LANCOM Public Spot Option
Contents
1. LANCOM Public Spot Option Handbuch Manual LANCOM Systems LANCOM Public Spot Option LANCOM Systems 2009 LANCOM Systems GmbH Wuerselen Germany All rights reserved While the information in this manual has been compiled with great care it may not be deemed an assurance of product characteristics LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization from LANCOM Systems We reserve the right to make any alterations that arise as the result of technical development Windows Windows Vista Windows NT and Microsoft are registered trademarks of Microsoft Corp The LANCOM Systems logo LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH All other names or descriptions used may be trademarks or registered trademarks of their owners Subject to change without notice No liability for technical errors or omissions Products from LANCOM Systems include software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org Products from LANCOM Systems include cryptographic software written by Eric Young eay cryptsoft com Products from LANCOM Systems include software developed by the NetBSD Foundation Inc and its contributors Products from LANCOM Systems contain t2. It will be sent to you on online registration The Public Spot Option is supplied with a proof of license This has a license number printed on it This license number gives you one opportunity to regis ter with LANCOM Systems and to receive an activation code After successful online registration the license number of your LANCOM Public Spot Option becomes invalid The activation code that is sent to you can only be used with the LANCOM as identified by the serial number which you provided at registration Please ensure that you only want to install the Public Spot on the corresponding device It is not possible to change to another device at a later date Necessary registration information Please have the following information at the ready for your online registration Precise designation of the software option The license number from the proof of license LANCOM Public Spot Option E Chapter 2 Activating the Option 16 2 3 Serial number of your LANCOM to be found on the underside of the device Your customer data company name postal address e mail address Registration is anonymous and can be completed without specifying personal data Any additional information may be of help to us in case of service and support All information is of course treated in the stric test confidence Online entry of registration information Start a Web browser and access the LANCOM Systems Web site under www l
3. Public Spot gt Public Spot gt Web server IP address WEBconfig LCOS menu tree gt Setup gt Public Spot module Free server If the server defined here is not intended to be entirely public a different path on the Web server can be defined optionally LANconfig Public Spot gt Public Spot gt Directory WEBconfig LCOS menu tree gt Setup gt Public Spot module Ser ver subdirectory In addition to freely available web servers you can define other networks and special sites which your customers can access without having to log on LANconfig Public Spot gt Public Spot WEBconfig LCOS menu tree gt Setup gt Public Spot module Free networks Enter the IP address of the server or of the network with netmask that your Public Spot users are to be given access to 33 LANCOM Public Spot Option E Chapter 3 Setup and operation 34 3 2 6 3 2 7 Page table Enter the addresses URLs of the Web pages to be displayed to users in case of login error status display etc Station supervision If station supervision is activated the Public Spot regularly checks to see if the associated mobile stations are still available If this feature is active mobile stations that cannot be contacted are logged off after 60 seconds at the latest If station supervision is deactivated it may last hours before the Public Spot logs off a mobile station which is no longer available Station supervi
4. These basic settings are sufficient for the Public Spot to be put into operation 2 step Extended functions and settings After the basic settings we can look to the wide variety of extended functions and settings Detailed descriptions inform you on how to adapt your device perfectly to its task and its environment Continuous Management and monitoring Finally this chapter informs you of how to keep an overview of the status and activities of your Public Spot Please note that operating a Public Spot also referred to as a Hot Spot can be subject to legal regulations in your country Before instal ling a Public Spot please inform yourself about any applicable regulations More information on this subject is available in our white paper Public Spot Operators rights and obligations available for download from www lancom eu Basic settings The instructions for the basic settings are divided into three separate parts The first section describes how to set up a Public Spot for local user adminis tration whereby the users are manually entered into the local user manage ment system The second section demonstrates the Public Spot Wizard which enables Public Spot users to be defined in a user friendly manner by emplo yees who do not have extended rights to access the device configuration The third section describes the central management of user data on a RADIUS ser ver Each section is self contained and guides you
5. start RADIUS Reassociated WLAN station lt macaddr gt start RADIUS m RADIUS request results RADIUS access check for lt macaddr gt succeeded RADIUS access check for lt macaddr gt failed Session termination Ifa user ends a PublicSpot session Finished session for user lt User Id gt IP address was lt IP address gt accounting data Tx lt Tx bytes gt Rx lt Rx bytes gt seconds lt session duration gt When leaving the WLAN Disassociated WLAN station lt macaddr gt s Atthe end of a session a SYSLOG event reports the resources used by the user User s accounting data Tx d Rx d seconds d The SYSLOG messages at the start and end of WLAN sessions also log the WLAN client s IP address Depending on the country where the Public Spot is operated recording the user s IP address may be a legal requirement 45 LANCOM Public Spot Option E Chapter 5 Appendix 46 5 3 5 3 1 5 3 2 Further information The LANCOM Public Spot Implementation Guide More information on Public Spot concepts application scenarios and instal lation is available in the LANCOM Public Spot Implementation Guide avai lable for download from the LANCOM Systems homepage www lancom eu download Rights and obligations of Public Spot operators For further information on the legal regulations concerning the operation of a public spot see the white paper Public Spots Operators rights and obliga tions av
6. Ploase enter a sending the users identity Comment Aep Resat Terminata tis Wliemet Create Public Spot Account Account data complete Access Data Public Spot SSID Network Name MYHOTEL User Name MYHOTEL 40487 ssi0 MYHOTEL Password tw User Name MYHOTEL325 Account ends 10 04 2006 125129 Password 6zXYb Chick on Print to print the account data Accoun ends 26 03 2008 17 4457 Pie Chick on Save Account Data to create the account Save Account Data Torminate tes Waard Lain User administration by RADIUS server The basic setup of a Public Spot operated with central user administration requires just two steps The following instructions assume that you know the IP address of a functional RADIUS server in the network Activate the extended authentication function As described under Local user management Seite 19 If authentication with an additional check of the physical address MAC address is activated the Public Spot transmits the MAC address of the user s mobile device to the RADIUS server The base station does not actually reveal whether the MAC address is being checked or not For MAC address checks to work without problem the RADIUS server must be configured accordingly Enter information on the RADIUS server When configuring a Public Spot enable using software option for the LANCOM access points user registration data can be forwarded to one or more RADIUS servers These
