WHG303_V1.00_Manual_..
Contents
1. 6 OF Cancel Apply Step 17 Select Member Of Step 18 Click Add Step 19 Click OK to select Groups Step 20 Enter the object names group03 Step 21 Click OK user group3 Properties 3 X General Address Account Profile Telephones Organization Terminal Services Profile CEN Environment Sessions Domain Users ek 3lab idv twllsers Select Groups Ea x Select this object tupe Groups or Built in security principals Object Types From this location 2katab idv thy Locations 1 H Add Remove Primary group Domain Users 5 Enter the object names to select examples USE ECRIRE There is na need to change Primary group unless Se Prime rou you have Macintosh clients or POSI cornpliant groupt3 20 Check Names applicatians Cancel Apply Advanced Cancel p Step 22 Now this user is in group3 under folder 2k3lab idv tw Users 226 2008 AIPNET INC 4ipnet Step 23 Click OK User s Manual WHG303 Secure WLAN Controller ENGLISH user group3 Properties E General Address Account Frofile Telephones Organization Remote control Terminal Services Profile COM Member Of Dual n Environment Sessions Member af Group 3 2k3lab idv twU sers 22 i Remove Primary group Domain Users eee mail Ete There is no need to change Primar2. 4 3 2 JAPDISCOVEE V cisscdonit exu un quot cdtusi sess deo tipad tesi ns 433 MENS uocem Aad Templit SCLIN S sinnir ar ii 2008 4IPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH ASS Firmware Upload T TE 99 S IM PR ANS c H m 100 LOIS UBL PD VERNIS ITI 0o S ae a oti ea Nm 101 4 4 INGO ORK CON OUR A IOI Qood oni oi0d 90509 209 0900099 9909905099 EAE EIE E NE MEE M M E RU MU 102 Zo NetworkAddress Translation sao oo enun oup Tra EMO EM UMEN Pes EE ME MEM ME DIM 103 Lu Mts db T 106 d NIOBILOE U eae Gc eee eee eer ete eden ee Sb MN MON END NIMM ENIM NM 108 44d Walled Garden Cist spears Soe neers brent mem 109 4 4 5 Walled Garden Ad TiS c 110 4 4 6 Proxy Server PEODOEUBS csossos debo bise IE Orga RR MN FUP PIED o Sa m Eon P REC I U UP ES ROt EIE TET UN EUN S ptu rS e SE DUUM IUe FU UM EUPROUE 111 2s MEME DED hs a a e eee re ee re er ee ee E eee ee ee 112 A OBSBtMODUID soso tiesto tics deat neta tied octal ie Dente suia Fa A saison E AE E EE E 113 4 4 9 VPN Configuration Scotos oeste ema cela etus tinum tana ope tpe dare ondtaccsesdeaccaenctocesaamtesecenceae 114 4 5 ra a 116 Bol ehumbeP2uss e ao odere Prol desi ere cuu abes mede ree opui atur S Mu Ned Uu deed ee ee ee rer 117
3. eatures TAY Allowed Certificate O1D T LI Microsoft Specifies the certificate purpose or usage abject identifiers aenerate Class Attribute Microsoft Species whether AS automatically generates the class al Generate Session Timeout Microsoft Species whether AS automatically generates the session Ignore Lser Dialin Properties Microsoft Specifies that the user s dial in properties are ignored 4 MS Quarantine lPFilter Microsoft Specifies the IP traffic filter that is used by the Routing anc hM5 uarantine 5 ession T imeout Microsoft Specifies the time in seconds that the connection can rer Tunnel T ag Microsoft Description not yet defined LIS R ACEM Tvpe U S Robotics Inc Description not yet defined LISR AT Cal Input Filter U S Robotics Inc Description nat yet defined USR AT Call Output Filter U S Robotics Inc Description not yet defined USR AT Input Filter U S Robotics Inc Description not yet defined USA AT Output Filter U S Robotics Inc Description not yet defined LISR AT RTHMP Input Filter U S Robotics Inc Description nat yet defined USA 4T ATMP Output Filter U S Robotics Inc Description nat yet defined U S Robotics Inc Description not yet defined LISR AT zip Input Filter 1 oil 9 a eee 222 2008 4IPNE T INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Step 9 to 18 Adding Vendor Code 31932 Vendor assigned attribute number 10
4. Firewall Profile Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules Global Policy Firewall Configuration Predefined and Custom Service Protocols Firewall Rules o Predefined and Custom Service Protocols There are predefined service protocols available for firewall rules editing The administrator is able to add new custom service protocols by clicking Add and delete the added protocols with Select All and Delete operations This link leads to a Service Protocols List where the administrator can define a list of service by protocols TCP UDP ICMP IP Global Policy Service Protocols List s Description Select All 4 ALL ICMP ICMP Type Any Code Any TCP UDP Destination Port 20 21 BEES e wm scoPDesmontorien 7 ems emMDibesma onPot 4s 0 e vos Tebesmsonotu 0 e sm TebesnawnPotzs e o oo esinaine ssa 0 Total 27 First Prev Next Last o Firewall Rules Click the number of Filter Rule No to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active box and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destin
5. An Example of User Login Normally users will be authenticated before they get network access through WHG303 This section presents the basic authentication flow for end users Please make sure that the WHG303 is configured properly and network related settings are done 1 Open an Internet browser and try to connect to any website in this example we try to connect to www google com a For the first time if the WHG303 is not using a trusted SSL certificate for more information please see 4 2 5 Additional Configuration there will be a Certificate Error because the browser treats WHG303 as an illegal website Certificate Error Navigation Blocked Windows Internet Explorer P 7 iG http www google com Se File Edit View Favorites Tools Help w d Certificate Error Navigation Blocked x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Q Continue to this website not recommended 9 More information b Please press Continue to this website to continue C
6. Manually set up e System Name Set the system s name or use the default e Device Name FQDN Fully Qualified Domain Name This is the domain name of the WHG303 as seen on client machines connected on LAN ports A user on client machine can use this domain name to access WHG303 instead of its IP address In addition when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain name Home Page Enter the URL of a Web server as the homepage Once logged in successfully users will be directed to this homepage such as http www 4ipnet com regardless of the original homepage set in their computers 20 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH e User Log Access IP Address Specify an IP address of the administrator s computer or a billing system to get access history information of WHGS303 with the predefined URLs An example is provided as follows Traffic History https 10 2 3 219 status history 2005 02 1 7 S https 10 2 3 213 status history 2005 02 1 Microsoft Internet Explorer Fle Edt View Favorites Tools Help QQBak 1 iz H Search cp Favorites WfMeda O7 a 3 Address BS E Links Date TYPE Name IF MAC Packets In Bytes In Packets Out Bytes Out 2005 02 17 18 09 03 0800 LOGIN aaaawis00 tw 192 168 30 189 0 0C F1 28 BF D8 0
7. Username 4dft ondemand Password 2gwWw9255t Plan Type 1 Time Quota 2 hrs O mins Total Price 20 Reference Esso 4ipniet shared Wireless Key None Open System Your first time login must be done before 2009 02 23 10 35 The account is valid within 5 days after your first login Thank You Note To make a better print out ticket you may need to cofigure the browser settings far example Page Setup as well as the printer settings for example Preferences before printing out the page Done 67 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 6 On demand Account List All created On demand accounts are listed and related information on is also provided Ses On demand NC List 4dft 2gw9255t 2 hr s Normal Delete 8596md2e 2 hr s Normal Delete Sm momo 0m e28286mn 2 hr s Normal Delete Total 4 First Prev Next Last e Search Enter a keyword of a username to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed e Username The login name of the user e Password The login password of the user e Remaining Quota The remaining time or volume that the user can continue to use to access the network e Status The status of the account o Normal the account is not currently in use and also does not exceed the quota limit o Online the account is currently
8. e Applied Policy The policy that is applied to the Service Zone e Default Authentication Default authentication method server that is used within the Service Zone e Status Each Service Zone can be enabled or disabled e Details Configurable detailed settings for each Service Zone Click Configure button to configure each Service Zone Basic Settings SIP Interface Configuration Authentication Settings Wireless Settings and Managed AP in Each Service Zone 1 Service Zone Settings Basic Settings 34 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Basic Settings Service Zone Status Enabled Operation Mode 9 MAT Router Network Interface IP Address 192 158 1 254 Subnet Mask 552552550 Q Disable DHCP Server 9 Enable DHCP Server Start IP Address 192 168 1 1 192 168 1 100 168 95 1 1 End IP Address Preferred DNS Server DHCP Server Alternate DNS Server Domain Name domain WINS Server Lease Time 1Day Reserved IP Address List O Enable DHCP Relay gt Service Zone Status Each service zone can be enabled or disabled except for the default service zone gt Service Zone Name The name of service zone could be input here gt Network Settings o Operation Mode Contains NAT mode and Router mode When NAT mode is chosen the service zone runs in NAT mode When Router mode is chosen this service zone runs in Router mode o IP add
9. The administrator can add delete or edit the black list for user access control Each black list can include up to 40 users Users accounts that appear in the black list will be denied of network access The administrator can use the drop down menu to select the desired black list enu gt Users gt Black List Black List Settings Tatal 0 First Prev Next Last Add User s Apply Select Black List There are 5 lists to select from for the desired black list e Name Set the black list name and it will show on the drop down menu above e Add User to List Click the hyperlink to add users to the selected black list Adding User s to Blacklist1 Remark had behavior o 2 EL LL After entering the usernames in the Username field blanks and the related information in the Remark field blank not required click Apply to add the users User Tames has been added Adding User s to Blacklist1 ee HNN IN o3 ELLO LL o If removing a user from the black list is desired select the user s Delete check box and then click the Delete button to remove that user from the black list Black List Settings Tatal 1 First Prev Next Last Add User s 70 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 3 Group Configuration There are 8 groups to choose from Local users can be classified by applying Group options A Group which is allowed
10. Use Ehe Internet Connection Wizard to connect your computer to Ehe Internet Add Remove Sethings Dial whenever a network connection is mot present Set Default Local Area Network LAN settings LAM Settings never diala connection C Always dial my default connection Murrent Hone 2008 AIPNET INC 4ipnet 3 Choose I want to set up my Internet connection manually or want to connect through a local Area network LAN and then click Next 4 Choose I connect through a local area network LAN and then click Next 5 DO NOT choose any option in the following LAN window for Internet configuration and just click Next 191 User s Manual WHG303 Secure WLAN Controller ENGLISH Internet Connection Wizard Welcome to the Internet Connection Wizard The Internet Connection wizard helps you connect your computer to the Internet You can use this wizard to set up a new or existing Internet account want to sign up for a new Internet account My telephone line is connected to my modem want to transfer my existing Internet account to this computer My telephone line is connected to my modem want to set up my Internet connection manually or want to connect through a local area network LAN To leave your Internet settings unchanged click Cancel To learn more about the Internet click Tutorial Tutorial Cancel
11. 9 4ipnet None Policy 1 Server 1 Enabled LA C2 LA ind ad Policy 1 On demand User Enabled Configure Employee pal jt us xm Policy 1 Server 1 Enabled 176 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Tag Based Service Zone In Port Based mode each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below one Service Zone for Guests and one for Employee Internet ISP Switch VLA ST Tag 21 VLAN 27 Tag 87 Service Zone Guests Service Zone Employee A The switch deployed under WHG303 in Tag Based mode must be a VLAN switch only e Configuration Steps for Tag Based Service Zones Step 1 Set Tag Based mode Click the System menu and select the LAN Port Mapping tab Select Tag Based mode and click Apply A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps 177 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH General WANI WAN Y WAN Traffic LAN Port Mapping Service Zones gt Main Menu gt System gt Service Zone Port Role LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based 9 Tag Based Notice Under Tag Based mode Service Zones will be distinguished by VLAN ta
12. Black List None v Authentication Database Click the button of Local User Setting for further configuration Local User Database Settings Local User List Q Enable 9 pisable Account Roaming Gut l ax Lacal user database will be used as authentication database for roaming aut users Enable 9 Disable 802 1X Authentication Local user database wil be used as internal RADIUS database for 802 1X enabled LAN devices such as amp P and switch e Edit Local User List It will let the administrator view add and delete local user account The Upload User button is for importing a list of user accounts from a text file The Download User button is for exporting all local user accounts into a text file Clicking on each user account leads to a page for configuring the individual local account Local user account can be assigned a policy and applied Local VPN individually Check the check box of individual local user account in the Enable Local VPN column to enable individually MAC address of a networking device can be bound with a local user as well 42 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Add user Upload User Download User Local User List Password MAC Address usaeri useri 11 22 33 44 55 56 elete D let let 43 2008 AIPNET INC 4pneU sera O WHG303 Secure WLAN Controller ENGLISH Add User Click this button to enter into the Adding User s to th
13. Click here to purchase by Credit Card online to get started j User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In Gj UserName 0 Brassword Cac eum Remember Me Click here to purchase by Credit Card Online 2 Select I agree and click Next Service Disclaimer We may collect and store the following personal al information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Cur primary purpose in collecting personal information is to provide you with a safe smooth efficient and customized experience You agree that we may use your personal information to provide the services and customer support you request resolve disputes agree Q disagree 161 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Select a billing plan to purchase enter your credit card information and Submit Rate Plan Price 0 2hrs mins AUD 20 C gt 66 Mbyte AUD 5 12 hrs 40 mins AUD 3 Credit Card Credit Card Number Credit Card Expiration Date 12 Credit Card Type Visa wN Card Verification Value 1234 f Reference lus en example co m x Gear tex E mail ar name Note You must fillin the correct credit card number and expiration date Card code is the la
14. Internet Connection Wizard i x Setting up your Internet connection IF jou have an Interet service provider account you can use your phone line and a modem ta connect to it IF your computer is connected to a local area network LAM you can gain access to the Intemet over the LAM How do you connect to the Internet C connect through a phone line and a modem connect through a local area network LAN pU O Cancel o Internet Connection Wizard x Local area network Internet configuration Select the method you would like to use to configure your proxy settings If you are not sure which option to select select automatic discovery or contact your network administrator Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatic Configuration 4 Automatic discovery of proxy server recommended Use automatic configuration script Address Manual Proxy Server Cose D ome RT 2008 4IPNET INC 4ipnet 6 Choose No and then click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP 1 Choose Start gt gt Control Panel gt gt Internet Option User s Manual WHG303 Secure WLAN Controller ENGLISH Internet Connection Wizard X Se
15. Next to continue 3 Active Directory Users and Computers amp Saved Puedes ERP zkalab idv tw E J Builtin z9 Computers B Domain Controllers E felixou 1 ForeianSecurityPrincipals 23 isu edu tw ga MAC a OU root Stress s test Juser_group3 Full name 5 TES 2k Hab idv tw User logon name pre Windows 2000 ZK3LABS Juser_group3_login your RADIUS login name Enter your RADIUS password Re enter your RADIUS password Check Password never expires so that this password lasts Click Next to continue ew Object User Create in Skab derwiis Password Y our ES Confirm password RADIUS password User must change password at next logon t User cannot t change penu m Click finish to get done with account creation 224 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Users 66 objects Description Mew Object User Ea PER Create in 2k3lab idv tw Users E 9 P When you click Finish the following object will be created Full name usergroups User logon name user group3 login amp izk3lab idv tw The password never expires Step 12 It shows user group3 just created in the container User Step 13 Now let s make this user user group3 a member of group03 Right click user group3 and scroll down to Properties Remote Deskt
16. Periodic Payments Batch Payments Direct Entry gt User Management Account Settings Contact SecurePay Pay SecurePay Bill 168 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH 3 Todays transaction is shown in table TEST MERCHANT LOGIN Windows Internet Explorer E ive Search Js G GA v http test securepay com au login login jsp id txnreport amp per today vitti X Live sea w Go o amp amp E Mv y Bookmarks v S 16 blocked v Check Autolink v YS AutoFill eb Send tow A Settings File ww E TEST MERCHANT LOGIN gt Gl de E Page Cj Tools powered by Secu re Pay TEST MERCHANT LOGIN VIEW TRANSACTION REPORTS Logged in as ABC User admin ADMIN USER HOME Search Transactions SRI Reports Re order This List by Operational Reports gt LogTime v Download Daily Reports Declined clined Make Payment Preauth PAN Downloads gt RECEIPT REFERENCE NUMBER Dona click for transaction details a ACCOUNT er Periodic Payments Ma tostGOMbytes 10 07 19 06 41 HS1100 2008 10 07 20 04 28 263 444433 111 0 01 AUD Batch Payments SS AW UO R a Mr E eee vues eme test 10 07 19 07 32 HS1100 2008 10 07 20 05 16 293 444433 111 0 01 AUD Direct Enti SY teset 10 07 19 09 39 HS1100 2008 10 07 20 07 22 373 444433 111 0 01 USD gt gt User Management gt a T S a LS C gt test 10 07 19 10 07 HS1100 2008 10
17. Sessions 500 Sessions per User e Select Policy Select Policy1 Policy12 to set the Firewall Profile Specific Route Profile Schedule Profile and Maximum Concurrent Session e Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules e Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway e Schedule Profile The Schedule table in a 7X24 format is used to control the clients login time When Schedule is enabled clients applied policies are only allowed to login the system at the time which is checked in the applied policy e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client Firewall Profile Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules 79 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Policy 1 Firewall Configuration Predefined and Custom Service Protocols Firewall Rules o Predefined and Custom Service Protocols This link leads to a Service Protocols List where the administrator can define a list of service by protocols TCP UDP ICMP IP There are predefined service
18. User s Manual WHG303 v1 00 4pneU sera WHG303 Secure WLAN Controller ENGLISH Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission of 4IPNET INC Disclaimer AIPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others AIPNET further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Trademarks AIPNET 4ipnet is a registered trademark of 4IPNET INC Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners 1 2008 4IPNET INC 4ipnet 1 2 3 User s Manual WHG303 Secure WLAN Controller ENGLISH Table of Contents Before You UL Cos eroe av ED ES 1 1 ist Co ee eer ee ec eee te 1 2 Document Conventions cccceesecceeseeeeeeeeeeeeees System Overview eeeeeee eese eene eene eee eee enne 2 Introduction of 4ipnet WHG3023 2 2 DV SICH C Once Ol ee R R 2 9 Hard
19. gt Move Update a WDS connection with a Child AP from WDS and a Parent AP which could be anymore from WDS and the previous WDS connection of the Child AP to the previous Parent AP will be deleted gt Delete All the WDS connections of the selected AP will be deleted including the WDS connections to its Child APs and the Child APs without wired connection will become unreachable 101 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH 4 4 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List Walled Garden List Walled Garden AD List Proxy Server Properties Dynamic DNS Client Mobility and VPN Configuration f Home Logout FHelp 35 e System Users Access Points Network utilities Status eS MAT Privilege Monitor IP Walled Garden Walled Garden Ad List Proxy Server V DDNS Client Mability m Main Menu gt Network Network Configuration NAT The MAT function supports 3 types of network address translation DMZ Demilitarized fone Public Accessible Server and IP Part Redirect Briwilene The Privilege function supports two types of privilege list based on IP address and MAC a address Devices specified in the list require NO authentication to access the network Up to 100 IP addresses can be defined in the Monitor IP function System can monitor these IP based network devices and
20. s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 3 Authentication Method RADIUS Choose RADIUS from the Authentication Method field the button beside the drop down menu will become Radius Setting Authentication Database RADIUS e Click the button of Radius Setting for further configuration The RADIUS server sets the external authentication for user accounts Enter the information for the primary server and or the secondary server the secondary server is not required The fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button External RADIUS Server Related Settings 802 1X Authentication Enable 9 Disable Username Format Complete e g userL companyname com 9 only ID e g useri Server Domain Mame IP Address Authentication Port Default 1812 Accounting Port Default 1813 Secret Key Accounting Service 9 Enable Disable Authentication Protocol PAP 4 Secondary RADIUS Server EM CC IEEE wem OO sem o E 802 1X Authentication The system supports 802 1X When 802 1X Authentication is enabled the Local Authentication Database will be used as a RADIUS database for connection with 802 1X enabled devices such as access points or switches When the option is enabled the hyperlink of Radius Client List will appear Click the hyperlink of Radius Client List to enter the Radius Client Configurat
21. 100000 Kbps Range 10 100000 Target for detecting Internet connection IP Damain Mame WAN Failover amp Connection Detection IP Domain Name C Enable Load Balancing Enable WAN Failover d Warning of Internet Disconnection Available Bandwidth on WAN Interface Uplink It specifies the maximum uplink bandwidth that can be shared by clients of the system Downlink It specifies the maximum downlink bandwidth that can be shared by clients of the system WAN Failover amp Connection Detection amp Target for detecting Internet connection These URLs are used by the system as the targets to detect Internet connection for alerting Internet disconnection and WAN Failover At least one URL is required to enable WAN Failover Enable Load Balancing Outbound load balancing is supported by the system When enabled the system will allocate traffic between WAN1 and WAN2 dynamically according to designed algorithms based on the weight ratio gt WAN1 Weight The percentage of traffic through WAN1 Range 1 99 by default it is 50 gt Base The weight ratio between WAN1 and WAN can be based on Sessions Packets or Bytes Packets and Bytes are based on historic data New connection sessions will be distributed between WAN1 and WAN2 by a weight ratio using random number Enable WAN Failover Normally a Service Zone uses WAN1 as it primary WAN interface When enabled and WAN is available WAN1 s traffic will be routed t
22. 163 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 8 User is now redirected to YOUR homepage that URL you fill in the blank System Configuration gt gt Homepage Login Successfully Windows Inlernel Fxplarer Please dose this window or click this button te Remaining Usage JHou53 Min i Sec Login time 2008 10 7 2 50 10 E Redeem Redeem Page Welcome To Redeem Page Please Enter Your User Name and Password To Sign In M User Nama couigondemanc E Password e SIFTIEEFUTEHSTETIIITEEIPATITETSETTETEHFATEEEAITISTEFITSSITTE 164 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH How does your client renew his service after running out of quota New username and password are needed to renew service Client can either purchase a new account online shown in the last section or at the counter desk The following example is to enter Web UI manually generate an account and have your client renewed himself the service 1 Goto On demand Users List the account being generated online please see the last section is shown On demand Users List Usemame Password Remaining Status Expiration Time Reference 3agb B 3155 4 2 haul D 2008 402 Online 02 50 10 Delete usen example com STIMA Total 1 First Previous Hex Las 2 Create an on demand user Authentication Server O
23. 2A x 1 e Cross over Ethernet RJ 45 Cable x 1 e RS 232 DB9 Console Cable x 1 A It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance 4 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 1 3 Panel Function Descriptions Front Panel P n E pa y Po z TTP T PS wee GrP Ty Jh E AP E e T K E rA err j Bx K WHG303 Lg ower Status t m 1 4 3 A 2 1 4 ip n et D Power ON indicates the power on and OFF indicates the power off 2 Status Power and Status both ON indicate system ready OFF indicates BIOS running and BLINKING indicates OS running 3 WAN ON indicates connection OFF indicates no connection and BLINKING indicates data transmitting D LAN ON indicates connection OFF indicates no connection and BLINKING indicates data transmitting Rear Panel DC 12V Attach the power adaptor here YO Reset Press and hold the Reset button for about 5 seconds and the LED status indicator on the front panel will start to blink before restarting the system Press and hold the Reset button for more than 10 seconds and the LED status indicator on the front panel will start to speed up blinking before resetting the system to default configuration 3 WAN For connecting to external networks which are not managed by WHG303 via ADSL or Cable Modem or connecting to a certain
24. Auth Option Auth Database Postfix Default Enabled Server 1 LOCAL local Q C Server 2 POP3 pop3 Q C Authentication Options Server 3 RADIUS radius Q Server 4 LDAP ldap Q Fj Step 4 Set Policy SZ1 Select Policy 1 from the drop down list box Click Apply to activate the settings Group Permission for this Service Zone Configure Default Policy in this Service Zone fi v Edit System Policies E ES Enabled Email Message for Login Reminding i Edit Mail Message Disabled Step 5 Configure LAN Port Mapping for SZ1 Select the LAN Port Mapping tab from the System menu to enter the LAN Ports and Service Zone Mapping page Select Guests from the drop down list box of LAN1 Click Apply to save the selection General WAN1 Y WAN2 WAN Traffic LAN Part Mapping Service Zones 4 Main Menu gt System gt Service Zone Port LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAN Port LAN1 LAN2 LANS LANA Apply A warning message You should restart the system to activate the changes will appear at the bottom of the 172 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH page Do NOT restart the system until you have completed all the configuration steps m j iT E 5 General Y WANT 4 WAN WAN Traffic LON Port Mapping Service Zones Main Menu gt System gt Servic
25. Now Donations Subscriptions and Shopping Cart Learn More Auto Return On Off Return URL Enter the URL that will be used to redirect your customers upon payment completion This URL must meet the guidelines detailed below Learn More Return URL http Awww www com Return URL Requirements The following items are required in order to set up Auto Return Payment Data Transfer optional Payment Data Transfer allows you to receive notification of successful payments as they are made The use af Payment Data Transfer depends on your system configuration and Your Return URL Please note that in order to use Payment Data Transfer you must turn on Auto Return Payment Data On Transfer C Off Encrypted Website Payments Using encryption enhances the security of website payments by decreasing the possibility that a 3rd party could manipulate the data in your button code If you plan on only using encrypted buttons you can block payments from non encrypted ones Learn mare about Encrypted Website Payments Note If you enable Encrypted Website Payments all of your Buy Now Donations and Subscriptions buttons must be encrypted via one of the following methods Using the Button Factory with the security settings enabled e Using your own code you encrypt all website payments before sending them to PayPal By enabling this feature any Buy Now Donation or Subscription button that is not encrypted will be reje
26. Users Log 2009 02 18 Date Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out 133 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH e On demand User Log As shown in the following figure each line is a on demand user log record consisting of 13 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out 1st Login Expiration Time Account Valid Through and Remark of user activities On demand User Log 2007 11 26 Pets Bytes Pihis Bytes 1st Login Exparatian Account Wald in In Ou Du Tift Thiough rwatm OD Umar bag i 10 Of 007 11 2B D2 96 1 Hone Flan 1 Cate System Name Type Hame IP MAC Remar e Roaming Out Traffic History As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming Out User Log 2009 02 18 Type Name NASID NASIP NASPort UsermMAC SessionlD SessionTime Bytes In Bytes Out Pkts In Pkts Out Message Roaming In Traffic History As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserlP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In User Log 2009 02 18
27. and Attribute Value 100000 in Hexadecimal into properties of this policy Configure YSA RFC compliant i i AES Vendor assigned attribute number d 14 Attribute format Hexadecimal 1 5 Attribute value 100000 1 6 17 OK Cancel Multivalued Attribute Information Attribute name Vendor Specific Attribute number 25 the tunneling protocols used the suppart of proprietary N S features the Cisco AY Pair VSA Vendor Specific Attribute Information Lnd Attribute name Vendors pecific Specify network access server vendor the certificate purpose or usage object identifiers whether 14S automatically generates the class al whether 4S automatically generates the session that the user s dial in properties are ignored the IP traffic filter that is used by the Routing anc RADIUS Standard Select from list the time in seconds that the connection can rer bn not yet defined bn not yet defined bn not yet defined bn not yet defined bn not yet defined bn not yet defined bn not yet defined bn not yet defined bn not yet defined Enter Vendor Code 1 1 21920 Specify whether the attribute conforms to the RADIUS RFC specification for vendor specific attributes Yes It conforms 2 Q Add Close C No It does not conform Configure Attribute 1 3 Cancel 18 K Cancel Step 19 to 21 Shows that the Attribute Value has been added Multivalued
28. and the Internet EJ My Computer A 197 2008 AIPNET INC 4ipnet 2 Right click on the Local Area Connection icon and select Properties 3 Select Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and then click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from WHG303 198 User s Manual WHG303 Secure WLAN Controller ENGLISH 1 Network and Dial up Connections 8j x File Edit View Favorites Tools Advanced Help Back Search C Folders History As E X A Ea Address ay Network and Dial up Connections G0 r s Network and Dial Make New Connection up Connections Disable Status Local Area Connection Cross Short Delete Type LAN Connection Status Enabled AMD PCNET Family PCI Ethernet Adapter g Displays the properties of the selected connection Local Area Connection Properties E 7 x General Connect uzing BY AMD PENET Family PCI Ethernet amp dapter Components checked are used by this connection m Client Far Microsoft Hetwork s i Lien uxcL for Microsoft Networks nac Install Description Transmission Control Protacol Intermet Protocol The default wide
