Jan 16

Configuring Security on the Wireless Access Point On D-Link DWL-2600AP

You configure secure wireless client access by configuring security for each virtual access point (VAP) that you enable. You can configure up to 16 VAPs per radio that simulate multiple APs in one physical access point. By default, only one VAP is enabled. For each VAP, you can configure a unique security mode to control wireless client access.Each radio has 16 VAPs, with VAP IDs from 0-15. By default, only VAP 0 on each radio is enabled. VAP0 has the following default settings:

•) VLAN ID: 1
•) Broadcast SSID: Enabled
•) SSID: dlink1
•) Security: None
•) MAC Authentication Type: None
•) Redirect Mode: None

All other VAPs are disabled by default. The default SSID for VAPs 1–15 is ”dlinkx” where x is the VAP ID.To prevent nauthorized access to the UAP, we recommend that you select and configure a security option other than None for the default VAP and for each VAP that you enable.

D-Link DWL-2600AP Virtual Access Point Settings

To change VAP 0 or to enable and configure additional VAPs, select the VAP tab in the Manage section.VAPs segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs.VAPs simulate multiple APs in one physical AP. Each radio supports up to 16 VAPs.

For each VAP, you can customize the security mode to control wireless client access. Each VAP can also have a unique SSID. Multiple SSIDs make a single AP look like two or more APs to other systems on the network.By configuring VAPs, you can maintain better control over broadcast and multicast traffic, which affects network performance.

You can configure each VAP to use a different VLAN, or you can configure multiple VAPs to use the same VLAN,whether the VLAN is on the same radio or on a different radio. VAP0, which is always enabled on both radios, is assigned to the default VLAN1.

The AP adds VLAN ID tags to wireless client traffic based on the VLAN ID you configure on the VAP page or by using the RADIUS server assignment. If you use an external RADIUS server, you can configure multiple VLANs on each VAP. The external RADIUS server assigns wireless clients to the VLAN when the clients associate and authenticate.

You can configure up to four global IPv4 or IPv6 RADIUS servers. One of the servers always acts as a primary while the others act as backup servers. The network type (IPv4 or IPv6) and accounting mode are common across all configured RADIUS servers. You can configure each VAP to use the global RADIUS server settings, which is the default, or you can configure a per-VAP RADIUS server set. You can also configure separate RADIUS server settings for each VAP. For example, you can configure one VAP to use an IPv6 RADIUS server while other VAPs use the global IPv4 RADIUS server settings you configure.

If wireless clients use a security mode that does not communicate with the RADIUS server, or if the RADIUS server does not provide the VLAN information, you can assign a VLAN ID to each VAP. The AP assigns the VLAN to all wireless clients that connect to the AP through that VAP.

Note: Before you configure VLANs on the AP, be sure to verify that the switch and DHCP server the AP uses can support IEEE 802.1Q VLAN encapsulation.



Tags: , ,

Jul 07

D-Link DES-1200 Series Include:D-Link DES-1210,DES-1228,DES-1250,DES-1252.This article teaches you to how to set 802.1X Settings on DES-1200 Series Web Smart Switch.

Network switches provide easy and open access to resources by simply attaching a client PC. Unfortunately this automatic configuration also allows unauthorized personnel to easily intrude and possibly gain access to sensitive data.

IEEE-802.1X provides a security standard for network access control, especially in Wi-Fi wireless networks.802.1X holds a network port disconnected until authentication is completed. The switch uses Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol client identity (such as a user name) with the client, and forward it to another remote RADIUS authentication server to verify access rights. The EAP packet from the RADIUS server also contains the authentication method to be used. The client can reject the authentication method and request another, depending on the configuration of the client software and the RADIUS server. Depending on the authenticated results, the port is either made available to the user, or the user is denied access to the network.

The RADIUS servers make the network a lot easier to manage for the administrator by gathering and storing the user lists.


By default, 802.1X is disabled. To use EAP for security, select enabled and set the 802.1X Global Settings for the Radius Server and applicable authentication information.

Authentication Port: sets primary port for security monitoring. Default is 1812.

Key: Masked password matching the Radius Server Key.

Confirm Key: Enter the Key a second time for confirmation.

TxPeriod: Sets the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request. Default is 24 seconds.

ReAuthEnabled: This enables or disables the periodic ReAuthentication control. When the 802.1X function is enabled, the ReAuthEnabled function is by default also enabled.

QuietPeriod: Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client. Default is 80 seconds.

SuppTimeout: Sets the switch-to-client retransmission time for the EAP-request frame. Default is 12 seconds.

ServerTimeout: Sets the amount of time the switch waits for a response from the client before resending the response to the authentication server. Default is 16 seconds.

MaxReq: This parameter specifies the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session. Default is 5 times.

ReAuthPeriod: This command affects the behavior of the switch only if periodic re-authentication is enabled.Default is 3600.

To establish 802.1X port-specific assignments, select the From Ports / To Ports and select enable.

Tags: , , ,

Jul 05

It is recommended to enable encryption on your wireless router D-Link DIR-825 before your wireless network adapters. Please establish wireless connectivity before enabling encryption. Your wireless signal may degrade when enabling encryption due to the added overhead.

1. Log into the web-based configuration by opening a web browser and entering the IP address of the D-Link DIR-825 router ( Click on Setup and then click Wireless Settings on the left side.

2. Next to Security Mode, select WPA-Enterprise.

3. Next to WPA Mode, select Auto, WPA2 Only, or WPA Only. Use Auto if you have wireless clients using both WPA and WPA2.

4. Next to Cypher Type, select TKIP and AES, TKIP, or AES.

5. Next to Group Key Update Interval, enter the amount of time before the group key used for broadcast and multicast data is changed (3600 is default).


6. Next to Authentication Timeout, enter the amount of time before a client is required to re-authenticate (60 minutes is default).

7. Next to Radius Server IP Address enter the IP Address of your Radius server.

8. Next to RADIUS Server Port, enter the port you are using with your RADIUS server. 1812 is the default port.

9. Next to RADIUS Server Shared Secret, enter the security key.

10. If the MAC Address Authentication box is selected then the user will need to connect from the same computer whenever logging into the wireless network.


11. Click Advanced to enter settings for a secondary Radius Server.

12. Click Apply Settings to save your settings.

Tags: , , ,