D Link WL3610APA1 Unified AC Selectable Dual-band PoE Access Point User Manual 0420

D Link Corporation Unified AC Selectable Dual-band PoE Access Point 0420

UserManual.wiki >

WL3610APA1 User Manual >

Contents

Users Manual_2

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 71May 2016Section 5 - Conguring Access Point ServicesField DescriptionMax. Burst Length The Max. Burst Length is an AP EDCA parameter and only applies to trafc owing from the AP to the client station.This value species (in milliseconds) the maximum burst length allowed for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information. The decreased overhead results in higher throughput and better performance.Valid values for maximum burst length are 0.0 through 999.Wi-Fi Multimedia (WMM) SettingsWi-Fi MultiMedia (WMM)Wi-Fi MultiMedia (WMM) is enabled by default. With WMM enabled, QoS prioritization and coordination of wireless medium access is on. With WMM enabled, QoS settings on the UAP control downstream trafc owing from the AP to client station (AP EDCA parameters) and the upstream trafc owing from the station to the AP (station EDCA parameters).Disabling WMM deactivates QoS control of station EDCA parameters on upstream trafc owing from the station to the AP.With WMM disabled, you can still set some parameters on the downstream trafc owing from the AP to the client station (AP EDCA parameters).To disable WMM extensions, click Disabled.To enable WMM extensions, click Enabled.Station EDCA ParametersQueue Queues are dened for different types of data transmitted from station-to-AP:•) Data 0 (Voice) — Highest priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.•) Data 1(Video) — Highest priority queue, minimum delay. Time-sensitive video data is automatically sent to this queue.•) Data 2 (Best Effort) — Medium priority queue, medium throughput and delay. Most traditional IP data is sent to this queue.•) Data 3 (Background) — Lowest priority queue, high throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example).AIFS (Inter-Frame Space)The Arbitration Inter-Frame Spacing (AIFS) species a wait time for data frames. The wait time is measured in slots. Valid values for AIFS are 1 through 255.cwMin (Minimum Contention Window)This parameter is used by the algorithm that determines the initial random back off wait time (window) for retry of a data transmission during a period of contention for Unied Access Point resources. The value specied here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random back off wait time will be determined. The rst random number generated will be a number between 0 and the number specied here. If the rst random back off wait time expires before the data frame is sent, a retry counter is incremented and the random back off value (window) is doubled. Doubling will continue until the size of the random back off value reaches the number dened in the Maximum Contention Window.cwMax (Maximum Contention Window)The value specied here in the Maximum Contention Window is the upper limit (in milliseconds) for the doubling of the random back off value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached.TXOP Limit The TXOP Limit is a station EDCA parameter and only applies to trafc owing from the client station to the AP. The Transmission Opportunity (TXOP) is an interval of time, in milliseconds, when a WME client station has the right to initiate transmissions onto the wireless medium (WM) towards the Unied Access Point. The TXOP Limit maximum value is 65535.Other QoS SettingsNo AcknowledgementSelect On to specify that the AP should not acknowledge frames with QosNoAck as the service class value.APSD Select On to enable Automatic Power Save Delivery (APSD), which is a power management method. APSD is recommended if VoIP phones access the network through the AP.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 72May 2016Section 5 - Conguring Access Point ServicesNote: After you congure the QoS settings, you must click Apply to apply the changes and to save the settings. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN trafc is low. Table 40 - QoS SettingsConguring Email AlertThe Email Alert feature allows the AP to automatically send email messages when an event at or above the congured severity level occurs. Use the Email Alert Conguration page to congure mail server settings, to set the severity level that triggers alerts, and to add up to three email addresses where urgent and non-urgent email alerts are sent.Note: Email alert is operationally disabled when the AP transitions to managed mode.Figure 38 - Email Alerts CongurationField DescriptionEmail Alert Global CongurationAdmin Mode Globally enable or disable the Email Alert feature on the AP. By default, email alerts are disabled.From Address Specify the email address that appears in the From eld of alert messages sent from the AP, for example dlinkAP23@foo.com. The address can be a maximum of 255 characters and can contain only printable characters. By default, no address is congured.Log Duration This duration, in minutes, determines how frequently the non-critical messages are sent to the SMTP Server. The range is 30-1440 minutes. The default is 30 minutes.Urgent Message SeverityCongures the severity level for log messages that are considered to be urgent. Messages in this category are sent immediately. The security level you select and all higher levels are urgent:•) Emergency indicates system is unusable. It is the highest level of severity.•) Alert indicates action must be taken immediately.•) Critical indicates critical conditions.•) Error indicates error conditions.•) Warning indicates warning conditions.•) Notice indicates normal but signicant conditions.•) Info indicates informational messages.•) Debug indicates debug-level messages.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 73May 2016Section 5 - Conguring Access Point ServicesField DescriptionNon Urgent Severity Congures the severity level for log messages that are considered to be non-urgent. Messages in this category are collected and sent in a digest form at the time interval specied by the Log Duration eld. The security level you select and all levels up to, but not including the lowest Urgent level are considered non-urgent. Messages below the security level you specify are not sent via email. See the Urgent Message eld description for information about the security levels.Email Alert Mail Server CongurationMail Server Address Specify the IP address or hostname of the SMTP server on the network.Mail Server Security Specify whether to use SMTP over SSL (TLSv1) or no security (Open) for authentication with the mail server. The default is Open.Mail Server Port Congures the TCP port number for SMTP. The range is a valid port number from 0 to 65535. The default is 25, which is the standard port for SMTP.Username Specify the username to use when authentication with the mail server is required. The username is a 64-byte character string with all printable characters. The default is admin.Password Specify the password associated with the username congured in the previous eld.Email Alert Message CongurationTo Address 1 Congure the rst email address to which alert messages are sent. The address must be a valid email address. By default, no address is congured.To Address 2 Optionally, congure the second email address to which alert messages are sent. The address must be a valid email address. By default, no address is congured.To Address 3 Optionally, congure the third email address to which alert messages are sent. The address must be a valid email address. By default, no address is congured.Email Subject Specify the text to be displayed in the subject of the email alert message. The subject can contain up to 255 alphanumeric characters. The default is Log message from AP.Table 41 - Email Alert CongurationNote: After you congure the Email Alert settings, click Apply to apply the changes and to save the settings. To validate the congured email server credentials, click Test Mail. You can send a test email once the email server details are congured.The following text shows an example of an email alert sent from the AP to the network administrator:From: AP-192.168.2.10@mailserver.com Sent: Wednesday, July 08, 2011 11:16 AMTo: administrator@mailserver.comSubject: log message from APTIME Priority Process Id MessageJul 8 03:48:25 info login[1457] root login on ‘ttyp0’Jul 8 03:48:26 info mini_http-ssl[1175] Max concurrent connections of 20 reachedEnabling the Time Settings (NTP)Use the Time Settings page to specify the Network Time Protocol (NTP) server to use to provide time and date information to the AP or to congure the time and date information manually.NTP is an Internet standard protocol that synchronizes computer clock times on your network. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock. The timestamp is used to indicate the date and time of each event in log messages.See http://www.ntp.org for more information about NTP.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 74May 2016Section 5 - Conguring Access Point ServicesTo set the system time either manually or by specifying the address of the NTP server for the AP to use, click the Services > Time Settings (NTP) tab and update the elds as described in the table below.Figure 39 - Time Settings (NTP)Field DescriptionSet System Time NTP provides a way for the AP to obtain and maintain its time from a server on the network. Using an NTP server gives your AP the ability to provide the correct time of day in log messages and session information. Choose to use a network time protocol (NTP) server to determine the system time, or set the system time manually:•) To permit the AP to poll an NTP server, click Using Network Time Protocol (NTP).•) To prevent the AP from polling an NTP server, click Manually.NTP Server (Use NTP)If NTP is enabled, specify the NTP server to use.You can specify the NTP server by hostname or IP address, although using the IP address is not recommended as these can change more readily.If you specify a hostname, note the following requirements:•) The length must be between 1 – 63 characters.•) Upper and lower case characters, numbers, and hyphens are accepted. •) The rst character must be a letter (a–z or A–Z), and the last character cannot be a hyphen.System Date (Manual conguration)Specify the current month, day, and year.System Time (Manual conguration)Specify the current time in hours and minutes. The system uses a 24-hour clock, so 6:00 PM is congured as 18:00.Time Zone Select your local time zone from the menu. The default is USA (Pacic).Adjust Time for Daylight SavingsSelect to have the system adjust the reported time for Daylight Savings Time (DST). When this eld is selected, elds to congure Daylight Savings Time settings appear.DST Start (24 HR) Congure the date and time to begin Daylight Savings Time for the System Time.DST End (24 HR) Congure the date and time to end Daylight Savings Time for the System Time.DST Offset (minutes)Select the number of minutes to offset DST. The default is 60 minutes.Table 42 - NTP SettingsNote: After you congure the Time settings, you must click Apply to apply the changes and to save the settings. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change AP settings when WLAN trafc is low.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 75May 2016Section 6 - Conguring SNMPv3Section 6 - Conguring SNMPv3This section describes how to congure the SNMPv3 settings on the UAP and contains the following subsections:•) “Conguring SNMPv3 Views” on page 75•) “Conguring SNMPv3 Groups” on page 76•) “Conguring SNMPv3 Users” on page 77•) “Conguring SNMPv3 Targets” on page 78Conguring SNMPv3 ViewsA MIB view is a combination of a set of view subtrees or a family of view subtrees where each view subtree is a subtree within the managed object naming tree. You can create MIB views to control the OID range that SNMPv3 users can access.A MIB view called “all” is created by default in the system. This view contains all management objects supported by the system.Note: If you create an excluded view subtree, create a corresponding included entry with the same view name to allow subtrees outside of the excluded subtree to be included. For example, to create a view that excludes the subtree 1.3.6.1.4, create an excluded entry with the OID 1.3.6.1.4. Then, create an included entry with OID .1 with the same view name. Figure 40 - SNMPv3 Views CongurationThe following table describes the elds you can congure on the SNMPv3 Views page.Field DescriptionView Name Enter a name to identify the MIB view. View names can contain up to 32 alphanumeric characters.Type Species whether to include or exclude the view subtree or family of subtrees from the MIB view.OID Enter an OID string for the subtree to include or exclude from the view. For example, the system subtree is specied by the OID string .1.3.6.1.2.1.1.Mask The OID mask is 47 characters in length. The format of the OID mask is xx.xx.xx (.)... or xx:xx:xx.... (:) and is 16 octets in length. Each octet is 2 hexadecimal characters separated by either . (period) or : (colon). Only hex characters are accepted in this eld. For example, OID mask FA.80 is 11111010.10000000.A family mask is used to dene a family of view subtrees. The family mask indicates which sub-identiers of the associated family OID string are signicant to the family’s denition. A family of view subtrees allows control access to one row in a table, in a more efcient manner.SNMPv3 Views This eld shows the MIB views on the UAP. To remove a view, select it and click Remove.Table 43 - SNMPv3 Views

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 76May 2016Section 6 - Conguring SNMPv3Note: After you congure the SNMPv3 Views settings, you must click Apply to apply the changes and to save the settings.Conguring SNMPv3 GroupsSNMPv3 groups allow you to combine users into groups of different authorization and access privileges.By default, the UAP has two groups:•) RO — A read-only group using authentication and data encryption. Users in this group use an MD5 key/password for authentication and a DES key/password for encryption. Both the MD5 and DES key/passwords must be dened. By default, users of this group will have read only access to the default all MIB view, which can be modied by the user. •) RW — A read/write group using authentication and data encryption. Users in this group use an MD5 key/password for authentication and a DES key/password for encryption. Both the MD5 and DES key/passwords must be dened. By default, users of this group will have read and write access to the default all MIB view, which can be modied by the user.RW and RO groups are dened by default.Note: The UAP supports maximum of eight groups.To dene additional groups, navigate to the SNMPv3 Groups page and congure the settings that the table below describes.Figure 41 - SNMPv3 Groups CongurationField DescriptionName Specify a name to use to identify the group. The default group names are RW and RO. Group names can contain up to 32 alphanumeric characters.Security Level Select one of the following security levels for the group:•) noAuthentication-noPrivacy — No authentication and no data encryption (no security).•) Authentication-noPrivacy — Authentication, but no data encryption. With this security level, users send SNMP messages that use an MD5 key/password for authentication, but not a DES key/password for encryption.•) Authentication-Privacy — Authentication and data encryption. With this security level, users send an MD5 key/password for authentication and a DES key/password for encryption. For groups that require authentication, encryption, or both, you must dene the MD5 and DES key/passwords on the SNMPv3 Users page.Write Views Select the write access to management objects (MIBs) for the group:•) write-all — The group can create, alter, and delete MIBs.•) write-none — The group is not allowed to create, alter, or delete MIBS.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 77May 2016Section 6 - Conguring SNMPv3Field DescriptionRead Views Select the read access to management objects (MIBs) for the group:•) view-all — The group is allowed to view and read all MIBs.•) view-none — The group cannot view or read MIBs.SNMPv3 Groups This eld shows the default groups and the groups that you have dened on the AP. To remove a group, select the group and click Remove.Table 44 - SNMPv3 GroupsNote: After you congure the SNMPv3 Groups settings, you must click Apply to apply the changes and to save the settings.Conguring SNMPv3 UsersFrom the SNMPv3 Users page, you can dene multiple users, associate the desired security level to each user, and congure security keys.For authentication, only MD5 type is supported, and for encryption only DES type is supported. There are no default SNMPv3 users on the UAP.Figure 42 - SNMPv3 User CongurationThe following table describes the elds to congure SNMPv3 users.Field DescriptionName Enter the user name to identify the SNMPv3 user. User names can contain up to 32 alphanumeric characters.Group Map the user to a group. The default groups are RWAuth, RWPriv, and RO. You can dene additional groups on the SNMPv3 Groups page.Authentication Type Select the type of authentication to use on SNMP requests from the user:•) MD5 — Require MD5 authentication on SNMPv3 requests from the user.•) None — SNMPv3 requests from this user require no authentication.Authentication Key If you specify MD5 as the authentication type, enter a password to enable the SNMP agent to authenticate requests sent by the user.The passphrase must be between 8 and 32 characters in length.Encryption Type Select the type of privacy to use on SNMP requests from the user:•) DES — Use DES encryption on SNMPv3 requests from the user.•) None — SNMPv3 requests from this user require no privacy.Encryption Key If you specify DES as the privacy type, enter a key to use to encrypt the SNMP requests.The passphrase must be between 8 and 32 characters in length.SNMPv3 Users This eld shows the users that you have dened on the AP. To remove a user, select the user and click Remove.Table 45 - SNMPv3 Users