29. 0 0 0 On demand History https 10 2 3 213 status ondemand_history 2005 02 17 S https 10 2 3 21 j stabus ondemand history 2005 02 17 Microsoft Internet Explorer File Edt View Favorites Tools Help Ouk O A A O ph Gram Gm OlO aG Address J https 10 2 3 213 statusfondemand_history 2005 02 17 m Date System Name Type Name IP MAC Packets In Bytes In Packets Out Bytes OutExplret ime Valid 2005 02 17 16 44 18 0800 QA WI300 Casper 213 Create OD User NTE 0 0 0 0 00 00 00 00 00 00 0 n i 2005 02 17 16 44 57 0800 QA WI300 Caspar 213 OD User Login NTE9 192 168 30 189 D0 0C F1 28 BF Dp8 O 0 2005 02 17 16 45 22 0800 QA W1300 Casper 213 OD User Logout NTEY 192 168 30 139 00 07 F1 28 BF D8 32 14499 30 Management IP Address List The IP address or subnet of remote management PCs Only PCs within this IP range on the list are allowed to access the system s web management interface For example 10 2 3 0 24 means that as long as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page SNMP If this function is enabled the Manager IP and the community can be assigned to access the Management Information Base MIB of the system User logon SSL Enable to activate https encryption or disable to activate http non
30. 07 20 07 49 373 444433 111 10 00 USD Account Settings gt SSE SSS SSS SS cy 10 07 19 25 14 HS1100 2008 10 07 20 23 10 793 444433 111 10 00 AUD Contact SecurePay z 0800000131 Pay SecurePay Bill usergexample com 10 07 02 43 03 Wireless Hotspot Gateway 2008 10 07 20 46 56 53 2008 10 07 20 38 23 233 411111 111 1 00 AUD 169 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix D Service Zone Deployment Example Port Based Service Zone In Port Based mode each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below one Service Zone for Guests and one for Employee Internet ISP Switch t Managed APs S S M ps es Service Zone Guests Service Zone Employee A The switches deployed under WHG303 in Port Based mode must be Layer 2 switches only Configuration Steps for Port Based Service Zones Step 1 Configure Service Zone 1 for Guests Assume that LANT1 is assigned to the Service Zone 1 SZ1 for Guests Click the System Configuration menu and select the Service Zones tab Click Configure of SZ1 170 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH General V WAN1 WAN WAN Traffic LAN Port Mapping Y Service Zones Main Menu gt System gt Service Zone Service Zone Settings Service Zone LAN Port SSID WLAN Applied
31. 2000 Account Activation si time login must be done within day s hour s Range of hours 0 23 they cannot both be zero j i 1 H M 5 Valid Period After activation accaunt will be expired in EN davis Must be larger than O 3 z0 Price Range 0 100000 including two digits after decimal point e g 1 99 4 o Cut off Time The time of day at which the on demand account is cut off made expired by the system on that day Please note that the Grace Period is an additional short period of time after the account is cut off during which a user is allowed to continue to use the on demand account to access the Internet without paying additional fee Editing Billing Plan Plan 1 Type Cut off Time HH MM range 00 00 23 59 Grace Period Account remains usable for hour s after cut off Unit Price per day Range 0 100000 including two digits after decimal point e g 1 33 External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line Three payment selections include Authorize Net PayPal Secure Pay and Disable The default is Disable External Payment Gateway Authorize Net O PayPal Q SecurePay Disable Authorize Net Before setting up Authorize Net it is required that the merchant owners have a valid Authorize Net account Please
32. 4 Examples of Making Payment for End Users Step 1 Click the link below the login window to pay for the service via PayPal Welcome To User Login Page Please Enter Your User Name and Password To Sign In F User Name T7 Password cUTUES EDOCTUS EET SS Se ee ee e e e e e aen ice At fo putt hate Ds Fit al ot Ceedi Lad Online Step 2 Choose agree to accept the terms of use and click Next We may collect and store the following personal a information 3 email address physical contact information credit card numbers and transactional information based on your activities on the nternet service provided by pe If the information you provide cannot be verified ve may ask you to gend us additional information such as your driver license credit card gtatement and or m recent utility bill or other information confirming your address or to answer additional questions to help verify your information a C agree O disagree Step 3 Please fill out the form and Click Submit to send out this transaction There will be a confirm dialog box Rate Plan Price 2hrs Omins EUR 2 C 3hrs mins ELIR 3 C I0 Mbyte EUR 5 Note A Payment it accepled via PayPal PayPal enables you 1o send payments etui online using PayPal account a credit cand or bank account Clicking on Buy how button you will be redirected to PayPal s ade ip make payrneni B Please don t manually close the brows
33. 4ipnet WHG303 Admin username and password after logging in the system for the first time Reload factory default Choosing this option will reset the system configuration to the factory defaults Restart 4ipnet WHG303 Choosing this option will restart 4ipnet WHG303 208 2008 AIPNET INC e me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix I Local VPN WHG303 has the ability to establish IPSec VPN tunnels between local user s Windows devices on local wired or wireless network and WHG303 itself for the purpose of traffic protection on local networks By pushing down ActiveX Control to the user s browser from WHG303 the system will be able to install a so called clientless IPSec VPN Internet WHG303 Local VPN IPSec Tunnel Local VPN IPSec Tunnel Wireless User Wired User 209 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH 4ipnet 1 User Operation Flow a As usual enter username and password in the User Login Page User Login Username local vpn_user local Password s b For the first time if the user has never used Local VPN feature Windows IE browser 6 0 or above will display an alert message to ask the user whether she or he wants to install the add on software gt https 192 168 1 254 loginpages vpn main shtml uip 192 168 1 6 BJ CGo ENEENSENENx eR E Fie Edit View Favorit
34. 8 can access Default Service Zone where they are governed by Policy 1 8 respectively o Policy Select a Policy that the Group will be applied with when accessing this Service Zone o Edit Group Option Click the hyperlink in the Edit Group Option column to enter Zone Permission Configuration amp Policy Assignment interface which is based on the role of Group to configure the relation between Group and Zone 74 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 4 Policy Configuration WHG303 supports multiple Policies including one Global Policy and 12 individual Policy Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users Global Policy is the system s universal policy and applied to all clients while other individual Policy can be selected and defined to be applied to any Service Zone The clients belonging to a Service Zone will be bound by an applied Policy In addition a Policy can be applied at a Group basis a Group of users can be bound by a Policy The same Group can be applied with different Policies within different Service Zones When the type of authentication database is RADIUS the Class Group Mapping function will be available to allow the administrator to assign a Group for a RADIUS class attribute therefore a Policy applied to this Group will be mapped to a user Group of a RADIUS class attribute When the typ
35. Attribute Information i Ix Attribute name Vendors pecific Attribute number ee o ooo Attribute format D ctet amp tring Attribute values 100000 Max download upload traffic is 1 M Bytes Creating a user in Active Directory Edit Dial in Profile E x IP Multilink Encryption Advanced Dial in Constraints Authentication Specify additional connection attributes to be returned to the Remote Access Server Attributes Microsoft RADIUS Standard RADIUS Standard aril andar RADILIS Standard Generate Class 4ttribute Class Framed Protocal Class03 PPP Move Up Move Down Add Remove Edt w Cancel This section will show you how to create a user and add it into a group in Active Directory Step 7 Step 2 Step 3 Step 4 Step 5 Open Active Directory Go to container Users Create a new user in this container Enter the first name of this user Enter User logon name which is the login name you will use in your RADIUS server 223 2008 AIPNET INC 4ipnet Step 6 2 Remote Des Ktop Recycle Bin Gef 2 3 T He Axon Ed EJ Ethereal Internet Authenticati g L1 kiwi Logfile Internet V pep Informatio Kiwi Syslog IBI TR Active records csy Director zh Cerbhication Remote Step 7 Step 8 Step 9 Step 10 Step 11 User s Manual WHG303 Secure WLAN Controller ENGLISH Click
36. DNS server used by the system Alternate DNS Server The substitute DNS server used by the system This is an optional field e Dynamic IP address It is only applicable for the network environment where a DHCP server is available Click the Renew button to get an IP address WAN Interface Setting None ANS Q static Use the fallawing IP settings fel Dynamic IP settings assigned automatically PPPOE e PPPoE Client When selecting PPPoE to connect to the network please set the User Name and Password There is a Dial on demand function under PPPoE If this function is enabled Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself 25 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH WAN Interface Setting None Static Use the fallawing IP settings Dynamic IP settings assigned automatically fe PPPoE Lisername MIT 1492 bytes range 1000 1492 Clamp M55 1400 bytes frange 980 1400 Dial on Demand Enabled 9 Disabled 26 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 4 WAN Traffic Settings The section is for administrators to configure the control over the entire system s traffic though the WAN interface WAN1 and WAN ports WAN Traffic Settings Available Bandwidth Uplink 100000 Kbps Range 10 100000 on WAN Interface Downlink
37. Date Type Name NASID NASIP NASPort UserMAC UserlP SessionlD SessionTime Bytes In Bytes Out Pkts In Pkts Out Message SIP Call Usage Log The log provides the login and logout activities of SIP clients device and soft clients such as Start Time Caller Callee and Duration seconds SIP Call Usage Log start Time Caller Callee Duration seconds 134 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH e Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each user in the latest 2 calendar months As shown in the following figure each line in a monthly network usage of local user record consists of 6 fields Username Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities Monthly Report 2009 02 Username Connection Time Usage Packets In Bytes In Packets Out Bytes Out D D 0 0 0 o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Out The total number of packets received and sent by the user o Bytes In Bytes Out The total number of bytes received and sent by the user gt Download Monthly Network Usage of Local User Click on the Download button for outputting the report manually to a local database Monthly Network Usage of Local User Month No of Entries Usage Data 2008 12 4 Download A warning me
38. Default Service Zone gt gt Configure Login Page Login Page Selection for Users Service Zone Default Default Page Template Page la Uploaded Page E E Exter nal Page Uploaded Page Setting File Name Browse Submit Existing Image Files my image1 jpg LI Delete Upload Image Files Preview A customized Login Page can be uploaded to the system Uploaded Page option or put in an external web server External Page option Note that Default Page and Template Page are options which do not require administrators to edit the HTML code b With the Uploaded Page option selected administrators have to upload the Login Page itself HTML code as well as related image files which are used in the HTML code c It is recommended to use the HTML code of Default Login Page as a starting point to customize your own Login Page To get the HTML code right click on the hyperlink Preview and use Save Target As to save the code 217 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 2 Processing the HTML code For the login process to work appropriately some elements are required to be kept in the HTML code while some elements are optional depending on whether On demand accounts are used a Required elements in the HTML code include e HTML form 1 that allows the user to enter information username and password lt form action userlogin shtml method post na
39. E EEEE ETETE 209 Appendix J Customizable Pages ssssseessssocceesssoocceesssoccceesssoccceessssocceesssoooceessssoceeessssoe 217 AppendixK RADIUS AGCCOUHTUIQ c irri IER NEUE NEEYE EUNT EERTVM SENS UERE FEE EM ES ENS VEN SE IUE 221 ii 2008 4IPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 1 Before You Start 1 1 Preface This manual is for hotspot owners or network administrators to set up a network environment using the 4ipnet WHG303 system It contains step by step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation 1 2 Document Conventions Represents essential steps actions or messages that should not be ignored No Contains related information that corresponds to a topic Indicates that clicking this button will return to the homepage of this section Indicates that clicking this button will apply all of your settings Indicates that clicking this button will clear what you have set before these settings are Cance applied 1 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 2 System Overview 2 1 Introduction of 4ipnet WHG303 4ipnet WHG303 Secure WLAN Controller is an ideal solution for small to medium hotspot deployments such as in hotels hospitals convention centers libraries airport terminals and MDUs MTUs The WHG303 integrates secure access c
40. Garden List This function provides certain free services for users to access the websites listed here before login and authentication Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website IP Address or Domain Name in the list and click Apply to save the settings teases omc Lp emen a emm 109 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH 4 4 5 Walled Garden Ad List This function provides advertisement web pages for users to access free advertisement websites listed before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Walled Garden Ad List URL Topic Item Edit Display Description E 2 E 3 E e Edit Click Editto add a new item or make changes Click Apply the items will be added and shown in the list e Display Choose Display to display advertisement hyperlinks on the login pages Walled Garden Ad List Item 1 URL http www ykcafe com Topic YK Cafe Description Welcome to YK Cafe Walled Garden Ad List Item 2 URL http www gaaogle com Description No 1 Search Engine Walled Garden Ad List Item 3 URL http www yahao com 110 2008 AIPNET INC 4ipnet User
41. INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 5 5 Network Utilities This function allows the administrators to manage functions including Wake on LAN Ping Trace Route and showing ARP Table by entering IP or Domain Name Network Utilities W ake an LAN o Time eg HEIMMIBNMIBEINEINM Wake Up www yahoo com IP Domain Name SS gt Wake on LAN It allows the system to hesveramToremolelv boot up apawerdewncomputsrwih Wakeona boot up a power down computer with Wake On LAN feature enabled and is on the LAN side Enter the MAC Address of the desired device and click Wake Up button to execute this function gt Ping It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP 124 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH 4ipnet 4 6 Status This section includes System Status Interface Status Routing Table Online Users User Logs and E mail amp SYSLOG to provide system status information and online user status f Home Logout FHelp s5 S stem Users Main Menu gt Status System Display current sett
42. INC PPNeE sera WHG303 Secure WLAN Controller ENGLISH Quick Links and System Overview are not accessible until the system is configured via Setup Note din Wizard For the first time if WHG303 is not using a trusted SSL certificate there will be a Certificate Error because the browser treats WHG303 as an illegal website Please press Continue to this website to continue The default user login page will then appear in the browser For more information please see 4 2 5 Additional Configuration Certificate Error Navigation Blocked Windows Internet Explorer o E hitps f 192 168 1 254 File Edt View Favortes Took Help BEB Certificate Error Navigation Blocked There is a problem with this website s security certificate The security certificate presented by this website was not Issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website W Click here to close this webpage Q Continue to this website not recommended More information If you can t get the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address
43. J Sonet None Policy 1 Server 1 Disabled af 2 JU UL JL J i None Policy 1 Server 1 Disabled 523 JU UL JE J ue Mone Policy 1 Server 1 Disabled S24 JU UL JE J ae None Policy 1 Server 1 Disabled 525 JU UL JE J i am None Policy 1 Server 1 Disabled 526 JU UL JE J TEE None Policy 1 Server 1 Disabled S27 JU UL JL J TENUES None Policy 1 Server 1 Disabled 528 JU UL JL J ppe None Policy 1 Server 1 Disabled Port Based J 33 2008 4IPNE T INC 4ipnet Service Zone Settings User s Manual WHG303 Secure WLAN Controller ENGLISH Service Zone Name VLAN Tag SSID WLAN Encryption Applied Policy Default Authen Option Status Details Default N A dipnet None Policy 1 Server 1 Enabled S41 526 SET 4ipnet 1 d4ipnet 2 dipnet 3 4ipnet 4 4ipnet 5 dipnet 6 aipnet 7 aipnet 8 None None None Mone Mone None Mone None Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Tag Based J e Service Zone Name Mnemonic name of the Service Zone e VLAN Tag The VLAN tag number that is mapped to the Service Zone e SSID The SSID that is associated with the Service Zone Server 1 Server 1 Server 1 Server 1 Server 1 Server 1 Server 1 Server 1 Disabled Disabled Disabled Disabled Disabled Configure Disabled Configure Disabled Disabled e WLAN Encryption Data encryption method for wireless networks within the Service Zone
44. Merchant Account to Match the Configuration of 4ipnet WHG303 Settings of the merchant account on Authorize Net should be matched with the configuration of 4ipnet WHG303 Setting Deseniption S To configure MD5 Hash Value please log in Authorize Net gt gt Click Settings and Profile gt gt Go to the Security section gt gt Click MD5 Hash gt gt Enter New Hash Value amp Confirm Hash Value gt gt Click Submit If the Card Code is set up as a required field please log in Authorize Net gt gt Required Card Code Click Settings and Profile gt gt Go to the Security section gt gt Click Card Code Verification gt gt Check the Does NOT Match N box gt gt Click Submit After setting up the required address fields on the Credit Card Payment Page Billing Configuration section of 4ipnet WHG303 the same requirements Required Address Fields must be set on Authorize Net To do so please log in Authorize Net gt gt Click Settings and Profile gt gt Go to the Security section gt gt Click Address Verification System AVS gt gt Check the boxes accordingly gt gt Click Submit 1 4 Test The Credit Card Payment via Authorize Net To test the connection between 4ipnet WHG303 and Authorize Net please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt
45. Order A Information page gt gt Username can be found in the Item Description To remove the specific account from 4ipnet WHG303 please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List gt gt Click Delete on the record with the account name Click Delete All to delete all users at once On demand Account List Username Password Remaining Quota Status Remark Delete All 3r23 qxraGb47 2 hris Normal Delete Total 1 First Previous Mext Last 2 2 Refund A Settled Transaction and Remove the On demand Account Generated on 4ipnet WHG303 a To refund a credit card payment please log in Authorize Net Click Virtual Terminal gt gt Select a Payment Method gt gt Click Refund a Credit Card gt gt Payment Authorization Information gt gt Type information in at least three fields Card Number Expiration Date and Amount gt gt Confirm and click Submit 143 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH b To remove the specific account from 4ipnet WHG303 please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List gt gt Click Delete on the record with the account name 2 3 Find
46. Port Based mode with Default Service Zone enabled and all LAN ports are mapped to Default Service Zone Compare the two figures below to see the differences LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based O Tag Based Specify a desired Service Zone for each LAN Port LAMI LANZ LANS LAN Internet ISP 4 _ a ams A Switch D x tas j en Managed _ en APs Managed N T re APs SSID 1 SSID 2 55042 eae Service Zone Guests Service Zone Employee Port Based J 29 2008 AIPNET INC 4pnet sera WHG303 Secure WLAN Controller ENGLISH Internet ISP Q il Switch i t Ta ur VLAN 87 Tag 87 ji Service Zone Guests Service Zone Employee Tag Based J It is recommended that the administrator decides which mode is better for a multiple service zone deployment before proceeding further with the system configuration Settings for the two VLAN modes are slightly different for example the VLAN Tag setting is required for Tag Based mode Select Service Zone Mode Select a VLAN mode either Port Based or Tag Based LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAN Port The switches deployed under WHG303 in Port Based mode must be Layer2 Switches only The switch deployed under WHG303 in Tag Based mode must be a VLAN swit
47. Session Limit and Session Log Session Limit To prevent ill behaved clients or malicious software from using up the system s connection resources the administrator can restrict the number of concurrent sessions that a user can establish gt The maximum number of concurrent sessions TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones gt When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to a Syslog server Since this basic protection mechanism may not be able to protect the system from all malicious DoS attacks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in network deployment to maintain network operation Session Log The system can record connection details of each user accessing the Internet In addition the log data can be sent out to a specified Syslog Server Email Box or FTP Server based on pre defined interval time gt The description of the fields of a session log record is shown as below Feld JBesrpio Date and Time The date and time that the session is established l New This is a newly established session Session Type P Blocked
48. WLAN Controller ENGLISH 4 4 2 Privilege List Set the configuration for Privilege IP Address List and Privilege MAC Address List Privilege List IP Address List MAC Address List e Privilege IP Address List If there are workstations inside the managed network that need to access the network without authentication enter the IP addresses of these workstations in the Privilege IP Address List The Remark field is not necessary but is useful to keep track WHG303 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply a ELLO OL OELLLL 3 ERA COEM Permitting specific IP addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems e Privilege MAC Address List In addition to the IP address the MAC address of the workstations that need to access the network without authentication can also be set in the Privilege MAC Address List WHG303 allows 100 privilege MAC addresses at most When manually creating the list enter the MAC address the format is xx xx Xx XX XX XX as well as the remark not necessary These settings will become effective immediately after clicking Apply 106 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH Granted Access by MAC Address EN RAN pop Le p Le iF NEN es RE Permitting specific MAC addresses to have n
49. address of External Interface WAN1 that will change dynamically if WAN1 Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN 1 interface Each Static Assignment could be bound with the chosen External Interface WAN1 or WAN2 There are 40 sets of static Internal IP Address and External IP Address available Enter Internal and External IP Addresses as a set After the setup accessing the WAN will be mapped to access the Internal IP Address These settings will become effective immediately after clicking the Apply button Automatic WAN IP Assignment Enable External IP Address External Interface Internal IP Address a 192 168 1 255 WANI Sane Static Assignments No External IP Address External Interface Internal IP Address 2 E A z a s s E DE 7 EE o Heel pe 10 p 2 E Total 40 First Prev Next Last 103 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Public Accessible Server This function allows the administrator to set 40 virtual servers at most so that client devices outside the managed network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select
50. and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5 or Login but which method to be used can not be configured Syslog Configuration There are 3 types of Syslog supported System Log On demand User Log and Session Log Enter the IP address and Port number to specify which and from where the report should be sent to Note When the number of a user s session TCP and UDP reaches the session limit specified in the policy a record will be logged to this Syslog server FTP Server Settings Session Log Log each connection created by users and tracking the source IP and destination IP If Syslog is enabled Session Log will be sent to the Syslog server automatically during every defined interval in Session Log email notification Session Log allows uploading the log file to a FTP server periodically The maximum log file size is 256K The log file will be sent to the FTP server once the file size reaches its maximum size or periodical time interval 137 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 7 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of
51. and expiration date Card code is the last 3 Note digits of the security code located on the back of your credit card If clients choose to enter the e mail addresses clients will receive confirmation letters for reference 148 2008 AIPNET INC d e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix B Accepting Payment via PayPal This section is to show independent Hotspot owners how to configure related settings in order to accept payments via PayPal making the Hotspot an e commerce environment for clients to pay for and obtain Internet access using their PayPal accounts or credit cards Offers instant on demand guest access to Internet Needs to charge Internet access and accept payments via i PayPal No Disable External Payment Gateway Yes Make sure PayPal Business Account is opened and ready Obtain information fram 1 Business Account ID 42 Payment Gateway URL 3 Identity Token PayPal com Enable and configure the PayPal related settings No Check and retry Yes or ask for technical support Payment function via PayPal Up and running 149 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 1 Setting Up As follows are the basic steps to open and configure a Business Account on PayPal 1 1 Open An Account Step 1 Sign up for a PayPal Business Account and l
52. and the default gateway are not under the same network segment Please use default IP address such as 192 168 1 xx in your network and then try it again For the configuration on PC please refer to Appendix G Network Configuration on PC amp User Login 11 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH After a successful login to WHG303 a web management interface with a welcome message will appear amp t fHome DLogout Help Meu Users Access Points _ ric m Network Utilities Status Welcome to System Main Menu This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Users Access Points Network Utilities and Status Note To logout simply click the Logout icon on the upper right corner of the interface to return to the login Screen 2008 AIPNET INC e me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 3 2 Setup Wizard WHG303 provides a Setup Wizard for quick configuration The Setup Wizard comprises of four basic steps Follow the instructions of Setup Wizard to enter the required information step by step save your settings and restart WHG303 Then the system is ready to use The four steps of Configuration Wizard are listed b
53. appears do NOT restart the system until you have completed the configuration under the Service Zones tab first 3 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based f Tag Based Notice Under Tag Based mode Service Zones vill be distinguished by VL AN tagging instead of physical LAN parts LAN 1 LANZ LANS LAN For more information on enabling and configuring Service Zones please refer to Appendix D gt gt Note Service Zone Deployment Example 22 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 6 Service Zones A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices By associating a unique VLAN Tag and SSID with a Service Zone administrators can separate wired network and wireless network into different logical zones Users attempting to access the resources within the Service Zone will be controlled based on the access control profile of the Service Zone such as authentication security feature wireless encryption method traffic control and etc There are up to nine Service Zones to be utilized by default they are named as Default SZ1 SZ8 as shown in the table below Service Zone Settings Default e Le Le LoJ 4ipnet Mone Policy 1 Server 1 Enabled Sz1 JU UL JE
54. area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected Ok Cancel Internet Protocol TCP IP Properties General 21x fou can get IP settings assigned automatically if your network supports this capability Othenwise You need to ask your network administrator for the appropriate IP settings IP address Subnet mask Drehaull gateway Obtain ONS server address automatically Use the following DONS server addresses Advanced lt a Prefered DHS server Alternate DAS server Cancel 2008 4IPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH 5 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the P Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG303 AN If your PC has been set up completely please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address Internet Protocol TCP IP Properties ixi General and enter the P address Subnet mask If Yoy can get IP settings assigned automatically if your network supports this capability Othenwise You need to ask your network administrator Far the DNS Server field is empty select Using He SDN GUISE Colne the following DNS server a
55. authentication e Accounting Service The system supports RADIUS accounting that can be enabled or disabled e Authentication Protocol The configuration of the system must match with that of the remote RADIUS server PAP Password Authentication Protocol transmits passwords in plain text without encryption CHAP Challenge Handshake Authentication Protocol is a more secure authentication protocol with hash encryption Note Ifthe RADIUS Server does not assign idle timeout value the WHG303 will use the local idle timeout 49 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 4 Authentication Method LDAP Choose LDAP from the Authentication Method field the button beside the drop down menu will become LDAP Setting Authentication Database LDAP he Click the button of LDAP Setting for further configuration Enter the information for the primary server and or the secondary server the secondary server is not required The blanks with red asterisk are necessary information which should be filled in These settings will become effective immediately after clicking the Apply button E M Server Dromain Mama IP Address Part 389 e g i E Base DN M Users C 2k 3150 dcdit e g cimurerr dcemdomam deem cam Account Attribute cr bisg c Secondary LDAP Server Server i Port Base DN Account Attribute Attribute Group Mapping e Se
56. automatically assigned to this computer IF Your network does not automatically assign IP addresses ask This is also the default setting of Windows your network administrator Far an address and then type it in the space below Then reboot the PC to make sure an IP address is obtained from WHG303 TES dress Subnet klask 4 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the P Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG303 AN If your PC has been set up completely please inform the network administrator before proceeding to the following steps 4 1 Click on the IP Address tab and choose Specify an IP address Enter the P Bindings o Advanced MeiBloS DNS Configuration Gateway WINS Configuration IP Address Address Subnet Mask and then click OK An IP address can be automatically assigned to this computer If pour network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below Lom J cance 196 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 Click on the Gateway tab Enter the gateway 2 Bindings Advanced NetBIOS address of WHG303 In the New gateway DNS Configuration Gateway WINS Configuration IP Address field and
