AMG-2000 AP Management Gateway User Manual
Contents
1. The following network components are Installed El Client for Microsoft Networks gt Remove Properties Primant Network Logon Client for Microsoft Hetunork Eile and Print Sharing Description TERIP i the protocol you use to connect to the Internet and wide area networks nk ancal TCPVIP Properties Bindings Advanced NetBIOS DNS Configuration Gateway WIMS Configuration IP Address An IFP address can be automatically assigned to this computer IF your network does not automatically assign IP addresses ask Hour network administrator for an address and then type it in the space belor Cancel TCP IP Properties a xx Bindings Advanced NetBIOS Using Specific IP Address If you want to use DNS Configuration Gateway WINS Configuration IP Address igi An IP addr be automaticall igned to thi specific IP address you have to ask the network lucia natal ose ak AI acog a F diseno ak your network administrator for an address and then type it in the space below administrator for the information of AMG 2000 IP address Subnet Mask New gateway and DNS server address e Please choose Specify an IP address and enter the information given by the network administrator in IP Address and Subnet Mask on the IP Address label and then click OK Q ok Es Cancel Bindings Advanced NetBIOS DNS Configuration Gateway WI2. Transparent Login 7 domain This option normally requires extra configuration to work we suggest you NOT to enable it at initial configuration Click Next to continue Y Back O e Step 6 Save and Restart AMG 2000 Click Restart to save the current settings and restart Step 6 Save and Restart AMG 2000 AMG 2000 The Setup Wizard is now completed The Setup Wizard has completed Click on Back to review or modify settings Click Restart to save the settings and restart the system to have the current settings take effect 16 Setup Wizard Setup Wizard During AMG 2000 restart a Restarting now Please wait for a while message will appear on the screen Please do not interrupt AMG 2000 until the mane message has disappeared This indicates that a complete and successful restart process has finished Caution During every step of the wizard if you wish to go back to modify the settings please click the Back button to go back to the previous step 17 3 2 2 User Login Portal Page To login from the login portal page via the LAN1 LAN4 port the user have to be identified the user name and password The administrator also can verify the correctness of the configuration steps of AMG 2000 1 First connect a user end device for example a PC set the device to obtain IP address automatically Welcome To User Login Page After the user end obtains the IP address please Please Ente
3. Submit Preview The different part is the HTML code of the user defined logout interface must include the following HTML 75 code that the user can enter the username and password After the upload is completed the user defined login user interface can be previewed by clicking Preview at the bottom of this page If want to restore the factory default setting of the logout interface click the Use Default Page button lt form acton usertogout shtrmi metho post name E nter gt lt input type text name nrusemame gt lt input type password name nwy pass word gt lt input type submit na mes submit value Loqout gt lt input type reset name clear value Clear lt forme Login Success Page The administrator can use the default login success page or get the customized login success page by setting the template page uploading the page or downloading from the specific website After finishing the setting you can click Preview to see the login success page a Choose Default Page to use the default login success page Login Success Page Selectiontor Users Default Page C Template Page Uploaded Page C External Page Default Page Setting This ts default login success page for users You could click preview link to preview the default login success page Thanks Previews 76 b Choose Template Page to make a customized login success page here Click Selectto pick
4. return false else 67 disableButton true return true return true function reminder_onclick form Reminder myusername value form myusername value Reminder mypassword value form mypassword value Reminder submit function cancel_onclick form form reset function check_agree form if form selection 1 checked true alert You disagree with the disclaimer therefore you will NOT be able to log in return false disclaimer style display none login style display return true lt script gt lt head gt lt body style font family Arial bgcolor FFFFFF onload init Enter MM_preloadlmages images submit0 gif images clear0 gif 1images remainingo gif gt lt ilayer width amp marquee_width height 8 marquee_ height name cmarquee01 gt lt layer name cmarquee02 width 8 marquee_ width height amp marquee_height gt lt layer gt lt ilayer gt lt form action userlogin shtml method post name Enter gt 68 lt table name disclaimer id disclaimer width 460 height 430 border 0 align center background images agreement gif gt lt tr gt lt td height 50 align center valign middle gt lt div align center class style5 gt Service Disclaimer lt div gt lt td gt lt tr gt lt tr gt lt td height 260 align center valign middle gt lt table width 370 height 260 border 0 align center gt
5. 10 0 0 0 255 0 0 0 18 12345678 2 Disable Hp is BES DEK BHC IP Disable E aS Disable A a Disane H sasssa Nn E to Roaming Out This is the Radius Roaming Out function that our company cooperates with III Institute for Information Industry When you select Roaming Out the local user can login from other site 802 1x This system support PEAP Protracted Extensible Authentication Protocol function When selecting 802 1x the system is provided with this function 802 1x function must be used in LAN Authentication Method POP3 Choose POP3 in the Authentication Method field the hyperlink beside the pull down menu will become POP3 Setting 44 Authentication Server Server 1 server Hame Serer 1 Silo server name Server Status Disabled Posttix Posttx1 ls postfix name 1 Black List Mone Authentication Method males e POPS setting Policy POP3 Radius ILDAF MT Domain K Clear Click the hyperlink for further configuration Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red asterisks are necessary information These settings will become effective immediately after clicking the Apply button Primary POP3 Server server P eon Name1P Port O 140 SSL Setting T Enable SSL Connection Secondary POPS Server server P 7 Port SSL Setting T Enable SSL Connection Server
6. 96 gt Individual Request Bandwidth Choose a bandwidth for the minimum bandwidth of an individual user Policy Configuration Select Policy Policy 1 Firewall Profile Setting Specific Route Profile Setting Schedule Profile Setting Total Bandwidth Unlimited Indridual Maximum Bandwidth Unlimited Indnidual Request Bandwidth Mone e Global Policy gt Select Policy Select Global to set the Firewall Profile and Specific Route Profile Policy Configuration Select Policy Global Firewall Profile Setting Specific Route Profile Setting 57 gt Firewall Profile Click the hyperlink of Setting for Firewall Profile the Firewall Profiles list will appear Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active to enable that rule Prolicy Name Global Firewall Policy Source Filter Rule tem Active Action Name Protocol MAC Destination any E E Block ALL any ANY 2 rm Block ALL AMY any 3 E Block ALL ANY ANY 4 E Block ALL AY AMY Block ALL ANY Edit Filter Rule Rule Item 1 Rule Name L Enable this Rule Action Protocol Source MAC Address For Specific MAC Address Filter Start End Port Fart Interface IF Subnet Mask Rule Item This is the rule that you have selected Rule Name The rule name can be changed here Enable this Rule After checking this function the
7. Network Configuration on PC AMG 2000 supports three accounts with different access privileges You can log in as admin manager or operator 10 The default password and access privilege for each account are as follows Admin The administrator can access all area of the AMG 2000 User Name admin Password admin Manager The manager can access the area under User Authentication to manage the user account but no permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the area of Create On demand Userto create and print out the new on demand user accounts User Name operator Password operator 2 After successfully logging into AMG 2000 you can enter the web management interface and see the welcome screen There is a Logout button on the upper right corner to log out the system when finished a E z A ia _ pr Y User AP hi if Network Configuration Authentication a Management Jas Configuration yas ha j A i j de lt Utilities Welcome to System Administration This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Configuration User Authentication AP Management Network Configuration Utilities and
8. e Roaming Out Timer Session Timeout The time that the user can access the network while roaming When the time is up the user will be kicked out automatically Idle Timeout If a user has been idled with no network activities the system will automatically kick out the user Interim Update The system will update the users current status and usage according to this periodically e Upload File 1 Certificate The administrator can upload new private key and customer certificate Click the Browse button to select the file for the certificate upload Then click Submitto complete the upload process 60 Upload Private Key File Name Browse Upload Customer Certificate File Name Browse Lise Default Certificate Click Use Default Certificate to use the default certificate and key You just overwrote the setting with default KEY amp default CA file Login Page The administrator can use the default login page or get the customized login page by setting the template page uploading the page or downloading from the specific website After finishing the setting you can click Preview to see the login page a Choose Default Page to use the default login page Login Page Selection for Users Default Page C Template Page Uploaded Page CO External Page Default Page Setting This is default login page for users You could click preview link to preview the default login page Thanks Previa 61 b Cho
9. 2 hra O mins As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming Out Traffic History 2005 03 22 Date Type Name NASID NASIP NASPon UserMAcC sessionID sessionTime Eytes In Bytes Out Pkts in Pkts Out Message Roaming In Traffic History As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserlP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In Traffic History 2005 03 22 Date Type Name NASID NASIP NASPort UserMAC UserlP sessionID SessionTime Bytes In Bytes Out Pkts In Pets Out Message 4 6 5 Notify Configuration AMG 2000 can automatically send the notification of Monitor IP Report Traffic History On demand User Log and AP Status to up to 3 particular e mail addresses Enter the related information and select the desired items and then apply the settings 121 E mail Notification Configuration Monitor IP Traffic On demand AP Report History User Log Status casper wu yahoo cam tw E Iv m feling gmail com e E e E E a a E E Interval Mi Hour 1 Hour y Mi Hour LA Send Test Email Send send Send Send send From lcasperwu yahoo comtw SMIP smtp
10. AMG 2000 AP Management Gateway User Manual V1 01 1027 1 Table of Contents BEFORE YOU STAR ia 1 MS PREPA Edo 1 1 2 DOCUMENTO ON VENTO Nr opta 1 SYSTEM OVERVIEW o aaale 2 2 1 INTO DO CW ON ruoan a a bi 2 2 2 DOYS PEM ONCE Ta a dit co tiro 3 2 3 SPECIFICATION ario ias 4 2 WIGTOWALE ODO CAM srt AAA A A Na IAE 4 212 TOCHIGI SO CCIIC AMON sete Letras sachet AAA ace ocd eet cen aad 4 BASE INSTALLATION o io ea ate ee eet 7 cA HARDWARE INSTALLATION sic ota ataron 7 3 1 1 SISTE FICGUINCINCINS 2 a E E 7 312 PACK AGC CONTEST A E E 7 10 Panel FUNCUOMDOSCHDIOANS irrastiiiin dla E a AA AE di A a 8 3 1 4 ASAS OS eee RE eRe oda 9 30 SOFTWARE CONFIGURATION ii da 10 3 2 1 QUITE CONAN aia 10 DEE User LOGIN PORRO pita A A At is 18 WEB INTERFACE CONFIGURATION ccccssssssesssseeceeeeeeeeeeeeeessnnsnssesssceneoeeeeeeeeeeseeeessssaanseesssseeeeoseeseeeeeees 20 4 1 SYSTEM CONFIGURATION g orne a e a dba 21 4 1 1 GON OUN AU ON Wizard asies ar a a a a a eee 21 4 1 2 SV SISTA A ins Sas ands ie Sasa aden based te sees der eA Soda 22 4 1 3 WANTCGONT TAO A dais a A eae 23 4 1 4 WWAINZ Oc FANOVE scsce crs stcet A a cab antes A A a 26 4 1 5 LANI 4 CONQUE dida 28 4 1 6 Prive LAN GOO UT lO e 31 4 2 WISER AUTHENTICATION Secta iras ca 34 4 2 1 Au thenticaton CONNGQUIANON 202 A A A AE A 34 4 2 2 Black ist COMM OUIANON Sat A A a a A 50 4 2 3 PONY CONQUE 52 4 2 4 PAC GINON al CONNOUIAUOM 2 A A A eee
11. DMZ In enterprises network manager or MIS maybe usually ask their users to enable their proxy setting of the browsers such as IE Firefox or others to reduce the internet access loading so we need to set some proxy configuration in the Gateway Caution Some enterprises will automatically redirect packets to proxy server by using core switch or Layer 7 devices By the way the clients don t need to enable their proxy setting of browsers and you don t need to set any proxy configuration in the Gateway Please follow the steps to complete the proxy configuration E Gateway setting 1 Login Gateway by using admin 2 Click the Network Configuration from top menu and the homepage of the Network Configuration will appear 144 tem gt A ERA PS Configuration i Authentication Management M Jletwork Address Translation r Privilege List n Network Address e Translation f Monitor IP List Privilege List Waled Garden List i Monitor IP List E Proxy Server Properties id Dynamic DNS 1 4 Proxy Server IP Mobility Properties Dynamic DNS Walled Garden List IP Mobility Network Configuration Network Configuration AMG 2000 provides 3 types of network address translation OM Demilitarized zone Public Accessible Server and IP Port Redirect System provides Privilege IP Address List and Privilege MAC Address List Sys
12. aseo 6 Choose Set up my connection manually and EEAS then click Next Getting Ready J The wizard i preparing to set up pour Internet connection mT wil need pour account name password and a phone number for your ISF For a broadband account you won t need a phone number O Use the CD got from an ISP Cese 7 Choose Connect using a broadband New Connection Wizard connection that is always on and then click Internet Connection A How do you want to connect to the Internet Next O Connect using a dial up modem This type of connection uses a modem and a regular or ISON phone line O Connect using a broadband connection that requires a user name and password This i a high speed connection using either a DSL or cable modem Your ISP may refer to this type of connection as PPPoE 13 connectio Cs ren 7 8 Finally click Finish to exit the Connection New Connection Wizard Wizard Now you have completed the setup Completing the New Connection Wizard our broadband connection should already be configured and ready to use IF your connection le not working properly click the following link To close this wizard click Finish tok Frit 131 TCP IP Network Setup In the default configuration AMG 2000 will assign an appropriate IP address to a client PC which uses DHCP to obtain IP address automatically Windows 95 98 2000 XP configures IP setup
13. lt tr gt lt td gt lt textarea name textarea cols 50 rows 15 align center readonly gt We may collect and store the following personal information e mail address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information you provide cannot be verified we may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your address or to answer additional questions to help verify your information Our primary purpose in collecting personal information is to provide you with a safe smooth efficient and customized experience You agree that we may use your personal information to provide the services and customer support you request resolve disputes collect fees and troubleshoot problems prevent potentially prohibited or illegal activities customize measure and improve our services and the site s content and layout compare information for accuracy and verify it with third parties We may disclose personal information to respond to legal requirements enforce our policies respond to claims that an activity violates the rights of others or protect anyone s rights property or safety We may also share your personal information with members of our corporate family to help detect and prevent potentially illegal acts
14. A measure of the number of times per second a signal in a communications channel changes state The state is usually voltage level frequency or phase angle Beacon Interval The frequency interval of the beacon which is a packet broadcast by a router to synchronize a wireless network Bit A binary digit Boot To start a device and cause it to load executing instructions Bridge A product that connects a local area network LAN to another local area network that uses the same protocol for example wireless Ethernet or token ring Wireless bridges are commonly used to link buildings in campuses Broadband A comparatively fast Internet connection Services such as ISDN cable modem DSL and satellite are all considered broadband as compared to dial up Internet access There is no official soeed definition of broadband but services of 149 100Kbps and above are commonly thought of as broadband Browser A browser is an application program that provides a way to look at and interact with all the information on the World Wide Web Cable Modem A kind of converter used to connect a computer to a cable TV service that provides Internet access Most cable modems have an Ethernet out cable that attaches to the user s Wi Fi gateway Client devices Clients are the end users Wi Fi client devices include PC Cards that slide into laptop computers mini PCI modules embedded in laptop computers and mobile computing devices as well
15. Change Admin Password Old Password Hew Password Verify Password J Apply Change Manager Password Change Operator Password Caution If the administrator s password is lost the administrator s password still can be changed through the text mode management interface on the serial port console printer port 112 4 5 2 Backup Restore Settings This function is used to backup restore the AMG 2000 settings Also AMG 2000 can be restored to the factory default settings here Backup current system settings Restore system settings File Name Browse Reset to the factory default settings Backup current system settings Click Backup to create a db database backup file and save it on disk File Download E Do you want to open or save this file a Name 20050303 db Type Data Base File From 10 2 3 0 oen soe ead MW Always ask before opening this type of file While files from the Internet can be useful some files can potentially harm pour computer IF you do not trust the source do not open or save this file Whats the risk e Restore system settings Click Browse to search for a db database backup file created by AMG 2000 and click Restore to restore to the same settings at the time the backup file was created e Resetting to the factory default settings Click Reset to load the factory default settings of AMG 2000 113 4 5 3 Firmware Upgrade The
