4IPNET WHG201, User Manual

Page 1: ...nformation which is the property of 4IPNET INC and is strictly confidential No part may be reproduced except as authorized by written permission of the contributing companies User Manual WHG Series WLAN Gateway Controller HSG Series Wireless Hotspot Gateway Verion 3 43 00 ...

Page 2: ...IZATION 15 4 HOW TO ENABLE USER AUTHENTICATION DATABASES 17 4 1 INTERNAL AUTHENTICATION 17 Local User Database 17 4 1 1 On Demand User Database 18 4 1 2 On Demand Accounts Creation and List 28 4 1 3 Guest User Database 30 4 1 4 One Time Password 32 4 1 5 4 2 HOW TO INTEGRATE 4IPNET WTG SERIES PRINTER WTG SERIES 33 4 3 EXTERNAL AUTHENTICATION 43 POP3 43 4 3 1 LDAP 43 4 3 2 RADIUS 43 4 3 3 NT Domain...

Page 3: ...EMENT 77 7 6 ROGUE AP DETECTION 78 7 7 AP LOAD BALANCING 78 8 HOW TO CONFIGURE ACCESS POINT IN WAPM 80 8 1 AP LIST 81 8 2 GRAPHICAL MONITORING 81 Google Map Integration 81 8 2 1 AP Grouping 88 8 2 2 8 3 AP ADDING AND CONFIGURATION 90 AP discovery 90 8 3 1 How to prepare CAPWAP application 91 8 3 2 CAPWAP with Complete Tunnel 93 8 3 3 CAPWAP with Split Tunnel 95 8 3 4 8 4 TEMPLATE 96 8 5 WDS MANAGE...

Page 4: ...GURATION 123 15 5 RESTART 124 15 6 SYSTEM UPGRADES 125 16 ADVANCED SETTINGS FOR NETWORK ENVIRONMENT 126 16 1 IPV4 IPV6 DUAL STACK NETWORK 126 16 2 NAT 127 16 3 MONITOR IP LIST 129 16 4 WALLED GARDEN AND ADVERTISEMENT 129 16 5 VPN 130 16 6 PROXY SERVER 130 16 7 LOCAL DNS RECORDS 132 16 8 DYNAMIC ROUTING 132 16 9 DDNS 134 16 10 CLIENT MOBILITY 134 17 STATUS FOR LOGS AND REPORTS 136 17 1 DASHBOARD 13...

Page 5: ...net Inc All rights reserved All other trademarks mentioned are the property of their respective owners 17 5 REPORTS AND NOTIFICATION 145 SMTP Settings 146 17 5 1 SYSLOG Settings 146 17 5 2 FTP Settings 147 17 5 3 Notification Settings 147 17 5 4 APPENDIX A HARDWARE OVERVIEW 149 ...

Page 6: ...ch Locate the aggregation switch close to the network core e g mainframe housing Locate edge switches close to users e g one per floor Layer 3 Topology aims to build a managed Local Area Network LAN which consists of both wired and wireless capabilities to provide network services to local and remote physical areas such as enterprise buildings hotel chains college campuses and etc Always connect h...

Page 7: ...mand User is designed for short term usage purpose it has time or volume constraints and an expiration period An On Demand account record will be recycled for creating new On Demand account if it has expired for over 15 days or has been deleted by the Administrator Manager manually Administrators need to generate an On Demand billing plan first form Main Users Internal Authentication On Demand Aut...

Page 8: ...l be timed out This option will effectively prevent all security warnings being shown on the user s devices When HTTPS requests are timed out some browsers may automatically request a HTTP webpage to redirect to a Captive Portal Enable HTTPS Automatic Redirect users browsing with HTTPS may be shown a certificate security alert when browsing before they access the Captive Portal Block HTTPS Automat...

Page 9: ... System Time Current Time The system time right away following below configuration Time Zone a dropdown list to select the local time zone the system is Time Update NTP The system completes automatic time synchronization by specifying external NTP servers in the order of NTP Server 1 to 5 The checkbox of Use this controller as an NTP server is checked by default so as to synchronize the time of ma...

Page 10: ...orts for supporting most ISP To complete accessing the WAN IP address is important in the very beginning configuration The WAN screen displays the following tabs WAN Configuration WAN2 Configuration WAN2 Functions WAN Configuration Physical Mode a drop down list allows administrators to choose the speed and duplex of the WAN connection When Auto Negotiation is ON the system chooses the highest per...

Page 11: ...her Port Deploy the copper Ethernet WAN port for service Fiber Port Deploy the SFP fiber port for service Fiber Port and Ether Port Bridge Fiber port and Ethernet port physically only connect one uplink either via SFP port or Ether port Bonding Deploy both SFP port and copper Ethernet port for service This option aggregates the two connections and will result in aggregated higher throughput WAN Tr...

Page 12: ...viding service Noted that the maximum amount of Service Zones available to actually provide service is determined by the number of LAN ports on the Controller Tag based Different Service Zones are identified by VLAN ID no matter which physical LAN ports This means that Tag Based mode dynamically maps a client to a Service zone based on the VLAN ID tagged on the traffic packet Port Service Zone Map...

Page 13: ...s WLAN Controller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners Advanced Settings for Network Environment refer to chapter 16 Advanced Settings for Network Environment ...

Page 14: ... are out of range enter the IP s in the Network Alias List and check Enable Always remember to click Apply upon completion Isolation Inter VLAN Isolation 2 clients within the same VLAN will not see each other when coming in from different ports Note that Isolation is done when traffic passes through the gateway When a switch or AP is being deployed Station Isolation has to be enabled on the AP swi...

Page 15: ... DHCP Server Configuration The default setting for DHCP Server is Enable Select other options from the drop down list Define the IP range for issuing when using Enable DHCP Server built in There are a total of six DHCP pools for configuration Lease Time at each pool cannot be smaller than the twice value of Idle Timeout Reserving IP addresses A configuration list for reserving certain IP s within ...

