User Manual - D-Link

User Manual
Product Model:
DWS-4000 series
DWL-8600AP DWL-8610AP
DWL-6600AP DWL-6610AP
DWL-2600AP DWL-3600AP
DWL-6700AP
Unified Wired & Wireless Access System
Release 2.01
October 2015
©Copyright 2015. All rights reserved.
D-Link UWS User Manual
FCC Warning
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment generates, uses,
and can radiate radio frequency energy and, if not installed and used in accordance with this manual, may
cause harmful interference to radio communications. Operation of this equipment in a residential area is likely
to cause harmful interference in which case the user will be required to correct the interference at his own
expense.
CE Mark Warning
This equipment is compliant with Class A of CISPR 32. In a residential environment this equipment may
cause radio interference.
VCCI Warning
BSMI Warning
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 2
D-Link UWS User Manual
MIC Warning
CCC Warning
D-Link
July 2012
Unified Wired and Wireless Access System
Page 3
D-Link UWS User Manual
Table of Contents
About This Document...................................................................................................................................45
Audience ................................................................................................................................................45
Organization...........................................................................................................................................45
Additional Documentation.....................................................................................................................46
Document Conventions .........................................................................................................................46
Section 1: Getting Started ...............................................................................................47
Connecting the Switch to the Network........................................................................................................47
Booting the Switch .......................................................................................................................................48
Boot Menu Functions.............................................................................................................................49
Start Operational Code ...................................................................................................................50
Change Baud Rate...........................................................................................................................50
Retrieve Event Log Using XMODEM ...............................................................................................51
Load New Operational Code Using XMODEM ................................................................................51
Load Configuration Using XMODEM...............................................................................................52
Display Operational Code Vital Product Data.................................................................................52
Run Flash Diagnostics .....................................................................................................................53
Update Boot Code ..........................................................................................................................54
Delete Operational Code ................................................................................................................54
Reset the System ............................................................................................................................55
Restore Configuration To Factory Defaults (Delete Configuration Files)........................................55
Activate Backup Image ...................................................................................................................55
Understanding the User Interfaces..............................................................................................................56
Using the Web Interface ........................................................................................................................56
Device View ....................................................................................................................................57
Navigation Tree View......................................................................................................................58
Configuration and Monitoring Options ..........................................................................................59
Help Page Access ............................................................................................................................60
Using the Command-Line Interface .......................................................................................................60
Using SNMP............................................................................................................................................61
Section 2: System Administration....................................................................................62
System Description.......................................................................................................................................63
Defining System Information..........................................................................................................64
Switch Configuration ....................................................................................................................................64
Viewing Inventory Information....................................................................................................................66
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 4
D-Link UWS User Manual
Card Configuration .......................................................................................................................................66
Slot Summary.........................................................................................................................................68
PoE Configuration ..................................................................................................................................69
PoE Status .....................................................................................................................................................71
Serial Port .....................................................................................................................................................73
IP Address .....................................................................................................................................................74
Network DHCP Client Options......................................................................................................................75
HTTP Configuration ......................................................................................................................................77
User Accounts...............................................................................................................................................78
Adding a User Account ...................................................................................................................80
Changing User Account Information ..............................................................................................80
Deleting a User Account .................................................................................................................80
Authentication List Configuration................................................................................................................81
Creating an Authentication List ......................................................................................................83
Configuring an Authentication List .................................................................................................83
Deleting an Authentication List ......................................................................................................83
Authentication List Summary.......................................................................................................................84
Login Session ................................................................................................................................................86
User Login .....................................................................................................................................................87
Assigning a User to an Authentication List ............................................................................................88
Denial of Service Protection.........................................................................................................................88
Multiple Port Mirroring................................................................................................................................90
Adding a Port Mirroring Session ............................................................................................................91
Removing or Modifying a Port Mirroring Session..................................................................................92
Telnet Sessions .............................................................................................................................................92
Outbound Telnet Client Configuration ........................................................................................................94
Ping Test........................................................................................................................................................95
TraceRoute....................................................................................................................................................96
Configuring SNTP Settings............................................................................................................................97
SNTP Settings .........................................................................................................................................98
SNTP Server Configuration.....................................................................................................................99
SNTP Server Status...............................................................................................................................100
SNTP Global Status...............................................................................................................................101
Time Zone Configuration .....................................................................................................................103
Summer Time Configuration................................................................................................................104
Summer Time Recurring Configuration ........................................................................................105
Clock Detail ..........................................................................................................................................106
D-Link
July 2012
Unified Wired and Wireless Access System
Page 5
D-Link UWS User Manual
Configuring and Viewing Device Port Information....................................................................................107
Port Configuration ...............................................................................................................................107
Port Summary ......................................................................................................................................110
Port Description ...................................................................................................................................113
Managing and Viewing Logs.......................................................................................................................114
Buffered Log Configuration..................................................................................................................114
Viewing Buffered Log Messages ..........................................................................................................115
Command Logger Configuration..........................................................................................................116
Console Log Configuration ...................................................................................................................117
Event Log..............................................................................................................................................118
Hosts Configuration .............................................................................................................................119
Adding a Remote Logging Host.....................................................................................................119
Deleting a Remote Logging Host...................................................................................................120
Persistent Log Configuration................................................................................................................120
Persistent Log.......................................................................................................................................122
Syslog Configuration ............................................................................................................................123
Trap Log ...............................................................................................................................................124
Defining SNMP Parameters........................................................................................................................125
SNMP v1 and v2 ...................................................................................................................................125
SNMP v3...............................................................................................................................................125
SNMP Community Configuration.........................................................................................................126
Trap Receiver Configuration ................................................................................................................127
Trap Flags .............................................................................................................................................128
Supported MIBs ...................................................................................................................................130
Managing the DHCP Server ........................................................................................................................131
Global Configuration............................................................................................................................131
Pool Configuration ...............................................................................................................................133
Pool Options.........................................................................................................................................136
Reset Configuration .............................................................................................................................137
Bindings Information ...........................................................................................................................138
Server Statistics....................................................................................................................................139
Conflicts Information ...........................................................................................................................140
Configuring Time Ranges............................................................................................................................141
Time Range Configuration ...................................................................................................................141
Time Range Summary ..........................................................................................................................142
Time Range Entry Configuration ..........................................................................................................143
Configuring DNS..........................................................................................................................................145
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 6
D-Link UWS User Manual
Global Configuration............................................................................................................................145
Server Configuration ............................................................................................................................146
DNS Host Name IP Mapping Configuration .........................................................................................147
DNS Host Name IP Mapping Summary ................................................................................................148
Configuring and Viewing ISDP Information ...............................................................................................149
Global Configuration............................................................................................................................149
Cache Table..........................................................................................................................................150
Interface Configuration........................................................................................................................151
Statistics ...............................................................................................................................................152
Configuring sFlow .......................................................................................................................................153
sFlow Agent Summary .........................................................................................................................153
sFlow Receiver Configuration ..............................................................................................................154
sFlow Poller Configuration...................................................................................................................156
Counter Sampling .........................................................................................................................156
sFlow Sampler Configuration ...............................................................................................................157
Packet Flow Sampling ...................................................................................................................157
Viewing System Statistics...........................................................................................................................158
Switch Detailed ....................................................................................................................................158
Switch Summary ..................................................................................................................................160
Port Detailed ........................................................................................................................................162
Port Summary Statistics .......................................................................................................................168
Section 3: Using System Tools ....................................................................................... 169
Reset Configuration to Defaults.................................................................................................................169
Reset Passwords to Defaults......................................................................................................................170
System Reset ..............................................................................................................................................170
Save All Applied Changes ...........................................................................................................................171
Download File To Switch (TFTP).................................................................................................................171
Downloading a File to the Switch ........................................................................................................173
HTTP File Download ...................................................................................................................................174
Upload File From Switch (TFTP) .................................................................................................................175
Uploading Files .............................................................................................................................176
Multiple Image Service...............................................................................................................................176
Viewing the Dual Image Status ............................................................................................................178
Erase Startup-config File ............................................................................................................................179
AutoInstall ..................................................................................................................................................179
D-Link
July 2012
Unified Wired and Wireless Access System
Page 7
D-Link UWS User Manual
Section 4: Configuring L2 Features................................................................................. 181
Configuring and Searching the Forwarding Database ...............................................................................182
Configuration .......................................................................................................................................182
MAC Address Table..............................................................................................................................183
Searching the Forwarding Database.............................................................................................184
Managing VLANs.........................................................................................................................................184
VLAN Configuration .............................................................................................................................184
VLAN Status..........................................................................................................................................187
VLAN Port Configuration......................................................................................................................188
VLAN Port Summary ............................................................................................................................189
Managing Protocol-Based VLANs.........................................................................................................190
Protocol-Based VLAN Summary...........................................................................................................192
Managing IP Subnet-Based VLANs.......................................................................................................193
IP Subnet-based VLAN Summary .........................................................................................................194
MAC-based VLAN Configuration ..........................................................................................................194
MAC-based VLAN Summary.................................................................................................................195
Double VLAN Tunneling .......................................................................................................................196
Double VLAN Tunneling Summary .......................................................................................................197
Voice VLAN Configuration ..........................................................................................................................198
Reset VLAN Configuration....................................................................................................................199
Configuring Protected Ports.......................................................................................................................200
Protected Port Configuration...............................................................................................................200
Assigning Ports to a Group ...........................................................................................................201
Protected Ports Summary....................................................................................................................201
Creating MAC Filters...................................................................................................................................202
Adding MAC Filters .......................................................................................................................203
Modifying MAC Filters ..................................................................................................................203
Deleting MAC Filters .....................................................................................................................203
MAC Filter Summary ............................................................................................................................203
Configuring GARP .......................................................................................................................................204
GARP Status .........................................................................................................................................204
GARP Switch Configuration..................................................................................................................206
GARP Port Configuration......................................................................................................................207
Creating Port Channels (Trunking).............................................................................................................209
Port Channel Configuration .................................................................................................................209
Port Channel Status .............................................................................................................................211
Configuring IGMP Snooping .......................................................................................................................213
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 8
D-Link UWS User Manual
Global Configuration and Status ..........................................................................................................214
Interface Configuration........................................................................................................................215
VLAN Configuration .............................................................................................................................216
VLAN Status..........................................................................................................................................217
Multicast Router Configuration ...........................................................................................................218
Multicast Router Status .......................................................................................................................219
Multicast Router VLAN Configuration..................................................................................................220
Multicast Router VLAN Status..............................................................................................................221
Configuring IGMP Snooping Queriers ........................................................................................................222
IGMP Snooping Querier Configuration ................................................................................................222
IGMP Snooping Querier VLAN Configuration ......................................................................................223
IGMP Snooping Querier VLAN Configuration Summary ......................................................................224
IGMP Snooping Querier VLAN Status ..................................................................................................225
Configuring MLD Snooping.........................................................................................................................226
Configuration and Status .....................................................................................................................226
Interface Configuration........................................................................................................................227
VLAN Status..........................................................................................................................................228
VLAN Configuration .............................................................................................................................229
Multicast Router Configuration ...........................................................................................................230
Multicast Router Status .......................................................................................................................231
Multicast Router VLAN Configuration..................................................................................................232
Multicast Router VLAN Status..............................................................................................................233
Configuring MLD Snooping Queriers .........................................................................................................234
MLD Snooping Querier Configuration..................................................................................................234
MLD Snooping Querier VLAN Configuration........................................................................................235
MLD Snooping Querier VLAN Configuration Summary........................................................................236
MLD Snooping Querier VLAN Status ....................................................................................................237
Viewing Multicast Forwarding Database Information ..............................................................................238
MFDB Table..........................................................................................................................................238
MFDB GMRP Table...............................................................................................................................239
MFDB IGMP Snooping Table ................................................................................................................240
MFDB MLD Snooping Table .................................................................................................................241
MFDB Statistics ....................................................................................................................................242
Configuring Spanning Tree Protocol ..........................................................................................................243
Switch Configuration/Status ................................................................................................................243
CST Configuration/Status.....................................................................................................................245
MST Configuration/Status....................................................................................................................247
D-Link
July 2012
Unified Wired and Wireless Access System
Page 9
D-Link UWS User Manual
CST Port Configuration/Status .............................................................................................................249
MST Port Configuration/Status............................................................................................................252
Statistics ...............................................................................................................................................254
Configuring DHCP Snooping .......................................................................................................................255
Global DHCP Snooping Configuration ..................................................................................................255
DHCP Snooping VLAN Configuration....................................................................................................256
DHCP Snooping Interface Configuration..............................................................................................257
Managing LLDP ...........................................................................................................................................258
Global Configuration............................................................................................................................259
Interface Configuration........................................................................................................................260
Interface Summary ..............................................................................................................................261
Statistics ...............................................................................................................................................262
Local Device Information .....................................................................................................................263
Local Device Summary .........................................................................................................................264
Remote Device Information.................................................................................................................265
Remote Device Summary.....................................................................................................................266
LLDP-MED ............................................................................................................................................267
LLDP-MED Global Configuration ...................................................................................................267
LLDP-MED Interface Configuration...............................................................................................268
LLDP-MED Interface Summary......................................................................................................269
LLDP Local Device Information .....................................................................................................270
LLDP-MED Remote Device Information........................................................................................272
Configuring Dynamic ARP Inspection ........................................................................................................274
DAI Configuration.................................................................................................................................274
DAI VLAN Configuration.......................................................................................................................275
DAI Interface Configuration .................................................................................................................276
DAI ARP ACL Configuration ..................................................................................................................277
DAI ARP ACL Rule Configuration ..........................................................................................................278
Dynamic ARP Inspection Statistics .......................................................................................................279
Section 5: Configuring L3 Features................................................................................. 280
Managing the BOOTP/DHCP Relay Agent..................................................................................................280
BootP/DHCP Relay Agent Configuration..............................................................................................281
BOOTP/DHCP Relay Agent Status ........................................................................................................282
Configuring the IP Helper Features............................................................................................................283
IP Helper Global Configuration ............................................................................................................283
IP Helper Interface Configuration ........................................................................................................285
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 10
D-Link UWS User Manual
IP Helper Statistics ...............................................................................................................................287
Configuring ARP..........................................................................................................................................288
ARP Create ...........................................................................................................................................289
ARP Table Configuration ......................................................................................................................290
Viewing ARP Cache.....................................................................................................................................292
Configuring Global and Interface IP Settings.............................................................................................293
IP Configuration ...................................................................................................................................293
IP Interface Configuration....................................................................................................................295
IP Statistics ...........................................................................................................................................297
Loopback Interfaces ...................................................................................................................................300
Loopbacks Configuration .....................................................................................................................300
Creating a New Loopback (IPv4) ...................................................................................................301
Removing a Loopback...................................................................................................................302
Removing a Secondary Address....................................................................................................302
Loopbacks Summary ............................................................................................................................303
Configuring RIP ...........................................................................................................................................304
RIP Configuration .................................................................................................................................304
RIP Interface Configuration..................................................................................................................305
Configuring the RIP Interface........................................................................................................307
RIP Interface Summary ........................................................................................................................308
RIP Route Redistribution Configuration...............................................................................................309
RIP Route Redistribution Summary .....................................................................................................310
Router Discovery ........................................................................................................................................311
Router Discovery Configuration...........................................................................................................311
Router Discovery Status.......................................................................................................................313
Router .........................................................................................................................................................314
Route Table..........................................................................................................................................314
Best Routes Table ................................................................................................................................316
Configured (Static) Routes ...................................................................................................................317
Adding a Static Route ...................................................................................................................317
Deleting a Route ...........................................................................................................................318
Route Preferences Configuration ........................................................................................................319
VLAN Routing..............................................................................................................................................320
VLAN Routing Configuration ................................................................................................................320
Creating a VLAN Routing Interface ...............................................................................................321
Deleting a VLAN Router Interface.................................................................................................322
VLAN Routing Summary.......................................................................................................................323
D-Link
July 2012
Unified Wired and Wireless Access System
Page 11
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP).............................................................................................324
VRRP Configuration..............................................................................................................................324
Virtual Router Configuration................................................................................................................325
Configuring a Secondary VRRP Address........................................................................................326
Creating a New Virtual Router......................................................................................................327
Modifying a Virtual Router ...........................................................................................................327
VRRP Interface Tracking Configuration.........................................................................................327
VRRP Interface Tracking................................................................................................................328
VRRP Route Tracking Configuration .............................................................................................329
VRRP Route Tracking ....................................................................................................................330
Virtual Router Status............................................................................................................................330
Virtual Router Statistics .......................................................................................................................332
Section 6: Configuring Quality of Service ....................................................................... 334
Configuring Class of Service .......................................................................................................................334
Mapping 802.1p Priority ......................................................................................................................334
Trust Mode Configuration....................................................................................................................335
IP DSCP Mapping Configuration...........................................................................................................337
CoS Interface Configuration.................................................................................................................338
CoS Interface Queue Configuration .....................................................................................................339
CoS Interface Queue Status .................................................................................................................340
Configuring Differentiated Services ...........................................................................................................341
Diffserv Configuration..........................................................................................................................341
Class Configuration ..............................................................................................................................343
DiffServ Class Summary .......................................................................................................................345
Policy Configuration.............................................................................................................................346
DiffServ Policy Summary ......................................................................................................................347
Policy Class Definition ..........................................................................................................................348
DiffServ Policy Attribute Summary ......................................................................................................350
Service Configuration...........................................................................................................................350
DiffServ Service Summary....................................................................................................................351
Service Statistics ..................................................................................................................................351
Service Detailed Statistics ....................................................................................................................352
Configuring Auto VoIP ................................................................................................................................354
Auto VoIP Configuration ......................................................................................................................354
Auto VoIP Summary .............................................................................................................................355
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 12
D-Link UWS User Manual
Section 7: Configuring Access Control Lists .................................................................... 356
Configuring IP Access Control Lists ............................................................................................................356
IP ACL Configuration ............................................................................................................................357
IP ACL Rule Configuration ....................................................................................................................358
Modifying an IP-based Rule ..................................................................................................362
Adding a New Rule to an IP-based ACL.................................................................................363
Deleting a Rule from an IP-based ACL ..................................................................................363
IP ACL Summary ...................................................................................................................................363
IP ACL Rule Summary ...........................................................................................................................364
MAC Access Control Lists ...........................................................................................................................364
MAC ACL Configuration .......................................................................................................................365
MAC ACL Rule Configuration ........................................................................................................366
Adding a New Rule to a MAC-based ACL ..............................................................................369
Removing a Rule From a MAC-based ACL.............................................................................369
MAC ACL Summary ..............................................................................................................................370
MAC ACL Rule Summary ......................................................................................................................370
ACL Interface Configuration .......................................................................................................................371
Assigning an ACL to an Interface ..................................................................................................372
Removing an ACL from an Interface .............................................................................................372
Section 8: Managing Device Security ............................................................................. 373
Configuring Port Security ...........................................................................................................................373
Port Security Administration................................................................................................................374
Port Security Interface Configuration ..................................................................................................374
Port Security Static...............................................................................................................................376
Port Security Dynamic..........................................................................................................................377
Port Security Violation Status ..............................................................................................................378
SSL/Secure HTTP Configuration .................................................................................................................379
Generating Certificates .........................................................................................................380
Downloading SSL Certificates ...............................................................................................380
Secure Shell (SSH) Configuration ...............................................................................................................382
Secure Shell Configuration...................................................................................................................382
Downloading SSH Host Keys .........................................................................................................383
Captive Portal Configuration......................................................................................................................384
Captive Portal Global Configuration ....................................................................................................384
CP Configuration ..................................................................................................................................386
Changing the Captive Portal Settings ...........................................................................................387
D-Link
July 2012
Unified Wired and Wireless Access System
Page 13
D-Link UWS User Manual
Customizing the Captive Portal Web Page ...................................................................................389
Local User.............................................................................................................................................395
Adding a Local User ......................................................................................................................396
Configuring Users in the Local Database ......................................................................................397
Configuring Users in a Remote RADIUS Server.............................................................................398
Interface Association ...........................................................................................................................400
CP Global Status...................................................................................................................................401
Viewing CP Activation and Activity Status ....................................................................................402
Interface Status....................................................................................................................................404
Viewing Interface Activation Status..............................................................................................404
Viewing Interface Capability Status ..............................................................................................405
Client Connection Status......................................................................................................................406
Viewing Client Details ...................................................................................................................407
Viewing the Client Statistics .........................................................................................................408
Viewing the Client Interface Association Status ...........................................................................408
Viewing the Client CP Association Status .....................................................................................409
SNMP Trap Configuration ....................................................................................................................410
RADIUS Settings..........................................................................................................................................411
RADIUS Configuration ..........................................................................................................................411
RADIUS Server Configuration...............................................................................................................413
Viewing Named Server Status Information ..................................................................................415
RADIUS Server Statistics.......................................................................................................................416
RADIUS Accounting Server Configuration............................................................................................416
Viewing Named Accounting Server Status ...................................................................................418
RADIUS Server Statistics.......................................................................................................................419
Clear Statistics......................................................................................................................................419
Port Access Control ....................................................................................................................................420
Global Port Access Control Configuration............................................................................................420
Port Configuration ...............................................................................................................................421
Port Access Entity Capability Configuration.........................................................................................423
Supplicant Port Configuration..............................................................................................................424
Port Status ...........................................................................................................................................425
Port Summary ......................................................................................................................................429
Port Access Control Statistics...............................................................................................................431
Client Summary....................................................................................................................................432
Port Access Privileges...........................................................................................................................433
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 14
D-Link UWS User Manual
TACACS+ Settings........................................................................................................................................434
TACACS+ Configuration........................................................................................................................434
TACACS+ Server Configuration ............................................................................................................435
Section 9: Configuring the Wireless Features................................................................. 437
Unified Wired and Wireless Access System Components.........................................................................437
D-Link DWS-4000 Series Unified Wireless Switch................................................................................438
DWL-X600AP Unified Access Points.....................................................................................................438
DWS-4000 Series Switch and AP Discovery Methods ..........................................................................439
L2 Discovery..................................................................................................................................439
IP Address of AP Configured in the Switch ...................................................................................440
IP Address of Switch Configured in the AP ...................................................................................440
Configuring the DHCP Option .......................................................................................................441
Discovery and Peer Switches ...............................................................................................................443
Monitoring Status and Statistics................................................................................................................444
Wireless Global Status/Statistics .........................................................................................................444
Viewing Switch Status and Statistics Information ........................................................................449
Viewing IP Discovery Status..........................................................................................................453
Viewing the Peer Switch Configuration Received Status..............................................................455
Viewing the AP Hardware Capability List......................................................................................456
AP Hardware Radio Capability..............................................................................................457
AP Image Capability .............................................................................................................................458
Peer Switch Status ...............................................................................................................................459
Viewing Peer Switch Configuration Status ...................................................................................460
Viewing Peer Switch Managed AP Status .....................................................................................461
All AP Status ........................................................................................................................................462
Managed AP Status..............................................................................................................................464
Monitoring AP Status....................................................................................................................465
Viewing Detailed Managed Access Point Status...........................................................................467
Viewing Managed Access Point Radio Summary Information......................................................471
Viewing Detailed Managed Access Point Radio Information .......................................................471
Viewing Managed Access Point Neighbor APs .............................................................................473
Viewing Clients Associated with Neighbor Access Points.............................................................474
Viewing Managed Access Point VAPs ...........................................................................................476
Viewing Managed Access Point VAP TSPEC Status .......................................................................476
Viewing Distributed Tunneling Information .................................................................................478
Managed Access Point Statistics..........................................................................................................479
D-Link
July 2012
Unified Wired and Wireless Access System
Page 15
D-Link UWS User Manual
Viewing Managed Access Point Ethernet Statistics......................................................................480
Viewing Detailed Managed Access Point Statistics ......................................................................480
Viewing Managed Access Point Radio Statistics...........................................................................482
Viewing Managed Access Point VAP Statistics .............................................................................483
Viewing Distributed Tunneling Statistics ....................................................................................484
AP Authentication Failure Status .........................................................................................................486
Viewing Details About AP Authentication Failures.......................................................................488
AP RF Scan Status.................................................................................................................................489
Viewing Details About an AP Detected in the RF Scan .................................................................491
Viewing AP Triangulation Information .........................................................................................493
Viewing WIDS AP Rogue Classification Information .....................................................................494
AP De-Authentication Attack Status ....................................................................................................496
Associated Client Status/Statistics.......................................................................................................497
Viewing Associated Client Summary Status..................................................................................498
Viewing Detailed Associated Client Status ...................................................................................499
Viewing Associated Client QoS Status ..........................................................................................501
Viewing Associated Client Neighbor AP Status.............................................................................502
Viewing Associated Client Distributed Tunneling Status ..............................................................503
Viewing Associated Client TSPEC Status .......................................................................................505
Viewing Associated Client RRM Status .........................................................................................506
Viewing Associated Client SSID Status..........................................................................................507
Viewing Associated Client VAP Status ..........................................................................................508
Switch Associated Client Status ....................................................................................................509
Viewing Associated Client Statistics .............................................................................................510
Viewing Associated Client Session Summary Statistics ................................................................511
Viewing Detailed Associated Client Association Statistics............................................................512
Viewing Detailed Associated Client Session Statistics ..................................................................513
Viewing Detailed Associated Client TSPEC Statistics ....................................................................514
Ad Hoc Client Status.............................................................................................................................515
Detected Client Status .........................................................................................................................516
Viewing Detailed Detected Client Status ......................................................................................518
Viewing WIDS Client Rogue Classification ....................................................................................520
Viewing Detected Client Pre-Authentication History ...................................................................523
Viewing Detected Client Triangulation .........................................................................................524
Viewing Detected Client Roam History.........................................................................................525
Detected Client Pre-Authentication Summary .............................................................................526
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 16
D-Link UWS User Manual
Detected Client Roam History Summary ......................................................................................527
Radio Resource Measurement Status Information..............................................................................528
Viewing the RRM Channel Load Configuration.............................................................................528
Viewing the RRM Channel Load History .......................................................................................530
Viewing RRM Neighbors ...............................................................................................................531
WDS-Managed AP Information............................................................................................................532
WDS Group Status Summary ........................................................................................................532
WDS AP Group Status ...................................................................................................................533
WDS Group AP Status Summary...................................................................................................535
WDS AP Link Status Summary ......................................................................................................536
WDS Group Link Statistics Summary ............................................................................................538
Basic Setup..................................................................................................................................................539
Wireless Global Configuration .............................................................................................................539
Wireless Discovery Configuration ........................................................................................................544
L3/IP Discovery .............................................................................................................................545
L2/VLAN Discovery........................................................................................................................546
Profile...................................................................................................................................................548
Radio Configuration .............................................................................................................................549
Wireless Default VAP Configuration ....................................................................................................555
Managing the Virtual Access Point Configuration ........................................................................555
Configuring the Default Network .................................................................................................557
Configuring AP Security ................................................................................................................564
Using No Security..................................................................................................................564
Using Static or Dynamic WEP ...............................................................................................564
Static WEP Rules ...................................................................................................................566
Using WPA/WPA2 Personal or Enterprise ............................................................................566
Valid Access Point Summary ................................................................................................................569
Valid Access Point Configuration ..................................................................................................570
Local OUI Database Summary..............................................................................................................574
AP Management .........................................................................................................................................575
Reset ....................................................................................................................................................575
RF Management...................................................................................................................................576
Configuring Channel Plan and Power Settings..............................................................................576
Viewing the Channel Plan History.................................................................................................579
Initiating Manual Channel Plan Assignments ...............................................................................580
Initiating Manual Power Adjustments ..........................................................................................582
D-Link
July 2012
Unified Wired and Wireless Access System
Page 17
D-Link UWS User Manual
Access Point Software Download ........................................................................................................583
Managed AP Advanced Settings ..........................................................................................................586
Debugging the AP .........................................................................................................................587
Adjusting the Channel and Power ................................................................................................588
AP Provisioning ....................................................................................................................................590
AP Provisioning Summary Status..................................................................................................590
Detailed AP Provisioning Status....................................................................................................591
Configuring Advanced Settings ..................................................................................................................594
Advanced Global Settings ....................................................................................................................594
Wireless SNMP Trap Configuration ..............................................................................................597
Distributed Tunneling Configuration ............................................................................................600
Device Location Configuration......................................................................................................601
Wireless Network List ..........................................................................................................................602
Configuring Networks ..........................................................................................................................603
AP Profiles............................................................................................................................................603
Creating, Copying, and Deleting AP Profiles .................................................................................604
Applying an AP Profile ..................................................................................................................606
Configuring the AP Profile Global Settings ...................................................................................608
Access Point Profile Radio Configuration .....................................................................................609
Access Point Profile VAP Configuration ........................................................................................619
Access Point Profile QoS Configuration ........................................................................................621
Access Point Profile TSPEC Configuration.....................................................................................624
Peer Switch ..........................................................................................................................................627
Peer Switch Configuration Enable/Disable ...................................................................................628
Mutual Authentication .................................................................................................................630
WIDS Security.......................................................................................................................................631
WIDS AP Configuration .................................................................................................................631
WIDS Client Configuration ............................................................................................................634
Known Client........................................................................................................................................636
Known Client Configuration..........................................................................................................638
Switch Provisioning ..............................................................................................................................639
Provisioning ..................................................................................................................................640
Enabling AeroScout™ Engine Support .................................................................................................641
Configuring the Wireless Distribution System...........................................................................................641
WDS Managed AP Group Configuration ..............................................................................................644
WDS Managed AP Configuration .........................................................................................................646
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 18
D-Link UWS User Manual
WDS Link Configuration .......................................................................................................................648
WDS Link Create ...........................................................................................................................649
Locating WLAN Devices ..............................................................................................................................650
Managed AP Location ..........................................................................................................................650
Building .........................................................................................................................................650
Building Floor................................................................................................................................652
Managed AP Coordinates .............................................................................................................653
Managed AP Location Summary...................................................................................................654
On-Demand Location Trigger........................................................................................................655
On-Demand Location Trigger Status....................................................................................................656
On-Demand Location Trigger Global Status .................................................................................656
On-Demand Location Trigger Floor Status ...................................................................................658
AP Triangulation Location ....................................................................................................................659
AP Triangulation Summary ...........................................................................................................659
Detailed AP Triangulation Status ..................................................................................................660
Client Triangulation Location ...............................................................................................................662
Client Triangulation Summary ......................................................................................................662
Detailed AP Triangulation Status ..................................................................................................663
AP Scheduler...............................................................................................................................................665
AP Scheduler Configuration .................................................................................................................665
Visualizing the Wireless Network ..............................................................................................................667
WLAN Visualization Overview..............................................................................................................667
Importing and Configuring a Background Image .................................................................................668
Setting Up the Graph ...........................................................................................................................669
Creating a New Graph...................................................................................................................669
Manually Graphing the Components............................................................................................671
Checking the Location of an AP or Client.............................................................................................671
Understanding the Menu Options and Icons.......................................................................................674
Legend Menu ................................................................................................................................677
Viewing Component Information ........................................................................................................678
Appendix A: Configuration Examples............................................................................. 679
Configuring VLANs ......................................................................................................................................679
Configuring Multiple Spanning Tree Protocol ...........................................................................................682
Configuring VLAN Routing..........................................................................................................................685
Configuring 802.1X Network Access Control .............................................................................................688
Configuring a Virtual Access Point .............................................................................................................690
D-Link
July 2012
Unified Wired and Wireless Access System
Page 19
D-Link UWS User Manual
Configuring Differentiated Services for VoIP.............................................................................................694
Configuring a Network with WDS-Managed APs ......................................................................................697
Configuring a Network to Use WPA2-Enterprise and Dynamic VLANs.....................................................706
Configuring Client Information on the RADIUS Server ........................................................................707
Configuring RADIUS Information and AP Profiles on the Switch .........................................................708
Verifying the Configuration..................................................................................................................713
Optimizing WLAN Traffic ............................................................................................................................715
Monitoring and Managing Channel Information .................................................................................715
Running and Applying a Manual Channel Plan .............................................................................717
Monitoring the RF Transmission Power Level .....................................................................................719
Configuring the Automatic Power Adjustment ............................................................................720
Load Balancing and WLAN Utilization..................................................................................................723
Detecting and Preventing Wireless Intrusion............................................................................................726
Configuring a Radio in Sentry Mode ....................................................................................................726
Configuring and Monitoring WIDS/WIPS to Detect Rogue APs ...........................................................727
Using WIDS/WIPS to Detect Rogue Clients..........................................................................................732
Mitigating a Rogue Client Threat .........................................................................................................734
Appendix B: Limited Warranty (USA Only)..................................................................... 739
Product Registration...................................................................................................................................742
Limited Warranty .......................................................................................................................................742
What You Must Do For Warranty Service:...........................................................................................744
What Is Not Covered............................................................................................................................744
Trademarks ..........................................................................................................................................745
Copyright Statement............................................................................................................................745
FCC Warning.........................................................................................................................................745
Appendix C: Technical Support ...................................................................................... 746
Appendix D: International Offices ................................................................................. 771
Registration Card
All Countries and Regions Excluding USA..............................................................................................773
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 20
D-Link UWS User Manual
List of Figures
Figure 1: Web Interface Layout ........................................................................................................................57
Figure 2: Device View—Back ............................................................................................................................57
Figure 3: Cascading Navigation Menu ..............................................................................................................58
Figure 4: Navigation Tree View ........................................................................................................................58
Figure 5: LAN and WLAN Tabs ..........................................................................................................................59
Figure 6: Help Link ............................................................................................................................................60
Figure 7: System Description............................................................................................................................63
Figure 8: Switch Configuration .........................................................................................................................64
Figure 9: Inventory Information .......................................................................................................................66
Figure 10: Card Configuration ..........................................................................................................................66
Figure 11: Slot Summary ..................................................................................................................................68
Figure 12: PoE Configuration............................................................................................................................69
Figure 13: PoE Status........................................................................................................................................71
Figure 14: Serial Port ........................................................................................................................................73
Figure 15: Network Connectivity......................................................................................................................74
Figure 16: DHCP Client Options........................................................................................................................76
Figure 17: HTTP Configuration .........................................................................................................................77
Figure 18: User Accounts..................................................................................................................................78
Figure 19: Authentication List Configuration ...................................................................................................81
Figure 20: Login Session ...................................................................................................................................84
Figure 21: Login Session ...................................................................................................................................86
Figure 22: User Login........................................................................................................................................87
Figure 23: Denial of Service..............................................................................................................................88
Figure 24: Multiple Port Mirroring ...................................................................................................................90
Figure 25: Multiple Port Mirroring—Add Source Ports....................................................................................91
Figure 26: Telnet Session Configuration...........................................................................................................92
Figure 27: Outbound Telnet .............................................................................................................................94
Figure 28: Ping..................................................................................................................................................95
Figure 29: TraceRoute ......................................................................................................................................96
Figure 30: SNTP Global Configuration ..............................................................................................................98
Figure 31: SNTP Server Configuration ..............................................................................................................99
Figure 32: SNTP Server Status ........................................................................................................................100
Figure 33: Global Status .................................................................................................................................102
Figure 34: Time Zone Configuration...............................................................................................................103
Figure 35: Summer Time Configuration .........................................................................................................104
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 21
D-Link UWS User Manual
Figure 36: Summer Time Recurring Configuration.........................................................................................105
Figure 37: Clock Detail....................................................................................................................................106
Figure 38: Port Configuration .........................................................................................................................107
Figure 39: Port Summary................................................................................................................................110
Figure 40: Port Description.............................................................................................................................113
Figure 41: Buffered Log Configuration ...........................................................................................................114
Figure 42: Buffered Log ..................................................................................................................................115
Figure 43: Command Logger Configuration ...................................................................................................116
Figure 44: Console Log Configuration ............................................................................................................117
Figure 45: Event Log .......................................................................................................................................118
Figure 46: Host Configuration ........................................................................................................................119
Figure 47: Host Configuration with Logging Host...........................................................................................119
Figure 48: Persistent Log Configuration .........................................................................................................120
Figure 49: Persistent Log ................................................................................................................................122
Figure 50: System Log.....................................................................................................................................123
Figure 51: Trap Log .........................................................................................................................................124
Figure 52: SNMP Community Configuration ..................................................................................................126
Figure 53: Trap Receiver Configuration..........................................................................................................127
Figure 54: Trap Flags Configuration................................................................................................................129
Figure 55: Supported MIBs.............................................................................................................................130
Figure 56: DHCP Server Global Configuration ................................................................................................131
Figure 57: Pool Configuration.........................................................................................................................133
Figure 58: Pool Options ..................................................................................................................................136
Figure 59: Reset Configuration.......................................................................................................................137
Figure 60: Bindings Information .....................................................................................................................138
Figure 61: Server Statistics .............................................................................................................................139
Figure 62: Conflicts Information.....................................................................................................................140
Figure 63: Time Range Configuration .............................................................................................................141
Figure 64: Time Range Summary....................................................................................................................142
Figure 65: Time Range Entry Configuration ...................................................................................................143
Figure 66: DNS Global Configuration..............................................................................................................145
Figure 67: DNS Server Configuration..............................................................................................................146
Figure 68: DNS Host Name Mapping Configuration.......................................................................................147
Figure 69: DNS Host Name IP Mapping Summary..........................................................................................148
Figure 70: ISDP Global Configuration .............................................................................................................149
Figure 71: ISDP Cache Table ...........................................................................................................................150
Figure 72: ISDP Interface Configuration .........................................................................................................151
D-Link
July 2012
Unified Wired and Wireless Access System
Page 22
D-Link UWS User Manual
Figure 73: ISDP Statistics ................................................................................................................................152
Figure 74: sFlow Agent Summary...................................................................................................................153
Figure 75: sFlow Receiver Configuration........................................................................................................154
Figure 76: sFlow Poller Configuration ............................................................................................................156
Figure 77: sFlow Sampler Configuration ........................................................................................................157
Figure 78: Switch Detailed..............................................................................................................................158
Figure 79: Switch Summary............................................................................................................................160
Figure 80: Port Detailed .................................................................................................................................162
Figure 81: Port Summary................................................................................................................................168
Figure 82: Reset Configuration to Defaults ....................................................................................................169
Figure 83: Reset Passwords to Defaults .........................................................................................................170
Figure 84: System Reset .................................................................................................................................170
Figure 85: Save All Applied Changes...............................................................................................................171
Figure 86: Download File to Switch ................................................................................................................171
Figure 87: HTTP File Download.......................................................................................................................174
Figure 88: Upload File from Switch ................................................................................................................175
Figure 89: Multiple Image Service..................................................................................................................177
Figure 90: Dual Image Status..........................................................................................................................178
Figure 91: Erase Startup-config File................................................................................................................179
Figure 92: AutoInstall .....................................................................................................................................179
Figure 93: Forwarding Database Age-Out Interval.........................................................................................182
Figure 94: Forwarding Database Search.........................................................................................................183
Figure 95: VLAN Configuration .......................................................................................................................185
Figure 96: VLAN Status ...................................................................................................................................187
Figure 97: VLAN Port Configuration ...............................................................................................................188
Figure 98: VLAN Port Summary ......................................................................................................................189
Figure 99: Create Protocol Group...................................................................................................................190
Figure 100: Protocol Group ............................................................................................................................191
Figure 101: Protocol-based VLAN Summary ..................................................................................................192
Figure 102: IP Subnet-based VLAN Configuration ..........................................................................................193
Figure 103: IP Subnet-based VLAN Summary.................................................................................................194
Figure 104: MAC-based VLAN Configuration .................................................................................................195
Figure 105: MAC-based VLAN Summary ........................................................................................................195
Figure 106: Double VLAN Tunneling...............................................................................................................196
Figure 107: Double VLAN Tunneling Summary ..............................................................................................197
Figure 108: Voice VLAN Configuration ...........................................................................................................198
Figure 109: Reset VLAN Configuration ...........................................................................................................199
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 23
D-Link UWS User Manual
Figure 110: Protected Port Configuration ......................................................................................................200
Figure 111: Protected Ports Summary ...........................................................................................................201
Figure 112: MAC Filter Configuration.............................................................................................................202
Figure 113: MAC Filter Summary ...................................................................................................................203
Figure 114: GARP Status.................................................................................................................................204
Figure 115: GARP Switch Configuration .........................................................................................................206
Figure 116: GARP Port Configuration .............................................................................................................207
Figure 117: Port Channel Configuration.........................................................................................................209
Figure 118: Port Channel Status .....................................................................................................................211
Figure 119: IGMP Snooping Global Configuration and Status........................................................................214
Figure 120: IGMP Snooping Interface Configuration .....................................................................................215
Figure 121: IGMP Snooping VLAN Configuration ...........................................................................................216
Figure 122: IGMP Snooping VLAN Status .......................................................................................................217
Figure 123: Multicast Router Configuration...................................................................................................218
Figure 124: Multicast Router Status...............................................................................................................219
Figure 125: Multicast Router VLAN Configuration .........................................................................................220
Figure 126: Multicast Router VLAN Status .....................................................................................................221
Figure 127: IGMP Snooping Querier Configuration........................................................................................222
Figure 128: IGMP Snooping Querier VLAN Configuration ..............................................................................223
Figure 129: IGMP Snooping Querier VLAN Configuration Summary..............................................................224
Figure 130: IGMP Snooping Querier VLAN Status ..........................................................................................225
Figure 131: MLD Snooping Global Configuration and Status .........................................................................226
Figure 132: MLD Snooping Interface Configuration .......................................................................................227
Figure 133: MLD Snooping VLAN Status.........................................................................................................228
Figure 134: MLD Snooping VLAN Configuration.............................................................................................229
Figure 135: MLD Snooping Multicast Router Configuration ..........................................................................230
Figure 136: MLD Snooping Multicast Router Status ......................................................................................231
Figure 137: Multicast Router VLAN Configuration .........................................................................................232
Figure 138: MLD Snooping Multicast Router VLAN Status.............................................................................233
Figure 139: MLD Snooping Querier Configuration .........................................................................................234
Figure 140: MLD Snooping Querier VLAN Configuration ...............................................................................235
Figure 141: MLD Snooping Querier VLAN Configuration Summary ...............................................................236
Figure 142: MLD Snooping Querier VLAN Status ...........................................................................................237
Figure 143: MFDB Table .................................................................................................................................238
Figure 144: GMRP Table .................................................................................................................................239
Figure 145: IGMP Snooping Table ..................................................................................................................240
Figure 146: MFDB MLD Snooping Table .........................................................................................................241
D-Link
July 2012
Unified Wired and Wireless Access System
Page 24
D-Link UWS User Manual
Figure 147: Multicast Forwarding Database Statistics ...................................................................................242
Figure 148: Spanning Tree Switch Configuration/Status................................................................................243
Figure 149: Spanning Tree CST Configuration/Status ....................................................................................245
Figure 150: Spanning Tree MST Configuration/Status ...................................................................................247
Figure 151: Spanning Tree MST Configuration/Status ...................................................................................247
Figure 152: Spanning Tree CST Port Configuration/Status.............................................................................249
Figure 153: Spanning Tree MST Port Configuration/Status ...........................................................................252
Figure 154: Spanning Tree Statistics...............................................................................................................254
Figure 155: DHCP Snooping Configuration.....................................................................................................255
Figure 156: DHCP Snooping VLAN Configuration ...........................................................................................256
Figure 157: DHCP Snooping Interface Configuration .....................................................................................257
Figure 158: LLDP Global Configuration...........................................................................................................259
Figure 159: LLDP Interface Configuration.......................................................................................................260
Figure 160: LLDP Interface Summary .............................................................................................................261
Figure 161: LLDP Statistics..............................................................................................................................262
Figure 162: LLDP Local Device Information ....................................................................................................263
Figure 163: LLDP Local Device Summary........................................................................................................264
Figure 164: LLDP Remote Device Information ...............................................................................................265
Figure 165: LLDP Remote Device Summary ...................................................................................................266
Figure 166: LLDP Global Configuration...........................................................................................................267
Figure 167: LLDP-MED Interface Configure....................................................................................................268
Figure 168: LLDP-MED Interface Summary ....................................................................................................269
Figure 169: LLDP-MED Local Device Information ...........................................................................................270
Figure 170: LLDP Remote Device Information ...............................................................................................272
Figure 171: Dynamic ARP Inspection Configuration.......................................................................................274
Figure 172: Dynamic ARP Inspection VLAN Configuration .............................................................................275
Figure 173: Dynamic ARP Inspection Interface Configuration .......................................................................276
Figure 174: Dynamic ARP Inspection ARP ACL Configuration ........................................................................277
Figure 175: Dynamic ARP Inspection ARP ACL Rule Configuration ................................................................278
Figure 176: Dynamic ARP Inspection Statistics ..............................................................................................279
Figure 177: BOOTP/DHCP Relay Agent Configuration....................................................................................281
Figure 178: BOOTP/DHCP Relay Agent Status................................................................................................282
Figure 179: IP Helper Global Configuration....................................................................................................283
Figure 180: Adding a Global IP Helper Entry ..................................................................................................284
Figure 181: IP Helper Interface Configuration................................................................................................285
Figure 182: Adding an IP Helper Entry to an Interface...................................................................................286
Figure 183: IP Helper Statistics.......................................................................................................................287
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 25
D-Link UWS User Manual
Figure 184: ARP Create...................................................................................................................................289
Figure 185: ARP Table Configuration..............................................................................................................290
Figure 186: ARP Cache....................................................................................................................................292
Figure 187: IP Configuration...........................................................................................................................293
Figure 188: IP Interface Configuration ...........................................................................................................295
Figure 189: IP Statistics ..................................................................................................................................297
Figure 190: Loopback Configuration—Create ................................................................................................300
Figure 191: Configured Loopback Interface ...................................................................................................300
Figure 192: Loopbacks Configuration—IPv4 Entry .........................................................................................302
Figure 193: Loopbacks Summary....................................................................................................................303
Figure 194: RIP Configuration.........................................................................................................................304
Figure 195: RIP Interface Configuration .........................................................................................................305
Figure 196: RIP Interface Authentication Configuration ................................................................................307
Figure 197: RIP Interface Summary................................................................................................................308
Figure 198: RIP Route Redistribution Configuration ......................................................................................309
Figure 199: RIP Route Redistribution Summary .............................................................................................310
Figure 200: Router Discovery Configuration ..................................................................................................311
Figure 201: Router Discovery Status ..............................................................................................................313
Figure 202: Route Table .................................................................................................................................314
Figure 203: Best Routes Table ........................................................................................................................316
Figure 204: Configured Routes.......................................................................................................................317
Figure 205: Create Static Route......................................................................................................................318
Figure 206: Route Preferences Configuration ................................................................................................319
Figure 207: VLAN Routing Configuration........................................................................................................320
Figure 208: VLAN Routing Configuration - Interface Exists ............................................................................321
Figure 209: VLAN Routing Summary ..............................................................................................................323
Figure 210: VRRP Configuration .....................................................................................................................324
Figure 211: Virtual Router Configuration .......................................................................................................325
Figure 212: VRRP Interface Tracking Configuration .......................................................................................327
Figure 213: VRRP Interface Tracking ..............................................................................................................328
Figure 214: VRRP Route Tracking Configuration ............................................................................................329
Figure 215: VRRP Route Tracking ...................................................................................................................330
Figure 216: Virtual Router Status ...................................................................................................................330
Figure 217: Virtual Router Statistics—Virtual Router Configured..................................................................332
Figure 218: 802.1p Priority Mapping..............................................................................................................335
Figure 219: Trust Mode Configuration ...........................................................................................................336
Figure 220: IP DSCP Mapping Configuration ..................................................................................................337
D-Link
July 2012
Unified Wired and Wireless Access System
Page 26
D-Link UWS User Manual
Figure 221: Interface Configuration ...............................................................................................................338
Figure 222: Interface Queue Configuration....................................................................................................339
Figure 223: Interface Queue Status................................................................................................................340
Figure 224: DiffServ Configuration .................................................................................................................342
Figure 225: DiffServ Class Configuration ........................................................................................................343
Figure 226: DiffServ Class Configuration ........................................................................................................343
Figure 227: Class Summary ............................................................................................................................345
Figure 228: Policy Configuration ....................................................................................................................346
Figure 229: Policy Configuration ....................................................................................................................346
Figure 230: Policy Summary ...........................................................................................................................347
Figure 231: Policy Class Definition..................................................................................................................348
Figure 232: Policy Attribute Summary ...........................................................................................................350
Figure 233: Service Configuration ..................................................................................................................350
Figure 234: Service Summary .........................................................................................................................351
Figure 235: Service Statistics ..........................................................................................................................351
Figure 236: Service Detailed Statistics............................................................................................................352
Figure 237: Auto VoIP Configuration..............................................................................................................354
Figure 238: Auto VoIP Summary ....................................................................................................................355
Figure 239: IP ACL Configuration....................................................................................................................357
Figure 240: IP ACL Rule Configuration (Create Rule)......................................................................................358
Figure 241: IP ACL Rule Configuration (Extended ACL Rule) ..........................................................................359
Figure 242: IP ACL Summary ..........................................................................................................................363
Figure 243: IP ACL Rule Summary ..................................................................................................................364
Figure 244: MAC ACL Configuration ...............................................................................................................365
Figure 245: MAC ACL Rule Configuration (Create Rule) .................................................................................366
Figure 246: MAC ACL Rule Configuration (Deny Action) ................................................................................366
Figure 247: MAC ACL Rule Configuration (Permit Action)..............................................................................367
Figure 248: MAC ACL Summary......................................................................................................................370
Figure 249: MAC ACL Rule Summary..............................................................................................................370
Figure 250: ACL Interface Configuration ........................................................................................................371
Figure 251: Port Security Administration .......................................................................................................374
Figure 252: Port Security Interface Configuration..........................................................................................374
Figure 253: Port Security Static ......................................................................................................................376
Figure 254: Port Security Dynamic .................................................................................................................377
Figure 255: Port Security Violation Status......................................................................................................378
Figure 256: Secure HTTP Configuration..........................................................................................................379
Figure 257: File Download..............................................................................................................................381
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 27
D-Link UWS User Manual
Figure 258: Secure Shell Configuration ..........................................................................................................382
Figure 259: Captive Portal Global Configuration............................................................................................384
Figure 260: Captive Portal Summary..............................................................................................................386
Figure 261: Captive Portal Configuration .......................................................................................................387
Figure 262: CP Web Page Customization — Global Parameters .....................................................................390
Figure 263: CP Web Page Customization — Authentication page ..................................................................391
Figure 264: CP Web Page Customization — Welcome Page ...........................................................................391
Figure 265: CP Web Page Customization — Logout Page ...............................................................................392
Figure 266: CP Web Page Customization — Logout Success Page ..................................................................392
Figure 267: Captive Portal Local User Summary ............................................................................................395
Figure 268: Adding a New User ......................................................................................................................396
Figure 269: Local User Configuration .............................................................................................................397
Figure 270: Interface Association ...................................................................................................................400
Figure 271: Global Captive Portal Status........................................................................................................401
Figure 272: CP Activation and Activity Status.................................................................................................402
Figure 273: Interface Activation Status ..........................................................................................................404
Figure 274: Interface Capability Status ..........................................................................................................405
Figure 275: Client Summary ...........................................................................................................................406
Figure 276: Client Detail .................................................................................................................................407
Figure 277: Client Statistics ............................................................................................................................408
Figure 278: Interface - Client Status ...............................................................................................................408
Figure 279: CP - Client Status .........................................................................................................................409
Figure 280: SNMP Trap Configuration............................................................................................................410
Figure 281: RADIUS Configuration..................................................................................................................411
Figure 282: RADIUS Server Configuration—Add Server .................................................................................413
Figure 283: RADIUS Server Configuration—Server Added .............................................................................413
Figure 284: Named Server Status ...................................................................................................................415
Figure 285: RADIUS Server Statistics ..............................................................................................................416
Figure 286: Add RADIUS Accounting Server...................................................................................................416
Figure 287: RADIUS Accounting Server Configuration—Server Added ..........................................................417
Figure 288: RADIUS Named Accounting Server Status...................................................................................418
Figure 289: RADIUS Accounting Server Statistics ...........................................................................................419
Figure 290: RADIUS Clear Statistics ................................................................................................................419
Figure 291: Global Port Access Control Configuration ...................................................................................420
Figure 292: Port Access Control Port Configuration.......................................................................................421
Figure 293: PAE Capability Configuration.......................................................................................................423
Figure 294: Port Access Control Supplicant Port Configuration.....................................................................424
D-Link
July 2012
Unified Wired and Wireless Access System
Page 28
D-Link UWS User Manual
Figure 295: Port Access Control Status ..........................................................................................................425
Figure 296: Port Access Control Status - MAC-based Control Mode .............................................................426
Figure 297: Port Access Control Port Summary .............................................................................................429
Figure 298: Port Access Control Statistics ......................................................................................................431
Figure 299: Port Access Control Client Summary ...........................................................................................432
Figure 300: Port Access Privileges ..................................................................................................................433
Figure 301: TACACS+ Configuration ...............................................................................................................434
Figure 302: TACACS+ Configuration—No Server............................................................................................435
Figure 303: Global WLAN Status/Statistics.....................................................................................................445
Figure 304: Switch Status/Statistics ...............................................................................................................450
Figure 305: Wireless Discovery Status............................................................................................................453
Figure 306: Configuration Received ...............................................................................................................455
Figure 307: AP Hardware Capability Information...........................................................................................456
Figure 308: Radio Detail .................................................................................................................................457
Figure 309: Image Table .................................................................................................................................458
Figure 310: Peer Switch Status.......................................................................................................................459
Figure 311: Peer Switch Configuration Status ................................................................................................460
Figure 312: Peer Switch Managed AP Status..................................................................................................461
Figure 313: All Access Points ..........................................................................................................................462
Figure 314: Managed AP Status .....................................................................................................................465
Figure 315: Managed AP Statistics .................................................................................................................479
Figure 316: AP Authentication Failure Status.................................................................................................486
Figure 317: AP Authentication Failure Details................................................................................................488
Figure 318: RF Scan ........................................................................................................................................490
Figure 319: RF Scan AP Details .......................................................................................................................491
Figure 320: AP Triangulation Status ...............................................................................................................493
Figure 321: WIDS AP Rogue Classification......................................................................................................494
Figure 322: AP De-Authentication Attack Status............................................................................................496
Figure 323: Associated Client Status ..............................................................................................................497
Figure 324: Associated Client Status ..............................................................................................................498
Figure 325: Associated Client Status Detail....................................................................................................499
Figure 326: Associated Client QoS Status.......................................................................................................501
Figure 327: Associated Client Neighbor AP Status .........................................................................................502
Figure 328: Associated Client Distributed Tunneling Status ..........................................................................503
Figure 329: Associated Client TSPEC Status ...................................................................................................505
Figure 330: Associated Client RRM Status......................................................................................................506
Figure 331: SSID Associated Client Status ......................................................................................................507
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 29
D-Link UWS User Manual
Figure 332: VAP Associated Client Status.......................................................................................................508
Figure 333: Switch Associated Client Status...................................................................................................509
Figure 334: Associated Client Association Summary Statistics ......................................................................510
Figure 335: Associated Client Statistics Session Summary.............................................................................511
Figure 336: Associated Client Association Detail Statistics ............................................................................512
Figure 337: Associated Client Session Detail Statistics...................................................................................513
Figure 338: Associated Client Session Detail Statistics...................................................................................514
Figure 339: Ad Hoc Clients .............................................................................................................................515
Figure 340: Detected Client Status.................................................................................................................517
Figure 341: Detailed Detected Client Status ..................................................................................................518
Figure 342: WIDS Client Rogue Classification.................................................................................................521
Figure 343: Detected Client Pre-Authentication History................................................................................523
Figure 344: Detected Client Triangulation .....................................................................................................524
Figure 345: Detected Client Roam History .....................................................................................................525
Figure 346: Detected Client Pre-Authentication History Summary ...............................................................526
Figure 347: Detected Client Roam History Summary.....................................................................................527
Figure 348: RRM Channel Load Configuration ...............................................................................................528
Figure 349: RRM Channel Load History ..........................................................................................................530
Figure 350: RRM Neighbors............................................................................................................................531
Figure 351: WDS Group Status Summary.......................................................................................................532
Figure 352: WDS AP Group Status..................................................................................................................533
Figure 353: WDS AP Group Status Summary..................................................................................................535
Figure 354: WDS AP Link Status Summary .....................................................................................................536
Figure 355: WDS Group Link Statistics Summary ...........................................................................................538
Figure 356: Wireless Global Configuration.....................................................................................................539
Figure 357: Wireless Discovery Configuration ...............................................................................................545
Figure 358: AP Hardware Capabilities ............................................................................................................548
Figure 359: Radio Settings..............................................................................................................................549
Figure 360: VAP Settings ................................................................................................................................555
Figure 361: Configuring Network Settings .....................................................................................................557
Figure 362: AP Network Security Options ......................................................................................................564
Figure 363: Static WEP Configuration ............................................................................................................565
Figure 364: WPA Personal Configuration .......................................................................................................567
Figure 365: Adding a Valid AP ........................................................................................................................569
Figure 366: Configuring a Valid AP .................................................................................................................571
Figure 367: Local OUI Database Summary .....................................................................................................574
Figure 368: Access Point Reset.......................................................................................................................575
D-Link
July 2012
Unified Wired and Wireless Access System
Page 30
D-Link UWS User Manual
Figure 369: RF Channel Plan and Power Configuration..................................................................................577
Figure 370: Channel Plan History ...................................................................................................................579
Figure 371: Manual Channel Plan...................................................................................................................580
Figure 372: Manual Power Adjustments ........................................................................................................582
Figure 373: Software Download.....................................................................................................................583
Figure 374: Advanced AP Management .........................................................................................................586
Figure 375: Managed AP Debug .....................................................................................................................587
Figure 376: Managed AP Debug .....................................................................................................................588
Figure 377: AP Provisioning Summary Status.................................................................................................590
Figure 378: AP Provisioning Status—Detail....................................................................................................592
Figure 379: Global Configuration ...................................................................................................................594
Figure 380: SNMP Trap Configuration............................................................................................................597
Figure 381: Distributed Tunneling Configuration...........................................................................................600
Figure 382: Device Location Configuration ....................................................................................................601
Figure 383: Multiple AP Profiles .....................................................................................................................603
Figure 384: Adding a Profile ...........................................................................................................................604
Figure 385: Configuring an AP Profile.............................................................................................................605
Figure 386: Applying the AP Profile................................................................................................................607
Figure 387: AP Profile Global Configuration...................................................................................................608
Figure 388: AP Profile Radio Settings .............................................................................................................610
Figure 389: AP Profile VAP Configuration ......................................................................................................619
Figure 390: QoS Configuration .......................................................................................................................621
Figure 391: AP Profile TSPEC Configuration ...................................................................................................625
Figure 392: Peer Switch Configuration Request Status..................................................................................627
Figure 393: Peer Switch Configuration Enable/Disable..................................................................................628
Figure 394: Mutual Authentication ................................................................................................................630
Figure 395: WIDS AP Configuration................................................................................................................631
Figure 396: WIDS Client Configuration...........................................................................................................634
Figure 397: Known Client Summary ...............................................................................................................636
Figure 398: Known Client Configuration ........................................................................................................638
Figure 399: Switch Certificate Request ..........................................................................................................639
Figure 400: Switch Provisioning .....................................................................................................................640
Figure 401: WDS-Managed AP Group ............................................................................................................642
Figure 402: WDS Managed AP Group Configuration......................................................................................644
Figure 403: Edit WDS Managed AP Group Settings........................................................................................645
Figure 404: WDS Managed AP Configuration.................................................................................................646
Figure 405: WDS Managed AP Settings..........................................................................................................647
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 31
D-Link UWS User Manual
Figure 406: WDS AP Link Configuration .........................................................................................................648
Figure 407: WDS Link Create ..........................................................................................................................649
Figure 408: Building........................................................................................................................................651
Figure 409: Building Floor...............................................................................................................................652
Figure 410: Managed AP Coordinates............................................................................................................653
Figure 411: Managed AP Location Summary .................................................................................................654
Figure 412: On-Demand Location Trigger ......................................................................................................655
Figure 413: On-Demand Location Trigger Global Status ................................................................................656
Figure 414: On-Demand Location Trigger Floor Status ..................................................................................658
Figure 415: AP Triangulation Summary..........................................................................................................659
Figure 416: Detailed AP Triangulation Status.................................................................................................660
Figure 417: Client Triangulation Summary.....................................................................................................662
Figure 418: Detailed Client Triangulation Status............................................................................................663
Figure 419: AP Scheduler Configuration.........................................................................................................665
Figure 420: Sample WLAN Visualization.........................................................................................................667
Figure 421: Live Visualization Control ............................................................................................................669
Figure 422: Graphing a Switch........................................................................................................................671
Figure 423: On-Demand Location Search Window ........................................................................................671
Figure 424: Device Location Progress Timer ..................................................................................................672
Figure 425: Device Location Status ................................................................................................................672
Figure 426: Probable Device Location – Point Solution .................................................................................673
Figure 427: Probable Device Location – Circle Solution .................................................................................673
Figure 428: Probable Device Location – Off Screen .......................................................................................674
Figure 429: Toolbar Icons ...............................................................................................................................676
Figure 430: Legend .........................................................................................................................................677
Figure 431: Sentry Mode—Detailed View ......................................................................................................678
Figure 432: Wireless Component Attributes..................................................................................................678
Figure 433: VLAN Example Network Diagram ................................................................................................680
Figure 434: VLAN Routing Example Network Diagram...................................................................................685
Figure 435: Switch with 802.1X Network Access Control...............................................................................688
Figure 436: DiffServ VoIP Example Network Diagram....................................................................................694
Figure 437: WDS-Managed APs in the Network.............................................................................................697
Figure 438: WPA2-Enterprise and Dynamic VLAN Assignment......................................................................706
Figure 439: Monitoring Managed AP Channels..............................................................................................716
Figure 440: Automatic Channel Adjustment ..................................................................................................716
Figure 441: Fixed Channel Plan ......................................................................................................................717
Figure 442: WIDS AP Configuration................................................................................................................728
D-Link
July 2012
Unified Wired and Wireless Access System
Page 32
D-Link UWS User Manual
Figure 443: Honeypot AP................................................................................................................................728
Figure 444: All AP Status with Rogue .............................................................................................................729
Figure 445: Honeypot AP Rogue Status..........................................................................................................729
Figure 446: WIDS Test Discovers Rogue .........................................................................................................730
Figure 447: De-Authentication Attack Enabled ..............................................................................................730
Figure 448: Rogue AP Mitigation....................................................................................................................731
Figure 449: De-Authentication Attack Status.................................................................................................731
Figure 450: WIDS Client Configuration...........................................................................................................732
Figure 451: Excessive Authentication Failures ...............................................................................................733
Figure 452: Client Rogue Classification ..........................................................................................................733
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 33
D-Link UWS User Manual
List of Tables
Table 1: Typographical Conventions ................................................................................................................46
Table 2: Common Command Buttons ..............................................................................................................59
Table 3: System Description Fields...................................................................................................................63
Table 4: Switch Configuration Fields ................................................................................................................64
Table 5: Card Configuration Fields ...................................................................................................................67
Table 6: Slot Summary Fields ...........................................................................................................................68
Table 7: PoE Configuration Fields.....................................................................................................................69
Table 8: PoE Status Fields.................................................................................................................................71
Table 9: Serial Port Fields .................................................................................................................................73
Table 10: Network Connectivity Fields.............................................................................................................74
Table 11: DHCP Client Option Fields.................................................................................................................76
Table 12: HTTP Configuration Fields ................................................................................................................77
Table 13: User Accounts Fields.........................................................................................................................79
Table 14: Authentication Profile Fields ............................................................................................................81
Table 15: Login Fields .......................................................................................................................................84
Table 16: Login Session Fields ..........................................................................................................................86
Table 17: User Login Fields...............................................................................................................................87
Table 18: Denial of Service Configuration Fields ..............................................................................................89
Table 19: Multiple Port Mirroring Fields ..........................................................................................................90
Table 20: Multiple Port Mirroring—Add Source Fields ....................................................................................91
Table 21: Telnet Session Configuration Fields..................................................................................................93
Table 22: Outbound Telnet Fields ....................................................................................................................94
Table 23: Ping Fields .........................................................................................................................................95
Table 24: TraceRoute Fields .............................................................................................................................96
Table 25: SNTP Global Configuration Fields .....................................................................................................98
Table 26: SNTP Server Configuration Fields .....................................................................................................99
Table 27: SNTP Server Status Fields ...............................................................................................................100
Table 28: Global Status Fields.........................................................................................................................102
Table 29: Time Zone Configuration Fields ......................................................................................................103
Table 30: Summer Time Configuration Fields ................................................................................................104
Table 31: Summer Time Recurring Configuration Fields ................................................................................105
Table 32: Clock Detail .....................................................................................................................................106
Table 33: Port Configuration Fields ................................................................................................................108
Table 34: Port Summary Fields.......................................................................................................................110
Table 35: Port Description Fields....................................................................................................................113
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 34
D-Link UWS User Manual
Table 36: Buffered Log Fields .........................................................................................................................115
Table 37: Command Logger Configuration Fields...........................................................................................116
Table 38: Console Log Configuration Fields....................................................................................................117
Table 39: Event Log Fields ..............................................................................................................................118
Table 40: Persistent Log Configuration Fields ................................................................................................121
Table 41: Persistent Log Fields .......................................................................................................................122
Table 42: Syslog Configuration Fields.............................................................................................................123
Table 43: Trap Log Fields ................................................................................................................................124
Table 44: Community Configuration Fields ....................................................................................................126
Table 45: Trap Receiver Configuration Fields.................................................................................................128
Table 46: Trap Flags Configuration Fields.......................................................................................................129
Table 47: Supported MIBs Fields ....................................................................................................................130
Table 48: DHCP Server Global Configuration Fields .......................................................................................131
Table 49: Pool Configuration Fields................................................................................................................134
Table 50: Pool Options Fields .........................................................................................................................136
Table 51: Reset Configuration Fields..............................................................................................................137
Table 52: Bindings Information Fields ............................................................................................................138
Table 53: Server Statistics Fields ....................................................................................................................139
Table 54: Conflicts Information Fields............................................................................................................140
Table 55: Time Range Configuration ..............................................................................................................141
Table 56: Time Range Summary .....................................................................................................................142
Table 57: Time Range Entry Configuration.....................................................................................................143
Table 58: DNS Global Configuration Fields.....................................................................................................145
Table 59: DNS Server Configuration Fields.....................................................................................................146
Table 60: DNS Host Name Mapping Configuration Fields ..............................................................................147
Table 61: DNS Host Name IP Mapping Summary Fields.................................................................................148
Table 62: ISDP Global Configuration ..............................................................................................................149
Table 63: ISDP Cache Table ............................................................................................................................150
Table 64: ISDP Interface Configuration ..........................................................................................................151
Table 65: ISDP Statistics .................................................................................................................................152
Table 66: sFlow Agent Summary ....................................................................................................................154
Table 67: sFlow Receiver Configuration .........................................................................................................155
Table 68: sFlow Poller Configuration..............................................................................................................156
Table 69: sFlow Sampler Configuration..........................................................................................................157
Table 70: Switch Detailed Statistics Fields......................................................................................................159
Table 71: Switch Summary Fields ...................................................................................................................160
Table 72: Detailed Port Statistics Fields .........................................................................................................162
D-Link
July 2012
Unified Wired and Wireless Access System
Page 35
D-Link UWS User Manual
Table 73: Port Summary Statistics Fields........................................................................................................168
Table 74: Download File to Switch Fields .......................................................................................................172
Table 75: HTTP File Download Fields..............................................................................................................174
Table 76: Upload File from Switch Fields .......................................................................................................175
Table 77: Multiple Image Service Fields .........................................................................................................177
Table 78: Dual Image Status Fields.................................................................................................................178
Table 79: AutoInstall Fields ............................................................................................................................180
Table 80: Forwarding Database Search Fields................................................................................................183
Table 81: VLAN Configuration Fields ..............................................................................................................185
Table 82: VLAN Status Fields ..........................................................................................................................187
Table 83: VLAN Port Configuration Fields ......................................................................................................188
Table 84: VLAN Port Summary Fields .............................................................................................................189
Table 85: Protocol Group Fields (No Groups).................................................................................................190
Table 86: Protocol Group Fields .....................................................................................................................191
Table 87: Protocol-based VLAN Summary Fields............................................................................................192
Table 88: IP Subnet-based VLAN Configuration Fields ...................................................................................193
Table 89: IP Subnet-based VLAN Summary Fields..........................................................................................194
Table 90: MAC-based VLAN Configuration Fields...........................................................................................195
Table 91: MAC-based VLAN Summary Fields .................................................................................................195
Table 92: Double VLAN Tunneling Fields........................................................................................................196
Table 93: Double VLAN Tunneling Summary Fields........................................................................................197
Table 94: Voice VLAN Configuration Fields ....................................................................................................198
Table 95: Protected Port Configuration Fields ...............................................................................................200
Table 96: Protected Ports Summary Fields ....................................................................................................201
Table 97: MAC Filter Configuration Fields......................................................................................................202
Table 98: GARP Status Fields ..........................................................................................................................205
Table 99: GARP Switch Configuration Fields ..................................................................................................206
Table 100: GARP Port Configuration Fields ....................................................................................................207
Table 101: Port Channel Configuration Fields ................................................................................................210
Table 102: Port Channel Status Fields ............................................................................................................211
Table 103: IGMP Snooping Global Configuration and Status Fields...............................................................214
Table 104: IGMP Snooping Interface Configuration Fields.............................................................................215
Table 105: IGMP Snooping VLAN Configuration Fields ..................................................................................216
Table 106: IGMP Snooping VLAN Status Fields ..............................................................................................217
Table 107: Multicast Router Configuration Fields..........................................................................................218
Table 108: Multicast Router Status Fields ......................................................................................................219
Table 109: Multicast Router VLAN Configuration Fields ................................................................................220
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 36
D-Link UWS User Manual
Table 110: Multicast Router VLAN Status Fields ............................................................................................221
Table 111: IGMP Snooping Querier Configuration Fields...............................................................................222
Table 112: IGMP Snooping Querier VLAN Configuration Fields .....................................................................223
Table 113: IGMP Snooping Querier VLAN Configuration Summary Fields.....................................................224
Table 114: IGMP Snooping Querier VLAN Status Fields .................................................................................225
Table 115: MLD Snooping Global Configuration and Status Fields ................................................................226
Table 116: MLD Snooping Interface Configuration Fields ..............................................................................227
Table 117: MLD Snooping VLAN Status Fields................................................................................................228
Table 118: MLD Snooping VLAN Configuration Fields....................................................................................229
Table 119: MLD Snooping Multicast Router Configuration Fields..................................................................230
Table 120: MLD Snooping Multicast Router Status Fields..............................................................................231
Table 121: Multicast Router VLAN Configuration Fields ................................................................................232
Table 122: MLD Snooping Multicast Router VLAN Status Fields ....................................................................233
Table 123: MLD Snooping Querier Configuration Fields ................................................................................234
Table 124: MLD Snooping Querier VLAN Configuration Fields ......................................................................235
Table 125: MLD Snooping Querier VLAN Configuration Summary Fields ......................................................236
Table 126: MLD Snooping Querier VLAN Status Fields...................................................................................237
Table 127: MFDB Table Fields ........................................................................................................................238
Table 128: GMRP Table Fields ........................................................................................................................239
Table 129: MFDB IGMP Snooping Table Fields...............................................................................................240
Table 130: MLD Snooping Table Fields...........................................................................................................241
Table 131: Multicast Forwarding Database Statistics Fields ..........................................................................242
Table 132: Spanning Tree Switch Configuration/Status Fields.......................................................................244
Table 133: Spanning Tree CST Configuration/Status Fields............................................................................245
Table 134: Spanning Tree MST Configuration/Status ....................................................................................248
Table 135: Spanning Tree CST Port Configuration/Status Fields....................................................................250
Table 136: Spanning Tree MST Port Configuration/Status Fields...................................................................253
Table 137: Spanning Tree Statistics Fields......................................................................................................254
Table 138: DHCP Snooping Configuration ......................................................................................................256
Table 139: DHCP Snooping VLAN Configuration ............................................................................................256
Table 140: DHCP Snooping Interface Configuration.......................................................................................257
Table 141: LLDP Global Configuration Fields..................................................................................................259
Table 142: LLDP Interface Configuration Fields..............................................................................................260
Table 143: LLDP Interface Summary Fields ....................................................................................................261
Table 144: LLDP Statistics Fields.....................................................................................................................262
Table 145: LLDP Local Device Information Fields ...........................................................................................264
Table 146: LLDP Local Device Summary Columns ..........................................................................................265
D-Link
July 2012
Unified Wired and Wireless Access System
Page 37
D-Link UWS User Manual
Table 147: LLDP Remote Device Information Fields.......................................................................................265
Table 148: LLDP Remote Device Summary Columns......................................................................................266
Table 149: LLDP Global Configuration Fields..................................................................................................267
Table 150: LLDP-MED Interface Configuration Fields.....................................................................................268
Table 151: LLDP-MED Interface Summary Fields ...........................................................................................269
Table 152: LLDP-MED Local Device Information Fields ..................................................................................270
Table 153: LLDP-MED Remote Device Information Fields..............................................................................272
Table 154: Dynamic ARP Inspection Configuration ........................................................................................274
Table 155: Dynamic ARP Inspection VLAN Configuration ..............................................................................275
Table 156: Dynamic ARP Inspection Interface Configuration.........................................................................276
Table 157: Dynamic ARP Inspection ARP ACL Configuration..........................................................................277
Table 158: Dynamic ARP Inspection ARP ACL Rule Configuration..................................................................278
Table 159: Dynamic ARP Inspection Statistics................................................................................................279
Table 160: BOOTP/DHCP Relay Agent Configuration Fields...........................................................................281
Table 161: BOOTP/DHCP Relay Agent Status Fields.......................................................................................282
Table 162: IP Helper Global Configuration Fields...........................................................................................283
Table 163: IP Helper Global Configuration Add Fields ...................................................................................284
Table 164: IP Helper Interface Configuration Fields.......................................................................................285
Table 165: IP Helper Interface Configuration Add Fields ...............................................................................286
Table 166: IP Helper – Helper Statistics Fields ...............................................................................................287
Table 167: ARP Create Fields..........................................................................................................................289
Table 168: ARP Table Configuration Fields.....................................................................................................290
Table 169: ARP Table Fields............................................................................................................................291
Table 170: ARP Cache Fields...........................................................................................................................292
Table 171: IP Configuration Fields..................................................................................................................293
Table 172: IP Interface Configuration Fields ..................................................................................................295
Table 173: IP Statistics Fields..........................................................................................................................297
Table 174: Configured Loopback Interface Fields ..........................................................................................301
Table 175: Loopback Interface Secondary Address Fields .............................................................................301
Table 176: Loopbacks Summary Fields...........................................................................................................303
Table 177: RIP Configuration Fields................................................................................................................304
Table 178: RIP Interface Configuration Fields ................................................................................................306
Table 179: RIP Interface Summary Fields .......................................................................................................308
Table 180: RIP Route Redistribution Configuration Fields .............................................................................309
Table 181: RIP Route Redistribution Summary Fields ....................................................................................310
Table 182: Router Discovery Configuration Fields .........................................................................................311
Table 183: Router Discovery Status Fields .....................................................................................................313
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 38
D-Link UWS User Manual
Table 184: Route Table Fields ........................................................................................................................314
Table 185: Best Routes Table Fields ...............................................................................................................316
Table 186: Configured Routes Fields ..............................................................................................................317
Table 187: Route Entry Create Fields .............................................................................................................318
Table 188: Route Preferences Configuration Fields .......................................................................................319
Table 189: VLAN Routing Configuration Fields...............................................................................................321
Table 190: VLAN Routing Summary Fields .....................................................................................................323
Table 191: VRRP Configuration ......................................................................................................................324
Table 192: Virtual Router Configuration Fields ..............................................................................................325
Table 193: VRRP Interface Tracking Configuration Fields ..............................................................................327
Table 194: VRRP Track Interface Fields ..........................................................................................................328
Table 195: VRRP Route Tracking Configuration Fields ...................................................................................329
Table 196: VRRP Route Tracking Fields ..........................................................................................................330
Table 197: Virtual Router Status Fields ..........................................................................................................331
Table 198: Virtual Router Statistics Fields ......................................................................................................332
Table 199: 802.1p Priority Mapping...............................................................................................................335
Table 200: Trust Mode Configuration Fields ..................................................................................................336
Table 201: IP DSCP Mapping Configuration Fields .........................................................................................337
Table 202: Interface Configuration Fields ......................................................................................................338
Table 203: Interface Queue Configuration Fields...........................................................................................339
Table 204: DiffServ Configuration Fields ........................................................................................................342
Table 205: DiffServ Class Configuration Fields ...............................................................................................344
Table 206: Policy Configuration Fields ...........................................................................................................346
Table 207: Policy Class Definition Fields.........................................................................................................348
Table 208: Service Configuration Fields .........................................................................................................350
Table 209: Service Statistics Fields .................................................................................................................351
Table 210: Service Detailed Statistics Fields...................................................................................................353
Table 211: Auto VoIP Configuration Fields.....................................................................................................355
Table 212: IP ACL Configuration Fields...........................................................................................................357
Table 213: IP ACL Rule Configuration Fields...................................................................................................359
Table 214: MAC ACL Configuration Fields ......................................................................................................365
Table 215: MAC ACL Rule Configuration Fields ..............................................................................................367
Table 216: ACL Interface Configuration Fields ...............................................................................................371
Table 217: Port Security Interface Configuration Fields.................................................................................375
Table 218: Port Security Static Fields .............................................................................................................376
Table 219: Port Security Dynamic Fields ........................................................................................................377
Table 220: Port Security Violation Status Fields.............................................................................................378
D-Link
July 2012
Unified Wired and Wireless Access System
Page 39
D-Link UWS User Manual
Table 221: Secure HTTP Configuration Fields.................................................................................................379
Table 222: Secure Shell Configuration Fields .................................................................................................382
Table 223: Captive Portal Global Configuration .............................................................................................385
Table 224: Captive Portal Summary ...............................................................................................................386
Table 225: CP Configuration...........................................................................................................................387
Table 226: CP Web Page Customization.........................................................................................................392
Table 227: Local User Summary .....................................................................................................................395
Table 228: Local User Configuration ..............................................................................................................396
Table 229: Local User Configuration ..............................................................................................................397
Table 230: Captive Portal User RADIUS Attributes.........................................................................................398
Table 231: Global Captive Portal Configuration .............................................................................................400
Table 232: Global Captive Portal Status .........................................................................................................402
Table 233: CP Activation and Activity Status..................................................................................................403
Table 234: Interface Activation Status ...........................................................................................................404
Table 235: Interface and Capability Status.....................................................................................................405
Table 236: Client Summary ............................................................................................................................406
Table 237: Client Detail ..................................................................................................................................407
Table 238: Client Interface Association Connection Statistics .......................................................................408
Table 239: Interface - Client Status ................................................................................................................409
Table 240: CP - Client Status...........................................................................................................................409
Table 241: SNMP Trap Configuration .............................................................................................................410
Table 242: RADIUS Configuration Fields.........................................................................................................411
Table 243: RADIUS Server Configuration Fields .............................................................................................414
Table 244: RADIUS Server Configuration Fields .............................................................................................415
Table 245: RADIUS Accounting Server Configuration Fields ..........................................................................417
Table 246: Named Accounting Server Fields ..................................................................................................418
Table 247: Global Port Access Control Configuration Fields ..........................................................................420
Table 248: Port Access Control Port Configuration Fields..............................................................................422
Table 249: PAE Capability Configuration........................................................................................................423
Table 250: Dot1x Supplicant Port Configuration............................................................................................424
Table 251: Port Access Control Status Fields..................................................................................................426
Table 252: Port Access Control Port Summary Fields ....................................................................................430
Table 253: Port Access Control Statistics Fields .............................................................................................431
Table 254: Port Access Control Client Summary Fields ..................................................................................432
Table 255: Port Access Privileges Fields .........................................................................................................433
Table 256: TACACS+ Configuration Fields ......................................................................................................434
Table 257: TACACS+ Configuration Fields ......................................................................................................435
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 40
D-Link UWS User Manual
Table 258: Global WLAN Status/Statistics......................................................................................................446
Table 259: Switch Status/Statistics.................................................................................................................450
Table 260: AP Hardware Capability Radio Detail............................................................................................453
Table 261: Peer Switch Configuration ............................................................................................................455
Table 262: AP Hardware Capability Summary................................................................................................457
Table 263: AP Hardware Capability Radio Detail............................................................................................457
Table 264: AP Image Capability ......................................................................................................................458
Table 265: Peer Switch Status ........................................................................................................................459
Table 266: Peer Switch Configuration Status .................................................................................................460
Table 267: Peer Switch Managed AP Status...................................................................................................461
Table 268: Monitoring All Access Points ........................................................................................................462
Table 269: Managed Access Point Status.......................................................................................................465
Table 270: Detailed Managed Access Point Status ........................................................................................467
Table 271: Managed AP Radio Summary .......................................................................................................471
Table 272: Managed AP Radio Detail .............................................................................................................471
Table 273: Radio Detail Regulatory Domain...................................................................................................473
Table 274: Managed AP Neighbor Status.......................................................................................................474
Table 275: Neighbor AP Clients ......................................................................................................................475
Table 276: Managed Access Point VAP Status ...............................................................................................476
Table 277: Managed Access Point VAP TSPEC Status.....................................................................................477
Table 278: Distributed Tunneling Status ........................................................................................................478
Table 279: Managed Access Point WLAN Summary Statistics .......................................................................479
Table 280: Managed Access Point Ethernet Summary Statistics ...................................................................480
Table 281: Detailed Managed Access Point Statistics ....................................................................................480
Table 282: Managed Access Point Radio Statistics.........................................................................................482
Table 283: Managed Access Point VAP Statistics ...........................................................................................483
Table 284: Managed Access Point Distributed Tunneling Statistics...............................................................484
Table 285: Access Point Authentication Failure Status ..................................................................................487
Table 286: Access Point Authentication Failure Details .................................................................................488
Table 287: Access Point RF Scan Status..........................................................................................................490
Table 288: Detailed Access Point RF Scan Status ...........................................................................................492
Table 289: Access Point Triangulation Status.................................................................................................493
Table 290: WIDS AP Rogue Classification .......................................................................................................495
Table 291: AP De-Authentication Attack Status.............................................................................................496
Table 292: Associated Client Status Summary ...............................................................................................498
Table 293: Detailed Associated Client Status .................................................................................................500
Table 294: Associated Client QoS Status ........................................................................................................501
D-Link
July 2012
Unified Wired and Wireless Access System
Page 41
D-Link UWS User Manual
Table 295: Associated Client Neighbor AP Status ..........................................................................................502
Table 296: Associated Client Distributed Tunneling Status............................................................................504
Table 297: Associated Client TSPEC Status.....................................................................................................505
Table 298: Associated Client RRM Status.......................................................................................................506
Table 299: SSID Associated Client Status .......................................................................................................507
Table 300: VAP Associated Client Status ........................................................................................................508
Table 301: Switch Associated Client Status ....................................................................................................509
Table 302: Associated Client Association Summary Statistics........................................................................510
Table 303: Associated Client Session Summary Statistics ..............................................................................511
Table 304: Associated Client Association Detail Statistics..............................................................................512
Table 305: Associated Client Session Detail Statistics ....................................................................................513
Table 306: Associated Client TSPEC Statistics ................................................................................................515
Table 307: Ad Hoc Client Status .....................................................................................................................516
Table 308: Detected Client Status ..................................................................................................................517
Table 309: Detailed Detected Client Status....................................................................................................518
Table 310: WIDS Client Rogue Classification ..................................................................................................521
Table 311: Detected Client Pre-Authentication History .................................................................................523
Table 312: Detected Client Triangulation.......................................................................................................524
Table 313: Detected Client Roam History ......................................................................................................525
Table 314: Detected Client Pre-Authentication History Summary.................................................................526
Table 315: Detected Client Roam History ......................................................................................................527
Table 316: RRM Channel Load Configuration.................................................................................................528
Table 317: RRM Channel Load History ...........................................................................................................530
Table 318: RRM Neighbors Summary.............................................................................................................531
Table 319: WDS Group Status Summary ........................................................................................................532
Table 320: WDS AP Group Status ...................................................................................................................533
Table 321: WDS AP Group Status Summary...................................................................................................535
Table 322: WDS AP Link Status Summary ......................................................................................................536
Table 323: WDS Group Link Statistics Summary ............................................................................................538
Table 324: Basic Wireless Global Configuration.............................................................................................540
Table 325: L3 VLAN Discovery ........................................................................................................................546
Table 326: L2/VLAN Discovery .......................................................................................................................546
Table 327: Profile ...........................................................................................................................................548
Table 328: Radio Settings ...............................................................................................................................550
Table 329: Default VAP Configuration............................................................................................................556
Table 330: Wireless Network Configuration ..................................................................................................558
Table 331: Static WEP.....................................................................................................................................565
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 42
D-Link UWS User Manual
Table 332: WPA Security ................................................................................................................................567
Table 333: Valid Access Point Summary.........................................................................................................569
Table 334: Valid AP Configuration..................................................................................................................571
Table 335: Valid AP Configuration (Standalone Mode)..................................................................................573
Table 336: Local OUI Database Summary ......................................................................................................574
Table 337: Reset Fields...................................................................................................................................575
Table 338: RF Channel Plan and Power Adjustment ......................................................................................578
Table 339: Channel Plan History.....................................................................................................................580
Table 340: Manual Channel Plan....................................................................................................................581
Table 341: Manual Power Adjustments .........................................................................................................582
Table 342: Software Download ......................................................................................................................584
Table 343: Advanced AP Management ..........................................................................................................586
Table 344: Managed AP Debug ......................................................................................................................587
Table 345: Managed AP Channel/Power Adjust ............................................................................................589
Table 346: AP Provisioning Summary Status..................................................................................................590
Table 347: AP Provisioning Status ..................................................................................................................592
Table 348: General Global Configurations .....................................................................................................595
Table 349: SNMP Traps ..................................................................................................................................598
Table 350: Distributed Tunneling Configuration ............................................................................................600
Table 351: Device Location Configuration......................................................................................................601
Table 352: Wireless Network List ...................................................................................................................602
Table 353: Access Point Profile Summary ......................................................................................................605
Table 354: Access Point Profile Global Configuration ....................................................................................608
Table 355: Radio Settings ...............................................................................................................................611
Table 356: Default VAP Configuration............................................................................................................619
Table 357: QoS Settings..................................................................................................................................622
Table 358: TSPEC Configuration .....................................................................................................................625
Table 359: Peer Switch Configuration Request Status ...................................................................................627
Table 360: Peer Switch Configuration Enable/Disable ...................................................................................628
Table 361: Mutual Authentication .................................................................................................................630
Table 362: WIDS AP Configuration .................................................................................................................632
Table 363: WIDS Client Configuration ............................................................................................................635
Table 364: Known Client Summary ................................................................................................................637
Table 365: Known Client Configuration..........................................................................................................638
Table 366: Switch Certificate Request............................................................................................................639
Table 367: Switch Provisioning.......................................................................................................................640
Table 368: WDS Managed AP Group Configuration.......................................................................................644
D-Link
July 2012
Unified Wired and Wireless Access System
Page 43
D-Link UWS User Manual
Table 369: Edit WDS Managed AP Group Settings.........................................................................................645
Table 370: WDS Managed AP Summary.........................................................................................................646
Table 371: WDS Managed AP Configuration - Add AP ...................................................................................647
Table 372: WDS AP Link Configuration...........................................................................................................648
Table 373: WDS Link Create ...........................................................................................................................649
Table 374: Building .........................................................................................................................................651
Table 375: Building Floor................................................................................................................................652
Table 376: Managed AP Coordinates .............................................................................................................653
Table 377: Managed AP Location Summary...................................................................................................654
Table 378: On-Demand Location Trigger........................................................................................................655
Table 379: On-Demand Location Trigger Global Status .................................................................................657
Table 380: On-Demand Location Trigger Floor Status ...................................................................................658
Table 381: AP Triangulation Summary ...........................................................................................................660
Table 382: Detailed AP Triangulation Status ..................................................................................................661
Table 383: Client Triangulation Summary ......................................................................................................663
Table 384: Detailed Client Triangulation Status .............................................................................................664
Table 385: AP Scheduler Configuration..........................................................................................................665
Table 386: WLAN Visualization Menu Bar Options ........................................................................................674
Table 387: VAP Configuration Example Settings ............................................................................................690
Table 388: VAP Summary ...............................................................................................................................706
Table 389: Wireless LAN Users.......................................................................................................................707
Table 390: WIDS/WIPS VAP Summary............................................................................................................726
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 44
D-Link UWS User Manual
About This Document
About This Document
This guide describes how to configure the D-Link DWS-4000 Series Unified Wireless Switch (UWS) software
features by using the Web-based graphical user interface (GUI). The Unified Wired and Wireless Access System
architecture accommodates a variety of software modules, so D-Link DWS-4000 Series can be a Layer 2 switch
in a basic network or a Layer 3 router in a large, complex network. The switch software includes WLAN features
that allow it to manage and monitor multiple D-Link DWL-x600AP Access Points.
