LevelOne WHG-505, User Manual

Page 1: ...LevelOne WHG 505 Secure WLAN Controller User Manual V1 00...

Page 2: ...1 4 2 2 DHCP Dynamic IP 22 4 2 3 PPPoE 23 4 2 4 PPTP 24 4 3 Configuring WAN2 Ports optional 25 4 4 Other WAN Traffic Settings 28 4 4 1 WAN Failover 28 4 4 2 Load Balance 28 4 4 3 Internet Connection D...

Page 3: ...pgrade 121 8 Policies and Access Control 122 8 1 Black List 122 8 2 MAC Address Control 124 8 3 Policy 125 8 3 1 Firewall 127 8 3 2 Routing 130 8 3 3 Schedule 132 8 3 4 Sessions Limit 133 8 4 QoS Traf...

Page 4: ...Settings 197 12 2 5 System Report 201 13 Virtual Private Network VPN 202 13 1 Local VPN 202 13 2 Remote VPN 207 13 3 Site to Site VPN 208 14 Customization of Portal Pages 210 14 1 Customizable Pages...

Page 5: ...simple deployment in wireless networking infrastructure solution 4ipnet is a leading provider of wireless networking solution for manageable reliable and secure wireless access In an effort to meet c...

Page 6: ...hich is for starting up WHG 505 quickly It is recommended to start with the QIG and then refer to this manual for further details Some special topics are addressed separately in the Appendixes 1 3 Doc...

Page 7: ...1 Quick Installation Guide QIG x 1 Console Cable x 1 Ethernet Cable x 1 Straight through Ethernet Cable x 1 Power Cord x 1 Rack Mounting Bracket with Screws x 1 It is highly recommended to use all the...

Page 8: ...for enterprise or campus environment it is also deployed as a hotspot subscriber gateway often It is a pre integrated multi function network appliance providing the following key features Standard bas...

Page 9: ...nd secure the internet network access for both wired and wireless clients With its billing plan and payment features WISPs and hospitalities such as hotels conventions will find WHG 505 is an instant...

Page 10: ...loyments Gateway is a network node where a small network attaches to a bigger network WHG 505 is a kind of gateway in a network environment hence it has those features a typical gateway has such as NA...

Page 11: ...al Service Zones for an academic campus The first Service Zone with SSID Student and VLAN tag 1 is for students The second with SSID Faculty and VLAN tag 2 for faculties The third SSID Guest and VLAN...

Page 12: ...ones of WHG 505 one for staff one for students and one for the guests He also uses one zone for some shared servers in the diagram The access points at a physically location like the administration bu...

Page 13: ...00 1000 Base T RJ 45 5 Reset Press and hold the Reset button for about 5 seconds and status of LED on front panel will start to blink before restarting the system Press and hold the Reset button for m...

Page 14: ...ply Socket Connecting the power cord to the built in open frame power supply Input 100 240 VAC 50 60 Hz 2 Power Switch Power On Power Off O 3 Device Cooling Fan Don t block the cooling fans Leave enou...

Page 15: ...art up the WHG 505 in a near default state with minimum configuration changes such as WAN settings and admin password then refer to this manual later when you want to configure the system for specific...

Page 16: ...Mgmt Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the WHG 505 system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel...

Page 17: ...address of Default Service Zone Next enter the gateway IP address of WHG 505 at the address field The default gateway IP address from Mgmt Port is https 172 30 0 1 https is used for a secured connecti...

Page 18: ...ficate Error because the browser treats WHG 505 as an illegal website Please press Continue to this website to continue The default user login page will then appear in the browser 3 5 Home Page Home p...

Page 19: ...13...

Page 20: ...er Account Optional Confirm and Restart The Setup Wizard is aimed to provide express setup procedures for WHG305 Follow the instructions given at each step to change the system admin password select t...

Page 21: ...o 4 7 1 System in Status section It provides a summary of system information to the administrator in a single page Please refer to the section on System for details Link 2 Online User List Online User...

Page 22: ...in Users sections It lets the administrator configure a list of authentication options which can be enabled or disabled within each service zone s management Please refer to the section on Authentica...

Page 23: ...system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down menu is available for...

Page 24: ...on the Web Management Interface allowing you to set various networking parameters enable and customize network services manage user accounts and monitor user status Administration functions are separa...

Page 25: ...Online Help The Help button is at the upper right corner of the WHG305 display screen Click Help for the Online Help window and then click the hyperlink of the relevant information required Online Hel...

Page 26: ...goal WHG 505 has two gigabit LAN ports There could be other network bridge devices such as Layer 2 switches or VLAN switches between WHG 505 s LAN ports and the client devices 4 3 Setting up WAN1 Port...

Page 27: ...505 s WAN address Static Manually specifying the IP address of the WAN Port The fields with red asterisks are required to be filled in IP Address The IP address of the WAN1 port Subnet Mask The subnet...

Page 28: ...mic IP addresses then you as the administrator of WHG 505 can configure WHG 505 to receive an IP address dynamically as WHG 505 s WAN1 address Dynamic It is only applicable for the network environment...

Page 29: ...allows an Ethernet frame s size to be up to 1492 bytes but some ISP s network equipments may support a smaller frame size of than 1492 bytes In that case you have to enter a smaller number MTU number...

Page 30: ...ddress PPTP When selecting PPTP to connect to the network please specify the given PPTP Server IP Address and enter the User Name Password Static or DHCP Select Static to specify the IP address of the...

Page 31: ...change the Routing Profile of a Policy to use WAN2 as default gateway that way for the groups bounded by the Policy will use WAN2 as their Internet feed If dynamic WAN Load Balancing feature is not t...