Page 16: ...f Login Pages The General Login Page PLM Open Type Login Page for Port Location Mapping free access and PMS Billing Plan Selection Page A Service Disclaimer page can be enabled if required These pages are fully customizable to give administrators complete flexibility Message Pages can also be customized and message pages include Login Success Pages Login Success Page for On Demand Users Login Fail...

Page 17: ...er Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners For a Preview of the custom page click Apply followed by the Preview button Similarly the four options are available for Message Pages ...

Page 18: ... field once configured will bind this particular account under the condition that it may only be granted access using the device specified 3 The Group field specifies the group profile of the account being created 4 Remark is for any additional note administrator would like to stress It will be shown on the user list 5 You can check the Enable Local VPN checkbox to build up a secure VPN tunnel bet...

Page 19: ...rver Payment Gateway SMS Gateway Email Verification Account Roaming Out On Demand Billing Plans Usage time Users can access internet as long as account is valid with remaining quota usable time Users need to activate the purchased account within a given time period by logging in This is ideal for short term usage such as in coffee shops airport terminals etc Quota is deducted only while in use how...

Page 20: ...ut off Time On the account creation UI of this plan operator can enter a Unit value which is the number of days to Cut off time according to customer stay time For example Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the On Demand account to access ...

Page 21: ...on events or large conventions such as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will expire defined explicitly by the operator Number of Devices is to define ...

Page 22: ...PeleCard The most commonly used PayPal is used as an illustration example below Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot owners should find the Identity Token of this PayPal account to continue PayPal Payment Page Configuration Fill in the necessary merchant account credentials in the Pa...

Page 23: ...ation of your external payment gateway the login page will be shown with a hyperlink which guides the end user step by step to purchase an account with a valid credit card In order for users to get account info via SMS after buying a new account online and eliminate the risk of forgetting his her username and password at the next time of login administrators may choose to integrate SMS gateway wit...

Page 24: ...ount online The account buyers can then re send the SMS no more than the configured number To preview your External Payment Portal click Configure for Web Page Customization at the bottom of the page Just like all customizable web pages in the system this page also supports customization with templates uploading html or using an external page An example of what will be displayed when External Paym...

Page 25: ...mobile device using SMS Send SMS for Both to enable the above two options API URL The link for sending an SMS request to the Clickatell API server Default is http api clickatell com http sendmsg Registration before Accounts Expired Allow will allow the same mobile number to request a 2nd On Demand account even though the 1st account hasn t expired or been used yet Block will restrict users to send...

Page 26: ...ext Message received by Wi Fi users in the Message Editor box Four parameters regarding the created On Demand account can be entered the username username without the postfix password and the quota description Parameter Definition username Username of the created On Demand account Username_without_postfix Same as username but without the postfix password Password of the created On Demand account q...

Page 27: ...ne Number Text SMS Content 1 Action sendsms Action to be taken Default sendsms 2 User G Your SMSGlobal username 3 Password eZ Your SMSGlobal password 4 from 4ipnet MSIDSN or Sender ID that the message will appear from Eg 61409317436 Do not use before the country code Response Format HTML due to we integrate with HTTP API Return Value of Successful Request OK 0 Send Test Message this help verify th...

Page 28: ... further marketing purposes Selection to enable or disable the feature Choose Billing Plan for Redeeming Account via Email only Usage Time Selectable to choose the configured billing plans while only Usage type billing plan support this feature Activation to select which billing plan allowed email verification feature Quota to view the current summary of each billing plan Redeem Quota the usage ti...

Page 29: ...s in the client mail box max 2000 characters Activation Link the name with hyperlink to redeem the account in the client email content Web Page Customization different customized types are selectable but now only support 4ipnet Default and Customize with Template Account Roaming Out Please refer to session 4 5 2 Local On Demand Account Roaming Out On Demand Accounts Creation and List 4 1 3 Account...

Page 30: ...r the accounts will have single increments Password the generated password can be Randomly Same as username or Admin Assign The generated accounts may be downloaded for safe keeping or sent to printer for batch printout Account List The On Demand Accounts List houses all the existing On Demand accounts Each account s status quota etc will be displayed for reference On Demand account import export ...

Page 31: ...r questionnaire enabled fields are able to be downloadable for administrators data manipulation It doesn t clear the entries automatically but having email notification when 1000 remaining entries 11000 12000 maximum is 12000 entries Download Administrators are able to download the collected guest information Delete All Administrators are able to delete all the stored data Administrator can delete...

Page 32: ...Gmail email address Authentication Login Password admin s Gmail email s password Sender Email Address admin s Gmail email address Sender Name The Sender Name displays in the client mail box Activation Email Subject customizable email subject displays in the client mail box Activation Email Content customizable email content displays in the client mail box max 2000 characters Activation Link the na...

Page 33: ...authenticate F Login Success Page great it s time to surf the Internet One Time Password Authentication Group the OTP authenticated clients will be applied by configured User Policy in each Service Zone OTP Client Information Clients information collected who have asked the one time password Download Administrators are able to download the collected OTP clients information Delete All Administrator...

Page 34: ...naged networks making provisioning of wired or wireless connection easier and more user friendly What is noteworthy is that SDS200W supports wireless connectivity to the uplink gateway That is operators now can deploy a network with lesser physical wires Keypad Panel Overview Useful Shortcut Keys Combination Function Number Enter To create and print out an On Demand account of an enabled billing p...

Page 35: ...anel LED Indicators Power When the power adapter is connected Power will become constantly on when disconnected the light turns into constantly off Always check if Power is on before using SDS200W Status 1 Short illuminated intervals means SDS200W successfully booted up It flashes slowly 2 Long illuminated intervals means SDS200W and uplink device connected 3 Special flashing means the keypad lock...

Page 36: ... on Amplitude Constantly off t Amplitude Special flashing t t Amplitude Short illuminated intervals t system detects wireless traffic It is constantly off if the RF card is disabled Ride Side Panel 1 Kensington Lock Be used to lock the device to a pole 2 Restart Reset Press once to reboot the system Hold for five seconds to make SDS200W set back to factory default settings 3 TAS Terminal Auto Setu...

