DSA-3100 Public/Private Gateway
Rev. B Building Networks for People Contents
Package Contents ................................................................................ 3
Front Panel ........................................................................................... 5
Rear Panel ........................................................................................... 6
Features ............................................................................................... 7
Sample Scenarios ................................................................................ 8
Installation .......................................................................................... 10
Setting Up the DSA-3100 ................................................................... 11
Configure PCs on your LAN ............................................................... 12
TCP/IP Network Setting ..................................................................... 12
Internet Access Configuration ............................................................ 13
Using the Configuration Utility ............................................................ 15
Networking Basics .............................................................................. 56
Technical Specifications ..................................................................... 71
Technical Support ............................................................................... 73
Warranty and Registration .................................................................. 74
2 Package Contents Contents of Package:
1 D-Link DSA-3100 Airspot Gateway
CD-ROM (containing Manual and Warranty)
Quick Installation Guide
Two (2) CAT5 UTP/Straight-through (Ethernet) cables
One (1) CAT5 UTP/Cross-over cable
One (1) Console cable
5V DC, 3A Power Adapter If any of the above items are missing, please contact your reseller. System Requirements for Configuration:
Computers with Windows, Macintosh, or Linux-based
operating systems with an installed Ethernet adapter
Internet Explorer Version 6.0 or Netscape Navigator
Version 6.0 and above
The D-Link DSA-3100 Airspot Gateway is a simple-to-use network access control system supporting Ethernet, Fast Ethernet or an IEEE 802.11 wireless LAN (WLAN) separately and simultaneously.
The DSA-3100 can be configured with a standard HTML browser (i.e., Internet Explorer, Netscape Navigator) operating on Windows 98SE/Me/2000/XP, Macintosh OS 9, Mac OS X (v10.1.5 or later), Linux, or Pocket PC 2000/2002. The DSA-3100 allows the operator to offer wired or wireless networking services and access to the Internet when used with a switch or wireless access point respectively. The device features many management settings allowing for private and public access to the Internet and the necessary privilege mechanisms to permit this usage.
4 Front Panel WAN LED - Link: A solid light indicates a connection Private Network - Asolid
on the WAN port.
light indicates a connection on the Private Network. This Power LED - A solid Act: This LED blinks
LED blinks during data
light indicates a proper
connection to the power
supply. Public Network - A solid light Status LED - A solid LED indicates
indicates a connection from the
the DSA-3100 is working properly.
Authentication port for a Public Network. This LED blinks during
This LED will flash during reboot.
5 Rear Panel Console Port - Authentication Port
For resetting to factory (Public LAN or WLAN with
defaults, or reconfiguring
Receptor for Access Point) -
the device. For Advanced Power
Connects to a switch or AP. Adapter. users only! Local Area Network Port (Private LAN)- WAN Port -
Connects to a switch for a private network.
The port that connects to
Does not require authentication to access
your WAN connection
providing Internet access to the Local and Managed Networks.
Creates two separate and discreet networks allowing the owner/ administrator to create a wired or wireless hotspot and provide Internet access to visitors, guests, or customers.
Manages up to 250 user accounts with an internal database.
Supports at least 50 users accessing the Internet at any given time.
Allows ID/Password-based authentication and authorization (can also be combined with MAC address locking for even stricter access control).
Supports either POP3, RADIUS, or LDAP external authentication servers.
Provides on-line status monitoring and historical traffic data.
SSL-protected access to the administration interface and user authentication interface.
Customizable user log-in and log-out Web interface.
Customizable user log-out timer.
Customizable target URL for users who successfully authenticate.
Console mode administration interface via serial console port.
Supports display of text messages on the log-in page. An administrator could use the administration interface to input messages (promotions, alerts, additional usage time/services with corresponding fees).
Supports NAT for managed clients.
Supports static IP, DHCP client and PPPoE client on the WAN interface.
Built-in DHCP server to manage clients.
Built-in, high-speed policy routing engine.
Customizable peremptory traffic redirection (IP and Port-Redirect).
Built-in NTP client.
8 Sample Scenarios (continued)
9 Installation Requirements Standard 10/100Base-T network (UTP/Cat5 Ethernet) cable with RJ45 connectors. TCP/IP network protocol must be installed on all networked computers and related devices.
10 Setting up the DSA-3100 Make sure the DSA-3100 unit is not connected to the power adapter and is powered OFF. WAN port connection Use 10/100BaseT connections to connect the unmanaged network. The unmanaged networkâ€™s interface may be the ADSL routerâ€™s LAN port, cable modemâ€™s LAN port or Intranet switch port. Private LAN port connection Use to connect to a local network. All ports are auto-mdix, which means that you can use a straight-through or a crossover cable for connections. Public LAN port connection Use to connect to a switch or an access point for Hotspot access. All ports are auto-mdix, which means that you can use a straight-through or a crossover cable for connections. Power ON Connect the supplied power adapter to the DSA-3100 and insert the plug on the other end into an electric outlet. Check the LEDs The power LED and WAN LED should be ON, if the corresponding WAN port is connected to an active cable/DSL modem or T1 line.
