D-Link DSA 5100 - Airspot - Gateway Manual
Summary of DSA 5100 - Airspot - Gateway
Page 1
Manual building networks for people enterprise gateway d-link airspot dsa-5100 april 200 6 v . 1.03.
Page 2: Contents
2 contents package contents ................................................................................ 3 introduction........................................................................................... 4 front panel ..........................................................................
Page 3: Package Contents
3 package contents internet explorer version 6.0 or netscape navigator version 6.0 and above computers with windows, macintosh, or linux-based operating systems with an installed ethernet adapter system requirements for configuration: d-link dsa-5100 airspot enterprise gateway cd-rom with manual qui...
Page 4: Introduction
4 introduction the d-link dsa-5100 airspot enterprise gateway is an advanced network access control system supporting ethernet, fast ethernet or an ieee 802.11 wireless lan (wlan) separately and simultaneously. The dsa-5100 can be configured with a standard html browser (i.E., internet explorer, or ...
Page 5: Front Panel
5 front panel link leds - a solid light indicates a connection to the network. Power led - a solid light indicates that the system is ready. Status led - upon starting up the dsa-5100, this led will blink momentarily. A solid light indicates that the system is ready. Aux port - reserved for future u...
Page 6: Features
6 features supports ieee 802.1x supports ieee 802.1q vlan supports ieee 802.3 ad wan interface supports static ip, dhcp client, and pppoe client wan2 interface supports static ip supports nat mode, router mode and bridge mode built-in dhcp server built-in ntp client supports redirect of network data...
Page 7: Features (Continued)
7 permits or refuses all connections when the wan interface fails supports web-based logon provides several friendly logout methods supports radius account roaming provides online status monitoring and history traffic supports ssl encrypted web administration interface and user logon interface custo...
Page 8: A Sample Network Setup
8 a sample network setup.
Page 9: Installation Requirements
9 installation requirements 1. Standard 10/100base-t, including four network cables with rj-45 connectors. 2. All pcs need to install the tcp/ip network protocol. 1. Make sure the power of the dsa-5100 is turned off. 2. Connecting the wan1 and wan2 ports. Use one of the supplied straight-through cab...
Page 10: Tcp/ip Network Setup
10 setting up the dsa-5100 (continued) tcp/ip network setup for windows 98se/me/2000/xp, you need to keep the default tcp/ip settings (“obtain ip and dns address automatically”) to communicate with the dsa-5100. The dsa-5100 leases dhcp addresses from the public and private lan ports for ease of con...
Page 11
11 internet access configuration to configure your pcs to use the dsa-5100 for internet access, follow this procedure. For windows 98se/2000 select the connection tab, and click the setup button. Please select start menu - control panel - internet options..
Page 12
12 internet access configuration (continued) select “i connect through a local area network (lan)” and click next. Ensure all of the boxes on the local area network internet configuration screen are unchecked. Check no, when prompted “do you want to set up an internet mail account now?” click next. ...
Page 13: Log-In Screen
13 using the configuration utility to configure the dsa-5100, connect a computer to the private lan port of the dsa-5100 with the supplied crossover ethernet cable. First, disable the access the internet using a proxy server function. To disable this function, go tocontrol panel > internet options >...
Page 14
14 using the configuration utility (continued) system configuration > configuration wizard the system configuration>configuration wizard screen will appear if you logged in as admin. For more information on the setup wizard, please see the installation guide, included with your purchase. You can acc...
Page 15: System
15 using the configuration utility (continued) system configuration > system information dsa-5100 is the default system name. You may wish to rename it to indicate your company, department, or the service you would like to provide. System name: administrator info: you can edit the system administrat...
Page 16: Snmp:
16 using the configuration utility (continued) system configuration > system information (continued) snmp: the dsa-5100 supports snmp v2 read only data access. The administrator can specify the ip address and the snmp community name to determine the target of the management information base (mib) ex...
Page 17: Ip Address:
17 using the configuration utility (continued) system configuration > wan1 configuration > static ip mode enter the ip address provided to you by your isp (required). Ip address: enter the subnet mask provided to you by your isp. All devices on the network must share the same subnet mask (required)....
Page 18
18 using the configuration utility (continued) system configuration > wan1 > dynamic ip address enter the user name and password that is assigned by your isp. User name & password: system configuration > wan1 > pppoe most dsl users will select this option. Select this option if there is a dhcp serve...