Page 37: ...r WLAN controller is operating in Port based mode To verify if the connection press FUNC 1 ENTER to see if SDS200W is attached to a correct gateway and is able to get an IP address from it Additionally press Number ENTER to see if an account with a certain billing plan can be printed out Managing SDS200W on the Web Management Interface SDS200W is designed specifically to operate in conjunction wit...

Page 38: ...evice system uplink and radio status if available Setting Up SDS200W with the POS Printer Serial Settings To make a POS printer properly functions with SDS200W set up serial settings in advance in Console on SDS200W s WMI Printing On Demand Tickets for Your Customers Operators have two ways of printing On Demand account tickets for their customers One is to go onto the WMI of 4ipnet Gateway Contro...

Page 39: ...e controller end However the auto connection called Terminal Auto Setup TAS is particularly designed to establish a quick connection without previous setting Manual setup To connect SDS200W manually to a WLAN controller connect the SDS200W to the WLAN controller via an Ethernet cable Enter the Network Settings and make sure they match what is determined on the controller The change will take effec...

Page 40: ...e Uplink page of the WMI grayed out and the Status page will show that the system is in TAS mode The TAS process takes about thirty seconds to complete Whether the connection attempt succeeds or fails the SDS200W will always have the printer print out if the connection is successful or it failed Please make sure beforehand that the Ethernet cable is plugged in Note The SDS100 can be set up the sam...

Page 41: ...glish French German Japanese Spanish Simplified Chinese and Traditional Chinese Length of Password for accounts generated with the SDS200W passwords are random but the administrator has the option of selecting between a 4 character and an 8 character password Ticket Type to select the appropriate Ticket Type depending on the configured billing plan Administrators may start customizing your POS tic...

Page 42: ...le is to manually enter the Username and Password of the account especially for mobile devices which require typing on small keyboards and are not easy on the eyes Log in credentials including your Username Password Usage quota Price and etc are all embedded in the QR code Simply associate with the SSID scan QR Code and you are ready to surf the internet Configuring your web ticket to support QR C...

Page 43: ...he width needs to be changed to 3 default value 2 The parameter needs to be added by typing in qr on the template or select qr from the drop down menu and click Insert Parameters Note Only 4ipnet PRT200 thermal printers support the printing of QR code If clients has installed a QR Code scanning App such as QuickMark QR Reader Barcode Scanner the login process is simple now Note Switch off Auto Joi...

Page 44: ...r specification etc LDAP 4 3 2 The Lightweight Directory Access Protocol LDAP is an application protocol for accessing and maintaining distributed directory information services over an IP network If you wish to deploy LDAP server for user authentication proceed for a complete setup Server 4 by default is selected to use LDAP database for user credential check Click on the Server Name to enter the...

Page 45: ...ective owners Server 2 by default is configured to use RADIUS authentication The WLAN controllers support RADIUS authentication RADIUS class mapping and RADIUS transparent login with 802 1X Below is the detailed configuration page of RADIUS settings Attributes of the Primary RADIUS Server and Secondary RADIUS Server can be configured depending on service deployment ...

Page 46: ...ant access to device and network with a single login action SIP 4 3 5 SIP or the session initiation protocol is the IETF protocol defined for Voice over Internet Protocol VoIP and other multi media sessions The WLAN controllers support SIP authentication as well as the use of SIP phones In addition to a WLAN controller admin has to set up other devices as to making successful SIP phone calls This ...

Page 47: ...er clicks the button to sign in with social media accounts he she will be redirected to the social media sites for login and granting permissions It is not necessary to be bothered by the walled garden dilemma Connected clients will get 5 minutes free permission as long as they are clicking one of the social login buttons Then they have to complete the login process with the required social accoun...

Page 48: ...isplayed in the table If the clients have retried to click the social login button in 3 times and still failed it takes 15 minutes as punishment Administrators could help release the restriction in Punishment List Social API Credentials LINE visit the website at LINE Developers site https developers line me console and apply for LINE Login APP to get the Channel ID and Channel secret as the App ty...

Page 49: ...Login which enables clients to access internet by logging in with their own Social Media Accounts ex LINE Facebook Google Weibo VK and Open ID Prepare the desired Social API Credential with access the App ID and Secret by entering social Step 1 developers site All administrators have to do is to copy and paste for a corresponding ID and secret Facebook developer website WLAN controller configurati...

Page 50: ...ete the mapping of the Social User Group Service Zone User Policy and Schedule Clients are now able to access the login pages Step 4 Consequently after going through configurations from STEP 1 to STEP 3 end users will see that the an additional Sign in with Social button s will show on the Service Zone s login page By clicking Social Media Login button approving the terms and condition of free acc...

Page 51: ...roperty of their respective owners enable Disclaimer or customized login page to include claims and reminders Clients are now able to access the login pages Step 5 Consequently after going through configurations from STEP 1 to STEP 3 end users will see that the an additional Sign in with Social button s will show on the Service Zone s login page ...

Page 52: ...needs to communicate with external RADIUS server the authentication server and accounting server settings should follow the RADIUS server For the clients associated to the managed APs the RADIUS Client Device Settings should set the 802 1x service range as the managed APs with the corresponding RADIUS Secret Key AP Configuration For the clients associated to the managed APs they should provide the...

Page 53: ...N Controller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners start the RADIUS authentication request and follow the AAA settings from the WLAN controller and the RADIUS server ...

Page 54: ...ADIUS authentication database This application offers the ability to refer to a single central WLAN controller for account credential lookup during the authentication process and is ideal for enterprises or businesses with multiple branch offices Main Office Configuration To use Local user database as the RADIUS database of another controller configured at the page Main Menu Users Internal Authent...

Page 55: ...rators are able to click the button of RADIUS Client Device Settings to specify the WLAN controller IP Address Subnet Mask which is allowed to behave as a RADIUS client and authenticate against this WLAN controller s built in databases Note Please make sure that the user database postfixes are configured without conflicting with one another over the two Controllers Branch Office Gateway Configurat...

