background image

User’s Manual 

WSG-500 Wireless Hotspot Gateway 

ENGLISH

 

 

 

 

84 

 

 

Caution: 

If the administrator’s password is lost, the administrator’s password still can be changed through the 
text mode management interface via the serial console port.

 

 

 

Summary of Contents for WSG-500

Page 1: ...User s Manual WSG 500 Wireless Hotspot Gateway ENGLISH i User s Manual WSG 500 V1 00 ...

Page 2: ...rt 13 3 2 1 Static IP 14 3 2 2 Dynamic 14 3 2 3 PPPoE 14 3 3 Internet Connection Detection 16 3 4 WAN Bandwidth Control 17 3 5 What is Zone 18 3 5 1 Port Role Assignment 19 3 5 2 Planning Your Internet Network 20 3 5 3 Configure Zone Network 21 4 Let Your Network to Be a Wireless Network 23 4 1 System Wireless General Settings 23 4 2 Zone Wireless Settings 25 4 3 Zone Wireless Security 28 5 Who Ca...

Page 3: ... 8 1 2 Internal Domain Name with Certificate 67 8 1 3 Walled Garden 69 8 1 4 Walled Garden AD List 70 8 2 After User Login 71 8 2 1 Portal URL after successful login 71 8 2 2 Idle Timer 72 8 2 3 Multiple Login 73 9 Networking Features of a Gateway 74 9 1 IP Plug and Play 74 9 2 Dynamic Domain Name Service DDNS 75 9 3 Port and IP Redirect 76 10 System Management and Utilities 77 10 1 System Time 77...

Page 4: ...er Log 100 11 1 6 Local User Monthly Network 102 11 2 Notification 103 11 2 1 E Mail 104 11 2 2 SYSLOG 105 11 2 3 FTP 106 11 2 4 Event Log 107 12 Advanced Applications 108 12 1 Upload Download Local Users Accounts 108 12 2 RADIUS Advanced Settings 110 12 3 Roaming Out 111 12 4 Customizable Pages 112 Appendix A Network Configuration on PC User Login 114 Appendix B Policy Priority 127 Appendix C WDS...

Page 5: ...ork system knowledge to complete the installation 1 2 Document Conventions Caution Represents essential steps actions or messages that should not be ignored Note Contains related information that corresponds to a topic Indicates that clicking this button will return to the homepage of this section Indicates that clicking this button will exit the system Indicates that clicking this button will app...

Page 6: ... User s Manual and QIG x 1 y Quick Installation Guide QIG x 1 y Console Cable x 1 y Ethernet Cable x 1 y Power Adapter DC 12V x 1 y Rubber Antenna x 2 y Mounting Kit x 1 y Ground Cable x 1 Caution It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance ...

Page 7: ...table dust proof IP50 metal housing 2 2 System Concept WSG 500 is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external RADIUS database server Featured with user authentication and integrated with external payment gateway WSG 500 allows users to easily pay the fee and enjoy the Internet service usin...

Page 8: ...User s Manual WSG 500 Wireless Hotspot Gateway ENGLISH 4 Example A typical Hotspot network ...

Page 9: ... Ethernet cables here for connecting to the wired local network LAN1 maps to Private Zone and requires no user authentication LAN2 maps to Public Zone and by default requires user authentication 5 WAN PoE Attach the wired external network here This port supports Power over Ethernet PoE for flexible installation 6 Reset This is hardware reset button Press once to restart the system 7 Power Socket 1...

Page 10: ...User s Manual WSG 500 Wireless Hotspot Gateway ENGLISH 6 Rear Panel Antenna Connector Attach antennas here WSG 500 supports 1 RF interface with 2 SMA connectors ...

Page 11: ...s turned on WAN Blue Off On Flashing The WAN is not connected The WAN has a successful 10 100Mbps Ethernet connection The WAN is sending or receiving packet LAN 1 LAN 3 Blue Off On Flashing The LAN is not connected The LAN has a successful 10 100Mbps Ethernet connection The LAN is sending or receiving packet WLAN Blue Off On The wireless is not ready The wireless is ready ...

Page 12: ...he internet WES Blue For indicating WES status during WES setup Master Slave WES Start LED flashing slowly LED flashing quickly WES Negotiate LED flashing slowly LED flashing quickly WES Fail Negotiate Timeout LED OFF LED OFF WES Success LED ON for over 5 seconds LED ON for over 5 seconds after Master displays WES Success USB Blue N A For future usage only Remark WES is a future supported feature ...

Page 13: ...connect the other end of the cable to the ATU Router of an ADSL a cable modem a switch or a hub The WAN LED indicator should be ON to indicate a proper connection 3 Connect WSG 500 to your network device Connect one end of the Ethernet cable to the LAN1 port of WSG 500 on the front panel Connect the other end of the cable to a PC for configuring the system The LAN1 LED indicator should be ON to in...

