.1X mode supports, including certificates, Kerberos, and public key authentication. You must configure the client stations to use the same authentication method the AP uses. Table 24: IEEE 802.1X Field Description Use Global RADIUS By default each VAP uses the global RADIUS settings that you define for the AP at the top Server Settings of the VAP page. However, you can configure each VAP to use a different set of RADIUS servers. To use the global RADIUS server settings, make sure the check box is selected. To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS server IP address and key in the following fields. RADIUS IP Address Specify the IP version that the RADIUS server uses. Type You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address settings, but the AP contacts only the RADIUS server or servers for the address type you select in this field. D-Link November 2011 Unified Access Point Administrator's Guide Page 76

Section	Page
Table of Contents	3
List of Figures	8
List of Tables	10
Section 1: About This Document	12
Document Organization	12
Additional Documentation	12
Document Conventions	13
Online Help, Supported Browsers, and Limitations	14
Section 2: Getting Started	15
Administrator’s Computer Requirements	16
Wireless Client Requirements	17
Dynamic and Static IP Addressing on the AP	17
Recovering an IP Address	18
Discovering a Dynamically Assigned IP Address	18
Installing the UAP	19
Basic Settings	22
Connecting to the AP Web Interface by Using the IPv6 Address	24
Using the CLI to View the IP Address	24
Configuring the Ethernet Settings	25
Using the CLI to Configure Ethernet Settings	26
Configuring IEEE 802.1X Authentication	27
Using the CLI to Configure 802.1X Authentication Information	27
Verifying the Installation	28
Configuring Security on the Wireless Access Point	29
Section 3: Viewing Access Point Status	30
Viewing Interface Status	31
Wired Settings (Internal Interface)	31
Wireless Settings	31
Viewing Events	32
Configuring Persistent Logging Options	32
Configuring the Log Relay Host for Kernel Messages	34
Enabling or Disabling the Log Relay Host on the Events Page	34
Viewing Transmit and Receive Statistics	36
Viewing Associated Wireless Client Information	38
Viewing TSPEC Client Associations	39
Link Integrity Monitoring	41
Viewing Rogue AP Detection	41
Saving and Importing the Known AP List	44
Viewing Managed AP DHCP Information	45
Viewing TSPEC Status and Statistics Information	45
Viewing TSPEC AP Statistics Information	47
Viewing Radio Statistics Information	48
Viewing Email Alert Operational Status	50
Section 4: Managing the Access Point	51
Ethernet Settings	51
Wireless Settings	54
Using the 802.11h Wireless Mode	57
Enabling AeroScout™ Engine Support	57
Modifying Radio Settings	58
Configuring Radio and VAP Scheduler	65
Scheduler Association Settings	68
Virtual Access Point Settings	70
None (Plain-text)	74
Static WEP	74
Static WEP Rules	76
IEEE 802.1X	76
WPA Personal	78
WPA Enterprise	79
Configuring the Wireless Distribution System (WDS)	81
WEP on WDS Links	84
WPA/PSK on WDS Links	84
Controlling Access by MAC Authentication	85
Configuring a MAC Filter and Station List on the AP	85
Configuring MAC Authentication on the RADIUS Server	87
Configuring Load Balancing	88
Managed Access Point Overview	89
Transitioning Between Modes	89
Configuring Managed Access Point Settings	90
Configuring 802.1X Authentication	92
Creating a Management Access Control List	94
Section 5: Configuring Access Point Services	95
Configuring SNMP on the Access Point	95
Web Server Settings	99
Setting the SSH Status	101
Setting the Telnet Status	101
Configuring Quality of Service	102
Configuring Email Alert	106
Enabling the Time Settings (NTP)	109
Section 6: Configuring SNMPv3	111
Configuring SNMPv3 Views	111
Configuring SNMPv3 Groups	113
Configuring SNMPv3 Users	115
Configuring SNMPv3 Targets	116
Section 7: Maintaining the Access Point	117
Saving the Current Configuration to a Backup File	117
Restoring the Configuration from a Previously Saved File	118
Performing AP Maintenance	120
Resetting the Factory Default Configuration	120
Rebooting the Access Point	120
Upgrading the Firmware	120
Packet Capture Configuration and Settings	122
Packet Capture Status	124
Packet Capture Parameter Configuration	124
Packet File Capture	125
Remote Packet Capture	125
Packet Capture File Download	127
Section 8: Configuring Client Quality of Service	128
Configuring VAP QoS Parameters	128
Managing Client QoS ACLs	131
IPv4 and IPv6 ACLs	131
MAC ACLs	131
ACL Configuration Process	131
Creating a DiffServ Class Map	138
Defining DiffServ	138
Creating a DiffServ Policy Map	144
Client QoS Status	146
Configuring RADIUS-Assigned Client QoS Parameters	147
Section 9: Clustering Multiple APs	149
Managing Access Points in the Cluster	149
Clustering Single and Dual Radio APs	149
Viewing and Configuring Cluster Members	149
Removing an Access Point from the Cluster	151
Adding an Access Point to a Cluster	152
Navigating to Configuration Information for a Specific AP	152
Navigating to an AP by Using its IP Address in a URL	152
Managing Cluster Sessions	153
Sorting Session Information	154
Configuring and Viewing Channel Management Settings	154
Stopping/Starting Automatic Channel Assignment	155
Viewing Current Channel Assignments and Setting Locks	156
Viewing the Last Proposed Set of Changes	156
Configuring Advanced Settings	157
Viewing Wireless Neighborhood Information	158
Viewing Details for a Cluster Member	160
Appendix A: Default AP Settings	161
Appendix B: Configuration Examples	164
Configuring a VAP	164
VAP Configuration from the Web Interface	164
VAP Configuration from the CLI	165
VAP Configuration Using SNMP	166
Configuring Radio Settings	166
Radio Configuration from the Web Interface	166
Radio Configuration from the CLI	168
Radio Configuration Using SNMP	168
Configuring the Wireless Distribution System	169
WDS Configuration from the Web Interface	169
WDS Configuration from the CLI	170
WDS Configuration Using SNMP	171
Clustering Access Points	172
Clustering APs by Using the Web Interface	172
Clustering APs by Using the CLI	173
Clustering APs by Using SNMP	174
Configuring Client QoS	174
Configuring QoS by Using the Web Interface	174
ACL Configuration	174
DiffServ Configuration	176
Configuring QoS by Using the CLI	179
ACL Configuration	179
DiffServ Configuration	179
ACL Configuration	180