Page 56: ... The Main Office Gateway acts as Primary RADIUS Server The related configuration follows the network environment of main office gateway Administrators should confirm the postfix of RADIUS authentication method on the Authentication Servers page Note Make sure that the Local On demand postfix at main gateway is not duplicated in any postfix on the remote gateway Main Office Gateway Remote Office Ga...

Page 57: ...anual ENGLISH WHG Series Wireless WLAN Controller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners Postfix in the remote controller as dot ...

Page 58: ...e authenticator for clients with 802 1x authentication Please check below topology and configuration WLAN Controller Configuration Select Roaming Out under Type enter the WAN IP address of the Access Point Access point acts as a RADIUS authenticator and select the appropriate subnet mask and enter a secret key ie 12345678 AP Configuration Enable a VAP and give it an appropriate SSID ie RADIUS_Test...

Page 59: ...G Series Wireless WLAN Controller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners RADIUS Server In this case enabling accounting service is not mandatory ...

Page 60: ...o say that the auth request is sent out by the WLAN controller The DM CoA feature allows an External Web Server to directly send auth requests to the RADIUS Server Subsequently the External Web Server sends the authentication result to the WLAN controller in the form of CoA exchange Likewise the WLAN controller is able to accept Disconnect Messages from the External Web Server The following illust...

Page 61: ...zation with CoA Request for an authenticated user requires the following attributes 1 Called Station Id WHGWAN s MAC 2 Calling Station Id or User Name or Acct Session Id Disconnect Request for an authenticated user requires the following attributes 1 Called Station Id WHGWAN s MAC 2 Calling Station IdorUser Name or Acct Session Id Supported Vendor Specific Attributes include Idle Timeout Session T...

Page 62: ...Control List where specific MAC addresses may be listed for access filtering either allow deny or disable which can be configured in the page Main Users Additional Control MAC Address Control MAC Access Control List The administrator may configure restraining measures to MAC address either MAC allow or deny list User authentication is still required for MAC ACL Allowed users Note The format of the...

Page 63: ...ter the port number of RADIUS accounting server default is 1813 Accounting Secret Key to enter the shared secret that will be used to validate communication with the RADIUS accounting server PPP Authentication 4 5 7 Point to Point Protocol PPP is a data link protocol commonly used in establishing a direct connection between two networking nodes When this feature is enabled for service in each Serv...

Page 64: ...ou wish to allow customers with a roaming account from a WISPr agent iPass WiFi Skype Boingo and etc to access your internet Make sure to Enable the HTTPS Protected Login field under System General in order for roaming software on the client s device to work properly Smart Client Black List Fill in the WISPr agent names and enable to block users from that particular WISPr roaming agent to access y...

Page 65: ...nfigure Firewall Profile to specify the protocols rules that will be enforced to users governed by User Policy Service Protocol This link leads to a policy s Service List page where the administrator can defined a list of services by protocols TCP UDP ICMP IP The service names defined here forms a choice list for configuring firewall rules User Firewall Rules This link leads to the policy s Firewa...

Page 66: ...oup Total Downlink Individual Maximum Uplink to define the maximum bandwidth allowed for an individual client within this group the Individual Maximum Uplink cannot exceed the value of Group Total Uplink Individual Request Downlink to define the guaranteed minimum bandwidth allowed for an individual client within this group the Individual Request Downlink cannot exceed the value of Group Total Dow...

Page 67: ... Profile reaches the session limit this user will be implicitly suspended from any new connection for a fixed time period Specific Route Profile The routing rules to be applied to all users Specific IPv6 Route Profile The routing rules to be applied to all users IPv4 DSCP and 802 1p Mapping This criteria enables the static mapping configuration from IPv4 DSCP tag into the desired IEEE 802 1p traff...

Page 68: ...ile accessing from classroom region instead of teacher or staff office region Service Zone Permission Configuration Policy Assignment Group and Policy profiles are separated for more flexibility This allows users of the same Groups to be bound with different Policies according to Service Zone Permission Configuration Policy Assignment settings the administrator defines Check the Enabled checkboxes...

Page 69: ...p Overview User Group is a set of users that admin considers they share some extent of similar characteristics i e role based For example in campus there are teachers students and visitor in general Therefore an IT staff may set up three Groups that distinguish these three categories of Internet service users apart by giving these Group different permissions of Internet accessibility ...

Page 70: ...rnal Authentication Guest Authentication One Time Password All belong to the same User Group Main Users Internal Authentication One Time Password Authentication POP3 All belong to the same User Group Main Users External Authentication POP3 LDAP LDAP Attributes Main Users External Authentication LDAP LDAP Attributes Mapping RADIUS RADIUS Class Attributes Main Users External Authentication RADIUS RA...

Page 71: ...itive Case Insensitive with blacklist Add Delete Up to 40 Usernames can be added to a blacklist with the User Name in the format without postfix since the blacklist is applied to specific authentication server Main Users Authentication Servers Authentication Option IP Privilege List 6 2 2 The Privilege function supports three types of privilege list based on IP address MAC address and IPv6 address...

Page 72: ...cy Delete to delete the selected existed IP privilege entry Backup List to back up the whole entries in txt file for further application Restore List it is helpful to batch create the privilege entries by upload a txt file with MAC Address Reserved Remark MAC Access Control List 6 2 5 MAC ACL is a MAC Address Access Control List where specific MAC addresses may be listed for access filtering eithe...

Page 73: ...reated sessions generated by users authenticated via build in RADIUS server could be account roaming user the timeout range may be configured here manually Please configure this attribute carefully Idle Timeout For users authenticated via build in RADIUS server could be account roaming user the idle timeout range may be configured here manually Please configure this attribute carefully Interim Upd...

Page 74: ...rates the concept of these two types of management The Internet The Branch Office The central Office WHG Can only use Wide Area AP management Can use Local or Wide Area AP management 4ipnet WLAN controller models have different manageability with 4ipnet access points i e admin should make sure what AP models your WLAN controller supports This chapter further explores how a wireless network environ...