Page 14: ...completed Caution Please only use the power adapter supplied with the WSG 500 package Using a different power adapter may damage this system Caution To double verify the wired connection between WSG 500 and your switch router hub please check the LED status indication of these network devices ...

Page 15: ...n is required for users Note The instructions below are illustrated with the administrator PC connected to LAN1 To access the web management interface connect a PC to the LAN Port and then launch a browse Make sure you have set DHCP in TCP IP of your PC to get an IP address dynamically The default gateway IP address is the default gateway IP address of Private Zone 192 168 1 254 Next enter the gat...

Page 16: ...egal website Please press Continue to this website to continue Caution If you can t get the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please set your PC with a static IP address such as 192 168 1 xx in your network and then try...

Page 17: ...ernet Thus the first step is to prepare an Internet connection from your ISP Internet Service Provider and connect it to the WAN port of WSG 500 3 2 Configure WAN Port There are 3 connection types for the WAN Port Static Dynamic and PPPoE These connection types are enough to support most ISP Now let us discuss how to configure WAN port Go to System WAN Configuration The parameters related to each ...

Page 18: ...S Server The substitute DNS Server of the system This is an optional field 3 2 2 Dynamic Dynamic It is only applicable for the network environment where the DHCP server is available upstream of the system Click the Renew button to get an IP address automatically 3 2 3 PPPoE PPPoE When selecting PPPoE to connect to the network please set the User Name Password MTU and Clamp MSS There is a Dial on d...

Page 19: ...User s Manual WSG 500 Wireless Hotspot Gateway ENGLISH 15 ...

Page 20: ...tion Detection When enabled system will try to access these IP Domain addresses if system can reach these IP Domain address it means that the outbound Internet connection is in normal state On the other hand there is a text box available for the administrator to enter a reminding message This reminding message will appear on clients screens when Internet connection is down ...

Page 21: ... though the WAN interface These parameters set here should not exceed the real bandwidth coming from your ISP For example if your xDSL is 8Mbs 640kbs you may input these two values here Available Bandwidth on WAN Interface y Uplink It specifies the maximum uplink bandwidth that can be shared by clients of the system y Downlink It specifies the maximum downlink bandwidth that can be shared by clien...

Page 22: ...can be utilized by WSG 500 Private Zone and Public Zone as shown in the table below Private Zone means clients are not required to be authenticated before using the network service On the other hand clients in Public Zone are required to get authentication before using the network service y Name Mnemonic name of the Zone y ESSID The SSID that is associated with the Zone y Wireless Security Data en...

Page 23: ...on Required is enabled by default so clients are required to get authenticated successfully before surfing the Internet The Zone and Port mappings are shown below LAN1 and LAN2 maps to Private Zone and Public Zone respectively Note System s WMI can also be accesses via WAN port as long as the administrator uses an IP address listed in Management IP Address List setting If both WAN and LAN ports ar...

Page 24: ...d to access the network via wired and wireless In Public Zone by default Authentication Required is enabled so clients are required to get authenticated successfully before surfing the Internet Administrator can access the Web Management Interface WMI of WSG 500 through the wired LAN port Waiters or waitresses can send orders back to the electrical menu system via wireless hand set devices ...

Page 25: ...et Mask of this zone DHCP Server Related information needed on setting up the DHCP Server is listed here Please note that when Enable DHCP Relay is enabled the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this zone o Start IP Address End IP Address A range of IP addresses that th...

Page 26: ... applicable to this zone o Lease Time This is the time period that the IP addresses issued from the DHCP server are valid and available o Reserved IP Address List Each zone can reserve up to 40 IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients The administrator can reserve a specific IP address for a special device with certain MAC ...

Page 27: ... supported to enhance throughput y Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default Auto y Max Transmit Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the w...

Page 28: ...User s Manual WSG 500 Wireless Hotspot Gateway ENGLISH 24 ...

Page 29: ...reless service under this zone Assign an ESSID for VAP1 under Private Zone or use default WSG 500 1 the ESSID of Private Zone will not be broadcasted and internal staff will need to associate to Private Zone s VAP1 manually Security Configure the wireless network under Private Zone with security encryption to prevent unauthorized wireless association if necessary The encryption standards supported...

Page 30: ... without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only Normally we use VAP2 the VAP under Public Zone to provide wireless service to public clients ...

Page 31: ...eces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Broadcast SSID Enable to broadcast VAP2 s SSID in the air Disable to hide VAP s SSID so that it cannot be scanned Stat...