The corresponding local network or authentication indicator should be ON if a network device is connected to the private network port or the public network port.
11 Configure PCs on your LAN
After installing the DSA-3100, each computerâ€™s TCP/IP network settings and Internet access configuration may need to be re-configured: TCP/IP network settings
If your PC uses the default Windows XP/2000/Me/98SE setting, no changes need to be made. Just restart your PC.
If you are running Mac OS 9 or OS X, set your network settings to DHCP and select Apply.
DSA-3100 will act as a DHCP Server, automatically providing a suitable IP address (and related information) to each computer when the computer reboots or when the network settings refresh.
For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client. In Windows, the setting for this is Obtain an IP address automatically.
If you are using a fixed IP address on your LAN, or if you want to check your TCP/IP setting, refer to the Networking Basics section in this manual.
12 Internet Access Configuration
To configure your PCs to use the DSA-3100 for Internet access, follow this procedure. For Windows 98SE/2000
Please select Start Menu - Control Panel - Internet Options.
Select the Connection tab, and click the Setup button.
13 Internet Access Configuration (continued)
Select â€śI want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)â€ť and click Next.
Select â€śI connect through a local area network (LAN)â€ť and click Next.
Ensure all of the boxes on the local area network Internet configuration screen are unchecked.
Check No, when promoted â€śDo you want to set up an Internet mail account now?â€ť
Click Finish to close the Internet Connection Wizard. Setup is now completed. For Windows XP
Please select Star Menu - Control Panel - Network and Internet Connection.
Select the Connection tab, and click the Setup button.
Click Next on the New Connection Wizard screen.
Select Connect to the Internet and click Next.
Select Set up my connection manually and click Next.
Check Connect using a broadband connection this always on and click Next.
Click Finish to close the New Connection Wizard. Setup is now completed.
14 Using the Configuration Utility
To configure the DSA-3100, use a computer which is connected to the local network port of the DSA-3100 with an Ethernet cable.
First, disable the Access the Internet using a proxy server function. To disable this function, go toControl Panel > Internet Options > Connections > LAN Settings and uncheck the enable box.
Start your Microsoft Internet Explorer Web browser program.
Type https://192.168.0.40, which is the default IP address of the DSA-3100, in the address field and press Enter. Make sure that the IP addresses of the DSA-3100 and your computer are in the same subnet.
https://192.168.0.40 Login Screen Log-in Screen You can log in as admin or as manager. admin - the administrator of the DSA-3100. User Name: admin Password: admin manager - access to the manager user account only. User Name: manager Password: manager
After you log in, click Enter.
Using the Configuration Utility (continued)
On the bottom of each configuration screen you will find the buttons shown below.
Click Apply in each screen of the Configuration Utility in which you have made changes. Restart the DSA-3100 after completing any changes to its configuration. Home > Wizard
The Home>Wizard screen will appear if you logged in as an admin. For more information on the Setup Wizard, please see the Quick Installation Guide, included with your pur- chase. You can access the configuration features from this window. Home > User Manager
The Home>User Manager screen will ap- pear if you logged in as a manager. Please refer to the Quick Installation Guide for more information regarding the Setup Wizard. This screen will be explained in more detail in the following pages.
16 Using the Configuration Utility (continued) Home > System System
DSA-3100 is the default system name. You may wish to rename it to Name:
indicate your company, department, or the service you would like to provide. Admin
You can edit the System Administratorâ€™s information here (e.g., name, Detail:
phone number, and e-mail). If a user encounters a problem connecting to the WAN Port of the DSA-3100, the system administratorâ€™s information will be shown on the user login page Succeed
Enter a URL for all users to be directed to after successful login. This Page:
is typically defined as the home page of the host company, e.g.: http://www.dlink.com. No matter to which URL a user originally attempts to connect, he/she will be directed to the URL defined here first. Time:
You may use NTP (Network Time Protocol) or you may input the time yourself. To use NTP please specify a timeserverâ€™s domain name and select the time zone. DNS:
Specify DNS servers for the DSA-3100 for the Preferred DNS (preferred IP address) and Alternate DNS (alternate IP address).
17 Using the Configuration Utility (continued) Home > WAN > Static IP Address Static IP Address: IP address: Enter the IP address provided to you by your ISP. Subnet
Enter the subnet mask provided to you by your ISP. All mask:
devices on the network must have the same netmask. Default
Enter the IP address of the gateway, provided to you Gateway:
by your ISP. Dynamic IP Make this selection if there is a DHCP server in the network. Address:
(See the following pages.) PPPoE
Make this selection if you connect to the Internet using DSL. Client:
(See the following pages.)