16. If WAN Failover function is enabled when WAN1 connection fails the traffic will be routed to WAN2 automatically If Failback to WAN1 when possible function is enabled when WAN1 connection is recovered the routed traffic will be back to WAN1 Probe Target URL http www google com URLE http fae URLS http o WWAN Failover Fallback to 41 when possible d Warning of Internet Disconnection Dynamic IP Address Select this when WAN2 Port can obtain IP address automatically such as a DHCP Server available from WAN2 Port You can enter up to three URLs and check Warning of Internet Disconnection to work with the WAN Failover function 21 WAN Port Failover Wil amp Failover None Static IP Address Dynamic IP Address Probe Target A o URLE mt URLS Hip o Dl WAN Failover d Warning of Internet Disconnection For Dynamic IP Address WAN Failover and Fallback to WAN1 when possible also can be enabled like as the function for Static IP Address WAN Port Failover WAN amp Failover D Mone Static IP Address Dynamic IP Address Probe Target URLI https werw googlecom URLE hte URLS hte WAN Failover Fallback to WWAMW when possible E Warning of Internet Disconnection 4 1 5 LAN1 4 Configuration Clients access the network through LAN1 4 ports must log in for authentication first In this section you can set the related configuration for LAN1 4 ports and DHCP se
17. Status 11 3 Then run the configuration wizard to help you complete the configuration Click System Configuration to the System Configuration homepage System Configuration Conti UF ator Wizard E is System Configuration Configuration Wizard This wizard will guide you through basic system setup Configure system and network related parameters system name administrator information SNMP and time zone Clients will be directed to URL entered in the Home Page field after WAN amp Failover y successful login Administrator may limit remote administration access to a specific e ESTERS INN IP address or network segments When enabled only devices with such IP address or from this network segment may enter system s administration web interface remotely Network Time Protocol NTP Server setting allows the system to synchronize its timefdate with external time server A A SRE E LAN 4 Configuration Private LAN Configuration WAN1 Configuration Configure static IP DHCP PPTP or PPPoE client on VAN port Configure static IP DHCP on WAN port The Internet Connection MANNE BEAM Detection and WAN Failover are also configured here Clients from LANT 4 ports must login before accessing netyork except those devices listed on the IP MAC Privilege List The LANI 4 operates in MAT mode or Router mode Available options include DHCP Server and DH
18. 1 Change Admin s Password Enter a new password for the admin account and retype it in the verify password field twenty character 12 maximum and no spaces The field with red star is necessary to fill in Click Next to continue Step 2 Choose System s Time Zone Select a proper time zone via the pull down menu Click Next to continue Step 3 Set System Information Home Page Enter the URL that users should be directed to when successfully authenticated or use the default NTP Server Enter the IP address or domain name of external time server for AMG 2000 time synchronization or use the default DNS Server Enter an IP address of DNS Server Contact your network administrator if you are not sure of the DNS IP Address Click Next to continue Step 4 Select the Connection Type for WAN Port There are three types for WAN1 port to select in wizard Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type and click Next to continue 13 Step 1 Change Admin s Password You may change the Admin s account password by entering in a new password Click Next to continue New Password eres A Verify Password res A Static IP Address Dynamic IP Address Step 2 Choose System s Time Zone Select the appropriate time zone for the system Click Next to continue GMT 08 00 Taipei y Step 3 Set System Information Enter System Information Click Next to c
19. 1 a ID admin Password 11234 Auto Discovery Status Disabled Configure AP List MAC Address Name IP Address Password Template Add 00 11 68 500563 INEWDEW 000 192 168 2 2 11234 TEMPLATE D Total 11 First Prey Next Last Last discovery was at 2006 June 28 13 49 40 Click Configuring to go on the related configuration For the details please refer to 4 3 1 AP List AP List IP EE AP Type AP Name Status MAC 192 168 2 2 E WAP 0006 MNEWDODE 00007 configuring 00 11 68 30 85 63 Reboot Enable Disable Delete Apply Template Total 1 First Prey Next Last Auto Discovery click Configure to enter Auto Discovery interface to go on related configuration 96 AP Discovery Private LAN TO Base IP 92 168 21 Pool Size f 2 interface LANi 4 FO Base ip 18216814 Pool Size 12 AP Type WAP 0006 iPadirsss ER 192 168 2 1 i Range hazteaz AP Access End IP M92168 2 1 Discover ID ladmin Password 1234 Auto Discovery status Disabled Configure The Interface and AP Access configuration is the same as the settings mentioned above For the Auto Discovery Status when you enable this function the system will scan once every 10 minutes or the time you set If any AP is discovered and Auto Add AP enabled it will be assigned an available IP from the IP pool set within the interfaces and applied with the selected template Auto Discovery Private LAN Base IP 192 168 231 Pant Site E
20. 2 First Prev Mex Last You can check any AP and then click the button below to Reboot Enable Disable and Delete the checked AP AP List Ip E AP Type AP Name Status MAC 10 171 1 129 NE 7 WWAP OO06 NEWDEY o0002 NUERA 00 06 22 E 7C AA FB Enabled 10 171 1 130 Online WAP 0006 MNEWDEW 00003 a ME 00 06 22 E 70 B5 14 Enabled Reboot Enable Disable Delete Apply Template Total 2 First Prev Mex Last Click Apply Template to select one template to apply to the AP E http 10 2 3 171 AMG 2000 Microsoft Internet Explorer l i TA fel xj TEMPLATES y APPLY CANCEL Template TEMPLATES SSID apmat Channel 11 Transmisstion Rate Auto security Disabled PERRA trternet 86 e AP Name Click AP Name and enter the interface about related settings There four kinds of settings General Settings LAN Interface Setting Wireless Interface Setting and Access Control Setting Click the hyperlink to go on the configuration General Settings Name MEWDEY00002 setting Remark Mone Firmware 1 20 LAN interface Setting IP 192 168 2 2 E Mode Static F Wireless Interface Setting SSID apmat Wireless LAN Channel 11 security Type Disabled Access Control Setting Status Disabled Access Control Mode Allowed Number of MAC Addresses General Setting Click Setting to enter the General Setting interface You can revise the AP Name Admin Password and Remark Besides you can see
21. A Status Enabled WINS IP Address MA Private LAN DHCP Server Start IP Address 192 168 2 1 End IP Address 1927 166 7 100 Lease Time 1440 Minis MAC Address The MAC address of the WAN1 port IP Address The IP address of the WAN1 port Subnet Mask The Subnet Mask of the WAN1 port MAC Address The MAC address of the WANZ2 port WAN2 IP Address The IP address of the WAN2 port Subnet Mask The Subnet Mask of the WAN2 port Mode The mode of the LAN1 4 port MAC Address The MAC address of the LAN1 4 port LAN1 4 IP Address The IP address of the LAN1 4 port Subnet Mask The Subnet Mask of the LAN1 4 port Enable disable stands for status of the DHCP server on the LAN1 4 port LAN1 4 not configured 118 Subnet Mask The Subnet Mask of the private port Enable disable stands for status of the DHCP server on the private port WINS IP Add The WINS server IP on DHCP server N A means that it is i ress A not configured DHCP Server start IP Address The start IP address of the DHCP IP range End IP address The end IP Address of the DHCP IP range Lease Time Minutes of the lease time of the IP address 4 6 3 Current Users In this function each online user s information including Username IP MAC Pkts In Bytes In Pkts Out Bytes Out Idle Source AP and Kick Out will be shown Administrator can force out a specific online user by clicking the hyperlink of Logout and check the user access AP status by click
22. Add User to List 91 4 2 3 Policy Configuration There are 8 policies and one Global Policy in Policy Configuration Except Global Policy each Policy has three profiles Firewall Profile Specific Route Profile and Schedule Profile as well as Total Bandwidth Individual Maximum Bandwidth and Individual Request Bandwidth setting for that policy Policy 1 8 Policy Configuration Select Policy Policy 1 Firewall Profile Setting Specific Route Profile Setting schedule Profile Setting Total Bandwidth Unlimited Individual Maximum Bandwidth Unlimited individual Request Bandwidth Mone gt Select Policy Select Policy 1 Policy 8 Policy Configuration Select Policy Policy 1 Firew setting Specific Setting Sched Setting Unlimited With Unitirnited individual Request Bandwidth Hone indr adual Ma gt Firewall Profile Click the hyperlink of Setting tor Firewall Profile the Firewall Profiles list will appear Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active to enable that rule 92 Prolicy Name Firewall Profile 1 Firewall Policy Source Fiter Rule Hem Active Action Name Protocol MAC Destination ANY 1 ES Block ALL AMY AMY 2 C Block ALL AMY ANY El FS Block ALL ANY ABY 4 L Block ALL AMY ANY 5 B Block ALL Ary Edit Filter Rule
23. Default Gateway IP Address v Specific Route Profile Destination Gateway Route item IP Address Subnet Hetmask IP Address 1 sd aaea 2 sd 255 255 255 255 132 pe 3 255 255 255 255 32 4 255 265 255 255 32 256 266 255 255 32 v E 255 255 265 255 32 7 255 265 265 255 32 8 255 265 255 265 32 9 sd aa 10 25 255 255 26532 we AI Profile Name The profile name can be changed here Default Gateway Choose an appropriate default gateway from the drop down menu or enter an IP address manually into the blank Check the Enable box to enable this function Destination IP Address The destination IP address of the host or the network Destination Subnet Netmask Select a destination subnet netmask of the host or the network Gateway IP Address The IP address of the next router to the destination Schedule Profile Click the hyperlink of Setting for Schedule Profile to enter the Schedule Profile list Select Enable to show the list This function is used to restrict the time the users can log in Please enable disable the desired time slot and click Apply to save the settings These settings will become effective immediately 54 after clicking the Apply button Profile Name Schedule CO Enabled Disabled Profile Name Schedule 2 Enabled Disabled Login Schedule Profile HOUR SUN MON TUE WED THU FRI SAT 00 00 00 59
24. IP Enter the IP address domain name given by your ISP Port Enter the Port given by your ISP The default value is 110 Enable SSL Connection If this option is enabled the POP3s protocol will be used to encrypt the authentication 45 Authentication Method Radius Choose Radius in the Authentication Method field the hyperlink beside the pull down menu will become Radius Setting and there is a hyperlink of Edit Policy Mapping shows beside Policy Authentication Server Server 1 Server Name Sever et server name Server Status Enabled Postfix Posti s postfix name Black List None Authentication Method Radius y Radius Setting Local User POPS Radius LDAP ge NTE o0main o cea Policy Edit Policy Mapping Click the hyperlink for further configuration The Radius server sets the external authentication for user accounts Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red asterisks are necessary information These settings will become effective immediately after clicking the Apply button Radius Setting 902 1 Authentication Enabled Disabled Trans Full Name Enabled Disabled Primary RADIUS Server Authentication Port Default 1812 Accounting Port Default 1943 secret Key HL Accounting Service Enabled Disabled Authentication Protocal PAP Secondary RADIU
25. In Bytes In Pkts Out and Bytes Out of user activities Traffic History 2005 03 22 Date Type Mame IF MAC Pkts In Bytes In Pkts Out Bytes Out 0005 03 22 19 12 21 0800 LOGIN userl local tw 192 165 1 145 00 D00 C09 42 37 20 o 0 2eU05 Us 22 19 12 24 0000 LOGOUT userl local tw 192 160 1145 00 D0 C9 42 37 20 3 2D 2D 2005 03 22 19 12 29 0800 LOGIN user flocal tv 192 168 1 143 00 D0 C9 42 37 20 O O 0 2005 03 22 19 12 32 40800 LOGOUT user2 local tw 192 166 1 145 OO DO C9 42 37 20 3 252 252 2005 03 22 19 13 51 40800 LOGIN userl local tw 192 168 1 1 OO D0 C9 60 01 01 o o Sew So e On demand User Log As shown in the following figure each line is a on demand user log record consisting of 13 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out Expiretime Validtime and Remark of user activities 120 Date 2005 03 22 17 55 58 0800 0005 03 22 17 56 03 0800 2005 03 22 17 56 07 08 00 System Name Hy Service Hy Service My Service On demand User Log 2005 03 22 Type Mame IP MAC Create OD MserP4sP 0 0 0 000 00 00 00 00 000 Create_OD User67Hb 0 0 0 000 00 00 00 00 000 Create OD Userde6bD 0 0 0 000 00 00 00 00 000 e Roaming Out Traffic History In 0 0 0 In 0 Fkts Bytes Pkis Bytes Cut D Cut 2005 03 25 y 17 55 58 one 2005 03 25 y 17 56 03 ane 2005 03 25 jy 17 56 07 aus Expiretime Validtime Remark 2 hra DO mins 2 hra DO mins
26. Network Also referred to as WLAN A type of local area network that uses high frequency radio waves rather than wires to communicate between nodes WPA Enterprise Wi Fi Protected Access Stands for Wi Fi Protected Access Enterprise It is Wi Fi s encryption method that protects unauthorized network access by verifying network users through a server WPA Personal Stands for Wi Fi Protected Access Personal It is Wi Fi s encryption method that protects unauthorized network access by utilizing a set up password WPA2 Wi Fi Protected Access version 2 The follow on security method to WPA for Wi Fi networks that provides stronger data protection and network access control 160
27. Port of Destination and the IP Address and Port of Translated to Destination According to the different services provided choose the TCP protocol or the UDP protocol These settings will become effective immediately after clicking Apply 104 Destination Translated to Destination pas IP Address Port IP Address Port dos im ee y ATEO y ATEO Oe 0 RATO eR y ATEO 0 RATO eR RAE Oe 0 REO eR 9 RAE be AO eR nr Totalc40 First Prey Next Las 4 4 2 Privilege List There are two parts Privilege IP Address List and Privilege MAC Address List need to be set Privilege List Privilege IP Address List Privilege MAC Address List e Privilege IP Address List If there are some workstations belonging to the managed server that need to access the network without authentication enter the IP addresses of these workstations in this list The Remark blank is not necessary but is useful to keep track AMG 2000 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply 105 Prilege IP Address List item Privilege IP Address Remark Warning Permitting specific IP addresses to have network access rights without going through standard authentication process at the LAN1 LAN4 port may cause security problems e Privilege MAC Address List In addition to the IP address you can also set the MAC address of the workstations that need to access the n
28. Server IP www 2k3lab idv tw Port 389 Base DN ou 0U dc 2k3lab dc idv dc tw Account Attribute CN ES Actire Dercbory Lire ll amp ra De te yee grde ep li AAA ESE E E E AN FREH ELBEBEs PU 4 3 3 server F Fort Base ON Account Attribute Server IF Fort Base DN Account Attribute Active Decor Liners and Computer il Sabjete ccc Properties E Ea Remote control Terminal Services Profile COM Member Of Dial in Environment Sessions General Address Account Profile Telephones Organization User logon name ced 2k Slab idv tv hi User logon name preti indows 2000 ZK3LABS CEC Logon Hours Log On To F Account te locked out Account options T User must change password at nest logon User cannot change password e Password never expires Store password using reversible encryption Account expires Never f End of Wednesday Map 24 2006 Cancel ae Primary LOAP Server Domain NamelP Default 329 CN dc dc Default uidi Secondary LDAP Server Note Usually the users are created under the CN users and the Base DN will be CN users dc 2k3lab dc idv dc tw The Account Attribute of Windows Server will only be CN and that of Linux 139 could be CN or uid 140 8 Appendix D Proxy Setting for Hotspot HotSpot is a place such as coffee shops hotels or other public a
29. Static IP Address O Dinamic IP Address PPPoE Client Username k Password z WANT Port MTL 11492 bytes Range 1 000 1497 CLAMPMSS fison bytes Range 380 14007y Maximum Idle Time lo minutes Dial on Demand Enabled Disabled PPTP Client PPTP Client Set WAN1 port to connect to external PPTP server to establish PPTP VPN tunnel You can select Static to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically The fields with red mark are required Please fill in these fields There is a Dial on demand function under PPTP If this function is enabled you can set a Maximum Idle Time When the idle time is reached the system will automatically disconnect itself WAN1 Configuration Static IP Address Dynamic IP Address PPPoE Client PPTP Client Type Static DHCP IP Address tl subnet Mask sd Default Gateway fs Preferred DNS Server e VWAN1 Port Alternate DNS server PPTP Server IP H Username Password H PPTP Connection ID Name O Maximum Idle Time minutes Dial on Demand Enabled Disabled 20 WANT Configuration Static IP Address O Dinamic IP Address O PPPoE Client PPTP Client Type Static DHCP PPTP Server IP WAN Port Username Password E PPTP Connection IbJMame Maximum Idle Time lo minutes Dial on Demand Enabled Disabled 4 1 4 WAN2 amp Failover Except select No
30. There are 2000 On demand user accounts available E Welcome Username 7 28X da ondemand PassWward SF BWA Price 20 Usage 2 hrs O mins ESSID Share WEP Keys Vaild ta use until 2007 01 08 14 22 30 Thank You Billing Report Click this to enter the On demand users Summary report page In On demand users Summary report page Administrator can get a complete report or a report of a particular period 38 Report All From year gt month day amp To year month f day Search gt Report All Click this to get a complete Report All Accounts sold in total Plant Plan2 expenses and individual accounting of Plan3 report including all the on demand records This report shows the total each plan for all plans available Plana Plans Plan Plan Plang Plang Plan10 Total income CO OJ GE Olla COJO O RS fs Jen EA Income from tickets sold for time users E Income from tickets sold fol volume users gt Search Select a time period to get a Report from 2005 06 25 2005 00 29 Accounts sold in total Plant Plan each plan for all plans available for that pyan3 period report The report tells the total expenses and individual accounting of period of time Plana Plan5 Plang Plan Plang Plano Plan10 Total income So ropoppo To DO0 DO O ro fj he E mm Income from tickets sold for time users Jen l Income from tickets