Page 19: Dynamic Ip
19 using the configuration utility (continued) system configuration > wan2 > static ip address dynamic ip address: choose this option if there is a dhcp server on the unmanaged network. Enter the ip address provided to you by your isp. Ip address: enter the subnet mask provided to you by your isp. A...
Page 20
20 system configuration > public lan > global public lan configuration using the configuration utility (continued) you can set the system to start or stop ip pnp or mobile ip on the public lan and private lan simultaneously. 1. Ip pnp: at the user end, you can use any ip address (with gateway and dn...
Page 21: Enable/disable:
21 using the configuration utility (continued) system configuration > public lan > public lan configuration (continued) the system will confirm if you want to enable vlan; please click enable to continue. After you click enable, the following screen will appear. See the following description for det...
Page 22: Vlan Tag:
22 using the configuration utility (continued) system configuration > public lan > public lan configuration (continued) vlan tag: please enter any numbers from 0~4000 as a tag for each vlan. (these vlan ids must match the managed switch.) specific route profile: select your desired specific route pr...
Page 23
23 using the configuration utility (continued) enable dhcp server (continued): start ip address: public lan > vlan > dhcp configuration (continued) enter the starting ip address of the pool, from which the dhcp server will assign to the dhcp-enabled devices (clients) on the network. Dhcp scope enter...
Page 24: Enable
24 using the configuration utility (continued) enable dhcp server (continued): public lan > vlan > dhcp configuration (continued) reserved ip address list: if you want to use the reserved ip address list function, please click the hyperlink of the reserved ip address list on the management interface...
Page 25
25 using the configuration utility (continued) system configuration > private lan configuration for an explanation of each field on this screen, please see the previous screen: system configuration > public lan configuration..
Page 26: User Authentication
26 user authentication using the configuration utility (continued) user authentication allows the dsa-5100 owner/operator to control who has or does not have access to the internet. The dsa-5100 can support five different authentication types simultaneously. User authentication > authentication poli...
Page 27: Authentication Server
27 edit authentication policies using the configuration utility (continued) authentication policy: displays the system’s preferred authentication method. Policy id: select the policy you wish to edit here. Set as default: make this selection to set the policy you have chosen to be the default authen...
Page 28
28 using the configuration utility (continued) authentication server> exception configuration attribute: after the authentication, the dsa-5100 will obtain the user’s attributes related to the authenticated server. The administrator can use certain attributes as the management rule for the setup. Lo...
Page 29
29 using the configuration utility (continued) authentication methods>local>local users list the user’s account information is stored in the dsa-5100. If you need to manage the user’s account, please click the hyperlink local users list on the authentication server interface to enter into the accoun...
Page 30: Edit Account
30 using the configuration utility (continued) authentication methods > local > local users list > add user> edit account edit account: edit the account here. Local users list > add user> upload user account upload user account: local users list > add user> download user account download user accoun...
Page 31
3 1 the dsa-5100 supports radius client to work with an existing radius server.(primary is required; secondary is optional.) 802.1x authentication: select to enable 802.1x (in conjunction with a switch or ap that supports 802.1x). Click edit to enter into the edit interface of 802.1x. Trans full nam...
Page 32
32 using the configuration utility (continued) authentication methods > ldap you may configure a primary and a secondary server for ldap authentication. If you select the ldap authentication method, type in the ip address (domain name), port number, the base dn data of ldap server, and select one of...
Page 33: External Web Server
33 using the configuration utility (continued) external web server the dsa-5100 supports an external web server function (including database) which enables a user to put the login page on an external web server, and change the login page anytime. Protocol: choose from http or https (http protocol is...
Page 34
34 using the configuration utility (continued) user authentication>edit group configuration group name guest : assign a group name; guest is selected here. Firewall profile: select the firewall profile for this group. Specific route profile: select the route profile for this group. Schedule profile:...
Page 35
35 using the configuration utility (continued) user authentication>black list configuration username: enter the username to be blacklisted here. Remark: add a comment (optional). Apply: click apply to add the user to the blacklist. Previous: click previous to return to the black list configuration..
Page 36
36 user authentication>black list configuration>delete a user using the configuration utility (continued) delete: to delete a user, check the box in the delete column, and then click the delete button. No notification will appear to confirm the deletion. User authentication>guest user configuration ...
Page 37
37 using the configuration utility (continued) password: enter a password to activate a guest account. Up to ten guest accounts can be defined. User authentication>guest user list user authentication>roaming configuration the system provides airpath and pronto service for roaming. Set up the paramet...
