Home » D-Link Manuals » Hubs & Switches » D-Link DWS-4026 » Manual Viewer

D-Link DWS-4026 Product Manual - Page 524

WIDS Security, WIDS AP Configuration, ECURITY

UPC - 790069325533

Add to My Manuals
Save this manual to your list of manuals

Page 524 highlights

D-Link Unified Access System Software User Manual 12/10/09 Field AP Profiles Known Client Captive Portal RADIUS Client QoS ACL Qos DiffServ Table 339: Peer Switch Configuration Enable/Disable Description Enable this field to include all AP profiles in the configuration that the switch pushes to its peers. The AP profile includes the global AP settings, such as the hardware type, Radio settings, VAP and Wireless Network settings, and QoS settings. To view the local AP Profile settings, click the WLAN > Administration > Advanced Configuration > AP Profile tab. Enable this field to include the Known Client Database in the configuration that the switch pushes to its peers. To view the contents of the local AP Database, click the WLAN > Administration > Advanced Configuration > Clients > Known Client page. Enable this field to include the Captive Portal information in the configuration that the switch pushes to its peers. To view the Captive Portal settings on the local switch, click the pages available in the Security > Captive Portal folder. Note: You can access the Captive Portal pages from either the LAN or WLAN tabs. Enable this field to include the Client RADIUS information in the configuration that the switch pushes to its peers. To view the Client RADIUS settings on the local switch, click the pages available in the LAN > Security > RADIUS folder. Enable this field to include the QoS ACLs in the configuration that the switch pushes to its peers. To view the ACL settings on the local switch, click the pages available in the LAN > Access Control Lists folder. Enable this field to include the Diffserv classes, services, and policies in the configuration that the switch pushes to its peers. To view the DiffServ settings on the local switch, click the pages available in the LAN > QoS > Differentiated Services folder. WIDS SECURITY The D-Link Unified Switch Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network and take automatic actions to protect the network. WIDS AP Configuration The WIDS AP Configuration page allows you to activate or deactivate various threat detection tests and set threat detection thresholds in order to help detect rogue APs on the wireless network. These changes can be done without disrupting network connectivity. Since some of the work is done by access points, the switch needs to send messages to the APs to modify its WIDS operational properties. The classification settings on the WIDS AP Configuration page are part of the global configuration on the switch and must be manually pushed to other switches in order to synchronize that configuration. Many of the tests are focused on identifying APs that are advertising managed SSIDs, but are not in fact managed APs. Detecting such an AP means that a network is either miss-configured or that a hacker set up a honeypot AP in the attempt to collect passwords or other secure information. Page 524 Configuring Advanced Settings Document 34CSFP6XXUWS-SWUM100-D7