31. While IP takes care of handling the actual delivery of the data TCP takes care of keeping track of the packets that a message is divided into for efficient routing through the Internet For example when a web page is downloaded from a web server the TCP program layer in that server divides the file into packets numbers the packets and then forwards them individually to the IP program layer Although each packet has the same destination IP address it may get routed differently through the network At the other end TCP reassembles the individual packets and waits until they have all arrived to forward them as a single file TCP IP 158 The underlying technology behind the Internet and communications between computers in a network The first part TCP is the transport part which matches the size of the messages on either end and guarantees that the correct message has been received The IP part is the user s computer address on a network Every computer in a TCP IP network has its own IP address that is either dynamically assigned at startup or permanently assigned All TCP IP messages contain the address of the destination network as well as the address of the destination station This enables TCP IP messages to be transmitted to multiple networks subnets within an organization or worldwide TFTP Trivial File Transfer Protocol A version of the TCP IP FTP protocol that uses UDP and has no directory or password capability UDP User Data
32. administrator can download the latest firmware from website and upgrade the system here Click Browse to search for the firmware file and click Apply to go on with the firmware upgrade process It might be a few minutes before the upgrade process completes and the system needs to be restarted afterwards to make the new firmware effective Hote For maintenance issues we strongly recommend you backup system settings before upgrading firmware Firmware Upgrade Current Version 1 00 81 File Name Browse Warning 1 Firmware upgrade may cause the loss of some of the data Please refer to the release notes for the limitation before upgrading the firmware 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or the restart process It may damage the system and cause it to malfunction 4 5 4 Restart This function allows the administrator to safely restart AMG 2000 and the process should take about 100 seconds Click YES to restart AMG 2000 click NO to go back to the previous screen If you need to turn off the power we recommend you to restart AMG 2000 first and then turn off the power after completing the restart process Do you want to Restant AMG 20007 Caution The connection of all online users of the system will be disconnected when system is in the process of restarting 114 4 6 Status This section includes System Status Interface Status Curren
33. buffer The program helps users to print out their bootup messages instead of copying the messages by hand Main menu Go back to the main menu Change admin password Besides supporting the use of console management interface through the connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password The username is admin and the default password is also admin which is the same as for the web 126 management interface You can use this option to change the administrator s password Even if you forgot the password and are unable to log in the management interface from the web or the remote end of the SSH you can still use the null modem to connect the console management interface and set the administrator s password again Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the AMG 2000 Admin username and password after logging in the system for the first time Reload factory default Choosing this option will reset the system configuration to the factory defaults Restart LevelOne AMG 2000 Choos
34. connection is mot present 2 Choose the Connections label and then click f Weyer dial a connection Always dial my default connection current Hone Seb Pekault Local Area Network LAM settings LAN Settings OK Cancel Apply Internet Connection Wizard Welcome to the Internet Connection Wizard 3 Choose I want to set up my Internet connection manually or want to connect through a local Area network LAN and then click Next The Internet Connection wizard helps you connect your computer to the Internet You can use this wizard to set up a new or existing Internet account want to sign up for a new Internet account My telephone line is connected to my modern want to transfer my existing Internet account to this computer My telephone line is connected to my modern want to set up my Internet connection manually or want to connect through a local area network LAN To leave your Internet settings unchanged click Cancel To learn more about the Internet click Tutorial Tutorial 1 28 Cancel 4 Choose I connect through a local area network LAN and click Next 5 DO NOT choose any option in the following LAN window for Internet configuration and just click Next 6 Choose No and click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up has been completed 129 Internet
35. connection to the Internet C Auto detect proxy settings for this network e Manual proxy configuration HTTP Proxy 10 2 3 203 Use this proxy server for all protocols No Proxy for 192 168 1 254 1 1 1 1 Example mozilla org net nz 192 168 1024 O Automate proxy configuration URL Ll Y 10 Appendix E Glossary 802 11 standard A family of wireless Local Area Network specifications The 802 11b standard in particular is seeing widespread acceptance and deployment in corporate campuses as well as commercial facilities such as airports and coffee shops that want to offer wireless networking service to their patrons 802 11a An IEEE specification for wireless networking that operates in the 5 GHz frequency range 5 725 GHz to 5 850 GHz with a maximum of 54 Mbps data transfer rate The 5 GHz frequency band is not as crowded as the 2 4 GHz frequency because the 802 11a specification offers more radio channels than the 802 11b These additional channels can help avoid radio and microwave interference 802 11b International standard for wireless networking that operates in the 2 4 GHz frequency range 2 4 GHz to 2 4835 GHz and provides a throughput up to 11 Mbps This is a very commonly used frequency Microwave ovens cordless phones medical and scientific equipment as well as Bluetooth devices all work within the 2 4 GHz frequency band 802 11g Similar to 802 11b but this standard
36. designed for small to medium sized network deployment and management making it an ideal solution for easily creating and extending WLANs in SMB offices With its user management features administrators will be able to manage the whole process of wireless network access In addition Access Point AP management functions allow administrators to discover configure upgrade and monitor all managed APs from a single secured interface and from there gain full control of entire wireless network Simplified Deployment and Administration Ease of integration into existing wireless and wired network No configuration change is required on client devices Customizable login portal page to control the authentication process Ability to manage the entire wireless network from a single point e Comprehensive Security Features Integrated user authentication based on industry standards Authorized end to end communication for both wireless and wired networks Standards based encryption capabilities ensure data privacy to user s device Protection against DoS attack and unauthorized access points e Effective User Management Simultaneous support for internal and external user authentication options Policy based control approach enhances the management of multiple categories of users On line user list monitors real time status of each individual user Provides detailed per user traffic history log for analysis and record keeping e Centralized AP Management Centraliz
37. dial up telephone network ISDN uses standard POTS copper wiring to deliver voice data or video ISP Internet Service Provider A company that provides access to the Internet LAN Local Area Network A system of connecting PCs and other devices within the same physical proximity for sharing resources such as an Internet connections printers files and drives When Wi Fi is used to connect the devices the system is known as a wireless LAN or WLAN LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories LDAP is based on the standards contained within the X 500 standard but is significantly simpler And unlike X 500 LDAP supports TCP IP which is necessary for any type of Internet access Because it s a simpler version of X 500 LDAP is sometimes called X 500 lite Although not yet widely implemented LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information such as email addresses and public keys Because LDAP is an open protocol applications need not worry about the type of server hosting the directory Local User A user that has signed up for an account from a specific ezboard community enabling the user to participate only in that ezboard as a registered user Global user registration from the ezboard home page is recommended for full access to all ezboard communities and the Control Center MAC
38. network administrator in IP address Subnet mask and DNS address es and then click OK amp Control Panel elk File Edit View Favorites Tools Help Check the TCP IP Setup of Window XP Do O On Ej roles E S G Control Panel 1 Select Start gt Control Panel gt Network Connection ae ca Add Hardware Administrative Date and Time witch to Category View ptions See Also SS EH gt Y Display Folder Options Internet Rp Windows Update Controllers Options O Help and Support amp 5 j do E Y Keyboard Mouse Network Phone and Power Options cs Y Modem 2 e 3 9 Printers and Regionaland Scannersand Scheduled Sounds and Faxes Language Cameras Tasks Audio Devices g e e Speech System Taskbar and User Accounts YMware Tools 2 Click the right button of the mouse on the Local Area Miicaca File Edit View Favorites Tools Advanced Help Connection icon and select Properties Q BP seach E Fods E s Network Connections LAN or High Speed Internet Network Tasks ocal Area Connection E Create ias nabled connection a a iy 9 Set up a home or small Disable office network Status amp Disable this network nee device par EN Repair this connection Bridge Connections mij Rename this connection view status of this connection Change settings of this connection Create Shortcut Rel Other Places G Control Panel My Networ
39. service providers under contract who help with our business operations such as fraud investigations and bill collection other third parties to whom you explicitly ask us to send your information or about whom you are otherwise explicitly notified and consent to when using a specific service law enforcement or other governmental officials in response to a verified request relating to a criminal investigation or alleged illegal activity In such events we will disclose name city state telephone number email address User ID history and fraud complaints xxxxx participants under confidentiality agreement as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud intellectual property infringement piracy or other unlawful activity In such events we will disclose name street address city state zip code country phone number email and company name and other business entities should we plan to merge with or be acquired by that business entity Should such a combination occur we will require that the new combined entity follow this privacy policy with respect to your 69 personal information lf your personal information will be used contrary to this policy you will receive prior notice Without limiting the above in an effort to respect your privacy and our ability to keep the community free from bad actors we will not otherwise disclose your personal information to law enforc
40. text css gt lt title gt Login lt title gt lt script language javascript1 2 gt var pham document cookie var disableButton false function getCookie name name append to name string var i 0 index of first name value pair while i lt pham length var offset name length end of section to compare name string if oham substring i offset name if string matches var endstr pham indexOf offset end of name value pair if endstr 1 endstr pham length return unescape pham substring offset endstr return cookie value section function CodeCookie str var strRtn pham indexOf i 1 move i to next name value pair if 1 0 break no more values in cookie string return null cookie not found for var i str length 1 i gt 0 i 65 strRtn str charCodeAt i if 1 strRtn a return strRtn function DecodeCookie str var strArr var strRtn strArr str split a for var i strArr length 1 i gt 0 i strRtn String fromCharCode eval s return strRtn function MM_swaplmgRestore v3 0 var i x a document MM_s r for i 0 a amp amp i lt a length amp amp x ali amp amp x oSrc i x src x oSrc function MM_preloadimages v3 0 var d document if d images if d MM_p d MM_p new Array var d MM_p length a MM_preloadlmages ar
41. the hyperlink of the AP name for Source AP Click Refresh is to update the Current Users List page Current Users List Username Pkts In Bytes In Source AP tem Idle IP MAC Pkts Out Bytes Out Kick Cut OF as fo 339553 AAFB 123 1 T2 10 171 1 249 00 40 96 41AFDDO bog TO3T3 Logout Click the Source AP to get the information of all associated client of the source AP Client List No MAC User 1D TX Packet RX Packet Rate Hower Exp aioe is 5 Saving countdown 00 40 96 31 af dd 02051 135 422 5d Yes 266 4 6 4 Traffic History This function is used to check the history of AMG 2000 The history of each day will be saved separately in the DRAM for 3 days 119 Traffic History Date Size Byte 2007 01 05 B45 On demand User Log Date Size Byte 2007 01 05 239 Roaming Out Traffic History Date Size Byte 2007 01 05 106 Roaming in Traffic History Date Size Byte 2007 01 05 112 Caution Since the history is saved in the DRAM if you need to restart the system and also keep the history then please manually copy and save the information before restarting If the History Email has been entered under the Notification Configuration page then the system will automatically send out the history information to that email address e Traffic History As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts
42. time and data volume for both local and on demand accounts Traffic history report in an automatic email to administrator e System Administration Multi lingual web based management UI SSH remote management Remote firmware upgrade NTP time synchronization Backup and restore of system configuration 3 Base Installation 3 1 Hardware Installation 3 1 1 System Requirements e Standard 10 100BaseT including five network cables with RJ 45 connectors e All PCs need to install the TCP IP network protocol 3 1 2 Package Contents The standard package of AMG 2000 includes e AMG 2000 x 1 e CD ROM x 1 e Quick Installation Guide x 1 e Power Adaptor DC 5V x 1 e Cross Over Ethernet Cable x 1 e Straight through Ethernet Cable x 1 e Console Cable x 1 Warning Using a power supply with different voltage rating will damage this product 3 1 3 Panel Function Descriptions Front Panel Status for Normal Startup gt Flashing during system startup gt Steady ON to indicate the system is in Normal Operation mode in Restart Operation gt Flashing status LED is flashing if the Reset bottom is pressed for more than 3 sec and released in less than 10 sec When the Status LED starts flashing is the Indication that the system has been successfully restart gt Steady ON status LED will switch from flashing to steadily ON if the Reset bottom is pressed over 10 sec to indicate the user that the system has been reset to fa
43. to Obtain an IP address automatically in default settings If you want to check the TCP IP setup or use a static IP to connect to AMG 2000 LAN port please follow the following steps Check the TCP IP Setup of Window 9x ME 1 Choose Start gt Control Panel gt Network 2 Choose Configuration label and select TCP IP gt AMD PCNET Family Ethernet Adapter PCI ISA and then click Properties Now you can choose to use DHCP or specific IP address 3 1 Using DHCP If you want to use DHCP please choose Obtain an IP address automatically on the IP Address label and click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from AMG 2000 132 9 Control Panel File Edit View Go Favorites Help e fly BAI 232 X qe Back Forward Up Cut Copy Paste Undo Delete Properties Views PAS 142 Accessibility AddNew Add Remove Date Time Options Hardware Programs Control S Pr Panel 9 4 amp Display Fonts Game Internet Network Controllers Options Configures network A c pa hardware and software sg 3 gt ody Keyboard Modems Mouse Multimedia Microsoft Home Technical Support ODBC Data Passwords Power Sources 32bit Management Cn A ab ral El Configures network hardware and sol E My Computer Network Ea Configuration Identification Accezz Control
44. up a color and then fill in all of the blanks You can click Preview to see the result first Login Success Page Selection for Users Default Page Template Page CO Uploaded Page CO External Page Template Page Setting Color for Tithe Background select RGB values in hex mode Color for Tithe Text Select RGB values in hex mode Color for Page Background select RGB values in hex mode Color for Page Text Select RGB values in hex mode Title Login Succeed Page Welcome Hen SSSSSCi Information Please click this buttonto Logout aa Information Than ss lt sSCSCisS Login Time Login Tine Preview c Choose Uploaded Page and you can get the login success page by uploading Click the Browse button to select the file for the login success page upload Then click Submit to complete the upload process Login Success Page Selection for Users Default Page Template Page Uploaded Page CO External Page Uploaded Page Setting File Name Browse Submit Existing Image Files Total Capacity 512 K Now Used 0K Upload Image Files Upload Images Browse Submit Preview After the upload process is completed the new login success page can be previewed by clicking Preview 77 button at the bottom Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the u