Using the Configuration Utility (continued) Home > WAN > Dynamic IP Address
Select this option to obtain an IP address automatically from your ISP. Renew Click Renew to renew the IP configuration. Home > WAN > PPPoE
Most DSL users will select this option. User Name & Password:
Enter the user name and password that is assigned by your ISP. Dial on demand:
This field is optional.
19 Using the Configuration Utility (continued) Home > Public Network
The DSA-3100 allows the gateway to be set to one of three Authentication modes. Mode:
Select NAT; NAT_IP_PNP or Router
This mode protects the identity of the devices within NAT:
the LAN from those devices outside the network. NAT_IP_PNP: All devices, regardless of their IP address, can gain
access to the Internet through the DSA-3100 in this mode. Router:
In this mode, the DSA-3100 will not protect the identity of the connected devices by translating their IP addresses and shielding them from detection outside the LAN. IP Address:
Enter the IP address for the Authentication interface (the Public Network). Subnet Mask:
Enter the subnet mask for the Authentication interface. Disable
Make this selection if you do not wish to use the built-in DHCP feature DHCP
in the DSA-3100. Server:
20 continued - Using the Configuration Utility (continued) Home > Public Network (continued) Enable DHCP
Selecting this option activates the deviceâ€™s built-in DHCP server. Configure Server:
the DHCP server with the following properties:
Enter the starting IP address, from which the DHCP
server will assign to the DHCP-enabled devices
(clients) on the network.
DHCP Pool End IP
Enter the last IP address in the sequence of addresses from
which the DHCP server will assign to clients on the network.
Select the length of time during which the DHCP assigned address will be in effect.
Enter the domain name.
WINS IP Address:
Enter the WINS serverâ€™s IP address, if one is present on the network.
Primary DNS Server:
Enter the IP address of the preferred DNS server.
Secondary DNS Server:
Enter the IP address of the alternate DNS server. Enable DHCP Relay:
Select this mode to specify another DHCP serverâ€™s IP address.
21 Using the Configuration Utility (continued) Home > Private Network NAT and Router are the two local network port modes. Nat mode: All outbound IP addresses on the local network port will be translated to the IP address of the WAN port to proceed. Router mode: All outbound IP addresses on the local network port will retain their IP addresses.
For an explanation of each field on this screen, please see the previous screen: Home > Public Network
22 Using the Configuration Utility (continued) Home > User Manager > General Account User Control:
Select Enable or Disable. When disabled, only the MAC Address Control function is available. General Account Session Length:
Limit the duration of each session established by the general account from 5 minutes to an unlimited period. Idle Timer:
When enabled, on-line users who become inactive on the network after a specified period of time will be logged out automatically. The period can range from 1~1440. 10 minutes of time is the default value. Bandwidth
Limit the outbound traffic bandwidth for each session Limitation:
established by a Guest Account. Enable
Check this function to allow a single user account to log Multiple Login:
into the system multiple times. General Login Schedule:
Select Enable or Disable. To define the login time and duration click Enable; the screen on the following page will appear.
23 Using the Configuration Utility (continued) Home > User Manager > General Account
Define the login time and duration here.
Using the Configuration Utility (continued) Home > User Manager > Guest Account Guest Account:
Select Enable or Disable. Guest Account List
Up to 10 guest accounts can be defined. To activate a particular Guest Account, simply enter the corresponding password in the Password column and click Apply. Guest Account ACL
Define network areas where the Guest Account function is disal- lowed access, for instance 10.2.3.0/24.
25 Using the Configuration Utility (continued) Home > User Manager > MAC Address Control
When MAC address control is enabled, users connected to the MAC
Authentication Port can not login to the DSA-3100 unless they Address
have registered their MAC Address at MAC Address Control. In Control:
other words, only 40 users will be allowed to login when this function is enabled. Please refer to the configuration screen as follows. Note: MAC address format is XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX. A newly created user account will be valid instantly. Restarting the DSA-3100 is not necessary.
26 Using the Configuration Utility (continued) Home > User Manager (continued) Friendly
If you enable Friendly logout, a pop-up window asking â€śDo you logout:
want to logout?â€ť will appear after closing the login window. If you disable this function, no pop-up window will appear. User Logon
Allow administrator to choose between activating https SSL:
(encryption), or http (non-encryption) for the login page.
Enter a URL, if you enable this function. The DSA-3100 detects WAN Fail
the WAN port connection by linking the URL defined here. It will Function:
pop up the alarm page when the WAN port fails to connect. Authentication
Supports multiple user Public LAN methods including Local, Server:
POP3 server, RADIUS Server, LDAP Server and External Web Server. Local:
User accounts are stored in the embedded database on the DSA-3100.
Using the Configuration Utility (continued) Home > User Manager > Authentication Server > Local Local Users List: A list of all local user accounts stored in the embedded database for user account management.You can add, edit, and delete users. A sample list is shown here. Delete User:
Click the box next to the user name and click Delete. Add Users:
Click Add User to create new accounts. The screen below will appear. Edit Account:
Make changes to the account by clicking on the User Name as indicated above. The screen below will appear.