Audience
The information in this guide is intended for any of the following individuals:
• System administrators who are responsible for configuring and operating a network using D-Link DWS4000 Series switch
• Level 1 and/or Level 2 Support providers
To obtain the greatest benefit from this guide, you should have an understanding of the base software and
should have read the specification for your networking device platform. You should also have basic knowledge
of Ethernet and networking concepts.
Organization
This guide contains the following sections:
• Section 1: “Getting Started,” on page 47contains information about performing the initial system
configuration and accessing the user interfaces.
• Section 2: “System Administration,” on page 62 describes how to configure administrative features such
as SNMP, DHCP, and port information.
• Section 3: “Using System Tools,” on page 169 describes how to perform the system-maintenance tasks
available from the Tools menu.
• Section 4: “Configuring L2 Features,” on page 181 describes how to manage and monitor the layer 2
switching features.
• Section 5: “Configuring L3 Features,” on page 280 describes how to configure the layer 3 routing features.
• Section 6: “Configuring Quality of Service,” on page 334 describes how to configure the Differentiated
Services, Class of Service, and Auto VoIP features.
• Section 7: “Configuring Access Control Lists,” on page 356 describes how to manage the D-Link DWS-4000
Series software ACLs.
• Section 8: “Managing Device Security,” on page 373 contains information about configuring switch
security information such as captive portal configuration, port access control, TACACS+, and RADIUS
server settings.
• Section 9: “Configuring the Wireless Features,” on page 437describes how to configure the switch so it
can manage multiple access points on the network.
• Appendix A: “Configuration Examples,” on page 679 describe how to configure selected features on the
switch by using the Web interface, command-line interface, and Simple Network Management Protocol
(SNMP).
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 45
D-Link UWS User Manual
About This Document
Additional Documentation
The following documentation provides additional information about D-Link DWS-4000 Series software:
• The D-Link DWS-4000 Series CLI Command Reference describes the commands available from the
command-line interface (CLI) for managing, monitoring, and configuring the switch.
• The Unified Wired & Wireless Access System Configuration Guide contains several configuration scenarios
that show how to set up a WLAN network and configure the wireless features.
• Release notes for this D-Link DWS-4000 Series product detail the platform-specific functionality of the
software packages, including issues and workarounds.
Document Conventions
This section describes the conventions this document uses.
Note: A note provides more information about a feature or technology.
Caution! A caution provides information about critical aspects of the configuration, combinations of
settings, events, or procedures that can adversely affect network connectivity, security, and so on.
This guide uses the typographical conventions described in Table 1.
Table 1: Typographical Conventions
Symbol
Description
Example
Bold
Blue Text
Menu titles, button names, and keyboard names
when referred to in steps
Hyperlinked text.
Click Submit to apply your
settings.
See Section : “About This
Document,” on page 45.
courier font
Command-line text and file names
(switch-prompt)#
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 46
D-Link UWS User Manual
Getting Started
Section 1: Getting Started
This section describes how to start the switch and access the user interface. It contains the following sections:
• “Connecting the Switch to the Network”
• “Booting the Switch”
• “Understanding the User Interfaces”
Connecting the Switch to the Network
To enable remote management of the switch through telnet, a Web browser, or SNMP, you must connect the
switch to the network. The default IP address/subnet mask of the switch management interface is
10.90.90.90/255.0.0.0 and DHCP is disabled on the switch. So you must either connect the switch to a 10.0.0.0
network or you must provide appropriate network parameters, such as the IP address, subnet mask, and
default gateway by connecting to the switch command line interface (CLI) using the terminal interface via the
EIA 232 port. You can manually configure the network parameters or enable the DHCP client on the switch to
get those via DHCP.
After you configure network information, such as the IP address and subnet mask, and the switch is physically
and logically connected to the network, you can manage and monitor the switch remotely through SSH, telnet,
a Web browser, or an SNMP-based network management system. You can also continue to manage the switch
through the terminal interface via the EIA-232 port.
To connect to the switch and configure or view network information, use the following steps:
1. Using a straight-through modem cable, connect a VT100/ANSI terminal or a workstation to the console
(serial) port.
If you attached a PC, Apple®, or UNIX® workstation, start a terminal-emulation program, such as
HyperTerminal or TeraTerm.
2. Configure the terminal-emulation program to use the following settings:
– Baud rate: 115200 bps
– Data bits: 8
– Parity: none
– Stop bit: 1
– Flow control: none
3. Power on the switch.
4. Press the return key, and the User: prompt appears.
Enter admin as the user name. There is no default password. Press ENTER at the password prompt if you
did not change the default password.
After a successful login, the screen shows the system prompt, which varies based on the D-Link DWS-4000
Series switch model. For example, the default prompt for a DWS-4026 switch is (DWS-4026)>.
5. At the (DWS-4026)> prompt, enter enable to enter the Privileged EXEC command mode. There is no default
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 47
D-Link UWS User Manual
Booting the Switch
password to enter Privileged EXEC mode. Press ENTER at the password prompt if you did not change the
default password.
The command prompt changes to (DWS-4026)#.
6. Configure network information.
– To use a DHCP server to obtain the IP address, subnet mask, and default gateway information, enter:
network protocol dhcp.
– To manually configure the IPv4 address, subnet mask, and (optionally) default gateway, enter:
network parms ipaddress netmask [gateway], for example:
network parms 192.168.2.23 255.255.255.0 192.168.2.1
– To manually configure the IPv6 address, subnet mask, and (optionally) default gateway, enter:
network ipv6 address address/prefix-length [eui64]
network ipv6 gateway gateway
To view the network information, enter show network.
7. To save these changes so they are retained during a switch reset, enter the following command:
copy system:running-config nvram:startup-config
or use the command write memory.
After the switch is connected to the network, you can use the IP address for remote access to the switch by
using a Web browser or through telnet or SSH.
Booting the Switch
When the power is turned on with the local terminal already connected, the switch goes through Power-On
Self-Test (POST). POST runs every time the switch is initialized and checks hardware components to determine
if the switch is fully operational before completely booting.
If a critical problem is detected, the program flow stops. If POST passes successfully, a valid executable image
is loaded into RAM.
POST messages are displayed on the terminal and indicate test success or failure.
To boot the switch, perform the following steps:
1. Make sure that the serial cable is connected to the terminal.
2. Power on the switch.
As the switch boots, the bootup test first counts the switch memory availability and then continues to boot.
3. During boot, you can use the Boot menu, if necessary, to run special procedures. To enter the Boot menu,
press 2 within the first ten seconds after the following message appears.
Select an option. If no selection in 10 seconds then
operational code will start.
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):2
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 48
D-Link UWS User Manual
Booting the Switch
For information about the Boot menu, see ““Boot Menu Functions” on page 49." If you do not start the boot
menu, the operational code continues to load.After the switch boots successfully, the User login prompt
appears and you can use the local terminal to begin configuring the switch. However, before configuring the
switch, make sure that the software version installed on the switch is the latest version. If it is not the latest
version, download and install the latest version. See “Download File To Switch (TFTP)” on page 171.
Boot Menu Functions
You can perform many configuration tasks through the Boot menu, which can be invoked after the first part
of the POST is completed.
Use the following procedures to display the Boot menu:
1. During the boot process, press 2 within ten seconds after the following message displays:
Boot Menu Version: 12 jun 2007
Select an option. If no selection in 10 seconds then
operational code will start.
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):2
Boot Menu Version: 12 jun 2007
Options available
1 - Start operational code
2 - Change baud rate
3 - Retrieve event log using XMODEM
4 - Load new operational code using XMODEM
5 - Load configuration using XMODEM
6 - Display operational code vital product data
7 - Run flash diagnostics
8 - Update boot code
9 - Delete operational code
10 - Reset the system
11 - Restore configuration to factory defaults (delete config files)
12 - Activate Backup Image
[Boot Menu]
The following sections describe the Boot menu options. If no selection is made within 10 seconds (default), the
operational code starts.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 49
D-Link UWS User Manual
Booting the Switch
Start Operational Code
Use option 1 to resume loading the operational code.
To relaunch the boot process from the Boot menu:
1. On the Boot menu, select 1 and press <Enter>.
The following prompt displays:
Operational Code Date: Thu Jun 8 12:51:44 2006
Uncompressing.....
50%
100%
||||||||||||||||||||||||||||||||||||||||||||||||||
1 File: bootos.c
Line: 462 Task: ffffe00 EC: 2863311530 (0xaaaaaaaa)
(0 d 0 hrs 0 min 13 sec)
Timebase: 24.750275 MHz, MEM: 99.001100 MHz, PCI: 33.000366 MHz, CPU: 198.002200 MHz
PCI device BCM5675_A0 attached as unit 0.
PCI device BCM5695_B0 attached as unit 1.
PCI device BCM5695_B0 attached as unit 2.
PCI device BCM5673_A1 attached as unit 3.
PCI device BCM5673_A1 attached as unit 4.
Adding BCM transport pointers
Configuring CPUTRANS TX
Configuring CPUTRANS RX
st_state(0) = 0x0
st_state(1) = 0x3
st_state(2) = 0x2
Change Baud Rate
Use option 2 to change the baud rate of the serial interface.
To change the baud rate from the Boot menu:
1. On the Boot menu, select 2 and press <Enter>.
The following prompt displays:
[Boot Menu]2
Select baud rate:
1 - 1200
2 - 2400
3 - 4800
4 - 9600
5 - 19200
6 - 38400
7 - 57600
8 - 115200
0 - no change
Note: The selected baud rate takes effect immediately.
2. The bootup process resumes.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 50
D-Link UWS User Manual
Booting the Switch
Retrieve Event Log Using XMODEM
Use option 3 to retrieve the event log and download it to your ASCII terminal.
To retrieve the event log from the Boot menu:
1. On the Boot menu, select 3 and press <Enter>.
The following prompt displays:
[Boot Menu] 3
Sending event log, start XMODEM receive.....
File asciilog.bin Ready to SEND in binary mode
Estimated File Size 169K, 1345 Sectors, 172032 Bytes
Estimated transmission time 3 minutes 20 seconds
Send several Control-X characters to cancel before transfer starts.
2. The bootup process resumes.
Load New Operational Code Using XMODEM
Use option 4 when a new software version must be downloaded to replace corrupted files, update, or upgrade
the system software.
To download software from the Boot menu:
1. On the Boot menu, select 4 and press <Enter>.
The following prompt displays:
[Boot Menu] 4
Ready to receive the file with XMODEM/CRC....
Ready to RECEIVE File xcode.bin in binary mode
Send several Control-X characters to cancel before transfer starts.
2. When using HyperTerminal, click Transfer on the HyperTerminal menu bar.
3. From the Transfer menu, click Send File.
The Send File window displays.
4. Enter the file path for the file to be downloaded.
5. Make sure the protocol is defined as XMODEM.
6. Click Send.
The software is downloaded. Software downloading takes several minutes. The terminal emulation
application, such as HyperTerminal, may display the loading process progress.
After software downloads, the switch reboots automatically.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 51
D-Link UWS User Manual
Booting the Switch
Load Configuration Using XMODEM
Use option 5 when a new configuration file must be downloaded to replace the saved system configuration
file.
To download software from the Boot menu:
1. On the Boot menu, select 5 and press <Enter>.
The following prompt displays:
[Boot Menu] 4
Ready to receive the file with XMODEM/CRC....
Ready to RECEIVE File tempcfg.bin in binary mode
Send several Control-X characters to cancel before transfer starts.
2. When using HyperTerminal, click Transfer on the HyperTerminal menu bar.
3. From the Transfer menu, click Send File.
The Send File window displays.
4. Enter the file path for the file to be downloaded.
5. Make sure the protocol is defined as XMODEM.
6. Click Send.
The configuration file is downloaded. The terminal emulation application, such as HyperTerminal, may
display the loading process progress.
Display Operational Code Vital Product Data
Use option 6 to view boot image information.
To display boot image information from the Boot menu:
1. On the Boot menu, select 6 and press <Enter>.
The following prompt displays:
[Boot Menu] 6
The following image is in the Flash File System:
File Name......................................image1
CRC............................................0xb017 (45079)
Target Device..................................0x00508541
Size...........................................0x8ec50c (9356556)
Number of Components...........................2
Operational Code Size..........................0x7ec048 (8306760)
Operational Code Offset........................0x74 (116)
Operational Code FLASH flag....................1
Operational Code CRC...........................0x9B4D
Boot Code Version..............................1
Boot Code Size.................................0x100000 (1048576)
Boot Code Offset...............................0x7ec0bc (8306876)
Boot Code FLASH flag...........................0
Boot Code CRC..................................0x1CB8
VPD - rel 0 ver 31 maint_lvl 0
Timestamp - Thu Jun 8 12:51:44 2006
File - pc62xxr0v31.stk[Boot Menu]
2. The bootup process resumes.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 52
D-Link UWS User Manual
Booting the Switch
Run Flash Diagnostics
Use option 7 to run flash diagnostics. User action is confirmed with a Y/N question before executing the
command.
To perform a complete test of the flash memory from the Boot menu:
1. On the Boot menu, select 6 and press <Enter>.
The following prompt displays:
[Boot Menu] 7
Do you wish to run flash diagnostics? (Boot code region will not be tested.) (y/n): y
Input number of diagnostic iterations -> 1
Testing 2 x 28F128J3 base: 0xfe000000
Iterations remaining = 1
Erasing sector 0
Verify sector 0 erased
Writing sector 0
Erasing sector 1
Verify sector 1 erased
Writing sector 1
Erasing sector 2
Verify sector 2 erased
Writing sector 2
Erasing sector 3
Verify sector 3 erased
Writing sector 3
Erasing sector 4
Verify sector 4 erased
Writing sector 4
Erasing sector 5
Verify sector 5 erased
Writing sector 5
Erasing sector 6
Verify sector 6 erased
Writing sector 6
Note: This process runs until all sectors have been erased, verified erased, and written.
Flash Diagnostics passed
[Boot Menu]
2. The bootup process resumes.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 53
D-Link UWS User Manual
Booting the Switch
Update Boot Code
Use option 8 to update the boot code in the flash memory. This option is only valid after loading new boot code
using Boot Menu option 4. User action is confirmed with a Y/N question before executing the command.
To download software from the Boot menu:
1. On the Boot menu, select 8 and press <Enter>.
The following prompt displays:
Do you wish to update Boot Code? (y/n) y
Erasing Boot Flash.....Done.
Wrote 0x10000 bytes.
Wrote 0x20000 bytes.
Wrote 0x30000 bytes.
Wrote 0x40000 bytes.
Wrote 0x50000 bytes.
Wrote 0x60000 bytes.
Boot code updated
2. The bootup process resumes.
Delete Operational Code
Use option 9 to delete the active image from the flash memory. User action is confirmed with a Y/N question
before executing the command.
To delete the backup image from the Boot menu:
1. On the Boot menu, select 8 and press <Enter>.
The following prompt displays:
Are you SURE you want to delete operational code : image2 ? (y/n):y
Operational code deleted...
[Boot Menu]
2. The bootup process resumes.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 54
D-Link UWS User Manual
Booting the Switch
Reset the System
Use option 10 to clear all flash and reset the system to its default setting. User action is confirmed with a Y/N
question before executing the command.
To reset the system from the Boot menu:
1. On the Boot menu, select 10 and press <Enter>.
The following prompt displays:
[Boot Menu] 10
Are you SURE you want to reset the system? (y/n):y
Boot code......
SDRAM 256
Boot Menu Version: Oct 20 2004
Select an option. If no selection in 10 seconds then operational code will start.
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):2
2. The bootup process resumes.
Restore Configuration To Factory Defaults (Delete Configuration Files)
Use option 11 to load using the system default configuration and to boot without using the current startup
configuration. Selecting 11 from the Boot Menu restores system defaults. Boot Sequence can then be started
by selecting 1 from the Boot Menu.
To download software from the Boot menu:
1. On the Boot menu, select 11 and press <Enter>.
The following prompt displays:
Are you SURE you want to delete the configuration? (y/n):y
2. The bootup process resumes.
Activate Backup Image
Use option 12 to activate the backup image. The active image becomes the backup when this option is
selected.
To activate the backup image:
1. From the Boot menu, select 12 and press <Enter>.
The following message displays:
Backup image - image2 activated.
2. The bootup process resumes.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 55
D-Link UWS User Manual
Understanding the User Interfaces
Understanding the User Interfaces
D-Link DWS-4000 Series software includes a set of comprehensive management functions for configuring and
monitoring the system by using one of the following three methods:
• Web User Interface
• Command-Line Interface (CLI)
• Simple Network Management Protocol (SNMP)
Each of the standards-based management methods allows you to configure and monitor the components of
the D-Link DWS-4000 Series software. The method you use to manage the system depends on your network
size and requirements, and on your preference.
This guide describes how to use the Web-based interface to manage and monitor the system. For information
about how to manage and monitor the system by using the CLI, see the D-Link DWS-4000 Series CLI Command
Reference.
Using the Web Interface
To access the switch by using a Web browser, the browser must meet the following software requirements:
• HTML version 4.0, or later
• HTTP version 1.1, or later
• JavaScript™ version 1.5, or later
Use the following procedures to log on to the Web Interface:
Note: The switch web UI supports Internet Explorer v6 and v7. Appropriate display of the web pages
is not guaranteed for other web browsers.
1. Open a Web browser and enter the IP address of the switch in the Web browser address field.
2. Type the user name and password into the fields on the login screen, and then click Login.
The user name and password are the same as those you use to log on to the command-line interface. By
default, the user name is admin, and there is no password. Passwords are case sensitive.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 56
D-Link UWS User Manual
Understanding the User Interfaces
3. After the system authenticates you, the System Description page displays.
Figure 1 shows the layout of the switch Web interface. Each Web page contains three main areas: device view,
the navigation tree, and the configuration status and options.
Administration
Tools
Navigation Tree
Device View
Logout
Button
Help Page
Access
Configuration Status and Options
Figure 1: Web Interface Layout
Device View
The Device View is a Java® applet that displays the ports on the switch. This graphic appears at the top of each
page to provide an alternate way to navigate to configuration and monitoring options. The graphic also
provides information about device ports, current configuration and status, table information, and feature
components.
The port coloring indicates if a port is currently active. Green indicates that the port is enabled, red indicates
that an error has occurred on the port, and blue indicates that the link is disabled.
Figure 2 shows the Device View for the back of the system.
Figure 2: Device View—Back
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 57
D-Link UWS User Manual
Understanding the User Interfaces
Click the port you want to view or configure to see a menu that displays statistics and configuration options.
Click the menu option to access the page that contains the configuration or monitoring options.
If you click the graphic but do not click a specific port, the main menu appears, as Figure 3 shows. This menu
contains the same option as the navigation menu on the left side of the page.
Figure 3: Cascading Navigation Menu
Navigation Tree View
The hierarchical-tree view is on the left side of the Web interface. The tree view contains a list of various device
features. The branches in the navigation tree can be expanded to view all the components under a specific
feature, or retracted to hide the feature's components.
The tree consists of a combination of folders, subfolders, and configuration and status HTML pages. Click the
folder to view the options in that folder. Each folder contains either subfolders or HTML pages, or a
combination of both. Figure 4 shows an example of a folder, subfolder, and HTML page in the navigation
menu. When you click a folder or subfolder that is preceded by a plus sign (+), the folder expands to display
the contents. If you click an HTML page, a new page displays in the main frame. A folder or subfolder has no
corresponding HTML page.
Folder
Subfolder
HTML Page
Figure 4: Navigation Tree View
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 58
D-Link UWS User Manual
Understanding the User Interfaces
The D-Link DWS-4000 Series switch navigation tree also contains a LAN tab for wired features and a WLAN tab
for Wireless features, as the following figure shows.
LAN Tab
WLAN Tab
Figure 5: LAN and WLAN Tabs
Configuration and Monitoring Options
The panel directly under the graphic and to the right of the navigation menu displays the configuration
information or status for the page you select. On pages that contain configuration options, you can input
information into fields or select options from drop-down menus.
Each page contains access to the HTML-based help that explains the fields and configuration options for the
page. Many pages also contain command buttons.
The command buttons in the following table are used throughout the pages in the Web interface:
Table 2: Common Command Buttons
Button
Function
Submit
Clicking the Submit button sends the updated configuration to the switch. Configuration
changes take effect immediately, but changes are not retained across a power cycle
unless you save them to the system configuration file.
Note: To save the configuration to non-volatile memory, use the Save Changes option
from the Administration Tools menu.
Clicking the Refresh button refreshes the page with the latest information from the
router.
Clicking the Logout button ends the session.
Refresh
Logout
Caution! Submitting changes makes them effective during the current boot session only. You must
save any changes if you want them to be retained across a power cycle (reboot). To save changes
across a power cycle, use the Save Changes option from the Administration Tools menu.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 59
D-Link UWS User Manual
Understanding the User Interfaces
Help Page Access
Every page contains a link to the online help, which contains information to assist in configuring and managing
the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help
topic for that page displays if you click Help. Figure 6 shows the link to click to access online help on each page.
Figure 6: Help Link
Figure 1 on page 57 shows the location of the Help link on the Web interface.
Using the Command-Line Interface
The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the
CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH.
The CLI groups commands into modes according to the command function. Each of the command modes
supports specific software commands. The commands in one mode are not available until you switch to that
particular mode, with the exception of the User EXEC mode commands. You can execute the User EXEC mode
commands in the Privileged EXEC mode.
To display the commands available in the current mode, enter a question mark (?) at the command prompt.
To display the available command keywords or parameters, enter a question mark (?) after each word you type
at the command prompt. If there are no additional command keywords or parameters, or if additional
parameters are optional, the following message appears in the output:
<cr>
Press Enter to execute the command
For more information about the CLI, see the D-Link DWS-4000 Series CLI Command Reference.
The D-Link DWS-4000 Series CLI Command Reference lists each command available from the CLI by the
command name and provides a brief description of the command. Each command reference also contains the
following information:
• The command keywords and the required and optional parameters.
• The command mode you must be in to access the command.
• The default value, if any, of a configurable setting on the device.
The show commands in the document also include a description of the information that the command shows.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 60
D-Link UWS User Manual
Understanding the User Interfaces
Using SNMP
You can manage the D-Link DWS-4000 Series switch using SNMP. You can configure SNMP groups and users
that can manage traps that the SNMP agent generates.
D-Link DWS-4000 Series uses both standard public MIBs for standard functionality and private MIBs that
support additional switch functionality. SNMP is enabled by default.
Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, you
need to configure a new user profile. To configure a profile by using the CLI, see the SNMP section in the DLink DWS-4000 Series CLI Command Reference. To configure an SNMPv3 profile by using the Web interface,
use the following steps:
1. Select LAN > Administration > User Accounts from the hierarchical tree on the left side of the Web
interface.
2. From the User menu, select Create to create a new user.
3. Enter a new user name in the User Name field.
4. Enter a new user password in the Password field and then retype it in the Confirm Password field.
To use SNMPv3 Authentication for this user, set a password of eight or more alphanumeric characters.
5. To enable authentication, use the Authentication Protocol menu to select either MD5 or SHA for the
authentication protocol.
6. To enable encryption, use the Encryption Protocol menu to select DES for the encryption scheme. Then,
enter an encryption code of eight or more alphanumeric characters in the Encryption Key field.
7. Click Submit.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 61
D-Link UWS User Manual
System Administration
Section 2: System Administration
Use the features in the Administration navigation tree folder to define the switch’s relationship to its
environment. The Administration folder contains links to the following features:
• “System Description”
• “Switch Configuration”
• “Card Configuration”
• “PoE Configuration”
• “Serial Port”
• “IP Address”
• “Network DHCP Client Options”
• “HTTP Configuration”
• “User Accounts”
• “Authentication List Configuration”
• “User Login”
• “Denial of Service Protection”
• “Multiple Port Mirroring”
• “Managing and Viewing Logs”
• “Telnet Sessions”
• “Outbound Telnet Client Configuration”
• “Ping Test”
• “TraceRoute”
• “Configuring SNTP Settings”
• “Configuring and Viewing Device Port Information”
• “Managing and Viewing Logs”
• “Defining SNMP Parameters”
• “Managing the DHCP Server”
• “Configuring Time Ranges”
• “Configuring DNS”
• “Configuring and Viewing ISDP Information”
• “Configuring sFlow”
• “Viewing System Statistics”
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 62
D-Link UWS User Manual
System Description
System Description
After a successful login, the System Description page displays. Use this page to configure and view general
device information.
To display the System Description page, click LAN > Administration > System Description in the navigation
tree.
Figure 7: System Description
Table 3: System Description Fields
Field
Description
System Description
System Name
The product name of this switch.
Enter the name you want to use to identify this switch. You may use up to 31 alphanumeric characters. The factory default is blank.
Enter the location of this switch. You may use up to 31 alpha-numeric characters. The
factory default is blank.
Enter the contact person for this switch. You may use up to 31 alpha-numeric
characters. The factory default is blank.
The IP Address assigned to the network interface. To change the IP address, see
“Serial Port” on page 73.
The base object ID for the switch's enterprise MIB.
Enter the current date and time that the switch will follow using the on-board realtime clock.
Displays the number of days, hours, and minutes since the last system restart.
Displays currently synchronized SNTP time in UTC. If no SNTP server has been
configured and the time is not synchronized, this field displays “Not Synchronized.”
To specify an SNTP server, see “Configuring SNTP Settings” on page 97.
System Location
System Contact
IP Address
System Object ID
System Time (yyyymm-dd h:m:s)
System Up Time
Current SNTP
Synchronized Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 63
D-Link UWS User Manual
Switch Configuration
Defining System Information
1. Open the System Description page.
2. Define the following fields: System Name, System Contact, and System Location.
3. If the SNTP Time has synchronized, you can click the Synchronize system time with NTP time to apply the
SNTP time to system time
4. Click Submit.
The system parameters are applied, and the device is updated.
Note: If you want the switch to retain the new values across a power cycle, you must perform a
configuration save, but the System Time does not need a save to retain the new values across a
power cycle.
Switch Configuration
From the Switch Configuration page, you can control the IEEE 802.3x flow control mode for the switch.
IEEE 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping all
traffic for small bursts of time during the congestion condition. This can lead to high-priority and/or network
control traffic loss. When 802.3x flow control is enabled, lower speed switches can communicate with higher
speed switches by requesting that the higher speed switch refrains from sending packets. Transmissions are
temporarily halted to prevent buffer overflows.
To display the Switch Configuration page, click LAN > Administration > Switch Configuration in the navigation
tree.
Figure 8: Switch Configuration
Table 4: Switch Configuration Fields
Field
Description
IEEE 802.3x Flow
Control Mode
Enables or disables IEEE 802.3x flow control on the system. The factory default is
disabled.
• Enable: Enables flow control so that the switch can communicate with higher
speed switches.
• Disable: Disables flow control so that the switch does not send pause packets if
the port buffers become full.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 64
D-Link UWS User Manual
Switch Configuration
• If you change the mode, click Submit to apply the changes to the system. If you want the switch to retain
the new values across a power cycle, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 65
D-Link UWS User Manual
Viewing Inventory Information
Viewing Inventory Information
Use the Inventory Information page to display the switch's Vital Product Data, which is stored in non-volatile
memory at the factory.
To display the inventory information, click LAN > Monitoring  Inventory Information page in the navigation
tree.
Figure 9: Inventory Information
Card Configuration
The pages in the Slot folder provide information about the cards installed in the slots on the switch. To access
the Card Configuration page, click LAN > Administration > Card Configuration in the navigation menu.
Figure 10 shows the fields that display when the slot contains a card.
Figure 10: Card Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 66
D-Link UWS User Manual
Card Configuration
Table 5: Card Configuration Fields
Field
Description
Slot
Indicates the slot in the selected unit for which data is to be displayed or
configured.
Slot Status
Indicates whether a card is in the slot (Full or Empty).
Admin State
Displays whether the slot is administratively enabled or disabled. This field is
non-configurable for read-only users.
Power State
Displays whether the slot is powered on of off. This field is non-configurable
for read-only users.
Inserted Card Model
Displays the model identifier of the card plugged into the selected slot. If no
card has been plugged in, this field is not shown.
Inserted Card Description
Displays the description of the card plugged into the selected slot. If no card
has been plugged in, this field is not shown.
Configured Card Model
Displays the model identifier of the card pre-configured for the selected slot.
If no card has been pre-configured, this field is not shown.
Configured Card Description Displays the model identifier of the card pre-configured for the selected slot.
If no card has been pre-configured, this field is not shown.
Pluggable
Displays the pluggable indicator of the specified slot.
Power Down
Displays the power down indicator of the specified slot.
• If you make any changes to the page, click Submit to apply the changes to the system.
• Click Clear to clear any pre-configuration of a card in a slot which does not have any card plugged into it. If
there is a card plugged into the slot or the slot has no card plugged and has not been pre-configured yet,
this button is not shown.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 67
D-Link UWS User Manual
Card Configuration
Slot Summary
The Slot Summary page displays information about the slots present in the switch.
To access the Slot Summary page, click LAN > Monitoring > Slot Summary in the navigation tree.
Figure 11: Slot Summary
Table 6: Slot Summary Fields
Field
Description
Slot
Status
Administrative State
Power State
Card Model ID
Card Description
Identifies the slot using the format unit/slot.
Displays whether the slot is empty or full.
Displays whether the slot is administratively enabled or disabled
Displays whether the slot is powered on of off.
Displays the model ID of the card configured for the slot.
Displays the description of the card configured for the slot.
• Click Refresh to display the most current information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 68
D-Link UWS User Manual
Card Configuration
PoE Configuration
Use the PoE Configuration page to configure the Power over Ethernet (PoE) features.
To access the PoE Configuration page, click LAN > Administration > PoE Configuration in the navigation menu.
The following figure shows the fields that display.
Figure 12: PoE Configuration
Table 7: PoE Configuration Fields
Field
Description
System Usage Threshold
Sets threshold level at which a trap is sent if the total power consumed is
greater than or equal to the specified percentage of total power available.
Sets the PoE switch in the following power management modes. The options
are as follows:
• Static: In this mode the power initially requested by the powered device is
reserved for the port alone. The reserved power is also equal to the power
limit of the port. Thus the total power available for the prospective
powered devices is less than the actual available power. This configuration
is useful in cases when the powered devices can draw variable power and
also be assured that power is always available for this purpose.
• Dynamic: In this mode there is no power reservation for a port. Thus the
total power available for the prospective powered devices is more in this
configuration. This configuration is useful when there are many powered
devices and less power available with the PoE switch.
Select the slot and port with the information to configure.
Enables or disables the ability of the port to deliver power.
Power Management Mode
Slot/Port
Admin Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 69
D-Link UWS User Manual
Card Configuration
Table 7: PoE Configuration Fields (Cont.)
Field
Description
Priority
The switch may not be able to supply power to all connected devices. So,
priority is used to determine which ports can supply power. For ports with the
same priority, the lower numbered port will have a higher priority.
Defines the maximum power which can be delivered by a port.
Use this field to impose a time limitation. When you click Configure, you can
select a configured time range or create a new named time range. To
configure the time range values, use the LAN > Administration > Time Ranges
> Time Range Entry Configuration page.
Power Limit
Time Range
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 70
D-Link UWS User Manual
PoE Status
PoE Status
Power over Ethernet (PoE) technology allows IP telephones, wireless LAN Access Points, Web-Cameras and
many other appliances to receive power as well as data over existing LAN cabling, without needing to modify
the existing Ethernet infrastructure.
To display the PoE status, click LAN > Monitoring  PoE Status page in the navigation tree.
Figure 13: PoE Status
Table 8: PoE Status Fields
Field
Description
Max System Power Available
Current System Power Used
Slot/Port
Admin Mode
Class
Maximum amount of power the system can deliver to all ports.
Total amount of power currently being delivered to all ports.
Interface associated with the data
Enables/Disables the ability of the port to deliver power.
The class of the Powered Device (PD) defines the range of power a PD is
drawing from the system. Class definitions:
• 0: 0.44-12.95(watts)
• 1: 0.44- 3.83(watts)
• 2: 3.84- 6.48(watts)
• 3: 6.49-12.95(watts)
Used to determine which ports can deliver power when the system. The
switch may not be able to supply power to all connected devices. Priority is
used to determine which ports can supply power. Ports which have the same
priority, the lower numbered port will have a higher priority.
Current power being delivered to device in Watts.
Current being delivered to device in mA.
Current voltage being delivered to device in volts.
Defines the maximum power which can be delivered by a port.
Priority
Output Power
Output Current
Output Voltage
Power Limit
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 71
D-Link UWS User Manual
PoE Status
Table 8: PoE Status Fields (Cont.)
Field
Description
Status
Operational status of the port PD detection. The possible values for this field
are:
• Disabled: Indicates no power being delivered.
• Requesting Power: Indicates PoE switch does not have enough power to
supply power to the requesting powered device.
• Delivering Power: Indicates power is being drawn by device.
• Fault: Indicates a problem with the port
• Test: Indicates port is in test mode
• Other Fault: Indicates port is idle due to error condition
• Searching: Indicates port is not in one of the above states.
Time limitation of the port. For more information of the time range, please
reference the LAN > Administration > Time Ranges > Time Range Entry
Configuration page.
Show the operation mode of the port. The possible values are Enabled or
Disabled
Provides additional information about POE Operational Mode. The reason
can be one of the following:
• Admin Mode: Operated by Admin Mode
• Time Range - Active: Operated by Time Range and the current system time
is included in the active time period
• Time Range - Inactive: Operated by Time Range and the current system
time is included in the inactive time period.
Time Range
POE Operational Mode
POE Operational Reason
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 72
D-Link UWS User Manual
Serial Port
Serial Port
The Serial Port Configuration page allows you to change the switch’s serial port settings. In order for a terminal
or terminal emulator to communicate with the switch, the serial port settings on both devices must be the
same. Some settings on the switch cannot be changed.
To view or configure the serial port settings on the switch, click LAN > Administration > Serial Port in the
navigation tree.
Figure 14: Serial Port
Table 9: Serial Port Fields
Field
Description
Serial Port Login Timeout
(minutes)
Indicates how many minutes of inactivity should occur on a serial port
connection before the switch closes the connection. Enter a number between
0 and 160. The factory default is 5. Entering 0 disables the timeout.
Select the default baud rate for the serial port connection from the menu. The
factory default is 115200.
The number of bits in a character. This is always 8.
Whether hardware flow control is enabled or disabled. It is always disabled.
The number of stop bits per character. Its is always 1.
The parity method used on the serial port. It is always None.
Baud Rate (bps)
Character Size (bits)
Flow Control
Stop Bits
Parity
• If you change any data, click Submit to apply the changes to the system. If you want the switch to retain
the new values across a power cycle, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 73
D-Link UWS User Manual
IP Address
IP Address
The network interface is the logical interface used for in-band connectivity with the switch via any of the
switch's front panel ports. The configuration parameters associated with the switch's network interface do not
affect the configuration of the front panel ports through which traffic is switched or routed.
The Network Connectivity page allows you to change the IP information using the Web interface.
To access the page, click LAN > Administration > IP Address in the navigation tree.
Note that the page displays differently depending on the IP protocol version chosen.
Figure 15: Network Connectivity
Table 10: Network Connectivity Fields
Field
Description
Network Configuration
Protocol Current
Specify what the switch should do following power-up. The factory default is
None. The options are as follows:
• BootP: Transmit a Bootp request
• DHCP: Transmit a DHCP request
• None: Do not send any requests following power-up.
The IP address of the network interface. The factory default value is 0.0.0.0
Note: Each part of the IP address must start with a number other than zero.
For example, IP addresses 001.100.192.6 and 192.001.10.3 are not valid.
The IP subnet mask for the interface. The factory default value is 0.0.0.0.
The default gateway for the IP interface. The factory default value is 0.0.0.0.
This read-only field displays the MAC address that is burned-in to the network
card at the factory. This MAC address is used for in-band connectivity if you
choose not to configure a locally administered address.
IP Address
Subnet Mask
Default Gateway
Burned-in MAC Address
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 74
D-Link UWS User Manual
Network DHCP Client Options
Table 10: Network Connectivity Fields (Cont.)
Field
Description
Locally Administered MAC
Address
You can optionally configure a locally administered MAC address for in-band
connectivity instead of using the burned-in universally administered MAC
address. In addition to entering an address in this field, you must also set the
MAC address type to locally administered. Enter the address as twelve
hexadecimal digits (6 bytes) with a colon between each byte. Bit 1 of byte 0
must be set to a 1 and bit 0 to a 0; i.e., byte 0 must have a value between x'40'
and x'7F'.
Select the MAC address to use for in-band connectivity. The factory default is
to use the burned-in MAC address.
• Burned-In: Use the factory default MAC address.
• Locally Administered: Use the MAC address you entered in the Locally
Administered MAC Address field.
Specifies the management VLAN ID of the switch. The range is 1-3965. The
management VLAN is used for management of the switch. This field is
configurable for administrative users and read-only for other users.
Controls whether the switch user interface can be accessed from a Web
browser. The factory default is enabled.
• Enable: Permits Web-based management of the switch.
• Disable: Prohibits Web-based management of the switch. If the Web
mode is disabled, you must manage the switch by using SNMP or the CLI.
Controls whether to display the Java applet that displays a picture of the
switch at the top right of the screen. The factory default is enabled:
• Enable: Permits the applet to display. The Java applet lets click on the
picture of the switch to select configuration screens instead of using the
navigation tree at the left side of the screen.
• Disable: Does not allow the Java applet to display. The applet is replaced
by a blank area.
MAC Address Type
Management VLAN ID
Web Mode
Java Mode
• If you change any of the network connection parameters, click Submit to apply the changes to the system.
If you want the switch to retain the new values across a power cycle, you must perform a save.
Network DHCP Client Options
Use the fields on this page to enable and configure vendor class identifier information that the DHCP client on
the switch sends to the DHCP server when it requests a lease.
To access this page, click LAN > Administration > Network DHCP Client Options.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 75
D-Link UWS User Manual
Network DHCP Client Options
Figure 16: DHCP Client Options
Table 11: DHCP Client Option Fields
Field
Description
DHCP Vendor Class ID Mode Specify whether to enable or disable the vendor class identifier mode.
DHCP Vendor Class ID String Enter the text to add to DHCP requests as Option-60, which is the Vendor Class
Identifier option.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 76
D-Link UWS User Manual
HTTP Configuration
HTTP Configuration
Use the HTTP Configuration page to configure the HTTP server settings on the system.
To access the HTTP Configuration page, click LAN > Administration > HTTP Configuration in the navigation
menu.
Figure 17: HTTP Configuration
Table 12: HTTP Configuration Fields
Field
Description
HTTP Admin Mode
This select field is used to Enable or Disable the Administrative Mode of HTTP.
The currently configured value is shown when the web page is displayed. The
default value is Enable. If you disable the HTTP admin mode, access to the web
interface is limited to secure HTTP, which is disabled by default.
This select field is used to Enable or Disable the web Java Mode. This applies
to both secure and un-secure HTTP connections. The currently configured
value is shown when the web page is displayed. The default value is Enable.
This field is used to set the inactivity timeout for HTTP sessions. The value
must be in the range of (0 to 60) minutes. A value of zero corresponds to an
infinite timeout. The default value is 5 minutes. The currently configured value
is shown when the web page is displayed.
This field is used to set the hard timeout for HTTP sessions. This timeout is
unaffected by the activity level of the session. The value must be in the range
of (0 to 168) hours. A value of zero corresponds to an infinite timeout. The
default value is 24 hours. The currently configured value is shown when the
web page is displayed.
This field is used to set the maximum allowable number of HTTP sessions. The
value must be in the range of (0 to 16). The default value is 16. The currently
configured value is shown when the web page is displayed.
Java Mode
HTTP Session Soft Timeout
HTTP Session Hard Timeout
Maximum Number of HTTP
Sessions
• If you make changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 77
D-Link UWS User Manual
User Accounts
User Accounts
By default, the switch contains two user accounts:
• admin, with 'Read/Write' privileges
• guest, with 'Read Only' privileges
Both of these accounts have blank passwords by default. The names are not case sensitive.
If you log on to the switch with the user account that Read/Write privileges (i.e., as admin), you can use the
User Accounts page to assign passwords and set security parameters for the default accounts. You can also
add up to five read-only accounts. You can delete all accounts except for the Read/Write account.
Note: Only a user with Read/Write privileges may alter data on this screen, and only one account can
exist with Read/Write privileges.
To access the User Accounts page, click LAN > Administration > User Accounts in the navigation tree.
Figure 18: User Accounts
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 78
D-Link UWS User Manual
User Accounts
Table 13: User Accounts Fields
Field
Description
User
From the User menu, select an existing user to configure, or select Create to
create a new user account. The system can have a maximum of five 'Read
Only' accounts and one Read/Write account.
Enter the name to give to the account. User names are up to eight characters
in length and are not case sensitive. Valid characters include all the
alphanumeric characters as well as the dash ('-') and underscore ('_')
characters.User name default is not valid.
Note: You can change the Read/Write user name from “admin” to something
else, but when you click Submit, you must re-authenticate with the new
username.
Enter the optional new or changed password for the account. It will not
display as it is typed, and only asterisks (*) will show on the screen. Passwords
are up to eight alpha numeric characters in length and are case sensitive.
Enter the password again, to confirm that you entered it correctly. This field
will not display, but will show asterisks (*)
Indicates the user's access mode. The admin account always has Read/Write
access, and all other accounts have Read Only access.
Indicates whether the user is currently locked out. A user is locked out after a
certain number of failed login attempts.
This selector lists the two options for Override-Complexity-Check: Enable and
Disable. The default value is Disable. Enable is to override the password
strength check feature, Disable is to perform the password strength check
feature.
Indicates the date when this user’s current password will expire. This is
determined by the date the password was created and the number of days
specified in the aging Password Aging setting on the Password Management
page.
User Name
Password
Confirm Password
Access Mode
Lockout Status
Password OverrideComplexity-Check
Password Expiration Date
SNMPv3 User Configuration
SNMPv3 Access Mode
Authentication Protocol
Encryption Protocol
Configure Encryption
D-Link
Oct. 2015
Indicates the SNMPv3 access privileges for the user account. The admin
account always has 'Read/Write' access, and all other accounts have 'Read
Only' access.
Specify the SNMPv3 Authentication Protocol setting for the selected user
account. The valid Authentication Protocols are None, MD5 or SHA. If you
select None, the user will be unable to access the SNMP data from an SNMP
browser. If you select MD5 or SHA, the user login password will be used as the
SNMPv3 authentication password, and you must therefore specify a
password, and it must be eight characters long.
Specify the SNMPv3 Encryption Protocol setting for the selected user account.
The valid Encryption Protocols are None or DES. If you select the DES Protocol
you must enter a key in the Encryption Key field. If None is specified for the
Protocol, the Encryption Key is ignored.
The check box must be checked in order to change the Encryption Protocol
and Encryption Key.
Unified Wired and Wireless Access System
Page 79
D-Link UWS User Manual
User Accounts
Table 13: User Accounts Fields (Cont.)
Field
Description
Encryption Key
If you selected DES in the Encryption Protocol field enter the SNMPv3
Encryption Key here. Otherwise this field is ignored. Valid keys are 0 to 15
characters long. The Apply check box must be selected in order to change the
Encryption Protocol and Encryption Key.
Adding a User Account
Use the following procedures to add a user account. The system supports one Read/Write user and five Read
Only users.
1. From the User menu, select Create.
The screen refreshes.
2. Enter a username and password for the new user, then re-enter the password in the Confirm Password
field.
3. Click Submit to update the switch with the values on this screen.
If you want the switch to retain the new values across a power cycle, you must perform a save.
Changing User Account Information
You cannot add or delete the Read/Write user, but you can change the username and password. To change
the password for an existing account or to overwrite the username on an existing account, use the following
procedures.
1. From the User menu, select the user to change.
The screen refreshes.
2. To alter the username or, delete the existing name in the Username field and enter the new username.
To change the password, delete any asterisks (*) in the Password and Confirm Password fields, and then
enter and confirm the new password.
3. Click Submit to update the switch with the values on this screen.
If you want the switch to retain the new values across a power cycle, you must perform a save.
Deleting a User Account
Use the following procedures to delete any of the Read Only user accounts.
1. From the User menu, select the user to delete.
The screen refreshes.
2. Click Delete to delete the user.
This button is only visible when you have selected a user account with 'Read Only' access. You cannot
delete the 'Read/Write' user.
If you want the switch to retain the new values across a power cycle, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 80
D-Link UWS User Manual
Authentication List Configuration
Authentication List Configuration
Use the Authentication List page to configure login lists. A login list specifies one or more authentication
methods to validate switch or port access for the users associated with the list.
Note: The preconfigured users, admin and guest, are assigned to a pre-configured list named
defaultList, which you cannot delete. All newly created users are also assigned to the defaultList until
you specifically assign them to a different list
To access the Authentication Profiles page, click LAN > Administration > Authentication List Configuration in
the navigation tree.
Figure 19: Authentication List Configuration
Table 14: Authentication Profile Fields
Field
Description
Access Mode
Select the access mode to configure, which can be either Login or Enable.
A login list or enable list specifies the authentication method(s) you want used
to validate switch or port access for the users associated with the list. The preconfigured users, admin and guest, are assigned to a pre-configured list
named defaultList, which you may not delete. All newly created users are also
assigned to the defaultList until you specifically assign them to a different list
Select an existing list to view or configure, or select Create to create and
configure a new authentication list.
Authentication List
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 81
D-Link UWS User Manual
Authentication List Configuration
Table 14: Authentication Profile Fields (Cont.)
Field
Description
Method 1
Use the menu to select the method that should appear first in the selected
authentication login list. User authentication occurs in the order the methods
are selected. Each method can be selected only once. Possible methods are as
follows:
• UNDEFINED: The authentication method is unspecified. This option is not
available for Method 1.
• ENABLE: Uses the enable password for authentication.
• LINE: Uses the Line password for authentication.
• LOCAL: The user's locally stored ID and password will be used for
authentication. Since the local method does not time out, if you select this
option as the first method, no other method will be tried, even if you have
specified more than one method.
• NONE: No authentication is used.
• RADIUS: The user's ID and password will be authenticated using the
RADIUS server(s) configured on the LAN > Security > RADIUS > RADIUS
Authentication Server Configuration page. If you have multiple RADIUS
servers configured, the switch will attempt to contact the primary RADIUS
server. If the primary RADIUS server fails, the switch automatically
attempts to contact a backup RADIUS server. If you select RADIUS or
TACACS+ as the first method and an error occurs during the
authentication, the switch uses Method 2 to authenticate the user.
• Tacacs+: The user's ID and password will be authenticated using the
TACACS+ server configured on the LAN > Security > TACACS+ >
Configuration page. If you select RADIUS or TACACS+ as the first method
and an error occurs during the authentication, the switch attempts user
authentication Method 2.
Use the menu to select the method, if any, that should appear second in the
selected authentication login list. This is the method that will be used if the
first method times out. If you select a method that does not time out as the
second method, the third method will not be tried.
Use the menu to select the method, if any, that should appear third in the
selected authentication login list.
Use the menu to select the method, if any, that should appear fourth in the
selected authentication login list.
Use the menu to select the method, if any, that should appear fifth in the
selected authentication login list.
Use the menu to select the method, if any, that should appear sixth in the
selected authentication login list.
Method 2
Method 3
Method 4
Method 5
Method 6
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 82
D-Link UWS User Manual
Authentication List Configuration
Creating an Authentication List
To create a new authentication list, use the following procedures.
1. Select Create from the Authentication List field. The page refreshes, and different fields are available.
2. In the Authentication List Name field, enter a name of 1 to 12 characters.
The name is not case sensitive, but it cannot include spaces.
3. Click Submit to create the name and display the Method fields for the new list.
You are now ready to configure the authentication list. By default, local is set as the initial authentication
method.
To retain the changes across a power cycle, you must perform a save.
Configuring an Authentication List
To modify an authentication list, use the following procedures.
1. Select an existing list from the Authentication List menu.
2. From the Method 1 field, select the initial login method.
3. If desired, select the additional subsequent login method.
4. Click Submit to apply the changes to the system.
To retain the changes across a power cycle, you must perform a save.
Deleting an Authentication List
Use the following procedures to remove an authentication login list from the configuration.
1. Select an existing list from the Authentication List menu.
2. Click Delete.
The delete will fail if the selected login list is assigned to any user (including the default user) for system
login or IEEE 802.1X port access control. You can only use this button if you have Read/Write access.
To retain the changes across a power cycle, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 83
D-Link UWS User Manual
Authentication List Summary
Authentication List Summary
Use the Authentication List Summary page to view information about the authentication lists on the system
and which users are associated with each list. The page also displays information about 802.1X port security
users.
To access the Authentication List Summary page, click LAN > Monitoring > Authentication List Summary in the
navigation tree.
Figure 20: Login Session
The Authentication List Summary page has the following fields:
Table 15: Login Fields
Field
Description
Login Authentication List
Method List
Displays all login authentication profiles
Shows the order of the login methods configured for the list. Possible options
are:
• Enable: uses the enable password for authentication.
• Line: uses the Line password for authentication.
• Local:- the user's locally stored ID and password will be used for
authentication
• None: the user is not authenticated
• Radius: the user's ID and password will be authenticated using the RADIUS
server instead of locally
• TACACS+: the user's ID and password will be authenticated using the
TACACS+ server
Removes the authentication profile when checked.
Remove
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 84
D-Link UWS User Manual
Authentication List Summary
The same fields are displayed in case of Enable Authentication List Table and the Authentication Lists and
Authentication Methods configured for each List of Console, Telnet, SSH, HTTPS, HTTP and DOT1X are
displayed respectively.
• Click Refresh to update the information on the screen.
• To assign users to a specific authentication list, see “User Login” on page 87. To configure the 802.1X port
security users, see “Port Access Control” on page 381.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 85
D-Link UWS User Manual
Login Session
Login Session
Use the Login Session page to view information about users who have logged on to the switch.
To access the Login Session page, click LAN > Monitoring > Login Session in the navigation tree.
Figure 21: Login Session
The Login Session page has the following read-only fields:
Table 16: Login Session Fields
Field
Description
ID
User Name
Connection From
Identifies the ID of this row.
Shows the user name of the user who is currently logged on to the switch.
Shows the IP address of the system from which the user is connected. If the
connection is a local serial connection, the Connection From field entry is EIA232.
Shows the idle session time.
Shows the total session time.
Shows the type of session, which can be Telnet, Serial Port, HTTP, or SSH.
Idle Time
Session Time
Session Type
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 86
D-Link UWS User Manual
User Login
User Login
Each configured user is assigned to a login list that specifies how the user should be authenticated when
attempting to access the switch or a port on the switch. After creating a new user account on the User Account
screen, you can use the User Login page to assign the user to a login list for the switch.
The pre-configured users, admin and guest, are assigned to a pre-configured list named defaultList, which you
may not delete. All newly created users are also assigned to the defaultList until you specifically assign them
to a different list. To create a new authentication list, see “Creating an Authentication List” on page 83.
To access the User Login page, click LAN > Administration > User Login in the navigation tree.
Figure 22: User Login
Table 17: User Login Fields
Field
Description
User
The menu contains all configured users in the system and a Non-Configured
user. The Non-configured user is a user who does not have an account
configured on the switch. If you assign the Non-configured user to a login list
that specifies authentication via the RADIUS server, you will not need to
create an account for all users on each switch. However, by default the Nonconfigured user is assigned to defaultList, which by default uses local
authentication.
Select the authentication login list you want to assign to the user for system
login.
Authentication List
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 87
D-Link UWS User Manual
Denial of Service Protection
Assigning a User to an Authentication List
The admin (Read/Write) user is always associated with the default list, which forces the admin user to always
be authenticated locally to prevent full lockout from switch configuration. If you assign a user to a login list
that requires remote authentication, the user's access to the switch from all CLI, Web, and telnet sessions will
be blocked until the authentication is complete. For more information, see the Max Number of Retransmits
field in “RADIUS Settings” on page 389.
1. Select the user name from the User field’s menu, or select Non-configured user to assign all users that are
not configured on the switch to an authentication list.
The screen refreshes. The list that the user is currently assigned to is highlighted in the Authentication List
field.
2. To assign the user to a different list, click the list name in the Authentication List field to select the list.
3. Click Submit to apply the changes to the switch.
Denial of Service Protection
Use the Denial of Service (DoS) page to configure DoS control. D-Link DWS-4000 Series software provides
support for classifying and blocking specific types of DoS attacks. You can configure your system to monitor
and block a variety of DoS attacks.
To access the Denial of Service page, click LAN > Administration > Denial of Service Protection in the
navigation menu.
Figure 23: Denial of Service
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 88
D-Link UWS User Manual
Denial of Service Protection
Table 18: Denial of Service Configuration Fields
Field
Description
Denial of Service First
Fragment
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling First Fragment DoS prevention causes the
switch to drop packets that have a TCP header smaller then the configured
Min TCP Hdr Size. The factory default is disabled.
Denial of Service Min TCP Hdr Specify the Min TCP Hdr Size allowed. If First Fragment DoS prevention is
Size
enabled, the switch will drop packets that have a TCP header smaller then this
configured Min TCP Hdr Size. The factory default is disabled.
Denial of Service ICMP
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling ICMP DoS prevention causes the switch to drop
ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than
the configured ICMP Pkt Size. The factory default is disabled.
Denial of Service Max ICMP Specify the Max ICMP Pkt Size allowed. If ICMP DoS prevention is enabled, the
Size
switch will drop ICMP ping packets that have a size greater than this
configured Max ICMP Pkt Size. The factory default is disabled.
Denial of Service L4 Port
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling L4 Port DoS prevention causes the switch to
drop packets that have TCP/UDP source port equal to TCP/UDP destination
port. The factory default is disabled.
Denial of Service SIP=DIP
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling SIP=DIP DoS prevention causes the switch to
drop packets that have a source IP address equal to the destination IP address.
The factory default is disabled.
Denial of Service TCP Flag
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling TCP Flag DoS prevention causes the switch to
drop packets that have TCP flag SYN set and TCP source port less than 1024 or
TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags FIN,
URG, and PSH set and TCP sequence number set to 0 or both TCP flags SYN and
FIN set. The factory default is disabled.
Denial of Service TCP
Enable or disable this option by selecting the corresponding line on the
Fragment
pulldown entry field. Enabling TCP Fragment DoS prevention causes the
switch to drop packets that have an IP fragment offset equal to 1. The factory
default is disabled.
• If you change any of the DoS settings, click Submit to apply the changes to the switch. To preserve the
changes across a switch reboot, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 89
D-Link UWS User Manual
Multiple Port Mirroring
Multiple Port Mirroring
Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of
the switch. As such, many switch ports are configured as source ports and one switch port is configured as a
destination port. You have the ability to configure how traffic is mirrored on a source port. Packets that are
received on the source port, that are transmitted on a port, or are both received and transmitted, can be
mirrored to the destination port.
The packet that is copied to the destination port is in the same format as the original packet on the wire. This
means that if the mirror is copying a received packet, the copied packet is VLAN tagged or untagged as it was
received on the source port. If the mirror is copying a transmitted packet, the copied packet is VLAN tagged or
untagged as it is being transmitted on the source port.
Use the Multiple Port Mirroring page to define port mirroring sessions.
To access the Multiple Port Mirroring page, click LAN > Administration > Multiple Port Mirroring in the
navigation menu.
Figure 24: Multiple Port Mirroring
Table 19: Multiple Port Mirroring Fields
Field
Description
Session ID
Mode
Specifies the monitoring session.
Enables you to turn on of off Multiple Port Mirroring. The default is Disabled
(off).
Select the port to which port traffic may be copied.
Specifies the direction of traffic on source port(s) which will be sent to the
probe port. Possible values are:
• Tx and Rx - Both Ingress and Egress traffic.
• Rx - Ingress traffic only.
• Tx - Egress traffic only.
Specifies the source port(s) with directions as mirrored port(s). Traffic of the
source port(s) is sent to the probe port.
Up to 52 source ports can be selected per session.
Destination Port
Direction
Source Port(s)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 90
D-Link UWS User Manual
Multiple Port Mirroring
Adding a Port Mirroring Session
Note: A Port will be removed from a VLAN or LAG when it becomes a destination mirror.
1. From the LAN > Administration > Multiple Port Mirroring page, click Add Source Port to display the Add
Source Port page.
Figure 25: Multiple Port Mirroring—Add Source Ports
2. Configure the following fields:
Table 20: Multiple Port Mirroring—Add Source Fields
Field
Description
Session ID
Source Port(s)
Specifies the monitoring session.
Select the unit and port from which traffic is mirrored. Up to eight source
ports can be mirrored to a destination port.
Select the type traffic monitored on the source port, which can be one of the
following:
• Tx: Monitors transmitted packets only.
• Rx: Monitors received packets only.
• Tx and Rx: Monitors transmitted and received packets.
Direction
3. Click Add to apply the changes to the system.
The new port mirroring session is enabled for the unit and port, and the device is updated. The source port
appears in the Source Port list on the Multiple Port Mirroring page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 91
D-Link UWS User Manual
Telnet Sessions
Removing or Modifying a Port Mirroring Session
1. From the Port Mirroring page, click Remove Source Port.
2. Select one or more source ports to remove from the session.
Use the CTRL key to select multiple ports to remove.
3. Click Remove.
The source ports are removed from the port mirroring session, and the device is updated.
Telnet Sessions
Telnet is a terminal emulation TCP/IP protocol. ASCII terminals can be virtually connected to the local device
through a TCP/IP protocol network. Telnet is an alternative to a local login terminal where a remote login is
required.
The switch supports up to five simultaneous telnet sessions. All CLI commands can be used over a telnet
session.
The Telnet Session Configuration page allows you to control inbound telnet settings on the switch. Inbound
telnet sessions originate on a remote system and allow a user on that system to connect to the switch CLI. To
configure outbound telnet settings, which are telnet sessions that originate on the switch to access a remote
system, see “Outbound Telnet Client Configuration” on page 94.
To display the Telnet Session Configuration page, click LAN > Administration > Telnet Session in the navigation
tree.
Figure 26: Telnet Session Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 92
D-Link UWS User Manual
Telnet Sessions
Table 21: Telnet Session Configuration Fields
Field
Description
Telnet Session Timeout
(minutes)
Specify how many minutes of inactivity should occur on a telnet session
before the session is logged off. You may enter any number from 1 to 160. The
factory default is 5.
Note: When you change the timeout value, the new value is applied to all
active and inactive sessions immediately. Any sessions that have been idle
longer than the new timeout value are disconnected immediately.
Maximum Number of Telnet From the drop-down menu, select how many simultaneous telnet sessions to
Sessions
allow. The maximum is 5, which is also the factory default. A value of 0
indicates that no outbound Telnet session can be established.
Allow New Telnet Sessions
Controls whether to allow new telnet sessions:
• Yes: Permits new telnet sessions until the maximum number allowed is
reached.
• No: New telnet sessions will not be allowed, but existing sessions are not
disconnected.
Telnet Server Admin Mode
Administrative mode for inbound telnet sessions. Setting this value to disable
shuts down the telnet port. If the admin mode is set to disable, then all
existing telnet connections are disconnected. The default value is Enable.
• If you change any of the telnet parameters, click Submit to apply the changes to the system. If you want
the switch to retain the new values across a power cycle, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 93
D-Link UWS User Manual
Outbound Telnet Client Configuration
Outbound Telnet Client Configuration
The outbound telnet feature is not available on all platforms.
Use the outbound telnet client settings to control the telnet sessions that originate from the switch and
connect to a remote system.
To access the Outbound Telnet Client Configuration page, click LAN > Administration > Outbound Telnet
Client Configuration in the navigation menu.
Figure 27: Outbound Telnet
Table 22: Outbound Telnet Fields
Field
Description
Admin Mode
Specifies whether the Outbound Telnet service is Enabled or Disabled. The
default value is Enabled.
• Enable: Users can initiate outbound telnet sessions from the switch CLI.
• Disable: No outbound telnet sessions can originate from the switch.
Specifies the maximum number of Outbound Telnet Sessions allowed. The
default value is 5. The valid range is 0 to 5 sessions.
Specifies the Outbound Telnet login inactivity timeout. The default value is 5.
The valid range is 1 to 160 minutes.
Maximum Sessions
Session Timeout
• If you change any data, click Submit to apply the changes to the system. If you want the switch to retain
the new values across a power cycle, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 94
D-Link UWS User Manual
Ping Test
Ping Test
Use the Ping page to tell the switch to send a Ping request to a specified IP address. You can use this feature
to check whether the switch can communicate with a particular network host.
To access the Ping page, click LAN > Administration > Ping Test in the navigation menu.
Figure 28: Ping
Table 23: Ping Fields
Field
Description
Hostname/IP Address
Enter the IP address or the host name of the station you want the switch to
ping. The initial value is blank. This information is not retained across a power
cycle.
Specify the number of pings to send.
Specify the number of seconds between pings sent.
Specify the size of the ping packet to send.
Displays the results of the ping.
Count
Interval
Size
Ping
• Click Submit to send the ping. If successful, the results display as shown in Figure 29.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 95
D-Link UWS User Manual
TraceRoute
TraceRoute
You can use the TraceRoute utility to discover the paths that a packet takes to a remote destination.
To display this page, click LAN > Administration > TraceRoute in the navigation tree.
Figure 29: TraceRoute
Table 24: TraceRoute Fields
Definition
Hostname/IP Address Enter the IP address or the hostname of the station you want the switch to discover
path for.
Probes Per Hop
Enter the number of times each hop should be probed.
MaxTTL
Enter the maximum time-to-live for a packet in number of hops.
InitTTL
Enter the initial time-to-live for a packet in number of hops.
MaxFail
Enter the maximum number of failures allowed in the session.
Interval
Enter the time between probes in seconds.
Port
Enter the UDP destination port in probe packets.
Size
Enter the size of probe packets.
TraceRoute
Displays the output from a traceroute.
• Click Submit to initiate the traceroute. The results display in the TraceRoute box.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 96
D-Link UWS User Manual
Configuring SNTP Settings
Configuring SNTP Settings
D-Link DWS-4000 Series DWS-4000 Series switch software supports the Simple Network Time Protocol (SNTP).
SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization
is performed by a network SNTP server. D-Link DWS-4000 Series software operates only as an SNTP client and
cannot provide time services to other systems.
Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the
stratum (where zero is the highest), the more accurate the clock. The device receives time from stratum 1 and
above since it is itself a stratum 2 device.
The following is an example of stratums:
• Stratum 0: A real time clock is used as the time source, for example, a GPS system.
• Stratum 1: A server that is directly linked to a Stratum 0 time source is used. Stratum 1 time servers
provide primary network time standards.
• Stratum 2: The time source is distanced from the Stratum 1 server over a network path. For example, a
Stratum 2 server receives the time over a network link, via NTP, from a Stratum 1 server.
Information received from SNTP servers is evaluated based on the time level and server type.
SNTP time definitions are assessed and determined by the following time levels:
• T1: Time at which the original request was sent by the client.
• T2: Time at which the original request was received by the server.
• T3: Time at which the server sent a reply.
• T4: Time at which the client received the server's reply.
The device can poll Unicast and Broadcast server types for the server time.
Polling for Unicast information is used for polling a server for which the IP address is known. SNTP servers that
have been configured on the device are the only ones that are polled for synchronization information. T1
through T4 are used to determine server time. This is the preferred method for synchronizing device time
because it is the most secure method. If this method is selected, SNTP information is accepted only from SNTP
servers defined on the device using the SNTP Server Configuration page.
Broadcast information is used when the server IP address is unknown. When a Broadcast message is sent from
an SNTP server, the SNTP client listens to the message. If Broadcast polling is enabled, any synchronization
information is accepted, even if it has not been requested by the device. This is the least secure method.
The device retrieves synchronization information, either by actively requesting information or at every poll
interval. If Unicast and Broadcast polling are enabled, the information is retrieved in this order:
• Information from servers defined on the device is preferred. If Unicast polling is not enabled or if no
servers are defined on the device, the device accepts time information from any SNTP server that
responds.
• If more than one Unicast device responds, synchronization information is preferred from the device with
the lowest stratum.
• If the servers have the same stratum, synchronization information is accepted from the SNTP server that
responded first.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 97
D-Link UWS User Manual
Configuring SNTP Settings
MD5 (Message Digest 5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an
algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies
the integrity of the communication, authenticates the origin of the communication.
SNTP Settings
Use the SNTP Global Configuration page to view and adjust SNTP parameters.
To display the SNTP Global Configuration page, click LAN > Administration > SNTP SNTP Settings in the
navigation menu.
Figure 30: SNTP Global Configuration
Table 25: SNTP Global Configuration Fields
Field
Description
Client Mode
Use drop-down list specify the SNTP client mode, which is one of the following
modes:
• Disable: SNTP is not operational. No SNTP requests are sent from the
client nor are any received SNTP messages processed.
• Unicast: SNTP operates in a point to point fashion. A unicast client sends a
request to a designated server at its unicast address and expects a reply
from which it can determine the time and, optionally the round-trip delay
and local clock offset relative to the server.
• Broadcast: SNTP operates in the same manner as multicast mode but uses
a local broadcast address instead of a multicast address. The broadcast
address has a single subnet scope while a multicast address has Internet
wide scope.
Specifies the local UDP port to listen for responses/broadcasts. Allowed range
is (1 to 65535). Default value is 123.
Specifies the number of seconds between unicast poll requests expressed as
a power of two when configured in unicast mode. Allowed range is (6 to 10).
Default value is 6.
Specifies the number of seconds between broadcast poll requests expressed
as a power of two when configured in broadcast mode. Broadcasts received
prior to the expiry of this interval are discarded. Allowed range is (6 to 10).
Default value is 6.
Port
Unicast Poll Interval
Broadcast Poll Interval
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 98
D-Link UWS User Manual
Configuring SNTP Settings
Table 25: SNTP Global Configuration Fields (Cont.)
Field
Description
Unicast Poll Timeout
Specifies the number of seconds to wait for an SNTP response when
configured in unicast mode. Allowed range is (1 to 30). Default value is 5.
Specifies the number of times to retry a request to an SNTP server after the
first time-out before attempting to use the next configured server when
configured in unicast mode. Allowed range is (0 to 10). Default value is 1.
Unicast Poll Retry
• If you change any of the settings on the page, click Submit to apply the changes to system.
SNTP Server Configuration
Use the SNTP Server Configuration page to view and modify information for adding and modifying Simple
Network Time Protocol SNTP servers.
To display the SNTP Server Configuration page, click LAN > Administration > SNTP > SNTP Server
Configuration in the navigation tree.
Figure 31: SNTP Server Configuration
Table 26: SNTP Server Configuration Fields
Field
Description
Server
Select the IP address of a user-defined SNTP server to view or modify
information about an SNTP server, or select Create to configure a new SNTP
server. You can define up to three SNTP servers.
Enter the IP address or the hostname of the SNTP server.
Select IPv4 if you entered an IPv4 address or DNS if you entered a hostname.
Enter a port number from 1 to 65535. The default is 123.
Specifies the priority of this server entry in determining the sequence of
servers to which SNTP requests are sent. Values are 1 to 3, and the default is
1. Servers with lowest numbers have priority
Enter the protocol version number. Values are 1 to 4, and the default is 4.
Address / Hostname
Address Type
Port
Priority
Version
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 99
D-Link UWS User Manual
Configuring SNTP Settings
• To add an SNTP server, select Create from the Server list, complete the remaining fields as desired, and
click Submit. The SNTP server is added, and is now reflected in the Server list. You must perform a save to
retain your changes over a power cycle.
• To removing an SNTP server, select the IP address of the server to remove from the Server list, and then
click Delete. The entry is removed, and the device is updated.
SNTP Server Status
The SNTP Server Status page displays status information about the SNTP servers configured on your switch.
To access the SNTP Server Status page, click LAN > Monitoring > SNTP Summary > Server Status in the
navigation menu.
Figure 32: SNTP Server Status
Table 27: SNTP Server Status Fields
Field
Description
Address
Specifies all the existing Server Addresses. If no Server configuration exists, a
message saying “No SNTP server exists” flashes on the screen.
Specifies the local date and time (UTC) that the response from this server was
used to update the system clock.
Specifies the local date and time (UTC) that this SNTP server was last queried.
Last Update Time
Last Attempt Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 100
D-Link UWS User Manual
Configuring SNTP Settings
Table 27: SNTP Server Status Fields (Cont.)
Field
Description
Last Attempt Status
Specifies the status of the last SNTP request to this server. If no packet has
been received from this server, a status of Other is displayed:
• Other: None of the following enumeration values.
• Success: The SNTP operation was successful and the system time was
updated.
• Request Timed Out: A directed SNTP request timed out without receiving
a response from the SNTP server.
• Bad Date Encoded: The time provided by the SNTP server is not valid.
• Version Not Supported: The SNTP version supported by the server is not
compatible with the version supported by the client.
• Server Unsynchronized: The SNTP server is not synchronized with its
peers. This is indicated via the 'leap indicator' field on the SNTP message.
• Server Kiss Of Death: The SNTP server indicated that no further queries
were to be sent to this server. This is indicated by a stratum field equal to
0 in a message received from a server.
Unicast Server Num Requests Specifies the number of SNTP requests made to this server since last agent
reboot.
Unicast Server Num Failed
Specifies the number of failed SNTP requests made to this server since last
Requests
reboot.
• Click Refresh to display the latest information from the router.
SNTP Global Status
Use the SNTP Global Status page to view information about the system’s SNTP client.
To access the SNTP Global Status page, click LAN > Monitoring > SNTP Summary > Global Status in the
navigation menu.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 101
D-Link UWS User Manual
Configuring SNTP Settings
Figure 33: Global Status
Table 28: Global Status Fields
Field
Description
Version
Supported Mode
Specifies the SNTP Version the client supports.
Specifies the SNTP modes the client supports. Multiple modes may be supported by
a client.
Specifies the local date and time (UTC) the SNTP client last updated the system clock.
Specifies the local date and time (UTC) of the last SNTP request or receipt of an
unsolicited message.
Specifies the status of the last SNTP request or unsolicited message for both unicast
and broadcast modes. If no message has been received from a server, a status of
Other is displayed. These values are appropriate for all operational modes:
• Other: None of the following enumeration values.
• Success: The SNTP operation was successful and the system time was updated.
• Request Timed Out: A directed SNTP request timed out without receiving a
response from the SNTP server.
• Bad Date Encoded: The time provided by the SNTP server is not valid.
• Version Not Supported: The SNTP version supported by the server is not
compatible with the version supported by the client.
• Server Unsynchronized: The SNTP server is not synchronized with its peers. This
is indicated via the 'leap indicator' field on the SNTP message.
• Server Kiss Of Death: The SNTP server indicated that no further queries were to
be sent to this server. This is indicated by a stratum field equal to 0 in a message
received from a server.
Specifies the IP address of the server for the last received valid packet. If no message
has been received from any server, an empty string is shown.
Last Update Time
Last Attempt Time
Last Attempt Status
Server IP Address
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 102
D-Link UWS User Manual
Configuring SNTP Settings
Table 28: Global Status Fields (Cont.)
Field
Description
Address Type
Specifies the address type of the SNTP Server address for the last received valid
packet.
Server Stratum
Specifies the claimed stratum of the server for the last received valid packet.
Reference Clock Id
Specifies the reference clock identifier of the server for the last received valid packet.
Server Mode
Specifies the mode of the server for the last received valid packet.
Unicast Sever Max
Specifies the maximum number of unicast server entries that can be configured on
Entries
this client.
Unicast Server Current Specifies the number of current valid unicast server entries configured for this client.
Entries
Broadcast Count
Specifies the number of unsolicited broadcast SNTP messages that have been
received and processed by the SNTP client since last reboot.
• Click Refresh to display the latest information from the router.
Time Zone Configuration
Use the Time Zone Configuration page to configure the time zone difference from Coordinated Universal Time
(UTC).
To display the Time Zone Configuration page, click LAN > Administration > SNTP Time Zone Configuration
in the navigation menu.
Figure 34: Time Zone Configuration
Table 29: Time Zone Configuration Fields
Field
Description
Hours-offset
Minutes-offset
Zone
Set the hours difference from UTC. (Range: -12 to +13)
Set the minutes difference from UTC. (Range: 0–59
Set the acronym of the time zone. (Range: 0–4 characters)
• If you change any of the settings on the page, click Submit to apply the changes to system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 103
D-Link UWS User Manual
Configuring SNTP Settings
Summer Time Configuration
Use the Summer Time Configuration page to specify a defined summer time duration and offset.
To display the Summer Time Configuration page, click LAN > Administration > SNTP Summer Time
Configuration in the navigation menu.
Figure 35: Summer Time Configuration
Table 30: Summer Time Configuration Fields
Field
Description
Summertime
Recurring
Location
Enable or disable summer time mode.
Select the check box to indicate that the configuration is to be repeated every year.
This field displays only when the Recurring check box is selected. The summer time
configuration is predefined for the United States and European Union. To set the summer
time for a location other than the USA or EU, select None.
Select the starting month.
Select the starting date. This field displays only when the Recurring check box is cleared.
Select the starting year. This field displays only when the Recurring check box is cleared.
Select the starting time in hh:mm format.
Select the ending month.
Select the ending date. This field displays only when the Recurring check box is cleared.
Select the ending year. This field displays only when the Recurring check box is cleared.
Select the ending time in hh:mm format.
Set the number of minutes to add during summer time in the range 0 to 1440.
Set the acronym of the time zone to be displayed when summer time is in effect. The range
is 0 to 4 characters.
Start Month
Start Date
Start Year
Start Time
End Month
End Date
End Year
End Time
Offset
Zone
If you change any of the settings on the page, click Submit to apply the changes to system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 104
D-Link UWS User Manual
Configuring SNTP Settings
Summer Time Recurring Configuration
Clicking the Recurring check box indicates that the configuration is to be repeated every year. When you select
Recurring, the fields shown in the following table occur.
Figure 36: Summer Time Recurring Configuration
Table 31: Summer Time Recurring Configuration Fields
Field
Description
Summertime
Recurring
Location
Enable or disable summer time mode.
Select the check box to indicate that the configuration is to be repeated every year.
This field displays only when the Recurring check box is selected. The summer time
configuration is predefined for the United States and European Union. To set the summer
time for a location other than the USA or EU, select None.
Set the number of minutes to add during summer time in the range 0 to 1440.
Set the acronym of the time zone to be displayed when summer time is in effect. The range
is 0 to 4 characters.
Offset
Zone
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 105
D-Link UWS User Manual
Configuring SNTP Settings
Clock Detail
Use the Clock Detail page to view information about the current time, time zone, and summer time settings.
To display the Clock Detail page, click LAN > Monitoring Clock Detail in the navigation menu. The following
figure shows the Clock Detail page when Summertime is enabled.
Figure 37: Clock Detail
Table 32: Clock Detail
Field
Description
Current Time
Time Zone
Summertime
This section displays the current time.
This section displays the time zone settings.
This section displays the summer time settings.
• Click Refresh to update the page with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 106
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Configuring and Viewing Device Port Information
The pages in the Port folder allow you to view and monitor the physical port information for the ports available
on the switch.
Port Configuration
Use the Port Configuration page to configure the physical interfaces on the switch.
To access the Port Configuration page, click LAN > Administration > Port Configuration > Port Configuration
in the navigation tree.
Figure 38: Port Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 107
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Table 33: Port Configuration Fields
Field
Description
Slot/Port
Select the port from the menu to display or configure data for that port. If you
select All, the changes you make to the Port Configuration page apply to all
physical ports on the system.
For most ports this field is blank. Otherwise the possible values are:
• Mirrored: Indicates that the port has been configured as a monitoring port
and is the source port in a port mirroring session.
• Probe: Indicates that the port has been configured as a monitoring port
and is the destination port in a port mirroring session.
• Port Channel: Indicates that the port has been configured as a member of
a port-channel, which is also known as a link Aggregation Group (LAG).
For more information about port monitoring and probe ports, see “Multiple
Port Mirroring” on page 90. For information about configuring port channels,
see “Creating Port Channels (Trunking)” on page 209.
Shows the Spanning Tree Protocol () Administrative Mode for the port or LAG.
For more information about , see “Configuring Spanning Tree Protocol” on
page 243. The possible values for this field are:
• Enable: Enables the Spanning Tree Protocol for this port.
• Disable: Disables the Spanning Tree Protocol for this port.
Use the pulldown menu to select the port control administration state, which
can be one of the following:
• Enable: The port can participate in the network (default).
• Disable: The port is administratively down and does not participate in the
network.
Enable or disable this option by selecting one of the following options on the
pulldown entry field:
• Enable: When the broadcast traffic on the specified Ethernet port exceeds
the configured threshold, the switch blocks (discards) the broadcast
traffic.
• Disable: The port does not block broadcast traffic if traffic on the port
exceeds the configured threshold. The factory default is disabled.
Specify the data rate at which storm control activates. The value is a
percentage of port speed and ranges from 0-100. The factory default is 5
percent of port speed.
Enable or disable this option by selecting one of the following options on the
pulldown entry field:
• Enable: When the multicast traffic on the specified Ethernet port exceeds
the configured threshold, the switch blocks (discards) the multicast traffic.
• Disable: The port does not block multicast traffic if traffic on the port
exceeds the configured threshold. The factory default is disabled.
Specify the data rate at which storm control activates. The value is a
percentage of port speed and ranges from 0-100. The factory default is 5
percent of port speed.
Port Type
Mode
Admin Mode
Broadcast Storm Recovery
Mode
Broadcast Storm Recovery
Level
Multicast Storm Recovery
Mode
Multicast Storm Recovery
Level
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 108
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Table 33: Port Configuration Fields (Cont.)
Field
Description
Unicast Storm Recovery Mode Enable or disable this option by selecting one of the following options on the
pulldown entry field:
• Enable: When the unicast traffic on the specified Ethernet port exceeds
the configured threshold, the switch blocks (discards) the unicast traffic.
• Disable: The port does not block unicast traffic if the unicast traffic on the
port exceeds the configured threshold. The factory default is disabled.
Unicast Storm Recovery Level Specify the data rate at which storm control activates. The value is a
percentage of port speed and ranges from 0-100.The factory default is 5
percent of port speed.
LACP Mode
Selects the Link Aggregation Control Protocol administration state:
• Enable: Specifies that the port is allowed to participate in a port channel
(LAG), which is the default mode.
• Disable: Specifies that the port cannot participate in a port channel (LAG).
Physical Mode
Use the pulldown menu to select the port's speed and duplex mode. If the
Slot/Port field is set to All and you apply a physical mode other than Auto, the
mode is applied to all applicable interfaces only:
• Auto: The duplex mode and speed will be set by the auto-negotiation
process. The port's maximum capability (full duplex and 100 Mbps) will be
advertised.
• <Speed> Half Duplex: The port speeds available from the menu depend on
the platform on which the D-Link DWS-4000 Series software is running and
which port you select. In half-duplex mode, the transmissions are oneway. In other words, the port does not send and receive traffic at the same
time.
• <Speed> Full Duplex: The port speeds available from the menu depend on
the platform on which the D-Link DWS-4000 Series software is running and
which port you select. In half-duplex mode, the transmissions are twoway. In other words, the port can send and receive traffic at the same time.
Physical Status
Indicates the port speed and duplex mode.
Link Status
Indicates whether the Link is up or down.
Link Trap
This object determines whether or not to send a trap when link status
changes. The factory default is enabled:
• Enable: Specifies that the system sends a trap when the link status
changes.
• Disable: Specifies that the system does not send a trap when the link
status changes.
Maximum Frame Size
Indicates the maximum Ethernet frame size the interface supports or is
configured to support. The frame size includes the Ethernet header, CRC, and
payload. (1518 to 9216). The default maximum frame size is 1518.
ifIndex
The ifIndex of the interface table entry associated with this port. If the Slot/
Port field is set to All, this field is blank.
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 109
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Port Summary
Use the Port Summary page to view the settings for all physical ports on the platform.
To access the Port Summary page, click LAN > Monitoring > Port Utilization in the navigation menu.
The table on the Port Summary page does not fit on one screen. Use the scroll bar at the bottom of the
browser to view all the columns on the page. Figure 39 shows the first six rows of all the columns on the page.
Although the table is split into three separate images in the figure, the columns are continue horizontally
across the page.
Figure 39: Port Summary
Table 34: Port Summary Fields
Field
Description
MST ID
If Spanning Tree Protocol is enabled on the switch, you can select the Multiple
Spanning Tree instance ID from the list of all currently configured MST ID's to
determine the values displayed for the Spanning Tree parameters. Changing
the selected MST ID will generate a screen refresh. If is disabled, which is the
default, the MST ID field shows the static value “CST” instead of a menu.
Identifies the port that the information in the rest of the row is associated
with.
For most ports this field is blank. Otherwise, the possible values are:
• Mirrored: Indicates that the port has been configured as a monitoring port
and is the source port in a port mirroring session.
• Probe: Indicates that the port has been configured as a monitoring port
and is the destination port in a port mirroring session. For more
information about port monitoring and probe ports, see “Multiple Port
Mirroring” on page 90.
• Port Channel: Indicates that the port has been configured as a member of
a port-channel, which is also known as a link Aggregation Group (LAG). For
information about configuring port channels, see “Creating Port Channels
(Trunking)” on page 209.
Shows the Spanning Tree Protocol () Administrative Mode for the port or LAG,
which can be Enabled or Disabled. For more information about , see
“Configuring Spanning Tree Protocol” on page 243.
Slot/Port
Port Type
Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 110
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Table 34: Port Summary Fields (Cont.)
Field
Description
Forwarding State
The port's current state Spanning Tree state. This state controls what action a
port takes on receipt of a frame. If the bridge detects a malfunctioning port it
will place that port into the broken state. The other five states are defined in
IEEE 802.1D:
• Disabled
• Blocking
• Listening
• Learning
• Forwarding
• Broken
Each MST Bridge Port that is enabled is assigned a Port Role for each spanning
tree. The port role will be one of the following values:
Root Port, Designated Port, Alternate Port, Backup Port, Master Port, or
Disabled Port.
The Port Media Type.
The ARP Type of the port.
Shows the port control administration state, which can be one of the
following:
• Enabled: The port can participate in the network (default).
• Disabled: The port is administratively down and does not participate in the
network.
Shows whether the Broadcast Storm Recovery Mode, which can be one of the
following:
• Enabled: When the broadcast traffic on the specified Ethernet port
exceeds the configured threshold, the switch blocks (discards) the
broadcast traffic.
• Disabled: The port does not block broadcast traffic if traffic on the port
exceeds the configured threshold. The factory default is disabled.
Shows the Broadcast Storm Recovery Level, which is the data rate at which
storm control activates. The value is a percentage of port speed and ranges
from 0-100. The factory default is 5 percent of port speed.
Shows the Multicast Storm Recovery Mode, which is one of the following:
• Enabled: When the multicast traffic on the specified Ethernet port
exceeds the configured threshold, the switch blocks (discards) the
multicast traffic.
• Disabled: The port does not block multicast traffic if traffic on the port
exceeds the configured threshold. The factory default is disabled.
Shows the Multicast Storm Recovery Level, which is the data rate at which
storm control activates. The value is a percentage of port speed and ranges
from 0-100. The factory default is 5 percent of port speed.
Shows the Unicast Storm Recovery Mode, which can be one of the following:
• Enabled: When the unicast traffic on the specified Ethernet port exceeds
the configured threshold, the switch blocks (discards) the unicast traffic.
• Disabled: The port does not block unicast traffic if the unicast traffic on the
port exceeds the configured threshold. The factory default is disabled.
Port Role
Media Type
ARP Type
Admin Mode
Bcast Storm Mode
Bcast Storm Level
Mcast Storm Mode
Mcast Storm Level
Ucast Storm Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 111
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Table 34: Port Summary Fields (Cont.)
Field
Description
Ucast Storm Level
Shows the Unicast Storm Recovery Level, which is the data rate at which
storm control activates. The value is a percentage of port speed and ranges
from 0-100.The factory default is 5 percent of port speed.
Indicates the Link Aggregation Control Protocol administration state. The
mode must be enabled in order for the port to participate in Link Aggregation.
This field can have the following values:
• Enable: Specifies that the port is allowed to participate in a port channel
(LAG), which is the default mode.
• Disable: Specifies that the port cannot participate in a port channel (LAG).
Shows the speed and duplex mode at which the port is configured:
• Auto: The duplex mode and speed will be set by the auto-negotiation
process. The port's maximum capability (full duplex and 100 Mbps) will be
advertised.
• <Speed> Half Duplex: The port speeds available from the menu depend on
the platform on which the D-Link DWS-4000 Series software is running and
which port you select. In half-duplex mode, the transmissions are oneway. In other words, the port does not send and receive traffic at the same
time.
• <Speed> Full Duplex: The port speeds available from the menu depend on
the platform on which the D-Link DWS-4000 Series software is running and
which port you select. In half-duplex mode, the transmissions are twoway. In other words, the port can send and receive traffic at the same time.
Indicates the port speed and duplex mode at which the port is operating.
Indicates whether the Link is up or down.
This object determines whether or not to send a trap when link status
changes. The factory default is enabled.
• Enable: Specifies that the system sends a trap when the link status
changes.
• Disable: Specifies that the system does not send a trap when the link
status changes.
LACP Mode
Physical Mode
Physical Status
Link Status
Link Trap
• Click Refresh to display the most current information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 112
D-Link UWS User Manual
Configuring and Viewing Device Port Information
Port Description
Use the Port Description page to configure a human-readable description of the port.
To access the Port Description page, click LAN > Administration > Port Configuration > Port Description in the
navigation tree.
Figure 40: Port Description
Table 35: Port Description Fields
Field
Description
Slot/Port
Port Description
Select the interface for which data is to be displayed or configured.
Enter text to describe a port. It can be up to 64 characters in length. The
description can contain spaces and non-alphanumeric characters.
Identifies the port.
Displays the physical address of the specified interface.
Displays the bit offset value which corresponds to the port when the MIB
object type PortList is used to manage in SNMP.
Displays the interface index associated with the port.
Shows the configured port description. By default, the port does not have an
associated description.
Slot/Port
Physical Address
PortList Bit Offset
IfIndex
Port Description
• If you change a port description, click Submit to apply the change to the system.