7. Public Spots This data can be stored to a SYSLOG server for example Some SYSLOG servers are available as free software for example from www kiwisyslog com To save user data from a Public Spot by means of SYSLOG the external SYSLOG server has to be configured in the respective Public Spot Once this is done messages are sent for logging to the SYSLOG server whenever Public Spot user accounts are created or deleted and at the beginning and end of WLAN ses sions The message issued at the end of a session with the source Login and the priority Information also includes information on the transferred data volumes and the IP address used LANCOM Public Spot Option E Chapter 3 Setup and operation Further information on the configuration of SYSLOG is to be found in the LCOS Reference Manual For information on the legal regulations see the white paper Public Spots Operators rights and obligations 3 2 Extended functions and settings The Public Spot offers a wide range of extended functions options and para meters which can be used to adapt it to the specific requirements of the application at hand In the following sections you will find information about Billing of individual users Using a customized login page Connection monitoring of logged in users and mobile stations Security settings protect the Public Spot 3 2 1 General Clear user lists automatically Activating this option causes t
8. are configured in the provider list The registration data individual RADIUS servers require from the clients is not 25 LANCOM Public Spot Option E Chapter 3 Setup and operation 26 important to the LANCOM access point since this data is passed on trans parently to the RADIUS server Provider list New Entry ARES Provider PROVIDER Auth server IP address foooo Auth server port jo Auth server secret fi Acc server IP address ooon 8 Acc server port jo Acc server secret ts Backup provider H LANconfig Public Spot gt Public Spot users gt Provider list WEBconfig LCOS menu tree gt Setup gt WLAN P Radius accounting Provider Name of the provider for whom the RADIUS server is defined Auth server IP address The IP address of the RADIUS server for this provider Auth server port The port over which the LANCOM access point can communicate with the RADIUS server for this provider Auth server secret Key shared secret for access to the RADIUS server of the provider The key must also be configured on the appropriate RADIUS server Source IP address Source sender address sent with RADIUS requests this is also the desti nation for the server s response The following can be entered as the loop back address Name of a defined IP network INT for the IP address in the first network with the setting Intranet LANCOM P
9. certain user name This prevents the parallel operation of multiple notebooks m LANconfig Public spot gt Public spot users m WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Add User Wizard Interface selection The user login can be activated separately for each logical network on the device LANconfig Public Spot gt Public Spot gt Interfaces 31 LANCOM Public Spot Option E Chapter 3 Setup and operation 32 3 2 4 m WEBconfig LCOS menu tree gt Setup gt Public Spot module Port table Along with the logical WLAN interfaces which Public Spot users directly login to the logical LAN interfaces LAN 1 etc and the point to point connec tions P2P 1 etc can also be selected When connected via the LAN or P2P interface additional access points can be integrated into a LANCOM Wireless Router Public Spot Customized login page The operator can customize the login page that users see in the Web browser when they login to the Public Spot The login page is divided vertically into two frames The left hand frame contains all of the information and entry fields required for the user to login The content of the left hand frame cannot be changed The right hand frame can be customized by the operator Format and location of the login page The desired content for the right hand frame should be in HTML format and located on a Web server HTTP in your local network or in the Internet
10. described under Local user management If authentication is activated for multiple WLAN interfaces the SSID of the first interface is used As an alternative to taking the SSID of a defined logical WLAN a fixed SSID can be defined and printed out on the voucher This is particu larly important if the Access Points are centrally managed from a LANCOM WLAN Controller as the WLAN Controller itself has no WLAN interfaces Configuring the Public Spot Wizard Setting up temporary Public Spot access accounts involves the definition of the runtime user name and a password Default values for these accesses can be individually adapted 21 LANCOM Public Spot Option E Chapter 3 Setup and operation LANconfig Public spot gt Public spot users m WEBconfig Expert configuration gt Setup gt Public spot module gt Add user wizard Configure Public Spot hd Authentication Public Spot Public Spot Users r Users and authentication servers Please enter user names and their passwords in the user list Use the provider list to authenticate users via RADIUS servers Powis I Cleanup user table automatic I Allow multiple login r Accounting Accounting update cycle p seconds Roaming Secret l m Add user wizard Public spot user accounts can be easily generated by the WEBconfig wizard Both user name and password are generated automatically and the next page offers to print out a
11. of the operating system LCOS Configuration Management Diagnosis Security Routing and WAN functions Firewall Quality of Service QoS LANCOM Public Spot Option E Preface Virtual Private Networks VPN Virtual Local Networks VLAN Wireless networks WLAN Voice communication in computer networks with Voice over IP VoIP Backup solutions LANCAPI Further server services DHCP DNS charge management The Menu Reference Guide also available at www lancom eu download or on the CD supplied describes all of the parameters in LCOS the operating system used by LANCOM products This guide is an aid to users during the configu ration of devices by means of WEBcontfig or the telnet console This documentation was created by several members of our staff from a variety of departments in order to ensure you the best possible support when using your LANCOM product Should you find any errors or if you would like to suggest improvements ple ase do not hesitate to send an e mail directly to info lancom eu Our online services www lancom eu are available to you around the clock if you have any questions on the content in this manual or if you require any further support The area Support will help you with many answers to frequently asked questions FAQs Furthermore the knowledgebase offers you a large reserve of information The latest drivers firmware utilities and documentation are constantly ava
12. port A base station has no physical ports and for this reason this attribute is transmitted with the session ID 30 User s MAC address only in the authentication mode MAC User Password Mhe RADIUS server must be adapted to process this application specific attri 44 Accounting session ID Regular accounting messages alive 42 Accounting input octets bytes received 43 Accounting output octets transmitted bytes 46 Accounting session time 47 Accounting input packets received packets 48 Accounting output packets transmitted packets 52 Accounting input gigawords 53 Accounting output gigawords Attributes 52 and 53 are transmitted once the volume in any one direction exceeds 4 GBytes The sum of attributes 52 and 42 or 53 and 43 respectively are to be interpreted as a 64 bit number LANCOM Public Spot Option E Chapter 5 Appendix 44 5 2 Session termination message The end of a session is initiated by additionally transmitting attribute 49 accounting terminate cause The possible reasons 1 User request user logged off 2 Lost carrier base station lost contact to user mobile station for 60 seconds 4 Idle time out the user sent no data to the base station for 60 minutes 5 Session timeout user time limit has expired SYSLOG messages Many of the SYSLOG messages from the base station can be used for the pur poses of billing and monitoring These messages are tran
13. the configuration of the Public Spot users are required to enter different items of information in order to gain access These items are entered into two consecutive phases when accessing the Public Spot Information on the wireless LAN access is necessary for physical com munication between the mobile device and the Public Spot Login data for registering the user with the Public Spot Information for WLAN access A maximum of two pieces of information are required to access the WLAN The network name of the WLAN SSID If the Public Spot s base stations are configured for operation as a closed network the user must know the exact name of the wireless LAN its SSID Wireless LAN encryption Although it is possible to provide guest access via encrypted connections e g by using WPA Public Spots are not generally operated with WLAN encryption Access requires that users login with their user ID and pass word Data security should be ensured by end users themselves for example by using a VPN client LANCOM Public Spot Option E Chapter 3 Setup and operation 3 3 2 Information for authentication The user needs to have the following information to hand when logging in m User identifier Password m MAC address If the authentication mode for a Public Spot base station has been set to MAC User Password you as an operator must know the MAC addres ses of the mobile devices employed by your users A mobile devic