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 78May 2016Section 6 - Conguring SNMPv3Note: After you congure the SNMPv3 Users settings, you must click Apply to apply the changes and to save the settings.Conguring SNMPv3 TargetsSNMPv3 Targets send “inform” messages to the SNMP manager. Each target is identied by a target name and associated with target IP address, UDP port, and SNMP user name.Figure 43 - SNMPv3 Targets CongurationField DescriptionIPv4/IPv6 Address Enter the IP address of the remote SNMP manager to receive the target.Port Enter the UDP port to use for sending SNMP targets.Users Select the name of the SNMP user to associate with the target. To congure SNMP users, see “Conguring SNMPv3 Users” on page 77.SNMPv3 Targets This eld shows the SNMPv3 Targets on the UAP. To remove a target, select it and click Remove.Table 46 - SNMPv3 TargetsNote: After you congure the SNMPv3 Target settings, you must click Apply to apply the changes and to save the settings.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 79May 2016Section 7 - Maintaining the Access PointSection 7 - Maintaining the Access PointThis section describes how to maintain the UAP.From the UAP Administrator UI, you can perform the following maintenance tasks:•) “Saving the Current Conguration to a Backup File” on page 79•) “Restoring the Conguration from a Previously Saved File” on page 80•) “Rebooting the Access Point” on page 81•) “Performing AP Maintenance” on page 81•) “Resetting the Factory Default Conguration” on page 81•) “Upgrading the Firmware” on page 81•) “Packet Capture Conguration and Settings” on page 83Saving the Current Conguration to a Backup FileThe AP conguration le is in XML format and contains all of the information about the AP settings. You can download the conguration le to a management station to manually edit the content or to save as a back-up copy. You can use HTTP or TFTP to transfer les to and from the UAP. After you download a conguration le to the management station, you can manually edit the le, which is in XML format. Then, you can upload the edited conguration le to apply those conguration settings to the AP.Use the following steps to save a copy of the current settings on an AP to a backup conguration le by using TFTP:1.) Select TFTP for Download Method.Figure 44 - Manage this Access Point’s Conguration - Save (TFTP)2.) Enter a name (1 to 63 characters) for the backup le in the Conguration File eld, including the .xml le name extension and the path to the directory where you want to save the le.3.) Enter the Server IP address of the TFTP server.4.) Click Download to save a copy of the le to the TFTP server.Use the following steps to save a copy of the current settings on an AP to a backup conguration le by using HTTP:1.) Select HTTP for Download Method.Figure 45 - Manage this Access Point’s Conguration - Save (HTTP)2.) Click the Download button.A dialog box displays verifying the download.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 80May 2016Section 7 - Maintaining the Access PointFigure 46 - Conrmation Prompt3.) To proceed with the download, select OK.A dialog box opens allowing you to view or save the le.4.) Select the Save File option and select OK.5.) Use the le browser to navigate to the directory where you want to save the le, and click OK to save the le.You can keep the default le name (cong.xml) or rename the backup le, but be sure to save the le with an .xml extension.Restoring the Conguration from a Previously Saved FileYou can use HTTP or TFTP to transfer les to and from the UAP. After you download a conguration le to the management station, you can manually edit the le, which is in XML format. Then, you can upload the edited conguration le to apply those conguration settings to the AP.Use the following procedures to restore the conguration on an AP to previously saved settings by using TFTP:1.) Select TFTP for Upload Method.Figure 47 - Manage this Access Point’s Conguration - Restore (TFTP)2.) Enter a name (1 to 63 characters) for the backup le in the Filename eld, including the .xml le name extension and the path to the directory that contains the conguration le to upload.3.) Enter the IP address of the TFTP server in the Server IP eld.4.) Click the Restore button.The AP reboots. A reboot conrmation dialog and follow-on rebooting status message displays. Please wait for the reboot process to complete, which might take several minutes. The Administration Web UI is not accessible until the AP has rebooted.Use the following steps to save a copy of the current settings on an AP to a backup conguration le by using HTTP:1.) Select HTTP for Upload Method.Figure 48 - Manage this Access Point’s Conguration - Restore (HTTP)

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 81May 2016Section 7 - Maintaining the Access Point2.) Use the Browse button to select the le to restore.3.) Click the Restore button.A File Upload or Choose File dialog box displays.4.) Navigate to the directory that contains the le, then select the le to upload and click Open.(Only those les created with the Backup function and saved as .xml backup conguration les are valid to use with Restore; for example, ap_cong.xml.)5.) Click the Restore button.A dialog box opens verifying the restore.6.) Click OK to proceed.The AP reboots. A reboot conrmation dialog and follow-on rebooting status message displays. Please wait for the reboot process to complete, which might take several minutes. The Administration Web UI is not accessible until the AP has rebooted.Performing AP MaintenanceFrom the Maintenance page, you can reset the AP to its factory default settings or reboot the AP.Figure 49 - Performing AP MaintenanceResetting the Factory Default CongurationIf you are experiencing problems with the UAP and have tried all other troubleshooting measures, click Reset. This restores factory defaults and clears all settings, including settings such as a new password or wireless settings. You can also use the reset button on the back panel to reset the system to the default conguration.Rebooting the Access PointFor maintenance purposes or as a troubleshooting measure, you can reboot the UAP. To reboot the AP, click the Reboot button on the Conguration page.Upgrading the FirmwareAs new versions of the UAP rmware become available, you can upgrade the rmware on your devices to take advantage of new features and enhancements. The AP uses a TFTP client for rmware upgrades. You can also use HTTP to perform rmware upgrades.After you upload new rmware and the system reboots, the newly added rmware becomes the primary image. If the upgrade fails, the original rmware remains as the primary image. Note: When you upgrade the rmware, the access point retains the existing conguration information.Use the following steps to upgrade the rmware on an access point by using TFTP:1.) Select TFTP for Upload Method.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 82May 2016Section 7 - Maintaining the Access PointFigure 50 - Manage Firmware (TFTP)2.) Enter a name (1 to 63 characters) for the image le in the Image Filename eld, including the path to the directory that contains the image to upload.For example, to upload the ap_upgrade.tar image located in the /share/builds/ap directory, enter /share/builds/ap/ap_upgrade.tar in the Image Filename eld.The rmware upgrade le supplied must be a tar le. Do not attempt to use bin les or les of other formats for the upgrade; these types of les will not work.3.) Enter the Server IP address of the TFTP server. 4.) Click Upgrade.Upon clicking Upgrade for the rmware upgrade, a popup conrmation window is displayed that describes the upgrade process.5.) Click OK to conrm the upgrade and start the process.Note: The rmware upgrade process begins once you click Upgrade and then OK in the pop-up conrmation window.The upgrade process may take several minutes during which time the access point will be unavailable. Do not power down the access point while the upgrade is in process. When the upgrade is complete, the access point restarts. The AP resumes normal operation with the same conguration settings it had before the upgrade.6.) To verify that the rmware upgrade completed successfully, check the rmware version shown on the Upgrade page (or the Basic Settings page). If the upgrade was successful, the updated version name or number is indicated.Use the following steps to upgrade the rmware on an access point by using HTTP:1.) Select HTTP for Upload Method.Figure 51 - Manage Firmware (HTTP)2.) If you know the path to the new rmware image le, enter it in the Image Filename eld. Otherwise, click the Browse button and locate the rmware image le.The rmware upgrade le supplied must be a tar le. Do not attempt to use bin les or les of other formats for the upgrade; these types of les will not work.3.) Click Upgrade to apply the new rmware image.Upon clicking Upgrade for the rmware upgrade, a popup conrmation window is displayed that describes the upgrade process.4.) Click OK to conrm the upgrade and start the process.Note: The rmware upgrade process begins once you click Upgrade and then OK in the popup conrmation window.The upgrade process may take several minutes during which time the access point will be unavailable. Do not power down the access point while the upgrade is in process. When the upgrade is complete, the access point restarts. The AP resumes normal operation with the same conguration settings it had before the upgrade.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 83May 2016Section 7 - Maintaining the Access Point5.) To verify that the rmware upgrade completed successfully, check the rmware version shown on the Upgrade page (or the Basic Settings page). If the upgrade was successful, the updated version name or number is indicated.Packet Capture Conguration and SettingsWireless packet capture operates in two modes:•) Capture le mode.•) Remote capture mode.For capture le mode, captured packets are stored in a le on the Access Point. The AP can transfer the le to a TFTP server. The le is formatted in pcap format and can be examined using tools such as Wireshark and OmniPeek.For remote capture mode, the captured packets are redirected in real time to an external PC running the Wireshark® tool.The AP can capture the following types of packets:•) 802.11 packets received and transmitted on radio interfaces. Packets captured on radio interfaces include the 802.11 header.•) 802.3 packets received and transmitted on the Ethernet interface.•) 802.3 packets received and transmitted on the internal logical interfaces such as VAPs and WDS interfaces.From the Packet Capture Conguration and Settings page, you can:•) View the current packet capture status.•) Congure packet capture parameters.•) Congure packet le capture.•) Congure a remote capture port.•) Download a packet capture le.Figure 52 - Packet Capture Conguration & SettingsPacket Capture StatusPacket Capture Status allows you to view the status of packet capture on the AP.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 84May 2016Section 7 - Maintaining the Access PointFigure 53 - Packet Capture StatusThe following table describes information the packet capture status elds display.Field DescriptionCurrent Capture StatusShows whether packet capture is running or stopped.Packet Capture TimeShows elapsed capture time.Packet Capture File SizeShows the current capture le size.Table 47 - Packet Capture StatusPacket Capture Parameter CongurationPacket Capture Conguration allows you to congure parameters that affect how packet capture functions on the radio interfaces.Figure 54 - Packet Capture CongurationThe following table describes the elds to congure the packet capture.Field DescriptionCapture Beacons Enable to capture the 802.11 beacons detected or transmitted by the radio.Promiscuous CaptureEnable to place the radio in promiscuous mode when the capture is active. In promiscuous mode the radio receives all trafc on the channel, including trafc that is not destined to this AP. While the radio is operating in promiscuous mode, it continues serving associated clients. Packets not destined to the AP are not forwarded. As soon as the capture is completed, the radio reverts to non-promiscuous mode operation.Client Filter Enable Enable to use the WLAN client lter to capture only frames that are transmitted to, or received from a WLAN client with a specied MAC address.Client Filter MAC AddressSpecify a MAC address for WLAN client ltering.Note: The MAC lter is active only when capture is performed on an 802.11 interface.Table 48 - Packet Capture CongurationNote: Changes to packet capture conguration parameters take affect after packet capture is restarted. Modifying the parameters while the packet capture is running doesn’t affect the current packet capture session. In order to begin using new parameter values, an existing packet capture session must be stopped and re-started.Packet File CaptureIn Packet File Capture mode the AP stores captured packets in the RAM le system.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 85May 2016Section 7 - Maintaining the Access PointUpon activation, the packet capture proceeds until one of the following occurs:•) The capture time reaches congured duration.•) The capture le reaches its maximum size.•) The administrator stops the capture.During the capture, you can monitor the capture status, elapsed capture time, and the current capture le size. This information can be updated, while the capture is in progress, by clicking Refresh.Figure 55 - Packet File CaptureThe following table describes the elds to congure the packet capture status.Field DescriptionCapture Interface Select an AP Capture Interface name from the drop-down menu. AP capture interface names are eligible for packet capture are:•) brtrunk - Linux bridge interface in the AP•) eth0 - 802.3 trafc on the Ethernet port.•) wlan0 - VAP0 trafc on radio 1.•) wlan1 - VAP0 trafc on radio 2.•) radio1 - 802.11 trafc on radio 1.•) radio2 - 802.11 trafc on radio 2.Capture Duration Specify the time duration in seconds for the capture (range 10 to 3600).Max Capture File SizeSpecify the maximum allowed size for the capture le in KB (range 64 to 4096).Table 49 - Packet File CaptureRemote Packet CaptureRemote Packet Capture allows you to specify a remote port as the destination for packet captures. This feature works in conjunction with the Wireshark network analyzer tool for Windows. A packet capture server runs on the AP and sends the captured packets via a TCP connection to the Wireshark tool.A Windows PC running the Wireshark tool allows you to display, log, and analyze captured trafc. When the remote capture mode is in use, the AP doesn’t store any captured data locally in its le system.Your can trace up to ve interfaces on the AP at the same time. However, you must start a separate Wireshark session for each interface. You can congure the IP port number used for connecting Wireshark to the AP. The default port number is 2002. The system uses 5 consecutive port numbers starting with the congured port for the packet capture sessions.If a rewall is installed between the Wireshark PC and the AP, these ports must be allowed to pass through the rewall. The rewall must also be congured to allow the Wireshark PC to initiate TCP connection to the AP. To congure Wireshark to use the AP as the source for captured packets, you must specify the remote interface in the “Capture Options” menu. For example to capture packets on an AP with IP address 192.168.1.10 on radio 1 using the default IP port, specify the following interface: rpcap://192.168.1.10/radio1