• Click Refresh to display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 113
D-Link UWS User Manual
Managing and Viewing Logs
Managing and Viewing Logs
The switch may generate messages in response to events, faults, or errors occurring on the platform as well
as changes in configuration or other occurrences. These messages are stored both locally on the platform and
forwarded to one or more centralized points of collection for monitoring purposes as well as long term archival
storage. Local and remote configuration of the logging capability includes filtering of messages logged or
forwarded based on severity and generating component.
The in-memory log stores messages in memory based upon the settings for message component and severity.
Buffered Log Configuration
The buffered log stores messages in memory based upon the settings for message component and severity.
Use the Buffered Log Configuration page to set the administrative status and behavior of logs in the system
buffer.
To access the Buffered Log Configuration page, click LAN > Administration > Log > Buffered Log Configuration
in the navigation tree.
Figure 41: Buffered Log Configuration
• If you change the buffered log settings, click Submit to apply the changes to the system. To preserve the
changes after a system reboot, you must perform a save.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 114
D-Link UWS User Manual
Managing and Viewing Logs
Viewing Buffered Log Messages
Use the Buffered Log page to view the log messages in the system buffer. The newest messages are displayed
at the bottom of the page.
To access the Buffered Log page, click LAN > Monitoring > Log > Buffered Log in the navigation menu.
Figure 42: Buffered Log
Table 36: Buffered Log Fields
Field
Description
Total Number of Messages
Shows the number of buffered messages the system has logged. Only the 128
most recent entries are displayed on the page.
The rest of the page displays the buffered log messages. The following example shows a log message:
<15>Aug 24 05:34:05 STK0 M[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on
message age timer expiry
This log message has a severity level of 7 (15 mod 8), which is a debug message. The system is not stacked
(STK0). The message was generated by the M component running in thread ID 2110. The message was
generated on August 24 05:34:05 by line 318 of file m_api.c. This is the 237th message logged.
• Click Refresh to update the page with the latest messages.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 115
D-Link UWS User Manual
Managing and Viewing Logs
Command Logger Configuration
Use the Command Logger Configuration page to enable the system to log all CLI commands issued on the
system. The command log messages are interleaved with the other system logs messages.
To access the Command Logger Configuration page, click LAN > Administration > Log > Command Logger
Configuration in the navigation menu.
Figure 43: Command Logger Configuration
Table 37: Command Logger Configuration Fields
Field
Description
Admin Mode
This field determines whether to log CLI commands in the system log file.
• Enable: The system logs CLI commands. The commands appear in
messages on the Buffered Log page. For example, the following log
messages shows when the CLI command show logging buffered was
issued, from which IP address the command was issued, and the name of
the user who issued the command:
<5> NOV 29 22:25:00 10.254.24.172-1 UNKN[243420816]:
cmd_logger_api.c(87) 34 %% CLI:10.254.24.65:admin:show
logging buffered
• Disable: This system does not log CLI commands.
• If you change the administrative mode, click Submit to apply the change to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 116
D-Link UWS User Manual
Managing and Viewing Logs
Console Log Configuration
Use the Console Log Configuration page to control logging to any serial device attached to the switch.
To access the Console Log Configuration page, click LAN > Administration > Log > Console Log Configuration
in the navigation menu.
Figure 44: Console Log Configuration
Table 38: Console Log Configuration Fields
Field
Description
Admin Status
From the menu, select whether to enable or disable console logging. The
default is disabled.
• Enabled: Prints log messages to the device attached to the switch serial
port.
• Disabled: Log messages do not print to the device attached to the switch
serial port.
Use the menu to select the severity of the logs to print to the console. Logs
with the severity level you select and all logs of greater severity print. For
example, if you select Error, the logged messages include Error, Critical, Alert,
and Emergency. The default severity level is Alert(1). The severity can be one
of the following levels:
• Emergency (0): The highest level warning level. If the device is down or not
functioning properly, an emergency log is saved to the device.
• Alert (1): The second highest warning level. An alert log is saved if there is
a serious device malfunction, such as all device features being down.
• Critical (2): The third highest warning level. A critical log is saved if a critical
device malfunction occurs, for example, two device ports are not
functioning, while the rest of the device ports remain functional.
• Error (3): A device error has occurred, such as if a port is offline.
• Warning (4): The lowest level of a device warning.
• Notice (5): Provides the network administrators with device information.
• Informational (6): Provides device information.
• Debug (7): Provides detailed information about the log. Debugging should
only be entered by qualified support personnel.
Severity Filter
• If you make any changes to the page, click Submit to apply the change to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 117
D-Link UWS User Manual
Managing and Viewing Logs
Event Log
Use the Event Log page to display the event log, which is used to hold error messages for catastrophic events.
After the event is logged and the updated log is saved in flash memory, the switch will be reset. The log can
hold at least 2,000 entries (the actual number depends on the platform and OS), and is erased when an
attempt is made to add an entry after it is full. The event log is preserved across system resets.
To access the Event Log page, click LAN > Monitoring > Log > System Log in the navigation tree.
Figure 45: Event Log
Table 39: Event Log Fields
Field
Description
Entry
Filename
The number of the entry within the event log. The most recent entry is first.
The D-Link DWS-4000 Series source code filename identifying the code that
detected the event.
The line number within the source file of the code that detected the event.
The OS-assigned ID of the task reporting the event.
The event code passed to the event log handler by the code reporting the
event.
The time the event occurred, measured from the previous reset.
Line
Task ID
Code
Time
• Click Refresh to update the page with the latest log entries.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 118
D-Link UWS User Manual
Managing and Viewing Logs
Hosts Configuration
Use the Host Configuration page to configure remote logging hosts where the switch can send logs. To enable
remote logging, see “Syslog Configuration” on page 123.
To access the Host Configuration page, click LAN > Administration > Log > Host Configuration in the navigation
tree.
Figure 46 shows the Host Configuration page in its default state, before any logging hosts are added.
Figure 46: Host Configuration
After you add a logging host, the screen displays additional fields, as Figure 47 shows
Figure 47: Host Configuration with Logging Host
Adding a Remote Logging Host
Use the following procedures to add, configure, or delete a remote logging host.
1. From the Host field, select Add to add a new host, or select the IP address of an existing host to configure
the host.
If you are adding a new host, enter the IP address of the host in the IP Address field and click Submit. The
screen refreshes, and additional fields appear.
2. In the Port field, type the port number on the remote host to which logs should be sent.
3. Select the severity level of the logs to send to the remote host.
4. Click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 119
D-Link UWS User Manual
Managing and Viewing Logs
Deleting a Remote Logging Host
To delete a remote logging host from the configured list, select the IP address of the host from the Host field,
and then click Delete.
Persistent Log Configuration
The persistent log is stored in persistent storage, which means that the log messages are retained across a
switch reboot.
• The first log type is the system startup log. The system startup log stores the first N messages received
after system reboot. This log always has the log full operation attribute set to stop on full and can store up
to 32 messages.
• The second log type is the system operation log. The system operation log stores the last N messages
received during system operation. This log always has the log full operation attribute set to overwrite.
This log can store up to 1000 messages.
Either the system startup log or the system operation log stores a message received by the log subsystem that
meets the storage criteria, but not both. In other words, on system startup, if the startup log is configured, it
stores messages up to its limit. The operation log, if configured, then begins to store the messages.
The system keeps up to three versions of the persistent logs, named <FILE>1.txt, <FILE>2.txt, and <FILE>3.txt.
Upon system startup, <FILE>3.txt is removed, <FILE>2.txt is renamed <FILE>3.txt, <FILE>1.txt is renamed
<FILE>2.txt, <FILE>1.txt is created and logging begins into <FILE>1.txt. (Replace <FILE> in the above example
to specify olog for the operation log and slog for the startup log.)
The local persistent logs can be retrieved via the Web or CLI, or via xmodem over the local serial cable.
Use the Persistent Log Configuration page to enable or disable persistent logging and to set the severity filter.
To access the Persistent Log Configuration page, click LAN > Administration > Log > Persistent Logger
Configuration in the navigation menu.
Figure 48: Persistent Log Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 120
D-Link UWS User Manual
Managing and Viewing Logs
Table 40: Persistent Log Configuration Fields
Field
Description
Admin Status
Select whether to enable or disable persistent logging. The default is disabled.
• Enabled: Prints log messages to the device attached to the switch serial
port.
• Disabled: Log messages do not print to the device attached to the switch
serial port.
Use the menu to select the severity of the logs to print to the console. Logs
with the severity level you select and all logs of greater severity print. For
example, if you select Error, the logged messages include Error, Critical, Alert,
and Emergency. The default severity level is Alert(1). The severity can be one
of the following levels:
• Emergency (0): The highest level warning level. If the device is down or not
functioning properly, an emergency log is saved to the device.
• Alert (1): The second highest warning level. An alert log is saved if there is
a serious device malfunction, such as all device features being down.
• Critical (2): The third highest warning level. A critical log is saved if a critical
device malfunction occurs, for example, two device ports are not
functioning, while the rest of the device ports remain functional.
• Error (3): A device error has occurred, such as if a port is offline.
• Warning (4): The lowest level of a device warning.
• Notice (5): Provides the network administrators with device information.
• Informational (6): Provides device information.
• Debug (7): Provides detailed information about the log. Debugging should
only be entered by qualified support personnel.
Severity Filter
• If you make any changes to the page, click Submit to apply the change to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 121
D-Link UWS User Manual
Managing and Viewing Logs
Persistent Log
Use the Persistent Log page to view the persistent log messages.
To access the Persistent Log page, click LAN > Monitoring > Log > Persistent Log in the navigation tree menu.
Figure 49: Persistent Log
Table 41: Persistent Log Fields
Field
Description
Total Number of Messages
Shows the number of persistent messages the system has logged.
The rest of the page displays the log messages. The following example shows a log message:
<15>Aug 24 05:34:05 STK0 M[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on
message age timer expiry
This log message has a severity level of 7 (15 mod 8), which is a debug message. The system is not stacked
(STK0). The message was generated by the M component running in thread ID 2110. The message was
generated on August 24 05:34:05 by line 318 of file m_api.c. This is the 237th message logged.
• Click Refresh to refresh the page with the latest log entries.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 122
D-Link UWS User Manual
Managing and Viewing Logs
Syslog Configuration
Use the Syslog Configuration page to allow the switch to send log messages to the remote logging hosts
configured on the system.
To access the System Log Configuration page, click LAN > Administration > Log > System Log Configuration in
the navigation tree.
Figure 50: System Log
Table 42: Syslog Configuration Fields
Field
Description
Admin Status
Specifies whether to send log messages to the remote syslog hosts configured on the
switch:
• Enable: Messages will be sent to all configured hosts (syslog collectors or relays)
using the values configured for each host. For information about syslog host
configuration, see “Hosts Configuration” on page 119.
• Disable: Stops logging to all syslog hosts. Disable means no messages will be sent
to any collector/relay.
Specifies the port on the switch from which syslog messages are sent. The default
port is 514.
The number of messages received by the log process. This includes messages that are
dropped or ignored.
The number of messages that could not be processed due to error or lack of
resources.
The number of messages forwarded by the syslog function to a syslog host. Messages
forwarded to multiple hosts are counted once for each host.
Local UDP Port
Messages Received
Messages Dropped
Messages Relayed
• If you make any changes to the page, click Submit to apply the change to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 123
D-Link UWS User Manual
Managing and Viewing Logs
Trap Log
Use the Trap Log page to view the entries in the trap log. For information about how to copy the file to a TFTP
server, see “Upload File From Switch (TFTP)” on page 175.
To access the Trap Log page, click LAN > Monitoring > Log > Trap Log in the navigation menu.
Figure 51: Trap Log
Table 43: Trap Log Fields
Field
Description
Number of Traps Since Last
Reset
Trap Log Capacity
The number of traps generated since the trap log entries were last cleared.
Number of Traps Since Log
Last Viewed
Log
System Up Time
Trap
The maximum number of traps stored in the log. If the number of traps
exceeds the capacity, the entries will overwrite the oldest entries.
The number of traps that have occurred since the traps were last displayed.
Displaying the traps by any method (terminal interface display, Web display,
upload file from switch, etc.) will cause this counter to be cleared to 0.
The sequence number of this trap.
The time at which this trap occurred, expressed in days, hours, minutes and
seconds since the last reboot of the switch.
Displays the information identifying the trap.
• Click Clear Log to clear all entries in the log. Subsequent displays of the log will only show new log entries.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 124
D-Link UWS User Manual
Defining SNMP Parameters
Defining SNMP Parameters
Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device
supports SNMP version 1, SNMP version 2, and SNMP version 3. The Web interfaces supports configuration of
SNMPv1 and v2; SNMPv3 is supported only in the CLI.
SNMP v1 and v2
The SNMP agent maintains a list of variables, which are used to manage the device. The variables are defined
in the Management Information Base (MIB). The MIB presents the variables controlled by the agent. The
SNMP agent defines the MIB specification format, as well as the format used to access the information over
the network. Access rights to the SNMP agent are controlled by access strings.
SNMP v3
SNMP v3 also applies access control and a new traps mechanism to SNMPv1 and SNMPv2 PDUs. In addition,
the User Security Model (USM) is defined for SNMPv3 and includes:
• Authentication: Provides data integrity and data origin authentication.
• Privacy: Protects against disclosure of message content. Cipher-Bock-Chaining (CBC) is used for
encryption. Either authentication is enabled on an SNMP message, or both authentication and privacy are
enabled on an SNMP message. However privacy cannot be enabled without authentication.
• Timeliness: Protects against message delay or message redundancy. The SNMP agent compares incoming
message to the message time information.
• Key Management: Defines key generation, key updates, and key use.
The device supports SNMP notification filters based on Object IDs (OID). OIDs are used by the system to
manage device features. SNMP v3 supports the following features:
• Security
• Feature Access Control
• Traps
Authentication or Privacy Keys are modified in the SNMPv3 User Security Model (USM).
Use the SNMP page to define SNMP parameters. To display the SNMP page, click LAN > Administration >
SNMP Manager in the navigation tree.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 125
D-Link UWS User Manual
Defining SNMP Parameters
SNMP Community Configuration
Access rights are managed by defining communities on the SNMPv1, 2 Community page. When the community
names are changed, access rights are also changed. SNMP Communities are defined only for SNMP v1 and
SNMP v2.
Use the Community Configuration page to enable SNMP and Authentication notifications.
To display the Community Configuration page, click LAN > Administration > SNMP Manager> SNMP
Community Table in the navigation tree.
Figure 52: SNMP Community Configuration
Table 44: Community Configuration Fields
Field
Description
Community
Contains the predefined and user-defined community strings that act as a
password and are used to authenticate the SNMP management station to the
device. A community string can contain a maximum of 20 characters. By
default, the options available in the menu are as follows:
• public: This SNMP community has Read Only privileges and its status set
to enable
• private: This SNMP community has Read/Write privileges and its status set
to enable.
• Create: Use this option to create a new user-defined community string.
Use this field to reconfigure an existing community or to create a new one. A
valid entry is a case-sensitive string of up to 16 characters.
Taken together, the Client IP Address and Client IP Mask denote a range of IP
addresses from which SNMP clients may use that community to access this
device. If either (IP Address or IP Mask) value is 0.0.0.0, access is allowed from
any IP address. Otherwise, every client's IP address is ANDed with the mask,
as is the Client IP Address, and, if the values are equal, access is allowed. For
example, if the Client IP Address and Client IP Mask parameters are
192.168.1.0/255.255.255.0, then any client whose IP address is 192.168.1.0
through 192.168.1.255 (inclusive) will be allowed access. To allow access from
only one station, use a Client IP Mask value of 255.255.255.255, and use that
machine's IP address for Client IP Address.
SNMP Community Name
Client IP Address
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 126
D-Link UWS User Manual
Defining SNMP Parameters
Table 44: Community Configuration Fields (Cont.)
Field
Description
Client IP Mask
Along with the Client IP Address, the Client IP Mask denotes a range of IP
addresses from which SNMP clients may use that community to access this
device.
Specify the access level for this community:
• Read-Only: The Community has read only access to the MIB objects
configured in the view.
• Read-Write: The Community has read/modify access to the MIB objects
configured in the view.
Specify the status of this community:
• Enable: The community is enabled, and the Community Name must be
unique among all valid Community Names or the set request will be
rejected.
• Disable: The Community is disabled and the Community Name becomes
invalid.
Access Mode
Status
• If you make any changes to the page, click Submit to apply the changes to the system. If you create a new
Community, it is added to the table below the Submit button.
• Click Delete to delete the selected SNMP Community.
Trap Receiver Configuration
Use the Trap Receiver Configuration page to configure information about the SNMP community and the trap
manager that will receive its trap packets.
To access the Trap Receiver Configuration page, click LAN > Administration > SNMP Manager > Trap Receiver
Configuration from the navigation tree.
Figure 53: Trap Receiver Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 127
D-Link UWS User Manual
Defining SNMP Parameters
Table 45: Trap Receiver Configuration Fields
Field
Description
SNMP Trap Name
Select Create, to configure the SNMP trap name for the SNMP trap packet to
be sent to the trap manager.
If you have already configured an SNMP trap name, you can select it from the
drop-down menu to change the settings or delete it.
When the previous field is set to Create, enter the SNMP trap name for the
SNMP trap packet to be sent to the trap manager. This may be up to 16
characters and is case sensitive.
Select the trap version to be used by the receiver from the pull down menu:
• SNMP v1. Uses SNMP v1 to send traps to the receiver.
• SNMP v2. Uses SNMP v2 to send traps to the receiver.
Select the type of protocol used for the SNMP Trap Receiver Configuration:
• IPv4. Choose IPv4 to enter the address in IPv4 format.
• IPv6. Choose IPv6 to enter the address in IPv6 format.
Enter the IP address in dotted-decimal format of the system that receives
SNMP traps from the switch. Alternatively, you can enter the hostname of the
trap receiver
Select the receiver's status from the pulldown menu:
• Enable: Send traps to the receiver
• Disable: Do not send traps to the receiver.
SNMP Trap Name
SNMP Version
Protocol
IP Address/Host Name
Status
If you make any changes to the page, click Submit to apply the changes to the system. If you want the switch
to retain the new values across a power cycle, you must perform a save.
Trap Flags
Use the Trap Flags page to enable or disable traps at a component level that the switch can send to an SNMP
manager. When the condition identified by an active trap is encountered by the switch, a trap message is sent
to any enabled SNMP Trap Receivers, and a message is written to the trap log. If the component level trap flag
is disabled, then no trap is sent to the SNMP Manager even if the individual traps in that component are
enabled.
To access the Trap Flags page, click LAN > Administration > SNMP Manager > Trap Flags page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 128
D-Link UWS User Manual
Defining SNMP Parameters
Figure 54: Trap Flags Configuration
Table 46: Trap Flags Configuration Fields
Field
Description
Authentication
Enable or disable activation of authentication failure traps by selecting the
corresponding line on the pulldown entry field. The factory default is
enabled.
Enable or disable activation of link status traps by selecting the
corresponding line on the pulldown entry field. The factory default is
enabled.
Enable or disable activation of multiple user traps by selecting the
corresponding line on the pulldown entry field. The factory default is
enabled. This trap is triggered when the same user ID is logged into the
switch more than once at the same time (either via telnet or the serial
port).
Enable or disable activation of spanning tree traps by selecting the
corresponding line on the pulldown entry field. The factory default is
enabled.
Enable or disable activation of ACL traps by selecting the corresponding
line on the pulldown entry field. The factory default is disabled.
Enable or disable allowing the SNMP agent on the switch to generate
captive portal SNMP traps. The factory default is Disable which prevents
the SNMP agent on the switch from generating any captive portal SNMP
traps, even if they are individually enabled.
Enable or disable R1 version Style log that always has the colon symbol
follow with MAC, SSID, RADIO and switch (IP). The factory default is
disabled.
Link Up/Down
Multiple Users
Spanning Tree
ACL Traps
Captive Portal
R1 Version Log Style
If you make any changes to this page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 129
D-Link UWS User Manual
Defining SNMP Parameters
Supported MIBs
The Supported MIBs page lists the MIBs that the system currently supports.
To access the Supported MIBs page, click LAN > Monitoring > Supported MIBs in the navigation menu. A
portion of the web screen is shown Figure 55.
Figure 55: Supported MIBs
Table 47: Supported MIBs Fields
Field
Description
Name
Description
The RFC number if applicable and the name of the MIB.
The RFC title or MIB description.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 130
D-Link UWS User Manual
Managing the DHCP Server
Managing the DHCP Server
DHCP is generally used between clients (e.g., hosts) and servers (e.g., routers) for the purpose of assigning IP
addresses, gateways, and other networking definitions such as DNS, NTP, and/or SIP parameters. The DHCP
Server folder contains links to web pages that define and display DHCP parameters and data.
Global Configuration
Use the Global Configuration page to configure DHCP global parameters.
To display the page, click LAN > Administration > DHCP Server > Global Configuration in the navigation tree.
Figure 56: DHCP Server Global Configuration
Table 48: DHCP Server Global Configuration Fields
Field
Description
Admin Mode
Enables or disables DHCP server operation on the switch. The default value is
Disable.
Specifies the number of packets a server sends to a Pool address to check for
duplication as part of a ping operation. Default value is 2. The valid range is (0,
2 to 10). Setting the value to 0 disables the function.
Specifies whether to enable or disable conflict logging on a DHCP Server. The
default value is Enable.
Specifies whether to enable or disable Bootp for dynamic pools.
Allows the allocation of the addresses in the automatic address pool to the
BootP client.
Does not use the automatic address pool addresses for BootP clients. This is
the default value.
Ping Packet Count
Conflict Logging Mode
Bootp Automatic Mode
Enable
Disable
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 131
D-Link UWS User Manual
Managing the DHCP Server
Table 48: DHCP Server Global Configuration Fields (Cont.)
Field
Description
Add Excluded Addresses
Use the From and To fields to specify the IP addresses that the server should
not assign to the client. If you want to exclude a range of addresses, set the
range boundaries.
Note: It is strongly recommended not to add thousands of addresses in the
range. The larger the range, more time will be taken by the DHCP server to
assign an IP address.
To exclude an address range, specify the low address in the range.To specify a
single address to exclude, enter the address in the From field and leave the To
field at the default value of 0.0.0.0. For example, in Figure 57 on page 133, the
user is adding the address 192.168.17.100 to the excluded addresses list.
To exclude an address range, specify the high address in the range. To exclude
a single address, do not enter a value in this field.
After you add excluded addresses, they appear below this field title, as
Figure 57 on page 133 shows. Each address or address range has a check box
next to it.
From
To
Delete Excluded Addresses
• If you change any settings or add an excluded address range, click Submit to apply the changes to the
system. Each time you enter a value in the From or To fields, click Submit to add the address or address
range to the excluded address list.
• To Delete an address or address range from the excluded address list, select one or more check box
beneath the Delete Excluded Addresses field and click Submit.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 132
D-Link UWS User Manual
Managing the DHCP Server
Pool Configuration
Use the DHCP Pool Configuration page to create the pools of addresses that can be assigned by the server.
To access the Pool Configuration page, click LAN > Administration > DHCP Server > Pool Configuration in the
navigation tree.
In Figure 57, some of the blank fields where you add IP addresses have been edited out of the image for display
purposes. You can add up to eight addresses in the Default Router Addresses, DNS Server Addresses, NetBIOS
name Server Addresses and IP Address Value fields.
If you select Dynamic or Manual from the Type of Binding drop-down menu, the screen refreshes and a
slightly different set of fields appears.
Figure 57: Pool Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 133
D-Link UWS User Manual
Managing the DHCP Server
Table 49: Pool Configuration Fields
Field
Description
Pool Name
For a user with read/write permission, this field would show names of all the existing
pools along with an additional option Create. When the user selects Create, another
text box, Pool Name, appears where the user may enter name for the Pool to be
created.For a user with read-only permission, this field would show names of the
existing pools only.
This field appears when the user with read-write permission has selected Create in the
Drop Down list against Pool Name. Specifies the Name of the Pool to be created. Pool
Name can be up to 31 characters in length.
Specifies the type of binding for the pool.
• Unallocated: The addresses are not assigned to a client.
• Dynamic: The IP address is automatically assigned to a client by the DHCP server.
• Manual: You statically assign an IP address to a client based on the client’s MAC
address.
If you specify Dynamic as the type of binding, this field appears. Specifies the network
number (host bits) for a DHCP address of a dynamic pool. For example, if 192.168.5.0
is the network number and 255.255.255.0 is the network mask (or a prefix length of
24) for the pool, the IP addresses in the pool range from 192.168.5.1 - 192.168.5.254.
For dynamic bindings, this field specifies the subnet mask for a DHCP address of a
dynamic pool. You can enter a value in Network Mask or Prefix Length to specify the
subnet mask, but do not enter a value in both fields.
For dynamic bindings, this field specifies the subnet number for a DHCP address of a
dynamic pool. You can enter a value in Network Mask or Prefix Length to specify the
subnet mask, but do not enter a value in both fields. The valid range is 0 to 32.
For manual bindings, this field specifies a name for the client to which the DHCP server
will statically assign an IP address. This field is optional.
For manual bindings, this field specifies the MAC address of the hardware platform of
the DHCP client.
For manual bindings, this field specifies the protocol of the hardware platform of the
DHCP client. Valid types are ethernet and ieee802. Default value is ethernet.
For manual bindings, this field specifies the Client Identifier for DHCP manual Pool.
For manual bindings, this field specifies the IP address to be statically assigned to a
DHCP client. The host can be set only if at least one among of Client Identifier or
Hardware Address is specified. Deleting Host would delete Client Name, Client ID,
Hardware Address for the Manual Pool and set the Pool Type to Unallocated.
For manual bindings, this field specifies the subnet mask to be statically assigned to a
DHCP client. You can enter a value in Host Mask or Prefix Length to specify the subnet
mask, but do not enter a value in both fields.
For manual and dynamic bindings, this field specifies the subnet mask for a manual
binding to a DHCP client. You can enter a value in Network Mask or Prefix Length to
specify the subnet mask, but do not enter a value in both fields. The valid range is
0 to 32.
Pool Name
Type of Binding
Network Number
Network Mask
Prefix Length
Client Name
Hardware Address
Hardware Address
Type
Client ID
Host Number
Host Mask
Prefix Length
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 134
D-Link UWS User Manual
Managing the DHCP Server
Table 49: Pool Configuration Fields (Cont.)
Field
Description
Lease Time
Specifies the type of lease to assign clients:
• Infinite: For dynamic bindings, an infinite least time is a lease period of 60 days. For
manual bindings, an infinite lease time means the lease period does not expire.
• Specified Duration: Allows you to specify the lease period. The default value is
Specified Duration.
• Db-node Broadcast: Uses broadcasted queries.
Days
For a Specified Duration lease time, this field specifies the number of days for the lease
period. The default value is 1, and the valid range is 0-59.
Hours
For a Specified Duration lease time, this field specifies the number of hours for the
lease period. The default value is 1, and the valid range is 0-1439.
Minutes
For a Specified Duration lease time, this field specifies the number of minutes for the
lease period. The default value is 1, and the valid range is 0-86399.
Default Router
Specifies the list of default router IP addresses for the pool. You can specify up to eight
Addresses
addresses in order of preference.
DNS Server Addresses Specifies the list of DNS server IP addresses for the pool. You can specify up to eight
addresses in order of preference.
NetBIOS Name Server Specifies the list of NetBIOS name server IP addresses for the pool. You can specify up
Addresses
to eight addresses in order of preference.
NetBIOS Node Type Specifies the NetBIOS node type for DHCP clients:
• p-node Peer-to-Peer: Uses point-to-point name queries to a name server.
• m-node Mixed: Uses broadcasts first, then uses queries the name server.
• h-node Hybrid: Uses queries the name server first, and then uses broadcasts.
Next Server Address Specifies the IP address of the next server in the client’s boot process, such as a TFTP
server.
Domain Name
Specifies the domain name for a DHCP client. The domain name can be up to 255
characters in length.
Bootfile
Specifies the name of the default boot image for a DHCP client. The file name can be
up to 128 characters in length.
Add Options
The rest of the fields on the page allow you to add and configure DHCP options. See
RFC 2132 for more information about DHCP options.
Code
Specifies the DHCP option code. The valid range is 1-254.
Ascii Value
Specifies an NVT ASCII character string.
Hex Value
Specifies dotted hexadecimal data. Each byte in hexadecimal character strings is 2
hexadecimal digits. Each byte can be separated by a colon or white space. A period
separates 2 bytes/4 hexadecimal digits.
IP Address Values
Specifies the Option IP addresses.
• After you configure values for the DHCP address pool, click Submit to create the pool and apply the
changes to the system.
• To delete a pool, select the pool from the Pool Name drop-down menu and click Delete.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 135
D-Link UWS User Manual
Managing the DHCP Server
Pool Options
Use the Pool Options page to configure DHCP options that the DHCP server can pass to the client. For more
information about DHCP options, see RFC 2132.
To access the Pool Options page, click LAN > Administration > DHCP Server > Pool Options in the navigation
menu.
If no DHCP pools exist, the Pool Options page does not display the fields shown in Figure 58.
Figure 58: Pool Options
If any DHCP pools are configured on the system, the Pool Options page contains the following fields:
Table 50: Pool Options Fields
Field
Description
Pool Name
Option Code
ASCII Value
Hex Value
IP Address Value
Select the DHCP pool to with the options you want to view or configure.
Displays the DHCP option code configured for the selected Pool.
Specifies the Option ASCII Value for the selected pool
Specifies the Option Hex Value for the selected pool.
Specifies the Option IP Address Value for the selected pool.
To delete an option code for the selected Pool, enter the option code in the folder and click Delete. This button
is not visible to a user with read-only permission.DHCP Server Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 136
D-Link UWS User Manual
Managing the DHCP Server
Reset Configuration
Use the Reset Configuration page to clear IP address bindings between that the DHCP server assigned to the
client.
To access the Reset Configuration page, click LAN > Administration > DHCP Server > Reset Configuration in
the navigation tree.
Figure 59: Reset Configuration
Table 51: Reset Configuration Fields
Field
Description
Clear
Specifies what to clear from the DHCP server database:
• All Dynamic Bindings: Deletes all dynamic bindings from all address pools.
• Specific Dynamic Binding: Deletes the specified binding.
• All Address Conflicts: Deletes all address conflicts from the DHCP server
database.
• Specific Address Conflict: Deletes a specified conflicting address from the
database.
If you select Specific Dynamic Bindings or Specific Address Conflicts from the
Clear field, the screen refreshes and the Clear IP Address field appears. Enter
the specific IP address to clear from the DHCP server.
Clear IP Address
• After you select the bindings or conflicts to clear and, if necessary, enter the specific IP address, click Clear
to remove the binding from the DHCP server.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 137
D-Link UWS User Manual
Managing the DHCP Server
Bindings Information
Use the DHCP Server Bindings Information page to view information about the IP address bindings in the
DHCP server database.
To access the DHCP Server Bindings Information page, click LAN > Monitoring > DHCP Server Summary >
Binding Information in the navigation tree.
Figure 60: Bindings Information
Table 52: Bindings Information Fields
Field
Description
DHCP Binding
Select the bindings to display:
• All Bindings: Show all bindings.
• Specific Binding: Show a specific binding. When you select this option, the
screen refreshes, and the Binding IP Address field appears.
Specify the IP address for which you want to view binding information. This
field is only available if you select Specific Binding from the DHCP Binding
field.
Displays the client IP address.
Displays the client MAC address.
Shows the remaining time left in the lease in Days, Hours and Minutes
dd:hh:mm format.
Shows the type of binding, which is dynamic or manual.
Binding IP Address
IP Address
Hardware Address
Lease Time Left
Pool Allocation Type
• If you change any settings, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 138
D-Link UWS User Manual
Managing the DHCP Server
Server Statistics
Use the DHCP Server Statistics page to view information about the DHCP server bindings and messages.
To access the Server Statistics page, click LAN > Monitoring > DHCP Server Summary > Server Statistics in the
navigation menu.
Figure 61: Server Statistics
Table 53: Server Statistics Fields
Field
Description
Automatic Bindings
Expired Bindings
Malformed Messages
Shows the number of automatic bindings on the DHCP server.
Shows the number of expired bindings on the DHCP server.
Shows the number of the malformed messages.
Message Received
DHCPDISCOVER
DHCPREQUEST
DHCPDECLINE
DHCPRELEASE
DHCPINFORM
DHCPOFFER
DHCPACK
DHCPNAK
D-Link
Oct. 2015
Shows the number of DHCPDISCOVER messages received by the DHCP server.
Shows the number of DHCPREQUEST messages received by the DHCP server.
Shows the number of DHCPDECLINE messages received by the DHCP server.
Shows the number of DHCPRELEASE messages received by the DHCP server.
Shows the number of DHCPINFORM messages received by the DHCP server.
Shows the number of DHCPOFFER messages sent by the DHCP server.
Shows the number of DHCPACK messages sent by the DHCP server.
Shows the number of DHCPNAK messages sent by the DHCP server.
Unified Wired and Wireless Access System
Page 139
D-Link UWS User Manual
Managing the DHCP Server
• Click Refresh to update the information on the screen.
• Click Clear Server Statistics to reset all counters to zero.
Conflicts Information
Use the Conflicts Information page to view information on hosts that have address conflicts; i.e., when the
same IP address is assigned to two or more devices on the network.
To access the Conflicts Information page, click LAN > Monitoring > DHCP Server Summary > Conflicts
Information in the navigation tree.
Figure 62: Conflicts Information
Table 54: Conflicts Information Fields
Field
Description
DHCP Conflicts
Select the DHCP conflicts to display:
• All Conflicts: Show all conflicts.
• Specific Conflict: Show a specific conflict. When you select this option, the
screen refreshes, and the Conflict IP Address field appears.
Specify the IP address for which you want to view conflict information. This
field is only available if you select Specific Conflicts from the DHCP Conflict
field.
Displays the client IP address.
Specifies the manner in which the IP address of the hosts were found on the
DHCP server.
Specifies the time when the conflict was detected in N days NNh:NNm:NNs
format with respect to the system up time.
Conflict IP Address
IP Address
Detection Method
Detection Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 140
D-Link UWS User Manual
Configuring Time Ranges
Configuring Time Ranges
Use these pages to configure time ranges to use in time-based access control list (ACL) rules. Time-based ACLs
allow one or more rules within an ACL to be based on a periodic or absolute time. Each ACL rule within an ACL
except for the implicit deny all rule can be configured to be active and operational only during a specific time
period. The time range pages allow you to define specific times of the day and week in order to implement
time-based ACLs. For example, you can create a time-based MAC ACL that prevents clients with specific MAC
addresses from accessing network resources on weekends. The time range is identified by a name and can
then be referenced by an ACL rule defined with in an ACL.
You must configure a named time range before you can reference it from an ACL. In other words, for the ACL
to reference a time range, the time range must already exist. For more information about configuring ACLs,
see Section 7: “Configuring Access Control Lists,” on page 356.
Time Range Configuration
Use this page to create a named time range. Each time range can consist of one absolute time entry and/or
one or more periodic time entries.
To access this page, click LAN > Administration > Time Range > Configuration.
Figure 63: Time Range Configuration
Table 55: Time Range Configuration
Field
Description
Time Range
To create a new time range, select Create New Time Range from the menu and specify
the name in the following field.
To delete an existing time range, select its name and click Delete.
When creating a new time range, specify the name, which may include alphabetic,
numeric, dash, underscore or space characters only. The name must start with an
alphabetic character and can contain up to 31 characters.
Displays the current number of time ranges configured on the switch and the maximum
number of time ranges that can be configured.
Time Range Name
Current Number/
Maximum Number
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 141
D-Link UWS User Manual
Configuring Time Ranges
• Use Submit to add a new time range.
• Use Delete to remove an existing time range.
Time Range Summary
Use this page to view summary information about configured time ranges.
To access this page, click LAN > Administration > Time Range > Summary.
Figure 64: Time Range Summary
Table 56: Time Range Summary
Field
Description
Time Range Name
Time Range Status
Identifies the user-configured name of the time range.
Shows whether the time range is active or inactive. A time range is inactive if
the current day and time does not fall within the time entry specified in the
time range.
Shows the number of periodic entries configured for the time range.
Shows whether an absolute entry is configured for the time range.
Periodic Entry Count
Absolute Entry
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 142
D-Link UWS User Manual
Configuring Time Ranges
Time Range Entry Configuration
Use this page to configure periodic and absolute time range entries and add them to named time ranges.
Note: The time range entries use the system time for the time periods in which they take effect.
Make sure you configure the SNTP server settings so that the SNTP client on the switch can obtain
the correct date and time from the server.
To access this page, click LAN > Administration > Time Range > Time Range Entry Configuration.
Figure 65: Time Range Entry Configuration
Table 57: Time Range Entry Configuration
Field
Description
Time Range Name
Select the name of the time range to which you want to add a time range
entry.
Select Create New Time Range Entry to add a new entry to a time range. To
view or delete an existing time range entry, select its ID from the menu.
When creating a new time range entry, assign a unique ID number from 1–10.
This field does not appear if the entry has already been configured.
Specifies whether the entry is periodic or absolute. A periodic entry occurs at
the same time every day or on one or more days of the week. An absolute
entry does not repeat.
Time Range Entry
Time Range Entry ID
Time Range Entry Type.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 143
D-Link UWS User Manual
Configuring Time Ranges
Table 57: Time Range Entry Configuration
Field
Description
Periodic Time Range Entry
Applicable Days
Start Day
Start Time
End Day
End Time
Specify the day(s) when the time entry occurs:
• Daily — Has the same start and end time every day
• Weekdays — Has the same start and end time Monday through Friday
• Weekdays — Has the same start and end time on Saturday and Sunday
• Days of the Week — Select the day of the week when the entry starts and
stops. You do not need to use the same day of the week for the start and
end time.
(Periodic Days of Week only) Select the day the time range entry starts. To
select multiple days, hold the CTRL key and click the days.
Specify the time when the entry begins. The time is based on a 24-hour clock.
For example, 6:00 PM is 18:00.
(Periodic Days of Week only) Select the day the time range entry ends.
Specify the time when the entry ends. The time is based on a 24-hour clock.
For example, 6:00 PM is 18:00.
Absolute Time Range Entry
Absolute Start Date and Time Select the check box to configure the date and time when the time range entry
begins.
Start Month
Select the month when the time entry begins.
Start Date
Select the day of the month when the time entry begins.
Start Year
Select the year when the time entry begins.
Start Time
Specify the time when the entry begins. The time is based on a 24-hour clock.
For example, 6:00 PM is 18:00.
Absolute End Date and Time Select the check box to configure the date and time when the time range entry
ends.
End Month
Select the month when the time entry ends.
End Date
Select the day of the month when the time entry ends.
End Year
Select the year when the time entry ends.
End Time
Specify the time when the entry ends. The time is based on a 24-hour clock.
For example, 6:00 PM is 18:00.
Click Submit to create the time range entry. Configuration changes take effect immediately. These changes will
not be retained across a power cycle unless a save is performed.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 144
D-Link UWS User Manual
Configuring DNS
Configuring DNS
You can use these pages to configure information about DNS servers the network uses and how the switch/
router operates as a DNS client.
Global Configuration
Use this page to configure global DNS settings and to view DNS client status information.
To access this page, click LAN > Administration > DNS Client > Global Configuration.
Figure 66: DNS Global Configuration
Table 58: DNS Global Configuration Fields
Field
Description
Admin Mode
Select Enable or Disable from the pulldown menu to set the administrative
status of DNS Client. The default is Disable.
Enter the default domain name for DNS client messages. The name should be
no longer than 255 characters. When the system is performing a lookup on an
unqualified hostname, this field is provided as the domain name (e.g., if
default domain name is .com and the user enters hotmail, then hotmail is
changed to hotmail.com to resolve the name).
By default, no default domain name is configured in the system.
Enter the number of times to retry sending DNS queries. The valid values are
from 0 to 100. The default value is 2.
Enter the number of seconds to allow a DNS server to respond to a request
before issuing a retry. Valid values are 0 to 3600. The default value is 3.
Enter a domain list to define the domain to use when performing a lookup on
an unqualified hostname. Each name must be no more than 256 characters.
Multiple default domain names can be configured using the default domainname list.
If there is no domain list, the default domain name configured is used.
Default Domain Name
Retry Number
Response Timeout
Domain List
• If you change any settings, click Submit to send the information to the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 145
D-Link UWS User Manual
Configuring DNS
• To create a new list of domain names, click Create. Then enter a name of the list and click submit. Repeat
this step to add multiple domains to the default domain list.
• To remove a domain from the default list select the Remove option next to the item you want to remove
and click Submit.
Server Configuration
Use this page to configure information about DNS servers that the router will use. The order in which you
create them determines their precedence; i.e., DNS requests will go to the higher precedence server first. If
that server is unavailable or does not respond in the configured response time, then the request goes to the
server with the next highest precedence.
To access this page, click LAN > Administration >DNS Client > Server Configuration.
Figure 67: DNS Server Configuration
Table 59: DNS Server Configuration Fields
Field
Description
DNS Server Address
To add a new DNS server to the list, enter the DNS server IPv4 or IPv6 address
in numeric notation.
Shows the precedence value of the server that determines which server is
contacted first; a lower number indicates has higher precedence.
Precedence
• To create a new DNS server, enter an IP address in standard IPv4 or IPv6 dot notation in the DNS Server
Address and click Submit. The server appears in the list below. The precedence is set in the order created.
• To change precedence, you must remove the server(s) by clicking the Remove box and then Submit, and
add the server(s) in the preferred order.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 146
D-Link UWS User Manual
Configuring DNS
DNS Host Name IP Mapping Configuration
Use this page to configure DNS host names for hosts on the network. The host names are associated with IPv4
or IPv6 addresses on the network, which are statically assigned to particular hosts.
To access this page, click LAN > Administration > DNS Client > HostName IP Mapping in the navigation tree,
then click the Add Static Entry button.
Figure 68: DNS Host Name Mapping Configuration
Table 60: DNS Host Name Mapping Configuration Fields
Field
Description
Host Name
Inet Address
Enter the host name to assign to the static entry.
Enter the IP4 or IPv6 address associated with the host name.
• Click Submit to apply the new configuration and cause the change to take effect immediately. These
changes will not be retained across a power cycle unless a Save is performed.
• Click Back to cancel and display the hostname IP mapping page to see the configured hostname-IP
mapping entries.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 147
D-Link UWS User Manual
Configuring DNS
DNS Host Name IP Mapping Summary
Use this page to configure static and dynamic DNS host names for hosts on the network. The host names are
associated with IPv4 or IPv6 addresses on the network, which are assigned to particular hosts.
To access this page, click LAN > Monitoring > DNS Server > Host Name IP Mapping Summary in the navigation
tree.
Figure 69: DNS Host Name IP Mapping Summary
Table 61: DNS Host Name IP Mapping Summary Fields
Field
Description
DNS Static Entries
Host Name
Inet Address
Remove
The host name of the static entry.
The IP4 or IPv6 address of the static entry.
Select to remove a Host Name IP Mapping entry from the Host Name IP
Mapping list.
DNS Dynamic Entries
Host Name
Total
Elapsed
Type
Addresses
Remove
The host name of the dynamic entry.
The total time of the dynamic entry.
The elapsed time of the dynamic entry.
The type of the dynamic entry.
The IP4 or IPv6 address of the dynamic entry.
Select to remove a Host Name IP Mapping entry from the Host Name IP
Mapping list.
• Click Add Static Entry to load the Host Name IP Mapping Configuration page in order to configure the
Host Name IP Mapping entries.
• Click Submit to apply the new configuration and cause the change to take effect immediately. These
changes will not be retained across a power cycle unless a Save is performed.
• Click Clear Dynamic Entries to remove all Host Name IP Mapping entries. A confirmation prompt will be
displayed. Click the button to confirm removal and the Host Name IP Mapping dynamic entries are
cleared.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 148
D-Link UWS User Manual
Configuring and Viewing ISDP Information
Configuring and Viewing ISDP Information
The Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which interoperates with Cisco® devices running the Cisco Discovery Protocol (CDP). ISDP is used to share information
between neighboring devices. D-Link DWS-4000 Series switches participate in the CDP protocol and are able
to both discover and be discovered by other CDP supporting devices.
Global Configuration
From the ISDP Global Configuration page, you can configure the ISDP settings for the switch, such as the
administrative mode. To display the ISDP Global Configuration page, click LAN > Administration > ISDP >
Global Configuration in the navigation tree.
Figure 70: ISDP Global Configuration
The following table describes the fields available on the ISDP Global Configuration page.
Table 62: ISDP Global Configuration
Field
Description
ISDP Mode
Use this field to enable or disable the Industry Standard Discovery Protocol on the
switch.
Use this field to enable or disable the Industry Standard Discovery Protocol v2 on the
switch.
Specifies the ISDP transmit interval. The range is (5–254). Default value is 30 seconds.
The receiving device holds ISDP message during this time period. The range is (10–255).
Default value is 180 seconds.
The Device ID advertised by this device. The format of this Device ID is characterized by
the value of Device ID Format object.
ISDP V2 Mode
Message Interval
Holdtime Interval
Device ID
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 149
D-Link UWS User Manual
Configuring and Viewing ISDP Information
Table 62: ISDP Global Configuration
Field
Description
Device ID Format
Capability
Indicates the Device ID format capability of the device.
• serialNumber—Indicates that the device uses serial number as the format for its
Device ID.
• macAddress—Indicates that the device uses layer 2 MAC address as the format for
its Device ID.
• other—Indicates that the device uses its platform specific format as the format for
its Device ID.
Indicates the Device ID format of the device.
• serialNumber—Indicates that the value is in the form of an ASCII string containing
the device serial number.
• macAddress—Indicates that the value is in the form of Layer 2 MAC address.
• other—Indicates that the value is in the form of a platform specific ASCII string
containing info that identifies the device. For example: ASCII string contains
serialNumber appended/prepended with system name.
Device ID Format
Cache Table
From the ISDP Cache Table page, you can view information about other devices the switch has discovered
through the ISDP. To access the ISDP Cache Table page, click LAN > Monitoring > ISDP > Cache Table in the
navigation menu.
Figure 71: ISDP Cache Table
The following table describes the fields available on the ISDP Cache Table page.
Table 63: ISDP Cache Table
Field
Description
Device ID
Displays the string with Device ID which is reported in the most recent ISDP
message.
Displays the interface that this neighbor is attached to.
The (first) network-layer address that is reported in the Address TLV of the
most recently received ISDP message.
Displays the Version string for the neighbor.
Interface
IP Address
Version
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 150
D-Link UWS User Manual
Configuring and Viewing ISDP Information
Table 63: ISDP Cache Table (Cont.)
Field
Description
Holdtime
Capability
Platform
Port ID
Protocol Version
Last Time Changed
Displays the ISDP holdtime for the neighbor.
Displays the ISDP Functional Capabilities for the neighbor.
Displays the ISDP Hardware Platform for the neighbor.
Displays the ISDP port ID string for the neighbor.
Displays the ISDP Protocol Version for the neighbor.
Displays when entry was last modified.
Interface Configuration
From the ISDP Interface Configuration page, you can configure the ISDP settings for each interface. To display
the ISDP Cache Table page, click LAN > Administration > ISDP > Interface Configuration in the navigation tree.
Note: If ISDP is enabled on an interface, it must also be enabled globally in order for the interface to
transmit ISDP packets. If the ISDP mode on the ISDP Global Configuration page is disabled, the
interface will not transmit ISDP packets, regardless of the mode configured on the interface.
Figure 72: ISDP Interface Configuration
The following table describes the fields available on the ISDP Interface Configuration page.
Table 64: ISDP Interface Configuration
Field
Description
Slot/Port
ISDP Mode
Select the interface with the ISDP mode status to configure or view.
Use this field to enable or disable the Industry Standard Discovery Protocol on
the selected interface.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 151
D-Link UWS User Manual
Configuring and Viewing ISDP Information
Statistics
From the ISDP Statistics page, you can view information about the ISDP packets sent and received by the
switch. To display the ISDP Statistics page, click LAN > Monitoring > ISDP > Statistics in the navigation tree.
Figure 73: ISDP Statistics
The following table describes the fields available on the ISDP Statistics page.
Table 65: ISDP Statistics
Field
Description
ISDP Packets Received
ISDP Packets Transmitted
ISDPv1 Packets Received
ISDPv1 Packets Transmitted
ISDPv2 Packets Received
ISDPv2 Packets Transmitted
ISDP Bad Header
ISDP Checksum Error
ISDP Transmission Failure
Invalid Format ISDP Packets
Received
Table Full
Displays the number of all ISDP protocol data units (PDUs) received.
Displays the number of all ISDP PDUs transmitted.
Displays the number of v1 ISDP PDUs received.
Displays the number of v1 ISDP PDUs transmitted.
Displays the number of v2 ISDP PDUs received.
Displays the number of v2 ISDP PDUs transmitted.
Displays the number of ISDP PDUs that were received with bad headers.
Displays the number of ISDP PDUs that were received with checksum errors.
Displays the number of ISDP PDUs transmission failures.
Displays the number of ISDP PDUs that were received with an invalid format.
ISDP IP Address Table Full
D-Link
Oct. 2015
Displays the number of times the system tried to add an entry to the ISDP
table but was unsuccessful because the table was full.
Displays the number of times the system tried to add an entry to the ISDP IP
Address table but was unsuccessful because the table was full.
Unified Wired and Wireless Access System
Page 152
D-Link UWS User Manual
Configuring sFlow
Configuring sFlow
sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into
network equipment and gives complete visibility into network activity, enabling effective management and
control of network resources.
The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a standalone
probe) and a central sFlow Collector. The sFlow Agent uses sampling technology to capture traffic statistics
from the device it is monitoring. sFlow datagrams are used to immediately forward the sampled traffic
statistics to an sFlow Collector for analysis.
The sFlow Agent uses two forms of sampling: statistical packet-based sampling of switched or routed Packet
Flows, and time-based sampling of counters.
sFlow Agent Summary
Packet Flow Sampling and Counter Sampling are performed by sFlow Instances associated with individual Data
Sources within the sFlow Agent. Packet Flow Sampling and Counter Sampling are designed as part of an
integrated system. Both types of samples are combined in sFlow datagrams. Packet Flow Sampling will cause
a steady, but random, stream of sFlow datagrams to be sent to the sFlow Collector. Counter samples may be
taken opportunistically in order to fill these datagrams.
In order to perform Packet Flow Sampling, an sFlow Sampler Instance is configured with a Sampling Rate. The
Packet Flow sampling process results in the generation of Packet Flow Records. In order to perform Counter
Sampling, the sFlow Poller Instance is configured with a Polling Interval, The Counter Sampling process results
in the generation of Counter Records. The sFlow Agent collects Counter Records and Packet Flow Records and
sends them in the form of sFlow datagrams to sFlow Collectors.
To access the sFlow Agent Summary page, click LAN > Monitoring > sFlow > Agent Summary in the navigation
tree.
Figure 74: sFlow Agent Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 153
D-Link UWS User Manual
Configuring sFlow
Table 66: sFlow Agent Summary
Field
Description
Version
Uniquely identifies the version and implementation of this MIB. The version string must have
the following structure: MIB Version;Organization;Software Revision where:
• MIB Version: ‘1.3’, the version of this MIB.
• Organization: D-Link Corporation
• Revision: 1.0
Agent Address The IP address associated with this agent.
• Use the Refresh button to refresh the page with the most current data from the switch.
sFlow Receiver Configuration
Use the sFlow Receiver Configuration page to configure the sFlow Receiver.
To access the sFlow Receiver Configuration page, click LAN > Administration > sFlow > Receiver Configuration
in the navigation tree.
Figure 75: sFlow Receiver Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 154
D-Link UWS User Manual
Configuring sFlow
Table 67: sFlow Receiver Configuration
Field
Description
Receiver Index Selects the receiver for which data is to be displayed or configured. The allowed range is 1 to
8.
Receiver Owner The entity making use of this sFlowRcvrTable entry. The empty string indicates that the entry
String
is currently unclaimed and the receiver configuration is reset to the default values. An entity
wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before
trying to claim it. The entry is claimed by setting the owner string. The entry must be claimed
before any changes can be made to other sampler objects.
Receiver
The time (in seconds) remaining before the sampler is released and stops sampling. A
Timeout
management entity wanting to maintain control of the sampler is responsible for setting a
new value before the old one expires. Allowed range is (0 to 2147483647 secs). A value of
zero sets the selected receiver configuration to its default values.
No Timeout
Select the check box to set the timeout value to non-decrementing value of 2147483647
seconds for a receiver. As the receiver entry will be deleted in the configuration only after
timeout value is Zero, 'No Timeout' selected entry will be in the config until user explicitly
removes the entry.
Receiver
The maximum number of data bytes that can be sent in a single sample datagram. The
Maximum
manager should set this value to avoid fragmentation of the sFlow datagrams. The default
Datagram Size value is 1400. The allowed range is 200 to 9116.)
Receiver
The IP address of the sFlow collector. If set to 0.0.0.0 no sFlow datagrams will be sent.
Address
Receiver Port The destination port for sFlow datagrams. The allowed range is 1 to 65535). The default
value for port is 6343
Receiver
The version of sFlow datagrams that should be sent.
Datagram
Version
• Use the Submit button to sent updated data to the switch and cause the changes to take effect on the
switch.
• Use the Refresh button to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 155
D-Link UWS User Manual
Configuring sFlow
sFlow Poller Configuration
The sFlow agent collects time-based sampling of network interface statistics and sends them to the configured
sFlow receivers. A data source configured to collect counter samples is called a poller.
Counter Sampling
The primary objective of Counter Sampling is to efficiently, periodically export counters associated with Data
Sources. A maximum Sampling Interval is assigned to each sFlow instance associated with a Data Source.
Counter Sampling is accomplished as follows:
• The sFlow Agent keeps a list of counter sources being sampled. When a Packet Flow Sample is generated,
the sFlow Agent examines the list and adds counters to the sample datagram, least recently sampled first.
Counters are only added to the datagram if the sources are within a short period, i.e. five seconds, of
failing to meet the required Sampling Interval. Periodically, i.e. every second, the sFlow Agent examines
the list of counter sources and sends any counters that need to be sent to meet the sampling interval
requirement.
To access the sFlow Poller Configuration page, click LAN > Administration > sFlow > Poller Configuration in
the navigation tree.
Figure 76: sFlow Poller Configuration
Table 68: sFlow Poller Configuration
Field
Description
Poller
The sFlow Sampler Datasource for this flow sampler. This Agent will support Physical ports
DataSource
only.
Receiver Index The sFlowReceiver for this sFlow Counter Poller. If set to zero, the poller configuration is set
to the default and the poller is deleted. Only active receivers can be set. If a receiver expires,
then all pollers associated with the receiver will also expire. The allowed range is 1 to 8.
Poller Interval The maximum number of seconds between successive samples of the counters associated
with this data source
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 156
D-Link UWS User Manual
Configuring sFlow
sFlow Sampler Configuration
The sFlow Agent collects a statistical packet-based sampling of the switched flows and sends them to the
configured receivers. A data source configured to collect flow samples is called a sampler.
Packet Flow Sampling
The Packet Flow Sampling mechanism carried out by each sFlow instance ensures that any packet observed at
a Data Source has an equal chance of being sampled, irrespective of the Packet Flow(s) to which it belongs.
Packet Flow Sampling is accomplished as follows:
• When a packet arrives on an interface, the Network Device makes a filtering decision to determine
whether the packet should be dropped.
• If the packet is not filtered (dropped), a destination interface is assigned by the switching/routing function.
• At this point, a decision is made on whether or not to sample the packet. The mechanism involves a
counter that is decremented with each packet. When the counter reaches zero, a sample is taken. When a
sample is taken, the counter that indicates how many packets to skip before taking the next sample is
reset. The value of the counter is set to a random integer where the sequence of random integers used
over time is the Sampling Rate.
To access the sFlow Sampler Configuration page, click LAN > Administration > sFlow > Sampler Configuration
in the navigation tree.
Figure 77: sFlow Sampler Configuration
Table 69: sFlow Sampler Configuration
Field
Description
Sampler Datasource
The sFlow Datasource for this sFlow sampler. This Agent will support Physical
ports only.
The sFlow Receiver for this sFlow sampler. If set to zero, no packets will be
sampled. Only active receivers can be set. If a receiver expires, then all samplers
associated with the receiver will also expire. The allowed range is 1 to 8.
The statistical sampling rate for packet sampling from this source. A sampling rate
of one (1) counts all packets. A sampling rate of zero (0) disables sampling. The
allowed range is 1024 to 65536.
The maximum number of bytes that should be copied from a sampled packet. The
allowed range is 20 to 256.
Receiver Index
Sampling Rate
Maximum Header Size
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 157
D-Link UWS User Manual
Viewing System Statistics
Viewing System Statistics
The pages in the Statistics folder contain a variety of information about the number and type of traffic
transmitted from and received on the switch.
Switch Detailed
The Switch Detailed page shows detailed statistical information about the traffic the switch handles.
To access the Switch Detailed page, click LAN > Monitoring > System Statistics > Switch Detail in the
navigation menu.
Figure 78: Switch Detailed
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 158
D-Link UWS User Manual
Viewing System Statistics
Table 70: Switch Detailed Statistics Fields
Field
Description
fIndex
This object indicates the ifIndex of the interface table entry associated with
the processor of this switch.
Octets Received
The total number of octets of data received by the processor (excluding
framing bits but including FCS octets).
Unicast Packets Received
The number of subnetwork-unicast packets delivered to a higher-layer
protocol.
Multicast Packets Received The total number of packets received that were directed to a multicast
address. Note that this number does not include packets directed to the
broadcast address.
Broadcast Packets Received The total number of packets received that were directed to the broadcast
address. Note that this does not include multicast packets.
Receive Packets Discarded
The number of inbound packets which were chosen to be discarded even
though no errors had been detected to prevent their being deliverable to a
higher-layer protocol. A possible reason for discarding a packet could be to
free up buffer space.
Octets Transmitted
The total number of octets transmitted out of the interface, including framing
characters.
Packets Transmitted Without The total number of packets transmitted out of the interface.
Errors
Unicast Packets Transmitted The total number of packets that higher-level protocols requested be
transmitted to a subnetwork-unicast address, including those that were
discarded or not sent.
Multicast Packets
The total number of packets that higher-level protocols requested be
Transmitted
transmitted to a Multicast address, including those that were discarded or not
sent.
Broadcast Packets
The total number of packets that higher-level protocols requested be
Transmitted
transmitted to the Broadcast address, including those that were discarded or
not sent.
Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even
though no errors had been detected to prevent their being deliverable to a
higher-layer protocol. A possible reason for discarding a packet could be to
free up buffer space.
Most Address Entries Ever
The highest number of Forwarding Database Address Table entries that have
Used
been learned by this switch since the most recent reboot.
Address Entries in Use
The number of Learned and static entries in the Forwarding Database Address
Table for this switch.
Maximum VLAN Entries
The maximum number of Virtual LANs (VLANs) allowed on this switch.
Most VLAN Entries Ever Used The largest number of VLANs that have been active on this switch since the
last reboot.
Static VLAN Entries
The number of presently active VLAN entries on this switch that have been
created statically.
Dynamic VLAN Entries
The number of presently active VLAN entries on this switch that have been
created by GVRP registration.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 159
D-Link UWS User Manual
Viewing System Statistics
Table 70: Switch Detailed Statistics Fields (Cont.)
Field
Description
VLAN Deletes
The number of VLANs on this switch that have been created and then deleted
since the last reboot.
The elapsed time, in days, hours, minutes, and seconds, since the statistics for
this switch were last cleared.
Time Since Counters Last
Cleared
• Click Refresh to refresh the data on the screen with the present state of the data in the switch.
• Click Clear Counters to clear all the statistics counters, resetting all switch summary and detailed statistics
to default values. The discarded packets count cannot be cleared.
Switch Summary
Use the Switch Summary page to view a summary of statistics for traffic on the switch.
To access the Switch Summary page, click LAN > Monitoring > System Statistics > Switch Summary in the
navigation tree.
Figure 79: Switch Summary
Table 71: Switch Summary Fields
Field
Description
ifIndex
This object indicates the ifIndex of the interface table entry associated with
the Processor of this switch.
The total number of packets, including multicast packets, that were directed
to the broadcast address.
The total number of packets received that were directed to the broadcast
address. Note that this does not include multicast packets.
Total Packets Received
Without Errors
Broadcast Packets Received
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 160
D-Link UWS User Manual
Viewing System Statistics
Table 71: Switch Summary Fields (Cont.)
Field
Description
Packets Received With Error The number of inbound packets that contained errors preventing them from
being deliverable to a higher-layer protocol.
Packets Transmitted Without The total number of packets transmitted out of the interface.
Errors
Broadcast Packets
The total number of packets that higher-level protocols requested to be
Transmitted
transmitted to the Broadcast address, including those that were discarded or
not sent.
Transmit Packet Errors
The number of outbound packets that could not be transmitted because of
errors.
Address Entries Currently in The total number of Forwarding Database Address Table entries now active
Use
on the switch, including learned and static entries.
VLAN Entries Currently in Use The number of VLAN entries presently occupying the VLAN table.
Time Since Counters Last
The elapsed time, in days, hours, minutes, and seconds since the statistics for
Cleared
this switch were last cleared.
• Click Refresh to refresh the data on the screen with the present state of the data in the switch.
• Click Clear Counters to clear all the statistics counters, resetting all summary and detailed statistics for
this switch to default values. The discarded packets count cannot be cleared.
• Click Clear All Counters to clear counters for the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 161
D-Link UWS User Manual
Viewing System Statistics
Port Detailed
The Port Detailed page displays a variety of per-port traffic statistics.
To access the Port Detailed page, click LAN > Monitoring > System Statistics > Port Detailed in the navigation
tree.
Figure 80 shows some, but not all, of the fields on the Port Detailed page.
Figure 80: Port Detailed
Table 72: Detailed Port Statistics Fields
Field
Description
Interface
Use the drop-down menu to select the interface for which data is to be
displayed or configured.
ifIndex
This field indicates the ifIndex of the interface table entry associated with this
port on an adapter.
Packets RX and TX 64 Octets The total number of packets (including bad packets) received or transmitted
that were 64 octets in length (excluding framing bits but including FCS octets).
Packets RX and TX 65-127
The total number of packets (including bad packets) received or transmitted
Octets
that were between 65 and 127 octets in length inclusive (excluding framing
bits but including FCS octets).
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 162
D-Link UWS User Manual
Viewing System Statistics
Table 72: Detailed Port Statistics Fields (Cont.)
Field
Description
Packets RX and TX 128-255
Octets
The total number of packets (including bad packets) received or transmitted
that were between 128 and 255 octets in length inclusive (excluding framing
bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 256 and 511 octets in length inclusive (excluding framing
bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 512 and 1023 octets in length inclusive (excluding framing
bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 1024 and 1518 octets in length inclusive (excluding
framing bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 1519 and 1522 octets in length inclusive (excluding
framing bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 1523 and 2047 octets in length inclusive (excluding
framing bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 2048 and 4095 octets in length inclusive (excluding
framing bits but including FCS octets).
The total number of packets (including bad packets) received or transmitted
that were between 4096 and 9216 octets in length inclusive (excluding
framing bits but including FCS octets).
The total number of octets of data (including those in bad packets) received
on the network (excluding framing bits but including FCS octets). This object
can be used as a reasonable estimate of ethernet utilization. If greater
precision is desired, the etherStatsPkts and etherStatsOctets objects should
be sampled before and after a common interval.
The total number of packets (including bad packets) received that were 64
octets in length (excluding framing bits but including FCS octets).
The total number of packets (including bad packets) received that were
between 65 and 127 octets in length inclusive (excluding framing bits but
including FCS octets).
The total number of packets (including bad packets) received that were
between 128 and 255 octets in length inclusive (excluding framing bits but
including FCS octets).
The total number of packets (including bad packets) received that were
between 256 and 511 octets in length inclusive (excluding framing bits but
including FCS octets).
The total number of packets (including bad packets) received that were
between 512 and 1023 octets in length inclusive (excluding framing bits but
including FCS octets).
The total number of packets (including bad packets) received that were
between 1024 and 1518 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets RX and TX 256-511
Octets
Packets RX and TX 512-1023
Octets
Packets RX and TX 1024-1518
Octets
Packets RX and TX 1519-1522
Octets
Packets RX and TX 1523-2047
Octets
Packets RX and TX 2048-4095
Octets
Packets RX and TX 4096-9216
Octets
Total Packets Received
(Octets)
Packets Received 64 Octets
Packets Received 65-127
Octets
Packets Received 128-255
Octets
Packets Received 256-511
Octets
Packets Received 512-1023
Octets
Packets Received 1024-1518
Octets
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 163
D-Link UWS User Manual
Viewing System Statistics
Table 72: Detailed Port Statistics Fields (Cont.)
Field
Description
Packets Received > 1522
Octets
The total number of packets received that were longer than 1522 octets
(excluding framing bits, but including FCS octets) and were otherwise well
formed.
Packets Received Successfully
Total Packets Received
The total number of packets received that were without errors.
Without Errors
Unicast Packets Received
The number of subnetwork-unicast packets delivered to a higher-layer
protocol.
Multicast Packets Received The total number of good packets received that were directed to a multicast
address. Note that this number does not include packets directed to the
broadcast address.
Broadcast Packets Received The total number of good packets received that were directed to the
broadcast address. Note that this does not include multicast packets.
Packets Received with MAC Errors
Total Packets Received with The total number of inbound packets that contained errors preventing them
MAC Errors
from being deliverable to a higher-layer protocol.
Jabbers Received
The total number of packets received that were longer than 1518 octets
(excluding framing bits, but including FCS octets), and had either a bad Frame
Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad
FCS with a non-integral number of octets (Alignment Error). Note that this
definition of jabber is different than the definition in IEEE-802.3 section
8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2). These documents define
jabber as the condition where any packet exceeds 20 ms. The allowed range
to detect jabber is between 20 ms and 150 ms.
Fragments Received
The total number of packets received that were less than 64 octets in length
with ERROR CRC (excluding framing bits but including FCS octets).
Undersize Received
The total number of packets received that were less than 64 octets in length
with GOOD CRC (excluding framing bits but including FCS octets).
Alignment Errors
The total number of packets received that had a length (excluding framing
bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but
had a bad Frame Check Sequence (FCS) with a non-integral number of octets.
Rx FCS Errors
The total number of packets received that had a length (excluding framing
bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but
had a bad Frame Check Sequence (FCS) with an integral number of octets
Overruns
The total number of frames discarded as this port was overloaded with
incoming packets, and could not keep up with the inflow.
Total Ignored Frames
The total number of dropped packets including those that were aborted.
Total Deferred Frames
The total number of frames that could not be transmitted after multiple
attempts because they encountered collisions.
Received Packets Not Forwarded
Total Received Packets Not A count of valid frames received which were discarded (i.e., filtered) by the
Forwarded
forwarding process.
Local Traffic Frames
The total number of frames dropped in the forwarding process because the
destination address was located off of this port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 164
D-Link UWS User Manual
Viewing System Statistics
Table 72: Detailed Port Statistics Fields (Cont.)
Field
Description
802.3x Pause Frames
Received
A count of MAC Control frames received on this interface with an opcode
indicating the PAUSE operation. This counter does not increment when the
interface is operating in half-duplex mode.
Unacceptable Frame Type
The number of frames discarded from this port due to being an unacceptable
frame type.
Multicast Tree Viable Discards The number of frames discarded when a lookup in the multicast tree for a
VLAN occurs while that tree is being modified.
Reserved Address Discards
The number of frames discarded that are destined to an IEEE 802.1 reserved
address and are not supported by the system.
Broadcast Storm Recovery
The number of frames discarded that are destined for FF:FF:FF:FF:FF:FF when
Broadcast Storm Recovery is enabled.
CFI Discards
Upstream Threshold
The number of frames discarded that have CFI bit set and the addresses in RIF
are in non-canonical format.
The number of frames discarded due to lack of cell descriptors available for
that packet's priority level.
Packets Transmitted Octets
Total Packets Transmitted
(Octets)
The total number of octets of data (including those in bad packets)
transmitted on the network (excluding framing bits but including FCS octets).
This object can be used as a reasonable estimate of ethernet utilization. If
greater precision is desired, the etherStatsPkts and etherStatsOctets objects
should be sampled before and after a common interval.
Packets Transmitted 64
The total number of packets (including bad packets) received that were 64
Octets
octets in length (excluding framing bits but including FCS octets).
Packets Transmitted 65-127 The total number of packets (including bad packets) received that were
Octets
between 65 and 127 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets Transmitted 128-255 The total number of packets (including bad packets) received that were
Octets
between 128 and 255 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets Transmitted 256-511 The total number of packets (including bad packets) received that were
Octets
between 256 and 511 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets Transmitted 512The total number of packets (including bad packets) received that were
1023 Octets
between 512 and 1023 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets Transmitted 1024The total number of packets (including bad packets) received that were
1518 Octets
between 1024 and 1518 octets in length inclusive (excluding framing bits but
including FCS octets).
Maximum Frame Size
The maximum ethernet frame size the interface supports or is configured,
including ethernet header, CRC, and payload. (1518 to 9216). The default
maximum frame size is 1518.
Packets Transmitted Successfully
Total Packets Transmitted
The number of frames that have been transmitted by this port to its segment.
Successfully
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 165
D-Link UWS User Manual
Viewing System Statistics
Table 72: Detailed Port Statistics Fields (Cont.)
Field
Description
Unicast Packets Transmitted The total number of packets that higher-level protocols requested be
transmitted to a subnetwork-unicast address, including those that were
discarded or not sent.
Multicast Packets
The total number of packets that higher-level protocols requested be
Transmitted
transmitted to a Multicast address, including those that were discarded or not
sent.
Broadcast Packets
The total number of packets that higher-level protocols requested be
Transmitted
transmitted to the Broadcast address, including those that were discarded or
not sent.
Transmit Errors
Total Transmit Errors
The sum of Single, Multiple, and Excessive Collisions.
Tx FCS Errors
The total number of packets transmitted that had a length (excluding framing
bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but
had a bad Frame Check Sequence (FCS) with an integral number of octets
Tx Oversized
The total number of frames that exceeded the max permitted frame size. This
counter has a max increment rate of 815 counts per second at 10 Mb/s.
Underrun Errors
The total number of frames discarded because the transmit FIFO buffer
became empty during frame transmission.
Transmit Discards
Total Transmit Packets
The sum of single collision frames discarded, multiple collision frames
Discarded
discarded, and excessive frames discarded.
Total Output Packets Drops
The total number of Aged packets.
Single Collision Frames
A count of the number of successfully transmitted frames on a particular
interface for which transmission is inhibited by exactly one collision.
Multiple Collision Frames
A count of the number of successfully transmitted frames on a particular
interface for which transmission is inhibited by more than one collision.
Excessive Collision Frames
A count of frames for which transmission on a particular interface fails due to
excessive collisions.
Late Collision Frames
Total number of collisions that occur after 512 bit collision window has
passed.
Port Membership Discards
The number of frames discarded on egress for this port due to egress filtering
being enabled.
Lost/No Carrier Frames
Loss of the carrier detection occurs when the carrier signal of the hardware is
undetectable. It could be because the carrier signal was not present or was
present but could not be detected. Each such event causes this counter to
increase.
Protocol Statistics
BPDUs Received
Number of BPDUs received at the selected port.
BPDUs Transmitted
Number of BPDUs transmitted from the selected port.
R BPDUs Received
Number of R BPDUs received at the selected port.
R BPDUs Transmitted
Number of R BPDUs transmitted from the selected port.
M BPDUs Received
Number of M BPDUs received at the selected port.
M BPDUs Transmitted
Number of M BPDUs transmitted from the selected port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 166
D-Link UWS User Manual
Viewing System Statistics
Table 72: Detailed Port Statistics Fields (Cont.)
Field
Description
802.3x Pause Frames
Transmitted
A count of MAC Control frames transmitted on this interface with an opcode
indicating the PAUSE operation. This counter does not increment when the
interface is operating in half-duplex mode.
The count of GVRP PDUs received in the GARP layer.
The count of GVRP PDUs transmitted from the GARP layer.
The number of times attempted GVRP registrations could not be completed.
The count of GMRP PDUs received from the GARP layer.
The count of GMRP PDUs transmitted from the GARP layer.
The number of times attempted GMRP registrations could not be completed.
The elapsed time, in days, hours, minutes, and seconds since the statistics for
this port were last cleared.
GVRP PDUs Received
GVRP PDUs Transmitted
GVRP Failed Registrations
GMRP PDUs Received
GMRP PDUs Transmitted
GMRP Failed Registrations
Time Since Counters Last
Cleared
• Click Clear Counters to clear all the counters. This resets all statistics for this port to the default values.
• Click Clear All Counters to clear all the counters for all ports on the switch. The button resets all statistics
for all ports to default values.
• Click Refresh to refresh the data on the screen and display the most current statistics.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 167
D-Link UWS User Manual
Viewing System Statistics
Port Summary Statistics
The Port Summary Statistics page shows a summary of per-port traffic statistics on the switch. To access the
Port Summary Statistics page, click LAN > Monitoring > System Statistics > Port Summary.
Figure 81: Port Summary
Table 73: Port Summary Statistics Fields
Field
Description
Interface
Use the drop-down menu to select the interface for which data is to be displayed or
configured.
ifIndex
This field indicates the ifIndex of the interface table entry associated with this port
on an adapter.
Total Packets Received The total number of packets received that were without errors.
Without Errors
Packets Received With The number of inbound packets that contained errors preventing them from being
Error
deliverable to a higher-layer protocol.
Broadcast Packets
The total number of good packets received that were directed to the broadcast
Received
address. Note that this does not include multicast packets.
Packets Transmitted
The number of frames that have been transmitted by this port to its segment.
Without Errors
Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors.
Collision Frames
The best estimate of the total number of collisions on this Ethernet segment.
Time Since Counters
The elapsed time, in days, hours, minutes, and seconds since the statistics for this
Last Cleared
port were last cleared.
• Click Clear Counters to clear all the counters. This resets all statistics for this port to the default values.
• Click Clear All Counters to clear all the counters for all ports on the switch. The button resets all statistics
for all ports to default values.
• Click Refresh to refresh the data on the screen and display the most current statistics.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 168
D-Link UWS User Manual
Using System Tools
Section 3: Using System Tools
The Tools menu contains links to the following Web pages that help you perform switch maintenance:
• “Reset Configuration to Defaults”
• “Reset Passwords to Defaults”
• “System Reset”
• “Save All Applied Changes”
• “Download File To Switch (TFTP)”
• “HTTP File Download”
• “Upload File From Switch (TFTP)”
• “Multiple Image Service”
• “Erase Startup-config File”
• “AutoInstall”
Reset Configuration to Defaults
Use the Reset Configuration to Defaults page to reset the system configuration to the factory default values.
Note: By default, the switch IP address is 10.90.90.90 and the DHCP client is disabled. When you reset
the system to its default values, the network IP address resets to 10.90.90.90. For information about
configuring network information, see “Connecting the Switch to the Network” on page 43.
To access the Reset Configuration to Defaults page, click Tool > Reset Configuration in the navigation tree.
Figure 82: Reset Configuration to Defaults
• Click Reset to restore the factory default settings. The screen refreshes and asks you to confirm the reset.
Click Reset again to complete the action.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 169
D-Link UWS User Manual
Reset Passwords to Defaults
Reset Passwords to Defaults
Use the Reset Passwords to Defaults page to reset the passwords for the default read/write (admin) and readonly (guest) users on the system. By default, the passwords are blank. If you have configured additional readonly users on your system, their passwords are not affected.
To access the Reset Passwords to Defaults page, click Tool > Reset Password in the navigation tree.
Figure 83: Reset Passwords to Defaults
• Click Reset to restore the passwords for the default users to the factory defaults.
Note: When the password for the read/write user (admin) changes, you must re-authenticate with
the username and default password.
System Reset
Use the System Reset page to reboot the system.
To access the System Reset page, click Tool > Reboot System in the navigation tree.
Figure 84: System Reset
• Click Reset to initiate the system reset. If you have not saved the changes that you submitted since the
last system reset, the changes will not be applied to the system after the reset.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 170
D-Link UWS User Manual
Save All Applied Changes
Save All Applied Changes
When you click Submit, the changes are applied to the system and saved in the running configuration file.
However, these changes are not saved to non-volatile memory and will be lost if the system resets. Use the
Save All Applied Changes page to make the changes you submit persist across a system reset.
To access the Save All Applied Changes page, click Tool > Save Changes in the navigation tree.
Figure 85: Save All Applied Changes
Click Save to save all changes applied to the system to NVRAM so that they are retained if the system reboots.
Download File To Switch (TFTP)
Use the Download File to Switch page to download the image file, the configuration files, CLI banner file, and
SSH or SSL files from a TFTP server to the switch.
You can also download files via HTTP. See “HTTP File Download” on page 174 for more information.
To access the Download File to Switch page, click Tool > Download File in the navigation tree.
Figure 86: Download File to Switch
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 171
D-Link UWS User Manual
Download File To Switch (TFTP)
Table 74: Download File to Switch Fields
Field
Description
File Type
Specify what type of file you want to download to the switch:
• CLI Banner: The CLI banner is the text that displays in the command-line
interface before the login prompt. The CLI banner to download is a text file
and displays when a user connects to the switch by using telnet, SSH, or a
serial connection.
• Code: The code is the system software image, which is saved in one of two
flash sectors called active image and backup image. The active image
stores the active copy; while the other image stores a second copy. The
device boots and runs from the active image. If the active image is corrupt,
the system automatically boots from the non-active image. This is a safety
feature for faults occurring during the boot upgrade process.
• Configuration: If you have a copy of a valid binary configuration file
(faath.cfg) on a TFTP server, you can download it to the switch.
• Text Configuration: A text-based configuration file enables you to edit a
configured text file (startup-config) offline as needed without having to
translate the contents for the D-Link software to understand. The most
common usage of text-based configuration is to upload a working
configuration from a device, edit it offline to personalize it for another
similar device (i.e., change the device name, serial number, IP address,
etc.), and download it to that device.
• SSH-1 RSA Key File: SSH-1 Rivest-Shamir-Adleman (RSA) Key File. To
download SSH key files, SSH must be administratively disabled and there
can be no active SSH sessions.
• SSH-2 RSA Key PEM File: SSH-2 Rivest-Shamir-Adleman (RSA) Key File
(PEM Encoded). To download SSH key files, SSH must be administratively
disabled and there can be no active SSH sessions.
• SSH-2 DSA Key PEM File: SSH-2 Digital Signature Algorithm (DSA) Key File
(PEM Encoded). To download SSH key files, SSH must be administratively
disabled and there can be no active SSH sessions.
• SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File
(PEM Encoded).
• SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded).
• SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak
Encryption Parameter File (PEM Encoded).
• SSL DH Strong Encryption Parameter PEM File: SSL Diffie-Hellman Strong
Encryption Parameter File (PEM Encoded).
Specify the code image you want to download, either active or backup. This
field is only visible when Code is selected as the File Type. The factory default
is active.
Specifies the protocol to be used for the transfer: TFTP, SFTP, or SCP.
Specify either IPv4,IPv6, or DNS address to indicate the format of the TFTP
Server Address field. The factory default is IPv4.
Enter the IP address of the TFTP server in accordance with the format
indicated by the TFTP Server Address Type. The factory default is the IPv4
address 0.0.0.0.
Enter the path on the TFTP server where the selected file is located. You may
enter up to 32 characters. The factory default is blank.
Image
Transfer Mode
TFTP Server Address Type
TFTP Server Address
TFTP File Path
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 172
D-Link UWS User Manual
Download File To Switch (TFTP)
Table 74: Download File to Switch Fields (Cont.)
Field
Description
TFTP File Name
Enter the name of the file you want to download from the TFTP server. You
may enter up to 32 characters. The factory default is blank.
To initiate the download, check this box before clicking Submit.
Indicates the current status of the file transfer process
Start File Transfer
File Transfer Status
Downloading a File to the Switch
Before you download a switch to the file, the following conditions must be true:
• The file to download from the TFTP server is on the server in the appropriate directory.
• The file is in the correct format.
• The switch has a path to the TFTP server.
Use the following procedures to download a file from a TFTP server to the switch.
1. From the File Type field, select the type of file to download.
2. If you are downloading a D-Link DWS-4000 Series image (Code), select the image on the switch to
overwrite. If you are downloading another type of file, the Image field is not available.
Note: It is recommended that you not overwrite the active image.
3. Verify the IP address of the TFTP server and ensure that the software image or other file to be downloaded
is available on the TFTP server.
4. Complete the TFTP Server IP Address and TFTP File Name (full path without TFTP server IP address) fields.
5. Click the Start File Transfer check box, and then click Submit.
After you click Submit, the screen refreshes and a “File transfer operation started” message appears. After
the software is downloaded to the device, a message appears indicating that the file transfer operation
completed successfully.
To activate a software image that you download to the switch, see “Multiple Image Service” on page 176.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 173
D-Link UWS User Manual
HTTP File Download
HTTP File Download
Use the HTTP File Download page to download files of various types to the switch using an HTTP session (i.e.,
via your web browser).
To display this page, click Tool > HTTP File Download in the navigation menu.
Figure 87: HTTP File Download
Table 75: HTTP File Download Fields
Field
Description
File Type
Specify the type of file you want to download:
• Code: Choose this option to upgrade the operational software in flash (default).
• Configuration: Choose this option to update the switch's configuration. If the file has
errors the update will be stopped.
• SSH-1 RSA Key File: SSH-1 Rivest-Shamir-Adleman (RSA) Key File
• SSH-2 RSA Key PEM File: SSH-2 Rivest-Shamir-Adleman (RSA) Key File (PEM Encoded)
• SSH-2 DSA Key PEM File: SSH-2 Digital Signature Algorithm (DSA) Key File (PEM
Encoded)
• SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded)
• SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded)
• SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak Encryption
Parameter File (PEM Encoded)
• SSL DH Strong Encryption Parameter PEM File: SSL Diffie-Hellman Strong Encryption
Parameter File (PEM Encoded)
• CLI Banner: Choose this option to download a banner file to be displayed before the
login prompt appears.
Image
Select File
File Download
Status
D-Link
Oct. 2015
Note: To download SSH key files, SSH must be administratively disabled and there can be
no active SSH sessions.
Specify the code image you want to download, either active (the default) or backup. This
field is only visible when Code is selected as the File Type.
Enter the path and filename or browse for the file you want to download. You may enter
up to 80 characters.
Indicates the current status of the file download process
Unified Wired and Wireless Access System
Page 174
D-Link UWS User Manual
Upload File From Switch (TFTP)
• Click the Start File Transfer button to initiate the file download.
Upload File From Switch (TFTP)
Use the Upload File from Switch page to upload configuration (ASCII) and image (binary) files from the switch
to the TFTP server.
To display the Upload File from Switch page, click Tool > Upload File in the navigation tree.
Figure 88: Upload File from Switch
Table 76: Upload File from Switch Fields
Field
Description
File Type
Specify what type of file you want to upload:
• CLI Banner: Retrieves the CLI banner file.
• Code: Retrieves a stored code image.
• Configuration: Retrieve the stored startup configuration (.cfg) and copy it
to a TFTP server.
• Text Configuration: Retrieves the text configuration file startup-config.
• Error Log: Retrieves the system error (persistent) log, sometimes referred
to as the event log.
• Buffered Log: Retrieves the system buffered (in-memory) log.
• Trap Log: Retrieves the system trap records.
Specify the code image to upload, either active or backup. This field is only
visible when Code is selected as the File Type. The factory default is active.
Specify either IPv4 or IPv6 address to indicate the format of the TFTP Server
Address field. The factory default is IPv4.
Enter the IP address of the TFTP server in accordance with the format
indicated by the TFTP Server Address Type. The factory default is the IPv4
address 0.0.0.0.
Image
TFTP Server Address Type
TFTP Server Address
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 175
D-Link UWS User Manual
Multiple Image Service
Table 76: Upload File from Switch Fields (Cont.)
Field
Description
TFTP File Path
Enter the path on the TFTP server where you want to put the file. You may
enter up to 32 characters. The factory default is blank.
Enter a destination file name for the file to upload. You may enter up to 32
characters. The factory default is blank.
To initiate the file upload, check this box before clicking Submit.
Indicates the current status of the file transfer process
TFTP File Name
Start File Transfer
File Transfer Status
Uploading Files
Use the following procedures to upload a file from a TFTP server to the switch.
1. From the File Type field, select the type of file to copy from the switch to the TFTP server.
2. If you are uploading a D-Link DWS-4000 Series image (Code), select the image on the switch to upload. If
you are uploading another type of file, the Image Name field is not available.
3. Complete the TFTP Server Address Type, TFTP Server IP Address, and TFTP File Name (full path without
TFTP server IP address) fields.
4. Click the Start File Transfer check box, and then click Submit.
After you click Submit, the screen refreshes and a “File transfer operation started” message appears. After
the software is downloaded to the device, a message appears indicating that the file transfer operation
completed successfully.
Multiple Image Service
The system maintains two versions of the D-Link DWS-4000 Series software in permanent storage. One image
is the active image, and the second image is the backup image. The active image is loaded during subsequent
switch restarts. This feature reduces switch down time when upgrading/downgrading the D-Link DWS-4000
Series software.
The system running an older software version will ignore (not load) a configuration file created by the newer
software version. When a configuration file created by the newer software version is discovered by the system
running an older version of the software, the system will display an appropriate warning to the user.
Use the Multiple Image Service page to set the boot image.
To display the Multiple Image Service page, click Tool > Multiple Image Service in the navigation menu.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 176
D-Link UWS User Manual
Multiple Image Service
Figure 89: Multiple Image Service
The Active Image page contains the following fields:
Table 77: Multiple Image Service Fields
Field
Description
Image Name
Current-active
Next-active
Image
Description
Select Active or Backup from the menu to activate on the next reload or to be deleted.
Displays name of current active image.
Displays the name of the image that is set to be active the next time the switch reloads.
If desired, enter a descriptive name for the respective Active or Backup software images.
• Click Activate to make the image that is selected in the Image Name field the next active image for
subsequent reboots.
Note: After activating an image, you must perform a system reset of the switch in order to run the
new code.
• Click Delete to remove the selected image from permanent storage on the switch.You cannot delete the
active image.
• Click Change to update the image description on the switch.
• If the file you uploaded contains the boot loader code only, click Update Bootcode.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 177
D-Link UWS User Manual
Multiple Image Service
Viewing the Dual Image Status
The Dual Image feature allows the switch to have two D-Link DWS-4000 Series software images in the
permanent storage. One image is the active image, and the second image is the backup. This feature reduces
the system down-time during upgrades and downgrades. You can use the Dual Image Status page to view
information about the system images on the device.
To display the Dual Image Status page, click LAN > Monitoring Dual Image Status in the navigation menu.
Figure 90: Dual Image Status
Table 78: Dual Image Status Fields
Field
Description
Unit
Active
Backup
Current-active
Next-active
Active Description
Backup Description
Displays the unit ID of the switch.
Displays the version of the active code file.
Displays the version of the backup code file.
Displays the currently active image on this unit.
Displays the image to be used on the next restart of this unit.
Displays the description associated with the active code file.
Displays the description associated with the backup code file.
• Click Refresh to display the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 178
D-Link UWS User Manual
Erase Startup-config File
Erase Startup-config File
Use the Erase Startup-config File to erase the startup-configuration file.
To display this page, click Tool > Erase Startup-config File in the navigation menu.
Figure 91: Erase Startup-config File
AutoInstall
The AutoInstall feature enables the configuration of a switch automatically when the device is turned on and,
during the boot process, no configuration file is found in device storage. By communicating with a DHCP
server, AutoInstall obtains an IP address for the switch and an IP address for a TFTP server. AutoInstall
attempts to download a configuration file from the TFTP server and install is on the switch.
