4IPNET HSG260, User Manual

Page 1: ...V1 20 HSG Series Wireless Hotspot Gateway ...

Page 2: ...ssion of 4IPNET INC Disclaimer 4IPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others 4IPNET further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Tradema...

Page 3: ...AN Port 11 3 2 1 Static IP 12 3 2 2 Dynamic 12 3 2 3 PPPoE 13 3 2 3 PPTP 14 3 3 Internet Connection Detection 15 3 4 WAN Bandwidth Control 16 3 5 What is a Service Zone 17 3 5 1 Port Role Assignment 18 3 5 2 Planning Your Internet Network 20 3 5 3 Configure Zone Network 21 4 Let Your Network Be a Wireless Network 23 4 1 System Wireless General Settings 23 4 2 Zone Wireless Settings 25 4 3 Zone Wir...

Page 4: ... 77 7 3 2 Privilege MAC 78 7 3 3 Privilege IPv6 78 7 4 Disable Authentication in Public Zone 79 8 User Login and Logout 80 8 1 Before Login 80 8 1 1 Login with SSL 80 8 1 2 Internal Domain Name with Certificate 81 8 1 3 Walled Garden 83 8 1 4 Walled Garden AD 84 8 2 After Login 85 8 2 1 Start Page URL after Successful Login 85 8 2 2 Idle Timer 86 8 2 3 Multiple Login 87 9 Networking Features of a ...

Page 5: ...ing Table 112 11 1 4 Current Users 113 11 1 5 Session List 114 11 1 6 User Log 114 11 1 7 Local User Monthly Network Usage Report 117 11 1 8 System Related Logs 118 11 1 9 DHCP Lease 118 11 2 Notification 120 11 2 1 E Mail 121 11 2 2 SYSLOG 122 11 2 3 FTP 123 12 Advanced Applications 125 12 1 Upload Download Local User Accounts 125 12 2 RADIUS Advanced Settings 127 12 3 Roaming Out 128 12 4 Custom...

Page 6: ... 40 HSG320 Up to software version 1 20 HSG327 Up to software version 1 20 1 2 Document Conventions Caution Represents essential steps actions or messages that should not be ignored Note Contains related information that corresponds to a topic Indicates that clicking this button will apply all of your settings Indicates that clicking this button will clear what you have set before the settings are ...

Page 7: ...al and QIG x 1 Quick Installation Guide QIG x 1 Ethernet Cable x 1 Console Cable x 1 Not included for HSG327 Power Adapter DC 5V x 1 HSG260 Power Adapter DC 12V x1 HSG320 Detachable antenna x 2 for HSG260 and x 4 for HSG320 Caution It is highly recommended to use all the supplies in the package instead of substituting any components with other suppliers to guarantee best performance ...

Page 8: ...0 dust proof HSG260 HSG320 or ceiling mountable HSG327 housing 2 2 System Concept The HSG gateway is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external RADIUS database server Featured with user authentication and integrated with external payment gateway the HSG gateway allows users to easily pay ...

Page 9: ... For attaching an Ethernet cable to an uplink service 3 LAN 1 4 ports Attach Ethernet cables here for connecting to the wired local network 4 USB 2 0 port Reserved for future use 5 Console port Attach the serial cable here to access console interface 6 5V 2 A Attach the power adapter here 7 Reset button Press once to restart the system Press and hold for more than 5 seconds to reset to factory def...

Page 10: ...dy 5 Wireless LED On indicates wireless network interface is ready for service 6 WAN LED On indicates that WAN uplink connected 7 LAN1 4 LED Indicates the connection status of each LAN 8 USB LED Indicates the status of USB connection USB port reserved for future use 9 WES LED For indicating WDS connection status Master Slave WES Start LED Green OFF and then BLINKING SLOWLY LED Red OFF and then BLI...

Page 11: ...ress the button to build up a WDS link with another peer 2 WDS links can be set up per RF card 4 LED Indicators 6 indicators that displays the states of 6 various functions or progresses The numbers are explained on the leftmost side of the rear panel 5 WAN For attaching an Ethernet cable to an uplink service PoE Power over Ethernet is supported for the WAN port 6 LAN Ports 1 2 The ports for conne...

Page 12: ...nds to reset to factory default 3 WES Button WDS Easy Setup Press the button to build up a WDS link with another peer 4 LED Indicators 4 LED lights are available What the numbers stand for is listed at the bottom of the panel 5 WAN For attaching an Ethernet cable to an uplink service PoE Power over Ethernet is support for the WAN port 6 LAN Ports 1 2 Attach Ethernet cables here to connect to the w...

Page 13: ...modem a switch or a hub The WAN LED indicator should be ON to indicate a proper connection 4 Connect the HSG gateway to your PC Connect one end of the Ethernet cable to the LAN1 port of the HSG gateway on the rear panel Connect the other end of the cable to a PC for configuring the system The LAN1 LED indicator should be ON to indicate a proper connection Note The HSG gateway has two virtual Priva...

Page 14: ...d for users Note The instructions below are illustrated with the administrator PC connected to LAN1 To access the web management interface connect a PC to LAN1 Port and then launch a browser Make sure you have set DHCP in TCP IP of your PC to Obtain an IP address automatically The default gateway IP address is the default gateway IP address of Private Zone 192 168 1 254 Next enter the gateway IP a...

Page 15: ...ion If you can t get to the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please set your PC with a static IP address such as 192 168 1 xx in your network and then try it again ...

Page 16: ...ernet Thus the first step is to prepare an Internet connection from your ISP Internet Service Provider and connect it to the WAN port of the HSG gateway 3 2 Configure WAN Port There are 3 connection types for the WAN Port Static Dynamic and PPPoE These connection types are enough to support most ISPs Now let us discuss how to configure the WAN port Go to System WAN The parameters related to each c...

Page 17: ...bnet Mask The subnet mask of the WAN port Default Gateway The gateway of the WAN port Preferred DNS Server The primary DNS Server of the system Alternate DNS Server The substitute DNS Server of the system This is an optional field 3 2 2 Dynamic Dynamic It is only applicable for the network environment where the DHCP server is available upstream of the system Click the Renew button to get an IP add...

Page 18: ...to connect to the network please set the Username Password MTU and Clamp MSS There is a Dial on demand function under PPPoE If this function is enabled a Maximum Idle Time slot will be available for inputting a value When the idle time is reached the system will automatically disconnect itself ...

