• Configure an ACL to prevent wireless clients from accessing the WS1 management interface. • Configure DHCP on the wireless switch for wireless client address assignment. • Understand some of the D-LINK Unified Access Point features. 10.90.90.90/8 SSID: Guest Network...
The table below gives the IP addresses used in this scenario. The following steps will guide you through the configuration of the Wireless Switch and the Access Point. Device Subnet Wireless Switch 10.90.90.90/8 (default) 10.90.90.91/8 (default) 10.90.90.92/8 Client Address Pool 10.90.91.1 –...
set management dhcp-status down 10. Enter the command “save-running” to save the current AP configuration. 11. Enter the command “Exit” to logout the AP. Configure the DHCP Server The wireless switch can function as a DHCP server to assign addresses to wireless (or wired) clients that connect to each AP.
1.2.2 Pool Configuration This section describes how to configure the address pool for the wireless clients. 1. Select Pool Configuration in the Navigation tree. 2. Select create and specify the following settings: a. Pool Name – GuestPool b. Type of Binding - Dynamic c.
ACL Configuration The ACL in this scenario prevents wireless clients from accessing the web management interface of the switch. All other types of traffic is allowed. 1. From the LAN menu, navigate to the Access Control Lists > IP ACL > Access Profile Settings page.
Page 9
Rule 1 Next, you must attach the ACL to port 0/1 and port 0/13 (the physical ports to which the APs will be connected) so that the rules are applied to the appropriate wireless client traffic that goes through the APs connected to the switch. 1.
Wireless Configuration You configure and monitor all wireless settings from the WLAN tab on the navigation panel. Since the deployment is an L2 Edge and there are no subnet boundaries to cross, the switch can use the network management IP address for the wireless functions (Note: the wireless switch component uses an IP address to manage the APs and peer-switches.
Device Connections At this point, all the devices are ready to be connected. After the switch discovers the APs, they will appear on the Failed list because the MAC addresses of the APs are not configured in the Valid AP database (i.e. the switch has not been configured to accept any valid APs).
Verify the Configuration 1. From a wireless client, verify that you can see the “Guest Network” SSID. 2. Using a wireless client, connect to the “Guest Network”. 3. Check the IP address that the switch DHCP server assigned. 4. Try pinging from a client on the Guest Network to the switch or AP IP address. The ping should pass.
Page 14
the profile or an AP comes online into managed state after the profile changes are submitted. The Channel adjustment algorithm may be triggered periodically or manually. To manually adjust the channel plan, use the following steps: 1. Select the WLAN tab from the navigation panel and navigate to Administration AP Management RF Management.
You may also manually change the operational channel from the Administration Management Advanced page. Select the appropriate channel of the AP radio and change it to the desired channel on the next screen. 1.8.3 Rogue AP Detection To check the rogue AP list, select the WLAN tab from the navigation panel and navigate to Monitoring Access Points Rogue/RF Scan Access Points.
1.8.4 Power Adjustment To check power level, select the WLAN tab from the navigation panel and click Monitoring Access Points Managed Access Points. Select Radio Details tab to check the power level. The Automatic Power Adjustment algorithm works by setting the initial power of the AP to the value specified in the AP profile.
Page 17
The power adjustment may be manually triggered by selecting the WLAN tab from the navigation panel and traversing down to Administration AP Management Management. Select the Manual Power Adjustments tab and then the Start button to start the process (click the Apply button to apply new power adjustment) You may change the power of the AP radio by selecting the Radio tab of the Basic Setup and changing the Initial Power to the desired setting and click on submit.
1.8.5 Load Balancing The Wireless Switch performs load balancing on a per radio basis by tracking the wireless bandwidth utilization. The maximum bandwidth utilization is configured in the Radio tab of the Basic Setup. If the utilization reaches the configured threshold then new client associations are rejected.
L3 device. Although the two APs are directly connected to the switch, they are in different subnets. Both the APs are managed by the D-LINK Wireless Switch (WS1). Since the wireless switch supports VLAN routing, L2 paths can be established between the AP switch ports although they are on different IP subnets such that L3 Tunneling is not required.
192.168.200.x/24 Configuring LAN Settings All of the features you configure in this section are within the LAN tab on the D-LINK Wireless Switch. In this scenario, the switch is a L3 device with a total of four VLAN routing interfaces. Each connected AP is in a different subnet, so you need to configure two separate VLAN routing interfaces and configure an IP address for each interface.
Page 21
1. From the LAN tab on the switch Web interface, click L2 Features VLAN VLAN Configuration. 2. Select Create from VLAN ID and Name pull down menu. 3. Enter the VLAN ID. 4. Enter VLAN Name. On the Slot/Port row for the port to include in the VLAN, select Include from the Participation drop-down menu.
Page 22
After you have repeated the steps to configure all four VLANs, use the Monitoring VLAN Summary VLAN Status and VLAN Port Status pages to verify that the VLANs and the ports are configured properly. VLAN Status...