14. to the operator and users Security for the operator Operators of wireless Public Spots are primarily interested in the security of their own network infrastructure A LANCOM Public Spot provides operators with a range of security technologies Multi SSID VLAN and virtual routers The public part of the network can be effectively separated from the rest of the network by operating one or more separate radio cells from an access point Multi SSID By employing VLAN technology these radio cells can also be separated from the operator s private network in the LAN Apart from that virtual routing technology ARF Advanced Rou ting and Forwarding from LANCOM enables each SSID to be given its own security and QoS settings and to be routed to certain destinations This ensures that guest access is securely and effectively separated from the productive network even though they share the same infrastructure With the LANCOM firewall for example the available bandwidth in the WAN can be restricted to max 50 Access can be restricted to to Web only HTTP port 80 and name resolution UDP 53 Further information on Multi SSID VLANs and ARF is available in the G LCOS Reference Manual Traffic limit To prevent Denial of Service DoS attacks and brute force attacks on the Public Spot restrictions can be placed on the data transfer volumes avai lable to Public Spot users who are not yet logged in Locking access to the conf
15. you select the logical WLAN used for Public Spot users here LANconfig Public Spot gt Public Spot gt Interfaces LANCOM Public Spot Option E Chapter 3 Setup and operation WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Port table C el Configure Public Spot bad Authentication Public Spot Public Spot Users Interface selection Select the local area network interfaces for which user authentication should be enabled Table of used VLAN ID Interfaces WLAN 1 2 Wireless Network 2 2 xi By activating the authentication for a WLAN interface its associated SSID is automatically released for Public Spot operations On a LANCOM WLAN Controller individual Ethernet interfaces can be activated for the Public Spot so allowing access to be restricted to certain VLANs Enter user data Enter the data for all users into the user list LANconfig Public Spot gt Public Spot users gt User list WEBconfig LCOS menu tree gt Setup gt Public Spot module gt User table The only entry stringently required entry into the user table is the user ID Entering a password is optional If you have opted for user authentication including a check of the physical address MAC address then enter this value into the corresponding field With local user administration there is no need to define a provider Optionally you can also set a date on which the user ac
16. your WLAN adapter can in fact find the Public Spot Your WLAN adapter gives you the option of searching for local base stations Check if your WLAN adapter has all of the necessary settings to access the Public Spot WLAN You probably have to enter the network name for the WLAN When working with encrypted WLANs you are also required to enter the corresponding WPA or WEP key Check that your mobile device is set up for automatic retrieval of an IP address DHCP Your device should not have a fixed IP address If your mobile device is set up with a fixed IP address adjusting it for automatic retrieval by DHCP may cause important configuration infor mation to be lost Ensure that you note all of the values listed in the network settings IP address standard gateway DNS server etc Login not working Ensure that you enter the user data correctly and in full Ensure that you use the correct capitalization for all entries Is the CAPS LOCK key activated on your device This causes the capitali zation to be reversed Deactivate the CAPS LOCK key and repeat the entry of your login data The Public Spot operator may be checking more than just the user ID and password but also the MAC address physical address of your mobile device as well In this case ensure that the Public Spot operator is infor med of your correct MAC address 4 5 3 4 5 4 4 5 5 LANCOM Public Spot Option E Chapter 4 Access to the Publ
17. AN Device Se Activate SIM with PUK MEETELT Ok Lancom osi Configure Enter No response Svp Hame Setup Wizard Ctri w Ok Check um Ent PEE 2x Tf you have purchased a registration key for an additional feature enter the key here Tf the key is correct the new Function will be enabled in the device Registration key 170e This registration applies to one device only You cannot enter the key for several different Delete De Cancel Action Properties Alt Checking the activation devices pea You can check if the online activation of your Public Spot was successful by selecting the device in LANconfig and clicking on the menu item Device gt Properties The properties windows contains a tab named Info that lists the activated software options r Information Select to display detailed information LANCOM 1811 Wireless DSL Device LANCOM 1811 Wireless DSL Firmware version Ver 7 00 0062 22 02 2007 Serial number 015300600046 Hardware release B MAC address 00205 70fb Sbf LANCAPI server available Firm Safe ic 2 image s Ver 6 28 15 12 2006 Ver 7 00 22 02 2007 Public Spot 17 LANCOM Public Spot Option E Chapter 3 Setup and operation 18 3 3 1 Setup and operation This chapter provides you the main information required for setting up and operating a Public Spot 1 step Basic settings The first step is to make the basic settings
18. In principle the defined server could send files of any format to the G user for login purposes However the HTML format is ideal for presen tation in a Web browser The server must have a static IP address and must be accessible to the Public Spot For an IP address outside of your own network a router that has con tact to the destination network must be specified as gateway in the DHCP settings for the base station This gateway must be defined as the default route in the routing table Design guidelines When designing your customized login page you should ensure that it is sui table for display inside a frame For this reason you should avoid using your own frames as far as possible Also specialized content such as JavaScript or plug in elements can lead to an erroneous display in the Web browser Links can of course be set to any other pages or sites 3 2 5 LANCOM Public Spot Option E Chapter 3 Setup and operation Public Spot Login failed Glick here to retry legging in Sisk here to go to the help page Configuration in Public Spot Like the other Public Spot pages the customizable page can be implemented by using the PS templates on an external Web server or locally in Flash Enable access without logging on To provide users with access to important information without them having to login e g important contact information you can define any publicly avai lable Web server m LANconfig
19. LAN Many devices require the network name SSID of the WLAN to be entered into the configuration program for the WLAN adapter Other products provide an overview of all of the base stations in the vicinity and the user merely chooses which one to use Start your Web browser As soon as the Web browser attempts to access any Internet site the Public Spot automatically intervenes and presents the login page The actual login page may appear different from the one illustrated However it looks the login page will always present the input fields for user ID and password 4 3 4 4 4 5 LANCOM Public Spot Option E Chapter 4 Access to the Public Spot Enter the user ID and password into their fields in full and confirm your entries with Login To login you should use a Web browser with activated JavaScript This G ensures that session status information can be displayed in a popup window If the login to the Public Spot is successful an additional window pops up with the main information about the current session This window is also used for the login This window should be left open throughout the ses sion optionally minimized Session information The window with session information is constantly updated Along with the status and current user ID the information displayed includes the connection time and the volume of transferred data Logging out of the Public Spot The session information window can be us