Page 19: ...ateway ENGLISH 14 3 2 3 PPTP PPTP Although not a popular method PPTP protocol for dialup connections is adapted by some ISPs in European Countries Your PPTP ISP will issue you an account with a password as well as the PPTP server address ...

Page 20: ...Detection When this function is enabled system will try to access these IP Domain addresses if system can reach these IP Domain addresses it means that the outbound Internet connection is in normal state On the other hand there is a textbox available for the administrator to enter a message reminder This reminder will appear on clients screens when Internet connection is down ...

Page 21: ...WAN interface These parameters set here should not exceed the real bandwidth provided by your ISP For example if your xDSL is 8Mbs 640kbs you may input values equal to or less than the speed here Available Bandwidth on WAN Interface Uplink It specifies the maximum uplink bandwidth that can be shared by clients of the system Downlink It specifies the maximum downlink bandwidth that can be shared by...

Page 22: ...blic 1 Public 2 and Public 3 as shown in the table below Private Zone means clients are not required to be authenticated before using the network service However clients in Public Zone are required to obtain authentication before using the service Service Zone Name Mnemonic name of the Zone Applied Policy Current Policy that is applied to Zone Default Authen Option Default authentication method se...

Page 23: ...ork disabled by default whether it is via wired and wireless connection In the Public Zones the Authentication Required for Zone option is enabled by default so clients have to be authenticated successfully before surfing the Internet There are two types of deployment mode for networks attached to the LAN ports of the WHG Controller Port Based mode and Tag Based mode Configuration Path Main Menu S...

Page 24: ... LAN port to accept traffic for any enabled Service Zones Traffic handling will be processed internally according to the VLAN ID traffic packets carry Note System s WMI can also be accesses via WAN port as long as the administrator uses an IP address listed on the Management IP Address List Go to System General Management IP Address List If both WAN and LAN ports are unable to reach the WMI please...

Page 25: ... to access the internet disabled by default via wired and wireless In the Public Zones by default the Authentication Required for Zone option is enabled so clients are required to be authenticated successfully before surfing the Internet Administrator can access the Web Management Interface WMI of the HSG through the wired LAN port Note that Public Zones SZ2 and SZ3 are disabled by default and can...

Page 26: ... four Zones are the same The wireless settings under each zone will be covered in the next section Network Interface o Operation Mode Contains NAT mode and Router mode When NAT mode is chosen service zone runs in NAT mode When Router mode is chosen this zone runs in Router mode o IP Address The IP Address of this zone o Subnet Mask The subnet Mask of this zone DHCP Server Related information neede...

Page 27: ... the HSG admin page after the default IP address of the network interface is changed o Preferred DNS Server The primary DNS server that is used by this Zone o Alternate DNS Server The substitute DNS server that is used by this Zone o Domain Name Enter the domain name for this zone o WINS Server The IP address of the WINS Windows Internet Naming Service server if WINS server is applicable to this z...

Page 28: ...ming wireless adapters Select Enable for Short Preamble or Disable for Long Preamble Short Guard Interval 802 11g n and 802 11a n only The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference With 802 11n short guard interval is half of what it is used to be to increase throughput Select Enable to use Short Guard Interval or Disable to use...

Page 29: ...ower as you wish DTIM Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will let the wireless client save energy but the throughput will be decreased worsened ACK Timeout The time interval for waiting for the acknowledgement ACK frame If the ACK is not received within the interval then the packet will be re transmitted Higher ACK Timeo...

Page 30: ...te Zone or use the default the ESSID of Private Zone will not be broadcast and internal staff will need to associate to Private Zone s VAP1 manually Security Configure the wireless network under Private Zone with security encryption to prevent unauthorized wireless association if necessary The supported encryption standards are WEP and WPA PSK Advanced The parameters in Advanced are wireless setti...

Page 31: ...ce video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only IGMP Snooping IGMP is a multicast constrainin...

Page 32: ...hold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Broadcast SSID Enable to broadcast VAP2 s SSID in the air Disable to hide ...

Page 33: ...hows an example of VAP Settings for VAP1 and VAP2 Security For each zone administrators can set up the wireless security profile it includes WEP and WPA PSK WEP o 802 11 Authentication Select from Open System or Shared Key o WEP Key Length Select from 64 bit 128 bit 152 bit key length o WEP Key Format Select from ASCII or Hex format for the WEP key o WEP Key Index Select a key index from 1 4 The W...

Page 34: ... the time unit is in seconds WPA Personal o Cipher Suite Select an encryption method from WPA2 WPA2 WPA Mixed o Pre shared Key Pass phrase Enter the key value for the pre shared key or pass phrase o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds WPA Enterprise o Cipher Suite Select an encryption method from WPA2 WPA2 WPA Mixed o Group Key Upda...

Page 35: ...rs a firewall function that is tailored specifically for Layer2 traffic providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured in Policies this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Generic Firewall Rules Pre...

Page 36: ...Generic Firewall Rules You can choose to enable or disable the wireless Generic Firewall This section provides an overview of firewall rules for the system s wireless interface 6 default rules with up to a total 10 firewall rules are available for configuration ...

Page 37: ...rt Before denotes to insert a rule before the current rule and Delete denotes to delete the rule To edit a specific rule Edit in Operation column of firewall rules will lead to the following page for detailed configuration On this page the rule can be edited from an existing rule for revision Rule Number The numbering of this specific rule will decide its priority among available firewall rules on...

Page 38: ...AC MASK indicate the ARP payload fields when EtherType is ARP Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC MASK indicate the ARP payload fields when EtherType is ARP When the configurations are made please click Apply to let the firewall rule take effort To insert a specific rule Inserting Before i...

Page 39: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 34 Please make sure all the desired rules are checked as Active and click the Apply button below on the overview page ...

Page 40: ...delete firewall service protocols here the services on this list will become available drop down options to choose from in firewall rule when EtherType is IPv4 The first 27 entries are default services and the administrator can add any extra desired services These 27 default firewall services cannot be deleted but can be disabled ...

Page 41: ...on when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHCP traffic any client with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static List o Broadcast can be enabled to let other AP with L2 firewall feature learn the trusted MAC IP pairs to issue AR...