45. will be directed to URL entered in the Home Page field after successful login Administrator may limit remote administration access to a specific WAHT Configuration System Information WAI Failover SSeS oe LAN 4 Configuration IP address or network segments When enabled only devices with such IP address or from this network segment may enter system s administration web interface remotely Network Time Protocol NTP Server setting allows the system to Private LAN Configuration synchronize its timefdate with external time server WAN1 Configuration Configure static IP CHEF PPTP or PPPoE client on ANI port Configure static IPF DHCP on WAN port The Internet Connection ME BEAM Detection and WAN Failover are also configured here Clients from LANT 4 ports must login before accessing netyork except those devices listed on the IP MAC Privilege List The LANI 4 operates in MAT mode or Router mode Available options include DHCP Server and DHCP Relay Clients from Private LAN ports will not be authenticated The Private LAN operates in MAT mode or Router mode Available options include DHCP Server and DHCP Relay 80 LAN1 4 Configuration Private LAN Configuration 4 1 1 Configuration Wizard Please refer to 3 2 2 User Login Portal Page for the detail description of Configuration Wizard Configuration Wizard ANMG 2000 is a Network Acc
46. 0 8 n 1 Bits per second Data bits Parity Stop bits Flow control Restore Defaults caca dom Caution the main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of AMG 2000 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or the main menu should appear If you are still unable to see the welcome screen or the main menu of the console please check the connection of the cables and the settings of the terminal simulation program LeveloOne AMG 2 000 Basic Configuration Please select functions Utilities for network debugging Change admin password Reload factory default Restart LevelOne AMG 2z000 125 Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follow Y VV WV gt LevelOne AMG 2000 configuration Utility Please select utility Ping host IF Trace routing path Display interface settings Display routing table Display ARP table Display
47. 00 00 00 00 00 19 Access Control Disabled Access Control Enabled Control List 00 00 00 00 00 02 00 00 00 00 00 04 00 00 00 00 00 06 00 00 00 00 00 08 00 00 00 00 00 1 0 00 00 00 00 00 1 2 00 00 00 00 00 1 4 00 00 00 00 00 7 6 00 00 00 00 00 1 8 00 40 96 41 4F dd gt Associated Client Status The table shows the clients connecting to the AP and the related information of the client Client List No MAC User TX Packet RX Packet Rate Powel Expiration ID is s saving countdown 1 00 00 Safaaaadt MIA 2 E 11 Mo 300 94 4 3 2 AP Discovery Use this function to detect and manage all of the APs in the network segments AP Discovery Private LAN C Base IP 192 168 2 1 Pool Size 12 LAM 4 El Base IP 192 168 1 1 Pool Size 12 AP Type WAP 0006 IP Address Start IF 192 168 24 Range frazies21 AP Access End IP 1192168 2 1 a ID admin Password 1234 Auto Discovery status Disabled configure Discovered AP List Interface MAC Address Name IP Address Password Template Add Total 0 First Prey Next Last e To discover AP manually please fill in the required data gt Interface Check Private LAN or and LAN1 4 and enter the Base IP and Pool Size the discovered APs will be configured to use IP address among the pool gt AP Access Input the IP Address Range the default is 192 168 2 1 192 168 2 1 ID the default is admin and Password the default is 1234 of the AP Then click the Discover butto
48. 00BASE TX RJ 45 LAN Ports 4 x 10BASE T 100BASE TX RJ 45 Console Port 1 x RJ 11 LED Indicators 1 x Power 1 x Status 2 x WAN 1 x Private 4 x LAN 2 1 2 Technical Specification e Networking Supports Router NAT mode Supports Static IP DHCP PPPoE on WAN interface Configurable LAN ports authentication Supports IP Plug and Play IP PnP Built in DHCP server and supports DHCP relay Supports NAT 1 IP Port Destination Redirection 2 DMZ Server Mapping 3 Virtual Server Mapping Supports static route Supports SMTP redirection Supports Walled Garden free surfing zone Supports MAC Address Pass Through Supports HTTP Proxy e Security Supports data encryption WEP 64 128 bit WPA WPA2 Supports authentication WPA PSK WPA2 PSK IEEE 802 1x EAP MD5 EAP TLS CHAP PEAP Supports VPN Pass through IPSec and PPTP Supports DoS attack protection Supports user Black List Allows user identity plus MAC address authentication for local accounts User Management Supports up to 120 concurrent users Provides 500 local accounts Provides 2000 on demand accounts Simultaneous support for multiple authentication methods Local and On demand accounts POP3 S LDAP RADIUS NT Domain Role based and policy based access control per role assignments based on Firewall policies Routing Login Schedule Bandwidth Customizable login and logout portal page User Session Management 1 SSL protected login portal page Supports multiple logins wit
49. 88 se x PFHR ee HRAT Active Directory Users and Computers Ej Ele Action Weer Window pep algi e air H tmvrac Active Director Liners ered Compuber Cu 4 objects Y Peraracurtybrinapale 2g Delegate Control F Mays 137 Enter the Password and enter it again for confirmation A ice Ser The password must be six characters or more Depend on the request to check the four selections below Then click the Next The new user ccc is created successfully under the OU e Create im 2k3lab idw tw OU Password e Confirm password e User must change password at next logon User cannot change password T Account is disabled lt Back Cancel Mew Object User e Create in 2k3lab idw twr OU First name coc Initials Last name Full name CEC User logon name coc mak alab idw tm T User logon name pre Windows 000 2K3LABs ccc lt Back Cancel New Object User e Create in 2k3lab idw tw OU When you click Finish the following object will be created Full name coc User logon name cecak Slab idy buy The password never expires ed Cancel 138 Right click on ccc to view the properties ccc gt Properties Click the Account label and you will see the account information about ccc Then you can get the information to fill in the fields of LDAP Server For example
50. A W1300 Casper 213 OD User Logout N7E 192 168 30 189 00 0C F1 28 BF D8 32 14499 30 Remote Manage IP Set the IP range which is able to connect to the web management interface via WAN port For example 10 2 3 0 24 means that as long as you are within the IP address range of 10 2 3 0 24 you can reach the administration page of AMG 2000 If the IP range bit number is omitted 32 is used which specify a single IP address e SNMP AMG 2000 supports SNMPv2 If the function is enabled you can assign the Manager IP address and the SNMP community name used to access the management information base MIB of the system However for the external system SNMP is a read only function e User Logon SSL Enable to activate https encryption or disable to activate http non encryption login page e Time AMG 2000 supports NTP communication protocol to synchronize the system time with remote time server Please specify the local time zone and IP address of at least one server in the system configuration interface for adjusting the time automatically Universal Time is Greenwich Mean Time GMT You can also set the time manually when you select Set Device Date and Time GMT Please enter the date and time for the corresponding fields Device Hime 2007 01 05 14 03 03 f NTP Enable Time Set Device Date and Time GMT E vear month Day Hou jMinutej fSecond 4 1 3 WAN1 Configuration There are 4 connection types for th
51. CP Relay Clients from Private LAN ports will not be authenticated The Private LAN operates in MAT mode or Router mode Available options include DHCP Server and DHCP Relay 80 LAN1 4 Configuration Private LAN Configuration 4 Click the System Configuration from the top menu and the homepage of System Configuration will appear Then click on Configuration Wizard and click the Run Wizard button to start the wizard TN Configuration Wizard Configuration Wizard System Information gt AMG 2000 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a baseline strategy Please follow the wizard step by step to configure AMG 2000 n WA Configuration WAN Failover _ in 5 Configuration Wizard Configuration Wizard First of all you will see a welcome screen to briefly i i Welcome to the Setup Wizard The wizard will guide you through these introduce the 6 steps After a brief overview of the whole 6 quick steps Begin by clicking on Next process click Next to begin Step 1 Change Admin s Password Step 2 Choose System s Time Zone Step 3 Set System Information Step 4 Select the Connection Type for WAN Port Step 5 Set Authentication Methods Step 6 Save and Restart AMG 2000 Step
52. Configuration in which a wireless network is bridged to a wired network via an access point IP Internet Protocol A set of rules used to send and receive messages at the Internet address level IP address A 32 bit number that identifies each sender or receiver of information that is sent across the Internet An IP address has two parts an identifier of a particular network on the Internet and an identifier of the particular device which can be a server or a workstation within that network IPsec IP Security A set of protocols developed by the IETF to support secure exchange of packets at the IP layer IPsec 153 has been deployed widely to implement Virtual Private Networks VPNs IPsec supports two encryption modes Transport and Tunnel Transport mode encrypts only the data portion payload of each packet but leaves the header untouched The more secure Tunnel mode encrypts both the header and the payload On the receiving side an IPSec compliant device decrypts each packet For IPsec to work the sending and receiving devices must share a public key This is accomplished through a protocol known as Internet Security Association and Key Management Protocol Oakley ISAKMP Oakley which allows the receiver to obtain a public key and authenticate the sender using digital certificates ISDN Integrated Services Digital Network A type of broadband Internet connection that provides digital service from the customer s premises to the
53. Connect using BY AMD PCNET Family PEI Ethernet Adapter Components checked are used by this connection Ma etwork s Client for Microsoft M dl ill a AAAS tals fo tAicrosoft Hetenork internet Protocol TCP IP gt Install Description Transmission Control Protocol lnternet Protocol The detault wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected OK Cancel Uninstall Internet Protocol TCP 1P Properties 3 Aj xj General fou can get IF settings assigned automatically if your network supports thi capability Othenvise you need to ask your network administrator hor the appropriate IP settings IP address Subnet mask Betalt gateway Obtain DNS server address automatically C Use the following ONS server addresses Prefered DHS server 3 Internet Protocol TCP IP Properties ajx General You can get F settings assigned automatically if your network supports this capability Othermise you need to ask your network administrator hor the appropriate IP setings E Dbtajp as dds automatically tf Use the following IP address IP address Subnet mask Default gateway Preferred DMS seref Alternate DNS server Ok Cancel server address e Please choose Use the following IP address and enter the information given from the
54. Connection Wizard Setting up your Internet connection Internet Connection Wizard Local area network Internet configuration Internet Connection Wizard Set Up Your Internet Mail Account Internet Connection Wizard Completing the Internet Connection Wizard You have successfully completed the Internet Connection wizard Your computer is now configured to connect to your Internet account After you close this wizard you can connect to the Internet at any time by double clicking the Internet Explorer icon on your desktop m To connect to the Internet immediately select this box and then click Finish To close the wizard click Finish amp Control Panel Ea lx ay File Edit view Favorites Tools Help Windows XP y lt A F J gt search gt Folders Gi Address B Control Panel x So 2 Choose Start gt Control Panel gt Internet Option Rh cr O rs Accessibility Add Hardware Administrative Date and Time Switch to Category View Options iis Tools See Also BR D Display Folder Options Game Internet A windows Update Controllers Options 0 Help and Support Keyboard Network Phone and Power Options Connections Modem e 3 Printers and Regional and Scanners and Scheduled Sounds and Faxes Language Cameras Tasks Audio Devices gg y e e Speech System Taskbar and User Accounts Mware Tools Internet Properties General Security Privacy Content
55. Connections e To set up an Internet connection click 3 Choose the Connections label and then click aed Dial up and Virtual Private Network settings Setup Remove Choose Settings if you need to configure a proxy Settings server For a connection Never dial a connection Dial whenever a network connection is not present Always dial my default connection Current Mone Local Area Network LAN settings LAN Settings do not apply to dial up connections LAN Settings Choose Settings above For dial up settings New Connection Wizard Welcome to the New Connection Wizard This wizard helps you Connect to the Internet 4 Click Next when Welcome to the New Connection Connect to a private network such as your workplace network Wizard screen appears Set up a home or small office network To continue click Next New Connection Wizard Network Connection Type What do you want to do Connect to the network at my workplace Connect to a business network using dial up or YPN so you can work from home a field office or another location 5 Choose Connect to the Internet and then click ee ie eed co eee pela cera onnect to an existing home or small office network or set up a new one Next Set up an advanced connection Connect directly to another computer using your serial parallel or infrared port or set up this computer so that other computers can connect to it 130
56. F Management Gateway http ie eweli comi NA BISA NAS AIGA Disabled Enabled Disabled Disabled 0 0 0 0 0 0 0 0 Disabled 115 Retained Days 3 days History PLA Email To PA PA NTP Servel ftock usno nawe rmil Time Date Time 20064 0 05 14 05 35 0800 lille Timer 10 Mints Usel Multiple Login Disabled Preferred DNS Servel asa DNS Alternate DNS Servel 168 95 1 1 The description of the table is as follows Current Firmware Version The present firmware version of AMG 2000 The system name The default is AP Management System Name Gateway The page the users are directed to after initial login Home Page SUCCESS Beet The IP address and port number of the external Syslog Syslog server Traffic History Server N A means that it is not configured The IP address and port number of the external Syslog Syslog server On demand User log Server N A means that it is not configured Enabled disabled stands for that the system is currently Proxy Server using the proxy server or not Enabled disabled stands for the setting of Friendly Logout hiding displaying an extra confirmation window when users click the logout button Enabled Disabled stands for the connection at WAN is normal or abnormal Warning of Internet Warning of Internet Disconnection l Disconnection and all online users are allowed disallowed to log in the network WAN Failover Show WAN Failover status of WAN1 and WAN2 The IP or IPs that is allowed for ac
57. IP Address of this DHCP block These fields define the IP address range that will be assigned to the Public LAN clients Preferred DNS Server The primary DNS server for the DHOP Alternate DNS Server The substitute DNS server for the DHCP 29 Domain Name Enter the domain name WINS Server IP Enter the IP address of WINS server Lease Time Choose the time to change the DHCP Reserved IP Address List For reserved IP address settings in detail please click the hyperlink of Reserved IP Address f you want to use the Reserved IP Address List function click on the Reserved IP Address List on the management interface Then the setup of the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and some description not compulsory When finished click Apply to complete the setup Reserved IP Address List LAN1 4 item Reserved IP Address MAC Description Total 40 First Prev Hext Last 3 Enable DHCP Relay If you want to enable this function you must specify other DHCP Server IP address See the following figure O Disable DHCP Server DHCP Server O Enable DHCP Server Configuration Enable DHCP Relay DHCP Server IP 30 4 1 6 Private LAN Configuration To access the network through the private LAN port doesn t have to authenticate before logging in In this section you can set the related configuration for the private LAN port and DHCP server Priv
58. Interface Landa gt gase IP 1321681 1 Fool Size E AP Type VWAP OO08 esau Sit 132 168 241 AP Acteti Range EndiP 192 168 21 ID admin Password 1234 Enable Disable Interval Pro minutes Auto Add AP Enable Disable Template TEMPLATE Auto Discovery Status 97 4 3 3 Manual Configuration The AP also can be added manually Input the related data of the AP and select a Template Then click ADD the AP will be added to the managed list Manual Configuration AP Type WAP 0006 AP Name IM Admin Password rar AP IP figzt6821 00 AP MAC tis Remark i CY Template TEMPLATES 4 3 4 Template Settings Template is a model that you can copy it to every AP and not necessary to configure the AP individually There are three templates provided and click Edit to go on configuration Template Settings AP Type WAP 0006 Template Settings TEMPLATE TEMPLATE1 Edi TEMPLATES TEMPLATES Before configure the template you can copy the configuration mode of a AP to the template by selecting a Source AP and you don t have to configure the template from the beginning and can just revise some settings for demand If you don t want to copy please select NONE Input the Template Name and Template Remark and click the hyperlink of Template ID to go on configuration Template Edit Template ID 1 Template Name TEMPLATE Source AP Mone Template Remark Template 98 T
59. List Clients may access these URL without authentication Proxy Server Properties Dynamic DHS A4mMG 2000 supports up to 10 external proxy servers i Proxy Server ty IP Mobility Properties els can redirect traffic to external proxy server into builtin prose Dynamic DNS A4mM6 2000 supports dynamic OMS DOMS feature IP Mobility System supports IP PMP Configuration Q 4 4 1 Network Address Translation There are three parts DMZ Public Accessible Server and Port and IP Redirect need to be set Network Address Translation DMZ Demilitarized Zone Public Accessible Server Pont and IP Redirect e DMZ Demilitarized Zone DMZ allows administrators to define mandatory external to internal IP mapping hence a user on WAN side network can access the private machine via the external IP similar to DMZ usage in firewall product There are 40 sets of static Internal IP Address and External IP Address available If a host needs a static IP address to access the network through WAN port set a static IP for the host First choose whether to enable Internal IP Address by checking the box and inputting an Internal IP Address under Automatic WAN IP Assignment Then input Internal IP Address and corresponding External IP Address under Static Assignments and choose an External Interface from the drop down menu These settings will become effective immediately after clicking the Apply button 102 Autom
