1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Controller
  5. DSA-6100
  6. User manual

D-Link DSA-6100 User Manual

Wireless access controller
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
DSA-6100

User Guide

Version DSA-6100-2.10
July, 2009

Advertisement

Table of Contents
loading

Related Manuals for D-Link DSA-6100

Summary of Contents for D-Link DSA-6100

  • Page 1: User Guide

    DSA-6100 User Guide Version DSA-6100-2.10 July, 2009...
  • Page 3 Copyright © 2009 D-Link Corporation All rights reserved. Printed in Taiwan. September 2009. D-Link Corporation reserves the right to change, modify, and revise this publication without notice. Trademarks Copyright 2009 D-Link Corporation. All rights reserved. D-Link, the D-Link logo, and DSA-6100 are trademarks of D-Link Corporation.

  • Page 5: Table Of Contents

    Table of Contents Chapter 1. Before You Start ............................1 Audience ..............................1 Document Conventions.........................1 Chapter 2. Overview ..............................2 Introduction of DSA-6100 ........................2 System Concept .............................2 Chapter 3. Hardware Installation ..........................7 Panel Function Descriptions ........................7 Package Contents ..........................9 System Requirement ..........................9 Installation Steps ..........................10 Chapter 4.
  • Page 6 User Authentication ..........................78 4.4.1 Authentication Configuration ......................79 4.4.1.1 Local Server ............................80 4.4.1.2 POP3 Server............................86 4.4.1.3 RADIUS Server ..........................87 4.4.1.4 LDAP Server ...........................90 4.4.1.5 NT Domain Server..........................92 4.4.1.6 On Demand User ..........................93 4.4.1.7 PMS User............................97 4.4.2 Policy Configuration .........................101 4.4.3 Black List Configuration ........................109 4.4.4 Guest User Configuration.........................113 4.4.5...

  • Page 7: Chapter 1. Before You Start

    This manual is intended for use by system integrators, field engineers and network administrators to help them set up DSA-6100 Wireless Access Controller in their network environments. It contains step by step procedures and pictures to guide users with basic network system knowledge to complete the installation.

  • Page 8: Chapter 2. Overview

    DSA-6100, or if the online user logs out of the system, the DSA-6100 will exit the working stage of the user and terminate the user’s...
  • Page 9 Internet browser such as the Internet Explorer must be opened and a connection to any website must be performed. When the browser attempts to connect to a website, the DSA-6100 will force the browser to redirect to the user login webpage. The user must enter the username and password for authentication. After the identity is authenticated successfully, the user will be granted proper access right as defined in the DSA-6100.
  • Page 10 DSA-6100 User Guide Another setup example is shown in the following diagram, where the administrator is able to increase the uplink bandwidth capacity beyond the capacity of any single WAN port. This is done by the DSA-6100’s Bonding feature.
  • Page 11 Chapter 2. Overview The DSA-6100 can be used as the gateway for Internet access, where an external connection can be established for sharing, accounting, authentication and users management. This solution can be applied for environments such as hotels, campus, hot spots and others. An example of the network topology is as follows:...
  • Page 12 DSA-6100 User Guide The DSA-6100 is able to use a Local Database or authentication servers (NT-Domain, POP3, LDAP and Radius) to authenticate users. This type of solution is suitable for environments such as hotels, campus, hot spots, enterprises and others.

  • Page 13: Chapter 3. Hardware Installation

    8. Port: WAN1 / WAN2 1. Reset Press and hold the Reset Button for 5 seconds to restart the DSA-6100. Press and hold the Reset Button for more than 10 seconds to restart the DSA-6100 in default configuration. 2. Select / Execute...
  • Page 14 8. WAN1 / WAN2 Ports: The two WAN ports are connected to a network which is not managed by the DSA-6100, and this port can be used to connect to the ATU-Router of an ADSL, or the port of a Cable...

  • Page 15: Package Contents

    Power Fan: Keeps the power cool. Power Socket: The power cord is attached here. Power Switch: Turns on and off the machine. 3.2 Package Contents The standard package of the DSA-6100 includes: DSA-6100 x 1 Console Cable x 1 Crossover Ethernet Cable x 1...

  • Page 16: Installation Steps

    After the hardware of the DSA-6100 is installed completely, the system is ready to be configured in the following sections. This manual will guide you step by step to set up the system using a single DSA-6100 to manage the...

  • Page 17: Chapter 4. Web Interface Configuration

    The following table shows all the functions of DSA-6100. The administration functions are separated into several categories: System Configuration, Network Configuration, AP Management, User Authentication, Status and Tool.
  • Page 18 DSA-6100 via web browsers with JavaScript enabled such as Internet Explorer version 6.0. After the basic installation has been completed according to the instructions of the previous chapter, the DSA-6100 can further be configured with the following steps: Use the network cable of the 10/100BaseT to connect a PC to the Private LAN (LAN2), and then start a browser (such as Microsoft IE).
  • Page 19 192.168.1.x for your network interface and then open a new browser again. After successfully logging into the DSA-6100, the Administration System page of the web management interface will appear. To log out of the system when completed, select the Logout icon on the upper right...

  • Page 20: System Configuration

    DSA-6100 User Guide 4.1 System Configuration This section relates to system configuration and provides the information on the following functions: Configuration Wizard, System Information, WAN Configuration and LAN Configuration.

  • Page 21: Configuration Wizard (Also Served As Quick Installation Guide)