Page 42: ... access networks with any specified identity token on the login page Click on the Authentication Options to configure Auth Option Set a name for the authentication databases by using numbers 0 9 alphabets a z or A Z dash underline _ space and dot only This name is used for the administrator to easily identify the authentication options such as HQ RADIUS Postfix A postfix represents the authenticat...

Page 43: ...er account leads to a page for configuration Add User Click this button to enter the Adding User s to the List interface Fill in the necessary information such as Username Password MAC Address Remark and login Schedule Select a desired Group to classify local users Click Apply to complete adding the user s MAC address of a networking device can be bound with a local user as well It means this user...

Page 44: ...Click this button to delete all the users at once or click Delete hyperlinked to delete a specific user individually Edit User If in need of editing click the desired user account on Local User List to enter the User Profile Interface for that particular user and then modify or add information such as Username Password MAC Address optional Applied Group optional and Remark optional An expiration t...

Page 45: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 40 Date can be selected Click Apply to complete the modification ...

Page 46: ...e of RADIUS servers for further configuration The RADIUS server sets the external authentication for user accounts Enter the information concerning the primary server and or the secondary server the secondary server is not mandatory The fields with red asterisks are necessary information These settings will become effective immediately after clicking Apply ...

Page 47: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 42 ...

Page 48: ...ount Delay Time This attribute adds flexibility for the HSG to process accounting requests in the time specified Default is set at 0 Service Type This attribute indicates the type of service the user has requested or the type of service to be provided required for some RADIUS servers that only accepts specified service types Class Group Mapping This function is to impose a Group on a RADIUS class ...

Page 49: ...er the Port number used for accounting Authentication Secret Key Secret Key used for authentication Accounting Service Enable Disable RADIUS accounting Accounting Server Enter the domain name or IP of your accounting server Authentication Protocol Select Challenge Handshake Authentication Protocol CHAP or Password Authentication Protocol PAP Accounting Secret Key The key between the RADIUS server ...

Page 50: ...reate on demand user accounts This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment Major functions include accounts creation users monitoring list billing plan and external payment gateway support 1 General Settings This is the common setting for the On demand User authentication option ...

Page 51: ...al Server Configuration is a list of serial to Ethernet devices that communicate with the system only there is no need to go online or go through authentication process Enter the device IP and the port number into the respective fields For each Terminal Server a template created in Ticket Template Customization may be applied to the selected Billing Plans Simply check the checkbox corresponding to...

Page 52: ...et by uploading your own background image for the ticket or choose none Click Edit to select the image file and then click Upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended Number of Tickets Enable this function to print duplicate receipts Another Remark field will appear when the Number of Ticket is selecte...

Page 53: ... Simplified Chinese and Traditional Chinese Length of Password Administrators have the option of a 4 character password or an 8 character password Type There are 4 ticket types for different billing plans Usage Time with Expiration Type I Usage Time without Expiration Type IV Volume Type I Hotel Cut Off Time Type III Duration Time with Begin End Time Type II Duration Time with Cut Off Time Type II...

Page 54: ...d users are allowed to access the network Price The unit price charged for buying an account from this billing plan Enable Check the checkbox to activate the plan Group Users under this billing plan will be classified under this group The default value is Group 1 Function Click the Edit button to add one billing plan For detailed information regarding on demand accounts and billing plan configurat...

Page 55: ...Gateway ENGLISH 50 6 SMS Gateway The HSG supports integration with Clickatell SMS Gateway to send SMS messages during account generation This function may be enabled for either paid services such as Paypal or for Free account generation ...

Page 56: ...single on demand user accounts here Click this to enter the On demand Account Creation page Click Create from the desired plan to create an on demand account The username and password of to be created on demand account is configurable Select Manual created in Username Password Creation and administrator can enter a desired username and password for the on demand account In addition an External ID ...

Page 57: ...bled Function Press Create for the desired plan and Creating an On demand Account will appear for creation 8 On demand Account Batch Creation After at least one billing plan is enabled the administrator can generate multiple on demand user accounts at once with batch creation For potential hotspot operators who may wish to pre generate guest accounts for sale On demand feature has a batch create f...

Page 58: ...ator Username To manually create a username the Prefix and Postfix can be chosen The serial number increases at single increments when batch accounts are created Password Passwords are customizable and can be created randomly by system or self created by administrator Valid Period Shows when the account will expire Total Price For each plan this is the unit price charged for an account Unit Number...

Page 59: ...nistrator wish to configure different account types for generation please modify billing plan no 1 Only supports normal font for ticket customization 10 On demand Account List All created On demand accounts are listed and related information is also provided Search Enter a keyword of a username External ID or reference to be searched in the text file and click this button to perform the search All...

Page 60: ...ey are running out of quota they can use the redeem function to extend their quota After the user has got or bought a new account they just need to click the Redeem button in the login success page to enter Redeem Page input the new account Username and Password and then click Enter This new account s quota will be extended to the original account However the Redeem function can only be used with ...

Page 61: ...ccount Access Time is set to Limited Administrators can choose to set the Quota and Reactivation Time The server remembers the MAC address of the user Hence the user can only get a new Free authentication account after the reactivation time has been reached An Access Limit may also be applied to a client to restrict clients from misuse When Email Verification is enabled Free Account users get an E...

Page 62: ...tication option set a postfix that is easy to distinguish e g Local users according to different authentication servers The acceptable characters are numbers 0 9 alphabet a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Beside the users managed by Default Authentication all the other ones with different servers should log into the system wi...

Page 63: ...re and then click Login If the Remember Me checkbox is checked the browser will store the username and the password on the current computer in order to automatically login to the system at the next login Then click the Login button The Remaining button on the User Login Page is for on demand users only this is where they can check their Remaining quota 3 Successful The Login Success Page indicates...

Page 64: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 59 ...

Page 65: ...er access control User accounts that appear on the black list will be denied of network access The administrator can use the pull down menu to select the desired black list Select Black List There are 5 black list profiles available for utilization Name Set the black list name and it will show on the pull down menu above Add User s Click the Add User s button to add users to the selected black lis...

Page 66: ...he Remark blank not required click Apply to add the users If a user needs to be removed from the black list click the user s Delete button and or use click Del All button to remove all users from the black list After the Black List editing is completed You can select the Black List in each Authentication Server to make the list effective ...