Edit the account information here.
28 Using the Configuration Utility (continued) Home > User Manager > Authentication Server > Local > Local Users List Upload User Accounts:
Besides adding user accounts one by one through the Web interface, you can prepare a text file, which contains user account information, store it on your hard drive and then upload it to the DSA-3100. Each line of the text file can be in one of the following two formats: UserID, Password, MAC UserID, Password,
Please note that there must be no space or other characters between the user ID, password and the MAC address. The MAC address could be omitted, but the trailing comma must be retained. A user ID should be between 1 to 32 characters and the password should be between 0 to 20 characters. Special characters are not allowed for user name and password.
After you have created the text file for the user account as described above, click Upload User Accounts as shown in the illustration at the top of this page. Click Browse and highlight the text file you have created.
Click Refresh for the latest information. Click Apply to update your changes. Caution: When adding user accounts by uploading a file, existing accounts with the same ID will be replaced by the new ones.
29 Using the Configuration Utility (continued) Home > User Manager > Authentication Server > Local > On-demand User Configuration On-demand User: When you connectthe DSA-3100P (the plug and play receipt printer) to the DSA-3100â€™s console port, you can create a database of up to 2000 on-demand users. By default, the on-demand user database is empty. While you press the DSA-3100Pâ€™s button, the on-demand user will be created in the database, a receipt will then be printed which will contain the on-demand userâ€™s information.
Welcome! ------------------------ Username: D-Link1 Password: q6m34m3b Price: US$2 Usage: 60 minute(s) ------------------------ ESSID: dlink Shared WEP Keys (HEX 40 bit): 1: 2: 3: 4: ------------------------ Valid to use until: 2003/09/09 12:46:56 ------------------------ Thank You!
1999 Shown above is an example of a an on-demand receipt.
30 Using the Configuration Utility (continued) Home >User Manager >Authentication Server >Local > On-demand User Configuration (continued) Field Description
You can specify the prefix of the user name. The maximum Store Name
is 8 characters (e.g., D-Link). Account Range
You can specify the maximum user amount which cannot exceed 2000. Receipt Header
You can configure the receiptâ€™s header in this field. Receipt Footer
You can configure the receiptâ€™s footer in this field.
You can specify the baud rate to support a specific printer. Printer baud rate
The default setting is 9600. Account expires
You can specify the days before expiration in this field. after __ days
After the expiration date the user account will no longer be available. A new session will be required. Session expire
You can specify how many minutes this account will be after __ minutes
available after successful login.
Logout user if the user doesnâ€™t access the Internet for a Idle timer
certain period. WLAN ESSID
You can specify the access pointâ€™s ESSID in this field.
You can specify the access pointâ€™s WEP key in the WEP WEP Key
key field. Price
You can specify the price in this field.
31 Using the Configuration Utility (continued) Home > User Manager > Management Type > Local > On- demand User Configuration (continued) On-demand Users List
Click On-demand Users List in the screen above and the screen below will appear showing a list of the on-demand users. You can delete users in this window. Local > Local User Group Configuration
The DSA-3100 provides 5 local user groups; each group can designate a different outbound traffic bandwidth. The Logout Timer will logout a user that has not accessed the Internet for a certain time period. A sample list is shown below.
32 Using the Configuration Utility (continued) Home > User Manager > Authentication Server > POP3
To use POP3 as the authentication method, input the POP3 server IP address or domain name and its POP3 server port. The settings will take effect immediately after you click the Apply button. It is recommended that you restart the DSA-3100 after these changes if there are any online users. Home > User Manager > Authentication Server > RADIUS
To use RADIUS as the authentication method, input the RADIUS server IP address or domain name, public LAN port, accounting Port, secret key and select the accounting service and public LAN method function. The settings will take effect immediately after you click the Apply button. It is recommended that you restart the DSA-3100 after these changes if there are any online users.
33 Using the Configuration Utility (continued) Home > User Manager > Authentication Server > RADIUS > 802.1x
Select Enable to use the 802.1x feature. The DSA-3100 supports integrated single sign-on when used with 802.1x enabled access points. By using the integrated RADIUS proxy function in the DSA-3100, users can use the EAP methods such as EAP-MD5 or EAP-TLS to login and get the service depending on the authentication methods which the backend RADIUS server and APs support.
The assumption, for this scenario, is that the network administrator has configured an EAP-enabled RADIUS server like Microsoft Internet Authentication Service on Windows 2000 or .NET Server 2003. If EAP-TLS is required for the dynamic key exchange, Microsoft Certification is also required. It is also recommended that the system administrator perform an authentication test to make sure everything is correct before connecting the network to the DSA-3100. (802.1x is available only when RADIUS is selected here, under Home>User Manager>Authentication Server in the DSA-3100 Configuration).