20. age enables users to enter their user data user ID and pass word Depending on the configuration the user data is stored locally or on the RADIUS server If the login is successful the user gains access to the Public Spot Otherwise an error message will be displayed If a prepaid model is employed i e access is to be granted for a limited period of time only then the RADIUS server additionally informs the Public Spot about the user s time credit The user can log off from the Public Spot at any time The Public Spot can terminate a session itself if the time credit has expired if a specified expiry date is reached or if contact is lost for an extended period If required the Public Spot can continuously transmit all important accounting informa tion to the RADIUS server When the session is terminated the session data is either output locally or booked to the RADIUS accounting server OUA can be employed universally The big advantage of the QUA method is that it is completely based on stan dard protocols This guarantees that OUA works universally It functions with any WLAN adapter and it is easily introduced to existing network infrastruc tures Extended functions in the WLAN suchas roaming between different cells can still be used LANCOM Public Spot Option E Chapter 1 Introduction 1 2 2 Security in the WLAN Wireless LANs are potentially a significant security risk Wireless Public Spots present similar risks
21. ailable from the LANCOM Systems homepage www lancom eu download Index A Accounting Message packets Messaging cycle Activating the VPN Option Activation code Activation of the option Authentication B Basic settings see Public Spot Billing see Accounting Billing of resources n see Accounting Brute force attack 12 C Checking the activation Credit payment 10 D Data transfer limits n see traffic limit Debit payment 10 Denial of Service DoS attack 12 Dial up networking connection DNS server Download E Encryption During the login phase Expiry date F Firmware 4 Frames l Information symbols Internet access IP address 25 Mobile station 38 9 10 20 29 9 20 10 11 20 30 30 31 16 14 14 25 35 17 30 30 35 40 40 4 13 13 30 15 38 11 32 40 LANCOM Public Spot Option E Index J JavaScript 32 38 L LANconfig 15 Login Requirements 38 With name and password 19 With name password and nMAC address 19 Login attempt 31 35 41 Login data 11 36 For authentication 37 For WLAN access 36 Login page 11 Customized login page 29 32 Design guidelines 32 Frames 32 Logout 39 Loss of contact 11 Also see station supervision M MAC address 20 25 37 40 Messaging cycle 31 N Network infrastructure 11 Network name 36 38 40 0 Online registration 14 15 Online time 30 39 Open User Authentication 11 Open User Authe
22. ancom eu routeroptions Enter the information as required and follow the instructions that follow After entering all of the data you will be sent the activation code for your device and your customer data If you submit an e mail address you will receive the data including the activation code via e mail Online registra tion is now complete Make sure you store your activation code safely You may need it at a later date to activate your Public Spot Option again for example after a repair Help in case of problems If you have problems with registering your software option please contact us by e mail at optionsupport lancom de Activating the Public Spot Option Activating the LANCOM Public Spot Option is very simple In LANconfig mark the appropriate LANCOM simply click on the entry with your mouse and select the menu item Device gt Activate software option Alternatively click on the entry for the device with the right hand mouse key and select Activate software option from the context menu In the following window enter the activation code that you received with your online registration The device will then restart automatically 2 4 LANCOM Public Spot Option E Chapter 2 Activating the Option LANconfig File Edit Device View Tools Help alale Sl al gales Salala am pake a n I LANconfig Configuration Managenent Firmware Management WEBconfig Console session Monitor Device Ct Monitor WL
23. ccounting information is deactivated It is activated by setting a value for the accounting cycle which is greater than 0 m LANCconfig Public Spot gt Public Spot users Accounting update cycle m WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Accounting cycle regular transmission of connection information to the accounting ser ver Setting the cycle to 0 deactivates this function If this is the case accounting information is sent only at the beginning and end of the session This cycle is defined in seconds This sets the time interval between the When accounting on a prepaid basis the RADIUS server monitors the restric tions on the users limits on connection times or transfer volumes expiry date As soon as a user has used up the prepaid amount the RADIUS server locks the user account Subsequent attempts by the user to login will be rejec ted Time limits for prepaid models can be monitored by the Public Spot during active sessions If a time limit is exceeded the Public Spot automatically terminates the corresponding session The monitoring of prepaid amounts is possible if the RADIUS server transmits the user s time credit to the Public Spot as the Session timeout attribute at the start of the session Details on the structure of RADIUS mes sages are available in the appendix on Seite 44 Preventing multiple logins With this option activated just one WLAN client can login at a time under a
24. cense number m Manual Configuration computer with the Windows operating system To install the Public Spot Option you require a computer with the Windows operating system Windows Vista Windows XP Windows Millennium Edi tion Me Windows 2000 Windows 98 SE Windows 2000 Server Windows 2003 Server Alternatively activation can be performed via WEBconfig The computer must have access to the LANCOM device that is to be configu red Access may be via the LAN or via remote access 2 1 4 2 2 LANCOM Public Spot Option E Chapter 2 Activating the Option Up to date LANconfig The latest version of LANcontig and LANmonitor are available for download from the LANCOM Systems homepage under www lancom eu download We recommend that you update these programs before continuing to the instal lation Up to date firmware in the LANCOM The latest firmware updates are available for download from the LANCOM Systems Web site under www lancom eu download Select your device from the list and download the firmware onto your computer Detailed information about updating the firmware is available in the documentation for your LANCOM device Online registration With the correct firmware version your LANCOM already contains the Public Spot software All that remains is to activate it To activate the Public Spot Option in the LANCOM you need an activation code Please note The activation code is not included in the package
25. count expires Setting the time For session data to be recorded and billed correctly it is important for the Public Spot s time setting to be accurate To round off the configuration set the current time in the device 20 LANCOM Public Spot Option E Chapter 3 Setup and operation LANconfig Device gt Set date time WEBconfig Extras Set date and time or click on the time in the footer of any menu In order to ensure that the time of the Public Spot remains correct the G device should be set up as an NTP client That s it Your Public Spot is now ready to operate The users specified can login by Web browser The Voucher Printing Wizard The Voucher Printing Wizard helps you to set up time limited access to a wire less LAN Public Spot with just two mouse clicks All that is required is to set the duration of access the user name and password are generated automati cally and entered into the configuration of the LANCOM device As a result a personalized voucher is printed out that contains the information required for a user to register with a wireless LAN Public Spot for a limited period of time Public Spot access with a time limit can only be set up if the LANCOM G is set with the correct time LANCOM Public Spot Option A prerequisite for setting up Public Spot access accounts is the activation of the LANCOM Public Spot Option and the extended authentication functions