60. Media Access Control Every wireless 802 11 device has its own specific MAC address hard coded into it This unique identifier can be used to provide security for wireless networks When a network uses a MAC table only the 154 802 11 radios that have had their MAC addresses added to that network s MAC table will be able to get onto the network Mbps Megabits Per Second One million bits per second a unit of measurement for data transmission NAT Network Address Translation A network capability that enables a houseful of computers to dynamically share a single incoming IP address from a dial up cable or xDSL connection NAT takes the single incoming IP address and creates new IP address for each client computer on the network Network A series of computers or devices connected for the purpose of data sharing storage and or transmission between users Node A network junction or connection point typically a computer or work station Packet A unit of data sent over a network Passphrase Used much like a password a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for the company products POP Post Office Protocol Short for Post Office Protocol a protocol used to retrieve e mail from a mail server Most e mail applications sometimes called an e mail client use the POP protocol although some can use the newer IMAP Internet Message Access Protocol There are
61. N 60 4 3 AP MANAGC MENT sciatica cunt acre we ta ciated sara cals a 85 4 3 1 AAA A ceciloetot edge aa ta cadets ace gage ca eg eo ose ee 85 4 3 2 AE DISCOV CTY dd aaa 95 4 3 3 IVAN COVA QE AION ears was sas a aia 98 4 3 4 Template Selling S 2 a a a eectiartesteaaadens 98 4 3 5 Fiimware Management inori be tinted eal ate oa 100 4 3 6 PATS DOF AOC sd escasas 101 4 4 NETWORK CONFIGURATION tal e e Ee a T a a a e O 102 4 4 1 Network Address TranSlatiOn ccccccccsssseeecccsaeeeeccssauseecessaueneessaauseecessaaaesecessaueneeeessauanseesssauesesessas 102 4 4 2 Privilege eonan o PE 105 4 4 3 MONO IR LIS E A E A A 106 4 4 4 Waled Graden LIS encara a a a a a a Jee ood dct sacked sede 108 4 4 5 PROXY Server POS a E 109 4 4 6 Dl A A 110 4 4 7 A il a 110 4 5 o ce sabe tynrat a ecaartareat E E a ont uaueeteaete esamsoneaes 111 4 5 1 Change PASS WON nn 111 4 5 2 BACKUD AICSIONE SEUS 2 18 oni tal aed ake oe ea da eae ee ee 113 4 5 3 Fiw S UNOS A E E E A A ADS 114 4 5 4 FAO GIA coe pee Deve li o o iio 114 4 6 SIMS oa 115 4 6 1 SA A Sa ae eh eh ated OL el eee 115 4 6 2 IMernace SAIS oes inc wet te savas ii tected ence ee 117 4 6 3 GOO SONS ti A A ina 119 4 6 4 MAUI O id pa aero ne mere 119 4 6 5 NOUV CONN OUIAUONN raserna Sade ac ods tales Sauer Maeda tole aor end Ae aes 121 4 7 A RO 124 5 APPENDIXA CONSOLEINTERFACE oiiniatniiaa online seed eek 125 6 APPENDIX B NETWORK CONFIGURATION ON PC ooncnnccccccccc
62. NS Configuration IF Address e Choose Gateway label and enter the gateway The first gateway in the Installed Gateway list will be the default The address order in the list will be the order in which these address of AMG 2000 in the New gateway and machines are used then click Add and OK New gateway Installed gateways TCP IP Properties kd Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IF Address e Choose DNS Configuration label If the DNS Server column is blank please click Enable DNS Host Domain ONS Server Search Order and then enter the DNS address es provided by your network administrator Then click Add and click OK Domain Suffis Search Order Add 0 xi File Edit View Favorites Tools Help de Back gt E A Search Ly Folders 4History eg E Xx Edy Address E Control Panel y o Go E Date Time Display Folder Options Fonts a p a nd Sa Control Panel E zy S Game Internet Keyboard Mouse Controllers Options Phone and Power Options Printers Modem Network and Dial up Connections Connects to other computers networks and the Internet Windows Update Windows 2000 Support 133 gt Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia E amp System Usersand YMware Tools x Connects to other compute
63. P address of the next router to the destination 4 2 4 Additional Configuration Additional Configuration Idle Titre i0 minutes Range 1 1440 User Control Multiple Login C On demand and RADIUS authentication do NOT support multiple login Friendly Logout M session Timeout ET Range 5 1440 Roaming Out Time Idle Timeout ho Range 1 120 Interim Update Range 1 120 Upload File Certificate Login Fage LogoutPage Login Success Fage Login Success Fage for On Demand Logout Success Page volume Enable Disable Credit Reminder Time Enable Disable POPS Message Edit Mail Message Enhance User Authentication Permit MAC Address List e User Control Functions under this section applies for all general users Idle Timer If a user has been idled with no network activities the system will automatically kick out the user The logout timer can be set in the range of 1 1440 minutes and the default logout time is 10 minutes Multiple Login When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication method Friendly Logout When a user logs into the network a small window will appear to show the user s information and there is a logout button for the logout If enabled When the users try to close the small window there will be a new popup window to confirm the logout in case the users click the logout button by accident
64. Page customization and login notification email to client When MAC Access Control is enabled system will only provide login page to those devices listed SO 4 2 1 Authentication Configuration This function is to configure the settings for authentication server and on demand user authentication The system provides 3 servers and one on demand server that the administrator can apply with different policy Click on the server name to set the related configurations for that particular server After completing and clicking Apply to save the settings you can go back to the previous page to choose a server to be the default server and enable or disable any server on the list Users can log into the default server without the postfix to allow faster login process Authentication Server Configuration server Mame Auth Method Postfix Policy Default Enabled Server 1 LOCAL Postfix Policy 1 e C Server 2 LOCAL Postix Policy 1 O C Server 3 LOCAL Postfixs Policy 1 O F On demand User ONDEMANC ondemand Policy 1 e Server 1 3 There are 5 kinds of authentication methods Local User POP3 RADIUS LDAP and NT Domain to setup from 34 Authentication Server Server 1 server Name Cr O D ilts server names server Status Enabled Postfix Post F Its postfix name j Black List Mone Authentication Method Local User Local User Setting Policy Policy 1 Server Name Set a name for the server using numbers 0 to 9 alph
65. Rule Item 1 Rule Name Enable this Rule Action Black Protocol ALL gt Source MAC Address For Specific MAC Address Filter Start End Port Part SOUrte ALL Y 255 255 255 255 132 Y Destination ALL 255 255 255 255 az Y Interface IF Subnet Mask Rule Item This is the rule that you have selected Rule Name The rule name can be changed here The rule name can be set to easily identify for example from file server HTTP request or to web etc Enable this Rule After checking this function the rule will be enabled Action There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing Protocol There are three protocols to select TCP UDP and ICMP or choose ALL to use all three protocols Source MAC Address The MAC address of the source IP address This is for specific MAC address filter Source Destination Interface There are four interfaces to choose All WAN1 WAN2 LAN1 4 and 53 Private LAN Source Destination IP Enter the source and destination IP addresses Source Destination Subnet Mask Enter the source and destination subnet masks Source Destination Start End Port Enter the range of source and destination ports Specific Route Profile Click the hyperlink of Setting for Specific Route Profile the Specific Route Profile list will appear Profile Name Policy Route 1 Specific Default Route Enable
66. S Server server P Authentication Port Accounting Port Ir secret Key Accounting Service Enabled Disabled Authentication Protocol CHAP 802 1X Authentication Enable this function and the hyperlink of Radius Client List will appear Click the 46 hyperlink to get into the Radius Client Configuration list for further configuration In the Radius Client Configuration table the clients which are using 802 1X as the authentication method shall be put into this table AMG 2000 will forward the authentication request from these clients to the configured Radius Servers Radius Client Configuration No Type IP Address segment Secret sor Shy me segs loo lia lis al a ee Trans Full Name When enabled the ID and postfix will be sent to the RADIUS server for authentication When being disabled only the ID will be sent to RADIUS server for authentication NASID Enter a line of characters for example meeting room for identifying AMG 2000 itself to the RADIUS server Please use numbers 0 to 9 alohabets a to z or Ato Z dash underline _ and dot and all other letters are not allowed Server IP Enter the IP address domain name of the RADIUS server Authentication Port Enter the authentication port of the RADIUS server and the default value is 1812 Accounting Port Enter the accounting port of the RADIUS server and the default value is 1813 Secret Key Enter the key for encryption and decryp
67. The default value is 100 milliseconds The entered time means how often the beacon signal transmission between the access point and the wireless network e Preamble Type The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters You can select either Short Preamble or Long Preamble e APP Inter Access Point Protocol is designed for the enforcement of unique association throughout a ESS Extended Service Set and for secure exchange of station s security context between current access point AP and new AP during handoff period Security There are four kinds of security tyoe WEP WPA WPA2 andWPA2 MIXED for selection e Disable Choose this type there is no any encryption used but 802 1x Authentication and Authentication Type For Authentication Type you can choose Open System Shared Key or Both according to the settings of the AP and Client Check 802 1x Authentication to enable this function and enter the related data if necessary Security Type Disable 802 1x Authentication WEP Authentication Type Both Open System shared Ker Security ar Both security Type Disable 7 8021x Authentication WEP Authentication Type Both Radius Serer IP Boa 1x Port 1812 Secret Security e WEP WEP uses an encryption key that automatically encrypts outgoing wireless data On the receiving side the same encryption key enables the comp
68. _ _QR s General IP address you have to ask the network You can get IP settings assigned automatically if your network supports administrator for the information of the AMG 2000 eer oa il en IP address Subnet Mask New gateway and re Te ea a DNS server address Per e Please choose Use the following IP Subnet mask Default gateway address and enter the information given from the network administrator in IP address 2 i the o oa a cG 55 7 E Prefered ONS server Subnet mask and the DNS address es Alternate DNS server and then click OK 136 7 Appendix C Windows Server 2000 2003 AD AD environment mode can be supported by AMG 2000 For example the domain 2k3lab idv tw is controlled by Window 2000 2003 sever and please make sure you have enabled the Active directory Service on the Windows Server When the AMG 2000 is set up Windows Server should be also ready by the MIS in your company Then you can add new user and group under the OU Right click on the OU to add a new user OU gt New gt User Enter the user name in the necessary fields First name and User logon name and click Next Active Directory Users and Computers S e tien yew window Hep olf Hn FF he taeraenr Belie Directory Users are Computer Sabie LE objects a SS Saeed Gori 5 dir Computers E E Domain Controller lt j Cle Action yew Window Help alaj O
69. abets a to z or Ato Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Sever Status The status shows that the server is enabled or disabled Postfix Set a postfix that is easy to distinguish e g Local for the server using numbers 0 to 9 alphabets a to z or Ato Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Black List There are 5 sets of black lists You can select one of them or choose None Please refer to 4 2 2 Black List Configuration for more information Authentication Method There are 5 authentication methods Local POP3 Radius LDAP and NTDomain to configure from Select the desired method and then click the link besides the pull down menu for more advanced configuration For more details please refer to 4 2 1 Authentication Configuration Notice Enabling two or more servers of the same authentication method is not allowed Policy There are 8 policies to choose from to apply to this particular server 35 On demand User This is for the customer s need in a store environment When the customers need to use wireless Internet in the store they have to get a printed receipt with username and password from the store to log in the system for wireless access There are 2000 On demand User accounts available On demand User Server Configuration Server Status Enabled Postfix e g odemand Max 40
70. add delete or edit the black list for user access control Each black list can include 40 users at most If a user in the black list wants to log into the system the user s access will be denied The administrator can use the pull down menu to select the desired black list Black List Configuration Select Black List 1 Blacklistt Name Blacklist Liser Remark Delete aaa E Total First Prev Next Last Add User to List e Select Black List There are 5 lists to select from for the desired black list e Name Set the black list name and it will show on the pull down menu above e Add User to List Click the hyperlink to add users to the selected black list Add Users to Blacklist Blacklist1 No Username Remark 2 Po 3 4 Po 5 Po 6 po Po 7 Po 5 Lo 9 Poo 10 IS After entering the usernames in the Username blanks and the related information in the Remark blank not required click Apply to add the users 90 User 1234 has been added EN Add Users to Blacklist Add Users to Blacklist Blacklist1 litem Username Remark If the administrator wants to remove a user from the black list just select the user s Delete check box and then click the Delete button to remove that user from the black list Black List Configuration Select Black List 1 Blacklisti Hame Blacklist User Remark 12345 e Total First Prev Next Last
71. another are secure With PPTP users can dial in to their corporate network via the Internet Plug and Play A computer system feature that provides automatic configuration of add ons and peripheral devices such as wireless PC Cards printers scanners and multimedia devices Proxy server Used in larger companies and organizations to improve network operations and security a proxy server is able to prevent direct communication between two or more networks The proxy server forwards allowable data requests to remote servers and or responds to data requests directly from stored remote server data RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs When you dial in to the ISP you must enter your username and password This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system Though not an official standard the RADIUS specification is maintained by a working group of the IETF Range Most Wi Fi systems will provide a range of a hundred feet or more Depending on the environment and the type of antenna used Wi Fi signals can have a range of up to mile RJ 45 Standard connectors used in Ethernet networks Even though they look very similar to standard RJ 11 telephone connectors RJ 45 connectors can have up to eight wires whereas telephone connectors have only four Roa
72. are to the local or delete it Preloaded Firmware AP Type Version WAP 0006 1 22 Firmware Upload Firmware List File Name i Download Version Size Checksum Delete 100 File Download 4 3 6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware and then click Apply to upgrade firmware Last Upgrading Time i AP Hame Current Version AAF6 129 Upgrade Version Upgrade 8514 130 101 4 4 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List System Het Configuration J Management Configur Network Configuration Mo Address Tranciationa gt J Network Configuration Pelege List Network Address AmG 2000 provides 3 types of network address translation Static Translation Assignments Public Accessible Server and IP Port Redirect Monitor IP List Privilege List System provides Privilege IP Address List ano Privilege MAC F i Address List System wil MOT authenticate those listed devices pe aa System can monitor up to 40 network devices online status with an rides Monitor IP List option to add them as public access servers via HTTP or HTTPS Even Under MAT mode after added the devices as public access servers the devices can be accessed by clicking the hypertext Walled Garden List Upto 20 hosts URL could be defined in Walled Garden
73. as USB radios and PCI ISA bus Wi Fi radios Client devices usually communicate with hub devices like access points and gateways CTS Clear To Send A signal sent by a device to indicate that it is ready to receive data Database A collection of data that is organized so that its contents can easily be accessed managed and updated DDNS Dynamic Domain Name System The capability of having a website FTP or e mail server with a dynamic IP address using a fixed domain name Default Gateway A device that forwards Internet traffic from your local area network DHCP A utility that enables a server to dynamically assign IP addresses from a predefined list and limit their time of use so that they can be reassigned Without DHCP an IT Manager would have to manually enter in all the IP addresses of all the computers on the network When DHCP is used whenever a computer logs onto the network it automatically gets an IP address assigned to it DHCP Servers Dynamic Host Configuration Protocol Servers PCs and other network devices using dynamic IP addressing are assigned a new IP address by a DHCP server The PC or network device obtaining an IP address is called the DHCP client DHCP frees you from having to assign IP addresses manually every time a new user is added to your network A DHCP server can either be a designated PC on the network or another network device such as the Router By default the Router s DHCP server function i