Page 67: ...olicy The HSG supports multiple Policies including one Global Policy and 5 individual Policies Global Policy is the system s universal policy and is applied to all clients unless the clients are bounded by another policy Individual Policy can be defined and applied to different authentication server A client logging in with this authentication server will be bound by the corresponding Policy If no...

Page 68: ...imum sessions per user here Policy 1 Policy 5 Beside Global Policy Policy 1 to Policy 5 each consists of access control profiles that can be respectively configured and applied to a certain authentication server or user Select Policy Select a desired policy profile to configure Firewall Profile Each Policy has a firewall service list and a set of firewall profiles consisting of firewall rules QoS ...

Page 69: ...in Hours list This function is used to limit the time when clients can log in Check the desired time slot checkboxes and click Apply to save the settings These settings will become effective immediately after clicking Apply Administrator can also choose to Enable or Disable Auto logout when a user exceeds the permitted login hours Up to 5 profiles can be configured ...

Page 70: ...ustom Service Protocols There are predefined service protocols available for firewall rule editing The administrator is able to add new custom service protocols by clicking Add and delete the added protocols individually or with Select All followed by Delete operation Caution The Predefined Service Protocols can not be deleted Click Add to add a custom service protocol The Protocol Type can be def...

Page 71: ...these protocols Firewall Rules for IPv6 is also supported o Firewall Rules Click Rule No to edit individual rules and click Apply to save the settings The rule status will be shown on the list Check the Active checkbox and click Apply to enable the rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block ...

Page 72: ...ring is supported but Domain Host filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filtering o Service Protocol These are defined protocols on the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy a...

Page 73: ...e the following parameters Group Total Downlink Defines the maximum bandwidth allowed to be shared by clients Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client The Individual Maximum Downlink cannot exceed the value of Group Total Downlink Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client...

Page 74: ... Route Profile The Specific Default Route is used to control clients to access some specific IP segment by the specified gateway Specific Routing can be set up for the Global Policy and up to 5 profiles can be configured o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate...

Page 75: ...Address and Subnet Mask that have just been entered and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination ...

Page 76: ...fined in each Policy except Global Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway o Enable Check Enable box to activate this function or uncheck to deactivate it o Default Gateway IP Address You may need to fill in the IP address of the default gateway ...

Page 77: ...cated users users on a non authenticated port privileged users and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users When the number of a user s sessions reach the session limit a choice of Unlimited 10 25 50 100 200 350 500 750 and 1000 the user will be implicitly suspended upon receipt of any new connection request In this case a record wil...

Page 78: ...t After the setup accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address These settings will become effective immediately after clicking the Apply button The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN that will change dynamically if WAN Interface is Dynamic When Automatic WAN IP Assig...

Page 79: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 74 ...

Page 80: ...ces outside the managed network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the service type In the Enable column check the desired server to enable These settings will...

Page 81: ...re the Privilege List go to Network Privilege Setup the Privilege IP Address List Privilege MAC Address List and the Privilege IPv6 Address List The clients accessing the internet via IP addresses and or networking devices on the list can access the network without any authentication ...

Page 82: ...k without authentication enter the IP addresses of these workstations in Granted Access by IP Address The Remark field is not necessary but is convenient for keeping track The HSG allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply Caution Permitting specific IP addresses to have network access rights without going through standard authen...

Page 83: ... clicking Apply Caution Permitting specific MAC addresses to have network access rights without going through standard authentication process under Public zone may cause security problems 7 3 3 Privilege IPv6 Privilege IPv6 Address List In addition to the Privilege IP List MAC address List the privilege IPv6 List allows the IPv6 address of the workstations that need to access the network without a...

Page 84: ...ntication in Public Zone To disable Authentication in Public Zone go to System Service Zones click Configure in Public Zone Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to the network within Public Zone ...

Page 85: ... the use of Secure Socket Layer SSL or Transport Layer Security TLS as a sub layer under regular HTTP application layering HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server The HTTPS Protected Login function makes the client s login more secure Enable it to activate https encryption or disable it to activate http non encryption login page ...

Page 86: ...as the domain name To Configure Certificate go to Utilities Certificate and choose Upload Certificate from the scroll down menu Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the s...

Page 87: ...nual HSG Wireless Hotspot Gateway ENGLISH 82 Without a valid certificate users may encounter the following warning when trying to open the login page Click Continue to this website to access the user login page ...

Page 88: ... for users to access the websites listed here before login and authentication Up to 20 addresses or domain names of the websites can be defined on this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the IP Address or Domain Name of the website on the list and click Apply to save the settings ...

Page 89: ...e displayed on the user s login page Enter all items or make changes by clicking the Edit button click Apply the items will be added and shown on the list URL Enter the URL of the advertisement website Topic Enter the content of the hyperlink for instance if you enter Google in this field on the user login page a hyperlink of Google will be displayed Description Any additional message for administ...

Page 90: ...the Start Page URL after a successful user login go to System General When this function is enabled the administrator can choose to set the URL of an opened browser after users initial login When this function is set to None after users logged in successfully users will simply use the original homepage set on the users browsers ...

Page 91: ... 2 2 Idle Timer To configure Idle Timer go to Users Additional Control If a user has idled with no network activities the system will automatically kick the user out The logout timer can be set between 1 1440 minutes and the default idle time is 10 minutes ...

Page 92: ...otspot Gateway ENGLISH 87 8 2 3 Multiple Login To configure Multiple Login go to Users Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users ...

Page 93: ...me allowing the administrator to easily access the HSG gateway s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply DDNS Enable or disable this function Provider Select the DNS provider Host name The IP address domain name of the WAN port Username E mail The register...

Page 94: ...sted here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type The administrator is able to select whether the forwarding is done before or after client authentication Select Yes for Auth Before Forwarding if an Ext...

Page 95: ...time automatically Universal Time is Greenwich Mean Time GMT Manual setup is another option to set up the system time if you choose to set up the system time manually please enter the Year Month Day the current time and click Apply to activate the changes NTP Server Mode When Enabled Access Points and devices in the Local Area Network of the gateway would be able to use the gateway as a NTP Server...

Page 96: ...terface For example 10 2 3 0 24 means that as long as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page For network security remote console access is blocked by default Only when nec...

Page 97: ...rvice 10 3 IP Address for Accessing User Log To configure User Log Access IP History go to System General Specify an IP address of the administrator s computer or a billing system to get billing history information of the HSG with the predefined URLs The file name format is yyyy mm dd such as the following Traffic History https 10 2 3 213 status history 2012 02 10 On demand History https 10 2 3 21...