Page 32: ...set up the wireless security profile it include WEP 802 1x for Public Zone only WPA PSK or WPA RADIUS for Public Zone only z WEP 802 11 Authentication Select from Open System or Shared Key WEP Key Length Select from 64 bit 128 bit 152 bit key length WEP Key Format Select from ASCII or Hex format for the WEP key WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies ...

Page 33: ...er Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed Pre shared Key Passphrase Enter the key value for the pre shared key or passphrase Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds z WPA RADIUS Same as 802 1X when it is selected it is combined with TKIP AES or Mixed mode Cipher Suite Select an encryption met...

Page 34: ...bets a z or A Z dash underline _ space and dot only This name is used for the administrator to identify the authentication options easily such as HQ RADIUS y Postfix A postfix represents the authentication server in a complete username For example user1 local means that this user user1 will be authenticated against the LOCAL authentication database y Policy Select one Policy from the drop down lis...

Page 35: ...licking on each user account leads to a page for configuring the individual local account Add User Click this button to enter into the Adding User s to the List interface Fill in the necessary information such as Username Password MAC Address and Remark Select a desired Policy to classify local users Click Apply to complete adding the user s MAC address of a networking device can be bound with a l...

Page 36: ...of a username or remark to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed y Del All Click on this button to delete all the users at once or click on Delete hyperlink to delete a specific the user individually ...

Page 37: ...nt is needed click the username of the desired user account in Local User List to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Applied Policy optional and Remark optional Click Apply to complete the modification ...

Page 38: ...after clicking the Apply button External RADIUS Related Settings 802 1X Authentication Enable Disable 802 1X authentications for users authenticating through this Server Username Format Select the format which the user login information is sent to the external RADIUS Server You may choose to send username in Complete userID Postfix Only ID or Leave Unmodified Please note that if Leave Unmodified o...

Page 39: ...server When the clients classified by RADIUS class attributes logs into the system via the RADIUS server each client will be mapped to an assigned Policy Primary Secondary RADIUS Server Server Enter the domain name or IP address of your RADIUS Server Authentication Port Enter the Port number used for authentication Accounting Port Enter the Port number used for accounting Secret Key Secret Key use...

Page 40: ...ic Zone y Wireless Key It will show the wireless key that was configured in Public Zone settings y Currency Select the desired currency unit for charged internet access y Remaining Reminder Enable it and input the count down minute system will remind users that their quota will run out soon when their quota reaches this time The remaining message will not show up if the Remaining Reminder time is ...

Page 41: ...it is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended y Number of Tickets Enable this function to print duplicate receipts Another Remark field will appear when the Number of Ticket is selected to 2 and the content will appear at the bottom of the 2nd duplicate receipt y Preview Click Preview button the ticket will be shown including the information of...

Page 42: ...n regarding on demand accounts and billing plan configuration please refer to Appendix E On demand Account types Billing Plan 4 External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The options are Authorize Net PayPal SecurePay WorldPay or ...

Page 43: ... together with account creation After the account is created you can click Printout to print a receipt which will contain the on demand user s information including the username and password to a network printer Moreover you can click Send to POS to print a receipt by a POS device Note If no Billing plan is enabled accounts cannot be created by clicking Create button Please goes back to Billing Pl...

Page 44: ...ter the On demand Account Batch Creation Enter the desired number of accounts of enabled plans to create a batch of on demand accounts together The Number of Accounts field of disabled plans will not be able to enter any number The sum of all Number of Accounts will be constrained and will not accept a number over the available account limits in database Click Create button to start batch creation...

Page 45: ...er of Accounts The desired number of accounts to be created from the plan 8 On demand Account List All created On demand accounts are listed and related information on is also provided y Search Enter a keyword of a username External ID or reference to be searched in the text filed and click this button to perform the search All usernames External ID or reference matching the keyword will be listed...

Page 46: ... y Reference Any other additional information for example venue where the account is generated etc y Delete All This will delete all the users at once y Delete This will delete the users individually 9 Redeem On demand Accounts For Usage time accounts when the remaining quota is insufficient or if they are almost out of quota they can use redeem function to extend their quota After the user has go...

Page 47: ...NGLISH 43 Note The maximum quota is 365dys 23hrs 59mins 59secs even after redeem If the redeem amount exceeds this number the system will automatically reject the redeem process Note Duration time and Hotel Cut off type do not support redeem function ...

Page 48: ...r authentication assigned as default the postfix can be omitted For example if local is the postfix of the default option then user with username Bob can login as Bob without having to type in Bob local 5 2 2 Login with Postfix For each authentication option set a postfix that is easy to distinguish e g Local user login with which authentication server The acceptable characters are numbers 0 9 alp...

Page 49: ...his example we try to connect to www google com a For the first time if the WSG 500 is not using a trusted SSL certificate there will be a Certificate Error because the browser treats WSG 500 as an illegal website b Please press Continue to this website to continue c The default user login page will appear in the browser 2 Enter the username and password for example we use a local user account tes...