26. d with this Unauthorized use of the Public Spot Certain tools enable a user to pack data into a DNS packet i e to establish a DNS tunnel and to work with the Public Spot without logging in Denial of Service The attacker sends large amounts of data to the base station in an attempt to block it Brute force The attacker repeatedly tries to access the base station by guessing the login data until successfully breaking in These risks can be negated by activating the traffic limit option The traffic limit option is activated by setting a value not equal to 0 This value determines the maximum data quantity in bytes that can be transmitted bet ween the base station and mobile stations that are not logged in lm LANconfig Public Spot gt Public Spot gt Maximum data volume WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Traf fic limit bytes A mobile station exceeding this transfer volume is blocked out by the base station and any further data it sends is rejected without examination The blocking time can be set separately m WEBconfig LCOS menu tree gt Setup gt WLAN gt Idle timeout Default 60 minutes If station supervision is activated the block may be revoked sooner If the mobile station cannot be reached for 60 seconds the base station removes its entry from the stations table and thus the blockage with it On the one hand the optimal value for traffic limit depends
27. e PCs or pocket compu ters The most popular demand for these services is from business travellers at air ports in hotels or at other locations where their mobile computers require access to online content The public rarely has access to modems ISDN or broadband connections in areas like this The solution WLAN technology Wireless Public Spots make use of the widespread WLAN technologies based on the internationally established IEEE 802 11 standards WLANs provide fast uncomplicated network access by radio All the user needs for a mobile device is an inexpensive WLAN adapter which is actually standard equipment with most modern notebooks The bandwidth is sufficient for most applications even when multiple users are simultaneously logged in to a Public Spot It is difficult to employ a standard WLAN Access Point as a Public Spot for two main reasons User authentication is possible only by employing RADIUS 802 11x so requiring the appropriate infrastructure and configuration There is no facility for billing accounting User authentication As soon as a mobile device moves within range of a base station the user can enable connections to be established to it spontaneously However the pro blem is that access should not be granted to the public in general but to cer tain selected users Setting up restrictions of this type is the task of a Public Spot For this purpose a Public Spot must be in a position to contro
28. e auto matically and continuously transmits its MAC address when communicating with a base station The user does not have to manually enter this information when logging in but instead it is communicated just once to the operator before attempting to login 3 4 Monitoring the Public Spot The Public Spot can be continually monitored with WEBconfig during opera tions The station table in the user authentication menu provides an overview of Users currently logged in to the Public Spot and Mobile stations in the WLAN which are not logged in The station table is access under LCOS menu tree gt Status gt Public Spot gt Station table When on display this table can be regularly updated automatically G Click on the button Monitor this table 37 LANCOM Public Spot Option E Chapter 4 Access to the Public Spot 38 4 Access to the Public Spot 4 1 4 2 Requirements for logging in Mobile device with wireless LAN WLAN adapter Operating systems supporting the TCP IP protocol automatic IP address retrieval by DHCP active Web browser supporting JavaScript and Frames Direct Internet access use of proxy deactivated WLAN access information network name encryption information Valid user data user identifier and password How to login Access the Public Spot s WLAN The different types of mobile devices and WLAN adapters offer various ways of entering the settings required for accessing the W
29. ed to logout from the Public Spot Simply click on the word here in the bottom line of text in the window If the session information window is not open you can enter the following into the address line in the browser http lt IP address of the Public Spot gt authen logoff The Public Spot operator can supply you with the lt Public Spot s IP address gt upon request The operator can set up the Public Spot to automatically logoff users if they cannot be reached for 60 seconds In case of doubt please ask the Public Spot operator if automatic logoff Station monitoring is activated Advice and help The following sections present solutions to the most common problems that may occur when operating a Public Spot 39 LANCOM Public Spot Option E Chapter 4 Access to the Public Spot 40 4 5 1 The Public Spot login page is not displayed The Internet access must be set up so that it is directed via the WLAN adapter and not via a dial up networking connection To check this take a look at the connection settings for your Web browser If you use the Mic rosoft Internet Explorer click on Tools gt Internet options gt Connec tions and deactivate the dial up configurations entered there Internet access must be direct ie without going via a proxy server In Microsoft Internet Explorer you can disable the use of a proxy server in the menu Tools gt Internet options gt Connections gt LAN settings Ensure that
30. ferred to as a Hot Spot can be subject to legal regulations in your country Before installing a Public Spot please inform yourself about any applicable regulations More information on this subject is available in our white paper Public Spot Operators rights and obligations avai lable for download from www lancom eu Public Spots in overview The demands placed on a base station operating as a Public Spot can be as varied as the environments where they are employed A Public Spot offers various functions which will be described in the following 1 2 1 LANCOM Public Spot Option E Chapter 1 Introduction Open User Authentication OUA The Open User Authentication OUA is a method developed by LANCOM Sys tems This provides Web based authentication by means of an online form and is ideal of Public Spot installations The typical procedure of an online session with OUA A mobile user with a WLAN capable mobile device is within range of a Public Spot After starting the device its WLAN adapter automatically connects with the base station Internet access or the use of chargeable services is not yet possible at this stage The user starts the Web browser and is automatically forwarded to the Public Spot login page This page provides detailed information on using the services Generally the user purchases a voucher with login data that grants a limited amount of access time to the Public Spot The login p
31. he LZMA SDK developed by Igor Pavlov LANCOM Systems GmbH Adenauerstr 20 B2 52146 Wuerselen Germany www lancom eu Wuerselen Mai 2009 110596 0509 LANCOM Public Spot Option E Preface Preface Thank you for your confidence in us The LANCOM Public Spot Option upgrades a LANCOM Access Point or LANCOM Wireless Router to a fully functional public wireless LAN access node known as a Wireless Public Spot The LANCOM Public Spot Option can also be used in a LANCOM WLAN Controller either as standard or as an option depending on the model for central management of the option for multiple Wireless Routers or Access Points Together these form a network of Public Spots offering access at dif ferent locations Components of the documentation The documentation of your device consists of the following parts Installation Guide User manual PBX Functions manual Reference manual Menu Reference Guide You are now reading the user manual It contains all information you need to put your device into operation It con tains all the information you need to activate your option It also contains all of the important technical specifications The Reference Manual is to be found as an Acrobat document PDF file at www lancom eu download or on the CD supplied It is designed as a supple ment to the user manual and goes into detail on topics that apply to a variety of models These include for example The system design