To utilize 802.1x, all the devices on the network must be 802.1x and EAP enabled. The APs and the RADIUS server must share the same secret word, and the DSA-3100 and the RADIUS server must share the same secret word. Configuring network devices for use with 802.1x:
To use 802.1x, please configure the RADIUS server, the access points and the DSA-3100 as follows : RADIUS server: The system administrator should create a client account for the DSA-3100 first and define the required secret. (We suggest that you use a different one than the one the APs are using). The RADIUS server is capable of mulitple â€śsecret keysâ€ť each assigned to a specific device. In order to participate in the network, each device must share the secret key that has been assigned to it in the RADIUS serverâ€™s configuration. DSA-3100: In the configuration utility, select Home>User Manager>Authentication Server and select RADIUS. Access Points:
When configuring the access point, include the IP address of the RADIUS server in the appropriate field. The corresponding secrets for each AP should match the settings in DSA-3100.
34 Using the Configuration Utility (continued) Home > User Manager > Authentication Server > RADIUS > 802.1x (continued)
Input the IP addresses and secret keys for the devices on the network.
If you are using the 802.1x supplicant provided by Microsoft, the idle time out will be longer than the settings in RADIUS/AP and DSA- 3100. Except for the idle timer, there is no way for the user to logoff from 802.1x Access Point in the current 802.1x implementation by Microsoft.
35 Using the Configuration Utility (continued) Home > User Manager > Authentication Server > LDAP LDAP:
To use LDAP as the authentication method, input the LDAP server IP address or domain name and its LDAP server port. The settings will take effect immediately after you click the Apply button. It is recommended that you restart the DSA-3100 after these changes, if there are any online users. Home > User Manager > Authentication Server > External Web Server
The DSA-3100 can support an external web server which enables the user to put the login page on the external web server and change it at anytime to correspond with customerâ€™s needs. Protocol:
Choose from http or https. Server IP:
External Web servr IP. Server Port:
External Web server Port number. Login Page:
Login page location. Logout Page: Logout page location.
36 Using the Configuration Utility (continued) Advanced > Port and IP Redirect
Up to 10 sets of traffic redirection criteria can be defined through this interface. Clients who try to access a specific destination that matches one of the defined destinations will be forced to a matching redirection target. These settings will take effect immediately after you click the Apply button.
Using the Configuration Utility (continued) Advanced > Pass-Through
To maintain an adequate level of security, each client on the network can be managed. To allow some devices to be unmanaged, input their IP addresses or MAC addresses in this interface. Up to 20 IP addresses and 10 MAC addresses can be assigned unmanaged access. MAC address format is XX:XX:XX:XX:XX:XX Caution: Allowing unmanaged access from specific IP or MAC addresses could adversely affect the security of your network. Advanced > Virtual Server
This feature allows you to define up to 10 virtual servers to enable access to servers connected to the authentication and local network port from outside of the managed network. Depending on the service provided, the service might run on TCP ports, UDP ports or both. Click Enable to activate the rule. Changes to the settings of virtual servers will take effect immediately after you click the Apply button. Note: Each local server connected to the authentication port must also be allowed IP or MAC address pass-through. Please enter its IP or MAC address via the interface shown in the pass-through configuration screen.
Using the Configuration Utility (continued) Advanced > DMZ
If you have multiple IP addresses available to assign to the DSA-3100â€™s WAN interface, you could define up to 10 pairs of Ethernet side (Private IP) and WAN side (Public IP) addresses. The WAN interface will bind the extra public IP addresses automatically. Advanced > Free Surfing Area
To allow users access to a few websites before they log in, enter the IP addresses of those sites in the Free Surfing Area list. Up to 20 sites can be defined. For example, a website that provides introduction and guidance for local facilities and routes or sites with content suitable or appropriate for public viewing could be listed in the Free Surfing Area. Guest users of the network cannot access other parts of the network but could still connect to these sites. These sites provide a free experience but can also indicate other areas of the Internet that can be accessed for an additional fee.
39 Using the Configuration Utility (continued) Advanced > Static Route
In this example, if you want the 192.168.202.0/24 and 192.168.100.0/
24 network to have access to each other, you should add a static route in the DSA-3100 and also in the 192.168.200.253 IP router. These settings show the DSA-3100â€™s static route configurations. Destination Network ID:
Specifies the target network or host IP. In this example we use network 192.168.202.0 as the routed target. Destination Subnet Mask:
Specifies the target subnet mask. In the example, we use the subnet mask 255.255.255.0. Gateway IP
Specifies the IP address of the next hop router. In the Address:
example, we set this to 192.168.0.253 as the 192.168.202.0 network is behind the router. Click Apply:
Always click Apply to save the changes/additions.
e Note: For the static route to work, the next hop route must also have added a static route to forward all 192.168.100.0/24 IP packets to the DSA-3100. After clicking the Apply button, you will see the added route is shown in the current running routing table. Click View Routing table to verify. Every change to the static route settings must be stored by using the Save Setting function, and restarting the DSA-3100.