Page 50: ... at the next login Then click the Submit button The Credit Balance button on the User Login Page is for on demand users only where they can check their Remaining quota 3 Successful The Login Success Page means you are connected to the network and Internet now ...

Page 51: ...access control Users accounts that appear in the black list will be denied of network access The administrator can use the pull down menu to select the desired black list y Select Black List There are 5 black list profiles available for utilization y Name Set the black list name and it will show on the pull down menu above y Add User s Click the Add User s button to add users to the selected black...

Page 52: ... Remark blank not required click Apply to add the users If removing a user from the black list is desired select the user s Delete check box and then click the Delete button to remove that user from the black list After the Black List editing is completed You can select the Black List in each Authentication Server to let it to become effective ...

Page 53: ... the users with their MAC addresses in this list can login to WSG 500 There are 40 users maximum allowed in this MAC address list User authentication is still required for these users Click Edit to enter the MAC Address Control list Fill in these MAC addresses select Enable and then click Apply Caution The format of the MAC address is xx xx xx xx xx xx or xx xx xx xx xx xx ...

Page 54: ...l be mapped to a user of a RADIUS class attribute Global Policy Global policy is the system s universal policy containing Firewall Rules Specific Routes Profile and Maximum Concurrent Sessions which will be applied to all users unless the user has been regulated and applied with another individual Policy y Select Policy Select the desired policy profile to configure y Firewall Profile Global polic...

Page 55: ...nfigured here all clients applied with this policy will access the specific destination through these gateway settings y Schedule Profile The Schedule table in a 7X24 format is used to control the clients login time When Schedule is enabled clients applied with this policy are only allowed to login the system at the time which is checked in Schedule profile settings y QoS Profile QoS profile defin...

Page 56: ...ols There are predefined service protocols available for firewall rules editing The administrator is able to add new custom service protocols by clicking Add and delete the added protocols individually or with Select All followed by Delete operation Caution The Predefined Service Protocols can not be deleted Click Add to add a custom service protocol The Protocol Type can be defined from a list of...

Page 57: ...le to apply these protocols o Firewall Rules Click the number of filter Rule No to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active checkbox and click Apply to enable that rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionall...

Page 58: ...iltering is supported but Domain Host filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Service Protocol These are defined protocols in the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy ...

Page 59: ...he specified gateway o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that have just been entered and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255...

Page 60: ...e defined in each Policy except Global Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway o Enable Check Enable box to activate this function or uncheck to inactivate it o Default Gateway IP Address You may need to fill the IP address of the default gateway ...

Page 61: ...chedule Profile to enter the configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save the settings These settings will become effective immediately after clicking Apply ...

Page 62: ...ents Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client The Individual Maximum Downlink cannot exceed the value of Total Downlink Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client The Individual Request Downlink cannot exceed the value of Total Downlink and Individual Maximum Downlink Tota...

Page 63: ...thenticated port privileged users and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to a SYSLOG server Since...

Page 64: ...et After the setup accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address These settings will become effective immediately after clicking the Apply button The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN that will change dynamically if WAN Interface is Dynamic When Automatic WAN IP Assi...

Page 65: ...ces outside the managed network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the service s type In the Enable column check the desired server to enable These settings wi...

Page 66: ...vilege List Configure Privilege List go to Network Privilege Setup the Privilege IP Address List and Privilege MAC Address List The clients accessing the internet via IP addresses and or networking devices in the list can access the network without any authentication ...

Page 67: ...the network without authentication enter the IP addresses of these workstations in the Granted Access by IP Address The Remark field is not necessary but is useful to keep track WSG 500 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply Caution Permitting specific IP addresses to have network access rights without going through standard ...

Page 68: ...o be set in the Granted Access by MAC Address WSG 500 allows 100 privilege MAC addresses at most When manually creating the list enter the MAC address the format is xx xx xx xx xx xx as well as the remark not necessary These settings will become effective immediately after clicking Apply Caution Permitting specific MAC addresses to have network access rights without going through standard authenti...

Page 69: ...ion in Public Zone Configure Disable Authentication in Public Zone go to System Zones Configuration click Configure in Public Zone z Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to the network within Public Zone ...

Page 70: ...the use of Secure Socket Layer SSL or Transport Layer Security TLS as a sub layer under regular HTTP application layering HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server HTTP Protected Login function will let the client s login with https for more security Enable to activate https encryption or disable to activate http non encryption login pa...

Page 71: ...Certificate go to Users Additional Control Upload File Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA...

Page 72: ...reless Hotspot Gateway ENGLISH 68 Click Continue to this website to access the user login page Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes ...

Page 73: ...ices for users to access the websites listed here before login and authentication Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website IP Address or Domain Name in the list and click Apply to save the settings ...