57. click Add Then click OK The first gateway in the Installed Gateway list will be the default The address order in the list will be the order in which these machines are used New gateway fT C ap Installed gateways Remove 4 3 Click on DNS Configuration tab If the DNS Bindings Advanced NetBIOS Server field IS empty select Enable DNS DNS Configuration Gateway WINS Configuration IP Address and enter DNS Server address Click Add and then click OK to complete the Host Domain OWNS Serwer Search Order BHemare Domain Suffix Search Order Ada SETTE ES e cancel configuration Check the TCP IP Setup of Window 2000 ioj x 1 Select Start gt gt Control Panel gt gt Network ee Back gt A Search Ls Folders History As D X u EE and Dial up Connections Ad ress ca control Pane y ee Date Time Display Folder Options Fonts CI sea S Lov 3 d T Control Panel PE er ES P Game Internet Keyboard Mouse Network and Dial up Controllers Options Connections Connects to other computers networks and the Internet Ce a IPhone and Power Options Printers dial up Modem Windows Update Windows 2000 Support Connections E Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia System Users and VMware Tools gt Connects to other computers networks
58. e Step 4 Please confirm the data and the click OK to go on the transaction or click Cancel to revise the data or cancel this transaction After clicking OK there will be another dialog box showing up to confirm this transaction again Microsoft Internet Explorer FE X Please check the data you input DE d Credit Card Number 4567123456780000 Credit Card Expiration Date 1208 Card Type Visa Card Code S27 E mail 1223iyahoo com Room Number First Mame Torn Last Mame Lee Company Address City State Zip Country Phone Fax Do vau want bo continue Ehe credit card payment process Cancel 147 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Step 5 Click OK to complete the process or click Cancel to revise the data or cancel this transaction Microsoft Internet Explorer i E xl y The process may bake several minnutes es Please DO NOT close or leave this page before getting the result Do you want to continue the credit card payment process E Cancel Step 6 Click Start Internet Access to use the Internet access service Login ID PTKP ondem and Password BHBXYPCT Price tao Usage B hrs O mins ESSID Y K Cafa Credit C ard Vaid To Use Linlil 20080404 14 03 04 hate Before chosipg this window please write down yos use p name Mhl passes d atari Internet Acces s The clients must fill in the correct credit card number
59. encryption login page 21 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Time NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically Universal Time is Greenwich Mean Time GMT The time can also be manually configured by selecting Set Device Date and Time and then entering the date and time in these fields System Time 2009 02 19 11 15 04 Time Zone GMT 0 00Taipei s NTP NTP Server l la g tack usna nany mil Time MTP Server zi MTP Server 3 MTP Server F MTP Server a O Manually set up 22 2008 AIPNET INC me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 2 WAN1 Configuration There are 4 connection types for the WAN1 Port Static IP Address Dynamic IP Address PPPoE and PPTP Client e Static IP Address Manually specifying the IP address of the WAN Port The fields with red asterisks are required to be filled in IP Address The IP address of the WAN1 port Subnet Mask The subnet mask of the WAN1 port Default Gateway The gateway of the WAN1 port Preferred DNS Server The primary DNS server used by the system Alternate DNS Server The substitute DNS server used by the system This is an optional field WAN Interface Setting fe Static Use the fa
60. for End Users Step 1 Click the link below the login window to pay for the service by credit card via Authorize Net Welcome To User Login Page Please Enter Your User Name and Password To Sign In P1 User Name 9 Password Step 2 Choose agree to accept the terms of use and click Next We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the nternet service provided by Lee If the information you provide cannot be verified we may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your address or to ansver additional questions to help verify your information E C agree O disagree 146 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Step 3 Please fill out the form and Click Submit to send out this transaction There will be a confirm dialog box Rate Plan Price 2 hre GO mins Ts sj Bhre mins e 12 bre ment 12 OO Mire 5 1000 Mbyte fa 7000 Mite T1 Credit Card E Contact Information Creat Care rumibsi EEIE HT a Credit Cand Expiration Dats z t MM Y Card Tee ica wr and Code F E mail li Tali Fira Marne iff i Las Harme Company Address Fee dered br in misk am regimrend Bar Caer
61. in use o Expired the account is not valid any more even there is remaining quota to be used o Out of Quota the account has exceeded the quota limit o Redeemed the account has been applied for account renewal e Delete This will delete the users individually 68 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 7 Authentication Method SIP The system provides SIP proxy for SIP clients devices or soft clients pass through NAT After enable SIP proxy server all SIP traffic can pass through NAT with a selective but fixed WAN interface Administrator will be able to add trusted SIP Registrars up to four of them A group can be chosen to govern SIP traffic enu gt Users gt Authentication gt SIP Authentication Authentication Server SIP Group Mone Group selection applied to clients login with SIP authentication e SIP SIP authentication supports 4 Trusted SIP Registrar e IP Address The IP address of the Trusted SIP Registrar e Remark The administrator can enter extra information in this field for remark e Group A Group option can be applied to the clients who login with SIP Authentication Be noted that the specific route of the applied Policy for the selected Group cannot conflict with the assigned WAN interface for SIP authentication 69 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 2 Black List Configuration
62. list The administrator must know the local IP addresses of the APs he she wishes to discover AP Discovery AP Type EAP1 00 Interface Defau lw Factory Default IP Address 182 158 2 1 Login ID admin Password 1234 Manual Admin Settings User to Discover IP Addresses of APs CE start IP Address 192 158 1 1 after Discovery Scan Now Background AP Discovery Status Disabled Discovered AP List IP Address AP Hame Template AP Type Service Zone MAC Address Password Channel Total 0 First Prev Next Last Last discovery was done at 11 43 46 March 03 2008 e To discover AP manually please fill in the required data gt AP Type Choose the type of AP you wish to discover gt Interface Set to default gt Admin Settings Used to Discover Choose from Factory Default or Manual gt IP Addresses of APs after Discovery Start assigning from this IP address to discovered APs Then click the Scan Now button and the APs match the given settings will show in the list below If one of the IP addresses intended is used a warning message will show up In this case please change the IP range and 94 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH then click Scan Now again Input the desired name and password for the AP Select one template check it and then click Add to add it under the managed list About the template please see 4 3 4 Template Setti
63. of LAN2 Click Apply to save the selection ewm EE Le WAN Traffic V LAN Port Mapping Service zones Main Menu gt System gt Service Zone Port Role LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAM Port m LAN2 LAN3 LANI LAN4 Gur m mm nm A warning message You should restart the system to activate the changes will appear at the bottom of the page Click the hyperlink of Restart to restart the system and activate all configurations General V WAN1 WAN2 WAN Traffic NLAN Port Mapping Service Zones Main Menu gt System gt Service Zone Port Role LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based O Tag Based Specify a desired Service Zone for each LAN Port LAN1 LAN LANS LANA A Please do not interrupt the system during the restarting process Once the settings of two Service Zones are completed the configured result will be displayed in the Service Zone Settings page SZ1 and SZ2 are both enabled 175 2008 4IPNE T INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH General WANT WANZ WAN Traffic LAN Port Mapping y Service Zones Main Menu gt System gt Service Zone Service Zone Settings Service Zone LAN Port S WLAN Applied Default Authen T Name Mapping id Encryption Policy Option ms Details Default L La 9
64. s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 6 Proxy Server Properties WHG303 supports Internal Proxy Server and External Proxy Server functions External Proxy Servers IP Address Lo Lu ee E 3 L LB ee EHE NN NE c RE a eee Lud j Le 5 L Lo Redirect Outgoing Proxy Traffic to Built in Proxy Server GL NM NEL External Proxy Server Under the security management of WHG303 the system will match the External Proxy Server list to the clients proxy settings If there is not a match the clients will not be able to reach the login page and thus unable to access the network If there is a match the clients will be directed to the system for authentication After a successful authentication the clients will be redirected back to the desired proxy servers depending on different situations e Internal Proxy Server WHG303 has a built in proxy server If this function is enabled the clients will be forced to treat WHG303 as the proxy server regardless of their original proxy settings For more details about how to set up the proxy servers please refer to Appendix E Proxy Setting 111 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 7 Dynamic DNS Before activating this function you must have your Dynamic DNS hostname registered with a Dynamic DNS provider WHG303 supports DNS function to alias the dynamic IP address for the WAN port to a stati
65. see Appendix A Accepting Payments via Authorize Net for more information about opening an Authorize Net account relevant maintenance functions and an example for end users 57 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH gt Authorize Net Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay Disable Authorize Net Payment Page Configuration Merchant Login ID Merchant Transaction Key Payment Gateway URL Verify SSL Certificate Test Mode O Enable 9 Disable Try Test MDS Hash O Enable 9 Disable Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net Trusted CA Management Select the version of Trusted Certificate for the system Q Trusted CA Management SecurePay Q Use Default CA 9 Upload CA Upload Trusted CA File Name Test Mode In this mode merchants can post test transactions for free to check if the payment function works properly MD5 Hash If transaction responses need to be encrypted by the Payment Gateway enter and confirm a MD5 Hash Value an
66. select the upgrade version of firmware and click Apply to upgrade firmware AP List Upgraded Name Type Version Time New Version Upgrade 100 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 3 7 WDS Management WDS Management Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup a Tree structure of WDS network Default Settings for Newly Added WDS Tree WDS Status Refresh Interval Disable Auto Refresh Ma WDS operation has been done WDS Update The Parent AP of this new connection Es The Child AP of this new connection Es The Parent AP of this updated connection Es The Child AP of this updated connection and the connection ta the previous Parent AP will be deleted Es ENNNTTTOTTUTUITITITT RN e WDS Status Status shows the added APs in the WDS Tree with the Security and Channel settings The WDS could be set up more than one tree Click the Edit is to change the WDS connection settings for the associated WDS Tree e WDS Update Update the WDS connection with the following operations gt Add Add a new WDS connection with a Child AP not in the WDS and a Parent AP from the AP List A new WDS Tree will be added if the selected Parent AP is not in any of the current WDS Trees Click Edit is to change the WDS connection settings for the new added WDS Tree
67. sent to the merchant owner administrator via Authorize Net To configure the contact person who will receive a receipt for each transaction please log in Authorize Net Click Settings and Profile gt gt Go to the General section gt gt Click Manage Contacts gt gt Click Add New Contact to gt gt Enter necessary contact information on this page gt gt Check the Transaction Receipt box gt gt Click Submit 144 2008 4IPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Reporting During normal operation the following steps will be necessary to generate transaction reports 3 1 Transaction Statistics by Credit Card Type during the Period Please log in Authorize Net gt gt Click Reports gt gt Check Statistics by Settlement Date radio button gt gt Select Transaction Type Start Date and End Date as the criteria gt gt Click Run Report 3 2 Transaction Statistics by Different Location a To deploy more than one 4ipnet WHG303 the way to distinguish transactions from different locations is to make the invoice numbers different To change the invoice setting please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select Authorize NET gt gt Scroll down to Client s Purchasing Record
68. the Username and Password for A Specific Customer Please log in Authorize Net Click Unsettled Transactions gt gt Try to locate the specific transaction record on the List of Unsettled Transactions gt gt Click the Trans ID number gt gt Click Show Itemized Order Information in the Order Information section gt gt Username and Password can be found in the Item Description 2 4 Send An Email Receipt to A Customer If a valid email address is provided an email receipt with payment details for each successful transaction will be automatically sent to the customer via Authorize Net To change the information on the receipt for customer please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select Authorize NET gt gt Scroll down to Client s Purchasing Record section of the page gt gt Type in information in the text boxes Description and E mail Header gt gt Confirm and click Apply Client s Purchasing Record Starting Invoice Number nooonnn4 Change the Number Description Item Mame Internet Access z Title for Message to Seller Special Mote to Seller 2 5 Send an Email Receipt for Each Transaction to the Merchant Owner A copy of email receipt with payment details for each successful transaction will also be automatically
69. to access a Service Zone can be applied with a Policy within this zone The same Group within different Service Zones can be applied with different Policies as well as different Authentication Options Group Configuration Group 1 Select Group o E NN Apply e Group Configuration Group 1 8 gt QoS Profile Set parameters for traffic classification Group 1 Traffic Configuration 71 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH o Traffic Class A Traffic Class can be chosen for a Group of users There are four traffic classes Voice Video Best Effort and Background Voice and Video traffic will be placed in the high priority queue When Best Effort or Background is selected more bandwidth management options such as Downlink and Uplink Bandwidth will appear o Group Total Downlink Defines the maximum bandwidth allowed to be shared by clients within this Group o Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client belonging to this Group The Individual Maximum Downlink cannot exceed the value of Group Total Downlink o Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client belonging to this Group The Individual Request Downlink cannot exceed the value of Group Total Downlink and Individual Maximum Downlink o Group Total Uplink Defines the maximum upl
70. utilities are described as follows VN V WV Please select utility Trace routing path Display interface settings Display routing table Display ARP table Display system up time Check service status Set device into safe mode Set Outputpover synchronize clock with NTP server Print the kernel ring buffer Main menu Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status Trace routing path Trace and inquire the routing path to a specific target Display interface settings It displays the information of each network interface setting including the MAC address IP address and netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed Display system up time The system live time time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If the administrator is unable to use Web Management Interface via browser for the system failed inexplicitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time server Since this interface does no
71. webpages from working corectly show Add ons that have been used by Internet Explorer bul Mame Publisher Status Type File ES E Shockwave Flash Object Adobe Systems Incorpora Enabled Actives Control Flashit Skype Skype Technologies 54 Enabled Browser Extension Skype Skype add on masterm Skype Technologies 54 Enabled s SS5vHelper Class a Sun Java Console Sun Microsystems Inc Enabled Browser Helper Object Skype Sun Microsystems Inc Enabled Browser Helper Object ss dll Browser Extension sgy dll UploadListview Class Google Inc a VIDEO X M5 ASF Mo Microsoft Corporation Contact List Microsoft Outlook Enabled Enabled E YPMClienk psec Cipherium Systems Co Led Enabled Default web browser h Internet Explorer is not currently the default web browser Tell me if Internet Explorer is not the default web browser E Windows Live Messenger Microsoft Corporation E Windows Live Sign in C Microsoft Corporation s Windows Live Sign in H Microsoft Corporation E windows Media Player Microsoft Corporation 5 Windows Media Plaver Microsoft Corooration Make default Enabled Enabled Enabled Enabled Enabled Activex Control Activex Control Activex Control Activex Control Activex Control Browser Helper Object Actives Control Activex Control Upload wimp dl PMClie MSasc Window Window wp dl wmnpdx Manage add ons P Enable or disable browser add ons
72. y installed in your system Manage add ons lilt n Settings Delete Active Click the name of an Actives control above and then click Delete Click an add on name above and and then click Enable or Disable Enable C Disable Download new add ons Far Internet Explorer Learn more about add ons From Windows Internet Explorer click Manage add ons button inside Programs page under Tools to show the add ons programs list You can see VPNClient ipsec was enabled 213 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Limitations The limitation of the client side due to ActiveX and Windows OS includes a Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through b Without Windows patch KB889527 ICMP Ping and PORT command of FTP cannot work in Windows XP SP2 C The forced termination through CTRL ALT DEL or Task Manager of the Internet Explorer will stop the running of ActiveX It causes IPSec tunnel can t be cleared properly at client s device In this case a reboot of client s device is needed to clear the IPSec tunnel d The crash of Windows Internet Explorer may cause the same result There are some OS and browser which may not support Local VPN 1 Internet Connection Firewall In Windows XP and Windows XP SP1 the Internet Connection Fi
73. 3 a console modem cable and a terminal Bits per second a600 simulation program such as the Hyper Terminal Data bits a are needed 2 If aHyper Terminal is used please set the Ium None parameters as 9600 8 none 1 and none Stop bits Flow control None Restore Defaults cat ton The main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of 4ipnet WHG303 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system where the welcome screen or main menu should appear If the welcome screen or main menu of the console still does not pop up please check the connection of the cables and the settings of the terminal simulation program Please select utility wassuord Change admin password Milit Util ties for network debugging eset Reload factory default eStart Restart 206 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The
74. 4 5 2 Backup Restore SC GS MR E m Mm 121 4 5 3 Firmware Upgrade EE OO oom 122 SA Cc 8 eee eee eee E ee eee ee er ee ere 123 ASS 1 d Binh ore mr 124 4 6 DLAC E S f 125 POM SSES mE o omm 126 d iBferidbe SEODUS oos aon I UIDES MONROE EN MN MENGE UNI MMM OMNEM 128 8 93 ROT TD osa obo decides Mon SMS edu dnd Edu eM MEUM UN NEM NM EM M IM ened 130 220 Oui re 0 205 0c em 132 BO AIS 4B s RR NOTEm O 133 AGO Emal A Debe Co HR 136 4 7 JM 138 Appendix A Accepting Payment via Authorize Net ecce ecce e eee eere ennt 139 Appendix B Accepting Payment via PayPal e eeeeeee eee eee eere eee eee eee ena eene 149 Appendix C Accepting Payment via SecurePay eee ecce e eee ee eene eese etna eate 159 Appendix D Service Zone Deployment Example e eese ecce eee eee enne 170 Append E Troy SelM aasien r npa OTIO Vnd 183 Appendix F Session Limit and Session Log sscccssssrrcccssssssccsssssscccsssssssccssssssscssssssscees 188 Appendix G Network Configuration on PC amp User Login es sessssssseessssooeeecssoooeeeses 190 Appendix H Console Interface ssseessssooceesssoocceesssoccceesssocccesssoocceesssscoceesssococeesssscseeeesso 206 Appendix I LOCAL VEIN o
75. 500 Mbyte s N A N A N A N A N A N A N A e Plan The number of a specific plan Price 2 3 99 NA NIA NA NIA N A NIA N A Status Enabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled e Type Show one type of the plan in Time Volume or Cut off Function Create Create e Quota The Time Volume is how long the on demand user is allowed to access the Internet e Price The unit price of each plan e Status Show the status in enabled or disabled e Function Press Create button for the desired plan an On demand user account will be created and then click Printout to print a receipt which will contain this on demand user s information Plan Type 1 Time Total Price 2 On demand Account Creation Quota 2 hrs O mins Price zl Status Enabled er activation the account will be expired in 5 days 0 Function Reference ae Add a reference related to this account for example the customers name Please canfirm the information and press Create button to create an account 66 JL Jn 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH On demand User Receipt Mozilla Firefox di 5x F http 110 29 1 210 IserAuthenticatian nDemandRecept shtml butkoniNo 1 amp randol TT Welcome
76. 802 1X enabled devices such as APs or switches Roaming Out The system s local user database can also be an external RADIUS database to another system When Account Roaming Out is enabled local users can login from other domains with their original local user accounts The authentication database with their original local user accounts acts as a RADIUS Server and roaming out local users act as RADIUS clients 46 2008 AIPNET INC d me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 2 Authentication Method POP3 Choose POP3 from the Authentication Method field the button beside the drop down menu will become POP3 Setting Authentication Database POPS he Click the button of POPS Setting for further configuration Enter the information for the primary server and or the secondary server the secondary server is not required The fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button External POPS3 Server Related Settings Complete e g userL companyname com Only ID e g useri Primary POP3 Server Server a EN INN es ee oo m es ee e Server IP The IP address of the external POP3 Server e Port The authentication port of the external POP3 Server e SSL Setting The system supports POP3S Check the check box beside to Enable SSL Connection to POP3 47 2008 AIPNET INC ng me 4ipnet User
77. Controller ENGLISH other authentication options Then click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Authentication Settings Authentication Required For Enabled O Disabled the Zone Server 2 POP3 pop3 Q d Authentication Options Server 3 RADIUS radius Q Server 4 LDAP Idap Q On demand User ONDEMAND ondemand Q d SIP SIP N A Step 9 Set Policy SZ2 Select Policy 1 from the drop down list box Click Apply to activate the settings A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Group Permission for this Service Zone Configure Default Policy in this Service Zone v Edit System Policies E Enabled Email Message for Login Reminding Edit Mail Message Disabled Managed AP s in this Service Zone IP Address AP Type AP Name Status MAC Address A Please do not interrupt the system during the restarting process Once the settings of two Service Zones are completed the configured result will be displayed in the Service Zone Settings page SZ1 and SZ2 are both enabled 181 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH E aM p
78. Default Authen Name Mapping ENT Encryption Policy Option Default a 9 9 9 4ipnet Mone Policy 1 Server 1 Sz1 LALALALA m ii None Policy 1 Server 1 572 PARAL J net None Policy 1 Server 1 Step 2 Configure Basic Settings for SZ1 Check the Enable radio button of Service Zone Status to activate SZ1 Enter a name for SZ1 e g Guests in the Service Zone Name field General N WANI Y WAN2 Y WAN Traffic LAM Port Mapping Service Zones Main Menu gt System gt Service Zone gt Service Zone Configuration Basic Settings Service Zone Status Enabled Disabled Operation Mode NAT Router Network Interface IP Address 1182 168 11 254 le Subnet Mask 259 250 2000 Step 3 Configure Authentication Settings for SZ1 Check the Enable radio button to enable Authentication Required for the Zone Status Details Enabled Disabled Disabled Check the Default button and Enabled box of Guest Users to set ONDEMAND authentication method as default Disable all other authentication options Then click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps 171 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Authentication Settings Authentication Required For 9Enabled Disabled the Zone
79. Disabled o User Limit Limit the number of users connected to that AP 9 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH acer 1213 141A 1B 1C 92 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH e Status After clicking the hyperlink in the Status column there are two areas of information shown AP Status Summary and AP Status Details AP Status Summary includes AP Name AP Type LAN Interface MAC address Wireless Interface MAC address Report Time SSID and Number of Associated Clients AP Status Details include System Status LAN Status Wireless LAN Status Access Control Status Associated Client Status and Local Log Status AP Status summary AP Name EAP100B AP Type EAP100 LAN MAC Wireless LAN MAC Report Time JA SSID 4ipnet Service Zone Default Humber of Associated 0 Clients AP Status Detail system Status LAN Status Wireless LAN Status Access Control Status Associated Client Status Local Log Status 93 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 3 2 AP Discovery Use this function to detect and manage all of the APs in the network segments Note that WHG303 can only manage APs that are connected to its LAN ports Therefore the AP discovery function is for adding locally connected APs to its management
80. EDITO Up Cut Copy Paste Undo Delete Properties Views Address Control Panel zm S o utt AddNew Add Remove Date Time 3 Accessibility Options Hardware Programs Control i Pane 9 4 5 amp Display Fonts Game Internet Network Controllers Options Configures network x c hardware and software p 9 gt j Keyboard Modems Mouse Multimedia Microsoft Home Technical Support E 9 a y H Network ODBCData Passwords Power Sources 32bit Management Ca ES aufi ml x Configures network hardware and sol a My Computer Network Configuration Identification Access Control The following network components are installed 1 Client for Microsoft Networks Sef D PENET Family Ethernet Adapter PCI 15 4 Loretto Qs TCPAP gt SMD PCNET Farnily Ethernet Adapter PCIISA zx Li1al Llp Adapter Remove Properties Primary Hetwork Logon Client for Microsoft Wetworks Eile and Print Sharing Description TCP IP iz the protocol ou use to connect to the Internet and wide area networks OF Cancel 2008 AIPNET INC ng me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Using DHCP If you want to use DHCP click di Bindings Advanced NetBIOS on the IP Address tab and choose Obtain an OAS Configuration Gateway WINS Configuration IP Address IP address automatically and then click OK An IF address can be
81. External Payment Gateway gt gt Select Authorize Net gt gt Go to Authorize Net Payment Page Configuration section gt gt Enable the Test Mode gt gt Click Try Test and follow the instructions 142 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH External Payment Gateway 9 Authorize Net PayPal SecurePay Disable Authorize Net Payment Page Configuration Merchant Login ID Merchant Transaction Key Payment Gateway URL tips secure authorize net g ateway transact dll 2 Enable Disable Trusted CA Management Verify SSL Certificate Test Mode 9 Enable Disable Try Test MD5 Hash Q Enable 9 Disable 2 Basic Maintenance In order to maintain the operation merchant owners will have to manage the accounts and transactions via Authorize Net as well as 4ipnet WHG303 2 1 Void A Transaction and Remove the On demand Account Generated on 4ipnet WHG303 Sometimes a transaction as well as the related user account on 4ipnet WHG303 may have to be canceled before it has been settled with the bank a To void an unsettled transaction please log in Authorize Net Click Unsettled Transactions gt gt Locate the specific transaction record on the List of Unsettled Transactions gt gt Click the Trans ID number gt gt Confirm and click Void Note To find the on demand account name click Show Itemized Order Information on the
82. HG303 supports three kinds of account interface You can log in as admin manager or operator The default usernames and passwords show as follows Admin The administrator can access all configuration pages of WHG303 User Name admin Password admin Username Password OLogout Help Setup Wizard Quick Links System Overview Manager The manager can only access the configuration pages under User Authentication to manage the user accounts but without the permission to change the settings of the profiles of Firewall Specific Route and ochedule User Name manager Password manager 118 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Username manager Password Main Menu gt Users The internal or external account databases include Local POP3 RADIUS LDAP NT Domain On demand and SIP The administrator needs to activate and configure at least one of these authentication databases Postfix is used for the system to identify which authentication option will be used for the specific user account when multiple options are concurrently in use One of the authentication options can be set as default so that end users can choose NOT to type the complete account name id postfix when logging in Authentication 5 sets of black list profiles can be defined Each active authentication option may be Black List configured with one of these 5 black list profiles 8 sets of group pr
83. IP 10 1 1 37 SPort 1632 DIP 203 84 196 242 DPort 80 189 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix G Network Configuration on PC amp User Login Network Configuration on PC After 4ipnet WHG3093 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup Windows 9x 2000 1 Choose Start gt gt Control Panel gt gt Internet Options 2 Choose the Connections tab and then click Setup 190 2Bixi File Edit view Favorites Tools Help Back amp Qsearch C Folders History as R X A EN address Qe Accessibility Add Remove Add Remove Control Panel Options Hardware Programs cm im 3 Internet Options uj Caf Al er Configures your Internet display s and connections settings Display Folder Options Fonts Game Controllers Windows Update 7 c windows 2000 Support gs 3 QN p ay Yd ze Keyboard Mouse Network and Phone and Power Options Dial up Co Modem Printers Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia System Users and VMware Tools Paccuinr de zl Configures your Internet display and connections settings e My Computer Internet Properties a A xj General Security Content Connections Programs Advanced ez Dial up settings