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 86May 2016Section 7 - Maintaining the Access PointTo capture packets on the Ethernet interface of the AP and VAP0 on radio 1 using IP port 58000, start two Wireshark sessions and specify the following interfaces:rpcap://192.168.1.10:58000/eth0rpcap://192.168.1.10:58000/wlan0When you are capturing trafc on the radio interface, you can disable beacon capture, but other 802.11 control frames are still sent to Wireshark. You can set up a display lter to show only:•) Data frames in the trace.•) Trafc on specic BSSIDs.•) Trafc between two clients.Some examples of useful display lters are:•) Exclude beacons and ACK/RTS/CTS frames:!(wlan.fc.type_subtype == 8 || wlan.fc.type == 1)•) Data frames only: wlan.fc.type == 2•) Trafc on a specic BSSID:wlan.bssid == 00:02:bc:00:17:d0•) All trafc to and from a specic client:wlan.addr == 00:00:e8:4e:5f:8eIn remote capture mode, trafc is sent to the PC running Wireshark via one of the network interfaces. Depending on where the Wireshark tool is located the trafc can be sent on an Ethernet interface or one of the radios. In order to avoid a trafc ood caused by tracing the trace packets, the AP automatically installs a capture lter to lter out all packets destined to the Wireshark application. For example if the Wireshark IP port is congured to be 58000 then the following capture lter is automatically installed on the AP: not portrange 58000-58004.Enabling the packet capture feature impacts performance of the AP and can create a security issue (unauthorized clients may be able to connect to the AP and trace user data). The AP performance is negatively impacted even if there is no active Wireshark session with the AP. The performance is negatively impacted to a greater extent when packet capture is in progress. Due to performance and security issues, the packet capture mode is not saved in NVRAM on the AP; if the AP resets, the capture mode is disabled and the you must re-enable it in order to resume capturing trafc. Packet capture parameters (other than mode) are saved in NVRAM.In order to minimize performance impact on the AP while trafc capture is in progress, you should install capture lters to limit which trafc is sent to the Wireshark tool. When capturing 802.11 trafc, large portion of the captured frames tend to be beacons (typically sent every 100ms by all Access Points). Although Wireshark supports a display lter for beacon frames, it does not support a capture lter to prevent the AP from forwarding captured beacon packets to the Wireshark tool. In order to reduce performance impact of capturing the 802.11 beacons, you can disable the capture beacons mode. The remote packet capture facility is a standard feature of the Wireshark tool for Windows. Note: Remote packet capture is not standard on the Linux version of Wireshark; the Linux version doesn’t work with the AP. Wireshark is an open source tool and is available for free; it can be downloaded from http://www.wireshark.org.Figure 56 - Remote Packet CaptureThe following table describes the elds to congure the packet capture status.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 87May 2016Section 7 - Maintaining the Access PointField DescriptionRemote Capture PortSpecify the remote port to use as the destination for packet captures. (range 1 to 65530).Table 50 - Remote Packet CapturePacket Capture File DownloadPacket Capture File Download allows you to download the capture le by TFTP to a congured TFTP server or by HTTP(S) to a PC. The captured packets are stored in le /tmp/apcapture.pcap on the AP. A capture is automatically stopped when the capture le download command is triggered.Because the capture le is located in the RAM le system, it disappears if the AP is reset. Figure 57 - Packet Capture File DownloadThe following table describes the elds to congure the packet capture status.Field DescriptionUse TFTP to download the capture leSelect or clear this option to determine whether to use TFTP or HTTP(S) to download the capture le:•) To download the le by using TFTP, select this option and complete the additional elds.•) To download the le by using HTTP or HTTPS, clear this option and click Download to browse to the location where the le is to be saved.TFTP Server FilenameWhen using TFTP to download the le, specify a name for the packet capture le, including the .pcap le name extension and the path to the directory where you want to save the le.Server IP When using TFTP to download the le, specify the IP address of the TFTP server.Table 51 - Packet Capture File Download

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 88May 2016Section 8 - Conguring Client Quality of Service (QoS)Section 8 - Conguring Client Quality of Service (QoS)This section describes how to congure QoS settings that affect trafc from the wireless clients to the AP. By using the UAP Client QoS features, you can limit bandwidth and apply ACLs and DiffServ policies to the wireless interface. If a VAP uses WPA Enterprise security to authenticate clients, you can congure the RADIUS server to provide per-client QoS information.This section describes the following features:•) “Conguring VAP QoS Parameters” on page 88•) “Managing Client QoS ACLs” on page 89•) “Creating a DiffServ Class Map” on page 95•) “Creating a DiffServ Policy Map” on page 100•) “Conguring RADIUS-Assigned Client QoS Parameters” on page 102Conguring VAP QoS ParametersThe client QoS features on the UAP provide additional control over certain QoS aspects of wireless clients that connect to the network, such as the amount of bandwidth an individual client is allowed to send and receive. To control general categories of trafc, such as HTTP trafc or trafc from a specic subnet, you can congure ACLs and assign them to one or more VAPs. In addition to controlling general trafc categories, Client QoS allows you to congure per-client conditioning of various micro-ows through Differentiated Services (DiffServ). DiffServ policies are a useful tool for establishing general micro-ow denition and treatment characteristics that can be applied to each wireless client, both inbound and outbound, when it is authenticated on the network. From the VAP QoS Parameters page, you can enable the Client QoS feature, specify client bandwidth limits, and select the ACLs and DiffServ policies to use as default values for clients associated with the VAP when the client does not have their own attributes dened by a RADIUS server.To congure the Client QoS administrative mode and to congure the QoS settings for a VAP, click the VAP QoS Parameters tab.Figure 58 - Congure Client QoS VAP SettingsField DescriptionClient QoS Global Admin ModeEnable or disable Client QoS operation on the AP. Changing this setting will not affect the WMM settings you congure on the QoS page.Radio For dual-radio APs, select Radio 1 or Radio 2 to specify which radio to congure.VAP Specify the VAP that will have the Client QoS settings that you congure. The QoS settings you congure for the selected VAP will not affect clients that access the network through other VAPs.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 89May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionClient QoS Mode Enable or disable QoS operation on the VAP selected in the VAP menu. QoS must be enabled globally (from the Client QoS Global Admin Mode eld) and on the VAP (QoS Mode eld) for the Client QoS settings to be applied to wireless clients.Bandwidth Limit DownEnter the maximum allowed transmission rate from the AP to the wireless client in bits per second. The valid range is 0 – 429496000 bits/sec.The value you enter must be a multiple of 8000 bits/sec, in other words, the value must be n × 8000 bits/sec, where n = 0, 1, 2, 3... If you attempt to set the limit to a value that is not a multiple of 8000 bits/sec, the conguration will be rejected. A value of 0 means that the bandwidth maximum limit is not enforced in this direction.Bandwidth Limit Up Enter the maximum allowed client transmission rate to the AP in bits per second. The valid range is 0 – 4294967295 bps.The value you enter must be n × 8000 bits/sec, where n = 0, 1, 2, 3... If you attempt to set the limit to a value that is not a multiple of 8000 bits/sec, the conguration will be rejected. A value of 0 means that the bandwidth maximum limit is not enforced in this direction.ACL Type Down Select the type of ACL to apply to trafc in the outbound (down) direction, which can be one of the following: •) IPv4: The ACL examines IPv4 packets for matches to ACL rules•) IPv6: The ACL examines IPv6 packets for matches to ACL rules•) MAC: The ACL examines layer 2 frames for matches to ACL rulesACL Name Down Select the name of the ACL applied to trafc in the outbound (down) direction. After switching the packet or frame to the outbound interface, the ACL’s rules are checked for a match. The packet or frame is transmitted if it is permitted, and discarded if it is denied.ACL Type Up Select the type of ACL to apply to trafc in the inbound (up) direction, which can be one of the following: •) IPv4: The ACL examines IPv4 packets for matches to ACL rules•) IPv6: The ACL examines IPv6 packets for matches to ACL rules•) MAC: The ACL examines layer 2 frames for matches to ACL rulesACL Name Up Select the name of the ACL applied to trafc entering the AP in the inbound (up) direction. When a packet or frame is received by the AP, the ACL’s rules are checked for a match. The packet or frame is processed if it is permitted, and discarded if it is denied.DiffServ Policy DownSelect the name of the DiffServ policy applied to trafc from the AP in the outbound (down) direction.DiffServ Policy Up Select the name of the DiffServ policy applied to trafc sent to the AP in the inbound (up) direction.Table 52 - VAP QoS ParametersManaging Client QoS ACLsACLs are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specic resources. ACLs can block any unwarranted attempts to reach network resources. The UAP supports up to 50 IPv4, IPv6, and MAC ACLs.IPv4 and IPv6 ACLsIP ACLs classify trafc for Layers 3 and 4.Each ACL is a set of up to 10 rules applied to trafc sent from a wireless client or to be received by a wireless client. Each rule species whether the contents of a given eld should be used to permit or deny access to the network. Rules can be based on various criteria and may apply to one ore more elds within a packet, such as the source or destination IP address, the source or destination L4 port, or the protocol carried in the packet.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 90May 2016Section 8 - Conguring Client Quality of Service (QoS)MAC ACLsMAC ACLs are Layer 2 ACLs. You can congure the rules to inspect elds of a frame such as the source or destination MAC address, the VLAN ID, or the Class of Service 802.1p priority. When a frame enters or exits the AP port (depending on whether the ACL is applied in the up or down direction), the AP inspects the frame and checks the ACL rules against the content of the frame. If any of the rules match the content, a permit or deny action is taken on the frame. ACL Conguration ProcessCongure ACLs and rules on the Client QoS ACL page (steps 1–5), and then apply the rules to a specied VAP on the AP QoS Parameters page (step 6). Use the following general steps to congure ACLs:1.) Specify a name for the ACL.2.) Select the type of ACL to add.3.) Add the ACL.4.) Add new rules to the ACL.5.) Congure the match criteria for the rules.6.) Apply the ACL to one or more VAPs.For an example of how to congure an ACL, see “ACL Conguration Process” on page 90.To congure an ACL, click the Client QoS ACL tab.The elds to congure ACL rules appear only after you have created an ACL. The following image shows the conguration of a new rule for the IPv4 ACL named acl1. The rule prevents HTTP trafc from all clients in the 192.168.20.0 network from being forwarded.Figure 59 - Congure Client QoS ACL SettingsThe following table describes the elds available on the Client QoS ACL page.Field DescriptionACL CongurationACL Name Enter a name to identify the ACL. The name can contain from 1 – 31 alphanumeric characters. Spaces are not allowed.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 91May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionACL Type Select the type of ACL to congure:•) IPv4•) IPv6•) MACIPv4 and IPv6 ACLs control access to network resources based on Layer 3 and Layer 4 criteria. MAC ACLs control access based on Layer 2 criteria.ACL Rule CongurationACL Name - ACL TypeSelect the ACL to congure with the new rule. The list contains all ACLs added in the ACL Conguration section.Rule To congure a new rule to add to the selected ACL, select New Rule. To add an existing rule to an ACL or to modify a rule, select the rule number. When an ACL has multiple rules, the rules are applied to the packet or frame in the order in which you add them to the ACL. There is an implicit deny all rule as the nal rule.Action Species whether the ACL rule permits or denies an action. •) When you select Permit, the rule allows all trafc that meets the rule criteria to enter or exit the AP (depending on the ACL direction you select). Trafc that does not meet the criteria is dropped.•) When you select Deny, the rule blocks all trafc that meets the rule criteria from entering or exiting the AP (depending on the ACL direction you select). Trafc that does not meet the criteria is forwarded unless this rule is the nal rule. Because there is an implicit deny all rule at the end of every ACL, trafc that is not explicitly permitted is dropped.Match Every Indicates that the rule, which either has a permit or deny action, will match the frame or packet regardless of its contents. If you select this eld, you cannot congure any additional match criteria. The Match Every option is selected by default for a new rule. You must clear the option to congure other match elds.IPv4 ACLProtocol Select the Protocol eld to use an L3 or L4 protocol match condition based on the value of the IP Protocol eld in IPv4 packets or the Next Header eld of IPv6 packets.Once you select the eld, choose the protocol to match by keyword or enter a protocol ID.Select From ListSelect one of the following protocols from the list: •) IP•) ICMP•) IGMP•) TCP•) UDPMatch to ValueTo match a protocol that is not listed by name, enter the protocol ID. The protocol ID is a standard value assigned by the IANA. The range is a number from 0–255.Source IP Address Select this eld to require a packet’s source IP address to match the address listed here. Enter an IP address in the appropriate eld to apply this criteria.Wild Card Mask Species the source IP address wildcard mask.The wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. This eld is required when Source IP Address is checked.A wild card mask is, in essence, the inverse of a subnet mask. For example, To match the criteria to a single host address, use a wildcard mask of 0.0.0.0. To match the criteria to a 24-bit subnet (for example 192.168.10.0/24), use a wild card mask of 0.0.0.255.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 92May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionSource Port Select this eld to include a source port in the match condition for the rule. The source port is identied in the datagram header.Once you select the eld, choose the port name or enter the port number.Select From ListSelect the keyword associated with the source port to match:•) ftp•) ftpdata•) http•) smtp•) snmp•) telnet•) tftp•) wwwEach of these keywords translates into its equivalent port number.Match to PortEnter the IANA port number to match to the source port identied in the datagram header. The port range is 0 – 65535 and includes three different types of ports:•) 0 – 1023: Well Known Ports•) 1024 – 49151: Registered Ports•) 49152 – 65535: Dynamic and/or Private PortsDestination IP AddressSelect this eld to require a packet’s destination IP address to match the address listed here. Enter an IP address in the appropriate eld to apply this criteria.Wild Card Mask Species the destination IP address wildcard mask.The wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. This eld is required when Source IP Address is checked.A wild card mask is in essence the inverse of a subnet mask. For example, To match the criteria to a single host address, use a wildcard mask of 0.0.0.0. To match the criteria to a 24-bit subnet (for example 192.168.10.0/24), use a wild card mask of 0.0.0.255.Destination Port Select this eld to include a destination port in the match condition for the rule. The destination port is identied in the datagram header.Once you select the eld, choose the port name or enter the port number.Select From ListSelect the keyword associated with the destination port to match:•) ftp•) ftpdata•) http•) smtp•) snmp•) telnet•) tftp•) wwwEach of these keywords translates into its equivalent port number.Match to PortEnter the IANA port number to match to the destination port identied in the datagram header. The port range is 0 – 65535 and includes three different types of ports:•) 0 – 1023: Well Known Ports•) 1024 – 49151: Registered Ports•) 49152 – 65535: Dynamic and/or Private PortsIP DSCP To use IP DSCP as a match criteria, select the check box and select a DSCP value keyword or enter a DSCP value to match. You can select only one service type (DSCP, IP Precedence or TOS bits) to use for match criteria.Select from List Select from a list of DSCP types. Match to Value Enter a DSCP Value to match (0 – 63).