Page 98: ...eway ENGLISH 93 10 4 SNMP To configure SNMP go to System General The HSG supports SNMP v1 v2c If this function is enabled the SNMP Management IP and the Community string can be assigned for SNMP management applications to access the system ...

Page 99: ...name and password are as follows Admin The administrator can access all configuration pages of the HSG Username admin Password admin After a successful login to the HSG a web management interface with a Home manual will appear Admin is classified under Super Group with all access and configuration authorities Super Group members can generate other administrative accounts Manager OnDemand Manager a...

Page 100: ...igured here to facilitate additional security The following parameters can be configured Password Complexity Admin Login Retry Times Password Expire and Admin Login Reuse Times There are three other default Administrative Account groups with predetermined permission settings and these permission settings can be customized ...

Page 101: ...nd User to create new on demand user accounts and print out the on demand user account receipts OnDemand Manager The OnDemand Manager can only access the application programming interface and generate on demand user accounts from the API There are three additional custom groups for administrators to customize permission settings Note To logout simply click the Logout icon on the upper right corner...

Page 102: ...t Utilities Administrator Account Clicking on the hyperlink of the Name allows the administrator to change passwords The administrator can change the passwords here Click Admin name on the Admin List Enter original and new password and click Apply to activate the new password Note Only admin has the authority to change password Caution If the administrator s password is lost the administrator s pa...

Page 103: ...G settings Also the HSG can be restored to the factory default settings here Backup System Settings Click Backup to create a db database backup file and save it on disk Restore System Settings Click Browse to search for a db database backup file created by the HSG and click Restore to restore to the same settings at the time when the backup file was saved Reset to Factory Default Click Reset to lo...

Page 104: ...w firmware s WMI interface appears Note After clicking Apply the system will begin uploading the chosen firmware into the system Once the upload process is complete the system will restart to activate the new firmware The entire process may take a few minutes until the new firmware WMI appears When restart is complete system will not lease IP So please use static IP PC to upgrade system firmware C...

Page 105: ...e system can be entered for record purposes Click YES to restart the HSG click NO to go back to the previous screen Do NOT power off during system restart as this might damage the system If the power needs to be turned off it is highly recommended to restart the HSG first and then turn off the power after completing the restart process Caution The connection of all online users to the system will ...

Page 106: ...ake on LAN feature by entering the MAC address of the target device and then press Wake Up button Ping is to see whether a destination host is reachable and alive by entering the destination host s domain name or IP address and then press Ping button Trace Route displays the actual route taken to reach the destination host Entering the destination host s domain name or IP address and then press St...

Page 107: ...nd click Wake Up to execute this function 10 10 2 Ping It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not 10 10 3 Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name 10 10 4 Show ARP Table It allows administrator to view the IP to Physical address tr...

Page 108: ...of the IP addresses on the list On each monitored item with a WEB server running administrators may add a link for easy access by entering the IP selecting the Protocol to http or https and then clicking Create After clicking Create the IP address will become a hyperlink and administrators can easily access the host remotely by clicking the hyperlink Click the Delete button to remove the hyperlink...

Page 109: ...he Enter key to make selection or confirm what you enter 3 Once the console port of the HSG is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or main menu should a...

Page 110: ...s unable to use Web Management Interface via browser when the system fails inexplicitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again Synchronize clock with NTP server Immediately synchronizes the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup fo...

Page 111: ...an still use the null modem to connect to the console management interface and set the administrator s password again Reload factory default Choosing this option will reset the system configuration to factory defaults Restart the HSG Choosing this option will restart the HSG Caution Although it does not require a username and password for the connection via the serial port the same management inte...

Page 112: ...ection includes System Interface Routing Table Current Users Session List User Logs Logs DHCP Lease and Report Notification to provide system status information and online user status 11 1 1 System Status To view System Status go to Status System This section provides an overview of the system for the administrator ...

Page 113: ...erver Warning of Internet Disconnection Shows whether the status for the connection at WAN is normal or abnormal Internet Connection Detection and all online users are allowed disallowed to log in the network SNMP Shows status of option to enable or disabled system info retrieval via SNMP protocol User Log The maximum number of days for the system to retain the users information SNMP The email add...

Page 114: ...reless Hotspot Gateway ENGLISH 109 11 1 2 Interface Status To view Interface Status go to Status Interface This section provides an overview of the interface for the administrator including WAN Zone Private and Zone Public ...

Page 115: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 110 ...

Page 116: ...ss The MAC address of the zone IP Address The IP address of the zone Subnet Mask The Subnet Mask of the zone IPv6 Address The IPv6 address of the zone if applicable Zone DHCP Status Enable disable stands for the status of the DHCP server in this zone WINS IP Address The WINS server IP on DHCP server N A means that it is not configured Start IP Address The start IP address of the DHCP IP range End ...

Page 117: ...ting rules specified by each interface The following depicts an image for the IPv4 Routing Table Policy 1 5 Shows the information of the individual Policy from 1 to 5 Global Policy Shows the information on the Global Policy System Shows the information on the system administration Destination The Destination IP address Subnet Mask The Subnet Mask of the IP address range Gateway The Gateway IP addr...

Page 118: ...line user by clicking the hyperlink of Kick Out Click Refresh to update the current users list Non Login Devices shows users that have acquired an IP address from the system s DHCP server but have not yet been authenticated either under the LAN or remotely tunneled site This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the client s M...

Page 119: ... the Source and Destination You may define the filter conditions and display only the results you desire 11 1 6 User Log To view User Log go to Status User Log This page is used to check the traffic history of the HSG The history of each day will be saved separately in the RAM memory for at least 3 days 72 full hours The system also keeps a cumulated record of the traffic data generated by each us...

Page 120: ...pot Gateway ENGLISH 115 Caution Since the history is saved in the RAM memory if you need to restart the system at the same time please keep the history manually by copying and saving the traffic history information before restarting ...

Page 121: ...ivities On demand User Log Each line is a on demand user log record consisting of 25 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out Activation Time 1st Login Expiration Time Remark and other information of On demand user activities are included Roaming Out User Log Each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASP...