84. KR owe Folder Options Display Fonts Game Internet Controllers Options Lt Phone and Power Options Modem 2 9 Scheduled Sounds and Tasks Audio Devices SE Vi Control Panel Je Switch to Category View See Also qb Windows Update 9 Help and Support Keyboard Network Connections Scanners and Cameras Printers and Faxes S Speech Regional and Language w gQ e B System Taskbar and User Accounts VMware Tools Network Connections Fie Edit view Favorites Tools Advanced Help Back Search Folders M E EH 55 e Network Connections LAN or High Speed Internet Network Tasks ocal Area Connection 4 nabled mili WMD PCNET Family PCI Ethern 5 Create a new connection Set up a home or small office network Disable this network device EN Repair this connection Disable Status Repair Bridge Connections mi Rename this connection view status of this connection Change settings of this connection Create Shortcut Re Other Places G Control Panel My Network Places LG My Documents 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Click on the General tab and choose Internet Local Area Connection Properties Protocol TCP IP and then click Properties General Authentication Advanced Connect using Now you can choose to use DHCP or a HER AMD PCNET F
85. KS Optional a E T Firewall e ISP2 Switch x i E l Switch i ER i Managed AP oto ah E a SS i Um VPN Uv Mail Server 3 lt i gt Web Server z VPN se S App Server F Receptionist G Staff Customer Area Access to Internal Network amp Internet Access to Internet Only Location One Example Managed network deployment 2 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 2 3 Hardware Specification General gt Form Factor 19 1U Rack Mount Dimensions W x D x H 16 9 x 6 1 x 1 7 430 mm x 155 mm x 43 mm Weight 3 3lbs 1 5 kg Operating Temperature 0 40 C Storage Temperature 20 65 C Power 100 240 VAC 50 60 Hz CE FCC gt ROHS compliant VV VV WV Connectors and Display gt WAN Ports 2 x 10 100BASE TX RJ 45 gt LAN Ports 4 x 10 100BASE TX RJ 45 Console Port 1 x RS 232 DB9 gt LED Indicators 1 x Power 1 x Status 2 x WAN 4 x LAN 3 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Installation 3 1 Hardware Installation 3 1 1 System Requirements e Standard 10 100BaseT including network cables with RJ 45 connectors e All PCs need to install the TCP IP network protocol 3 1 2 Package Contents The standard package of 4ipnet WHG303 includes e 4ipnet WHG303 x 1 e Quick Installation Guide QIG x 1 e CD ROM with User s Manual and QIG x 1 e Power Cord x 1 e Power Adaptor 12DC
86. LAN of an organization via Switch or Hub 4 LAN For connecting to the networks managed by WHG303 such as client networking devices WHG303 supports Service Zone function including Port Based mode and Tag Based mode Under Tag Based mode service zones are distinguished by VLAN tagging instead of physical LAN ports and vise versa By default the system is in Port Based mode and all LAN ports are set to the default service zone Console For displaying text data on an extended monitor via a RS 232 DB9 cable 2 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 1 4 Installation Steps Please follow the steps below to install 4ipnet WHG303 1 Connect the Power adapter to the power socket on the rear panel The Power LED on the front panel should be ON to indicate a proper connection 2 Connect an Ethernet cable to WAN1 Port on the rear panel Per your needs connect the other end of the cable to a networking device such as ADSL modem cable modem switch or hub The WAN1 LED indicator should be ON to indicate a proper connection 3 Connect an Ethernet cable to any LAN Port on the rear panel Connect the other end of the cable to a PC for configuring the WHG303 system The LED indicator should be ON to indicate a proper connection 6 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 2 Software Configuration 3 3 1 Instruction of Web Managem
87. N Controller ENGLISH N mM Password General Authentication List AT oystem Change Ea Backup amp WAN 1 Black List Discovery Privilege Interface Restore FUNCTION System WAN 2 Group Adding Monitor IP Routing Table Upgrade Walled WAN Traffic Policy Templates Restart Online Users Garden Walled LAN Port Additional Network Firmware Garden AD S User Logs Mapping Control Utilities List DS DDNS Management Client Mobility Service Zones E mail amp SYSLOG After finishing the configuration of the settings please click Apply and pay attention to see if a RESTART message appears on the screen If such message appears the system must be restarted to allow the new settings to take effect All on line users will be disconnected during restart 18 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 System Configuration This section includes the following functions General WAN1 Configuration WAN2 Configuration WAN Traffic Settings LAN Port Mapping and Service Zones fHome Logout 7 Help Main Menu gt System E Configure general settings for the entire system such as System Name Internal Domain Name SNMP Time etc WANT Set up WANI interface using the connection types Static Dynamic PPTP ar PPPOE Wah Set up WAN interface using the connection types None St
88. Ping and ARF table are supported Network Utilities by the system 116 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 5 1 Change Password There are three levels of authorities admin manager or operator The default usernames and passwords are as follows Admin The administrator can access all configuration pages of WHG303 User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts but without permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator The administrator can change the passwords here Please enter the current password and then enter the new password twice to verify Click Apply to activate this new password Admin Password HE o ERR GL NS NEL Change Manager Password GL NN NEL Ghange Operator Password GE NS ace 117 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH A If the administrator s password is lost the administrator s password still can be changed through the text mode management interface at the serial console port 4ipnet W
89. Profile The default gateway of WAN1 WANO or a desired IP address can be defined in a Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway 81 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Policy 1 Specific Default Route Enable Default Gateway IP Address v Policy 1 Specific Routes Route No a 255 255 255 255 32 D 250 200 200 200 32 E un 255 255 255 255 32 Click Setting of Specific Route Profile to enter the Specific Route page for further configuration o Enable Check Enable box to activate this function or uncheck to inactivate it o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that are just entered and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination Schedule Profile Click Setting of Schedule Profile to enter the configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots a
90. Return to Merchant Payments by YK Cafe PayPal You Made A Payment Your payment for 2 00 EUR has been completed You are now being redirected to YK Cafe If you are not redirected within 10 seconds click here 157 2008 AIPNET INC 4pnet sera WHG303 Secure WLAN Controller ENGLISH Step 5 Click Start Internet Access to use the Internet access service Login iD KM Ea ondemamd Passi d B2BBC TKS Price EUR 2 00 Tax EUR 0 00 Ls de 2 nes 0 mins EBSID YE Cafa TEBT2 four firsttime login must be done before 2007 01 31 18 35 28 The accaunil is valid withim 2 days afler your fire login Please wiite down ou login ID and Password immediately Slant intermmet Acces a Payment is accepted via PayPal PayPal enables you to send payments securely online using PayPal account a credit card or bank account Clicking on Buy Now button you will be Note redirected to PayPal s site to make payment b Please do not manually close the browser when you reach PayPal s payment confirmation page It takes about 30 seconds or more before you are automatically redirected back to our Website with a set of Login ID and Password 158 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix C Accepting Payment via SecurePay How to use SecurePay SecurePay is another external online payment gateway compatible with WHG303 This section guides you how to get SecurePay worki
91. Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Source Destination IPSec Encrypted Check the box for only filtering on the encrypted traffic o Service Protocol There are defined protocols in the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy are applied the firewall rule only within the time checked There are three options Always Recurring and One Time Recurring is set with the hours within a week T1 2008 4IPNE T INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing Specific Route Profile Click the button of Setting for Specific Route Profile the Specific Route Profile list will appear Global Policy Specific Route Profile Destination Gateway Route Item IP Address Subnet Netmask IP Address Route No The number of route IP Address Destination The destination IP address of the host or the network O o subnet Netmask Select a destination subnet netmask of the host or the network o P Address Gateway The IP address of the next router to the destination Maximum Concurrent Session for User Include Maximum Concurrent Session for User from 10 to Unlimited The concurrent sessions for each user it can be rest
92. TCP or UDP for the service s type In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button Public Accessible Server Item External Service Port Local Server IP Address Local Server Pot Type Enable U Ld LL L 197 m 2 1 oo L 198 nm 8 1 LL LC Tet nm L ooo n s oa LEL 4 EL 198v n cs oI Co IO Tem m 8 1 ooo 198 n 5 1 L 3 L 197 m v fC Co oe n Total 40 First Prev Next Last Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type 104 2008 AIPNET INC e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH These seitings will become effective immediately after clicking Apply Port and IP Redirect Type IP Address Port IP Address i TCP UDP TCP UDP TCP UDP A TCP UDP z TCP UDP TCP UDP 7 TCP UDP TCP UDP TCP UDP O TCP UDP 105 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure
93. The default user login page will appear in the browser e E Bpei 187 168 1 255 bgnpages iogn simi Fie ES View Fawkes Took Hep dr e Login User Login Page Welcome To User Login Page Maase Enter Your User Name and Fassward Te Sign In User Name zl Password i Remember Wie 2 Enter the username and password for example we use a local user account test local here and then click Submit button If the Remember Me check box is checked the browser will remember this user s name and password so that he she can just click Submit next time he she wants to login Check the Remember Me box to store the username and password on the current computer in order to automatically login to the system at next login Then click the Submit button The Remaining button on the User Login Page is for on demand users only where they can check their Remaining Usage time 203 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In User Name Password Remember Me 3 Successful The Login Successful page appearing means WHG303 has been installed and configured successfully Now you are connected to the network and Internet Hello you are logged in via testi local fe Please click this button to Login time 2007 12 31 16 0 0 gt gt Note display more inf
94. This session is blocked by a Firewall rule The account name with postfix of the user When it shows N A it indicates that the user or device does not need to log in with a username for example the user or device is on a non authenticated Username port or on the privileged MAC IP list Change the account name accordingly if the name is not identifiable in the record gt gt Note Only 31 characters are allowed for the combination of Session Type plus Username bi The destination IP aadress of the user s computer or device 188 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH gt An example of session log data is shown as below 31 Aug 12 35 05 2007 New usert local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1626 DIP 203 125 164 132 DPort 80 31 Aug 12 35 05 2007 New usert local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1627 DIP 203 125 164 132 DPort 80 31 Aug 12 35 06 2007 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80 31 Aug 12 35 06 2007 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 31 Aug 12 35 07 2007 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1630 DIP 67 18 163 154 DPort 80 31 Aug 12 35 09 2007 New usert local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1631 DIP 202 43 195 52 DPort 80 31 Aug 12 35 10 2007 New usert local TCP MAC 00 09 6b cd 83 8c S
95. User s Manual WHG303 Secure WLAN Controller ENGLISH which connected to serial port e Terminal Server The ticket terminal can be enhanced with serial ticket printing over Ethernet Terminal Server is a list of serial to Ethernet devices that communicate with the system only never get online and no need to go through authentication For customers making purchase at the front desk in a hotel a receptionist uses an account generator 192 168 2 1 to create a guest account and print out receipts with account information A client in the other floor can print the same receipt without going to the front desk on the lobby by using the second floor account generator 192 168 2 2 Both account generators work for the system on LAN side Terminal Server Configuration 182 158 2 1 1st fl infa desk Tom ext 353 182 158 2 2 and fl oe ee he eee eee 2 Ticket Customization On demand account ticket can be customized here and previewed on the screen Ticket Customization Receipt Header 1 Welcomes Receipt Header 2 Receipt Header 3 Receipt Footer 1 hank You Receipt Footer 2 Receipt Footer 3 Remark None Background Image 9 Default Image Uploaded Image Twin Ticket Enable Disable 54 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH J On demand User Receipt Mozilla Firefox A http f10 29 1 210 User4uthentication OnbemandRecept shtml preview 1 amp backorc Lf Welcome
96. Username xxxxanondemand Password HMMM REM EE Plan Type 1 Time Quota xz hris xs mints Total Price 1 99 Reference CUStTOMer sx Essrp ipnet shared Wireless Key None Open System Your first time login must be done before 2009 02 19 15 51 The account is valid within x day s after your first login Thank You Mote To make a better print out ticket you may need to cofigure the browser settings for example Page Setup as well as the printer settings for example Preferences before printing out the page e Receipt Header There are two receipt headers supported by the system The entered content will be printed on the receipt These headers are optional e Receipt Footer The entered content will be printed on the receipt This footer is optional e Background Image You can choose to customize the ticket by uploading your own background image for the ticket or choose the default image or none Click Browse to select the image file and then click upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended e Twin Ticket Enable this function to print duplicate receipts e Preview Click Preview button the ticket will be shown including the information of username and password with the selected background Print the ticket here 55 2008 AIPNET INC 4ipnet 3 User s Manual WHG303 Secure WLAN Control
97. WHG303 121 2008 4IPNE T INC PPNeE sera WHG303 Secure WLAN Controller ENGLISH 4 5 3 Firmware Upgrade The administrator can download the latest firmware from website and upgrade the system here Click Browse to search for the firmware file and click Apply for the firmware upgrade It might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to activate the new firmware System Firmware Upgrade rename O 1 Firmware upgrade may cause the loss of some data Please refer to the release notes for the limitation AA before upgrading 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or restart process It may damage the system and cause malfunction 122 2008 4IPNE T INC 4pnet sera WHG303 Secure WLAN Controller ENGLISH 4 5 4 Restart This function allows the administrator to safely restart 4ipnet WHG303 and the process might take approximately three minutes Click YES to restart WHG303 click NO to go back to the previous screen If the power needs to be turned off it is highly recommended to restart WHG303 first and then turn off the power after completing the restart process Are you sure you want to load factory default setting and RESTART 4ipnet WHG303 YES The connection of all online users of the system will be disconnected when system is in the process of restarting 123 2008 AIPNET
98. WLAN Controller ENGLISH 4 3 3 Adding The AP also can be added manually even though when it is offline Input the related data of the AP and select a Template After clicking Add the AP will be added to the managed list Manual Configuration AP Type EAP 100 Admin Password ladmn OOO AP IP 182 188 1 189 AP MAC 10 20 30 14 1B 1C Remark Template TEMPLATE hal Channel X Cear AP Type This is the supported type of APs for centralized management AP Name Mnemonic name of the specific AP Admin Password Password required for this AP AP IP IP address of the specified AP AP MAC MAC address of the specific AP Remark Some extra information to be filled in for this AP if desired Template Applied The template which will be applied to the added AP Channel The selected channel will be applied to the added AP VON ON ON ON V ON WV 97 2008 AIPNET INC 4pnet sera WHG303 Secure WLAN Controller ENGLISH 4 3 4 Template Settings Template is a model that can be copied to every AP and not necessary to configure the AP individually There are three templates provided Click Edit to go on configuration Template Settings AP Type EAP 100 Edit Template Name TEM LATE1 Before configure the template copy the configuration mode of an AP to the template by selecting a Source AP and without configuring the template from the beginning administrators can also revise some settings for demand If copy is not de
99. a customer If a valid email address is provided an email receipt with payment details for each successful transaction will be automatically sent to the customer via PayPal To change the information on the receipt for customer please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand User Server Configuration gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select PayPal gt gt Go to Client s Purchasing Record section gt gt Type in information in the text boxes Invoice Number and Description Item Name gt gt Confirm and click Apply Client s Purchasing Record Invoice Number Hotspot Reset Description item Mame Wireless Internet Access z Title for Message to Seller Special Mote to Seller s 2 4 Send an email receipt for each transaction to the merchant A copy of email receipt with payment details including available message note from buyer for each successful transaction will also be automatically sent to the merchant owner administrator via PayPal 154 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 Reporting During normal operation the following steps will be necessary to generate transaction reports 3 1 Transaction activity during a period 1 Please log in PayPal gt gt Click History gt gt Choose activity type fro
100. all the authentication servers which will be used and also specify a default authentication server in the page of Service Zone Settings Concurrently up to four servers can be selected and pre configured here by administrators from the five types of authentication databases LOCAL POPS RADIUS LDAP and NTDOMAIN In addition there are two servers On demand User and SIP that are selected by the system For the Authentication Settings of each Service Zone please see 4 1 7 Service Zones Authentication Settings Auth Option Auth Database Group mus tee um mei C s w e e Server Name There are several authentication options supported by WHG303 Server 1 to Server 4 On demand User and SIP Click the hyperlink of the respective Server Name to configure the authentication server e Auth Method There are different authentication methods in WHG303 LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP e Postfix A postfix represents the authentication server in a complete username For example user1 local means that this user user1 will be authenticated against the LOCAL authentication database Note Concurrently only one server is allowed to be set as Local or NTDOMAIN authentication method e Group An authentication option such as POP3 or NT Domain can be set as a Group with the same QoS or Privilege Profile setting For more information on Group please refer to 4 2 3 Group Configuration A After click
101. amily PCI Ethernet Adapter specific IP address This connection uses the following thems El Client for Microsoft Networks az File a Install Description Transmission Control Protocolelntemnet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected d 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically Internet Protocol TCP IP Properties General Altemate Configuration and click OK This IS also the default setting of You can get P settings assigned automatically if your network supports this capability Othenwise you need to ask your network administrator for the appropriate IP settings Windows Then reboot the PC to make sure an IP address is obtained from WHG303 fe Obtain an IP address automatically 5 Using Specific IP Address If you want to use 9 Obtain DNS server address automatically a specific IP address acquire the following Use the following DNS server addresses c9 information from the network administrator the SS Ss IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG303 x A If your PC has been set up completely please inform the network administrator before proceeding to the following step
102. articular user and then modify or add any desired information such as Username Password MAC Address optional Group optional Enable Local VPN optional and Remark optional Click Apply to complete the modification Applied Group Mone bul Roaming Out amp 802 1X Authentication When Account Roaming Out is enabled the link of this function will be available to define the authorized device with IP address Subnet Mask and Secret Key Please see more explanation above in the section for Roaming Out and the section for 802 1X Authentication Local User Database Settings Lacal User List f Enable Disable Account Roaming Out T Local user database will be used as authentication database for roaming aut users Enable 9 Disable 802 1X Authentication Local user database will be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch Roaming Qut amp 802 1 client Device Setting Roaming Out amp 802 1x Client Device Settings n Type IP Address Subnet Mask Secret Key i 2 Click the hyperlink RADIUS Client List to enter the Radius Client Configuration interface Choose the desired type Disable Roaming Out or 802 1X and key in the 802 1X client s IP address and network mask and then click Apply to complete the settings 802 1X Authentication When 802 1X Authentication is enabled the Local authentication database will be used as a RADIUS database for connection with
103. ask 255 255 255 0 fF Step 8 Configure Authentication Settings for SZ2 Check the Enable radio button to enable Authentication Required for the Zone Check the Default button and Enabled box of Server 1 to set LOCAL authentication method as default Disable all other authentication options Then click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Authentication Settings Authentication Required For Enabled Disabled the Zone Auth Option Auth Database Postfix Default Enabled Server 1 LOCAL local Server 2 POP3 pop3 O LI Authentication Options Server 3 RADIUS radius O C Server 4 LDAP Idap Q LJ On demand User ONDEMAND ondemand O C SIP SIP N A Step 9 Set Policy SZ2 Select Policy 1 from the drop down list box Click Apply to activate the settings Group Permission for this Service Zone Configure Default Policy in this Service Zone r1 Edit System Policies s Enabled i Email Message for Login Reminding Edit Mail Message Disabled Step 10 Configure LAN Port Mapping for SZ2 174 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Select the LAN Port Mapping tab from the System menu to enter the LAN Ports and Service Zone Mapping page Select Employee from the drop down list box
104. ati ER ired F EE Saha donee et M Enabled Disabled Auth Option Auth Database Enabled Server 1 LOCAL lacal Server 2 PPS pops Authentication Options Server 3 RADIUS radius Server 4 LDAP On demand User ONDEMAND ondemand Group Permission for this Service Zone Default Policy in this Service Zone Policy 1 se Edit System Policies Email Message for Login Reminding E Edit Mail Message isable gt Authentication Status When enabled users must be authenticated before they get access to the network within this Service Zone gt Authentication Options There are total seven types of authentication database LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP that are supported by the entire system For each Service Zone up to six authentication options can be enabled and one of them can be set as the default option so that users do not have to type in the postfix string while entering username during login gt Custom Pages Related login and logout pages can be customized by administrators for each service zone Please refer to Appendix J Customizable Pages for more details gt Group Permission for this Service Zone For each Service Zone the administrator can set up multiple groups for that Service Zone For each group an associated policy can be assigned Therefore users in the same group follow the same policy and have the same privileges To configure Group permission based on the role of this Service Zon
105. atic Dynamic or PPPoE unl Tete Overall traffic control features of WAN interface such as Load Balancing WAN Failover bandwidth management and connection detection etc amp Service Zone in the system by default contains wired and wireless coverage areas in the organization When Part Based made is enabled each physical LAN port can be set individually to map to a specific Sevice Zone for later use By contrast Under Tag Based made Service Zones will be distinguished by VLAN tagging instead of physical LAN ports Service Zones table to display the Service Zones and related settings LAN Port Mapping 19 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 1 General Main information about 4ipnet WHG303 is shown as follows General Settings for the Entire System System Name Wireless Hotspot Gateway rr mesas cn a ae O Use the name on the security certificate Internal Domain Name FQDHM of this device for internal use e g controller aoffice name com f Enable Disable Homepage Redirect URL http www google com e g http www example com Management IP Address List Setup Management IP Address List SNMP O Enable 9 Disable HTTPS Protected Login 9Enable Disable System Time 2009 02 19 11 15 04 Time Zone flMT 08 00 Taipei NTP NTP Server fe g tock usnonayvy mil NTP Server 2 NTP Server e NTP Server 4 NTP Server tia intpi cs mu OZ AU
106. ation and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time 76 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Global Policy Firewall Rules IP Sec source Encrypted Mo Active Action Name E Service Schedule ve EC Destination Encrypted ANY Block ALL Always ANY ANY 2 F Block ALL Always ANY Selecting the Filter Rule Number 1 as an example Global Policy Edit Filter Rule Rule Item Rule Name EE Source Destination Interface ALL Ww Interface ALL Ww IP Address 0 0 0 0 IP Address 0 0 0 0 Subnet Mask 0 0 0 0 0 w Subnet Mask 0 0 0 0 0 Ww IPSec IPSec Traffic a Traffic MAC Address Service ALL Schedule 9 Always Recurring One Time Action 9 Block Q Pass o Rule Number This is the rule selected 1 Rule No 1 has the highest priority rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN1 WAN2 Default and the named Service Zones to be applied for the traffic interface o Source Destination IP Address Domain Name Enter the source and destination IP addresses Domain Host filtering is supported but Domain name filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o
107. c domain name allowing the administrator to easily access WHG303 s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply Dynamic DNS DDNS O Enable 9 Disable e DDNS Enable or disable this function e Provider Select the DNS provider e Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider To apply for free Dynamic DNS service you may go to pe ete http www dyndns com services dns dyndns howto html 112 2008 AIPNET INC ng e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 8 Client Mobility WHG303 supports IP PNP function Client Mobility At the user end a static IP address can be used to connect to the system Regardless of what the IP address at the user end is authentication can still be performed through WHG303 113 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 9 VPN Configuration Virtual Private Network or VPN a type of technology designed to increase the security of information transferred over the Internet VPN can work with either wired or wireless networks as well as with dial up connections over POTS VPN creates a private encrypted tunnel from the end user s com
108. cation Configuration gt gt Click the server name On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select Authorize Net External Payment Gateway 9 Authorize Net PayPal O SecurePay Disable Authorize Net Payment Page Configuration Merchant Login ID gt Merchant Transaction Key Payment Gateway URL https secure autharize net gateway transact dll Enable Disable Verify SSL Certificate Test Mode O Enable 9 Disable Try Test MDS Hash Q Enable 9 Disable 141 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Some major fields are required Setting Description Merchant Login ID This is the Login ID that comes with the Authorize Net account To get a new key please log in Authorize Net gt gt Click Settings and Profile gt gt Merchant Transaction Key Go to the Security section gt gt Click Obtain Transaction Key gt gt Enter Secret Answer gt gt Click Submit Payment Gateway URL https secure authorize net gateway transact dll default gateway address To enhance the transaction security merchant owner can choose to enable this function and enter a value in the text box MD5 Hash Value Note For detailed description please see 4 2 1 6 Authentication Method On demand User 1 3 Configure the Authorize Net
109. ce Zones tab and click Configure of SZ2 General V WAN1 Y WAN2 WAN Traffic LAN Port Mapping Service Zones Main Menu gt System gt Service Zone Service Zone Settings Service Zone Name VLAN Tag SSID WLAN Encryption Applied Policy Default N A 4ipnet None Policy 1 Guests 1111 d4ipnet 1 None Policy 1 672 2 dipnet 2 None Policy 1 Step 7 Configure Basic Settings for SZ2 Default Authen Option Status Details Server 1 Enabled On demand User Enabled Server 1 Disabled Check the Enable radio button of Service Zone Status to activate SZ2 Enter a name for SZ2 e g Employee in the Service Zone Name field Enter a VLAN tag for SZ2 e g 2222 in the VLAN Tag field General WAN1 Y WAN Y WAN Traffic LAN Port Mapping Service Zones Main Menu System gt Service Zone gt Service Zone Configuration Man Menu oyztem Semice 0ng g Basic Settings Service Zone Status Enabled Q Disabled Service Zone Name Employee j VLAN Tag 2222 F Range 1 4034 Operation Mode NAT Router Network Interface IP Address 192 168 12 254 Subnet Mask 255 255 255 0 Step 8 Configure Authentication Settings for SZ2 p i Check the Enable radio button to enable Authentication Required for the Zone Check the Default button and Enabled box of Server 1 to set LOCAL authentication method as default Disable all 180 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN
110. ch only Port Based When Port Based mode is selected traffic from different virtual Service Zones will be distinguished by physical LAN ports Each LAN port can be mapped to a Service Zone in the form of a 30 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH many to one mapping between ports and Service Zones o Specify a desired Service Zone for each LAN Port For each LAN port select a Service Zone to which the LAN port is to be mapped from the drop down list box By factory default all LAN ports are mapped to Default Service Zone therefore the administrator can enter the web management interface via any LAN port upon the first power up of the system From the drop down list box all disabled Service Zones are gray out to activate any desired Service Zone please configure the desired Service Zone under the Service Zone tab and enable its Service Zone Status refer to 4 1 7 Service Zones LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAN Part Defaull D efault pm etae sra LAN 3 LAN4 EE NN NNI gt Tag Based When the Tag Based mode is selected traffic from different virtual Service Zones will be distinguished by VLAN tagging instead of by physical LAN ports Select Tag Based and then click Apply to activate the Tag Based VLAN function When a restart message screen