Match case Limit results 1 per page

Virtual Access Point Settings

D-Link

Unified Access Point Administrator’s Guide

November 2011

Page 76

Unified Access Point Administrator’s Guide

Static WEP Rules

If you use Static WEP, the following rules apply:

•

All client stations must have the Wireless LAN (WLAN) security set to WEP, and all clients must have one of

the WEP keys specified on the AP in order to de

‐

code AP

‐

station data transmissions.

•

The AP must have all keys used by clients for station

‐

AP transmit so that it can de

‐

code the station

transmissions.

•

The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines

abc123

key as WEP key 3, then the client stations must define that same string as WEP key 3.

•

Client stations can use different keys to transmit data to the access point. (Or they can all use the same

key, but this is less secure because it means one station can decrypt the data being sent by another.)

•

On some wireless client software, you can configure multiple WEP keys and define a client station

“transfer key index”, and then set the stations to encrypt the data they transmit using different keys. This

ensures that neighboring APs cannot decode each other’s transmissions.

•

You cannot mix 64

‐

bit and 128

‐

bit WEP keys between the access point and its client stations.

IEEE 802.1X

is the standard defining port

‐

based authentication and infrastructure for doing key management.

Extensible Authentication Protocol (

EAP

) messages sent over an

IEEE 802.11

wireless network using a protocol

called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically

‐

generated keys that are

periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking

(CRC) of each 802.11 frame.

This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS

server capable of

EAP

, such as the Microsoft Internet Authentication Server. To work with Windows clients, the

authentication server must support Protected EAP (PEAP) and

MSCHAP V2

You can use any of a variety of authentication methods that the IEEE 802.1X mode supports, including

certificates, Kerberos, and public key authentication. You must configure the client stations to use the same

authentication method the AP uses.

Table 24: IEEE 802.1X

Field

Description

Use Global RADIUS

Server Settings

By default each VAP uses the global RADIUS settings that you define for the AP at the top

of the VAP page. However, you can configure each VAP to use a different set of RADIUS

servers.

To use the global RADIUS server settings, make sure the check box is selected.

To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS

server IP address and key in the following fields.

RADIUS IP Address

Type

Specify the IP version that the RADIUS server uses.

You can toggle between the address types to configure IPv4 and IPv6 global RADIUS

address settings, but the AP contacts only the RADIUS server or servers for the address

type you select in this field.