After obtaining IP addresses for both the switch and the TFTP server, the AutoInstall feature attempts to
download a host-specific configuration file using the boot file name specified by the DHCP server. If the switch
fails to obtain the file, it will retry indefinitely.
To display this page, click Tool > AutoInstall in the navigation menu.
Figure 92: AutoInstall
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 179
D-Link UWS User Manual
AutoInstall
Table 79: AutoInstall Fields
Field
Description
AutoInstall Mode • Select Start to initiate sending a request to a DHCP server to obtain an IP address of a
server and the configuration file name. If it obtains the server address, AutoInstall
proceeds to search for and download a configuration file from the server. If successful,
it applies the configuration file to the switch. After starting the AutoInstall process, you
can monitor the status of the process by the messages in the AutoInstall State and
Retry Count fields.
• Click Stop to end the process.
AutoSave Mode Enable or Disable saving the network configuration to non-volatile memory. When
enabled, the configuration is saved after downloading from the TFTP server without
operator intervention. When disabled, the operator must explicitly save the configuration,
if needed.
Retry Count
The number of times the switch has attempted to contact the TFTP server during the
current AutoInstall session.
AutoInstall State The status of the current or most recently completed AutoInstall session.
Click Submit to update the switch with the values on the window. Click Refresh to update the information on
the window.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 180
D-Link UWS User Manual
Configuring L2 Features
Section 4: Configuring L2 Features
Use the pages in the L2 Features navigation tree folder to configure the Layer 2 switching features available
on the D-Link DWS-4000 Series switch. The L2 Features folder contains links to the following features:
• “Configuring and Searching the Forwarding Database”
• “Managing VLANs”
• “Configuring Protected Ports”
• “Creating MAC Filters”
• “Configuring GARP”
• “Creating Port Channels (Trunking)”
• “Configuring IGMP Snooping”
• “Configuring IGMP Snooping Queriers”
• “Configuring MLD Snooping”
• “Configuring MLD Snooping Queriers”
• “Viewing Multicast Forwarding Database Information”
• “Configuring Spanning Tree Protocol”
• “Configuring DHCP Snooping”
• “Managing LLDP”
• “Configuring Dynamic ARP Inspection”
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 181
D-Link UWS User Manual
Configuring and Searching the Forwarding Database
Configuring and Searching the Forwarding Database
The forwarding database maintains a list of MAC addresses after having received a packet from this MAC
address. The transparent bridging function uses the forwarding database entries to determine how to forward
a received frame.
Configuration
Use the Configuration page to set the amount of time to keep a learned MAC address entry in the forwarding
database. The forwarding database contains static entries, which are never aged out, and dynamically learned
entries, which are removed if they are not updated within a given time.
To access the Configuration page, click LAN > L2 Features > Forwarding DB Configuration in the navigation
tree.
Figure 93: Forwarding Database Age-Out Interval
Note: IEEE 802.1D recommends a default of 300 seconds, which is the factory default.
• Click Submit to apply the changes to the system. You must perform a save to make the changes persist
across a reboot.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 182
D-Link UWS User Manual
Configuring and Searching the Forwarding Database
MAC Address Table
Use the MAC Address Table page to display information about entries in the forwarding database.
To access the page, click LAN > Monitoring > MAC Address Table in the navigation tree.
Figure 94: Forwarding Database Search
Table 80: Forwarding Database Search Fields
Field
Description
Filter
Specify the type of entries to display. When you select a filter from the menu,
the screen refreshes and displays the entries based on the filter you select,
which can be one of the following:
• Learned: If you select Learned, only MAC addresses that have been
learned are displayed.
• All: If you select All, the entire table is displayed.
This field allows you to search for an individual MAC address in the forwarding
database table.
A unicast MAC address for which the switch has forwarding and/or filtering
information. The format is a two byte hexadecimal VLAN ID number followed
by a six byte MAC address with each byte separated by colons. For example:
01:23:45:67:89:AB:CD:EF, where 01:23 is the VLAN ID and 45:67:89:AB:CD:EF
is the MAC address.
The port where this address was learned. In other words, this field shows the
port through which the MAC address can be reached.
The ifIndex of the MIB interface table entry associated with the source port.
The status of this entry. The possible values are:
• Static: The entry was added when a static MAC filter was defined.
• Learned: The entry was learned by observing the source MAC addresses of
incoming traffic, and is currently in use.
• Management: The system MAC address, which is identified with interface
0.1.
• Self: The MAC address of one of the switch's physical interfaces.
MAC Address Search
MAC Address
Source Slot/Port(s)
ifIndex
Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 183
D-Link UWS User Manual
Managing VLANs
Searching the Forwarding Database
Use the following procedures to search the forwarding database.
1. Enter the two-byte hexadecimal VLAN ID followed by the six byte hexadecimal MAC address in two-digit
groups separated by colons.
For example, 01:23:45:67:89:AB:CD:EF where 01:23 is the VLAN ID and 45:67:89:AB:CD:EF is the MAC
address.
2. Click Search.
If the address exists, that entry is displayed as the first entry in the table after the screen refreshes. The
entry is followed by the remaining (greater) MAC addresses. An exact match is required. If you click
Refresh, the MAC addresses with lower values are displayed again. fake
Managing VLANs
Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing.
Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it
partitions the network into logical segments, which provides better administration, security and management
of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the
logical division, such as department or project membership. The only physical requirement is that the end
station and the port to which it is connected both belong to the same VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header
of packets transmitted on a VLAN. An end station may omit the tag, or the VLAN portion of the tag, in which
case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID. A
given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID.
VLAN Configuration
Use the VLAN Configuration page to define VLAN groups stored in the VLAN membership table. Your switch
supports up to 3965 VLANs. VLAN 1 is the default VLAN of which all ports are members.
To display the VLAN Configuration page, click LAN > L2 Features> VLAN > VLAN Configuration in the
navigation tree.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 184
D-Link UWS User Manual
Managing VLANs
Figure 95: VLAN Configuration
Table 81: VLAN Configuration Fields
Field
Description
VLAN ID List
You can use this screen view/modify/delete an existing VLAN configuration or
to create new single/multiple VLAN IDs specified in VLAN ID field. Use this pull
down menu to select one of the existing VLANs to view/modify the
configuration. You can select Create to add new VLANs or select Delete from
the pull down to delete the existing VLANs
Use this field to specify whether all the ports will participate in this VLAN. The
factory default is 'Autodetect'. The possible values are:
• Include: All the ports are always a member of this VLAN. This is equivalent
to registration fixed in the IEEE 802.1Q standard.
• Exclude: All the ports are never a member of this VLAN. This is equivalent
to registration forbidden in the IEEE 802.1Q standard.
• Auto detect: Specifies that all ports may be dynamically registered in this
VLAN via GVRP. All ports will not participate in this VLAN unless it receives
a GVRP request. This is equivalent to registration normal in the IEEE
802.1Q standard.
Select the tagging behavior for all the ports in this VLAN. The factory default
is 'Untagged'. The possible values are:
• Tagged: All frames transmitted for this VLAN will be tagged.
• Untagged: All frames transmitted for this VLAN will be untagged.
Participation All
Tagging All
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 185
D-Link UWS User Manual
Managing VLANs
Table 81: VLAN Configuration Fields (Cont.)
Field
Description
Participation
Use this field to specify whether a port will participate in this VLAN. The
factory default is “Autodetect.” The possible values are:
• Include: This port is always a member of this VLAN. This is equivalent to
registration fixed in the IEEE 802.1Q standard.
• Exclude: This port is never a member of this VLAN. This is equivalent to
registration forbidden in the IEEE 802.1Q standard.
• Autodetect: Specifies that port may be dynamically registered in this VLAN
via GVRP. The port will not participate in this VLAN unless it receives a
GVRP request. This is equivalent to registration normal in the IEEE 802.1Q
standard.
Select the tagging behavior for this port in this VLAN. The factory default is
'Untagged'. The possible values are:
• Tagged: All frames transmitted for this VLAN will be tagged.
• Untagged: All frames transmitted for this VLAN will be untagged.
Use this optional field to specify a name for the VLAN. It can be up to 32
alphanumeric characters long, including blanks. The default is blank. VLAN ID
1 always has a name of 'Default'.
Specify the VLAN Identifier for the new VLAN. (You can only enter data in this
field when you are creating a new VLAN.)Specify the VLAN Identifiers for the
VLANs being created or deleted. Single or Multiple VLANs can be specified at
once. This field can accept single VLAN ID or range of VLAN IDs or a
combination of both in sequence separated by ','. You can specify individual
VLAN ID. Eg: 10 You can specify the VLAN range values separated by a '-'. E.g.
10-13 You can specify the combination of both separated by ','. Eg: 12,15,4043,1000-1005,2000 The range of the VLAN ID is (2 to 4093)
Use this optional field to specify a name for the VLAN. It can be up to 32
alphanumeric characters long, including blanks. The default is blank. VLAN ID
1 always has a name of 'Default'.
Use this field to specify VLAN to participate. The range of the VLAN ID is (1 to
4093)
Use this field to specify VLAN to participate on all the interfaces. By default,
the field is disabled. Set the checkbox to enable the field.
Use this field to specify VLAN to participate. By default, the field is disabled.
Set the checkbox to enable the field.
Use this field to Convert 'Dynamic' VLAN to 'Static'. A VLAN that is created by
GVRP registration initially has a type of 'Dynamic'. By default, the field is
disabled. Set the checkbox to enable the field.
This field identifies the type of the VLAN you are configuring. You cannot
change the type of the default VLAN (VLAN ID = 1): it is always type 'Default'.
When you create a VLAN, using this screen, its type will always be 'Static'. A
VLAN that is created by GVRP registration initially has a type of 'Dynamic'.
Indicates which port is associated with the fields on this line.
Indicates the current value of the participation parameter for the port.
Tagging
VLAN Name
VLAN ID-Individual/Range
VLAN Name
VLAN ID
VLAN Participation All
VLAN Participation
Convert VLAN Type to Static
VLAN Type
Interface
Status
• If you make any changes to the page, click Submit to apply the changes to the system. To delete a VLAN,
select the VLAN from the VLAN ID and Name field, and then click Delete. You cannot delete the default
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 186
D-Link UWS User Manual
Managing VLANs
VLAN.
VLAN Status
Use the VLAN Status page to view information about the VLANs configured on your system.
To access the VLAN Status page, click LAN > Monitoring> VLAN Summary > VLAN Status in the navigation tree.
Figure 96: VLAN Status
Table 82: VLAN Status Fields
Field
Description
VLAN ID
VLAN Name
VLAN Type
The VLAN Identifier (VID) of the VLAN. The range of the VLAN ID is 1 to 3965.
The name of the VLAN. VLAN ID 1 is always named Default.
The VLAN type, which can be one of the following:
• Default: (VLAN ID = 1) -- always present
• Static: A VLAN you have configured
• Dynamic: A VLAN created by GVRP registration that you have not
converted to static, and that GVRP may therefore remove
• Click Refresh to display the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 187
D-Link UWS User Manual
Managing VLANs
VLAN Port Configuration
Use the VLAN Port Configuration page to configure a virtual LAN on a port.
To access the VLAN Port Configuration page, click LAN > L2 Features> VLAN > Port Configuration in the
navigation tree.
Figure 97: VLAN Port Configuration
Table 83: VLAN Port Configuration Fields
Field
Description
Slot/Port
Select the physical interface for which you want to display or configure data.
Select All to set the parameters for all ports to same values.
Specify the VLAN ID you want assigned to untagged or priority tagged frames
received on this port. The factory default is 1.
Specify how you want the port to handle untagged and priority tagged frames.
Whichever you select, VLAN tagged frames will be forwarded in accordance
with the IEEE 802.1Q VLAN standard. The factory default is Admit All.
• VLAN Only: The port will discard any untagged or priority tagged frames it
receives.
• Admit All: Untagged and priority tagged frames received on the port will
be accepted and assigned the value of the Port VLAN ID for this port.
Specify how you want the port to handle tagged frames:
• Enable: A tagged frame will be discarded if this port is not a member of the
VLAN identified by the VLAN ID in the tag.
• Disable: All tagged frames will be accepted. The factory default is disable.
Specify the default 802.1p priority assigned to untagged packets arriving at
the port.
Port VLAN ID
Acceptable Frame Types
Ingress Filtering
Port Priority
• If you change any information on the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 188
D-Link UWS User Manual
Managing VLANs
VLAN Port Summary
Use the VLAN Port Summary page to view VLAN configuration information for all the ports on the system.
To access the VLAN Port Summary page, click LAN > Monitoring> VLAN Summary > VLAN Port Summary in
the navigation menu.
Figure 98: VLAN Port Summary
Table 84: VLAN Port Summary Fields
Field
Description
Slot/Port
Port VLAN ID Configured
Identifies the physical interface associated with the rest of the data in the row.
Identifies the VLAN ID assigned to untagged or priority-tagged frames
received on this port. The factory default is 1.
Displays the actual VLAN ID in use for the port. If the port was acquired by
another module, the actual value may differ from the configured VLAN ID. For
example, if the port is a member of a port channel and the port channel has a
different port VLAN ID setting than the configured value, then the two may
differ.
Indicates how the port handles untagged and priority tagged frames.
• VLAN Only: The port discards any untagged or priority tagged frames it
receives.
• Admit All: Untagged and priority tagged frames received on the port are
accepted and assigned the value of the Port VLAN ID for this port.
Shows how the port handles tagged frames.
• Enable: A tagged frame is discarded if this port is not a member of the
VLAN identified by the VLAN ID in the tag.
• Disable: All tagged frames are accepted, which is the factory default.
Identifies the default 802.1p priority assigned to untagged packets arriving at
the port.
Port VLAN ID Current
Acceptable Frame Types
Ingress Filtering
Port Priority
• Click Refresh to reload the page and view the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 189
D-Link UWS User Manual
Managing VLANs
Managing Protocol-Based VLANs
In a protocol-based VLAN, traffic is bridged through specified ports based on the protocol associated with the
VLAN. User-defined packet filters determine whether a particular packet belongs to a particular VLAN.
Protocol-based VLANs are most often used in situations where network segments contain hosts running
multiple protocols.
You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not
configure any port-based (IEEE 802.1Q) or protocol-based VLANs, untagged packets are assigned to VLAN 1.
You can override this behavior by defining either port-based VLANs, protocol-based VLANs, or both. Tagged
packets are always handled according to the IEEE 802.1Q standard and are not included in protocol-based
VLANs.
If you assign a port to a protocol-based VLAN for a specific protocol, untagged frames received on that port for
that protocol will be assigned the protocol-based VLAN ID. Untagged frames received on the port for other
protocols will be assigned the Port VLAN ID (PVID), which is either the default PVID (1) or a PVID you have
specifically assigned to the port using the Port VLAN Configuration screen.
Use the Protocol-based VLAN Configuration page to configure which protocols go to which VLANs, and then
enable certain ports to use these settings.
You define a protocol-based VLAN by creating a group. Each group has a one-to-one relationship with a VLAN
ID, can include one or more protocol definitions, and can include multiple ports.
To display the Protocol-Based VLAN Configuration page, click LAN > L2 Features>VLAN > Protocol-based
VLAN > Configuration in the navigation tree.
Figure 99: Create Protocol Group
Table 85: Protocol Group Fields (No Groups)
Field
Description
Group
When no protocol-based VLAN groups exist, only the Create New Group option is
available.
Specify a number to identify the group to create.
Group ID
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 190
D-Link UWS User Manual
Managing VLANs
To create and configure a protocol group, enter a group ID and click Submit. The page refreshes and additional
fields appear.
Figure 100: Protocol Group
Table 86: Protocol Group Fields
Field
Description
Group ID
Use the drop-down menu to create a new group or to configure the selected protocol
group. You can create up to 128 groups.
Identifies the group to configure.
Optionally enter a name to associate with protocol group ID. You can modify the name of
an existing group. You can enter up to 16 characters.
Specify the VLAN ID to associate with this group. The range is 1-3965.
Specify one or more protocols to associate with this group. The protocol list can be any
valid comma(,) separated string with standard arp, ip, ipx keywords, hexadecimal or
decimal values in the range of 0x0600(1536) to 0xFFFF(65535).
Selects the interface(s) to add or remove from this group. CTRL + click to select multiple
ports.
Group ID
Group Name
VLAN
Protocol-list
Interfaces
• To create or modify a protocol-based VLAN group, edit the fields, and then click Submit.
• To delete an existing protocol-based VLAN group, select the group from the Group ID field, and then click
Delete Group.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 191
D-Link UWS User Manual
Managing VLANs
Protocol-Based VLAN Summary
Use the Protocol-based VLAN Summary page to view information about protocol-based VLAN groups
configured on the system.
To access the Protocol-based VLAN Summary page, click LAN > Monitoring> VLAN Summary > Protocol-based
VLAN Port Summary in the navigation tree.
Figure 101: Protocol-based VLAN Summary
Table 87: Protocol-based VLAN Summary Fields
Field
Description
Group Name
Group ID
Shows the user-defined name associated with protocol group.
Shows the number that identifies the group you create. Group IDs are
automatically assigned when you create a group.
Shows the protocol keyword or protocol value (hex or decimal numbers) to
associate with this group, which can be one or more of the following:
Specifies the VLAN ID associated with this group.
Shows the interfaces participating in this group.
Protocols
VLAN
Interface
• Click Refresh to reload the page and display the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 192
D-Link UWS User Manual
Managing VLANs
Managing IP Subnet-Based VLANs
If a packet is untagged or priority- tagged, the device associates the packet with any matching IP subnet
classification. If no IP subnet classification can be made, then the packet is subjected to the normal VLAN
classification rules of the device. An IP subnet-to-VLAN mapping is defined by configuring an entry in the IP
subnet-to-VLAN table. An entry is specified by a source IP address, network mask, and the desired VLAN ID.
The IP subnet-to-VLAN configurations are shared across all ports of the switch.
Use the IP Subnet-based VLAN Configuration page to assign an IP Subnet to a VLAN.
To display the IP Subnet-based VLAN Configuration page, click LAN > L2 Features> VLAN > IP Subnet-based
VLAN > Configuration in the navigation menu.
Figure 102: IP Subnet-based VLAN Configuration
Table 88: IP Subnet-based VLAN Configuration Fields
Field
Description
IP Address
Select the IP address of the IP-to-VLAN binding to view or delete, or select Add
to create a new binding.
Specifies packet source IP address. This field is configurable only when you
create a new IP Subnet-based VLAN. Enter the IP address in dotted decimal
notation.
Specifies packet source IP subnet mask address.This field is configurable only
when you create a new IP Subnet-based VLAN. Enter the subnet mask in
dotted decimal notation.
Specifies the VLAN to which the IP address is assigned. The valid range is 14093.
IP Address
Subnet Mask
VLAN ID
• If you make any changes on this page, click Submit to apply the changes to the system.
• To delete an existing binding, select the source IP address from the IP Address drop-down menu, and
then click Delete.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 193
D-Link UWS User Manual
Managing VLANs
IP Subnet-based VLAN Summary
Use the IP Subnet-based VLAN Summary page to view information about IP subnet to VLAN mappings
configured on your system. If no mappings are configured, the screen displays a “No IP Subnet-based VLAN
Configured” message.
To access the IP Subnet-based VLAN Summary page, click LAN > Monitoring > VLAN Summary > IP Subnetbased VLAN Summary in the navigation tree.
Figure 103: IP Subnet-based VLAN Summary
Table 89: IP Subnet-based VLAN Summary Fields
Field
Description
IP Address
Subnet Mask
VLAN ID
Shows the packet source IP address.
Shows packet source IP subnet mask address.
Shows the VLAN to which the IP address is assigned.
• Click Refresh to reload the page and display the most current information.
MAC-based VLAN Configuration
If a packet is untagged or priority tagged, the device shall associate it with the VLAN which corresponds to the
source MAC address in its MAC-based VLAN tables. If there is no matching entry in the table, then the packet
is subject to normal VLAN classification rules of the device.
Use the MAC-based VLAN Configuration page to map a MAC entry to the VLAN table. After the source MAC
address and the VLAN ID are specified, the MAC-to-VLAN configurations are shared across all ports of the
switch.
To display the MAC-based VLAN Configuration page, click LAN > L2 Features > VLAN > MAC-based VLAN >
Configuration in the navigation menu.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 194
D-Link UWS User Manual
Managing VLANs
Figure 104: MAC-based VLAN Configuration
Table 90: MAC-based VLAN Configuration Fields
Field
Description
MAC Address
VLAN ID
Specifies the source MAC address to map to a VLAN.
Specifies the VLAN to which the source MAC address is to be bound.
• If you make any changes, click Submit to apply the changes to the system.
MAC-based VLAN Summary
Use the MAC-based VLAN Summary page to view information about the MAC-to-VLAN mappings configured
on your system.
To display the MAC-based VLAN Summary page, click Monitoring> VLAN Summary > MAC-based VLAN
Summary in the navigation menu.
Figure 105: MAC-based VLAN Summary
Table 91: MAC-based VLAN Summary Fields
Field
Description
MAC Address
VLAN ID
Specifies the MAC address to map to a VLAN.
Specifies the VLAN to which the MAC is to be bound.
• Click Refresh to reload the page and display the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 195
D-Link UWS User Manual
Managing VLANs
Double VLAN Tunneling
Double VLAN Tunneling allows the use of a second tag on network traffic. The additional tag helps differentiate
between customers in the Metropolitan Area Networks (MAN) while preserving individual customer’s VLAN
identification when they enter their own 802.1Q domain.
With the introduction of this second tag, you do not need to divide the 4k VLAN ID space to send traffic on an
Ethernet-based MAN.
With Double VLAN Tunneling enabled, every frame that is transmitted from an interface has a DVlan Tag
attached while every packet that is received from an interface has a tag removed (if one or more tags are
present).
Use the Double VLAN Tunneling page to configure Double VLAN frame tagging on one or more ports.
To access the Double VLAN Tunneling page, click LAN > L2 Features > VLAN > Double VLAN in the navigation
tree.
Figure 106: Double VLAN Tunneling
Table 92: Double VLAN Tunneling Fields
Field
Description
Interface
Select the physical interface for which you want to display or configure data.
Select All to set the parameters for all ports to same values.
This specifies the administrative mode for Double VLAN Tagging:
• Enable: Double VLAN Tagging is enabled for the specified port (or All
ports).
• Disable: Double VLAN Tagging is disabled for the specified port (or All
ports), which is the default value.
Interface Mode
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 196
D-Link UWS User Manual
Managing VLANs
Double VLAN Tunneling Summary
The Double VLAN Tunneling Summary page shows the double VLAN tunneling configuration status for all ports
on the system.
To access the Double VLAN Tunneling Summary page, click LAN > Monitoring > VLAN Summary > Double VLAN
Status in the navigation tree.
Figure 107: Double VLAN Tunneling Summary
Table 93: Double VLAN Tunneling Summary Fields
Field
Description
Interface
Interface Mode
Select the physical interface for which you want to display or configure data.
This specifies the administrative mode for Double VLAN Tagging:
• Enable: Double VLAN Tagging is enabled for the specified port (or All
ports).
• Disable: Double VLAN Tagging is disabled for the specified port (or All
ports), which is the default value.
The two-byte hex EtherType to be used as the first 16 bits of the Double VLAN
tag:
• 802.1Q Tag: Commonly used tag representing 0x8100
• vMAN Tag: Commonly used tag representing 0x88A8
• Custom Tag: Indicates that a custom tag has been configured and displays
its value.
EtherType
• Click Refresh to display the most current information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 197
D-Link UWS User Manual
Voice VLAN Configuration
Voice VLAN Configuration
The voice VLAN feature enables switch ports to carry voice traffic with defined settings so that voice and data
traffic are separated when coming onto the port. A voice VLAN ensures that the sound quality of an IP phone
is safeguarded from deterioration when data traffic on the port is high.
The inherent isolation provided by VLANs ensures that inter-VLAN traffic is under management control and
that network-attached clients cannot initiate a direct attack on voice components. A QoS protocol based on
the IEEE 802.1P class-of-service (CoS) protocol uses classification and scheduling to send network traffic from
the switch in a predictable manner. The system uses the source MAC of the traffic traveling through the port
to identify the IP phone data flow.
Voice VLAN is enabled per-port basis. A port can participate only in one voice VLAN at a time. The Voice VLAN
feature is disabled by default.
To display the Voice VLAN Configuration page, click LAN > L2 Features > VLAN > Voice VLAN > Voice VLAN
Configuration.
Figure 108: Voice VLAN Configuration
Table 94: Voice VLAN Configuration Fields
Field
Description
Voice VLAN Admin Mode
Click Enable or Disable to administratively turn the Voice VLAN feature on or
off for all ports.
Select the slot and port to configure this service on.
Overrides the 802.1p class-of-service (CoS) value for all data (non-voice)
packets arriving at the port. Thus any rogue client that is also connected to the
voice VLAN port cannot deteriorate the voice traffic.
Interface
CoS Override Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 198
D-Link UWS User Manual
Voice VLAN Configuration
Table 94: Voice VLAN Configuration Fields (Cont.)
Field
Description
Voice VLAN Interface Mode
Select one of the following interface modes:
• Disable: The voice VLAN service is disabled on this interface. Note that the
Admin mode field takes precedence; i.e., if a particular interface is
enabled, but the Admin Mode field is set to Disabled, then the service will
not be operational.
• VLAN ID: The voice VLAN packets are uniquely identified by a number you
assign. All voice traffic carries this VLAN ID to distinguish it from other data
traffic which is assigned the port’s default VLAN ID. However, voice traffic
is not prioritized differently than other traffic.
• Dot1p: This parameter is set by the VoIP device for all voice traffic to
distinguish voice data from other traffic. All other traffic is assigned the
port’s default priority.
• None: The voice VLAN service is disabled on this interface; however, unlike
Disable mode, the CoS override feature is still operational on the port.
• Untagged: The VoIP device sends untagged voice traffic.
Indicates whether the voice VLAN is operational.
Operational State
• If you make any changes, click Submit to apply the change to the system.
• Click Refresh to display the latest information from the router.
Reset VLAN Configuration
Use the Reset Configuration page to return all VLAN parameters for all interfaces to the factory default values.
To access the Reset Configuration page, click LAN > L2 Features> VLAN > Reset Configuration in the navigation
tree.
Figure 109: Reset VLAN Configuration
When you click Reset, the screen refreshes, and you are asked to confirm the reset. Click Reset again to restore
all default VLAN settings for the ports on the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 199
D-Link UWS User Manual
Configuring Protected Ports
Configuring Protected Ports
The Protected Ports feature assists in Layer 2 security. Ports that are configured to be protected cannot
forward traffic to other protected ports in the same group, regardless of having the same VLAN membership.
However, protected ports can forward traffic to ports which are unprotected as well as ports in other
protected groups. Unprotected ports can forward traffic to both protected and unprotected ports.
Protected Port Configuration
Use the Protected Ports Configuration page to create up to three protected port groups and to assign physical
ports to a group.
To display the Protected Port Configuration page, click LAN > L2 Features>Protected Ports > Configuration
in the navigation tree.
Figure 110: Protected Port Configuration
Table 95: Protected Port Configuration Fields
Field
Description
Group ID
The protected ports can be combined into a logical group. Traffic can flow
between protected ports belonging to different groups, but not within the
same group. The selection box lists all the possible protected port Group IDs
supported for the current platform. The valid range is platform-dependent.
Assign an optional name to associate with the protected ports group. The
name is for identification purposes and can be up to 32 alphanumeric
characters long, including blanks. The default is blank.
Specifies the Slot/Port for which port parameters are defined.
Group Name
Protected Port(s)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 200
D-Link UWS User Manual
Configuring Protected Ports
Assigning Ports to a Group
1. Select a group ID from the Group ID field.
2. From the Protected Port(s) field, click one port to add a single port to the group, or hold the CTRL key and
click multiple ports to add more than one port to the group.
3. Click Submit to apply the changes to the system.
Protected Ports Summary
Use the Protected Ports Summary page to view information about protected port groups and their included
ports.
To view the Protected Ports Summary page, click LAN > Monitoring> Protected Ports > Summary in the
navigation tree.
Figure 111: Protected Ports Summary
Table 96: Protected Ports Summary Fields
Field
Description
Group ID
Group Name
Protected Port(s)
Identifies the protected ports group as either Group 0, 1, or 2.
Identifies the protected ports group with a user-defined string.
Shows the Slot/Port that are members of the protected ports group.
• Click Refresh to reload the page and display the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 201
D-Link UWS User Manual
Creating MAC Filters
Creating MAC Filters
Use the MAC Filtering Configuration page to associate a MAC address with a VLAN and set of source ports and
destination ports. Any packet with a static MAC address in a specific VLAN is admitted only if the ingress port
is included in the set of source ports; otherwise the packet is dropped. If admitted, the packet is forwarded to
all the ports in the destination list.
To access the MAC Filter Configuration page, click LAN > L2 Features > Filters > MAC Filter Configuration in
the navigation tree.
Figure 112: MAC Filter Configuration
Table 97: MAC Filter Configuration Fields
Field
Description
MAC Filter
If no MAC filters are configured on the system, Create Filter is the only item in
the drop-down menu. If one or more MAC filters exist, the list also contains
the MAC address and associated VLAN ID of a configured filter.
The MAC address of the filter in the format 00:01:1A:B2:53:4D. You can only
change this field when you have selected the "Create Filter" option.
Note: You cannot define filters for the following MAC addresses:
• 00:00:00:00:00:00
• 01:80:C2:00:00:00 to 01:80:C2:00:00:0F
• 01:80:C2:00:00:20 to 01:80:C2:00:00:21
• FF:FF:FF:FF:FF:FF
The VLAN ID used with the MAC address to fully identify packets you want
filtered. You can only change this field when you have selected the "Create
Filter" option.
Select the ports you want included in the inbound filter. If a packet with the
MAC address and VLAN ID you selected is received on a port that is not in the
list, it will be dropped.
Select the ports you want to include in the outbound filter. Packets with the
MAC address and VLAN ID you selected will only be transmitted out of ports
that are in the list.
MAC Address
VLAN ID
Source Port Members
Destination Port Members
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 202
D-Link UWS User Manual
Creating MAC Filters
• Click Submit to update the switch with the values on the screen. If you want the switch to retain the new
values across a power cycle, you must perform a save.
• Click Delete to remove the currently selected filter.
• Click Delete All to remove all configured filters.
Adding MAC Filters
1. To add a MAC filter, select Create Filter from the MAC Filter drop-down menu.
2. Enter a valid MAC address and select a VLAN ID from the drop-down menu.
The VLAN ID drop-down menu only lists VLANs currently configured on the system.
3. Select one or more ports to include in the filter. Use CTRL + click to select multiple ports.
4. Click Submit to apply the changes to the system.
Modifying MAC Filters
To change the port mask(s) for an existing filter, select the entry from the MAC Filter field, and then click (or
CTRL + click) the port(s) to include in the filter. Only those ports that are highlighted when you click Submit are
included in the filter.
To change the MAC address or VLAN associated with a filter, you must delete and re-create the filter.
Deleting MAC Filters
To delete a filter, select it from the MAC Filter drop-down menu and click Delete. To delete all configured
filters from the forwarding database, click Delete All.
MAC Filter Summary
Use the MAC Filter Summary page to associate a MAC address with a VLAN and one or more source ports.
To access the MAC Filter Summary page, click LAN > Monitoring> Filters > MAC Filter Summary in the
navigation tree.
Figure 113: MAC Filter Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 203
D-Link UWS User Manual
Configuring GARP
Configuring GARP
Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network
connectivity or membership-style information. GARP defines a set of switches interested in a given network
attribute, such as VLAN or multicast address.
The GARP VLAN Registration Protocol (GVRP) provides a mechanism that allows networking switches to
dynamically register (and de-register) VLAN membership information with the networking devices attached to
the same segment, and for that information to be disseminated across all networking switches in the bridged
LAN that support GARP Multicast Registration Protocol (GMRP).
With the GARP Multicast Registration Protocol (GMRP), networking devices can dynamically register and deregister group membership information with the networking devices attached to the same segment. GMRP
enables the group membership information to be disseminated across all networking devices in the bridged
LAN that support GMRP.
The operation of GVRP and GMRP relies upon the services provided by GARP.
GARP Status
Use the GARP Status page to view GARP settings for the system and for each interface.
To access the GARP Status page, click LAN > Monitoring > GARP Status > Status in the navigation tree.
Figure 114: GARP Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 204
D-Link UWS User Manual
Configuring GARP
The GARP Status page contains the following fields:
Table 98: GARP Status Fields
Field
Description
Switch GVRP
Switch GMRP
Slot/Port
Port GVRP Mode
Shows whether the switch GVRP protocol is enabled or disabled.
Shows whether the switch GMRP protocol is enabled or disabled.
Identifies the system interface.
Shows the GARP VLAN Registration Protocol administrative mode for the port.
If the mode is Disabled, the protocol will not be active and the Join Time, Leave
Time and Leave All Time will have no effect.
Shows the GARP Multicast Registration Protocol administrative mode for the
port. If the mode is Disabled, the protocol will not be active, and Join Time,
Leave Time and Leave All Time have no effect.
Shows the time between the transmission of GARP PDUs registering (or reregistering) membership for a VLAN or multicast group in centiseconds.
Displays time lapse, in centiseconds, that the switch waits before leaving its
GARP state. Leave time is activated by a Leave All Time message sent/received,
and cancelled by the Join message received.This allows time for another station
to assert registration for the same attribute in order to maintain uninterrupted
service.
Displays time lapse, in centiseconds, that all switches wait before leaving the
GARP state. The leave all time must be greater than the leave time. The Leave
All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU
indicates that all registrations will shortly be deregistered. Participants will
need to rejoin in order to maintain registration.
Port GMRP Mode
Join Timer (centisecs)
Leave Timer (centisecs)
Leave All Timer (centisecs)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 205
D-Link UWS User Manual
Configuring GARP
GARP Switch Configuration
Use the GARP Switch Configuration page to configure GARP settings for the system.
To access the GARP Switch Configuration page, click LAN > L2 Features> GARP > Switch Configuration in the
navigation tree.
Figure 115: GARP Switch Configuration
Table 99: GARP Switch Configuration Fields
Field
Description
Switch GVRP Mode
Shows the GARP VLAN Registration Protocol administrative mode for the
switch. The switch GVRP mode must be enabled for the ports to function in
GARP protocols, even if GVRP is enabled on a port.
Shows the GARP Multicast Registration Protocol administrative mode for the
switch. The switch GMRP mode must be enabled for the ports to function in
GARP protocols, even if GMRP is enabled on a port.
Switch GMRP Mode
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 206
D-Link UWS User Manual
Configuring GARP
GARP Port Configuration
Use the GARP Port Configuration page to configure GARP settings for a specific interface.
To access the GARP Port Configuration page, click LAN > L2 Features> GARP > Port Configuration in the
navigation tree.
Figure 116: GARP Port Configuration
Table 100: GARP Port Configuration Fields
Field
Description
Slot/Port
Specifies interface on which to configure the GARP settings. If you select All
from the drop-down menu, the settings on the page affect all interfaces.
Choose the GARP VLAN Registration Protocol administrative mode for the
port by selecting enable or disable from the pulldown menu.If you select
disable, the protocol will not be active and the Join Time, Leave Time and
Leave All Time will have no effect. The factory default is disable.
Choose the GARP Multicast Registration Protocol administrative mode for the
port by selecting enable or disable from the pulldown menu. If you select
disable, the protocol will not be active, and Join Time, Leave Time and Leave
All Time have no effect. The factory default is disable.
Port GVRP Mode
Port GMRP Mode
GARP Timers
GARP Join Timer (centisecs)
D-Link
Oct. 2015
Specify the time between the transmission of GARP PDUs registering (or reregistering) membership for a VLAN or multicast group in centiseconds. Enter
a number between 10 and 100 (0.1 to 1.0 seconds). The factory default is 20
centiseconds (0.2 seconds). An instance of this timer exists for each GARP
participant for each port.
Unified Wired and Wireless Access System
Page 207
D-Link UWS User Manual
Configuring GARP
Table 100: GARP Port Configuration Fields (Cont.)
Field
Description
GARP Leave Timer (centisecs) Displays time lapse, in centiseconds, that the switch waits before leaving its
GARP state. Leave time is activated by a Leave All Time message sent/
received, and cancelled by the Join message received.This allows time for
another station to assert registration for the same attribute in order to
maintain uninterrupted service. Enter a number between 20 and 600 (0.2 to
6.0 seconds). Leave time must be greater than or equal to three times the join
time. The factory default is 60 centiseconds (0.6 seconds). An instance of this
timer exists for each GARP participant for each port.
GARP Leave All Timer
Displays time lapse, in centiseconds, that all switches wait before leaving the
(centisecs)
GARP state. The leave all time must be greater than the leave time. The
possible field value is 200-6000. The default value is 1000 centisecs. The Leave
All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU
indicates that all registrations will shortly be deregistered. Participants will
need to rejoin in order to maintain registration. The Leave All Period Timer is
set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime. The
timer is specified in centiseconds. Enter a number between 200 and 6000 (2
to 60 seconds). The factory default is 1000 centiseconds (10 seconds). An
instance of this timer exists for each GARP participant for each port.
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 208
D-Link UWS User Manual
Creating Port Channels (Trunking)
Creating Port Channels (Trunking)
Port-trunks, which are also known as link aggregation groups (LAGs), allow you to combine multiple full-duplex
Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which
increases fault tolerance and provides load sharing. You assign the port-channel (LAG) VLAN membership after
you create a port-trunk. The port channel by default becomes a member of the management VLAN.
A port-trunk (LAG) interface can be either static or dynamic, but not both. All members of a port channel must
participate in the same protocols. A static port-trunk interface does not require a partner system to be able to
aggregate its member ports.
Note: If you configure the maximum number of dynamic port-channels (LAGs) that your platform
supports, additional port-channels that you configure are automatically static.
Static LAGs are supported. When a port is added to a LAG as a static member, it neither transmits nor receives
LACPDUs.
Port Channel Configuration
Use the Port Channel Configuration page to group one or more full duplex Ethernet links to be aggregated
together to form a port-channel, which is also known as a link aggregation group (LAG). The switch treats the
port-channel as if it were a single link.
To access the Port Channel Configuration page, click LAN > L2 Features > Trunking > Configuration in the
navigation tree.
Figure 117: Port Channel Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 209
D-Link UWS User Manual
Creating Port Channels (Trunking)
Table 101: Port Channel Configuration Fields
Field
Description
Port Channel Interface
You can use this screen to reconfigure an existing Port Channel, or to create a
new one. Use this pull down menu to select one of the existing Port Channels,
or select 'Create' to add a new one. There can be a maximum of 64 Port
Channels.
Enter the name of the port channel
After you create the port channel, this field identifies the Port Channel with
the Slot/Port interface naming convention. This field does not appear while
you initially configure a new Port Channel.
Enter the name you want assigned to the Port Channel. You may enter any
string of up to 15 alphanumeric characters. You must specify a valid name in
order to create the Port Channel.
Specify whether you want to have a trap sent when link status changes. The
factory default is enable, which will cause the trap to be sent.
Select enable or disable from the pulldown menu. When the Port Channel is
disabled no traffic will flow and LACPDUs will be dropped, but the links that
form the Port Channel will not be released. The factory default is enable.
Indicates whether the link is Up or Down.
Select the Spanning Tree Protocol () Administrative Mode associated with the
Port Channel:
• Disable: Spanning tree is disabled for this Port Channel.
• Enable: Spanning tree is enabled for this Port Channel.
Select enable or disable from the pulldown menu. The factory default is
Disable.
• Enable: The port channel is statically maintained, which means it does not
transmit or process received LAGPDUs. The member ports do not transmit
LAGPDUs and all the LAGPDUs it may receive are dropped. A static portchannel interface does not require a partner system to be able to
aggregate its member ports.
• Disable: The port channel is dynamically maintained. The interface
transmits and processes LAGPDUs and requires a partner system
Select the hashing algorithm used to distribute the traffic load among
available physical ports in the LAG. The range of possible values may vary with
the type of switch. The possible values are:
• Source MAC, VLAN, EtherType, and source port
• Destination MAC, VLAN, EtherType and source port
• Source/Destination MAC, VLAN, EtherType, and source port
• Source IP and Source TCP/UDP Port
• Destination IP and Destination TCP/UDP Port
• Source/Destination IP and source/destination TCP/UDP Port
After you create one or more port channel, this field lists the members of the
Port Channel in Slot/Port form. If there are no port channels on the system,
this field is not present.
This column lists the physical ports available on the system.
Port Channel Name
Slot/Port
Port Channel Name
Link Trap
Administrative Mode
Link Status
STP Mode
Static Mode
Load Balance
Port Channel Members
Slot/Port
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 210
D-Link UWS User Manual
Creating Port Channels (Trunking)
Table 101: Port Channel Configuration Fields (Cont.)
Field
Description
Participation
Select each port’s membership status for the Port Channel you are
configuring. There can be a maximum of 8 ports assigned to a Port Channel.
• Include: The port participates in the port channel.
• Exclude: The port does not participate in the port channel, which is the
default.
Shows ports that are already members of other Port Channels. A port may
only be a member of one Port Channel at a time. If the entry is blank, the port
is not currently a member of any Port Channel
Membership Conflicts
• If you make any changes to this page, click Submit to apply the changes to the system.
• To remove a port channel, select it from the Port Channel Name drop-down menu and click Delete. All
ports that were members of this Port Channel are removed from the Port Channel and included in the
default VLAN. This field will not appear when a new Port Channel is being created.
Port Channel Status
Use the Port Channel Status page to group one or more full duplex Ethernet links to be aggregated together
to form a port-channel, which is also known as a link aggregation group (LAG). The switch can treat the portchannel as if it were a single link.
To access the Port Channel Status page, click LAN > Monitoring > Trunking > Status in the navigation tree.
Figure 118: Port Channel Status
Table 102: Port Channel Status Fields
Field
Description
Port Channel
Port Channel Name
Port Channel Type
Identifies the port channel with the Slot/Port interface naming convention.
Identifies the user-configured text name of the port channel.
The type of this Port Channel, which is one of the following:
• Static: The port channel is statically maintained.
• Dynamic: The port channel is dynamically maintained.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 211
D-Link UWS User Manual
Creating Port Channels (Trunking)
Table 102: Port Channel Status Fields (Cont.)
Field
Description
Admin Mode
Select enable or disable from the pulldown menu. When the Port Channel is
disabled no traffic will flow and LACPDUs will be dropped, but the links that
form the Port Channel will not be released. The factory default is enable.
Indicates whether the link is Up or Down.
Shows whether the Spanning Tree Protocol () Administrative Mode is enabled
or disabled on the port channel
Shows whether static mode is enabled for this port channel.
Shows whether to send traps when link status changes. If the status is
Enabled, traps are sent.
Lists the ports that are members of the Port Channel, in Slot/Port notation.
There can be a maximum of 8 ports assigned to a Port Channel.
Lists the ports that are actively participating members of this Port Channel, in
Slot/Port notation.
Shows the hashing algorithm used to distribute the traffic load among
available physical ports in the LAG. The range of possible values may vary with
the type of switch. The possible values are:
• Source MAC, VLAN, EtherType, and source port
• Destination MAC, VLAN, EtherType and source port
• Source/Destination MAC, VLAN, EtherType, and source port
• Source IP and Source TCP/UDP Port
• Destination IP and Destination TCP/UDP Port
• Source/Destination IP and source/destination TCP/UDP Port
Link State
Mode
Static Mode
Link Trap
Configured Ports
Active Ports
Load Balance
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 212
D-Link UWS User Manual
Configuring IGMP Snooping
Configuring IGMP Snooping
Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast
traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are
identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query
and report messages, the switch forwards traffic only to the ports that request the multicast traffic. This
prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.
A traditional Ethernet network may be separated into different network segments to prevent placing too many
devices onto the same shared media. Bridges and switches connect these segments. When a packet with a
broadcast or multicast destination address is received, the switch will forward a copy into each of the
remaining network segments in accordance with the IEEE MAC Bridge standard. Eventually, the packet is
made accessible to all nodes connected to the network.
This approach works well for broadcast packets that are intended to be seen or processed by all connected
nodes. In the case of multicast packets, however, this approach could lead to less efficient use of network
bandwidth, particularly when the packet is intended for only a small number of nodes. Packets will be flooded
into network segments where no node has any interest in receiving the packet. While nodes will rarely incur
any processing overhead to filter packets addressed to un-requested group addresses, they are unable to
transmit new packets onto the shared media for the period of time that the multicast packet is flooded. The
problem of wasting bandwidth is even worse when the LAN segment is not shared, for example in Full Duplex
links.
Allowing switches to snoop IGMP packets is a creative effort to solve this problem. The switch uses the
information in the IGMP packets as they are being forwarded throughout the network to determine which
segments should receive packets directed to the group address.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 213
D-Link UWS User Manual
Configuring IGMP Snooping
Global Configuration and Status
Use the IGMP Snooping Global Configuration and Status page to enable IGMP snooping on the switch and view
information about the current IGMP configuration.
To access the IGMP Snooping Configuration and Status page, click LAN > L2 Features> IGMP Snooping >
Configuration and Status in the navigation tree.
Figure 119: IGMP Snooping Global Configuration and Status
Table 103: IGMP Snooping Global Configuration and Status Fields
Field
Description
Admin Mode
Select the administrative mode for IGMP Snooping for the switch from the
pulldown menu. The default is disable.
Shows the number of multicast control frames that have been processed by
the CPU.
Lists the interfaces currently enabled for IGMP Snooping. To enable interfaces
for IGMP snooping, see “Interface Configuration” on page 215.
Shows the number of data frames forwarded by the CPU.
Multicast Control Frame
Count
Interfaces Enabled for IGMP
Snooping
Data Frames Forwarded by
the CPU
VLAN Ids Enabled For IGMP
Snooping
Displays VLAN Ids enabled for IGMP snooping. To enable VLANs for IGMP
snooping, see “Multicast Router Status” on page 219.
• Select Enable or Disable the Admin Mode field and click Submit to turn the feature on or off. Perform a
save if you want the changes to remain in effect over a power cycle.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 214
D-Link UWS User Manual
Configuring IGMP Snooping
Interface Configuration
Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific
interfaces.
To access the IGMP Snooping Interface Configuration page, click LAN > L2 Features> IGMP Snooping >
Interface Configuration in the navigation tree.
Figure 120: IGMP Snooping Interface Configuration
Table 104: IGMP Snooping Interface Configuration Fields
Field
Description
Interface
Admin Mode
Select the physical or LAG interfaces to configure.
Select the interface mode for the selected interface for IGMP Snooping for the
switch from the pulldown menu. The default is disable.
Specify the amount of time you want the switch to wait for a report for a
particular group on a particular interface before it deletes that interface from
the group. The valid range is from (2 to 3600) seconds. The default is 260
seconds.
Specify the amount of time you want the switch to wait after sending a query
on an interface because it did not receive a report for a particular group on
that interface. Enter a value greater or equal to 1 and less than the Group
Membership Interval in seconds. The default is 10 seconds. The configured
value must be less than the Group Membership Interval.
Specify the amount of time you want the switch to wait to receive a query on
an interface before removing it from the list of interfaces with multicast
routers attached. Enter a value between 0 and 3600 seconds. The default is 0
seconds. A value of zero indicates an infinite timeout; i.e., no expiration.
Select the Fast Leave mode for the a particular interface from the pulldown
menu. The default is Disable. Enabling Fast Leave mode allows the switch to
immediately remove the Layer 2 LAN interface from its forwarding table entry
upon receiving an IGMP leave message for that multicast group without first
sending out MAC-based general queries to the interface.
Group Membership Interval
Max Response Time
Multicast Router Present
Expiration Time
Fast Leave Admin Mode
• If you make any changes on the page, click Submit to apply the new settings to the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 215
D-Link UWS User Manual
Configuring IGMP Snooping
VLAN Configuration
Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the
system.
To access the IGMP Snooping VLAN Configuration page, click LAN > L2 Features> IGMP Snooping > VLAN
Configuration in the navigation tree.
Figure 121: IGMP Snooping VLAN Configuration
Table 105: IGMP Snooping VLAN Configuration Fields
Field
Description
VLAN ID
From the drop-down menu, select the VLAN ID of the VLAN to modify, or
select New Entry to configure settings for a VLAN that does not have IGMP
Snooping enabled.
Enable is the only available option from the drop-down menu. To disable the
IGMP snooping admin mode on the VLAN, select the VLAN from the VLAN ID
field and click Delete.
Enabling fast-leave allows the switch to immediately remove the layer 2 LAN
interface from its forwarding table entry upon receiving an IGMP leave
message for that multicast group without first sending out MAC-based
general queries to the interface.
You should enable fast-leave admin mode only on VLANs where only one host
is connected to each layer 2 LAN port. This prevents the inadvertent dropping
of the other hosts that were connected to the same layer 2 LAN port but were
still interested in receiving multicast traffic directed to that group. Also, fastleave processing is supported only with IGMP version 2 hosts.
The Group Membership Interval time is the amount of time in seconds that a
switch waits for a report from a particular group on a particular interface
before deleting the interface from the entry. This value must be greater than
the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds.
Enter the amount of time in seconds that a switch will wait after sending a
query on an interface because it did not receive a report for a particular group
in that interface. This value must be less than the Group Membership Interval
time value. The range is 1 to 25 seconds.
Admin Mode
Fast Leave Admin Mode
Group Membership Interval
Maximum Response Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 216
D-Link UWS User Manual
Configuring IGMP Snooping
Table 105: IGMP Snooping VLAN Configuration Fields (Cont.)
Field
Description
Operational Maximum
Response Time
This read-only field displays the value for maximum response time of IGMP
Snooping for the specified VLAN ID. Its value is learned dynamically from the
IGMPv2 or IGMPv3 queries received on this VLAN. For the multicast traffic not
to get disturbed, you should configure group membership interval to be
greater than this value.
Multicast Router Expiry Time Enter the amount of time in seconds that a switch waits for a query to be
received on an interface before the interface is removed from the list of
interfaces with multicast routers attached. The range is 0 to 3600 seconds. A
value of 0 indicates an infinite time-out; i.e., no expiration.
• If you make any changes to the page, click Submit to apply the new settings to the system.
VLAN Status
Use the IGMP Snooping VLAN Status page to view information about the VLANs on the system that are
configured for IGMP snooping.
To access the IGMP Snooping VLAN Status page, click LAN > Monitoring> IGMP Snooping Status > VLAN
Status in the navigation tree.
Figure 122: IGMP Snooping VLAN Status
Table 106: IGMP Snooping VLAN Status Fields
Field
Description
VLAN ID
Admin Mode
Fast Leave Admin Mode
Group Membership Interval
Displays the VLAN IDs for which the IGMP Snooping mode is Enabled.
Shows the IGMP Snooping Mode for the VLAN ID.
Indicates whether IGMP Snooping Fast-leave is active on the VLAN.
Shows the amount of time in seconds that a switch will wait for a report from
a particular group on a particular interface, which is participating in the VLAN,
before deleting the interface from the entry.
Shows the amount of time the switch waits after it sends a query on an
interface, participating in the VLAN, because it did not receive a report for a
particular group on that interface. This value may be configured.
Max Response Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 217
D-Link UWS User Manual
Configuring IGMP Snooping
Table 106: IGMP Snooping VLAN Status Fields (Cont.)
Field
Description
Operational Maximum
Response Time
Displays the value for maximum response time of IGMP Snooping for the
specified VLAN ID. Its value is learned dynamically from the IGMPv2 or
IGMPv3 queries received on this VLAN.
Multicast Router Expiry Time Shows the amount of time to wait before removing an interface that is
participating in the VLAN from the list of interfaces with multicast routers
attached. The interface is removed if a query is not received.
• Click Refresh to re-display the page with the latest information from the router.
Multicast Router Configuration
If a multicast router is attached to the switch, its existence can be learned dynamically. You can also statically
configure a switch port as a multicast router interface. Use the Multicast Router Configuration page to
manually configure an interface as a static multicast router interface.
To access the IGMP Snooping Multicast Router Configuration page, click LAN > L2 Features> IGMP Snooping
> Multicast Router Configuration in the navigation tree.
Figure 123: Multicast Router Configuration
Table 107: Multicast Router Configuration Fields
Field
Description
Slot/Port
Multicast Router
Select the physical or LAG interface to display.
Set the multicast router status:
• Enabled: The port is a multicast router interface.
• Disabled: The port does not have a multicast router configured.
If you enable or disable multicast router configuration on an interface, click Submit to apply the new settings
to the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 218
D-Link UWS User Manual
Configuring IGMP Snooping
Multicast Router Status
Use the IGMP Snooping Multicast Router Status page to see whether a particular interface is configured as a
multicast router interface.
To access the IGMP Snooping Multicast Router Statistics page, click Monitoring> IGMP Snooping Status >
Multicast Router Status in the navigation tree.
Figure 124: Multicast Router Status
Table 108: Multicast Router Status Fields
Field
Description
Slot/Port
Multicast Router
Select the physical or LAG interface to display.
Shows whether the specified interface is configured as a multicast router
interface.
• Click Refresh to re-display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 219
D-Link UWS User Manual
Configuring IGMP Snooping
Multicast Router VLAN Configuration
Use the IGMP Snooping Multicast Router VLAN Configuration page to configure multicast router settings for
VLANs on an interface.
To access the IGMP Snooping Multicast Router VLAN Configuration page, click LAN > L2 Features> IGMP
Snooping > Multicast Router VLAN Configuration in the navigation tree.
Figure 125: Multicast Router VLAN Configuration
Table 109: Multicast Router VLAN Configuration Fields
Field
Description
Slot/Port
VLAN ID
Multicast Router
Select the physical or LAG interface to display.
Enter the VLAN ID to configure as enabled or disabled for multicast routing.
Select Enable or Disable from the drop-down menu to change the multicast
router mode of the VLAN associated with this interface.
• If you enable or disable multicast router configuration for VLANs on an interface, click Submit to apply the
new settings to the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 220
D-Link UWS User Manual
Configuring IGMP Snooping
Multicast Router VLAN Status
Use the IGMP Snooping Multicast Router VLAN Status page to view multicast router settings for VLANs on a
specific interface.
To access the IGMP Snooping Multicast Router VLAN Status page, click Monitoring> IGMP Snooping Status >
Multicast Router VLAN Status in the navigation tree.
Figure 126: Multicast Router VLAN Status
The IGMP Snooping Multicast Router VLAN Status page contains the following fields:
Table 110: Multicast Router VLAN Status Fields
Description
Slot/Port
Select the physical or LAG interface to display.
VLAN ID
If a VLAN is enabled for multicast routing on the interface, this field displays its ID.
Multicast Router Indicates that the multicast router is enabled for the VLAN on this interface.
• Click Refresh to re-display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 221
D-Link UWS User Manual
Configuring IGMP Snooping Queriers
Configuring IGMP Snooping Queriers
IGMP snooping requires that one central switch or router periodically query all end-devices on the network to
announce their multicast memberships. This central device is the 'IGMP querier'. The IGMP query responses,
known as IGMP reports, keep the switch updated with the current multicast group membership on a port-byport basis. If the switch does not receive updated membership information in a timely fashion, it will stop
forwarding multicast to the port where the end device is located.
These pages enable you to configure and display information on IGMP snooping queriers on the network and,
separately, on VLANs.
IGMP Snooping Querier Configuration
Use this page to enable or disable the IGMP Snooping Querier feature, specify the IP address of the router to
perform the querying, and configure related parameters. Users must have Read/Write access privileges to
change the data on this page.
To access this page, click LAN > L2 Features> IGMP Snooping Querier > IGMP Snooping Querier Configuration
in the navigation tree.
Figure 127: IGMP Snooping Querier Configuration
Table 111: IGMP Snooping Querier Configuration Fields
Field
Description
Snooping Querier Admin
Mode
Snooping Querier Address
Select the administrative mode for IGMP Snooping for the switch from the
pulldown menu. The default is Disable.
Specify the Snooping Querier Address to be used as source IP address in
periodic IGMP queries. This address is used when no address is configured on
the VLAN on which query is being sent.
Specify the IGMP protocol version used in periodic IGMP queries.
Specify the time interval in seconds between periodic queries sent by the
snooping querier. The Query Interval must be a value in the range of 1 and
1800 seconds. The default value is 60 seconds.
IGMP Version
Query Interval
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 222
D-Link UWS User Manual
Configuring IGMP Snooping Queriers
Table 111: IGMP Snooping Querier Configuration Fields (Cont.)
Field
Description
Querier Expiry Interval
Specify the time interval in seconds after which the last querier information is
removed. The Querier Expiry Interval must be a value in the range of 60 and
300. The default value is 60 seconds.
• If you configure an IGMP snooping querier, click Submit to apply the new settings to the switch.
• Click Refresh to re-display the page with the latest information from the switch.
IGMP Snooping Querier VLAN Configuration
Use this page to configure IGMP queriers for use with VLANs on the network.
To access this page, click LAN > L2 Features> IGMP Snooping Querier > IGMP Snooping Querier VLAN
Configuration in the navigation tree.
Figure 128: IGMP Snooping Querier VLAN Configuration
Table 112: IGMP Snooping Querier VLAN Configuration Fields
Field
Description
VLAN ID
Specifies VLAN ID for which the IGMP Snooping Querier is to be enabled.
Select New Entry to create a new VLAN ID for IGMP Snooping.
Enables or disables Querier Participate Mode. When this mode is disabled,
upon seeing another querier of same version in the VLAN, the snooping
querier moves to non-querier state.
When enabled, the snooping querier participates in querier election, in which
the least IP address operates as the querier in that VLAN. The other querier
moves to non-querier state.
Specifies the Snooping Querier Address to be used as source IP address in
periodic IGMP queries sent on the specified VLAN.
Querier Election Participate
Mode
Snooping Querier VLAN
Address
• If you configure a snooping querier for a VLAN, click Submit to apply the new settings.
• Click Refresh to re-display the page with the latest information from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 223
D-Link UWS User Manual
Configuring IGMP Snooping Queriers
IGMP Snooping Querier VLAN Configuration Summary
Use this page to view summary information for IGMP snooping queriers for on VLANs in the network.
To access this page, click LAN > L2 Features> IGMP Snooping Querier > IGMP Snooping Querier VLAN
Configuration Summary in the navigation tree.
Figure 129: IGMP Snooping Querier VLAN Configuration Summary
Table 113: IGMP Snooping Querier VLAN Configuration Summary Fields
Field
Description
VLAN ID
Specifies the VLAN ID on which IGMP Snooping Querier is administratively
enabled.
Displays the querier election participate mode on the VLAN.
When this mode is disabled, up on seeing a query of the same version in the
VLAN, the snooping querier moves to non-querier state.
When this mode is enabled, the snooping querier participate in querier
election, in which the lowest IP address operates as the querier in that VLAN.
The other querier moves to non-querier state.
Displays the Snooping Querier Address to be used as source address in
periodic IGMP queries sent on the specified VLAN.
Querier Election Participate
Mode
Snooping Querier VLAN
Address
• Click Refresh to re-display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 224
D-Link UWS User Manual
Configuring IGMP Snooping Queriers
IGMP Snooping Querier VLAN Status
Use this page to view the operational state and other information for IGMP snooping queriers for VLANs on
the network.
To access this page, click Monitoring > Querier VLAN Status in the navigation tree.
Figure 130: IGMP Snooping Querier VLAN Status
Table 114: IGMP Snooping Querier VLAN Status Fields
Field
Description
VLANID
Specifies the VLAN ID on which the IGMP Snooping Querier is administratively
enabled and for which VLAN exists in the VLAN database.
Specifies the operational state of the IGMP Snooping Querier on a VLAN:
• Querier: The snooping switch is the querier in the VLAN. The snooping
switch will send out periodic queries with a time interval equal to the
configured querier query interval. If the snooping switch sees a better
querier (numerically lower) in the VLAN, it moves to non-querier mode.
• Non-Querier: The snooping switch is in non-querier mode in the VLAN. If
the querier expiry interval timer expires, the snooping switch moves into
querier mode.
• Disabled: The snooping querier is not operational on the VLAN. The
snooping querier moves to disabled mode when IGMP snooping is not
operational on the VLAN, when the querier address is not configured, or
the network management address is not configured.
Displays the IGMP protocol version of the operational querier.
Displays the IP address of the last querier from which a query was snooped on
the VLAN.
Displays the IGMP protocol version of the last querier from which a query was
snooped on the VLAN.
Displays the maximum response time to be used in the queries that are sent
by the snooping querier.
Operational State
Operational Version
Last Querier Address
Last Querier Version
Operational Max Response
Time
• Click Refresh to re-display the page with the latest information from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 225
D-Link UWS User Manual
Configuring MLD Snooping
Configuring MLD Snooping
In IPv4, Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically
configuring Layer-2 interfaces so that multicast traffic is forwarded to only those interfaces associated with an
IP multicast address. In IPv6, Multicast Listener Discovery (MLD) snooping performs a similar function. With
MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data,
instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control
packets.
MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners (nodes wishing
to receive IPv6 multicast packets) on its directly-attached links and to discover which multicast packets are of
interest to neighboring nodes. MLD is derived from IGMP; MLD version 1 (MLDv1) is equivalent to IGMPv2 and
MLD version 2 (MLDv2) is equivalent to IGMPv3. MLD is a subprotocol of Internet Control Message Protocol
version 6 (ICMPv6), and MLD messages are a subset of ICMPv6 messages.
The switch can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on
destination IPv6 multicast MAC addresses. The switch can be configured to perform MLD snooping and IGMP
snooping simultaneously.
Configuration and Status
Use the MLD Snooping Global Configuration and Status page to enable MLD snooping on the switch and view
information about the current MLD snooping configuration.
To access this page, click LAN > L2 Features> MLD Snooping > Configuration and Status in the navigation tree.
Figure 131: MLD Snooping Global Configuration and Status
Table 115: MLD Snooping Global Configuration and Status Fields
Field
Description
Admin Mode
Select the administrative mode for MLD Snooping for the switch from the
pulldown menu. The default is disable.
Shows the number of multicast control frames that have been processed by
the CPU.
Lists the interfaces currently enabled for MLD Snooping. To enable interfaces
for MLD snooping, see “Interface Configuration” on page 227.
Multicast Control Frame
Count
Interfaces Enabled for MLD
Snooping
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 226
D-Link UWS User Manual
Configuring MLD Snooping
Table 115: MLD Snooping Global Configuration and Status Fields (Cont.)
Field
Description
Data Frames Forwarded by
the CPU
VLAN Ids Enabled For MLD
Snooping
Shows the number of data frames forwarded by the CPU.
Displays VLAN Ids enabled for MLD snooping. To enable interfaces for MLD
snooping, see “VLAN Configuration” on page 229.
• Select Enable or Disable the Admin Mode field and click Submit to turn the feature on or off. Perform a
save if you want the changes to remain in effect over a power cycle.
Interface Configuration
Use the MLD Snooping Interface Configuration page to configure snooping settings on specific interfaces.
To access the MLD Snooping Interface Configuration page, click LAN > L2 Features > MLD Snooping > Interface
Configuration in the navigation tree.
Figure 132: MLD Snooping Interface Configuration
Table 116: MLD Snooping Interface Configuration Fields
Field
Description
Interface
Admin Mode
Select the physical or LAG interfaces to configure.
Select the interface mode for the selected interface for MLD Snooping for the
switch from the pulldown menu. The default is Disable.
Specify the amount of time you want the switch to wait for a report for a
particular group on a particular interface before it deletes that interface from
the group. The valid range is from (2 to 3600) seconds. The default is 260
seconds.
Specify the amount of time you want the switch to wait after sending a query
on an interface because it did not receive a report for a particular group on
that interface. Enter a value greater or equal to 1 and less than the Group
Membership Interval in seconds. The default is 10 seconds. The configured
value must be less than the Group Membership Interval.
Group Membership Interval
Max Response Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 227
D-Link UWS User Manual
Configuring MLD Snooping
Table 116: MLD Snooping Interface Configuration Fields (Cont.)
Field
Description
Multicast Router Present
Expiration Time
Specify the amount of time you want the switch to wait to receive a query on
an interface before removing it from the list of interfaces with multicast
routers attached. Enter a value between 0 and 3600 seconds. The default is 0
seconds. A value of zero indicates an infinite timeout; i.e., no expiration.
Select the Fast Leave mode for the a particular interface from the pulldown
menu. The default is Disable.
Fast Leave Admin Mode
• If you make any changes on the page, click Submit to apply the new settings to the switch.
VLAN Status
Use the MLD Snooping VLAN Status page to view information about the VLANs on the system that are
configured for MLD snooping.
To access the MLD Snooping VLAN Status page, click Monitoring > MLD Snooping > VLAN Status in the
navigation tree.
Figure 133: MLD Snooping VLAN Status
Table 117: MLD Snooping VLAN Status Fields
Field
Description
VLAN ID
Admin Mode
Fast Leave Admin Mode
Group Membership Interval
Displays the VLAN IDs for which the MLD Snooping mode is Enabled.
Shows the MLD Snooping Mode for the VLAN ID.
Indicates whether MLD Snooping Fast-leave is active on the VLAN.
Shows the amount of time in seconds that a switch will wait for a report from
a particular group on a particular interface, which is participating in the VLAN,
before deleting the interface from the entry. The valid range is 2 to 3600.
Maximum Response Time
Shows the amount of time the switch waits after it sends a query on an
interface, participating in the VLAN, because it did not receive a report for a
particular group on that interface. The valid range is 1 to 3599. Its value should
be greater than group membership interval value.
Multicast Router Expiry Time Shows the amount of time to wait before removing an interface that is
participating in the VLAN from the list of interfaces with multicast routers
attached. The interface is removed if a query is not received. The valid range
is 0 to 3600.
• Click Refresh to re-display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 228
D-Link UWS User Manual
Configuring MLD Snooping
VLAN Configuration
Use the MLD Snooping VLAN Configuration page to configure MLD Snooping settings for VLANs on the system.
To access the MLD Snooping VLAN Configuration page, click LAN > L2 Features> MLD Snooping > VLAN
Configuration in the navigation tree.
Figure 134: MLD Snooping VLAN Configuration
Table 118: MLD Snooping VLAN Configuration Fields
Field
Description
VLAN ID
Specifies list of VLAN IDs for which MLD Snooping is enabled. If no entries
exist, New Entry displays. Enter the VLAN ID of the VLAN on which to enable
and configure MLD Snooping.
Enable is the only available option from the drop-down menu. To disable the
MLD Snooping admin mode on the VLAN, select the VLAN from the VLAN ID
field and click Delete.
Enabling fast-leave allows the switch to immediately remove the layer-2 LAN
interface from its forwarding table entry upon receiving an MLD leave
message for that multicast group without first sending out MAC-based
general queries to the interface.
Enable fast-leave admin mode only on VLANs where only one host is
connected to each layer-2 LAN port. This prevents the inadvertent dropping
of the other hosts that were connected to the same layer-2 LAN port but were
still interested in receiving multicast traffic directed to that group.
The Group Membership Interval time is the amount of time in seconds that a
switch waits for a report from a particular group on a particular interface
before deleting the interface from the entry. This value must be greater than
the Maximum Response time value. The range is 2 to 3600 seconds.
Enter the amount of time in seconds that a switch will wait after sending a
query on an interface because it did not receive a report for a particular group
in that interface. This value must be less than the Group Membership Interval
value. The range is 1 to 65 seconds.
Admin Mode
Fast Leave Admin Mode
Group Membership Interval
Maximum Response Time
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 229
D-Link UWS User Manual
Configuring MLD Snooping
Table 118: MLD Snooping VLAN Configuration Fields (Cont.)
Field
Description
Multicast Router Expiry Time Enter the amount of time in seconds that a switch waits for a query to be
received on an interface before the interface is removed from the list of
interfaces with multicast routers attached. The range is 0 to 3600 seconds. A
value of 0 indicates an infinite time-out; i.e., no expiration.
• If you make any changes to the page, click Submit to apply the new settings to the system.
• To disable the MLD Snooping admin mode on a VLAN, select the VLAN from the VLAN ID field and click
Delete.
Multicast Router Configuration
The switch can dynamically learn of an attached multicast router, or you can configure a switch port as a
multicast router interface. Use the MLD Snooping Multicast Router Configuration page to configure an
interface as a static multicast router interface.
To access the MLD Snooping Multicast Router Configuration page, click LAN > L2 Features> MLD Snooping >
Multicast Router Configuration in the navigation tree.
Figure 135: MLD Snooping Multicast Router Configuration
Table 119: MLD Snooping Multicast Router Configuration Fields
Field
Description
Slot/Port
Multicast Router
Select the physical or LAG interface to display.
Set the multicast router status:
• Enabled: The port is a multicast router interface.
• Disabled: The port does not have multicast router configured.
• If you enable or disable multicast router configuration on an interface, click Submit to apply the new
settings to the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 230
D-Link UWS User Manual
Configuring MLD Snooping
Multicast Router Status
Use the MLD Snooping Multicast Router Status page to view multicast router functionality on selected ports.
To access this page, click Monitoring > MLD Snooping > Multicast Router Status in the navigation tree.
Figure 136: MLD Snooping Multicast Router Status
Table 120: MLD Snooping Multicast Router Status Fields
Field
Description
Slot/Port
Multicast Router
Select the slot and port number with the information to view.
Indicates whether the specified interface is configured to perform multicast
routing.
• Click Refresh to re-display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 231
D-Link UWS User Manual
Configuring MLD Snooping
Multicast Router VLAN Configuration
Use the MLD Snooping Multicast Router VLAN Configuration page to configure multicast router settings for
VLANs on an interface.
To access the MLD Snooping Multicast Router VLAN Configuration page, click LAN > L2 Features> MLD
Snooping > Multicast Router VLAN Configuration in the navigation tree.
Figure 137: Multicast Router VLAN Configuration
Table 121: Multicast Router VLAN Configuration Fields
Field
Description
Interface
VLAN ID
Multicast Router
Select the physical, VLAN, or LAG interface to display.
Enter the VLAN ID to configure as enabled or disabled for multicast routing.
Select Enable or Disable from the drop-down menu to change the multicast
router mode of the VLAN associated with this interface.
• If you enable or disable multicast router configuration for VLANs on an interface, click Submit to apply the
new settings to the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 232
D-Link UWS User Manual
Configuring MLD Snooping
Multicast Router VLAN Status
Use the MLD Snooping Multicast Router VLAN Status page to view multicast router settings for VLANs on a
specific interface.
To access the MLD Snooping Multicast Router VLAN Statistics page, click Monitoring > MLD Snooping >
Multicast Router VLAN Status in the navigation tree.
Figure 138: MLD Snooping Multicast Router VLAN Status
The MLD Snooping Multicast Router VLAN Statistics page contains the following fields:
Table 122: MLD Snooping Multicast Router VLAN Status Fields
Description
Slot/Port
Select the physical or LAG interface to display.
VLAN ID
If a VLAN is enabled for multicast routing on the interface, this field displays its ID.
Multicast Router Indicates that the multicast router is enabled for the VLAN on this interface.
• Click Refresh to re-display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 233
D-Link UWS User Manual
Configuring MLD Snooping Queriers
Configuring MLD Snooping Queriers
In an IPv6 environment, MLD Snooping requires that one central switch or router periodically query all enddevices on the network to announce their multicast memberships. This central device is the 'MLD querier'. The
MLD query responses, known as MLD reports, keep the switch updated with the current multicast group
membership on a port-by-port basis. If the switch does not receive updated membership information in a
timely fashion, it will stop forwarding multicast to the port where the end device is located.
These pages enable you to configure and display information on MLD Snooping queriers on the network and,
separately, on VLANs.
MLD Snooping Querier Configuration
Use this page to enable or disable the MLD Snooping Querier feature, specify the IP address of the router to
perform the querying, and configure related parameters. Users must have Read/Write access privileges to
change the data on this page.
To access this page, click LAN > L2 Features> MLD Snooping Querier > MLD Snooping Querier Configuration
in the navigation tree.
Figure 139: MLD Snooping Querier Configuration
Table 123: MLD Snooping Querier Configuration Fields
Field
Description
Snooping Querier Admin
Mode
Snooping Querier Address
Select the administrative mode for MLD Snooping for the switch from the
pulldown menu. The default is Disable.
Specify the Snooping Querier Address to be used as source IPv6 address in
periodic MLD queries. This address is used when no address is configured on
the VLAN on which query is being sent.
Specify the MLD protocol version used in periodic MLD queries.
Specify the time interval in seconds between periodic queries sent by the
snooping querier. The Query Interval must be a value in the range of 1 and
1800. The default value is 60.
MLD Version
Query Interval
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 234
D-Link UWS User Manual
Configuring MLD Snooping Queriers
Table 123: MLD Snooping Querier Configuration Fields (Cont.)
Field
Description
Querier Expiry Interval
Specify the time interval in seconds after which the last querier information is
removed. The Querier Expiry Interval must be a value in the range of 60 and
300. The default value is 60.
• If you configure an MLD Snooping querier, click Submit to apply the new settings to the switch.
• Click Refresh to display the page with the latest information from the switch.
MLD Snooping Querier VLAN Configuration
Use this page to configure MLD queriers for use with VLANs on the network.
To access this page, click LAN > L2 Features> MLD Snooping Querier > MLD Snooping Querier VLAN
Configuration in the navigation tree.
Figure 140: MLD Snooping Querier VLAN Configuration
Table 124: MLD Snooping Querier VLAN Configuration Fields
Field
Description
VLAN ID
Specifies VLAN ID for which MLD Snooping Querier is to be enabled. You can
select New Entry to create a new VLAN ID for the MLD Snooping feature.
Enables or disables Querier Participate Mode. When this mode is disabled,
upon seeing another querier of same version in the VLAN, the snooping
querier moves to non-querier state.
When enabled, the snooping querier participates in querier election, in which
the least IP address operates as the querier in that VLAN. The other querier
moves to non-querier state.
Specifies the Snooping Querier Address to be used as source IPv6 address in
periodic IGMP queries sent on the specified VLAN.
Querier Election Participate
Mode
Snooping Querier VLAN
Address
• If you configure or modify the participate mode of a snooping querier for a VLAN, click Submit to apply
the new settings.
• Click Refresh to display the page with the latest information from the switch.
• To remove a querier from the network, select its VLAN ID and click Delete.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 235
D-Link UWS User Manual
Configuring MLD Snooping Queriers
MLD Snooping Querier VLAN Configuration Summary
Use this page to view summary information for MLD Snooping queriers for on VLANs in the network.
To access this page, click Monitoring > MLD Snooping Querier > Querier VLAN Configuration Summary in the
navigation tree.
Figure 141: MLD Snooping Querier VLAN Configuration Summary
Table 125: MLD Snooping Querier VLAN Configuration Summary Fields
Field
Description
VLAN ID
Specifies the VLAN ID on which MLD Snooping Querier is administratively
enabled.
Displays the querier election participate mode on the VLAN.
When this mode is disabled, up on seeing a query of the same version in the
VLAN, the snooping querier moves to non-querier state.
When this mode is enabled, the snooping querier participate in querier
election, in which the lowest IP address operates as the querier in that VLAN.
The other querier moves to non-querier state.
Displays the Snooping Querier Address to be used as source IPv6 address in
periodic IGMP queries sent on the specified VLAN.
Querier Election Participate
Mode
Snooping Querier VLAN
Address
• Click Refresh to display the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 236
D-Link UWS User Manual
Configuring MLD Snooping Queriers
MLD Snooping Querier VLAN Status
Use this page to view the operational state and other information for MLD Snooping queriers for VLANs on the
network.
To access this page, click LAN > Monitoring > MLD Snooping Querier > Querier VLAN Status in the navigation
tree.
Figure 142: MLD Snooping Querier VLAN Status
Table 126: MLD Snooping Querier VLAN Status Fields
Field
Description
VLAN ID
Specifies the VLAN ID on which the MLD Snooping Querier is administratively
enabled and for which VLAN exists in the VLAN database.
Specifies the operational state of the MLD Snooping Querier on a VLAN:
• Querier: The snooping switch is the querier in the VLAN. The snooping
switch will send out periodic queries with a time interval equal to the
configured querier query interval. If the snooping switch sees a better
querier in the VLAN (i.e., with a numerically lower value), it moves to nonquerier mode.
• Non-Querier: The snooping switch is in non-querier mode in the VLAN. If
the querier expiry interval timer expires, the snooping switch moves into
querier mode.
• Disabled: The snooping querier is not operational on the VLAN. The
snooping querier moves to disabled mode when MLD Snooping is not
operational on the VLAN, when the querier address is not configured, or
the network management address is not configured.
Displays the MLD protocol version of the operational querier.
Displays the IP address of the last querier from which a query was snooped on
the VLAN.
Displays the MLD protocol version of the last querier from which a query was
snooped on the VLAN.
Displays the maximum response time to be used in the queries that are sent
by the snooping querier.
Operational State
Operational Version
Last Querier Address
Last Querier Version
Operational Max Response
Time
• Click Refresh to display the page with the latest information from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 237
D-Link UWS User Manual
Viewing Multicast Forwarding Database Information
Viewing Multicast Forwarding Database Information
The Layer 2 Multicast Forwarding Database (MFDB) is used by the switch to make forwarding decisions for
packets that arrive with a multicast destination MAC address. By limiting multicasts to only certain ports in the
switch, traffic is prevented from going to parts of the network where that traffic is unnecessary.
When a packet enters the switch, the destination MAC address is combined with the VLAN ID and a search is
performed in the Layer 2 Multicast Forwarding Database. If no match is found, then the packet is either
flooded to all ports in the VLAN or discarded, depending on the switch configuration. If a match is found, then
the packet is forwarded only to the ports that are members of that multicast group.
MFDB Table
Use the MFDB Table page to view the port membership information for all active multicast address entries.
The key for an entry consists of a VLAN ID and MAC address pair. Entries may contain data for more than one
protocol.
To access the MFDB Table page, click LAN > Monitoring > Multicast Forwarding Database > MFDB Table in
the navigation tree.
Figure 143: MFDB Table
Table 127: MFDB Table Fields
Field
Description
MAC Address
Enter the VLAN ID/MAC Address pair whose MFDB table entry you want
displayed. Enter eight two-digit hexadecimal numbers separated by colons,
for example 00:01:23:43:45:67:89:AB. The first two 2-digit hexadecimal
numbers are the VLAN ID and the remaining numbers are the MAC address.
Then click on the Search button. If the address exists, that entry will be
displayed. An exact match is required.
The multicast MAC address for which you requested data.
This is the component that is responsible for this entry in the Multicast
Forwarding Database. Possible values are MLD Snooping, GMRP,IGMP
Snooping, and Static Filtering.
This displays the type of the entry. Static entries are those that are configured
by the end user. Dynamic entries are added to the table as a result of a
learning process or protocol.
MAC Address
Component
Type
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 238
D-Link UWS User Manual
Viewing Multicast Forwarding Database Information
Table 127: MFDB Table Fields (Cont.)
Field
Description
Description
The text description of this multicast table entry. Possible values are
Management Configured, Network Configured and Network Assisted.
The list of interfaces that are designated for forwarding (Fwd) and filtering
(Flt) for the selected address.
The resultant forwarding list is derived from combining all the forwarding
interfaces and removing the interfaces that are listed as the static filtering
interfaces.
Interface(s)
Forwarding Slot/Port(s)
• To search for a MAC address if the list is too long to scan, enter the MAC address in hex format and click
Search.
• Click Refresh to update the information on the screen with the most current data.
MFDB GMRP Table
Use the GMRP Table page to view all of the entries in the Multicast Forwarding Database that were created
for the GARP Multicast Registration Protocol.
To access the GMRP Table page, click LAN > Monitoring > Multicast Forwarding Database > GMRP Table in
the navigation tree.
Figure 144: GMRP Table
Table 128: GMRP Table Fields
Field
Description
MAC Address
A VLAN ID/multicast MAC address pair for which the switch has forwarding and or filtering
information. The format is 8 two-digit hexadecimal numbers that are separated by colons,
for example 00:01:23:45:67:89:AB:CD.
This displays the type of the entry. Static entries are those that are configured by the end
user. Dynamic entries are added to the table as a result of a learning process or protocol.
The text description of this multicast table entry. Possible values are Management
Configured, Network Configured and Network Assisted.
The list of interfaces that are designated for forwarding (Fwd) and filtering (Flt) for the
associated address.
Type
Description
Interface(s)
• Click Refresh to update the information on the screen with the most current data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 239
D-Link UWS User Manual
Viewing Multicast Forwarding Database Information
MFDB IGMP Snooping Table
Use the IGMP Snooping Table page to view all of the entries in the Multicast Forwarding Database that were
created for IGMP snooping.
To access the IGMP Snooping Table page, click LAN > Monitoring > Multicast Forwarding Database > IGMP
Snooping Table in the navigation tree.
Figure 145: IGMP Snooping Table
Table 129: MFDB IGMP Snooping Table Fields
Field
Description
MAC Address
A VLAN ID/multicast MAC address pair for which the switch has forwarding
and or filtering information. The format is 8 two-digit hexadecimal numbers
that are separated by colons, for example, 00:01:23:45:67:89:AB:CD.
This displays the type of the entry. Static entries are those that are configured
by the end user. Dynamic entries are added to the table as a result of a
learning process or protocol.
The text description of this multicast table entry. Possible values are
Management Configured, Network Configured and Network Assisted.
The list of interfaces that are designated for forwarding (Fwd) and filtering
(Flt) for the associated address.
Type
Description
Interface(s)
• Click Refresh to update the information on the screen with the most current data.
• Click Clear Entries to tell the IGMP Snooping component to delete all of its entries from the multicast
forwarding database.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 240
D-Link UWS User Manual
Viewing Multicast Forwarding Database Information
MFDB MLD Snooping Table
Use the MLD Snooping Table page to view all of the entries in the Multicast Forwarding Database that were
created for MLD Snooping.
To access the MLD Snooping Table page, click LAN > Monitoring> Multicast Forwarding Database > MLD
Snooping Table in the navigation tree.
Figure 146: MFDB MLD Snooping Table
Table 130: MLD Snooping Table Fields
Field
Description
MAC Address
A VLAN ID/multicast MAC address pair for which the switch has forwarding
and or filtering information. The format is 8 two-digit hexadecimal numbers
that are separated by colons, for example, 00:01:23:45:67:89:AB:CD.
This displays the type of the entry. Static entries are those that are configured
by the end user. Dynamic entries are added to the table as a result of a
learning process or protocol.
The text description of this multicast table entry. Possible values are
Management Configured, Network Configured and Network Assisted.
The list of interfaces that are designated for forwarding (Fwd) and filtering
(Flt) for the associated address.
Type
Description
Interface(s)
• Click Refresh to update the information on the screen with the most current data.
• Click Clear Entries to tell the MLD Snooping component to delete all of its entries from the multicast
forwarding database.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 241
D-Link UWS User Manual
Viewing Multicast Forwarding Database Information
MFDB Statistics
Use the multicast forwarding database Stats page to view statistical information about the MFDB table.
To access the Stats page, click LAN > Monitoring > Multicast Forwarding Database > Statistics in the
navigation tree.
Figure 147: Multicast Forwarding Database Statistics
Table 131: Multicast Forwarding Database Statistics Fields
Field
Description
Max MFDB Entries
Shows the maximum number of entries that the Multicast Forwarding
Database table can hold.
Most MFDB Entries Since Last The largest number of entries that have been present in the Multicast
Reset
Forwarding Database table since the system was last reset. This value is also
known as the MFDB high-water mark.
Current Entries
Shows the current number of entries in the Multicast Forwarding Database
table.
• Click Refresh to update the information on the screen with the most current data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 242
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Configuring Spanning Tree Protocol
The Spanning Tree Protocol () provides a tree topology for any arrangement of bridges. also provides one path
between end stations on a network, eliminating loops. Spanning tree versions supported include Common ,
Multiple , and Rapid .
Classic provides a single path between end stations, avoiding and eliminating loops. For information on
configuring Common , see “CST Port Configuration/Status” on page 249.
Multiple Spanning Tree Protocol (M) supports multiple instances of Spanning Tree to efficiently channel VLAN
traffic over different interfaces. Each instance of the Spanning Tree behaves in the manner specified in IEEE
802.1w, Rapid Spanning Tree (R), with slight modifications in the working but not the end effect (chief among
the effects, is the rapid transitioning of the port to ‘Forwarding’). The difference between the R and the
traditional (IEEE 802.1D) is the ability to configure and recognize full duplex connectivity and ports which are
connected to end stations, resulting in rapid transitioning of the port to ‘Forwarding’ state and the suppression
of Topology Change Notification. These features are represented by the parameters ‘pointtopoint’ and
‘edgeport’. M is compatible to both R and . It behaves appropriately to and R bridges. A M bridge can be
configured to behave entirely as a R bridge or a bridge.
Note: For two bridges to be in the same region, the force version should be 802.1S and their
configuration name, digest key, and revision level should match. For more information about regions
and their effect on network topology, refer to the IEEE 802.1Q standard.
Switch Configuration/Status
The Spanning Tree Switch Configuration/Status page contains fields for enabling on the switch.
To display the Spanning Tree Switch Configuration/Status page, click LAN > L2 FeaturesSpanning Tree
Switch Configuration/Status in the navigation tree.
Figure 148: Spanning Tree Switch Configuration/Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 243
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 132: Spanning Tree Switch Configuration/Status Fields
Field
Description
Spanning Tree Admin Mode
Force Protocol Version
Enables or disables on the switch.
Specifies the Force Protocol Version parameter for the switch:
• IEEE 802.1D: Spanning Tree Protocol ()
• IEEE 802.1w: Rapid Spanning Tree Protocol (R)
• IEEE 802.1s: Multiple Spanning Tree Protocol (M)
Configuration Name
Name used to identify the configuration currently being used. It may be up to
32 alphanumeric characters.
Configuration Revision Level Number used to identify the configuration currently being used. The values
allowed are between 0 and 65535. The default value is 0.
Configuration Digest Key
Number used to identify the configuration currently being used. The digest
key is generated based on the association of VLANs to different instances. To
ensure the digest key is same on two different switches, the mapping of VLANto-instance must be the same.
MST ID
Table consisting of the MST instances (including the CST) and the
corresponding VLAN IDs associated with each of them.
VID
This table consists of the VLAN identifier (VID) and the corresponding filtering
identifier (FID) associated with each VID.
FID
Table consisting of the FIDs and the corresponding VLAN IDs associated with
each of them.
• If you make any configuration changes, click Submit to apply the new settings to the switch.
• Click Refresh to update the information on the screen with the most current data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 244
D-Link UWS User Manual
Configuring Spanning Tree Protocol
CST Configuration/Status
Use the Spanning Tree CST Configuration/Status page to configure Common Spanning Tree (CST) and Internal
Spanning Tree on the switch.
To display the Spanning Tree CST Configuration/Status page, click LAN > L2 FeaturesSpanning TreeCST
Configuration/Status in the navigation tree.
Figure 149: Spanning Tree CST Configuration/Status
Table 133: Spanning Tree CST Configuration/Status Fields
Field
Description
Bridge Priority
Specifies the bridge priority value. When switches or bridges are running ,
each is assigned a priority. After exchanging BPDUs, the switch with the lowest
priority value becomes the root bridge. The bridge priority is a multiple of
4096. If you specify a priority that is not a multiple of 4096, the priority is
automatically set to the next lowest priority that is a multiple of 4096. For
example if the priority is attempted to be set to any value between 0 and
4095, it will be set to 0. The default priority is 32768.The valid range is 061440.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 245
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 133: Spanning Tree CST Configuration/Status Fields (Cont.)
Field
Description
Bridge Max Age (secs)
Specifies the switch maximum age time, which indicates the amount of time
in seconds a bridge waits before implementing a topological change. The valid
range is 6-40, and the value must be less than or equal to (2 * Bridge Forward
Delay) – 1 and greater than or equal to 2 * (Bridge Hello Time +1). The default
value is 20.