111. cord PayPal Payment Page Remark Content Client s Purchasing Record Description Item Name Intern et Access Title for Message to Seller Special Note to Seller PayPal Payment Page Remark Content 7E Payment is accepted via PayPal PayPal enables you to send payments securely online using PayPal account a credit card or bank accounr Clicking on Buy Now button Client s Purchasing Record Invoice Number An invoice number may be provided as additional information against a transaction 63 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH This is a reference field that may contain any kind of information Description Enter the product service description e g wireless access service Title for Message to Seller Enter the information that will appear in the header of the PayPal payment page PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of Rate Plan For example it can describe the cautions for making a payment via PayPal SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website Please see Appendix C Accepting Payments via SecurePay for more information about setting up a SecurePay Account relevant maintenance functions and an example for client
112. cted by PayPal Block Non encrypted On Website Payment Off PayPal Account Optional When this feature is turned on your customers will go through an optimized checkout experience This feature is available for Buy Now Donations and Shopping Cart buttans but not for Subscription buttons Learn More PayPal Account On Optional i Off Contact Telephone Number When you activate this option your customers will be asked to include a Contact Telephone Number with their payment information Learn More Note Selecting On Required Field could have a negative effect on buyer conversion Contact Telephone On Optional Field c On Required Field Off PayPal recommends this option Save Cancel 151 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 1 2 Configure 4ipnet WHG303 with a PayPal Business Account Please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select PayPal External Payment Gateway Authorize Net 9 PayPal SecurePay Q Disable PayPal Payment Page Configuration Payment Gateway URL https www paypal com cai bin webscr 9 Enable Disable Trusted CA Management Verify SSL Certificate Currency USD U S Dollar Three fields are required Setting o Deseripti
113. ction is being established Please wait os Internet 100 211 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH Once the IPSec VPN tunnel is established the user has successfully logged in and the connection is secured by IPSec VPN https 197 168 1 254 lopinpages vypn_main shtml uip 192 168 1 6 4 u E Qo BHex ex EE Fie Edit wiew Favorites Tools Help E rttpsuis2168 125400 o E d gt poe Hello you are logged in via local vpn user amp local The connection is secured by IPSec VPH ba A StS R88 To logout please click the Logout button ULAIAZAZILILILIS Login time 2009 2 24 13 55 42 2 ActiveX Control component The ActiveX Control is a software component running inside Internet Explorer The ActiveX Control component can be checked by the following windows 212 2008 AIPNET INC 4ipnet Internet Options Internet programs each Internet service 9 You can specify which program Windows automatically uses Far HTML editor Microsoft FrontPage E mail Microsoft Outlook Newsgroups Microsoft Outlook Internet Call NetMeeting Calendar Microsoft Outlook User s Manual WHG303 Secure WLAN Controller ENGLISH EHE Poem Add ons dra View and manage add ons that are installed on your computer Disabling or deleting add ons might Vy prevent some
114. d select a reactive mode The MD5 Hash security feature enables merchants to verify that the results of a transaction or transaction response received by their server were actually sent from the Authorize Net 58 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Service Disclaimer Content Choose Billing Plan for Authorize Net Payment Page Client s Purchasing Record Service Disclaimer Content We may collect and store the following personal e information email address phySical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us t Choose Billing Plan for Authorize Net Payment Page Plan Enable Disable Quota Price 1 O Enable Disable 2 hrs 0 mins 20 2 Enable Disable j Enable Disable 4 Enable Disable 5 Enable Disable x Enable Disable T Enable Disable Enable Disable 3 Enable Disable 1 Enable Disable Description Item Name E mail Header Client s Purchasing Record Starting Invoice Number lotsp E F Change the Number Internet amp ccess Enjay Online Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer Choose Billing Plan for Authorize Net Payment Page These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be fur
115. d the IP address and port number of the proxy server into External Proxy Servers setting Click Apply to save the settings Step 3 Make sure that clients use the same proxy server settings Please also configure appropriate exceptions if there is any traffic which is not needed to go through proxy server for example there is no need to use proxy server for the Default Gateway 192 168 1 254 186 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Proxy Settings Servers Type Proxy address to use Port HTTP 10 2 5 208 EI Secure Local Area Network LAW Settings Automatic configuration Automatic configuration may override manual settings To ensure the FTP use of manual settings disable automatic configuration B Automatically detect settings Socks Use automatic configuration script o _ Use the same proxy server For all protocols Proxy server Exceptions Use a proxy server For vour LAN These settings will nat apply to dial up ar VPM connections Bypass proxy server Far local addresses It is required that the proxy server setting of the clients match with the proxy server setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will Shown an error page in the browser 187 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix F
116. ddresses and 7 DbtsinandE address automatically f Use the following IP add enter the DNS Server address Then click IP address OK Subnet mask 5 2 Click Advanced to enter the Advanced pelau gateways TCP IP Settings window t en SS Preferred UNS server Alternate DMS server Advanced TCP IP Settings 5 3 Click on the IP Settings tab and click Add IF Settings pns WINS Options IF addresses the TCP IP Gateway Address window will DHCI Enabled below the Default gateways column and appear Add Edit Remove Default gateways Remove Interface metric Cancel 199 2008 AIPNET INC 4ipnet 5 4 1 2 Enter the gateway address of WHG303 in the Gateway field and then click Aad After back to the IP Settings tab click OK to complete the configuration Check the TCP IP Setup of Window XP Select Start gt gt Control Panel gt gt Network Connection Right click on the Local Area Connection icon and select Properties 200 TCPAIP Gateway Address BE 7 gae User s Manual WHG303 Secure WLAN Controller ENGLISH Gateway wv Automatic metric Cue D emen H AAAQ Metric amp Control Panel File Edit View Favorites Tools Help oO Bacl gt 27 pa Search e Folders fi ss G Control Panel v D uu g Accessibilty Add Hardware Add or Administrative Date and Time Options Remov Tools
117. dit Cards Street Address Bank Accounts Phone Currency Balances Password Gift Certificates Notifications Monthly Account Statements Multi User Access Preapproved Payments API Access Business Information Close Account Selling Preferences Auctions Regional Tax Shipping Calculations Payment Receiving Preferences Instant Payment Notification Preferences Reputation Customer Service Message Seller Eligibility for PayPal Buyer Protection Encrypted Payment Settings Custom Payment Pages Invoice Templates Language Encoding Administrators should scroll down to edit each setting as shown in the table below To activate all the changes please click Save at the end of the page 150 2008 AIPNET INC Auto Return On Return URL Redirect Webpage Type http www www com or other URL Payment Data Transfer On Block Non encrypted Website Payment Off PayPal Account Optional Off Contact Telephone Number Off Click Save User s Manual WHG303 Secure WLAN Controller ENGLISH Log Out Help Security Center My Account Send Money Request Money Merchant Tools Auction Tools Overview Add Funds Withdraw History Resolution Center Profile Website Payment Preferences Back to Profile Summary Auto Return for Website Payments Auto Return for Website Payments brings your buyers back to your website immediately after payment completion Auto Return applies to PayPal Website Payments including Buy
118. e Click Configure to have further configuration or view the details Click Enabled of the desired Group option s to allow the clients of the selected Group s to log into this Service Zone after a successful authentication Moreover a pre defined Policy can be applied to any Group in this Service Zone 37 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Click the hyperlink of the respective Group names in the Edit Group Option column to enter the Group Configuration tab where zone permission and policy assignment can be further configured refer to 4 2 3 Group Configuration gt Default Policy in this Service Zone For each Service Zone one policy can be applied to enforce the access control over the users Please refer to 4 2 4 Policy Configuration for complete description gt Email Message for Login Reminding When enabled the system will automatically send an email to users if they attempt to send receive their emails using POP3 email program for example Microsoft Outlook before they are authenticated Click Edit Mail Message to edit the message in HTML format 5 Service Zone Settings Wireless Settings SSID 4ipnet Open System System Authentication Security Enable 802 1 Authentication gt Set SSID Each service zone can be mapped with its own SSID Wireless Settings gt Access Point Security For each service zone administrators can set up t
119. e List interface Fill in the necessary information such as Username Password MAC and Remark Select a desired Group to classify local users Check to enable Local VPN in the Enable Local VPN column Click Apply to complete adding the user s For more information on Group configuration please refer to 4 2 3 Group Configuration Adding User s to the List EET ee meme REC a aa es es e 3 e User useri1 has been added Adding User s to the List MAC LE Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process Note 1 The format of each line in the file is Username Password MAC Address Applied Group Remark Local YPN Enabled without quotes There must be no space between the fields and commas The MAC Address field could he omitted but the trailing Comma must be retained When adding user accounts by uploading a file existing accounts in the embedded database that are also defined in the data file will not be replaced hy the new ones Note 2 If users need to use Local VPN p set Local VPN Enabled field to 1 Note 3 Only Q9 ASZ anz are acceptable for password field Pew User from File Upload When uploading a file any format error or duplicated username will terminate the uploading process and no account wil
120. e Zone Port Role LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAN Port LANI LAN2 LANS LAN4 LAN1 is now configured for Guests Step 6 Configure Service Zone 2 for Employee Assume that LAN2 is assigned to the Service Zone 2 SZ2 for Employee Select the Service Zones tab and click Configure of SZ2 General V WAN1 Y WAN2 V WAN Traffic LAN Port Mapping Service Zones ervice Zone Main Menu System Service Zone Settings Service 7one LAN Port SSID WLAN Applied Default Authen Name Mapping Encryption Policy Option Default L JLelLelLoJ 4ipnet None Policy 1 Server 1 Enabled Status Details Guests alL IL J J SPUR None Policy 1 On demand User Enabled 5722 JL JT JL J me None Policy 1 Server 1 Disabled Step 7 Configure Basic Settings for SZ2 Check the Enable radio button of Service Zone Status to activate SZ2 Enter a name for SZ2 e g Employee in the Service Zone Name field 173 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH General V WAN1 WAN2 WAN Traffic V LAN Port Mapping Service Zones Main Menu gt System Service Zone gt Service Zone Configuration Han Men Zraz eE el Basic Settings Service Zone Status 9 Enabled Disabled Service Zone Name Employee Operation Mode SNAT O Router Network Interface IP Address 192 168 12 254 Subnet M
121. e of authentication database is LDAP the Attribute Group Mapping function will be available to allow the administrator to assign a Group for LDAP attribute therefore a Policy applied to this Group will be mapped to a user Group of a LDAP attribute When the type of database is SIP the Group selection function will be available to allow the administrator to assign a Group option for all SIP clients 4 2 4 1 Global Policy Global is the system s universal policy including Firewall Rules Specific Routes Profile and Maximum Concurrent Session which will be applied to all users unless the user has been regulated and applied with another Policy Policy Configuration Global Policy Firewall Profile Specific Route Profile Maximum Concurrent Sessions Sessions per user ie NEZ e Select Policy Select Global to set the Firewall Profile Specific Route Profile and Privilege Profile e Firewall Profile Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules e Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client 75 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH
122. ec VPN is running paralleled with the web page of Login Success Unless user decides to close the session and to disconnect with WHG303 the following conditions or behaviors of using browser shall be avoided in order to maintain the built IPSec VPN tunnel always alive Reasons may cause the Internet Explorer to stop the ActiveX unexpectedly as follows The crash of Internet Explorer on running ActiveX Suggestion Please reboot client s computer once Windows service is resumed go through the login process again Terminate the Internet Explorer Task from Windows Task Manager EJ windows Task Manager ee x File Wptions View Windows Help Applications Processes Performance Mekwworking Task Statkus w untitled Paint Running gs htEps 7z qespriyaberloaginpagesvpn moain sht Running BERE Civi DO wSYSvystemiz cmd exe Running E EI End Task Switch Ta Mew Task Processes 47 CPU Usage DO Commit Charge 295468 64151 Suggestion Don t terminate this VPN task of Internet Explorer 215 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH There are some cases of Windows messages by which WHG303 will warn current user to Close the Windows Internet Explorer Click logout button on login success page Click back or refresh of the same Internet Explorer Enter new URL in the same Internet Explorer GO O O
123. ed Retained Days 3 days User Logs N A Receiver E mail Address es HA N A MTP Server System Time Time Idle Time Out 10 Minis User Session Control Multiple Login Disabled Preferred DNS Server 168 95 1 1 DAS tock usno nayy mil 2008 02 19 16 59 50 0800 126 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH The description of the above mentioned table is as follows Syslog server Traffic History The IP address and port number of the external Syslog Server N A means that it is not configured The IP address and port number of the external Syslog Server N A means Syslog server On demand User log that it is not configured Enabled disabled stands for that the system is currently using the proxy Proxy Server server or not Enabled Disabled stands for the connection at WAN is normal or abnormal Warning of Internet Disconnection Internet Connection Detection and all online users are allowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function currently being used or not Load Balancing Enabled Disabled stands for the function currently being used or not Enabled disabled stands for the current status of the SNMP management function Retained Days The maximum number of days for the system to retain the users information SLOTY The email address to which the traffic history or user s traffic history Email To informa
124. ed as default the postfix can be omitted For example if BostonL dap is the postfix of the default option Bob can login as bob without having to type in bob BostonLdap Set a postfix that is easy to distinguish e g Local and the server numbers 0 9 alphabets a z or A Z dash underline and dot within a maximum of 40 characters All other characters are not allowed A The Policy Name cannot contain these words MAC and IP Black List There are 5 sets of black lists provided by the system A user account listed in the black list is not allowed to log into the system the client s access will be denied The administrator may select one black list from the drop down menu and this black list will be applied to this specific authentication option Group Select one Group from the drop down list box for this specific authentication option Authentication Method Select Local from the drop down list box and then click Local User Setting button to enter the Local User Settings Then click the hyperlink of Edit Local User List AA Enabling two or more servers of the same authentication method is NOT allowed 41 2008 AIPNET INC ng me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 1 Authentication Method Local Choose Local User from the Authentication Method field the button besides the drop down menu will become Local User Setting Authentication Option Server 1
125. edeem Page Please close this window or click this button to Please Enter Your User Name and Password To Sign In g ver name Thank you Remaining Usage Hour Min Sec wee Login time 2008 10 7 2 50 10 ei CAU c Internet amp 10095 Start Browsing 166 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 6 Redeem is successful and you can see more quota for internet access Windows Internet Explorer EJ A Redeem process completed m Login Successfully Windows Internet Laploter CS e eten y7t92 160 1 25 oghpegesfpopunt 1 shield Google T L God E m q Bockmankse w dro Login Successfully Welcome Login ID 3ag6 Please dose fis window or click this bufon to E at oe M EB Thank you Remaining Usage 14 Houra Mim B Se Login time 2008 10 7 2 50 10 PV Rem Start Browsing 167 2008 AIPNET INC e E 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH How does Merchant check billing transactions 1 Goto SecurePay Merchant Login Page at https www securepay com au merchant and enter Merchant ID Login User Name and Password LOGIN DETAILS Merchant ID EET ULA admin Ime Log In Forgot My Password 2 Click Search Transactions and Today to check today s transactions Search Transactions gt Today Reconciliation Reports Download Daily Reports New Search
126. edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status AP List IP Address APType AP Name Service Zone Status MAC Address 192 168 1 3 L EAF 100 EAP 100A Default online 11 22 33 44 55 66 132 158 1 103 L EAP 100 EAP100B Default Offline 1A amp ZB 3C 4D 5bE BF Enable Disab jele Apply Template Total 2 First Prev Next Last Check any AP and then click the button below to Reboot Enable Disable and Delete the checked AP if desired AP List IP Address L AP Type AP Name Service Zone Status MAC Address 192 188 1 3 i L EAP 100 EAP 1004 a Default Online 11 22 33 44 55 5B 192 168 1 109 EAP 100 EAPT1O0O0B Default Offline 1A amp 72B 3C 4D 5bE BF Reboot Erene Click Apply Template to select one template to apply to the AP 88 2008 AIPNET INC PPNeE sera WHG303 Secure WLAN Controller ENGLISH Q Template TEMPLATE w Wireless big mode Subnet Mask 802 11b 802 119 255 255 255 Gateway 182 163 1 254 89 2008 AIPNET INC 4ipnet AP Name User s Manual WHG303 Secure WLAN Controller ENGLISH Click AP Name and enter the interface about related settings There are four kinds of settings General Settings LAN Interface Setting Wireless Interface Setting and Access Control Setting Click the hyperlink to go on the configuration General Wireless LAN Access Control Ge
127. elow OLogout Help Quick Links System Overview Step General Step 2 WAN1 Interface Step 3 Local User Account Optional Step 4 Confirm and Restart Please follow the steps below to complete the Setup Wizard configuration Step 1 General e Click the Setup Wizard in the Home page to start the configuration process e Enter a new password in the New Password field and re enter it again in the Verify Password field a maximum of 20 characters and no spaces allowed in between e Select an appropriate time zone from the Time Zone drop down list box to set up the system time e Click Next to continue f Home OLogout Help Setup Wizard General New Password Verify Password Time Zone GMT 08 00 Taipei A For security concern it is strongly recommended to change the administrator s password 13 2008 4IPNE T INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Step 2 WAN1 Interface and Wireless e Select a proper type of Internet connection for WAN1 interface from the following three available connections Static Dynamic or PPPoE Your ISP or network administrator can advise on the connection type available to you Below depicts an example for Dynamic e Click Nextto continue f Home SOLogout Help Setup Wizard WAN1 Interface O static Use the following IP settings 9 Dynamic IP settings assigned automatically O PPPoE Step 3 Local User Account Optio
128. ent Interface 4ipnet WHG303 supports web based configuration Upon the completion of hardware installation WHG303 can be configured through a PC by using its web browser with JavaScript enabled such as Internet Explorer version 6 0 Step 1 Set DHCP in TCP IP of the administrator PC to get an IP address dynamically Connect the PC to any LAN Port of WHG303 An IP address will be assigned to the PC automatically via the WHG303 built in DHCP server Step 2 Launch a web browser to access the web management interface of WHG303 by entering https 192 168 1 254 https is used for a secured connection or http 192 168 1 254 in the address field i 4ipnet WHG303 Windows Internet Explorer l Y https 192 166 1 254 Fie Edit view Favorites Tools Help ve de 4pnet WHG303 Step 3 The following Administrator Login Page will then appear Enter admin the default value in the Username and Password fields and then click Login to log in English v Username admin Password eeeee If you are unable to get to the login screen please check the IP address used The IP address should Note bein the same subnet of the default gateway For using static IP in TCP IP setting set a static IP address such as 192 168 1 x for your network interface and then open a new browser again 7 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Step 4 After a successful
129. er when you reach PaF als payment confirmation page lakes about 30 seconds or more before yau are auormaticalhy redii ected back To our website with a set of Login ID and Password 156 2008 AIPNET INC amp 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Microsoft Internet Explorer Do you want to purchase the mtemet service through PayPal s website VOR J i Note You don t necessarily need a PayPal account to do credit card payment on PayPal s website Step 4 You will be redirected to PayPal website to complete the payment process Payments by YK Cafe SUI sas Review Done Enter Payment Information PayPal is the authorised payment processor for YK Cafe To continue please enter the required information below Learn more about PayPal Secure Transaction amp Payment For Quantity Price Wireless Internet Access at YK Cafe 2 hrs 0 mins 1 2 00 EUR mm Subtotal 2 00 EUR Total Amount 2 00 EUR Pay Fast With PayPal C It s free and private Merchants never see your financial info Payments by YK Cafe PayPall Login Review Done O Review Your Payment Secure Transaction amp Payment For Quantity Price Wireless Internet Access at YK Cafe 2 hrs 0 mins 1 2 00 EUR Subtotal 2 00 EUR VAT 0 00 EUR Total Amount 2 00 EUR Review the payment details and click Pay to complete your secure payment Cancel and
130. ernet domain name for example www StoreName com for this subscriber gateway device System information System Hare Administrator info s rn The sentce rs temporarily Unavailable Ir soces na lara aic falla Device Hame www StereMame com Bii dor this devia In addition it is necessary to sign up for a SSL certificate licensed from a Certificate Authority for example VeriSign for this registered Internet domain name Thus by meeting these two requirements it will allow end customers or subscribers to pay for the Internet access in a securer and convenient way 2 Basic Maintenance In order to maintain the operation the merchant owner will have to manage the accounts and payment transactions on PayPal website as well as 4ipnet WHG303 2 1 Refund a completed payment and remove the on demand account generated on 4ipnet WHG303 1 To refund a payment please log in PayPal gt gt Click History gt gt Locate the specific payment listing in the activity history log Click Details of the payment listing Click Refund Payment at the end of the details page Type in information Gross Refund Amount and or Optional Note to Buyer gt gt Click Submit gt gt Confirm the details and click Process Refund 2 To remove the specific account from 4ipnet WHG303 please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Acco
131. erview v System 4b Access Points System Time 2009 02 23 16 33 15 0800 Total Managed Up Time 5 days 6 35 Down F W Version 1 00 00 EN N Associated Clients 9 Network Interfaces __ r 95 Users IP Address Status Total Online 192 168 1 254 tup On demand N A Down Q VPN Sessions IP Address SSID Status 192 168 1 254 dipnet Enabled Local VPN 0 192 168 11 254 4ipnet 1 Enabled Remote VPN 9 192 168 12 254 4ipnet 2 Enabled 192 168 13 254 4ipnet 3 Disabled 192 168 14 254 4ipnet 4 Disabled 192 168 15 254 dipnet 5 Disabled 192 168 16 254 4ipnet 6 Disabled 192 168 17 254 4ipnet 7 Disabled 192 168 18 254 dipnet 8 Disabled Refresh every seconds gt Main Menu Provide detailed configuration pages for administrators to configure the system manually Please refer to Section 4 Web Interface Configuration for more information OLogout Help Setup Wizard Quick Links System Overview t f Home OLogout Help ese 35 Ff Users r Access Points Network Utilities Welcome to System Main Menu This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Users Access Points Network Utilities and Status 10 2008 AIPNET
132. es Tools Help w od f https j 192 168 1 254 lag Em dh i Page 7 This website wants to install the Following add on PNClient CAB Fra stall Actives Control IF you trust the website and the add on and want to install it click here Peta SEES HAD What s the Risk More information ActiveX component loading failed To enable the VPN connection please click the Windows alert on the browser to install the ActiveX component e Internet amp 10095 210 2008 AIPNET INC e me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH C Click on the alert message and then choose the Install ActiveX Control to install the software Internet Explorer Security Warning Do you want to install this software Mame VPNClient CAB Publisher Cipherium Systems Co Lid 5 More options Install Don t Install while Files From the Internet can be useful this File type can potentially harm your computer Only install software From publishers vau krust What s the risk d After the software is installed well the system will try to establish the IPSec VPN tunnel for the user automatically https 192 168 1 254 loginpages vpn main shtml uip 192 168 1 6 E BK Gar httpsiif192 1 v E Cer 4 Xx o ls File Edit View Favorites Tools Help uw ow PS oitps i192 168 1 254 l09 agi E dh b Page The VPN conne
133. etwork access rights without going through standard authentication process at the controlled port may cause security problems 107 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 3 Monitor IP List WHG308 will send out a packet periodically to monitor the connection status of the IP addresses on the list If the monitored IP address does not respond the system will send an e mail to notify the administrator that such destination is not reachable After entering the necessary information click Apply to save the settings Click Monitor to check the current status of all the monitored IP The system supports monitoring on 100 IP addresses listed in the Monitor IP List Monitor IP List Hyperlin IP Address E http IOS Po Co FC oe ew Com a Cum FC e pem Cum mel w G tm pews ee Co ra Total 100 First Monitor Now On each monitored item with a WEB server running administrators may add a link for the easy access by selecting g a protocol http or https and click the Add button After clicking Add button the IP address will become a hyperlink and administrators can easily access the host by clicking the hyperlink remotely Click the Del button to remove the Monitor IP result s setting 10 2 3 203 n 2 5 7 8 108 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 4 Walled
134. f information First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name Company The name of the company associated with the billing or shipping information entered on a given transaction Address The address entered either in the billing or shipping information of a given transaction City The city is associated with either the billing address or shipping address of a transaction State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state Zip The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits Country The country is associated with both the billing and shipping address of a transaction This may be entered as either an abbreviation or full value Phone A phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include
135. f this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WANI Interface Setting Q static Use the following IP settings Dynamic IP settings assigned automatically PPPoE fe PPTP Type static 9 DHCP PPTP Server IP Address H Username Password PPTP Connection 1D Name Dial on Demand Enable 9 Disable 24 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 3 WAN2 Configuration Select None to disable this WAN 2 interface or there are 3 connection types for the WAN port Static IP Address Dynamic IP Address and PPPoE Client WAN Interface Setting 9 None Static Use the following IP settings Dynamic IP settings assigned automatically PPPoE i TS e None The WAN Port is disabled e Static IP Address Manually specifying the IP address of the WAN port The red asterisks indicate required fields to be filled in WAN Interface Setting None fe Static Use the following IP settings IP Address Subnet Mask Default Gateway Preferred ONS Server Alternate ONS Server tn Q Dynamic IP settings assigned automatically PPPoE IP address the IP address of the WAN2 port Subnet mask the subnet mask of the network WAN2 port connects to Default gateway a gateway of the network WAN2 port connects to Preferred DNS Server The primary
136. fault button and Enabled box of Guest Users to set ONDEMAND authentication method as default Disable all other authentication options Then click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Authentication Settings Authentication Required For SEnabled Disabled the Zone Auth Option Auth Database Postfix Default Enabled Server 1 LOCAL local Q F Server 2 POP3 pop3 O LI Authentication Options Server 3 RADIUS radius O L Server 4 LDAP ldap Q C On demand User ONDEMAND ondemand e IP SIP N A Step 5 Set Policy SZ1 Select Policy 1 from the drop down list box Click Apply to activate the settings Click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps 179 2008 AIPNET INC 4ipnet Group Permission for this Service Zone Default Policy in this Service Zone Email Message for Login Reminding Step 6 Configure Service Zone 2 for Employee User s Manual WHG303 Secure WLAN Controller ENGLISH d v Edit System Policies Enabled Edit Mail Message Disabled Assume that LAN2 is assigned to the Service Zone 2 SZ2 for Employee Select the Servi
137. fice or another location Set up a home or small office network Connect to an existing home ar small office network or set up a new one C Set up an advanced connection Connect directly to another computer using your serial parallel ar infrared port or set up this computer so that other computers can connect to tt 193 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 5 Choose Set up my connection manually New Connection Wizard and then click Next Getting Ready I The wizard is preparing to set up your Internet connection Haw da you want to connect to the Internet nternet service providers ISPs ora drm connecter INI phone number for your ISF For a broadband account you won t need a phone number CO Use the CD got from an ISP 6 Choose Connect using a broadband New Connection Wizard connection that is always on and then click Internet Connection A How do vau want ta connect to the Interet Next Connect using a dial up modem This type of connection uses a modem and a regular ar ISON phone line C Connect using a broadband connection that requires a user name and password This is a high speed connection using either a DSL ar cable modem our SP may refer to this type of connection as PPPoE Cancel 7 Finally click Finish to exit the Connection New Connection Wizard Wizard Now the setup is completed Completing