    The Configuration Wizard uses seven simple steps to provide the easy set up of the DSA-6100. These steps may also be used as the Quick Installation Guide. The 7 steps are listed below: 1. Change the Admin Password 2.
  • Page 22 Step 3: Set System Information Home Page: Enter the URL to where the clients should be directed when they are properly authenticated. NTP Server: Enter the URL of the external time server for the DSA-6100 time synchronization or use the default.
  • Page 23 Chapter 4. Web Interface Configuration Step 4: Select the Connection Type for WAN1 Port There are three types of WAN port to select: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type and click Next to continue. Dynamic IP Address If this option is selected, an appropriate IP address and related information will be assigned automatically.
  • Page 24 DSA-6100 User Guide PPPoE Client: Set PPPoE Client’s Information Enter the “Username” and “Password” provided by the ISP. Click Next to continue.
  • Page 25 Disable DHCP Server: If the DHCP server is disabled, the Public LAN clients must be configured with an IP address manually. Enable DHCP Server: When the option is selected, the DSA-6100 will automatically provide the necessary IP address to all Public LAN clients.
  • Page 26 These IP address will be assigned to the LAN1 clients. (Note: Be sure that IP address assigned in this range is NOT used in other setting of DSA-6100.) Domain Name: Enter a domain name provided by your ISP (e.g. dlink.com).
  • Page 27 Chapter 4. Web Interface Configuration Step 6: Select Default Authentication Server Please specify the postfix name for this authentication method. The Postfix Name field (e.g. Local) will be used as the postfix name (e.g. username@Local). An authentication method has to be selected from one of the five options appeared in this window (Local User is selected for this setup example).
  • Page 28 DSA-6100 User Guide User Authentication Method-POP3 Enter IP/Domain Name and server port of the POP3 server provided by the ISP, and then choose enable SSL or not. Click Next to continue. User Authentication Method-RADIUS Enter RADIUS server IP/Domain Name, authentication port, accounting port and secret key, then choose whether to enable accounting service.
  • Page 29 Chapter 4. Web Interface Configuration User Authentication Method-LDAP Add a new user to the LDAP user database. Enter the “LDAP Server”, “Server Port” and “Base DN” and select one kind of Binding Type and Account Attribute to access the LDAP server. If the User Account binding type is selected, the system will use the Base DN to be the user account to access the LDAP server.
  • Page 30 DSA-6100 User Guide If Specific DN binding type is selected, username and password in the “Bind RDN” and “Bind Password” fields must be entered to access the LDAP server. If Windows AD binding type is selected, please enter the domain name of Windows AD to access the LDAP server.
  • Page 31 Chapter 4. Web Interface Configuration Step 7: Restart Click Restart to save the current settings and restart DSA-6100. The Setup Wizard is now completed. During the DSA-6100 restarting, a “Restarting now. Please wait for a moment.” message will appear on the screen.

  • Page 32: System Information

    For example: 10.2.3.0/24 means that as long as an administrator is within the IP address range of 10.2.3.0/24, he or she can reach the administration page of the DSA-6100. If the administrator configures a single IP, such as 10.2.3.5, only this IP address can reach the administration page.

  • Page 33: Wan1 Configuration

    Chapter 4. Web Interface Configuration 4.1.3 WAN1 Configuration System supports three different WAN connection types for the WAN1 Port configuration including: Static IP Address, Dynamic IP Address, and PPPoE Client. Static IP Address: Manually specifying the IP address of the WAN1 Port regarding your ISP network information, which is applicable for the network environment where IP address cannot be obtained automatically.
  • Page 34 When the WAN1 is set to use a static IP address and “Enable Bridge Mode” is checked, the DSA-6100 will act as a switch and WAN2, LAN1 and LAN2 ports will share the same static IP address from WAN1. The pictures below are the results on the WAN2 and LAN2 when Bridge Mode is enabled on the WAN1 interface.
  • Page 35 Chapter 4. Web Interface Configuration PPPoE Client: Common ADSL connection type. Enter User Name and Password of your PPPoE account. When dial on Demand is enabled, you can set the idle timer before the system is disconnected from the Internet. When selecting PPPoE to connect to the network, please set the “User Name” and “Password” from your ISP to access the network.

  • Page 36: Wan2 & Failover

    DSA-6100 User Guide 4.1.4 WAN2 & Failover WAN2 can be configured to one of the following types: None, Static IP Address, Dynamic IP Address and Bonding. None means that WAN2 Port is disabled. Bonding is shown as one of the option when WAN1 is set to Static IP Address.

  • Page 37: Lan1 Configuration

    ROUTER: All IP addresses of internal hosts connected to the LAN1 interface will remain the same while the IP packets travel through WAN1 interface, thus making the DSA-6100 act like a router. IP Address: IP address of each network interface.
  • Page 38 DSA-6100 User Guide DHCP Server Configuration: DHCP options for LAN1 port include Disable, Enable, and Relay. Disable DHCP Server: Disable the function of the DHCP Server. Enable DHCP Server: When enabled, related information has to be filled in properly: DHCP Pool Start IP Address, DHCP Pools End IP Address, Preferred DNS Server, Alternate DNS Server, Domain Name, WINS Server, Lease Time, and Reserved IP Address List.
  • Page 39 Chapter 4. Web Interface Configuration Enable DHCP Relay: Specify the IP address of the DHCP Relay Server. VLAN: In the VLAN mode, the LAN interface can be separated into several virtual LAN interfaces. It allows switches to assign end stations to different virtual LANs. Activate VLAN and Edit VLAN List: Select the check box to activate the VLAN.
  • Page 40 WAN1 interface and onward to outside the network. ROUTER: All IP addresses of hosts on the VLAN interface will remain the same while the IP packets travel through WAN1 interface, thus making the DSA-6100 act like a router. IP address: IP address of each network interface.

  • Page 41: Lan2 Configuration

    Chapter 4. Web Interface Configuration 4.1.6 LAN2 Configuration By default, users on the LAN2 interface are not required to log in before accessing the network, but administrator can enable the user authentication based upon actual network deployment requirements. Please refer to the previous section “LAN1 Configuration”...

  • Page 42: Network Configuration

    DSA-6100 User Guide 4.2 Network Configuration This section is used to set all the internet settings. The section provides information on the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties, Dynamic DNS and IP Mobility.

  • Page 43: Network Address Translation

    Chapter 4. Web Interface Configuration 4.2.1 Network Address Translation There are three options of Network Address Translation that can be set: DMZ, Virtual Servers and Port and IP Redirect. De-Militarized Zone. It maps external WAN IP address to the internal LAN IP addresses. A computer within a DMZ is unprotected by firewall and typically all port accesses are routed through that computer.
  • Page 44 DSA-6100 User Guide Virtual Servers This function allows servers within LAN to become accessible from WAN. This function allows the administrator to set up to 40 virtual servers, to allow computers not belonging to the managed network (WAN network), to access the servers in the managed network (LAN network). Enter the “External Service Port”, “Local Server IP Address”...
  • Page 45 Chapter 4. Web Interface Configuration Port and IP Redirect When the user attempts to connect to a destination IP address/Port listed here, the connection packet will be converted and redirected to the corresponding destination. Port and IP Redirection enables the redirection of the original IP address.