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 93May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionIP Precedence Select this option and enter a value to use the packet’s IP Precedence value in the IP header as match criteria. You can select only one service type (DSCP, IP Precedence or TOS bits) to use for match criteria.The IP Precedence range is 0 – 7.IP TOS Bits Select this option and enter a value to use the packet’s Type of Service bits in the IP header as match criteria. You can select only one service type (DSCP, IP Precedence or TOS bits) to use for match criteria.The IP TOS eld in a packet is dened as all eight bits of the Service Type octet in the IP header. The TOS Bits value is a two-digit hexadecimal number from 00 to ff. The high-order three bits represent the IP precedence value. The high-order six bits represent the IP Differentiated Services Code Point (DSCP) value.IP TOS Mask Enter an IP TOS mask value to identify the bit positions in the TOS Bits value that are used for comparison against the IP TOS eld in a packet. The TOS Mask value is a two-digit hexadecimal number from 00 to ff, representing an inverted (i.e. wildcard) mask. The zero-valued bits in the TOS Mask denote the bit positions in the TOS Bits value that are used for comparison against the IP TOS eld of a packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most signicant, use a TOS Bits value of a0 and a TOS Mask of 00. This is an optional conguration.IPv6 ACLProtocol Select the Protocol eld to use an L3 or L4 protocol match condition based on the value of the IP Protocol eld in IPv4 packets or the Next Header eld of IPv6 packets.Once you select the eld, choose the protocol to match by keyword or enter a protocol ID.Select From ListSelect one of the following protocols from the list: •) IP•) ICMP•) IPv6•) ICMPv6•) IGMP•) TCP•) UDPMatch to ValueTo match a protocol that is not listed by name, enter the protocol ID. The protocol ID is a standard value assigned by the IANA. The range is a number from 0–255.Source IPv6 AddressSelect this eld to require a packet’s source IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate eld to apply this criteria.Source IPv6 Prex LengthEnter the prex length of the source IPv6 address.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 94May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionSource Port Select this option to include a source port in the match condition for the rule. The source port is identied in the datagram header.Once you select the eld, choose the port name or enter the port number.Select From ListSelect the keyword associated with the source port to match:•) ftp•) ftpdata•) http•) smtp•) snmp•) telnet•) tftp•) wwwEach of these keywords translates into its equivalent port number.Match to PortEnter the IANA port number to match to the source port identied in the datagram header. The port range is 0 – 65535 and includes three different types of ports:•) 0 – 1023: Well Known Ports•) 1024 – 49151: Registered Ports•) 49152 – 65535: Dynamic and/or Private PortsDestination IPv6 AddressSelect this eld to require a packet’s destination IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate eld to apply this criteria.Destination IPv6 Prex LengthEnter the prex length of the destination IPv6 address.Destination Port Select this option to include a destination port in the match condition for the rule. The destination port is identied in the datagram header.Once you select the eld, choose the port name or enter the port number.Select From ListSelect the keyword associated with the destination port to match:•) ftp•) ftpdata•) http•) smtp•) snmp•) telnet•) tftp•) wwwEach of these keywords translates into its equivalent port number.Match to PortEnter the IANA port number to match to the destination port identied in the datagram header. The port range is 0 – 65535 and includes three different types of ports:•) 0 – 1023: Well Known Ports•) 1024 – 49151: Registered Ports•) 49152 – 65535: Dynamic and/or Private PortsIPv6 Flow Label Flow label is 20-bit number that is unique to an IPv6 packet. It is used by end stations to signify quality-of-service handling in routers (range 0 to 1048575).IPv6 DSCP To use IPv6 DSCP as a match criteria, select the check box and select a DSCP value keyword or enter a DSCP value to match. You can select only one service type (DSCP, IP Precedence or TOS bits) to use for match criteria.Select from List Select from a list of DSCP types. Match to Value Enter a DSCP Value to match (0 – 63).MAC ACL

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 95May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionEtherType Select the EtherType eld to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria.Select from List SelectSelect one of the following protocol types:•) appletalk•) arp•) ipv4•) ipv6•) ipx•) netbios•) pppoeMatch to ValueEnter a custom protocol identier to which packets are matched. The value is a four-digit hexadecimal number in the range of 0600 – FFFF.Class of Service Select this eld and enter an 802.1p user priority to compare against an Ethernet frame.The valid range is 0 – 7. This eld is located in the rst/only 802.1Q VLAN tag.Source MAC AddressSelect this eld and enter the source MAC address to compare against an Ethernet frame.Source MAC Mask Select this eld and enter the source MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame.A 0 indicates that the address bit is signicant, and an f indicates that the address bit is to be ignored. A MAC mask of 00:00:00:00:00:00 matches a single MAC address.Destination MAC AddressSelect this eld and enter the destination MAC address to compare against an Ethernet frame.Destination MAC MaskEnter the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame. A 0 indicates that the address bit is signicant, and an f indicates that the address bit is to be ignored. A MAC mask of 00:00:00:00:00:00 matches a single MAC address.VLAN ID Select this eld and enter the VLAN IDs to compare against an Ethernet frame. This eld is located in the rst/only 802.1Q VLAN tag.Table 53 - ACL CongurationAfter you set the desired rule criteria, click Apply. To delete an ACL, select the Delete ACL option and click Apply. Creating a DiffServ Class MapThe Client QoS feature contains Differentiated Services (DiffServ) support that allows trafc to be classied into streams and given certain QoS treatment in accordance with dened per-hop behaviours.Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, such as e-mail and le transfer, a slight degradation in service is acceptable and in many cases unnoticeable. However, on applications with strict timing requirements, such as voice or multimedia, any degradation of service has undesirable effects.By classifying the trafc and creating policies that dene how to handle these trafc classes, you can make sure that time-sensitive trafc is given precedence over other trafc.The UAP supports up to 50 Class Maps.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 96May 2016Section 8 - Conguring Client Quality of Service (QoS)Dening DiffServTo use DiffServ for Client QoS, use the Class Map and Policy Map pages to dene the following categories and their criteria:•) Class: create classes and dene class criteria •) Policy: create policies, associate classes with policies, and dene policy statements Once you dene the class and associate it with a policy, apply the policy to a specied VAP on the VAP QoS Parameters page.Packets are classied and processed based on dened criteria. The classication criteria is dened by a class. The processing is dened by a policy’s attributes. Policy attributes may be dened on a per-class instance basis, and it is these attributes that are applied when a match occurs. A policy can contain multiple classes. When the policy is active, the actions taken depend on which class matches the packet.Packet processing begins by testing the class match criteria for a packet. A policy is applied to a packet when a class match within that policy is found. DiffServ is supported for IPv4 and IPv6 packets.Use the Class Map page to add a new Diffserv class name, or to rename or delete an existing class, and dene the criteria to associate with the DiffServ class.To congure a DiffServ Class Map, click the Class Map tab.Note: The Class Map page displays the Match Criteria Conguration elds only if a Class Map has been created. To create a Class Map, enter a name in the Class Map Name eld and click Add Class Map.Figure 60 - Congure Client QoS DiffServ Class Map SettingsField DescriptionClass Map CongurationClass Map Name Enter a Class Map Name to add. The name can range from 1 to 31 alphanumeric characters.Match Layer 3 ProtocolSpecify whether to classify IPv4 or IPv6 packets.Match Criteria Conguration

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 97May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionClass Map Name Select name of the class to congure.Use the elds in the Match Criteria Conguration area to match packets to a class. Select the check box for each eld to be used as a criterion for a class and enter data in the related eld. You can have multiple match criteria in a class.Note: The match criteria elds that are available depend on whether the class map is an IPv4 or IPv6 class map.Match Every Select Match Every to specify that the match condition is true to all the parameters in an L3 packet. All L3 packets will match an Match Every match condition.Protocol Select the Protocol eld to use an L3 or L4 protocol match condition based on the value of the IP Protocol eld in IPv4 packets or the Next Header eld of IPv6 packets.Once you select the eld, choose the protocol to match by keyword or enter a protocol ID.Select From ListSelect one of the following protocols from the list: •) IP•) ICMP•) IPv6•) ICMPv6•) IGMP•) TCP•) UDPMatch to ValueTo match a protocol that is not listed by name, enter the protocol ID. The protocol ID is a standard value assigned by the IANA. The range is a number from 0 – 255.IPv4 Class MapsSource IP Address Select this eld to require a packet’s source IP address to match the address listed here. Enter an IP address in the appropriate eld to apply this criteria.Source IP Mask Enter the source IP address mask.The mask for DiffServ is a network-style bit mask in IP dotted decimal format indicating which part(s) of the destination IP Address to use for matching against packet content.A DiffServ mask of 255.255.255.255 indicates that all bits are important, and a mask of 0.0.0.0 indicates that no bits are important. The opposite is true with an ACL wild card mask. For example, to match the criteria to a single host address, use a DiffServ mask of 255.255.255.255. To match the criteria to a 24-bit subnet (for example 192.168.10.0/24), use a mask of 255.255.255.0.Destination IP AddressSelect this eld to require a packet’s destination IP address to match the address listed here. Enter an IP address in the appropriate eld to apply this criteria.Destination IP Mask Enter the destination IP address mask.The mask for DiffServ is a network-style bit mask in IP dotted decimal format indicating which part(s) of the destination IP Address to use for matching against packet content.A DiffServ mask of 255.255.255.255 indicates that all bits are important, and a mask of 0.0.0.0 indicates that no bits are important. The opposite is true with an ACL wild card mask. For example, to match the criteria to a single host address, use a DiffServ mask of 255.255.255.255. To match the criteria to a 24-bit subnet (for example 192.168.10.0/24), use a mask of 255.255.255.0.IPv6 Class MapsSource IPv6 AddressSelect this eld to require a packet’s source IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate eld to apply this criteria.Source IPv6 Prex LengthEnter the prex length of the source IPv6 address.Destination IPv6 AddressSelect this eld to require a packet’s destination IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate eld to apply this criteria.Destination IPv6 Prex LengthEnter the prex length of the destination IPv6 address.IPv6 Flow Label Flow label is 20-bit number that is unique to an IPv6 packet. It is used by end stations to signify quality-of-service handling in routers (range 0 to 1048575).

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 98May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionIP DSCP To use IP DSCP as a match criteria, select the check box and select a DSCP value keyword or enter a DSCP.Select from List Select from a list of DSCP types. Match to Value Enter a DSCP Value to match (0 – 63).IPv4 and IPv6 Class MapsSource Port Select this eld to include a source port in the match condition for the rule. The source port is identied in the datagram header.Once you select the eld, choose the port name or enter the port number.Select From ListSelect the keyword associated with the source port to match:•) ftp•) ftpdata•) http•) smtp•) snmp•) telnet•) tftp•) wwwEach of these keywords translates into its equivalent port number.Match to PortEnter the IANA port number to match to the source port identied in the datagram header. The port range is 0 – 65535 and includes three different types of ports:•) 0 – 1023: Well Known Ports•) 1024 – 49151: Registered Ports•) 49152 – 65535: Dynamic and/or Private PortsDestination Port Select this eld to include a destination port in the match condition for the rule. The destination port is identied in the datagram header.Once you select the eld, choose the port name or enter the port number.Select From ListSelect the keyword associated with the destination port to match:•) ftp•) ftpdata•) http•) smtp•) snmp•) telnet•) tftp•) wwwEach of these keywords translates into its equivalent port number.Match to PortEnter the IANA port number to match to the destination port identied in the datagram header. The port range is 0 – 65535 and includes three different types of ports:•) 0 – 1023: Well Known Ports•) 1024 – 49151: Registered Ports•) 49152 – 65535: Dynamic and/or Private Ports