Section	Page
Table of Contents	5
List of Tables	33
About This Document	43
Audience	43
Organization	43
Additional Documentation	44
Document Conventions	44
Section 1: Getting Started	45
Connecting the Switch to the Network	45
Understanding the User Interfaces	47
Using the Web Interface	48
Device View	49
Navigation Tree View	50
Configuration and Monitoring Options	51
Help Page Access	51
Using the Command-Line Interface	52
Using SNMP	53
Section 2: System Administration	55
Viewing ARP Cache	56
Viewing Inventory Information	57
Viewing the Dual Image Status	57
System Description	58
Defining System Information	60
Switch Configuration	60
Card Configuration	61
PoE Configuration	62
PoE Status	64
Serial Port	65
IP Address	66
Network DHCP Client Options	68
HTTP Configuration	69
User Accounts	70
Adding a User Account	71
Changing User Account Information	72
Deleting a User Account	72
Authentication List Configuration	72
Creating an Authentication List	74
Configuring an Authentication List	74
Deleting an Authentication List	74
Authentication List Summary	75
Login Session	76
User Login	77
Assigning a User to an Authentication List	77
Denial of Service Protection	78
Multiple Port Mirroring	79
Adding a Port Mirroring Session	80
Removing or Modifying a Port Mirroring Session	81
Configuring and Searching the Forwarding Database	82
Configuration	82
Search	83
Searching the Forwarding Database	83
Managing Logs	84
Buffered Log Configuration	85
Viewing Buffered Log Messages	85
Command Logger Configuration	86
Console Log Configuration	86
Event Log	87
Hosts Configuration	89
Adding a Remote Logging Host	89
Deleting a Remote Logging Host	90
Persistent Log Configuration	90
Persistent Log	91
Syslog Configuration	92
Telnet Sessions	93
Outbound Telnet Client Configuration	94
Ping Test	95
Configuring SNTP Settings	96
SNTP Settings	97
SNTP Server Configuration	98
SNTP Server Status	99
SNTP Global Status	100
Time Zone Configuration	101
Summer Time Configuration	103
Summer Time Recurring Configuration	104
Clock Detail	105
Configuring and Viewing Device Slot Information	106
Configuration	106
Summary	108
Configuring and Viewing Device Port Information	109
Port Configuration	109
Port Summary	112
Port Description	115
Multiple Port Mirroring	115
Multiple Port Mirroring	115
Adding a Port Mirroring Session	116
Removing or Modifying a Port Mirroring Session	117
Double VLAN Tunneling	117
Double VLAN Tunneling Summary	118
Configuring sFlow	120
sFlow Agent Summary	120
sFlow Receiver Configuration	121
sFlow Poller Configuration	122
Counter Sampling	122
sFlow Sampler Configuration	123
Packet Flow Sampling	123
Defining SNMP Parameters	124
SNMP v1 and v2	124
SNMP v3	124
SNMP Community Configuration	125
Trap Receiver Configuration	126
Trap Flags	127
Supported MIBs	128
Viewing System Statistics	129
Switch Detailed	129
Switch Summary	132
Port Detailed	133
Port Summary Statistics	137
Using System Utilities	139
Save All Applied Changes	139
System Reset	140
Reset Configuration to Defaults	140
Reset Passwords to Defaults	140
Download File To Switch (TFTP)	142
Downloading a File to the Switch	144
Upload File From Switch (TFTP)	145
Uploading Files	146
Multiple Image Service	146
HTTP File Download	147
Erase Startup-config File	148
AutoInstall	148
TraceRoute	149
Trap Log	151
Managing the DHCP Server	152
Global Configuration	152
Pool Configuration	154
Pool Options	157
Reset Configuration	158
DHCP Server Summary	158
Bindings Information	158
Server Statistics	160
Conflicts Information	161
Configuring DNS	162
Global Configuration	162
Server Configuration	163
DNS Host Name IP Mapping Configuration	163
DNS Host Name IP Mapping Summary	164
Configuring SNTP Settings	166
SNTP Global Configuration	167
SNTP Server Configuration	169
Configuring and Viewing ISDP Information	170
Global Configuration	170
Cache Table	171
Cache Table	171
Interface Configuration	172
Statistics	172
Section 3: Configuring L2 Features	175
Configuring DHCP Snooping	176
Global DHCP Snooping Configuration	176
DHCP Snooping VLAN Configuration	177
DHCP Snooping Interface Configuration	177
DHCP Snooping Binding Configuration	178
DHCP Snooping Statistics	181
Configuring DHCP L2 Relay	182
DHCP L2 Relay Global Configuration	182
DHCP L2 Relay Interface Configuration	183
DHCP L2 Relay VLAN Configuration	184
DHCP L2 Relay Interface Statistics	184
Managing VLANs	186
VLAN Configuration	186
VLAN Status	188
VLAN Port Configuration	189
VLAN Port Summary	190
Reset VLAN Configuration	191
Configuring Protected Ports	192
Protected Port Configuration	192
Assigning Ports to a Group	193
Protected Ports Summary	193
Managing Protocol-Based VLANs	194
Configuration	194
Protocol-Based VLAN Summary	195
Managing IP Subnet-Based VLANs	197
Configuration	197
Summary	198
Managing MAC-Based VLANs	199
MAC-based VLAN Configuration	199
MAC-based VLAN Summary	199
Voice VLAN Configuration	200
Creating MAC Filters	202
Adding MAC Filters	203
Modifying MAC Filters	203
Deleting MAC Filters	203
MAC Filter Summary	203
Configuring GARP	203
GARP Status	204
GARP Switch Configuration	206
GARP Port Configuration	207
Configuring Dynamic ARP Inspection	208
DAI Configuration	208
DAI VLAN Configuration	209
DAI Interface Configuration	210