  • Page 46: Privilege List

    If there are some workstations belonging to the managed server that need to access the network without authentication, enter the IP addresses to this list. The “Remark” field is not necessary but is useful to keep track. The DSA-6100 allows up to 100 privilege IP addresses. These settings will become effective immediately after clicking Apply.
  • Page 47 In addition to the IP address, the MAC address of the device that needs to access the network without authentication can also be set in this list. The DSA-6100 allows up to 100 privilege MAC addresses. The list can be created by entering data in the table or by import from a file. The list can be exported as well.
  • Page 48 DSA-6100 User Guide Import List: click Import List to enter the Upload MAC Address List interface. Click the Browse button to select the text file for the user account upload. Then click Submit to complete the upload. The uploading file should be a text file and the format of each line is " MAC, Policy, Remark" without the quotes.

  • Page 49: Monitor Ip List

    Chapter 4. Web Interface Configuration 4.2.3 Monitor IP List The system will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable.
  • Page 50 DSA-6100 User Guide Send From: The e-mail address of the administrator in charge of the monitoring. This will show up as the sender’s e-mail. Send To: The e-mail address of the person whom the monitoring result is for. This will be the receiver’s e-mail.

  • Page 51: Walled Garden List

    Chapter 4. Web Interface Configuration 4.2.4 Walled Garden List This system provides the free services to the users to access websites listed here before authentication. IP addresses or domain names of the websites can be defined in this list. Users without the network access right can still have a chance to experience the actual network service free of charge.

  • Page 52: Proxy Server Properties

    Configuration, please go to Appendix C. Proxy Configuration. Internal Proxy Server: The DSA-6100 has a built-in proxy server. If this function is enabled, the end users will be forced to treat the DSA-6100 as the proxy server regardless of the end-users’ original proxy settings.

  • Page 53: Dynamic Dns

    4.2.6 Dynamic DNS The DSA-6100 provides a convenient dynamic DNS (DDNS) function to translate the IP address of the WAN port to a domain name that helps administrators easily memorize and connect to the WAN port. When the DHCP is activated at WAN port, this function will also update the newest IP address regularly to the DNS server if the WAN1 interface is set to Dynamic.

  • Page 54: Ip Mobility

    Allow or disallow users with wrong IP configuration. Clients can use any IP address to connect to the system. Regardless of what the IP address at the client end is, he or she can still authenticate through the DSA-6100 and access the network.

  • Page 55: Ap Management

    Chapter 4. Web Interface Configuration 4.3 AP Management This section includes the following functions: AP List, AP Discovery, Manual Configuration, Template Settings, Firmware Management and AP Upgrade.

  • Page 56: Ap List

    (4) Upgrading: The AP is undergoing firmware upgrade. (5) Lost/Unknown: After DSA-6100’s rebooting and before it tries to probe the AP and determine the exact status, the status will be displayed as Lost or Unknown temporarily. Note: The supported types and firmware of APs are subject to change for different DSA-6100 firmware releases.
  • Page 57 Chapter 4. Web Interface Configuration General Settings: Click General to enter the General Settings interface. Revise the AP Name, Admin Password, SNTP/NTP, SMTP, Syslog and Remark here if desired. Firmware information can also be viewed here. LAN Interface Settings: Click LAN to enter the LAN Settings interface. Input the data of LAN including IP Address, Subnet Mask and Default Gateway of AP.
  • Page 58 DSA-6100 User Guide Wireless Interface Setting: Click Wireless LAN to enter the Wireless interface. The data of Properties and Security need to be filled. Basic Settings: Channel: Select the appropriate channel from the list to correspond with the network settings; for example, 1 to 11 channels are suitable for the North America area.
  • Page 59 Chapter 4. Web Interface Configuration Fragment Length: The fragmentation threshold determines whether packets will be fragmented. Enter a value between 256 and 2346. RTS Length: Enter a value between 256 and 2346. Transmit Power: Select either Full, Half(-3dB), Quarter(-6dB), Eighth (-9dB) or Minimum (minimum power).
  • Page 60 DSA-6100 User Guide Load Balance: When enabled, you allow several APs to balance wireless network traffic and wireless clients among APs in the networks. Assign each access point a different non-overlapping channel. User Limit: Enter the number of the limit of load balancing users from 0~64.
  • Page 61 Access Control Setting: In this function, when the status is Enabled, only these clients which MAC addresses are listed in the list can be allowed to connect DSA-6100. When Disabled is selected, all clients can connect DSA-6100. The default is Disabled.
  • Page 62 DSA-6100 User Guide System Status: The table shows the information about AP Name, AP Status and Last Reporting Time. LAN Status: The table shows the information about IP Address, Subnet Mask and Gateway. Wireless LAN Status: The table shows all of the related wireless information.

  • Page 63: Ap Discovery

    Chapter 4. Web Interface Configuration 4.3.2 AP Discovery Use this function to detect and manage all the supported APs in the network segments. AP Discovery Settings When the administrator tries to discover a new AP, select Factory Default or Manual in Admin Settings Used to Discover field;...
  • Page 64 DSA-6100 User Guide is the admin password of the AP. If the AP is in default value, just select Factory Default, system can discovery the APs. IP Addresses of APs after Discovery: The start IP to be assigned will be entered here.
  • Page 65 Chapter 4. Web Interface Configuration Discovery Results Then click the Scan Now button and the APs that match the given settings will show in the Discovery Results below. If any IP address among the IP range assigned for a specific AP is used, there will be a warning message showing up.

  • Page 66: Manual Configuration

    DSA-6100 User Guide 4.3.3 Manual Configuration The administrators who choose to configure an AP manually can utilize this page, in which provides several fields to be filled in. The supported APs (such as DWL-2100AP) can also be added manually. Enter the related information of the AP and select a Template.