Page 75: ...lt Check the checkboxes and click Reset to factory default and restart the selected Access Points The AP will be erased from AP List Apply by Service Zone Check the checkboxes and click Apply by Service Zone to specify which VAPs are to be enabled on the Access Points These VAPs map to the enabled Service Zones on the Controller Check the checkboxes of the desired corresponding Service Zones and c...

Page 76: ...g the AP admin can further set up the template to be applied and the operating channel and furthermore put the AP under a specific service zone you have enabled Noted It might take some time for the controller to discover AP s Please wait for a moment until the AP you are scanning for is displayed on the Discovery Results list 7 3 Template As said in the introduction admin is capable of utilizing ...

Page 77: ...PA RADIUS will be the options of WPA For WPA PSK Passphrase or HEX can be selected WPA2 When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK Passphrase or HEX can be selected WPA WPA2 Mixed When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK Passphrase or HEX can be selected The MAC address field is for admin to type in the MAC...

Page 78: ...ct the firmware file at Devices Local Area AP Management Firmware and click Upload next to the row to store the AP firmware within the Controller 2 Upgrade the necessary AP s by going to Devices Local Area AP Management Upgrade select the AP s you would like to import the version to When done with the selection click Upgrade at the bottom of the page Noted Please read through the release note of e...

Page 79: ...oints pose a possible problem in terms of wireless interference General Configuration Rogue AP Detection to enable or disable the feature if enabled the system may take another effort to detect them Scanning Interval to determine the scanning period Sensor List to select RF cards only selected AP models for the scanning job as sensor It is able to check the scanning log by clicking the hyperlink o...

Page 80: ... interval which will trigger the AP load balancing LAPM Load Balancing to enable or disable the feature Balance Internal to initiate criteria of enforcement interval to trigger the AP load balancing Cluster The system can divide the managed APs into 3 different groups and perform transmit power management each with individual client threshold Device List The grouping of AP devices can be done on t...

Page 81: ...ent The Internet The Branch Office The central Office WHG Can only use Wide Area AP management Can use Local or Wide Area AP management 4ipnet WLAN controller models have different manageability with 4ipnet access points i e admin should make sure what AP models your WLAN controller supports It is worth noting that WAN side AP s are supposed to have public IP addresses that are routable on the Int...

Page 82: ... save the chosen AP s configuration settings into a db file stored in the WLAN controller s memory The Backup up files are listed under Backup Config tab page for download or deletion Restore Config Check the checkboxes and click Restore Config to restore the chosen AP s configuration settings using a db file stored locally in administrator PC or in the WLAN controller s memory Upgrade Check the c...

Page 83: ...riting the maps profile attributes For instance if you have altered or panned the original map clicking this button will save the changes made Show Longitude and Latitude This function when pressed will display in a pop up window the longitude and latitude of the map s current center point List AP in this Map to open a new page on your browser redirecting to the List tab page for displaying a list...

Page 84: ...New Map button on the Map page Configure Map Name and registration key Step 3 Discover APs and Add these APs to managed List Step 4 From the List page add some APs to the created Map Step 5 The necessary steps required to configure your map with AP information are described in the subsequent sections Before starting to add a new map in wide area AP management it s necessary to sign up for a Google...

Page 85: ...address Google will generate an API key for your WLAN controller Now return to the Map tab page in WLAN controller s WMI and Scroll down to the bottom of the page click on the Add a New Map button An editing page will open for configuration please fill in a Map Name for this map and its geographical location as defined by Longitude and Latitude remember to also fill in the Key issued by Google Fin...

Page 86: ... and Normal Map Type If you have several APs deployed and listed in List under Wide Area AP Management their geographical location can be marked on a particular map Firstly go to the List tab page and click on the Edit button of the AP s that you wish to mark on the map In the AP configuration page set the coordinates Latitude and Longitude of this AP and the radius of signal coverage Fill in the ...

Page 87: ...mera connected to this AP or the URL of the Venue Website where this AP is deployed Administrator can upload customized thumbnail images shown on the map After configuring all the necessary settings and uploading your images click Apply button and return to AP List page Check the AP s that you wish to mark on the map and click the Add to Map button choose the name of the map on which you wish to m...

Page 88: ... their respective owners Administrators are able to click on the AP icon to see the dialogue box for additional information or links that you have configured Besides administrators can click the more info link for information on AP Link AP Statistic AP Status Client List WDS List and Links related to this AP which are collected from the remote AP via SNMP ...

Page 89: ...ault Map or you may create a new map for selection before you add a new AP AP grouping allows different levels of administrators to manage APs by different AP group An AP Group can include multiple maps and AP templates On the other hand a map can be included by different AP groups You may assign different administrator groups to have different read write permission for each AP group 4ipnet contro...

Page 90: ... back to the List page choose the AP and then click the Add to Map button and choose the desired map After the settings admin should be able to see an icon of the AP on the selected map Overview path Main Menu Devices Wide Area AP Management Map Go to Main Menu Devices Wide Area AP Management AP Grouping AP Grouping List to add or delete the AP group Click Add to add an AP group each AP group can ...

Page 91: ...ment list regardless of its Status Device Type to specify the AP model Device IP no matter the device is online offline just enter IP address for the managed entry Device Name to identify the device by setup the device name Login ID the administration username for accessing the permission of managing AP Password the administration password for accessing the permission of managing AP SNMP Community...

Page 92: ...nistrators can specify the individual APs Device Name and SNMP Community string Select and click the Add button and the discovered APs will be added into AP List Third Party AP Management Add a third party AP by selecting 3rd Part AP from Device Type Add to AP List manually by specifying third party AP s Device IP Device Name and VLAN ID Click Add to finish adding and check lists to List icon To c...

Page 93: ...specify the control channel IP range for the managed CAPWAP established APs each with its own control channel Control Channel IP Range The IP pool for assigning to AP side establishing the control channel to communicate The number of IPs is defined by above IP Address and IP Netmask For Control Channel Access Controller IP List The AC can statically designate other CAPWAP supported ACs as backup A...