74. ate LAN Configuration Operation Mode MAT Private LAN IPF Address 192 168 2254 Subnet Wask 255 255 255 0 SO Disable DHCP Server eruver Configuration C Enable DHCP Server O Enable DHCP Relay e Private LAN Private LAN Configuration Operation Mode MAT Private LAN IF Address 192 168 2264 Subnet Mask 255 255 255 0 Operation Mode Choose one of the two modes NAT mode and Router mode by the requirements IP Address Enter the desired IP address for the private port Subnet Mask Enter the desired subnet mask for the private port e DHCP Server Configuration There are three methods to set the DHCP server Disable DHCP Server Enable DHCP Server and Enable DHCP Relay 1 Disable DHCP Server Disable DHCP Server function Disable DHCP Server DHCP Servel Configuration C Enable DHCP Server Enable DHCP Relay 2 Enable DHCP Server Choose Enable DHCP Sever function and set the appropriate configuration for the DHCP server The fields with red asterisk are required Please fill in these fields 31 Disable DHCP Server Enable DHCP Server DHCP scope Start IP Address 192 168 2 1 End IP Address 197 168 2 100 Preferred ONS Server 168 955 1 1 DHCP Server Configuration Alternate DNS Sever 2202020200000000 Domain Mame Levelt com WINS Server IP Po Lease Time 1 Day y Reserved IP Address List Enable DHCP Relay DHCP Scope Enter the Start IP Address and
75. atic WAN IP Assignment Enable Internal IP Address External IP Address External Interface O 10 2 3174 WANA Static Assignments tem internal IP Address External IP Address External Interface Co IE O m gt Oo in TE 3 Oo JG TE s O l WANT w O mme r o ias m gt o E DT ABBA EE Public Accessible Server This function allows the administrator to set 40 virtual servers at most so that the computers not belonging to the managed network can access the servers in the managed network via WAN port IP of AMG 2000 Please enter the External Service Port Local Server IP Address and Local Server Port According to the different services provided the network service can use the TCP protocol or the UDP protocol In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply bution 103 Public Accessible Server tem ens See E Local Server Port Type Enable lA CETER a E EE ESO e O TOP A E e A ETE oe A a e a oe E MA E A E e EA ETE n e o O a e Total40 First Prey Next Last Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and
76. ation has to be provided for each kind of authentication method 14 Step 4 Cont Set WAN Port s Static IP Address Click Next to continue IP Address Subnet Mask 4 Default Gateway A Glas Glas Step 4 Cont Set PPPoE Client s Information Choose it to set the PPPoE Client s Username and Password For most DSL users Username r Password z mm E E Step 5 Set Authentication Methods Select a default User Authentication Method Click Next to continue ts postfix name Policy Policy A v LocalUser LDAP C POP3 C NT Domain C RADIUS oo gt Local User Add User A new user can be added to the local user data Step 5 Cont Add User base To add a user here enter the Username Click ADD button to add Local User Click Next to continue e g test Password e g test MAC optional O S to specify the valid MAC address of this user and Password 7 assign it a policy or use the default Click the Mac as BOOED ADD button to add the user You can add multiple Policy None y users in this page PAR Attention The policy selected in this step is applied to this user only Per user policy setting takes over the group policy setting at precious step unless you select None here Click Next to continue gt POPS User POP3 Enter IP Domain Name and server port of the Step 5 Cont POP3 POP3 server provided by you
77. broadcast in your network When configuring the network you may want to enable this function but make sure to disable it when you finished With this enabled someone could easily obtain the SSID information with the site survey software and get unauthorized access to your network With this disabled to increase network security and prevent the SSID from being seen on networked e Channel Select the appropriate channel from the list to correspond with your network settings for 88 example 1 to 11 channels are suitable for the North America area e Transmission Mode There are 3 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps and Mix mode b and 9 e Transmission Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of your wireless network You can select from a range of transmission speed or you can keep the default setting Auto to make the Access Point automatically use the fastest rate possible e CTS Protection The default value is Disable When select Enable a protection mechanism will decrease collision probability when many 802 11g APs exist simultaneously However performance of your 802 11g APs may decrease e Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet e Beacon Interval ms Enter a value between 20 and 1000 msec
78. cally discover AP on the selected LAMESI Template Settings 3 ds AP Discovery Administrators who are familiar with the new AP can set it up Manual Configuration manually by filling in the necessary information There are three templates from the drop down box that can be chosen AP Upgrade Administrators can edit template settings here These templates Template Settings are saved and can be used in Manual Configuration and AP Discovery sections This page lets administrators manage firmwares and shows each firmware s functions Administrators can upload new firmwares and have a choice of deleting or downloading already Uploaded firmwares Firmware Management shows names and versions of the original firmwares and the time they were Upgraded Administrators can choose a firmware version from the drop down box to upgrade APs Several AP upgrades can be processed simultaneously by checking the Upgrade boxes So AP Upgrade 4 3 1 AP List All of the AP under the management of AMG 2000 will be shown in the list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status AP List IP E AP Type AP Name Status MAC 10 171 1 129 Anine E WAP OO06 NEWDEY 00002 E PR a a TENE OOF 26 7 C Aa Fe Enabled 10 171 1 130 clima WAF 0006 MNEWDEY 00003 a MA 00 06 22 E 7C0 B5 14 Enabled Reboot Enable Disable Delete Apply Template Total
79. ce also known as trunking The aggregated ports appear as a single IP address to your computer and applications This means no application changes are required The advantages of aggregation are that the virtual interface provides increased bandwidth by merging the bandwidth of the individual ports The TCP connection load is then balanced across the ports In addition to load balancing 802 3ad provides automatic fail over in the event any port or cable fails All traffic that was being routed over the failed port is automatically re routed to use one of the remaining ports This fail over is completely transparent to the application software using the connection Access Point A device that allows wireless equipped computers and other devices to communicate with a wired network It is also used to expand the range of a wireless network Bandwidth The amount of transmission capacity that is available on a network at any point in time Available bandwidth depends on several variables such as the rate of data transmission speed between networked devices network overhead number of users and the type of device used to connect PCs to a network It is similar to a pipeline in that capacity is determined by size the wider the pipe the more water can flow through it the more bandwidth a network provides the more data can flow through it Standard 802 11b provides a bandwidth of 11 Mbps 802 11a and 802 11g provide a bandwidth of 54 Mbps Baud Rate
80. ces users in a walled garden 159 Schools are increasingly using the walled garden approach in creating browsing environments in their networks Students have access to only limited Web sites and teachers need a password in order to leave the walled garden and browse the Internet in its entirety The term walled garden also commonly refers to the content that wireless devices such as mobile phones have access to if the content provided by the wireless carrier is limited WAN Wide Area Network A communication system of connecting PCs and other computing devices across a large local regional national or international geographic area Also used to distinguish between phone based data networks and Wi Fi Phone networks are considered WANs and Wi Fi networks are considered Wireless Local Area Networks WLANs WEP Wired Equivalent Privacy Basic wireless security provided by Wi Fi In some instances WEP may be all a home or small business user needs to protect wireless data WEP is available in 40 bit also called 64 bit or in 108 bit also called 128 bit encryption modes As 108 bit encryption provides a longer algorithm that takes longer to decode it can provide better security than basic 40 bit 64 bit encryption Wi Fi Wireless Fidelity An interoperability certification for wireless local area network LAN products based on the Institute of Electrical and Electronics Engineers IEEE 802 11 standards WLAN Wireless Local Area
81. cess page by uploading Click the Browse button to select the file for the logout success page upload Then click Submit to complete the upload process Logout Success Page Selectionfor Users Default Page Template Page Uploaded Page C External Page Upload Logout Success Page File Name Browse Submit Existing Image Files Total Capacity 512 K Now Used 0K Upload Image Files Upload Images Browse Submit Preview After the upload process is completed the new logout success page can be previewed by clicking Preview 82 button at the bottom Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the logout success page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0 K Upload Image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732cn gif TO d Choose the External Page selection and you can get the logout success page from the specific website Enter the website address in the External Page Setting field and then click Apply After ap
82. cessing the Remote Management IP management interface Management i Enabled disabled stands for the current status of the SNMP management function l The maximum number of days for the system to retain the History Retained Days l l users information 116 The up to three email addresses that the traffic history Email To monitor IP report on demand user log or AP status will be sent to NTP Server The network time server that the system is set to align Time DateTime Te system time is shown as the local time The number of minutes allowed for the users to be Idle Timer Inactive Enabled disabled stands for the current setting to Multiple Login l l l allow disallow multiple logins form the same account Preferred DNS Server IP address of the preferred DNS Server Alternate DNS Server IP address of the alternate DNS Server 4 6 2 Interface Status This section provides an overview of the interface for the administrator including WAN1 WAN2 LAN1 LAN4 Port and Private Port Interface Status MAC Address 00 90 08 07 60 93 WANT IP Address 10 2 3 90 Subnet Mask 255 255 255 0 Mode MAT MAC Address 00 90 08 07 60 91 LAN1 4 IP Address 192168 1 254 Subnet Mask 295 295 295 0 Status Enabled WINS IP Address MIA SEE Kandi Start IP Address 192 168 1 1 End IP Address 192 168 1 100 117 Lease Time 1440 Minis Mode MAT MAC Address 00 90 08 07 60 92 Private LAN IP Address 192 168 2254 Subnet Mask 265 255
83. char ReceintHeader2 Receipt Footer Thank vou e g Thank You l 6 none O usp O Lor O EUR Monetary Unit O Lamp other desired monetary unit e g AL Policy Name Policy1 weelessKey OOO O Billing Notice Interval 10mins 15mins 20mins Users List Billing Configuration Create On demand User Billing Report Server Status The status shows that the server is enabled or disabled Postfix Set a postfix that is easy to distinguish e g Local for the server using numbers 0 to 9 alphabets a to z or Ato Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Receipt Header There are two fields Receipt Header 1 and Receipt Header 2 for the receipt s header Enter your own receipt header message or use the default Receipt Footer Enter your own receipt footer message here or use the default Monetary Unit Select or enter the desired monetary unit for your region Policy Name Select a policy for the on demand user WLAN ESSID Enter the ESSID of the AP Wireless Key Enter the wireless key of the AP Remark Enter any additional information that will appear at the bottom of the receipt Billing Notice Interval While a volume type on demand user is still logged in the system will update the billing notice of the login successful page by the time interval defined here 36 Users List Click to enter the On demand Users List screen In the On demand Users List de
84. ctory default setting Power WAN1 2 Private LAN1 4 Light on the power is switched on Light blinking data packets are being Light off no power connected transmitted or received Light on linked established Ethernet connection present Light off no existing Ethernet port connections to AMG 2000 Rear Panel LAN1 4 Reset DC 5V Connects to LAN1 4 port to access Presses this button The power adapter the netowrk with authentication to restart the system attaches here Ti LAN4 LANS LANZ LANI Private wee WANI ifa Console Private WAN1 2 Configures the system Connects to the private port Connects to the Intranet via HyperTerminal to access the web management or Internet by Switch _ interface without authentication 3 1 4 Installation Steps Please follow the following steps to install AMG 2000 Consola LAN LAN3 LANZ LANI Private WANZ WANI 1 Connect the DC power adapter to the power connector socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN1 Port on the rear panel Connect the other end of the Ethernet cable to ADSL modem cable modem or a switch hub of the internal network The LED of WAN1 Port should be on to indicate a proper connection 3 Connect an Ethernet cable to Private Port on the rear panel Connect the other end of the Ethernet cable to a clients PC The LED of Private Port should be on to i
85. d transactional information based on your activities on the Internet service provided by us Microsoft Internet Explorer agree 10 disagree Hert L i d Choose the External Page selection and you can get the login page from the specific website Enter the website address in the External Page Setting field and then click Apply Login Page S lection for Users Default Page C Template Page Uploaded Page External Page External Page Setting External URL Preview 74 After applying the setting the new login page can be previewed by clicking Preview button at the bottom of this page User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In 2 amp User Name Password Please not that lt form action us erlogin shtml method post name E nter gt lt input type text name myus ername lt input type password name mypassword lt input type submit name submit value Enter lt input type reset names clear value Clear gt lt form gt is needed in your HTML code to make sure the page works correctly 3 Logout Page The users can apply their own logout page here The process is similar to that of Logout Page Upload Logout Page File Name Browse submit Use Default Page Existing Image Files Total Capacity 612 K Now Used 0k Upload Image Files Upload Images Browse
86. demand AP SEES Report History User Log Status casper wu yahoo com tw C M E m felix gmail com e I E A C w El E interval E Hour E Hour Hour PLA Send Test Email Send send Send send Send From lcasper wug yahoo cam tw SMIP smtp mail_yahoo com tw Auth Method Mone Traffic History ip 10 23 NTL Mw Port 514 On demand User Log IF 10 2 3 203 Fort 514 Syslog Configuration Enter the IPs and Ports of the Syslog server to receive system events including Traffic History and On demand User Log Syslog Configuration Traffic History IP hoz23 210 Port 514 On demand User Log IP 10 2 3 203 Por 514 123 4 7 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of the items to get the information Online Help System PSR A WAN Configuration LAN1 amp LAN Configuration LANJ amp LANA Configuration Wir Bless Contiyur ation Local User Setting POP3 Configuration RADIUS Configuration LDAP TC anfinuration 124 5 Appendix A Console Interface Via this port to enter the console interface for the administrator to handle the problems and situations occurred during operation 1 To connect the console port of AMG 2000 you needa gt 21x console modem cable and a terminal simulation Port Settings program such as the Hyper Terminal 2 If you use Hyper Terminal please set the parameters as 960
87. e Page Uploaded Page CO External Page Upload Login Success Page for on demand File Name Browse submit Existing Image Files Total Capacity 512 K Now Used 0K Upload Image Files Upload Images Browse sulbrrit Prerje After the upload process is completed the new login success page for on demand can be previewed by clicking Preview button at the bottom Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login success page for on demand click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0 K Upload Image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732en gif CO 80 d Choose the External Page selection and you can get the login success page for on demand e from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new login success page for on demand can be previewed by clicking Preview button at the bottom of this page Login Success Page Selectio
88. e WAN1 Port Static IP Address Dynamic IP Address PPPoE and PPTP Client 23 WANT Configuration f Static IP Address IF Address 110 2 3 1 q SUBNET Mask 255 255 255 0 Default Gateway lr 0 2 3 254 WANT Port Preferred ONS Server 168 945 1 1 Alternate DNS Server O Dinamic IP Address PPPoE Client PPTP Client e Static IP Address Manually specifying the IP address of the WAN1 port The red asterisk marks indicate required fields and have to be filled IP address the IP address of the WAN1 port Subnet Mask the subnet mask of the network WAN1 port connects to Default Gateway a gateway of the network WAN1 port connects to Preferred DNS Server The primary DNS server is used by the system Alternate DNS Server The substitute DNS server is used by the system This is an optional field e Dynamic IP address It is only applicable for the network environment where a DHCP server is available Click the Renew buiton to get an IP address WANT Configuration C Static IP Address G i Renew WANI Port Dynamic IF Address PPPoE Client C PPTP Client PPPoE Client When selecting PPPoE to connect to the network please set the User Name Password MTU and CLAMPMSS There is a Dial on demand function under PPPoE If this function is enabled you can set a Maximum Idle Time When the idle time is reached the system will automatically disconnect itself 24 WAN1 Configuration O