Page 38: 1. Airpath:
3 8 1. Airpath: user who registered airpath wireless's service can login local public network via roaming in. Within system default login page, dsa-5100 provide roaming user with a link redirected to airpath's login page. Some free surfing website can also be spe- cified in the free surfing area. Ds...
Page 39: 2. Pronto:
3 9 2. Pronto: dsa-5100 can also be configured for pronto networks and accept roaming users from pronto networks to facilitate dsa-5100 for pronto registered users, admini- strator simply enables pronto service and enters basic pronto network server information. Dsa-5100 will automatically configure...
Page 40
40 using the configuration utility (continued) user authentication>user control logout timer: if a user is idle and has not used the network for the configured time, the system will automatically log out the user. The logout time can be set from 1-1440 minutes. The default logout time is 10 minutes....
Page 41
41 using the configuration utility (continued) user authentication>user control (continued) friendly logout: when a user logs on, a small window will appear, showing the user information and providing him or her with a button for logout. If this option is enabled, it will close the window and logout...
Page 42
4 2 using the configuration utility (continued) user authentication>upload file private key/ certification: the dsa-5100 allows the user to upload certification. (the key must be in key format and the certificate must be in certificate format.) enter the filename of the logon web page or click brows...
Page 43: Upload Error Page
4 3 e using the configuration utility (continued) user authentication>upload logout page>html codes use the following html codes for the user logout interface: upload error page to provide a custom user login error page, please specify the file name to upload to the dsa-5100. If you want to get back...
Page 44
4 4 using the configuration utility (continued) group profile > firewall profile the dsa-5100 provides three kinds of profile configurations, including firewall profile, specific route profile, and login schedule profile. Global is the default setting. Use the global setting to apply parameters to a...
Page 45
4 5 using the configuration utility (continued) group profile > firewall profile>edit filter rule (continued) mac address of the network component sending the request. Source mac: source (destination) ip address: source (destination) interface includes 4 interfaces: wan1, wan2, public lan, and priva...
Page 46
4 6 using the configuration utility (continued) group profile > specific route profiles if you want networks to have access to each other, you should add a specific route in the dsa-5100. Name the specific route profile. Profile name: subnet netmask: specifies the target network or host ip destinati...
Page 47
4 7 using the configuration utility (continued) group profile > login schedule profiles the user’s login schedule can be set. After durations are defined, please click apply to save the settings in the dsa-5100. Network configuration > network address translate dmz if you have several ip addresses, ...
Page 48
4 8 using the configuration utility (continued) ip pass through configuration network configuration > network address translate (continued) when any user attempts to connect to a destination defined in this interface, the connection packet will be converted to the c o r r e s p o n d i n g destinati...
Page 49
49 using the configuration utility (continued) network configuration > mac pass through configuration you can also bypass authentication based on the mac address at the user end. Please enter the mac address of the user on this interface. This system permits at most 100 mac addresses to have network...
Page 50
50 using the configuration utility (continued) network configuration > monitor ip list (continued) notify configuration from: the e-mail address of the administrator server in charge of the monitoring. To: the e-mail address of the user of the ip address under the monitoring. Interval: the time inte...
Page 51
5 1 using the configuration utility (continued) network configuration > proxy server properties by default, only port 80 is allowed. It will appear on the login web page. If you have built a proxy server in your network environment, and the user’s browser is set to proxy, you must set your external ...
Page 52: Utilities > Change Password
5 2 using the configuration utility (continued) utilities > change password dsa-5100 provides 2 built-in user accounts: admin and manager. Admin: this user is the administrator in the dsa-5100. Manager: this user has the right to manage a user account, the admin functions are denied. The admin and m...
Page 53
5 3 using the configuration utility (continued) utilities > backup/restore strategy this utility provides the backup function, and the ability to restore backup settings. This function can also restore the factory default settings to the system. Create backup image: create: generate the backup (imag...
Page 54: Utilities > Firmware Upgrade
5 4 using the configuration utility (continued) utilities > firmware upgrade you may obtain firmware upgrades from d-link’s support website: http://support.Dlink.Com warning: a firmware upgrade may cause data loss on setup. Please refer to the version description to see if there is any limitation be...
Page 55: Status> System Status
5 5 using the configuration utility (continued) status> system status you can use this function to get the overview of the system status. Please refer to the following example..
