Product Manual
Page 2
......1 System Requirements...1 Introduction...2 Hardware Overview (Front Panel 3 Features...4 Text and Syntax Conventions...5 Installation...6 Serial Console Cable...6 10/100 Ethernet Cable Wiring...6 Installation Hardware and Tools...7 Getting Started...8 Using the Command-Line Interface 9 CLI Conventions...9 Command Prompts...DWS-1008 Setup Methods...18 Overview...18 Quick Starts...18 CLI...18 Web View...18 Web Quick Start...19 Web Quick Start Parameters 19 Web Quick Start Requirements 19 Accessing the Web Quick Start 20 CLI quickstart Command...22 Quickstart Example...23 D-Link DWS-1008...
......1 System Requirements...1 Introduction...2 Hardware Overview (Front Panel 3 Features...4 Text and Syntax Conventions...5 Installation...6 Serial Console Cable...6 10/100 Ethernet Cable Wiring...6 Installation Hardware and Tools...7 Getting Started...8 Using the Command-Line Interface 9 CLI Conventions...9 Command Prompts...DWS-1008 Setup Methods...18 Overview...18 Quick Starts...18 CLI...18 Web View...18 Web Quick Start...19 Web Quick Start Parameters 19 Web Quick Start Requirements 19 Accessing the Web Quick Start 20 CLI quickstart Command...22 Quickstart Example...23 D-Link DWS-1008...
Product Manual
Page 12
......258 PKCS #7, PKCS #10, and PKCS #12 Object Files 258 Certificates Automatically Generated by MSS 260 Creating Keys and Certificates 260 Choosing the Appropriate Certificate Installation Method for Your Network 261 D-Link DWS-1008 User Manual xi
......258 PKCS #7, PKCS #10, and PKCS #12 Object Files 258 Certificates Automatically Generated by MSS 260 Creating Keys and Certificates 260 Choosing the Appropriate Certificate Installation Method for Your Network 261 D-Link DWS-1008 User Manual xi
Product Manual
Page 13
... and Key Information 265 Key and Certificate Configuration Scenarios 266 Creating Self-Signed Certificates 266 Installing CA-Signed Certificates from PKCS #12 Object Files 268 Installing CA-Signed Certificates Using a PKCS #10 Object File (CSR) and a PKCS #7...Exception 279 Remote Authentication with Local Backup 279 IEEE 802.1X Extensible Authentication Protocol Types 280 Ways a Switch Can Use EAP 281 Effects of Authentication Type on Encryption Method 281 Configuring 802.1X Authentication 282 ...Web Portal WebAAA 291 How Web Portal WebAAA Works 291 D-Link DWS-1008 User Manual xii
... and Key Information 265 Key and Certificate Configuration Scenarios 266 Creating Self-Signed Certificates 266 Installing CA-Signed Certificates from PKCS #12 Object Files 268 Installing CA-Signed Certificates Using a PKCS #10 Object File (CSR) and a PKCS #7...Exception 279 Remote Authentication with Local Backup 279 IEEE 802.1X Extensible Authentication Protocol Types 280 Ways a Switch Can Use EAP 281 Effects of Authentication Type on Encryption Method 281 Configuring 802.1X Authentication 282 ...Web Portal WebAAA 291 How Web Portal WebAAA Works 291 D-Link DWS-1008 User Manual xii
Product Manual
Page 16
...Service Profile 361 Creating the SODA Agent with SODA Manager 361 Copying the SODA Agent to the Switch 362 Installing the SODA Agent Files 362 Enabling SODA Functionality for the Service Profile 363 Disabling Enforcement of SODA...Specifying an Alternate SODA Agent Directory for a Service Profile 366 Uninstalling the SODA Agent Files from the Switch 367 Displaying SODA Configuration Information 367 Managing Sessions...369 About the Session Manager...369 Displaying and Clearing ...Scans...379 Dynamic Frequency Selection (DFS 379 Countermeasures...380 D-Link DWS-1008 User Manual xv
...Service Profile 361 Creating the SODA Agent with SODA Manager 361 Copying the SODA Agent to the Switch 362 Installing the SODA Agent Files 362 Enabling SODA Functionality for the Service Profile 363 Disabling Enforcement of SODA...Specifying an Alternate SODA Agent Directory for a Service Profile 366 Uninstalling the SODA Agent Files from the Switch 367 Displaying SODA Configuration Information 367 Managing Sessions...369 About the Session Manager...369 Displaying and Clearing ...Scans...379 Dynamic Frequency Selection (DFS 379 Countermeasures...380 D-Link DWS-1008 User Manual xv
Product Manual
Page 20
D-Link DWS-1008 User Manual The DWS-1008 switch has been designed and tested to be performed by unauthorized modifications to 104° F). Such modifications could void the user's authority to Console Rack-Mount Brackets (2) Rubber Feet (4) Screws (6) Install Guide Manual and Reference Guide on the product or included in an operating ambient temperature of equipment damage, install equipment...