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 99May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionEtherType Select the EtherType eld to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria.Select from List SelectSelect one of the following protocol types:•) appletalk•) arp•) ipv4•) ipv6•) ipx•) netbios•) pppoeMatch to ValueEnter a custom protocol identier to which packets are matched. The value is a four-digit hexidecimal number in the range of 0600 – FFFF.Class of Service Select the eld and enter a class of service 802.1p user priority value to be matched for the packets. The valid range is 0 – 7.Source MAC AddressSelect this eld and enter the source MAC address to compare against an Ethernet frame.Source MAC Mask Enter the source MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame.An f indicates that the address bit is signicant, and a 0 indicates that the address bit is to be ignored. A MAC mask of ff:ff:ff:ff:ff:ff matches a single MAC address.Destination MAC AddressSelect this eld and enter the destination MAC address to compare against an Ethernet frame.Destination MAC MaskEnter the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame.An f indicates that the address bit is signicant, and a 0 indicates that the address bit is to be ignored. A MAC mask of ff:ff:ff:ff:ff:ff matches a single MAC address.VLAN ID Select the eld and enter a VLAN ID to be matched for packets. The VLAN ID range is 0 – 4095.IPv4 Class MapsService Type You can specify one type of service to use in matching packets to class criteria.IP DSCP To use IP DSCP as a match criteria, select the check box and select a DSCP value keyword or enter a DSCP.Select from List Select from a list of DSCP types. Match to Value Enter a DSCP Value to match (0 – 63).IP Precedence Select this eld to match the packet’s IP Precedence value to the class criteria IP Precedence value. The IP Precedence range is 0 – 7.IP TOS Bits Select this eld and enter a value to use the packet’s Type of Service bits in the IP header as match criteria. The TOS bit value ranges between (00 – FF). The high-order three bits represent the IP precedence value. The high-order six bits represent the IP Differentiated Services Code Point (DSCP) value.IP TOS Mask Enter an IP TOS mask value to perform a boolean AND with the TOS eld in the header of the packet and compared against the TOS entered for this rule. The TOS Mask can be used to compare specic bits (Precedence/Type of Service) from the TOS eld in the IP header of a packet against the TOS value entered for this rule. (00 – FF).Delete Class Map Check to delete the class map selected in the Class Map Name menu. The class map cannot be deleted if it is already attached to a policy.Table 54 - DiffServ Class MapTo delete a Class Map, select the Delete Class Map option and click Apply.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 100May 2016Section 8 - Conguring Client Quality of Service (QoS)Creating a DiffServ Policy MapUse the Policy Map page to create DiffServ policies and to associate a collection of classes with one or more policy statements.The UAP supports up to 50 Policy Maps.Packets are classied and processed based on dened criteria. The classication criteria is dened by a class on the Class Map page. The processing is dened by a policy’s attributes on the Policy Map page. Policy attributes may be dened on a per-class instance basis, and it is these attributes that are applied when a match occurs. A Policy Map can contain up to 10 Class Maps. When the policy is active, the actions taken depend on which class matches the packet.Packet processing begins by testing the class match criteria for a packet. A policy is applied to a packet when a class match within that policy is found.To create a DiffServ policy, click the Policy Map tab.Figure 61 - Congure Client QoS DiffServ Policy Map SettingsField DescriptionPolicy Map Name Enter then name of the policy map to add. The name can contain up to 31 alphanumeric characters.Policy Map Name (Policy Class Denition)Select the policy to associate with a member class.Class Map Name (Policy Class Denition)Select the member class to associate with this policy name.Police Simple Select this option to establish the trafc policing style for the class. The simple form of the policing style uses a single data rate and burst size, resulting in two outcomes: conform and non-conform.Committed RateEnter the committed rate, in Kbps, to which trafc must conform.Committed BurstEnter the committed burst size, in bytes, to which trafc must conform.Send Select Send to specify that all packets for the associated trafc stream are to be forwarded if the class map criteria is met.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 101May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionDrop Select Drop to specify that all packets for the associated trafc stream are to be dropped if the class map criteria is met.Mark Class of ServiceSelect this eld to mark all packets for the associated trafc stream with the specied class of service value in the priority eld of the 802.1p header. If the packet does not already contain this header, one is inserted. The CoS value is an integer from 0 – 7.Mark IP DSCP Select this eld to mark all packets for the associated trafc stream with the IP DSCP value you select from the list or specify. Select from List Select from a list of DSCP types. Match to Value Enter a DSCP Value to match (0 – 63).Mark IP Precedence Select this eld to mark all packets for the associated trafc stream with the specied IP Precedence value. The IP Precedence value is an integer from 0 – 7.Disassociate Class MapSelect this option and click Apply to remove the class selected in the Class Map Name menu from the policy selected in the Policy Map Name menu.Member Classes Lists all DiffServ classes currently dened as members of the selected policy. If no class is associated with the policy, the eld is empty.Delete Policy Map Select this eld to delete the policy map showing in the Policy Map Name menu.Table 55 - DiffServ Policy MapTo delete a Policy Map, select the Delete Policy Map option and click Apply. Client QoS StatusThe Client QoS Status page shows the client QoS settings that are applied to each client currently associated with the AP.To view QoS settings for an associated client, click the Client QoS Status tab.Figure 62 - QoS Conguration Status For Associated ClientsField DescriptionStation The Station menu contains the MAC address of each client currently associated with the AP. To view the QoS settings applied to a client, select its MAC address from the list.Global QoS Mode Shows the current Client QoS Global Admin Mode on the AP.Client QoS Mode Shows whether the QOS mode for the selected client is enabled or disabled. Note: For the Qos Mode to be enabled on a client, it must be globally enabled on the AP and enabled on the VAP the client is associated with. Use the VAP QoS Parameters page to enable the QoS Global Admin mode and the per-VAP QoS Mode.Bandwidth Limit Up Shows the maximum allowed transmission rate from the client to the AP in bits per second (bps). The valid range is 0 – 4294967295 bps.Bandwidth Limit DownShows the maximum allowed transmission rate from the AP to the client in bits per second (bps). The valid range is 0 – 4294967295 bps.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 102May 2016Section 8 - Conguring Client Quality of Service (QoS)Field DescriptionACL Type Up Shows the type of ACL that is applied to trafc in the inbound (client-to-AP) direction, which can be one of the following: •) IPv4: The ACL examines IPv4 packets for matches to ACL rules.•) IPv6: The ACL examines IPv6 packets for matches to ACL rules.•) MAC: The ACL examines layer 2 frames for matches to ACL rules.ACL Name Up Shows the name of the ACL applied to trafc entering the AP in the inbound direction. When a packet or frame is received by the AP, the ACL’s rules are checked for a match. The packet or frame is processed if it is permitted and discarded if it is denied.ACL Type Down Shows the type of ACL to apply to trafc in the outbound (AP-to-client) direction, which can be one of the following: •) IPv4: The ACL examines IPv4 packets for matches to ACL rules.•) IPv6: The ACL examines IPv6 packets for matches to ACL rules•) MAC: The ACL examines layer 2 frames for matches to ACL rulesACL Name Down Shows the name of the ACL applied to trafc in the outbound direction. After switching the packet or frame to the outbound interface, the ACL’s rules are checked for a match. The packet or frame is transmitted if it is permitted and discarded if it is denied.DiffServ Policy Up Shows the name of the DiffServ policy applied to trafc sent to the AP in the inbound (client-to-AP) direction.DiffServ Policy DownShows the name of the DiffServ policy applied to trafc from the AP in the outbound (AP-to-client) direction.Table 56 - Client QoS StatusConguring RADIUS-Assigned Client QoS ParametersIf a VAP is congured to use WPA Enterprise security, you can include client QoS information in the client database on the RADIUS server. When a client successfully authenticates, the RADIUS server can include bandwidth limits and identify the ACLs and DiffServ policies to apply to the specic wireless client. ACLs and DiffServ policies referenced in the RADIUS client database must match the names of the ACLs and DiffServ policies congured on the AP to be successfully applied to the wireless clients.The following table describes the QoS attributes that can be included in the client’s RADIUS server entry. If a wireless client successfully authenticates using WPA Enterprise, each QoS RADIUS attribute that exists for the client is sent to the AP for processing. The attributes are optional and do not need to be present in the client entry. If the attribute is not present, the Client QoS setting on the AP is used.RADIUS AttributeID Description Type/RangeVendor-Specic (26), WISPr-Bandwidth-Max-Down14122,8 Maximum allowed client reception rate from the AP in bits per second. If nonzero, the specied value is rounded down to the nearest 64 Kbps value when used in the AP (64 Kbps minimum). If zero, bandwidth limiting is not enforced for the client in this direction.Type: integer32-bit unsigned integer value (0-4294967295)Vendor-Specic (26), WISPr-Bandwidth-Max-Up14122,7 Maximum allowed client transmission rate to the AP in bits per second. If nonzero, the specied value is rounded down to the nearest 64 Kbps value when used in the AP (64 Kbps minimum). If zero, bandwidth limiting is not enforced for the client in this direction.Type: integer32-bit unsigned integer value (0-4294967295)Vendor-Specic (26), LVL7-Wireless-Client-ACL-Dn6132,120 Access list identier to be applied to 802.1X authenticated wireless client trafc in the outbound (down) direction.If this attribute refers to an ACL that does not exist on the AP, all packets for this client will be dropped until the ACL is dened.Type: string5-36 characters (not null-terminated)The string is of the form “type:name” where: type = ACL type identier: IPV4, IPV6, MAC: = required separator charactername = 1-31 alphanumeric characters, specifying the ACL number (IPV4) or name (IPV6, MAC)

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 103May 2016Section 8 - Conguring Client Quality of Service (QoS)RADIUS AttributeID Description Type/RangeVendor-Specic (26), LVL7-Wireless-Client-ACL-Up6132,121 Access list identier to be applied to 802.1X authenticated wireless client trafc in the inbound (up) direction.If this attribute refers to an ACL that does not exist on the AP, all packets for this client will be dropped until the ACL is dened.Type: string5-36 characters (not null-terminated) The string is of the form “type:name” where: type = ACL type identier: IPV4, IPV6, MAC: = required separator charactername = 1-31 alphanumeric characters, specifying the ACL number (IPV4) or name (IPV6, MAC)Vendor-Specic (26), LVL7-Wireless-Client-Policy-Dn6132,122 Name of DiffServ policy to be applied to 802.1X authenticated wireless client trafc in the outbound (down) direction.If this attribute refers to a policy name that does not exist on the AP, all packets for this client will be dropped until the DiffServ policy is dened.Type: string1-31 characters (not null-terminated)Vendor-Specic (26), LVL7-Wireless-Client-Policy-Up6132,123 Name of DiffServ policy to be applied to 802.1X authenticated wireless client trafc in the inbound (up) direction.If this attribute refers to a policy name that does not exist on the AP, all packets for this client will be dropped until the DiffServ policy is dened.Type: string1-31 characters (not null-terminated)Table 57 - Client QoS RADIUS Attributes

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 104May 2016Section 9 - Clustering Multiple APsSection 9 - Clustering Multiple APsThe UAP supports AP clusters. A cluster provides a single point of administration and lets you view, deploy, congure, and secure the wireless network as a single entity rather than a series of separate wireless devices. Managing Cluster Access Points in the ClusterThe AP cluster is a dynamic, conguration-aware group of APs in the same subnet of a network. Each cluster can have up to 8 members. Only one cluster per wireless network is supported; however, a network subnet can have multiple clusters. Clusters can share various conguration information, such as VAP settings and QoS queue parameters.A cluster can be formed between two APs if the following conditions are met:•) The APs are identical models.•) The APs are connected on the same bridged segment.•) The APs joining the cluster have the same Cluster Name.•) Clustering mode is enabled on both APs.Note: For two APs to be in the same cluster, they do not need to have the same number of radios; however, the supported capabilities of the radios should be same.Note: DWL-6700AP doesn’t support clustering. Clustering APsOnly identical models may be clustered together. For example, the DWL-2600AP can only form a cluster with other DWL-2600APs.Viewing and Conguring Cluster MembersThe Access Points page allows you to start or stop clustering on an AP, view the cluster members, and congure the location and cluster name for a cluster member. From the Access Points page, you can also click the IP address of each cluster member to navigate to conguration settings and data on an access point in the cluster. To view information about cluster members and to congure the location and cluster of an individual member, click the Access Points tab.The following gure shows the Cluster > Access Points page when clustering is not enabled.Figure 63 - Manage Access Points In The Cluster (Passive)The following gure shows the Cluster > Access Points page when clustering is enabled and two access points are in the cluster.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 105May 2016Section 9 - Clustering Multiple APsFigure 64 - Manage Access Points In The Cluster (Active)If clustering is currently disabled on the AP, the Start Clustering button is visible. If clustering is enabled, the Stop Clustering button is visible. You can edit the clustering option information when clustering is disabled.The following table describes the conguration and status information available on the cluster Access Points page.Field DescriptionStatus If the status eld is visible, then the AP is enabled for clustering. If clustering is not enabled, then the AP is operating in stand-alone mode and none of the information in this table is visible. To disable clustering on the AP, click Stop Clustering.Location Description of where the access point is physically located.MAC Address Media Access Control (MAC) address of the access point.The address shown here is the MAC address for the bridge (br0). This is the address by which the AP is known externally to other networks.IP Address Species the IP address for the access point. Each IP address is a link to the Administration Web pages for that access point. You can use the links to navigate to the Administration Web pages for a specic access point. This is useful for viewing data on a specic access point to make sure a cluster member is picking up cluster conguration changes, to congure advanced settings on a particular access point, or to switch a standalone access point to cluster mode.Table 58 - Access Points in the ClusterThe following table describes the cluster information to congure for an individual member. The clustering options are read-only when clustering is enabled. To congure the clustering options, you must stop clustering.Field DescriptionLocation Enter a description of where the access point is physically located.Cluster Name Enter the name of the cluster for the AP to join.The cluster name is not sent to other APs in the cluster. You must congure the same cluster name on each AP that is a member of the cluster. The cluster name must be unique for each cluster you congure on the network.Clustering IP VersionSpecify the IP version that the APs in the cluster use to communicate with each other.Table 59 - Cluster Options

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 106May 2016Section 9 - Clustering Multiple APsRemoving an Access Point from the ClusterTo remove an access point from the cluster, do the following.1.) Go to the Administration Web pages for the clustered access point. The Administration Web pages for the standalone access point are displayed.2.) Click the Cluster > Access Points link in the Administration pages.3.) Click Stop Clustering.4.) The change will be reected under Status for that access point; the access point will now show as stand-alone (instead of cluster).Adding an Access Point to a ClusterTo add an access point that is currently in standalone mode back into a cluster, do the following.1.) Go to the Administration Web pages for the standalone access point.2.) Click the Cluster > Access Points link in the Administration pages for the stand-alone access point.The Access Points page for a standalone access point indicates that the current mode is standalone.3.) Type the name or location of the AP in the Location eld to identify the AP within the cluster.4.) Type the name of the cluster for the AP to join in the Cluster Name eld.5.) Click Start Clustering.6.) The access point is now a cluster member. Its Status (Mode) on the Cluster > Access Points page now indicates Cluster instead of Not Clustered.Navigating to Conguration Information for a Specic APIn general, the UAP is designed for central management of clustered access points. For access points in a cluster, all access points in the cluster reect the same conguration. In this case, it does not matter which access point you actually connect to for administration.There may be situations, however, when you want to view or manage information on a particular access point. For example, you might want to check status information such as client associations or events for an access point. In this case, you can navigate to the Administration Web interface for individual access points by clicking the IP address links on the Access Points page.All clustered access points are shown on the Cluster > Access Points page. To navigate to clustered access points, you can simply click on the IP address for a specic cluster member shown in the list.Navigating to an AP by Using its IP Address in a URLYou can also link to the Administration Web pages of a specic access point, by entering the IP address for that access point as a URL directly into a Web browser address bar in the following form:http://IPAddressOfAccessPointwhere IPAddressOfAccessPoint is the address of the particular access point you want to monitor or congure.Managing Cluster SessionsThe Sessions page shows information about client stations associated with access points in the cluster. Each client is identied by its MAC address, along with the AP (location) to which it is currently connected.To view a particular statistic for client sessions, select an item from the Display drop-down list and click Go. You can view information about idle time, data rate, signal strength and so on; all of which are described in detail in the table below.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 107May 2016Section 9 - Clustering Multiple APsA session in this context is the period of time in which a user on a client device (station) with a unique MAC address maintains a connection with the wireless network. The session begins when the client logs on to the network, and the session ends when the client either logs off intentionally or loses the connection for some other reason.Note: A session is not the same as an association, which describes a client connection to a particular access point. A client network connection can shift from one clustered AP to another within the context of the same session. A client station can roam between APs and maintain the session.To manage sessions associated with the cluster, click Cluster > Sessions.Figure 65 - Manage Sessions Associated With The ClusterDetails about the session information shown is described in the following table.Field DescriptionAP Location Indicates the location of the access point.This is derived from the location description specied on the Basic Settings page.User MAC Indicates the MAC address of the wireless client device.A MAC address is a hardware address that uniquely identies each node of a network.Idle Indicates the amount of time this station has remained inactive.A station is considered to be idle when it is not receiving or transmitting data.Rate The speed at which this access point is transferring data to the specied client.The data transmission rate is measured in megabits per second (Mbps).This value should fall within the range of the advertised rate set for the mode in use on the access point. For example, 6 to 54 Mbps for 802.11a.Signal Indicates the strength of the radio frequency (RF) signal the client receives from the access point.The measure used for this is a value known as Received Signal Strength Indication (RSSI), and will be a value between 0 and 100.RSSI is determined by a mechanism implemented on the network interface card (NIC) of the client station.Rx Total Indicates number of total packets received by the client during the current session.Tx Total Indicates number of total packets transmitted to the client during this session.Error Rate Indicates the percentage of time frames are dropped during transmission on this access point.Table 60 - Session ManagementSorting Session InformationTo sort the information shown in the tables by a particular indicator, click the column label by which you want to order things. For example, if you want to see the table rows ordered by signal strength, click the Signal column label. The entries will be sorted by signal strength.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 108May 2016Section 9 - Clustering Multiple APsConguring and Viewing Channel Management SettingsWhen Channel Management is enabled, the UAP automatically assigns radio channels used by clustered access points. The automatic channel assignment reduces mutual interference (or interference with other access points outside of its cluster) and maximizes Wi-Fi bandwidth to help maintain the efciency of communication over the wireless network.You must start channel management to get automatic channel assignments; it is disabled by default on a new AP.At a specied interval, the Channel Manager maps APs to channel use and measures interference levels in the cluster. If signicant channel interference is detected, the Channel Manager automatically re-assigns some or all of the APs to new channels per an efciency algorithm (or automated channel plan). If the Channel Manager determines that a change is necessary, that information is sent to all members of the cluster and a syslog message is generated indicating the sender AP, new and old channel assignments.The Channel Management page shows previous, current, and planned channel assignments for clustered access points. By default, automatic channel assignment is disabled. You can start channel management to optimize channel usage across the cluster on a scheduled interval.To congure and view the channel assignments for the cluster members, click the Channel Management tab.Figure 66 - Automatically Manage Channel AssignmentsFrom this page, you can view channel assignments for all APs in the cluster and stop or start automatic channel management. By using the Advanced settings on the page, you can modify the interference reduction potential that triggers channel re-assignment, change the schedule for automatic updates, and re-congure the channel set used for assignments.Stopping/Starting Automatic Channel AssignmentBy default, automatic channel assignment is disabled (off).Note: Channel Management overrides the default cluster behavior, which is to synchronize radio channels of all APs across a cluster. When Channel Management is enabled, the radio Channel is not synced across the cluster to other APs. •) Click Start to resume automatic channel assignment.When automatic channel assignment is enabled, the Channel Manager periodically maps radio channels used by clustered access points and, if necessary, re-assigns channels on clustered APs to reduce interference (with cluster members or other APs outside the cluster).•) Click Stop to stop automatic channel assignment. (No channel usage maps or channel re-assignments will be made. Only manual updates will affect the channel assignment.)