89. ection at a time Hardware The physical aspect of computers telecommunications and other information technology devices Hotspot A place where you can access Wi Fi service This can be for free or for a fee HotSpots can be inside a coffee shop airport lounge train station convention center hotel or any other public meeting area Corporations and campuses are also implementing Hot Spots to provide wireless Internet access to their visitors and guests In some parts of the world Hot Spots are known as Cool Spots HTTP HyperText Transport Protocol The communications protocol used to connect to servers on the World Wide Web IEEE Institute of Electrical and Electronics Engineers New York www ieee org A membership organization that includes engineers scientists and students in electronics and allied fields It has more than 300 000 members and is involved with setting standards for computers and communications Internet appliance A computer that is intended primarily for Internet access is simple to set up and usually does not support installation of third party software These computers generally offer customized web browsing touch screen navigation e mail services entertainment and personal information management applications An Internet appliance can be Wi Fi enabled or it can be connected via a cable to the local network Infrastructure Currently installed computing and networking equipment Infrastructure Mode
90. ed remote control of managed APs avoids the need to individually configure each device Automatic discovery of APs to identify and enroll managed APs to the device list Remote status monitoring of managed APs and associated client stations ensures efficient network resource utilization Provides system alarms and statistics reports on managed APs 2 2 System Concept AMG 2000 is responsible for user authentication authorization and management The user account information is stored in the local database or a specified external databases server The user authentication is processed via the SSL encrypted web interface This interface is compatible to most desktop devices and palm computers The following figure is an example of AMG 2000 set to control a part of the company s intranet The whole managed network includes the cable network users and the wireless network users Internet POP3 S LDAP Se Internal DA E Network J uta a Jomain Router AMG 2000 Switch P Managed uE Access Points Managed Access Points 2 3 Specification 2 1 1 Hardware Specification e General Form Factor Mini desktop Dimensions W x D x H 235 mm x 161 9 mm x 37 6 mm Weight 1Kg Operating Temperature 0 40 C Storage Temperature 20 70 C Power 100 240 VAC 50 60 Hz Ethernet Interfaces 7 x Fast Ethernet 10 100 Mbps e Connectors amp Display WAN Ports 2 x 10BASE T 100BASE TX RJ 45 Private Port 1 x 10BASE T 1
91. ement other government officials or other third parties without a subpoena court order or substantially similar legal procedure except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity Your password is the key to your account Do not disclose your password to anyone Your information is stored on our servers We treat data as an asset that must be protected and use lots of tools encryption passwords physical security etc to protect your personal information against unauthorized access and disclosure However as you probably know third parties may unlawfully intercept or access transmissions or private communications and other users may abuse or misuse your personal information that they collect from the site Therefore although we work very hard to protect your privacy we do not promise and you should not expect that your personal information or private communications will always remain private By agreeing above hereby authorize xxxxx to process my service charge s by way of my credit card lt textarea gt lt td gt lt tr gt lt table gt lt td gt lt tr gt lt tr gt lt td height 40 gt lt table width 170 height 20 border 0 align center cellpadding 2 gt lt tr gt lt td align left gt lt input name selection value 1 type radio gt lt td gt lt td gt lt span class
92. emplate Edit Template ID 1 Template Name TEMPLATE Source AP None bone Template Remark HNEWDE 000071 i After entering the interface you can revise the configuration for demand and change administrator s password About other function settings please refer to 4 3 1 AP List General subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 Wireless SSID fapmgt SSID Broadcast Enable y Channel 11 Transmission Mode Mixed Transmission Rate sa El Default Auto Range from 1to 54 Mbps CTS Protection Disable Default Disable Fragment Threshold 2346 Default 2346 Range from 266 to 23465 RTS threshold 12347 Default 2347 Range fram O ta 2s Beacon Interval ms o0 Default 100 Range tom 20 to 1024 meec Properties i Long Default Leng IAPP Enable Default Enabled Security Type Disable T 802 1 Authentication WEP Authentication Type Both Preamble Type Security 99 Access Control Status Disabled MAC Address List 00 00 00 00 00 00 2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 14 00 00 00 00 00 00 15 00 00 00 00 00 00 16 00 00 00 00 00 00 17 00 00 00 00 00 00 18 00 00 00 00 00 00 19 00 00 00 00 00 00 20 00 00 00 00 00 00 4 3 5 Firmware Management In this function you can upload the AP s firmware and also can download the present firmw
93. erent from the normal user s login successfully screen There is an extra line showing Remaining usage and a Redeem button e Remaining usage Show the remaining time or data volume that the on demand user can used to surf Internet e Redeem When the remaining time or data size is insufficient the user can buy additional account from the counter and add the quota to the current account After clicking the Redeem button you will see the following screen Please enter the new username and password you got and click Enter button Then you will User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In es E g User Name k43K ondemand Password Hello k43ki bondemand Please close this window or click this button to Thank you Remaining Usage Hour hlin SEC Login time 2006 10 12 14 10 44 JE Redeem Welcome To Redeem Page Please Enter Your User Name and Password To Sign In a Username O Password Ee EE R HEH T PEPE E E E SEES see the total available use time and data size after adding credit 19 4 Web Interface Configuration This chapter will guide you through further detailed settings The following table is the Ul and functions of the AMG 2000 System OPTION Configuration Configuration Wizard System Information WAN1 Configuration FUNCTION WAN2 amp Failover LAN1 4 Conf
94. erent terms such as Network Name Preferred Network SSID or Wireless LAN Service Area Ethernet International standard networking technology for wired implementations Basic 10BaseT networks offer a bandwidth of about 10 Mbps Fast Ethernet 100 Mbps and Gigabit Ethernet 1000 Mbps are becoming popular Firewall A system that secures a network and prevents access by unauthorized users Firewalls can be software hardware or a combination of both Firewalls can prevent unrestricted access into a network as well as restrict data from flowing out of a network Firmware 1 In network devices the program that runs the device 2 Program loaded into read only memory ROM or programmable read only memory PROM that cannot be altered by end users Fragmentation Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet FTP File Transfer Protocol A standard protocol for sending files between computers over a TCP IP network and the Internet Full Duplex The ability of a networking device to receive and transmit data simultaneously Gateway In the wireless world a gateway is an access point with additional software capabilities such as providing NAT and DHCP Gateways may also provide VPN support roaming firewalls various levels of security etc 152 Half Duplex Data transmission that can occur in two directions over a single line but only one dir
95. ers Default Page C Template Page Uploaded Page External Page Default Page Setting This ts default login success page for on demand users You could click preview link to preview the default login success page Thanks Preview b Choose Template Page to make a customized login success page for on demand here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first Login Success Page Selection for on demand Users CO Default Page f Template Page CO Uploaded Page External Page Template Page Setting Color for Tithe Background Select RIGA values in hex mode Color for Tithe Text Select RGB values in hex mode Color for Page Background Select RGB values in hex mode Color for Page Text select RGB values in hex mode Title Login Succeed Page for on demand Welcome Welcome Information Please clickthisbuttonto Logout logout tt lt s s C C Information Thankyou ss lt sSSCSCisS Remaining Usage RemainingUsage ss s S Day Day Hour Hor Min Mlin Sec SEC Login Time Login Time Redeem Redeem Previeyy c Choose Uploaded Page and you can get the login success page for on demand by uploading Click the 79 Browse button to select the file for the login success page for on demand upload Then click Submit to complete the upload process Login Success Page Selection for on demand Users Default Page Templat
96. ess Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a baseline strategy Please follow the wizard step by step to configure AMG 2000 Run Wizard 21 4 1 2 System Information Most of the major system information about AMG 2000 can be set here Please refer to the following description for each field System Hame Dewce Name Home Page Access History IP Remote Manage IP 5 HMP User Logon SSL Time system Information AP Management Gateway ee PODA for this device 6 Enabled Disabled http M level corm z e g http iiinn eweli com LO eenen Eo es 192 168 3 1 or 182 168 2 0 24 O Enabled Disabled Enabled Disabled Device Time 20061 ON 214021035 Timezone GMT 08 00 T aipei e NTP Enable NTP Server 4 e g tock usna navy mil MTP Server de MTP Server ae MTF Server de MTP Server E O Set Device Date and Time e System Name Set the system s name or use the default Device Name FQDN Fully Qualified Domain Name This is the domain name of the AMG 2000 as seen on client machines connected on LAN ports A user on client machine can use this name to access AMG 2000 instead of its IP address Home Page Enter the website of a Web Server to be the homepage When users log in successfully they will be directed to the homepage set Usually the homepage is set t
97. etwork without authentication in this list AMG 2000 allows 100 privilege MAC addresses at most List can be created manually enter the MAC address the format is xx xx Xx xx Xx xx as well as the remark not necessary These settings will become effective immediately after clicking Apply Priilege MAC Address List tem MAC Address Remark 1 a fC 2 7 AA Warning Permitting specific MAC addresses to have network access rights without going through standard authentication process at the LAN1 LAN4 port may cause security problems 4 4 3 Monitor IP List AMG 2000 will send out a packet periodically to monitor the connection status of the IP addresses on the list If the monitored IP address does not respond the system will send an e mail to notify the administrator that such destination is not reachable Enter an IP Address then click Apply and these settings will become effective immediately Click Monitor to check the current status of all the monitored IP The system provides 40 IP addresses at most on the Monitor IP List 106 item Protocol IP Address Link Item Protocol IP Address Link 1 http y foara ama 2 mie e poania Ada EZ Add 4 mp Ama a rtp asalto mt A 11 fate Ado 12 mt sj Au 18 rtp l i6 rtp Ad 17 mt Ado 18 hte sj Au 19 ote Add 20 hte A a 11 n Eee ou on k Fotal40 ri irst Click Monitor to monitor
98. function provides some free services to the users to access before login and authentication Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Please enter the website IP Address or Domain Name in the list and these settings will become effective immediately after clicking Apply Walled Garden List tem Addres item Addres 2 rc a 3 rr 4 4 Se 5 7 6 7 o 7 g A Caution To use the domain name the AMG 2000 has to connect to DNS server first or this function will not work 108 4 4 5 Proxy Server Properties AMG 2000 supports Internal Proxy Server and External Proxy Server functions External Proxy Server tem 1 2 Server IP Built in Proxy Servet Port Internal Proxy Server Enable Disable External Proxy Server Under the AMG 2000 security management the system will match the External Proxy Server list to the end users proxy setting If there isn t a matching then the end users will not be able to reach the login page and thus unable to access the network If there is a matching then the end users will be directed to the system first for authentication After a successful authentication the end users will be redirected back to the desired proxy servers depending on various situations Internal Proxy Server AMG 2000 has a built in proxy server If th
99. given Domain Name points to only one machine DoS Attack A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic Many DoS attacks such as the Ping of Death and Teardrop attacks exploit limitations in the TCP IP protocols For all known DoS attacks there are software fixes that system administrators can install to limit the damage caused by the attacks But like viruses new DoS attacks are constantly being dreamed up by hackers Download To receive a file transmitted over a network DTIM Delivery Traffic Indication Message A message included in data packets that can increase wireless efficiency Dynamic IP Address A temporary IP address assigned by a DHCP server Encryption Encoding data to prevent it from being read by unauthorized people 151 Encryption key An alphanumeric letters and or numbers series that enables data to be encrypted and then decrypted so it can be safely shared among members of a network WEP uses an encryption key that automatically encrypts outgoing wireless data On the receiving side the same encryption key enables the computer to automatically decrypt the information so it can be read ESSID The identifying name of an 802 11 wireless network When you specify your correct ESSID in your client setup you ensure that you connect to your wireless network rather than another network in range See SSID The ESSID can be called by diff
100. gram Protocol A network protocol for transmitting data that does not require acknowledgement from the recipient of the data that is sent Upgrade To replace existing software or firmware with a newer version Upload To transmit a file over a network URL Uniform Resource Locator The address of a file located on the Internet VoIP Voice transmission using Internet Protocol to create digital packets distributed over the Internet VoIP can be less expensive than voice transmission using standard analog packets over POTS Plain Old Telephone Service VPN Virtual Private Network A type of technology designed to increase the security of information transferred over the Internet VPN can work with either wired or wireless networks as well as with dial up connections over POTS VPN creates a private encrypted tunnel from the end user s computer through the local wireless network through the Internet all the way to the corporate servers and database Walled Garden On the Internet a walled garden refers to a browsing environment that controls the information and Web sites the user is able to access This is a popular method used by ISPs in order to keep the user navigating only specific areas of the Web whether for the purpose of shielding users from information such as restricting children s access to pornography or directing users to paid content that the ISP supports America Online is a good example of an ISP that pla
101. guments for i 0 i lt a length i if a i indexOf 0 d MM_p j new Image d MM_p j src ali function MM_findObj n d v4 01 var p i x if d d document if p n indexOf gt 0 amp amp parent frames length bstring 0 p d parent frames J Al if x d Nn amp amp d all x d all n for i 0 x amp amp i lt d forms length i x d formsfi n 1 substring p 1 document n n st for i O x amp amp d layers amp amp i lt d layers length i x MM_findObj n d layers i document if lx amp amp d getElementByld x d getElementByld n return x function MM_swaplmage v3 0 s document MM_ sr if x MM_findObj a i null document MM_sr j x if x oSrc x oSrc x src new Array for i 0 i lt a length 2 i 3 x src ali 2 66 function init form id getCookie username if id 84 id null form myusername value id disclaimer style display login style display none function Before_Submit form if form myusername value alert Please enter username form myusername focus form myusername select disableButton false return false if form mypassword value alert Please enter password form mypassword focus form mypassword select disableButton false return false if disableButton true alert The system is now logging you in please wait a moment
102. h one single account Session idle timer Session account expiration control Friendly notification email to provide a hyperlink to login portal page Windows domain transparent login BP Oe OE ge 280 iy Configurable login time frame AP Management Supports up to 12 manageable IEEE 802 11 compliant APs Centralized remote management via HIT TP SNMP interface Automatic discovery of managed APs and list of managed APs Allows administrators to add and delete APs from the device list Allows administrators to enable or disable managed APs Provides MAC Access Control List of client stations for each managed AP Locally maintained configuration profiles of managed APs Single UI for upgrading and restoring managed APs firmware System status monitoring of managed APs and associated client stations Automatic recovery of APs in case of system failure System alarms and status reports on managed APs Monitoring and Reporting Status monitoring of on line users IP based monitoring of network devices WAN connection failure alert Syslog support for diagnosing and troubleshooting User traffic history logging Accounting and Billing Support for RADIUS accounting RADIUS VSA Vendor Specific Attributes Built in billing profiles for on demand accounts Enables session expiration control for on demand accounts by time hour and data volume MB Provides billing report on screen for on demand accounts Detailed per user traffic history based on
103. iguration Private LAN Configuration User Authentication Authentication Configuration Black List Configuration Policy Configuration Additional Configuration AP Management AP List AP Discovery Manual Configuration Template Settings Firmware Management AP Upgrade Dynamic DNS Network Configuration Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties Change Password Backup Restore Settings Firmware Upgrade System Status Interface Status Current Users Traffic History Notification Configuration Caution After finishing the configuration of the settings please click Apply and pay attention to see if a restart message appears on the screen If such message appears system must be restarted to allow the settings to take effect All on line users will be disconnected during restart 20 4 1 System Configuration This section includes the following functions Configuration Wizard System Information WAN1 Configuration WAN2 amp Failover LAN1 4 Configuration and Private LAN Configuration nl A Pl A AAA AE system Configuration Configuration Wizard EEr Op r System Configuration Configuration Wizard This wizard will guide you through basic system setup Configure system and network related parameters system name administrator information SNMP and time zone Clients