  • Page 67: Template Settings

    Chapter 4. Web Interface Configuration 4.3.4 Template Settings A template is a model that can be copied to every AP without having to configure the each AP individually. The system supports up to three templates which include configurations of APs. The administrator can configure the setting together in the template instead of logging the AP management interface to set the configurations one by one.
  • Page 68 DSA-6100 User Guide DWL-2100AP DWL-2100AP includes all standards 802.11b/g. The connection can be select to enable 802.11b/g or disable. The DWL-2100AP is fully compatible with the IEEE 802.11b and 802.11g standards. General Subnet Mask: The default is 255.255.255.0. All devices in the network must share the same subnet mask.
  • Page 69 Chapter 4. Web Interface Configuration Syslog System Activity: Select “Enable” to allow the logging of system actions, such as logging a firmware upgrade. Wireless Activity: Select “Enable” to allow the logging of any wireless clients that connect to the AP. Notice: Select “Enable”...
  • Page 70 DSA-6100 User Guide networks. WMM: WMM stands for Wi-Fi Multimedia, by enabling this feature. It will improve the user experience for audio and video applications over a Wi-Fi network. Connection Settings: Multi-SSID: Multiple Service Set Identifier. Select either Disabled, Multi-SSID with VLAN or Multi-SSID without VLAN.
  • Page 71 Chapter 4. Web Interface Configuration Access Control by MAC Address: MAC address based control for access the network (AP). This function provides to control the clients’ devices that are allowed to associate with the APs applied with the desired template setting. Choose Disabled or Enabled in the Status column and enter the desired clients’ MAC addresses in the MAC Address List.
  • Page 72 DSA-6100 User Guide II. DWL-3200AP-v2.3+ DWL-3200AP version 2.3 Templates settings allow users to configure wireless 802.11b/g mode settings. DWL-3200AP includes all three standards 802.11b/g mixed, 802.11b only and 802.11g only. Firmware upgrade from DWL-3200AP v2.20 to v2.3 is NOT supported by the system.
  • Page 73 Chapter 4. Web Interface Configuration Public Community: When enabled, change the Public Community Name here. Private Community: When enabled, change the Private Community Name here. Syslog System Activity: Select “Enable” to allow the logging of system actions, such as logging a firmware upgrade.
  • Page 74 DSA-6100 User Guide interoperability with IEEE 802.11b. o Mixed: Select when using 802.11b and 802.11g wireless device. o 802.11g Only: Select when using all 802.11g wireless device. o 802.11b Only: Select when using all 802.11b wireless device. Preamble: Select Long Only or Short and Long. A short preamble is recommended for high-traffic networks.
  • Page 75 Chapter 4. Web Interface Configuration ○ SSID Configuration Page: SSID: Service Set Identifier. Broadcast SSID: Select this option to enable the SSID to broadcast in your network. When configuring the network, it is suggested to enable this function but disable it when the configuration is complete.
  • Page 76 DSA-6100 User Guide Access Control by MAC Address: MAC address based control for access the network (AP). This function provides to control the clients’ devices that are allowed to associate with the APs applied with the desired template setting. Choose Disabled or Enabled in the Status column and enter the desired clients’ MAC addresses in the MAC Address List.
  • Page 77 Chapter 4. Web Interface Configuration III. DWL-8200AP DWL-8200AP includes all three standards 802.11a, 802.11b and 802.11g. DWL-8200AP Templates settings allows users to configure 802.11a and 802.11b and g mode settings. The connection could be select to enable 802.11a, 802.11b/g, or disable. Compatible with 802.11a, 802.11b and 802.11g Devices that is fully compatible with the IEEE 802.11a, 802.11b and 802.11g standards, the DWL-8200AP can connect with existing 802.11b-, 802.11g- or 802.11a-compliant wireless network adapter cards.
  • Page 78 DSA-6100 User Guide General Subnet Mask: The default is 255.255.255.0. All devices in the network must share the same subnet mask. Default Gateway: The default is 192.168.1.1. Enter the gateway IP address for the network, typically a router. SNTP/NTP: The time server IP address, time zone, and the local time will be displayed.
  • Page 79 Chapter 4. Web Interface Configuration network are configured with Super Mode with Dynamic Turbo enabled. Internal Station Connection: Select either Enabled or Disabled. The connection allows clients to communicate with each other when enabled. 802.11a Performance Settings/ 802.11g Performance Settings: Data Rate: The default is Auto.
  • Page 80 DSA-6100 User Guide RSSI value. When disabled, each radio will use its main antenna. 802.11g Multi-SSID Settings /802.11a Multi-SSID Settings: Select Disabled, Multi-SSID without VLAN 802.11g mode only, Multi-SSID without VLAN 802.11b mode only, Multi-SSID without VLAN for both modes or Multi-SSID with VLAN. While Multi-SSID enabled, Super G / A Mode will be disabled automatically.
  • Page 81 Chapter 4. Web Interface Configuration ○ SSID Configuration Page: SSID: Service Set Identifier. Broadcast SSID: Select this option to enable the SSID to broadcast in your network. When configuring the network, it is suggested to enable this function but disable it when the configuration is complete.

  • Page 82: Firmware Management

    DSA-6100 User Guide 4.3.5 Firmware Management This is where AP’s firmware can be uploaded. The current firmware can also be downloaded to the local storage if required. The system supports the firmware management of APs to upload new firmware, delete the existing firmware, and download the firmware to managed APs.

  • Page 83: Ap Upgrade

    Chapter 4. Web Interface Configuration 4.3.6 AP Upgrade The administrator can upgrade the firmware of selected APs individually or at the same time by checking the check box of the APs in Selection column. Note that both the version before upgrade and the next version must be ones that have been integrated with the system.

  • Page 84: User Authentication

    DSA-6100 User Guide 4.4 User Authentication This section provides information on the following functions: Authentication Configuration, Policy Configuration, Black List Configuration, Guest User Configuration and Additional Configuration.

  • Page 85: Authentication Configuration

    This function is to configure the settings for different authentication servers. Using the DSA-6100, on-demand user and PMS user can be administered with different policy. Click on the server name to set the related configurations for that particular server. After completing and clicking Apply to save the settings, go back to the previous screen to choose a server to be the default server and enable or disable any server on the list.

  • Page 86: Local Server

    DSA-6100 User Guide 4.4.1.1 Local Server This server is only for “Local User” and the authentication method can not be changed for this server which manages user accounts on lists of the local user setting. Choose “Local Server” in the Server Name field, the hyperlink beside the pull-down menu will become setting of “Local Server”.
  • Page 87 Chapter 4. Web Interface Configuration Add User: Click this button to enter into the Add User interface. Fill in the necessary information such as “Username”, “Password”, “MAC” and “Remark”. Select a desired Maximum Bandwidth, Request Bandwidth and Policy. “Username” and “Password” are required information, the rest are optional, For the Policy configuration, please check section of Policy Configuration.
  • Page 88 DSA-6100 User Guide Click Apply to complete adding the user or users Import User: Click this to enter the Upload User interface. Click the Browse button to select the text file for the user account upload. Then click Submit to complete the upload process.
  • Page 89 Chapter 4. Web Interface Configuration Export List: Click this to create a .txt file and then save it on disk.
  • Page 90 DSA-6100 User Guide Refresh: Click this to renew the list. Refresh button. Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed.
  • Page 91 Chapter 4. Web Interface Configuration RADIUS Roaming Out / 802.1x Authentication: When RADIUS Roaming Out is enabled, this system becomes a RADIUS server for other external RADIUS clients. The Local user with RADIUS roaming out permission need to be configured in the Radius Client List first. The Local user in the list may then log on the system via the other domain, such as a branch office, as long as the RADIUS clients are configured accordingly.