VLAN Port Status 2.1.2 Configure VLAN Routing To configure the VLAN routing interfaces for AP1, AP2, and the two D-LINK-NET networks, use the following steps. 1. Select the LAN tab from the navigation panel and click L3 Features VLAN Routing Configuration.
Page 24
5. Select interface 4/1 from the Slot/Port drop-down menu and enter the following information: a. IP Address: 192.168.20.254 b. Subnet Mask: 255.255.255.0 c. Routing Mode: Enable 6. Click Submit. 7. Repeat the steps for interface 4/2 (VLAN 30), 4/3 (VLAN 100), and 4/4 (VLAN 200). Refer to the following table for IP address information: Interface IP Address...
2.1.3 Enable Global Routing You need to enable the routing mode to allow the switch to operate as a L3 device in this scenario. To do this, navigate to the L3 Features Configuration page. Select Enable from the Routing Mode drop-down menu and click Submit. 2.1.4 Configure Static Routing Since all routes are local to the switch, you do not need to configure any static routes for this scenario.
5. Click Submit. 2.1.6 DHCP Server You need to configure IP address pools for each AP and for the clients that connect to the APs through the D-LINK NET1 and DLINK-NET2 SSIDs. 1. From the LAN menu, click Administration DHCP Server Global Configuration 2.
11. The screen refreshes with additional fields. Click the Configure button associated with the appropriate fields and enter the following criteria to deny IP traffic from clients on the D-LINK-NET1 network to clients on the D-LINK-NET2 network: • Protocol Keyword: IP •...
Page 28
13. The screen refreshes with additional fields. Click the Configure button associated with the appropriate fields and enter the following criteria to deny IP traffic from clients on the D-LINK-NET2 network to clients on the D-LINK-NET1 network: • Protocol Keyword: IP •...
Page 29
14. Create Rule 3 to allow all other type of traffic between any source and any destination since as mentioned earlier, there is an implicit “deny all” rule at the end of every ACL. 15. From the Rule drop-down menu, select Create. 16.
Configuring WLAN Settings All of the features you configure in this section are within the WLAN tab on the D-LINK Wireless Switch. Use the following steps to configure the Wireless Switch and the APs. 1. On the Global tab of the Administration Basic Setup page, make sure the switch IP address is the Loopback interface address (192.168.10.254), the country code is...
Page 31
5. Select the 802.11b/g radio. 6. Select the check box next to Managed SSID 2 and click Edit. 7. Change the following Network parameters and select Submit: a. SSID – D-LINK-NET1 b. VLAN – 100 c. Security – WEP •...
Page 32
SSID tab. 9. Select the check box next to Managed SSID 3 and click Edit. Change the follow ing parameters and select Submit: a. SSID – D-LINK-NET2 b. VLAN – 200 c. Security – WEP •...
8. Try pinging from a client on D-LINK-NET1 to D-LINK-NET2. The ping should fail because of the ACL. 9. Perform a “fast roam” from one AP to the other on one of the D-LINK-NET SSIDs (this can be simulated by pulling power on the AP you are currently associated with)
Page 34
and observe that your IP address does not change even though you have now associated with an AP on a different subnet. Fast roams will not function on the Guest Network SSID because the client will be forced to acquire a new IP address.
The diagram in this section shows a network configuration with a D-LINK Wireless Switch connected to an L3 Device/Router. One AP is connected to the D-LINK Wireless Switch, and the other is connected to the L3 device. Both APs are managed by the D- LINK Wireless Switch (WS1).
192.168.250.x/24 Wireless Configuring LAN Settings All of the features you configure in this section are within the LAN tab on the D-LINK Wireless Switch. 3.1.1 Configure the VLANs The summary information for the VLAN configuration is as follows (the bold entries are new for...
This creates a logical routing interface with the slot/port designation of 4/5 for VLAN 5. 11. To create a routing interface for VLAN 250, enter 250 into the VLAN ID field and select Create. This creates a logical routing interface with the slot/port designation of 4/6 for VLAN 250.
Proper static routes to Wireless Switch (WS1) must be also configured on the “customer” L3 device as well. In a customer environment, you would need to configure the following static routes on the customer’s L3 device. Network Address Mask Next Hop IP Address 192.168.10.0 255.255.255.0 172.17.5.253 Note: The above static route provides an IP path back to the loopback interface on the...
3.1.4.1 DHCP on the Customer Network For this scenario, AP2 resides in the “customer” network. Configure the L3 device in the customer network to assign the IP address 172.17.6.1 to AP2. You will use this IP address to add to the L3/IP discovery list. 3.1.5 Setting the MTU Size The MTU determines the maximum size of a packet that can be transmitted through a port in one frame.