Page 32: ...U Short for Maximum Transmission Unit of a PPPoE frame The PPPoE protocol allows an Ethernet frame s size to be up to 1492 bytes but some ISP s network equipments may support a smaller frame size of t...

Page 33: ...27...

Page 34: ...amic Load Balancing feature When the feature is turned on the system can distribute the load of the up going traffics to the two WAN pipes according to the weight percentage assigned by the administra...

Page 35: ...to designed algorithms based on the weight ratio WAN1 Weight The percentage of traffic through WAN1 Range 1 99 by default it is 50 Base The weight ratio between WAN1 and WAN2 can be based on Sessions...

Page 36: ...rator can specify the three target sites Go to System WAN Traffic Administrator can further specification a warning text which will be displayed to the client Login Success Page Warning of Internet Di...

Page 37: ...nfigure WAN Bandwidth Limit Go to System WAN Traffic These parameters in the raw of Available Bandwidth on WAN Interface are used for matching to the real bandwidth come from your ISP Uplink It specif...

Page 38: ...Service Zone administrators can separate wired network and wireless network into different logical zones Users attempting to access the resources within the Service Zone will be controlled based on th...

Page 39: ...tion method for wireless networks within the Service Zone Applied Policy The policy that is applied to the Service Zone Default Authen Option Default authentication method server that is used within t...

Page 40: ...two subnets Using Port Based model is an easy and better way In Port Based mode each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below o...

Page 41: ...n Tag Based mode each LAN port will only serve traffic from Default Service Zone So you need a VLAN switch or VLAN AP to take care the VLAN tags carried within the message frames An example of network...

Page 42: ...e zone runs in Router mode o IP Address The IP Address of this service zone o Subnet Mask The subnet Mask of this service zone o IPv6 Settings The IPv6 Address and configuration of this service zone W...

Page 43: ...settings page Item Description DHCP Server 1 Start IP Address End IP Address A range of IP addresses that built in DHCP server will assign to clients Note please change the Management IP Address List...

Page 44: ...can be configured to assign IP address to clients associated to the alias IP of this Service Zone The configurable fields are the same as DHCP Server 1 Reserved IP Address List Each service zone can...

Page 45: ...Based mode each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames By default the system is in Port Based mode with Default...

Page 46: ...to one mapping between ports and Service Zones o Specify a desired Service Zone for each LAN Port For each LAN port select a Service Zone to which the LAN port is to be mapped from the drop down list...

Page 47: ...f by physical LAN ports Select Tag Based and then click Apply to activate the Tag Based VLAN function When a restart message screen appears do NOT restart the system until you have completed the confi...

Page 48: ...d External Interface Select the external interface of the device that will be configured with an IPv6 address Type Choose the desired way of your IPv6 connection Static Manually enter all the related...

Page 49: ...mask Default Router The default router that routes packets from IPv6 to IPv4 network Preferred DNS Server The primary DNS server used for this connection Alternate DNS Server The substitute DNS serve...

Page 50: ...the hyperlink of the respective Server Name to configure the authentication server Auth Database There are different authentication databases in WHG 505 LOCAL POP3 RADIUS LDAP and NTDOMAIN ONDEMAND a...

Page 51: ...ns are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if BostonLdap is the postfix of the def...

Page 52: ...w add or delete local user account The Upload User button is for importing a list of user account from a text file The Download User button is for exporting all local user accounts into a text file Cl...

Page 53: ...user s MAC address of a networking device can be bound with a local user as well It means this user must login to system with a networking device PC that has this MAC address so this user can not log...

Page 54: ...of the desired user account to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Applied Group opt...

Page 55: ...e fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button Username Format When Complete option is checked both the username...

Page 56: ...tion The RADIUS server sets the external authentication for user accounts Enter the information for the primary server and or the secondary server the secondary server is not required The fields with...

Page 57: ...51...

Page 58: ...using to authenticate the user System will send this value to the external RADIUS server if the external RADIUS server needs this Accounting Delay Time This attribute indicates how many seconds the cl...

Page 59: ...e set for this authentication server Primary Secondary RADIUS Server Authentication Server Enter the domain name or IP address of your RADIUS Server Authentication Port Enter the Port number used for...

Page 60: ...icking the Apply button Server The IP address of the external LDAP server Port The authentication port of the external LDAP server Base DN The Base DN Distinguished Name is the LDAP search base tellin...

Page 61: ...erver The IP address of the external NT Domain Server Transparent Login This function refers to Windows NT Domain single sign on When Transparent Login is enabled clients will log into the system auto...

Page 62: ...thentication when multiple databases are concurrently in use Enter the postfix used for on demand users Currency Select the desired monetary unit or specified the unit by users Group Name Select the d...

Page 63: ...ion is a list of serial to Ethernet devices that communicate with the system only never get online and no need to go through authentication 2 Ticket Customization On demand account ticket can be custo...

Page 64: ...ticket or choose the default image or none Click Browse to select the image file and then click upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is s...

Page 65: ...as account valid with remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee sh...

Page 66: ...60...

Page 67: ...ota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after r...

Page 68: ...ample Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to us...

Page 69: ...Mbytes 1 1000000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period...

Page 70: ...g internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time Elapsed...

Page 71: ...te ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for us...

Page 72: ...h as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be act...

Page 73: ...n is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The three options are A...

Page 74: ...d Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer Plan The number of a specific plan Type Show one type of the pl...

Page 75: ...69 6 On demand Account Batch Creation After at least one plan is enabled the administrator can generate more than one on demand user accounts...

Page 76: ...be created After create success you can download the created accounts as a text file or click Send to POS and select a POS printer to print the receipts which will contain these on demand users inform...