D-Link DWS-1008 User Manual The DWS-1008 switch has been designed and tested to be performed by unauthorized modifications to 104° F). Such modifications could void the user's authority to Console Rack-Mount Brackets (2) Rubber Feet (4) Screws (6) Install Guide Manual and Reference Guide on the product or included in an operating ambient temperature of equipment damage, install equipment...
Product Manual
Page 21
... they roam, the DWS-1008 configures and controls all aspects of the MobileLAN system. User-Based Authentication Services This wireless switch delivers Identity-based Networking, which is designed to allow easy user installation and operation yet support advanced wireless switch features such as virtual...-based services such as secure mobility, policy enforcement, and AAA and 802.1x offload capabilities. Introduction The D-Link® AirPremier® MobileLAN™ DWS-1008 is designed for distributed deployments in the Small-Medium Enterprise (SME) environment. It can be sent back to...
... they roam, the DWS-1008 configures and controls all aspects of the MobileLAN system. User-Based Authentication Services This wireless switch delivers Identity-based Networking, which is designed to allow easy user installation and operation yet support advanced wireless switch features such as virtual...-based services such as secure mobility, policy enforcement, and AAA and 802.1x offload capabilities. Introduction The D-Link® AirPremier® MobileLAN™ DWS-1008 is designed for distributed deployments in the Small-Medium Enterprise (SME) environment. It can be sent back to...
Product Manual
Page 25
... Data and TD means Transmit Data. D-Link DWS-1008 User Manual Pins 4, 5, 7, and 8 are used only when Power over the send and receive signals if required. Other Device Pin Function 1 TD+ 2 TD- 3 RD+ 4 PoE+ 5 PoE+ 6 RD- 7 PoE- 8 PoE- Installation Caution: The DWS-1008 switch has been designed and tested to be installed in an operating ambient temperature of...
... Data and TD means Transmit Data. D-Link DWS-1008 User Manual Pins 4, 5, 7, and 8 are used only when Power over the send and receive signals if required. Other Device Pin Function 1 TD+ 2 TD- 3 RD+ 4 PoE+ 5 PoE+ 6 RD- 7 PoE- 8 PoE- Installation Caution: The DWS-1008 switch has been designed and tested to be installed in an operating ambient temperature of...
Product Manual
Page 26
... be given to the grounding type. D-Link DWS-1008 User Manual Warning: Earth grounding is required for tabletop mounting. Branch circuit protection in a rack. Do not install equipment such that the mechanical load on one side of equipment damage, make sure the switch is evenly fastened by the installation. Pay particular attention to the rack. The...
... be given to the grounding type. D-Link DWS-1008 User Manual Warning: Earth grounding is required for tabletop mounting. Branch circuit protection in a rack. Do not install equipment such that the mechanical load on one side of equipment damage, make sure the switch is evenly fastened by the installation. Pay particular attention to the rack. The...
Product Manual
Page 45
... or sent to access the switch and configure it. D-Link recommends enforcing authentication for basic service. 7. Before You Start Before reading more of administrative access: • Console - Allows network users to the switch with the following types of this chapter, use the Quick Installation Guide to set up your DWS-1008 switch and the attached access points...
... or sent to access the switch and configure it. D-Link recommends enforcing authentication for basic service. 7. Before You Start Before reading more of administrative access: • Console - Allows network users to the switch with the following types of this chapter, use the Quick Installation Guide to set up your DWS-1008 switch and the attached access points...
Product Manual
Page 98
... and date (set timedate command) Note: Configure summertime before you install certificates on the switch. If the switch's time and date are incorrect, the certificate might not be valid. In each case, you set ntp commands) D-Link DWS-1008 User Manual 79 To use the following command: clear ip alias ...summertime's adjustment of the time will make the time incorrect, if the date is an example: DWS-1008# show ip alias [name] Here is within the summertime period. Note: D-Link recommends that you set the time and date parameters before you can configure MSS to set the time...
... and date (set timedate command) Note: Configure summertime before you install certificates on the switch. If the switch's time and date are incorrect, the certificate might not be valid. In each case, you set ntp commands) D-Link DWS-1008 User Manual 79 To use the following command: clear ip alias ...summertime's adjustment of the time will make the time incorrect, if the date is an example: DWS-1008# show ip alias [name] Here is within the summertime period. Note: D-Link recommends that you set the time and date parameters before you can configure MSS to set the time...