Bridge Hello Time (secs)
Specifies the switch Hello time, which indicates the amount of time in seconds
a root bridge waits between configuration messages. The valid range is 1-10,
and the default value is 2. The value must be less than or equal to (Bridge Max
Age / 2) – 1. The default hello time value is 2.
Bridge Forward Delay (secs) Specifies the switch forward delay time, which indicates the amount of time
in seconds a bridge remains in a listening and learning state before forwarding
packets. The value must be greater or equal to (Bridge Max Age / 2) + 1. The
time range is from 4 seconds to 30 seconds. The default value is 15.
Spanning Tree Maximum
Specifies the maximum number of bridge hops the information for a particular
Hops
CST instance can travel before being discarded.
BPDU Guard
Enable or disable the BPDU Guard.The switches behind the edge ports that
have BPDU guard enabled will not be able to influence the overall topology.
Using the BPDU Guard feature can help enforce the domain borders and keep
the active topology be consistent and predictable.
BPUD Filter
Enable or disable the BPDU Filter. When BPDU filtering is enabled, the port
drops the BPDUs received.
Spanning Tree Tx Hold Count Configure the maximum number of BPDUs the bridge is allowed to send
within the hello time window.The default value is 6.
Bridge Identifier
The bridge identifier for the CST. It is made up using the bridge priority and the
base MAC address of the bridge.
Time Since Topology Change Displays the total amount of time since the last topographic change. The time
is displayed in hour/minute/second format, for example, 5 hours 10 minutes
and 4 seconds.
Topology Changes Counts
Displays the total amount of state changes that have occurred.
Topology Change
Indicates whether a topology change is in progress on any port assigned to the
CST. The possible values are True or False.
Designated Root
Displays the bridge identifier of the root bridge, which is made up from the
bridge priority and the base MAC address of the bridge.
Root Path Cost
Displays the cost of the path from this bridge to the designated root.
Root Port
Indicates the root port of the selected instance.
Max Age
Shows the path Cost to the Designated Root for the CST.
Forward Delay
Shows the derived value of the Root Port Bridge Forward Delay parameter.
Hold Time
Indicates the minimum time between transmission of Configuration BPDUs.
CST Regional Root
Shows the priority and base MAC address of the CST Regional Root.
CST Path Cost
Shows the path Cost to the CST tree Regional Root.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 246
D-Link UWS User Manual
Configuring Spanning Tree Protocol
MST Configuration/Status
Use the Spanning Tree MST Configuration/Status page to configure Multiple Spanning Tree (MST) on the
switch.
To display the Spanning Tree MST Configuration/Status page, click LAN > L2 FeaturesSpanning TreeMST
Configuration/Status Identification in the navigation tree.
If no MST instances exist, or if you select Create from the MST field, the MST Configuration/Status page looks
like the screen in Figure 150.
Figure 150: Spanning Tree MST Configuration/Status
Figure 151 shows an example of the page with an MST instance configured.
Figure 151: Spanning Tree MST Configuration/Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 247
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 134: Spanning Tree MST Configuration/Status
Field
Description
MST
Use the drop-down menu to create and configure a new MST or select an existing MST to
display or configure.
MST ID
This is only visible when Create is selected from the MST field drop-down menu. The ID of
the MST being created. Valid values for this are between 1 and 4094.
Priority
Specifies the bridge priority value for the MST. When switches or bridges are running , each
is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value
becomes the root bridge. The bridge priority is a multiple of 4096. If you specify a priority
that is not a multiple of 4096, the priority is automatically set to the next lowest priority
that is a multiple of 4096. For example if the priority is attempted to be set to any value
between 0 and 4095, it will be set to 0. The default priority is 32768.The valid range is 061440.
VLAN ID
This gives a list box of all VLANs on the switch. The VLANs associated with the MST instance
which is selected are highlighted on the list. These can be selected or unselected for
reconfiguring the association of VLANs to MST instances.
Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority
and the base MAC address of the bridge.
Time Since
Displays the total amount of time since the last topographic change. The time is displayed
Topology Change in hour/minute/second format, for example, 5 hours 10 minutes and 4 seconds.
Topology
Displays the total number of MST state changes that have occurred.
Changes Counts
Topology Change Indicates whether a topology change is in progress on any port assigned to the CST. The
possible values are True or False.
Designated Root Displays the bridge identifier of the root bridge, which is made up from the bridge priority
and the base MAC address of the bridge.
Root Path Cost
Displays the path cost to the Designated Root for this MST instance.
Root Port
Indicates the port to access the Designated Root for this MST instance.
• If you make any configuration changes, click Submit to apply the new settings to the switch.
• Click Force to force the port to send out 802.1w or 802.1D BPDUs.
• Click Refresh to update the screen with most recent data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 248
D-Link UWS User Manual
Configuring Spanning Tree Protocol
CST Port Configuration/Status
Use the Spanning Tree CST Port Configuration/Status page to configure Common Spanning Tree (CST) and
Internal Spanning Tree on a specific port on the switch.
To display the Spanning Tree CST Port Configuration/Status page, click LAN > L2 FeaturesSpanning Tree
CST Port Configuration/Status in the navigation tree.
Figure 152: Spanning Tree CST Port Configuration/Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 249
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 135: Spanning Tree CST Port Configuration/Status Fields
Field
Description
Interface
Select a physical or port channel interface to configure. The port is associated
with the VLAN(s) associated with the CST.
Port Priority
The priority for a particular port within the CST. The port priority is set in
multiples of 16. If you specify a value that is not a multiple of 16, the priority
is set to the priority is automatically set to the next lowest priority that is a
multiple of 16. For example, if you set a value between 0 and 15, the priority
is set to 0. If you specify a number between 16 and 31, the priority is set to 16.
Admin Edge Port
Determines whether the specified port is an Edge Port within the CIST. It takes
a value of TRUE or FALSE, where the default value is FALSE.
Port Path Cost
Set the Path Cost to a new value for the specified port in the common and
internal spanning tree. It takes a value in the range of 1 to 200000000.
Auto-calculate Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not
(Disabled). Path cost is calculated based on the link speed of the port if the
configured value for Port Path Cost is zero.
Hello Timer
Specifies the switch Hello time, which indicates the amount of time in seconds
a port waits between configuration messages. The valid range is 1-10, and the
default value is 2. The value must be less than or equal to (Bridge Max Age /
2) – 1. The default hello time value is 2.
External Port Path Cost
Set the External Path Cost to a new value for the specified port in the spanning
tree. It takes a value in the range of 1 to 200000000.
Auto-calculate External Port Displays whether the external path cost is automatically calculated (Enabled)
Path Cost
or not (Disabled). External Path cost will be calculated based on the link speed
of the port if the configured value for External Port Path Cost is zero.
BPDU Filter
Enable or disable the BPDU Filter, which filters the BPDU traffic on this port
when is enabled on this port.
BPDU Flood
Enable or disable the BPDU Flood, which floods the BPDU traffic arriving on
this port when is disabled on this port.
BPDU Guard Effect
If BPDU Guard is enabled for the switch and the edge port receives a BPDU,
the port will be disabled and the status of this field is Enabled.
Port ID
The port identifier for the specified port within the CST. It is made up from the
port priority and the interface number of the port.
Port Up Time Since Counters Time since the counters were last cleared, displayed in Days, Hours, Minutes,
Last Cleared
and Seconds.
Port Mode
Spanning Tree Protocol Administrative Mode associated with the port or port
channel. The possible values are Enable or Disable.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 250
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 135: Spanning Tree CST Port Configuration/Status Fields (Cont.)
Field
Description
Port Forwarding State
Indicates the current state of a port. If enabled, the port state determines
what forwarding action is taken on traffic. Possible port states are:
• Disabled: is currently disabled on the port. The port forwards traffic while
learning MAC addresses.
• Blocking: The port is currently blocked and cannot be used to forward
traffic or learn MAC addresses.
• Listening: The port is currently in the listening mode. The port cannot
forward traffic nor can it learn MAC addresses.
• Learning: The port is currently in the learning mode. The port cannot
forward traffic, however, it can learn new MAC addresses.
• Forwarding: The port is currently in the forwarding mode. The port can
forward traffic and learn new MAC addresses.
Each MST Bridge Port that is enabled is assigned a Port Role for each spanning
tree. The port role will be one of the following values: Root Port, Designated
Port, Alternate Port, Backup Port, Master Port or Disabled Port.
Root Bridge for the CST. It is made up using the bridge priority and the base
MAC address of the bridge.
Displays cost of the port participating in the topology. Ports with a lower cost
are less likely to be blocked if detects loops.
Bridge Identifier of the bridge with the Designated Port. It is made up using the
bridge priority and the base MAC address of the bridge.
Port Identifier on the Designated Bridge that offers the lowest cost to the LAN.
It is made up from the port priority and the interface number of the port.
Identifies whether the next BPDU to be transmitted for this port would have
the topology change acknowledgement flag set. It is either "True" or "False".
Configuring the auto edge mode of a port allows the port to become an edge
port if it does not see BPDUs for some duration. The possible values are Enable
or Disable.
Indicates whether the port is enabled as an edge port.
Derived value of the point-to-point status.
Configuring the root guard mode sets a port to discard any superior
information received by the port and thus protect against root of the device
from changing. The port gets put into discarding state and does not forward
any packets.The possible values are Enable or Disable.
Configuring the loop guard mode prevents a port from erroneously
transitioning from blocking state to forwarding when the port stops receiving
BPDUs. The port is marked as being in loop-inconsistent state. In this state, the
port does not forward packets. The possible values are Enable or Disable.
Configuring the TCN guard for a port restricts the port from propagating any
topology change information received through that port.The possible values
are Enable or Disable.
Shows the priority and base MAC address of the CST Regional Root.
Shows the path Cost to the CST tree Regional Root.
Identifies whether the port is currently in a loop inconsistent state. If the port
is in a loop inconsistent state, it does not forward packets.
Port Role
Designated Root
Designated Cost
Designated Bridge
Designated Port
Topology Change
Acknowledge
Auto Edge
Edge Port
Point-to-point MAC
Root Guard
Loop Guard
TCN Guard
CST Regional Root
CST Path Cost
Loop Inconsistent State
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 251
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 135: Spanning Tree CST Port Configuration/Status Fields (Cont.)
Field
Description
Transitions Into Loop
Inconsistent State
Transitions Out Of Loop
Inconsistent State
Shows the number of times this interface has moved into a loop inconsistent
state.
Shows the number of times this interface has gotten out of a loop inconsistent
state.
• If you make any configuration changes, click Submit to apply the new settings to the switch.
• Click Force to force the port to send out 802.1w or 802.1D BPDUs.
• Click Refresh to update the screen with most recent data.
MST Port Configuration/Status
Use the Spanning Tree MST Port Configuration/Status page to configure Multiple Spanning Tree (MST) on a
specific port on the switch.
To display the Spanning Tree MST Port Configuration/Status page, click LAN > L2 Features > Spanning Tree >
MST Port Configuration /Status in the navigation tree.
Note: If no MST instances have been configured on the switch, the page displays a “No MSTs
Available” message and does not display the fields shown in Figure 153.
Figure 153: Spanning Tree MST Port Configuration/Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 252
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 136: Spanning Tree MST Port Configuration/Status Fields
Field
Description
MST ID
Select an existing MST instance from drop-down list to display or configure its
values.
Interface
Select a physical or port channel interface to configure. The port is associated
with the VLAN(s) associated with the MST.
Port Priority
The priority for a particular port within the MST. The port priority is set in
multiples of 16. If you specify a value that is not a multiple of 16, the priority
is set to the priority is automatically set to the next lowest priority that is a
multiple of 16. For example, if you set a value between 0 and 15, the priority
is set to 0. If you specify a number between 16 and 31, the priority is set to 16.
Port Path Cost
Set the Path Cost to a new value for the specified port in the selected MST
instance. It takes a value in the range of 1 to 200000000.
Auto-calculate Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not
(Disabled). Path cost is calculated based on the link speed of the port if the
configured value for Port Path Cost is zero.
Port ID
The port identifier for the specified port within the CST. It is made up from the
port priority and the interface number of the port.
Port Up Time Since Counters Time since the counters were last cleared, displayed in Days, Hours, Minutes,
Last Cleared
and Seconds.
Port Mode
Shows whether is enabled on the port. To enable on a port, use the
System > Port > Configuration page.
Port Forwarding State
Indicates the current state of a port. If enabled, the port state determines
what forwarding action is taken on traffic. Possible port states are:
• Disabled: is currently disabled on the port. The port forwards traffic while
learning MAC addresses.
• Blocking: The port is currently blocked and cannot be used to forward
traffic or learn MAC addresses.
• Listening: The port is currently in the listening mode. The port cannot
forward traffic nor can it learn MAC addresses.
• Learning: The port is currently in the learning mode. The port cannot
forward traffic, however, it can learn new MAC addresses.
• Forwarding: The port is currently in the forwarding mode. The port can
forward traffic and learn new MAC addresses
Port Role
Each MST Bridge Port that is enabled is assigned a Port Role for each spanning
tree. The port role will be one of the following values: Root Port, Designated
Port, Alternate Port, Backup Port, Master Port or Disabled Port.
Designated Root
Root Bridge for the selected MST instance. It is made up using the bridge
priority and the base MAC address of the bridge.
Designated Cost
Displays cost of the port participating in the topology. Ports with a lower cost
are less likely to be blocked if detects loops.
Designated Bridge
Bridge Identifier of the bridge with the Designated Port. It is made up using the
bridge priority and the base MAC address of the bridge.
Designated Port
Port Identifier on the Designated Bridge that offers the lowest cost to the LAN.
It is made up from the port priority and the interface number of the port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 253
D-Link UWS User Manual
Configuring Spanning Tree Protocol
Table 136: Spanning Tree MST Port Configuration/Status Fields (Cont.)
Field
Description
Loop Inconsistent State
This parameter identifies whether the port is in a loop inconsistent state in the
specified MST instance. If the port is in a loop inconsistent state, it does not
forward packets.
Shows the number of times this interface has gone into a loop inconsistent
state.
Shows the number of times this interface has gotten out of a loop inconsistent
state.
Transitions Into Loop
Inconsistent State
Transitions Out Of Loop
Inconsistent State
• If you make any configuration changes, click Submit to apply the new settings to the switch.
• Click Refresh to update the screen with most recent data.
Statistics
Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data
units (BPDUs) transmitted and received on each port.
To display the Spanning Tree Statistics page, click LAN > Monitoring > Spanning Tree > Statistics > Statistics in
the navigation tree.
Figure 154: Spanning Tree Statistics
Table 137: Spanning Tree Statistics Fields
Field
Description
Interface
BPDUs Received
BPDUs Transmitted
R BPDUs Received
Select a physical or port channel interface to view its statistics.
Number of BPDUs received at the selected port.
Number of BPDUs transmitted from the selected port.
Number of R BPDUs received at the selected port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 254
D-Link UWS User Manual
Configuring DHCP Snooping
Table 137: Spanning Tree Statistics Fields (Cont.)
Field
Description
R BPDUs Transmitted
M BPDUs Received
M BPDUs Transmitted
Number of R BPDUs transmitted from the selected port.
Number of M BPDUs received at the selected port.
Number of M BPDUs transmitted from the selected port.
• Click Refresh to update the screen with most recent data.
Configuring DHCP Snooping
DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers
to filter harmful DHCP messages and to build a bindings database of {MAC address, IP address, VLAN ID, port}
tuples that are considered authorized. You can enable DHCP snooping globally and on specific VLANs, and
configure ports within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted
ports. DHCP snooping enforces the following security rules:
• DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK, DHCPRELEASEQUERY) are dropped
if received on an untrusted port.
• DHCPRELEASE and DHCPDECLINE messages are dropped if destined for a MAC address in the snooping
database, but the corresponding IP address in the snooping database is different than the interface where
the message was received.
• On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match the
client hardware address. This feature is a configurable option.
The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP snooping
is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of a VLAN where
DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP packets to the CPU. On
trusted ports, the hardware forwards client messages and copies server messages to the CPU so that DHCP
snooping can learn the binding.
Global DHCP Snooping Configuration
To access the DHCP Snooping Configuration page, click LAN > L2 Features > DHCP Snooping > Configuration
in the navigation tree.
Figure 155: DHCP Snooping Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 255
D-Link UWS User Manual
Configuring DHCP Snooping
Table 138: DHCP Snooping Configuration
Field
Description
DHCP Snooping Mode
MAC Address Validation
Enables or disables the DHCP Snooping feature. The default is Disable.
Enables or disables the validation of sender MAC Address for DHCP Snooping.
The default is Enable.
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
DHCP Snooping VLAN Configuration
The DHCP snooping application does not forward server messages because they are forwarded in hardware.
DHCP snooping forwards valid DHCP client messages received on non-routing VLANs. The message is
forwarded on all trusted interfaces in the VLAN.
DHCP snooping can be configured on switching VLANs and routing VLANs. When a DHCP packet is received on
a routing VLAN, the DHCP snooping application applies its filtering rules and updates the bindings database. If
a client message passes filtering rules, the message is placed into the software forwarding path, where it may
be processed by the DHCP relay agent, the local DHCP server, or forwarded as an IP packet.
DHCP snooping is disabled globally and on all VLANs by default. Ports are untrusted by default.
To access the DHCP Snooping VLAN Configuration page, click LAN > L2 Features> DHCP Snooping > VLAN
Configuration in the navigation tree.
Figure 156: DHCP Snooping VLAN Configuration
Table 139: DHCP Snooping VLAN Configuration
Field
Description
VLAN ID
Select the VLAN for which information to be displayed or configured for the
DHCP snooping application.
Enables or disables the DHCP snooping feature on the selected VLAN. The
default is Disable.
DHCP Snooping Mode
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 256
D-Link UWS User Manual
Configuring DHCP Snooping
DHCP Snooping Interface Configuration
The hardware rate limits DHCP packets sent to the CPU from untrusted interfaces to 15 packets per second.
There is no hardware rate limiting on trusted interfaces.
To prevent DHCP packets from being used as a DoS attack when DHCP snooping is enabled, the snooping
application enforces a rate limit for DHCP packets received on untrusted interfaces. DHCP snooping monitors
the receive rate on each interface separately. If the receive rate exceeds the configuration limit, DHCP
snooping brings down the interface. You must do “no shutdown” on this interface to further work with that
port. You can configure both the rate and the burst interval.
The DHCP snooping application processes incoming DHCP messages. For DHCPRELEASE and DHCPDECLINE
messages, the application compares the receive interface and VLAN with the client’s interface and VLAN in the
binding database. If the interfaces do not match, the application logs the event and drops the message. For
valid client messages, DHCP snooping compares the source MAC address to the DHCP client hardware address.
Where there is a mismatch, DHCP snooping logs and drops the packet. You can disable this feature using the
DHCP Snooping Interface Configuration page, shown in Figure 157 below, or by using the no ip dhcp snooping
verify mac-address command. DHCP snooping forwards valid client messages on trusted members within the
VLAN. If DHCP relay and/or DHCP server co-exist with the DHCP snooping, the DHCP client message will be sent
to the DHCP relay and/or DHCP server to process further.
To access the DHCP Snooping Interface Configuration page, click LAN > L2 Features > DHCP Snooping >
Interface Configuration in the navigation tree.
Figure 157: DHCP Snooping Interface Configuration
Table 140: DHCP Snooping Interface Configuration
Field
Description
Interface
Trust State
Select the interface for which data is to be displayed or configured.
If it is enabled, the DHCP snooping application considers the port as trusted.
The default is Disable.
If it is enabled, the DHCP snooping application logs invalid packets on this
interface. The default is Disable.
Logging Invalid Packets
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 257
D-Link UWS User Manual
Managing LLDP
Table 140: DHCP Snooping Interface Configuration
Field
Description
Rate Limit
Specifies the rate limit value for DHCP snooping purposes. If the incoming rate
of DHCP packets exceeds the value of this object for consecutively burst
interval seconds, the port will be shutdown. If this value is None, there is no
limit. The default is 15 packets per second (pps). The Rate Limit range is 0 to
300.
Specifies the burst interval value for rate limiting purposes on this interface. If
the rate limit is None, the burst interval has no meaning and displays it as “N/
A”. The default is 1 second. The Burst Interval range is 1 to 15.
Burst Interval
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
Managing LLDP
The IEEE 802.1AB defined standard, Link Layer Discovery Protocol (LLDP), allows stations residing on an 802
LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager
to identify system topology and detect bad configurations on the LAN.
LLDP is a one-way protocol; there are no request/response sequences. Information is advertised by stations
implementing the transmit function, and is received and processed by stations implementing the receive
function. The transmit and receive functions can be enabled/disabled separately per port. By default, both
transmit and receive are disabled on all ports. The application is responsible for starting each transmit and
receive state machine appropriately, based on the configured status and operational state of the port.
D-Link DWS-4000 Series allows LLDP to have multiple LLDP neighbors per interface. The number of such
neighbors is limited by the memory constraints. A product-specific constant defines the maximum number of
neighbors supported by the switch. There is no restriction on the number of neighbors supported on a per
LLDP port. If all the remote entries on the switch are filled up, then the new neighbors are ignored. In case of
multiple VOIP devices on a single interface, the 802.1ab component sends the Voice VLAN configuration to all
the VoIP devices.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 258
D-Link UWS User Manual
Managing LLDP
Global Configuration
Use the LLDP Global Configuration page to specify LLDP parameters that are applied to the switch.
To display the LLDP Global Configuration page, click LAN > L2 Features > LLDP > Global Configuration in the
navigation tree.
Figure 158: LLDP Global Configuration
Table 141: LLDP Global Configuration Fields
Field
Description
Transmit Interval
Specifies the interval at which LLDP frames are transmitted. The default is 30
seconds, and the valid range is 5-32768 seconds.
Specifies multiplier on the transmit interval to assign to TTL. The default is 4,
and the range is 2-10.
Specifies the delay before a re-initialization. The default is 2 seconds, and the
range is 1-10 seconds.
Limits the transmission of notifications. The default is 5 seconds, and the
range is 5-3600 seconds.
Transmit Hold Multiplier
Re-Initialization Delay
Notification Interval
• If you make any changes to the page, click Submit to apply the new settings to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 259
D-Link UWS User Manual
Managing LLDP
Interface Configuration
Use the LLDP Interface Configuration page to specify LLDP parameters that are applied to a specific interface.
To display the LLDP Interface Configuration page, click LAN > L2 FeaturesLLDPInterface Configuration in
the navigation tree.
Figure 159: LLDP Interface Configuration
Table 142: LLDP Interface Configuration Fields
Field
Description
Interface
Transmit
Specifies the port to be affected by these parameters.
Enables or disables the transmission of LLDP protocol data units (PDUs). The
default is disabled.
Enables or disables the ability of the port to receive LLDP PDUs. The default is
disabled.
When notifications are enabled, LLDP interacts with the Trap Manager to
notify subscribers of remote data change statistics. The default is disabled.
Select the check box to enable the transmission of management address
instance. Clear the check box to disable management information
transmission. The default is disabled.
Select each check box next to the type-length value (TLV) information to
transmit. Choices include:
• System Name. To include system name TLV in LLDP frames. To configure
the System Name, see “System Description” on page 63.
• System Description. To include system description TLV in LLDP frames.
• System Capabilities. To include system capability TLV in LLDP frames.
• Port Description. To include port description TLV in LLDP frames. To
configure the Port Description, see “Port Description” on page 113
Receive
Notify
Transmit Management
Information
Optional TLV(s)
• If you make any changes to the page, click Submit to apply the new settings to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 260
D-Link UWS User Manual
Managing LLDP
Interface Summary
Use the LLDP Interface Summary page to view the LLDP parameters configured on each physical port on the
system.
To display the LLDP Interface Summary page, click LAN > Monitoring > LLDP StatusInterface Summaryin
the navigation tree.
Figure 160: LLDP Interface Summary
Table 143: LLDP Interface Summary Fields
Field
Description
Interface
Link Status
Transmit
Receive
Notify
Optional TLV(s)
Displays all the ports on which LLDP-802.1AB can be configured.
Displays whether the link status of the ports is up or down.
Displays the LLDP-802.1AB transmit mode of the interface.
Displays the LLDP-802.1AB receive mode of the interface.
Displays the LLDP-802.1AB notification mode of the interface.
Shows the LLDP-802.1AB optional type-length values (TLV) that are included.
If no TVLs are sent, the entry is blank. The field can contain one or more of the
following TVLs.
• System Name
• System Capabilities
• System Description
• Port Description.
Shows whether the management address is transmitted in the LLDP frames.
Transmit Management
Information
• To update the page with the latest data, click Refresh.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 261
D-Link UWS User Manual
Managing LLDP
Statistics
Use the LLDP Statistics page to view the global and interface LLDP statistics.
To display the LLDP Statistics page, click LAN > Monitoring > LLDP StatusStatistics in the navigation tree.
Figure 161: LLDP Statistics
Table 144: LLDP Statistics Fields
Field
Description
System-wide Statistics
Last Update
Total Inserts
Total Deletes
Total Drops
Total Ageouts
Displays the time when an entry was created, modified, or deleted in the tables
associated with the remote systems.
Displays the number of times a complete set of information advertised by a particular
MAC Service Access Point (MSAP) has been inserted into the tables associated with the
remote systems.
Displays the number of times a complete set of information advertised by a particular
MAC Service Access Point (MSAP) has been deleted from the tables associated with the
remote systems.
Displays the number of times a complete set of information advertised by a particular
MAC Service Access Point (MSAP) could not be entered into tables associated with the
remote systems because of insufficient resources.
Displays the number of times a complete set of information advertised by a particular
MAC Service Access Point (MSAP) has been deleted from tables associated with the
remote systems because the information timelines interval has expired.
Port Statistics
Interface
Transmit Total
Receive Total
Discards
D-Link
Oct. 2015
Displays the slot/port for the interfaces.
Displays the total number of LLDP frames transmitted by the LLDP agent on the
corresponding port.
Displays the total number of valid LLDP frames received by the LLDP agent on the
corresponding port, while the LLDP agent is enabled.
Displays the number of LLDP TLVs discarded for any reason by the LLDP agent on the
corresponding port.
Unified Wired and Wireless Access System
Page 262
D-Link UWS User Manual
Managing LLDP
Table 144: LLDP Statistics Fields (Cont.)
Field
Description
Errors
Displays the number of invalid LLDP frames received by the LLDP agent on the
corresponding port, while the LLDP agent is enabled.
Displays the number of age-outs that occurred on a given port. An age-out is the number
of times the complete set of information advertised by a particular MAC Service Access
Point (MSAP) has been deleted from tables associated with remote entries because the
information timeliness interval had expired.
Displays the number of LLDP TLVs (Type, Length, Value sets) discarded for any reason by
the LLDP agent on the corresponding port.
Displays the number of LLDP TLVs received on the local ports which were not recognized
by the LLDP agent on the corresponding port.
Displays the total number of LLDP-MED TLVs received on the local ports.
Displays the total number of LLDP TLVs received on the local ports which are of type
802.1.
Displays the total number of LLDP TLVs received on the local ports which are of type
802.3.
Ageouts
TLV Discards
TLV Unknowns
TLV MED
TLV 802.1
TLV 802.3
• Click Refresh to update the page with the most current information.
• Click Clear to clear the LLDP statistics of all the interfaces.
Local Device Information
Use the LLDP Local Device Information page to view the data that each port advertises through LLDP.
To display the LLDP Local Device Information page, click LAN > Monitoring > LLDP Status > Local Device
Information in the navigation tree.
Figure 162: LLDP Local Device Information
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 263
D-Link UWS User Manual
Managing LLDP
Table 145: LLDP Local Device Information Fields
Field
Description
Interface
Select from the list of all the ports on which LLDP-802.1AB frames can be
transmitted.
Displays the string that describes the source of the chassis identifier.
Displays the string value used to identify the chassis component associated
with the local system.
Displays the string describing the source of the port identifier.
Identifies the physical address of the port.
Displays the system name of the local system.
Displays the description of the selected port associated with the local system.
Displays the user-defined description of the port.
Displays the system capabilities of the local system.
Chassis ID Subtype
Chassis ID
Port ID Subtype
Port ID
System Name
System Description
Port Description
System Capabilities
Supported
System Capabilities Enabled
Management Address
Management Address Type
Displays the system capabilities of the local system which are supported and
enabled.
Displays the advertised management address of the local system.
Specifies the type of the management address.
• Click Refresh to update the information on the screen with the most current data.
Local Device Summary
Use the LLDP Local Device Summary page to view information about all interfaces on the device that are
enabled to transmit LLDP information.
To display the LLDP Local Device Summary page, click LAN > Monitoring > LLDP Status Local Device
Summary in the navigation tree.
Figure 163: LLDP Local Device Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 264
D-Link UWS User Manual
Managing LLDP
Table 146: LLDP Local Device Summary Columns
Field
Description
Interface
Port ID
Port Description
Displays the slot/port on which LLDP-802.1AB frames can be transmitted.
Displays the string describing the source of the port identifier.
Displays the description of the port associated with the local system.
• Click Refresh to update the information on the screen with the most current data.
Remote Device Information
Use the LLDP Remote Device Information page to view the data that a specified interface has received from
other LLDP-enabled systems.
To display the LLDP Remote Device Information page, click LAN > Monitoring > LLDP Status Remote Device
Information in the navigation tree.
Figure 164: LLDP Remote Device Information
Table 147: LLDP Remote Device Information Fields
Field
Description
Local Interface
Select the slot/port on the local system to display the LLDP information it has
received.
Note: If no LLDP data has been received on the select interface, then a
message stating so displays. If the selected interface has received LLDP
information from a remote device, the following fields display:
Displays the remote client identifier assigned to the remote system.
Identifies the type of data displayed in the Chassis ID field on the remote
system.
Identifies the chassis component associated with the remote system.
Identifies the type of data displayed in the remote system’s Port ID field.
Identifies the physical address of the port on the remote system from which
the data was sent.
Identifies the system name of the remote system.
Displays the description of the selected port associated with the remote
system.
Remote ID
Chassis ID Subtype
Chassis ID
Port ID Subtype
Port ID
System Name
System Description
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 265
D-Link UWS User Manual
Managing LLDP
Table 147: LLDP Remote Device Information Fields (Cont.)
Field
Description
Port Description
System Capabilities
Supported
System Capabilities Enabled
Displays the user-defined description of the port.
Displays the system capabilities of the remote system.
Time to Live
Management Address
Management Address Type
Displays the system capabilities of the remote system which are supported
and enabled.
Displays the Time to Live value in seconds of the received remote entry.
Displays the advertised management address of the remote system.
Displays the type of the management address.
• Click Refresh to update the information on the screen with the most current data.
Remote Device Summary
Use the LLDP Remote Device Summary page to view information about all interfaces on the device that are
enabled to transmit LLDP information.
To display the LLDP Remote Device Summary page, click LAN > Monitoring > LLDP Status Remote Device
Summary in the navigation tree.
Figure 165: LLDP Remote Device Summary
Table 148: LLDP Remote Device Summary Columns
Field
Description
Interface
Shows the slot/port on the local system that can receive LLDP frames
advertised by a remote system.
Shows the remote client identifier assigned to the remote system.
Identifies the chassis component associated with the remote system.
Identifies the physical address of the port on the remote device that sent the
LLDP data.
Shows the system name of the remote device. If the system name is not
configured, the field is blank.
Remote ID
Chassis ID
Port ID
System Name
• Click Refresh to update the information on the screen with the most current data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 266
D-Link UWS User Manual
Managing LLDP
LLDP-MED
The Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) is an enhancement to LLDP that
features:
• Auto-discovery of LAN policies (such as VLAN, Layer 2 Priority and DiffServ settings), enabling plug and
play networking.
• Device location discovery for creation of location databases.
• Extended and automated power management of Power over Ethernet endpoints.
• Inventory management, enabling network administrators to track their network devices and determine
their characteristics (manufacturer, software and hardware versions, serial/asset number).
LLDP-MED Global Configuration
Use this page to set global parameters for LLDP-MED operation. To display this page, click LAN > L2 Features
> LLDP > LLDP-MED > Global Configuration in the navigation tree.
Figure 166: LLDP Global Configuration
Table 149: LLDP Global Configuration Fields
Field
Description
Fast Start Repeat Count Specifies the number of LLDP PDUs that will be transmitted when the protocol is
enabled. The range is from (1 to 10). The default value s 3.
Device Class
Specifies local device's MED Classification. The following three represent the actual
endpoints:
• Class I Generic [IP Communication Controller etc.]
• Class II Media [Conference Bridge etc.]
• Class III Communication [IP Telephone etc.])
The fourth device is Network Connectivity Device, which is typically a LAN switch/
router, IEEE 802.1 bridge, IEEE 802.11 wireless access point, etc.
• Click Submit to updated the switch. The changes take effect but will not be retained across a power cycle
unless a save is performed.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 267
D-Link UWS User Manual
Managing LLDP
LLDP-MED Interface Configuration
Use this page to enable LLDP-MED mode on an interface and configure its properties. To display this page, click
LAN > L2 Features > LLDP > LLDP-MED > Interface Configuration in the navigation tree.
Figure 167: LLDP-MED Interface Configure
Table 150: LLDP-MED Interface Configuration Fields
Field
Description
Interface
Selects the port that you want to configure LLDP-MED - 802.1AB on. You can select
All to configure all interfaces on the DUT with the same properties. To view the
summary of all interfaces, refer to the “LLDP-MED Interface Summary” on
page 269. The Interface Configuration page will not be able to display the summary
of ‘All’ interfaces. The summary of individual interfaces is visible from the Interface
Configuration page. The Interface Configuration page for the ‘All’ option will always
display the LLDP-MED mode and notification mode as ‘disabled’ and check boxes
for ‘Transmit TLVs’ will always be unchecked.
Enables or disables LLDP-MED mode for the selected interface. By enabling MED,
you will be effectively enabling the transmit and receive function of LLDP.
Enables or disables LLDP-MED topology change notification mode for the selected
interface.
Specifies which optional type length values (TLVs) in the LLDP-MED will be
transmitted in the LLDP PDUs frames for the selected interface:
• MED Capabilities: Transmits the capabilities TLV in LLDP frames.
• Network Policy: Transmits the network policy TLV in LLDP frames.
• Extended Power via MDI - PSE: Transmits the extended PSE TLV in LLDP frames.
• Extended Power via MDI - PD: To transmit the extended PD TLV in LLDP frames.
• Location Identification: To transmit the location TLV in LLDP frames.
• Inventory: To transmit the inventory TLV in LLDP frames.
LLDP-MED Mode
Config Notification
Mode
Transmit TLVs
• Click Submit to send the updated configuration to the switch. These changes take effect immediately but
will not be retained across a power cycle unless a save is performed.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 268
D-Link UWS User Manual
Managing LLDP
LLDP-MED Interface Summary
This page lists each switch interface and its LLDP configuration status. To display this page, click LAN >
Monitoring > LLDP Status LLDP-MED > Interface Summary in the navigation tree.
Figure 168: LLDP-MED Interface Summary
Table 151: LLDP-MED Interface Summary Fields
Field
Description
Interface
Link Status
MED Status
Specifies all the ports on which LLDP-MED can be configured.
Specifies the link status of the ports as Up/Down.
Specifies the transmit and/or receive LLDP-MED mode is enabled or disabled
on this interface.
Specifies whether the interface will transmit TLVs.
Specifies the LLDP-MED topology notification mode of the interface.
Specifies the LLDP-MED transmit TLV(s) that are included.
Operational Status
Notification Status
Transmit TLVs
• Click Refresh to update the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 269
D-Link UWS User Manual
Managing LLDP
LLDP Local Device Information
This page displays information on LLDP-MED information advertised on the selected local interface. To display
this page, click LAN > Monitoring > LLDP Status LLDP-MED > Local Device Information in the navigation tree.
Figure 169: LLDP-MED Local Device Information
Table 152: LLDP-MED Local Device Information Fields
Field
Description
Interface
Select from the list of all the ports on which LLDP-MED frames can be
transmitted.
Specifies if network policy TLV is present in the LLDP frames:
• Media Application Type: Specifies the application type. Types of
application types are unknown, voicesignaling, guestvoice,
guestvoicesignalling, softphonevoice, videoconferencing,
streammingvideo, vidoesignalling. Each application type that is received
has the VLAN ID, priority, DSCP, tagged bit status and unknown bit status.
A port may receive one or many such application types. If a network policy
TLV has been transmitted only then would this information be displayed.
• Vlan Id: Specifies the VLAN id associated with a particular policy type.
• Priority: Specifies the priority associated with a particular policy type.
• DSCP: Specifies the DSCP associated with a particular policy type.
• Unknown Bit Status: Specifies the unknown bit associated with a
particular policy type.
• Tagged Bit Status: Specifies the tagged bit associated with a particular
policy type.
Network Policy Information
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 270
D-Link UWS User Manual
Managing LLDP
Table 152: LLDP-MED Local Device Information Fields (Cont.)
Field
Description
Inventory
Specifies the inventory TLV present in LLDP frames:
• Hardware Revisions. Specifies hardware version.
• Firmware Revisions. Specifies firmware version.
• Software Revisions. Specifies software version.
• Serial Number. Specifies serial number.
• Manufacturer Name. Specifies manufacturer’s name.
• Model Name. Specifies model name.
• Asset ID. Specifies asset ID.
Specifies if location TLV is present in LLDP frames:
• Sub Type: Specifies type of location information.
• Location Information: Specifies the location information as a string for
given type of location ID.
Location Information
• Click Refresh to update the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 271
D-Link UWS User Manual
Managing LLDP
LLDP-MED Remote Device Information
This page displays information on LLDP-MED information received from remote clients on the selected local
interface. To display this page, click LAN > Monitoring > LLDP Status > LLDP-MED > Remote Device
Information in the navigation tree.
Figure 170: LLDP Remote Device Information
Table 153: LLDP-MED Remote Device Information Fields
Field
Description
Local Interface
Remote ID
Capability Information
Specifies the list of all the ports on which LLDP-MED is enabled.
Specifies the remote client identifier assigned to the remote system.
Specifies the supported and enabled capabilities that were received in MED
TLV on this port:
• Supported Capabilities: Specifies supported capabilities that were
received in MED TLV on this port.
• Enabled Capabilities: Specifies enabled capabilities that were received in
MED TLV on this port.
• Device Class: Specifies device class as advertised by the device remotely
connected to the port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 272
D-Link UWS User Manual
Managing LLDP
Table 153: LLDP-MED Remote Device Information Fields (Cont.)
Field
Description
Network Policy Information
Specifies if network policy TLV is received in the LLDP frames on this port:
• Media Application Type: Specifies the application type. Types of
application types are unknown, voicesignaling, guestvoice,
guestvoicesignalling, softphonevoice, videoconferencing,
streammingvideo, vidoesignalling. Each application type that is received
has the VLAN ID, priority, DSCP, tagged bit status and unknown bit status.
A port may receive one or many such application types. If a network policy
TLV has been received on this port, only then would this information be
displayed.
• Vlan ID: Specifies the VLAN ID associated with a particular policy type.
• Priority: Specifies the priority associated with a particular policy type.
• DSCP: Specifies the DSCP associated with a particular policy type.
• Unknown Bit Status: Specifies the unknown bit associated with a
particular policy type.
• Tagged Bit Status: Specifies the tagged bit associated with a particular
policy type.
Specifies the inventory TLV is received in LLDP frames on this port:
• Hardware Revisions. Specifies hardware version of the remote device.
• Firmware Revisions. Specifies firmware version of the remote device.
• Software Revisions. Specifies software version of the remote device.
• Serial Number. Specifies serial number of the remote device.
• Manufacturer Name. Specifies manufacturer’s name of the remote device.
• Model Name. Specifies model name of the remote device.
• Asset ID. Specifies asset ID of the remote device.
Specifies if location TLV is received in LLDP frames on this port.
• Sub Type: Specifies type of location information.
• Location Information: Specifies the location information as a string for
given type of location ID.
Specifies if remote device is a PoE device.
• Device Type. Specifies the remote device’s PoE device type connected to
this port.
Specifies if extended PSE TLV is received in LLDP frame on this port:
• Available: Specifies the remote port’s power sourcing equipment's (PSE)
power value in tenths of watts.
• Source: Specifies the remote port’s PSE power source.
• Priority: Specifies the remote port’s PSE power priority.
Specifies if extended PD TLV is received in LLDP frame on this port.
• Required: Specifies the remote port’s power device power requirement.
• Source: Specifies the remote port’s PD power source.
• Priority: Specifies the remote port’s PD power priority.
Inventory
Location Information
Extended PoE
Extended PoE PSE
Extended PoE PD
• Click Refresh to update the page with the latest information from the router.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 273
D-Link UWS User Manual
Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents
a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by
poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses
mapping another station’s IP address to its own MAC address.
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a binding
database of valid {MAC address, IP address, VLAN, and interface} tuples.
When DAI is enabled, the switch drops ARP packets whose sender MAC address and sender IP address do not
match an entry in the DHCP snooping bindings database. You can optionally configure additional ARP packet
validation.
DAI Configuration
Use the DAI Configuration page to configure global DAI settings.
To display the DAI Configuration page, click LAN > L2 Features>Dynamic ARP Inspection > DAI Configuration
in the navigation tree.
Figure 171: Dynamic ARP Inspection Configuration
Table 154: Dynamic ARP Inspection Configuration
Field
Description
Validate Source
MAC
Validate
Destination MAC
Select the DAI Source MAC Validation Mode for the switch. If you select Enable, Sender
MAC validation for the ARP packets will be enabled. The default is Disable.
Select the DAI Destination MAC Validation Mode for the switch. If you select Enable,
Destination MAC validation for the ARP Response packets will be enabled. The default is
Disable.
Select the DAI IP Validation Mode for the switch. If you select Enable, IP Address validation
for the ARP packets will be enabled. The default is Disable.
Validate IP
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 274
D-Link UWS User Manual
Configuring Dynamic ARP Inspection
DAI VLAN Configuration
Use the DAI VLAN Configuration page to select the DAI-capable VLANs for which information is to be displayed
or configured.
To display the DAI Configuration page, click LAN > L2 Features>Dynamic ARP Inspection > DAI VLAN
Configuration in the navigation tree.
Figure 172: Dynamic ARP Inspection VLAN Configuration
Table 155: Dynamic ARP Inspection VLAN Configuration
Field
Description
VLAN ID
Dynamic ARP
Inspection
Logging Invalid
Packets
Select the VLAN ID for which information is to be displayed or configured.
Select whether Dynamic ARP Inspection is Enabled or Disabled on this VLAN. The default
is Disable.
Select whether Dynamic ARP Inspection logging is Enabled or Disabled on this VLAN. The
default is Disable.
ARP ACL Name
The name of the ARP Access List. A VLAN can be configured to use this ARP ACL containing
rules as the filter for ARP packet validation. The name can contain 1-31 alphanumeric
characters.
Use this flag to determine whether the ARP packet needs validation using the DHCP
snooping database, in case the ARP ACL rules do not match. If Enabled, then the ARP
Packet will be validated by the ARP ACL Rules only. If Disabled, then the ARP Packet needs
further validation by using the DHCP Snooping entries. The default is Disable.
Static Flag
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 275
D-Link UWS User Manual
Configuring Dynamic ARP Inspection
DAI Interface Configuration
Use the DAI Interface Configuration page to select the DAI Interface for which information is to be displayed
or configured.
To display the DAI Interface Configuration page, click LAN > L2 Features>Dynamic ARP Inspection > DAI
Interface Configuration in the navigation tree.
Figure 173: Dynamic ARP Inspection Interface Configuration
Table 156: Dynamic ARP Inspection Interface Configuration
Field
Description
Interface
Trust State
Select the physical interface for which data is to be displayed or configured.
Indicates whether the interface is trusted for Dynamic ARP Inspection. If you select Enable,
the interface is trusted. ARP packets coming to this interface will be forwarded without
checking. If you select Disable, the interface is not trusted. ARP packets coming to this
interface will be subjected to ARP inspection. The default is Disable.
Specifies rate limit value for Dynamic ARP Inspection purpose. If the incoming rate of ARP
packets exceeds the value of this object for consecutively burst interval seconds, ARP
packets will be dropped. If this value is -1 there is no limit. The Range is (0 to 300 pps). The
factory default is 15pps (packets per second).
Selecting this option specifies that the value of Rate Limit will be configured to -1. If the
rate limit is -1 burst interval has no meaning , hence it is disabled.
Specify the burst interval for rate limiting on this interface. If the Rate Limit is None, then
Burst Interval has no meaning and shows as N/A (Not Applicable). The default is 1 second.
Rate Limit
No Limit
Burst Interval
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 276
D-Link UWS User Manual
Configuring Dynamic ARP Inspection
DAI ARP ACL Configuration
Use the DAI ARP ACL Configuration page to add or remove DAI ARP ACLs.
To display the DAI ARP ACL Configuration page, click LAN > L2 Features>Dynamic ARP Inspection > DAI ARP
ACL Configuration in the navigation tree.
Figure 174: Dynamic ARP Inspection ARP ACL Configuration
Table 157: Dynamic ARP Inspection ARP ACL Configuration
Field
Description
ARP ACL Name
Use this field to create a new ARP ACL for Dynamic ARP Inspection. The name can be 1 to
31 alphanumeric characters in length.
Displays by name a list of all the configured ARP ACLs. Use the Remove column, to select
the particular ACLs you want to delete.
ARP ACL List
• Click Add to create a new ARP ACL.
• Click Delete to remove the configured ARP ACL entry you selected in the Remove column.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 277
D-Link UWS User Manual
Configuring Dynamic ARP Inspection
DAI ARP ACL Rule Configuration
Use the DAI ARP ACL Rule Configuration page to add or remove DAI ARP ACL Rules.
To display the DAI ARP ACL Rule Configuration page, click LAN > L2 Features>Dynamic ARP Inspection > DAI
ARP ACL Rule Configuration in the navigation tree.
Figure 175: Dynamic ARP Inspection ARP ACL Rule Configuration
Table 158: Dynamic ARP Inspection ARP ACL Rule Configuration
Field
Description
ARP ACL Name Select the ARP ACL for which information is to be displayed or configured.
Sender IP Address To create a new rule for the selected ARP ACL, enter in this field the Sender IP Address
match value for the ARP ACL.
Sender MAC
To create a new rule for the selected ARP ACL, enter in this field the Sender MAC Address
Address
match value for the ARP ACL.
Remove
Use the Remove column to select the particular ARP ACL Rules you want to delete.
• Click Add to add a new ARP ACL rule.
• Click Submit to delete the entries selected in the Remove column.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 278
D-Link UWS User Manual
Configuring Dynamic ARP Inspection
Dynamic ARP Inspection Statistics
Use the Dynamic ARP Inspection (DAI) Statistics page to display the statistics per VLAN.
To display the DAI Statistics page, click LAN > Monitoring > Dynamic ARP Inspection Statistics in the navigation
tree.
Figure 176: Dynamic ARP Inspection Statistics
Table 159: Dynamic ARP Inspection Statistics
Field
Description
VLAN ID
DHCP Drops
Select the DAI-enabled VLAN ID for which to display statistics.
The number of ARP packets that were dropped by DAI because there was no matching
DHCP snooping binding entry found.
ACL Drops
The number of ARP packets that were dropped by DAI because there was no matching ARP
ACL rule found for this VLAN and the static flag is set on this VLAN.
DHCP Permits
The number of ARP packets that were forwarded by DAI because there was a matching
DHCP snooping binding entry found.
ACL Permits
The number or ARP packets that were permitted by DAI because there was a matching ARP
ACL rule found for this VLAN.
Bad Source MAC The number of ARP packets that were dropped by DAI because the sender MAC address in
the ARP packet did not match the source MAC in the Ethernet header.
Bad Dest MAC
The number of ARP packets that were dropped by DAI because the target MAC address in
the ARP reply packet did not match the destination MAC in the Ethernet header.
Invalid IP
The number of ARP packets that were dropped by DAI because the sender IP address in the
ARP packet or target IP address in the ARP reply packet is not valid. Not valid addresses
include 0.0.0.0, 255.255.255.255, IP multicast addresses, class E addresses (240.0.0.0/4),
and loopback addresses (127.0.0.0/8).
Forwarded
The number of valid ARP packets forwarded by DAI.
Dropped
The number of not valid ARP packets dropped by DAI.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 279
D-Link UWS User Manual
Configuring L3 Features
Section 5: Configuring L3 Features
The D-Link Unified Switch supports IP routing. Use the pages in the LAN > L3 Features navigation tree folder to
manage routing on the system. This section contains the following information:
• “Managing the BOOTP/DHCP Relay Agent”
• “Configuring the IP Helper Features”
• “Configuring ARP”
• “Configuring Global and Interface IP Settings”
• “Configuring RIP”
• “Router Discovery”
• “Router”
• “VLAN Routing”
• “Virtual Router Redundancy Protocol (VRRP)”
• “Configuring Quality of Service”
When a packet enters the switch, the destination MAC address is checked to see if it matches any of the
configured routing interfaces. If it does, then the silicon searches the host table for a matching destination IP
address. If an entry is found, then the packet is routed to the host. If there is not a matching entry, then the
switch performs a longest prefix match on the destination IP address. If an entry is found, then the packet is
routed to the next hop. If there is no match, then the packet is routed to the next hop specified in the default
route. If there is no default route configured, then the packet is passed to the CPU to be handled appropriately.
The routing table can have entries added either statically by the administrator or dynamically via a routing
protocol. The host table can have entries added either statically by the administrator or dynamically via ARP.
Managing the BOOTP/DHCP Relay Agent
The BootP/DHCP Relay Agent enables BootP/DHCP clients and servers to exchange BootP/DHCP messages
across different subnets. The relay agent receives the requests from the clients, and checks the valid hops and
giaddr fields. If the number of hops is greater than the configured, the agent assumes the packet has looped
through the agents and discards the packet. If giaddr field is zero the agent must fill in this field with the IP
address of the interface on which the request was received. The agent unicasts the valid packets to the next
configured destination. The server responds with a unicast BOOTREPLY addressed to the relay agent closest to
the client as indicated by giaddr field. Upon reception of the BOOTREPLY from the server, the agent forwards
this reply as broadcast or unicast on the interface that had received the BOOTREQUEST. This interface can be
identified by giaddr field.
The DWS-4000 Series switch also supports DHCP relay agent options to identify the source circuit when
customers are connected to the Internet with high-speed modem. The relay agent inserts these options when
forwarding the request to the server and removes them when sending the reply to the clients.
If an interface has more than one IP address, the relay agent should use the primary IP address configured as
its relay agent IP address.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 280
D-Link UWS User Manual
Managing the BOOTP/DHCP Relay Agent
BootP/DHCP Relay Agent Configuration
Use the BOOTP/DHCP Relay Agent Configuration page to configure and display a BOOTP/DHCP relay agent.
To display the page, click LAN > L3 Features > BOOTP/DHCP Relay Agent > Configuration in the navigation
tree.
Figure 177: BOOTP/DHCP Relay Agent Configuration
Table 160: BOOTP/DHCP Relay Agent Configuration Fields
Field
Description
Maximum Hop Count
Enter the maximum number of hops a client request can take before being
discarded.
Enter a time in seconds. This value is compared to the time stamp in the
client's request packets, which should represent the time since the client was
powered up. Packets are only forwarded when the time stamp exceeds the
minimum wait time.
Select Enable or Disable from the dropdown menu. If you select Enable, the
relay agent adds Option 82 header packets to the DHCP Request packets
before forwarding them to the server, and strips them off while forwarding
the responses to the client.
Minimum Wait Time (secs)
Circuit ID Option Mode
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 281
D-Link UWS User Manual
Managing the BOOTP/DHCP Relay Agent
BOOTP/DHCP Relay Agent Status
Use the BOOTP/DHCP Relay Agent Status page to display the BOOTP/DHCP Relay Agent configuration and
status information.
To display the page, click LAN > Monitoring > L3 Status > BOOTP/DHCP Relay Agent Status in the navigation
tree.
Figure 178: BOOTP/DHCP Relay Agent Status
Table 161: BOOTP/DHCP Relay Agent Status Fields
Field
Description
Maximum Hop Count
Server IP Address
The maximum number of Hops a client request can go without being discarded.
The IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP
Relay Agent.
Admin Mode
The administrative mode of the relay. When you select Enable on the configuration
page, BOOTP/DHCP requests are forwarded to the IP address you entered in the
Server IP address field.
Minimum Wait Time
The Minimum time in seconds. This value is compared to the time stamp in the
(secs)
client's request packets, which should represent the time since the client was
powered up. Packets are only forwarded when the time stamp exceeds the
minimum wait time.
Circuit ID Option Mode This is the Relay agent option, which can be either Enabled or Disabled. If you select
Enable, the relay agent adds Option 82 header packets to the DHCP Request packets
before forwarding them to the server, and strips them off while forwarding the
responses to the client.
Requests Received
The total number of BOOTP/DHCP requests received from all clients since the last
time the switch was reset.
Requests Relayed
The total number of BOOTP/DHCP requests forwarded to the server since the last
time the switch was reset.
Packets Discarded
The total number of BOOTP/DHCP packets discarded by this Relay Agent since the
last time the switch was reset.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 282
D-Link UWS User Manual
Configuring the IP Helper Features
Configuring the IP Helper Features
The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a
particular IP address. This allows applications to reach servers on non-local subnets. This is possible even when
the application is designed to assume a server is always on a local subnet or when the application uses
broadcast packets to reach the server (with the limited broadcast address 255.255.255.255, or a network
directed broadcast address).
You can configure relay entries globally and on routing interfaces. Each relay entry maps an ingress interface
and destination UDP port number to a single IPv4 address (the helper address). Multiple relay entries may be
configured for the same interface and UDP port, in which case the relay agent relays matching packets to each
server address. Interface configuration takes priority over global configuration. If the destination UDP port for
a packet matches any entry on the ingress interface, the packet is handled according to the interface
configuration. If the packet does not match any entry on the ingress interface, the packet is handled according
to the global IP helper configuration.
IP Helper Global Configuration
Use the IP Helper Global Configuration page to globally enable the IP Helper admin mode and to configure
global relay settings on the switch.
To display the page, click LAN > L3 Features >IP Helper > Global Configuration in the navigation tree.
Figure 179: IP Helper Global Configuration
Table 162: IP Helper Global Configuration Fields
Field
Description
UDP Relay Mode
Select enable or disable from the pull down menu. User must enable Relay
Mode to relay any other protocols for which an IP helper address has been
configured. By Default UDP Relay Mode is disabled.
Shows the destination UDP port ID/Port Name of UDP packets to be relayed.
UDP Destination Port
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 283
D-Link UWS User Manual
Configuring the IP Helper Features
Table 162: IP Helper Global Configuration Fields (Cont.)
Field
Description
Server Address
Shows the Server Address to which the packets with the given UDP
Destination Port will be relayed.
Shows the number of times a packet has been forwarded or discarded
according to this entry.
To delete a configured helper entry, select the Remove check box for the
appropriate entry and click Submit.
Hit Count
Remove
To add a relay entry, click Add. The page refreshes and provides the configurable fields to add a UDP
destination port and server IP address.
Figure 180: Adding a Global IP Helper Entry
Table 163: IP Helper Global Configuration Add Fields
Field
Description
UDP Destination Port (065535)
The destination UDP port ID/Port Name of UDP packets to be relayed. Select
the protocol from the menu. If you want to configure other than the listed
protocols, select Other from the menu. Then user will be prompted with the
UDP Destination Port field. Select the DefaultSet to configure for the relay
entry for the default set of protocols.
The Server Address to which the packets with the given UDP Destination Port
will be relayed.
Server Address
• Click Submit to send the updated configuration to the switch. These changes will not be retained across a
power cycle unless a Save configuration is performed.
• Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value
of the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 284
D-Link UWS User Manual
Configuring the IP Helper Features
IP Helper Interface Configuration
Use the IP Helper Interface Configuration page to configure per-interface relay settings.
To display the page, click LAN > L3 Features >IP Helper > Interface Configuration in the navigation tree.
Figure 181: IP Helper Interface Configuration
Table 164: IP Helper Interface Configuration Fields
Field
Description
Source IP Interface
Select the interface from the pull down menu to get the relay entries
configured on a particular interface. Select All to display all the configured
relay entries on all interfaces.
Shows the destination UDP port ID/Port Name of UDP packets to be relayed.
Shows the Server Address to which the packets with the given UDP
Destination Port will be relayed.
If True, packets arriving on the given interface with the given destination UDP
port are discarded rather than relayed. Discard entries are used to override
global IP helper address entries which otherwise might apply to a packet.
Shows the number of times a packet has been forwarded or discarded
according to this entry.
To delete a configured helper entry, select the Remove check box for the
appropriate entry and click Submit.
UDP Destination Port
Server Address
IsDiscard
Hit Count
Remove
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 285
D-Link UWS User Manual
Configuring the IP Helper Features
To add a relay entry, click Add. The page refreshes and provides the configurable fields to add a UDP
destination port and server IP address.
Figure 182: Adding an IP Helper Entry to an Interface
Table 165: IP Helper Interface Configuration Add Fields
Field
Description
Source IP Interface
The the interface from the pulldown menu to for which user wants to
configure the relay entry.
The the Destination UDP port Name from the pull down menu or configure
the port number to configure the Relay Entry on selected interface.
If set to True, packets arriving on the given interface with the given
destination UDP port are discarded rather than relayed. Discard entries are
used to override global IP helper address entries which otherwise might
apply to a packet.
The IPv4 address of the server to which packets are relayed for the specific
UDP Destination Port.
UDP Destination Port
Discard
Server Address
• Click Submit to send the updated configuration to the switch. These changes will not be retained across a
power cycle unless a Save configuration is performed.
• Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value
of the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 286
D-Link UWS User Manual
Configuring the IP Helper Features
IP Helper Statistics
Use the IP Helper – Helper Statistics page to view IP Helper statistics. To display the page, click LAN > L3
Features >IP Helper > Statistics in the navigation tree.
Figure 183: IP Helper Statistics
Table 166: IP Helper – Helper Statistics Fields
Field
Description
DHCP Client Messages Received The number of valid messages received from a DHCP client. The count is
only incremented if IP helper is enabled globally, the ingress routing
interface is up, and the packet passes a number of validity checks, such as
having a TTL >1 and having valid source and destination IP addresses.
DHCP Client Messages Relayed The number of DHCP client messages relayed to a server. If a message is
relayed to multiple servers, the count is incremented once for each server.
DHCP Server Messages Received The number of DHCP responses received from the DHCP server. This count
only includes messages that the DHCP server unicasts to the relay agent for
relay to the client.
DHCP Server Messages Relayed Specifies the number of DHCP server messages relayed to a client.
UDP Client Messages Received The number of valid UDP packets received. This count includes DHCP
messages and all other protocols relayed. Conditions are similar to those
for the first statistic in this table.
UDP Client Messages Relayed
The number of UDP packets relayed. This count includes DHCP messages
relayed as well as all other protocols. The count is incremented for each
server to which a packet is sent.
DHCP Client Messages with hops Specifies the number of DHCP Client Messages with hops greater than Max.
greater than Max
DHCP Pkts Received too early
Specifies the number of DHCP Pkts Received too early.
Received DHCP Client message Specifies the number of DHCP Client messages received with giaddr as our
with giaddr as our own
own.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 287
D-Link UWS User Manual
Configuring ARP
Table 166: IP Helper – Helper Statistics Fields (Cont.)
Field
Description
UDP TTL Expired Pkts Received
UDP Pkts Discarded
Specifies the number of UDP packets received with expired TTL.
Specifies the number of UDP packets discarded.
Configuring ARP
The ARP protocol associates a layer 2 MAC address with a layer 3 IPv4 address. D-Link DWS-4000 Series
software features both dynamic and manual ARP configuration. With manual ARP configuration, you can
statically add entries into the ARP table.
ARP is a necessary part of the internet protocol (IP) and is used to translate an IP address to a media (MAC)
address, defined by a local area network (LAN) such as Ethernet. A station needing to send an IP packet must
learn the MAC address of the IP destination, or of the next hop router, if the destination is not on the same
subnet. This is achieved by broadcasting an ARP request packet, to which the intended recipient responds by
unicasting an ARP reply containing its MAC address. Once learned, the MAC address is used in the destination
address field of the layer 2 header prepended to the IP packet.
The ARP cache is a table maintained locally in each station on a network. ARP cache entries are learned by
examining the source information in the ARP packet payload fields, regardless of whether it is an ARP request
or response. Thus, when an ARP request is broadcast to all stations on a LAN segment or virtual LAN (VLAN),
every recipient has the opportunity to store the sender’s IP and MAC address in their respective ARP cache.
The ARP response, being unicast, is normally seen only by the requestor, who stores the sender information
in its ARP cache. Newer information always replaces existing content in the ARP cache.
The number of supported ARP entries is platform-dependent2048 for the D-Link Unified Switch.
Devices can be moved in a network, which means the IP address that was at one time associated with a certain
MAC address is now found using a different MAC, or may have disappeared from the network altogether (i.e.,
it has been reconfigured, disconnected, or powered off). This leads to stale information in the ARP cache
unless entries are updated in reaction to new information seen on the network, periodically refreshed to
determine if an address still exists, or removed from the cache if the entry has not been identified as a sender
of an ARP packet during the course of an ageout interval, usually specified via configuration.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 288
D-Link UWS User Manual
Configuring ARP
ARP Create
Use the ARP Create page to add an entry to the Address Resolution Protocol table.
To display the page, click LAN > L3 Features > ARP > ARP Create in the navigation tree.
Figure 184: ARP Create
Table 167: ARP Create Fields
Field
Description
IP Address
Enter the IP address you want to add. It must be the IP address of a device on
a subnet attached to one of the switch's existing routing interfaces.
The unicast MAC address of the device. Enter the address as six two-digit
hexadecimal numbers separated by colons, for example 00:06:29:32:81:40.
MAC Address
• After you enter an IP address and the associated MAC address, click Submit to apply the changes to the
system and create the entry in the ARP table.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 289
D-Link UWS User Manual
Configuring ARP
ARP Table Configuration
Use this page to change the configuration parameters for the Address Resolution Protocol Table. You can also
use this screen to display the contents of the table.
To display the page, click LAN > L3 Features > ARP > ARP Table Configuration in the navigation tree.
Figure 185: ARP Table Configuration
Table 168: ARP Table Configuration Fields
Field
Description
Age Time (secs)
Enter the value you want the switch to use for the ARP entry ageout time. You
must enter a valid integer, which represents the number of seconds it takes
for an ARP entry to age out. The range for this field is 15 to 21600 seconds. The
default value for Age Time is 1200 seconds.
Enter the value you want the switch to use for the ARP response timeout. You
must enter a valid integer, which represents the number of seconds the switch
waits for a response to an ARP request. The range for this field is 1 to 10
seconds. The default value for Response Time is 1 second.
Enter an integer which specifies the maximum number of times an ARP
request is retried. The range for this field is 0 to 10. The default value for
Retries is 4.
Enter an integer which specifies the maximum number of entries for the ARP
cache. The range for this field is platform-dependent. The default value for
Cache Size is 896.
This controls whether the ARP component automatically attempts to renew
ARP Entries of type Dynamic when they age out. The default setting is Disable.
Total number of entries in the ARP table.
Response Time (secs)
Retries
Cache Size
Dynamic Renew
Total Entry Count
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 290
D-Link UWS User Manual
Configuring ARP
Table 168: ARP Table Configuration Fields (Cont.)
Field
Description
Peak Total Entries
Highest value reached by Total Entry Count. This counter value is restarted
whenever the ARP table Cache Size value is changed.
Total number of active static entries in the ARP table.
Total number of configured static entries in the ARP table.
Maximum number of static entries that can be defined.
Allows you to remove certain entries from the ARP Table. The choices listed
specify the type of ARP Entry to be deleted:
• All Dynamic Entries
• All Dynamic and Gateway Entries
• Specific Dynamic Gateway Entry
• Specific Static Entry
This field appears only if you select Specific Dynamic/Gateway Entry or
Specific Static Entry in the Remove from Table menu. This field allows you to
enter the IP Address against the entry that is to be removed from the ARP
Table.
Active Static Entries
Configured Static Entries
Maximum Static Entries
Remove from Table
Remove IP Address
The ARP Table displays at the bottom of the page, and contains the following fields:
Table 169: ARP Table Fields
Field
Description
IP Address
MAC Address
The IP address of a device on a subnet attached to one of the switch's routing interfaces.
The unicast MAC address for the device. The format is six two-digit hexadecimal numbers
separated by colons, for example 00:06:29:32:81:40.
The routing interface associated with the ARP entry.
The type of the ARP entry.
Age since the entry was last refreshed in the ARP Table. The format is hh:mm:ss
Slot/Port
Type
Age
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 291
D-Link UWS User Manual
Viewing ARP Cache
Viewing ARP Cache
The ARP cache is a table maintained locally in each station on a network. ARP cache entries are learned by
examining the source information in the ARP packet payload fields, regardless of whether it is an ARP request
or response. Thus, when an ARP request is broadcast to all stations on a LAN segment or virtual LAN (VLAN),
every recipient has the opportunity to store the sender’s IP and MAC address in their respective ARP cache.
The ARP response, being unicast, is normally seen only by the requestor, who stores the sender information
in its ARP cache. Newer information always replaces existing content in the ARP cache.
The ARP cache can support 1024 entries, although this size is user-configurable to any value less than 1024.
When multiple network interfaces are supported by a device, as is typical of a router, either a single ARP cache
is used for all interfaces, or a separate cache is maintained per interface. While the latter approach is useful
when network addressing is not unique per interface, this is not the case for Ethernet MAC address assignment
so a single ARP cache is employed.
To display the system ARP cache, click LAN > Monitoring  ARP Cache page in the navigation tree.
Figure 186: ARP Cache
Table 170: ARP Cache Fields
Field
Description
MAC Address
IP Address
Slot/Port
Displays the physical (MAC) address of the system in the ARP cache.
Displays the IP address associated with the system’s MAC address.
Displays the slot, and port number being used for the connection.
• Click Refresh to reload the page and refresh the ARP cache view.
• Click Clear to clear all entries from the ARP cache.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 292
D-Link UWS User Manual
Configuring Global and Interface IP Settings
Configuring Global and Interface IP Settings
When network devices are in different IP subnets, packets traveling between the subnets must be routed by
a network device. By default, the D-Link DWS-4000 Series switch functions as a layer 2 switch. The pages under
the IP folder allow you to enable routing and configure port or VLAN IP addresses so that the D-Link DWS-4000
Series switch also performs layer 3 routing and can route IP packets between devices in different subnets.
IP Configuration
Use the IP Configuration page to configure routing parameters for the switch as opposed to an interface.
To display the page, click LAN > L3 Features > IP > Configuration in the navigation tree.
Figure 187: IP Configuration
Table 171: IP Configuration Fields
Field
Description
Default Time to Live
The default value inserted into the Time-To-Live field of the IP header of
datagrams originated by the switch, if a TTL value is not supplied by the
transport layer protocol.
Select Enable or Disable from the dropdown menu. You must enable routing
for the switch before you can route through any of the interfaces. Routing is
also enabled or disabled per VLAN interface. The default value is Disable.
Select Enable or Disable from the dropdown menu. If you select Enable, then
only the router can send ECHO replies. By default, ICMP Echo Replies are sent
for echo requests.
If this is enabled globally and on the interface level, then only the router can
send ICMP redirects.
Routing Mode
ICMP Echo Replies
ICMP Redirects
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 293
D-Link UWS User Manual
Configuring Global and Interface IP Settings
Table 171: IP Configuration Fields (Cont.)
Field
Description
ICMP Rate Limit Interval
To control the ICMP error packets, you can specify the number of ICMP error
packets that are allowed per burst interval. By default, the rate limit is 100
packets per second, i.e. the burst interval is 1000 milliseconds. To disable
ICMP rate limiting, set this field to zero. The valid rate interval range is 0 to
2147483647 milliseconds.
To control the ICMP error packets, you can specify the number of ICMP error
packets that are allowed per burst interval. By default, the burst size is 100
packets. When the burst interval is zero, then configuring this field is not a
valid option. The valid burst size range is 1 to 200.
The maximum number of hops supported by the switch. This is a read-only
value.
The maximum number of routes (routing table size) supported by the switch.
(Optional) To edit this field, select the Configure check box and set the global
default gateway to the manually configured value. A default gateway
configured in this field is more preferred than a default gateway learned from
a DHCP server. Only one default gateway can be configured.
ICMP Rate Limit Burst Size
Maximum Next Hops
Maximum Routes
Global Default Gateway
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 294
D-Link UWS User Manual
Configuring Global and Interface IP Settings
IP Interface Configuration
Use the IP Interface Configuration page to update IP interface data for this switch.
To display the page, click LAN > L3 Features > IP > Interface Configuration in the navigation tree.
Figure 188: IP Interface Configuration
Table 172: IP Interface Configuration Fields
Field
Description
Interface
Select the interface to configure from the dropdown menu. The dropdown
menu contains logical interfaces, including loopback interfaces and VLAN
routing interfaces.
Shows whether the IPv4 routing is up or down on the interface.
Specify whether the selected interface should receive an IP address
dynamically through DHCP, or statically through manual IP address
assignment.
If you configure DHCP as the method, additional buttons display at the bottom
of the page that allow you to renew, release, or display DHCP-assigned
information.
If the configuration method is manual, enter the static IP address for the
interface.
If the configuration method is manual, enter the subnet mask for the
interface. This is also referred to as the subnet/network mask, and defines the
portion of the interface's IP address that is used to identify the attached
network.
Routing Interface Status
IP Address Configuration
Method
IP Address
Subnet Mask
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 295
D-Link UWS User Manual
Configuring Global and Interface IP Settings
Table 172: IP Interface Configuration Fields (Cont.)
Field
Description
Routing Mode
Setting this Enables or Disables routing for an interface. By default, routing is
disabled on port-based routing interfaces and enabled on VLAN-based routing
interfaces.
The Administrative Mode of the interface. The default value is Enable.
An integer representing the physical link data rate of the specified interface.
This data is valid only for physical interfaces and is measured in Megabits per
second (Mbps).
Select how network directed broadcast packets should be handled. If you
select Enable from the dropdown menu network directed broadcasts are
forwarded. If you select Disable they are dropped. The default value is Disable.
The state of the specified interface is either Active or Inactive. An interface is
considered active if the link is up and it is in forwarding state.
The burned-in physical address of the specified interface. The format is six
two-digit hexadecimal numbers separated by colons, for example
00:06:29:32:81:40. This value is valid for physical interfaces. For logical
interfaces, such as VLAN routing interfaces, the field displays the system MAC
address.
Select the link layer encapsulation type for packets transmitted from the
specified interface from the dropdown menu. The possible values are
Ethernet and SNAP. The default is Ethernet.
Select to Disable or Enable Proxy ARP for the specified interface from the
dropdown menu.
Select to Disable or Enable Local Proxy ARP for the specified interface from the
dropdown menu.
The maximum transmission unit (MTU) size of IP packets sent on an interface.
Valid range is (68 to 9198). Default value is 1500.
The configured bandwidth of the interface is specified in Kbps. The OSPF
protocol uses this value to compute the link cost of an interface as the ratio of
the reference bandwidth to the interface bandwidth.
If no bandwidth is configured, the bandwidth defaults to the actual interface
bandwidth for port-based routing interfaces and to 10 Mbps for VLAN routing
interfaces. This value does not affect the actual speed of an interface.
Specifies the mode of sending ICMP Destination Unreachables on this
interface. If this is disabled, then this interface will not send ICMP Destination
Unreachables. By default, the Destination Unreachables mode is Enable.
The router sends an ICMP Redirect on an interface only if Redirects are
enabled both globally and on the interface. By default, the ICMP Redirects
mode is Enable.
Administrative Mode
Link Speed Data Rate
Forward Net Directed
Broadcasts
Active State
MAC Address
Encapsulation Type
Proxy ARP
Local Proxy ARP
IP MTU
Bandwidth
Destination Unreachables
ICMP Redirects
• Click Submit to send the updated configuration to the switch. These changes will not be retained across a
power cycle unless a Save configuration is performed.
• Click Helper-IP Address to proceed to the Helper Address configuration page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 296
D-Link UWS User Manual
Configuring Global and Interface IP Settings
IP Statistics
The statistics reported on the IP Statistics page are as specified in RFC 1213.
To display the page, click LAN > Monitoring > L3 Status > IP Statistics in the navigation tree.
Note: Figure 189 does not show all of the fields on the page.
Figure 189: IP Statistics
Table 173: IP Statistics Fields
Field
Description
IpInReceives
The total number of input datagrams received from interfaces, including
those received in error.
The number of input datagrams discarded due to errors in their IP headers,
including bad checksums, version number mismatch, other format errors,
time-to-live exceeded, errors discovered in processing their IP options, etc.
The number of input datagrams discarded because the IP address in their IP
header's destination field was not a valid address to be received at this entity.
This count includes invalid addresses (e.g., 0.0.0.0) and addresses of
unsupported Classes (e.g., Class E). For entities which are not IP Gateways and
therefore do not forward datagrams, this counter includes datagrams
discarded because the destination address was not a local address.
The number of input datagrams for which this entity was not their final IP
destination, as a result of which an attempt was made to find a route to
forward them to that final destination. In entities which do not act as IP
Gateways, this counter includes only those packets which were SourceRouted via this entity, and the Source-Route option processing was successful.
The number of locally-addressed datagrams received successfully but
discarded because of an unknown or unsupported protocol.
The number of input IP datagrams for which no problems were encountered
to prevent their continued processing, but which were discarded (e.g., for lack
of buffer space). Note that this counter does not include any datagrams
discarded while awaiting re-assembly.
IpInHdrErrors
IpInAddrErrors
IpForwDatagrams
IpInUnknownProtos
IpInDiscards
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 297
D-Link UWS User Manual
Configuring Global and Interface IP Settings
Table 173: IP Statistics Fields (Cont.)
Field
Description
IpInDelivers
The total number of input datagrams successfully delivered to IP userprotocols (including ICMP).
The total number of IP datagrams which local IP user-protocols (including
ICMP) supplied to IP in requests for transmission. Note that this counter does
not include any datagrams counted in ipForwDatagrams.
The number of output IP datagrams for which no problem was encountered
to prevent their transmission to their destination, but which were discarded
(e.g., for lack of buffer space). Note that this counter would include datagrams
counted in ipForwDatagrams if any such packets met this (discretionary)
discard criterion.
The number of IP datagrams discarded because no route could be found to
transmit them to their destination. Note that this counter includes any
packets counted in ipForwDatagrams which meet this `no-route' criterion.
Note that this includes any datagrams which a host cannot route because all
of its default gateways are down.
The maximum number of seconds which received fragments are held while
they are awaiting reassembly at this entity.
The number of IP fragments received which needed to be reassembled at this
entity.
The number of IP datagrams successfully re-assembled.
The number of failures detected by the IP re-assembly algorithm (for
whatever reason: timed out, errors, etc.). Note that this is not necessarily a
count of discarded IP fragments since some algorithms can lose track of the
number of fragments by combining them as they are received.
The number of IP datagrams that have been successfully fragmented at this
entity.
The number of IP datagrams that have been discarded because they needed
to be fragmented at this entity but could not be, e.g., because their Don't
Fragment flag was set.
The number of IP datagram fragments that have been generated as a result of
fragmentation at this entity.
The number of routing entries which were chosen to be discarded even
though they are valid. One possible reason for discarding such an entry could
be to free-up buffer space for other routing entries.
The total number of ICMP messages which the entity received. Note that this
counter includes all those counted by icmpInErrors.
The number of ICMP messages which the entity received but determined as
having ICMP-specific errors (bad ICMP checksums, bad length, etc.).
The number of ICMP Destination Unreachable messages received.
The number of ICMP Time Exceeded messages received.
The number of ICMP Parameter Problem messages received.
The number of ICMP Source Quench messages received.
The number of ICMP Redirect messages received.
The number of ICMP Echo (request) messages received.
IpOutRequests
IpOutDiscards
IpOutNoRoutes
IpReasmTimeout
IpReasmReqds
IpReasmOKs
IpReasmFails
IpFragOKs
IpFragFails
IpFragCreates
IpRoutingDiscards
IcmpInMsgs
IcmpInErrors
IcmpInDestUnreachs
IcmpInTimeExcds
IcmpInParmProbs
IcmpInSrcQuenchs
IcmpInRedirects
IcmpInEchos
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 298
D-Link UWS User Manual
Configuring Global and Interface IP Settings
Table 173: IP Statistics Fields (Cont.)
Field
Description
IcmpInEchoReps
IcmpInTimestamps
IcmpInTimestampReps
IcmpInAddrMasks
IcmpInAddrMaskReps
IcmpOutMsgs
The number of ICMP Echo Reply messages received.
The number of ICMP Timestamp (request) messages received.
The number of ICMP Timestamp Reply messages received.
The number of ICMP Address Mask Request messages received.
The number of ICMP Address Mask Reply messages received.
The total number of ICMP messages which this entity attempted to send. Note
that this counter includes all those counted by icmpOutErrors.
The number of ICMP messages which this entity did not send due to problems
discovered within ICMP such as a lack of buffers. This value should not include
errors discovered outside the ICMP layer such as the inability of IP to route the
resultant datagram. In some implementations there may be no types of error
which contribute to this counter's value.
The number of ICMP Destination Unreachable messages sent.
The number of ICMP Time Exceeded messages sent.
The number of ICMP Parameter Problem messages sent.
The number of ICMP Source Quench messages sent.
The number of ICMP Redirect messages sent. For a host, this object is always
zero, since hosts do not send redirects.
The number of ICMP Echo (request) messages sent.
The number of ICMP Echo Reply messages sent.
The number of ICMP Timestamp (request) messages.
The number of ICMP Timestamp Reply messages sent.
The number of ICMP Address Mask Request messages sent.
IcmpOutErrors
IcmpOutDestUnreachs
IcmpOutTimeExcds
IcmpOutParmProbs
IcmpOutSrcQuenchs
IcmpOutRedirects
IcmpOutEchos
IcmpOutEchoReps
IcmpOutTimestamps
IcmpOutTimestampReps
IcmpOutAddrMasks
• Click Refresh to update the page with the most current data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 299
D-Link UWS User Manual
Loopback Interfaces
Loopback Interfaces
D-Link DWS-4000 Series software provides for the creation, deletion, and management of loopback interfaces.
They are dynamic interfaces that are created and deleted via user-configuration. D-Link DWS-4000 Series
software supports multiple loopback interfaces.
A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address
on the device that may be referred to by other switches. This interface provides the source address for sent
packets and can receive both local and remote packets. It is typically used by routing protocols.
A loopback interface is a pseudo-device for assigning local addresses so that the router can be communicated
with by this address, which is always up and can receive traffic from any of the existing active interfaces. Thus,
given reachability from a remote client, the address of the loopback can be used to communicate with the
router through various services such as telnet and SSH. In this way, the address on a loopback behaves
identically to any of the local addresses of the router in terms of the processing of incoming packets.
Loopbacks Configuration
Use the Loopbacks Configuration page to create, configure, or remove loopback interfaces. You can also set
up or delete a secondary address for a loopback.
To display the page, click LAN > L3 Features > Loopbacks > Configuration in the navigation tree. If no loopback
interfaces exist on the system, the page only has two fields, as Figure 190 shows.
Figure 190: Loopback Configuration—Create
Additional fields display depending on whether or not a loopback has already been created, as shown in
Figure 191.
Figure 191: Configured Loopback Interface
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 300
D-Link UWS User Manual
Loopback Interfaces
The fields available on the Loopbacks Configuration page depend on whether any loopback interfaces exist
and whether the protocol is IPv4 or IPv6. The following table describes all fields, which are not all on the same
screen at the same time.
Table 174: Configured Loopback Interface Fields
Field
Description
Loopback
Use the dropdown menu to select from the list of currently configured
loopback interfaces. Create is also a valid choice if the maximum number of
loopback interfaces has not been created.
When Create is selected in the Loopback field, this list of available loopback
IDs displays.
Select IPv4 or IPv6 to configure the corresponding attributes on the loopback
interface. The protocol selected affects the fields that are displayed on this
page.
The primary IPv4 address for this interface in dotted decimal notation. This
option only displays when the Protocol specified is IPv4.
The primary IPv4 subnet mask for this interface in dotted decimal notation.
This option only displays when the Protocol specified is IPv4.
Loopback ID
Protocol
IPv4 Address
IPv4 Subnet Mask
The following fields display after a primary address has been configured and you click Add Secondary. You can
configure multiple secondary addresses.
Table 175: Loopback Interface Secondary Address Fields
Field
Description
Secondary
Address
Select a configured IPv4 secondary address for the selected Loopback interface from the
dropdown menu. A new address can be entered in the Secondary IP Address field by
selecting Add Secondary IP Address here (if the maximum number of secondary addresses
has not been configured). A primary address must be configured before a secondary
address can be added.
Secondary IP
The secondary IP address for this interface in dotted decimal notation. This input field is
Address
visible only when Add Secondary is selected.
Secondary Subnet The secondary subnet mask for this interface in dotted decimal notation. This input field is
Mask
visible only when Add Secondary is selected.
Creating a New Loopback (IPv4)
1. From the Loopbacks Configuration page, select Create from the Loopback menu.
2. Specify an ID to use in the Loopback ID field.
3. Click Submit.
The Loopback ID field goes away, and additional loopback fields display, as Figure 192 shows.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 301
D-Link UWS User Manual
Loopback Interfaces
Figure 192: Loopbacks Configuration—IPv4 Entry
4. In the Protocol field, select IPv4
5. Enter desired values in the remaining fields.
6. Click Submit.
The new loopback is saved, and the web page reappears showing secondary address configuration fields.
For an example of the fields on this page, see Figure 191.
7. Optionally, click the Add Secondary field to add a secondary IP address and complete the Secondary
Address, Secondary IP Address, and Secondary Subnet Mask fields.
8. Click Submit.
Removing a Loopback
1. Open the Loopback Configuration page.
2. Specify the loopback to remove in the Loopback menu.
3. Click Delete Loopback.
The loopback is deleted, and the device is updated.
Removing a Secondary Address
1. Open the Loopback Configuration page.
2. Specify the loopback to be affected.
3. Specify the secondary address to be removed.
4. Click Delete Selected Secondary.
The secondary address is deleted, and the device is updated.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 302
D-Link UWS User Manual
Loopback Interfaces
Loopbacks Summary
Use the Loopbacks Summary page to display a summary of configured loopbacks.
To display the page, click LAN > Monitoring > L3 Status > Loopback Summary in the navigation tree.
Figure 193: Loopbacks Summary
Table 176: Loopbacks Summary Fields
Field
Description
Loopback Interface
Addresses
The ID of the configured loopback interface.
A list of the addresses configured on the loopback interface.
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 303
D-Link UWS User Manual
Configuring RIP
Configuring RIP
RIP is an Interior Gateway Protocol (IGP) based on the Bellman-Ford algorithm and targeted at smaller
networks (network diameter no greater than 15 hops). The routing information is propagated in RIP update
packets that are sent out both periodically and in the event of a network topology change. On receipt of a RIP
update, depending on whether the specified route exists or does not exist in the route table, the router may
modify, delete, or add the route to its route table.
RIP Configuration
Use the RIP Configuration page to enable and configure or disable RIP in Global mode.
To display the page, click LAN > L3 Features > RIP > Configuration in the navigation tree.
Figure 194: RIP Configuration
Table 177: RIP Configuration Fields
Field
Description
RIP Admin Mode
Select Enable or Disable from the dropdown menu. If you select Enable, RIP is
enabled for the switch. The default is Disable.
Select None, Simple, or Poison Reverse from the dropdown menu. The default
is Simple. Split horizon is a technique for avoiding problems caused by
including routes in updates sent to the router from which the route was
originally learned. The options are:
• None: No special processing for this case.
• Simple: A route is not included in updates sent to the router from which it
was learned.
• Poison Reverse: A route is included in updates sent to the router from
which it was learned, but the metric is set to infinity.
Split Horizon Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 304
D-Link UWS User Manual
Configuring RIP
Table 177: RIP Configuration Fields (Cont.)
Field
Description
Auto Summary Mode
Select Enable or Disable from the dropdown menu. If you select Enable,
groups of adjacent routes are summarized into single entries, in order to
reduce the total number of entries. The default is Disable.
Host Routes Accept Mode
Select Enable or Disable from the dropdown menu. If you select Enable, the
router accepts host routes. The default is Enable.
Global Route Changes
Displays the number of route changes made to the IP Route Database by RIP.
This does not include the refresh of a route's age.
Global Queries
Displays the number of responses sent to RIP queries from other systems.
Default Information Originate When enabled, RIP originates a default route (0.0.0.0/0.0.0.0)
Default Metric
Sets a default for the metric of redistributed routes.This field displays the
default metric if one has already been set, or blank if not configured earlier.
Valid values are 1 to 15.
• If you make changes to the page, click Submit to apply the changes to the system.
RIP Interface Configuration
Use the RIP Interface Configuration page to enable and configure or to disable RIP on a specific interface.
To display the page, click LAN > L3 Features > RIP > Interface Configuration in the navigation tree.
Figure 195: RIP Interface Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 305
D-Link UWS User Manual
Configuring RIP
Table 178: RIP Interface Configuration Fields
Field
Description
Interface
Send Version
Select the interface for which data is to be configured from the menu.
RIP Version that router sends with its routing updates. The default is RIP-2.
Possible values are:
• RIP-1: send RIP version 1 formatted packets via broadcast.
• RIP-1c: RIP version 1 compatibility mode. Send RIP version 2 formatted
packets via broadcast.
• RIP-2: send RIP version 2 packets using multicast.
• None: no RIP control packets are sent.
RIP Version of the routing updates that the router must accept. The default is
Both. Possible values are:
• RIP-1: accept only RIP version 1 formatted packets.
• RIP-2: accept only RIP version 2 formatted packets.
• Both: accept packets in either format.
• None: no RIP control packets is accepted.
Select Enable or Disable from the dropdown menu. Before you enable RIP
version 1 or version 1c on an interface, you must first enable network directed
broadcast mode on the corresponding interface. The default value is Disable.
You may select an authentication type other than None by clicking the Modify
button. You then see a new screen, where you can select the authentication
type from the dropdown menu. Possible values are:
• None: This is the initial interface state. If you select this option from the
dropdown menu on the second screen you are returned to the first screen
without any authentication protocols being run.
• Simple: If you select Simple you are prompted to enter an authentication
key. This key is included, in the clear text, in the RIP header of all packets
sent on the network. All routers on the network must be configured with
the same key.
• Encrypt: If you select Encrypt you are prompted to enter both an
authentication key and an authentication ID. Encryption uses the MD5
Message-Digest algorithm. All routers on the network must be configured
with the same key and ID.
Displays the IP Address of the router interface.
Specifies whether the RIP interface is up or down.
Displays the number of RIP packets that were found to be invalid or corrupt.
Displays the number of routes, in valid RIP packets, which were ignored for
any reason, e.g., the number of triggered RIP updates actually sent on this
interface. This explicitly does NOT include full updates sent containing new
information.
Displays the number of route updates sent.
Receive Version
RIP Admin Mode
Authentication Type
IP Address
Link State
Bad Packets Received
Bad Routes Received
Updates Sent
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 306
D-Link UWS User Manual
Configuring RIP
Configuring the RIP Interface
1. Open the RIP Interface Configuration page.
2. Specify the interface for which data is to be configured.
3. Enter data into the fields as needed.
4. To change the Authentication Type, click Configure Authentication to configure different Authentication
Types.
The page refreshes and displays the RIP Interface Authentication Configuration page.
Figure 196: RIP Interface Authentication Configuration
5. Select the type of authentication to use.
If you select Simple or Encrypt as the authentication, the screen refreshes, and additional fields display.
Enter the required information into the new fields.