Page 74: ...s login page Clients who click on it will be redirected to the listed advertisement websites y Enter all items or make changes click Apply the items will be added and shown in the list y URL Enter the URL of the advertisement website y Topic Enter the content of the hyperlink for instance if you enter Google in this field on the user login page a hyperlink Google will be displayed y Description An...

Page 75: ...System General When this function is enabled enter the URL of a Web server as the Portal page Once logged in successfully users will be directed to this URL such as http www google com regardless of the original homepage set in their browsers When this function is disabled after users logged in successfully users will be directed to the original homepage set in their browsers ...

Page 76: ...72 8 2 2 Idle Timer Configure Idle Timer go to Users Additional Control If a user has idled with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and the default idle time is 10 minutes ...

Page 77: ...teway ENGLISH 73 8 2 3 Multiple Login Configure Multiple Login go to Users Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication ...

Page 78: ...nt Mobility WSG 500 supports IP PNP function User can login and access network with any IP address setting This function is disabled in default settings When IP PNP is enabled at the user end a static IP address can be used to connect to the system Regardless of what the IP address at the user end is using authentication can still be performed through WSG 500 ...

Page 79: ...strator to easily access WSG 500 s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply y DDNS Enable or disable this function y Provider Select the DNS provider y Host name The IP address domain name of the WAN port y Username E mail The register ID username or e mail...

Page 80: ...dresses at most for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately...

Page 81: ...cify the local time zone and the IP address of at least one NTP server for adjusting the time automatically Universal Time is Greenwich Mean Time GMT Manually set up is another option to setup system time if you choose to setup system time manually please enter the Year Month Day the current time and click Apply to activate the changes Note When system can not sync the time with NTP server all cli...

Page 82: ... that as long as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page The default value is 0 0 0 0 0 0 0 0 It means that the WMI can be accessed by any IP address for security considera...

Page 83: ...ral Specify an IP address of the administrator s computer or a billing system to get billing history information of WSG 500 with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History https 10 2 3 213 status history 2010 12 10 On demand History https 10 2 3 213 status ondemand_history 2010 12 10 ...

Page 84: ...less Hotspot Gateway ENGLISH 80 10 4 SNMP Configure SNMP go to System General WSG 500 supports SNMP v1 v2c If this function is enabled the SNMP Management IP and the Community string can be assigned for SNMP access to the system ...

Page 85: ...inds of account interface You can log in as admin manager or operator The default usernames and passwords show as follows Admin The administrator can access all configuration pages of WSG 500 Username admin Password admin After a successful login to WSG 500 a web management interface with a Home manual will appear ...

Page 86: ...ounts User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator Note To logout simply click the Logout icon on the upper right corner of the interface to return to the login screen ...

Page 87: ...er Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator The adminis...

Page 88: ...l WSG 500 Wireless Hotspot Gateway ENGLISH 84 Caution If the administrator s password is lost the administrator s password still can be changed through the text mode management interface via the serial console port ...

Page 89: ...ings Also WSG 500 can be restored to the factory default settings here y Backup System Settings Click Backup to create a db database backup file and save it on disk y Restore System Settings Click Browse to search for a db database backup file created by WSG 500 and click Restore to restore to the same settings at the time when the backup file was saved y Reset to Factory Default Click Reset to lo...

Page 90: ...appears Note After clicking Apply the system will begin uploading the chosen firmware into the system Once the upload process is complete system will restart to activate the new firmware The entire process may take a few minutes until the new firmware WMI appears When restart is complete system will not lease IP So please use static IP PC to upgrade system firmware Caution 1 Firmware upgrade may c...

Page 91: ...nutes Click YES to restart WSG 500 click NO to go back to the previous screen Do NOT power off the power during system restart as this might damage the system If the power needs to be turned off it is highly recommended to restart WSG 500 first and then turn off the power after completing the restart process Caution The connection of all online users to the system will be disconnected when system ...

Page 92: ... host s domain name or IP address and then press Ping button Trace Route display the actual route taken to reach the destination host by entering the destination host s domain name or IP address and then press Start button ARP Table for displaying ARP information stored on the system 10 10 1 Wake on LAN It allows the system to remotely boot up a power down computer with Wake On LAN feature enabled...

Page 93: ...ute It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name 10 10 4 Show ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP ...

Page 94: ...the IP addresses on the list On each monitored item with a WEB server running administrators may add a link for the easy access by entering the IP select the Protocol to http or https and then click Create After clicking Create button the IP address will become a hyperlink and administrators can easily access the host by clicking the hyperlink remotely Click the Delete button to remove the hyperli...

Page 95: ...r 3 Once the console port of WSG 500 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or main menu should appear If the welcome screen or main menu of the console...