  • Page 92: Pop3 Server

    DSA-6100 User Guide 4.4.1.2 POP3 Server The system may authenticate users using their POP3 email account. You may configure both primary and secondary POP3 server for fault tolerance. POP3 refers to Post Office Protocol 3, a standard protocol used to retrieve email stored in a mail server.

  • Page 93: Radius Server

    Chapter 4. Web Interface Configuration 4.4.1.3 RADIUS Server The system supports 802.1x Authentication using external RADIUS server. You may configure both primary and secondary RADIUS server for fault tolerance. RADIUS refers to Remote Authentication Dial-In User Service, an authentication and accounting system used by many Internet Service Providers (ISPs). The system may authenticate users using external RADIUS server including both primary and secondary RADIUS server.
  • Page 94 DSA-6100 User Guide 802.1X Authentication: When enabled, this system can authenticate RADIUS clients against the external RADIUS server. Enable this function and the hyperlink of RADIUS Client List will appear. Click the hyperlink to get into the RADIUS Client Configuration list for further configuration. Please refer to RADIUS Roaming Out/802.1x Authentication in 4.4.1.1 Local Server.
  • Page 95 For a RADIUS server, if a class mapping is enabled, a configuration page allows the mapping of RADIUS class attributes to a policy on DSA-6100. If there is no policy chosen for a RADIUS Class attribute, the total bandwidth for that RADIUS Class is bounded by the total bandwidth of the default policy of the authentication server.

  • Page 96: Ldap Server

    DSA-6100 User Guide 4.4.1.4 LDAP Server The system may authenticate users using external LDAP server. You may configure both primary and secondary LDAP server for fault tolerance. LDAP refers to Lightweight Directory Access Protocol, a set of protocols for accessing information directories. The system may authenticate users using external LDAP server including both primary and secondary.
  • Page 97 Chapter 4. Web Interface Configuration Anonymous: Access the LDAP servers without requiring authentication but only select one Account Attribute (UID, CN or Account Name). Specified DN: Entering the specific DN username and password in the “Bind RDN” and “Bind Password” fields, and then select one Account Attribute (UID, CN or Account Name) to access the LDAP server.

  • Page 98: Nt Domain Server

    DSA-6100 User Guide 4.4.1.5 NT Domain Server This system may authenticate users using external MS Domain Server. NT Domain Server refers to external MS Domain Server. Choose “NTDomain” in the Server Name field, the hyperlink beside the pull-down menu will become “NT Domain Setting”.

  • Page 99: On Demand User

    Chapter 4. Web Interface Configuration 4.4.1.6 On Demand User This is needed in a retail environment. When customers need to use wireless Internet in a store, they have to get a printed receipt with username and password from the store to log in the system for wireless access. Choose “On Demand User”...
  • Page 100 DSA-6100 User Guide A. User List: The page shows all valid on-demand accounts and their status. Click to enter the On-demand User List screen. In the On-demand User List, detailed information will be documented here. By default, the On-demand user database is empty.
  • Page 101 Chapter 4. Web Interface Configuration B. Billing Configuration: This page allows administrators to change the billing configuration for on-demand accounts. Click this to enter the Billing Configuration screen. In the Billing Configuration screen, the Administrator may configure up to 10 billing plans. Status: Select to enable or disable this billing plan.
  • Page 102 DSA-6100 User Guide C. Create On-Demand User: This page allows administrators to create on-demand accounts. Click this to enter the On-Demand User Generate screen. Pressing the Create button for the desired plan, an On-demand user will be created, then click Printout to print a receipt which will contain this on-demand user’s information.

  • Page 103: Pms User

    Chapter 4. Web Interface Configuration 4.4.1.7 PMS User The system integrates a hotel indoor billing system, PMS (Property Management System), developed by Micros Fidelio, and it usually used in a hotel environment. When the customers need to use wireless Internet in the hotel, they have to get a printed receipt with username and password form the hotel to log in the system for wireless access.
  • Page 104 DSA-6100 User Guide A. Users List: This page shows all valid PMS accounts and their status. Click to enter the PMS User List screen. In the PMS User List, detailed information will be documented here. By default, the PMS user database is empty.
  • Page 105 Chapter 4. Web Interface Configuration B. Billing Configuration: This page allows administrators to change the billing configuration for PMS accounts. Click this to enter the Billing Configuration screen. In the Billing Configuration screen, Administrator may configured up to 5 billing plans. Status: Select to enable or disable this billing plan.
  • Page 106 DSA-6100 User Guide C. Created PMS User: This page allows administrators to create PMS accounts. Click this to enter the PMS User Generate screen. There are 5000 PMS user accounts available. By default, the PMS user database is empty. After entering the “Room Number” and “Maximum User”, select the desired plan and press the Create button.

  • Page 107: Policy Configuration

    System supports up to 10 individual policies, each of which consists of access control profiles that can be applied to a certain group of users. In the DSA-6100 system architecture, a group of users are associated with an authentication method which is defined by Authentication Server configuration. On the other hand, the Global policy also consists of access control profiles and can be globally applied to all users.
  • Page 108 DSA-6100 User Guide Selecting the Filter Rule Item 1: Rule Item: This is the rule selected. Rule Name: The rule name can be changed here. Enable this Rule: After checking this function, the rule will be enabled. Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing.
  • Page 109 Chapter 4. Web Interface Configuration Specific Route Profile: Click the hyperlink of Setting for Specific Route Profile, the Specific Route Profile list will appear. Profile Name: The profile name can be changed here. Network/IP Address (Destination): The destination network address or IP address of the destination host.
  • Page 110 DSA-6100 User Guide Default Rule: It is to specify the default action that the system should perform for the traffic between all VLAN interfaces as well as the LAN interfaces. Pass All Traffic: When selected, the system allows all traffic to travel between all VLAN interfaces as well as the LAN interfaces.
  • Page 111 Chapter 4. Web Interface Configuration II. Policy 1~Policy 10: 10 individual policies, each policy consists of three different network related access profiles and bandwidth controls. Select Policy: Select Policy1~10 for setting up policy configuration. Firewall Profile: Policy firewall rules can be defined. Specific Route Profile: Define up to 10 static routes.
  • Page 112 DSA-6100 User Guide Selecting the Filter Rule Item 1: Rule Item: This is the rule selected. Rule Name: The rule name can be changed here. Enable this Rule: After checking this function, the rule will be enabled. Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing.
  • Page 113 Chapter 4. Web Interface Configuration appropriate value of address based on the combination of Network/IP Address and Subnet Mask that are just entered and applied. Subnet Mask: The Subnet Mask of the destination network or just 255.255.255.255(/32) if the destination is a single host. IP Address (Gateway): The IP address of the next router to the destination.
  • Page 114 DSA-6100 User Guide Maximum Concurrent Sessions: The maximum number of concurrent sessions which is allowed to be established by each user. Use the drop-down list to select the maximum number of concurrent sessions which is allowed to be established by each user.