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 109May 2016Section 9 - Clustering Multiple APsViewing Current Channel Assignments and Setting LocksThe Current Channel Assignments section shows a list of all access points in the cluster by IP Address. The display shows the band on which each AP is broadcasting (a/b/g/n), the current channel used by each AP, and an option to lock an AP on its current radio channel so that it cannot be re-assigned to another. The following table provides details about Current Channel Assignments.Field DescriptionIP Address Species the IP Address for the access point.Radio Identies the MAC address of the radio.Band Indicates the band on which the access point is broadcasting.Current Indicates the radio Channel on which this access point is currently broadcasting.Status Shows whether the radio is up (on) or down (off).Locked Click Locked to force the access point to remain on the current channel.When Locked is selected (enabled) for an access point, automated channel management plans will not re-assign the AP to a different channel as a part of the optimization strategy. Instead, APs with locked channels will be factored in as requirements for the plan.If you click Apply, you will see that locked APs show the same channel for the Current Channel and Proposed Channel elds. Locked APs will keep their current channels.Table 61 - Channel AssignmentsViewing the Last Proposed Set of ChangesThe Proposed Channel Assignments shows the last channel plan. The plan lists all access points in the cluster by IP Address, and shows the current and proposed channels for each AP. Locked channels will not be re-assigned and the optimization of channel distribution among APs will take into account the fact that locked APs must remain on their current channels. APs that are not locked may be assigned to different channels than they were previously using, depending on the results of the plan.Field DescriptionIP Address Species the IP Address for the access point.Radio Indicates the radio channel on which this access point is currently broadcasting.Proposed Channel Indicates the radio channel to which this access point would be re-assigned if the Channel Plan is executed.Table 62 - Last Proposed ChangesConguring Advanced SettingsThe advanced settings allow you to customize and schedule the channel plan for the cluster. If you use Channel Management as provided (without updating Advanced Settings), channels are automatically ne-tuned once every hour if interference can be reduced by 25 percent or more. Channels will be re-assigned even if the network is busy. The appropriate channel sets will be used (b/g for APs using IEEE 802.11b/g and a for APs using IEEE 802.11a).The default settings are designed to satisfy most scenarios where you would need to implement channel management.Use Advanced Settings to modify the interference reduction potential that triggers channel re-assignment, change the schedule for automatic updates, and re-congure the channel set used for assignments. If there are no elds showing in the Advanced section, click the toggle button to display the settings that modify timing and details of the channel planning algorithm.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 110May 2016Section 9 - Clustering Multiple APsField DescriptionChange channels if interference is reduced by at leastSpecify the minimum percentage of interference reduction a proposed plan must achieve in order to be applied. The default is 75 percent.Use the drop-down menu to choose percentages ranging from 5 percent to 75 percent.This setting lets you set a gating factor for channel re-assignment so that the network is not continually disrupted for minimal gains in efciency.For example, if channel interference must be reduced by 75 percent and the proposed channel assignments will only reduce interference by 30 percent, then channels will not be re-assigned. However; if you re-set the minimal channel interference benet to 25 percent and click Apply, the proposed channel plan will be implemented and channels re-assigned as needed.Determine if there is better set of channels everyUse the drop-down menu to specify the schedule for automated updates.A range of intervals is provided, from 30 Minutes to 6 MonthsThe default is 1 Hour (channel usage re-assessed and the resulting channel plan applied every hour).Table 63 - Advanced Channel Management SettingsClick Apply under Advanced settings to apply these settings.Advanced settings will take effect when they are applied and inuence how automatic channel management is performed. Viewing Wireless Neighborhood InformationThe Wireless Neighborhood shows up to 20 access points per radio within range of every member of the cluster, shows which access points are within range of which cluster members, and distinguishes between cluster members and non-members.Note: The Wireless Neighborhood page shows up to 20 access points per radio. To see all the access points detected on a given cluster access point, navigate to that cluster member’s web interface and go to the Status > Neighboring Access Points page.For each neighbor access point, the Wireless Neighborhood view shows identifying information (SSID or Network Name, IP Address, MAC address) along with radio statistics (signal strength, channel, beacon interval). You can click on an AP to get additional statistics about the APs in radio range of the currently selected AP. The Wireless Neighborhood view can help you:•) Detect and locate unexpected (or rogue) access points in a wireless domain so that you can take action to limit associated risks•) Verify coverage expectations. By assessing which APs are visible at what signal strength from other APs, you can verify that the deployment meets your planning goals.•) Detect faults. Unexpected changes in the coverage pattern are evident at a glance in the color coded table.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 111May 2016Section 9 - Clustering Multiple APsFigure 67 - View Neighboring Access PointsThe following table describes details about the Wireless Neighborhood information.Field DescriptionDisplay neighboring APsClick one of the following radio buttons to change the view:•) In cluster — Shows only neighbor APs that are members of the cluster•) Not in cluster — Shows only neighbor APs that are not cluster members•) Both — Shows all neighbor APs (cluster members and non-members)Cluster The Cluster list at the top of the table shows IP addresses for all access points in the cluster. (This is the same list of cluster members shown on the Cluster > Access Points tab.)If there is only one AP in the cluster, only a single IP address column will be displayed here; indicating that the AP is clustered with itself.You can click on an IP address to view more details on a particular AP.Neighbors Access points which are neighbors of one or more of the clustered APs are listed in the left column by SSID (Network Name).An access point which is detected as a neighbor of a cluster member can also be a cluster member itself. Neighbors who are also cluster members are always shown at the top of the list with a heavy bar above and include a location indicator.The colored bars to the right of each AP in the Neighbors list shows the signal strength for each of the neighbor APs as detected by the cluster member whose IP address is shown at the top of the column.The color of the bar indicates the signal strength:•) Dark Blue Bar — A dark blue bar and a high signal strength number (for example 50) indicates good signal strength detected from the Neighbor seen by the AP whose IP address is listed above that column.•) Lighter Blue Bar — A lighter blue bar and a lower signal strength number (for example 20 or lower) indicates medium or weak signal strength from the Neighbor seen by the AP whose IP address is listed above that column•) White Bar — A white bar and the number 0 indicates that a neighboring AP that was detected by one of the cluster members cannot be detected by the AP whose IP address if listed above that column.•) Light Gray Bar — A light gray bar and no signal strength number indicates a Neighbor that is detected by other cluster members but not by the AP whose IP address is listed above that column.•) Dark Gray Bar — A dark gray bar and no signal strength number indicates this is the AP whose IP address is listed above that column (since it is not applicable to show how well the AP can detect itself).Table 64 - Wireless Neighborhood Information

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 112May 2016Section 9 - Clustering Multiple APsViewing Details for a Cluster MemberTo view details on a cluster member AP, click on the IP address of a cluster member at the top of the page. The following gure shows the Neighbor Details of the AP with an IP address of 10.90.90.91.Figure 68 - Viewing Details For A Cluster MemberThe following table explains the details shown about the selected AP.Field DescriptionSSID The Service Set Identier (SSID) for the access point.The SSID is an alphanumeric string of up to 32 characters that uniquely identies a wireless local area network. It is also referred to as the Network Name.A Guest network and an Internal network running on the same access point must always have two different network names.MAC Address Shows the MAC address of the neighboring access point.A MAC address is a hardware address that uniquely identies each node of a network.Channel Shows the channel on which the access point is currently broadcasting.The Channel denes the portion of the radio spectrum that the radio uses for transmitting and receiving.Rate Shows the rate (in megabits per second) at which this access point is currently transmitting.The current rate will always be one of the rates shown in Supported Rates.Signal Indicates the strength of the radio signal emitting from this access point as measured in decibels (Db).Beacon Interval Shows the Beacon interval being used by this access point.Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network. The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second).Beacon Age Shows the date and time of the last beacon received from this access point.Table 65 - Cluster Member Details

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 113May 2016Appendix A - Default AP SettingsAppendix A - Default AP SettingsWhen you rst power on a UAP, it has the default settings shown in the following table.Feature DefaultSystem InformationUser Name adminPassword adminEthernet Interface SettingsConnection Type DHCPDHCP EnabledIP Address 10.90.90.91 (if no DHCP server is available)Subnet Mask 255.0.0.0DNS Name NoneManagement VLAN ID 1Untagged VLAN ID 1IPv6 Admin Mode EnabledIPv6 Auto Cong Admin Mode EnabledRadio SettingsRadio (1 and 2) OneRadio 1 IEEE 802.11 Mode 802.11a/nRadio 2 IEEE 802.11 Mode 802.11b/g/n802.11a/n Channel Auto802.11b/g/n Channel AutoRadio 1 Channel Bandwidth 40 MHzRadio 2 Channel Bandwidth 20 MHzPrimary Channel LowerShort Guard Interval Supported YesSTBC Mode OnProtection AutoMaximum Wireless Clients 200Transmit Power 100 percentLegacy Rate Sets Supported (Mbps) IEEE 802.11a: 54, 48, 36, 24, 18, 12, 9, 6 IEEE 802.11b: 11, 5.5, 2, 1IEEE 802.11g: 54, 48, 36, 24, 18, 12, 11, 9, 6, 5.5, 2, 1Legacy Rate Sets (Mbps)(Basic/Advertised)IEEE 802.11a: 24, 12, 6IEEE 802.11b: 2, 1IEEE 802.11g: 11, 5.5, 2, 1MCS (Data Rate) Settings (802.11n only)0–15 EnabledBroadcast/Multicast Rate Limiting DisabledFixed Multicast Rate AutoBeacon Interval 100DTIM Period 2Fragmentation Threshold 2346RTS Threshold 2347TSPEC Mode OffTSPEC Voice ACM Mode OffVirtual Access Point SettingsStatus VAP0 is enabled on both radios, all other VAPs disabled

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 114May 2016Appendix A - Default AP SettingsFeature DefaultVLAN ID 1Network Name (SSID) dlink1 through dlink16Broadcast SSID AllowSecurity Mode None (plain text)MAC Authentication Type NoneRADIUS IP Address 10.90.90.1RADIUS Key secretRADIUS Accounting DisabledRedirect Mode NoneOther Default SettingsWDS Settings NoneSTP DisabledMAC Authentication No stations in listLoad Balancing DisabledSNMP EnabledRO SNMP Community Name publicSNMP Agent Port 161SNMP Set Requests EnabledManaged AP Mode EnabledAuthentication (802.1X Supplicant) DisabledManagement ACL DisabledHTTP Access Enabled; disabled in Managed ModeHTTPS Access Enabled; disabled in Managed ModeConsole Port Access EnabledTelnet Access Enabled; disabled in Managed ModeSSH Access Enabled; disabled in Managed ModeWMM EnabledEmail Alert Admin Mode DownTime Manual (Not set)Client QoS Global Admin Mode DisabledPer-VAP Client QoS Mode DisabledClustering StoppedTable 66 - UAP Default Settings