32. he expired entries to be deleted from the user table automatically We strongly recommend that you activate this option Users of the O Public Spot Wizard are generally administrators with restricted rights who are often unable to delete user table entries themselves Because the user table has a limited number of entries outdated entries could potentially restrict the functions of the Public Spot WLAN An Access Point with Public Spot Option 64 LANCOM WLC 4006 with Public Spot Option 256 LANCOM WLC 4025 with Public Spot Option Unlimited m LANCconfig Public spot gt Public spot users m WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Add User Wizard 29 LANCOM Public Spot Option E Chapter 3 Setup and operation 30 3 2 2 Accounting functions Commercial operation of the Public Spot function is facilitated by the integra ted support of the principal billing models These billing models can be broadly divided into two categories lm Retrospective payment for the resources actually used Credit payment Service use on a debit payment basis PrePaid Billing without a RADIUS server If user administration is handled locally by the base station and a RADIUS ser ver with the accounting function is not available then the only option for accounting purposes is to set the expiry date for the user account The expiry date option allows the Public Spot operator to set a point in time until
33. ic Spot It is no longer possible to login If the Public Spot breaks off communications after a number of login attampts have failed you should deactivate your WLAN adapter for at least 60 seconds or your complete device and then try again The session information window is not being displayed To display the session information window enter the following line into the address line of your Web browser http lt IP address of the Public Spot gt authen status The Public Spot operator can supply you with the lt Public Spot s IP address gt upon request The Public Spot requests a new login for no reason When moving into the signal coverage area of another base station roaming it is necessary to login again If you are located in the overlap area between two stations you may even experience a regular change of connection bet ween the two base stations The task of the roaming secret is to allow Public Spot sessions to be passed between Access Points without the user having to login again m LANconfig Public Spot gt Public Spot users gt Roaming secret WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Roa ming secret 41 LANCOM Public Spot Option E Chapter 5 Appendix 42 5 5 1 5 1 2 5 1 3 Appendix RADIUS attributes The RADIUS client module was implemented on the basis of RFCs no 2865 and no 2866 These specifications define various attributes some of which are an abso
34. iguration With a Public Spot and a WLAN Controller access to the device configu ration via the Public Spot interface can be locked Access to the configu ration is then only possible via other management interfaces as specified Security for the user The primary security concern for users of Public Spots is the confidentiality of their data Users are also interested in security of user data to avoid abuse Users are protected by the following security technologies LANCOM Public Spot Option E Chapter 1 Introduction Intra cell blocking This setting in the access point prevents communications between the various WLAN clients associated with the Public Spot Along with the user s notebook security mechanisms intra cell blocking helps to prevent unauthorized access to the resources of Public Spot users Encryption during the login phase Public Spot users register via secure HTTPS User names and passwords remain secret Unlike with private WLANs data transmissions within a Public Spot are generally not encrypted LANCOM Systems strongly recommends that sensitive user data should only ever be transferred via encrypted connections such as the IPsec based VPN tunnel with the LANCOM Advanced VPN Client or over normal encrypted data connections based on HTTPS In addition to this Public Spot users should ensure that a personal firewall is active on their notebooks 1 2 3 Public Spot Wizards for easy user setup The P
35. ilable for download In addition LANCOM Support is available For telephone numbers and contact addresses for LANCOM Support please refer to the enc losed leaflet or the LANCOM Systems Web site LANCOM Public Spot Option E Preface Very important instructions Failure to observe these may result in damage Important instruction that should be observed Additional information that may be helpful but is not essential ES 00 LANCOM Public Spot Option E Contents Contents 1 Introduction 9 1 1 What is a Wireless Public Spot 9 1 2 Public Spots in overview 10 1 2 1 Open User Authentication QUA 11 1 2 2 Security in the WLAN 12 1 2 3 Public Spot Wizards for easy user setup 13 2 Activating the Option 14 2 1 Prerequisites for installation 14 2 1 1 System requirements 14 2 1 2 Package content 14 2 1 3 Configuration computer with the Windows operating sys tem 14 2 1 4 Up to date LANconfig 15 2 1 5 Up to date firmware in the LANCOM 15 2 2 Online registration 15 2 3 Activating the Public Spot Option 16 2 4 Checking the activation 17 LANCOM Public Spot Option E Contents 3 Setup and operation 18 3 1 Basic settings 18 3 1 1 Local user management 19 3 1 2 The Voucher Printing Wizard 21 3 1 3 User administration by RADIUS server 25 3 1 4 Configuring an external SYSLOG server 28 3 2 Extended functions and settings 29 3 2 1 General 29 3 2 2 Accounting functions 30 3 2 3 Interface selection 31 3 2 4 Customized login
36. ime J Search of further devices in LAN The generation of Public Spot access accounts can be automatically logged with SYSLOG If every employee uses their own administrator account the SYSLOG entries can be used to check who created the access accounts For further information on SYSLOG refer to the LCOS Reference Manual Setting up Public Spot users and printing vouchers To set up a Public Spot access account the employee opens a browser and enters the IP address of the Wireless Router or Access Point for example by means of a link on the desktop and logs in with the appropriate user name and password If this administrator access account is configured appropria tely the user is only able to start the Wizard for adding a new Public Spot user After starting the Wizard the only thing to do is to accept the suggested period of validity or enter the desired value and in the commentary field identify the user e g a name or the guest s hotel room number You then click on Print to print out the access data Finally click on Save user data to store the data for this access to the device You will find notices on the rights and obligations that apply to ope rators of Public Spot accesses in the LANCOM White Paper on the sub ject under www lancom eu 24 3 1 3 LANCOM Public Spot Option E Chapter 3 Setup and operation Create Public Spot Account Please set te tin fount shail reman valid for Durston
37. l access to the WLAN on a user basis For simple Public Spot installations user data can be locally stored in and managed by the Access Point or alternatively by a LANCOM Public Spot Option E Chapter 1 Introduction 10 1 2 WLAN Controller Depending on the requirements some installations employ a direct database connection to a central authentication server in the interests of detailed accounting Central servers of this type generally work with RADIUS technology Accounting If a Public Spot is not to be available as a free service it must be possible to record the connection data and charge for the services Typical methods include Purchase of a limited amount of online time pre paid method retro spective payment of consumed resources credit payment or unrestricted access until a certain time e g checking out of a hotel For smaller Public Spot installations accounting functions should be as simple as possible and they should be implemented directly in the base station Lar ger installations should offer the facilities for billing via a RADIUS server Logging The operation of commercial telecommunications services is subject to natio nal regulations Certain information is to be recorded and presented to law enforcement agencies upon request The LANCOM Public Spot Option provides suitable functions for recording user data with RADIUS accounting and SYSLOG Please note that operating a Public Spot also re