Page 77: ...ue to use to access the network Status The status of the account o Normal the account is not currently in use and also does not exceed the quota limit o Online the account is currently in use o Expire...

Page 78: ...same type account Time account must redeem with Time account Volume account must redeem with Volume account only When the remaining quota is insufficient the user can add up the quota by purchasing a...

Page 79: ...oups for divide users A Group which can be allowed to access a Service Zone or not and it also can be applied with a Policy within a Service Zone The same Group within different Service Zones can be a...

Page 80: ...e users to a Group go to Users Authentication This section shows how to group users how to rule each grouped user with different policy as he moves to different service zone The following examples wil...

Page 81: ...6 and 8 They are ruled by Policy 3 at Service Zone 1 and by Policy 8 at Service Zone 4 In each authentication option you can assign a Group with each authentication option All users login with same au...

Page 82: ...76 In RADIUS Authentication the users can assign to different Group by Class Group Mapping In LDAP Authentication the users can assign to different Group by Attribute Group Mapping...

Page 83: ...e the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1 Policy Select a Policy that the Group will be appl...

Page 84: ...78 At Service Zone 1 Group 1 user is ruled by Policy 3 Group 2 is by Policy 9 and Group 3 is by Policy 11 Other Groups are not enabled to access Service Zone 1...

Page 85: ...For example the above figure shows clients in Group 1 16 can access Service Zone 1 where they are governed by Policy 1 16 respectively o Policy Select a Policy that the Group will be applied with whe...

Page 86: ...a Certificate Error because the browser treats WHG 505 as an illegal website b Please press Continue to this website to continue c The default user login page will appear in the browser 2 Enter the us...

Page 87: ...5 2 2 Default Authentication In each Service Zone there are different types of authentication database LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP that are supported by the entire system There a...

Page 88: ...fix of the default option Bob can login as bob without having to type in bob BostonLdap 5 2 2 Login with postfix Set a postfix that is easy to distinguish e g Local user login with which authenticatio...

Page 89: ...rvice Zone To configure Authentication in Service Zone go to System Service Zones Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to...

Page 90: ...are on the client s device to work properly Smart Client Black List Fill in the WISPr agent names and enable to block users from that particular WISPr roaming agent to access your internet For example...

Page 91: ...85 6 Local Area AP Management...

Page 92: ...eeds more than one AP to service a lot of clients places like franchised hotspots multiple offices school campuses etc where in many of these environments it is required to cover both indoor and outdo...

Page 93: ...on of an already configured AP to the template Select the desired AP from Copy Setting s From list and click apply to copy the selected AP s configuration to the template If copy is not desired please...

Page 94: ...are editing there are different modes to select 802 11a 802 11b 802 11g 802 11a 802 11n 802 11b 802 11g and 802 11g 802 11n Data Rate The default is set to Auto Available range is from 1 to 54Mbps The...

Page 95: ...essed with higher priority Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet Set the maximum packet si...

Page 96: ...ou wish to discover Interface Select which interface to scan For example if Default is selected all of the APs connected under default service zone matching the selected AP type will be scanned and li...

Page 97: ...ofile which will be applied to the added AP Channel The selected channel will be applied to the added AP Service Zone The item is only available for selecting service zone when Tag Based mode is selec...

Page 98: ...overy When Background AP Discovery function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Adding AP to The Li...

Page 99: ...specific AP Admin Password Password required for this AP IP Address IP address of the specified AP MAC Address MAC address of the specific AP Remark Some extra information to be filled in for this AP...

Page 100: ...e zone Under tag based service zone only default service zone will designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the selected service z...

Page 101: ...llowed to connect to the AP on the other hand when the status is Denied the clients whose MAC addresses are listed in the list will be denied to connect to the AP When Disabled is selected any clients...

Page 102: ...tion WEP When Authentication is Open System or Share Key WEP will be enabled WPA When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK it also can select Passphrase o...

Page 103: ...own in the list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be reviewed by clicking the hyperlink of Status AP Name Click AP Name and enter the interface about rela...

Page 104: ...nk to enter the LAN Setting interface Administrator can revise the AP s LAN IP settings including IP address Subnet Mask and Default Gateway of AP Wireless LAN Click the link to enter the Wireless int...

Page 105: ...me AP Type LAN Interface MAC address Wireless Interface MAC address Report Time SSID and Number of Associated Clients AP Status Details include System Status LAN Status Wireless LAN Status Associated...

Page 106: ...Points Enter Local Area AP Management List 5 2 2 Reboot Enable Disable and Delete the AP Select any AP by checking the checkbox and then click the button below to Reboot Enable Disable Delete Apply Te...

Page 107: ...101 5 2 2 Apply Template Select any AP by check the checkbox and then click Apply Template select one template to apply to the AP...

Page 108: ...will have two VAPs with two SSIDs according to two Service Zones for clients to associate If a user connected to one SSID for example SSID3 of this AP and wishing to access the Internet then this use...

Page 109: ...sion of the AP s firmware New firmware can be uploaded here to update the current firmware To upload click Browse to select the file and then click Upload Configure Firmware upgrade go to Access Point...

Page 110: ...Area AP Management provides intuitive graphical tools for mapping APs at various physical locations and keeping track of these devices Under Wide Area AP management you can choose to simply monitor A...

Page 111: ...pecified IP address can be external or internal network IP addresses This is useful when scanning for multiple devices connected to the managed network APs with an IP address that is not within the sp...

Page 112: ...nt list Simply configure the devices IP address name and login credentials set a SNMP community string and click the Add button Device Type Currently Wide Area AP management only supports OWL800 APs D...