Page 122: ...ed consists of 6 fields Username Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Out The total number of packets received and sent by the user o Bytes In Bytes Out The total number of bytes received and sent by the user Download Monthly Network...

Page 123: ...ill need to make back up manually System Log This page displays system related logs for event tracing Web Log This page shows which of the web pages have been accessed on the HSG s built in web server UAMD Log This page displays the UAM related information output from the UAM daemon RADIUS Server Log This page displays the RADIUS messages that pass through the HSG gateway On demand Billing Report ...

Page 124: ...e number under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days are shown here The header 1 10 are the unit multipliers For instance the number under column 2 indicates the expired count in the last 20 minutes hours days the number under column 3 indicates the expir...

Page 125: ...stem for validation Secondly the system supports recording of Users Log On demand Users Log Roaming Out Users Log Roaming In Users Log Session Log Firewall Log and Local HTTP Web Log HTTP Web Log and DHCP Server Log via external SYSLOG servers Thirdly Users Log On demand Users Log Roaming Out Users Log Roaming In Users Log Session Log On demand User Billing Report Local HTTP Web Log HTTP Web Log W...

Page 126: ...n methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method is selected enter the Account Name Password and Domain o NTLMv1 is not currently available for general use o Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password ...

Page 127: ...e sent to Except for System Log each supported log may be assigned Tag information as well as SYSLOG standard attributes Severity to meet the filtering requirements on the SYSLOG Server HTTP Web Log can further select which Service Zone Web interface information to log For each type of log information whenever an incident occurs and data is updated the updated log will be immediately sent to the c...

Page 128: ...m to a specific FTP server On demand User Log Records the On demand User Log of the system to a specific FTP server Roaming Out In Users Log Records the Roaming Out In Users Log to a specific FTP server Session Log Log each connection created by users and track the source IP Port and destination IP Port Session Log will be sent to the FTP server automatically in every defined interval in Session L...

Page 129: ... Folder The folder in the configured FTP Server in which the sent Log will be placed Interval The time interval at which the Log will be sent Logged Interface The check box of Public or Private shall be checked to enable logging the HTTP Web Log of this interface ...

Page 130: ...Accounts go to Users Authentication click Configure for the Local Authentication Database Or click Quick Links Local User Management from system Home page Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process ...

Page 131: ...ted username will terminate the uploading process and no account will be uploaded Please correct the format in the uploading file or delete the duplicated user accounts in the database then try again Download User Use this function to create a txt file with all Local user account information and save it on a disk ...

Page 132: ...hecked only the username will be transferred to the external RADIUS server for authentication If the Leave Unmodified option is selected the system will send the username to Default Auth Server set in 802 1X configuration page for authentication NAS Identifier System will send this value to the external RADIUS server if needed by the external RADIUS server NAS Port Type System will send this value...

Page 133: ...Roaming Out 802 1X Client Device Settings will be available to define the client device authorized to roam by entering the IP address Subnet Mask and Secret Key Click the hyperlink Roaming Out 802 1x Client Device Settings to enter the Roaming Out 802 1X Client Device Settings interface Choose Roaming Out and enter the Roaming Out client s IP address and network mask and then click Apply to comple...

Page 134: ... The Disclaimer Page can be Enabled at System General Template Page To utilize the template user pages stored locally in the system choose Template Page and configure the necessary settings as follows Click Select hyperlinked to pick up a color for each item and fill in your copyright message You can also upload a Logo image file for your template with the Preview and Edit the Image File button Cl...

Page 135: ...xternal Page option if you wish to use user pages located on a designated website Click Configure for each custom page and enter the URL of its corresponding external login page and click Apply After applying the setting the new login page can be previewed by clicking Preview button ...

Page 136: ...le a Local user user01 is assigned to Policy1 and the Local Authentication Policy2 When user01 logs in to Public Zone user01 will be governed under Policy1 This is a common case for users that can be assigned a Policy individually For Local and RADIUS if these users are not assigned under any User Policy individually they will be governed under the same policy as others within the same authenticat...

Page 137: ...up two WDS links To configure WDS go to System Service Zones click Configure in Public Zone Service Zone 2 Service Zone 3 WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup two WDS links per RF Card WDS Status Select Enable to activate this WDS link MAC Address of Remote AP Enter the...

Page 138: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 133 HEX Enter the applicable WEP Key WPA PSK Select the preferred ciphering method TKIP or AES and enter the PSK Pass phrase ...

Page 139: ...n of this user and send a Stop to RADIUS server 1 Description VSA is designed to allow vendors to support their own extended Attributes which are not covered in common attributes It MUST not affect the operation of the RADIUS protocol The Attribute Type of VSA is 26 and the Vendor ID should be determined before proceeding to RADIUS configuration in this example the Vendor ID is 21920 Attribute Num...

Page 140: ...or total traffic exceeds the limit 2 VSA configuration in RADIUS server IAS Server This section will guide you through a VSA configuration in your external RADIUS server Before getting started please directly or remotely access your external RADIUS server s desktop from other PC Step 1 Confirm the following key elements in the RADIUS server users groups and policies Verify whether there are alread...

Page 141: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 136 Step 3 Click Edit Profile and select the Advanced Tag Click Add to add a new Vendor specific attribute ...

Page 142: ...or specific Set Vendor Code 21920 Check Yes to conform to the RADIUS RFC Click Configure Attribute to proceed Set Vendor assigned attribute number 10 Select Attribute format Hexadecimal Set Attribute Value 1000000 Step 5 Confirm whether the Vendor specific Attribute has been added successfully ...

Page 143: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 138 Step 6 Follow the same steps to create other Vendor specific Attributes if needed ...

Page 144: ...e shell of RADIUS server for example use Putty to access the Linux host Step 1 Confirm the following key elements in the RADIUS server users groups Verify whether there are already users in the RADIUS Server Verify whether there are already Groups and assigned users belonging to these Groups in the RADIUS Server Step 2 Log in to the Linux host of the RADIUS server Step 3 Create a file dictionary H...

Page 145: ...y ENGLISH 140 Step 4 Edit and save the contents of the file dictionary HSG as follows Administrator can also add other attributes as the table stated in Section 2 with the same format Step 5 Edit the file dictionary under the folder freeradius ...

Page 146: ...clude dictionary HSG in the dictionary of RADIUS server insert it in an incremental position as follows Step 7 Open the radius database Step 8 Insert VSA into RADIUS response In this example the maximum download and upload traffics in bytes for group03 users is 1MBytes ...