  • Page 115: Black List Configuration

    Select Black List: There are 5 lists supported by DSA-6100 for selections. Name: Set the name of the black list and it will show in the pull-down menu above.
  • Page 116 DSA-6100 User Guide After entering the usernames in the “Username” blanks and the related information in the “Remark” blank (not required). Click Apply to add the users.
  • Page 117 Chapter 4. Web Interface Configuration Check Black List Configuration screen; the added black list usernames will be shown on the list. If the administrator wants to remove a user from the black list, just select the user’s “Delete” check box and then click the Delete button to remove that user from the black list.
  • Page 118 DSA-6100 User Guide Import Black List: Click this to enter the Upload Black List Account – (Blacklist1) interface. Click the Browse button to select the text file for the user account upload to the black list. Then click Submit to complete the upload process.

  • Page 119: Guest User Configuration

    Select “Enable Guest User” and click Apply to save the settings. Guest User List: The DSA-6100 offers ten guest users for log in. To activate a guest user, just enter the password in the corresponding “Password” text field for that guest account. Guest accounts with blank password will not be activated.

  • Page 120: Additional Configuration

    DSA-6100 User Guide 4.4.5 Additional Configuration In this section, additional settings are provided for the administrator to the following for user management. A. User Control: Functions under this section applies for all general users. Idle Timer: If a user has been idled with no network activities, the system will automatically log out the user.
  • Page 121 Chapter 4. Web Interface Configuration C. Customize Login Pages: The system allows the great customization on end-user interface. Administrators may upload device certificate, customized login, and logout webpage. 1). Certificate: The administrator can upload new private key and customer certification, external certificate issued by public or private authority.
  • Page 122 DSA-6100 User Guide b. Choose Template Page to make a customized login page. Click Select to pick up a color and then fill in all of the blanks. Click Preview to see the result first.
  • Page 123 Chapter 4. Web Interface Configuration c. Choose Uploaded Page and upload a login page. Note: The user-defined login page must include the following HTML codes to provide the necessary fields for username and password. And if the user-defined login page includes an image file, the image file path in the HTML code must be the image file to be uploaded.
  • Page 124 DSA-6100 User Guide Click the Browse button to select the file to upload. Then click Submit to complete the upload process. Next, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit.
  • Page 125 Chapter 4. Web Interface Configuration In DSA-6100, the end user first gets a login page when she/he opens its web browser right after associating with an access point. However, in some situations, the hotspot owners or MIS staff may want to display “terms of use”...
  • Page 126 DSA-6100 User Guide If user checks “I disagree” and clicks Next, a window will pop up to tell user that he/she cannot log in d. Choose the External Page selection and get the login page from the specific website. In the “External Page Setting”, enter URL of the external login page on the external web server and then...
  • Page 127 Chapter 4. Web Interface Configuration After applying the setting, the new login page can be previewed by clicking Preview button at the bottom of this page. The user-defined logout page must include the following HTML codes to provide the necessary fields for username and password.
  • Page 128 DSA-6100 User Guide Note: The different part is the HTML code of the user-defined logout interface must include the following HTML code that the user can enter the username and password. After the upload is completed, the user-defined login user interface can be previewed by clicking Preview at the bottom of this page. If restore to factory default setting is needed for the logout interface, click the “Use Default Page”...
  • Page 129 Chapter 4. Web Interface Configuration b. Choose Template Page to make a customized login success page. Click Select to pick up a color and then fill in all of the blanks. Click Preview to see the result first.
  • Page 130 DSA-6100 User Guide c. Choose Uploaded Page and get the login success page to upload. Click the Browse button to select the file for the login success page upload. Then click Submit to complete the upload process. After the upload process is completed and applied, the new login success page can be previewed by clicking Preview button at the bottom.
  • Page 131 Chapter 4. Web Interface Configuration d. Choose the External Page selection and get the login success page from the specific website. In the “External Page Setting”, enter URL of the external login page on the external web server and then click Apply.
  • Page 132 DSA-6100 User Guide 5). Login Success Page for On-Demand: The administrator can use the default login succeed page for On-Demand or get the customized login success page for On-Demand by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, click Preview to see the login success page for On-Demand.
  • Page 133 Chapter 4. Web Interface Configuration b. Choose Template Page to make a customized login success page for On-Demand. Click Select to pick up a color and then fill in all of the blanks. Click Preview to see the result first.
  • Page 134 DSA-6100 User Guide c. Choose Uploaded Page and get the login success page for On-Demand by uploading. Click the Browse button to select the file for the login success page for On-Demand upload. Then click Submit to complete the upload process.
  • Page 135 Chapter 4. Web Interface Configuration Next, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K.
  • Page 136 DSA-6100 User Guide 6). Logout Success Page: The administrator can use the default logout success page or get the customized login success page by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, click Preview to see the logout success page.
  • Page 137 Chapter 4. Web Interface Configuration c. Choose Uploaded Page and get the logout success page to upload. Click the Browse button to select the file for the logout success page upload. Then click Submit to complete the upload process. After the upload process is completed and applied, the new logout success page can be previewed by clicking Preview button at the bottom.
  • Page 138 Volume is 1Mbyte and the level for Time is 5 minutes. E. POP3 Message: If a user tries to retrieve mail from POP3 mail server before login, the users will receive a welcome mail from DSA-6100. The administrator can edit the content of this welcome mail.
  • Page 139 F. Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into the DSA-6100. There will only be 40 users allowed in this MAC address list. User authentication is still required for these users. Please enter the MAC Address Control to fill in these MAC addresses, select Enable, and then click Apply.

  • Page 140: Status

    DSA-6100 User Guide 4.5 Status This section is to display information on System Status, Interface Status, Current Users, Traffic History, Notification Configuration and Online Report.