Page 113: ...d via SNMP If you wish to create a tunnel between this AP and the controller click the Edit button to proceed with necessary configurations In the AP s tunnel configuration page check Enable set a num...

Page 114: ...nistrator can click Edit and re enter the Tunnel Status page to assign a Service Zone to this tunnel managed AP VAP status will display all the enabled VAP on the remote EAP200 with their respective E...

Page 115: ...109...

Page 116: ...uts of all of the AP s under Wide Area AP Management This feature is helpful when it comes to network planning and management Once the administrator has added APs to the managed list then these APs ca...

Page 117: ...d get a key from Google Go to http code google com intl en apis maps documentation javascript v2 or search for Google Map API to enter the Google code page Click on Sign up for a Google Maps API key C...

Page 118: ...geographical location as defined by Longitude and Latitude remember to also fill in the Key issued by Google Finally choose the Zoom Level and Map Type and click the Save button The above screenshot i...

Page 119: ...show up in the dialogue box on the map for referencing additional information related to this AP for instance the IP address of a IP surveillance camera connected to this AP or the URL of the Venue W...

Page 120: ...e physical coordinates configured as shown below You can click on the AP icon to see the dialogue box for additional information or links that you have configured Click the more info link for informat...

Page 121: ...115 AP status Client List and WDS List information listed are collected from the remote AP via SNMP...

Page 122: ...e Modification This function is for saving the changes made to the map and overwriting the maps profile attributes For instance if you have altered or panned the original map clicking this button will...

Page 123: ...ation coverage related links and customize marker or icon images that will be displayed on the map Edit Tunnel Status Only applicable to EAP200 APs Click this button to setup a secure tunnel between t...

Page 124: ...n administrator PC or in the Controller s memory Upgrade Clicking this button will open a popup window where administrator can upgrade the chosen AP s firmware using a firmware file store locally in a...

Page 125: ...rea AP Management go to Access Points Enter Wide Area AP Management WDS List The WDS link if established between APs listed in List will be listed here with related information such as the Band and Ch...

Page 126: ...Area AP Management Backup Config Backed up Config files can be used to restore an AP s settings in List When administrator backups an AP s configuration settings all the backup files are listed at th...

Page 127: ...ement Firmware The Controller can store OWL800 s firmware in its built in memory Under the Firmware tab page administrator can upload new OWL800 firmware to the Controller s memory allowing for easy r...

Page 128: ...to select from for the desired black list Name Set the black list name and it will show on the pull down menu above Add User s Click the hyperlink to add users to the selected black list After enterin...

Page 129: ...123...

Page 130: ...r MAC addresses in this list can login to WHG 505 There are 200 users maximum allowed in this MAC address list User authentication is still required for these users Click Edit to enter the MAC Address...

Page 131: ...ator to assign a Group for LDAP attribute therefore a Policy applied to this Group will be mapped to a user Group of a LDAP attribute When the type of database is Local the Group selection function wi...

Page 132: ...ofile Specific Route Profile Schedule Profile and Maximum Concurrent Sessions Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules Specif...

Page 133: ...vailable for firewall rules editing The administrator is able to add new custom service protocols by clicking Add and delete the added protocols with Select All and Delete operations The Predefined Se...

Page 134: ...click Apply to save the settings The rule status will show on the list Check Active checkbox and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest pr...

Page 135: ...tering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Se...

Page 136: ...lculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that are just entered and applied o Destination Subnet Netmask The subnet mask of the destinati...

Page 137: ...to activate this function or uncheck to inactivate it o Default Gateway It may be WAN1 Default Gateway WAN2 Default Gateway or to specific an IP Address if you select IP Address you may need to fill...

Page 138: ...configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save t...

Page 139: ...rs and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users When the number of a user s sessions reaches the session limit a choice of Unlimited 10...

Page 140: ...o this Group The Individual Maximum Downlink cannot exceed the value of Group Total Downlink o Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual c...

Page 141: ...ocket Layer SSL or Transport Layer Security TLS as a sublayer under regular HTTP application layering HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web s...

Page 142: ...Configure Certificate go to Users Additional Configuration Certificate Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 info...

Page 143: ...137 Click Continue to this website to access the user login page To Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes...

Page 144: ...or Contact Information go to System General Administrator Contact Information will appear in the user Login Fail window When the user login fail with duplicate IP address or MAC address system will sh...

Page 145: ...websites listed here before login and authentication Up to 40 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to e...

Page 146: ...ent websites listed before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Edit...

Page 147: ...141...

Page 148: ...ce Zones When enabled the system will automatically send an email to users if they attempt to send receive their emails using POP3 email program for example Microsoft Outlook before they are authentic...

Page 149: ...le this function enter the URL of a Web server as the homepage Once logged in successfully users will be directed to this homepage such as http www google com regardless of the original homepage set i...

Page 150: ...Idle Timer go to Users Additional Configuration If a user has idled with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and th...

Page 151: ...demand users and RADIUS authentication 5 2 2 Local Users Change Password Privilege Configure Local Users Change Password Privilege go to Users Group Privilege Profile Change Password o Change Password...

Page 152: ...ver is placed outside the LAN environment or in the Internet For example the following diagram shows that a proxy server of an ISP will be used Follow the following steps to complete the proxy configu...

Page 153: ...147 Step 3 Make sure that the proxy server settings match with at least one of the proxy server setting of the system for example in this case 203 125 142 1 3128 matches with blank 3128...

Page 154: ...rver setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser 2 What the Built in Proxy Server is enab...

Page 155: ...s using the same proxy setting in their browsers will be able to access the network without any authentication Therefore to stop the risk it is strongly recommended to put all proxy servers outside th...