138. geg3 jpg in the uploaded folder of Service Zone 1 we should specify img src imagesO my_image1 jog gt and img src images1 my image3 Jpg form action userlogin shtml method post name login id login gt lt img src images0 my_image1 jpg gt img src images1 my_image3 jpg gt lt form gt b Upload the image files e Example the HTML code uses lt img src imagesO my_image1 jog gt The file my_image1 jog should be manually uploaded to the uploaded image folder of Default Service Zone as shown below Uploaded Page Setting File Name Browse _ Submit Existing Image Files my imagel1 jpg Delete Total Capacity 512 E Now Used i K Upload Images Preview 220 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 Preview the new Login Page After the HTML code and image files are uploaded successfully to view how the new Login Page looks in the browser click on the hyperlink Preview Uploaded Page Setting Existing Image Files my image1 jpg Note For a simple example of editing HTML code please see another file Custom Login Page Sample Code Appendix K RADIUS Accounting The Vendor Specific Attributes VSA values are intended to provide service providers with information such as the user s location to facilitate back end processing of transaction data as well as to provide service level information The system now
139. ger than Price Range 0 100000 including two digits after decimal point e g 1 99 159 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH 4ipnet 2 Payment Configuration Select Secure Pay for your external payment gateway Enter Merchant ID and Password And Payment Gateway URL is one fixed URL https www securepay com au xmlapi payment Finally enable whichever plan s you d like to apply to SecurePay External Payment Gateway Q Authorize Net PayPal 9 SecurePay Q Disable SecurePay Payment Page Configuration Merchant ID Merchant Password Payment Gateway URL Verify SSL Certificate Currency Service Disclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us SecurePay Payment Page Billing Configuration Plan Enable Disable Quota Price 1 Q Enable 9 Disable 2 hrs 0 mins 20 2 Enable Disable SecurePay Payment Page Remark Content You must till in the correct credit card number and expiration date Card code is the last 3 digits of the Security code located on the back of your credit card 160 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH How does your client purchase a plan 1 Open a browser it then shows a login page And click
140. gging instead of physical LAN ports LAN1 LAN LANS LANA em mm umm Step 2 Configure Service Zone 1 for Guests Select the Service Zones tab and click Configure of SZ1 li General WANI WAN2 WAN Traffic LAN Port Mapping M Service Zones Main Menu gt System gt Service Zone Service Zone Settings Service Zone Name VLAN Tag SSID WLAN Encryption Applied Policy Default Authen Option Status Details Default N A 4ipnet Mone Policy 1 Server 1 Enabled 571 1 dipnet 1 Mone Policy 1 Server 1 Disabled Configure S22 2 dipnet 2 None Policy 1 Server 1 Disabled Step 3 Configure Basic Settings for SZ1 Check the Enable radio button of Service Zone Status to activate SZ1 Enter a name for SZ1 e g Guests in the Service Zone Name field Enter a VLAN tag for SZ1 e g 1111 in the VLAN Tag field 178 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH General Y WAN1 Y WAN WAN Traffic LAN Port Mapping Service Zones Main Menu gt System gt Service Zone gt Service Zone Configuration Basic Settings Service Zone Status Enabled Disabled Service Zone Name Guess VLAN Tag 11 i le Range 1 4054 Operation Mode 9 NAT Router Network Interface ae IP Address 192 168 11 254 Subnet Mask 255 255 255 0 e Step 4 Configure Authentication Settings for SZ1 Check the Enable radio button to enable Authentication Required for the Zone Check the De
141. gt Name The name of Service Zones and Remote VPN gt Enabled Select Enabled to allow clients of this Group to log into the selected Service Zones For example the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1 gt Policy Select a Policy that the Group will be applied with when accessing respective Service Zones gt Edit Group Permission The relation between Group and Service Zone is many to many every Group can access network services via more than one Service Zone and meanwhile each Service Zone can serve more than one Group Click the hyperlink in the Edit Group Permission column to enter the Group Configuration interface which is based on the role of Service Zone to configure the relation between Group and Zone 73 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Group Permission Service Zone Default M s p Ben me m OE rms mer awe OE rm s mer wm OE ome ewe OE fme s mer ewer OE rS mer ewe a roe aa Group Option The name of Group options available for selection o Enabled Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under constraints of the selected Policies Check Enabled of each individual Group to assign it to the Service Zone listed For example the above figure shows clients in Group 1
142. he description of the above mentioned table is as follows T Sues re SetMaskeh WANT ECTCITUNEUUICICIIO NNNM The total accumulated packets in through this WAN port since the gateway boots up The delta shows the difference between the numbers from last time this Interface Status page is visited The total accumulated packets out through this WAN port since the gateway Packets Out boots up The delta shows the difference between the numbers from last time this Interface Status page is visited The total accumulated bytes in through this WAN port since the gateway boots Bytes In up The delta shows the difference between the numbers from last time this Interface Status page is visited The total accumulated packets out through this WAN port since the gateway Bytes Out boots up The delta shows the difference between the numbers from last time this Interface Status page is visited sue OE ERN CUT NN Tomme snom 129 2008 AIPNET INC 4ipnet 4 6 3 Routing Table User s Manual WHG303 Secure WLAN Controller ENGLISH All the Policy Route rules and Global Policy Route rules will be listed here Also it will show the System Route rules specified by each interface Destination Destination Destination Destination Destination Destination Destination 182 188 1 0 0 0 0 0 Policy 1 subnet Mask Gateway Policy 2 Subnet Mask Gateway Policy 3 Subnet Mask bateway Policy 4 Subnet Mask Gateway Policy 12 Sub
143. he wireless security profile including Authentication and Encryption 6 Service Zone Settings Managed AP in this Service Zone All managed APs that belong to this service zone are listed here Managed AP s in this Service Zone IP Address MAC MAC Address o 192 168 1 9 11 22 33 44 55 66 AP Mame Status EAP100 EAP100A 38 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 User Authentication This section includes the following functions Authentication Configuration Black List Configuration Group Configuration Policy Configuration and Additional Configuration gt es A System Jsens Access Points Network Utilities Status Authenticatian Black List Group Y Policy Additional Control Main Menu gt Users The internal or external account databases include Local POPS RADIUS LDAP NT Domain On demand and SIP The administrator needs to activate and configure at least one of these authentication databases Pastfi is used for the system to identify which authentication option will be used for the specific user account when multiple options are concurrently in use One af the authentication options can be set as default sa that end users can choose NOT to type the complete account name ridi paosthx when lagging in Black List 5 sets of black list profiles can be defined Each active authentication option may be configured with one of these 5 black
144. his section also include the operations such as reboot enable disable delete apply a new template and other configuration This Discovery function is to manually or automatically detect the supported types of APs Discovery when connected to the LAN ports and automatically assign a unique IP address to each AP discovered Addin The Adding function is used to manually set up an amp P via filling in the required information far 9 that AF The system provides 3 templates that can be used to simplify the AF configuration Status 3 AF setting templates can be defined These templates can be edited saved and used in Templates 5 UE ED Adding and Discovery sections The Firmware function provides the tools ta see the AP firmware version and upload new AP Firmware firmware inta the system The Upgrade function allows administrators to upgrade the AP firmware using the firmware Upgrade files stored in the system WDS Wireless Distribution System is a function to interconnect all the managed APs access points wirelessly to form a Tree connection with the structure of Parents and Children The WDS Management provides the WDS tree status and enable the administrator to add move and delete the WDS connections among the Tree WDS Management 87 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH 4 3 1 AP List All of the APs under the management of WHG303 will be shown in the list The AP can be
145. icate Te Gx Without a valid certificate users may encounter the following problem in IE7 when they try to open the login page Certificate Error Navigation Blocked Windows Internet Explorer ad au T http www google com Fie Edit View Favorites Tools Help AT abe iG Certificate Error Navigation Blocked 9 There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage amp Continue to this website not recommended More information Click Continue to this website to access the user login page To Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes You just overwrote the setting with default KEY amp default CA file You should restart the system to activate this Click to restart Remaining Time Reminder The administrator can enable this function to remind the on demand users before their credit run out There are two kinds of reminder Volume and Time The default reminding trigger level for Vo
146. ies Connection Request Processing ZP RADIUS MAC SS stressuses il sl Employee i3h sizh Groupl Idle3m Sessionbm E Groupe Sessioni zm Group3 Unlimited Group IdleSm MAS ID match cipher 24 Groups MA5 1D match other 24 Connections to Microsoft Routing and 24 Connections to other access servers Move Up Move Down F Delete Rename Kiwi Active Director 4 Properes slog records cs zz di c 7h Certification Authority Command Remote Desktop Opens property sheet For the current selection Step 5 to 9 Adding a Vendor Specific attribute into properties of this selected policy Group3 Unlimited Properties Tix Settings Specify the conditions that connection requests must match Policy conditions 8 109 5E B D b DES Windows Groups Add IF connection req associated profile 5 Edit Profile Unless individual policy controls ace IF a connection re C Deny remote Grant remote Dial in Constraints Authentication H Ei Encryption Advanced To add an attribute ta the Profile select the attribute and then click Add Specify addition FRPP Tee ste Access Server Attributes Mame Generate Class Class Framed Protoce Service T ype To add an attribute that is not listed select the Yendor Specific attribute Attribute Mame Vendor Description EIN rii LI C Le alt rnnelina nta LI Ei
147. in this list General Settings None O usp O cap EUR Monetary Unit Input other desired monetary unit e g ALI WLAN ESSID Remaining Valume Sync Interval 9 10min s 15minfs 2 min z Terminal 5erver Configuration e Postfix Postfix is used to inform the system which type of authentication database to be used for authentication when multiple databases are concurrently in use Enter the postfix used for on demand users e Monetary Unit Select the desired monetary unit or specified the unit by users e Group Name Select the desired group for on demand user e WLAN ESSID The administrator can enter the defined wireless ESSID in this field and it will be printed on the receipt for on demand users reference when accessing the Internet via wireless LAN service The ESSIDs given here should be those of the Service Zones enabled for On demand Users e Wireless Key The administrator can enter the defined wireless key such as WEP or WPA in the field The Wireless Key will be printed on the receipt for the on demand users reference when accessing the Internet via wireless LAN service e Remaining Volume Sync Internal While the on demand user is still logged in the system will update the billing notice of the login successful page by the time interval defined here e Number of Tickets Print one or duplicate receipts when pressing the print button of the ticket printer 53 2008 AIPNET INC 4ipnet
148. ing Apply there will be a restart message You must click Restart to apply the settings 40 2008 4IPNE T INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Authentication Server Configuration WHG303 provides four authentication servers and one on demand server that the administrator can apply with different policy Click on the server name to set the configuration for that particular server After completing and clicking Apply to save the settings go back to the previous page to select a server to be the default server and enable or disable any server on the list Users can log into the default server without the postfix to allow faster login process Server 1 4 There are 5 authentication methods Local User POP3 RADIUS LDAP and NT Domain to select from Authentication Database Local mous LDAP NT Domain ADDI Server Name Set a name for the authentication option by using numbers 0 9 alphabets a z or A Z dash underline space and dot only The length of this field is up to 40 characters This name is used for the administrator to identify the authentication options easily such as HQ RADIUS Postfix A postfix is used to inform the system which authentication option to be used for authenticating an account e g bob BostonLdap or tim 2 TaipeiRadius when multiple options are concurrently in use One of authentication option can be assigned as default For authentication assign
149. ings of the system Interface Display the current settings of all network interfaces List all Policy Route rules and Global Policy Route rules The System Route rules are shown Routing Table here as well The Policy Route rule has higher priority than the Global Policy route rule The System Route rule has the lowest priority Display the information of the online users Content of the information includes Username IP Online Users Address MAC Address Packet Count In Out Byte Count In Out and idle time Administrator can remove the online user via clicking the Logout button in each recard Display detailed user access records on daily basis History record of up to 3 days is kept in User Logs the system The system can send various reports via up to 3 email accounts such as Monitor IP report E mail amp SYSLOG Users log and Session Log The external SYSLOG server and FIP server are configured here 125 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 6 1 System Status This section provides an overview of the system for the administrator System Setting Overview Firmware Yersion 1 00 00 EM N OoO200 System Name Wireless Hotspot Gateway Homepage Redirect URL http www gaagle cam SYSLOG Server System Log BY Ah SYSLOG Server On demand Users Log Be A eh Proxy Server Disabled Warning of Internet Disconnection Disabled WAN Failover Disabled Load Balancing Disabled SNMP Disabl
150. ink bandwidth allowed to be shared by clients within this Group o Individual Maximum Uplink Defines the maximum uplink bandwidth allowed for an individual client belonging to this Group The Individual Maximum Uplink cannot exceed the value of Group Total Uplink o Individual Request Uplink Defines the guaranteed minimum bandwidth allowed for an individual client belonging to this Group The Individual Request Uplink cannot exceed the value of Group Total Uplink and Individual Maximum Uplink gt Privilege Profile Group 1 Privilege Configuration Change Password Privilege Enable 9 Disable o Change Password Privilege When Change Password Privilege is enabled the authenticated local users within this Group are allowed to change their password via the Login Success Page Zone Permission Configuration amp Policy Assignment Group 1 8 A Group can be assigned to one Service Zone or multiple Service Zones Moreover a Group can be applied with different Policies within different Service Zones Remote VPN is considered as a zone where clients log into the system via remote VPN 12 2008 4IPNE T INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH del Configuration Group 1 Select Select Group um E Zone Permission Configuration amp Policy Assignment Group 1 Edit Group Permission eo mo mems a e a emsa a ren m a mema a n a meme e m om eem e m a
151. ion page Choose a desired type 48 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH from Disable Roaming Out or 802 1X Enter the P Address Segment Subnet Mask and Secret Key of 802 1X clients Click Apply to complete the settings Roaming Out amp 802 1x Client Device Settings auz lx wv 192 158 0 0 255 255 255 254 31 Im e Trans Full Name When Complete option is checked both the username and postfix will be transferred to the RADIUS server for authentication On the other hand when Only ID option is checked only the username will be transferred to the external RADIUS server for authentication e NASID The Network Access Server NAS Identifier of the system for the external RADIUS server e NAS Port Type The type of physical port used by NAS to authenticate the user e Class Group Mapping e This function is to assign a Group to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes log into the system via the RADIUS server each client will be mapped to its assigned Group RADIUS Group Mapping Server 3 Enable Disable LL Tero mmeiw a DE e kA e Server IP The IP address of the external RADIUS server e Authentication Port Enter the authentication port of the RADIUS server e Accounting Port The accounting port of the external RADIUS server Secret Key The Secret Key for RADIUS
152. l be uploaded Please correct the format in the uploading file or delete the duplicated user account in the database and then try again The unit of data transfer is byte The unit of session length is second ID Username and Password must be given in upper case Local VPN Enabled Username Password MAC Address 1 enable 0 disabled user3 user3 00 00 00 00 00 09 BL fuser3 A Applied NE Remark 44 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Download User Use this function to create a txt file with all built in user account information and then save it on disk Add User Upload User Download User Local User List Password MAC Address usaeri useri 1ii22i33 4455 66 elete D let let 00 00 00 00 00 00 e Search Enter a keyword of a username to be searched in the text field and click this button to perform the search All usernames matching the keyword will be listed 4dd User Upload User Download User Local User List Applied Group Username Password MAC Address Local PN Enabled e Del All Click on this button to delete all the users at once and click on Delete to delete the user individually 45 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Edit User If editing the content of individual user account is needed click the username of the desired user account to enter the User Profile Interface for that p
153. ler ENGLISH Billing Plans Administrators can configure several billing plans Click Edit button to enter the page of Editing Billing Plan Click Apply to save the plan that manually set up by the administrators Go back to the screen of Billing Plans click Enable button and then the plan is activated Billing Plans Type Quota Time 2 hrs 0 mins e Plan The number of the specific plan e Type This is the type of the plan based on which it defines how the account can be used e Quota The limit on how On demand users are allowed to access the network e Enable Click the radio button to activate the plan e Function Click the button Editto add one billing plan o Time Total period of time xx hrs yy mins during which On demand users are allowed to access the network Editing Billing Plan Plan Type Time Quota P Js T ius Range of mints 0 58 they cannot both be zero Account Activation Firsttime login must be done within day s NM hauris t Range af haumsi 0 z3 they cannot both be zero Valid Period After activation accaunt will be expired in davisi t hust be larger than 0 20 t Range 0 100000 including two digits after decimal point e g 1 38 4 o Volume Total traffic volume xx Mbytes up to which on demand users are allowed to transfer data Price 56 2008 AIPNET INC 4 4pneU sera WHG303 Secure WLAN Controller ENGLISH Editing Billing Plan Range 1
154. lg the configured DNS cannot be found e When the following Administrator Login Page appears it means the restart process is now completed 15 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 3 3 3 User Login Portal Page In order to be granted network access via WHG303 s a user must be authenticated first by entering a correct username and password on the User Login Portal Page To verify whether the configuration of the new local user account s created via the Setup Wizard has been completed successfully 1 Connect a client device e g laptop PC to the LAN1 Port of WHG303 The device will obtain an IP address automatically via DHCP Open a web browser on a client device access any URL and then the default User Login Page will appear Enter the Username and Password of a local user account previously generated via Setup Wizard e g testuser local as the Username and testuser as the Password then Click Login 4ipnet User Login Username testuser Password eeeeecce Remember Me 1 WHG303 supports multiple authentication options including built in local user database and external authentication database e g RADIUS The system will automatically identify which authentication option is used from the full username entered The format of a full valid username is userid postfix where userid is the user ID and gt gt Note ae we l pos
155. list profiles 8 sets of group profiles including Qos Configurations Instant Account Privilege Change Group Password Privilege and Zone Permission Configuration amp Policy Assignment can be defined for each group option to enforce the access management far different groups of users Authentication A policy can be selected to apply to a group of users within a zone 12 sets of policy profiles Policy Including Firewall Profile Specific Route Profile Schedule Profile and Session Limit Management can be defined Additional configurations are in this section They are User Session Control Built in RADIUS Server Settings Customization Remaining Time Reminder and MAC ACL The administrator can control user sessian such as idle timeout in User Session Control Three fuctions are Additional Control provided in Built in RADIUS Server Settings such as session timeout In Customization the administrator can upload certificate to the system Remaining Time Reminder provides remaining time information to clients on the screen The administrator can manage the access control to the system via clients MAC address in the MAC 4ACLiAccess Control List 39 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 Authentication Configuration This section is for administrators to pre configure authentication servers for the entire system s Service Zones For a particular Service Zone administrators can enable
156. llawing IP settings IP Address Subnet Mask Default Gateway Preferred ONS Server 168 95 1 1 Alternate ONS Server Dynamic IP settings assigned automatically PPPOE PPTP e Dynamic IP Address It is only applicable for the network environment where the DHCP server is available on the network Click the Renew button to get an IP address automatically WANI Interface Setting Q static Use the following IP settings 9 Dynamic IP settings assigned automatically PPPoE PPTP PPPoE Client When selecting PPPoE to connect to the network please set the User Name Password MTU and CLAMPMSS There is a Dial on demand function under PPPoE If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WANI Interface Setting Q static Use the fallawing IP settings O Dynamic IP settings assigned automatically fe PPPoE Wsername Password MTJ 1492 bytes Range 1000 1492 Clamp MSs 1400 bytes Range 980 1400 Dial on Demand Enable 9 Disable PPTP 23 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH PPTP Client Select STATIC to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically The fields with red asterisks are required to be filled in There is a Dial on demand function under PPPoE I
157. login a Home page with four links called Setup Wizard Quick Links System Overview and Main Menu will appear OLogout Help Setup Wizard Quick Links System Overview gt Setup Wizard Provide a four step quick configuration of the system Please refer to Section 3 3 2 Setup Wizard for more information OLogout Help Quick Links System Overview Home SLogout Help Setup Wizard General New Password esses s Verify Password esses s Time Zone GMT 08 00 Taipei Next gt Quick Links Provide 8 links for the administrator to access frequently used pages of the web management interface directly which are System Status Local User Management Policy Management Privilege List Online User List Guest Account Management Authentication Configuration and Firmware Management 8 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH OLogout Help Overview fi Home SLogout Help Quick Links rename On demand Account Management Authentication Configuration gt System Overview Provide an overview of the system status for the administrator Certain hyperlinks of associated configuration pages are provided in this page for the administrator to access directly OLogout Help Setup Wizard Quick Links VETV 9 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Home SOLogout Help System Ov
158. lume is 1Mbyte and the level for Time is 5 minutes 85 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Remaining Time Volume O Enable 9 Disable Feminder Time and Cut off Enable Disable MAC ACL With this function only the users with their MAC addresses in this list can log into WHG303 There are 100 users maximum allowed in this MAC address list User authentication is still required for these users Please enter the Permit MAC Address List to fill in these MAC addresses select Enable and then click Apply Access Control List Enable 9 Disable Total 100 First Prev Next Last Ti NEL A The format of the MAC address iS XX XX XX XX XX XX Ol XX XX XX XX XX XX 86 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH 4ipnet 4 3 AP Management WHG303 supports to manage up to 20 access points AP and they can be configured in this section This section includes the following functions AP List AP Discovery Adding APs Template Selection Firmware Upload AP Upgrade and WDS Management f Home Logout 7 Help D Utilities c s35 r System Users gaas Points Network Lo JA List V Discovery V adding Templates Firmware V Upgrade WDS Management Main Menu Access Points A list to show the information of each managed AP including Type Name IP Address MAC List Address and online Status Functions in t
159. m the Show field as the search criteria gt gt Specify the dates From and To fields for the period gt gt Click Search Add Funds Withdraw Resolution Center Profile History View up to three months of monthly account statements View this Search All Activity Simple View vi Within The Past Day v Fem p2 B pm Month Day Year a B 17 Month Day Year All Activity Simple View from Dec 31 2006 to Jan 30 2007 Date Type To From Name Email Status Details Action Gross Fee Net Amount 3 2 Search for the transaction details for a specific customer Please log in PayPal gt gt Click History gt gt Click Advanced Search gt gt Enter the name for a specific customer as criteria in the Search For field and Choose Last Name or First Name in the In field gt gt Specify the time period gt gt Click Submit gt gt Click Details to view the transaction details Overview Add Funds Withdraw Resolution Center Profile History History Download My History View up to three months of Uispute Reports Dispute Reports monthly account statements View this Advanced Search History OF O Within The Past Day v mem gs y Et fue pter 7 0 7 o6 Month Day Year Month Daw Year gt gt Note For more information about PayPal please see http www paypal com 155 2008 AIPNET INC amp 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH
160. mez login id login gt input class textinput name myusername id2 myusername type text size 24 onKeyPress return submitenter this event gt input class textinput name mypassword id2 mypassword type password size 24 onKeyPress return submitenter this event gt lt form gt e Hyperlink or HTML button element in HTML form 1 that allows the user to submit information form action userlogin shtml method post name login id login gt lt a href JavaScript Form_Submit login class appmsg gt Login lt a gt lt form gt e HTML form 2 that allows the browser to process information as needed about On demand users lt form action reminder shtml method post name Reminder gt lt input tyoe hidden name myusername value gt input type hidden name mypassword value gt lt form gt e All JavaScript functions that will be executed by the browser when needed lt script language JavaScript1 2 function functionname var1 var2 varX some code j lt script gt 218 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH b Optional elements in the HTML code Input tag rememberme Remember Me checkbox in HTML form 1 that can be used to allow the browser to save username and password when this function is selected form action userlogin shtml method post namez login id login gt lt i
161. n demand User General Settings Ticket Customization Configure Billing Plans External Payment Gateway On demand Account Creation On demand Account List J E b 3 Choose a billing plan for this user and click Create On demand Account Creation Plan Type Quota Price Status Function 1 Time 2 hrs 0 mins 20 Enabled 2 Time 42 hris 40 mints 3 Enabled 3 M NIA MJA Disabled 4 Give your client the print out of this receipt with new account information 165 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Username 88444pondemand Password a5cb888e Price AUD 3 Usage 12 hrs 40 mins ESSID 4ipnet Wireless Key You first time login must be done before 2008 10 10 17 56 18 The account is valid within 8 days after your first login 5 Have your client go back to the Login successful page and click Redeem And enter new User Name and Password Login Successfully Windows Internet Explorer cos httpsi 192 168 1 254 loginpages popup11 shtml uid 3ag6Gondemand amp s V ai Certificate Error 47 X 0 Google IG M Goo 45 ER V YY Bookmarkse Bh i blocked Check X nk w YE AutoFill gt gt Q Settingsy we amp I Successfully T B deh b Page Tools WHG101 Windows Internet Explorer mn https f 192 168 1 254 loginpages redeem shtml uid 3ag6 ondemand amp session v Welcome ee ae Redeem Page He Welcome To R
162. nal New local accounts can be created and added into the database via this optional function If local user accounts are not required click Skip to go directly to Step 4 However it is recommended to create at least one local user account in order to verify the system s readiness upon completion of this Setup Wizard e Enter the Username e g testuser and Password e g testuser to create a new local account e Click Next to continue e More local accounts can be added by clicking the Back button in Step 4 fHome DOLogout 7 Help Setup Wizard Local User Account Optional Username testuser ZD i ia Step 4 Confirm and Restart e Click Finish to save current settings and restart the system 14 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Home DLogout Help Setup Wizard Confirm and Restart Please press Finish button and restart the system e A confirmation dialog box will then appear Click OK to continue Microsoft Internet Explorer 3 Ore vou sure vou want to restart the system now Cancel e A Confirm and Restart message will appear on the screen during the restarting process Please do not interrupt the system until the Administrator Login Page appears Home OLogout Help Setup Wizard Confirm and Restart The system is trying to locate a DNS server at this stage Therefore a longer startup time is required if Note Pe o
163. nd click Apply to save the settings These settings will become effective immediately after clicking Apply Enable Disable woe s os e wo w Dom om v v v LA A z z v v v gt Maximum Concurrent Session for User Include Maximum Concurrent Session for User from 10 to Unlimited The concurrent sessions for each user it can be restricted by administrator 82 2008 AIPNET INC l amp 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Note For more information please refer to Appendix F Session Limit and Session Log 83 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 5 Additional Configuration Additional Control Idle Timeout minutes 1 1440 User Session Control Multiple Login IM henian options using On demand and RADIUS databases will not support this function Session Timeout minutes 120 P s 1440 Built in RADIUS Idle Timeout minutes 10 1 120 Server Settings Interim Update minutes 5 pa i20 Customization Certificate Remaining Time Volume Enable 9 Disable rou LL Time and Cut off Enable Disable MACAC ACL Edit Control list to manage which client devices are allowed to access the login page Te NEL User Control Functions under this section apply to all general users Idle Timer If a user has idled with no network activities the system will automatically kick ou