  • Page 141: System Status

    The following is a description of the information available in System Status: Description Item The present firmware version of the DSA-6100. Current Firmware Version The system name. The default is the DSA-6100. System Name The page the users are directed to after initial login Home Page success.
  • Page 142 DSA-6100 User Guide The IP address and port number of the external Syslog Syslog Server- Traffic History Server. N/A means that it is not configured. Enabled/disabled indicates whether the system is Proxy Server currently using a proxy server. Enabled/disabled indicates whether a logout confirmation...

  • Page 143: Interface Status

    Chapter 4. Web Interface Configuration 4.5.2 Interface Status The Interface Status function provides an overview of the interfaces on the network, including WAN1, LAN1 and LAN2 interfaces. Click on VLAN hyperlink to enter VLAN Interface Status, including status of LAN DHCP Server, LAN Tag# and LAN Tag# DHCP Server.
  • Page 144 DSA-6100 User Guide The following is a description of the information available for Interface Status: Description Item The MAC address of the WAN1 port. MAC Address The IP address of the WAN1 port. IP Address WAN1 The Subnet Mask of the WAN1 port.

  • Page 145: Current Users

    Chapter 4. Web Interface Configuration 4.5.3 Current Users In this function, each online user’s information including Username, IP Address, MAC Address, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle and Kick Out can be obtained. Administrator can use this function to force a specific online user to log out.

  • Page 146: Traffic History

    4.5.4 Traffic History This function is used to check the history of the DSA-6100. Administrator may keep the following records for up to 3 days. All records are sorted by date and listed accordingly. Please note that these records are stored on the volatile memory and will be lost if the system is turnoff.
  • Page 147 Chapter 4. Web Interface Configuration Click Download to save every history log in a text file. If the History Email has been entered under the Notification Configuration page, then the system will automatically send out the history information to that email address. Traffic History Sorted by time, the traffic history provided all login and logout activities of the specific date.
  • Page 148 DSA-6100 User Guide PMS User Log This page includes the PMS user account status changes and the traffic history. The following picture shows each line of the on-demand user log record consisting of 14 fields: Date, Posting Number, Type, Name, Room ID, IP, MAC, Packets In, Packets Out, Bytes In, Bytes Out, ExpireTime, ValidTime and Remark.
  • Page 149 This page shows the history records of the CPU and memory usage. As shown in the following picture, the history record consists of 5 fields of the DSA-6100 status: CPU Usage %, Memory Usage %, Total Memory (KB), Memory Used (KB) and Memory Free (KB).
  • Page 150 DSA-6100 User Guide Monthly Report Monthly traffic statistics. As shown in the following picture, the monthly report consists of 5 fields: Local, Roaming in, Roaming out, On Demand Users, PMS Users.

  • Page 151: Notification Configuration

    Chapter 4. Web Interface Configuration 4.5.5 Notification Configuration As earlier mentioned, the DSA-6100 will save the traffic history into the internal DRAM. If the administrator wants the system to automatically send out the history to a particular email address, a notification configuration may be set as shown in the picture below.
  • Page 152 DSA-6100 User Guide SMTP Server: The IP address or domain name of the SMTP server. SMTP Auth Method: The system provides four authentication methods, Plain, Login, CRAM-MD5 and NTLMv1, or “None” to use none of the above. Depending on which authentication method selected, enter the Account Name, Password and Domain.

  • Page 153: Online Report

    Network Interface Status and Network Session Status. System Status The page shows the current CPU and memory usage. This online report of DSA-6100 status consists of 5 fields: CPU Usage, Memory Usage, Total Memory, Memory Used and Memory Free. Service Status This page shows the current status of the internal daemon service.
  • Page 154 DSA-6100 User Guide Network Interface Status This page shows current throughput of every WAN and LAN interface. The online report for WAN and LAN status consists of 5 fields: Interface, Speed-IN (bps), Speed-OUT (bps), Packet-IN (pps) and Packet-OUT (pps). Network Session Status This report tells how many connections (TCP and UDP) each IP address is using now.

  • Page 155: Tool

    Chapter 4. Web Interface Configuration 4.6 Tool This section provides information on four utilities used for customizing and maintaining the system, including Change Password, Backup/Restore Setting, Firmware Upgrade, Ping Utility and Restart.

  • Page 156: Change Password

    Please enter the current password and then enter the new password twice to verify. Click Apply to activate the new passwords. The DSA-6100 supports three types of account interface: admin, manager, operator or frontdesk. These account interfaces are authenticated to access only certain configuration pages. The default usernames and...
  • Page 157 Chapter 4. Web Interface Configuration Admin: The administrator can access all configuration pages of the DSA-6100. User Name: admin Password: admin Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts, but has no permission to change the settings of the profiles for Firewall, Specific Route and Schedule.
  • Page 158 DSA-6100 User Guide Operator: The operator can only access the configuration page of Create On-demand User to create and print out the new on-demand user accounts. User Name: operator Password: operator Frontdesk: The frontdesk can only access the configuration page of PMS Frontdesk Tools to view the PMS users list or create and print out the new PMS users.
  • Page 159 Chapter 4. Web Interface Configuration PMS User List PMS User Creation Caution: If the administrator’s password is lost, the administrator’s password can still be changed through the text mode management interface on the console port.

  • Page 160: Backup/Restore Setting

    DSA-6100 User Guide 4.6.2 Backup/Restore Setting This function is used to backup/restore the DSA-6100 settings. The DSA-6100 can also be restored to the factory default settings using this function. Backup Current Setting: Click Backup Settings to save the current system configuration to a backup file on a local disk of the management console.

  • Page 161: Firmware Upgrade

    Chapter 4. Web Interface Configuration 4.6.3 Firmware Upgrade The administrator can download the latest firmware from the website and upgrade the system. Click Browse to search for the firmware file and click Apply to go on with the firmware upgrade process. It may take a few minutes before the upgrade process completes.

  • Page 162: Ping Utility

    DSA-6100 User Guide 4.6.4 Ping Utility This utility is for administrator’s convenience to easily test the network connection on the DSA-6100 administration interface. Enter IP address or domain name in Host field and press Ping button. The results will show whether the...

  • Page 163: Restart

    4.6.5 Restart This function allows the administrator to safely restart the DSA-6100. The process should take about three minutes. Click YES to restart the system; click NO to go back to the previous screen. Please wait for countdown timer to finish before accessing the system management webpage again.