Page 156: ...that the proxy server setting of the clients match with the proxy server setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will show a...

Page 157: ...ly if WAN1 Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN1 interface Each Static Assignment cou...

Page 158: ...ss these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port...

Page 159: ...3 10 4 Privilege List Configure Privilege List go to Network Privilege Setup the Privilege IP Address List and Privilege MAC Address List The clients in the list can access the network without any log...

Page 160: ...kstations in the Granted Access by IP Address The Remark field is not necessary but is useful to keep track WHG 505 allows 200 privilege IP addresses at most These settings will become effective immed...

Page 161: ...Address WHG 505 allows 200 privilege MAC addresses at most When manually creating the list enter the MAC address the format is xx xx xx xx xx xx as well as the remark not necessary These settings wil...

Page 162: ...WHG 505 supports IP PNP function User can login and access network with any IP address setting At the user end a static IP address can be used to connect to the system Regardless of what the IP addre...

Page 163: ...WHG 505 s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply DDNS E...

Page 164: ...tion purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Addre...

Page 165: ...neral 5 2 2 NTP NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least on...

Page 166: ...160 5 2 2 Manual Settings The time can also be manually configured by selecting Manually set up and then select the date and time in these fields...

Page 167: ...is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10...

Page 168: ...nistrator s computer or a billing system to get billing history information of WHG 505 with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History htt...

Page 169: ...163 11 5 SNMP Configure SNMP go to System General If this function is enabled the SNMP Management IP and the Community can be assigned to access the SNMP Configuration List of the system...

Page 170: ...can access all configuration pages of WHG 505 User Name admin Password admin After a successful login to WHG 505 a web management interface will appear Manager The manager can only access the configur...

Page 171: ...f Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator Note To logout simply click the Logout icon on the...

Page 172: ...166...

Page 173: ...iles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accou...

Page 174: ...be restored to the factory default settings here Backup System Settings Click Backup to create a db database backup file and save it on disk Restore System Settings Click Browse to search for a db dat...

Page 175: ...ware upgrade It might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to activate the new firmware 1 Firmware upgrade may cause the loss of some...

Page 176: ...imately three minutes Click YES to restart WHG 505 click NO to go back to the previous screen If the power needs to be turned off it is highly recommended to restart WHG 505 first and then turn off th...

Page 177: ...171 11 11 Network Utility To configure Network Utility go to Utilities Network Utilities The system provides some network utilities to help administrators manage the network easily...

Page 178: ...ng It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not Trace Route 6 It allows administrator to find out the real path of packets from the ga...

Page 179: ...e list On each monitored item with a WEB server running administrators may add a link for the easy access by entering the IP select the Protocol to http or https and then click Create After clicking C...

Page 180: ...oxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of WHG 505 is connected properly the console m...

Page 181: ...licitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again Synchronize clock with NTP server Immediately synchronize the clo...

Page 182: ...s not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the WHG 505 Admin us...

Page 183: ...12 2 View the status This section includes System Status Interface Status Hardware Routing Table Online Users Session List User Logs Logs DHCP Lease and Report Notification to provide system status in...

Page 184: ...178 5 2 2 System Status To view System Status go to Status System This section provides an overview of the system for the administrator...

Page 185: ...llowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function currently being used or not Load Balancing Enabled Disabled stands for the function currently being used o...

Page 186: ...180 5 2 2 Interface Status To view Interface Status go to Status Interface This section provides an overview of the interface for the administrator including WAN1 WAN2 SZ Default SZ1 SZ8...

Page 187: ...e day Displays traffic information of the day in a table Traffic of the month Displays traffic information of the in a table Traffic of the top 10 Shows the top 10 traffic of the day records Service Z...

Page 188: ...182 5 2 2 HW To view Hardware Status go to Status HW This tab page displays the system s hardware usage information...

Page 189: ...Policy 1 40 Shows the information of the individual Policy from 1 to 24 Global Policy Shows the information of the Global Policy System Shows the information of the system administration Destination...

Page 190: ...user account name IP Address The IP address of this user MAC Address The MAC address of this user Pkts In Out Number of packets received sent by this user Bytes In Out Number of Bytes received sent b...

Page 191: ...address from the system s DHCP server but have not yet been authenticated This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the client...

Page 192: ...istrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may define the filter conditions and di...

Page 193: ...Notification Configuration page the system will automatically send out the history information to that specified email address Users Log All activities occur on the system within the nearest 72 hours...

Page 194: ...of user activities Roaming In User Log As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserIP Sessio...

Page 195: ...elds System Name Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the...

Page 196: ...ince system boot up Administrators can examine the log entries of various events However since all these information are stored on volatile memory they will be lost during a restart reboot operation T...

Page 197: ...the number under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days...

Page 198: ...192...

Page 199: ...SYSLOG Settings Allows the configuration of two external SYSLOG servers where selected users logs as well as system logs will be sent to FTP Settings Allows the configuration of an external FTP Serve...

Page 200: ...Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMv1 is not currently available for ge...

Page 201: ...dress and port number of the external SYSLOG server System Log This controls the enabling disabling of the SYSLOG logging feature When enabled the selected logs from Notification Settings will be sent...

Page 202: ...n Specify the IP address and port number of your FTP server If your FTP needs authentication enter the Username and Password The Send Test Log radio button can be used to send a test log for testing y...

Page 203: ...197 5 2 2 Notification Settings This configuration page allows the selection of log types to send either to preconfigured E mail SYSLOG Servers or FTP Server based on the chosen time Interval...

Page 204: ...numbers 1 to 5 represents the corresponding E mail address configured in SMTP Settings click the desired E mail address profile 1 5 and select the time interval for sending report or log Detail Click...