164. nections Modem 9 2 9 Printers and Regional and Scanners and Scheduled Sounds and Faxes Language Cameras Audio Devices sx wu e Speech System Taskbar and User Accounts VMware Tools 2008 AIPNET INC ng e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 2 Choose the Connections tab and then click Internet Properties Setup Advanced ra To set up an Internet connection click Setup Dial up and Virtual Private Network settings Add Remove Choose Settings iF you need to configure a proxy Settings server For a connection Hever dial a connection Dial whenever a network connection is not present Always dial my default connection Local Area Network LAN settings LAM Settings do not apply bo dial up connections LAN Settings Choose Settings above For dial up settings 3 When the Welcome to the New Connection New Connection Wizard Wizard window appears click Next Welcome to the New Connection Wizard This wizard helps you Connect to the Internet Connect to a private network such as your workplace network Set up a home or small office network To continue click Mert 4 Choose Connect to the Internet and then New Connection Wizard 1 Network Connection Type click Next What do vau want to do C Connect to the network at my workplace Connect to a business network using dial up or VPN so you can work fram home a field of
165. neral Settings Name EAP 100B Firmware 1 00 LAN Interface Settings IP 182 158 1 108 Gateway 182 168 1 254 Wireless Interface Settings Channel Auto Data Rate Auto Access Control Settings Status Disabled Number of MAC D Addresses gt General Setting Click Setting to enter the General Setting interface Firmware information can be observed here 90 2008 AIPNET INC 4ipnet Name NTP SNMP SYSLOG Remark Firmware User s Manual WHG303 Secure WLAN Controller ENGLISH General Settings EAF 100B Time Zane GMT 06 00 Taipei Taiwan NTP Server 1 tick stdtime gov tw NTP Server 2 tock stdtime qov tw Disabled Disabled gt LAN Setting Click LAN to enter the LAN Setting interface Input the data of LAN including IP address Subnet Mask and Default Gateway of AP IP Address Subnet Mask Default Gateway Primary ONS secondary DNS LAN Settings 192 168 1 109 299 299 299 0 192 168 1 254 182 158 1 254 e Wireless LAN Click Wireless LAN to enter the Wireless interface Access Control In this function when the status is Allowed only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP on the other hand when the status is Denied the clients whose MAC addresses are listed in the list will be denied to connect to the AP When Disabled is selected all clients can connect to the AP The default is
166. net Mask bateway Global Folicy Subnet Mask bateway System Subnet Mask bateway 255 255 255 0 0 0 0 255 255 0 0 0 0 0 0 0 0 0 0 130 interface interface interface interface Interface Interface Interface Default WAN WANA 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Policy 1 12 Shows the information of the individual Policy from 1 to 12 Global Policy Shows the information of the Global Policy System Shows the information of the system administration Destination The destination IP address of the device Subnet Mask The Subnet Mask IP address of the port gt Gateway The Gateway IP address of the port gt Interface The choice of interface network including WAN1 WAN2 Default or the named Service Zones to be applied for the traffic interface 131 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 6 4 Online Users List In this function each online user s information including Username IP MAC Pkts In Bytes In Pkts Out Bytes Out Idle Access From and Kick Out will be shown Administrators can force out a specific online user by clicking the hyperlink of Logout and check the user access AP status by clicking the hyperlink of the AP name for Location Click Refresh is to update the current users list Online Users List S IP Address MAC Address Pkts Out Bytes out SEE Kick Out O
167. ng with WHG303 and how to check today s billing transactions and teaches your clients how to purchase or renew different network access plans online using their credit cards For Administrators to get started Before getting started administrators need to apply for a Merchant ID and Merchant Password from the SecurePay official website In this example merchant account one starting with plan one is SecurePay Merchant D ABCOO01 SecurePay Merchant Password abc123 1 Create billing plans Administrators may come up with many ways to charge their clients For example Plan 1 charged by Time Each Plan 1 client has to make their first login within 3 days The user can access the internet for 2 hours and this account is valid for 5 days He s being charged 20 dollars for this plan Authentication Server On demand User General Settings Ticket Customization Billing Plans External Payment Gateway On demand Account Creation Configure On demand Account List view Fi Billing Plans Plan Type Quota Price Enable Function 1 Time 2 hrs 0 mins 20 Edit 2 Time 12 hris 40 mints 3 d Editing Billing Plan Plan 1 Type Ld Quota o minis i Ws 0 59 they cannot both be zero Account Activation Firsttime login must be done within day s hour s Range of hours 0 Z3 they cannot both be zero Valid Period After activation account will be expired in day s Must be lar
168. ngs When the matched AP is discovered it will show up in the list below and be given a new IP address set here ex 192 168 1 1 Check the Add box to add the AP and it will be listed to the AP list When an AP is added its MAC address will be automatically recorded into MAC Privilege List please see 4 4 2 Privilege List so its management page can be accessed Click Configuring to go on the related configuration For the details please refer to 4 3 1 AP List AP List IP Address all AP Type AP Name Service Zone Status MAC Address 192 168 1 9 L EAP1 00 EAP10 0A Default Offline 11 22 33 44 55 66 e Background AP Discovery Click Configure to enter Background AP Discovery interface to go on related configuration Background AP Discovery AP Type EAP 100 Interface 9 Factory Default IP Address 182 158 1 1 Admin Settings Used Login ID admin to Discover Password admin Manual Status Enable 9 Disable The Interface and AP Access configuration is the same as the settings mentioned above When Background AP Discovery function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Add AP is enabled it will be assigned an available IP from the starting IP address and apply the selected template You can also set the channel the AP would use A The scanning process may take a long time if the IP range assigned to scan is too
169. nnections SIP Configuration Enable L WAN Interface WAMI Auth Option Auth Database Default Enabled LOCAL 6 M RADIUS LDAP We o Group Permission Applied Policy to Remote Remote YPN Login Page Site to site VPN When the setting is enabled the system enables the IPSec VPN tunnel to reach remote networks sites with encrypted data transmission Click Add A Remote Site button to set configuration about remote VPN capable devices such as VPN gateway Click Add A Local Site button to set configuration about local Remote Site Configuration IP Address Pre shared Key Add A Remote Site site Local Site Configuration Local Subnet Local Interface Remote VPN Gateway Remote Subnet Delete Add 4 Local Site 115 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 5 Utilities This section provides utilities to customize and maintain the system including Change Password Backup amp Restore Settings System Upgrade Restart and Network Utilities Home Logout 7 Help System Network Status Main Menu Utilities Utilities Password Change Manage the administration account password Backup amp Restore Backup and restore system settings System factory default can also be restored System Upgrade Wodate the system firmware Restart Restart the system i xs Some network utilities such as Wake on L4N web based
170. nput classz textinput type checkbox id rememberme name rememberme gt lt form gt c Upload the HTML code e Example we have finished editing the HTML code and saved it as new oginpage html Then it should be uploaded to the system manually as shown below Existing Image Files Delete my image1 jpa O Submit Preview 3 Processing the image files a In the HTML code images specifies the path of default system image folder while imagesZ specifies the path of uploaded image folder where Z is the number of Service Zone 0 is Default Service Zone 1 is Service Zone 1 2 is Service Zone Z2 etc The following are some examples Example 1 to use apply gif in the system image folder as a background image we should specify background images apply gif form action userlogin shtml method post name login id login gt td width 125 height 28 align center background images apply gif valign middle gt lt form gt 219 2008 AIPNET INC 4pnet sera WHG303 Secure WLAN Controller ENGLISH Example 2 to use my image t jpg in the uploaded image folder of Default Service Zone we should specify img src imagesO my_image1 jjpg gt form action userlogin shtml method post name login id login gt img srcz images0 my imagel1 jpg lt form gt Example 3 to use my imaget jpg in the uploaded image folder of Default Service Zone and my ima
171. o WAN2 when WAN1 connection is down On the other hand a Service Zone s policy could also use WAN as its interface in that case if WAN2 is down the WAN2 s traffic under its policy will also be routed to WAN1 gt Fall back to WAN1 when WANT is available again If WAN Failover is enabled the traffic will be routed to WAN2 automatically when WAN1 connection fails When fall back to WAN1 is enabled the routed traffic will be connected back to WAN1 when WAN 1 connection is recovered Warning of Internet Disconnection When enabled there is a text box available for the administrator to enter a reminding message This reminding message will appear on clients screens when Internet connection is down 27 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH SIP authentication is exempt from Load Balancing and WAN Failover A fixed WAN port is used for SIP traffic 28 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 1 5 LAN Port Mapping WHG303 supports multiple Service Zones in either of the two VLAN modes Port Based or Tag Based but not concurrently In Port Base mode each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports In Tag Based mode each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames By default the system is in
172. o p iA Pec cle Gan sa es m Active Directory Users and i ompubers few Wow _ tp es OM O xP nB eA nmh Active Directory Users and Computer Users 67 objects Qi ai3lsb idv tw finas and 145 Servers Security Group Servers in this group can fe C Bultin 2 Schema Admins Security Group Designated administrators i Et here Security Group List of Terminal Server co Leer Lise Leser B User Kui Logie i E Security Group hever lf a This is 4 vendor s account Members of this group ha i y Group Add to a group Digable Account Reset Password Send Mail PFET ELLE E EB Step 14 Select Dial in Step 15 Select Allow access Step 16 Click OK 225 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH usergroups Properties Remote control Terminal Services Profile COM General Address Account Profile Telephones Organization Member OF 4 Dial iri Environment Sessions Remote Access Permission Dial in ar PA Deny access Control access through Remote Access Policy verify zallerlB Callback Options No Callback C Set by Caller Routing and Remote Access Service onlu C Always Callback to amp ssign a Static P Address e cee Apply State Hautes Define routes ta enable for this Dial in GESCHEITERT connectinn
173. ofiles including QoS Configurations Instant Account Privilege Change Group Password Privilege and Zone Permission Configuration amp Policy Assignment can be defined for each group option to enforce the access management for different groups of users A policy can be selected to apply to a group of users within a zone 12 sets of policy profiles Policy including Firewall Profile Specific Route Profile Schedule Profile and Session Limit Management can be defined Additional configurations are in this section They are User Session Control Built in RADIUS Server Settings Customization Remaining Time Reminder and MAC ACL The administrator can control user session such as idle timeout in User Session Control Three fuctions are Additional Control provided in Built in RADIUS Server Settings such as session timeout In Customization the administrator can upload certificate to the system Remaining Time Reminder provides remaining time information to clients on the screen The administrator can manage the access control to the system via clients MAC address in the MAC ACL Access Control List Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator Username operator Password 119 2008 AIPNET INC 4ipnet Authentication sieck List Group V Policy V addi
174. ogin Here is a link https www paypal com cgi bin webscr cmd registration run Choose um Enter Information Confirm gt Done Sign Up for a PayPal Account Anyone with an email address can use PayPal to send and receive money online What is PayPal Already have a PayPal Account Upgrade your account Personal Account Ideal for shopping online It s a free secure and fast way to send payments You can also accept bank account or PayPal balance funded payments for free and a limited number of credit or debit card payments per year for a low fee Learn more Premier Account Perfect for buying and selling on eBay or merchant websites Accept all payment types for low fees Do business under your own name Business Account The right choice for your online business Accept all payment types for low fees Do business under a company or group name Learn more Forgot your email address Forgot your password Step 2 Edit necessary settings in Website Payment Preferences Member Log In Click Profile gt gt Click Website Payment Preferences in the Selling Preferences section Payal My Account Log Out Help Security Center Send Money Request Money Merchant Tools Auction Tools Overview Add Funds Withdraw History Resolution Center Profile Summary To edit your Profile information please click on a link below Account Information Financial Information Email Cre
175. oma ES G 1 i i General WANT WANZ WAN Traffic LAN Port Mapping service Zones 5 Tus 1 TA Main Menu gt System gt Service Zone Service Zone Settings Service Zone Name VLAN Tag SSID WLAN Encryption Applied Policy Default Authen Option Status Details Default N A 4ipnet None Policy 1 Server 1 Enabled Guests 1111 dipnet 1 Policy 1 On demand User Enabled Configure Employee 2222 4ipnet 2 Policy 1 Server 1 Enabled Configure 182 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix E Proxy Setting Basically a proxy server can help clients access the network resources more quickly This section presents basic examples for configuring the proxy server settings of WHG303 Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet For example the following diagram shows that a proxy server of an ISP will be used ADSL Cable Modem Access Point T ISP Proxy Server Swotehook 183 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH Follow the following steps to complete the proxy configuration Step 1 Log into the system by using the admin account Step 2 Network gt gt Proxy Server gt gt External Proxy Servers page Add the IP address leaving it blank means any IP address and port number of the proxy servers in
176. on Business Account ID This is the Login ID email address that is associated with the PayPal Business Account Payment Gateway URL https www paypal com cgi bin webscr default URL for PayPal Identity Token Please log in PayPal after saving the above settings gt gt Click Profile gt gt Click Website Payment Preferences in the Selling Preferences section gt gt Scroll down to the section Payment Data Transfer optional Payment Data Transfer optional Payment Data Transfer allows you to receive notification of successful payments as they are made The use of Payment Data Transfer depends on your system configuration and your Return URL Please note that in order to use Payment Data Transfer you must turn on Auto Return Payment Data On Transfer ooff Identity Token FIvrdOqLv EMdUbg8D 3y7kLG1C8iGdxpF z6f6kCo KBd f5SQoKZkCBQru Copy the Identity Token in the above page to the section PayPal Payment Page Configuration of 4ipnet WHG303 PayPal Payment Page Confiquration Business Account test business accountigihaetmail cam Payment Gateway URL https www paypal com cai bin webscr Verify SSL Certificate O Enable 9 Disable Currency USD L S Dollar 152 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 1 3 Requirements for Building a Secure PayPal based E Commerce Site To deploy the PayPal function properly it is required that the merchant register an Int
177. ontrol visitor account provisioning flexible accounting and billing and high speed secure wireless connection into one box to fulfill the needs demanded by a public wireless network It also provides advanced functions suitable for larger networks to accommodate more users with multiple APs to cover a wider service area 2 2 System Concept 4ipnet WHG303 is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external database server Featured with user authentication and integrated with external payment gateway WHG303 allows users to easily pay the fee and enjoy the Internet service using credit cards through Authorize net PayPal or SecurePay With centralized AP management feature the administrator does not need to worry about how to manage multiple wireless access point devices Furthermore WHG303 introduces the concept of Service Zones multiple virtual networks each with its own definable access control profiles This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services The following diagram is an example of WHG303 set to manage the Internet and network access services at a hotspot venue pris oS WHG303 Modem WHG303 External UU Account ew ISP Authentica Database i 7 Load Ne A g Balancing tion Server k b xi
178. or further configuration Enter the server IP address and enable disable the transparent login function These settings will become effective immediately after clicking the Apply button Domain Controller Transparent Login Enable 9 Disable windows 2000 2003 or above e Server IP The IP address of the external NT Domain Server e Transparent Login This function refers to Windows NT Domain single sign on When Transparent Login is enabled clients will log in to the system automatically after they have logged in to the NT domain which means that clients only need to log in once 52 2008 AIPNET INC 4pneU sera WHG303 Secure WLAN Controller ENGLISH 4 2 1 6 Authentication Method On demand User On demand User Server Configuration The administrator can enable and configure this authentication method to create on demand user accounts This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment Major functions include accounts creation users monitoring list billing plan billing report statistics and external payment gateway support Authentication Server On demand User General Settings Configure Ticket Customization Configure 1 General Settings This is the common setting for the On demand User authentication option The generated on demand users and all accounts related information such as postfix and unit will be shown
179. ormation as shown below When On demand accounts are used for example we use 7kSc ondemand here the system will 204 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 Remaining Usage The remaining quota of this On demand account that the user can surf the Internet Hello you are lagged m wa Tkec ondemand Please close this window or click this bution t Thank yout Remaining Usage Hour 59 Min 4 Sec Login time 2006 4 3 14 13 58 5 Redeem When the remaining quota is insufficient the user can add up the quota by purchasing an additional account Please enter the new username and password in the Redeem Page and click ENTER button to merge the two accounts so that there will be more quota for the original account Welcome To User Login Page Please Enter Your User Name and Password To Sign In Password The maximum session time data transfer is 24305 days 9 999 999 Mbytes If the redeem amount exceeds this number the system will automatically reject the redeem process gt gt Note 205 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix H Console Interface Via this port to enter the console interface for the administrator to handle the problems and situations Port Settings occurred during operation 1 In order to connect to the console port of 4ipnet WHG30
180. parentheses or dashes to separate the area code and number Fax A fax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code and number gt Authorizie Net Payment Page Remark Content Enter additional details for the transaction such as Tax Freight and Duty Amounts Tax Exempt status and a Purchase Order Number if applicable 61 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH PayPal Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account Please see Appendix B Accepting Payments via PayPal for more information about setting up a PayPal Business Account relevant maintenance functions and an example for clients After opening a PayPal Business Account the hotspot owners should find the Identity Token of this PayPal account to continue PayPal Payment Page Configuration gt External Payment Gateway PayPal Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay Disable PayPal Payment Page Configuration Business Account Po A Payment Gateway URL hitps www payp al com cgi bin webscr Identity Token CO 9 Enable Disable Verify SSL Certificate Currency USD L S Dollar Business Account The Login ID an email address that is associa
181. pen a URL from the other application e g email of Outlook that occupies this existing Internet Explorer https 192 168 1 254 loginpages vpn main shtml uip 192 168 1 6 X Wo TUR 6 TL J id hne wr d Bhttossi92 168 1 254 og Hello you are logged in via local vpn_user local The connection is secured by IPSec VPN To logout please click the Logout button Login time 2009 2 24 13 55 42 j Are vau sure vou want bo lagout That shall all cause the termination of IPSec VPN tunneling if user chooses to click Yes The user has to log in again to regain the network access Suggestion Click Cancel if you do not intend to stop the IPSec VPN connection yet 216 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix J Customizable Pages The system allows administrators to customize web pages Login Page Logout Page Login Success Page Login Success Page for On demand User and Logout Success Page that will be displayed in end users browsers during login and logout process As an example this section will guide you through making a custom Login Page editing the HTML code and uploading related files to the system 1 Basics a Each Service Zone can have its own Login Page using four different options as shown below for Default Service Zone click Main Menu gt gt System gt gt Service Zone gt gt Configure
182. periodically report online status via email based on a Monitor IP configurable interval These monitored devices can be accessed via HTTP or HTTPS connection The management interface af the monitored device can be accessed via a hyperlink of device s IP address when the system is operated under NAT mode Up to 20 domain names IP addresses can be defined in the list Authentication is NOT Walled Garden required for users to access these domains and or URLs URL without authentication There are 3 types of VPN connection supported in the system including Local VPN Remate VPN and Site to Site VPN For the local VPN an IPSec tunnel can be established between VPN the system and the client located at the LAM side Far the Remote VPN a PPTP tunnel can be established between the system and the remote user aver the Internet For the Site to Site VPN an IPSec tunnel can be constructed to be used to connect to other IPSec capable device aver the Internet 102 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 4 1 Network Address Translation Set the configuration for DMZ Public Accessible Server and Port and IP Redirect Network Address Translation Public Accessible Server Port and IP Redirect e DMZ The system supports up to 40 sets of Internal IP address LAN to External IP address WAN mapping in the Static Assignments The External IP Address of the Automatic WAN IP Assignment is the IP
183. protocols available for firewall rules editing The administrator is able to add new customized service protocols by clicking Add and delete the added protocols by clicking Delete Global Policy Service Protocols List s m E re we seWomDesmtontoren 0 7 ems o enton toes 0 e vos TebesmsonPotu 0 e sm TebesnanPotzs rao once Wpesmtontonsn 0 Total 27 First Prev o Firewall Rules Click on the hyperlink in the No column to edit individual rules and then click Apply to save the settings The rule status will show on the list Check the Active check box and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time Policy 1 Firewall Rules Sia IPSec Source Encrypted i Ho Active Action Mame HE Service Schedule eee Sec Destination Encrypted ANY E Block ALL Always ANY ANY 2 F Block ALL Always ANY Below depicts an example of selecting Filter Rule Number 1 80 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Policy 1 Edit Filter Rule Rule Item 1 Rule Hame EEUU Source Destination Interface ALL
184. puter through the local wireless network through the Internet all the way to the corporate servers and database VPN Settings Remote VPN Site to Site YPN Local VPN Local VPN allows to create the VPN tunnel between a user s device and WHG303 to encrypt the data transmission In addition only when this function is enabled Active here do users of the entire system are able to use Local VPN Local VPN users can also be isolated from each other when VPN Client Isolation is enabled Local VFN For The Entire System Active 9 Enable Q Disable VPH Client Isolation Q Enable 9 Disable IPSec Parameters Encryption Q DES 9 3 DES Integrity MD5 SHA 1 Diffie Hellman Group1 Group 2 For more information about Local VPN please see Appendix I Local VPN Remote VPN When the setting is enabled the system allows the VPN tunnel between a remote client and the system to encrypt the data transmission via PPTP The system s VPN supports end users device under Windows 2000 Windows XP SP1 SP2 and Windows Vista Start IP field must be entered when enabled The supported Authentication Servers Group Permission Client Policy and the Remote VPN login page also can be configured here The system supports up to 10 PPTP connections 114 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Remote VPN for the Entire System IP a Benge Start IP Address 192 168 5 1 Support up ta 10 co
185. r SMTP Auth Method None bul SYSLOG Server Settings System Log iP address Ports _ On demand Users Log IP Address NENNEN Port jii Session Log IPAddress Pet FTP Server Settings IP Address Port Server Folder ex diri dirz Send Log every Hours Note same as Interval of Session Log in the Notification E mail Session Log Settings Anonymous Yes ONo FTP Setting Test Send Test Log 136 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH E mail Notification Configuration gt Send To Up to 3 e mail address can be set up to receive the notification These are the receiver s e mail addresses There are four kinds of notification to selection Monitor IP Report Traffic History On demand User Log and AP Status and check which type of notification to be sent gt Interval The time interval to send the e mail report gt Send Test Email To test the settings immediately gt Send From The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail gt SMTP The IP address of the sender s SMTP server gt Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMvt1 is not currently available for general use o Plain
186. ready 4 Internet Merchant Account j Payment Gateway Account Obtain information fram 1 Merchant Login ID 2 Merchant Transaction Key 3 Payment Gateway URL 4 MD5 Hash Value Authorize Net Enable and configure the Credit Card Billing function Mo esting OK gt Check and retry Yes or ask for technical support Credit Card Billing function Up aad runnirg 140 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 1 Setting Up 1 1 Open Accounts To set up 4ipnet WHG303 to process credit card billing the merchant owner will need two accounts Internet Merchant account and Authorize Net account If you are looking for a merchant account or Internet payment gateway to process transactions you can fill out the Inquiry Form on http www authorize net solutions merchantsolutions merchantinquiryform Authorize Net Your Gateway to IP Transactions P Merchants Resellers Developers Resources Merchant Inquiry If vau are looking for a merchant account and or payment gateway to process transactions please call us at 866 437 0476 Monday Friday 5 AM 5 PM Pacific time or fill autthe form below Required field First Marne D Last Name fs Company Name ss Job Title 1 Address E City E State 1 2 Configure 4ipnet WHG303 using an Authorize Net account Please log in 4ipnet WHG303 User Authentication gt gt Authenti
187. ress The IP Address of this service zone o Subnet Mask The subnet Mask of this service zone gt DHCP Server Settings Related information needed on setting up the DHCP Server is listed here Please note that when Enable DHCP Relay is enabled the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this service zone o Start IP Address End IP Address A range of IP addresses that built in DHCP server will assign to clients Note please change the Management IP Address List accordingly at System Configuration gt gt System Information gt gt Management IP Address List to permit the administrator to access the WHG303 admin page after the default IP address of the network interface is changed o Preferred DNS Server The primary DNS server that is used by this Service Zone o Alternate DNS Server The substitute DNS server that is used by this Service Zone o Domain Name Enter the domain name for this service zone o WINS Server IP The IP address of the WINS Windows Internet Naming Service server that if WINS server is applicable to this service zone o Lease Time This is the time period that the IP addresses issued from the DHCP server are valid and available 35 2008 AIPNET INC 4ipnet 3 User s Manual WHG303 Secure WLAN Controller ENGLISH o Reserved IP Address List Each service zone can rese
188. rewall is not compatible with IPSec Internet Connection Firewall will drop packets from tunneling of IPSec VPN Ethernet Properties General Authentication Advanced Internet Connection Firewall General Support Connection Status Connected Protect my computer and network by limiting or preventing Porat 5 days 04 59 39 access to this computer from the Internet Speed 100 0 Mbps Learn more about Internet Connection Firewall Internet Connection Sharing Allow other network users to connect through this Activity computer s Internet connection d Hecerved Packets 4 176 576 Learn more about Internet Connection Sharing pros Suggestion Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2 214 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 2 ICMP and Active Mode FTP On Windows XP SP2 without patching by KB889527 it will drop ICMP packets from IPSec tunnel This problem can be fixed by upgrading patch KB889527 Before enabling IPSec VPN function on client device please access the patch from Microsoft s web at http support microsoft com default aspx scid kb en us 889527 This patch also fixes the problem of supporting active mode FTP inside IPSec VPN tunnel of Windows XP SP2 Suggestion Please UPDATE client s Windows XP SP2 with this patch 3 The Termination of ActiveX The ActiveX component for IPS
189. ricted by administrator gt gt Note For more information please refer to Appendix F Session Limit and Session Log 78 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 4 2 Policy 1 Policy 12 Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users The clients belonging to a Service Zone will be bound by an applied Policy In addition a Policy can be applied at a Group basis a Group of users can be bound by a Policy The same Group can be applied with different Policies within different Service Zones When the type of authentication database is RADIUS the Class Group Mapping function will be available to allow the administrator to assign a Group for a RADIUS class attribute therefore a Policy applied to this Group will be mapped to a user Group of a RADIUS class attribute When the type of authentication database is LDAP the Attribute Group Mapping function will be available to allow the administrator to assign a Group for LDAP attribute therefore a Policy applied to this Group will be mapped to a user Group of a LDAP attribute When the type of database is SIP the Group selection function will be available to allow the administrator to assign a Group option for all SIP clients Policy Configuration Policy 1 Select Policy Polici1 Firewall Profile Specific Route Profile Schedule Profile Maximum Concurrent