6. Click Submit to apply the changes to the system and return to the RIP Interface Configuration page.
7. To cancel the authentication configuration and return to the RIP Interface Configuration page, click
Cancel.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 307
D-Link UWS User Manual
Configuring RIP
RIP Interface Summary
Use the RIP Interface Summary page to display RIP configuration status on an interface.
To display the page, click LAN > Monitoring > L3 Status > RIP > Interface Summary in the navigation tree.
Figure 197: RIP Interface Summary
Table 179: RIP Interface Summary Fields
Field
Description
Interface
IP Address
Send Version
The interface, such as the routing-enabled VLAN on which RIP is enabled.
The IP Address of the router interface.
Specifies the RIP version to which RIP control packets sent from the interface
conform. The default is RIP-2. Possible values are:
• RIP-1: RIP version 1 packets are sent using broadcast.
• RIP-1c: RIP version 1 compatibility mode. RIP version 2 formatted packets
are transmitted using broadcast.
• RIP-2: RIP version 2 packets are sent using multicast.
• None: RIP control packets are not transmitted.
Specifies which RIP version control packets are accepted by the interface. The
default is Both. Possible values are:
• RIP-1: only RIP version 1 formatted packets are received.
• RIP-2: only RIP version 2 formatted packets are received.
• Both: packets are received in either format.
• None: no RIP control packets are received.
Specifies whether RIP is Enabled or Disabled on the interface.
Specifies whether the RIP interface is up or down.
Receive Version
RIP Admin Mode
Link State
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 308
D-Link UWS User Manual
Configuring RIP
RIP Route Redistribution Configuration
Use the RIP Route Redistribution Configuration page to configure which routes are redistributed to other
routers using RIP. The allowable values for each fields are displayed next to the field. If any invalid values are
entered, an alert message is displayed with the list of all the valid values.
To display the page, click LAN > L3 Features > RIP > Route Redistribution Configuration in the navigation
menu.
Figure 198: RIP Route Redistribution Configuration
Table 180: RIP Route Redistribution Configuration Fields
Field
Description
Source
This select box is a dynamic selector used to configure Source Routes.
Possible values are:
• Static: The route was manually configured.
• Connected: The route was determined automatically because the host is
directly connected.
Sets the metric value to be used as the metric of redistributed routes. This
field is 0 if a metric has not been configured. The range of valid values is (1 to
15).
Enter the ACL ID for an access list that filters the routes to be redistributed by
the destination protocol. Only permitted routes are redistributed.
The route-redistribution mode for a particular source protocol.By default this
is disabled.
Metric
Distribute List
Redistribute
You configure ACLs through the pages under LAN > Access Control ListsIP Access Control Lists. When used
for route filtering, the only fields in an access list that get used are:
• Source IP Address and netmask
• Destination IP Address and netmask
• Action (Permit or Deny)
All other fields (source and destination port, precedence, ToS, etc.) are ignored.
The source IP address is compared to the destination IP address of the route. The source IP netmask in the
access list rule is treated as a wildcard mask, indicating which bits in the source IP address must match the
destination address of the route. (Note that a 1 in the mask indicates a Don’t Care in the corresponding address
bit.)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 309
D-Link UWS User Manual
Configuring RIP
When an access list rule includes a destination IP address and netmask (an extended access list), the
destination IP address is compared to the network mask of the destination of the route. The destination
netmask in the access list serves as a wildcard mask, indicating which bits in the route’s destination mask are
significant for the filtering operation.
• If you make changes to the page, click Submit to apply the changes to the system.
• To delete a configured route, click Delete.
RIP Route Redistribution Summary
Use the RIP Route Redistribution Summary page to display Route Redistribution configurations.
To display the page, click LAN > Monitoring > L3 Status > RIP > Route Redistribution Summary in the
navigation menu.
Figure 199: RIP Route Redistribution Summary
Table 181: RIP Route Redistribution Summary Fields
Field
Description
Source Protocol
Metric
The Source Route to be Redistributed by RIP
The Metric of redistributed routes for the given source route. Displays 0 when
not configured.
The route-redistribution mode for a particular source protocol.By default this
is disabled.
The Access List that filters the routes to be redistributed by the Destination
Protocol. Displays 0 when not configured.
When Enable RIP redistributes OSPF Internal Routes.
When Enable RIP redistributes External Type 1 Routes.
When Enable RIP redistributes External Type 2 Routes.
When Enable RIP redistributes NSSA External Type 1 Routes.
When Enable RIP redistributes NSSA External Type 2 Routes.
Redistribute
Distribute List
Match Internal
Match External Type 1
Match External Type 2
Match NSSA External Type 1
Match NSSA External Type 2
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 310
D-Link UWS User Manual
Router Discovery
Router Discovery
The Router Discovery protocol is used by hosts to identify operational routers on the subnet. Router Discovery
messages are of two types: “Router Advertisements” and “Router Solicitations.” The protocol mandates that
every router periodically advertise the IP Addresses it is associated with. Hosts listen for these advertisements
and discover the IP Addresses of neighboring routers.
Router Discovery Configuration
Use the Router Discovery Configuration page to enter or change Router Discovery parameters.
To display the page, click LAN > L3 Features > Router Discovery > Configuration in the navigation tree.
Figure 200: Router Discovery Configuration
Table 182: Router Discovery Configuration Fields
Field
Description
Interface
Advertise Mode
Select the router interface for which data is to be configured.
Select Enable or Disable from the dropdown menu. If you select Enable, Router
Advertisements are transmitted from the selected interface.
Advertise Address
Enter the IP Address to be used to advertise the router.
Maximum Advertise Interval Enter the maximum time (in seconds) allowed between router advertisements
(secs)
sent from the interface.
Minimum Advertise Interval Enter the minimum time (in seconds) allowed between router advertisements
(secs)
sent from the interface.
Advertise Lifetime (secs)
Enter the value (in seconds) to be used as the lifetime field in router
advertisements sent from the interface. This is the maximum length of time that
the advertised addresses are to be considered as valid router addresses by
hosts.
Preference Level
Specify the preference level of the router as a default router relative to other
routers on the same subnet. Higher numbered addresses are preferred. You
must enter an integer.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 311
D-Link UWS User Manual
Router Discovery
• If you make any changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 312
D-Link UWS User Manual
Router Discovery
Router Discovery Status
Use the Router Discovery Status page to display Router Discovery data for each port.
To display the page, click LAN > L3 Features > Router Discovery > Status in the navigation tree.
Figure 201: Router Discovery Status
Table 183: Router Discovery Status Fields
Field
Description
Interface
Advertise Mode
The router interface for which data is displayed.
The values are Enable or Disable. Enable denotes that Router Discovery is
enabled on that interface.
The IP Address used to advertise the router.
The maximum time (in seconds) allowed between router advertisements
sent from the interface.
Advertise Address
Maximum Advertise
Interval(secs)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 313
D-Link UWS User Manual
Router
Table 183: Router Discovery Status Fields (Cont.)
Field
Description
Minimum Advertise
Interval(secs)
Advertise Lifetime(secs)
The minimum time (in seconds) allowed between router advertisements
sent from the interface.
The value (in seconds) used as the lifetime field in router advertisements
sent from the interface. This is the maximum length of time that the
advertised addresses are to be considered as valid router addresses by hosts.
The preference level of the router as a default router relative to other
routers on the same subnet. Higher numbered addresses are preferred.
Preference Level
• Click Refresh to update the information on the screen.
Router
The pages accessible from the Router folder allow you to configure the routing table and configure route
preferences.
Route Table
The route table manager collects routes from multiple sources: static routes, RIP routes, and local routes. The
route table manager may learn multiple routes to the same destination from multiple sources. The route table
lists all routes. The best routes table displays only the most preferred route to each destination (see “Best
Routes Table” on page 316 for more information).
To display the page, click LAN > Monitoring > L3 Status > Route Table in the navigation tree.
Figure 202: Route Table
Table 184: Route Table Fields
Field
Description
Total Number of Routes
Network Address
Subnet Mask
The total number of routes in the route table.
The IP route prefix for the destination.
Also referred to as the subnet/network mask, this indicates the portion of the
IP interface address that identifies the attached network.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 314
D-Link UWS User Manual
Router
Table 184: Route Table Fields (Cont.)
Field
Description
Protocol
This field tells which protocol created the specified route. The possibilities are
one of the following:
• Local
• Static
• Default
• RIP
The outgoing router interface to use when forwarding traffic to the
destination.
The outgoing router IP address to use when forwarding traffic to the next
router (if any) in the path towards the destination. The next router is always
one of the adjacent neighbors or the IP address of the local interface for a
directly attached network.
Next Hop Slot/Port
Next Hop IP Address
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 315
D-Link UWS User Manual
Router
Best Routes Table
The route table manager collects routes from multiple sources: static routes, RIP routes, and local routes. The
route table manager may learn multiple routes to the same destination from multiple sources. In that case,
the route table manager selects the route with the lowest route preference value to use for forwarding to that
destination. Use the Best Routes Table page to display the best routes from the routing table. To view all
routes, including multiple routes to the same destination, see “Route Table” on page 314.
To display the page, click LAN > L3 Features > Router > Best Routes Table in the navigation tree.
Figure 203: Best Routes Table
Table 185: Best Routes Table Fields
Field
Description
Total Number of Routes
Network Address
Subnet Mask
The total number of routes in the route table.
The IP route prefix for the destination.
Also referred to as the subnet/network mask, this indicates the portion of the
IP interface address that identifies the attached network.
This field tells which protocol created the specified route. The possibilities are
one of the following:
• Local
• Static
• Default
• RIP
The outgoing router interface to use when forwarding traffic to the
destination.
The outgoing router IP address to use when forwarding traffic to the next
router (if any) in the path towards the destination. The next router is always
one of the adjacent neighbors or the IP address of the local interface for a
directly attached network.
Protocol
Next Hop Slot/Port
Next Hop IP Address
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 316
D-Link UWS User Manual
Router
Configured (Static) Routes
Use the Configured Routes page to create and display static routes.
To display the page, click LAN > L3 Features > Router > Configured Routes in the navigation tree.
Figure 204: Configured Routes
Table 186: Configured Routes Fields
Field
Description
Network Address
Subnet Mask
The IP route prefix for the destination.
Also referred to as the subnet/network mask, this indicates the portion of the
IP interface address that identifies the attached network.
The next hop router address to use when forwarding traffic to the destination.
The outgoing interface to use when forwarding traffic to the destination. For
static reject routes it would be Null0.
Note: The route will not take effect until a routing interface belonging to the
same subnet as the next hop IP is created and activated, and this field will
display the next hop slot/port as Unresolved.
The preferences configured for the added routes.
Next Hop IP
Next Hop Slot/Port
Preference
Adding a Static Route
1. Open the Configured Routes page.
2. Click Add Route.
The Router Route Entry Create page displays. The fields available on the page vary based on the route
type.
3. Next to Route Type, select Default route, Static or Static Reject from the menu.
• Default: Enter the default gateway address in the Next Hop IP Address field and the the route
preference value in the Preference field.
• Static: Enter values for Network Address, Subnet Mask, Next Hop IP Address, and Preference.
• Static Reject: Packets to these destinations will be dropped.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 317
D-Link UWS User Manual
Router
Figure 205: Create Static Route
Table 187: Route Entry Create Fields
Field
Description
Route Type
Specifies whether the route is to be a Default, Static, or Static Reject route.
Packets sent to the static reject route are dropped.
Specify the IP route prefix for the destination from the dropdown menu. In
order to create a route, a valid routing interface must exist and the next hop
IP Address must be on the same network as the routing interface. Routing
interfaces are created on the IP Interface Configuration page. Valid next hop
IP Addresses can be viewed on the Route Table page.
Also referred to as the subnet/network mask, this indicates the portion of the
IP interface address that identifies the attached network.
The outgoing router IP address to use when forwarding traffic to the next
router (if any) in the path towards the destination. The next router is always
one of the adjacent neighbors or the IP address of the local interface for a
directly attached network. When creating a route, the next hop IP must be on
the same network as the routing interface. Valid next hop IP Addresses can be
seen on the Route Table page.
Specifies a preference value for the configured next hop.
Network Address
Subnet Mask
Next Hop IP Address
Preference
4. Click Submit.
The new route is added, and you are returned to the Configured Routes page.
Deleting a Route
Select the check box at the end of the row for the route to delete. Click Delete to remove the selected route.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 318
D-Link UWS User Manual
Router
Route Preferences Configuration
Use the Route Preferences Configuration page to configure the default preference for each protocol. These
values are arbitrary values that range from 1 to 255, and are independent of route metrics. Most routing
protocols use a route metric to determine the shortest path known to the protocol, independent of any other
protocol. Routes with a preference of 255 are not used for forwarding.
The best route to a destination is chosen by selecting the route with the lowest preference value. When there
are multiple routes to a destination, the preference values are used to determine the preferred route.
To display the page, click LAN > L3 Features > Router > Route Preferences Configuration in the navigation tree.
Figure 206: Route Preferences Configuration
Table 188: Route Preferences Configuration Fields
Field
Description
Local
This field displays the local route preference value of 0. This value is not
configurable.
The static route preference value in the router. The default value is 1. The
range is 1 to 255.
The RIP route preference value in the router. The default value is 15. The
range is 1 to 255.
Static
RIP
• If you make changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 319
D-Link UWS User Manual
VLAN Routing
VLAN Routing
You can configure the D-Link DWS-4000 Series switch with some ports supporting VLANs and some supporting
routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a
router port.
When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed
for an inbound packet, which is then associated with a VLAN. Its MAC Destination Address (MAC DA) and VLAN
ID are used to search the MAC address table. If routing is enabled for the VLAN, and the MAC DA of an inbound
unicast packet is that of the internal bridge-router interface, the packet is routed. An inbound multicast packet
is forwarded to all ports in the VLAN, plus the internal bridge-router interface, if it was received on a routed
VLAN.
Since a port can be configured to belong to more than one VLAN, VLAN routing might be enabled for all of the
VLANs on the port, or for a subset. VLAN Routing can be used to allow more than one physical port to reside
on the same subnet. It could also be used when a VLAN spans multiple physical networks, or when additional
segmentation or security is required. This section shows how to configure D-Link DWS-4000 Series Unified
Switch software to support VLAN routing. A port can be either a VLAN port or a router port, but not both.
However, a VLAN port may be part of a VLAN that is itself a router port.
VLAN Routing Configuration
Use the VLAN Routing Configuration page to configure VLAN Routing interfaces on the system.
To display the page, click LAN > L3 Features > Router > VLAN Routing Configuration in the navigation tree.
Figure 207 shows the page when no VLAN routing interfaces exist.
Figure 207: VLAN Routing Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 320
D-Link UWS User Manual
VLAN Routing
Figure 207 shows the page when at least one VLAN routing interface has been created.
Figure 208: VLAN Routing Configuration - Interface Exists
Table 189: VLAN Routing Configuration Fields
Field
Description
VLAN ID
Enter the ID of a VLAN to configure for VLAN Routing. Initially, the field will display the ID
of the first VLAN. After you enter a new VLAN ID and click Create, the non-configurable
data will be displayed.
The logical slot and port number assigned to the VLAN Routing Interface.
The MAC Address assigned to the VLAN Routing Interface.
The configured IP Address of the VLAN Routing Interface. Note that if a VLAN is created
and the IP address is not configured, the page by default shows an IP address of 0.0.0.0.
To configure the IP address, go to LAN > L3 Features > Routing > IP > Interface
Configuration. In the Interface field on the IP Interface Configuration page, select the
interface identified in the Interface field (e.g. 4/1) on the VLAN Routing Configuration
page.
The configured Subnet Mask of the VLAN Routing Interface. This is 0.0.0.0 when the VLAN
Routing Interface is first configured and must be entered on the IP Interface
Configuration page.
Interface
MAC Address
IP Address
Subnet Mask
Creating a VLAN Routing Interface
1. Enter a new VLAN ID in the VLAN ID field.
2. Click Create.
The page refreshes and displays the interface and MAC address assigned to the new VLAN. The interface
is in Slot/Port notation. The IP address and Subnet Mask fields are 0.0.0.0.
Note: Be sure to note the interface Slot/Port assignment so that you select the correct interface to
configure from the Interface Configuration page.
3. In the navigation menu, click LAN > L3 Features > IP > Interface Configuration.
4. Select the interface assigned to the VLAN.
The IP address and Subnet Mask fields are 0.0.0.0 by default.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 321
D-Link UWS User Manual
VLAN Routing
5. Enter the IP address and subnet mask for the VLAN, and configure any other interface settings.
6. Click Submit to apply the settings to the VLAN routing interface.
7. Navigate to the LAN > Monitoring > VLAN Routing Summary page to view the new VLAN in the table.
Deleting a VLAN Router Interface
Click Delete to delete the selected VLAN routing interface.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 322
D-Link UWS User Manual
VLAN Routing
VLAN Routing Summary
Use the VLAN Routing Summary page to display information about the VLAN Routing interfaces configured on
the system.
To display the page, click LAN > Monitoring > L3 Status > VLAN Routing Summary in the navigation tree.
Figure 209: VLAN Routing Summary
Table 190: VLAN Routing Summary Fields
Field
Description
VLAN ID
Slot/Port
MAC Address
IP Address
The ID of the VLAN whose data is displayed in the current table row.
The logical slot and port number assigned to the VLAN Routing Interface.
The MAC Address assigned to the VLAN Routing Interface.
The configured IP Address of the VLAN Routing Interface. Note that if a VLAN
is created and the IP address is not configured, the page by default shows an
IP address of 0.0.0.0. To configure the IP address, go to LAN > L3 Features > IP
> Interface Configuration.
The configured Subnet Mask of the VLAN Routing Interface. This is 0.0.0.0
when the VLAN Routing Interface is first configured and must be entered on
the IP Interface Configuration page.
Subnet Mask
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 323
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Virtual Router Redundancy Protocol (VRRP)
The Virtual Router Redundancy protocol is designed to handle default router failures by providing a scheme
to dynamically elect a backup router. The driving force was to minimize “black hole” periods due to the failure
of the default gateway router during which all traffic directed towards it is lost until the failure is detected.
Though static configuration of default routes is popular, such an approach is susceptible to a single point of
failure when the default router fails. VRRP advocates the concept of a “virtual router” associated with one or
more IP Addresses that serve as default gateways. In the event that the VRRP Router controlling these IP
Addresses (formally known as the Master) fails, the group of IP Addresses and the default forwarding role is
taken over by a Backup VRRP Router.
VRRP Configuration
Use the VRRP Configuration page to enable or disable the administrative status of a virtual router.
To display the page, click LAN > L3 Features > VRRP > VRRP Configuration in the navigation tree.
Figure 210: VRRP Configuration
Table 191: VRRP Configuration
Field
Description
Admin Mode
This sets the administrative status of VRRP in the router to active or inactive.
Select Enable or Disable from the dropdown menu. The default is Disable.
• If you change the administrative mode, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 324
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Virtual Router Configuration
Use the Virtual Router Configuration page to create a new virtual router or to configure an existing one.
To display the page, click LAN > L3 Features > VRRP > Virtual Router Interface in the navigation tree.
Figure 211: Virtual Router Configuration
Table 192: Virtual Router Configuration Fields
Field
Description
VRID
Select Create from the menu to configure a new Virtual Router, or select one
of the existing Virtual Routers, listed by interface number and VRID.
This field is only configurable if you are creating new Virtual Router, in which
case enter the VRID in the range 1 to 255.
This field is only configurable if you are creating new Virtual Router, in which
case select the interface for the new Virtual Router from the menu.
Select Enable or Disable from the dropdown menu. If you select Enable, a
backup router preempts the master router if it has a priority greater than the
master virtual router's priority, provided that the master is not the owner of
the virtual router’s IP address. The default is Enable.
Set the accept mode:
• Enable: The VRRP master will accept all types of data packets addressed to
IP address(es) associated with the virtual router
• Disable: The VRRP master will discard all types of data packets addressed
to IP address(es) associated with the virtual router if it is not the IP address
owner. The default is disable.
VRID
Interface
Pre-empt Mode
Accept Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 325
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Table 192: Virtual Router Configuration Fields (Cont.)
Field
Description
Configured Priority
Enter the priority value to be used by the VRRP router in the election for the
master virtual router. If the Virtual IP Address is the same as the interface IP
Address, the priority gets set to 255 no matter what you enter. If you enter a
priority of 255 when the Virtual and interface IP Addresses are not the same,
the priority gets set to the default value of 100.
Priority
The operational priority of the VRRP router. This is relative to the configured
priority. The operational priority depends upon the configured priority, and
the priority decrements configured through the tracking process.
Advertisement Interval (secs) Enter the time, in seconds, between the transmission of advertisement
packets by this virtual router. Enter a number between 1 and 255. The default
value is 1 second.
Interface IP Address
Indicates the IP Address associated with the selected interface.
IP Address
Enter the IP Address associated with the Virtual Router. The default is 0.0.0.0,
which you must change prior to clicking Create.
Authentication Type
Select the type of Authentication for the Virtual Router from the dropdown
menu. The default is None. The choices are:
• 0-None: No authentication is performed.
• 1-Simple: Authentication is performed using a text password.
Authentication Data
If you selected simple authentication, enter the password.
Status
Select active or inactive from the dropdown menu to start or stop the
operation of the Virtual Router. The default is inactive.
Command Buttons
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
• Click Secondary IP Address to proceed to the Secondary IP Address configuration page.
• Click Delete to delete the selected Virtual Router. Note that the router cannot be deleted if there are
secondary addresses configured.
• Click Track Interface to proceed to the VRRP Track Interface configuration page.
• Click Track Route to proceed to the VRRP Track Route configuration page.
Configuring a Secondary VRRP Address
To configure a secondary VRRP address, first configure one IP address (the primary address) for the VR. Then,
you can add multiple secondary addresses to that interface.
• Click Submit to apply the new configuration and cause the change to take effect. These changes will not
be retained across a power cycle unless a Save configuration is performed.
• Click Delete to delete the selected secondary IP address.
• Click Cancel to return to the Virtual Router Configuration page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 326
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Creating a New Virtual Router
1. From the Virtual Router Configuration page, select Create from the VRID and Slot/Port menu.
2. Specify the VRID, the virtual router address, and the interface for the new virtual router.
3. Define the remaining fields as needed.
4. Click Create to apply the changes to the system.
The new virtual router is saved, and the device is updated.
Modifying a Virtual Router
To modify the settings for an existing virtual router, select its ID from the VRID and Slot/Port menu and change
the fields as needed. Click Submit to apply the changes to the system.
VRRP Interface Tracking Configuration
Use VRRP Interface Tracking to track a specific interface IP state within the router that can alter the priority
level of a virtual router for a VRRP group. An exception to this is, if that VRRP group is the IP address owner,
its priority is fixed at 255 and cannot be reduced through the tracking process.
To display the page, click LAN > L3 Features > VRRP > Virtual Router Configuration in the navigation tree, then
click the Track Interface button.
Figure 212: VRRP Interface Tracking Configuration
Table 193: VRRP Interface Tracking Configuration Fields
Field
Description
Slot/Port
Virtual Router ID
Tracking Interface
Priority Decrement
The interface associated with the Virtual Router ID.
The Virtual Router ID for which data is to be displayed.
The Tracked Interface for which data is to be displayed.
The priority decrement for the tracked interface. The valid range is 1 to 254.
The default value is 10.
The IP state of the tracked interface.
Removes the selected Tracking Interface from the VRRP tracked list.
Interface State
Remove
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 327
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
• Click Add to proceed to the VRRP Interface Tracking page.
• Click Submit to apply the new configuration. Configuration changes take effect immediately. These
changes will not be retained across a power cycle unless a Save configuration is performed.
• Click Refresh to refresh the page with the most current data from the switch.
• Click Cancel to return to the Virtual Router Configuration page.
VRRP Interface Tracking
Use the VRRP Interface Tracking page to add an interface to the tracking list. This page is accessible by clicking
Add from the Virtual Router Configuration page.
Figure 213: VRRP Interface Tracking
Table 194: VRRP Track Interface Fields
Field
Description
Slot/Port
Virtual Router ID
Track Slot/Port
The interface associated with the Virtual Router ID.
The Virtual Router ID for which data is to be displayed.
Displays all routing interfaces which are not yet tracked for this Virtual Router
ID and interface configuration. Exceptions to this: loopback and tunnels could
not be tracked.
The priority decrement for the tracked interface. The valid range is 1-254. The
default value is 10.
Priority Decrement
• Click Submit to send the updated configuration to the switch. Configuration changes take effect
immediately. These changes will not be retained across a power cycle unless a Save configuration is
performed.
• Click Cancel to return to the VRRP Interface Tracking Configuration page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 328
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
VRRP Route Tracking Configuration
Use VRRP Route Tracking Configuration to track specific route IP states within the router that can alter the
priority level of a virtual router for a VRRP group.
To display the page, click LAN > L3 Features > VRRP > Virtual Router Configuration in the navigation tree, then
click the Track Route button.
Figure 214: VRRP Route Tracking Configuration
Table 195: VRRP Route Tracking Configuration Fields
Field
Description
Interface
Virtual Router ID
Tracking Route Pfx
Tracking Route PfxLen
Priority Decrement
The interface associated with the Virtual Router ID.
The Virtual Router ID for which tracking data is to be displayed.
The prefix of the tracked route.
The prefix length of the tracked route.
Enter the priority decrement for the tracked route. The valid range is 1-254.
The default value is 10.
The reachability of the tracked route.
Removes the selected tracking routes from the VRRP tracked list.
Reachable
Remove
• Click Add to proceed to the VRRP Route Tracking page.
• Click Submit to send the updated configuration to the switch. Configuration changes take effect
immediately. These changes will not be retained across a power cycle unless a Save configuration is
performed.
• Click Refresh to refresh the page with the most current data from the switch.
• Click Cancel to return to the Virtual Router Configuration page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 329
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
VRRP Route Tracking
Use the VRRP Route Tracking page to add a route into the tracking list. To access this page, click Add from the
VRRP Route Tracking page.
Figure 215: VRRP Route Tracking
Table 196: VRRP Route Tracking Fields
Field
Description
Interface
Virtual Router ID
Track Route Pfx
Track Route PfxLen
Priority Decrement
The Interface associated with the Virtual Router ID.
The Virtual Router ID for which data is to be displayed.
The prefix of the route.
The prefix length of the route.
The priority decrement for the route. The valid range is 1-254. The default
value is 10.
• Click Submit to send the updated configuration to the switch. Configuration changes take effect
immediately. These changes will not be retained across a power cycle unless a Save is performed.
• Click Cancel to return to the VRRP Route Tracking Configuration page.
Virtual Router Status
Use the Virtual Router Status page to display virtual router status.
To display the page, click LAN > Monitoring > L3 Status > Virtual Router Status in the navigation tree.
Figure 216: Virtual Router Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 330
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Table 197: Virtual Router Status Fields
Field
Description
VRID
Slot/Port
Priority
Virtual Router Identifier.
Indicates the interface associate with the VRID.
The priority value used by the VRRP router in the election for the master
virtual router.
• Enable: If the Virtual Router is a backup router, it preempts the master
router if it has a priority greater than the master virtual router's priority
provided that the master is not the owner of the virtual router IP address.
• Disable: If the Virtual Router is a backup router it does not preempt the
master router even if its priority is greater.
The time, in seconds, between the transmission of advertisement packets by
this virtual router.
The IP Address associated with the Virtual Router.
The actual IP Address associated with the interface used by the Virtual Router.
Set to True if the Virtual IP Address and the Interface IP Address are the same,
otherwise set to False. If this parameter is set to True, the Virtual Router is the
owner of the Virtual IP Address, and always wins an election for master router
when it is active.
The virtual MAC Address associated with the Virtual Router, composed of a
24-bit organizationally unique identifier, the 16-bit constant identifying the
VRRP address block and the 8-bit VRID. The Virtual MAC address is:
00:00:5e:00:01:XX,
where XX is the VRID.
The type of authentication in use for the Virtual Router
• None: Specifies that the authentication type is none.
• Simple: Specifies that the authentication type is a simple text password.
The current state of the Virtual Router:
• Initialize
• Master
• Backup
The current status of the Virtual Router:
• Inactive
• Active
A secondary VRRP address configured for the primary VRRP.
Pre-empt Mode
Advertisement Interval(secs)
Virtual IP Address
Interface IP Address
Owner
VMAC Address
Auth Type
State
Status
Secondary IP Address
• Click Refresh to update the information on the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 331
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Virtual Router Statistics
Use the Virtual Router Statistics page to display statistics for a specified virtual router.
To display the page, click LAN > Monitoring > L3 Status > Virtual Router Statistics in the navigation tree.
Figure 217 shows the fields on the Virtual Router Statistics page for a switch that has one or more virtual
routers configured.
Figure 217: Virtual Router Statistics—Virtual Router Configured
The Virtual Router Statistics page contains the fields listed below. Many of the fields display only when there
is a valid VRRP configuration.
Table 198: Virtual Router Statistics Fields
Field
Description
Router Checksum Errors
The total number of VRRP packets received with an invalid VRRP checksum
value.
The total number of VRRP packets received with an unknown or unsupported
version number.
The total number of VRRP packets received with an invalid VRID for this virtual
router.
Select the existing Virtual Router, listed by interface number and VRID, for
which you want to display statistical information.
the VRID for the selected Virtual Router.
Router Version Errors
Router VRID Errors
VRID and Slot/Port
VRID
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 332
D-Link UWS User Manual
Virtual Router Redundancy Protocol (VRRP)
Table 198: Virtual Router Statistics Fields (Cont.)
Field
Description
Slot/Port
Up Time
The interface for the selected Virtual Router.
The time, in days, hours, minutes and seconds, that has elapsed since the
virtual router transitioned to the initialized state.
State Transitioned to Master The total number of times that this virtual router's state has transitioned to
Master.
Advertisement Received
The total number of VRRP advertisements received by this virtual router.
Advertisement Interval Errors The total number of VRRP advertisement packets received for which the
advertisement interval was different than the one configured for the local
virtual router.
Authentication Failure
The total number of VRRP packets received that did not pass the
authentication check.
IP TTL Errors
The total number of VRRP packets received by the virtual router with IP TTL
(Time-To-Live) not equal to 255.
Zero Priority Packets Received The total number of VRRP packets received by the virtual router with a priority
of 0.
Zero Priority Packets Sent
The total number of VRRP packets sent by the virtual router with a priority of
0.
Invalid Type Packets Received The number of VRRP packets received by the virtual router with an invalid
value in the Type field.
Address List Errors
The total number of packets received for which the address list does not
match the locally configured list for the virtual router.
Invalid Authentication Type
The total number of packets received with an unknown authentication type.
Authentication Type Mismatch The total number of packets received with an authentication type different to
the locally configured authentication method.
Packet Length Errors
The total number of packets received with a packet length less than the length
of the VRRP header.
• Click Refresh to update the screen with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 333
D-Link UWS User Manual
Configuring Quality of Service
Section 6: Configuring Quality of Service
This section gives an overview of Quality of Service (QoS) and explains the QoS features available from the
Quality of Service navigation tree menu, which include the following:
• “Configuring Class of Service”
• “Configuring Differentiated Services”
• “Configuring Auto VoIP”
In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached
network. Multiple queues per port are often provided to give preference to certain packets over others based
on user-defined criteria. When a packet is queued for transmission in a port, the rate at which it is serviced
depends on how the queue is configured and possibly the amount of traffic present in the other queues of the
port. If a delay is necessary, packets get held in the queue until the scheduler authorizes the queue for
transmission. As queues become full, packets have no place to be held for transmission and get dropped by
the switch.
QoS is a means of providing consistent, predictable data delivery by distinguishing between packets that have
strict timing requirements from those that are more tolerant of delay. Packets with strict timing requirements
are given “special treatment” in a QoS capable network. With this in mind, all elements of the network must
be QoS-capable. The presence of at least one node which is not QoS-capable creates a deficiency in the
network path and the performance of the entire packet flow is compromised.
Configuring Class of Service
The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This
provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are
not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate
outbound CoS queue through a mapping table. CoS queue characteristics that affect queue mapping, such as
minimum guaranteed bandwidth, transmission rate shaping, etc., are user-configurable at the queue (or port)
level. The system supports eight (0 to 7) queues per port.
Mapping 802.1p Priority
The IEEE 802.1p feature allows traffic prioritization at the MAC level. The switch can prioritize traffic based on
the 802.1p tag attached to the L2 frame. Each port on the switch has multiple queues to give preference to
certain packets over others based on the class of service (CoS) criteria you specify. When a packet is queued
for transmission in a port, the rate at which it is serviced depends on how the queue is configured and possibly
the amount of traffic present in the other queues of the port. If a delay is necessary, packets get held in the
queue until the scheduler authorizes the queue for transmission.
Use the 802.1p Priority Mapping page in the Class of Service folder to assign 802.1p priority values to various
traffic classes on one or more interfaces.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 334
D-Link UWS User Manual
Configuring Class of Service
To display the page, click LAN > QoS> Class of Service802.1p Priority Mapping in the navigation tree.
Figure 218: 802.1p Priority Mapping
Table 199: 802.1p Priority Mapping
Field
Description
Interface
802.1p Priority
Selects the interface to which the class of service configuration is applied.
Displays the 802.1p priority to be mapped. Priority goes from low (0) to high
(7). For example, traffic with a priority of 0 is for most data traffic and is sent
using “best effort.” Traffic with a higher priority, such as 6, might be timesensitive traffic, such as voice or video.
The traffic class is the hardware queue for a port. Higher traffic class values
indicate a higher queue position. Before traffic in a lower queue is sent, it
must wait for traffic in higher queues to be sent. To change the default
priority-to-queue mapping, select a new traffic class value from the dropdown menu.
Traffic Class
• If you make any changes to the page, click Submit to apply the new values to the system.
Trust Mode Configuration
Use the Trust Mode Configuration page to set the class of service trust mode of an interface. Each port in the
switch can be configured to trust one of the packet fields (802.1p or IP DSCP), or to not trust any packet’s
priority designation (untrusted mode). If the port is set to a trusted mode, it uses a mapping table appropriate
for the trusted field being used. This mapping table indicates the CoS queue to which the packet should be
forwarded on the appropriate egress port(s). Of course, the trusted field must exist in the packet for the
mapping table to be of any use, so there are default actions performed when this is not the case. These actions
involve directing the packet to a specific CoS level configured for the ingress port as a whole, based on the
existing port default priority as mapped to a traffic class by the current 802.1p mapping table.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 335
D-Link UWS User Manual
Configuring Class of Service
Alternatively, when a port is configured as untrusted, it does not trust any incoming packet priority designation
and uses the port default priority value instead. All packets arriving at the ingress of an untrusted port are
directed to a specific CoS queue on the appropriate egress port(s) in accordance with the configured default
priority of the ingress port. This process is also used for cases where a trusted port mapping is unable to be
honored, such as when a non-IP packet arrives at a port configured to trust the IP precedence or IP DSCP value.
To display the Trust Mode Configuration page, click LAN > QoS > Class of Service > Trust Mode Configuration
in the navigation menu.
Figure 219: Trust Mode Configuration
Table 200: Trust Mode Configuration Fields
Field
Description
Interface
The menu contains all CoS configurable interfaces. Select the Global option to
apply the same trust mode to all interfaces. Select an individual interface from
the menu to override the global settings on a per-interface basis.
Specifies whether or not an interface (or all interfaces if the Slot/Port field is
set to Global) trust a particular packet marking when the packet enters the
port. The default value is trust dot1p. The mode can only be one of the
following:
• untrusted
• trust dot1p
• trust ip-dscp
This field appears if the trust mode for the selected interface is trust ip-dscp.
The field displays the traffic class (queue) to which all non-IP traffic is directed
when in the interface trust mode is trust ip-dscp. The value is fixed to 1.
This field appears if the trust mode for the selected interface is untrusted. The
field displays the traffic class (queue) to which all traffic is directed when in
untrusted mode. The value is fixed to 1.
Interface Trust Mode
Non-IP Traffic Class
Untrusted Traffic Class
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 336
D-Link UWS User Manual
Configuring Class of Service
The Trust Mode Configuration page also displays the Current 802.1p Priority Mapping table. For information
about 802.1p priority mapping, see “Mapping 802.1p Priority” on page 334.
To access the 802.1 priority mapping configuration page, click LAN > QoS > Class of Service > 802.1p Priority
Mapping in the navigation menu. For more information, see “Mapping 802.1p Priority” on page 334.
• If you make changes to the Trust Mode Configuration page, click Submit to apply the changes to the
system.
• Click Restore Defaults to reset the selected interface (or all interfaces, if Global is selected) to the default
trust value.
IP DSCP Mapping Configuration
Use the IP DSCP Mapping Configuration page to map an IP DSCP value to an internal traffic class.
To display the IP DSCP Mapping Configuration page, click LAN >QoS > Class of Service > IP DSCP Mapping
Configuration in the navigation menu.
Figure 220: IP DSCP Mapping Configuration
Table 201: IP DSCP Mapping Configuration Fields
Field
Description
Interface
The menu contains all CoS configurable interfaces. The only option is Global,
which means that the IP DSCP mapping configuration applies to all interfaces
and cannot be applied on a per-interface basis.
Lists the IP DSCP values to which you can map an internal traffic class. The
values range from 0-63.
The traffic class is the hardware queue for a port. Higher traffic class values
indicate a higher queue position. Before traffic in a lower queue is sent, it
must wait for traffic in higher queues to be sent. Valid range is 0 to 7.
IP DSCP Values
Traffic Class
• If you make changes to the page, click Submit to apply the changes to the system. Click Restore Defaults
to reset all interfaces to the default trust value.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 337
D-Link UWS User Manual
Configuring Class of Service
CoS Interface Configuration
Use the CoS Interface Configuration page to apply an interface shaping rate to all ports or to a specific port.
To display the CoS Interface Configuration page, click LAN > QoS > Class of Service > CoS Interface
Configuration in the navigation menu.
Figure 221: Interface Configuration
Table 202: Interface Configuration Fields
Field
Description
Interface
Selects the CoS configurable interface to be affected by the Interface Shaping
Rate. Select Global to apply a rate to all interfaces. Select an individual port to
override the global setting.
Sets the limit on how much traffic can leave a port. The limit on maximum
transmission bandwidth has the effect of smoothing temporary traffic bursts
over time so that the transmitted traffic rate is bounded. The specified value
represents a percentage of the maximum negotiated bandwidth. The default
value is zero (0). Valid values are 0-100, in increments of 1. A value of 0 means
the maximum is unlimited.
Interface Shaping Rate
• If you make changes to the page, click Submit to apply the changes to the system. Click Restore Defaults
to reset all interfaces to the default trust value.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 338
D-Link UWS User Manual
Configuring Class of Service
CoS Interface Queue Configuration
Use the CoS Interface Queue Configuration page to define what a particular queue does by configuring switch
egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue
depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a
port. Each port has its own CoS queue-related configuration.
The configuration process is simplified by allowing each CoS queue parameter to be configured globally or perport. A global configuration change is automatically applied to all ports in the system.
To display the Interface Queue Configuration page, click LAN > QoS > Class of Service > CoS Interface Queue
Configuration in the navigation menu.
Figure 222: Interface Queue Configuration
Table 203: Interface Queue Configuration Fields
Field
Description
Interface
Minimum Bandwidth
Allocated
Specifies the interface (physical, LAG, or Global) to configure.
Shows the sum of individual Minimum Bandwidth values for all queues in the
interface. The sum cannot exceed the defined maximum of 100. This value is
considered while configuring the Minimum Bandwidth for a queue in the
selected interface.
Use the menu to select the queue per interface to be configured.
Specify the minimum guaranteed bandwidth allocated to the selected queue
on the interface. Setting this value higher than its corresponding Maximum
Bandwidth automatically increases the maximum to the same value. The
default value is 0. The valid range is 0 to 100, in increments of 1. The value zero
(0) means no guaranteed minimum. The sum of individual Minimum
Bandwidth values for all queues in the selected interface cannot exceed
defined maximum 100.
Queue ID
Minimum Bandwidth
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 339
D-Link UWS User Manual
Configuring Class of Service
Table 203: Interface Queue Configuration Fields (Cont.)
Field
Description
Scheduler Type
Selects the type of queue processing from the dropdown menu. Options are
Weighted and Strict. Defining on a per-queue basis allows the user to create
the desired service characteristics for different types of traffic.
• Weighted: Weighted round robin associates a weight to each queue. This
is the default.
• Strict: Strict priority services traffic with the highest priority on a queue
first
Displays the type of queue depth management techniques used for all queues
on this interface. Queue Management Type can only be Taildrop. The default
value is Taildrop. All packets on a queue are safe until congestion occurs. At
this point, any additional packets queued are dropped.
Queue Management Type
• If you make changes to the page, click Submit to apply the changes to the system.
• Click Restore Defaults for all Queues to reset the settings for the selected interface.
• To reset the defaults for all interfaces, select Global from the Slot/Port menu before you click the button.
CoS Interface Queue Status
To display the Interface Queue Status page, click LAN > Monitoring > Class of Service > Interface Queue Status
in the navigation menu.
Figure 223: Interface Queue Status
For information about the fields the page displays, see Table 203 on page 339.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 340
D-Link UWS User Manual
Configuring Differentiated Services
Configuring Differentiated Services
The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into
streams and given certain QoS treatment in accordance with defined per-hop behaviors.
Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service
implies that the network delivers the data in a timely fashion, although there is no guarantee that it will. During
times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications,
such as e-mail and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
Conversely, any degradation of service has undesirable effects on applications with strict timing requirements,
such as voice or multimedia.
To use DiffServ for QoS, the web pages accessible from the Differentiated Services menu must first be used to
define the following categories and their criteria:
1. Class: Create classes and define class criteria.
2. Policy: Create policies, associate classes with policies, and define policy statements.
3. Service: Add a policy to an inbound interface
Packets are classified and processed based on defined criteria. The classification criteria is defined by a class.
The processing is defined by a policy's attributes. Policy attributes may be defined on a per-class instance basis,
and it is these attributes that are applied when a match occurs. A policy can contain multiples classes. When
the policy is active, the actions taken depend on which class matches the packet.
Packet processing begins by testing the class match criteria for a packet. A policy is applied to a packet when
a class match within that policy is found.
The Differentiated Services menu page contains links to the various Diffserv configuration and display
features.
Diffserv Configuration
Packets are filtered and processed based on defined criteria. The filtering criteria is defined by a class. The
processing is defined by a policy’s attributes. Policy attributes may be defined on a per-class instance basis,
and it is these attributes that are applied when a match occurs.
The configuration process begins with defining one or more match criteria for a class. Then one or more classes
are added to a policy. Policies are then added to interfaces.
Packet processing begins by testing the match criteria for a packet. The ‘all’ class type option defines that each
match criteria within a class must evaluate to true for a packet to match that class. The ‘any’ class type option
defines that at least one match criteria must evaluate to true for a packet to match that class. Classes are
tested in the order in which they were added to the policy. A policy is applied to a packet when a class match
within that policy is found.
Use the Diffserv Configuration page to display DiffServ General Status Group information, which includes the
current administrative mode setting as well as the current and maximum number of rows in each of the main
DiffServ private MIB tables.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 341
D-Link UWS User Manual
Configuring Differentiated Services
To display the page, click LAN > Quality of Service > Differentiated Services > Diffserv Configuration in the
navigation menu.
Figure 224: DiffServ Configuration
Table 204: DiffServ Configuration Fields
Field
Description
DiffServ Admin Mode
Turns admin mode on and off. The default value is Enable. While disabled, the
DiffServ configuration is retained and can be changed, but it is not active.
While enabled, Differentiated Services are active.
MIB Table
Class Table
Class Rule Table
Policy Table
Policy Instance Table
Policy Attributes Table
Service Table
Displays the current and maximum number of rows of the class table.
Displays the current and maximum number of rows of the class rule table.
Displays the current and maximum number of rows of the policy table.
Displays the current and maximum number of rows of the policy instance
table.
Displays the current and maximum number of rows of the policy attributes
table.
Displays the current and maximum number of rows of the service table.
• If you change the DiffServ admin mode, click Submit to apply the change to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 342
D-Link UWS User Manual
Configuring Differentiated Services
Class Configuration
Use the Class Configuration page to add a new Diffserv class name, or to rename or delete an existing class.
The page also allows you to define the criteria to associate with a DiffServ class. As packets are received, these
DiffServ classes are used to prioritize packets. You can have multiple match criteria in a class. The logic is a
Boolean logical AND for this criteria.
To display the page, click LAN > QoS > Differentiated Services > Class Configuration in the navigation menu.
The fields available on the Class Configuration page depend on whether you create a new class or configure a
class that has already been created.
Figure 225 shows the Class Configuration page when the Class Selector option is Create.
Figure 225: DiffServ Class Configuration
Figure 226 shows the Class Configuration page when the Class Selector option shows a configured class. The
class has two class match selectors configured.
Figure 226: DiffServ Class Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 343
D-Link UWS User Manual
Configuring Differentiated Services
Table 205: DiffServ Class Configuration Fields
Field
Description
Class Selector
To configure a new DiffServ class, select Create. To modify or view an existing
class, select the name of the class from the dropdown menu.
Enter a class name. To create a new class, select the class type and click
Submit. To rename an existing class, click Rename after you enter the class
name.
Lists all of the class types. Currently the hardware supports only the Class Type
value All, which means all the various match criteria defined for the class
should be satisfied for a packet match. All signifies the logical AND of all the
match criteria.
The DiffServ feature supports classification of IPv4 packets only.
The menu lists all match criteria you can add to a specified class. To configure
the criteria, select a match criteria from the list, and then click Add Match
Criteria. The screen changes to the criteria configuration page for that class.
After you configure the criteria, click Submit to apply the criteria to the class
and return to the Class Configuration page. To return to the Class
Configuration page without applying the criteria, click Cancel. The match
criteria and configurable fields are as follows:
• Destination IP Address: Requires a packet’s destination IP address to
match the address listed here. In the IP Address field, enter a valid
destination IP address in dotted decimal format. In the IP Mask field, enter
a valid subnet mask to determine which bits in the IP address are
significant. Note that this is not a wildcard mask.
• Destination Layer 4 Port: Requires a packet’s TCP/UDP destination port to
match the port you select. Select the desired L4 keyword from the list on
which the rule can be based. If you select Other, the screen refreshes and
a Port ID field appears. Enter a user-defined Port ID by which packets are
matched to the rule. The valid range is 0–65535.
• Any: All packets are considered to match the specified class and no
additional input information is needed.
• IP DSCP: Matches the packet’s DSCP to the class criteria’s when selected.
Select the DSCP type from the menu or enter a DSCP value to match. If you
select Other, enter a custom value in the DSCP Value field that appears.
The valid range is 0–63.
• IP Precedence: Matches the packet’s IP Precedence value to the class
criteria’s when Enter a value in the range of 0–7.
• IP TOS: Matches the packet’s Type of Service bits in the IP header to the
class criteria’s when selected and a value is entered. In the TOS Bits field,
enter a two-digit hexadecimal number to match the bits in a packet’s TOS
field. In the TOS Mask field, specify the bit positions that are used for
comparison against the IP TOS field in a packet.
Class Name
Class Type
Class Layer 3 Protocol
Class Match Selector
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 344
D-Link UWS User Manual
Configuring Differentiated Services
Table 205: DiffServ Class Configuration Fields (Cont.)
Field
Description
Class Match Selector (cont.)
• Protocol: Requires a packet’s layer 4 protocol to match the protocol you
select. If you select Other, enter a protocol number in the field that
appears. The valid range is 0-255.
• Reference Class: Selects a class to start referencing for criteria. If the
specified class references another class, the Reference Class match
criterion disappears from the match list to prevent you adding another
class reference, since a specified class can reference at most one other
class of the same type. Additionally, a Remove Class Reference button
appears on the screen. Click the button to remove the current class
reference.
• Source IP Address: Requires a packet’s source port IP address to match the
address listed here. In the IP Address field, enter a valid source IP address
in dotted decimal format. In the IP Mask field, enter a valid subnet mask
to determine which bits in the IP address are significant. Note that this is
not a wildcard mask.
• Source Layer 4 Port: Requires a packet’s TCP/UDP source port to match
the port you select. Select the desired L4 keyword from the list on which
the rule can be based. If you select Other, the screen refreshes and a Port
ID field appears. Enter a user-defined Port ID by which packets are matched
to the rule. The valid range is 0–65535.
DiffServ Class Summary
The DiffServ Class Summary page provides an overview of the classes that have been configured on the switch.
To display the page, click LAN > Monitoring > Differentiated Services > Class Summary in the navigation menu.
Figure 227: Class Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 345
D-Link UWS User Manual
Configuring Differentiated Services
Policy Configuration
Use the Policy Configuration page to associate a collection of classes with one or more policy statements.
To display the page, click LAN > QoS > Differentiated Services > Policy Configuration in the navigation menu.
The fields available on the Policy Configuration page depend on whether you create a new class or configure
a class that has already been created.
Figure 228 shows the Policy Configuration page when the Policy Selector option is Create.
Figure 228: Policy Configuration
Figure 229 shows the Policy Configuration page when the Policy Selector option shows a configured policy that
has a member class. To configure a member class, see “Class Configuration” on page 343.
Figure 229: Policy Configuration
Table 206: Policy Configuration Fields
Field
Description
Policy Selector
To create a new policy, select Create from the menu; another page appears to
facilitate creation of a new policy. To change a policy name or to modify the
class list members, select the policy name from the menu. To delete an
existing policy select it from the menu, and then click Delete.
If you select Create from the Policy Selector menu, enter a name to associate
with the class(es). The name is a case-sensitive alphanumeric string from 1 to
31 characters uniquely identifying a policy. To modify the name of an existing
policy, select it from the Policy Selector menu and enter a new name in the
Policy Name field, and then click Rename.
Policy Name
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 346
D-Link UWS User Manual
Configuring Differentiated Services
Table 206: Policy Configuration Fields (Cont.)
Field
Description
Policy Type
The available policy type is In, which indicates the type is specific to inbound
traffic. Out indicates the type is specific to outbound traffic direction. This field
is only configurable when you create a new policy. After policy creation, this
becomes a non-configurable field displaying the configured policy type.
The menu lists all existing DiffServ class names. The list is automatically
updated as a new class is added or removed from the policy. To associate a
DiffServ class with a policy, select the name of the class from the list, and then
click Add Selected Class.
The menu lists all DiffServ classes that have been added to the policy. names.
To remove a DiffServ class from a policy, select the name of the class from the
list, and then click Remove Selected Class. This list is automatically updated as
a new class is added or removed from the policy.
Available Class List
Member Class List
DiffServ Policy Summary
The DiffServ Class Summary page provides an overview of the policies that have been configured on the
switch. To display the page, click LAN > Monitoring > Differentiated Services > Policy Summary in the
navigation menu.
Figure 230: Policy Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 347
D-Link UWS User Manual
Configuring Differentiated Services
Policy Class Definition
Use the Policy Class Definition page to associate a class to a policy and to define attributes for that policy-class
instance.
To display the page, click LAN > QoS > Differentiated Services > Policy Class Definition in the navigation menu.
Figure 231: Policy Class Definition
Depending on the selected policy attribute, when you click Configure Selected Attribute, a page displays to
enable entering an appropriate value. Table 207 describes all fields available on these pages.
Table 207: Policy Class Definition Fields
Field
Description
Policy Selector
Policy Type
Member Class
List
Policy Attribute
Selector
Select the policy to associate with a member class from the menu.
The read-only field shows the type of policy.
Select the member class to associate with this policy name from the menu.
D-Link
Oct. 2015
The menu lists all attributes supported for this type of policy, from which one can be
selected. To configure the attributes, select an attribute from the list, and then click
Configure Selected Attribute. The screen changes to the attribute configuration page for
that attribute. After you configure the attribute, click Submit to apply the criteria to the
class and return to the Policy Class Definition page. To return to the Policy Class Definition
page without applying the attribute, click Cancel. The attributes and configurable fields are
as follows:
• Assign Queue: Assigns the packets of this policy-class to a queue. Enter an integer from
0-7 in the Queue Id Value field.
• Drop Packets: Select this field to drop packets for this policy-class. There are no fields
to configure. Once you select Drop, click Configure Select Attribute, and then click
Submit, the attribute is added to the policy.
• Mark CoS: Enter the specified Class of Service queue number to mark all packets for the
associated traffic stream with the specified class of service value in the priority field of
the 802.1p header (the only tag in a single tagged packet or the first or outer 802.1Q
tag of a double VLAN tagged packet). If the packet does not already contain this header,
one is inserted. The CoS value is an integer from 0 to 7.
• Mark IP DSCP: Use this attribute to mark all packets for the associated traffic stream
with IP DSCP value you choose from the menu.
Unified Wired and Wireless Access System
Page 348
D-Link UWS User Manual
Configuring Differentiated Services
Table 207: Policy Class Definition Fields (Cont.)
Field
Description
Policy Attribute
Selector (Cont.)
• Mark IP Precedence: Use this attribute to mark all packets for the associated traffic
stream with the IP Precedence value you enter in the IP Precedence Value field.
• Mirror Interface: Use this attribute to specify the specific egress interface where the
matching traffic stream is copied in addition to being forwarded normally by the
device.
• Police Simple: Use this attribute to establish the traffic policing style for the specified
class. The simple form of the police command uses a single data rate and burst size,
resulting in two outcomes: conform and violate. The conforming data rate is specified
in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295. The conforming
burst size is specified in kilobytes (KB) and is an integer from 1 to 128. The Police Simple
attribute configuration page has the following configurable fields:
– Color Mode: The policing style is color blind.
– Committed Rate (Kbps): Used to monitor arrival rate of incoming packets for this
class. The range is 1 to 4294967295 kilobits per second (Kbps).
– Committed Burst Size (KB): Used to determine the amount of conforming traffic
allowed. The range is 1 to 128 KBytes.
– Conform Action Selector: Determines what happens to packets that are considered
conforming (below the police rate). Select one of the following actions:
• Send: (default) These packets are presented unmodified by DiffServ to the
system forwarding element.
• Drop: These packets are immediately dropped.
• Mark IP DSCP: These packets are marked by DiffServ with the specified DSCP
value before being presented to the system forwarding element. This selection
requires that the DSCP value field be set.
• Mark IP Precedence: These packets are marked by DiffServ with the specified IP
Precedence value before being presented to the system forwarding element.
This selection requires that the Mark IP Precedence value field be set.
– Violate Action: Determines what happens to packets that are considered nonconforming (above the police rate). Select one of the following actions:
• Drop: (default) These packets are immediately dropped.
• Mark IP DSCP: These packets are marked by DiffServ with the specified DSCP value
before being presented to the system forwarding element. This selection requires
that the DSCP value field be set.
• Mark IP Precedence: These packets are marked by DiffServ with the specified IP
Precedence value before being presented to the system forwarding element. This
selection requires that the Mark IP Precedence value field be set.
• Send: (default) These packets are presented unmodified by DiffServ to the system
forwarding element.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 349
D-Link UWS User Manual
Configuring Differentiated Services
DiffServ Policy Attribute Summary
The DiffServ Policy Attribute Summary page provides an overview of the attributes that have been configured
for each policy. To display the page, click LAN > Monitoring > Differentiated Services > Policy Attribute
Summary in the navigation menu.
Figure 232: Policy Attribute Summary
Service Configuration
Use the Service Configuration page to activate a policy on a port.
To display the page, click LAN > QoS > Differentiated Services > Service Configuration in the navigation menu.
Figure 233: Service Configuration
Table 208: Service Configuration Fields
Field
Description
Interface
Selects the interface (physical, LAG, or All) to be affected from menus. This is
a list of all valid slot number and port number combinations in the system,
including all interfaces.
This lists all the policy names of type ‘In’ to be associated with the port which
can be selected from a menu. If ‘None’ is selected, this will detach the policy
from the interface in this direction.
This field displays only when All is selected from the Interface menu. Select
the traffic direction of this service interface.
Policy In
Direction
To activate a policy on an interface, select the interface and the policy, and then click Submit.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 350
D-Link UWS User Manual
Configuring Differentiated Services
DiffServ Service Summary
The DiffServ Service Summary page provides an overview of the policies-port associations. To display the page,
click LAN > Monitoring > Differentiated Services > Service Summary in the navigation menu.
Figure 234: Service Summary
Service Statistics
Use the Service Statistics page to display service-level statistical information about all interfaces that have
DiffServ policies attached.
To display the page, click LAN > Monitoring > Differentiated Services > Service Statistics in the navigation
menu.
Figure 235: Service Statistics
Table 209: Service Statistics Fields
Field
Description
Counter Mode Selector
Use the menu to determine the format of the displayed counter values, which
must be either Octets or Packets. The default is Octets.
Service Statistics
Interface
Direction
D-Link
Oct. 2015
Shows the interface for which service statistics are to display.
Shows the direction of packets for which service statistics display.
Unified Wired and Wireless Access System
Page 351
D-Link UWS User Manual
Configuring Differentiated Services
Table 209: Service Statistics Fields (Cont.)
Field
Description
Operational Status
Shows the operational status of this service interface, which is either Up or
Down.
Shows the total number of packets/octets offered to all class instances in this
service policy before their defined DiffServ treatment is applied. This is the
overall count per-interface, per-direction.
Shows the total number of packets/octets discarded for all class instances in
this service policy for any reason due to DiffServ treatment. This is the overall
count per-interface, per-direction.
Shows the total number of packets/octets forwarded for all class instances in
this service policy after their defined DiffServ treatments were applied. In this
case, forwarding means the traffic stream was passed to the next functional
element in the data path, such as the switching or routing function of an
outbound link transmission element. This is the overall count per-interface,
per-direction.
Offered Octets
Discarded Octets/Packets
Sent Octets/Packets
Click Refresh to update the information on the screen.
Service Detailed Statistics
Use the Service Detailed Statistics page to display class-oriented statistical information for the policy, which is
specified by the interface and direction. The Member Classes drop-down menu is populated on the basis of
the specified interface and direction and hence the attached policy (if any). Highlighting a member class name
displays the statistical information for the policy-class instance for the specified interface and direction.
To display the page, click LAN > Monitoring > Differentiated Services > Service Detailed Statistics in the
navigation menu.
Figure 236: Service Detailed Statistics
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 352
D-Link UWS User Manual
Configuring Differentiated Services
Table 210: Service Detailed Statistics Fields
Field
Description
Counter Mode
Selector
Interface
Selects the format of the displayed counter values, which must be either Octets or Packets.
The default is Octets.
List of all valid slot number and port number combinations in the system that have a
DiffServ policy currently attached in the In direction.
Direction
Selects the direction of packets for which service statistics are to display. Only shows the
direction(s) for which a DiffServ policy is currently attached.
Policy Name
Displays the policy currently attached to the selected interface and direction.
Operational
Displays the operational status of the policy currently attached to the specified interface
Status
and direction. The value is either Up or Down.
Member Classes List of all DiffServ classes currently defined as members of the selected Policy Name.
Choose one member class name at a time to display its statistics. If no class is associated
with the chosen policy, then nothing will be populated in the list.
Offered Packets/ Displays the count of the packets/octets offered to this class instance before the defined
Octets
DiffServ treatment is applied.
Discarded
Displays the count of packets/octets discarded for this class instance for any reason due to
Packets/Octets DiffServ treatment of the traffic class.
Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 353
D-Link UWS User Manual
Configuring Auto VoIP
Configuring Auto VoIP
Voice over Internet Protocol (VoIP) allows you to make telephone calls using a computer network over a data
network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and
other multimedia applications) deployed in networks today, proper QoS configuration will ensure high-quality
application performance. The Auto VoIP feature is intended to provide an easy classification mechanism for
voice packets so that they can be prioritized above data packets in order to provide better QoS.
The Auto-VoIP feature explicitly matches VoIP streams in Ethernet switches and provides them with a better
class of service than ordinary traffic. If you enable the Auto-VoIP feature on an interface, the interface scans
incoming traffic for the following call-control protocols:
• Session Initiation Protocol (SIP)
• H.323
• Skinny Client Control Protocol (SCCP)
When a call-control protocol is detected the switch assigns the traffic in that session to the highest CoS queue,
which is generally used for time-sensitive traffic.
Auto VoIP Configuration
Use the Auto VoIP Configuration page to configure the Auto VoIP settings.
To display the Auto VoIP Configuration page, click LAN > QoS > Auto VoIP > Auto VoIP Configuration in the
navigation menu.
Figure 237: Auto VoIP Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 354
D-Link UWS User Manual
Configuring Auto VoIP
Table 211: Auto VoIP Configuration Fields
Field
Description
Interface
Specifies all Auto VoIP configurable interfaces. The All option represents the
most recent configuration settings done for all ports. These settings may be
overridden on a per-interface basis.
Use to either Enable or Disable the Auto VoIP mode. The default is Disable.
Displays the traffic class used for VoIP traffic. The default value is 7.
Auto VoIP Mode
Traffic Class
• If you change any of the settings on the page, click Submit to send the updated configuration to the
switch. Configuration changes take effect immediately. These changes will not be retained across a power
cycle unless a Save is performed.
• Click Refresh to update the page with the most current data from the switch.
Auto VoIP Summary
To display the Auto VoIP Summary page, click LAN > Monitoring > Auto VoIP Summary in the navigation menu.
Figure 238: Auto VoIP Summary
For information about the fields the page displays, see Table 211.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 355
D-Link UWS User Manual
Configuring Access Control Lists
Section 7: Configuring Access Control Lists
Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking
off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control,
restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all
provide security for the network. D-Link DWS-4000 Series software supports IPv4 and MAC ACLs. The total
number of MAC and IP ACLs supported by D-Link DWS-4000 Series software is 100.
The Access Control Lists folder contains links to the following folders and web pages:
• “Configuring IP Access Control Lists”
• “MAC Access Control Lists”
• “ACL Interface Configuration”
You first create an IPv4-based or MAC-based rule and assign a unique ACL ID. Then, you define the rules, which
can identify protocols, source and destination IP and MAC addresses, and other packet-matching criteria.
Finally, you use the ID number to assign the ACL to a port.
Configuring IP Access Control Lists
IP access control lists (ACL) allow network managers to define classification actions and rules for specific ports.
ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic
classifications. The total number of rules that can be defined for each ACL is 12. These rules are matched
sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action
(Permit/Deny) is taken, including dropping the packet or disabling the port, and the additional rules are not
checked for a match. For example, a network administrator defines an ACL rule that says port number 20 can
receive TCP packets. However, if a UDP packet is received the packet is dropped.
To configure an ACL:
1. Use the “IP ACL Configuration” page to define the IP ACL type and assign an ID to it.
2. Use the “IP ACL Rule Configuration” page to create rules for the ACL.
3. Use the “ACL Interface Configuration” page to assign the ACL by its ID number to a port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 356
D-Link UWS User Manual
Configuring IP Access Control Lists
IP ACL Configuration
Use the IP ACL Configuration page to add or remove IP-based ACLs. On this menu the interfaces to which an
IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the IP
ACL are specified/created using the “IP ACL Rule Configuration”page.
To display the IP ACL Configuration page, click LAN > Access Control Lists > IP Access Control Lists >
Configuration in the navigation menu.
Figure 239: IP ACL Configuration
Table 212: IP ACL Configuration Fields
Field
Description
IP ACL
Select a type of ACL to create, or select an existing ACL to delete from the
dropdown menu. You can create the following types of IP ACLs:
• Standard IP ACL: Allows you to permit or deny traffic from a source IP
address.
• Extended IP ACL: Allows you to permit or deny specific types of layer 3 or
layer 4 traffic from a source IP address to a destination IP address. This
type of ACL provides more granularity and filtering capabilities than the
standard IP ACL.
• Named IP ACL: Allows you to create an Extended IP ACL that is identified
by a name rather than a number. These ACLs have the same capabilities as
Extended IP ACLs with respect to match criteria and actions supported.
Enter an ID number for the ACL to configure. This field appears if you select
Create Standard IP ACL or Create Extended IP ACL from the IP ACL dropdown
menu. For a standard IP ACL, the acceptable ID values are 1-99. For an
extended IP ACL, the acceptable ID values are 101-199.
This field appears if you select Create New Named IP ACL from the IP ACL
dropdown menu. Specify an IP ACL Name string which includes only
alphanumeric characters. The name must start with an alphabetic character.
This field will display the name of the currently selected IP ACL if the ACL has
already been created.
IP ACL ID
IP ACL Name
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 357
D-Link UWS User Manual
Configuring IP Access Control Lists
The ACL Table at the bottom of the page shows the current size of the ACL table versus the maximum size of
the ACL table. The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of
configured MAC ACLs. The maximum size is 100.
• To add an IP ACL, select the type of ACL to add from the IP ACL menu, enter an ACL ID in the appropriate
field, and then click Submit.
• To delete an IP ACL, select the ACL ID from the IP ACL menu, and then click Delete. The Delete button only
appears if a configured IP ACL is selected.
IP ACL Rule Configuration
Use the IP ACL Rule Configuration page to define rules for IP-based ACLs created using the IP Access Control
List Configuration page. The access list definition includes rules that specify whether traffic matching the
criteria is forwarded normally or discarded. Additionally, you can specify to assign traffic to a particular queue
and/or mirror the traffic to a particular port.
Note: There is an implicit "deny all" rule at the end of an ACL list. This means that if an ACL is applied
to a packet and if none of the explicit rules match, then the final implicit "deny all" rule applies and
the packet is dropped.
To display the IP ACL Rule Configuration page, click LAN > QoS > Access Control Lists > IP Access Control Lists
> Rule Configuration in the navigation menu.
The fields available on the page depend on whether you select a standard, extended, or named IP ACL from
the IP ACL field, whether the rule action is permit or deny, and whether you select Create Rule or an existing
rule from the Rule field.
Figure 240 shows the fields available when Create Rule is selected in the Rule field.
Figure 240: IP ACL Rule Configuration (Create Rule)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 358
D-Link UWS User Manual
Configuring IP Access Control Lists
Figure 241 shows the fields available when you create a rule for an extended IP ACL.
Figure 241: IP ACL Rule Configuration (Extended ACL Rule)
Table 213 shows all possible fields on the IP ACL Rule Configuration page. The actual fields available on the
page depend on what type of rule you configure, whether you create a new rule or modify an existing rule, and
whether the rule action is Permit or Deny.
Table 213: IP ACL Rule Configuration Fields
Field
Description
IP ACL
The menu contains the existing IP ACLs configured on the page. To set up a
new IP ACL, see “Configuring IP Access Control Lists” on page 356.
Select an existing Rule ID to modify or select Create Rule to configure a new
ACL Rule. New rules cannot be created if the maximum number of rules has
been reached. For each rule, a packet must match all the specified criteria in
order to be true against that rule and for the specified rule action (Permit/
Deny) to take place.
This field is only available if you select Create Rule from the Rule field. Enter a
new Rule ID which is a whole number in the range of 1 to 12 that will be used
to identify the rule. After you click Submit, the new ID is created and you can
configure the rule settings. The number of rules you can create in an ACL is
platform dependent.
Selects the ACL forwarding action. Click Configure to change the action. Select
the desired action from the dropdown menu, and then click Submit or Cancel
to return to the Rule Configuration page. Possible values are;
• Permit. Forwards packets which meet the ACL criteria.
• Deny. Drops packets which meet the ACL criteria.
Rule
Rule ID
Action
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 359
D-Link UWS User Manual
Configuring IP Access Control Lists
Table 213: IP ACL Rule Configuration Fields (Cont.)
Field
Description
Logging
This field is only visible for a Deny Action. When set to True, logging is enabled
for this ACL rule (subject to resource availability in the device). If the Access
List Trap Flag is also enabled, this will cause periodic traps to be generated
indicating the number of times this rule went into effect during the current
report interval. A fixed 5 minute report interval is used for the entire system.
A trap is not issued if the ACL rule hit count is zero for the current interval.
Use this field to impose a time limitation on the ACL rule. When you click
Configure, you can select a configured time range or create a new named time
range. To configure the time range values, use the LAN > Administration >
Time Ranges > Time Range Entry Configuration page.
If a time range with the specified name does not exist and the ACL containing
this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule
is applied immediately. If a time range with specified name exists and the ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then the
ACL rule is applied when the time-range with specified name becomes active.
The ACL rule is removed when the time-range with specified name becomes
inactive.
This field is only visible when the Action is Permit. Use this field to specify the
hardware egress queue identifier used to handle all packets matching this AP
ACL Rule. Click Configure, and then enter an identifying queue number (0 to
7) in the appropriate field. Click Submit or Cancel to return to the Rule
Configuration page.
This field is only visible when the Action is Permit. Use this field to specify the
specific egress interface where the matching traffic stream is copied in
addition to being forwarded normally by the device. Click Configure, and then
select an interface from the dropdown list. Packets that meet the rule are
mirrored on the interface you select. Click Submit or Cancel to return to the
Rule Configuration page.
Requires a packet to match the criteria of this ACL. Click Configure, and then
select True or False from the dropdown list. Then click Submit or Cancel to
return to the Rule Configuration page. True signifies that all packets will match
the selected IP ACL and Rule and will be either permitted or denied. Match
Every is exclusive to the other filtering rules, so if Match Every is True, the
other rules on the screen do not appear. To configure specific match criteria
for the rule, remove the rule and re-create it, or reconfigure ‘Match Every’ to
‘False’ for the other match criteria to be visible.
Specify that a packet’s IP protocol is a match condition for the selected IP ACL
rule. The possible values are ICMP, IGMP, IP, TCP, and UDP. Either the
‘Protocol Keyword’ field or the ‘Protocol Number’ field can be used to specify
an IP protocol value as a match criteria. Click Configure, and then select the
protocol keyword from the dropdown list. Click Submit or Cancel to return to
the Rule Configuration page.
Specify that a packet’s IP protocol is a match condition for the selected IP ACL
rule and identify the protocol by number. The protocol number is a standard
value assigned by IANA and is interpreted as a integer from 0 to 255. Either
the ‘Protocol Number’ field or the ‘Protocol Keyword’ field can be used to
specify an IP protocol value as a match criteria.
Time Range Name
Assign Queue ID
Mirror Interface
Match Every
Protocol Keyword
Protocol Number
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 360
D-Link UWS User Manual
Configuring IP Access Control Lists
Table 213: IP ACL Rule Configuration Fields (Cont.)
Field
Description
Source IP Address
Requires a packet’s source port IP address to match the address listed here.
Click Configure, and then enter an IP Address in the appropriate field using
dotted-decimal notation. The address you enter is compared to a packet's
source IP Address. You also configure the Source IP Mask on the page.
Specifies the source IP address wildcard mask. Wild card masks determines
which bits are used and which bits are ignored. A wild card mask of
255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0
indicates that all of the bits are important. Wildcard masking for ACLs
operates differently from a subnet mask. A wildcard mask is in essence the
inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the
bit positions that are used for the network address, and has zeros (0's) for the
bit positions that are not used. In contrast, a wildcard mask has (0’s) in a bit
position that must be checked. A ‘1’ in a bit position of the ACL mask indicates
the corresponding bit can be ignored. This field is required when you
configure a source IP address. After you enter the desired information for the
Source IP Address and Source IP Mask, click Submit or Cancel to return to the
Rule Configuration page.
Requires a packet’s TCP/UDP source port to match the port listed here. Click
Configure access the configuration page, then complete one of the following
fields:
• Source L4 Keyword: Select the desired L4 keyword from a list of source
ports on which the rule can be based. If you select a keyword other than
Other, the screen refreshes and the Source L4 Port Number field
disappears.
• Source L4 Port Number: If the source L4 keyword is Other, enter a userdefined Port ID by which packets are matched to the rule.
Requires a packet’s destination port IP address to match the address listed
here. Click Configure, and then enter an IP Address in the appropriate field
using dotted-decimal notation. The address you enter is compared to a
packet's destination IP Address. You also configure the Destination IP Mask on
the page.
Specify the IP mask in dotted-decimal notation to be used with the
Destination IP Address value.
Requires a packet’s TCP/UDP destination port to match the port listed here.
Click Configure access the configuration page, then complete one of the
following fields:
• Destination L4 Keyword: Select the desired L4 keyword from a list of
destination ports on which the rule can be based. If you select a keyword
other than Other, the screen refreshes and the Destination L4 Port
Number field disappears.
• Destination L4 Port Number: If the destination L4 keyword is Other, enter
a user-defined Port ID by which packets are matched to the rule. The valid
range is 0 to 65535.
Source IP Mask
Source L4 Port
Destination IP Address
Destination IP Mask
Destination L4 Port
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 361
D-Link UWS User Manual
Configuring IP Access Control Lists
Table 213: IP ACL Rule Configuration Fields (Cont.)
Field
Description
Service Type
Select one of the following three Match conditions for the extended IP ACL
rule. These are alternative ways of specifying a match condition for the same
Service Type field in the IP header, however each uses a different user
notation. After a selection is made, the appropriate value can be specified:
• IP DSCP: This field matches the packet DSCP value to the rule. Specify the
IP DiffServ Code Point (DSCP) field. The DSCP is defined as the high-order
six bits of the Service Type octet in the IP header. This is an optional
configuration. Enter an integer from 0 to 63. The IP DSCP is selected by
selecting one of the DSCP keyword values from a menu. If a value is to be
selected by specifying its numeric value, then select the ‘Other’ option in
the menu and a text box will appear where you can enter the numeric
value of the DSCP.
• IP Precedence: The IP Precedence field in a packet is defined as the highorder three bits of the Service Type octet in the IP header. This is an
optional configuration. This field matches the packet IP Precedence value
to the rule when checked. Enter the IP Precedence value, an integer from
0 to 7, to match. Either the DSCP value or the IP Precedence value is used
to match packets to ACLs.
• IP TOS Bits: The IP TOS field in a packet is defined as all eight bits of the
Service Type octet in the IP header. Matches on the Type of Service bits in
the IP header when checked. For example, to check for an IP TOS value
having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use
a TOS Bits value of 0xA0 and a TOS Mask of 0xFF. This is an optional
configuration.
– TOS Bits: This value is a hexadecimal number from 00 to FF. Requires
the bits in a packet’s TOS field to match the two-digit hexadecimal
number entered here.
– TOS Mask: This value is a hexadecimal number from 00 to FF. Specifies
the bit positions that are used for comparison against the IP TOS field
in a packet.
Modifying an IP-based Rule
Note: Rules can be modified only when the ACL to which they belong is not bound to an interface.
1. Open the IP ACL Rule Configuration page.
2. Select the desired ACL from the IP ACL menu.
3. Select the desired rule from the Rule ID menu.
4. Modify the remaining fields as needed.
5. Click Submit.
The IP-based rule is modified, and the device is updated.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 362
D-Link UWS User Manual
Configuring IP Access Control Lists
Adding a New Rule to an IP-based ACL
1. Open the IP ACL Rule Configuration page.
2. Select the desired ACL from the IP ACL menu.
3. Specify Create Rule for Rule ID and enter a new ID number.
4. Define the remaining fields as needed.
5. Click Submit.
The new rule is assigned to the specified IP-based ACL.
Deleting a Rule from an IP-based ACL
1. Open the IP ACL Rule Configuration page.
2. Select the desired ACL from the IP ACL menu.
3. Select the rule to delete from the Rule field.
4. Click Delete.
The new rule is assigned to the specified IP-based ACL.
5. Click Refresh to update the page with the most current information.
IP ACL Summary
Use the IP ACL Summary page to view a summary of the IP ACLs that have been configured on the switch. To
access the page, click LAN > Monitoring > Access Control Lists > IP Access Control Lists > Summary.
Figure 242: IP ACL Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 363
D-Link UWS User Manual
MAC Access Control Lists
IP ACL Rule Summary
Use the IP ACL Rule Summary page to view a summary of the IP ACLs that have been configured on the switch.
To access the page, click LAN > Monitoring > Access Control Lists > IP Access Control Lists > Summary.
Figure 243: IP ACL Rule Summary
MAC Access Control Lists
A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets
the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not
checked for a match. On this menu the interfaces to which an MAC ACL applies must be specified. Rules for
the MAC ACL are specified/created using the MAC ACL Rule Configuration menu.
To configure a MAC ACL:
1. Use the “MAC ACL Configuration” page to define the ACL type and assign an ID to it.
2. Use the “MAC ACL Rule Configuration” page to create rules for the ACL.
3. Use the “ACL Interface Configuration” to assign the ACL by its ID number to a port or VLAN.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 364
D-Link UWS User Manual
MAC Access Control Lists
MAC ACL Configuration
The MAC ACL Configuration page allows network administrators to define a MAC-based ACL.
To display the MAC ACL Configuration page, click LAN > QoS > Access Control Lists > MAC Access Control Lists
> Configuration in the navigation tree.
Figure 244: MAC ACL Configuration
Table 214: MAC ACL Configuration Fields
Field
Description
MAC ACL
The options in the dropdown menu allow you to create a new MAC ACL or
select an existing MAC ACL that you want to rename.
Enter a name for the MAC ACL. The name string may include alphabetic,
numeric, dash, underscore, or space characters only. The name must start
with an alphabetic character. This field displays the name of the currently
selected MAC ACL if the ACL has already been created.
MAC ACL Name
The ACL Table at the bottom of the page shows the current size of the ACL table versus the maximum size of
the ACL table. The current size is equal to the number of configured IPv4 ACLs plus the number of configured
MAC ACLs. The maximum size is 100.
• To add a MAC ACL, select Create New Extended MAC ACL from the MAC ACL menu, enter a name for the
ACL in the appropriate field, and then click Submit.
• To rename a MAC ACL, select the ACL name from the MAC ACL menu. Enter a new name for the ACL in
the appropriate field, and then click Rename. The Rename button only appears if a configured MAC ACL is
selected.
• To delete a MAC ACL, select the ACL name from the MAC ACL menu, and then click Delete. The Delete
button only appears if a configured MAC ACL is selected.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 365
D-Link UWS User Manual
MAC Access Control Lists
MAC ACL Rule Configuration
Use the MAC ACL Rule Configuration page to define rules for MAC-based ACLs. The access list definition
includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default
'deny all' rule is the last rule of every list.
To display the MAC ACL Rule Configuration page, click LAN > QoS > Access Control Lists > MAC Access Control
Lists > Rule Configuration in the navigation menu.
The fields available on the page depend on whether the rule action is permit or deny, and whether you select
Create Rule or an existing rule from the Rule field.
Figure 245 shows the fields available when Create New Rule is selected in the Rule field.
Figure 245: MAC ACL Rule Configuration (Create Rule)
Figure 246 shows the fields available when you configure a MAC ACL rule with a Deny action.
Figure 246: MAC ACL Rule Configuration (Deny Action)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 366
D-Link UWS User Manual
MAC Access Control Lists
Figure 247 shows the fields available when you create a rule for a MAC ACL.
Figure 247: MAC ACL Rule Configuration (Permit Action)
Table 215 shows all possible fields on the MAC ACL Rule Configuration page. The actual fields available on the
page depend on whether you create a new rule or modify an existing rule, and whether the rule action is
Permit or Deny.
Table 215: MAC ACL Rule Configuration Fields
Field
Description
MAC ACL
Specifies an existing MAC ACL. To set up a new MAC ACL use the “MAC Access
Control Lists” page.
Select an existing Rule ID to modify or select Create Rule to configure a new
ACL Rule. Enter a whole number in the range of 1 to 12 that will be used to
identify the rule. New rules cannot be created if the maximum number of
rules has been reached. For each rule, a packet must match all the specified
criteria in order to be true against that rule and for the specified rule action
(Permit/Deny) to take place.
This field is only available if you select Create Rule from the Rule field. Enter a
new Rule ID. After you click Submit, the new ID is created and you can
configure the rule settings. You can create up to 12 rules for each ACL.
Specify what action should be taken if a packet matches the rule's criteria:
• Permit: Forwards packets that meet the ACL criteria.
• Deny: Drops packets that meet the ACL criteria.
Rule
Rule ID
Action
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 367
D-Link UWS User Manual
MAC Access Control Lists
Table 215: MAC ACL Rule Configuration Fields (Cont.)
Field
Description
Logging
This field is only visible for a Deny Action. When set to True, logging is enabled
for this ACL rule (subject to resource availability in the device). If the Access
List Trap Flag is also enabled, this will cause periodic traps to be generated
indicating the number of times this rule went into effect during the current
report interval. A fixed 5 minute report interval is used for the entire system.
A trap is not issued if the ACL rule hit count is zero for the current interval.
Use this field to impose a time limitation on the ACL rule. When you click
Configure, you can select a configured time range or create a new named time
range. To configure the time range values, use the LAN > Administration >
Time Ranges > Time Range Entry Configuration page.
If a time range with the specified name does not exist and the ACL containing
this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule
is applied immediately. If a time range with specified name exists and the ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then the
ACL rule is applied when the time-range with specified name becomes active.
The ACL rule is removed when the time-range with specified name becomes
inactive.
This field is only visible when the Action is Permit. Specifies the hardware
egress queue identifier used to handle all packets matching this ACL rule. Click
Configure, and then enter an identifying number from 0 to 6 in the
appropriate field. Click Submit or Cancel to return to the Rule Configuration
page.
Requires a packet to match the criteria of this ACL. Click Configure, and then
select True or False from the dropdown list. Then click Submit or Cancel to
return to the Rule Configuration page. Match Every is exclusive to the other
filtering rules, so if Match Every is True, the other rules on the screen do not
appear. False indicates that it is not mandatory for every packet to match the
selected ACL Rule.
This field is only visible when the Action is Permit. Specifies the specific egress
interface where the matching traffic stream is copied in addition to being
forwarded normally by the device.
Specifies the 802.1p user priority to compare against an Ethernet frame.
Requires a packet’s class of service (CoS) to match the CoS value listed here.
Click Configure, and then enter a CoS value between 0 and 7 to apply this
criteria. Click Submit or Cancel to return to the Rule Configuration page.
Requires an Ethernet frame’s destination port MAC address to match the
address listed here. Click Configure, and then enter a MAC address in the
appropriate field. The valid format is xx_xx_xx_xx_xx_xx. The BPDU keyword
may be specified using a Destination MAC Address of 01:80:C2:xx:xx:xx. Click
Submit or Cancel to return to the Rule Configuration page.
If desired, enter the MAC Mask associated with the Destination MAC to
match. The MAC address mask specifies which bits in the destination MAC to
compare against an Ethernet frame. Use F’s and zeros in the MAC mask, which
is in a wildcard format. An F means that the bit is not checked, and a zero in a
bit position means that the data must equal the value given for that bit. For
example, if the MAC address is aa_bb_cc_dd_ee_ff, and the mask is
00_00_ff_ff_ff_ff, all MAC addresses with aa_bb_xx_xx_xx_xx result in a
match (where x is any hexadecimal number). Click Submit or Cancel to return
to the Rule Configuration page.
Time Range Name
Assign Queue ID
Match Every
Mirror Interface
CoS
Destination MAC Address
Destination MAC Mask
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 368
D-Link UWS User Manual
MAC Access Control Lists
Table 215: MAC ACL Rule Configuration Fields (Cont.)
Field
Description
EtherType Key
Requires a packet’s EtherType to match the EtherType you select. Click
Configure, and then select the EtherType value from the dropdown menu. If
you select User Value, you can enter a custom EtherType value.
This field only appears if you select User Value from the EtherType dropdown
list. The value you enter specifies a customized Ethertype to compare against
an Ethernet frame. The valid range of values is (0x0600 to 0xFFFF).
Requires a packet’s source port MAC address to match the address listed here.
Click Configure, and then enter a MAC address in the appropriate field. The
valid format is xx:xx:xx:xx:xx:xx.
If desired, enter the MAC mask for the source MAC address to match. Use F’s
and zeros in the MAC mask, which is in a wildcard format. An F means that the
bit is not checked, and a zero in a bit position means that the data must equal
the value given for that bit. The valid format is xx:xx:xx:xx:xx:xx. Click Submit
or Cancel to return to the Rule Configuration page.
Requires a packet’s VLAN ID to match the ID listed here. Click Configure, and
then enter the VLAN ID to apply this criteria. The valid range is 1–3965. Either
VLAN Range or VLAN can be configured. Click Submit or Cancel to return to
the Rule Configuration page.
Ethertype User Value
Source MAC Address
Source MAC Mask
VLAN
Adding a New Rule to a MAC-based ACL
Once you configure a MAC ACL, you can add rules to the ACL.
1. Open the MAC ACL Rule Configuration page.
2. If more than one MAC ACL is configured on the system, select the desired ACL from the MAC ACL menu.
3. From the Rule menu, select Create New Rule.
4. Enter a new ID number for the rule.
5. Configure the remaining rule criteria as needed.
6. Click Submit.
The new rule is assigned to the specified MAC-based ACL.
Removing a Rule From a MAC-based ACL
1. From the MAC ACL Rule Configuration page, select an ACL from the MAC ACL field.
2. Select a rule from the Rule menu.
3. Click Delete.
The rule is removed from the MAC-based ACL, and the device is updated.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 369
D-Link UWS User Manual
MAC Access Control Lists
MAC ACL Summary
Use the MAC ACL Summary page to view a summary of the MAC ACLs that have been configured on the switch.
To access the page, click LAN > Monitoring > Access Control Lists > MAC Access Control Lists > Summary.
Figure 248: MAC ACL Summary
MAC ACL Rule Summary
Use the MAC ACL Rule Summary page to view a summary of the MAC ACLs that have been configured on the
switch. To access the page, click LAN > Monitoring > Access Control Lists > MAC Access Control Lists >
Summary.
Figure 249: MAC ACL Rule Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 370
D-Link UWS User Manual
ACL Interface Configuration
ACL Interface Configuration
When an ACL is bound to an interface, all the rules that have been defined are applied to the selected
interface. Use the ACL Interface Configuration page to assign ACLs and Interfaces and prioritize the ACLs that
are bound to each interface. To display the ACL Interface Configuration page, click LAN > QoS > Access Control
Lists > Interface Configuration in the navigation menu.
Figure 250: ACL Interface Configuration
If an ACL has been assigned to the interface, it displays in the table at the bottom of the page.
Table 216: ACL Interface Configuration Fields
Field
Description
Interface
Direction
Select the interface or LAG from the menu.
Specifies the packet filtering direction for the ACL. The system supports
Inbound filtering. inbound filtering means the system applies the ACL rules to
packets as they enter the interface.
Use the menu to select the ACL type to which incoming packets are matched.
Packets can be matched to IP- or MAC-based ACLs.
Select the ACL of the specified type to apply to the interface from the
dropdown menu.
Assigns the priority of this ACL. If more than one ACL is applied to an interface,
then the match criteria for the highest sequence ACLs are checked first. A
lower number indicates higher priority. If a sequence number is already in use
for this interface and direction, the specified access list replaces the currently
attached access list using that sequence number. If you do not specify a
sequence number, a sequence number that is one greater than the highest
sequence number currently in use for this interface and direction is used. The
valid range is 1-4294967295.
ACL Type
IP/MAC ACL
Sequence Number
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 371
D-Link UWS User Manual
ACL Interface Configuration
Assigning an ACL to an Interface
1. Open the ACL Interface Configuration page.
2. Select the interface from the Slot/Port field to which you want to bind the ACL.
3. Select the type of ACL in the ACL Type field.
4. Select the ACL ID or name to bind to the interface.
Note: Whenever an ACL is assigned on a port or LAG, flows from that ingress interface that do not
match the ACL are matched to the default rule, which is Drop unmatched packets.
5. Specify the priority in the Sequence field.
6. Click Submit.
The ACL is attached to the specified interface(s).
Removing an ACL from an Interface
If an ACL is bound to an interface, the Remove button appears on the page when you select the interface from
the Slot/Port menu. To remove the ACL from the interface, select the type of ACL to remove and its ID or name,
and then click Remove.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 372
D-Link UWS User Manual
Managing Device Security
Section 8: Managing Device Security
Use the features in the Security folder on the navigation tree menu to set management security parameters
for port, user, and server security.