Page 205: ...ributes such as Tag Severity and Facility which will be assigned to the corresponding log to meet the filtering requirements on the SYSLOG Server Note The System Log option needs to be enabled under S...

Page 206: ...tion of the FTP server folder where the logs sent will be stored on the FTP server Note The outputted log files to the FTP server will be named according to the format Topic_ ExtraDesc_ SystemName_ Da...

Page 207: ...e type of report you wish to see Available report types are CPU Loading CPU Temperature Memory Usage Network Traffic Online User Successful Login Session DHCP Lease and DNS Query Time For selecting th...

Page 208: ...ure will be enabled and ready to serve once it is launched for setup The goal of this design is to eliminate the configuration difficulty from IPSec VPN users At the client side the IPSec VPN implemen...

Page 209: ...dows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through Without patch ICMP Ping and PORT command of FTP can not work in Windows XP...

Page 210: ...ing ActiveX If it happens please reboot the client computer Once Windows service is resumed go through the login process again 2 Termination of the Internet Explorer Task from Windows Task Manager Do...

Page 211: ...205...

Page 212: ...top 2 How to remove ActiveX component in client s computer ANS Uninstall and delete ActiveX component Close all Internet Explorer windows Open a command prompt window and type the commands as follows...

Page 213: ...look like the settings in Service Zone It also can setup the SIP WAN Interface Authentication Options Group Permission Applied Policy and customizable Login Page After Remote VPN is enabled when you...

Page 214: ...VPN tunnel to each other over the WAN network For example if there are 2 WHG 505 you can create a VPN tunnel to let a subnet of one WHG 505 to access the subnet of another WHG 505 First you need to ad...

Page 215: ...0 111 0 24 of WHG 505_B after the tunnel is created the users within these two subnets can reach each other You can create more than one VPN tunnel but the IP segment mapping can not be overlap that s...

Page 216: ...d logout pages for each service zone that can be customized by administrators Go to System Configuration Service Zone Configure Authentication Settings Custom Pages Click the button of Configure the s...

Page 217: ...gnated website After finishing the setting click Preview to see the login page Custom Pages Login Page Default Page Choose Default Page to use the default login page Custom Pages Login Page Template P...

Page 218: ...in Page Uploaded Page Choose Uploaded Page and upload a login page to the built in HTTP server The user defined login page must include the following HTML codes to provide the necessary fields for use...

Page 219: ...ess Next enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size...

Page 220: ...nated website In the External Page Setting enter the URL of the external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button at th...

Page 221: ...instructions for more details Note The different part is the HTML code of the user defined logout interface must include the following HTML code that the user can enter the username and password After...

Page 222: ...l login page configured Gateway while redirecting users to the external web page will also send URL parameters required for the operation for instance user authentication Therefore each self defined e...

Page 223: ...o get remaining quota vlanid Integer 1 4094 VLAN ID gwip IP format Gateway activated WAN IP address client_ip IP format Client IP address umac MAC format separated by Client MAC address session String...

Page 224: ...clear type button value Clear FORM The following shows the corresponding self defined javascript function used to parse the loginurl parameter function getVarFromURL url name if name url return name n...

Page 225: ...included Utype String LOCAL RADIUS ONDEMAND POP3 LDAP SIP NT Domain Authentication server name Umac MAC format separated by Client MAC address sessionlength Integer Sec RADIUS user session length Only...

Page 226: ...tring WISPr Billing Class Of Service attribute Only available for RADIUS user WISPR LOCATION ID String WISPr Location ID attribute Only available for RADIUS user WISPR LOCATION NAME String WISPr Locat...

Page 227: ...information of your account XXX BR Please contact your network administrator Invalid username or password BR Please check your username and password and try again Cannot identify the policy for your...

Page 228: ...er s quota of time type byteamount Integer byte On demand user s quota of volume type idletimeout Integer Sec Idle timeout logouturl String URL encoded Logout URL redeemurl String URL encoded Redeem U...

Page 229: ...escription Uid String User ID Gwip IP format Gateway activated WAN IP address Vlanid Integer 1 4094 VLAN ID External Port Location Mapping Free Login Page External Port Location Mapping Charge Login P...

Page 230: ...rnal Domain Name loginpages logoff shtml Input Field Required Value Description Uid Optional String User ID default is taken from cookie session Optional String Encoded string which contains some info...

Page 231: ...ota 3 Expired 4 Redeemed Remaining quota if user is time type the value is remaining seconds if user is volume type the value remaining bytes Uname String User name Type String includes TIME Time type...

Page 232: ...eturn URL login successful page is the default value Output If no ret_url is presented client would be redirected to login successful page and in addition a JavaScript window would pop up and show the...

Page 233: ...6 0 ret_url Optional String URL encoded Return URL Output If no ret_url is presented the client would be redirected to a ticket page in our UI style If ret_url is presented client would be redirected...

Page 234: ...used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from a...

Page 235: ...igured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed o Client s Purchasing Record o Starting Invoice Number An invoice number may be provided...

Page 236: ...of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results return...

Page 237: ...e represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits o Country...

Page 238: ...yPal account to continue PayPal Payment Page Configuration External Payment Gateway PayPal Payment Page Configuration Business Account The Login ID an email address that is associated with the PayPal...

Page 239: ...voice number may be provided as additional information against a transaction This is a reference field that may contain any kind of information Description Enter the product service description e g wi...

Page 240: ...234 Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website...

Page 241: ...essing a website other than Secure Pay Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway ser...

Page 242: ...transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add o...