Page 96: ...ecified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand Main menu Go back to the main menu y Change admin pass...

Page 97: ...t the same management interface can be accessed via SSH Therefore we recommend you to immediately change the WSG 500 Admin username and password after logging in the system for the first time y Reload factory default Choosing this option will reset the system configuration to the factory defaults y Restart WSG 500 Choosing this option will restart WSG 500 ...

Page 98: ...ew the Status This section includes System Interface Routing Table Online Users User Log and E mail SYSLOG to provide system status information and online user status 11 1 1 System Status View System Status go to Status System This section provides an overview of the system for the administrator ...

Page 99: ...e connection at WAN is normal or abnormal Internet Connection Detection and all online users are allowed disallowed to log in the network Retained Days The maximum number of days for the system to retain the users information User Log Receiver Email Address es The email address to which the user log information will be set NTP Server The network time server that the system is set to align System T...

Page 100: ...ot Gateway ENGLISH 96 11 1 2 Interface Status View Interface Status go to Status Interface This section provides an overview of the interface for the administrator including WAN Zone Wireless General Settings Zone Private and Zone Public ...

Page 101: ...t MAC Address The MAC address of the Wireless Band The current Band setting of Wireless Channel The current Channel setting of Wireless Zone Wireless General Settings Transmit Power The current Transmit Power setting of Wireless Mode The operation mode of the zone MAC Address The MAC address of the zone IP Address The IP address of the zone Zone General Subnet Mask The Subnet Mask of the zone Stat...

Page 102: ...he System Route rules specified by each interface y Policy 1 5 Shows the information of the individual Policy from 1 to 5 y Global Policy Shows the information of the Global Policy y System Shows the information of the system administration Destination The Destination IP address Subnet Mask The Subnet Mask of the IP address range Gateway The Gateway IP address of the interface Interface Including ...

Page 103: ...atus Online Users In this page each online user s information including Username IP Address MAC Address Pkts In Bytes In Pkts Out Bytes Out Idle and Kick Out will be shown Administrators can force out a specific online user by clicking the hyperlink of Kick Out Click Refresh to update the current users list ...

Page 104: ...story please manually copy and save the traffic history information before restarting If the Receiver E mail Address es has been entered under the E mail SYSLOG page the system will automatically send out these history information to that specified email address y Primary User Log All user activities occur on the system within the nearest 72 hours excluding other user logs such as on demand user l...

Page 105: ... a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities y Roaming In User Log Each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserIP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and M...

Page 106: ...of 6 fields Username Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Out The total number of packets received and sent by the user o Bytes In Bytes Out The total number of bytes received and sent by the user Download Monthly Network Usage of Lo...

Page 107: ...eport Users Log and Session Log to up to 3 particular e mail addresses A trial email is provided by the system for validation Secondly the system supports recording of System Log On demand Users Log and Session Log via external SYSLOG servers and sending Session Log to an external FTP server In addition system Event Log of clients associated and disassociated messages appear on WMI as well ...

Page 108: ...ess of the administrator in charge of the monitoring This will show up as the sender s e mail SMTP Server The IP address of the sender s SMTP server SMTP Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMv1 is not currently av...

Page 109: ...es of SYSLOG supported System Log On demand User Log and Session Log Enter the IP address and Port number to specify which and from where the report should be sent to Note When the number of a user s session TCP and UDP reaches the session limit specified in the policy a record will be logged to this SYSLOG server ...

Page 110: ...ession Log email notification The maximum log file size is 128K In addition the log file also will be sent to the FTP server once the file size reaches its maximum limit IP Address Port IP address and port number of FTP server Server Folder The folder directory on FTP server for upload Send Log every hour The time interval for sending the log report Anonymous Enter the Username and Password for ac...

Page 111: ... this log In the log normally each line represents an event record which includes these fields y Date Time The time date when the event happened y Hostname Indicate which host records this event Note that all events in this page are local event so the hostname in this field are all the same y Process name Indicate the event generated by the running instance y Description Description of this event ...

Page 112: ...m system Home page z Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process When uploading a file any format error or duplicated username will terminate the uploading process and no account will be uploaded Please correct the format in the uploading file ...

Page 113: ...User s Manual WSG 500 Wireless Hotspot Gateway ENGLISH 109 y Download User Use this function to create a txt file with all Local user account information and then save it on disk ...

Page 114: ...ntication On the other hand when Only ID option is checked only the username will be transferred to the external RADIUS server for authentication NAS Identifier System will send this value to the external RADIUS server if the external RADIUS server needs this NAS Port Type System will send this value to the external RADIUS server if the external RADIUS server needs this Class Policy Mapping This f...