Page 147: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 142 Step 9 Restart RADIUS daemon to get your settings activated ...

Page 148: ...nt down to Expiration Time is continuous regardless of logging in or out Account would expire when the Valid Period is used up or the quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is carried out when the user logs in...

Page 149: ...sing internet Account will expire only when the quota is depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is carried out when the user logs in for the first time Failing to do so in the period set in Account Activation will r...

Page 150: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 145 ...

Page 151: ... 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the on demand account to access the Internet without paying additional fee Max User is to define the maximum number of users allowed for accounts created with this billing plan Unit Price is the daily price of this billing plan ...

Page 152: ...s regardless of logging in or out Quota is the total Mbytes 1 2000 On demand users are allowed to use to access the network Account Activation is carried out when the user logs in for the first time Failing to do so in the period set in Account Activation will result in account expiration Valid Period is the valid period of usage time After this time period the account will expire even if there is...

Page 153: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 148 ...

Page 154: ...ation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time First time login is set to require users to log in within a specified period of time Elapsed Time is the time interval for which the account is valid for internet access xx hrs yy mins Max User is the defined number of concurrent users allowed to log in wi...

Page 155: ...off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to account creation time Cut off Time is the clock time when the account will expire Max User is the defined number of concurrent users allowed to log in with this billing plan Price is the unit price of this pla...

Page 156: ...mputex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 Account can be created in batch similar to creating coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will expire defined explicitly by the operator Max User is the defined number of concurre...

Page 157: ...rnal Payment Gateway Authorize Net Before setting up Authorize Net it is required that the merchant owners have a valid Authorize Net account Authorize Net Payment Page Configuration Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payme...

Page 158: ...ell as adding a new or editing service disclaimer Choose Billing Plan for Authorize Net Payment Page These 10 plans are the plans configured in the Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Client s Purchasing Record o Starting Invoice Number An invoice number may be provided as additional information for a transaction The number will be ...

Page 159: ...ion Date Expiration date of the credit card This should be entered in the format of MMYY For example the expiration date of July September 2009 should be entered as 0709 o Card Type This value indicates the level of match between the Card Code entered in a transaction and the value that is on the file with a customer s credit card company A code and narrative description are provided to indicate t...

Page 160: ... a transaction o State A state associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state o Zip The ZIP code represents a five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digit...

Page 161: ...e default website address to post all transaction data o Identity Token This is the key used by PayPal to validate all the transactions o IPN behind NAT IPN is the acronym of Instant Payment Notification which is a mechanism adopted by PayPal for identifying the outcome of a transaction When this option is enabled an upstream NAT server may be designated for accepting the IPN message from PayPal T...

Page 162: ...rchasing Record PayPal Payment Page Remark Content Client s Purchasing Record o Starting Invoice Number An invoice number may be provided as additional information for the transaction This is a reference field that may contain any sort of information o Description Enter the product service description e g wireless access service o Title for Message to Seller Enter the information that will appear ...

Page 163: ...nts via SecurePay To configure Payments via SecurePay go to Users Authentication On demand User External Payment Gateway SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website ...

Page 164: ...elp protect the system from accessing a website other than Secure Pay Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here Choose Billing Plan for SecurePay Payment Page These 10 plans are the plans in Billing Configuration and...

Page 165: ...ciated Merchant Account Payment Gateway URL The default website of posting all transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here WorldPay Billing Configuration These 10 plans are the plans in Billing Configu...

Page 166: ...ter account login STEP Log in to the Merchant Interface Login url www rbsworldpay com support index php page login c WW Select Business Gateway Formerly WorldPay Click Merchant Interface Username user2009 Password user2009 STEP Select Installations from the left hand navigation STEP Choose an installation and select the Integration Setup button for the specific environment Installation ID 239xxx S...

Page 167: ...teway ENGLISH 162 STEP Select the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway UI Installation ID 2009test URL https select wp3 rbsworldpay com wcc purchase Note The WAN IP of gateway must be a real IP ...

Page 168: ...available customization options are to use Default Page Template Page Uploaded Page or External Page Main Menu System Service Zone Service Zone Configuration Login Page Default Page uses a web page stored within the system its format and content cannot be changed Template Page also uses a web page stored within the system but the contents such as text color background color displayed text and logo...

Page 169: ...Configuration Login Page When a user connects to this Service Zone opens a web browser and attempts to access the internet the system will point the user to the external login page configured Gateway while forwarding users to the external web page will also send URL parameters required for the operation for instance user authentication Therefore each self defined external pages Login Logout Login ...

Page 170: ...er want to get remaining quota vlanid Integer 1 4096 VLAN ID gwip IP format Gateway activated WAN IP address client_ip IP format Client IP address umac MAC format separated by Client MAC address session String Encrypted session information include client IP address MAC address date and return URL You will need to parse the required parameters in your html code The following HTML code segment is an...

Page 171: ...e button_clear type button value Clear FORM The following shows the corresponding self defined javascript function used to parse the loginurl parameter function getVarFromURL url name if name url return name name replace replace var regObj new RegExp name var result regObj exec url if result null return else return decodeURIComponent result 1 An external page example that the user will see upon la...

Page 172: ...ing Encrypted session information include client IP address MAC address date and return URL External Login Successful Page Variables Field Value Description Uid String User ID postfix is included Utype String LOCAL RADIUS ONDEMAND POP3 LDAP SIP NT Domain Authentication server name Umac MAC format separated by Client MAC address sessionlength Integer Sec RADIUS user session length Only available fo...

Page 173: ...ng RADUIS CLASS attribute Only available for RADIUS user WISPR SESSION TERMINATE TI ME String format YYYY MM DDThh mm ssTZD WISPr Session Terminate Time attribute Only available for RADIUS user WISPR SESSION TERMINATE E ND OF DAY Integer 0 1 WISPr Session Terminate End Of Day attribute 0 or 1 to indicate termination rule Only available for RADIUS user WISPR BILLING CLASS OF SER VICE String WISPr B...

Page 174: ...y again Sorry your account is not usable because the authentication option is currently disabled BR Please contact your network administrator Sorry your account is not usable because the authentication option associated with the postfix is not found BR Please contact your network administrator Sorry you are not allowed to log in because your account is currently on the Black List Sorry you are not...