40 Using the Configuration Utility (continued) Advanced > Firewall
Click the Filter Rule number to enter the firewall page for each filter. The chart on the following page explains each configurable item in detail. Edit the filter rule
Filter rule is a set of fil- ters that determine whether traffic will be allowed to pass be- tween the source and
destination or whether it will be dropped. To display the detail, click the index number in the screen above. Please see the next page for an explanation of the fields in the configuration screen shown above.
41 Using the Configuration Utility (continued) Advanced > Firewall (continued) Filter Description
Gives a name to the IP Filter rule
Check to en- able this rule
Enables this rule if it is marked
Specifies the action to be taken when packets match the rule
Block: Packets matching the rule will be dropped Pass: Packets matching the rule will be passed
Specifies the protocol(s) this filter rule will apply to
Source MAC address (optional)
Source/Destination Interface (IF). You can select WAN port
or LAN port or Authentication port or ALL ports
Source/ Destination IP
Source/Destination IP Address
Source/Destina- tion Subnet Mask
Source/Destination Subnet Mask
Select =(equal), != (not equal),>(greater than), <(smaller than)
Source/Destination Start Port
nation Start Port
Source/Destina- tion End Port
Source/Destination End Port
Using the Configuration Utility (continued) Tools > Monitor IP List Admin E-mail Send From: Enter the E-mail address from which you wish to send the DSA-3100 history log. Send To: Enter the E-mail address here to which you wish to send the DSA-3100 history log. Interval: Enter the interval at which you would like the history to be sent. Monitor IP List
The DSA-3100 can monitor up to 20 IP addresses on the network. The system periodically sends out packets to check the status of the selected network devices by pinging every 30 minutes. If the device cannot be reached, the DSA-3100 will send an E-mail to the admin every 30 minutes. For example: if you specify a device which canâ€™t be reached, the DSA-3100 will Tools > Change Password
send an E-mail to the admin at 1:00, 1:30, 2:00, 2:30, 3:00 etc., until the problem is fixed.
The DSA-3100 provides 2 built-in user accounts: Admin: This user is the administrator of the DSA-3100. Manager: This user has the right to manage a user account, the admin functions are denied. The Admin and the Manager can change their passwords; specify the current password first. The new password must be entered twice. Note:If you lose the administratorâ€™s password, you can change the administratorâ€™s password from the console interface.
43 Using the Configuration Utility (continued) Tools > Upload Upload customer key
To provide a custom key page in order to support a specific certificate, please click Browse to search for the file name for the customer key. Click Apply to upload it onto the DSA-3100. Upload customer certificate
To provide a custom key page in order to support a specific certificate, please click Browse to search for the file name for the customer certificate. Click Apply to upload it onto the DSA-3100. If you want to get back to the default customer certificate page, simply click the Use Default CA button. continued on the next page
44 Using the Configuration Utility (continued) Tools > Upload Login Page
To provide a custom user login page, please specify the file name to upload onto the DSA-3100. If you want to get back to the default user login page, simply click the Use Default Page button. If you want to display the Login page, simply click the Preview button
The uploaded custom login page must contain the following HTML codes to provide users a place to input the user name and password. Required HTML code <form action= â€śuserlogin.shtmlâ€ť method= â€śpostâ€ť name= â€śEnterâ€ť> <input type= â€śtextâ€ť name= â€śmyusernameâ€ť> <input type= â€śpasswordâ€ť name= â€śmypasswordâ€ť> <input type= â€śsubmitâ€ť name= â€śsubmitâ€ť value= â€śEnterâ€ť> <input type= â€śresetâ€ť name= â€śclearâ€ť value= â€śClearâ€ť> </form>
45 Using the Configuration Utility (continued) Tools > Upload Logout Page
To provide a custom user logout page, please click Browse to specify the file name and upload it onto the DSA-3100 by clicking Apply. If you want to get back to the default user logout page, simply click the Use Default Page button. If you want to display the Logout page, simply click the Preview button.