Page 56: Item
5 6 using the configuration utility (continued) status> system status (continued) item description current firmware version the firmware version currently used by the dsa-5100. System name system name - the default is dsa-5100. Admin info succeed page the starting url after a user logs on successful...
Page 57: Status> Interface Status
5 7 using the configuration utility (continued) status> interface status.
Page 58
5 8 using the configuration utility (continued) status> interface status (continued).
Page 59: Status > Current Users
59 using the configuration utility (continued) status > current users with this feature, you can obtain the information of each online user including username, ip, mac, packets in, bytes in, packets out, bytes out, and idle time. The administrator can use this function to force a specific online use...
Page 60: Console Interface
60 using the configuration utility (continued) status > traffic history (continued) if you have entered the administrator’s e-mail address in the system configuration interface, then the system will automatically send out the history of the previous day to that e-mail address. The first line of the ...
Page 61
6 1 using the configuration utility (continued) console interface > utilities for network debugging the dsa-5100 console interface provides several utilities to assist the administrator. The utilities provided are described as follows: ping host (ip) by sending an icmp echo request, a specific targe...
Page 62
6 2 besides supporting the use of a console management interface through the connection of the null modem, the dsa-5100 also supports the ssh online connection for the dsa-5100’s setup. When using a null modem to connect to the dsa-5100 console, you do not need to enter the administrator’s password....
Page 63: Networking Basics
6 3 using the network setup wizard in windows xp in this section you will learn how to establish a network at home or work, using microsoft windows xp. Note: please refer to websites such as http://www.Homenethelp.Com and http://www.Microsoft.Com/windows2000 for information about networking computer...
Page 64
6 4 please follow all the instructions in this window: networking basics (continued) click next. In the following window, select the best description of your computer. If your computer connects to the internet through a gateway/router, select the second option as shown. Click next..
Page 65
6 5 enter a computer description and a computer name (optional.) networking basics (continued) click next. Enter a workgroup name. All computers on your network should havethesame workgroup name. Click next..
Page 66
6 6 please wait while the network setup wizard applies the changes. Networking basics (continued) when the changes are complete, click next. Please wait while the network setup wizard configures the computer. This may take a few minutes..
Page 67
6 7 networking basics (continued) in the window below, select the option that fits your needs. In this example, create a network setup disk has been selected. You will run this disk on each of the computers on your network. Click next. Insert a disk into the floppy disk drive, in this case drive a. ...
Page 68
6 8 networking basics (continued) please read the information under here’s how in the screen below. After you com- plete the network setup wizard you will use the network setup disk to run the network setup wizard once on each of the computers on your network. Click next..
Page 69
69 networking basics (continued) please read the information on this screen, then click finish to complete the network setup wizard. The new settings will take effect when you restart the computer. Click yes to restart the computer. You have completed configuring this computer. Next, you will need t...
Page 70: Naming Your Computer
70 to name your computer in windows xp, please follow these directions: click start (in the lower left corner of the screen). Right-click on my computer. Select properties. Select the computer name tab in the system properties window. You may enter a computer description if you wish; this field is o...
Page 71
7 1 networking basics (continued) naming your computer (continued) in this window, enter the computer name. Select workgroup and enter the name of the workgroup. All computers on your network must have the same workgroup name. Click ok. Checking the ip address in windows xp the adapter-equipped comp...
Page 72
7 2 networking basics (continued) checking the ip address in windows xp (continued) this window will appear. Click the support tab. Click close. Assigning a static ip address in windows xp/2000 note: residential gateways/broadband routers will automatically assign ip addresses to the computers on th...
Page 73
7 3 networking basics (continued) assigning a static ip address in windows xp/2000 (continued) double-click on network connections. Double-click on properties. Right-click on local area connections..
Page 74
7 4 input your ip address and subnet mask. (the ip addresses on your network must be within the same range. For example, if one computer has an ip address of 192.168.0.2, the other computers should have ip addresses that are sequential, like 192.168.0.3 and 192.168.0.4. The subnet mask must be the s...
Page 75
7 5 networking basics (continued) assigning a static ip address with macintosh osx go to the apple menu and se- lect system preferences. C click on network. Select built-in ethernet in the show pull-down menu. Select manually in the configure pull-down menu. Input the static ip address, the subnet m...
Page 76
7 6 networking basics (continued) selecting a dynamic ip address with macintosh osx go to the apple menu and select system preferences. Click on network. Select built-in ethernet in the show pull-down menu. Select using dhcp in the configure pull-down menu. Click apply now. The ip address, subnet ma...