Page 175: ...owed to use this account BR Please contact your network administrator Sorry the external authentication server is currently unreachable BR Please contact your network administrator Sorry you are not allowed to create a remote VPN connection Vlanid Integer 1 4096 VLAN ID Gwip IP format Gateway activated IP address External Logout Successful Page Variables Field Value Description Uid String User ID ...

Page 176: ... Sz Integer Service Zone ID Group Integer Group index Policy Integer Policy index next_page String Leads client to URL max_uplink Integer b s Maximum up link rate max_downlink Integer b s Maximum down link rate req_uplink Integer b s Minimum up link rate req_downlink Integer b s Minimum down link rate Session String Encrypted session information External Logout Fail Page Variables Field Value Desc...

Page 177: ...put Field Required Value Description Uid Optional String User ID default is taken from cookie Session Optional String Encoded string which contains some information of this session default is taken from cookie Output No output prompt logout successful page Remaining quota Credit balance Path LAN IP address or Internal Domain Name loginpages reminder shtml Input Field Required Value Description myu...

Page 178: ... URL Field Value Description Msg String including Sorry this feature is available for on demand user only Sorry this username XXX is not found Sorry this username XXX is out of quota Sorry this username XXX is expired Sorry this username XXX is redeemed Error messages Value Integer Sec Or Byte or error no 1 Account not found 2 Out of quota 3 Expired 4 Redeemed Remaining quota if user is time type ...

Page 179: ...sword successfully User password is incorrect Invalid password format Result and error messages Redeem On demand user Path LAN IP address or Internal Domain Name loginpages redeemuserlogin shtml Input Field Required Value Description Uid Optional String Current user ID If not presented user name stored in cookie is the default value upassword Optional String Current user password If not presented ...

Page 180: ...ed Original user name can not be found from the database Redeem user name can not be found from the database Original user password is incorrect Redeem user password is incorrect Original user type and ondemand user type do not match Original user has not login Redeem user login already Had been redeemed before User run out of quota Maximum allowable time is exceeded Maximum allowable memory space...

Page 181: ...turn URL Output If no ret_url is presented the client would be led to a ticket page in our UI style If ret_url is presented client would be returned to ret_url and receive the result containing created on demand account information Field Value Description Result String the format is separated by username password expiretime usage price duration serial number If ret_url is presented the client woul...

Page 182: ...st print necessary account information extracted from a 4ipnet hotspot gateway for a user who would like to access the Internet or managed networks making provisioning of wired or wireless connection easier and more user friendly What is noteworthy is that SDS200W supports wireless connectivity to the uplink gateway That is operators now can deploy a network with lesser physical wires Here are som...

Page 183: ... including 1 its IP address 2 the firmware version and the build number 3 the current listening port 4 uplink connection status 5 the IP address of the uplink 4ipnet gateway HSG WHG FUNC ENTER To clear what is pressed This is used when the operator pressed a wrong button or combination The system will also clear it automatically after five seconds FUNC 0 ENTER To activate Safe Mode disabling the F...

Page 184: ...tep 1 6 Constantly on for ten seconds means SDS200W succeeds in connecting to uplink device after step 4 Afterwards Status will go to step 2 Ethernet Ethernet turns into constantly on when an Ethernet cable is connected Ethernet blinks when the system detects wired traffic passing Ethernet It is constantly off when no cable is connected WLAN WLAN behaves similarly as Ethernet becoming constantly o...

Page 185: ...s This will be introduced later Left Side Panel Overview Left Side Panel 1 Console Serial port for connecting to a POS printer 2 Ethernet RJ 45 Ethernet port Serial port for connecting to the uplink gateway via wire 3 5V 1 5A The DC power socket for connecting to an external power source through a DC power supply 4 Antenna connector Assemble the dipole antenna within the package here Caution The S...

Page 186: ...re to do it wirelessly conduct a site survey in the first place The wireless coverage is subject to change Note You need to connect to the correct LAN port if your Gateway Controller is operating in Port based mode 6 To verify if the deployment works fine Press FUNC 1 ENTER to see if SDS200W is attached to a correct gateway and get an IP address from it Additionally press Number ENTER to see if an...

Page 187: ...t parameters Any change on this page will take effect after rebooting the system 3 Console to change console related settings for POS printers 4 Utility to upgrade the firmware version or backup restore SDS200W s configuration settings 5 Password to change administrator s password 6 Reboot to reboot restart the system 7 Status to overview device system uplink and radio status if available Setting ...

Page 188: ...r SDS200W offers manual and auto connection to uplink 4ipnet Gateway Controller The former requires the administrator to go on to SDS200W s WMI to enter necessary columns that are supposed to fit what is set up on the controller end However the auto connection called Terminal Auto Setup TAS is particularly designed to establish a quick connection without previous setting Manual setup Connecting SD...

Page 189: ...e 4ipnet gateway that supports this function The connection building process is as follows D200W sees if wired connection to the uplink device is available Yes establishes wired connection No turns to wireless connection Send a status report massage failed or successful to the POS printer 1st 2nd 3rd The TAS connection will rewrite previous manual settings You will see the Uplink page of the WMI g...

Page 190: ... Otherwise the connection will fail Applications for QR Code Log in On demand Account generation with a ticket generator is a very common deployment for hotspot providers What makes it a hassle is to manually enter the Username and Password of the account especially for mobile devices which require typing on small keyboards and are not easy on the eyes Log in credentials including your Username Pa...

Page 191: ...arameter needs to be added by typing in qr on the template or select qr from the drop down menu and click Insert Parameters Note Only 4ipnet PRT200 thermal printers support the printing of QR code Installation of a QR Code scanning App on your mobile device is required such as QuickMark QR Reader Barcode Scanner Switch off Auto Join and Auto Login to prevent the mobile device from jumping back to ...

Page 192: ...ed intervals the device is then not connected to the controller Try to establish the connection again 5 Read through the section SDS200W with 4ipnet controller to ensure the settings Q2 The TAS triggered connection is not working 1 Check if the capability is disabled by someone Go to System TAS button on SDS200W s WMI to enable the function 2 Make sure the cable is plugged and SDS200W is placed in...

Page 193: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 188 Connection Status With Indicators ...

Page 194: ...User s Manual HSG Wireless Hotspot Gateway ENGLISH 189 Shortcut Keys P N V11020141207 ...