Configuring WLAN Settings All of the features you configure in this section are within the WLAN tab on the D-LINK Wireless Switch. 3.2.1 Configure the Basic Settings Use the following steps to configure the Wireless Switch and the APs. 1. On the Global tab of the Administration Basic Setup page, make sure the switch IP address is the Loopback interface address (192.168.10.254), the country...
f. Security: WPA/WPA2 – WPA Personal g. WPA Versions: WPA & WPA2 h. WPA Ciphers: TKIP & CCMP i. Passphrase: 1234567890 3.2.2 Apply the AP Profile Because the AP profile that the APs use has changed and you have not disconnected AP1, you can manually re-apply the AP profile settings in order to update it with the new L3-...
Tunnel network. The new profile will automatically be applied to AP2 after you connect it to the L3 device and the D-LINK Wireless Switch discovers and validates it. 1. To apply the updated AP profile, access the Administration Advanced Configuration AP Profiles page under the WLAN tab.
2. Once wireless connectivity is confirmed, you can check which AP your laptop connects to [ WLAN/ Monitoring/ Client/ Associated Clients ]. 3. Start to Ping one of the LAN interfaces (172.17.5.253 or .254) or its loopback interface ( 192.168.10.254 ). 4.
roam an antenna can be connected to one of the APs after you have already associated with the other. Logs & Traps The administrator can enable or disable SNMP traps sent from the wireless switch and the trap destinations. The traps can be enabled or disabled by traversing to Administration Advanced Configuration Global in the WLAN tab.
25. Client Association Failure 26. Client Authentication Failure Load Balancing Traps Per AP Per Radio Basis 27. Wireless bandwidth utilization exceeded The trap logs can be viewed by traversing to DWS-3024 -> Monitoring -> Trap Logs in the LAN tab. Syslog Configuration Enable Syslog by traversing to DWS-3026 ->...
Debug This section outlines information required for engineering debugging. Connect your laptop/PC to WLAN Switch’s serial console or telnet to the IP address of the switch and capture the following information: 1. show running-config 2. show logging traplogs show logging buffered...
Overview The following tables show a summary of the interfaces on the devices you configure, along with their IP address and port information as well as the VLANs, DHCP pools, etc. This configuration starts from scratch and therefore you should clear the configuration on the WLAN switches from the previous scenarios.
WS1 & WS2 LAN Configuration The configuration in this section takes place on WS1 and WS2, and all features are under the LAN tab on the navigation panel. Please follow the steps you have learned from previous scenarios to configure the VLANs, interfaces, and addresses on the systems. 4.2.1 DHCP Configure DHCP Server parameters and pools on WS1 to provide addresses for AP1,...
Configure WLAN Settings Configure the WLAN parameters to support the 3 Tunneled SSID Networks on both WS1 and WS2. Configure the “Guest” SSID to use no security, “D-LINK-NET1” to use WPA2 (see below), and “D-LINK-NET2” to use Static-WEP. Provide the L3 Tunnel Subnet addresses in the configuration.
• Guest Network • D-LINK NET1 • D-LINK NET2 10. Connect to D-LINK-NET1 from a wireless client to verify that WPA2 authentication is required. 11. After connecting, check the IP address that the switch DHCP server assigned. 12. Start the Roaming Test.
1. Use your laptop to test wireless connection by associating to the “D-LINK-NET1” SSID Network, and check if you’re getting the IP address correctly from the Wireless switch’s DHCP server on the Tunnel subnet after properly authenticating via WPA2. 2. Once wireless connectivity is confirmed, you can check which AP your laptop connects to [ WLAN/ Monitoring/ Client/ Associated Clients ].
roam if a stronger signal is detected from another nearby AP. PC clients are not tuned for these rapid roams and therefore will often allow the signal strength to decrease significantly before selecting a stronger signal AP to associate with – this can cause traffic loss simply associated with a weak signal.
Page 56
Before launching WLAN visualization tool, you need to upload a floor plan image file to Wireless Switch first. It can be done by selecting the WLAN tab from the navigation panel and traversing down to Administration WLAN Visualization Download Image. Note: 1.
Page 57
Then go to ‘Edit’ and select ‘New Graph’, and you can input the following then press ‘Save’...
Page 58
After above, you should be able to see the following You can start to drag and drop from items from left hand side tab including Switches, Managed APs and Rogue APs. Then you can go to ‘View’ ‘AP Power Display’ and select ‘Show 802.11b/g’, you’ll be able to see the following Then you can move your cursor to any of the object and with right click, you can see more detail information of that object like device/RF information.
Appendix 1. You can use the following to make console connection Select the appropriate serial port (COM port 1 or COM port 2). Set the data rate to 115200 baud. Set the data format to 8 data bits, 1 stop bit, and no parity. Set flow control to none. Under Properties, select VT100 for Emulation mode.
Troubleshooting 1. Several known issues have been identified in the current version, and they’ll be solved in the coming release. Those issues include in certain conditions it might not be able to display auto power adjustment. 2. In case you can’t see the ideal results by configuring manually, we provide the sample configuration for all scenarios (file names are DWS-3024-SCN1-1018, DWS- 3024-SCN2-1018, DWS-3024-SCN3-1018, DWS-3024-1-SCN4-1018, DWS-3024-2- SCN4-1018 respectively;...