Page 115: ...nk of Roaming Out 802 1X Client Device Settings will be available to define the client device authorized to roam by entering the IP address Subnet Mask and Secret Key Click the hyperlink Roaming Out 802 1x Client Device Settings to enter the Roaming Out 802 1X Client Device Settings interface Choose Roaming Out and key in the Roaming Out client s IP address and network mask and then click Apply to...

Page 116: ...upload a Logo image file for your template with the Preview and Edit the Image File button Click the button of Configure the setup page will appear for the corresponding page where you can change the text displayed as you wish After finishing the setting click Preview to see the result If you are happy with the customized pages click Apply to activated the changes made Disclaimer Page z The Discla...

Page 117: ...l Page Choose the External Page option if you wish to use user pages located on a designated website Click the button of Configure for each custom pages and enter the URL of its corresponding external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button ...

Page 118: ...on PC After WSG 500 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup y Internet Connection Setup Windows 9x 2000 1 Choose Start Control Panel Internet Options 2 Choose the Connections tab and then click Setup ...

Page 119: ...anually or I want to connect through a local Area network LAN and then click Next 4 Choose I connect through a local area network LAN and then click Next 5 DO NOT choose any option in the following LAN window for Internet configuration and just click Next ...

Page 120: ...116 6 Choose No and then click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP 1 Choose Start Control Panel Internet Option ...

Page 121: ...117 2 Choose the Connections tab and then click Setup 3 When the Welcome to the New Connection Wizard window appears click Next 4 Choose Connect to the Internet and then click Next ...

Page 122: ... Set up my connection manually and then click Next 6 Choose Connect using a broadband connection that is always on and then click Next 7 Finally click Finish to exit the Connection Wizard Now the setup is completed ...

Page 123: ...C If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checking the TCP IP setup or using the static IP in the LAN1 LAN2 or LAN3 LAN4 section is desired please follow these steps Check the TCP IP Setup of Window 9x ME 1 Choose Start Control Panel Network 2 Cli...

Page 124: ... IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WSG 500 Caution If your PC has been set up completely please inform the network administrator before proceeding to the following steps 4 1 Click on the IP Address tab and choose Specif...

Page 125: ...nd click Add Then click OK 4 3 Click on DNS Configuration tab If the DNS Server field is empty select Enable DNS and enter DNS Server address Click Add and then click OK to complete the configuration Check the TCP IP Setup of Window 2000 1 Select Start Control Panel Network and Dial up Connections ...

Page 126: ... TCP IP and then click Properties Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and then click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from WSG 500 ...

Page 127: ...etely please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty select Using the following DNS server addresses and enter the DNS Server address Then click OK 5 2 Click Advanced to enter the Advanced TCP IP Settings window 5 3 Click on the IP Settings tab and click A...

Page 128: ...eway field and then click Add After back to the IP Settings tab click OK to complete the configuration Check the TCP IP Setup of Window XP 1 Select Start Control Panel Network Connection 2 Right click on the Local Area Connection icon and select Properties ...

Page 129: ...fault setting of Windows Then reboot the PC to make sure an IP address is obtained from WSG 500 5 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WSG 500 Caution If your PC has been set up completely please inform the ...

Page 130: ...NS Server address Then click OK 5 2 Click Advanced to enter the Advanced TCP IP Settings window 5 3 Click on the IP Settings tab and click Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of WSG 500 in the Gateway field and then click Add After back to the IP Settings tab click OK to finish the configuration ...

Page 131: ...1 is assigned to Policy1 and the Local Authentication is assigned to Policy2 Then user01 login to Public Zone will get Policy1 This is a common case for users that can assign Policy individually For Local and RADIUS if these users are not assigned any User Policy individually they will be the same as other users within the same authentication server For example a Local user user01 the Local Authen...

Page 132: ... Public zone WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup two WDS links y WDS Status Select Enable to active this WDS link y MAC Address of Remote AP Enter the MAC of the remote AP that create WDS link with WSG 500 y Security Type WEP WEP Key Length may be 64 bits 128 bits or 1...

Page 133: ...o RADIUS server 1 Description VSA is designed to allow vendors to support their own extended Attributes not covered in common attributes It MUST not affect the operation of the RADIUS protocol The Attribute Type of VSA is 26 and the Vendor ID should be determined before proceeding to RADIUS configuration in this example the Vendor ID is 21920 Attribute Number and Attribute Value can then be design...

Page 134: ...exceeds the limit 2 VSA configuration in RADIUS server IAS Server This section will guide you through a VSA configuration in your external RADIUS server Before getting started please access your external RADIUS server s desktop directly or remotely from other PC Step 1 Confirm the following key elements in RADIUS server users groups and policies Verify whether there are already users in RADIUS Ser...

Page 135: ...131 Step 3 Click Edit Profile and select the Advanced Tag Click Add to add a new Vendor specific attribute ...