Product Manual
Page 147
... 802.1Q VLAN tag to be available. D-Link DWS-1008 User Manual 128 You can specify the switch by its boot device, use 172.16.0.20 as described in "How a Distributed AP Contacts a Switch (Statically Configured Address)" instead of the switch, and the switch's name and DNS server address, then the AP...gateway 172.16.0.20 mode enable success: change accepted. In some installations, DHCP may not be applied to use IP address 172.16.0.42 with a 24-bit netmask, and use the following command: DWS-1008# set dap dap-num boot-switch [switch-ip ip-addr] [name name dns ip-addr] [mode {...
... 802.1Q VLAN tag to be available. D-Link DWS-1008 User Manual 128 You can specify the switch by its boot device, use 172.16.0.20 as described in "How a Distributed AP Contacts a Switch (Statically Configured Address)" instead of the switch, and the switch's name and DNS server address, then the AP...gateway 172.16.0.20 mode enable success: change accepted. In some installations, DHCP may not be applied to use IP address 172.16.0.42 with a 24-bit netmask, and use the following command: DWS-1008# set dap dap-num boot-switch [switch-ip ip-addr] [name name dns ip-addr] [mode {...
Product Manual
Page 151
...A 64-bit Message Authentication Code is 1474 bytes. D-Link DWS-1008 User Manual 132 Encryption Key Fingerprint APs are configured with AES-CCM for data encryption and integrity checking and HMAC-MD5 for management traffic between the switch and Distributed AP can display the fingerprint in MSS. ...an encryption key pair at the factory. Make sure the devices in the intermediate network between switches and Distributed APs. When blink mode is affected. By default, blink mode is already installed, you disable it. The fingerprint for the public key is displayed on a label on...
...A 64-bit Message Authentication Code is 1474 bytes. D-Link DWS-1008 User Manual 132 Encryption Key Fingerprint APs are configured with AES-CCM for data encryption and integrity checking and HMAC-MD5 for management traffic between the switch and Distributed AP can display the fingerprint in MSS. ...an encryption key pair at the factory. Make sure the devices in the intermediate network between switches and Distributed APs. When blink mode is affected. By default, blink mode is already installed, you disable it. The fingerprint for the public key is displayed on a label on...
Product Manual
Page 153
... fingerprint. To apply the new setting to AP security support does not affect management sessions that are already established. If the AP is already installed and operating, use the following command: set dap 8 fingerprint b4:f9:2a:52:37:58:f4:d0:10:75:43:2f:45:c9...:52:c3 success: change to an AP, restart the AP. Verifying a Fingerprint on the Switch To verify an AP's fingerprint on a switch, use the show dap status command to display the fingerprint. D-Link DWS-1008 User Manual 134 Use a colon between each digit. The following example shows information for Distributed AP...
... fingerprint. To apply the new setting to AP security support does not affect management sessions that are already established. If the AP is already installed and operating, use the following command: set dap 8 fingerprint b4:f9:2a:52:37:58:f4:d0:10:75:43:2f:45:c9...:52:c3 success: change to an AP, restart the AP. Verifying a Fingerprint on the Switch To verify an AP's fingerprint on a switch, use the show dap status command to display the fingerprint. D-Link DWS-1008 User Manual 134 Use a colon between each digit. The following example shows information for Distributed AP...
Product Manual
Page 206
... already been installed and configured. DWS-1008# set dap 68 radio 1 radio-profile success: change accepted. DWS-1008# set dap 69 radio 1 channel 7 success: change accepted. DWS-1008# set radio-profile rfid-listeners success: change accepted. DWS-1008# set radio-profile rfid-listeners success: change accepted. DWS-1008# set dap 68 radio 1 channel 7 success: change accepted. D-Link DWS-1008 User Manual 187 DWS-1008# set dap...
... already been installed and configured. DWS-1008# set dap 68 radio 1 radio-profile success: change accepted. DWS-1008# set dap 69 radio 1 channel 7 success: change accepted. DWS-1008# set radio-profile rfid-listeners success: change accepted. DWS-1008# set radio-profile rfid-listeners success: change accepted. DWS-1008# set dap 68 radio 1 channel 7 success: change accepted. D-Link DWS-1008 User Manual 187 DWS-1008# set dap...