Page 94: ...od since it is intuitive to implement without any pre settings to complete in advance Simply enable the function and type in the IP address of the WLAN controller you want this AP to join to CAPWAP with Complete Tunnel 8 3 3 Complete Tunnel uses the CAPWAP protocol to communicate with an Access Point so that all management traffic authentication traffic and data traffic from the service area AP pr...

Page 95: ...hts reserved All other trademarks mentioned are the property of their respective owners 4 On AP to check the AP WMI showing Data Channel is Active with the VAP tunnel status in Green light on the System Overview page 5 On AP to reconfirm the specific VAP Configuration is under Complete Tunnel ...

Page 96: ...th a shorter path and the network load of the controller can also be reduced The following procedures may be helpful 1 On AP to type the IP address for Static Discovery and wait until the CAPWAP column displays a RUN status 2 On WHG to prepare Template of the VAP configuration with CAPWAP Tunnel Interface Split Tunnel 3 On WHG to apply the prepared Template to the CAPWAP establish AP and the Tunne...

Page 97: ...n on your Access Point This dynamically changes the available channels on your access point General Settings RF Card Name Select an RF Card for your AP Band Depending on the AP model template you are editing there are different modes to select 802 11a 802 11b 802 11g 802 11a 802 11n 802 11b 802 11g 802 11g 802 11n and 802 11ac Short Preamble The short preamble with a 56 bit synchronization field c...

Page 98: ...the ACK is not received within the interval then the packet will be re transmitted Higher ACK Timeout interval will decrease the packet lost but the throughput will be decreased worsened Airtime Fairness When set to Fair Access this feature ensures all devices with different band compatibilities have the same air time When set to Preferred Access N clients are prioritized This feature is ideal for...

Page 99: ...1a 802 11b and 802 11g Modes Enter a value between 256 and 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amo...

Page 100: ...andwidth here Management Frame Rate This feature controls the bandwidth for Management Frames The higher the rate it the shorter range the transmission covers Receiving RSSI Threshold To ensure connected stations have quality connection speeds a station will not be able to associate to the network unless its receiving sensitivity meets the configured threshold 8 5 WDS Management This list is to sh...

Page 101: ...trusted just check the checkboxes before the BSSID column and then click Add to Trusted AP List This action will be recorded in the Trusted AP Configuration 8 8 AP Load Balancing This is a function that prevents managed APs from overloading When the system detects the occurrence of APs associated client numbers exceeding a predefined threshold at circumstances and other APs in the same group are s...

Page 102: ...erved All other trademarks mentioned are the property of their respective owners Cluster The system can divide the managed APs into 3 different groups and perform transmit power management each with individual client threshold Device List The grouping of AP devices can be done on the Device List page ...

Page 103: ...ches you wish to remove from the list by clicking the corresponding checkboxes followed by the Delete button Restart Select the switches you wish to reboot from the list by clicking the corresponding checkboxes followed by the Restart button Backup The Backup button saves the configuration db file for the switch on the controller This file can be used for restoring settings on a switch Restore Whe...

Page 104: ...eserved All other trademarks mentioned are the property of their respective owners 9 3 Backup Configuration The list gives an overview of the backed up configurations Administrators may download the configuration file for restoration or check the checkboxes to delete the selected configuration files ...

Page 105: ...erformance enhancement during the initial installation stage and also monitoring managed APs in an existing deployment There are 3 different type of floorplan Virtual Local and Wide Models currently supporting the AP Simulation Utility are WHG321 WHG325 WHG405 WHG425 WHG515 WHG525 WHG711 WHG801 and WHG802 10 1 Add a Floor Plan The WiFi Monitor is designed to help administrators decide where APs sh...

Page 106: ... based on location The APs on the Managed AP Simulation floor plan are real managed Access Points on the Controller either by Local AP Management or Wide AP Management Access Points here are linked to APs managed by the WLAN controller and we can see real AP information such as the IP address MAC address and Associated Client number This allows the administrator to easily visualize the wireless ne...

Page 107: ...oller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners The Signal Strength and Coverage of the managed APs would depend on factors such as the AP model transmit power AP Height and etc ...

Page 108: ...onfiguration in optimization Meanwhile the Signal Strength and Coverage of the simulation APs would depend on factors such as the AP model transmit power AP Height and etc With the floor plan and partitions in place simulation APs can now be added to the floor plan for simulation as shown below Click Simulate 2 4G or Simulate 5G to see if the deployed APs are adequate for your requirement When sim...

Page 109: ... Wireless WLAN Controller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners Configurations can then be saved conveniently to a template to be used for AP Management ...

Page 110: ... Plan In an area with operating APs administrators may view AP statuses from the created floorplan The AP status shows Online Offline or Disabled Administrators may also obtain CPU Idle and Memory Usage when APs are managed by Wide area AP Management AP statistic information such as AP density and AP average traffic and AP average traffic are also supported when APs are managed using Wide area AP ...

Page 111: ... attributes in RADIUS protocol when integrate with RADIUS authentication server Authentication Options Databases for IKEv2 are built in LOCAL database external RADIUS authentication server NTDomain LDAP and POP3 server Note PPTP IKEv2 and Site to site VPN can work respectively Note the Remote VPN clients can be applied by different user policies at the page of Main Users Groups Configuration 11 2 ...

Page 112: ...VPN feature For example if there are 2 WLAN controllers you can create a VPN tunnel to let a subnet of one WLAN controller to access the subnet of another WLAN controller First you need to add a Remote Site with at least one remote subnet The IPSec settings in both sites must be same Then create a Local Site with subnet for mapping to the remote site Such as 192 168 11 0 24 of WLAN controller_A 19...

Page 113: ... 3 Once the HA link has been established the Active ACs will be servicing all network traffic while the Standby AC will be in hot standby ready to take over network service in case an Active AC can no longer provide service 1 4ipnet HA feature is software determined to be enabled or disabled When enabled LAN1 port will become the dedicated HA port When disabled LAN1 remain its normal function as L...