The Security folder contains links to the following features:
• “Configuring Port Security”
• “SSL/Secure HTTP Configuration”
• “Secure Shell (SSH) Configuration”
• “Configuring Port Security”
• “RADIUS Settings”
• “Port Access Control”
• “TACACS+ Settings”
Configuring Port Security
Port Security can be enabled on a per-port basis. When a port is locked, only packets with allowable source
MAC addresses can be forwarded. All other packets are discarded. A MAC address can be defined as allowable
by one of two methods: dynamically or statically. Note that both methods are used concurrently when a port
is locked.
Dynamic locking implements a “first arrival” mechanism for Port Security. You specify how many addresses can
be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC
address is learned and forwarded normally. Once the limit is reached, no more addresses are learned on the
port. Any packets with source MAC addresses that were not already learned are discarded. Note that you can
effectively disable dynamic locking by setting the number of allowable dynamic entries to zero.
Static locking allows you to specify a list of MAC addresses that are allowed on a port. The behavior of packets
is the same as for dynamic locking: only packets with an allowable source MAC address can be forwarded.
To see the MAC addresses learned on a specific port, see “Configuring and Searching the Forwarding
Database” on page 182.
Disabled ports can only be activated from the Configuring Ports page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 373
D-Link UWS User Manual
Configuring Port Security
Port Security Administration
Use the Port Security Administration page to enable or disable the port security feature on your switch.
To access the Port Security Administration page, click LAN > Security > Port Security Administration in the
navigation tree.
Figure 251: Port Security Administration
• Select Enable or Disable from the Port Security Mode list and click Submit.
Port Security Interface Configuration
Use this page to configure the port security feature on a selected interface.
To access the Port Security Interface Configuration page, click LAN > Security > Port Security Interface in the
navigation tree.
Figure 252: Port Security Interface Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 374
D-Link UWS User Manual
Configuring Port Security
Table 217: Port Security Interface Configuration Fields
Field
Description
Interface
Select the physical interface or the LAG on which to configure port security
information.
Determines whether port security is enabled. The default mode is Disable.
• Enable: Locks the port so that only packets with allowable source MAC
addresses can be forwarded. All other packets are discarded.
• Disable: The port is not locked, so no port security restrictions are applied.
Sets the maximum number of dynamically learned MAC addresses on the
selected interface. Once the limit is reached, no more addresses are learned
on the port. Any packets with source MAC addresses that were not already
learned are discarded. You can effectively disable dynamic locking by setting
the number of allowable dynamic entries to zero.
Sets the maximum number of statically locked MAC addresses on the selected
interface.
Port Security
Maximum Number of
Dynamically Learned MAC
Addresses Allowed
Maximum Number of
Statically Locked MAC
Addresses Allowed
Add a Static MAC Address
Adds a MAC address to the list of statically locked MAC addresses for the
selected interface. Only packets with an allowable source MAC address can be
forwarded.
VLAN ID
Adds a corresponding VLAN ID for the MAC Address being added to the list of
statically locked MAC addresses for the selected interface.
Enable Violation Traps
Enables or disables the sending of new violation traps designating when a
packet with a disallowed MAC address is received on a locked port. Value is No
by default.
Convert dynamically learned When you click Move, all the dynamically learned entries on this interface are
address to static locked
added to the static MAC address list for this interface. After moving them, you
can view them in the Port Security Static page.
• If you make any changes to the page, click Submit to apply the new settings to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 375
D-Link UWS User Manual
Configuring Port Security
Port Security Static
Use the Port Security Static page to view static MAC addresses configured on an interface.
To access the Port Security Static page, click LAN > Security > Port Security Static in the navigation tree.
Figure 253: Port Security Static
Table 218: Port Security Static Fields
Field
Description
Interface
Select the physical interface or the LAG on which to view the dynamically learned MAC
addresses.
This column lists the static MAC addresses, if any, configured on the selected port.
Displays the VLAN ID corresponding to the statically configured MAC address.
Enter the address of the statically configured MAC address to delete. All MAC addresses
that are available to be deleted appear in the MAC Address – VLAN ID table.
Enter the VLAN ID that corresponds to the statically configured MAC address to delete.
MAC Address
VLAN ID
Delete a static
MAC Address
VLAN ID
• After you enter the MAC address and VLAN ID of the statically configured MAC address to delete, click
Submit to remove the MAC address from the port and apply the new settings to the system. The screen
refreshes, and the MAC address no longer appears in the table on the page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 376
D-Link UWS User Manual
Configuring Port Security
Port Security Dynamic
Use the Port Security Dynamic page to view a table with the dynamically learned MAC addresses on an
interface. With dynamic locking, MAC addresses are learned on a “first arrival” basis. You specify how many
addresses can be learned on the locked port.
To access the Port Security Dynamic page, click LAN > Monitoring > Port Security > Port Security Dynamic in
the navigation tree.
Figure 254: Port Security Dynamic
Table 219: Port Security Dynamic Fields
Field
Description
Interface
VLAN ID
Select the physical interface or the LAG on which to view the dynamically
learned MAC addresses.
This column lists the dynamically learned MAC addresses, if any, on the
selected port.
Displays the VLAN ID corresponding to the dynamically learned MAC address.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 377
MAC Address
D-Link UWS User Manual
Configuring Port Security
Port Security Violation Status
Use the Port Security Violation Status page to enable or disable the port security feature on your switch.
To access the Port Security Violation Status page, click LAN > Monitoring > Port Security > Port Security
Violation in the navigation tree.
Figure 255: Port Security Violation Status
Table 220: Port Security Violation Status Fields
Field
Description
Interface
Select the physical interface or the LAG on which to view security violation
information.
Displays the source MAC address of the last packet that was discarded at a
locked port.
Displays the VLAN ID corresponding to the Last Violation MAC address.
Last Violation MAC Address
VLAN ID
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 378
D-Link UWS User Manual
SSL/Secure HTTP Configuration
SSL/Secure HTTP Configuration
Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer
Security (TLS) connection. When you manage the switch by using a Web interface, secure HTTP can help
ensure that communication between the management system and the switch is protected from
eavesdroppers and man-in-the-middle attacks.
Use the Secure HTTP Configuration page to configure the settings for HTTPS communication between the
management station and the switch.
To display the Secure HTTP Configuration page, click LAN > Security > SSL Configuration in the navigation
menu.
Figure 256: Secure HTTP Configuration
Table 221: Secure HTTP Configuration Fields
Field
Description
Admin Mode
Enables or Disables the Administrative Mode of Secure HTTP. The currently
configured value is shown when the web page is displayed. The default value
is Disable. You can only download SSL certificates when the HTTPS Admin
mode is disabled.
Enables or Disables Transport Layer Security Version 1.0. The currently
configured value is shown when the web page is displayed. The default value
is Enable.
Enables or Disables Secure Sockets Layer Version 3.0. The currently configured
value is shown when the web page is displayed. The default value is Enable.
Sets the HTTPS Port Number. The value must be in the range of 1 to 65535.
Port 443 is the default value. The currently configured value is shown when
the web page is displayed.
Sets the inactivity timeout for HTTPS sessions. The value must be in the range
of (1 to 60) minutes. The default value is 5 minutes. The currently configured
value is shown when the web page is displayed.
TLS Version 1
SSL Version 3
HTTPS Port
HTTPS Session Soft Timeout
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 379
D-Link UWS User Manual
SSL/Secure HTTP Configuration
Table 221: Secure HTTP Configuration Fields (Cont.)
Field
Description
HTTPS Session Hard Timeout Sets the hard timeout for HTTPS sessions. This timeout is unaffected by the
activity level of the session. The value must be in the range of (1 to 168) hours.
The default value is 24 hours. The currently configured value is shown when
the web page is displayed.
Maximum Number of HTTPS Sets the maximum allowable number of HTTPS sessions. The value must be in
Sessions
the range of (0 to 16). The default value is 16. The currently configured value
is shown when the web page is displayed.
For the Web server on the switch to accept HTTPS connections from a management station, the Web server
needs a public key certificate. The DWS-4000 Series switch switch has a self-generated certificate installed on
it by default. The switch can also generate its own certificates, or you can generate these externally (i.e., offline) and download them to the switch.
Generating Certificates
To have the switch generate the certificates:
1. Click Generate Certificate.
The page refreshes with the message “Certificate generation in progress”.
2. Click Submit to complete the process.
The page refreshes with the message “No certificate generation in progress” and the Certificate Present
field displays as “True”.
Downloading SSL Certificates
Before you download a file to the switch, the following conditions must be true:
• The file to download from the TFTP server is on the server in the appropriate directory.
• The file is in the correct format.
• The switch has a path to the TFTP server.
Use the following procedures to download an SSL certificate.
1. Click the Download Certificates button at the bottom of the page.
Note: The Download Certificates button is only available if the HTTPS admin mode is disabled. If the
mode is enabled, disable it and click Submit. When the page refreshes, the Download Certificates
button appears.
The Download Certificates button links to the File Download page, as Figure 257 on page 381 shows.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 380
D-Link UWS User Manual
SSL/Secure HTTP Configuration
Figure 257: File Download
2. From the File Type field on the File Download page, select one of the following types of SSL files to
download:
– SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded).
– SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded).
– SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak Encryption Parameter File
(PEM Encoded).
– SSL DH Strong Encryption Parameter PEM File: SSL Diffie-Hellman Strong Encryption Parameter File
(PEM Encoded).
3. Verify the IP address of the TFTP server and ensure that the software image or other file to be downloaded
is available on the TFTP server.
4. Complete the TFTP Server IP Address and TFTP File Name (full path without TFTP server IP address) fields.
5. Select the Start File Transfer check box, and then click Submit.
After you click Submit, the screen refreshes and a “File transfer operation started” message appears. After
the software is downloaded to the device, a message appears indicating that the file transfer operation
completed successfully.
6. To return to the Secure HTTP Configuration page, click LAN > Security > SSL Configuration in the navigation
menu.
7. To enable the HTTPS admin mode, select Enable from the HTTPS Admin Mode field, and then click Submit.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 381
D-Link UWS User Manual
Secure Shell (SSH) Configuration
Secure Shell (SSH) Configuration
If you use the command-line interface (CLI) to manage the switch from a remote system, you can use Secure
Shell (SSH) to establish a secure connection. SSH uses public-key cryptography to authenticate the remote
computer.
Secure Shell Configuration
Use the Secure Shell Configuration page to configure the settings for secure command-line based
communication between the management station and the switch.
To display the Secure Shell Configuration page, click LAN > Security > Secure Shell > SSH Configuration in the
navigation menu.
Figure 258: Secure Shell Configuration
Table 222: Secure Shell Configuration Fields
Field
Description
Admin Mode
This select field is used to Enable or Disable the administrative mode of SSH.
The currently configured value is shown when the web page is displayed. The
default value is Disable.
This select field is used to Enable or Disable Protocol Level 1 for SSH. The
currently configured value is shown when the web page is displayed. The
default value is Enable.
This select field is used to Enable or Disable Protocol Level 2 for SSH. The
currently configured value is shown when the web page is displayed. The
default value is Enable.
Displays the number of SSH connections currently in use in the system.
This select field is used to configure the maximum number of inbound SSH
sessions allowed on the switch. The currently configured value is shown when
the web page is displayed. The range of acceptable values for this field is (0-5).
SSH Version 1
SSH Version 2
SSH Connections in Use
Maximum Number of SSH
Sessions Allowed
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 382
D-Link UWS User Manual
Secure Shell (SSH) Configuration
Table 222: Secure Shell Configuration Fields (Cont.)
Field
Description
SSH Session Timeout
(Minutes)
This text field is used to configure the inactivity timeout value for incoming
SSH sessions to the switch. The acceptable range for this value is (1-160)
minutes.
Displays which keys: RSA, DSA, or both are present (if any).
Displays which keys: RSA or DSA, are being generated.
Keys Present
Key Generation Status
• Click Refresh to update the current page with the most current settings and status.
• Click Download Host Keys to link to the File Transfer page for the Host Key download. Note that to
download SSH key files, SSH must be administratively disabled and there can be no active SSH sessions.
• Click Generate RSA Host Keys to begin generating the RSA host keys. Note that to generate SSH key files,
SSH must be administratively disabled and there can be no active SSH session.
• Click Generate DSA Host Key to begin generating the DSA host key. Note that to generate SSH key files,
SSH must be administratively disabled and there can be no active SSH session.
• Click Delete to delete the corresponding key file (RSA or DSA), if it is present.
• If you make changes to the page, click Submit to apply the changes to the system.
Downloading SSH Host Keys
For the switch to accept SSH connections from a management station, the switch needs SSH host keys or
certificates. The switch can generate its own keys or certificates, or you can generate these externally (i.e., offline) and download them to the switch.
To download an SSH host key from a TFTP server to the switch, use the instructions in “Downloading SSL
Certificates” on page 380. However, from the File Type field on the File Download page, select one of the
following key file types to download:
• SSH-1 RSA Key File: SSH-1 Rivest-Shamir-Adleman (RSA) Key File.
• SSH-2 RSA Key PEM File: SSH-2 Rivest-Shamir-Adleman (RSA) Key File (PEM Encoded).
• SSH-2 DSA Key PEM File: SSH-2 Digital Signature Algorithm (DSA) Key File (PEM Encoded).
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 383
D-Link UWS User Manual
Captive Portal Configuration
Captive Portal Configuration
The Captive Portal (CP) feature allows you to block both wired and wireless clients from accessing the network
until user verification has been established. You can configure CP verification to allow access for both guest
and authenticated users. Authenticated users must be validated against a database of authorized Captive
Portal users before access is granted. The database can be stored locally on the switch or on a RADIUS server.
The Captive Portal folder contains links to the following pages that help you view and configure system Captive
Portal settings:
• “Captive Portal Global Configuration”
• “CP Configuration”
• “Local User”
• “Interface Association”
• “CP Global Status”
• “Interface Status”
• “Client Connection Status”
• “SNMP Trap Configuration”
Captive Portal Global Configuration
From the CP Global Configuration page, you can control the administrative state of the CP feature and
configure global settings that affect all captive portals configured on the switch.
To configure the global CP settings, click LAN > Security > Captive Portal > Global Configuration.
Note: Note that the same Captive Portal folder is accessible from the LAN tab as well as the WLAN tab
in the navigation tree. The global configuration items are applicable to Wired CP as well as Wireless
CP regardless of where you access the CP folder from.
Figure 259: Captive Portal Global Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 384
D-Link UWS User Manual
Captive Portal Configuration
The following table describes the global CP fields you can view or configure.
Table 223: Captive Portal Global Configuration
Field
Description
Enable Captive
Portal
CP Global
Operational Status
CP Global Disable
Reason
Select the check box to enable the CP feature on the switch. Clear the check box to
disable the captive portal feature.
Shows whether the CP feature is enabled.
If CP is disabled, this field displays the reason, which can be one of the following:
• None
• Administratively Disabled
• No IPv4 Address
• Routing Enabled, but no IPv4 routing interface
Additional HTTP
HTTP traffic uses port 80, but you can configure an additional port for HTTP traffic. Enter
Port
a port number between 0-65535 (excluding ports 80, 443, and the configured switch
management secure port).
Additional HTTP
HTTP traffic over SSL (HTTPS) uses port 443, but you can configure an additional port for
Secure Port
HTTPS traffic. Enter a port number between 0-65535 (excluding ports 80, 443, and the
configured switch management secure port).
Peer Switch
When clustering is supported on the switch, enter a value to determine how often the
Statistics Reporting switch sends its authenticated client statistics to the Cluster Controller. The interval is in
Interval
seconds. Enter a value of 0 to prevent the switch from reporting the statistics.
Authentication
To access the network through a portal, the wireless client must first enter
Timeout
authentication information on an authentication Web page. Enter the number of
seconds to keep the authentication session open with the client. When the timeout
expires, the switch disconnects any active TCP or SSL connection with the client.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 385
D-Link UWS User Manual
Captive Portal Configuration
CP Configuration
From the CP Configuration page, you can view summary information about captive portals on the system, add
a captive portal, and configure existing captive portals.
Use the CP Summary page to create or delete captive portal configurations. The switch supports 10 CP
configurations. CP configuration 1 is created by default and can not be deleted. Each captive portal
configuration can have unique guest or group access modes and a customized acceptance use policy that
displays when the client connects.
To view summary information about existing captive portals, or to add or delete a captive portal, click LAN >
Security > Captive Portal > CP Configuration.
Figure 260: Captive Portal Summary
To create a CP configuration, enter the configuration name in the text box and click Add. After you add the
configuration, the CP Configuration page for that configuration appears and a new tab with the name of that
configuration is created.
To delete an existing CP, select the check box for the CP to remove, and then click Delete.
To configure the settings for an existing CP, click the name in the Configuration column or click the appropriate
tab.
Note: In this document, the names captive portal or CP or portal are sometimes used in place of CP
Configuration.
Table 224 describes the fields on the CP Summary page.
Table 224: Captive Portal Summary
Field
Description
Configuration
Shows the captive portal ID and name. To access the configuration page for an exiting
CP, click the configuration name.
Shows whether the CP is enabled.
Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 386
D-Link UWS User Manual
Captive Portal Configuration
Table 224: Captive Portal Summary (Cont.)
Field
Description
Protocol
Verification
Indicates whether the portal uses HTTP or HTTPS.
Specifies which type of user verification to perform:
• Guest: The user does not need to be authenticated by a database.
• Local: The switch uses a local database to authenticated users.
• RADIUS: The switch uses a database on a remote RADIUS server to authenticate
users.
To configure authorized users on the local or remote RADIUS database, see “Local User”
on page 395.
Shows the number of languages that are configured for this captive portal.
Languages
Changing the Captive Portal Settings
By default, the switch has one captive portal. You can change the settings for that captive portal, and you can
also create and configure up to nine additional portals. After you create a captive portal from the CP Summary
page, you can change its settings.
Figure 261: Captive Portal Configuration
Table 225 describes the fields on the CP Configuration page.
Table 225: CP Configuration
Field
Description
Enable Captive
Portal
Select the check box to enable the CP. Clear the check box to disable it.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 387
D-Link UWS User Manual
Captive Portal Configuration
Table 225: CP Configuration (Cont.)
Field
Description
Configuration
Name
Protocol Mode
This field allows you to change the name of the portal added from the CP Summary page.
Choose whether to use HTTP or HTTPs as the protocol for the portal to use during the
verification process.
• HTTP: Does not use encryption during verification
• HTTPS: Uses the Secure Sockets Layer (SSL), which requires a certificate to provide
encryption. The certificate is presented to the user at connection time.
Verification Mode Select the mode for the CP to use to verify clients:
• Guest: The user does not need to be authenticated by a database.
• Local: The switch uses a local database to authenticated users.
• RADIUS: The switch uses a database on a remote RADIUS server to authenticate
users.
User Logout Mode Select this option to allow an authenticated client to deauthenticate from the network.
If this option is clear or the user does not specifically request logout, the client
connection status remains authenticated until the CP deauthenticates the user, for
example by reaching the idle timeout or session timeout values.
Popup Logout
Select this option to allow popup the logout window, otherwise the Welcome page that
Window
show after success login will be replaced by logout page.
Enable Redirect
Select this option to specify that the CP should redirect the newly authenticated client
Mode
to the configured URL. If this option is clear, the user sees the locale-specific welcome
page after a successful verification.
Redirect To User
Redirect user to original page that opened before redirect to CP login page
Original URL
Redirect URL
Specify the URL to which the newly authenticated client is redirected if the URL Redirect
Mode is enabled.
RADIUS Auth Server If the verification mode is RADIUS, click the ... button and select the name of the RADIUS
server used for client authentications.
The switch acts as the RADIUS client and performs all RADIUS transactions on behalf of
the clients. To configure RADIUS server information, go to LAN > Security > RADIUS >
RADIUS Authentication Server Configuration.
Idle Timeout
Enter the number of seconds a user can remain idle before automatically being logged
out. If the value is set to 0 then the timeout is not enforced.The default value is 0.
Note: The idle time cannot be enforced in this release for a Wired Captive Portal client
due to hardware limitations.
Session Timeout
Enter the number of seconds to wait before terminating a session. A user is logged out
once the session timeout is reached. If the value is set to 0 then the timeout is not
enforced. The default value is 0.
Max Up Rate
Enter the maximum speed, in bytes per second, that a client can transmit traffic when
using the captive portal. This setting limits the bandwidth at which the client can send
data into the network.
Max Down Rate
Enter the maximum speed, in bytes per second, that a client can receive traffic when
using the captive portal. This setting limits the bandwidth at which the client can receive
data from the network.
Max Receive
Enter the maximum number of bytes that a client is allowed to receive when using the
captive portal. After this limit has been reached the user will be disconnected.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 388
D-Link UWS User Manual
Captive Portal Configuration
Table 225: CP Configuration (Cont.)
Field
Description
Max Transmit
Enter the maximum number of bytes that a client is allowed to transmit when using the
captive portal. After this limit has been reached the user will be disconnected.
Enter the maximum number of bytes the user is allowed to transfer (sum of bytes
transmitted and received). After this limit has been reached the user will be
disconnected.
If the Verification Mode is Local or RADIUS, assign an existing User Group to the captive
portal or create a new group. All users who belong to the group are permitted to access
the network through this portal. The User Group list is the same for all CP configurations
on the switch.
The User Group field also allows you to add, delete, or rename user groups for all captive
portals.
• To assign an existing user group to the CP, select it from the drop-down menu.
• To create a new user group, enter the group name in the blank field and click Add.
• To change the name of an existing user group, select the name to change from the
drop-down menu, enter the new name in the blank field, and click Modify.
• To delete a user group, select it from the drop-down menu and click Delete.
Note: The User Group fields are unavailable if the Verification Mode is Guest.
Enter the IANA Language Subtag code for the language. All codes are listed in the IANA
Language Subtag Registry. If the language is currently supported by the switch, the code
is filled in automatically when you select the language.
To add a captive portal configuration in a language that is supported by the switch, click
the ... button to display and select the language to use for the captive portal.
Max Total
User Group
Code
Language
Customizing the Captive Portal Web Page
When a wireless client connects to the access point, the user sees a Web page. The CP Web Page
Customization page allows you to customize the appearance of that page with specific text and images.
You can create up to five location-specific Web pages for each captive portal as long as the pages all use the
same verification type; either guest or authorized user web pages. This allows you to create pages in a variety
of languages to accommodate a diverse group of users.
To access the CP WEB Customization page, click the language link above the page title. For example, to
customize the way the English version of the captive portal page looks, click (English).
Use the menu above the customization fields to select the area of the captive portal Web page to customize.
The page areas are divided into the following five categories:
• Global Parameters — Contains settings that can be shared across other CP pages.
• Authentication Page — Contains settings that affect the page users see when they first attempt to connect
to the network through the CP.
• Welcome Page — Contains settings that affect the page users see when they successfully connect to the
network.
• Logout Page — Contains settings that affect the client logout window users see after they successfully
authenticate. This window contains the logout button.
• Logout Success Page — Contains settings that affect the page users see after they successfully
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 389
D-Link UWS User Manual
Captive Portal Configuration
deauthenticate.
The fields available on the CP WEB Customization page depend on the category you select from the menu.
After you modify the fields within a category, make sure you click Submit before you select a different
category; otherwise, your changes are not saved.
To see an example of the Authentication, Welcome, Logout, or Logout Success page, click Preview. The page
opens in a new browser window.
To configure the portal users in a remote RADIUS server, see “Configuring Users in a Remote RADIUS Server”
on page 398.
Figure 262: CP Web Page Customization — Global Parameters
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 390
D-Link UWS User Manual
Captive Portal Configuration
Figure 263: CP Web Page Customization — Authentication page
Figure 264: CP Web Page Customization — Welcome Page
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 391
D-Link UWS User Manual
Captive Portal Configuration
Figure 265: CP Web Page Customization — Logout Page
Figure 266: CP Web Page Customization — Logout Success Page
Table 226 describes the fields on the CP Web Page Customization page.
Table 226: CP Web Page Customization
Field
Description
Global Parameters
Available Images
D-Link
Oct. 2015
The menu shows the images that are available to use for the page background, branding
and the account image. To add images, click Browse and select an image on your local
system (or accessible from your local system). Click Download to download the image to
the switch.
The image should be 5KB max, 200x200 pixels, GIF or JPG format.
To delete an image from the list, select the file name from the menu and click Delete.
You can only delete images that you download.
Unified Wired and Wireless Access System
Page 392
D-Link UWS User Manual
Captive Portal Configuration
Table 226: CP Web Page Customization
Field
Description
Background Image Select the name of the image to display as the page background.
Use the drop-down menu to display the file names of the available images. Click the ...
button to display the available images. Click the image to select it. To specify that no
background image is to be used, select <No Selection>.
Branding Image
Select the name of the image file to display on the top left corner of the page. This image
is used for branding purposes, such as the company logo.
Use the drop-down menu to display the file names of the available images. Click the ...
button to display the available images. Click the image to select it. To specify that no
branding image is to be used, select <No Selection>.
Fonts
Enter the name of the font to use for all text on the CP page.
Script Text
Specify the text to indicate that users must enable JavaScript to display the logout WEB
page. This field is only applicable when the User Logout Mode is enabled, but you can
modify the text whether the feature is enabled or disabled.
Popup Text
Specify the text to indicate that users must allow pop-up windows to display the logout
WEB page. This field is only applicable when the User Logout Mode is enabled, but you
can modify the text whether the feature is enabled or disabled.
Authentication Page
Background Image Shows the name of the current background image on the Authentication Page. This field
can be modified from the CP WEB Customization Global Parameters page.
Branding Image
Shows the name of the current branding image on the Authentication Page. This field can
be modified from the CP WEB Customization Global Parameters page.
Browser Title
Enter the text to display on the client’s Web browser title bar or tab.
Page Title
Enter the text to use as the page title. This is the text that identifies the page.
Colors
Select the colors to use for the CP page. Click the ... button, and then select the color to
use. The sample account information is updated with the colors you choose.
Account Image
Select the image that will display on the Captive Portal page above the login field. The
image display area is 55H X 310W pixels.
Note: Your image will be resized to fit the display area.
To download a new image, use the Available Images field from the CP WEB
Customization Global Parameters page.
Account Title
Enter the summary text to display that instructs users to authenticate.
User Label
Enter the text to display next to the field where the user enters the username.
Password Label
Enter the text to display next to the field where the user enters the password.
Button Label
Enter the text to display on the button the user clicks to connect to the network.
Acceptance Use
Enter the text to display in the Acceptance Use Policy field. The acceptance use policy
Policy Text Box
instructs users about the conditions under which they are allowed to access the
network. The policy can contain up to 8192 text characters.
Acceptance Check Enter the text to display next to the box that the user must select to indicate that he or
Box Prompt
she accepts the terms of use.
Instructional Text Enter the detailed text to display that instructs users to authenticate. This text appears
under the button.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 393
D-Link UWS User Manual
Captive Portal Configuration
Table 226: CP Web Page Customization
Field
Description
Denied Message
Enter the text to display when the user does not provide valid authentication
information. This message displays after the user clicks the button to connect to the
network.
Resource Message Enter the text to display when the system has rejected authentication due to system
resource limitations. This message displays after the user clicks the button to connect to
the network.
Timeout Message Enter the text to display when the system has rejected authentication because the
authentication transaction took too long. This could be due to user input time, or a
timeout due to the overall transaction.
Busy Message
Enter the text to display when the Captive Portal is processing the authentication
request. This message displays after the user clicks the button to connect to the network.
No Accept Message Enter the text to display when the user did not accept the acceptance use policy. This
message displays after the user clicks the button to connect to the network.
Welcome Page
Background Image Shows the name of the current background image on the Welcome Page. This field can
be modified from the CP WEB Customization Global Parameters page.
Branding Image
Shows the name of the current branding image on the Welcome Page. This field can be
modified from the CP WEB Customization Global Parameters page.
Welcome Title
Enter the title to display to greet the user after he or she successfully connects to the
network.
Welcome Text
Enter the optional text to display to further identify the network to be access by the CP
user. This message displays under the Welcome Title.
Logout Page
Note: The fields on this page are only applicable when the User Logout Mode is enabled, but you can modify
the fields whether the feature is enabled or disabled.
Browser Title
Page Title
Instructional Text
Enter the text to display on the title bar of the Logout page.
Enter the text to use as the page title. This is the text that identifies the page.
Enter the detailed text to display that confirms that the user has been authenticated and
instructs the user how to deauthenticate.
Button Label
Enter the text to display on the button the user clicks to deauthenticate.
Confirmation Text Enter the detailed text to display that prompts users to confirm the deauthentication
process.
Logout Success Page
Note: The fields on this page are only applicable when the User Logout Mode is enabled, but you can modify
the fields whether the feature is enabled or disabled.
Background Image Shows the name of the current background image on the Logout Success page. This field
can be modified from the CP WEB Customization Global Parameters page.
Branding Image
Shows the name of the current branding image on the Logout Success page. This field
can be modified from the CP WEB Customization Global Parameters page.
Browser Title
Enter the text to display on the title bar of the Logout Success page.
Title
Enter the text to use as the page title. This is the text that identifies the page.
Content
Enter the text to display that confirms that the user has been deauthenticated.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 394
D-Link UWS User Manual
Captive Portal Configuration
Local User
You can configure a portal to accommodate guest users and authorized users. Guest users do not have
assigned user names and passwords. Authorized users provide a valid user name and password that must first
be validated against a local database or RADIUS server. Authorized users can gain network access once the
switch confirms the user’s credentials.
The Local User Summary page allows you to add authorized users to the local database, which can contain up
to 1024 user entries. You can also delete users from the local database from the Local User Summary page.
To view and configure CP users in the local database, click LAN > Security > Captive Portal > Local User.
Any users that are already configured are listed on the Local User Summary page.
Figure 267: Captive Portal Local User Summary
Table 227 describes the fields on the Local User Summary page.
Table 227: Local User Summary
Field
Description
User
Session Timeout
Identifies the name of the user.
Shows the number of seconds a user is permitted to remain connected to the network.
Once the Session Timeout value is reached, the user is logged out automatically. A value
of 0 means that the user does not have a Session Timeout limit.
Shows the number of seconds the user can remain idle before the switch automatically
logs the user out. A value of 0 means that the user will not be logged out automatically.
Idle Timeout
To access the configuration page for a specific user listed on the page, click the user name.
The following buttons are available at the bottom of the Local User table:
• Add: Click Add to add a new user to the Local User database.
• Delete: Select the check box next to the user to remove and click Delete. Select multiple check boxes to
delete more than one user at a time.
• Delete All: Click Delete All to remove all configured users from the local database.
• Refresh: Click Refresh to update the page with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 395
D-Link UWS User Manual
Captive Portal Configuration
Adding a Local User
When you click Add from the Local User Summary page, the screen refreshes, and you can add a new user to
the Local User database. To configure additional parameters for the new user, return to the Local User
Summary page and click the name of the new user. The captive portal Global Status page displays the
maximum number of users the Local User database supports.
Figure 268: Adding a New User
The following table describes the fields available when you add a new user to the local CP database. After you
complete the fields, click Add to add the user and return to the Local User Summary page.
Table 228: Local User Configuration
Field
Description
User Name
Password
User Group
Enter the name of the user.
Enter a password for the user. The password length can be from 8 to 64 characters.
Assign the user to at least one User Group. To assign a user to more than one group,
press the Ctrl key and click each group.
New users are assigned to the 1-Default user group by default.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 396
D-Link UWS User Manual
Captive Portal Configuration
Configuring Users in the Local Database
From the Local User Configuration page, you can configure additional settings for an existing CP user in the
local database. When you add a user, you can set maximum data transmission rates to control bandwidth
usage. The timeouts and transmission limits are configured on a per-user basis.
Figure 269: Local User Configuration
Table 229 describes the fields you use to configure CP users in the local database.
Table 229: Local User Configuration
Field
Description
User Name
Password
User Group
Enter the name of the user.
Enter a password for the user. The password length can be from 8 to 64 characters.
Assign the user to at least one User Group. To assign a user to more than one group,
press the Ctrl key and click each group.
New users are assigned to the 1-Default user group by default.
Enter the number of seconds a user is permitted to remain connected to the network.
Once the Session Timeout value is reached, the user is logged out automatically. A value
of 0 means that the user does not have a Session Timeout limit.
Enter the number of seconds the user can remain idle before the switch automatically
logs the user out. A value of 0 means that the user does not have an idle timeout limit.
Enter the maximum speed, in bytes per second, that the user can transmit traffic when
using the captive portal. This setting limits the bandwidth at which the user can send
data into the network.
Enter the maximum speed, in bytes per second, that the user can receive traffic when
using the captive portal. This setting limits the bandwidth at which the user can receive
data from the network.
Enter the maximum number of bytes that the user is allowed to receive when using the
captive portal. After this limit has been reached the user will be disconnected.
Session Timeout
Idle Timeout
Max Up Rate
Max Down Rate
Max Receive
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 397
D-Link UWS User Manual
Captive Portal Configuration
Table 229: Local User Configuration (Cont.)
Field
Description
Max Transmit
Enter the maximum number of bytes that the user is allowed to transmit when using the
captive portal. After this limit has been reached the user will be disconnected.
Enter the maximum number of bytes the user is allowed to transfer (sum of bytes
transmitted and received). After this limit has been reached the user will be
disconnected.
Max Total
Configuring Users in a Remote RADIUS Server
You can use a remote RADIUS server client authorization. You must add all users to the RADIUS server. The
local database in the DWS-4000 Series switch does not share any information with the remote RADIUS
database.
Table 230 indicates the RADIUS attributes you use to configure authorized captive portal clients. The table
indicates both RADIUS attributes and vendor-specific attributes (VSA). VSAs are denoted in the Attribute
column and are comma delimited (vendor id, attribute id).For each user entry in the RADIUS user database,
you can set maximum data transmission rates to control bandwidth usage. The timeouts and transmission
limits are configured on a per-user basis.
Table 230: Captive Portal User RADIUS Attributes
Attribute
Number
Description
User-Name
1
User-Password
2
Session-Timeout
27
Idle-Timeout
28
WISPr-BandwidthMax-Up
14122, 7
User name to be authorized 1-32
characters
User password
8-64
characters
Logout once session timeout Integer
is reached (seconds). If the (seconds)
attribute is 0 or not present
then use the value
configured for the captive
portal.
Logout once idle timeout is Integer
reached (seconds). If the
(seconds)
attribute is 0 or not present
then use the value
configured for the captive
portal.
Maximum client transmit
Integer
rate (b/s). Limits the
bandwidth at which the
client can send data into the
network. If the attribute is 0
or not present, then use the
value configured for the
captive portal.
D-Link
Oct. 2015
Range
Usage
Default
Required
None
Required
None
Optional
0
Optional
0
Optional
–
Unified Wired and Wireless Access System
Page 398
D-Link UWS User Manual
Captive Portal Configuration
Table 230: Captive Portal User RADIUS Attributes
Attribute
Number
Description
Range
Usage
Default
WISPr-BandwidthMax-Down
14122, 8
Integer
Optional
–
D-Link-Max-InputOctets
171, 124
Maximum client receive rate
(b/s). Limits the bandwidth at
which the client can receive
data from the network. If the
attribute is 0 or not present,
then use the value
configured for the captive
portal.
Maximum number of octets
the user is allowed to
transmit. After this limit has
been reached, the user will
be disconnected. If the
attribute is 0 or not present,
then use the value
configured for the captive
portal.
Maximum number of octets
the user is allowed to
receive. After this limit has
been reached, the user will
be disconnected. If the
attribute is 0 or not present,
then use the value
configured for the captive
portal.
Maximum number of octets
the user is allowed to
transfer (sum of octets
transmitted and received).
After this limit has been
reached, the user will be
disconnected. If the attribute
is 0 or not present, then use
the value configured for the
captive portal.
Integer
Optional
–
Integer
Optional
–
Integer
Optional
–
D-Link-Max-Output- 171, 125
Octets
D-Link-Max-TotalOctets
D-Link
Oct. 2015
171, 126
Unified Wired and Wireless Access System
Page 399
D-Link UWS User Manual
Captive Portal Configuration
Interface Association
From the Interface Association page, you can associate a configured captive portal with a specific physical
interface or wireless network (SSID). The CP feature only runs on the wired or wireless interfaces that you
specify. A CP can have multiple interfaces associated with it, but an interface can be associated to only one CP
at a time.
Note: When associating a physical (wired) interface with a captive portal configuration, note the
following restrictions:
• Captive portal and should not be enabled on the same physical interface.
• Captive portal and 802.1X cannot be enabled on the same physical interface.
• Port security and captive portal cannot be enabled on the same physical interface.
• If a physical interface is made a LAG member, the captive portal becomes disabled on the
interface.
To associate interfaces with CPs, click Security > Captive Portal > Interface Association.
Figure 270: Interface Association
Table 231 describes the fields on the Interface Association page.
Table 231: Global Captive Portal Configuration
Field
Description
CP Configuration
Associated
Interfaces
Lists the captive portals configured on the switch by number and name.
Lists the interfaces that are currently associated with the selected captive portal.
Wireless interfaces are identified by the wireless network number and SSID. Physical
(wired) interfaces are identified by the Port Description that includes slot number, port
number, and interface type.
Lists the interfaces available on the switch that are not currently associated with a CP.
Wireless interfaces are identified by the wireless network number and SSID. Physical
(wired) interfaces are identified by the Port Description that includes slot number, port
number, and interface type.
Interface List
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 400
D-Link UWS User Manual
Captive Portal Configuration
Use the following steps to associate one or more interfaces with a captive portal.
1. Select the desired captive portal from the CP Configuration list.
2. Select the interface or interfaces from the Interface List. To select more than one interface, hold CTRL and
click multiple interfaces.
3. Click Add.
Note: When you associate an interface with a captive portal, the interface is removed from the
Interface List. Each interface can be associated with only one CP at a time.
Use the following steps to remove an interface from the Associated Interfaces list for a captive portal.
1. Select the desired captive portal from the CP Configuration list.
2. In the Associated Interfaces field, select the interface or interfaces to remove. To select more than one
interface, hold CTRL and click multiple interfaces.
3. Click Delete.
The interface is removed from the Associated Interface list and appears in the Interface List.
CP Global Status
The CP Global Status page contains a variety of information about the CP feature. From the CP Global Status
page, you can access information about the CP activity and interfaces.
To view captive portal status information, click LAN > Security > Captive Portal > CP Status.
Figure 271: Global Captive Portal Status
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 401
D-Link UWS User Manual
Captive Portal Configuration
Table 232 describes the fields displayed on the CP Global Status page.
Table 232: Global Captive Portal Status
Field
Description
CP Global Operational Status Shows whether the CP feature is enabled.
CP Global Disable Reason
Indicates the reason for the CP to be disabled, which can be one of the
following:
• None
• Administratively Disabled
• No IPv4 Address
• Routing Enabled, but no IPv4 routing interface
Supported Local Users
Shows the number of entries that the Local User database supports.
Configured Local Users
Shows the number of users configured in the system.
System Supported Users
Shows the number of authenticated users that the system can support.
CP IP Address
Shows the captive portal IP address
Supported Captive Portals
Shows the number of supported captive portals in the system.
Configured Captive Portals
Shows the number of captive portals configured on the switch.
Active Captive Portals
Shows the number of captive portal instances that are operationally enabled.
Authenticated Users
Shows the number of users currently authenticated to all captive portal
instances on this switch.
Viewing CP Activation and Activity Status
The CP Activation and Activity Status page provides information about each CP configured on the switch.
Figure 272: CP Activation and Activity Status
The CP Activation and Activity Status page has a drop-down menu that contains all captive portals configured
on the switch. When you select a captive portal, the activation and activity status for that portal displays.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 402
D-Link UWS User Manual
Captive Portal Configuration
Table 233 describes the information that displays for each portal.
Table 233: CP Activation and Activity Status
Field
Description
Operational Status Indicates whether the captive portal is enabled or disabled.
Disable Reason
If the captive portal is disabled, then this field indicates the reason. The portal instance
may be disabled for the following reasons:
• None - CP is enabled.
• Administratively Disabled
• RADIUS Authentication mode enabled, but RADIUS server is not defined.
• Not associated with any interfaces.
• The associated interfaces do not exist or do not support the CP capability.
Blocked Status
Indicates whether authentication attempts to the captive portal are currently blocked.
Use the Block and Unblock buttons to control the blocked status. If the CP is blocked,
users cannot gain access to the network through the CP. Use this function to temporarily
protect the network during unexpected events, such as denial of service attacks.
Block and Unblock are only available when the CP operational status is Enabled. The
blocked status is an operational parameter and does not persist across switch reboot
even if the switch configuration is saved before a reboot.
Authenticated
Shows the number of users that successfully authenticated to this captive portal and are
Users
currently using the portal.
The following buttons are available on the CP Activation and Activity page:
• Block—Click Block to prevent users from gaining access to the network through the selected captive
portal.
• Unblock—If the Blocked Status of the selected captive portal is Blocked, click Unblock to allow access to
the network through the captive portal.
• Refresh—Click Refresh to update the screen with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 403
D-Link UWS User Manual
Captive Portal Configuration
Interface Status
The pages available from the Interface Status link provide information about the captive portal interfaces and
their capabilities.
Viewing Interface Activation Status
The Interface Activation Status page shows information for every interface assigned to a captive portal
instance. Use the drop-down menus to select the portal or interface for which you want to view information.
Figure 273: Interface Activation Status
The following table describes the fields on the Interface Activation Status page.
Table 234: Interface Activation Status
Field
Description
Operational Status Shows whether the portal is active on the specified interface.
Disable Reason
If the selected CP is disabled on this interface, this field indicates the reason, which can
be one of the following:
• Interface Not Attached
• Disabled by Administrator
Blocked Status
Indicates whether the captive portal is temporarily blocked for authentications.
Authenticated
Displays the number of authenticated users using the captive portal instance on this
Users
interface.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 404
D-Link UWS User Manual
Captive Portal Configuration
Viewing Interface Capability Status
The Interface Capability Status page contains information about interfaces that can have CPs associated with
them. The page also contains status information for various capabilities. Specifically, this page indicates what
services are provided through the CP to clients connected on this interface. The list of services is determined
by the interface capabilities.
Figure 274: Interface Capability Status
The drop-down menu contains all the wired and wireless interfaces available on the switch. Each wireless
interface is identified by its wireless network number and SSID. Physical (wired) interfaces are identified by the
Port Description that includes slot number, port number, and interface type.
Use the drop-down menu to select the interface with the information to display.
Table 235 describes the fields on the Interface Capability Status page.
Table 235: Interface and Capability Status
Parameter
Description
Bytes Received Counter
Shows whether the interface supports displaying the number of bytes received
from each client.
Bytes Transmitted Counter Shows whether the interface supports displaying the number of bytes
transmitted to each client.
Packets Received Counter Shows whether the interface supports displaying the number of packets
received from each client.
Packets Transmitted Counter Shows whether the interface supports displaying the number of packets
transmitted to each client.
Session Timeout
Shows whether the interface supports client session timeout. This attribute is
supported on all interfaces.
Idle Timeout
Shows whether the interface supports a timeout when the user does not send
or receive any traffic.
Roaming Support
Shows whether the interface supports client roaming. Only wireless interfaces
support client roaming.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 405
D-Link UWS User Manual
Captive Portal Configuration
Client Connection Status
From the Client Connection Status page, you can access several pages that provide information about clients
that are connected to the switch through the CP.
Use the Client Summary page to view summary information about all authenticated wireless clients that are
connected through the captive portal. From this page, you can manually force the captive portal to disconnect
one or more authenticated clients. The list of wireless clients is sorted by client MAC address.
If the switch supports clustering and there are peer switches in the cluster, some of the clients displayed on
the page might be connected to the network through other switches. For more information about the client,
and to view information about which switch handled the authentication for the client, click the MAC address
of the client.
To view information about the wireless clients connected to the DWS-4000 Series switch through the captive
portal, click LAN > Security > Captive Portal > Client Connection Status.
Figure 275: Client Summary
The following table describes the fields on the Client Summary page.
Table 236: Client Summary
Field
Description
MAC Address
Identifies the MAC address of the wireless client (if applicable). If the MAC address
is marked with an asterisk (*), the authenticated client is authenticated by a peer
switch. In order words, the cluster controller was not the authenticator.
Identifies the IP address of the wireless client (if applicable).
Displays the user name (or Guest ID) of the connected client.
Shows the current connection protocol, which is either HTTP or HTTPS.
Shows the current account type, which is Guest, Local, or RADIUS.
IP Address
User
Protocol
Verification
To force the captive portal to disconnect an authenticated client, select the check box next to the client MAC
address and click Delete. To disconnect all clients from all captive portals, click Delete All.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 406
D-Link UWS User Manual
Captive Portal Configuration
Viewing Client Details
The Client Detail page shows detailed information about each client connected to the network through a
captive portal.
Figure 276: Client Detail
The drop-down menu lists each associated client by MAC address. To view status information for a different
client, select its MAC address from the list.
Table 237 describes the fields on the Client Detail page.
Table 237: Client Detail
Field
Description
Client IP Address
CP Configuration
Protocol
Session Time
Switch Type
Identifies the IP address of the wireless client (if applicable).
Identifies the CP configuration the wireless client is using.
Shows the current connection protocol, which is either HTTP or HTTPS.
Shows the amount of time that has passed since the client was authorized.
Shows whether the switch handling authentication for this client is the local switch or
a peer switch in the cluster.
User Name
Displays the user name (or Guest ID) of the connected client.
Interface
Identifies the interface the wireless client is using.
Verification
Shows the current account type, which is Guest, Local, or RADIUS.
Switch MAC Address Shows the MAC address of the switch handling authentication for this client. If
clustering is supported, this field might display the MAC address of a peer switch in the
cluster.
Switch IP Address
Shows the IP address of the switch handling authentication for this client. If clustering
is supported, this field might display the IP address of a peer switch in the cluster.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 407
D-Link UWS User Manual
Captive Portal Configuration
Viewing the Client Statistics
Use the Client Statistics page to view information about the traffic a client has sent or received.
Figure 277: Client Statistics
The drop-down menu lists each associated client by MAC address. To view statistical information for a client,
select it from the list.
Table 238 describes the fields on the Client Statistics page.
Table 238: Client Interface Association Connection Statistics
Field
Description
Bytes Transmitted
Bytes Received
Packets Transmitted
Packets Received
Total bytes the client has transmitted
Total bytes the client has received
Total packets the client has transmitted
Total packets the client has received
Viewing the Client Interface Association Status
Use the Interface - Client Status page to view clients that are authenticated to a specific interface.
Figure 278: Interface - Client Status
The drop-down menu lists each interface on the switch. To view information about the clients connected to a
CP on this interface, select it from the list.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 408
D-Link UWS User Manual
Captive Portal Configuration
Table 239 describes the fields on the Interface - Client Status page.
Table 239: Interface - Client Status
Field
Description
MAC Address
Identifies the MAC address of the wireless client. If the MAC address is
marked with an asterisk (*), the authenticated client is authenticated by a
peer switch. In order words, the cluster controller was not the authenticator.
Identifies the IP address of the wireless client.
Identifies the captive portal the client used to access the network.
Shows the current connection protocol, which is either HTTP or HTTPS.
Shows the current account type, which is Guest, Local, or RADIUS.
IP Address
CP Configuration
Protocol
Verification
Viewing the Client CP Association Status
Use the CP - Client Status page to view clients that are authenticated to a specific CP configuration.
Figure 279: CP - Client Status
The drop-down menu lists each CP configured on the switch. To view information about the clients connected
to the CP, select it from the list.
The following table describes the fields on the Client CP Association Status page.
Table 240: CP - Client Status
Field
Description
MAC Address
Identifies the MAC address of the wireless client. If the MAC address is marked with
an asterisk (*), the authenticated client is authenticated by a peer switch. In order
words, the cluster controller was not the authenticator.
Identifies the IP address of the wireless client.
Identifies the interface the client used to access the network.
Shows the current connection protocol, which is either HTTP or HTTPS.
Shows the current account type, which is Guest, Local, or RADIUS.
IP Address
Interface
Protocol
Verification
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 409
D-Link UWS User Manual
Captive Portal Configuration
SNMP Trap Configuration
Use the SNMP Trap Configuration page to configure whether or not SNMP traps are sent from the Captive
Portal and to specify captive portal events that will generate a trap.
Note: You can configure the Captive Portal traps only if the Captive Portal Trap Mode is enabled,
which you configure on the LAN > Administration > SNMP Manager > Trap Flags page.
All CP SNMP traps are disabled by default.
To configure SNMP trap settings for various captive portal features, click Security > Captive Portal > SNMP
Trap Configuration.
Figure 280: SNMP Trap Configuration
The traps specified in the table below are generated only by the Cluster Controller unless otherwise specified.
The following table describes the events that generate SNMP traps when the status is Enabled.
Table 241: SNMP Trap Configuration
Field
Description
Captive Portal Trap Mode
Displays the captive portal trap mode status. To enable or disable the mode,
use Captive Portal menu on the LAN > Administration > SNMP Manager >
Trap Flags page.
If you enable this field, the SNMP agent sends a trap when a client attempts
to authenticate with a captive portal but is unsuccessful.
If you enable this field, the SNMP agent sends a trap when a client
authenticates with and connects to a captive portal.
If you enable this field, the SNMP agent sends a trap each time an entry
cannot be added to the client database because it is full.
If you enable this field, the SNMP agent sends a trap when a client
disconnects from a captive portal.
Client Authentication Failure
Traps
Client Connection Traps
Client Database Full Traps
Client Disconnection Traps
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 410
D-Link UWS User Manual
RADIUS Settings
RADIUS Settings
Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. The
RADIUS server maintains a user database, which contains per-user authentication information. RADIUS servers
provide a centralized authentication method for:
• Telnet Access
• Web Access
• Console Access
• Port Access Control (802.1X)
RADIUS Configuration
Use the RADIUS Configuration page to view and configure various settings for the RADIUS servers configured
on the system.
To access the RADIUS Configuration page, click LAN > Security > RADIUS > RADIUS Configuration in the
navigation menu.
Figure 281: RADIUS Configuration
Table 242: RADIUS Configuration Fields
Field
Description
Number of Configured
Authentication Servers
Number of Configured
Accounting Servers
Number of Named
Authentication Server Groups
The number of RADIUS authentication servers configured on the system. The
value can range from 0 to 32.
The number of RADIUS accounting servers configured on the system. The
value can range from 0 to 32.
The number of authentication server groups configured on the system. An
authentication server group contains one or more configured authentication
servers that share the same RADIUS server name.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 411
D-Link UWS User Manual
RADIUS Settings
Table 242: RADIUS Configuration Fields (Cont.)
Field
Description
Number of Named Accounting The number of accounting server groups configured on the system. An
Server Groups
accounting server group contains one or more configured authentication
servers that share the same RADIUS server name.
Max Number of Retransmits The value of the maximum number of times a request packet is retransmitted.
The valid range is 1-15.
Consideration to maximum delay time should be given when configuring
RADIUS max retransmit and RADIUS timeout. If multiple RADIUS servers are
configured, the max retransmit value on each will be exhausted before the
next server is attempted. A retransmit will not occur until the configured
timeout value on that server has passed without a response from the RADIUS
server. Therefore, the maximum delay in receiving a response from the
RADIUS application equals the sum of (retransmit times timeout) for all
configured servers. If the RADIUS request was generated by a user login
attempt, all user interfaces will be blocked until the RADIUS application
returns a response.
Timeout Duration (secs)
The timeout value, in seconds, for request retransmissions. The valid range is
1 - 30.
See the Max Number of Retransmits field description for more information
about configuring the timeout duration.
Accounting Mode
Use the menu to select whether the RADIUS accounting mode is enabled or
disabled on the current server.
Enable RADIUS Attribute 4
To set the network access server (NAS) IP address for the RADIUS server,
(NAS-IP Address)
select the option and enter the IP address of the NAS in the available field.
The address should be unique to the NAS within the scope of the RADIUS
server. The NAS IP address is only used in Access-Request packets.
NAS-IP Address
Enter the IP address of the NAS. This field can be edited only when the Enable
RADIUS Attribute 4 field is selected.
Accounting Interim Update
Mode
Radius Accounting Interim
Interval
The address should be unique to the NAS within the scope of the RADIUS
server. The NAS IP address is only used in Access-Request packets.
Enable the option to send RADIUS Accounting (Interim-Update) based on
Interim Interval Period. By default this mode is disabled.
This interim Interval at which Radius Accounting (Interim-Update) packets
should be sent by the switch. The value should be in the range 300 - 3600. By
default it is not configured.
Use the buttons at the bottom of the page to perform the following actions:
• Click Refresh to update the page with the most current information.
• If you make changes to the page, click Submit to apply the changes to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 412
D-Link UWS User Manual
RADIUS Settings
RADIUS Server Configuration
From the RADIUS Authentication Server Configuration page, you can add a new RADIUS server, configure
settings for a new or existing RADIUS server, and view RADIUS server status information. The RADIUS client on
the switch supports up to 32 named authentication and accounting servers.
To access the RADIUS Server Configuration page, click LAN > Security > RADIUS > RADIUS Authentication
Server Configuration in the navigation menu.
If there are no RADIUS servers configured on the system, or if you select Add from the RADIUS Server Host
Address menu, a subset of the fields described in the following table are available. After you enter the RADIUS
host address and click Submit, the additional configuration fields appear.
Figure 282: RADIUS Server Configuration—Add Server
If at least one RADIUS server is configured on the switch, and a host address is selected in the RADIUS Server
Host Address field, then additional fields are available on the RADIUS Server Configuration page.
Figure 283: RADIUS Server Configuration—Server Added
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 413
D-Link UWS User Manual
RADIUS Settings
Table 243: RADIUS Server Configuration Fields
Field
Description
RADIUS Server Host Address Use the drop-down menu to select the IP address of the RADIUS server to view
or configure. Select Add to configure additional RADIUS servers.
Port
Identifies the authentication port the server uses to verify the RADIUS server
authentication. The port is a UDP port, and the valid range is 1-65535. The
default port for RADIUS authentication is 1812.
Secret
Shared secret text string used for authenticating and encrypting all RADIUS
communications between the device and the RADIUS server. This secret must
match the RADIUS encryption.
Apply
The Secret will only be applied if this box is checked. If the box is not checked,
anything entered in the Secret field will have no affect and will not be
retained. This field is only displayed if the user has READWRITE access.
Primary Server
Sets the selected server to the Primary (Yes) or Secondary (No) server.
If you configure multiple RADIUS servers with the same RAIDUS Server Name,
designate one server as the primary and the other(s) as the backup server(s).
The switch attempts to use the primary server first, and if the primary server
does not respond, the switch attempts to use one of the backup servers with
the same RADIUS Server Name.
Message Authenticator
Enable or disable the message authenticator attribute for the selected server.
Domain Name
Specifies whether the domain name automatically attachment mechanism is
enabled or disabled. The default value is clear (disable).
RADIUS Server Domain Name Indicates which domain to automatically attach to the captive portal user.
For instance, if Domain Name checkbox is selected, RADIUS Server Domain
Name field is configured as example.com and the captive portal username is
test-user, controller will use test-user@example.com as username for Radius
authentication
Secret Configured
Indicates whether the shared secret for this server has been configured.
Current
Indicates whether the selected RADIUS server is the current server (Yes) or a
backup server (No).
If more than one RADIUS server is configured with the same name, the switch
selects one of the servers to be the current server from the group of servers
with the same name.
When the switch sends a RADIUS request to the named server, the request is
directed to the server selected as the current server. Initially the primary
server is selected as the current server. If the primary server fails, one of the
other servers becomes the current server. If the primary server is not
configured, the current server is the most recently configured RADIUS server.
RADIUS Server Name
Shows the RADIUS server name.
To change the name, enter up to 32 alphanumeric characters. Spaces,
hyphens, and underscores are also permitted. If you do not assign a name, the
server is assigned the default name Default-RADIUS-Server.
Note: Configure at least one RADIUS server with the name Default-RADIUSServer. Some of the switch features, such as 802.1X, expect the RADIUS server
to use the default name.
You can use the same name for multiple RADIUS Authentication servers.
RADIUS clients can use RADIUS servers with the same name as backups for
each other.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 414
D-Link UWS User Manual
RADIUS Settings
Use the buttons at the bottom of the page to perform the following actions:
• If you make changes to the page, click Submit to apply the changes to the system.
• To delete a configured RADIUS authentication server, select the IP address of the server from the RADIUS
Server Host Address menu, and then click Remove.
• Click Refresh to update the page with the most current information.
Viewing Named Server Status Information
The RADIUS Named Server Status page shows summary information about the RADIUS servers configured on
the system.
Figure 284: Named Server Status
Table 244: RADIUS Server Configuration Fields
Field
Description
Current
An asterisk (*) in the column Indicates that the server is the current server for
the authentication server group. If no asterisk is present, the server is a
backup server.
If more than one RADIUS server is configured with the same name, the switch
selects one of the servers to be the current server from the group of servers
with the same name.
When the switch sends a RADIUS request to the named server, the request is
directed to the server selected as the current server. Initially the primary
server is selected as the current server. If the primary server fails, one of the
other servers becomes the current server.
RADIUS Server Host Address Shows the IP address of the RADIUS server.
RADIUS Server Name
Shows the RADIUS server name.
Multiple RADIUS servers can have the same name. In this case, RADIUS clients
can use RADIUS servers with the same name as backups for each other.
Port Number
Identifies the authentication port the server uses to verify the RADIUS server
authentication. The port is a UDP port.
Server Type
Shows whether the server is a Primary or Secondary server.
Secret Configured
Indicates whether the shared secret for this server has been configured.
Message Authenticator
Shows whether the message authenticator attribute for the selected server is
enabled or disabled.
Click Refresh to update the page with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 415
D-Link UWS User Manual
RADIUS Settings
RADIUS Server Statistics
To access the RADIUS Server Statistics page, click LAN > Monitoring > RADIUS Statistics > Server Statistics in
the navigation menu.
Figure 285: RADIUS Server Statistics
RADIUS Accounting Server Configuration
From the RADIUS Accounting Server Configuration page, you can add a new RADIUS accounting server,
configure settings for a new or existing RADIUS accounting server, and view RADIUS accounting server status
information. The RADIUS client on the switch supports up to 32 named authentication and accounting servers.
If there are no RADIUS accounting servers configured on the system or if you select Add from the Accounting
Server Host Address menu, a subset of the fields described in the following table are available.
Figure 286: Add RADIUS Accounting Server
After you enter the Accounting server host address and click Submit, the additional configuration fields
appear.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 416
D-Link UWS User Manual
RADIUS Settings
If at least one RADIUS accounting server is configured on the switch, and a host address is selected in the
Accounting Server Host Address field, then additional fields are available on the Accounting Server
Configuration page.
Figure 287: RADIUS Accounting Server Configuration—Server Added
Table 245: RADIUS Accounting Server Configuration Fields
Field
Description
Accounting Server Host
Address
Port
Use the drop-down menu to select the IP address of the accounting server to
view or configure. Select Add to configure additional RADIUS servers.
Identifies the authentication port the server uses to verify the RADIUS
accounting server authentication. The port is a UDP port, and the valid range
is 1-65535. The default port for RADIUS accounting is 1813.
Specifies the shared secret to use with the specified accounting server. This
field is only displayed if you are logged into the switch with READWRITE
access.
The Secret will only be applied if this box is checked. If the box is not checked,
anything entered in the Secret field will have no affect and will not be
retained. This field is only displayed if you are logged into the switch with
READWRITE access.
Indicates whether the shared secret for this server has been configured.
Enter the name of the RADIUS accounting server.
The name can contain up to 32 alphanumeric characters. Spaces, hyphens,
and underscores are also permitted. If you do not assign a name, the server is
assigned the default name Default-RADIUS-Server.
You can use the same name for multiple RADIUS accounting servers. RADIUS
clients can use accounting servers with the same name as backups for each
other.
Secret
Apply
Secret Configured
RADIUS Accounting Server
Name
Use the buttons at the bottom of the page to perform the following actions:
• If you make changes to the page, click Submit to apply the changes to the system.
• To delete a configured RADIUS accounting server, select the IP address of the server from the RADIUS
Server IP Address drop-down menu, and then click Remove.
• Click Refresh to update the page with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 417
D-Link UWS User Manual
RADIUS Settings
Viewing Named Accounting Server Status
The RADIUS Named Accounting Server Status page shows summary information about the accounting servers
configured on the system.
Figure 288: RADIUS Named Accounting Server Status
Table 246: Named Accounting Server Fields
Field
Description
RADIUS Accounting Server
Name
Shows the RADIUS accounting server name.
Multiple RADIUS accounting servers can have the same name. In this case,
RADIUS clients can use RADIUS servers with the same name as backups for
each other.
Shows the IP address of the RADIUS server.
Identifies the authentication port the server uses to verify the RADIUS server
authentication. The port is a UDP port.
Indicates whether the shared secret for this server has been configured.
IP Address
Port Number
Secret Configured
Click Refresh to update the page with the most current information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 418
D-Link UWS User Manual
RADIUS Settings
RADIUS Server Statistics
To access the RADIUS Server Statistics page, click LAN > Monitoring > RADIUS Statistics > Server Statistics in
the navigation menu.
Figure 289: RADIUS Accounting Server Statistics
Clear Statistics
Use the RADIUS Clear Statistics page to reset all RADIUS authentication and accounting statistics to zero.
To access the RADIUS Clear Statistics page, click LAN > Security > RADIUS > Clear RADIUS Statistics in the
navigation menu.
Figure 290: RADIUS Clear Statistics
To clear all statistics for the RADIUS authentication and accounting server, click Clear.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 419
D-Link UWS User Manual
Port Access Control
Port Access Control
In port-based authentication mode, when 802.1X is enabled globally and on the port, successful
authentication of any one supplicant attached to the port results in all users being able to use the port without
restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode.
Ports in this mode are under bidirectional control. This is the default authentication mode.
The 802.1X network has three components:
• Authenticators: Specifies the port that is authenticated before permitting system access.
• Supplicants: Specifies host connected to the authenticated port requesting access to the system services.
• Authentication Server: Specifies the external server, for example, the RADIUS server that performs the
authentication on behalf of the authenticator, and indicates whether the user is authorized to access
system services.
Global Port Access Control Configuration
Use the Port Based Access Control Configuration page to enable or disable port access control on the system.
To display the Port Based Authentication page, click LAN > Security > Port Access Control > Configuration in
the navigation menu.
Figure 291: Global Port Access Control Configuration
Table 247: Global Port Access Control Configuration Fields
Field
Description
Administrative Mode
Select Enable or Disable 802.1x mode on the switch. The default is Disable.
This feature permits port-based authentication on the switch.
If enabled, when a supplicant is authenticated by a authentication server, the
port that the supplicant is connected to is placed in a particular VLAN specified
by the RADIUS server. VLAN Assignment mode controls if the switch is allowed
to place a port in a RADIUS-assigned VLAN. A port’s VLAN assignment is
determined by the first supplicant that is authenticated on the port.
VLAN Assignment Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 420
D-Link UWS User Manual
Port Access Control
Table 247: Global Port Access Control Configuration Fields (Cont.)
Field
Description
Dynamic VLAN Creation Mode Select Enable to allow the switch to dynamically create a RADIUS-assigned
VLAN if it does not already exist in the VLAN database.
Monitor Mode
Select Enable to permit network access even when the 802.1X authentication
process fails. The switch logs the results of the authentication process for
diagnostic purposes.
Monitor Mode can help you troubleshoot Dot1X configuration problems
without affecting network access for end users.
• If you change the mode, click Submit to apply the new settings to the system.
Port Configuration
Use the Port Access Control Port Configuration page to enable and configure port access control on one or
more ports.
To access the Port Based Access Control Port Configuration page, click LAN > Security > Port Access Control >
Port Configuration in the navigation menu.
Figure 292: Port Access Control Port Configuration
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 421
D-Link UWS User Manual
Port Access Control
Table 248: Port Access Control Port Configuration Fields
Field
Description
Interface
Control Mode
Selects the Port to configure.
Defines the port authorization state. The control mode is only set if the link
status of the port is link up. The possible field values are:
• Auto: Automatically detects the mode of the interface.
• Force Authorized: Places the interface into an authorized state without
being authenticated. The interface sends and receives normal traffic
without client port-based authentication.
• Force Unauthorized: Denies the selected interface system access by
moving the interface into unauthorized state. The switch cannot provide
authentication services to the client through the interface.
Defines the amount of time that the switch remains in the quiet state
following a failed authentication exchange. The possible field range is 065535. The field value is in seconds. The field default is 60 seconds.
Defines the transmit period for the selected port. The transmit period is the
value, in seconds, of the timer used by the authenticator state machine on the
specified port to determine when to send an EAPOL EAP Request/Identity
frame to the supplicant. The transmit period must be a number in the range
of 1 and 65535. The default value is 30.
Defines the Guest VLAN ID on the interface. The valid range is 0 to 3965. The
default value is 0. Enter zero (0) to clear the Guest VLAN ID on the interface.
Defines the Guest VLAN period for the selected port. The Guest VLAN period
is the value, in seconds, of the timer used by the Guest VLAN Authentication.
The Guest VLAN timeout must be a value in the range of 1 to 300. The default
value is 90.
Defines the Unauthenticated VLAN ID for the selected port. The valid range is
0 to 3965. The default value is zero (0). Enter zero (0) to clear the
Unauthenticated VLAN ID on the interface.
Defines the amount of time that lapses before EAP requests are resent to the
user. The value must be in the range of 1 to 65535 seconds. The value is 30
seconds.
Defines the amount of time that lapses before the switch resends a request to
the authentication server. The field value is in seconds. The range is 1-65535,
and the field default is 30 seconds.
Defines the maximum number of times the switch can send an EAP request
before restarting the authentication process if it does not receive a response.
The possible field range is 1-10. The field default is 2 retries.
Indicates the time span in which the selected port is reauthenticated. The field
value is in seconds. The range is 1 - 65535, and the field default is 3600
seconds.
Reauthenticates the selected port periodically, when enabled. The default
value is False.
Defines the maximum number of clients that can get authenticated on the
port in the MAC-based dot1x authentication mode. The range is 1 to 16. The
default value is 16.
Quiet Period (secs)
Transmit Period (secs)
Guest VLAN ID
Guest VLAN Period (secs)
Unauthenticated VLAN ID
Supplicant Timeout (secs)
Server Timeout (secs)
Maximum Requests
Reauthentication Period
(secs)
Reauthentication Enabled
Maximum Users
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 422
D-Link UWS User Manual
Port Access Control
• Click Submit to send the updated screen to the switch and cause the changes to take effect on the switch
but these changes will not be retained across a power cycle unless a save is performed.
• Click Refresh to update the information on the screen.
• Click Initialize to begin the initialization sequence on the selected port. This button is only selectable if the
control mode is 'auto'. If the button is not selectable, it will be grayed out. Once this button is pressed, the
action is immediate. It is not required to press the Submit button for the action to occur.
• Click Reauthenticate to begin the reauthentication sequence on the selected port. This button is only
selectable if the control mode is 'auto'. If the button is not selectable, it will be grayed out. Once this
button is pressed, the action is immediate. It is not required to press the Submit button for the action to
occur.
Port Access Entity Capability Configuration
Use the Port Access Entity (PAE) Capability Configuration page to configure a port as an authenticator or
supplicant.
To access the PAE Capability Configuration page, click LAN > Security > Port Access Control > PAE Capability
Configuration.
Figure 293: PAE Capability Configuration
Table 249: PAE Capability Configuration
Field
Description
Interface
PAE Capabilities
Select the Slot/Port to configure.
Select authenticator or supplicant from the list.
Click Submit to set the PAE capability. Note that these changes will not be retained across a power cycle unless
you explicitly save the changes (see “Save All Applied Changes” on page 171).
If you configured a port as a supplicant, use the “Supplicant Port Configuration” page to configure additional
operational parameters for the port.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 423
D-Link UWS User Manual
Port Access Control
Supplicant Port Configuration
After you have configured a port as a supplicant, use this page to configure operational properties of the port.
To access the Supplicant Port Configuration page, click LAN > Security > Port Access Control > Supplicant Port
Configuration.
Figure 294: Port Access Control Supplicant Port Configuration
Table 250: Dot1x Supplicant Port Configuration
Field
Description
Interface
Control Mode
Select the port to configure.
Select the port authorization state. The control mode is set only if the link status of
the port is link up. The possible field values are:
Auto: The ports mode (Authorized, Unauthorized, etc.) is determined by 802.1X
exchanges with supplicants and the authentication server.
Force Authorized: Places the interface into an authorized state without being
authenticated. The interface sends and receives normal traffic without client portbased authentication.
Force Unauthorized: Denies the selected interface system access by moving the
interface into unauthorized state. The switch cannot provide authentication
services to supplicants through this interface.
Select the users that will have access to the specified port. The possible values are
admin and guest.
Enter the wait interval period in seconds for the supplicant to receive the
authenticator's EAP Identity request message.
Enter the wait interval period in seconds for the supplicant to start the next
authentication process after a previous authentication process failure.
Enter the wait interval period for the supplicant to receive EAP challenge requests
form the authenticator.
Enter the maximum number of successive EAPOL start messages that will be sent
before the supplicant assumes that there is no authenticator present.
User Name
Start Period
Held Period
Authentication Period
Maximum Requests
Click Submit to configure the supplicant. Click Refresh to display the page with the latest data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 424
D-Link UWS User Manual
Port Access Control
Port Status
Use the Port Access Control Port Status page to view information about the port access control settings on a
specific port.
To access the Port Access Control Port Status page, click Security > Port Access Control > Port Status in the
navigation menu.
Figure 295: Port Access Control Status
Figure 296 on page 426 is an example of the fields displayed for the port when the Control mode of the port
is MAC-based.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 425
D-Link UWS User Manual
Port Access Control
Figure 296: Port Access Control Status - MAC-based Control Mode
Table 251: Port Access Control Status Fields
Field
Description
Interface
Protocol Version
Selects the Unit and Port to view.
This field displays the protocol version associated with the selected port. The
only possible value is 1, corresponding to the first version of the 802.1x
specification. This field is not configurable.
This field displays the port access entity (PAE) functionality of the selected
port. Possible values are "Authenticator" or "Supplicant". This field is not
configurable.
Defines the port authorization state. The control mode is only set if the link
status of the port is link up. The possible field values are:
• Auto: Automatically detects the mode of the interface.
• Force Authorized: Places the interface into an authorized state without
being authenticated. The interface sends and receives normal traffic
without client port-based authentication.
• Force Unauthorized: Denies the selected interface system access by
moving the interface into unauthorized state. The switch cannot provide
authentication services to the client through the interface.
• MAC-based: Sets the mode of the interface to authentication on a per
supplicant basis.
PAE Capabilities
Control Mode
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 426
D-Link UWS User Manual
Port Access Control
Table 251: Port Access Control Status Fields (Cont.)
Field
Description
Authenticator PAE State
This field displays the current state of the authenticator PAE state machine.
Possible values are as follows:
• Initialize
• Disconnected
• Connecting
• Authenticating
• Authenticated
• Aborting
• Held
• ForceAuthorized
• ForceUnauthorized
Backend Authentication State This field displays the current state of the backend authentication state
machine. Possible values are as follows:
• Request
• Response
• Success
• Fail
• Timeout
• Initialize
• Idle
Quiet Period
Displays the configured quiet period for the selected port. This quiet period is
the value, in seconds, of the timer used by the authenticator state machine on
this port to define periods of time in which it will not attempt to acquire a
supplicant. The quiet period is the period for which the authenticator does not
attempt to acquire a supplicant after a failed authentication exchange with
the supplicant. The quiet period is a number in the range of 0 and 65535.
Transmit Period
Displays the configured transmit period for the selected port. The transmit
period is the value, in seconds, of the timer used by the authenticator state
machine on the specified port to determine when to send an EAPOL EAP
Request/Identity frame to the supplicant. The transmit period is a number in
the range of 1 and 65535.
Guest VLAN ID
Displays the Guest VLAN ID configured on the interface. The valid range is 0 to
3965.
Guest VLAN Period (secs)
Displays the Guest VLAN period for the selected port. The Guest VLAN period
is the value, in seconds, of the timer used by the Guest VLAN Authentication.
The value is in the range of 1 to 300.
Supplicant Timeout
Displays the configured supplicant timeout for the selected port. The
supplicant timeout is the value, in seconds, of the timer used by the
authenticator state machine on this port to timeout the supplicant. The
supplicant timeout is a value in the range of 1 and 65535.
Server Timeout
Displays the configured server timeout for the selected port. The server
timeout is the value, in seconds, of the timer used by the authenticator on this
port to timeout the authentication server. The server timeout is a value in the
range of 1 and 65535.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 427
D-Link UWS User Manual
Port Access Control
Table 251: Port Access Control Status Fields (Cont.)
Field
Description
Maximum Requests
Displays the configured maximum requests for the selected port. The
maximum requests value is the maximum number of times the authenticator
state machine on this port will retransmit an EAPOL EAP Request/Identity
before timing out the supplicant. The maximum requests value is in the range
of 1 and 10.
Displays the VLAN ID assigned to the selected interface by the Authenticator.
Note: This field is displayed only when the port control mode of the selected
interface is not MAC-based.
Displays the reason for the VLAN ID assigned by the authenticator to the
selected interface. Possible values are:
• Radius
• Unauth
• Default
• Not Assigned
Note: This field is displayed only when the port control mode of the selected
interface is not MAC-based.
Displays the configured reauthentication period for the selected port. The
reauthentication period is the value, in seconds, of the timer used by the
authenticator state machine on this port to determine when reauthentication
of the supplicant takes place. The reauthentication period is a value in the
range of 1 and 65535.
Displays if reauthentication is enabled on the selected port. This is a
configurable field. The possible values are 'true' and 'false'. If the value is 'true'
reauthentication will occur. Otherwise, reauthentication will not be allowed.
This field displays if key transmission is enabled on the selected port. This is
not a configurable field. The possible values are 'true' and 'false'. If the value
is 'false', key transmission will not occur. Otherwise, key transmission is
supported on the selected port.
This displays the control direction for the specified port. The control direction
dictates the degree to which protocol exchanges take place between
Supplicant and Authenticator. This affects whether the unauthorized
controlled port exerts control over communication in both directions
(disabling both incoming and outgoing frames) or just in the incoming
direction (disabling only the reception of incoming frames).
Note: This field is not configurable on some platforms.
Displays the maximum number of clients that can get authenticated on the
port in the MAC-based dot1x authentication mode. This field is configurable.
The maximum users value is in range of 1 to 16.
Displays the Unauthenticated VLAN ID for the selected port. The valid range is
0 to 3965.
Displays the Session Timeout set by the RADIUS Server for the selected port.
Note: This field is displayed only when the port control mode of the selected
port is not MAC-based.
VLAN Assigned
VLAN Assigned Reason
Reauthentication Period
Reauthentication Enabled
Key Transmission Enabled
Control Direction
Maximum Users
Unauthenticated VLAN ID
Session Timeout
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 428
D-Link UWS User Manual
Port Access Control
Table 251: Port Access Control Status Fields (Cont.)
Field
Description
Session Termination Action
Displays the Termination Action set by the RADIUS Server for the selected
port. Possible values are:
• Default
• Reauthenticate
If the termination action is Default then, at the end of the session, the client
details are initialized. Otherwise, re-authentication is attempted.
Note: This field is displayed only when the port control mode of the selected
port is not MAC-based.
Displays the logical port number associated with the supplicant that is
connected to the port. This field is not configurable.
Note: This field is displayed when the port control mode of the selected port
is MAC-based.
This field displays the supplicant’s MAC address that is connected to the port.
This field is not configurable.
Note: This field is displayed when the port control mode of the selected port
is MAC-based.
Logical Port
Supplicant MacAddress
Port Summary
Use the Port Access Control Port Summary page to view summary information about the port access control
settings on all physical ports.
To access the Port Based Access Control Port Summary page, click Security > Port Based Access Control > Port
Summary in the navigation menu.
Figure 297: Port Access Control Port Summary
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 429
D-Link UWS User Manual
Port Access Control
Table 252: Port Access Control Port Summary Fields
Field
Description
Interface
Control Mode
Selects the Unit and Port to view.
Displays the port authorization state. The possible field values are:
• Auto: Automatically detects the mode of the interface.
• Force Authorized: Places the interface into an authorized state without
being authenticated. The interface sends and receives normal traffic
without client port-based authentication.
• Force Unauthorized: Denies the selected interface system access by
moving the interface into unauthorized state. The switch cannot provide
authentication services to the client through the interface.
• MAC-based: Sets the mode of the interface to authentication on a per
supplicant basis.
Indicates the control mode under which the port is actually operating.
Possible values are as follows:
• ForceUnauthorized
• ForceAuthorized
• Auto
• MAC-based
• N/A: If the port is in detached state it cannot participate in port access
control.
Displays whether reauthentication is enabled on the port. This is a
configurable field. The possible values are as follows:
• True: Reauthentication will occur.
• False: Reauthentication will not be allowed.
Shows the authorization status of the port, which might be Authorized,
Unauthorized or N/A. The value is N/A if the port is in detached state and
cannot participate in port access control.
Operating Control Mode
Reauthentication Enabled
Port Status
• Click Refresh to update the information on the screen.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 430
D-Link UWS User Manual
Port Access Control
Port Access Control Statistics
Use the Port Access Control Statistics page to view EAP and EAPOL information on a specific port.
To access the Port Based Access Control Statistics page, click Security > Port Based Access Control > Statistics
in the navigation menu.
Figure 298: Port Access Control Statistics
Table 253: Port Access Control Statistics Fields
Field
Description
Interface
Selects the port to be displayed. When the selection is changed, a screen
refresh will occur causing all fields to be updated for the newly selected port.
All physical interfaces are valid.
EAPOL Frames Received
Displays the number of valid EAPOL frames received on the port.
EAPOL Frames Transmitted Displays the number of EAPOL frames transmitted via the port.
EAPOL Start Frames Received Displays the number of EAPOL Start frames received on the port.
EAPOL Logoff Frames
Displays the number of EAPOL Log off frames that have been received on the
Received
port.
Last EAPOL Frames Version Displays the protocol version number attached to the most recently received
EAPOL frame.
Last EAPOL Frames Source
Displays the source MAC Address attached to the most recently received
EAPOL frame.
EAP Response/ID Frames
Displays the number of EAP Respond ID frames that have been received on the
Received
port.
EAP Response Frames
Displays the number of valid EAP Respond frames received on the port.
Received
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 431
D-Link UWS User Manual
Port Access Control
Table 253: Port Access Control Statistics Fields (Cont.)
Field
Description
EAP Request/ID Frames
Transmitted
EAP Request Frames
Transmitted
Invalid EAPOL Frames
Received
EAPOL Length Error Frames
Received
Displays the number of EAP Requested ID frames transmitted via the port.
Displays the number of EAP Request frames transmitted via the port.
Displays the number of unrecognized EAPOL frames received on this port.
Displays the number of EAPOL frames with an invalid Packet Body Length
received on this port.
• Click Refresh to update the information on the page.
• Click Clear All to reset all statistics for all ports to 0. There is no confirmation prompt. When you click this
button, the statistics are immediately cleared.
• Click Clear to reset the statistics for the selected port. There is no confirmation prompt. When you click
this button, the statistics are immediately cleared.
Client Summary
Use the Port Access Control Client Summary page to view summary information about the supplicant device.
To access the Port Access Control Client Summary page, click Security > Port Access Control > Client Summary
in the navigation menu.
Figure 299: Port Access Control Client Summary
Table 254: Port Access Control Client Summary Fields
Field
Description
Interface
User Name
Supp Mac Address
Session Time
Filter ID
VLAN ID
Displays the interface address of the supplicant device.
Displays the user name representing the supplicant device.
Displays the supplicant device’s MAC address.
Displays the time since the supplicant logged in. The value is in seconds.
The policy filter ID assigned by the authenticator to the supplicant device.
The VLAN ID assigned by the authenticator to the supplicant device.
• Click Refresh to refresh the page with the most current data from the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 432
D-Link UWS User Manual
Port Access Control
Port Access Privileges
Use the Port Access Control Privileges page to grant or deny port access to users configured on the system.
To access the Port Based Access Control Privileges page, click LAN > Security > Port Access Control > Port
Access Privileges in the navigation menu.
Figure 300: Port Access Privileges
Table 255: Port Access Privileges Fields
Field
Description
Port
Selects the port to grant or deny access. To grant or deny port access
privileges to a user on all ports, select All from the drop-down menu.
Lists the users configured on the system. The users that are highlighted have
access to the selected port. By default, all users have access to all ports. To
deny access to a port, Shift + click to select only the users to allow access.
Make sure the username to deny port access is not selected, and then click
Submit.
Users
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 433
D-Link UWS User Manual
TACACS+ Settings
TACACS+ Settings
D-Link DWS-4000 Series switch provides Terminal Access Controller Access Control System (TACACS+) client
support. TACACS+ provides centralized security for validation of users accessing the device.
TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and
other authentication processes. TACACS+ provides the following services:
• Authentication: Provides authentication during login and via user names and user-defined passwords.
• Authorization: Performed at login. Once the authentication session is completed, an authorization
session starts using the authenticated user name. The TACACS+ server checks the user privileges.
The TACACS+ protocol ensures network security through encrypted protocol exchanges between the device
and TACACS+ server.
TACACS+ Configuration
The TACACS+ Configuration page contains the TACACS+ settings for communication between the switch and
the TACACS+ server you configure.
To display the TACACS+ Configuration page, click LAN > SecurityTACACS+ > Configuration in the navigation
menu.
Figure 301: TACACS+ Configuration
Table 256: TACACS+ Configuration Fields
Field
Description
Key String
Specifies the authentication and encryption key for TACACS+ communications
between the device and the TACACS+ server. The valid range is 0-128
characters. The key must match the key configured on the TACACS+ server.
The maximum number of seconds allowed to establish a TCP connection
between the device and the TACACS+ server.
Connection Timeout
• If you make any changes to the page, click Submit to apply the new settings to the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 434
D-Link UWS User Manual
TACACS+ Settings
TACACS+ Server Configuration
Use the TACACS+ Server Configuration page to configure up to five TACACS+ servers with which the switch can
communicate.
To display the TACACS+ Server Configuration page, click LAN > Security > TACACS+ > Server Configuration in
the navigation menu.
Figure 302 shows the TACACS+ Accounting Server Configuration page when no TACACS+ servers are
configured or when you select Add from the TACACS+ Server field.
Figure 302: TACACS+ Configuration—No Server
After you add one or more TACACS+ servers, additional fields appear on the TACACS+ Server Configuration
page.
Table 257: TACACS+ Configuration Fields
Field
Description
TACACS+ Server
Use the drop-down menu to select the IP address of the TACACS+ server to
view or configure. If fewer than five TACACS+ servers are configured on the
system, the Add option is also available. Select Add to configure additional
TACACS+ servers.
Enter the IP address of the TACACS+ server to add. This field is only available
when Add is selected in the TACACS+ Server field.
The authentication port number through which the TACACS+ session occurs.
The default is port 49, and the range is 0-65535.
Defines the authentication and encryption key for TACACS+ communications
between the device and the TACACS+ server. This key must match the
encryption used on the TACACS+ server. The valid range is 0-128 characters.
The amount of time that passes before the connection between the device
and the TACACS+ server times out. The field range is from 1 to 30 seconds.
IP Address
Port
Key String
Connection Timeout
• Click Refresh to update the page with the most current information.
• If you make changes to the page, click Submit to apply the changes to the system.
• To delete a configured TACACS+ server, select the IP address of the server from the RADIUS Server IP
Address drop-down menu, and then click Remove.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 435
D-Link UWS User Manual
D-Link
Oct. 2015
TACACS+ Settings
Unified Wired and Wireless Access System
Page 436
D-Link UWS User Manual
Configuring the Wireless Features
Section 9: Configuring the Wireless Features
The D-Link Unified Switch is a wireless local area network (WLAN) solution that enables WLAN deployment
while providing state-of-the-art wireless networking features. It is a scalable solution that provides secure
wireless connectivity and seamless layer 2 and layer 3 fast roaming for end users.
This section contains information about the features available in the WLAN folder, which includes the
following:
• Unified Wired and Wireless Access System Components
• Monitoring Status and Statistics
• Basic Setup
• AP Management
• Configuring Advanced Settings
• Configuring the Wireless Distribution System
• Locating WLAN Devices
• Visualizing the Wireless Network
Unified Wired and Wireless Access System Components
The Unified Wired and Wireless Access System components include:
• D-Link DWS-4000 Series Unified Wireless Switch (UWS)
• DWL-8600AP Unified Access Point (UAP)
• DWL-6600AP UAP
• DWL-3600AP UAP
Each DWS-4000 Series switch can manage up to 64 UAPs. Each access point radio can handle up to 200
associated wireless clients, so a dual-radio AP can handle up to 400 wireless clients. The switch tracks the
status and statistics for all associated WLAN traffic and devices.
To support larger networks wireless switches can be configured to belong to a cluster (peer group). Clusters
can contain up to 8 switches that share various information about UAPs and their associated wireless clients.
Each cluster can support up to 256 APs and a total of 8000 wireless clients. Switches within the cluster enable
L3 roaming between managed APs in a routing configuration. This means that wireless clients can roam among
the access points within the cluster without losing network connections. Additionally, you can push portions
of the wireless configuration to one or more switches within the cluster.
One switch in the cluster is automatically elected or configured to be the Cluster Controller. The Cluster
Controller gathers status and statistics about all APs and clients in the cluster so you can view network status
information and manage all devices in the cluster from a single switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 437
D-Link UWS User Manual
Unified Wired and Wireless Access System Components
Devices in the wireless system can be directly connected to each other, separated by layer 2 bridges, or located
in different IP subnets. Whether or not you have a cluster, the DWS-4000 Series switch can support a total of
8000 wireless clients.
D-Link DWS-4000 Series Unified Wireless Switch
The DWS-4000 Series switch handles Layer 2, 3, and 4 switching and routing functions for traffic on the wired
and wireless LAN and manages up to 64 APs, based on the existing reference design. The DWS-4000 Series
switch user interface allows you to configure and monitor all AP settings and maintain a consistent
configuration among all APs in the network.
The DWS-4000 Series switch supports advanced data path connectivity, mobility control, security safeguards,
control over radio and power parameters, and management features for both network and element control.
The DWS-4000 Series switch allows you to control the discovery, validation, authentication, and monitoring of
peer wireless switches, APs, and clients on the WLAN, including discovery and status of rogue APs and clients.
DWL-X600AP Unified Access Points
There are three access point models in the DWL-X600AP family of Unified Access Points (UAPs):
• The DWL-8600AP UAP is a dual-radio access point.
• The DWL-6600AP UAP is a dual-radio access point.
• The DWL-3600AP is a single-radio access point.
The DWL-X600AP models include the same set of software features. Any reference to the DWL-X600AP or UAP
includes all three models.
The UAP can operate in one of two modes: Standalone Mode or Managed Mode. In Standalone Mode, the UAP
acts as an individual access point in the network, and you manage it by connecting to the UAP and using the
Administrator Web User Interface (UI), command-line interface (CLI) or SNMP. In Managed Mode, the UAP is
part of the Unified Wired and Wireless Access System, and you manage it by using the DWS-4000 Series switch.
If a UAP is in Managed Mode, the Administrator Web UI and SNMP services on the UAP are disabled. Access
is limited to the CLI through a serial-cable connection.
The Standalone Mode is appropriate for small networks with only a few APs. The Managed Mode is useful for
any size network. If you start out with APs in Standalone Mode, you can easily transition the APs to Managed
Mode when you add a DWS-4000 Series switch to the network. By using the AP in Managed Mode, you can
centralize AP management and streamline the AP upgrade process by pushing configuration profiles and
software upgrades from the DWS-4000 Series switch to the managed APs.