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 115May 2016Appendix B - Conguration ExamplesAppendix B - Conguration ExamplesThis appendix contains examples of how to congure selected features available on the UAP. Each example contains procedures on how to congure the feature by using the Web interface, CLI, and SNMP. This appendix describes how to perform the following procedures:•) “Conguring a VAP” on page 115•) “Conguring Radio Settings” on page 117•) “Conguring the Wireless Distribution System” on page 118•) “Clustering Access Points” on page 119•) “Conguring Client QoS” on page 121For all SNMP examples, the objects you use to AP are in a private MIB. Take DWL-6600AP for example, the path to the tables that contain the objects is iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).dlink(171).dlink-products(10).dwl-6600AP(128).dwl6600AP(1).dwl_6600AP(1).dwlWLANAPNewMibs(26).DWL-8710AP: 1.3.6.1.4.1.171.10.149.1.1.26DWL-8610AP: 1.3.6.1.4.1.171.10.136.1.1.26DWL-6610AP: 1.3.6.1.4.1.171.10.143.1.1.26DWL-8600AP: 1.3.6.1.4.1.171.10.37.29.1.26DWL-6700AP: 1.3.6.1.4.1.171.10.142.1.1.26DWL-6600AP: 1.3.6.1.4.1.171.10.128.1.1.26DWL-3600AP: 1.3.6.1.4.1.171.10.129.1.1.26DWL-2600AP: 1.3.6.1.4.1.171.10.130.1.1.26DWL-3610AP: 1.3.6.1.4.1.171.10.151.1.1.26DWL-6610AP/B1: 1.3.6.1.4.1.171.10.152.1.1.26Conguring a VAPThis example shows how to congure VAP 1 with the following non-default settings:•) VLAN ID: 2•) SSID: Marketing•) Security: WPA Personal using WPA2 with CCMP (AES)VAP Conguration from the Web Interface1.) Log onto the AP and navigate to the Manage > VAP page.Figure 69 - VAP Conguration from the Web Interface2.) In the Enabled column for VAP 1, select the check box. 3.) Enter 2 in the VLAN ID column.4.) In the SSID column, delete the existing SSID and type Marketing.5.) Select WPA Personal from the menu in the Security column. Additional elds appear.6.) Select the WPA2 and CCMP (AES) options, and clear the WPA and TKIP options.7.) Enter a WPA encryption key in the Key eld. The key can be a mix of alphanumeric and special characters. The key is case sensitive and can be between 8 and 63 characters.•) Click Apply to update the AP with the new settings.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 116May 2016Appendix B - Conguration ExamplesVAP Conguration from the CLI1.) Connect to the AP by using Telnet, SSH, or a serial connection.2.) Enable VAP 1. set vap vap1 status up3.) Set the VLAN ID to 2.set vap vap1 vlan-id 2Note: The previous command sets the VLAN ID to 2 for VAP 1 on both radios. To set the VLAN ID for VAP 1 on radio one only, use the following command: set vap 1 with radio wlan0 to vlan-id 2.4.) Set the SSID to Marketing.set interface wlan0vap1 ssid Marketing5.) Set the Security Mode to WPA Personal.set interface wlan0vap1 security wpa-personal6.) Allow WPA2 clients, and not WPA clients, to connect to the AP.set bss wlan0bssvap1 wpa-allowed offset bss wlan0bssvap1 wpa2-allowed on7.) Set the Cipher Suite to CCMP (AES) only.set bss wlan0bssvap1 wpa-cipher-tkip offset bss wlan0bssvap1 wpa-cipher-ccmp on8.) Set the Pre-shared key.set interface wlan0vap1 wpa-personal-key JuPXkC7GvY$moQiUttp2If the shared secret keys includes spaces, place the key inside quotation marks.9.) Use the following commands to view and verify the settings. get interface wlan0vap1 detailget vap vap1 detailVAP Conguration Using SNMP1.) Load the DLINK-WLAN-ACCESS-POINT-X600-MIB module.2.) From the MIB tree, navigate to the objects in the apVap table.3.) Walk the apVapDescription object to view the instance ID for VAP 1 (wlan0vap1).VAP 1 on Radio 1 is instance 3.4.) Use the apVapStatus object to set the status of VAP 1 to up (1).5.) Use the apVapVlanID object to set the VLAN ID of VAP 1 to 2.6.) Navigate to the objects in the apIfCong table.7.) Walk the apIfCongName object to view the instance ID for VAP 1 (wlan0vap1).VAP 1 on Radio 1 is instance 3.8.) Set the value of instance 3 in the apIfCongSsid object to Marketing.9.) Set the value of instance 3 in the apIfCongSecurity object to wpa-personal (3).10.) Set the value of instance3 in the apIfCongWpaPersonalKey object to JuPXkC7GvY$moQiUttp2, which is the WPA pre-shared key.11.) Navigate to the objects in the apRadioBss > apBssTable table.12.) Walk the apBssDescr object to view the instance ID for VAP 1. VAP 1 on Radio 1 is instance 1.13.) Set the value of instance 1 in the apBssWpaAllowed object to false (2).14.) Set the value of instance 1 in the apBssWpaCipherTkip object to false (2).15.) Set the value of instance 1 in the apBssWpaCipherCcmp object to true (1).

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 117May 2016Appendix B - Conguration ExamplesConguring Radio SettingsThis example shows how to congure Radio 12 with the following settings:•) Mode: IEEE 802.11b/g/n•) Channel: 6•) Channel Bandwidth: 40 MHz•) Maximum Stations: 100•) Transmit Power: 75%Radio Conguration from the Web Interface1.) Log onto the AP and navigate to the Manage > Radio page.Figure 70 - Radio Conguration from the Web Interface2.) Make sure that the Status is On.3.) From the Mode menu, select IEEE 802.11b/g/n.4.) From the Channel eld, select 6. 5.) From the Channel Bandwidth eld, select 40 MHz.6.) In the Maximum Stations eld, change the value to 100.7.) In the Transmit Power eld, change the value to 75.8.) Click Apply to update the AP with the new settings.Radio Conguration from the CLI1.) Connect to the AP by using Telnet, SSH, or a serial connection.2.) Turn Radio 12 on if the status is not currently up.set radio wlan01 status on3.) Set the mode to IEEE 802.11b/g/n.set radio wlan01 mode bg-n4.) Set the channel to 6. set radio wlan01 channel-policy staticset radio wlan01 static-channel 65.) Set the channel bandwidth to 40 MHz.set radio wlan01 n-bandwidth 406.) Allow a maximum of 100 stations to connect to the AP at a time.set bss wlan01bssvap0 max-stations 100

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 118May 2016Appendix B - Conguration Examples7.) Set the transmit power to 75 percent.set radio wlan01 tx-power 758.) View information about the radio settings.get radio wlan01 detailRadio Conguration Using SNMP1.) Load the DLINK-WLAN-ACCESS-POINT-X600-MIB module.2.) From the MIB tree, navigate to the objects in the apRadio table (apRadioBss > apRadioTable).3.) Use the apRadioStatus object to set the status of Radio 12 to up (1).4.) Use the apRadioMode object to set the Radio 12 mode to IEEE 802.11b/g/n, which is bg-n (4).5.) Use the apRadioChannelPolicy object to set the channel policy to static (1), which disables the automatic channel assignment.6.) Use the apRadioStaticChannel object to set the channel to 6.7.) Use the apRadioChannelBandwith object to set the channel bandwidth for Radio 12 to forty-MHz (2).8.) Use the apRadioTxPower object to set the transmission power on Radio 12 to 75.9.) Navigate to the objects in the apBssTable.10.) Use the apBssMaxStations object to set the value of the maximum allowed stations to 100.Conguring the Wireless Distribution SystemThis examples shows how to congure a WDS link between two APs. The local AP is MyAP1 and has a MAC address of 00:1B:E9:16:32:40, and the remote AP is MyAP2 with a MAC address of 00:30:AB:00:00:B0.The WDS link has the following settings, which must be congured on both APs:•) Encryption: WPA (PSK)•) SSID: wds-link•) Key: abcdefghijkWDS Conguration from the Web InterfaceTo create a WDS link between a pair of access points “MyAP1” and “MyAP2” use the following steps:1.) Log onto MyAP1 and navigate to the Manage > WDS page. Figure 71 - WDS Conguration from the Web InterfaceThe MAC address for MyAP1 (the access point you are currently viewing) is automatically provided in the Local Address eld.2.) Enter the MAC address for MyAP2 in the Remote Address eld, or click the arrow next to the eld and select the MAC address of MyAP2 from the pop-up list. 3.) Select WPA (PSK) from the Encryption menu.4.) Enter wds-link in the SSID eld and abcdefghijk in the Key eld.5.) Click Apply to apply the WDS settings to the AP.6.) Log onto MyAP2 and repeat steps 2-5 (but be sure to use the MAC address of MyAP1 in the Remote Address eld.Note: MyAP1 and MyAP2 must be set to the same IEEE 802.11 Mode and be transmitting on the same channel.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 119May 2016Appendix B - Conguration ExamplesWDS Conguration from the CLI1.) Connect to the MyAP1 by using Telnet, SSH, or a serial connection.2.) Congure the remote MAC address for MyAP2.set interface wlan0wds0 status up remote-mac 00:30:AB:00:00:B03.) Set WPA (PSK) as the encryption type for the link.set interface wlan0wds0 wds-security-policy wpa-personal4.) Set the SSID on the WDS link.set interface wlan0wds0 wds-ssid wds-link5.) Congure the encryption key.set interface wlan0wds0 wds-wpa-psk-key abcdefghijk6.) Administratively enable the WDS link.set interface wlan0wds0 status up7.) Perform the same conguration steps on MyAP2.WDS Conguration Using SNMP1.) Load the DLINK-WLAN-ACCESS-POINT-X600-MIB module.2.) From the MIB tree, navigate to the objects in the apIfCong table.3.) Walk the apIfCongName object to view the instance ID for the rst WDS link (wlan0wds0).The rst WDS link is instance 1.4.) Set the value of instance 1 in the apIfCongRemoteMac object to 00:30:AB:00:00:B0.In the MG-Soft browser, the format for the MAC address value to set is # 0x00 0x30 0xAB 0x00 0x00 0xB0.5.) Set the value of instance 1 in the apIfCongWdsSecPolicy object to WPA Personal (3).6.) Set the value of instance 1 in the apIfCongSsid object to wds-link.7.) Set the value of instance 1 in the apIfCongWdsWpaPskKey object to abcdefthijk.Some MIB browsers require that the value be entered in HEX values rather than ASCII values.8.) Perform the same conguration steps on MyAP2.Clustering Access PointsThis example shows how to congure a cluster with two APs and to enable automatic channel reassignment. The location of the local AP is Room 214, and the cluster name is MyCluster.Clustering APs by Using the Web Interface1.) Log onto the AP and navigate to the Cluster > Access Points page.Figure 72 - Clustering APs by Using the Web Interface (Passive)2.) If clustering has started, click Stop Clustering so you can change the Clustering Options.3.) Enter the AP location and the name of the cluster for it to join.4.) Click Apply.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 120May 2016Appendix B - Conguration Examples5.) Click Start Clustering to enable the clustering feature. After you refresh the page, other APs that are on the same bridged segment, have radios in the same operating mode, are enabled for clustering, and have the same cluster name appear in the Access Points table.6.) Go to the Channel Management page to view the channel assignments.Figure 73 - Clustering APs by Using the Web Interface (Active)A table on the page displays the current channel assignments and the proposed channel assignments. The interval setting in the Advanced section determine how often proposed changes are applied.Clustering APs by Using the CLI1.) Connect to the AP by using Telnet, SSH, or a serial connection.2.) Stop clustering so you can change the location and cluster name.set cluster clustered 03.) Set the AP Location.set cluster cluster-name “Room 214”Note: If the cluster name or cluster location has spaces, you must enclose the text in quotation marks when you enter the text in the CLI, as the command example shows. You do not need to use quotation marks when you enter text by using the Web UI.4.) Set the cluster name.set cluster location MyCluster5.) Start clustering.set cluster clustered 16.) View information about the cluster settings on the AP.get cluster detail7.) Start the automatic channel planner.set channel-planner status up8.) View the settings for the automatic channel planner.get channel-planner detailClustering APs by Using SNMPCluster conguration by using SNMP is not supported.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 121May 2016Appendix B - Conguration ExamplesConguring Client QoS This example shows how to enable client QoS, congure an ACL and a DiffServ policy on the AP, and to apply the ACL and the Policy to trafc transmitted from clients associated with VAP 2 and received by the AP.The IPv4 ACL is named acl1 and contains two rules. The rst rule allows HTTP trafc from the 192.168.1.0 subnet. The second rule allows all IP trafc from the management station (192.168.1.23). All other trafc is denied due to the implicit deny all rule at the end of the ACL. The ACL is applied to the inbound interface on the AP so that packets are checked when the AP receives trafc from associated clients.The DiffServ policy in this example shows how to establish default DiffServ behavior for clients associating with the VAP that do not obtain a DiffServ policy name through the RADIUS server. Voice trafc (UDP packets) received from clients in the 192.168.1.0 subnet that has the VoIP server as its destination address (192.168.2.200), is marked with the IP DSCP value for expedited forwarding so that it takes priority over other trafc.Conguring QoS by Using the Web InterfaceACL Conguration1.) Log onto the AP and navigate to the Client QoS > Client QoS ACL page.2.) Enter acl1in the ACL Name eld, and click Add ACL.Figure 74 - Conguring QoS by Using the Web Interface (ACL Name)The screen refreshes, and additional elds appear.Figure 75 - Conguring QoS by Using the Web Interface (Rule1)3.) From the Action menu, select Permit.4.) Clear the Match Every option.5.) Verify that the Protocol option is selected and IP is selected from the Select From List menu.6.) Congure the remaining settings:•) Source IP Address: 192.168.1.0

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 122May 2016Appendix B - Conguration Examples•) Wild Card Mask: 0.0.0.255•) Source Port: Select the option•) Select From List (Source Port): www7.) Click Apply to save the rule.Figure 76 - Conguring QoS by Using the Web Interface (Rule2)8.) Select New Rule from the Rule menu and create another rule with the following settings:•) Action: Permit•) Match Every: Clear the option•) Protocol: IP•) Address: 192.168.1.23•) Wild Card Mask: 0.0.0.09.) Click Apply to save the rule.10.) Navigate to the Client QoS > VAP QoS Parameters page.Figure 77 - Conguring QoS by Using the Web Interface (VAP QoS Parameters)11.) For the Client QoS Global Admin Mode option, select Enabled.12.) From the VAP menu, select VAP 2.13.) Select the Enabled option for Client QoS Mode.14.) From the ACL Type Up menu, select IPv4.15.) From the ACL Name Up menu, select acl1in.16.) Click Apply to update the AP with the QoS settings.DiffServ Conguration