Page 243: ...w rbsworldpay com support index php page login c WW Select Business Gateway Formerly WorldPay Click Merchant Interface Username user2009 Password user2009 STEP Select Installations from the left hand...

Page 244: ...lect the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway UI Installation ID 2009test URL https select wp3 rbsworldpay com wcc purchase Note The WAN IP of gateway must...

Page 245: ...text file for uploading user accounts then click Upload to complete the upload process When uploading a file any format error or duplicated username will terminate the uploading process and no account...

Page 246: ...her system Click Restore Accounts to enter the Restore On demand User Account interface Click the Browse button to select the text file for restore the user accounts and then click Submit to complete...

Page 247: ...estore Accounts is Upload New Account is for new accounts creations So the format of the upload file does not need to add any hidden columns just need to input the required information in each column...

Page 248: ...tication there have a option to send the complete username with postfix or username only Username Format When Complete option is checked both the username and postfix will be transferred to the POP3 s...

Page 249: ...n Only ID option is checked only the username will be transferred to the external RADIUS server for authentication 5 2 2 NAS Identifier The system will send this value to the external RADIUS server if...

Page 250: ...ibute is the string identifying the NAS originating the access request System will send this value to the external RADIUS server if the external RADIUS server needs this NAS Port Type Indicates the ty...

Page 251: ...se the RADIUS attribute settings below if the configured remote RADIUS server presents no attributes RADIUS Standard Attributes Session Time Out Forced logout once timeout period reached Idle Time Out...

Page 252: ...sion Terminate on Billing Time When enabled the session will terminate in the Billing Time set Bandwidth Setting It will follow the Bandwidth settings of the Group profile set for this authentication...

Page 253: ...tion Protocol CHAP or Password Authentication Protocol PAP Accounting Service Enable Disable RADIUS accounting Accounting Server Enter the Accounting Server domain name or IP address Accounting Port E...

Page 254: ...classified by LDAP attributes log into the system via the LDAP server each client will be mapped to its assigned Group To get and show the attribute name and value from the configured LDAP server ente...

Page 255: ...his function is use to combine these by a single user login Users only need to login once and then they will be assigned the access right in this domain and network access right from WHG 505 When Tran...

Page 256: ...to define the authorized device with IP address Subnet Mask and Secret Key Click the hyperlink Roaming Out 802 1x Client Device Settings to enter the Roaming Out 802 1x Client Device Settings interfac...

Page 257: ...03 WHG 505 asks an external trusted SIP registrar to verify both identities After SIP registrar responds with a YES call is established through WHG 505 The system provides SIP proxy for SIP clients de...

Page 258: ...onality which allows SIP clients to pass through NAT When enabled all SIP traffic can pass through NAT via a fixed WAN interface The policy route setting of SIP Authentication must be configured caref...

Page 259: ...ario is that a proxy server is placed outside the LAN environment or in the Internet Follow the following steps to complete the proxy configuration Step 1 Log into the WHG 505 by using the admin accou...

Page 260: ...clients match with at least one of the proxy server setting of the WHG 505 Otherwise users will not be able to get the Login page for authentication via browsers and it will show an error page in the...

Page 261: ...be able to access the network without any authentication Therefore to stop the risk it is strongly recommended to put all proxy servers outside the Intranet Follow the following steps to complete the...

Page 262: ...at the proxy server setting of the clients match with the proxy server setting of the WHG 505 Otherwise users will not be able to get the Login page for authentication via browsers and it will show an...

Page 263: ...eploying the WHG 505 Secure Certificate setting for both IE6 and IE7 For the company with its own Certificate Authority CA the certificate of the company should be trusted by all his employees compute...

Page 264: ...IE7 the following steps may be taken to provide a workaround or to bypass the issue 1 Open the IE7 browser and you will be redirected to the default login page If the certificate is not trusted the f...

Page 265: ...he IE7 certificate issue please follow the instructions stated below 1 When the User Login page appears click Certificate Error at the top 2 Click View Certificate 3 Click Certification path 4 Select...

Page 266: ...260 5 Click Install Certificate 6 Click Next...

Page 267: ...261 7 Select Automatically select the certificate store based on the type of certificate and then click Next 8 Click Finish...

Page 268: ...262 9 Click Yes 10 Click OK 11 Launch a new IE7 browser The certificate is now trusted via IE7 according to the key symbol shown at top next to the address field...

Page 269: ...the following information provides the step to take when the certificate publisher is not trusted by IE6 1 Open an IE6 browser the Security Alert message will be appeared if the certificate is not tru...

Page 270: ...on Scenario Employee vs Guest Typical service zone settings will separate users groups into Employee and Guest for the purpose of different authentication level Application Network As shown in the dia...

Page 271: ...D to authenticated users when they start new sessions 3 Both groups Employee and Guest will be redirected to different login portal pages and will be authenticated against different authentication dat...

Page 272: ...266 Step 3 Configure the service zone accordingly Configure the SSID Choose the authentication option and configure the login page Choose the appropriate policy for this service zone...

Page 273: ...ice Zone Settings Once the settings of two service zones are completed the configured result will be displayed on screen in the Service Zone Settings The name of the service zone and the enabled statu...

Page 274: ...ies and strip off the option before forwarding the reply to the client A graphic example of connecting 2 gateways with an external DHCP server Please note that the Router and Gateway 1 connected to th...

Page 275: ...a Circuit ID 00 90 0B 07 60 91_172 30 1 254 to the external DHCP server When the DHCP server gets the Circuit ID it recognizes that the request is sent from g1_public_lan and thus assigns the client...

Page 276: ...ion Log The system can record connection details of each user accessing the Internet In addition the log data can be sent out to a specified SYSLOG Server Email Box or FTP Server based on pre defined...