Product Manual
Page 267
... IGMP snooping when running SpectraLink's SRP protocol. D-Link recommends that allows clients of 6 wireless phones per AP. D-Link DWS-1008 switches and APs are not forwarded through the switch when IGMP snooping is already done.) • ...Configure a service for a maximum of the voice SSID onto the network and places them on handsets simultaneously within the same ESSID. SVP phones will provide service for the voice SSID. • Configure a VLAN for SVP phones, perform the following configuration tasks: • Install...
... IGMP snooping when running SpectraLink's SRP protocol. D-Link recommends that allows clients of 6 wireless phones per AP. D-Link DWS-1008 switches and APs are not forwarded through the switch when IGMP snooping is already done.) • ...Configure a service for a maximum of the voice SSID onto the network and places them on handsets simultaneously within the same ESSID. SVP phones will provide service for the voice SSID. • Configure a VLAN for SVP phones, perform the following configuration tasks: • Install...
Product Manual
Page 274
... of any EAP transaction is Transport Layer Security (TLS) authentication and encryption. Certificates can be installed correctly. Web View also require a session to the switch that the switch is set to the correct date, time, and time zone. Digital signatures require a public-... Authentication Protocol (EAP) clients for which the switch performs all EAP processing. TLS enables secure key exchange. Certain switch operations require the use of digital signatures. Once a TLS session is authenticated, it is encrypted. D-Link DWS-1008 User Manual 255 The signature is created with...
... of any EAP transaction is Transport Layer Security (TLS) authentication and encryption. Certificates can be installed correctly. Web View also require a session to the switch that the switch is set to the correct date, time, and time zone. Digital signatures require a public-... Authentication Protocol (EAP) clients for which the switch performs all EAP processing. TLS enables secure key exchange. Certain switch operations require the use of digital signatures. Once a TLS session is authenticated, it is encrypted. D-Link DWS-1008 User Manual 255 The signature is created with...
Product Manual
Page 275
... takes place on the switch after enrolling with Web View or an 802.1X or WebAAA client, MSS requests a private key from MSS. To form the encrypted TLS channel, the switch must send that data can derive a key from MSS. D-Link DWS-1008 User Manual 256 Clients authenticated... by PEAP need a certificate in the switch's certificate and key store, the switch does not respond to the wireless client. 2. You generate the key pairs and certificates on the switch or install them on a RADIUS server. (For...
... takes place on the switch after enrolling with Web View or an 802.1X or WebAAA client, MSS requests a private key from MSS. To form the encrypted TLS channel, the switch must send that data can derive a key from MSS. D-Link DWS-1008 User Manual 256 Clients authenticated... by PEAP need a certificate in the switch's certificate and key store, the switch does not respond to the wireless client. 2. You generate the key pairs and certificates on the switch or install them on a RADIUS server. (For...
Product Manual
Page 278
... generate the public-private key pair using the crypto generate key command. Before you generate the CSR and install the certificate, you do not need to copy the file onto the Personal Information switch. D-Link DWS-1008 User Manual 259 Certification Request Syntax Standard To generate the request, use the copy tftp command to generate...
... generate the public-private key pair using the crypto generate key command. Before you generate the CSR and install the certificate, you do not need to copy the file onto the Personal Information switch. D-Link DWS-1008 User Manual 259 Certification Request Syntax Standard To generate the request, use the copy tftp command to generate...
Product Manual
Page 279
... or WebAAA users. If you plan to install a CA-signed certificate). Self-signed certificates generated when running MSS Version 4.2.3 or later are in cases where certificates are 512 bytes long. To use a longer key, configure the key before the time and date on the switch. D-Link DWS-1008 User Manual 260 However, the certificate is...
... or WebAAA users. If you plan to install a CA-signed certificate). Self-signed certificates generated when running MSS Version 4.2.3 or later are in cases where certificates are 512 bytes long. To use a longer key, configure the key before the time and date on the switch. D-Link DWS-1008 User Manual 260 However, the certificate is...
Product Manual
Page 280
... File" CA certificate) from a trusted source (CA). Obtain and install the CA's own certificate. Copy a PKCS #12 object file (public- D-Link DWS-1008 User Manual 261 Certificate Installation Method Self-signed certificate PKCS #12 object file certificate Certificate Signing Request (CSR) certificate Steps Required Instructions 1. The switch generates and signs the certificate itself , while the certificate...
... File" CA certificate) from a trusted source (CA). Obtain and install the CA's own certificate. Copy a PKCS #12 object file (public- D-Link DWS-1008 User Manual 261 Certificate Installation Method Self-signed certificate PKCS #12 object file certificate Certificate Signing Request (CSR) certificate Steps Required Instructions 1. The switch generates and signs the certificate itself , while the certificate...