  • Page 164: Help

    DSA-6100 User Guide 4.7 Help The Help button is at the upper right corner of the DSA-6100 display screen. Click Help for the Online Help window, and then click the hyperlink of the relevant information required.

  • Page 165: Appendix A. External Network Access

    1. Connect a client’s device such as a PC to the Public LAN port of the DSA-6100. The device will get an IP address automatically via DHCP. Next, open a web browser and access any URL. The default User Login Page will appear.
  • Page 166 DSA-6100 User Guide 3. If a message “Sorry, this feature is available for on-demand user only” appears instead, it means a wrong button has been clicked. “Remaining” is only for on-demand users. Please click the Submit button instead. 4. An on-demand user can enter the username and password in the “User Login Page” and click Remaining button to know the remaining time or data quota of the account.
  • Page 167 Appendix A. External Network Access Enter the new username and password obtained, and click the Redeem button to merge the two accounts to add up the available usage time and data size by the system. The total available usage time and data size after adding credit will then be shown.

  • Page 168: Appendix B. Console Interface Configuration

    Upon completing this process, the console interface configuration will be accessible via the console port to handle problems and situations occurring during operation. 1. To connect to the console port of the DSA-6100, a console, modem cable, and a terminal simulation program such as the Hyper Terminal will be required.
  • Page 169 Management Interface via the browser or when it fails inexplicitly. The Administrator can choose this utility and set the DSA-6100 into safe mode to manage the device using a browser. Synchronize clock with NTP server: Immediately synchronize the clock through the NTP protocol and the specified network time server.
  • Page 170 Caution: Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, it is recommended that you immediately change the DSA-6100 Admin username and password after logging into the system for the first time. Reload factory default Choose this option to reset the system configuration to the factory default settings.

  • Page 171: Appendix C. Proxy Configuration

    Service Providers. In a hotspot environment, users usually enable their proxy setting at their browsers, such as IE and Firefox. Likewise, the DSA-6100 also needs to set some proxy configuration in the Gateway. Follow these steps to complete the proxy configuration Login Gateway by using “admin”.
  • Page 172 DSA-6100 User Guide Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will appear. Add the ISP’s proxy Server IP and Port into External Proxy Server Setting.
  • Page 173 Appendix C. Proxy Configuration Enable Built-in Proxy Server in Internal Proxy Server Setting. Click Apply to save the settings.
  • Page 174 DSA-6100 User Guide For Enterprise Enterprises usually isolate their intranet and internet by using more elaborated network architecture. Many enterprises have their own proxy server which is usually located at the intranet or DMZ under firewall protection. In enterprises, network managers or MIS staff may often ask their users to enable their proxy setting of the browsers such as IE and Firefox to reduce the internet access loading.
  • Page 175 Appendix C. Proxy Configuration Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will appear. Add your proxy Server IP and Port into External Proxy Server Setting. Disable Built-in Proxy Server in Internal Proxy Server Setting.
  • Page 176 DSA-6100 User Guide Click Apply to save the settings. Warning If your proxy server is disabled, it will make the user authentication operation abnormal. When users open the browser, the login page will not appear because the proxy server is down. Please make sure your proxy server is always available.
  • Page 177 Appendix C. Proxy Configuration Open the browser to add the default gateway IP address (e.g. 192.168.1.254) and logout page IP address “1.1.1.1” into the proxy exception information. For Internet Explorer For Mozilla Firefox...

  • Page 178: Appendix D. Certificate Setting For Ie6 And Ie7

    As long as the SSL function is enabled in the DSA-6100, there must be a public SSL certificate signed by an established certificate authority. To avoid the error message in the browser, a company should have its own Certificate Authority (CA).
  • Page 179 Appendix D. Certificate Setting for IE6 and IE7 2) Certificate setting for Internet Explorer 7 For IE7, certificate issues caused by certificate publisher not trusted by IE7, the following steps may be taken to provide a workaround or to bypass the issue. a.
  • Page 180 DSA-6100 User Guide For installing a trusted certificate to solve the IE7 certificate issue, please follow instructions below. a. When the User Login page appears, click “Certificate Error” at the top. b. Click “View Certificate”. c. Click “Certification path”.
  • Page 181 Appendix D. Certificate Setting for IE6 and IE7 d. Select root certification, then click “View Certificate”. e. Click “Install Certificate”. Click “Next”.
  • Page 182 DSA-6100 User Guide g. Select “Automatically select the certificate store based on the type of certificate”, then click “Next”. h. Click “Finish”. Click “Yes”.
  • Page 183 Appendix D. Certificate Setting for IE6 and IE7 Click “OK”. k. Launch a new IE7 browser. The certificate is now trusted via IE7 according to the key symbol shown at top next to the address field.
  • Page 184 DSA-6100 User Guide Certificate setting for Internet Explorer 6 For issues relating to IE6 certificate error, the following information provides the step to proceed when the certificate publisher is not trusted by IE6. Open an IE6 browser, the Security Alert message will be appeared if the certificate is not trusted. Click “Yes”...

  • Page 185: Appendix E. Vlan Isolation

    DSA-6100. When the specific VLAN isolation rule (which is applicable to VALN1 and VLAN2) is activated in DSA-6100, the traffic will be blocked by DSA-6100 and therefore the users on two VLANs are “isolated” from each other. For more information about the VLAN isolation, here are the details: 1) The VLAN isolation rules are configured in “Global Policy”...
  • Page 186 DSA-6100 User Guide 2) If the system is not in Bridge mode, the isolation rules are applied in two tiers, a big default rule and up to ten exceptional rules. The default action (the big default isolation rule) for the traffic between all interfaces is either Pass All or Block All.

  • Page 187: Appendix F. Session Limit And Session Log

    Appendix F. Session Limit and Session Log Appendix F. Session Limit and Session Log Session Limit To prevent ill-behaved clients or malicious software from using up system’s connection resources, administrators will have to restrict the number of concurrent sessions that a user can establish. The maximum number of concurrent sessions (TCP and UDP) for each user can be specified in the Global policy, which applies to authenticated users, users on a non-authenticated port, privileged users, and clients in DMZ zones.
  • Page 188 DSA-6100 User Guide The following table shows an example of the session log data. Jul 20 12:35:05 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1626 DIP=203.125.164.132 DPort=80 Jul 20 12:35:05 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1627 DIP=203.125.164.132 DPort=80 Jul 20 12:35:06 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1628 DIP=203.125.164.142 DPort=80 Jul 20 12:35:06 2007 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1629 DIP=203.125.164.142 DPort=80...

Table of Contents