The uploaded custom logout page must contain the following HTML codes to provide users a place to input the user name and password. Required HTML code <form action=â€ťuserlogout.shtmlâ€ť method=â€ťpostâ€ť name=â€ťEnterâ€ť> <input type=â€ťtextâ€ť name=â€ťmyusernameâ€ť> <input type=â€ťpasswordâ€ť name=â€ťmypasswordâ€ť> <input type=â€ťsubmitâ€ť name=â€ťsubmitâ€ť value=â€ťLogoutâ€ť> <input type=â€ťresetâ€ť name=â€ťclearâ€ť value=â€ťClearâ€ť> </form>
46 Using the Configuration Utility (continued) Tools > Upload Tools > Upload Error Page
Upload Error Page: To provide a custom error page, please specify the file name to upload it onto the DSA-3100. If you want to get back to the default user login page, sim- ply click the Use Default Page button. If you want to display the Error Page, simply click the Pre- view button. Tools > Upload Login Succeed Page Upload Login Succeed Page: To provide a custom user â€ślogin okâ€ť page, please specify the file name to upload it onto the DSA-3100. If you want to get back to the default user login page, simply click the Use Default Page button. If you want to display the Login Succeed Page, simply click the Preview Upload Image Files
button. Tools > Upload Logout Succeed Page Upload Logout Succeed Page: To provide a custom user logout page, please specify the file name to upload it onto the DSA-3100. If you want to get back to the default user logout page, simply click the Use Default Page button. If you want to display the Logout Succeed Page, simply click the Preview button. Tools > Upload Image Files
If the user-defined logon interface includes a graphic file, the HTML code of the graphic file path must be the upload graphic file. Enter the path and file name of the graphic file or browse to select the file. The maximum size of the graphic file is 512K. Path of Graphic File in User Logon Interface
After the graphic file is uploaded, the Existing Image Files section will list the graphic files uploaded to the system. You can select or delete any graphic file, and the system will list the size of the graphic file.
Using the Configuration Utility (continued) Tools > System
Allows you to make a backup image and restore the backup copy to the DSA-3100. This page also enables you to restore the DSA-3100 back to the factory default settings. Create Backup Image: Make a backup image file. Restore Setting From File: Browse the hard drive to locate and restore the backup image file. (Important:The image must be created by the DSA-3100.) Reset To Factory Default: Click Reset to restore the DSA-3100 back to the factory default settings. Tools > Firmware
Please click the link in the configuration screen shown here to check for firmware upgrades on the D-Link website. After you download the new firmware file to your hard drive, click Browse and then click Apply to upgrade the firmware. Caution: Firmware upgrades might result in configuration data loss. Some other restrictions might also apply. Please refer to the release notes of new firmware upgrades. Please restart the DSA-3100 using the When the system is administration interface. Do not directly upgrading its firmware, the power it off and on. Restarting the Status LED blinks until DSA-3100 in this way, after a firmware upgrade, done. When finished, the might result in corruption of the DSA-3100 web interface will display a firmware. (Online user sessions will be terminated when the system restarts.) successful message.
48 Using the Configuration Utility (continued) Tools > Misc. Remote Manage IP: Specify 0.0.0.0/ 0.0.0.0 as the IP address here, in order to manage the device from any location. Or you can enter an IP address
to specify a single computer or network. SNMP: The DSA-3100 provides SNMP v2 Read-only (RO) management, â€˘ Manager IP: A trap manager is a management station that receives and processes traps. When you configure a trap manager, assign an IP address to the management station. â€˘ Community: Community strings serve as passwords for SNMP messages, DSA-3100 allows Read-only (RO) access. If you select Enable SNMP, enter the IP address, community string to the field. Proxy Server: Based on DSA-3100 security management, only port 80 is allowed (it will appear on logon webpage). If you have built a Proxy Server in your network environment, and the userâ€™s browser is set to Proxy, you must set your External Proxy Server IP Address and Proxy Port here in order to have proper operations in the Proxy network environment. These settings will be effective immediately after you click Apply. DoS protection for user: The DSA-3100 protects users against various hacker attacks including NMAP FIN/ URG/PSH, Xmas Tree, SYN/RST, Ping of Death, Null Scan, and SYN/FIN.
Using the Configuration Utility (continued) Tools > Restart
Reboots the DSA-3100. It takes about 75 seconds for the DSA-3100 to reboot. If you have to turn off the power of the DSA-3100 for some time, please reboot it, and after you hear a beep, remove the power adapter. Note:On-line user sessions will be terminated when the system restarts. Status > Device Info
This feature displays a system configuration summary. For a chart defining each term, please see the following page.
50 Using the Configuration Utility (continued) Status > Device Info (continued)
Current Firmware Version
Displays the current firmware version
System name; DSA-3100 is the default
Information about the admin
The URL that appears after a successful user
loginâ€“usually a corporationâ€™s homepage
External Syslog Server
Shows the IP address and the Port of the
Console Port Baud Rate
The IP address that connects to the WAN port
for configuring the DSA-3100
The system will keep user login information
for 3 days
E-mails the traffic history file to this address
External Time Server
Used for clock synchronization
Displays Greenwich time
Idle Logout Timer
When disabled, it disallows a single user from
logging in multiple times
Displays the user account authentication
Displays guest account status
Preferred DNS server
DNS server IP address (Primary).
Alternate DNS server
DNS server IP address (Secondary).