38. lute necessity and some of which are optional The following provides you with an overview of attributes whcih are transmitted processed in messages between RADIUS servers and base stations Access request 1 User identifier 2 Password 30 User s MAC address only in the authentication mode MAC User Password eer server must be adapted to process this application specific attri 32 Base station name NAS identifier 61 Type 19 for IEEE 802 11 NAS port type 4 Base station IP address NAS IP address 30 oo MAC address in ASCII format nn nn nn nn nn nn calling station Accept response 27 Session timeout Sets the time in seconds after which the session is automati cally terminated Stations whose time has expired have the value 0 These stati ons can no longer login Sessions defined without a timeout have no time limit Messages to the accounting server If a RADIUS accounting server is specified the base station sends the follo wing messages to it LANCOM Public Spot Option E Chapter 5 Appendix Accounting start request Accounting alive request user active A message is sent immediately after login Regular messages are sent in the cycle time as defined Accounting stop request In all accounting messages 1 User identifier 32 Base station name NAS identifier 61 Type 19 for IEEE 802 11 NAS port type 4 Base station IP address NAS IP address 5 NAS
39. ntication OUA see Open User Authentication P Package content 14 Password 20 37 38 47 LANCOM Public Spot Option E Index PrePaid 10 11 30 Proof of license Provider Proxy settings 38 Public Spot 9 Access to the Public Spot Basic settings Extended settings 18 Management 18 User R RADIUS 10 Accounting server 11 27 Attribute Authentication server 11 Client function Configuration entries RFC specifications Registration Help in case of problems Restricting access to the configuration Roaming 11 S Security 12 29 Serial number Session information 11 27 30 Window not visible Session termination Standard gateway Station supervision 11 29 34 Station table 48 31 15 20 40 25 38 18 29 37 11 25 30 42 25 42 25 42 15 16 36 41 34 16 39 41 11 40 39 37 Support SYSLOG 27 30 T TCP IP protocol Time limit Time setting Traffic limit 12 Setting the optimal value Transfer volumes 30 U User Login 11 Login data 20 Logout 11 User account 20 User administration Central 10 11 Local 9 11 19 User identifier 20 37 38 User list 20 Ww Web browser 32 Windows Supported operating systems Wired Equivalent Privacy WEP Key Wireless LAN WLAN WLAN access WLAN adapter Wireless Public Spot n see Public Spot 9 11 38 4 44 38 31 20 34 35 35 38 40 39 31 25 30 39 30 38 14 40 11 9 40
40. oints and Wireless Routers connected to it O Please note that where Public Spots are centrally managed from a Along with the parameters for the access data an HTML template and an image can be uploaded to the device for printing the voucher The image can be a GIF JPEG or PNG file of max 64 KB in size m WEBconfig Upload certificate or file Create administrator Since it has to be possible for non IT specialists to set up Public Spot access accounts it is advisable to have a dedicated administrator account under WEBconfig which permits access to the Wireless Router Access Point or WLAN Controller Access of this type gives the responsible employees e g at a hotel reception rights that are restricted to the generation of time limited Pubic Spot users All other configuration options are blocked To set this up enter a new administrator with user name and password and activate the right to start the Public Spot Wizard only lm LANconfig Management gt Admin gt Further administrators m WEBconfig Expert configuration gt Setup gt Config gt Admins 23 LANCOM Public Spot Option E Chapter 3 Setup and operation Administrator Reception Cancel Password iad Access rights All hel m Function rights for HTTP S I Basic wizard I Internet wizard I Provider selection T RAS wizard T LAN LAN wizard T WLAN linktest J WLAN wizard IV Public spot wizard T Rollout wizard Adjustment of date and t
41. on infor mation from the Public Spot can be output by the SYSLOG function 3 Check the general RADIUS settings The generic values for retry and timeout must also be configured These settings apply to all RADIUS applications The default values have been set to typical values and usually do not need to be changed LANconfig Communication gt RADIUS WEBconfig LCOS menu tree gt Setup gt RADIUS 27 LANCOM Public Spot Option E Chapter 3 Setup and operation 28 lt E New Configuration for LANCOM 1811n Wireless 2 x Configure RADIUS Server 7 General Forwarding EAP Options Client settings Ifthe RADIUS server acts as client itself by regueding another server timeout and retries can be entered here Timeout milliseconds Retries Timeout default 5 000 This value specifies how many milliseconds should elapse before retrying RADIUS authentication With PPP authentication using RADIUS please note that the device dialing accepts the RADIUS timeout configured here Retries default 3 This value specifies how many authentication attempts are made in total before a Reject is issued That s it Your Public Spot is now ready to operate All users with a valid account on the RADIUS server can use the Web interface to login to the base station Configuring an external SYSLOG server For legal reasons it is necessary to store the user data collected when opera ting
42. on the data volume of the login page On the other hand this value has a significant effect on the potential number of failed login attempts per user Generally a traffic limit of 60 000 bytes provides effective protection for a Public Spot but allows a sufficient number of login attempts This value can be adapted to your indi vidual needs if necessary The default value of 0 bytes allows an unlimited volume of data This volume and the potential blockage after it is exceeded applies only to the requests before a WLAN client logs in to the Public Spot 35 LANCOM Public Spot Option E Chapter 3 Setup and operation 36 3 3 3 3 1 If a customized login page is used the data traffic to and from the ser ver does not count towards the traffic limit Only the data displayed in the right hand frame of the login page counts towards the data volume Restrict access to the configuration WLAN based access to a Public Spot s configuration should be prohibited for security reasons A specialized switch allows access via the Public Spot inter face to be restricted to the Public Spot authentication pages only All other configuration protocols are automatically blocked WEBconfig LCOS menu tree gt Setup gt Config gt WLAN authenti cation pages only Please ensure not to place a total block on HTTP S access with O WEBconfig under Setup gt Config gt Access table Information necessary for access Depending on
43. page 32 3 2 5 Enable access without logging on 33 3 2 6 Station supervision 34 3 2 7 Security settings 34 3 3 Information necessary for access 36 3 3 1 Information for WLAN access 36 3 3 2 Information for authentication 37 3 4 Monitoring the Public Spot 37 4 Access to the Public Spot 38 4 1 Requirements for logging in 38 4 2 How to login 38 4 3 Session information 39 4 4 Logging out of the Public Spot 39 4 5 Advice and help 39 4 5 1 The Public Spot login page is not displayed 40 4 5 2 Login not working 40 4 5 3 It is no longer possible to login 41 4 5 4 The session information window is not being displayed 41 4 5 5 The Public Spot requests a new login for no reason 41 LANCOM Public Spot Option E Contents 5 Appendix 5 1 RADIUS attributes 5 1 1 Access request 5 1 2 Accept response 5 1 3 Messages to the accounting server 5 2 SYSLOG messages 5 3 Further information 6 Index 5 3 1 The LANCOM Public Spot Implementation Guide 5 3 2 Rights and obligations of Public Spot operators 42 42 42 42 42 44 46 46 46 47 1 1 LANCOM Public Spot Option E Chapter 1 Introduction Introduction This chapter provides answers to the following two questions Mm What is a Wireless Public Spot m What are the properties and functions of a Public Spot What is a Wireless Public Spot Wireless Public Spots are public areas where users have wireless access to a network typically the Internet with their own mobil
44. page forthe public spot user that caries all necessary data User name pattem MYHOTEL n Password length fe SSID l Default runtime Sets period for which the access is valid Entires for up to 10 different run times can be defined in the table one of which is selected for voucher generation Possible runtime values 1 to 99999 Possible value units Hours or days m User name pattern Sets the pattern for the user name This pattern can be used to pass on the user names to the provider for instance Possible values Maximum 64 alphanumerical characters Special values n inserts a unique number 22 LANCOM Public Spot Option E Chapter 3 Setup and operation Default User n generates a user name with the text User and a unique number as a suffix m Password length Sets the length of the automatically generated password Possible values 1 to 16 characters Default 6 m SSID This SSID is printed out on the voucher in order for the user to register with this logical WLAN Possible values Max 32 alphanumerical characters Default Blank Special values If no SSID is entered here then temporary access accounts will register with the SSID of the first logical WLAN that has activated authentication LANCOM WLAN Controller you must enter the SSID as the WLAN Controller has no access to the SSIDs of the Access P