Page 114: ...from Active AC s when there is no Standby AC detected when HA is already enabled 9 HA feature can only be enabled for up to 3 ACs of the same brand and same FW version and build number HA Configuration Status This feature can be turn on or off here Number of Active s Selecting up to 3 Actives for N 1 HA Mode The role of this particular controller must be determined here manually HA Port IP Address...

Page 115: ...click confirm button to purchase an account The account cost will be sent to the PMS and added to the hotel bill via the configured middleware Create Single Mapping Port Type The default state of the rooms it may be Open Block Auth Required Choose LAN Port Select the LAN Port for which traffic is received Service Zone The service zone profile used to provide internet service to the corresponding l...

Page 116: ... Mapping List displays all the profile entries with information such as its VLAN ID Room Num Location ID Port Type and Service Zone Delete to erase an individual Port Location Mapping profile Export List to back up the existed Port Location Mapping List Import List to restore the Port Location Mapping List Change All Port Type To configure Port Type for all rooms Free Block Single User Multiple Us...

Page 117: ...rademarks mentioned are the property of their respective owners Once the VAP tunneled back complete tunnel or split tunnel has been configured with PLM Port Location Mapping remote sites may also benefit from the PMS system or other centrally managed hotspot operations which require location attributes or information ...

Page 118: ...be forcefully expired from use should the administrator desires upon room check out Micros Opera Micros Opera Setup Enter the PMS IP and PMS Port for Middleware connection PMS IP Enter the IP used by the Micros Fidelio PMS PMS Port Enter the Port used by the Micros Fidelio PMS Account Credentials Administrators may define User Account credentials using a combination of RN Room number GN Guest Name...

Page 119: ...firm available billing plans units and the users whether is allowed to buy a certain billing plan if there is any error it would return the error code and message for admin req_type 3 equals userinfo could show the user s information and status If add the fields all it would show the value of customized attributes A0 A9 If add the specific fields A5 A9 it would show the corresponding values Before...

Page 120: ...tor to view the IP to Physical address translation tables used by address resolution protocol ARP Status When the administrator is executing any Network Utilities features the status of the operation is displayed here Result The operation result is displayed here IPv6 15 1 2 Ping It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not Trace Ro...

Page 121: ... IP Discovery Utilities The scanning results would be devices corresponding IP address MAC address Model System Name SSID each VAP VLAN ID The WAN LAN ports of devices could connect through switch to other devices APs This powerful and proprietary built in utility is now both in WHG and EAP OWL series 15 2 Certificates WLAN controller can issue certificates to APs that it manages in its private ne...

Page 122: ...t CA certificate can be downloaded and used to sign certificates generated by the system Note that the system only allows one Internal Root CA to be created To upload an Internal Root CA click browse to select the Certificate and matching Private Key from your local disk and click Upload Files Once an Internal Root CA is uploaded generated details will be shown in the following format To view deta...

Page 123: ...s cannot be reused Password Limits to determine how many utilized passwords in the past should be checked For instance if the admin enters 5 the system will check if the newly added password is identical to one of the five most recent ones if it is the server would ask the admin to choose a new password string again Access Permission to configure the accessibility and permission of the WMI and the...

Page 124: ...tem to send email reminders Delete to remove the existed accounts Please note that only the created sub admins can be deleted Lock to check the boxes to lock to forbid certain sub admins to access the management page Unlock to check the boxes to unlock to forbid certain sub admins to access the management page Backup List To export user credentials as a text file in csv format in a new window Rest...

Page 125: ...t Click Reset to load the factory default settings of the controller The process needs to restart the system There are several options to define whether to retain the system current settings Keep WAN1 setting default checked Keep Management IP Address List default checked Keep LAN Alias DHCP setting Management Service Zone List and Management Service Zone List Keep Certificate Keep Local Area AP M...

Page 126: ...It might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to activate the new firmware FTP firmware upgrade is also an option enter the FTP server IP address FTP server port and the FTP account name and password and lastly specify the complete firmware filename stored on the FTP server that will be used to upgrade the system Note Before perfor...

Page 127: ...address Type to select one of the IPv6 methodologies Static Manually enter all the related IPv6 information Red asterisk are mandatory fields Ideal if your internet package comes with static IPv6 addresses issues by your ISP 6to4 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6 a system that allows IPv6 packets to be transmitted over an IPv4 network generally the IPv4 inter...

Page 128: ...ssignment could be bound with the chosen External Interface WAN1 or WAN2 There are specific sets of static Internal IP Address and External IP Address available Internal and External IP Addresses are entered as a set After the setup accessing the WAN will be mapped to access the Internal IP Address These settings will become effective immediately after clicking the Apply button Public Accessible S...

Page 129: ...the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply This function allows the administrator to set specific sets of the IP addresses at most for redirection purpose When the user attempts to connect to a...

Page 130: ...e accessed via a hyperlink of device s IP address when the system is operated under NAT mode 16 4 Walled Garden and Advertisement This function provides certain free services for users to access the websites listed here before login and authentication Specific addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to exp...

Page 131: ...tisement hyperlink in the login page clients are accessing Topic the wording of the advertisement hyperlink in the login page clients are accessing Description a custom field for identity of each walled garden advertisement Delete to remove the existed walled garden entry Backup Walled Garden List to save the current walled garden entries from the system Restore Walled Garden List to load a list o...

Page 132: ...ntroller can be enabled even with a Proxy Server placed outside the LAN environment or in the Internet For example the above diagram illustrates how a proxy server of an ISP is used Select Enable Built in and click Apply to save the settings Step 6 Enable Proxy Server Settings in Internet Options on Client Stations Step 7 By enabling the built in Proxy Server all traffic is forwarded to the local ...

Page 133: ... Client Stations Step 10 Note By Enabling the Proxy Server clients are required to manually check Proxy Server Settings on client stations Internet Options To apply Transparent Proxy please use Port and IP forwarding 16 7 Local DNS Records The administrator could statically assign a Domain Name to IP mappings for all clients connected to the WLAN controller s LAN network This feature can be used t...