DAI ARP ACL Configuration	211
DAI ARP ACL Rule Configuration	211
Dynamic ARP Inspection Statistics	212
Configuring IGMP Snooping	214
Global Configuration and Status	215
Interface Configuration	216
VLAN Configuration	217
VLAN Status	218
Multicast Router Configuration	219
Multicast Router Status	219
Multicast Router VLAN Configuration	221
Multicast Router VLAN Status	222
Configuring IGMP Snooping Queriers	223
IGMP Snooping Querier Configuration	223
IGMP Snooping Querier VLAN Configuration	224
IGMP Snooping Querier VLAN Configuration Summary	225
IGMP Snooping Querier VLAN Status	226
Configuring MLD Snooping	227
Configuration and Status	227
Interface Configuration	228
VLAN Status	229
VLAN Configuration	229
Multicast Router Configuration	231
Multicast Router Status	231
Multicast Router VLAN Configuration	232
Multicast Router VLAN Status	232
Configuring MLD Snooping Queriers	234
MLD Snooping Querier Configuration	234
MLD Snooping Querier VLAN Configuration	235
MLD Snooping Querier VLAN Configuration Summary	236
MLD Snooping Querier VLAN Status	237
Creating Port Channels (Trunking)	238
Port Channel Configuration	238
Port Channel Status	240
Viewing Multicast Forwarding Database Information	241
MFDB Table	241
MFDB GMRP Table	242
MFDB IGMP Snooping Table	243
MFDB MLD Snooping Table	244
MFDB Statistics	244
Configuring Spanning Tree Protocol	246
Switch Configuration/Status	247
CST Configuration/Status	248
MST Configuration/Status	250
CST Port Configuration/Status	252
MST Port Configuration/Status	254
Statistics	257
Configuring Port Security	258
Port Security Administration	258
Port Security Interface Configuration	259
Port Security Static	260
Port Security Dynamic	261
Port Security Violation Status	262
Managing LLDP	263
Global Configuration	264
Interface Configuration	265
Interface Summary	266
Statistics	267
Local Device Information	268
Local Device Summary	269
Remote Device Information	270
Remote Device Summary	271
LLDP-MED	272
LLDP-MED Global Configuration	272
LLDP-MED Interface Configuration	273
LLDP-MED Interface Summary	274
LLDP Local Device Information	274
LLDP-MED Remote Device Information	276
Section 4: Configuring L3 Features	279
Configuring ARP	279
ARP Create	280
ARP Table Configuration	281
Configuring Global and Interface IP Settings	283
IP Configuration	283
IP Interface Configuration	285
Helper IP Interface Configuration	286
IP Statistics	287
Managing the BOOTP/DHCP Relay Agent	290
BOOTP/DHCP Relay Agent Configuration	291
BOOTP/DHCP Relay Agent Status	292
Configuring RIP	293
RIP Configuration	293
RIP Interface Configuration	294
Configuring the RIP Interface	295
RIP Interface Summary	296
RIP Route Redistribution Configuration	297
RIP Route Redistribution Summary	298
Router Discovery	299
Router Discovery Configuration	299
Router Discovery Status	301
Router	302
Route Table	302
Best Routes Table	304
Configured (Static) Routes	305
Adding a Static Route	305
Deleting a Route	307
Route Preferences Configuration	308
VLAN Routing	309
VLAN Routing Configuration	309
Creating a VLAN Routing Interface	310
Deleting a VLAN Router Interface	310
VLAN Routing Summary	311
Virtual Router Redundancy Protocol (VRRP)	312
VRRP Configuration	312
Virtual Router Configuration	313
Configuring a Secondary VRRP Address	314
Creating a New Virtual Router	314
Modifying a Virtual Router	314
VRRP Interface Tracking Configuration	315
VRRP Interface Tracking	316
VRRP Route Tracking Configuration	316
VRRP Route Tracking	317
Virtual Router Status	318
Virtual Router Statistics	319
Loopback Interfaces	321
Loopbacks Configuration	321
Creating a New Loopback (IPv4)	322
Configuring an Existing Loopback	323
Removing a Loopback	323
Removing a Secondary Address	323
Loopback Summary	324
Section 5: Configuring Quality of Service	325
Configuring Differentiated Services	326
Defining DiffServ	326
Diffserv Configuration	326
Class Configuration	328
Policy Configuration	330
Policy Class Definition	332
Service Configuration	334
Configuring Class of Service	335
Mapping 802.1p Priority	335
Trust Mode Configuration	336
IP DSCP Mapping Configuration	338
CoS Interface Configuration	338
CoS Interface Queue Configuration	340
Configuring Auto VoIP	342
Auto VoIP Configuration	342
Section 6: Configuring Access Control Lists	344
IP Access Control Lists	345
IP ACL Configuration	345
IP ACL Rule Configuration	346
Modifying an IP-based Rule	350
Adding a New Rule to an IP-based ACL	350
Deleting a Rule from an IP-based ACL	351
MAC Access Control Lists	351
MAC ACL Configuration	351
MAC ACL Rule Configuration	352
Adding a New Rule to a MAC-based ACL	355
Removing a Rule From a MAC-based ACL	355
ACL Interface Configuration	355
Assigning an ACL to an Interface	356
Removing an ACL from an Interface	357
Section 7: Managing Device Security	359
Captive Portal Configuration	359
Captive Portal Global Configuration	359
CP Configuration	361
Changing the Captive Portal Settings	362
Customizing the Captive Portal Web Page	364
Local User	369
Adding a Local User	370
Configuring Users in the Local Database	371
Configuring Users in a Remote RADIUS Server	372
Interface Association	373
CP Global Status	375
Viewing CP Activation and Activity Status	375