Page 77: 98Se
7 7 networking basics (continued) checking the wireless connection by pinging in windows xp/2000 checking the wireless connection by pinging in windows me/ 98se go to start > run > type cmd. A window similar to this one will appear. Type ping xxx.Xxx.Xxx.Xxx, where xxx is the ip address of the wirel...
Page 78: Technical Specifications
7 8 technical specifications 4 10/100mbps fast ethernet ports for dual wan connection, trusted lan connection and untrusted lan connection manages up to 250 user accounts via the internal user account database id/password based authentication and authorization- can be combined with mac address locki...
Page 79
79 technical specifications (continued) wan1 port: 10/100mbps fast ethernet wan2 port: 10/100mbps fast ethernet private lan port: 10/100mbps fast ethernet connects to workstations & servers that do not need authentication public lan port: 10/100mbps fast ethernet connects to workstations & devices t...
Page 80
80 you can find software updates and user documentation on the d-link website. D-link provides free technical support for customers within the united states and within canada for the duration of the warranty period on this product. U.S. And canadian customers can contact d-link technical support thr...
Page 81
8 1 subject to the terms and conditions set forth herein, d-link systems, inc. (“d-link”) provides this limited warranty for its product only to the person or entity that originally purchased the product from: • d-link or its authorized reseller or distributor and • products purchased and delivered ...
Page 82
8 2 • the customer must submit with the product as part of the claim a written description of the hardware defect or software nonconformance in sufficient detail to allow d-link to confirm the same. • the original product owner must obtain a return material authorization (“rma”) number from the auth...
Page 83
8 3 governing law: this limited warranty shall be governed by the laws of the state of california. Some states do not allow exclusion or limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and exclusions may not apply....
Page 84: Appendix
8 4 appendix windows tcp/ip setup if you have not changed the factory default settings of the dsa-5100 in windows xp/ 2000/me/98se tcp/ip, it is not necessary to make any modification here. With the factory default settings, the dsa-5100 will automatically assign an appropriate ip address (and relat...
Page 85: Appendix
8 5 appendix windows tcp/ip setup check the tcp/ip setup of windows me/98se (continued) select the tcp/ip communication protocol of the network card. Click properties. Using dhcp if you want to use dhcp, please select obtain an ip address automatically, which is also the default setting of windows. ...
Page 86: Appendix
8 6 appendix windows tcp/ip setup check the tcp/ip setup of windows me/98se (continued) using a specific ip address if you have completed the setup for your pc, please inform the network administrator before modifying the following setup. If the dns server column is blank, please click enable dns. E...
Page 87: Appendix
8 7 appendix windows tcp/ip setup check the tcp/ip setup of windows 2000 select start> control panel> network and dial-up connections right-click local area connection. Select properties..
Page 88: Appendix
8 8 appendix windows tcp/ip setup check the tcp/ip setup of windows 2000 (continued) select internet protocol(tcp/ip). Click properties. Using dhcp if you want to use dhcp, please select obtain an ip address automatically, which is also the default setting. Reboot the pc to make sure an ip address i...
Page 89: Appendix
89 appendix windows tcp/ip setup check the tcp/ip setup of windows 2000 (continued) using a static ip address if you have completed the setup for your pc, please inform the network administrator before modifying the following setup. Click advanced in the tcp/ip properties. Select the ip settings tab...
Page 90: Appendix
9 0 appendix windows tcp/ip setup check the tcp/ip setup of windows 2000 (continued) click using the following dns server address. Enter the dns address provided by your isp. Click ok. Check the tcp/ip setup of windows xp select start > control panel > network connection..
Page 91: Appendix
9 1 appendix windows tcp/ip setup check the tcp/ip setup of windows xp (continued) right-click local area connection. Select properties. Click properties. Select the general tab. Select internet protocol (tcp/ip)..
Page 92: Appendix
9 2 appendix windows tcp/ip setup check the tcp/ip setup of windows xp (continued) if you want to use dhcp, please select obtain an ip address automatically. Click ok. Click advanced. Using the static ip address.
Page 93: Appendix
9 3 appendix windows tcp/ip setup click the ip settings tab. Enter the ip address of the dsa-5100 in the default gateways column. Click add. Click ok. If the dns server field is blank, select use the following dns server addresses. Enter the dns address. Click ok. Check the tcp/ip setup in windows x...