190. rve up to 40 IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients The administrator can reserve a specific IP address for a special device with certain MAC address Service Zone Settings Assigned IP Address for AP Management Configure IP Range here by entering Start IP Address and End IP Addresse Assigned IP Address for AP Management Start IP Address 182 168 1 101 IP Range End IP Address 192 168 1 120 Service Zone Settings SIP Interface Configuration SIP Interface Configuration The system provides SIP proxy functionality which allows SIP clients to pass through NAT When enabled all SIP traffic can pass through NAT via a fixed WAN interface The policy route setting of SIP Authentication must be configured carefully because it must cooperate with the fixed WAN interface for SIP authentication SIP Transparent Proxy can be activated in both NAT and Router mode SIP Authentication must support in either mode For users logging in through SIP authentication a policy can be chosen to govern SIP traffic The policy s login schedule profile will be ignored for SIP authentication Specific route and firewall rules of the chosen policy will be applied to SIP traffic 36 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 Service Zone Settings Authentication Settings Authentication Settings Authentic
191. rver IP The IP address of the external LDAP server e Port The authentication port of the external LDAP server e Base DN The Distinguished Name for the navigation path of LDAP account e Account Attribute The attribute of LDAP accounts e Attribute Group Mapping This function is to assign a Group to a LDAP attribute sent from the LDAP server When the clients classified by LDAP attributes log into the system via the LDAP server each client will be mapped to its assigned Group To get and show the attribute name and value from the configured LDAP server enter Username and Password and click Show Attribute Then the table of attribute will be displayed Enter the Attribute Name and Attribute Value chosen from the attribute table and select a Group from the drop down list box 50 2008 AIPNET INC d e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Attribute Name Attriubute Value CN LISERO1 E TW LDAP Group Mapping Server 4 Enable Disable mn LDAP Attribute Name LDAP Attribute Value Group Remark 1 CM WSERO Group 1 2 E THY Group z 51 2008 4IPNE T INC ng me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 2 1 5 Authentication Method NTDomain Choose NTDomain from the Authentication Method field the button beside the drop down menu will become NT Domain Setting z Vn Authentication Database Click the button of NT Domain Setting f
192. s 201 2008 AIPNET INC 4ipnet 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty select Using the following DNS server addresses and enter the DNS Server address Then click OK 5 2 Click Advanced to enter the Advanced TCP IP Settings window 5 3 Click on the IP Settings tab and click Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of WHG303 in the Gateway field and then click Add After back to the IP Settings tab click OK to finish the configuration User s Manual WHG303 Secure WLAN Controller ENGLISH Internet Protocol TCP IP Properties You can get IP settings assigned automatically if your network support this capability Othenwise you need to ask your network administrator for the appropriate IP settings IP address Subnet mask Default gateway 9 Use the following DMS server addresses I i _ 3p I a x x1 Preferred D NS server Alternate DNS server Advanced TCP IP Settings IP Settings ONS WINS Options IP addresses IP address Subnet mask DHCP Enabled Default gateways Gateway Metric Automatic metric J TCP IP Gateway Address Gateway Automatic metric 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH
193. s External Payment Gateway Authorize Net PayPal 9 SecurePay Disable SecurePay Payment Page Configuration Merchant ID i Merchant Password P Payment Gateway URL htips www securepay com au xmlapi p ayment 9 Enable Disable Verify SSL Certificate T Trusted CA Management Currency AUD Australian Dollar Service Disclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us SecurePay Payment Page Billing Configuration Plan Enable Disable Quota Price 1 Enable Disable 2 hrs 0 mins 20 2 Enable Disable 64 2008 4IPNE T INC 4ipnet 5 User s Manual WHG303 Secure WLAN Controller ENGLISH SecurePay Payment Page Remark Content You must fill in the correct credit card number and am expiration date Card code is the last 3 digits of the security code located on the back of your credit card Payment Page Configuration Merchant ID The ID that is associated with the Business Account Password This is the key used by SecurePay to validate all the transactions Payment Gateway URL The default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than SecurePay Currency The currency to be used for the payment tran
194. sactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here SecurePay Payment Page Billing Configuration These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers On demand Account Creation On demand accounts are listed and related When at least one plan is enabled the administrator can generate on demand user accounts here Click this to enter the On demand Account Creation screen Click on the Create button of the desired plan and an on demand user account will be created Click Print to print a receipt which will contain the on demand user s information including the username and password gt gt Note If no Billing plan is enabled accounts cannot be created by clicking Create button Please goes back to Billing Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer 65 2008 AIPNET INC 4ipnet Plan Type 1 Time 2 Time 3 Volume 4 NIA 5 N A 6 NIA f NVA B5 NIA g NIA NIA User s Manual WHG303 Secure WLAN Controller ENGLISH On demand Account Creation Quota 1 hr s 2 mings 12 hris
195. section of the page gt gt Check the Reset box gt gt A location specific ID for example Hotspot A can be used as the first part of Invoice Number gt gt Confirm and click Apply Client s Purchasing Record Starting Invoice Number nooonnn4 P Change the Number Description Item Mame Internet Access z Title for Message to Seller Special Mote to Seller Please log in Authorize Net gt gt Click Search and Download gt gt Specify the transaction period or ALL Settled Unsettled in Settlement Date section gt gt Go to Transaction section gt gt Enter the first part of invoice number plus an asterisk character for example Hotspot A in the Invoice text box gt gt Click Search gt gt If transaction records can be found the number of accounts sold is the number of search results gt gt Or click Download To File to download records and then use MS Excel to generate more detailed reports 3 3 Search for The Transaction Details for A Specific Customer Please log in Authorize Net Click Search and Download gt gt Enter the information for a specific customer as criteria gt gt Click Search gt gt Click the Trans ID number to view the transaction details gt gt Note For more information about Authorize Net please see http www authorize net 145 2008 AIPNET INC amp 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 Examples of Making Payment
196. sired please select NONE Input the Template Name and Template Remark and click the button of Configure to go on configuration Template Edit Template Name TEMPLATE Template Source Mone bal Template Remark Template 1 After entering the interface revise the configuration for demand and change administrator s password if desired About other function settings please refer to 4 3 1 AP List e Template Editing The administrator can set the template configuration manually Click Configure button to have detailed configurations 98 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 3 5 Firmware Upload Firmware Upload displays the current version of the AP s firmware New firmware can be uploaded here to update the current firmware To upload click Browse to select the file and then click Upload File Hame Ls Browse File Name Checksum Firmware Upload Firmware List AP Type Version Size File Download EN xl Do vau want ta save this file Mame a600 Firmware rom Type Unknown File Type 670 KB From 10 2 3 112 While files from the Internet can be useful some files can potentially harm Your computer IF pau do nat trust the source do not save this tile What s the risk 99 Actions 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 3 6 AP Upgrade Check the APs which need to be upgraded and
197. ssage will then appear Click Save to download the record into txt format File Download Do you want to open or save this file Mame 2 008 12 Ext Type Text Document 158 bytes From 10 2 3 89 Cancel TE Isername Connection Time Usage Packets In Bytes In Packets Out Bytes Out 1 12 52 4586 64 6061 laurel 133 397 246078 Sa 36728 135 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 6 6 E mail amp SYSLOG WHG303 can automatically send the notification of Monitor IP Report Traffic History On demand User Log Session Log and AP status to up to 3 particular e mail address The notification of AP Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour A trial email is provided by the system for validation In addition the system supports recording Syslog of Traffic History On demand User Log and Session Log via external Syslog servers In addition the Session Log can be sent to a specified FTP server Enter the related information and select the desired items and then apply the settings Notification E mail Settings Receiver E mail Address es Monitor IP Report Users Log On demand Users Log Session Log AP Status Change o o o o j 1 1 1 1 1 1 F E Interval 1 Hour 1 Hour 1 Hour v 1 Hour v N A Sender E mail Address SMTP Serve
198. st 3 digits of the security code located on the back of your credit card 4 Double confirm your credit card information Windows Internet Explorer Ed Please check the data you input Credit Card Number 4444333322221111 Credit Card Expiration Date 12 09 Credit Card Type Visa Card Verification Value 1234 Reference User example com 5 Double confirm with your purchase And wait for a couple minutes till you get your receipt Windows Internet Explorer The process may take several minutes 2 Please DO NOT close or leave this page before getting Ehe result Do vau want to continue Ehe credit card payment process 162 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 6 Account has been successfully generated Click Login And it s recommended not to close this page at all times in case you might re login Welcome Login ID 3agb5 amp trondemand Password Br33sbr4 Price AUD 20 Usage 2 hrs mins ESSID 4ipnet Your first time login must be done before 2008 1010 02 49 09 The accountis valid within 5 days after your first login Please write down the Login ID and Password immediately 7 The login successful box appears Click Start Browsing to get online Welcome Login ID 3ag6 Please close this window or click this button to Thank you Remaining Usage Hour 58 Min 3 Sec Login time 2008 10 7 2 50 10
199. supports a VSA value for session control This implemented VSA value is the amount of data a user is allowed to transfer download upload per session When the RADIUS server accepts the gateway s authentication request the RADIUS server will reply with this attribute value inside the Access Accept packet Accordingly the gateway will be able to control the user s session The following is the summary of this vendor specific attribute the fields are transmitted from left to right Vendor Specific Attribute Vendor Code Vendor Assigned Attribute Value Maximum traffic count bytes in Number By vendor Attribute Number hexadecimal allowed to transfer per session By RADIUS Standard By vendor 26 9192 10 Bylocal administrator Ex 0x100000 Configuring VSA on RADIUS server This section will guide you through a VSA configuration in the external RADIUS server Before getting started go to or remotely connect to the external RADIUS server s desktop 221 2008 AIPNET INC User s Manual WHG303 Secure WLAN Controller ENGLISH 4ipnet Step 1 to 4 Run Internet Authentication Server open Remote Access Policies and select a policy Right click and scroll down to its properties page Recycle Bin Getif 2 3 1 RADIUS Server Desktop Ty H Axon 2 Internet 4uthenticati vi g ZL El Internet Informatio S RADIUS Clients Remote Access Logging ay Remote Access Polic
200. t Up Your Internet Mail Account An Internet mail program is installed on your computer Internet mail allows you to receive and send e mail messages To successfully set up your Internet mail account you must have already signed up for an e mail account with an Internet service provider and obtained important connection information If you are missing any information the wizard asks you to provide contact your Internet service provider Do you want to set up an Internet mail account now C Yes lt Back a jp Cancel a Internet Connection Wizard x Completing the Internet Connection Wizard You have successfully completed the Internet Connection wizard four computer is now configured to connect to your Internet account After you close this wizard you can connect to the Internet at any time by double clicking the Internet Explorer icon on your desktop nm To connect to the Internet immediately select this box and then click Finish To close the wizard click Finish amp Control Panel TeS File Edit view Favorites Tools Help ar i Bacl d x Search li Folders Ei Address J amp Control Panel v 2 gt s 4 Va Control Panel A c pe Accessibility Add Hardware Administrative Date and Time Switch to Category View Options Tools See Also Display Folder Options Game E Windows Update Controllers 9 Help and Support cx Keyboard Mouse Network Phone and Power Options Con
201. t support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand Main menu Go back to the main menu 207 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Change admin password Besides supporting the use of console management interface through the connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password The username is admin and the default password is also admin which is the same as for the web management interface Password can also be changed here If administrators forget the password and are unable to log in the management interface from the web or the remote end of the SSH they can still use the null modem to connect the console management interface and set the administrator s password again Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the
202. t the user The logout timer can be set between 1 1440 minutes and the default logout time is 10 minutes Multiple Login When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication Roaming Out Timer Session Timeout The time that the user can access the network while roaming When the time is up the user will be kicked out automatically Idle Timeout If a user has idled with no network activities the system will automatically kick out the user Interim Update The system will update the users current status and usage according to this time period Upload File Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA certificates You can apply for a SSL certificate at CAs such as VeriSign If you already have an SSL Certificate please Click Browse to select the file and upload it Click Apply to complete the upload process 84 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Upload Certificate Customer Certificate Browse Certification Path Verification Enahle 9 Disable Use Default Certif
203. ted with the PayPal Business Account Payment Gateway URL The default website address to post all transaction data Identity Token This is the key used by PayPal to validate all the transactions Verify SSL Certificate This is to help protect the system from accessing a website other than PayPal Currency The currency to be used for the payment transactions 62 2008 AIPNET INC d me 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH gt Service Disclaimer Content Billing Configuration for Payment Page Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us It the information you provide cannot be verified we may Choose Billing Plan for PayPal Payment Page Plan Enable Disable Quota Price 1 OEnable Disable 2 hrs 0 mins 20 2 Enable Disable 3 Enable Disable 4 Enable Disable 3 Enable Disable 6 Enable Disable r Enable Disable 8 Enable Disable 3 Enable Disable 10 Enable Disable Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here Choose Billing Plan for PayPal Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt Clients Purchasing Re
204. tem Otherwise users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser What the Built in Proxy Server is enabled all the outgoing proxy traffic will be automatically redirected to the built in proxy server 185 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Using Extranet Proxy Server The second scenario is that a proxy server is placed in the Extranet such as DMZ which all users from the Intranet or the Internet are able to access For example the following diagram shows that a proxy server of an organization in the DMZ will be used e Access Point Access Point Notebook Notebook SE I Proxy Server Web Server A special scenario is that a proxy server is placed in a zone like Intranet where users can reach each other without going through the system In this case whenever any one of users in the Intranet has been authenticated and connects to the network via the proxy server other users using the same proxy setting in their browsers will be able to access the network without any authentication Therefore to stop the risk it is strongly recommended to put all proxy servers outside the Intranet Follow the following steps to complete the proxy configuration Step 1 Log into the system by using the admin account Step 2 Network gt gt Proxy Server gt gt External Proxy Servers page Ad
205. tfix is the name of the selected authentication option 3 Exception The postfix can be omitted only when the default authentication option is used For example LOCAL is the default authentication option at this system therefore you may enter either testuser or testuser local in the Username field Congratulation The Login Success Page will appear after a client has successfully logged into WHG303 and has been authenticated by the system The appearance of Login Success Page means that WHG303 has been installed and configured properly User Login Hello you are logged in via testuser local To log out please click the Logout button or dose this window Login time 2008 7 3 13 58 2 16 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 Web Interface Configuration This chapter will guide you through further detailed settings The following table shows all the functions of 4ipnet WHG303 Home Logout 7 Help System Users Utilities Status i e k x i Welcome to System Main Menu This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Users Access Points Network Utilities and Status 17 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLA
206. the New Connection Wizard Your broadband connection should already be configured and ready to use IF your connection is not working properly click the following link To close this wizard click Finish e Cl Frit T 194 2008 AIPNET INC 4ipnet TCP IP Network Setup User s Manual WHG303 Secure WLAN Controller ENGLISH If the operating system of the PC in use is Windows 95 98 ME 2000 XP keep the default settings without any changes to directly start restart the system With the factory default settings during the process of starting the system 4ipnet WHG303 with DHCP function will automatically assign an appropriate IP address and related information for each PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checking the TCP IP setup or using the static IP in the LAN1 LAN2 or LAN3 LAN4 section is desired please follow these steps Check the TCP IP Setup of Window 9x ME 1 Choose Start gt gt Control Panel gt gt Network 2 Click on the Configuration tab and select TCP IP gt gt AMD PCNET Family Ethernet Adapter PCI ISA and then click Properties Now you can choose to use DHCP ora specific IP address 195 31 Control Panel File Edit View Go Favorites Help gt f amp 9 EN NE Bach
207. the items to get the information Online Help Overview system Configuration Configuration Wizard oystem Information WAN1 Configuration WAN2 Configuration WAN Traffic Settings LAN Port Mapping Service Zones User Authentication Authentication Configuration Authentication Server Configuration Auth Method Local Auth Method POP3 Auth Method RADIUS Auth Method LDAP Auth Method NT Domain Auth Method ONDEMAND Auth Method SIP 138 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Appendix A Accepting Payment via Authorize Net This section is to show independent Hotspot owners how to configure related settings in order to accept credit card payments via Authorize Net making the Hotspot an e commerce environment for clients to pay for and obtain Internet access using their credit cards CUSTOMER C MERCHANT S BUSINESS ar j F j In INTERNET 0 x Authorize Net MERCHANT S 1 BANK ACCOUNT MERCHANT S BANK f MERCHANT ON B s PEN 3 5 PpA E PA PROCESSOR CREDIT CARD INTERCHANGE 139 2008 AIPNET INC 4pnet sera WHG303 Secure WLAN Controller ENGLISH fers instant on dema nd guest access to Internet leeds to charge nternet access on Credit cards No Disable Yes Credit Card Billing function Make sure two types of accounts are opened and
208. ther enabled or disabled here as needed Client s Purchasing Record Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it Description Item Name This is the item information to describe the product for example Internet Access 59 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Email Header Enter the information that should appear in the header of the invoice gt Authorize Net Payment Page Fields Configuration Authorize Net Payment Page Remark Content Authorize Net Payment Page Fields Configuration Item Displayed Text Required Credit Card Mumber Credit Card Number br ias Card Expiration Credit Card Expiration Date Card Type Visa American Express Master Card Discover MI card Code CamCode J E mail Emi E F customer ID Room Number h d Iz First Name Iz Company company j d M Address Address E Meity iy oo h E Iz state tae 0 E Zip Zip i Iz country county E v Phone Phone E Fax O Displayed text fileds must be filled Authorizie Net Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If gt Au
209. thorize Net Payment Page Fields Configuration Item Check the box to show this item on the customer s payment interface Displayed Text Enter what needs to be shown for this field Required Check the box to indicate this item as a required field Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types Credit Card Expiration Date Month and year expiration date of the credit card This should be entered in 60 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH the format of MMYY For example an expiration date of July September 2009 should be entered as 0709 Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor Card Code The three or four digit code assigned to a customer s credit card number found either on the front of the card at the end of the credit card number or on the back of the card E mail An email address may be provided along with the billing information of a transaction This is the customer s email address and should contain an symbol Customer ID This is an internal identifier for a customer that may be associated with the billing information of a transaction This field may contain any format o
210. tion will be sent NTP Server The network time server that the system is set to align Time ate Time e system time is shown as the local time The minutes allowed for the users to be inactive before their account expires Idle Timer automatically Enabled disabled stands for the current setting to allow disallow multiple Multiple Login logins form the same account Preferred DNS IP address of the preferred DNS Server Server Alternate DNS IP address of the alternate DNS Server Server 127 2008 AIPNET INC 4ipnet 4 6 2 Interface Status User s Manual WHG303 Secure WLAN Controller ENGLISH This section provides an overview of the interface for the administrator including WAN1 WAN2 SZ Default 8 WANT WAN Packets In Packets Out Bytes In Bytes Out Service Zone Default Service Zone Default DHCP Server Service Zone S71 Service Zone S78 Network Interface MAC Address IP Address Subnet Mask Disabled WANI 152715 A 5986 4291 A 3862 16708157 A 887788 3272816 A 3240801 Mode MAC Address IP Address Subnet Mask Status WINS IP Address Start IP Address End IP Address Lease Time Disabled Disabled 128 00 16 E6 81 C4 A8 192 168 1 254 255 255 0 0 00 16 E6 81 C4 A2 192 168 1 254 255 255 255 0 Enabled N A 192 168 1 1 192 168 1 100 1440 Min s 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH T
211. tional Control V Main Menu gt Utilities Plan Type Time N A N A N A N A N A N A N A N A N A gt Password Change gt Create Guest Account User On demand Account Creation Quota 2 hrs 0 mins N A N A N A N A N A N A N A N A N A Price 20 N A N A N A N A N A N A N A N A N A User s Manual WHG303 Secure WLAN Controller ENGLISH Status Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Function 120 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 5 2 Backup Restore Settings This function is used to backup restore the 4ipnet WHG303 settings Also WHG303 can be restored to the factory default settings here Backup System Settings Restore System Settings ENTORNO OOOO Reset to the Factory Default e Backup current system settings Click Backup to create a db database backup file and save it on disk Opening 20090720 db You have chosen to open i25 700902770 db which is a DEB File From http 10 29 1 210 What should Firefox do with this File O spent e Restore system settings Click Browse to search for a db database backup file created by WHG303 and click Restore to restore to the same settings at the time when the backup file was saved e Reset to the factory default settings Click Reset to load the factory default settings of
212. to External Proxy Servers setting Enable the Built in Proxy Server Click Apply to save the settings External Proxy Servers No IP Address 1 kaon 2 3 ill 4 5 6 GT 7 8 L 9 10 umm Redirect Outgoing Proxy Traffic to Built in Proxy Server Built in Proxy Server Enable Disable EL NS ec Step 3 Make sure that the proxy server settings match with at least one of the proxy server setting of the system for example in this case 203 125 142 1 3128 matches with blank 3128 Local Area Network LAWN Settings Automatic configuration Automatic configuration may override manual settings To ensure the use af manual settings disable automatic configuration _ Automatically detect settings Use automatic configuration script Doo Proxy server Use a proxy server For vour LAN These settings will nat apply to dial up or VPM connections Address Port Advanced Bypass proxy server For local addresses 184 2008 4AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Proxy Settings Servers Proxy address to use Secure FTP Socks _ Use the same proxy server For all protocols Exceptions B Bo not use proxy server For addresses beginning with SEI Use semicolons to separate entries It is required that the proxy server setting of the clients match with the proxy server setting of the sys
213. unt List gt gt Click View gt gt On demand Account List gt gt Click Delete on the record with the account ID Click Delete All to delete all users at once On demand Users List Username Password eins Status Expiration Time Delete All Time Volume 2007 02 01 Wad KE 3E 2 hour Mormal 123541 Delete 153 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 2 2 Find the username and password for a specific customer 1 To find the username please log in PayPal gt gt Click History gt gt Locate the specific payment listing in the activity history log gt gt Click Details of the payment listing gt gt Username can be found in the item Title field 2 To find the password associated with a specific username please log in 4ipnet WHG303 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List Search for the specific username Password can be found in the same record On demand Users List Username Password et Status Expiration Time Delete All Time olume 2007 02 01 Wad KPZ3EB4C 2 hour Marrmal 12 3541 Delete As stated by PayPal you can issue a full or partial refund for any reason and for 60 days after the Note original payment was sent To find the on demand account name for a specific payment click Details 2 3 Send an email receipt to
214. ut 132 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH 4 6 5 Users Logs This function is used to check the traffic history of 4ipnet WHG303 The history of each day will be saved separately in the DRAM for at least 3 days 72 full hours The system also keeps a cumulated record of the traffic data generated by each user in the latest 2 calendar months 2009 02 18 2009 02 19 2009 02 20 On demand Users Log Date Size Byte 2009 02 18 2009 02 19 2009 02 20 Roaming Out User Log 2009 02 18 2009 02 19 2009 02 20 Roaming In User Log 2009 02 18 2009 02 19 2009 02 20 SIP Call Usage Log SSS e 02 16 2009 02 19 E 2009 02 20 EEE Monthly Network Usage of Local User No of Entries Usage Data 2009 02 wt O Since the history is saved in the DRAM if you need to restart the system and at the same time keep the history please manually copy and save the traffic history information before restarting If the History Email has been entered under the Notify Configuration page the system will automatically send out the history information to that specified email address e Traffic History All activities occur on the system within the nearest 72 hours are recorded in date and time order As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes Out of the user activities
215. w Interface ALL v IP Address 0 0 0 0 IP Address 0 0 0 0 subnet Mask 0 0 0 0 0 w Subnet Mask 0 0 0 0 0 v IPSec IPSec Traffic d Traffic O Service ALL v Schedule 9 Always Recurring One Time Action 9 Block Pass o Ruleltem This rule number of the selected rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN1 WAN2 Default and the Service Zones to be applied to the traffic interface o Source Destination IP Address Domain Name Enter the source and destination IP addresses o Source Destination Subnet Mask Enter the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Source Destination IPSec Traffic Check the box to filter the encrypted traffic only o Service Protocol Select a defined protocol from the drop down list box o Schedule Defines the time when this firewall rule will be activated When a schedule is selected the clients assigned to this Policy are applied with the firewall rule only within the time selected There are three options Always Recurring and One Time o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing while Pass is to permit packets passing gt Specific Route
216. ware Specification ccccccssscccseseceeeeeeneees IHSEOHGCDONB inii rer rr mesa rere eee 3 1 Hardware Installation cccceeeccceeseeeeeeeeeeeeees 3 1 1 System Requirement ccccccecceseeeeeseeeeeeeeees 3 1 2 Package Contents cccccccceccccseeeceeseeeeeeeeeeeees 3 1 3 Panel Function Descriptions sssse 3 1 4 Installation Steps eeeeeeeeseeren 3 2 Software Configuration esisiini 3 3 1 Instruction of Web Management Interface 2092 PeUP AIZU eee eer ere e eee eee 3 3 3 User Login Portal Page seessse Web Interface Configuration 4 System Configuration cccccceecccsesecceseeeeeeeeenes MEME oce m 4 1 2 WANI Configuration seseeeeeereeeenrreee 4 3 WAN2 Configuration seeeeeeeereeneee 4 1 4 WAN Traffic Settings seeeeeeesreeeereee 4 1 5 LAN Port Mapping eeeeeeeenrr ALO SSODUIE D LONCS spots dcadenuss rikpi r 4 2 User AnthenticatiOi sess 4 2 1 Authentication Configuration sssse 4 2 2 Black List Configuration seesessess 4 2 3 Group Configuration cccccccecceseeeccseseeeeeeeenes 4 2 4 Policy Configuration eseeeeeeeeeeeees 4 2 5 Additional Configuration sesssssss 4 3 AP Management esses LAE D rc
217. wide 95 2008 AIPNET INC 4ipnet User s Manual WHG303 Secure WLAN Controller ENGLISH Discovered AP List The discovered new APs will be listed here When the system s Service Zone is set to Tag based mode service zones also can be assigned here After clicking Add the current management page is directed to AP List where the newly added APs will show up with a status of configuring It may take a couple of minutes to see the status of the newly added AP to change from configuring to online or offline Discovered AP List IP Address AP Name Template AP Type Service Zone MAC Address Password Channel 192 168 1 199 admin 1 TrMPL4TE4 Default EAP 100 T Employee 10 20 30 1A1B 1C 1234 Auto Guest AP Type This is the supported type of APs for centralized management IP Address IP address of the specified AP MAC Address MAC address of the specific AP AP Name Mnemonic name of the specific AP Admin Password Password required for this AP Template The template which will be applied to the added AP Channel The selected channel will be applied to the added AP VON ON ON ON ON ON WV Service Zone The item is only shown when Tag Based mode is selected Select the name of Service Zone such as Service Zone 1 Guest or Employee gt Add The administrator can click Add button to register the APs to the List for management 96 2008 AIPNET INC e e 4ipnet User s Manual WHG303 Secure
218. y graup unless Leere cia vou have Macintosh clients ar POSI compliant applications carl __ 22 P N 10020090221 2008 AIPNET INC
Download Pdf Manuals
Related Search
WHG303_V1.00_Manual_..