Interface Status	377
Viewing Interface Activation Status	377
Viewing Interface Capability Status	377
Client Connection Status	378
Viewing Client Details	379
Viewing the Client Statistics	380
Viewing the Client Interface Association Status	381
Viewing the Client CP Association Status	382
SNMP Trap Configuration	382
Port Access Control	383
Global Port Access Control Configuration	384
Port Configuration	385
Port Access Entity Capability Configuration	386
Supplicant Port Configuration	387
User Login Configuration	389
Port Access Privileges	390
RADIUS Settings	391
RADIUS Configuration	391
RADIUS Server Configuration	392
Viewing Named Server Status Information	394
RADIUS Accounting Server Configuration	395
Viewing Named Accounting Server Status	396
Clear Statistics	397
TACACS+ Settings	398
TACACS+ Configuration	398
TACACS+ Server Configuration	399
Secure HTTP	400
Secure HTTP Configuration	400
Generating Certificates	401
Downloading SSL Certificates	401
Secure Shell	403
Secure Shell Configuration	403
Downloading SSH Host Keys	404
Section 8: Configuring the Wireless Features	405
D-Link Unified Access System Components	405
DWS-4026 Unified Switch	406
DWL-8600AP Unified Access Point	406
Unified Switch and AP Discovery Methods	406
L2 Discovery	407
IP Address of AP Configured in the Switch	407
IP Address of Switch Configured in the AP	407
Configuring the DHCP Option	408
Discovery and Peer Switches	411
Basic Setup	411
Wireless Global Configuration	411
Wireless Discovery Configuration	414
L3/IP Discovery	415
L2/VLAN Discovery	416
Profile	416
Radio	417
SSID Configuration	423
Managing Virtual Access Point Configuration	423
Configuring the Default Network	424
Configuring AP Security	431
Using No Security	431
Using Static or Dynamic WEP	431
Static WEP Rules	433
Using WPA/WPA2 Personal or Enterprise	433
Valid Access Point Summary	436
Valid Access Point Configuration	437
Local OUI Database Summary	439
AP Management	441
Reset	441
RF Management	441
Configuring Channel Plan and Power Settings	442
Viewing the Channel Plan History	444
Initiating Manual Channel Plan Assignments	445
Initiating Manual Power Adjustments	446
Access Point Software Download	446
Managed AP Advanced Settings	448
Debugging the AP	449
Adjusting the Channel and Power	450
Monitoring Status and Statistics	452
Wireless Global Status/Statistics	452
Viewing Switch Status and Statistics Information	455
Viewing IP Discovery Status	456
Viewing the Peer Switch Configuration Received Status	457
Viewing the AP Hardware Capability List	458
AP Hardware Radio Capability	459
All AP Status	460
Managed AP Status	462
Monitoring AP Status	462
Viewing Detailed Managed Access Point Status	464
Viewing Managed Access Point Radio Summary Information	466
Viewing Detailed Managed Access Point Radio Information	466
Viewing Managed Access Point Neighbor APs	467
Viewing Clients Associated with Neighbor Access Points	468
Viewing Managed Access Point VAPs	469
Viewing Distributed Tunneling Information	469
Managed Access Point Statistics	470
Viewing Managed Access Point Ethernet Statistics	471
Viewing Detailed Managed Access Point Statistics	471
Viewing Managed Access Point Radio Statistics	472
Viewing Managed Access Point VAP Statistics	474
Viewing Distributed Tunneling Statistics	474
Associated Client Status/Statistics	475
Viewing Associated Client Summary Status	476
Viewing Detailed Associated Client Status	477
Viewing Associated Client QoS Status	478
Viewing Associated Client Neighbor AP Status	479
Viewing Associated Client Distributed Tunneling Status	480
Viewing SSID Associated Client Status	481
Viewing VAP Associated Client Status	481
Viewing Switch Associated Client Status	482
Viewing Associated Client Statistics	482
Viewing Detailed Associated Client Association Statistics	484
Viewing Detailed Associated Client Session Statistics	484
Peer Switch Status	485
Viewing Peer Switch Configuration Status	486
Viewing Peer Switch Managed AP Status	487
Monitoring and Managing Intrusion Detection	488
AP RF Scan Status	488
Viewing Access Point Triangulation Status	491
Viewing WIDS AP Rogue Classification Information	492
Detected Client Status	494
Viewing Detailed Detected Client Status	495
Viewing WIDS Client Rogue Classification	497
Viewing Detected Client Pre-Authentication History	498
Viewing Detected Client Triangulation	499
Viewing Detected Client Roam History	500
Detected Client Pre-Authentication Summary	500
Detected Client Roam History Summary	501
Ad Hoc Client Status	502
AP Authentication Failure Status	503
AP De-Authentication Attack Status	505
Configuring Advanced Settings	506
Advanced Global Settings	506
Wireless SNMP Trap Configuration	508
Distributed Tunneling Configuration	510
Known Client	511
Known Client Configuration	512
Wireless Network List	513
Configuring Networks	513
AP Profiles	514
Creating, Copying, and Deleting AP Profiles	515
Applying an AP Profile	516
Access Point Profile QoS Configuration	518
Peer Switch	521
WIDS Security	524
WIDS AP Configuration	524
WIDS Client Configuration	527
Visualizing the Wireless Network	529
Importing and Configuring a Background Image	530
Setting Up the Graph Components	531
Creating a New Graph	531