Page 136: ...e 21920 Check Yes to conform to the RADIUS RFC Click Configure Attribute to proceed Set Vendor assigned attribute number 10 Select Attribute format Hexadecimal Set Attribute Value 1000000 Step 5 Confirm whether the Vendor specific Attribute has been added successfully ...

Page 137: ...133 Step 6 Follow the same steps to create other Vendor specific Attribute if needed ...

Page 138: ...rver for example use Putty to access the Linux host Step 1 Confirm the following key elements in RADIUS server users groups Verify whether there are already users in RADIUS Server Verify whether there are already Groups and assigned users belonging to these Groups in RADIUS Server Step 2 Log in the Linux host of the RADIUS server Step 3 Create a file dictionary WSG 500 under the freeradius folder ...

Page 139: ...d save the contents of the file dictionary WSG 500 as follows Administrator can also add other attributes as the table stated in Section 2 with the same format Step 5 Edit the file dictionary under the folder freeradius ...

Page 140: ...the dictionary of RADIUS server insert it in an incremental position as follows Step 7 Open the radius database Step 8 Insert VSA into RADIUS response In this example the maximum download and upload traffics in bytes for group03 users is 1MBytes ...

Page 141: ...137 Step 9 Restart RADIUS daemon to get your settings activated ...

Page 142: ...us regardless of logging in or out Account expires when Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is the time period for which the user must execute a first login Failure to do so...

Page 143: ...quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeem Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Price is the unit pric...

Page 144: ...140 ...

Page 145: ...example Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the on demand account to access the Internet without paying additional fee Unit Price is a daily price of this billing plan Mainly used in hostel venues to provide internet service according to gu...

Page 146: ...al Mbytes 1 2000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time period for using After this time period even with remaining quota the account will still expire Price is the unit price...

Page 147: ...lapsed Time Account activated upon the account creation time Count down begins immediately after account created and is continuous regardless of logging in or out Account expires once the Elapsed Time has been reached Ideal for ...

Page 148: ... valid for internet access xx hrs yy mins Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information o Duration time with Cut off Time Cut off Time is the clock time at which the on demand account is cut off made expired by the system on that day For example a shopping mall closing hour i...

Page 149: ...e clock time when the account will expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information o Duration time with Begin and End Time Define explicitly the Begin Time and End Time of the account Count down begins immediately after account activation and expires when the End Time ha...

Page 150: ...batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will become expired and not able to use any more defined explicitly by the operator Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional ...

Page 151: ... is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net Test Mode I...

Page 152: ...ured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Client s Purchasing Record o Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it o Description Item Name This is ...

Page 153: ...nd to the listed card types o Credit Card Expiration Date Expiration date of the credit card This should be entered in the format of MMYY For example an expiration date of July September 2010 should be entered as 0710 o Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narr...

Page 154: ...th either the billing address or shipping address of a transaction o State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state o Zip The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered...

Page 155: ...count to continue PayPal Payment Page Configuration External Payment Gateway PayPal Payment Page Configuration o Business Account The Login ID an email address that is associated with the PayPal Business Account o Payment Gateway URL The default website address to post all transaction data o Identity Token This is the key used by PayPal to validate all the transactions o Verify SSL Certificate Thi...

Page 156: ...t Page Remark Content Client s Purchasing Record o Starting Invoice Number An invoice number may be provided as additional information against a transaction This is a reference field that may contain any kind of information o Description Enter the product service description e g wireless access service o Title for Message to Seller Enter the information that will appear in the header of the PayPal...

Page 157: ...ure Payments via SecurePay go to Users Authentication On demand User External Payment Gateway SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website ...

Page 158: ...om accessing a website other than Secure Pay Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here Choose Billing Plan for SecurePay Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can b...

Page 159: ...d User External Payment Gateway WorldPay WorldPay Payment Configuration WorldPayInstallation ID The ID of the associated Merchant Account Payment Gateway URL The default website of posting all transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content ...

Page 160: ...quired that the hotspot owners have a valid WorldPay Merchant Account from its official website RBS WorldPay Merchant Services Payment Processing going to rbsworldpay com support center account login STEP 1 Log in to the Merchant Interface h Login url www rbsworldpay com support index php page login c WW h Select Business Gateway Formerly WorldPay h Click Merchant Interface h Username user2010 h P...

Page 161: ...157 STEP 4 Check the Enable Payment Response checkbox STEP 5 Enter the Payment Response URL h URL wpdisplay item MC_callback STEP 6 Check the Enable the Shopper Response ...

Page 162: ...ect the Save Changes button STEP 8 Input Installation ID and Payment Gateway URL in gateway UI h Installation ID 2010test h URL https select wp3 rbsworldpay com wcc purchase Note The WAN IP of gateway must be real IP ...

Reviews: