VP Networks NC-3620, User Manual

Page 1: ...GATEWAY CONTROLLER SERIES USER MANUAL VALUEPOINT VP NETWORKS INC ALL RIGHTS RESERVED PAGE 1 OF 135 GATEWAY CONTROLLER NC 3620 USER MANUAL...

Page 2: ...l written material and information in this manual is a copyright of VP Networks Inc No part of this work may be reproduced stored in a retrieval system adapted or transmitted in any form by any means...

Page 3: ...T I O N 54 3 2 5 MA N A G E M E N T 73 3 2 6 AD V A N C E D 86 3 2 7 SY S T E M ST A T U S 104 3 2 8 SY S T E M TO O L S 117 3 2 9 HE L P 125 3 2 10 IN D E X 126 3 3 US I N G T H E SE R I AL CO N S O...

Page 4: ...are 1 One Gateway Controller 2 One AC Power Adapter 3 Gateway Controller Serial Cable Features Some key features of the Gateway Controller are Advanced Local Authentication Totally control authentica...

Page 5: ...ubscriber s outgoing SMTP server requests to a SMTP server specified by administrator so the subscriber can send out their email without changing the E Mail configuration in their notebook computer Ca...

Page 6: ...ation IP addresses and URLs VPN Virtual Private Network Pass through The Gateway Controller allows subscribers to access their existing VPN network at home or at the office Unlike most public access g...

Page 7: ...sharing files or accessing enterprise hardware belonging to the venue Time based authentication list upload Security and Pass through information for the entire enterprise can be centralized and updat...

Page 8: ...y by the Controller or create an entire custom web site File Sharing TCP Session Limiting Limiting subscriber TCP sessions prevents spikes of activity by a single subscriber with a worm or virus as we...

Page 9: ...cautions Please carefully read the following precautions before using the Gateway Controller Do not remove or open the enclosure You could damage the Controller or suffer injury if you tamper with the...

Page 10: ...Wi Fi device WAN Connection Ethernet to ISP equipment Management Software Web Browser 2 WAN NETWORK REQUIREMENTS Find out from your ISP whether the Controller will use a static or dynamic IP address...

Page 11: ...ing If the text box already contains some value click at the end of the written text value and delete it with the backspace key If the text box is grayed out this means the text is not editable SELECT...

Page 12: ...eps the Gateway Controller Home Page will appear on the screen as shown below Through this Home page you can access the Gateway Controller by providing the correct Login Name and Password The password...

Page 13: ...button The Controller will validate the user name and password If a correct user name and password has been supplied you will gain access to the Controller otherwise an error message will be displaye...

Page 14: ...s to other menus and sub menus to navigate through the interface The final option is Apply Changes Restart Click this from any menu to implement the changes made to the settings This restarts the cont...

Page 15: ...VED PAGE 15 OF 135 Cancel Click this button to cancel any changes on the current page OK Clicking this button causes the settings configured by the user to be saved New settings may take effect immedi...

Page 16: ...enu tabs control basic configuration of the gateway along with IP addressing DHCP and other features that affect customer network access 1 SYSTEM This section of the Controller allows you to configure...

Page 17: ...nable or Disable radio button to enable or disable the Auto IP subscriber address support Auto IP will allow subscribers with Static IP addresses to connect to the internet normally without changing t...

Page 18: ...you want some devices to be accessible when Auto LAN isolation is enabled add their IP Address to the Exception list An example would be a network printer for guest use ICMP Ping Response In this sect...

Page 19: ...own list boxes as shown in the screen 5 In addition the user can fetch the system date and time from the computer by clicking on Get from my Computer The selected date and time range should be between...

Page 20: ...T NETWORKS INC ALL RIGHTS RESERVED PAGE 20 OF 135 Note Setting Idle Timeout to 0 is not recommended for public networks Unless these subscribers manually log out are terminated or the Controller is re...

Page 21: ...lt the Controller sets the value 192 168 1 1 as IP Address and 255 255 224 0 as Subnet Mask Be sure these settings are consistent with your DHCP pool Use Separate Administration IP When using VLAN Tru...

Page 22: ...at subnet The alias subnets cannot overlap each other or the primary LAN subnet Alias Subnet Example At a Hotel you might want three subnets One for the guests One for the office staff One for network...

Page 23: ...al speed WAN Configuration Select among DHCP Client Static IP or PPPoE Port Mode options here to indicate the WAN Port Mode By default the Controller selects DHCP Client as the port mode 1 To connect...

Page 24: ...ting bottleneck may be described as slowness or DHCP problems or login problems or problems accessing specific web pages Fortunately the Gateway Controller provides numerous options to make sure every...

Page 25: ...attribute for RADIUS sets the profile corresponding to the integer 1 to 14 in Port Limit Bandwidth for all subscribers is controlled by the profile number whether you are using asymmetrical symmetrica...

Page 26: ...u might use VLAN IDs 101 110 for the first floor 201 210 for the second etc You must have VLAN switches to tag this incoming traffic The Gateway Controller does not tag untagged LAN packets ID Selecti...

Page 27: ...5 WAN MAC Address Select either Default WAN MAC Address or Change to option and type the respective WAN MAC Address of the network interface card here By default the Controller selects Default as the...

Page 28: ...re the various Server Settings of the Gateway Controller Screen 5 Server Configuration DHCP Server Select the DHCP Server type you want by selecting the respective radio button here The available opti...

Page 29: ...the DHCP pool is 4000 C Type the Lease Duration in minutes in the text box labeled as Lease Duration Minutes By default the lease duration is 2880 D Type the MAC Address and IP Address into Static IP...

Page 30: ...d Secondary Controller both respond to DHCP requests in the same pool The mechanism provides that approximately half of the requests are answered by each Controller but there is no guarantee for a par...

Page 31: ...al WAN Peer Local Port Select a different incoming and outgoing port for load balancing peer communication if necessary Dual WAN Failover Time Seconds When an outage is detected there is a timer to de...

Page 32: ...d the peer Controller will only provide service to the DHCP clients of the down gateway Failover On detecting the peer gateway is down and waiting for the Dual WAN Failover Time to expire the remainin...

Page 33: ...rver Ports here The HTTP Proxy will redirect outgoing connections on these ports By default the server ports are 8000 8001 and 8080 These are the typical HTTP Proxy ports used by subscribers SMTP Redi...

Page 34: ...n secure net you can enter it under Custom You must upload your custom certificate on the System Tools maintenance page The Gateway includes the gatewaylogin info SSL certificate by default Redirect H...

Page 35: ...porarily If you wish to add permanent routes that are recreated on boot use the persistent route table Delete Delete the current route This option is not available for all routing table entries If you...

Page 36: ...chance to reset If you wish to add entries that are recreated on boot use the ARP route table Delete Delete the current ARP binding If the IP is active in the network the table will update rapidly but...

Page 37: ...vice Automatic Authentication and PMS Based Authentication By default Local Authentication is enabled Note Authenticated subscribers can log out of the session by typing http 1 1 1 1 in the web browse...

Page 38: ...displayed Screen 9 Radius Server Authentication The configurable options on this menu are Authentication Type Primary RADIUS Server The Primary RADIUS Server provides the authentication and accountin...

Page 39: ...rver may require additional information beyond the Shared Secret to accept RADIUS requests from the Controller Common requirements are the NAS ID and IP Address of the RADIUS Client Please consult you...

Page 40: ...the drop down are PAP or CHAP PAP and CHAP are two security methods used by RADIUS Please consult your RADIUS Server documentation for details on which method your Server requires Port Limit for Clien...

Page 41: ...urposes Local Authentication If Local Authentication is selected the menu displays three command buttons They are Auto Create User Set Auto Default and Add Modify User Screen 10 Selecting Local Authen...

Page 42: ...regular browser printing options from this page Screen 11 Pop up window of Auto Create User command Set Auto Default Click Set Auto Default to set default values to this section Clicking this command...

Page 43: ...lete Entry on Expiration This Account will be deleted on the Expiration Date Time Non stop Accumulation Click on the checkbox to Enable Disable nonstop Accumulation This means that once the account is...

Page 44: ...ed after the blocked login attempt You can customize this page and upload it to the file system with the same name Note A laptop typically has two different MAC addresses for the Ethernet port and the...

Page 45: ...Modify User command Add Opens a dialogue to add a new user account Many options are the same as the Auto Create User dialogue Delete Remove the checked users Edit click username Clicking on a usernam...

Page 46: ...ccount Set to zero for unlimited Hampton Inn HSIA Authentication To use the Hampton Inn HSIA Central Authentication Server CAS select Hampton Inn HSIA Authentication This will open a dropdown with Ham...

Page 47: ...n subscribers will still need to initiate a HTTP request by opening their web browser in order to be passed through the firewall This process is transparent to the subscriber If subscribers ping or se...

Page 48: ...s the guest actually attempts to access the internet and logs in using their last name and room number After logging in the customer has unlimited user of their account until they check out or need to...

Page 49: ...Galaxy and MSI 4700 serial MICROS emulation are supported currently PMS Server IP The IP Address of PMS Server PMS Server Port The Port number for communication with PMS Server PMS Reply Timeout Enter...

Page 50: ...ase is User Name alpha_numeric_room alpha_numeric_last_name Password alpha_numeric_last_name from User name field above The alpha_numeric_last_name is CAPITAL letters Example Joe Smith in room 1234 Us...

Page 51: ...ditional instructions PMS_Error_Billing htm If there are any billing errors returned by the PMS guests will get this page that you can customize with support information or additional instructions Ema...

Page 52: ...are two options for configuring Pass through settings in the Controller If you only need a limited number of entries up to 48 per option you can configure these from the GUI directly If you need to co...

Page 53: ...hese addresses will not be required to authenticate and will not appear as current users Blacklist MAC Address Type the MAC address of blocked Subscribers here Subscribers with these MAC addresses wil...

Page 54: ...ROLLER SERIES USER MANUAL VALUEPOINT NETWORKS INC ALL RIGHTS RESERVED PAGE 54 OF 135 3 2 4 CUSTOMIZATION 1 LOGIN PAGE This menu allows you to customize the Login Page settings of the Gateway Screen 18...

Page 55: ...In order to subscribers to login successfully you will need to put the correct HTML POST FORM on your Web Page To see and cut paste the required code click on the View External Portal HTML Code button...

Page 56: ...cation Please consult your Web Designer on the use of CGI variables in web server design Note This CGI is appended to the URL request as entered under Portal Page URL If you have already specified a C...

Page 57: ...on Type Contact Information for the ISP or Support if any here Administrator Comments Type the Administrator Comments here if any No Redirect Select this option to be authenticated using a URL link pr...

Page 58: ...Free Access Caf Account Free Access The Caf Account feature allows any subscriber not on the Black List to get limited authentication time without logging in Once their limited time has expired they...

Page 59: ...et free access to 30 minutes every 24 hours this would allow any user to access the internet for 30 minutes once per day This might be appropriate for a fast food restaurant Note You can disable Free...

Page 60: ...INT NETWORKS INC ALL RIGHTS RESERVED PAGE 60 OF 135 2 MESSAGE CUSTOMIZATION This menu allows the user to customize the message text of the Gateway Controller The message customization screen appears a...

Page 61: ...d Background Color by clicking on the icon given right after the Background Color text box Message Type the Welcome Message which is to be displayed in the in the welcome page here Message Text Color...

Page 62: ...on Type additional comments or continue Main Message here This accepts up to 150 characters Time Count Label This has two text boxes namely With Session Timeout and Without Session Timeout Type the Ti...

Page 63: ...e automatically by the controller like login redirection The subscriber must click on a logout button or link on either the logout pop up window or the link provided by the site Following Goodbye redi...

Page 64: ...MB of file space You can use this page to customize the default pages used internally by the Controller The standard login message pages are listed by default The standard pages cannot be deleted but...

Page 65: ...lt the Access Code maps to user names in the Local Authentication database with the fixed password guest For example to use the Access Code Spring18 you would create a user named Spring18 with passwor...

Page 66: ...uthentication Terms of Service PMS_Billing htm This page contains the PMS billing plans Be very careful editing the code that generates the billing plan table PMS_Login htm This is the captured portal...

Page 67: ...erwriting existing files All of the files are stored in a flat directory uploads If your HTML pages reference directories other than uploads those files will not be loaded correctly These files can be...

Page 68: ...omized Internal Login Page Only This scenario is to create a nice custom login page with the text graphics and style you want but no additional web content Set Customization Login Page Login Page Inte...

Page 69: ...g legal terms and conditions on it and a button linking to Login htm that says I agree to these terms and conditions Login htm This page has the Login POST FORM on it along with a username and passwor...

Page 70: ...is may include html htm js css txt jpg xml or other files Also be sure that all of the files and images referenced by your index page are in a directory called uploads Then rename the index htm create...

Page 71: ...ncy at which the Advertisement is to be displayed by selecting either of Show Once or Show Every or Disable option here The frequency is set in minutes If the user has selected Show Once option then o...

Page 72: ...NC ALL RIGHTS RESERVED PAGE 72 OF 135 Ad X Type the URL Links to the advertisements which are to be displayed Note The Logout pop up window generates the automatic advertisements You must enable the l...

Page 73: ...specification For the most part this is information related to the network connections and hardware You can enable SNMP using the configuration page You will need a SNMP client or network monitoring s...

Page 74: ...sed by the sharing of copyrighted works such as movies music TV shows and anything else over their networks The good news is that the law provides a Safe Harbor against liability for ISPs and other se...

Page 75: ...red The default value of Auto sends the log only when it is full which could be hours or days on a Controller that is not busy The log will be sent early if it is full before the configured interval C...

Page 76: ...e and date you want Even in a flat directory the logs will organize themselves by site and date The csv can be imported into any database or spreadsheet program If you have MS Excel or OpenOffice Calc...

Page 77: ...ave it from the room number or MAC address CALEA Compliance A law enforcement CALEA request will generally be specific to a particular subscriber In this case you could provide them with all the logs...

Page 78: ...a private IP address behind another device you can override the APs link with the public IP of that device here You must configure the port forwarding of the other device to connect to the Controller...

Page 79: ...rt forwarding their LAN settings must be correct for outgoing TCP UDP traffic In particular APs must have the correct default gateway configured Port Mapping Additional devices or ports that do not ne...

Page 80: ...INC ALL RIGHTS RESERVED PAGE 80 OF 135 IP Address Type the Device LAN IP Address here Port Start Type the first Port Number in the range here Port End Type the last Port Number in the range here Prot...

Page 81: ...NFIGURATION This menu allows the user to configure the SysLog settings of the Gateway Controller Screen 8 System Logging Configuration System Logging Configuration This section has two radio buttons E...

Page 82: ...Access Point Information Check on the Access Point Information check box to include in the log the details of the current LAN Devices Status Logged in Users Check the Logged in Users check box to ena...

Page 83: ...og messages 4 Checking the Debug option will display extensive debug messages in the controller The debug output will generate a large volume of SysLog traffic and should only be used if you are havin...

Page 84: ...abs for daily weekly or monthly reports The overview for the days weeks or months shows the date of each report the number of unique users and hosts by MAC addresses and overall usage In the reports y...

Page 85: ...35 VP Networks offers a low cost per site service to collect and store all of the usage information from each site using a Gateway Controller In addition to easy central access and storage of all user...

Page 86: ...tically domains you have registered at DynDNS org This can help in case where the WAN IP is dynamic but you want static access to the GUI or AP Monitor Please register with DynDNS org for instructions...

Page 87: ...value typed is calculated in terms of minutes The Controller will send a message to DynDNS org at this interval with the current IP address In our experience updating too frequently less than 1440min...

Page 88: ...ure the Controller to route all authenticated traffic through a Generic Routing Encapsulation GRE tunnel The GRE Tunnel takes all authenticated LAN traffic and transmits it to a remote server over the...

Page 89: ...dress of the Controller side of the tunnel Local Tunnel Subnet Mask The LAN subnet of the Controller side of the tunnel Remote Tunnel IP Address The LAN IP Address of the remote side of the tunnel GRE...

Page 90: ...two network subnets traffic to the overlapping addresses will not be sent through the tunnel This might be the case if you have a central VPN terminator that serves multiple Controllers Remote Gatewa...

Page 91: ...omatic Phase 1 Phase 1 of VPN is when the two sides identify each other as legitimate VPN gateways and agree on how to establish the connection Mode You can choose a longer version of the initial cont...

Page 92: ...is more secure but require more resources Authentication You can choose MD5 or SHA1 SHA1 is a little more secure Perfect Forward Secrecy You can enable PFS to make the key generation a little slower...

Page 93: ...same SPI for incoming and outgoing tunnels This value must match the setting on the other gateway Encryption Key You must enter a hexadecimal value of the following length DES 16 3DES 48 Authenticatio...

Page 94: ...le check all of the settings including VPN ID Protocol and Key Timeouts All Phase 1 and Phase 2 settings must match Check the VPN Log to see if there are any obvious errors If your first choice of Enc...

Page 95: ...or from an IP Address range This is typically used to restrict all access to internal or external addresses Source and destination IPs IP Addresses can be entered in X X X X N format where N is the ne...

Page 96: ...may change ports End Port Enter the End Port Number Port numbers can be in the range 0 to 65535 This field can be left blank to block a single port as specified in the Start Port Permission Set the mo...

Page 97: ...ffic on your network you can limit messages per minute here Enter the number of SMTP messages per minute you wish to allow under Allowed Connections per Minute per Host This limit is per connected Hos...

Page 98: ...arate from legitimate traffic like email and web browsing Traffic Control File Sharing Enable or Disable Traffic Control for File sharing High Low Priority Pool Ratio The relative size of the high and...

Page 99: ...ct IP properties and the available addresses are displayed automatically Subscribers can also receive the Static IP addresses automatically via DHCP Subscribers who request a static IP address will be...

Page 100: ...CONTROLLER SERIES USER MANUAL VALUEPOINT NETWORKS INC ALL RIGHTS RESERVED PAGE 100 OF 135 Screen 12 Subscriber Static IP Subscriber Static IP Select one of the three available options for Subscriber S...

Page 101: ...are allowed in the text box DHCP Page Message Type additional comments to be displayed in the Automatic subscriber static IP Page DHCP Configuration Timer Enter the configuration timeout for the auto...

Page 102: ...riber static IP addresses and the corresponding subnet mask gateway IP address and DNS IP addresses At least one static IP has to be entered if the Subscriber Static IP option is enabled The subscribe...

Page 103: ...s happens automatically and does not require any action by the subscriber You can enable Automatic VPN Static IPs under Advanced Automatic VPN Static IPs You must provide a contiguous range of Static...

Page 104: ...SERVED PAGE 104 OF 135 3 2 7 SYSTEM STATUS This menu tab opens up the submenus showing status of the Controller and subscribers 1 SYSTEM This menu displays current system information like Host Name LA...

Page 105: ...GATEWAY CONTROLLER SERIES USER MANUAL VALUEPOINT NETWORKS INC ALL RIGHTS RESERVED PAGE 105 OF 135 Screen 14 System Status...

Page 106: ...rt Subnet Mask Here the menu displays the Subnet Mask of the Gateway Controller WAN Port Default IP Gateway Here the menu displays the Default IP Gateway of the Gateway Controller WAN Port DNS Primary...

Page 107: ...of the last 60 minutes and 24 hours Note 24 hour peak usage is the highest 60 minute average from the last 24 hours Controller NAS ID Here the menu displays the Host Name of the Gateway Controller Fir...

Page 108: ...e status of Auto IP Authentication The menu displays the authentication type In the screenshot above it shows the type as Local Authentication Login Page Here the menu displays the login page type In...

Page 109: ...tallation time or upgraded later User count is enforced regardless of the login type including Local RADIUS PMS or Automatic Authentication When the User Count is exceeded user 101 100 tries to log in...

Page 110: ...rrent user RX Received Megabytes of data TX Sent Megabytes of data Avg Average Megabytes of usage per minute Time Connection time in minutes Idle Time Time connection has been detected as idle Termina...

Page 111: ...details on LAN The details displayed are MAC Address and IP Address and usage Screen 16 DHCP Clients Clear Leases This will remove all knowledge of current leases from the Controller DHCP table DHCP c...

Page 112: ...C Address You can remove these entries on the main MAC Address Pass through table Note The DHCP Clients table is not an accurate list of subscribers using the service DHCP Clients only shows PCs or ot...

Page 113: ...ows you to monitor the real time usage status of the Gateway Controller by seeing open and ongoing connections to and from the Controller This table allows you to monitor subscriber activity and look...

Page 114: ...Port number Status Status of the connection Unreplied connections have not received a reply from the destination Assured connections are active connections Source Received source IP address Destinatio...

Page 115: ...defined label Status Here the menu displays the status of the device IP Address Here the menu displays the Device IP Address MAC Address Here the menu displays the device s MAC address Management Port...

Page 116: ...35 6 SYSLOG This part of the menu displays the system log details for viewing when Local SysLog is enabled In this example debug messages are enabled Screen 19 SysLog The command buttons First Prev Ne...

Page 117: ...INC ALL RIGHTS RESERVED PAGE 117 OF 135 3 2 8 SYSTEM TOOLS 1 MAINTENANCE This menu allows the user manage the device configuration and to upgrade the firmware in this device by using a file via HTTP...

Page 118: ...Name Enter the name of firmware image file available on the TFTP Server Upgrade This is a command button Clicking this will upgrade the selected firmware Note You must have a TFTP server running and c...

Page 119: ...onfiguration file Export Configuration Export Click Export to save the current settings to the local system Right click and select the option of Save Target As and save the file to your computer Facto...

Page 120: ...database to the local system Right click and select the option of Save Target As and save the file to your computer Auto back up time Enter duration in minutes to automatically backup the local user...

Page 121: ...le Export Pass through Click Export to save the document setting to the local system Right click and select the option of save Target As and save the file to your computer Scheduled Upload TFTP Server...

Page 122: ...ile Clicking the Upload button will upload the certificate to the flash The uploaded certificate is effective only after the controller reboots If you upload an incorrect certificate e g not self sign...

Page 123: ...subscribers and view the system status Username Type the username here Password Type the password here Confirm Confirm the password to ensure that password typed in this field and in the password are...

Page 124: ...GATEWAY CONTROLLER SERIES USER MANUAL VALUEPOINT NETWORKS INC ALL RIGHTS RESERVED PAGE 124 OF 135...

Page 125: ...GATEWAY CONTROLLER SERIES USER MANUAL VALUEPOINT NETWORKS INC ALL RIGHTS RESERVED PAGE 125 OF 135 3 2 9 HELP This menu contains helpful information about the Gateway Controller Screen 23 HELP...

Page 126: ...10 INDEX This menu displays all the menus and submenus of the Controller that configure the system Along with the menu it displays the submenus These submenus come with hyperlinks so you can click th...

Page 127: ...e IP address or reset the factory settings if the Web interface is inaccessible 3 3 1 CONNECTIING TO THE SERIAL CONSOLE The RJ 45 serial port on the Gateway Controller is the top left connector above...

Page 128: ...y Controller to the factory defaults This will allow access if you do not have the current admin password Ping ip address Send ICMP ping requests to the entered IP address Reboot Restart the system wi...

Page 129: ...ge A State B Stage C Destination Host Stage D Client Computer DNS Server Phone CAT5 Network Internet Communication stages for a client to reach its destination For a client computer to communicate wit...

Page 130: ...he client is associated check for client TCP IP problems The Controller does not respond to ping from the client computer o Disable any unused NICs on the client computer o Is Wireless Client or Layer...

Page 131: ...er to Factory Default settings o Unplug the power connector from the power jack and then re plug the connector to restart the Controller o Contact our technical support representatives to report this...

Page 132: ...xOK TxError RxError Logged in Users Type Information scheduled ID NAS ID Logged in Users Number of logged in users For each user ID NAS ID User username user IP user MAC interface login time RxData Tx...

Page 133: ...Acct Output Packets Acct Output Octets Acct Input Packets Acct Input Octets Acct Session Time Acct Session ID Acct Terminate Cause Acct Multi Session Id Access Reject Port Limit Used for Per user band...

Page 134: ...nerates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarant...

Page 135: ...lectric power fluctuations or failure f Use of supplies or parts not meeting our specifications g Normal wears and tears h Any other cause that does not relate to a product defect 3 Removal installati...