Match case Limit results 1 per page

D-Link Unified Access System

Software User Manual

12/10/09

Page

524

Configuring Advanced Settings

Document

34CSFP6XXUWS-SWUM100-D7

WIDS S

ECURITY

The D-Link Unified Switch Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless

network and take automatic actions to protect the network.

WIDS AP Configuration

The

WIDS AP Configuration

page allows you to activate or deactivate various threat detection tests and set threat detection

thresholds in order to help detect rogue APs on the wireless network. These changes can be done without disrupting network

connectivity. Since some of the work is done by access points, the switch needs to send messages to the APs to modify its

WIDS operational properties.

Many of the tests are focused on identifying APs that are advertising managed SSIDs, but are not in fact managed APs.

Detecting such an AP means that a network is either miss-configured or that a hacker set up a honeypot AP in the attempt

to collect passwords or other secure information.

AP Profiles

Enable this field to include all AP profiles in the configuration that the switch

pushes to its peers. The AP profile includes the global AP settings, such as

the hardware type, Radio settings, VAP and Wireless Network settings, and

QoS settings.

To view the local AP Profile settings, click the

WLAN > Administration >

Advanced Configuration > AP Profile

tab.

Known Client

Enable this field to include the Known Client Database in the configuration

that the switch pushes to its peers.

To view the contents of the local AP Database, click the

WLAN >

Administration > Advanced Configuration > Clients > Known Client

page.

Captive Portal

Enable this field to include the Captive Portal information in the configuration

that the switch pushes to its peers.

To view the Captive Portal settings on the local switch, click the pages

available in the

Security > Captive Portal

folder.

Note:

You can access the Captive Portal pages from either the LAN or

WLAN tabs.

RADIUS Client

Enable this field to include the Client RADIUS information in the configuration

that the switch pushes to its peers.

To view the Client RADIUS settings on the local switch, click the pages

available in the

LAN > Security > RADIUS

folder.

QoS ACL

Enable this field to include the QoS ACLs in the configuration that the switch

pushes to its peers.

To view the ACL settings on the local switch, click the pages available in the

LAN > Access Control Lists

folder.

Qos DiffServ

Enable this field to include the Diffserv classes, services, and policies in the

configuration that the switch pushes to its peers.

To view the DiffServ settings on the local switch, click the pages available in

the

LAN > QoS > Differentiated Services

folder.

The classification settings on the WIDS AP Configuration page are part of the global configuration on the

switch and must be manually pushed to other switches in order to synchronize that configuration.

Table 339:

Peer Switch Configuration Enable/Disable

Field

Description