Page 134: ...ighboring nodes that this controller is the default gateway Advertise Global Policy Route Inform neighboring nodes the Global Policy route on this controller Re distribute RIP Check this option to enable using OSPF to distribute routing information acquired via RIP OSPF v3 Configuration IPv6 dynamic routing configuration RIP Configuration It is a dynamic routing protocol used in local and wide are...

Page 135: ...r s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply DDNS to enable or disable this function Provider to select the DNS provider Host name The IP address domain name of the WAN port Username E mail The register ID username or e mail for the DNS provider Password Ke...

Page 136: ...lave Node peers The term Master Node simply means that this node takes its place in the center of the star topology The role determination is completely dependent on the administrator settings To establish roaming partnership configure a WLAN controller to be Master Node and another WLAN controller to be Slave Node Make sure that the Secret Key and both WLAN controllers WAN interface are routable ...

Page 137: ... 17Status for Logs and Reports 17 1 Dashboard This page displays important system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc The download button on the top right corner is a tool that captures system settings This is used for maintenance or troubleshooting purposes ...

Page 138: ... the property of their respective owners 17 2 System Related Status System Summary 17 2 1 The system summary displays a table of contents including firmware version report servers configured WAN optional settings User log profile system time and session control settings For detailed status please proceed to corresponding configuration pages ...

Page 139: ...interfaces for the administrator to inspect including WAN1 WAN2 SZ Default SZ1 SZ8 Select the network interface that you are interested to see If the selected interface is enabled the corresponding network settings will be displayed Scrolling down the page the traffic statistics for different scales including traffic summary traffic of the day traffic of the month and traffic of the top 10 days is...

Page 140: ...nable the green light of the status indicates the process daemon works normally Routing 17 2 4 This status page displays all the User Policy Route rules and Global Policy Route rules will be listed here It provides a fast reference window for the administrator to see the routing rules enforcements for users belonging to different Policies It also shows the System Route rules specified for each net...

Page 141: ...ber under column 2 indicates the lease count in the last 20 minutes hours days the number under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days are shown here The header 1 10 are unit multipliers for instance the number under column 2 indicates the expired count in...

Page 142: ... their respective owners DHCP Lease List Valid IP addresses issued from the DHCP Server and related information of the client using this IP address is displayed here 17 3 Client Related Status Online User 17 3 1 Users displayed on this page are the ones that are authenticated by this Controller under its managed network either LAN or remotely tunneled site ...

Page 143: ... interval for automatic refresh from the drop down box in the lower right corner of this page Associated Non Login Users 17 3 2 This page shows users that have acquired an IP address from the system s DHCP server but have not yet been authenticated either under the LAN or remotely tunneled site This feature is designed for administrators to keep track of systems resources from being exhausted The ...

Page 144: ... 4 This page shows the users that are authenticated by other Controllers using this Controller s On Demand database as RADIUS database Session List 17 3 5 This page allows the administrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may define the filter conditions and display only the resu...

Page 145: ...nd User Billing Report Log This page displays a summary of On Demand account transactions RADIUS Server Log This page displays the RADIUS messages that pass through the controller SIP Call Usage The log provides the login and logout activities of SIP clients device and soft clients such as Start Time Caller Callee and Duration seconds System Log This page displays system related logs for event tra...

Page 146: ... Name Type Name Unit Price Total Price IP IPv6 MAC Pkts In Bytes In Pkts Out Bytes Out Activation Time 1st Login Expiration Time Account Valid Through Remark VLAN ID Group Policy MaxDnLoad MaxUpload ReqDnLoad and ReqUpload Applicable User Event categories for Roaming Out Users Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message Applicable...

Page 147: ... configured Login is Microsoft proprietary mechanisms using a UNIX login and password Outlook and Outlook express use Login as default although they can be set to use NTLMv1 Pegasus uses Login as well but which method to be used cannot be configured NTLMv1 a Microsoft proprietary mechanisms is not currently available for general use Pegasus uses Sender E mail Address The e mail address of the admi...

Page 148: ...as well as system logs will be sent to The outputted log files to the FTP server will be named according to the format Topic_ ExtraDesc_ SystemName_ Date_Time txt For example HTTPWebLog_GW1_2010 10 15_0800 txt FTP Settings Allows the configuration of an external FTP Server where selected users logs as well as system logs will be sent to FTP Destination This specifies the IP address and port number...

Page 149: ...148 User Manual ENGLISH WHG Series Wireless WLAN Controller Copyright 2017 4ipnet Inc All rights reserved All other trademarks mentioned are the property of their respective owners ...

Page 150: ... servicing LAN traffic 10 100 1000 Base T RJ 45 7 USB USB console interface The cable should be the combination of below 3 cables 1 Port USB to RS232 DB9 Serial Adapter Cable M M RS232 DB9 Serial Adapter Cable to RS232 DB9 Serial Adapter Cable F F RS232 DB9 Serial Adapter Cable to 1 Port USB M M WHG321 1 Reset Press and hold the Reset button for about 5 seconds and status of LED on front panel wil...

Page 151: ...AN1 LAN2 Two Gigabit LAN ports for servicing LAN traffic 10 100 1000 Base T RJ 45 7 LED Indicators There are two LED indicators Power and Status to indicate different status of the system WHG425 1 LED Indicators There are three LED indicators Power Status and Hard disk to indicate different status of the system 2 LCD Display Allows network administrator to check important system settings such as n...

Page 152: ... of LED on front panel will start to blink before restarting the system Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will start to speed up blinking before resetting the system to default configuration 4 Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Ter...

Page 153: ...nel will start to speed up blinking before resetting the system to default configuration 5 WAN1 WAN2 Dual Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplink connections to the external network such as the ADSL Router from Internet Service Provider 6 LAN1 LAN6 LAN9 LAN12 Client machines connect to WHG Controller via these LAN ports 10 100 1000 Base T RJ 45 7 USB Reserved for future use 8 Console...

Page 154: ...ministrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc 5 Mgmt For management use only it will always open WMI Web Management Interface homepage where its default IP address and subnet mask are 172 30 0 1 and 255 255 0 0 3 LED Indicators There are three LED indicators P...