51 Using the Configuration Utility (continued)
With this feature, you can get Interface management information about the WAN port, Authentication port, and Local Network port. For more detail see the following page: Status > Interface
52 Using the Configuration Utility (continued) Status > Interface (continued)
53 Using the Configuration Utility (continued) Status > Current Users
With this feature, you can get information about online users including Username, IP, MAC, packet count, byte count and idle time. It also allows the administrator to force an on-line user to get off-line by clicking the log out link beside a userâ€™s data. Status > Traffic History History E-mail The DSA-3100 keeps traffic history in its volatile memory. To have the traffic history sent to you automatically, enter your E-mail address in the History E-mail field and the period of time between two history files Access History IP Specify an IP address that allows the billing system to connect to the DSA-3100 via this IP address to get history information for billing. External Syslog Server Specify the IP address and the Port of the External Syslog server.
54 Using the Configuration Utility (continued) Help
This feature provides online instructions for operating the DSA-3100, you can click the hyperlink for a more detailed description.
55 Networking Basics Using the Network Setup Wizard in Windows XP
In this section you will learn how to establish a network at home or work, using Microsoft Windows XP. Note: Please refer to websites such as http://www.homenethelp.com and http://www.microsoft.com/windows2000 for information about networking computers using Windows 2000, ME or 98.
Go to Start>Control Panel>Network Connections Select Set up a home or small office network
When this screen appears, Click Next.
Networking Basics (continued)
Please follow all the instructions in this window:
In the following window, select the best description of your computer. If your computer connects to the internet through a gateway/router, select the second option as shown.
Networking Basics (continued)
Enter a Computer description and a Computer name (optional.)
Enter a Workgroup name. All computers on your network should havethesame Workgroup name.
Networking Basics (continued)
Please wait while the Network Setup Wizard applies the changes.
When the changes are complete, Click Next.
Please wait while the Network Setup Wizard configures the computer. This may take a few minutes.
Networking Basics (continued)
In the window below, select the option that fits your needs. In this example, Create a Network Setup Disk has been selected. You will run this disk on each of the computers on your network. Click Next.
Insert a disk into the Floppy Disk Drive, in this case drive A.
Networking Basics (continued)
Please read the information under Hereâ€™s how in the screen below. After you com- plete the Network Setup Wizard you will use the Network Setup Disk to run the Network Setup Wizard once on each of the computers on your network. Click Next.
61 Networking Basics (continued)
Please read the information on this screen, then click Finish to complete the Network Setup Wizard.
The new settings will take effect when you restart the computer. Click Yes to restart the computer.
You have completed configuring this computer. Next, you will need to run the Net- work Setup Disk on all the other computers on your network. After running the Net- work Setup Disk on all your computers, your new wireless network will be ready to use.
Networking Basics (continued) Naming your Computer
To name your computer In Windows XP, please follow these directions:
Click Start (in the lower left corner of the screen) Right-click on My Computer
Select the Computer Name Tab in the System Properties window.
You may enter a Com- puter Description if you wish; this field is optional.
To rename the computer and join a domain, click Change.
63 Networking Basics (continued) Naming your Computer (continued)
In this window, enter the Computer name.
Select Workgroup and enter the name of the Workgroup.
All computers on your network must have the same Workgroup name.
Click OK Checking the IP Address in Windows XP
The adapter-equipped computers in your network must be in the same IP Address range (see Getting Started in this manual for a definition of IP Address Range.) To check on the IP Address of the adapter, please do the following:
Right-clickon the Local Area Connectionicon in the task bar
64 Networking Basics (continued) Checking the IP Address in Windows XP (continued)
This window will appear.
Click the Support tab
Click Close Assigning a Static IP Address in Windows XP/2000 Note: Residential Gateways/Broadband Routers will automatically assign IP Addresses to the computers on the network, using DHCP (Dynamic Host Configuration Protocol) technology. If you are using a DHCP-capable Gateway/Router you will not need to assign Static IP Addresses.
If you are not using a DHCP capable Gateway/Router, or you need to assign a Static IP Address, please follow these instructions:
Go to Start
Click on Control Panel
65 Networking Basics (continued) Assigning a Static IP Address in Windows XP/2000 (continued)
Double-click on Network Connections
Right-click on Local Area Connections
Click on Properties
Networking Basics (continued) Assigning a Static IP Address in Windows XP/2000
Click on Internet Protocol (TCP/IP)
Input your IP Address and subnet mask. (The IP Addresses on your network must be within the same range. For example, if one computer has an IP Address of 192.168.0.2, the other computers should have IP Addresses that are sequential, like 192.168.0.3 and 192.168.0.4. The subnet mask must be the same for all the computers on the network.)
Input your DNS server addresses. (Note: If you are entering a DNS server, you must enter the IP Address of the Default Gateway.) The DNS server information will be supplied by your ISP (Internet Service Provider.)
Networking Basics (continued) Assigning a Static IP Address with Macintosh OSX
Go to the Apple Menu and se- lect System Preferences
cClick on Network
Select Built-in Ethernet in the Show pull-down menu
Select Manually in the Configure pull-down menu
Input the Static IP Address, the Subnet Mask and the Router IP Address in the appropriate fields
Click Apply Now