Page 277: ...MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80 Jul 20 12 35 06 2009 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 Jul 20...

Page 278: ...on PC After WHG 505 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup Internet Connection Setup Windows 9x 2000 1 Choose Start Contr...

Page 279: ...nually or I want to connect through a local Area network LAN and then click Next 4 Choose I connect through a local area network LAN and then click Next 5 DO NOT choose any option in the following LAN...

Page 280: ...274 6 Choose No and then click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP 1 Choose Start Control Panel Internet Option...

Page 281: ...275 2 Choose the Connections tab and then click Setup 3 When the Welcome to the New Connection Wizard window appears click Next 4 Choose Connect to the Internet and then click Next...

Page 282: ...Set up my connection manually and then click Next 6 Choose Connect using a broadband connection that is always on and then click Next 7 Finally click Finish to exit the Connection Wizard Now the setup...

Page 283: ...If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checkin...

Page 284: ...fic IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the...

Page 285: ...d click Add Then click OK 4 3 Click on DNS Configuration tab If the DNS Server field is empty select Enable DNS and enter DNS Server address Click Add and then click OK to complete the configuration C...

Page 286: ...TCP IP and then click Properties Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and then click OK This is also t...

Page 287: ...please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty select U...

Page 288: ...he IP Settings tab click OK to complete the configuration Check the TCP IP Setup of Window XP 1 Select Start Control Panel Network Connection 2 Right click on the Local Area Connection icon and select...

Page 289: ...following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG 505 If your PC has been set up completely pl...

Page 290: ...ick Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of WHG 505 in the Gateway field and then click Add After back to the IP Settin...

Page 291: ...Service Zone1 can be applied Policy1 Then user01 login to Service Zone1 will get Policy1 This is a common case for users that can assign Group individually 16 9 2 For Local RADIUS and LDAP if these u...

Page 292: ...in this example the Vendor ID of LevelOne is 31932 There must have other attribute to define the amount of traffic with Attribute Number and Attribute Value Attribute Name Attribute Number Attribute V...

Page 293: ...remotely from other PC 2 1 Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADIUS Server Assume there are...

Page 294: ...te Add a new Vendor specific attribute 2 4 Step 4 Add a new attribute under Vendor specific Set Vendor Code 31932 Set it conforms to the RADIUS RFC Configure Attribute Set Vendor assigned attribute nu...

Page 295: ...289 2 5 Step 5 Confirm the Vendor specific Attribute has been added success 2 6 Step 6 Follow the same steps to create other Vendor specific Attribute as you need...

Page 296: ...er for example use Putty to access the Linux Host 3 1 Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADI...

Page 297: ...ection 2 with same format 3 5 Step 5 Edit the file dictionary under the folder freeradius 3 6 Step 6 Include dictionary 4ipnet in the dictionary of RADIUS server Insert it in an incremental position t...

Page 298: ...292 Insert VSA into RADIUS respond In this example the maximum download and upload in bytes for group03 users is 1MBytes 3 9 Step 9 Restart RADIUS to get your settings activated...

Page 299: ...rovides seamless integration between the gateway and the popular High Speed Internet Access HSIA hardware and Front Office System FOS software Each Port Location Mapping entry can be configured to pro...

Page 300: ...294 2 Port Location Mapping To configure Port Location Mapping go to System Port Location Mapping Configure...

Page 301: ...room with this port type only allows one user at most to access the network within the room Multiple User is the port type used for rooms with many users for example dormitory applications If the user...

Page 302: ...the Room Mapping with noncontiguous VLAN Tag and Room number then you can create them individually Port Location Mapping Setup Create One From Set the Physical LAN port on the gateway to provide Port...

Page 303: ...ge and response MD5 Hash to test the authenticity of the link It should contain one or more lowercase letters uppercase letters numbers and symbols It also should be between 8 16 characters Interface...

Page 304: ...istrator to search for mapping entries according to VLAN ID Room Num Location ID or Service Zone Click the VLAN ID link to enter the Port Mapping Profile page for that entry You can change the Port Ty...

Page 305: ...User may chose a billing plan click the Confirm button and the system will display the generated account name and password If you already have a user account you can click the here link to login with...

Page 306: ...ied Service Zone s Custom Pages settings When a user tries to access internet from a Block room the browser will show service unavailable page 6 View the Event Login After the user select a billing pl...

Page 307: ...301...

Page 308: ...Tree WDS Update Update the WDS connection with the following operations Add Add a new WDS connection with a Child AP not in the WDS and a Parent AP from the AP List A new WDS Tree will be added if the...

Page 309: ...deployed environment It takes the managed AP as sensors to find out the non managed AP even if the AP uses the same SSID with the managed AP s You can setup the Detection Interval e g 5 minutes syste...

Page 310: ...very the APs and apply template first Note For more detail of AP Management please refer to the section of Managing Wireless Network Basically all of the managed AP can become a Rogue AP sensor but so...

Page 311: ...So you can add these APs to the Trust List and then system will ignore these APs and will not show in the Rogue AP List again Also you can check which AP had added to trust list by the Trusted AP Lis...

Page 312: ...er APs in the same group are still below the threshold the balancing function will be activated to decrease the transmit power of the overloading APs and increase other available APs transmit power Th...

Page 313: ...n 2 Configure the Loading of Threshold of each Group Configure Group Configuration go to Access Points AP Load Balancing Group Configuration You can choose the Loading Threshold of each group Also you...

Page 314: ...List will list all of the managed AP Select the APs chose a Group and click Apply The APs will join into this group If the overloading is happened you can check the Power Level from this List It will...