The DWL-8600AP and DWL-6600AP each have two radios and are capable of broadcasting in the following
wireless modes:
• IEEE 802.11b mode
• IEEE 802.11g mode
• IEEE 802.11a mode
• IEEE 802.11n mode (2.4 GHz and 5 GHz)
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 438
D-Link UWS User Manual
Unified Wired and Wireless Access System Components
The DWL-3600AP has one radio and is capable of broadcasting in the following wireless modes:
• IEEE 802.11b mode
• IEEE 802.11g mode
• IEEE 802.11n mode (2.4 GHz)
The DWL-X600AP access points support up to 16 virtual access points (VAPs) per radio. The VAP feature allows
you to segment each physical access point into multiple logical access points that each support a unique SSID,
VLAN ID, and security policy.
DWS-4000 Series Switch and AP Discovery Methods
The DWS-4000 Series switch and AP can use the following methods to discover each other:
• L2 Discovery
• IP Address of AP Configured in the Switch
• IP Address of Switch Configured in the AP
Note: For an AP to be managed by a switch, the managed mode on the AP must be enabled. To enable
managed mode on the AP, log on to the AP CLI and use the set managed-mode up command or access
the Administration Web UI and go to the Managed Access Point page and enable the Managed Mode
option.
Note: The AP and the switch that should manage the AP cannot be separated by a Network Address
Translation (NAT) device. The AP and switch exchange each other's IP addresses in the payload of the
discovery and other messages. These addresses are then used for the subsequent communication
between the switch and the AP. As those addresses do not undergo translation, the switch and AP will
fail to communicate. However, the switch and the AP will have no such communication issues for
remote sites or branch offices that are connected by Virtual Private Network (VPN). VPN functionality
is already commonly found on firewalls. This issue can be resolved by setting up VPN access between
the networks that use NAT.
L2 Discovery
When the AP and DWS-4000 Series switch are directly connected or in the same layer 2 broadcast domain and
use the default VLAN settings, the DWS-4000 Series switch automatically discovers the AP through its
broadcast of a L2 discovery message. The L2 discovery works automatically when the devices are directly
connected or connected by using a layer 2 bridge.
For more information about L2 Discovery, see “L2/VLAN Discovery” on page 546.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 439
D-Link UWS User Manual
Unified Wired and Wireless Access System Components
IP Address of AP Configured in the Switch
If APs are in a different broadcast domain than the DWS-4000 Series switch or use different management
VLANs, You can add the IP addresses of the APs to the L3 Discovery list on the switch. The DWS-4000 Series
switch sends UDP discovery messages to the IP addresses in its list. When the AP receives the messages and
decides that it can connect to the switch, it initiates an SSL TCP connection to the switch.
For more information about configuring the IP address of the AP in the switch, see “L3/IP Discovery” on
page 545.
IP Address of Switch Configured in the AP
You can connect to the access point in Standalone mode and statically configure the IP addresses or DNS name
of up to four switches that are allowed to manage the AP.
The AP sends a UDP discovery message to the first IP address configured in its list. When the switch receives
the message, it verifies that the vendor ID on the AP is valid, there is no existing SSL TCP connection to the
access point, and the maximum number of managed APs has not been reached. If all these conditions are met
then the switch sends an invitation message to the AP to start the SSL TCP connection.
If the AP does not receive an invitation from the first DWS-4000 Series switch configured in its list, it sends a
UDP discovery message to the second DWS-4000 Series switch configured in the list five seconds after sending
the message to the first DWS-4000 Series switch.
When an IP address of a DWS-4000 Series switch is configured on the AP, the AP only associates with that
switch even if other switches discover the AP by using other mechanisms.
Note: For this method to work, the AP must be able to find a route to the Unified Switch.
To use the access point Web interface to configure the switch IP address information, use a Web browser to
log onto the AP and go to the Managed Access Point page. Enter the information into the available fields and
click Update.
To use the CLI to configure the switch IP address information in the AP, use the following procedures:
1. Use a serial or Telnet connection to log on to the access point.
2. Use the set managed-ap switch-address-<1–4> to enter the IP address of up to four switches that are
permitted to manage the AP.
For example, to enter a switch with an IP address of 192.168.66.202 and a switch with an IP address of
192.168.19.242, use the following commands:
WLAN-AP# set managed-ap switch-address-1 192.168.66.202
WLAN-AP# set managed-ap switch-address-2 192.168.19.242
3. Use the get managed-ap command to verify that the information you entered is correct.
WLAN-AP# get managed-ap
Property
Value
------------------------------------mode
up
ap-state
down
switch-address-1
192.168.66.202
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 440
D-Link UWS User Manual
Unified Wired and Wireless Access System Components
switch-address-2
192.168.19.242
switch-address-3
switch-address-4
dhcp-switch-address-1
dhcp-switch-address-2
dhcp-switch-address-3
dhcp-switch-address-4
managed-mode-watchdog 0
Configuring the DHCP Option
You can configure the IP address of the DWS-4000 Series switch as an option in the DHCP response to the DHCP
request that the AP sends the DHCP server.
The AP can learn up to four switch IP addresses or DNS names through DHCP option 43 (the Vendor
Information option) in the DHCP response. If you configured a static IP address in the AP, the AP ignores DHCP
option 43.
Note: This discovery method only works if you configure the DHCP option before the AP receives its
network information from the DHCP server.
The format for DHCP option 43 values are defined by RFC 2132.
The procedures to add the DHCP option to the DHCP server depend on the type of DHCP server you use on
your network. If you use a Microsoft Windows 2000 or Microsoft Windows 2003 DHCP Server, you configure
the scope you use with the access points with DHCP Option 43, as the following procedures describe.
1. From the DHCP manager, right-click the applicable scope and select Configure Options...
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 441
D-Link UWS User Manual
Unified Wired and Wireless Access System Components
2. From the Available Options list, scroll to Option 43 and select the 043 Vendor Specific Info check box.
3. Enter the Option 43 data into the Data Entry field.
The format for DHCP option 43 values are defined by RFC 2132. To enter an IP address of 192.168.1.10 into
the Binary column, you enter the data type code (01) and the address length (04), followed by the IP
address in hexadecimal format. You repeat the data type and address length codes for each address you
enter.
Note: If you do not know the hexadecimal format for a specific IP address, use an IP address
converter (dotted decimal-to-hex) available on the Internet.
For example, to add the four switch IP addresses 192.168.1.10, 192.168.2.10, 192.168.3.10, and
192.168.4.16 to Option 43, you enter the following hexadecimal numbers into the Data Entry field:
01 04 0C A8 01 0A 01 04 0C A8 02 0A 01 04 0C A8 03 0A 01 04 0C A8 04 10
The following image shows the four IP addresses entered into the Data Entry field on the Windows DHCP
server.
4. Click OK.
The following figure shows a scope with Option 43 configured.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 442
D-Link UWS User Manual
Unified Wired and Wireless Access System Components
Discovery and Peer Switches
When multiple peer switches are present in the network, you can control which switch or switches are allowed
to discover a particular AP by the discovery method you use.
If you want to make sure that an AP is discovered by one specific switch, use one of the following methods:
• Disable L2 Discovery on all switches and configure the IP address of the AP in only one DWS-4000 Series
switch.
• Configure the IP address of one DWS-4000 Series switch in the AP.
• Configure the DHCP option 43 with the IP address of only one DWS-4000 Series switch.
An alternative approach is to configure the RADIUS server to return a switch IP address during AP MAC address
checking in the AP authentication process. If the RADIUS server indicates that the AP is a valid managed AP and
returns an IP address of a switch that is not the same as this switch, then the switch sends a re-link message
to the access point with the IP address of the wireless switch to which the AP should be talking to. When the
AP gets the re-link message it modifies or sets the wireless switch IP address, breaks the TCP connection with
the current switch and starts a new discovery process.
You can configure the DWS-4000 Series switch so that each AP is allowed to be managed by any switch in a
cluster. If the DWS-4000 Series switch that manages an AP goes down, one of the backup switches takes over
the management responsibilities.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 443
D-Link UWS User Manual
Monitoring Status and Statistics
To use one or more switches as a backup for an AP, use one of the following discovery methods:
• If the AP and any of the peer switches are in the same L2 broadcast domain, L2 Discovery is enabled, and
all the devices use the default VLAN settings, a peer switch will automatically discover the AP if the
primary DWS-4000 Series switch becomes unavailable.
• Configure the IP address of the AP in multiple switches.
• Configure the IP address of up to four switches in the AP while it is in Standalone Mode.
• Configure the DHCP option 43 with the IP addresses of additional switches in the cluster.
Monitoring Status and Statistics
The Status/Statistics folder contains links to the following pages that help you monitor the status and statistics
for your D-Link Unified Switch network:
• Monitoring Status and Statistics
• Managed AP Status
• Associated Client Status/Statistics
• Peer Switch Status
• Radio Resource Measurement Status Information
Wireless Global Status/Statistics
The DWS-4000 Series switch periodically collects information from the APs it manages and from associated
peer switches. The information on the Global page shows status and statistics about the switch and all of the
objects associated with it. You can access the global WLAN statistics by clicking WLAN > Monitoring > Global.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 444
D-Link UWS User Manual
Monitoring Status and Statistics
Figure 303: Global WLAN Status/Statistics
Table 258 on page 446 describes the fields on the Wireless Global Status/Statistics page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 445
D-Link UWS User Manual
Monitoring Status and Statistics
Table 258: Global WLAN Status/Statistics
Field
Description
WLAN Switch
Operational Status
This status field displays the operational status of the WLAN Switch. The WLAN
Switch may be configured as enabled, but is operationally disabled due to
configuration dependencies. If the operational status is disabled, the reason will be
displayed in the following status field.
The WLAN Switch is composed of multiple components, and each component in the
system must acknowledge an enable or disable of the WLAN Switch. During a
transition the operational status might temporarily show a pending status.
If the status is disabled, this field appears and one of the following reasons is listed:
• None: The cause for the disabled status is unknown.
• Administrator disabled: The Enable WLAN Switch option on the global
configuration page has been cleared.
• No IP Address: The WLAN interface does not have an IP address.
• No SSL Files: The DWS-4000 Series switch communicates with the APs it manages
by using Secure Sockets Layer (SSL) connections. The first time you power on the
DWS-4000 Series switch, it automatically generates a server certificate that will
be used to set up the SSL connections. The SSL certificate and key generation can
take up to an hour to complete.
If routing is enabled on the switch, the operational status might be disabled due to
one of the following reasons:
• No Loopback Interface: The switch does not have a loopback interface.
• Global Routing Disabled: Even if the routing mode is enabled on the WLAN switch
interface, it must also be enabled globally for the operational status to be
enabled.
IP address of the switch.
Number of peer WLAN switches detected on the network.
Indicates whether this switch is the Cluster Controller for the cluster.
Among a group of peer switches, one of the switches is automatically elected or
configured to be the Cluster Controller. The Cluster Controller gathers status and
statistics about all APs and clients in the peer group.
Note: Only the Cluster Controller switch can display managed APs, clients, statistics,
and RF Scan databases for the whole cluster. The switches that are not Cluster
Controllers can display information only about locally attached devices.
The IP address of the peer switch that is the Cluster Controller.
WLAN Switch
Disable Reason
IP Address
Peer Switches
Cluster Controller
Cluster Controller IP
Address
Total Access Points
Total number of Managed APs in the database. This value is always equal to the sum
of Managed Access Points, Connection Failed Access Points, and Discovered Access
Points.
Managed Access Points Number of APs in the managed AP database that are authenticated, configured, and
have an active connection with the Unified Switch.
Standalone Access
Number of trusted APs in Standalone mode. APs in Standalone mode are not
Points
managed by a switch.
Rogue Access Points
Number of Rogue APs currently detected on the WLAN. When an AP performs an RF
scan, it might detect access points that have not been validated. It reports these APs
as rogues.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 446
D-Link UWS User Manual
Monitoring Status and Statistics
Table 258: Global WLAN Status/Statistics (Cont.)
Field
Description
Discovered Access
APs that have a connection with the switch, but haven't been completely configured.
Points
This value includes all managed APs with a Discovered or Authenticated status.
Connection Failed
Number of APs that were previously authenticated and managed, but currently don't
Access Points
have connection with the Unified Switch.
Authentication Failed Number of APs that failed to establish communication with the Unified Switch.
Access Points
Unknown Access Points Number of Unknown APs currently detected on the WLAN. If an AP configured to be
managed by the Unified Switch is detected through an RF scan at any time that it is
not actively managed it is classified as an Unknown AP.
Rogue AP Mitigation Maximum number of APs for which the system can send de-authentication frames.
Limit
Rogue AP Mitigation Number of APs to which the wireless system is currently sending de-authentication
Count
messages to mitigate against rogue APs. A value of 0 indicates that mitigation is not
in progress.
Maximum Managed
Maximum number of access points that can be managed by the cluster.
APs in Peer Group
WLAN Utilization
Total network utilization across all APs managed by this switch. This is based on
global statistics.
Total Clients
Total number of clients in the database. This total includes clients with an Associated,
Authenticated, or Disassociated status.
Authenticated Clients Total number of clients in the associated client database with an Authenticated
status.
802.11a Clients
Total number of IEEE 802.11a only clients that are authenticated.
802.11b/g Clients
Total number of IEEE 802.11b/g only clients that are authenticated.
802.11n Clients
Total number of clients that are IEEE 802.11n capable and are authenticated. These
include IEEE 802.11a/n, IEEE 802.11b/g/n, 5 GHz IEEE 802.11n, 2.4GHz IEEE 802.11n.
Maximum Associated Maximum number of clients that can associate with the wireless system. This is the
Clients
maximum number of entries allowed in the Associated Client database.
Detected Clients
Number of wireless clients detected in the WLAN.
Maximum Detected
Maximum number of clients that can be detected by the switch. The number is
Clients
limited by the size of the Detected Client Database.
Maximum
Maximum number of Client Pre-Authentication events that can be recorded by the
Pre-authentication
system.
History Entries
Total PreCurrent number of pre-authentication history entries in use by the system.
authentication History
Entries
Maximum Roam
Maximum number of entries that can be recorded in the roam history for all
History Entries
detected clients.
Total Roam History
Current number of roam history entries in use by the system.
Entries
AP Provisioning Count Current number of AP provisioning entries configured on the system.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 447
D-Link UWS User Manual
Monitoring Status and Statistics
Table 258: Global WLAN Status/Statistics (Cont.)
Field
Description
Maximum AP
Provisioning Entries
RRM Channel Load
History Entries
Maximum Channel
Load History Entries
WLAN Bytes
Transmitted
WLAN Packets
Transmitted
WLAN Bytes Received
WLAN Packets
Received
WLAN Bytes Transmit
Dropped
WLAN Packets
Transmit Dropped
WLAN Bytes Receive
Dropped
WLAN Packets Receive
Dropped
Distributed Tunnel
Packets Transmitted
Distributed Tunnel
Roamed Clients
Distributed Tunnel
Clients
Distributed Tunnel
Client Denials
Total Voice Traffic
Streams
Number of AP provisioning entries that can be stored by the system.
Total Video Traffic
Streams
Total Traffic Stream
Clients
Total Traffic Stream
Roaming Clients
D-Link
Oct. 2015
Current number of RRM channel load history entries in use by the system.
Number of channel load history entries that can be stored by the system.
Total bytes transmitted across all APs managed by the switch.
Total packets transmitted across all APs managed by the switch.
Total bytes received across all APs managed by the switch.
Total packets received across all APs managed by the switch.
Total bytes transmitted across all APs managed by the switch that were dropped.
Total packets transmitted across all APs managed by the switch that were dropped.
Total bytes received across all APs managed by the switch that were dropped.
Total packets received across all APs managed by the switch that were dropped.
Total number of packets sent by all APs via distributed tunnels.
Total number of clients that successfully roamed away from Home AP using
distributed tunneling.
Total number of clients that are associated with an AP that are using distributed
tunneling.
Total number of clients for which the system was unable to set up a distributed
tunnel when client roamed.
Shows the number of voice traffic streams being transmitted by wireless clients that
are connected to the network through APs managed by this switch.
Note: A traffic stream is a collection of data packets identified by the AP as belonging
to a particular user priority.
Shows the number of video traffic streams being transmitted by wireless clients that
are connected to the network through APs managed by this switch.
Shows the number of wireless clients currently transmitting traffic streams.
Shows the number of wireless clients with a roaming status that are currently
transmitting traffic streams.
Unified Wired and Wireless Access System
Page 448
D-Link UWS User Manual
Monitoring Status and Statistics
Table 258: Global WLAN Status/Statistics (Cont.)
Field
Description
TSPEC Statistics (Voice and Video)
Total TSPEC Packets
Received
Total TSPEC Packets
Transmitted
Total TSPEC Bytes
Received
Total TSPEC Bytes
Transmitted
Total TSPECs Accepted
Total TSPECs Rejected
Total Roaming TSPECs
Accepted
Total Roaming TSPECs
Rejected
The number of TSPEC packets sent from the wireless client to the AP. The number is
a total for all APs managed by the switch.
The number of TSPEC packets sent from the AP to the wireless client. The number is
a total for all APs managed by the switch.
The number of TSPEC bytes sent from the wireless client to the AP. The number is a
total for all APs managed by the switch.
The number of TSPEC bytes sent from the AP to the wireless client. The number is a
total for all APs managed by the switch.
The number of TSPEC packets that were accepted by all APs that the switch manages.
The number of TSPEC packets that were rejected by all APs that the switch manages.
The total number of TSPEC packets transmitted by roaming clients that were
accepted by all APs that the switch manages.
The total number of TSPEC packets transmitted by roaming clients that were
rejected by all APs that the switch manages.
Command Buttons
The page includes the following buttons:
• Refresh—Updates the page with the latest information.
• Clear Statistics—Reset all counters on the page to zero.
Viewing Switch Status and Statistics Information
The Switch Status/Statistics page for each switch provides information about the access points it manages and
their associated clients. If the switch is the Cluster Controller, it provides the switch status and statics
information about each switch in its group.
Note: Only the Cluster Controller switch can display managed APs, clients, statistics, and RF Scan
database information for the whole cluster. The switches that are not Cluster Controllers can display
information about locally attached devices.
Use the drop-down menu to select the switch with the information to display. If the local switch is the only
available option, then it is the only switch in the cluster, or it is not a Cluster Controller.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 449
D-Link UWS User Manual
Monitoring Status and Statistics
Figure 304: Switch Status/Statistics
Table 258 on page 446 describes the fields on the Wireless Global Status page.
Table 259: Switch Status/Statistics
Field
Description
Total Access Points
Total number of Managed APs in the database. This value is always equal to the sum
of Managed Access Points, Connection Failed Access Points, and Discovered Access
Points.
Managed Access Points Number of APs in the managed AP database that are authenticated, configured, and
have an active connection with the wireless switch.
Discovered Access
APs that have a connection with the switch, but haven't been completely configured.
Points
This value includes all managed APs with a Discovered or Authenticated status.
Connection Failed
Number of APs that were previously authenticated and managed, but currently don't
Access Points
have connection with the wireless switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 450
D-Link UWS User Manual
Monitoring Status and Statistics
Table 259: Switch Status/Statistics
Field
Description
Maximum Managed
Access Points
WLAN Utilization
Maximum number of access points that can be managed by the switch.
Total Clients
Authenticated Clients
IP Address
Cluster Priority
Distributed Tunnel
Clients
WLAN Bytes
Transmitted
WLAN Bytes Received
WLAN Bytes Transmit
Dropped
WLAN Bytes Received
Dropped
WLAN Packets
Transmitted
WLAN Packets
Received
WLAN Packets
Transmit Dropped
WLAN Packets Receive
Dropped
Total Voice Traffic
Streams
Total Video Traffic
Streams
Total Traffic Stream
Clients
Total Traffic Stream
Roaming Clients
D-Link
Oct. 2015
Total network utilization across all APs managed by this switch. This is based on
global statistics.
Total number of clients in the database. This total includes clients with an Associated,
Authenticated, or Disassociated status.
Total number of clients in the associated client database with an Authenticated
status.
IP address of the switch.
Cluster priority value of the switch.
The switch with highest priority in a cluster becomes the Cluster Controller. If the
priority is the same then the switch with lowest IP address becomes the Cluster
Controller. A priority of 0 means that the switch cannot become the Cluster
Controller.
Total number of clients that are associated with an AP that are using distributed
tunneling.
Total bytes transmitted across all APs managed by the switch.
Total bytes received across all APs managed by the switch.
Total bytes transmitted across all APs managed by the switch that were dropped.
Total bytes received across all APs managed by the switch that were dropped.
Total packets transmitted across all APs managed by the switch.
Total packets received across all APs managed by the switch.
Total packets transmitted across all APs managed by the switch that were dropped.
Total packets received across all APs managed by the switch that were dropped.
Shows the number of voice traffic streams being transmitted by wireless clients that
are connected to the network through APs managed by this switch.
Note: A traffic stream is a collection of data packets identified by the AP as belonging
to a particular user priority.
Shows the number of video traffic streams being transmitted by wireless clients that
are connected to the network through APs managed by this switch.
Shows the number of wireless clients currently transmitting traffic streams.
Shows the number of wireless clients with a roaming status that are currently
transmitting traffic streams.
Unified Wired and Wireless Access System
Page 451
D-Link UWS User Manual
Monitoring Status and Statistics
Table 259: Switch Status/Statistics
Field
Description
TSPEC Statistics (Voice and Video)
Total TSPEC Packets
Received
Total TSPEC Packets
Transmitted
Total TSPEC Bytes
Received
Total TSPEC Bytes
Transmitted
Total TSPECs Accepted
Total TSPECs Rejected
Total Roaming TSPECs
Accepted
Total Roaming TSPECs
Rejected
The number of TSPEC packets sent from the wireless client to the AP. The number is
a total for all APs managed by the switch.
The number of TSPEC packets sent from the AP to the wireless client. The number is
a total for all APs managed by the switch.
The number of TSPEC bytes sent from the wireless client to the AP. The number is a
total for all APs managed by the switch.
The number of TSPEC bytes sent from the AP to the wireless client. The number is a
total for all APs managed by the switch.
The number of TSPEC packets that were accepted by all APs that the switch manages.
The number of TSPEC packets that were rejected by all APs that the switch manages.
The total number of TSPEC packets transmitted by roaming clients that were
accepted by all APs that the switch manages.
The total number of TSPEC packets transmitted by roaming clients that were
rejected by all APs that the switch manages.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 452
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing IP Discovery Status
From the WLAN > Monitoring > Global > IP Discovery tab, you can view information about communication
with the devices in the IP discovery list on the WLAN > Administration > Basic Setup > Discovery page.
The IP Discovery list can contain the IP addresses of peer switches and APs for the UWS to discover and
associate with as part of the WLAN.
Figure 305: Wireless Discovery Status
Table 260: AP Hardware Capability Radio Detail
Field
Description
Maximum Number of
Configurable Entries
Total Number of
Configured Entries
Total Number of Polled
Entries
Total Number of NotPolled Entries
Total Number of
Discovered Entries
Shows the maximum number of IP addresses that can be configured in the IP
Discovery list.
Shows the number of IP addresses that have been configured in the IP Discovery
list.
Identifies how many of the IP addresses in the IP Discovery list the switch has
attempted to contact.
Identifies how many of the IP addresses in the IP Discovery list the switch has not
attempted to contact.
Identifies how many devices (peer switches or APs) the switch has successfully
discovered, authenticated, and validated by polling the IP address configured in
the IP Discovery list.
Identifies how many devices that have an IP address configured in the IP
Discovery list that the switch has attempted to contact and failed to authenticate
or validate.
Total Number of
Discovered-Failed Entries
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 453
D-Link UWS User Manual
Monitoring Status and Statistics
Table 260: AP Hardware Capability Radio Detail (Cont.)
Field
Description
IP Address
Status
Shows the IP address of the device configured in the IP Discovery list.
The status is in one of the following states:
• Not Polled: The switch has not attempted to contact the IP address in the L3/
IP Discovery list.
• Polled: The switch has attempted to contact the IP address.
• Discovered: The switch contacted the peer switch or the AP in the L3/IP
Discovery list and has authenticated or validated the device.
• Discovered - Failed: The switch contacted the peer switch or the AP with IP
address in the L3/IP Discovery list and was unable to authenticate or validate
the device.
If the device is an access point, an entry appears in the AP failure list with a failure
reason.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 454
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing the Peer Switch Configuration Received Status
The Peer Switch Configuration feature allows you to send the critical wireless configuration from one switch
to all other switches. In addition to keeping the switches synchronized, this function enables the administrator
to manage all wireless switches in the cluster from one switch. The Peer Switch Configuration Received Status
page provides information about the configuration a switch has received from one of its peers.
Figure 306: Configuration Received
Table 258 describes the fields on the Wireless Global Status page.
Table 261: Peer Switch Configuration
Field
Description
Current Receive Status Indicates the global status when wireless configuration is received from a peer
switch. The possible status values are as follows:
• Not Started
• Receiving Configuration
• Saving Configuration,
• Applying AP Profile Configuration
• Success
• Failure — Invalid Code Version
• Failure — Invalid Hardware Version
• Failure — Invalid Configuration
Last Configuration Received
Peer Switch IP Address Indicates the last switch from which this switch received any wireless configuration
data.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 455
D-Link UWS User Manual
Monitoring Status and Statistics
Table 261: Peer Switch Configuration (Cont.)
Field
Description
Configuration
Indicates which portions of configuration were last received from a peer switch,
which can be one or more of the following:
• Global
• Discovery
• Channel/Power
• AP Database
• AP Profiles
• Known Client
• Captive Portal
• RADIUS Client
• QoS ACL
• QoS DiffServ
If the switch has not received any configuration for another switch, the value is None.
Indicates the last time this switch received any configuration data from a peer
switch.
Timestamp
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing the AP Hardware Capability List
The switch can support APs that have different hardware capabilities, such as the supported number of radios,
the supported IEEE 802.11 modes, and the software image required by the AP. From the AP Hardware
Capability tab, you can access summary information about the AP Hardware support, the radios and IEEE
modes supported by the hardware, and the software images that are available for download to the APs.
Figure 307: AP Hardware Capability Information
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 456
D-Link UWS User Manual
Monitoring Status and Statistics
Table 262 describes the fields available on the AP Hardware Capabilities page.
Table 262: AP Hardware Capability Summary
Field
Description
Hardware Type Identifies the ID number assigned to each AP hardware type. The switch supports up to six
different AP hardware types.
Hardware Type Includes a description of the platform and the supported IEEE 802.11 modes.
Description
Radio Count
Specifies whether the hardware supports one radio or two radios.
Image Type
Specifies the type of software the hardware requires.
AP Hardware Radio Capability
Use the Radio Detail tab under the Hardware Capabilities tab to view radio details.
Figure 308: Radio Detail
Table 263 on page 457 describes the fields available on the AP Hardware Radio Capability page.
Table 263: AP Hardware Capability Radio Detail
Field
Description
AP Selector
Radio Selector
Use the drop-down menu to select the AP model.
If the selected AP is a dual-radio AP, select Radio-1 or Radio-2 to view information
about the selected radio.
Displays the number of radios supported on the hardware platform, which is
either 1 or 2.
Displays the type of radio, which might contain information such as the
manufacturer name and supported IEEE 802.11 modes.
Displays the number of VAPs the radio supports.
Shows whether support for IEEE 802.11a mode is enabled.
Shows whether support for IEEE 802.11bg mode is enabled.
Shows whether support for IEEE 802.11n mode is enabled.
Shows whether support for IEEE 802.11ac mode is enabled.
Radio Count
Radio Type Description
VAP Count
802.11a Support
802.11bg Support
802.11n Support
802.11ac Support
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 457
D-Link UWS User Manual
Monitoring Status and Statistics
AP Image Capability
The switch is able to update software on the access points that it manages. To update the AP with the correct
software, the UWS can store up to three AP software images to support different AP hardware types. This page
displays the image ID-to-hardware type mapping.
Figure 309: Image Table
Table 264: AP Image Capability
Field
Description
Image Type ID
Image Type Description
Shows the ID number assigned to the image.
Provides a basic description of the image.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 458
D-Link UWS User Manual
Monitoring Status and Statistics
Peer Switch Status
The Peer Switch Status page provides information about other Unified Wireless Switches in the network. To
access the peer switch information, click WLAN > Monitoring > Peer Switch.
Peer wireless switches within the same cluster exchange data about themselves, their managed APs, and
clients. The switch maintains a database with this data so you can view information about a peer, such as its
IP address and software version. If the switch loses contact with a peer, all of the data for that peer is deleted.
One switch in a cluster is elected as a Cluster Controller. The Cluster Controller collects status and statistics
from all the other switches in the cluster, including information about the APs peer switches manage and the
clients associated to those APs.
Figure 310: Peer Switch Status
Table 265: Peer Switch Status
Field
Description
Cluster Controller IP
Address
Peer Switches
IP Address
Vendor ID
Software Version
Protocol Version
Discovery Reason
IP address of the switch that controls the cluster.
Managed AP Count
Age
Displays the number of peer switches in the cluster.
IP address of the peer wireless switch in the cluster.
Vendor ID of the peer switch software.
The software version for the given peer switch.
Indicates the protocol version supported by the software on the peer switch.
The discovery method of the given peer switch, which can be through an L2 Poll or
IP Poll
Shows the number of APs that the switch currently manages.
Time since last communication with the switch in Hours, Minutes, and Seconds.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 459
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing Peer Switch Configuration Status
You can push portions of the switch configuration from one switch to another switch in the cluster. The Peer
Switch Configuration Status page displays information about the configuration sent by a peer switch in the
cluster. It also identifies the IP address of each peer switch that received the configuration information.
Note: To view information about the configuration received by the local switch, go to the WLAN >
Monitoring > Global page and click the Configuration Received tab.
Figure 311: Peer Switch Configuration Status
Table 266 describes the fields available on the Peer Switch Status page.
Table 266: Peer Switch Configuration Status
Field
Description
Peer IP Address
Shows the IP address of each peer wireless switch in the cluster that received
configuration information.
Configuration Switch IP Shows the IP Address of the switch that sent the configuration information.
Address
Configuration
Identifies which parts of the configuration the switch received from the peer switch.
The possible configuration elements can be one or more of the following:
• Global
• Discovery
• Channel/Power
• AP Database
• Channel/Power
• AP Profiles
• Known Client
• Captive Portal
• RADIUS Client
• QoS ACL
• QoS DiffServ
If the switch has not received any configuration for another switch, the value is None.
Timestamp
Shows when the configuration was applied to the switch. The time is displayed as
UTC time and therefore only useful if the administrator has configured each peer
switch to use NTP
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 460
D-Link UWS User Manual
Monitoring Status and Statistics
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing Peer Switch Managed AP Status
The Peer Switch Managed AP Status page displays information about the APs that each peer switch in the
cluster manages. Use the menu above the table to select the peer switch with the AP information to display.
Each peer switch is identified by its IP address.
Figure 312: Peer Switch Managed AP Status
Table 267 describes the fields available on the Peer Switch Managed AP Status page.
Table 267: Peer Switch Managed AP Status
Field
Description
Switch Selector
Select the IP address of the peer switch with the information to view or select All to
view information about all APs managed by peer switches in the cluster.
Peer Managed AP MAC Shows the MAC address of each AP managed by the peer switch.
Peer Switch IP Address Shows the IP address of the peer switch that manages the AP. This field displays
when All is selected from the drop-down menu.
Location
The descriptive location configured for the managed AP.
AP IP Address
The IP address of the AP.
Profile
The AP profile applied to the AP by the switch.
Hardware Type
The Hardware ID associated with the AP hardware platform.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 461
D-Link UWS User Manual
Monitoring Status and Statistics
All AP Status
The All AP Status page shows summary information about managed, failed, and rogue access points the switch
has discovered or detected.
Figure 313: All Access Points
The font color for the AP listing indicates that the AP is one of the following types:
• Green—Managed AP
• Orange—Peer Managed AP
• Red—Failed or Rogue AP
• Gray—Unknown AP
To view additional information about the detected AP, click the MAC address of the AP.
Table 268: Monitoring All Access Points
Field
Description
MAC Address
Location
Shows the MAC address of the access point.
A location description for the AP. This is the value configured in the valid AP database
(either locally or on the RADIUS server).
The physical port (in the slot/port format) on the switch that the AP is connected to
either directly or indirectly in the same L3 domain. If the AP is beyond the L3 network
boundary, then ‘Unknown’ is displayed.
The network address of the access point.
Shows the version of D-Link Access Point software that the AP is running.
Shows how much time has passed since the AP was last detected and the information
was last updated.
Switch Port
IP Address
Software Version
Age
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 462
D-Link UWS User Manual
Monitoring Status and Statistics
Table 268: Monitoring All Access Points (Cont.)
Field
Description
Status
Shows the access point status:
• Managed—The AP profile configuration has been applied to the AP and it's
operating in managed mode.
• No Database Entry—The AP has attempted to become managed by the switch,
but the MAC address of the AP does not appear in the local or RADIUS Valid AP
database.
• Authenticated—The AP has been authenticated by the switch and is in the
process of becoming managed.
• Local Authentication — The authentication password configured in the AP did not
match the password configured in the local database.
• Not Managed — The AP is in the Valid AP database, but the AP Mode in the local
database is not set to Managed.
• RADIUS Authentication — The password configured in the RADIUS client for the
RADIUS server was rejected by the server.
• RADIUS Challenged — The RADIUS server is configured to use the ChallengeResponse authentication mode, which is incompatible with the AP.
• RADIUS Unreachable — The RADIUS server that the AP is configured to use is
unreachable.
• Invalid RADIUS Response — The AP received a response packet from the RADIUS
server that was not recognized or invalid.
• Invalid Profile ID — The profile ID specified in the RADIUS database may not exist
on the switch. This can also happen with the local database when the
configuration has been received from a peer switch.
• Profile Mismatch-Hardware Type — The AP hardware type specified in the AP
Profile is not compatible with the actual AP hardware.
• Connection Failed—The AP was previously authenticated and managed, but
currently does not have connection with the wireless switch. A connection failed
entry will remain in the managed AP database unless you remove it. Note that a
managed AP will temporarily show a failed status during a reset.
• AP Relink — The RADIUS server is configured to return the IP address of the switch
that manages a specific AP, but the AP is discovered by a different switch. The AP
will automatically restart the discovery process and attempt to link with the
switch that has the IP address specified in the AP’s RADIUS server entry.
• Rogue—The AP is detected in the network and is classified as a threat by one of
the threat detection algorithms.
• Unknown—The AP is detected in the network but it is not classified as a threat
by the threat detection algorithms.
The AP profile configuration currently applied to the managed AP. The profile is
assigned to the AP in the valid AP database.
Note: Once an AP is discovered and managed by the Unified Switch, if the profile is
changed in the valid AP database (either locally or on the RADIUS server) the AP is
automatically reset when a new profile is assigned.
Profile
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 463
D-Link UWS User Manual
Monitoring Status and Statistics
Table 268: Monitoring All Access Points (Cont.)
Field
Description
Radio
Shows the wireless radio mode the AP is using.
Channel
Shows the operating channel for the radio.
Authenticated Clients Shows the number of wireless clients that are associated and authenticated with the
access point per radio.
Note: Some status values for some APs in the All Access Points list are not available. Those are listed
as N/A.
Note: You can sort the list of APs by any of the column heading except for Radio, Channel, and
Authenticated Clients. For example, to sort the APs by the profile they use, click Profile.
Command Buttons
The page includes the following button:
• Delete All —Manually clear all APs from the All Access Points status page except Managed Access Points.
• Manage — Configure an Authentication Failed AP to be managed by the switch the next time it is
discovered. Select the check box next to the MAC address of the AP before you click Manage You will be
presented with the Valid Access Point Configuration page. You can then configure the AP and click Submit
to save the AP in the local Valid AP database. If you use a RADIUS server for AP validation, you must add
the MAC address of the AP to the AP database on the RADIUS server.
• Acknowledge — Identify an AP as an Acknowledged Rogue. Select the check box next to the MAC address
of the AP before you click Acknowledge. The switch adds the AP to the Valid AP database as an
Acknowledged Rogue.
• Refresh—Updates the page with the latest information.
Managed AP Status
From the WLAN > Monitoring > Access Point > Managed AP Status page, you can access a variety of
information about each AP that the switch manages. The pages you access from the Status tab provide
configuration and association information about managed APs and their neighbors. The pages you access from
the Statistics tab display information about the number of packets and bytes transmitted and received on
various interfaces.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 464
D-Link UWS User Manual
Monitoring Status and Statistics
Monitoring AP Status
The following figure shows the Managed Access Point Status page with two managed APs.
Figure 314: Managed AP Status
The following tabs are available from the Managed AP Status page:
• Summary: Lists the APs managed by the switch and provides summary information about them.
• Detail: Shows detailed status information collected from the AP.
• Radio Summary: Shows the channel, transmit power, and number of associated wireless clients for all
managed APs.
• Radio Detail: Shows detailed status for a radio interface. Use the radio button to navigate between the
two radio interfaces.
• Neighbor APs: Shows the neighbor APs that the specified AP has discovered through periodic RF scans on
the selected radio interface.
• Neighbor Clients: Shows information about wireless clients associated with an AP or detected by the AP
radio.
• VAP: Shows summary information about the virtual access points (VAPs) for the selected AP and radio
interface on the APs that the switch manages.
• Distributed Tunneling: Shows information about the L2 tunnels currently in use on the AP.
The following table provides summary information about the APs that the switch manages. If the switch is the
Cluster Controller, the page provides information about the APs managed by all switches in the cluster.
Table 269: Managed Access Point Status
Field
Description
MAC Address
The Ethernet address of the DWS-4000 Series switch- managed AP. If the MAC address
of the AP is followed by an asterisk (*), it is managed by a peer switch.
A location description for the AP. This is the value configured in the valid AP database
(either locally or on the RADIUS server).
The physical port (in the slot/port format) on the switch that the AP is connected to
either directly or indirectly in the same L3 domain. If the AP is beyond the L3 network
boundary, then ‘Unknown’ is displayed.
Location
Switch Port
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 465
D-Link UWS User Manual
Monitoring Status and Statistics
Table 269: Managed Access Point Status (Cont.)
Field
Description
IP Address
Software Version
Age
Status
The network IP address of the managed AP.
The software version the AP is currently running.
Time since last communication between the DWS-4000 Series switch and the AP.
The current managed state of the AP. The possible values are:
• Discovered: The AP is discovered and by the switch, but is not yet authenticated.
• Authenticated: The AP has been validated and authenticated (if authentication is
enabled), but it is not configured.
• Managed: The AP profile configuration has been applied to the AP and it's operating
in managed mode.
• Failed: The DWS-4000 Series switch lost contact with the AP, a failed entry will
remain in the managed AP database unless you remove it. Note that a managed AP
will temporarily show a failed status during a reset.
Note: When management connectivity is lost for a managed AP, then both radios of the
AP are turned down. All the clients associated with the AP get disassociated. The radios
become operational if and when that AP is managed again by a switch.
Configuration Status This status indicates if the AP is configured successfully with the assigned profile. The
status is one of the following:
• Not Configured: The profile has not been sent to the AP yet, the AP may be
discovered but not yet authenticated.
• In Progress: The switch is currently sending the AP profile configuration packet to
the AP.
• Success: The entire profile has been sent to the AP and there were no configuration
errors.
• Partial Success: The entire profile has been sent to the AP and there were
configuration errors (for example, some configuration parameters were not
accepted), but the AP is operational.
• Failure: The profile has been sent to the AP and there were configuration errors, the
AP is not operational.
Profile
The AP profile configuration currently applied to the managed AP. The profile is
assigned to the AP in the valid AP database.
Note: Once an AP is discovered and managed by the DWS-4000 Series switch, if the
profile is changed in the valid AP database (either locally or on the RADIUS server) the
AP must be reset to configure with the new profile.
Radio
Shows the wireless radio mode that each radio on the AP is using.
Channel
Shows the operating channel for the radio.
Authenticated
Shows the number of wireless clients associated and authenticated with the access
Clients
point per radio.
Scheduler Global
Show the operation status of the radio scheduler. The possible values are Enabled or
Status
Disabled
Scheduler Global
Provides additional information about Scheduler Global Status. The reason can be one
Reason
or more of the following:
• Conf Down: Operational status is down because global configuration is disabled.
• UAP Time Not Set: Operational status is down because the AP time has not been
set,either manually or by specifying an NTP server to use
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 466
D-Link UWS User Manual
Monitoring Status and Statistics
Note: You can sort the list of APs by clicking any of the column headings. For example, to sort the APs
by the profile they use, click Profile.
Command Buttons
The page includes the following buttons:
• Delete—Clears the selected entry from the current list. Only APs with a Configuration Status of Failed can
be removed from the list.
• Delete All—Clears all APs with a Configuration Status of Failed from the current list.
• Refresh—Updates the page with the latest information.
Viewing Detailed Managed Access Point Status
To view detailed information about an AP that the switch manages, click the MAC address of the AP from the
Summary page or select the MAC address of the AP from the drop-down menu on the Detail page.
Table 270 describes the fields you see on the Detail page for the managed access point status. The label at the
top of the table shows the MAC address and location of the AP to which the values on the page apply. To view
details about a different AP, select its MAC address from the drop-down menu.
Click the Reset button to reset the managed AP. A pop-up message asks you to confirm that you want to reset
the AP. Any wireless clients associated with the access point will be disassociated. To refresh the status
information for the AP, click Refresh.
Table 270: Detailed Managed Access Point Status
Field
Description
IP Address
IP Subnet Mask
Status
The IP address of the managed AP.
The subnet mask of the managed AP
The current managed state of the AP. The possible values are:
• Discovered: The AP is discovered and by the switch, but is not yet
authenticated.
• Authenticated: The AP has been validated and authenticated (if authentication
is enabled), but it is not configured.
• Managed: The AP profile configuration has been applied to the AP and it's
operating in managed mode.
• Connection Failed: The DWS-4000 Series switch lost contact with the AP, a
failed entry will remain in the managed AP database unless you remove it. Note
that a managed AP will temporarily show a failed status during a reset.
Note: When management connectivity is lost for a managed AP, then both radios
of the AP are turned down. All the clients associated with the AP get disassociated.
The radios become operational if and when that AP is managed again by a switch.
Indicates the version of software on the AP, this is learned from the AP during
discovery.
Software Version
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 467
D-Link UWS User Manual
Monitoring Status and Statistics
Table 270: Detailed Managed Access Point Status (Cont.)
Field
Description
Code Download Status
Indicates the current status of a code download request for this AP. The possible
values include the following:
• Not Started: No download has begun.
• Requested: A download is planned for this AP, but the AP is not in the current
download group, so it hasn’t been told to start the download yet.
• Code-Transfer-In-Progress: The AP has been told to download the code.
• Failure: The AP reported a failing code download.
• Aborted: The download was aborted before the AP loaded code from the TFTP
server.
• Waiting-For-APs-To-Download: A download finished on this AP, and it is waiting
for other APs to finish download. Reset command is not sent to the AP in this
state.
• NVRAM-Update-In-Progress: Download completed successfully. The reset
command sent to the AP.
• Timed-Out: The AP did not reconnect to the DWS-4000 Series switch in the fixed
time interval.
Indicates whether the AP is configured successfully with the assigned profile. The
status is one of the following:
• Not Configured: The profile has not been sent to the AP yet, the AP may be
discovered but not yet authenticated.
• In Progress: The switch is currently sending the AP profile configuration packet
to the AP.
• Success: The entire profile has been sent to the AP and there were no
configuration errors.
• Partial Success: The entire profile has been sent to the AP and there were
configuration errors, but the AP is operational.
• Failure: The profile has been sent to the AP and there were configuration errors,
the AP is not operational.
This field appears if the configuration status indicates a partial or complete failure.
The field provides information about the last element that failed during
configuration. The field shows an ASCII string filled in by the AP containing the error
message for the last failing configuration element. I
This field appears if the configuration status indicates a partial success or failure. It
shows the element ID of the last failing configuration element.
Vendor of the AP software, this is learned from the AP during discovery.
Hardware part number for the AP, which is learned from the AP during discovery.
The unique serial number assigned to the AP at the factory.
Hardware platform for the AP, which is learned from the AP during discovery.
Indicates whether the AP is managed by the local switch or a peer switch.
Identifies the MAC address of the switch that is managing the AP.
Identifies the IP address of the switch that is managing the AP.
Configuration Status
Configuration Failure
Error Message
Configuration Failure
Element
Vendor ID
Part Number
Serial Number
Hardware Type
Managing Switch
Switch MAC Address
Switch IP Address
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 468
D-Link UWS User Manual
Monitoring Status and Statistics
Table 270: Detailed Managed Access Point Status (Cont.)
Field
Description
Profile
The AP profile configuration currently applied to the managed AP, the profile is
assigned to the AP in the valid AP database.
Note: Once an AP is discovered and managed by the DWS-4000 Series switch, if the
profile is changed in the valid AP database (either locally or on the RADIUS server)
the AP must be reset to configure with the new profile.
This status value indicates how the managed AP was discovered, the status is one
of the following values:
• IP Poll Received: The AP was discovered via an IP poll from the DWS-4000 Series
switch, its IP address is configured in the IP polling list.
• Peer Redirect: The AP was discovered through a peer switch redirect, the AP
tried to associate with another peer switch and learned the current DWS-4000
Series switch IP address from the peer (peer learned DWS-4000 Series switch IP
address in RADIUS server response when validating the AP).
• Switch IP Configured: The managed AP is configured with the DWS-4000 Series
switch IP address.
• Switch IP DHCP: The managed AP learned the current DWL-X600AP IP address
through DHCP option 43.
• L2 Poll Received: The AP was discovered through the D-Link Wireless Device
Discovery protocol.
Indicates the protocol version supported by the software on the AP, which is
learned from the AP during discovery.
Total number of clients currently associated to the AP that have been
authenticated. This is the sum of all authenticated clients for all the VAPs enabled
on the AP.
Time in seconds since last power-on reset of the managed AP.
Time since last communication between the DWS-4000 Series switch and the AP.
Discovery Reason
Protocol Version
Authenticated Clients
System Up Time
Age
TSPEC Status (Voice and Video)
Number of Active Traffic Shows the number of active traffic streams on the selected AP.
Streams
A traffic stream is a collection of data packets identified by the wireless client as
belonging to a particular user priority. An example of a voice traffic stream is a WiFi Certified telephone handset that marks its codec-generated data packets as voice
priority traffic. An example of a video traffic stream is a video player application on
a wireless laptop that prioritizes a video conference feed from a corporate server.
Number of Traffic
Shows the number of clients with an active traffic stream on the selected AP.
Stream Clients
Number of Traffic
Shows the number of clients in roaming mode with an active traffic stream on the
Stream Roaming Clients selected AP. This value is also included in the Number of Traffic Stream Clients field.
Command Buttons
The page includes the following buttons:
• Reset— Resets the managed AP. A pop-up message asks you to confirm that you want to reset the AP.
• Disassociate Clients—Disconnects all associated clients from the AP.
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 469
D-Link UWS User Manual
Monitoring Status and Statistics
• Back—Returns to the Managed AP Status page.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 470
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing Managed Access Point Radio Summary Information
You can view general information about each operational radio on all APs managed by the switch. The
Managed Access Point Radio Summary page shows the channel, transmit power, and number of associated
wireless clients for all managed APs. For more information about a specific radio on an AP, click the radio.
Table 271 describes the fields you see on the Radio Summary page for the managed access point status.
Table 271: Managed AP Radio Summary
Field
Description
MAC Address
The Ethernet address of the DWS-4000 Series switch managed AP. If the MAC
address of the AP is followed by an asterisk (*), it is managed by a peer switch.
A location description for the AP, this is the value configured in the valid AP database
(either locally or on the RADIUS server).
Indicates the radio interface and configured mode of the radio, if the radio is disabled
the radio mode will be displayed as Off instead of showing the configured mode.
If radio is operational, the current operating channel for the radio.
If radio is operational, the current transmit power for the radio.
Total count of clients authenticated by the AP on the physical radio. This is a sum of
all the clients authenticated by each VAP enabled on the radio.
Location
Radio
Channel
Transmit Power
Authenticated Clients
Command Buttons
The page includes the following buttons:
• Refresh—Updates the page with the latest information.
• Back—Returns to the Managed AP Status page.
Viewing Detailed Managed Access Point Radio Information
You can view detailed information about each radio on the APs that the DWS-4000 Series switch manages on
the Radio Detail page for the managed access point radio status. Use the options above the table to select the
AP and radio with the settings to view. The AP is identified by its MAC address and location. The radio is
identified by its number and configured mode. If the radio is disabled, the radio mode will be displayed as Off.
Table 272 describes the fields you see on the Radio Detail page for the managed access point status.
Table 272: Managed AP Radio Detail
Field
Description
Supported Channels
The list of eligible channels the AP reported to the switch for channel assignment.
The list is based on country code, hardware capabilities, and any configured channel
limitations.
Channel
If radio is operational, the current operating channel for the radio.
Channel Bandwidth
Indicates whether the channel bandwidth is 20 MHz or 40 MHz.
Fixed Channel Indicator This flag indicates if a fixed channel is configured and assigned to the radio, a fixed
channel can be configured in the valid AP database (locally or on a RADIUS server).
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 471
D-Link UWS User Manual
Monitoring Status and Statistics
Table 272: Managed AP Radio Detail (Cont.)
Field
Description
Manual Channel
Adjustment Status
Indicates the current state of a manual request to change the channel on this radio.
The valid values are:
• Not Started: No request has been made to change the channel.
• Requested: A channel change has been requested by the user but has not been
processed by the switch.
• In Progress: The switch is processing a channel change request for this radio.
• Success: A channel change request is complete.
• Failure: A channel change request failed.
Total network utilization for the physical radio. This value is based on radio statistics.
Indicates whether the RRM feature is enabled on the radio.
WLAN Utilization
Radio Resource
Measurement
Authenticated Clients
Total count of clients authenticated with the AP on the physical radio. This is a sum
of all the clients authenticated with the AP for each VAP enabled on the radio.
Transmit Power
If radio is operational, the current transmit power for the radio.
Fixed Power Indicator This flag indicates if a fixed power setting is configured and assigned to the radio, a
fixed transmit power can be configured in the valid AP database (locally or on a
RADIUS server).
Manual Power
Indicates the current state of a manual request to change the power setting on this
Adjustment Status
radio. The valid values are:
• None: No request has been made to change the power.
• Requested: A power adjustment has been requested by the user but has not
been processed by the switch.
• In Progress: The switch is processing a power adjustment request for this radio.
• Success: A power adjustment request is complete.
• Failure: A power adjustment request failed.
Total Neighbors
Total number of neighbors (both APs and clients) that can be seen by this radio in its
RF area.
TSPEC Status (Voice and Video)
Operational Status
Number of Active
Traffic Streams
Number of Traffic
Stream Clients
Number of Traffic
Stream Roaming
Clients
D-Link
Oct. 2015
Indicates the current operational mode for the category.
The operational mode is influenced by both the individual Admission Control
Mandatory (ACM) mode and overall TSPEC mode.
Shows the number of active traffic streams on the radio.
A traffic stream is a collection of data packets identified by the wireless client as
belonging to a particular user priority. An example of a voice traffic stream is a Wi-Fi
Certified telephone handset that marks its codec-generated data packets as voice
priority traffic. An example of a video traffic stream is a video player application on
a wireless laptop that prioritizes a video conference feed from a corporate server.
Shows the number of clients with an active traffic stream on the radio.
Shows the number of clients in roaming mode with an active traffic stream on the
radio. This value is also included in the Number of Traffic Stream Clients field.
Unified Wired and Wireless Access System
Page 472
D-Link UWS User Manual
Monitoring Status and Statistics
Table 272: Managed AP Radio Detail (Cont.)
Field
Description
Medium Time
Admitted
Medium Time
Unallocated
Medium Time Roaming
Unallocated
Current sum of medium time (bandwidth) allocated to clients using a traffic stream
on the radio. Medium time is measured in 32 μsec/sec units.
Amount of medium time (bandwidth) not currently allocated for clients connected
to the AP through this radio. Medium time is measured in 32 μsec/sec units.
Amount of medium time (bandwidth) not currently allocated for roaming clients.
Medium time is measured in 32 μsec/sec units.
For radios that include IEEE 802.11a, IEEE 802.11a/n, or 5-GHz 802.11n support, the page displays an
additional table with radar detection information.
Table 273: Radio Detail Regulatory Domain
Field
Description
Supported Channel
Radar Detection
Required
Lists the radio channel used for transmitting and receiving wireless traffic.
In some regulatory domains, radar detection is required on some channels in the 5GHz band. If radar detection is required on the channel, the AP uses the 802.11h
specification to avoid interference with other wireless devices.
Indicates whether another 802.11 device was detected on the channel.
Shows the amount of time that has passed since the device was last detected on the
channel.
Radar Detected
Time Since Radar Last
Detected
Command Buttons
The page includes the following buttons:
• Refresh—Updates the page with the latest information.
• Back—Returns to the Managed AP Status page.
Viewing Managed Access Point Neighbor APs
During the RF scan, an access point collects and stores beacon information visible from neighboring access
points. Access points can store the neighbor information for up to 64 neighbor APs. If the neighbor scan
information exceeds the capacity, the oldest data in the neighbor list is overwritten.
Use the menu above the table to select the AP with the Neighbor AP information to view. The AP is identified
by its MAC address and location. If the AP has two radios, select a radio to view the neighbor APs detected by
using an RF scan on that radio. The radio is identified by its number and configured mode. If the radio is
disabled, the radio mode will be displayed as Off.
Table 274 on page 474 describes the fields you see on the Neighbor APs page for the managed access point
status.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 473
D-Link UWS User Manual
Monitoring Status and Statistics
Table 274: Managed AP Neighbor Status
Field
Description
Neighbor AP MAC
The Ethernet MAC address of the neighbor AP network, this could be a physical radio
interface or VAP MAC address. For D-Link APs this is always a VAP MAC address. The
neighbor AP MAC address may be cross-referenced in the RF Scan status.
Service Set ID of the neighbor AP network.
Received Signal Strength Indication, this is an indicator of the signal strength relative
to the neighbor and may give an idea of the neighbor's distance from the managed
AP. The range is 1–100, where 1 is the weakest signal strength.
Indicates the managed status of the AP, whether this is a valid AP known to the
switch or a Rogue on the network. The valid values are:
• Managed: The neighbor AP is managed by the wireless system.
• Standalone: The AP is managed in standalone mode and configured as a valid AP
entry (local or RADIUS).
• Rogue: The AP is classified as a threat by one of the threat detection algorithms.
• Unknown: The AP is detected in the network but is not classified as a threat by
the threat detection algorithms.
Indicates the time since this AP was last reported from an RF scan on the radio.
SSID
RSSI
Status
Age
Command Buttons
The page includes the following buttons:
• Delete All Neighbors—Clears all entries from the Neighbor APs and Neighbor Clients list. This deletes all
neighbors for all radios on all APs — not only for the currently selected AP and radio. The list is
repopulated as neighbors are discovered.
• Refresh—Updates the page with the latest information.
Viewing Clients Associated with Neighbor Access Points
The Neighbor Clients page shows information about wireless clients that have been discovered by the selected
AP.APs can store information for up to 512 wireless clients. If the information exceeds the capacity, the oldest
data in the neighbor client list is overwritten.
Use the menu above the table to select the AP with the neighbor client information to view. The AP is
identified by its MAC address and location. If the AP has two radios, select a radio to view the neighbor clients
detected via an RF scan on that radio. The radio is identified by its number and configured mode. If the radio
is disabled, the radio mode will be displayed as Off.
The Delete All Neighbors button clears the Neighbor AP and Neighbor Clients lists. The list is repopulated as
neighbors and associated clients are discovered.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 474
D-Link UWS User Manual
Monitoring Status and Statistics
Table 275 describes the fields you see on the Neighbor Clients page for the managed access point status.
Table 275: Neighbor AP Clients
Field
Description
Neighbor Client MAC
RSSI
The Ethernet address of client station.
Received Signal Strength Indication, this is an indicator of the signal strength relative
to the neighbor and may give an idea of the neighbor's distance from the managed
AP. The range is 1–100, where 1 is the weakest signal strength.
The managed AP channel the client frame was received on, which may be different
than the operating channel for this radio.
Indicates one or more discovery methods for the neighbor client. One or more of the
following values may be displayed:
• RF Scan Discovered: The client was reported from an RF scan on the radio. Note
that client stations are difficult to detect via RF scan, the other methods are more
common for client neighbor detection.
• Probe Request: The managed AP received a probe request from the client.
• Associated to Managed AP: This neighbor client is associated to another
managed AP.
• Associated to this AP: The client is associated to this managed AP on the
displayed radio.
• Associated to Peer AP: The client is associated to an AP managed by a peer
switch.
• Ad Hoc Rogue: The client was detected as part of an Ad Hoc network.
Indicates the time since this client was last reported from an RF scan on the radio.
Channel
Discovery Reason
Age
Command Buttons
The page includes the following buttons:
• Delete All Neighbors—Clears all entries from the Neighbor APs and Neighbor Clients list. The list is
repopulated as neighbors are discovered.
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 475
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing Managed Access Point VAPs
There are 16 virtual access points (VAPs) available on each radio of an AP. For each radio of an access point
managed by the switch, you can view a summary of the VAP configuration and the number of wireless clients
associated with a particular VAP.
Use the menu above the table to select the AP with the VAP information to view. The AP is identified by its
MAC address and location. If the AP has two radios, select a radio to view details about VAPs on that radio.
The radio is identified by its number and configured mode. If the radio is disabled, the radio mode will be
displayed as Off.
Table 276 describes the fields you see on the VAPs page for the managed access point status.
Table 276: Managed Access Point VAP Status
Field
Description
VAP ID
The integer ID used to identify the VAP (0-7), this is used to uniquely identify the VAP
for configuration via CLI/SNMP.
VAP Mode
Indicates whether or not the VAP is enabled or disabled. VAPs are always configured,
but are only sending beacons and accepting clients when they are Enabled.
BSSID
The Ethernet address of the VAP.
SSID
Indicates the network assigned to the VAP. The network for each VAP is configured
within the AP profile and the SSID is based on the network configuration.
Client Authentications Indicates the total number of clients currently authenticated with the VAP.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing Managed Access Point VAP TSPEC Status
There are 16 virtual access points (VAPs) available on each radio of an AP. For each VAP on each radio of an AP
managed by the switch, you can view information about the traffic that uses a traffic specification (TSPEC). A
TSPEC is a set of parameters that define Quality of Service (QoS) characteristics of a traffic flow. A QoS-capable
wireless client sends a TSPEC request to the AP to enable the AP to prioritize traffic streams and deliver
appropriate resources to time- and delay-sensitive network traffic. TSPECs are commonly used with video and
voice traffic.
To view TSPEC data for a VAP, you select the AP, radio interface, and VAP. The radio is identified by its number
and configured mode. If the radio is disabled, the radio mode will be displayed as Off. The VAP is identified by
the VAP ID.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 476
D-Link UWS User Manual
Monitoring Status and Statistics
The following table describes the fields you see on the VAP TSPEC page.
Table 277: Managed Access Point VAP TSPEC Status
Field
Description
VAP ID
The integer ID used to identify the VAP (0-15), this is used to uniquely identify the
VAP for configuration via CLI/SNMP.
Indicates whether the TSPEC data is for voice traffic or video traffic. The VAP
maintains separate counters for the voice and video categories.
Indicates the current operational mode for the category.
The operational mode is influenced by both the individual Admission Control
Mandatory (ACM) mode and overall TSPEC mode.
Shows the number of active traffic streams on the selected VAP.
A traffic stream is a collection of data packets identified by the wireless client as
belonging to a particular user priority. An example of a voice traffic stream is a Wi-Fi
Certified telephone handset that marks its codec-generated data packets as voice
priority traffic. An example of a video traffic stream is a video player application on
a wireless laptop that prioritizes a video conference feed from a corporate server.
Shows the number of clients with an active traffic stream on the selected VAP.
Access Category
Operational Status
Number of Active
Traffic Streams
Number of Traffic
Stream Clients
Number of Traffic
Stream Roaming
Clients
Medium Time
Admitted
Medium Time
Unallocated
Medium Time Roaming
Unallocated
Shows the number of clients in roaming mode with an active traffic stream on the
selected VAP. This value is also included in the Number of Traffic Stream Clients field.
Current sum of medium time (bandwidth) allocated to clients using a traffic stream
on the selected VAP. Medium time is measured in 32 μsec/sec units.
Amount of medium time (bandwidth) not currently allocated for clients connected
through this VAP. Medium time is measured in 32 μsec/sec units.
Amount of medium time (bandwidth) not currently allocated for roaming clients.
Medium time is measured in 32 μsec/sec units.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 477
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing Distributed Tunneling Information
The AP-AP tunneling mode is used to support L3 roaming for wireless clients without forwarding any data
traffic to the wireless switch.
In the AP-AP tunneling mode, when a client first associates with an AP in the wireless system, the AP forwards
the wireless client’s data using VLAN forwarding mode. The AP the client initially associates with is called the
Home AP. The AP the client roams to is called the Association AP.
Use the menu above the table to select the AP with the distributed tunneling information to view. The AP is
identified by its MAC address and location.
Table 278 describes the fields you see on the Managed Access Point Distributed Tunneling Status page for the
managed access point status.
Table 278: Distributed Tunneling Status
Field
Description
Distributed Tunnel
Clients using AP as
Home
Distributed Tunnel
Clients using AP as
Associate
Distributed Tunnels
Number of clients that roamed away from this AP using distributed tunneling mode
and are tunneling data back to this AP.
Number of clients that roamed to this AP using distributed tunneling mode and are
tunneling data to the Home AP.
Number of APs to which this AP has a distributed L2 tunnel. The AP may be acting as
Home AP or Association AP for clients using the tunnel.
Maximum number of tunnels on the Home AP that are members of the same VLAN.
Distributed Tunnel
Multicast Replications
VLAN with Max
The VLAN ID that is currently replicated the most number of times by the AP for
Mulitcast Replications sending multicasts into distributed tunnels.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 478
D-Link UWS User Manual
Monitoring Status and Statistics
Managed Access Point Statistics
The managed AP statistics page shows information about traffic on the wired and wireless interfaces of the
access point. This information can help diagnose network issues, such as throughput problems.
The following figure shows the Managed Access Point Statistics page with a managed AP.
Figure 315: Managed AP Statistics
The following tabs are available from the Managed AP Statistics page:
• WLAN Summary: Shows summary information about the wireless interfaces on each AP the switch
manages.
• Ethernet Summary: Shows summary information about the Ethernet (wired) interfaces on each AP the
switch manages.
• Detail: Shows the number and type of packets transmitted and received on a specific AP.
• Radio: Shows per-radio information about the number and type of packets transmitted and received for a
specific AP.
• VAP: Shows per-VAP information about the number of packets transmitted and received and the number
of wireless client failures for a specific AP.
• Distributed Tunneling: Shows information about the L2 tunnels currently in use on the AP.
On the WLAN Summary and Ethernet Summary pages, click the MAC address of the AP to view detailed
statistics about the AP.
Table 279: Managed Access Point WLAN Summary Statistics
Field
Description
MAC Address
Packets Received
Bytes Received
Packets Transmitted
Bytes Transmitted
The Ethernet address of the DWS-4000 Series switch-managed AP.
Total packets received by the AP on the wireless network.
Total bytes received by the AP on the wireless network.
Total packets transmitted by the AP on the wireless network.
Total bytes transmitted by the AP on the wireless network.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 479
D-Link UWS User Manual
Monitoring Status and Statistics
Note: You can sort the list of APs by clicking any of the column headings. For example, to sort the APs
by the number of packets transmitted, click Packets Transmitted.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing Managed Access Point Ethernet Statistics
The Ethernet summary statistics show information about the number of packets and bytes transmitted and
received on the wired interface of each access point managed by the switch. The wired interface is physically
connected to the LAN.
Table 280 describes the fields you see on the Ethernet Summary page for the managed access point statistics.
Table 280: Managed Access Point Ethernet Summary Statistics
Field
Description
MAC Address
Packets Received
Bytes Received
Packets Transmitted
Bytes Transmitted
The Ethernet address of the DWS-4000 Series switch-managed AP.
Total packets received by the AP on the wired network.
Total bytes received by the AP on the wired network.
Total packets transmitted by the AP on the wired network.
Total bytes transmitted by the AP on the wired network.
Viewing Detailed Managed Access Point Statistics
The detailed AP statistics show information about the packets and bytes transmitted and received on the
wired and wireless interface of a particular access point managed by the switch. To view statistics for a specific
AP that the switch manages, select its MAC address from the drop-down menu above the table. The location,
if available, is also displayed with the MAC address.
Table 281 describes the fields you see on the Detail page for the managed access point statistics.
Table 281: Detailed Managed Access Point Statistics
Field
Description
WLAN Packets Received
WLAN Bytes Received
WLAN Packets Transmitted
WLAN Bytes Transmitted
WLAN Packets Receive Dropped
Total packets received by the AP on the wireless network.
Total bytes received by the AP on the wireless network.
Total packets transmitted by the AP on the wireless network.
Total bytes transmitted by the AP on the wireless network.
Number of packets received by the AP on the wireless network that
were dropped.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 480
D-Link UWS User Manual
Monitoring Status and Statistics
Table 281: Detailed Managed Access Point Statistics (Cont.)
Field
Description
WLAN Bytes Receive Dropped
Number of bytes received by the AP on the wireless network that
were dropped.
Number of packets transmitted by the AP on the wireless network
that were dropped.
Number of bytes transmitted by the AP on the wireless network that
were dropped.
Total packets received by the AP on the wired network.
Total bytes received by the AP on the wired network.
Total packets transmitted by the AP on the wired network.
Total bytes transmitted by the AP on the wired network.
Total multicast packets received by the AP on the wired network.
Total receive errors detected by the AP on the wired network.
Total transmit errors detected by the AP on the wired network.
Number of ARP requests that the AP converted from a broadcast
packet to a unicast packet before sending to the wireless link.
Number of ARP requests that AP was able to drop instead of sending
on the wireless link.
The number of ARP requests sent as broadcasts on the VAPs. This
counter does not include WDS links. The same ARP frame may be
counted multiple times when it is broadcasted on multiple VAPs. The
counter is available even when ARP suppression is disabled.
WLAN Packets Transmit Dropped
WLAN Bytes Transmit Dropped
Ethernet Packets Received
Ethernet Bytes Received
Ethernet Packets Transmitted
Ethernet Bytes Transmitted
Multicast Packets Received
Total Receive Errors
Total Transmit Errors
ARP Reqs Converted from Bcast to
Ucast
Filtered ARP Requests
Broadcasted ARP Requests
TSPEC Statistics (Voice and Video)
Total TSPEC Packets Received
Total TSPEC Packets Transmitted
Total TSPEC Bytes Received
Total TSPEC Bytes Transmitted
Total TSPECs Accepted
Total TSPECs Rejected
Total Roaming TSPECs Accepted
Total Roaming TSPECs Rejected
The number of TSPEC packets sent from the wireless client to the AP.
The number of TSPEC packets sent from the AP to the wireless client.
The number of TSPEC bytes sent from the wireless client to the AP.
The number of TSPEC bytes sent from the AP to the wireless client.
The number of TSPEC packets that were accepted by the AP.
The number of TSPEC packets that were rejected by the AP.
The total number of TSPEC packets transmitted by roaming clients
that were accepted by the AP.
The total number of TSPEC packets transmitted by roaming clients
that were rejected by the AP.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 481
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing Managed Access Point Radio Statistics
The radio statistics show detailed information about the packets and bytes transmitted and received on the
radio (wireless) interface of a particular access point managed by the switch.
Use the options above the table to select the AP and radio with the settings to view. The AP is identified by its
MAC address and location. The radio is identified by its number and configured mode. If the radio is disabled,
the radio mode will be displayed as Off.
Table 282 describes the fields you see on the Radio page for the managed access point statistics.
Table 282: Managed Access Point Radio Statistics
Field
Description
WLAN Packets Received
WLAN Bytes Received
WLAN Packets Transmitted
WLAN Bytes Transmitted
WLAN Packets Receive Dropped
Total packets received by the AP on this radio interface.
Total bytes received by the AP on this radio interface.
Total packets transmitted by the AP on this radio interface.
Total bytes transmitted by the AP on this radio interface.
Number of packets received by the AP on this radio interface that were
dropped.
WLAN Bytes Receive Dropped
Number of bytes received by the AP on this radio interface that were
dropped.
WLAN Packets Transmit Dropped Number of packets transmitted by the AP on this radio interface that
were dropped.
WLAN Bytes Transmit Dropped
Number of bytes transmitted by the AP on this radio interface that were
dropped.
Fragments Received
Count of successfully received MPDU frames of type data or
management.
Fragments Transmitted
Number of transmitted MPDU with an individual address or an MPDU
with a multicast address of type Data or Management.
Multicast Frames Received
Count of MSDU frames received with the multicast bit set in the
destination MAC address.
Multicast Frames Transmitted
Count of successfully transmitted MSDU frames where the multicast bit is
set in the destination MAC address.
Duplicate Frame Count
Number of times a frame is received and the Sequence Control field
indicates is a duplicate.
Failed Transmit Count
Number of times a MSDU is not transmitted successfully due to transmit
attempts exceeding either the short retry limit or the long retry limit.
Transmit Retry Count
Number of times a MSDU is successfully transmitted after one or more
retries.
Multiple Retry Count
Number of times a MSDU is successfully transmitted after more than one
retry.
RTS Success Count
Count of CTS frames received in response to an RTS frame.
RTS Failure Count
Count of CTS frames not received in response to an RTS frame.
ACK Failure Count
Count of ACK frames not received when expected.
FCS Error Count
Count of FCS errors detected in a received MPDU frame.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 482
D-Link UWS User Manual
Monitoring Status and Statistics
Table 282: Managed Access Point Radio Statistics
Field
Description
Frames Transmitted
WEP Undecryptable Count
Count of each successfully transmitted MSDU.
Count of encrypted frames received and the key configuration of the
transmitter indicates that the frame should not have been encrypted or
that frame was discarded due to the receiving station not implementing
the privacy option.
TSPEC Statistics (Voice and Video)
Total TSPEC Packets Received
The number of TSPEC packets sent from the wireless client to the AP on
the radio.
Total TSPEC Packets Transmitted The number of TSPEC packets sent from the AP to the wireless client on
the radio.
Total TSPEC Bytes Received
The number of TSPEC bytes sent from the wireless client to the AP on the
radio.
Total TSPEC Bytes Transmitted
The number of TSPEC bytes sent from the AP to the wireless client on the
radio.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing Managed Access Point VAP Statistics
The VAP statistics show information about the client failures and number of packets and bytes transmitted and
received on each VAP on radio one or two for a particular access point managed by the switch.
Use the options above the table to select the AP, radio, and VAP with the settings to view. The AP is identified
by its MAC address and location. The radio is identified by its number and configured mode. If the radio is
disabled, the radio mode will be displayed as Off. The VAP is identified by the VAP ID and its SSID. All VAPs are
available regardless of whether they are enabled.
Table 283 describes the fields you see on the VAP page for the managed access point statistics.
Table 283: Managed Access Point VAP Statistics
Field
Description
WLAN Packets Received
WLAN Bytes Received
WLAN Packets Transmitted
WLAN Bytes Transmitted
WLAN Packets Receive Dropped
WLAN Bytes Receive Dropped
WLAN Packets Transmit Dropped
WLAN Bytes Transmit Dropped
Total packets received by the AP on this VAP.
Total bytes received by the AP on this VAP.
Total packets transmitted by the AP on this VAP.
Total bytes transmitted by the AP on this VAP.
Number of packets received by the AP on this VAP that were dropped.
Number of bytes received by the AP on this VAP that were dropped.
Number of packets transmitted by the AP on this VAP that were dropped.
Number of bytes transmitted by the AP on this VAP that were dropped.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 483
D-Link UWS User Manual
Monitoring Status and Statistics
Table 283: Managed Access Point VAP Statistics
Field
Description
Client Association Failures
Client Authentication Failures
Number of clients that have been denied association to the VAP.
Number of clients that have failed authentication to the VAP.
TSPEC Statistics (Voice and Video)
Total TSPEC Packets Received
The number of TSPEC packets sent from the wireless client to the AP on
the VAP.
Total TSPEC Packets Transmitted The number of TSPEC packets sent from the AP to the wireless client on
the VAP.
Total TSPEC Bytes Received
The number of TSPEC bytes sent from the wireless client to the AP on the
VAP.
Total TSPEC Bytes Transmitted
The number of TSPEC bytes sent from the AP to the wireless client on the
VAP.
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing Distributed Tunneling Statistics
The distributed tunneling statistics show information about the number of packets and bytes transmitted and
received by clients that use L2 distributed tunnels on an access point managed by the switch.
Use the menu above the table to select the AP with the settings to view. The AP is identified by its MAC address
and location.
Table 284 describes the fields you see on the Distributed Tunneling Statistics page for the managed access
point statistics.
Table 284: Managed Access Point Distributed Tunneling Statistics
Field
Description
Bytes Transmitted
Bytes Received
Multicast Packets Transmitted
Multicast Packets Received
Packets Transmitted
Packets Received
Total Roamed Clients of AP
Total bytes transmitted via all distributed tunnels by the AP.
Total bytes received via all distributed tunnels by the AP.
Total multicast packets transmitted via all distributed tunnels by the AP.
Total multicast packets received via all distributed tunnels by the AP.
Total packets transmitted via all distributed tunnels by the AP.
Total packets received via all distributed tunnels by the AP.
Number of Clients that used this AP for distributed tunneling. The count
include clients that roamed away and roamed to this AP.
Number of Clients that roamed away from this AP and were timed out
due to not sending traffic on the tunnel.
Roamed Clients Idle Timed Out
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 484
D-Link UWS User Manual
Monitoring Status and Statistics
Table 284: Managed Access Point Distributed Tunneling Statistics
Field
Description
Roamed Clients Age Timed Out
Number of Clients that roamed away from this AP and were timed out
due to age of the tunnel.
Number of times the AP denied the clients attempt to set up a distributed
tunnel due to the AP reaching the configured tunneled client limit.
Number of times the AP denied the clients attempt to set up a distributed
tunnel due to the AP reaching the configured maximum number of VLAN
replications.
Client Limit Denials
Client Max Replication Denials
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 485
D-Link UWS User Manual
Monitoring Status and Statistics
AP Authentication Failure Status
An AP might fail to associate to the switch due to errors such as invalid packet format or vendor ID, or because
the AP is not configured as a valid AP with the correct local or RADIUS authentication information.
To view a list of APs that failed to associate with the DWS-4000 Series switch, click WLAN > Monitoring >
Access Point > AP Authentication Failure Status.
Figure 316: AP Authentication Failure Status
The AP authentication failure list shows information about APs that failed to establish communication with
the DWS-4000 Series switch. The AP can fail due to one of the following reasons:
• No Database Entry — The MAC address of the AP is not in the local Valid AP database or the external
RADIUS server database, so the AP has not been validated.
• Local Authentication — The authentication password configured in the AP did not match the password
configured in the local database.
• Not Managed — The AP is in the Valid AP database, but the AP Mode in the local database is not set to
Managed.
• RADIUS Authentication — The password configured in the RADIUS client for the RADIUS server was
rejected by the server.
• RADIUS Challenged — The RADIUS server is configured to use the Challenge-Response authentication
mode, which is incompatible with the AP.
• RADIUS Unreachable — The RADIUS server that the AP is configured to use is unreachable.
• Invalid RADIUS Response — The AP received a response packet from the RADIUS server that was not
recognized or invalid.
• Invalid Profile ID — The profile ID specified in the RADIUS database may not exist on the switch. This can
also happen with the local database when the configuration has been received from a peer switch.
• Profile Mismatch-Hardware Type — The AP hardware type specified in the AP Profile is not compatible
with the actual AP hardware.
• AP Relink — The RADIUS server is configured to return the IP address of the switch that manages a specific
AP, but the AP is discovered by a different switch. The switch sends a relink message to the access point
with the IP address of the wireless switch that the AP should be linked with. When the AP gets the relink
message, it modifies or sets the wireless switch IP address to the address assigned by the RADIUS server,
breaks the TCP connection with the current switch, and starts a new discovery process.
If you use the local database for AP Validation, you can click the WLAN > Administration > Basic Setup > Valid
AP tab to modify the AP configuration. If you use a RADIUS server for AP validation, you must add the MAC
address of the AP to the RADIUS server database.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 486
D-Link UWS User Manual
Monitoring Status and Statistics
Click the MAC address of the AP to view more information about the AP. If the AP is not a D-Link AP, some
values are unknown.
Table 285: Access Point Authentication Failure Status
Field
Description
MAC Address
The Ethernet address of the AP. If the MAC address of the AP is followed
by an asterisk (*), it was reported by a peer switch.
The IP address of the AP.
Indicates the last type of failure that occurred, which can be one of the
following:
• Local Authentication
• No Database Entry
• Not Managed
• RADIUS Authentication
• RADIUS Challenged
• RADIUS Unreachable
• Invalid RADIUS Response
• Invalid Profile ID
• Profile Mismatch-Hardware Type
• AP Relink
Time since failure occurred.
IP Address
Last Failure Type
Age
The AP failure status entries are collected at a point in time and
eventually age out. The age value for each entry shows how long ago the
switch recorded the entry. You can configure the age out time for status
entries on the WLAN > Administration > Advanced Configuration >
Global page. You can also manually delete status entries.
Command Buttons
The page includes the following buttons:
• Delete All—Delete the entries for all APs in the failure list.
• Manage—Add one or more selected APs from the Access Point Failure list to the Valid AP database.
• Refresh—Updates the page with the latest information.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 487
D-Link UWS User Manual
Monitoring Status and Statistics
Viewing Details About AP Authentication Failures
To view additional data (beacon information) for an AP in the authentication failure list, click the MAC address
of the AP.
Figure 317: AP Authentication Failure Details
The following table describes the fields on the detailed Access Point Authentication Failure Status page.
Table 286: Access Point Authentication Failure Details
Field
Description
MAC Address
IP Address
Last Failure Type
The Ethernet address of the AP.
The network IP address of the AP.
Indicates the last type of failure that occurred, which can be one of the
following:
• Local Authentication
• No Database Entry
• Not Managed
• RADIUS Authentication
• RADIUS Challenged
• RADIUS Unreachable
• Invalid RADIUS Response
• Invalid Profile ID
• Profile Mismatch-Hardware Type
• AP Relink
Vendor of the AP software.
Indicates the protocol version supported by the software on the AP.
Indicates the version of software on the AP.
Hardware platform for the AP.
Shows whether the switch that reported the AP authentication failure is
the local switch or a peer switch.
Shows the IP address of the switch in the cluster that reported the AP
authentication failure.
Vendor ID
Protocol Version
Software Version
Hardware Type
Reporting Switch
Switch MAC Address
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 488
D-Link UWS User Manual
Monitoring Status and Statistics
Table 286: Access Point Authentication Failure Details (Cont.)
Field
Description
Switch IP Address
Shows the MAC address of the switch in the cluster that reported the AP
authentication failure.
The count of association failures for this AP.
The count of authentication failures for this AP.
Time since failure occurred.
Status entries for the AP Authentication Failure page are collected at a
point in time and eventually age out. The age value for each entry shows
how long ago the switch recorded the entry. You can configure the age
out time for status entries on the WLAN > Administration > Advanced
Configuration > Global page. You can also manually delete status
entries.
Validation Failures
Authentication Failures
Age
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
AP RF Scan Status
The radios on each AP can periodically scan the radio frequency to collect information about other APs and
wireless clients that are within range. In normal operating mode the AP always scans on the operational
channel for the radio. Two other scan modes are available for each radio on the APs:
• Scan Other Channels: Configures the AP to periodically leave its operational channel and scan other
channels within that frequency.
• Scan Sentry: Disables normal operation of the radio and performs a continuous radio scan. In this mode,
no beacons are sent, and no clients are allowed to associate with the AP.
When Scan Other Channels or Scan Sentry modes are enabled, the AP scans all available channels on each
radio. When the scan is complete, the AP sends information it collected during the RF scan to the switch that
manages it. For information about how to configure the scan mode, see “Radio Configuration” on page 549.
The DWS-4000 Series switch considers an access point to be a rogue if is detected during the RF scan process
and is classified as a threat by one of the threat detection algorithms. To view the threat detection algorithms
enabled on the system, go to the WLAN > Administration > Advanced Configuration > WIDS Security page.
From the WLAN > Monitoring > Access Point > AP RF Scan Status page, you can view information about all
APs detected via RF scan, including those reported as Rogues.
You can sort the APs in the list based any of the column headings. For example, to group all Rogue APs
together, click Status.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 489
D-Link UWS User Manual
Monitoring Status and Statistics
Figure 318: RF Scan
To view additional information about a detected AP, click the MAC address of the AP.
Table 287 describes the fields on the Rogue/RF Scan page.
Table 287: Access Point RF Scan Status
Field
Description
MAC Address
The Ethernet MAC address of the detected AP. This could be a physical radio interface or
VAP MAC. For D-Link APs this is always a VAP MAC address.
Service Set ID of the network, which is broadcast in the detected beacon frame.
Indicates the 802.11 mode being used on the AP.
Transmit channel of the AP.
Indicates the managed status of the AP, whether this is a valid AP known to the switch or
a Rogue on the network. The valid values are:
• Managed: The neighbor AP is managed by the wireless system.
• Standalone: The AP is managed in standalone mode and configured as a valid AP entry
(local or RADIUS).
• Rogue: The AP is classified as a threat by one of the threat detection algorithms.
• Unknown: The AP is detected in the network but is not classified as a threat by the
threat detection algorithms.
Time since this AP was last detected in an RF scan.
Status entries for the RF Scan Status page are collected at a point in time and eventually
age out. The age value for each entry shows how long ago the switch recorded the entry.
You can configure the age out time for status entries on the WLAN > Advanced
Configuration > Global page. You can also manually delete status entries.
SSID
Physical Mode
Channel
Status
Age
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 490
D-Link UWS User Manual
Monitoring Status and Statistics
Command Buttons
The page includes the following buttons:
• Delete All—Clears all APs from the RF scan list. The list repopulates as the APs are discovered.
• Manage—Configures a Rogue AP to be managed by the switch the next time it is discovered. The switch
adds the selected AP to the Valid AP database as a Managed AP and assigns it the default AP profile. Then,
you can use the switch to configure the AP settings. If you use a RADIUS server for AP validation, you must
add the MAC address of the AP to the AP database on the RADIUS server.
• Acknowledge—Clear the rogue status of the selected AP in the RF Scan database.
• Acknowledge All Rogues—Acknowledges all APs with a Rogue status. The status of an acknowledged
rogue is returned to the status it had when it was first detected. If the detected AP fails any of the tests
that classify it as a threat, it will be listed as a Rogue again.
• Refresh—Updates the page with the latest information.
Viewing Details About an AP Detected in the RF Scan
After you click the MAC address of an AP to view details, the detailed Access Point RF Scan Status page for the
AP appears.
The detailed status for access points detected during the RF scan shows information about an individual AP
detected through the RF scan. To view information about another AP detected through the RF Scan, return to
the main Rogue/RF Scan page and click the MAC address of the AP with the information to view.
Figure 319: RF Scan AP Details
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 491
D-Link UWS User Manual
Monitoring Status and Statistics
Table 288 shows the information the Access Point RF Scan Status page shows for an individual access point.
Table 288: Detailed Access Point RF Scan Status
Field
Description
MAC Address
The Ethernet MAC address of the detected AP. This could be a physical radio
interface or VAP MAC. For D-Link APs this is always a VAP MAC address.
SSID
Service Set ID of the network, which is broadcast in the detected beacon frame.
Channel
Transmit channel of the AP.
Status
Indicates the managed status of the AP, whether this is a valid AP known to the
switch or a Rogue on the network. The valid values are:
• Managed: The neighbor AP is managed by the wireless system.
• Standalone: The AP is managed in standalone mode and configured as a valid AP
entry (local or RADIUS).
• Rogue: The AP is classified as a threat by one of the threat detection algorithms.
• Unknown: The AP is detected in the network but is not classified as a threat by
the threat detection algorithms.
Initial Status
If the AP is not rogue, the initial status is equal to Status (Managed, Standalone, or
Unknown). For rogue APs, the initial status is the classification prior to this AP
becoming rogue.
Transmit Rate
Indicates the rate at which the AP is currently transmitting data.
WIDS Rogue AP
Status indicating whether rogue AP mitigation is in progress for this AP. If mitigation
Mitigation
is not in progress then this field displays the reason, which can be one of the
following:
• Not Required (AP s not rogue)
• Already mitigating too many APs.
• AP Is operating on an illegal channel.
• AP is spoofing valid managed AP MAC address.
• AP is Ad hoc.
Age
Time since this AP was last detected in an RF scan.
Discovered Age
Time since this AP was first detected in an RF scan.
BSSID
Basic Service Set Identifier advertised by the AP in the beacon frames.
Physical Mode
Indicates the 802.11 mode being used on the AP.
Security Mode
Security mode used by the AP.
802.11n Mode
Indicates whether this AP supports IEEE 802.11n mode.
Beacon Interval
Beacon interval for the neighbor AP network.
Highest Supported Rate Highest supported rate advertised by this AP in the beacon frames. The rate is
represented in increments of 1 Mbps.
Peer Managed AP
Indicates whether this AP is managed by a switch in the cluster.
Ad hoc Network
Indicates whether the beacon frame was received from an ad hoc network.
OUI Description
Identifies the manufacturer of the AP or wireless client adapter based on the
information in the OUI database on the switch.
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 492
D-Link UWS User Manual
Monitoring Status and Statistics
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing AP Triangulation Information
Triangulation information is provided to help locate the rogue client by showing which managed APs detect
the each device discovered through the RF Scan. Up to six triangulation entries are reported for each AP
detected through the RF Scan: three entries by non-sentry APs and three entries by sentry APs. Since an AP
may have one radio configured in sentry mode and another radio configured in non-sentry mode, the same AP
can appear in both lists. If the AP has not been detected by three APs, then the list may contain zero, one or
two entries.
To view information about another AP detected through the RF Scan, return to the main Rogue/RF Scan page
and click the MAC address of the AP with the information to view.
Figure 320: AP Triangulation Status
Table 289 shows the information the Access Point Triangulation Status page shows for an individual access
point.
Table 289: Access Point Triangulation Status
Field
Description
Detected AP MAC
Address
Sentry
MAC Address
The Ethernet MAC address of the detected AP. This could be a physical radio
interface or VAP MAC. For D-Link APs this is always a VAP MAC address.
Identifies whether the AP that detected the entry is in sentry or non-sentry mode.
Shows the MAC address of the AP that detected the RF Scan entry. The address links
to the Valid AP database.
Identifies the radio on the AP that detected the RF Scan entry.
Shows the received signal strength indicator in terms of percentage for the nonsentry AP. The range is 0—100%. A value of 0 indicates the AP is not detected.
Received signal strength for the non-sentry AP. The range is –127 dBm to 127 dBm,
but most values are expected to range from –95 dBm to –10 dBm.
Noise reported on the channel by the non-sentry AP.
Time since this AP was last detected in an RF scan.
Radio
RSSI
Signal Strength
Noise Level
Age
D-Link
Oct. 2015
Unified Wired and Wireless Access System
Page 493
D-Link UWS User Manual
Monitoring Status and Statistics
Command Buttons
The page includes the following button:
• Refresh—Updates the page with the latest information.
Viewing WIDS AP Rogue Classification Information
The Wireless Intrusion Detection System (WIDS) can help detect intrusion attempts into the wireless network
and take automatic actions to protect the network. The DWS-4000 Seri