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 123May 2016Appendix B - Conguration Examples1.) Log onto the AP and navigate to the Client QoS > Class Map page.Figure 78 - Conguring QoS by Using the Web Interface (Class Map Name)2.) Enter class_voip in the Class Map Name eld and click Add Class Map.The page refreshes and additional elds appear. Figure 79 - Conguring QoS by Using the Web Interface (Rule)3.) Select the Match Every option to indicate that all match criteria dened for the class must be satised in order for a packet to be considered a match.4.) Select Protocol, and then select UDP from the Select From List eld to dene UDP as a match criteria. 5.) Select Source IP Address and enter the following information: •) Address: 192.168.1.0•) Source IP Mask: 255.255.255.06.) Select the Destination IP Address option and enter the following information for the VoIP server:•) Address: 192.168.2.200•) Destination IP Mask: 255.255.255.2557.) Click Apply to save the match criteria.8.) Navigate to the Client QoS > Policy Map page.Figure 80 - Congure Client QoS DiffServ Policy Map Settings (Policy Map Name)9.) To create a policy, enter pol_voip into the Policy Map Name eld, and then click Add Policy Map.The page refreshes and additional elds appear.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 124May 2016Appendix B - Conguration ExamplesFigure 81 - Congure Client QoS DiffServ Policy Map Settings (Rule)10.) For the class_voip Class Map, select the Mark IP Dscp option, and then select ef from the Select From List menu. 11.) Trafc that meets the criteria dened in the class_voip class is marked with a DSCP value of EF (expedited forwarding).12.) Click Apply to save the policy.13.) Navigate to the Client QoS > VAP QoS Parameters page.Figure 82 - Congure Client QoS VAP Settings14.) Select VAP 2 from the VAP menu.15.) Make sure that the Client QoS Global Admin Mode and the QoS Mode are both enabled.16.) From the DiffServ Policy Up menu, select pol_voip.17.) Click Apply to update the AP with the QoS settings.Conguring QoS by Using the CLIACL Conguration1.) Connect to the AP.2.) Create an ACL named acl1.add acl acl1 acl-type ipv43.) Add a rule to acl1 that allows HTTP trafc from the 192.168.1.0 subnet. add rule acl-name acl2 acl-type ipv4 action permit protocol ip src-ip 192.168.1.0 src-ip-mask 0.0.0.255 src-port http

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 125May 2016Appendix B - Conguration Examples4.) Add another rule to acl1 that allows all trafc from the host with an IP address of 192.168.1.23. add rule acl-name acl2 acl-type ipv4 action permit protocol ip src-ip 192.168.1.23 src-ip-mask 0.0.0.05.) Enable Client QoS on the AP.set client-qos mode up6.) Enable Client QoS on VAP2set vap wlan0vap2 qos-mode up7.) Apply acl1 to VAP2 in the inbound direction (from the client to the AP). set vap wlan0vap2 def-acl-up acl1 DiffServ Conguration1.) Log onto the AP CLI.2.) Create a class map named class_voip and congure it to match all UDP packets from the 192.168.1.0 network that have a destination IP address of 192.168.2.200 (the VoIP server). add class-map class_voip every yes protocol udp src-ip 192.168.1.0 src-ip-mask 255.255.255.0 dst-ip 192.168.2.200 dst-ip-mask 255.255.255.255 3.) Add a policy map named pol_voip.add policy-map pol_voip4.) Dene the pol_voip policy map by adding the class_voip class map and specifying that packets that match the class_voip criteria will be marked with a DSCP value of EF (expedited forwarding).add policy-attr policy-map-name pol_voip class-map-name class_voip mark-ip-dscp ef5.) Enable Client QoS on the AP.set client-qos mode up6.) Enable Client QoS on VAP2set vap wlan0vap2 qos-mode up7.) Apply pol_voip to VAP2 in the inbound direction (from the client to the AP). set vap wlan0vap2 def-policy-up pol_voip Conguring QoS by Using SNMPACL Conguration1.) Load the DLINK-WLAN-ACCESS-POINT-X600-MIB module.2.) From the MIB tree, navigate to the objects in the apQos > apAclTable.3.) Use the apQosAclStatus object to create a row entry with apQosAclName and apQosAclType as the indexes for apQosAclEntry.The new apQosAclEntry value includes the apQosAclType (1) followed by the number of characters in the name (4), and then the ASCII code for the name. In this example, acl1 is 97.99.108.49. The value to set is 4, which is Create and Go.4.) Add a rule to acl1 that allows HTTP trafc from the 192.168.1.0 subnet. •) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.14.1.4.97.99.108.49.1 to set the apQosAclRuleStatus of Rule 1 to active (1)In the OID, the 14 (bold) is the sequence identier for the apQosAclRuleStatuss object, 1 is the ACL type, 4.97.99.108.49 is the ACL name (the number of characters followed by the ASCII code), and the nal 1 is the ACL rule number.•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.4.1.4.97.99.108.49.1 to set the apQosAclRuleSrcIpAddress to a value of 192.168.1.0.•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.5.1.4.97.99.108.49.1 to set the apQosAclRuleSrcIpMask to a value of 0.0.0.255.•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.3.1.4.97.99.108.49.1 to set apQosAclRuleProtocol to a value of 80 (HTTP).•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.16.1.4.97.99.108.49.1 to set apQosAclRuleCommit to a value of 1 (true), which saves the rule.5.) Add another rule to acl1 that allows all trafc from the host with an IP address of 192.168.1.23. •) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.14.1.4.97.99.108.49.2 to set the apQosAclRuleStatus of Rule 2 to active (1)•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.4.1.4.97.99.108.49.2 to set the apQosAclRuleSrcIpAddress to a value of 192.168.1.23.•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.5.1.4.97.99.108.49.2 to set the apQosAclRuleSrcIpMask to a value of 0.0.0.0.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 126May 2016Appendix B - Conguration Examples•) Use 1.3.6.1.4.1.171.10.128.1.1.26.10.3.1.16.1.4.97.99.108.49.2 to set apQosAclRuleCommit to a value of 1 (true), which saves the rule.6.) Use the apQosGlobalMode object to set the status to up (1), which enables Client QoS on the AP.7.) Walk the apVapDescription object to view the instance ID for VAP 2 (wlan0vap2).VAP 2 on Radio 1 is instance 5.8.) Use the apVapQosMode object to set the status of VAP 2 to up (1).9.) Use the apVapAclUp object to apply acl1 to VAP2 in the inbound direction (from the client to the AP). The ACL name is the text string, and not the ASCII code.DiffServ Conguration1.) Load the DLINK-WLAN-ACCESS-POINT-X600-MIB module.2.) From the MIB tree, navigate to the objects in the apQos > apAclTable.3.) Use the apQosDsClassMapStatus object to set the status of the class map named class_voip to Create and Go (4).The OID to set is 1.3.6.1.4.1.171.10.128.1.1.26.10.4.1.3.10.99.108.97.115.115.95.118.111.105.112, where 10 is the number of characters, and 99.108.97.115.115.95.118.111.105.112 is class_voip in ASCII code.4.) Congure class_voip to match all UDP packets from the 192.168.1.0 network that have a destination IP address of 192.168.2.200 (the VoIP server). •) Set apQosDsClassMapMatchEvery to true (1).•) Set apQosDsClassMapMatchProtocol to UDP (17).•) Set apQosDsClassMapMatchSrcIpAddress to 192.168.1.0.•) Set apQosDsClassMapMatchSrcIpMask to 255.255.255.0.•) Set apQosDsClassMapMatchDestIpAddress to 192.168.2.200.•) Set apQosDsClassMapMatchDestIpMask to 255.255.255.255•) Set apQosDsClassMapMatchCommit to true (1).5.) Create a policy map named pol_voip (which is 112.111.108.95.118.111.105.112 in ASCII) by setting the value of the OID 1.3.6.1.4.1.171.10.128.1.1.26.10.5.1.2.8.112.111.108.95.118.111.105.112 to Create and Go (4).6.) Dene the pol_voip policy map by adding the class_voip class map and specifying that packets that match the class_voip criteria will be marked with a DSCP value of EF (expedited forwarding).•) Set apQosDsPolicyMapAttrStatus.8.112.111.108.95.118.111.105.112.10.99.108.97.115.115.95.118.111.105.112.1 to a value of 4 (Create and Go)•) Set apQosDsPolicyMapAttrMarkIpDscp.8.112.111.108.95.118.111.105.112.10.99.108.97.115.115.95.118.111.105. 112.1 to 46 (which is the equivalent of ef).7.) Enable Client QoS on the AP.set client-qos mode up8.) Use the apQosGlobalMode object to set the status to up (1), which enables Client QoS on the AP.9.) Walk the apVapDescription object to view the instance ID for VAP 2 (wlan0vap2).VAP 2 on Radio 1 is instance 5.10.) Use the apVapQosMode object to set the status of VAP 2 to up (1).11.) Use the apVapPolUp object to apply pol_voip to VAP2 in the inbound direction (from the client to the AP). The policy name is the text string, and not the ASCII code.

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 127May 2016Appendix C - DWL-6700AP Prole and Conguration TableAppendix C - DWL-6700AP Prole and Conguration TableDWL-6700AP doesn’t support some features like, IEEE 802.1X Authentication, CLI command (no console port supported), TSPEC etc…, details please see the following table. Radio Conguration DWL-6700AP DWL-6600APRadio mode Yes YesRadio conguration state Yes YesRTS threshold Yes YesLoad Balancing NO YesLoad Utilization NO YesMaximum Clients Yes YesRF Scan Other Channels NO YesRF Scan Sentry NO YesMode Yes YesDTIM Period Yes YesBeacon Interval Yes YesAutomatic Channel Yes YesAutomatic Power Yes YesInitial Power Yes YesAPSD mode NO YesRF Scan Interval (secs) Yes YesFrag Threshold (bytes) Yes YesRF Scan Sentry Channels NO Yes Radio Conguration DWL-6700AP DWL-6600APShort Retries NO YesRF Scan Duration (msecs) Yes YesLong Retries NO YesRate Limiting NO YesTransmit Lifetime (msecs) NO YesRate Limit (pkts/sec) NO YesReceive Lifetime (msecs) NO YesRate Limit Burst (pkts/sec) NO YesStation Isolation Yes YesChannel Bandwidth Yes YesPrimary Channel Yes YesProtection Yes YesShort Guard Interval Yes YesSpace Time Block Code NO YesRadio Resource Management NO YesNO ack NO YesMulticast TX rate (Mbps) Yes Yes Network Conguration DWL-6700AP DWL-6600APSSID Yes YesHide SSID Yes YesIgnore Broadcst Yes YesVLAN Yes Yes

Unied Access Point Administrator’s GuideUnied Access Point Administrator’s GuidePage 128May 2016Appendix C - DWL-6700AP Prole and Conguration TableMAC Authentication Yes YesRedirect NO YesRedirect URL NO YesWireless ARP Suppression Mode NO YesL2 Distributed Tunneling Mode NO YesRADIUS Autentication Server Name NO YesRADIUS Autentication Server Status NO N/ARADIUS Accounting Server Name NO YesRADIUS Accounting Server Status NO N/ARADIUS Use Network Conguraiton NO YesRADIUS Accounting NO YesSecurity Yes YesWPA Versions Yes YesWPA Ciphers Yes Yes Network Conguration DWL-6700AP DWL-6600APWPA Key Type Yes YesWPA Key Yes YesBcast Key Refresh Rate (seconds) NO Yes WDS Conguration DWL-6700AP DWL-6600APACK Timer Value (Standalone mode) Yes NO Others DWL-6700AP DWL-6600APTurn Off all LEDs via GUI (Standalone mode) Yes NO

Federal Communication Commission Interference StatementThis equipment has been tested and found to comply with the limits for a Class Bdigital device, pursuant to Part 15 of the FCC Rules. These limits are designed toprovide reasonable protection against harmful interference in a residentialinstallation. This equipment generates, uses, and can radiate radio frequency energyand, if not installed and used in accordance with the instructions, may cause harmfulinterference to radio communications. However, there is no guarantee thatinterference will not occur in a particular installation. If this equipment does causeharmful interference to radio or television reception, which can be determined byturning the equipment off and on, the user is encouraged to try to correct theinterference by one or more of the following measures:• Reorient or relocate the receiving antenna.• Increase the separation between the equipment and receiver.• Connect the equipment into an outlet on a circuit different from that to which thereceiver is connected. • Consult the dealer or an experienced radio/TV technician forhelp.FCC Caution:This device complies with Part 15 of the FCC Rules. Operation is subject to thefollowing two conditions: (1) This device may not cause harmful interference, and (2)this device must accept any interference received, including interference that maycause undesired operation.Non-modification Statement:Changes or modifications not expressly approved by the party responsible forcompliance could void the user's authority to operate the equipment.FCC Radiation Exposure Statement:This equipment complies with FCC radiation exposure limits set forth for anuncontrolled environment. This equipment should be installed and operated withminimum distance 20cm between the radiator & your body.

Industry Canada StatementThis device complies with RSS-247 of Industry CanadaOperation is subject to the following two conditions: (1) this device may not causeinterference, and (2) this device must accept any interference, including interferencethat may cause undesired operation of the device.The device for operation in the band 5150-5250 MHz is only for indoor use to reducethe potential for harmful interference to co-channel mobile satellite systems. Themaximum antenna gain permitted for devices in the band 5725-5825 MHz shallcomply with the e.i.r.p. limits specified for point-topoint and non point-to-pointoperation as appropriate.IC Radiation Exposure StatementThis equipment complies with IC RSS-102 radiation exposure limit set forth for anuncontrolled environment. This equipment should be installed and operated withminimum distance 20cm between the radiator and your body.Avis d’industrie CanadaLe présent appareil est conforme aux CNR d'Industrie Canada applicables auxappareils radio exempts de licence.L'exploitation est autorisée aux deux conditions suivantes:(1) l'appareil ne doit pas produire de brouillage, et, and(2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, mêmesi le brouillage est susceptible d'en compromettre le fonctionnement.Les dispositifs fonctionnant dans la bande 5150-5250 MHz sont réservés uniquementpour une utilisation à l’intérieur afin de réduire les risques de brouillage préjudiciableaux systèmes de satellites mobiles utilisant les mêmes canaux. Le gain maximald’antenne permis (pour les dispositifs utilisant la bande 5725-5825 MHz) doit seconformer à la limite de p.i.r.e. spécifiée pour l’exploitation point à point et nonpoint à point, selon le cas.Déclaration d’exposition à la radiation : Cet équipement respecte les limitesd’exposition aux rayonnements IC définies pour un environnement non contrôlé. Cetéquipement doit être installé et mis en marche à une distance minimale de 20 cmqui sépare l’élément rayonnant de votre corps.L’émetteur ne doit ni être utilisé avec une autre antenne ou un autre émetteur ni setrouver à leur proximité.

一般設備(低功率電波輻射性電機管理辦法第12、14條)--- 經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更頻率，加大功率或變更原設計之特性及功能。--- 低功率射頻電機之使用不得影響飛航安全及干擾合法通信：經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信法規定作業之無線電通信低功率射頻電機需忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。--本產品使用時建議應至少距離人體 20cm;電磁波曝露量MPE標準值1mW/c㎡，送測產品實測值為0.3331 mW/cm2.