45. sion is extremely important for Public Spots operating O commercially on a time basis In installations of this type users must be assured that they are only paying for the time actually spent using the Public Spot services If the clients are authenticated by means of a central LANCOM WLAN Controller clients can be automatically logged off after a certain time of inactivity by means of the parameter Idle timeout LANconfig Public Spot gt Public Spot gt Idle timeout WEBconfig LCOS menu tree gt Setup gt Public Spot module gt Idle timeout The standard setting for station supervision is off It can be switched on in the WLAN menu m LANconfig Wireless LAN gt Security gt Monitor stations m WEBconfig LCOS menu tree gt Setup gt WLAN gt Supervise stati ons Security settings Compared to a normal base station the Public Spot has two additional secu rity mechanisms Employing these mechanisms provides the Public Spot with effective protection from abuse Traffic limit option In order for clients to login to the Public Spot via a browser it must be possible for stations which are not yet logged in to transfer data via the access point for example for DNS requests With the default settings for the Public Spot LANCOM Public Spot Option E Chapter 3 Setup and operation users who are not logged can transfer any quantity of data related to these services to the base station The following risks are associate
46. smitted even if a RADIUS accounting server is operating in parallel Generally the SYSLOG server automatically adds a time stamp to each entry which can be used to set the time for messages and events User account messages Ifa user is created with the Wizard User account lt User Id gt created created by lt Admin gt on lt Date gt lt Account Comment gt Ifa user is manually created User account lt User Id gt created manually added by lt Admin gt Ifa user account expires and is deleted User account lt User Id gt deleted account expired Ifa user is manually deleted User account lt User Id gt deleted manually deleted by lt Admin gt LANCOM Public Spot Option E Chapter 5 Appendix Contact initiated by mobile station m Ifa user starts a PublicSpot session Started session for user lt User Id gt IP address is lt IP address gt As soon asa mobile station appears in the base station WLAN Associated WLAN station lt macaddr gt s If the entry for the mobile station in the base station access list has a comment this is appended in brackets En m When roaming Reassociated WLAN station lt macaddr gt s Ifa station is denied access to the WLAN due to the MAC address filter Rejected association from WLAN station lt macaddr gt m Ifthe mobile station cannot be found in the access list and the RADIUS function is activated Associated WLAN station lt macaddr gt
47. through all of the required con figuration steps You can turn straight to the section which best suits your pur poses LANCOM Public Spot Option E Chapter 3 Setup and operation 3 1 1 Local user management The following configuration steps help you to set up a Public Spot with local user administration Selecting the authentication method When you select the authentication method you define the information which the user has to enter when logging in to the Public Spot WLAN To do this set the authentication to Name and password LANconfig Public Spot gt Registration gt Registration mode WEBconfig LCOS Menu tree gt Setup gt Public Spot module gt Authentication mode C el Configure Public Spot 7 Authentication Public Spot Public Spot Users Authentication for network access Authentication mode C Public Spot authenticate with name password and physical address m No authentication required No authentication is required to make use of the Public Spot Public Spot Name and password Authentication for the Public Spot requires the entry of the user ID and password m Public Spot Name password and physical address The mobile device s MAC address is checked in addition to the user ID and password Q Selecting the interfaces for Public Spot operation Here you activate the interfaces that are to be available to registered users For example
48. ublic Spot Option E Chapter 3 Setup and operation DMZ for the IP address in the first network with the setting DMZ If the list of IP networks or loopback addresses contains an entry G named DMZ then the associated IP address will be used Name of a loopback address Any other IP address m Acc server IP address IP address of the accounting server for Public Spot access accounts E Acc server port The port over which the LANCOM access point can communicate with the accounting server Acc server secret Key shared secret for access to the accounting server The key must also be configured on the accounting server m Backup The name of a different provider can be selected as the backup from the current table Using these types of entries backup chains linking several RADIUS servers can be easily configured be able to contact the specified destination addresses For IP addres ses outside of your own network a router that has contact to the des tination network must be specified as gateway in the DHCP settings for the base station This gateway must be defined as the default route in the routing table IP addresses specified here must be static The base station must also In order for the RADIUS server to record the connection data the information on the accounting server must be specified in full As an alternative to using a RADIUS accounting server the connecti
49. ublic Spot Wizard helps you to set up time limited access to a wireless LAN Public Spot with just two mouse clicks All that is required is to set the duration of access the user name and password are generated automatically and entered into the configuration of the LANCOM device As a result a per sonalized voucher is printed out that contains the information required for a user to register with a wireless LAN Public Spot until their time credit expires 13 LANCOM Public Spot Option E Chapter 2 Activating the Option 2 Activating the Option This brief chapter informs you how to activate the LANCOM Public Spot Option on your LANCOM You may skip this section if the LANCOM Public Spot Option is already activated on your device as standard Activation takes place in four steps Ensuring that the prerequisites for installation are fulfilled Online registration Entry of the activating code Checking the activation Prerequisites for installation System requirements Please ensure that you have met all of the requirements to successfully ope rate the Public Spot m LANCOM WLAN Controller LANCOM Access Point or LANCOM Wireless Router that supports the Public Spot update m LANCOM Public Spot Option registered Package content Please ensure that the Option package includes the following components m LANCOM CD with LANtools current firmware and electronic documenta tion Proof of license with a printed li
50. which the user has free access to the Public Spot Limiting access to a certain time period is useful for hotel guests or visitors to exhibitions and con gresses for example The expiry date is entered into the user list LANconfig Public Spot gt Public Spot users gt User list m WEBconfig LCOS menu tree gt Setup gt Public Spot module gt User table For the purposes of billing by credit payment the Public Spot can use SYSLOG to output detailed connection information to any computer in the network Using the appropriate software on the destination com puter allows the resources that were actually used such as connection times or transfer volumes to be billed precisely Details on the struc ture of SYSLOG messages are available in the appendix on Seite 46 Billing via RADIUS accounting server For the purposes of billing via a RADIUS server the Public Spot can regularly supply the specified accounting server with up to date connection informa tion on each active user Each of these regular message packets to the accounting server contains information about the resources time transferred data volumes consumed by the user since the last message This means that even in the case of a base station failure e g due to a power outage in the worst case only a small amount of accounting information will be lost 3 2 3 LANCOM Public Spot Option E Chapter 3 Setup and operation As standard the periodic messaging of a
Download Pdf Manuals
Related Search