104. ing this option will restart AMG 2000 127 6 Appendix B Network Configuration on PC After AMG 2000 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup If the Internet Connection of this client PC has been configured as use local area network already you can skip this setup 18 x Windows 9x 2000 File Edit view Favorites Tools Help de Back m a A Search Ly Folders History ax A Ea 1 Choose Start gt Control Panel gt Internet Options sessa cowmare de Accessibility Add Remove Add Remove Administrative Date Time Control Panel Options Hardware Programs Tools Internet Options wy Es A Configures your Internet display h and connections settings Display Folder Options Windows Update Windows 2000 Support a RAS Keyboard Mouse Network and Phone and Power Options Options g Y SS pl Dial up Co Modem a a 4 Regional Scannersand Scheduled Sounds and Options Cameras Tasks Multimedia System Usersand YMware Tools Paceminr de hd Configures your Internet display and connections settings a My Computer Internet Properties _ x General Security Content Connections Programs Advanced Setup 9 Use the Internet Connection Wizard to connect your computer to khe Internet Dial up settings Add Remove Settings 7 Dial whenever a network
105. ion abnormal When users open the browser the login page won t appear because the proxy server is down Please make sure your proxy server is always available E Client settin g o CAWINDO WS teystem32iemd exe Microsoft Windows XP CR 5 1 2600 l C Copyright 1985 2601 Microsoft Corp It is necessary for clients to add default gateway IP address into hc Documents and Settings duke hung gt ipconf ig proxy exception information By Windows IP Configuration the way user login successful Ethernet adapter El mA page will appear normally Connection pecific DHS Suffix sohovare con 1 Use command ipconfig IP Address s u lt lt s 192 168 1 72 to get Default Gateway IP kiese O a T Address Ethernet adapter HERE Media State Media disconnected Proxy Settings 2 Open browser to add default gateway IP address e g Servers 192 168 1 254 and logout page IP address 1 1 1 1 E ae O E HTTP 10 2 3 203 Secure 3 203 on mo pem Socks Use the same proxy server Por all protocols into proxy exception information Exceptions i Do not use proxy server For addresses beginning with PA H Use semicolons to separate entries For fi refox Connection Settings Configure Provdes to Access the Internet 0 Direct
106. is function is enabled the end users will be forced to treat AMG 2000 as the proxy server regardless of the end users original proxy settings Note To see more details about setting up proxy servers please read Appendix 8 and Appendix 9 109 4 4 6 Dynamic DNS AMG 2000 provides a convenient DNS function to translate a domain name to the IP address of WAN port that helps the administrator memorize and connect to WAN port If the DHCP is activated at WAN port this function will also update the newest IP address regularly to the DNS server These settings will become effective immediately after clicking Apply Dynamic DNS DONS CO Enable Disable DynDNS org Dynamic Host name OT Username E mail qj Password Key oo Provider e DDNS Enabling or disabling of this function e Provider Select the DNS provider e Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider 4 4 7 1P Mobility AMG 2000 supports IP PNP function IP Mobility IP PHP TD Enable At the user end you can use any IP address to connect to the system Regardless of what the IP address at the user end is you can still authenticate through AMG 2000 and access the network 110 4 5 Utilities This section provides four utilities to customize and maintain the system including Change Password pacrup esto
107. k Places ES My Documents Local Area Connection Properties EJEA 3 Select General label and choose Internet Protocol General ameer TEE TCP IP and then click Properties Now you can Connect using BS AMO PENET Family PCI Ethernet Adapter choose to use DHCP or specific IP address please Thi connection uses the following items E Client for Microsoft Hetvwark s File and Printer Sharing for Microsoft Wetwrorks ml 05 Packet Gober le Internet Protocol T CPYIF pa Install Uninstall C Properties Description proceed to the following steps Transmission Control Protocol Internet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Internet Protocol TCP IP Properties EJES General Alternate Configuration You can get F settings assigned automatically if your network supports 3 1 Using DHCP If want to use DHCP please choose SST a Ty et Sue tee TE Obtain an IP address automatically and click OK This is also the default setting of Windows Then i reboot the PC to make sure an IP address is obtained from AMG 2000 HAefauyk galena Obtain ONS server address automatically O Use the following DNS server addresses 135 Preferred ONS server SS E Alternate DNS server EEES 3 2 Using Specific IP Address If want to use specific Aita pq
108. le for an outsider to collect passwords SSH is available for Windows Unix Macintosh and OS 2 and it also works with RSA authentication SSL Secure Sockets Layer Commonly used encryption scheme used by many online retail and banking sites to protect the financial integrity of transactions When an SSL session begins the server sends its public key to the browser The browser then sends a randomly generated secret key back to the server in order to have a secret key exchange for that session Static IP Address A fixed address assigned to a computer or device that is connected to a network Subnet Mask An address code that determines the size of the network Subnetwork or Subnet Found in larger networks these smaller networks are used to simplify addressing between numerous computers Subnets connect to the central network through a router hub or gateway Each individual wireless LAN will probably use the same subnet for all the local computers it talks to Switch A type of hub that efficiently controls the way multiple devices use the same network so that each can operate at optimal performance A switch acts as a networks traffic cop rather than transmitting all the packets it receives to all ports as a hub does a switch transmits packets to only the receiving port TCP A protocol used along with the Internet Protocol IP to send data in the form of individual units called packets between computers over the Internet
109. lick Submit to complete the upload process Note The format of each line ts ID Password MAC Policy Remark without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts inthe embedded database that are also defined inthe data file will not be replaced by the new ones Upload User Account File Name password policy MAC remark Submit cadon cadon 00 00 00 00 00 00 1 the admin test test 2 testing account The uploading file should be a text file and the format of each line is ID Password MAC Policy Remark without the quotes There password remark must be no spaces between the fields and commas The MAC field could be omitted but the trailing comma must be retained The Group field indicates policy number to use When adding user accounts by uploading a file the existing accounts in the embedded database will not be replaced by new ones Download User Click this to enter the Users List page and the system will directly show a list of all created user accounts Click Download to create a txt file and then save it on disk Policy Username Password MAC Remark 0 Anderson A123 O Mary 44001 Download 42 Refresh Click this to renew the user list Ea Policy Username Password MAC Del All Remark Mone Anderson A123 Delete Mone War
110. m M M M m m m 01 00 01 59 m m m M M m e 02 00 02 59 M M M M M M e 05 00 03 59 M m M M M M e 04 00 04 59 M M M M M m e 05 00 05 59 m m M M M m m 06 00 06 59 m m M M M m e 07 00 07 59 e m m M M m e 05 00 08 59 M M M M M M e 09 00 09 59 e e M M M M e 10 00 10 59 e M M M M M e 11 00 11 59 m m M m M m lw 12 00 12 59 m m M m M m e PS 00413254 m m m M M m m 14 00 14 59 M M M M M M e 15 00 1 5 59 M M M M M M e 16 00 16 59 M M M M M M e 175 00 17 59 M m M M M M m 18 00 18 59 M m M M m m m 19 00 1 9 59 m m M M M m m 20 00 20 59 e M M M M M e 21 00 21 59 e m M M M M e 2200 2259 e e M M M m e 23 00 23 59 m M M m M m M gt Total Bandwidth Choose one bandwidth limit for that particular policy 55 Select Policy Policy 1 y Firewall Profile Specific Route Profile Schedule Profile Total Bandwidth Indradual Maximum Bandwidth Indraidual Request Bandwidth Individual Maximum Bandwidth J 211512 Kbps Policy Configuration Setting Setting Setting Uniirnited 16 Kbps a2 Kbps B4 Kbps 126 Kbps 256 Kbps 1 Mbps 2 Mbps 3 Mbps 5Mbps do Choose a bandwidth for the maximum bandwidth of an individual user Select Policy Policy 1 Firewall Profile specific Route Profile schedule Profile Total Bandwitth Policy Configuration Setting Setting setting Unlimited Individual Maximum Bandwidth Unlimited midiidual Request Bandwidth Clear
111. mailyahoo comtw Auth Method None Send To Syslog Configuration Traffic History IP 023 219 Port 514 On demand User Log IP 10 2 3 203 Fort 514 Send To You can set up to 3 e mail addresses to receive the notification These are the receivers e mail addresses There are four kinds of notification to selection Monitor IP Report Traffic History On demand User Log and AP Status check which notification you want to receive Interval The time interval to send the e mail report Send Test Email To test the settings immediately Send From The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail SMTP The IP address of the sender s SMTP server Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method you select you have to enter the Account Name Password and Domain NTLMv1 is not currently available for general use Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express uses Login as default although they can be set to use NTLMv1 Pegasus uses CRAM MD5 or Login but you are not able to configure which method to use 122 E mail Notification Configuration oe Monitor IP Traffic On
112. ming Moving seamlessly from one AP coverage area to another with no loss in connectivity Router 156 A device that forwards data packets from one local area network LAN or wide area network WAN to another Based on routing tables and routing protocols routers can read the network address in each transmitted frame and make a decision on how to send it via the most efficient route based on traffic load line costs speed bad connections etc RTS Request To Send A packet sent when a computer has data to transmit The computer will wait for a CTS Clear To Send message before sending data Server Any computer whose function in a network is to provide user access to files printing communications and other services SMTP Simple Mail Transfer Protocol The standard e mail protocol on the Internet SNMP Simple Network Management Protocol A set of protocols for managing complex networks The first versions of SNMP were developed in the early 80s SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters Software Instructions for the computer A series of instructions that performs a particular task is called a program SOHO Small Office Home Office A term generally used to describe an office or business with ten or fewer co
113. mins 199 hours T volume Mbyte days Enabled me i days Disabled nn Asus y mins hours Pm Volume Mbyte days nable gt Disabled hours days sli Time hours mins Yolume Wyte days Enabled 4 days Disabled a ale i mins hours E oa 7 Ji p gt Status Select to enable or disable this billing rule 37 gt Type Set the billing rule by Volume the maximum volume allowed is 9999999 Mbyte or Time the maximum time allowed is 999 hours and 59 minutes Expired Info This is the duration of time that the user needs to activate the account after the generation of the account If the account is not activated during this duration the account will self expire Valid Duration This is the duration of time that the user can use the account after the activation of the account After this duration the account will self expires Price The price charged for this billing plan Create On demand User Click this to enter the Create On demand User page Create On demand User Plan Type Price Status Function 1 2 hrs O mins 20 Enabled 2 Bhrs mins 80 Enabled 3 4 h rs 0mins 200 Enabled 4 9999999 Mbyte 9999999 Enabled 5 MA PILA Disabled E PLA PLA Disabled Pressing the Create button for the desired plan an On demand user will be created then click Printout to print a receipt which will contain this on demand user s information
114. mputers and or employees SSID Service Set Identifier A 32 character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the BSS Also called ESSID The SSID differentiates one WLAN from another so all access points and all devices attempting to connect to a specific WLAN must use the same SSID A device will not be permitted to join the BSS unless it can provide the unique SSID Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network An SSID is also referred to as a Network Name because essentially it is a name that identifies a wireless network SSH Developed by SSH Communications Security Ltd Secure Shell is a program to log into another computer over a network to execute commands in a remote machine and to move files from one machine to another It provides 157 strong authentication and secure communications over insecure channels lt is a replacement for rlogin rsh rcp and rdist SSH protects a network from attacks such as IP spoofing IP source routing and DNS spoofing An attacker who has managed to take over a network can only force ssh to disconnect He or she cannot play back the traffic or hijack the connection when encryption is enabled When using ssh s login instead of rlogin the entire login session including transmission of password is encrypted therefore it is almost impossib
115. n and the APs match the given settings will show in the list below If the IP address you set is used there will be a warning message showing up please change the IP range on Base IP or Pool Size and then click Discover again For the desired AP input the desired Name and password if changed for AP admin select one template check it and then click Add to add it under the managed list About the template please see 4 3 4 Template Settings AP Discovery LANI 4 TO Base p 19216811 Pool Size 12 interface Private LAN M Base IP 932 168 2 1 Pool Size F 4 AP Type W8P D0006 IP Address Start IF 192 168 2 1 Range 9246821 AP Access Engl 192 168 2 1 Discover IO ladmin Password 11234 Auto Discovery Status Disabled Configure 95 Unavailable iP range The following IP addresses have been used Please change the 1P range on Base IP or Pool Size interface IP Address MAC Address Private LAN 192 168 2 1 00 11 68 30 85 563 AP List MAC Address Name IP Address Password Template Add Total 0 First Prey Next Last When the matched AP is discovered it will show up in the list below and be given a new IP address as you set ex 192 168 2 2 Check the Add box to add the AP and it will be listed to the AP list AP Discovery LANI 4 Base ip 192 168 1 1 Pool size 12 interface Private LAN M Base IP fi 92 168 2 2 Pool Size fi 2 AP Type WAP 0006 IP Address Start IP 192 168 2 1 Range EPR AP Access End IP 192 168 2
116. n for on demand Users Default Page Template Page Uploaded Page 6 External Page External Page Setting External URL http Preje Logout Success Page The administrator can use the default logout success page or get the customized logout success page by setting the template page uploading the page or downloading from the specific website After finishing the setting you can click Preview to see the logout success page a Choose Default Page to use the default logout success page Logout Success Page Selection for Users Default Page Template Page CO Uploaded Page CO External Page Default Page Setting This is default logout success page for users You could click preview link to preview the default logout success page Thanks Preview 81 b Choose Template Page to make a customized logout success page here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first Logout Success Page Selection Tor Users Default Page Template Page CO Uploaded Page CO External Page Template Page Setting Color for Tithe Background Select RGB values in hex mode Color for Title Text Select RGB values in hex mode Color for Page Background Select RGB values in hex mode Color for Page Text Select RGB values in hex mode Title Logout Succeed Page Information Logout successfully Preview c Choose Uploaded Page and you can get the logout suc
117. ndicate a proper connection Note No authentication is required for the users to access the network via Private Port and the administrator can enter the web management interface to perform configurations via Private Port 4 Connect an Ethernet cable to one of the LAN1 LAN4 Port on the rear panel Connect the other end of the Ethernet cable to an AP or switch The LED of the LAN Port should be on to indicate a proper connection Note Authentication is required for the users to access the network via these LAN Ports Attention Usually a straight through cable could be applied when the AMG 2000 connects to an Access Point which supports automatic crossover If after the AP hardware resets the AMG 2000 could not be able to connect to the AP while connecting with a straight through cable the user have to pull out and plug in the straight through cable again This scenario does NOT occur while using a crossover cable After the hardware of AMG 2000 is installed completely the system is ready to be configured in the following sections 3 2 Software Configuration 3 2 1 Quick Configuration There are two ways to configure the system using Configuration Wizard or change the setting by demands manually The Configuration Wizard provides a simple and easy way to guide you through the setup of AMG 2000 for the AP configuration you have to set it up in administrator interface You just need to follow the procedures and instructions gi
118. ne to disable this function there are 2 connection types for the WAN2 port Static IP Address and Dynamic IP Address And you can enter up to three URLs and check Warning of Internet Disconnection to work with the WAN Failover function When Warning of Internet Disconnection is enabled the system will check the three URLs to detect the WAN ports connection status e None The WAN2 Port is disabled You can still enter up to three URLs and check Warning of Internet Disconnection to detect the WAN1 port connection status WAN 4 Failover Mone WAN2 Port Static IP Address Dinamic IP Address Probe Target URLA http URLZ hips URLS hts Warning of Internet Disconnection When Internet Connection is down the system will display the warning Messages as Sorry The service is temporarily unavailable Failover e Static IP Address Specify the IP Address Subnet Mask Preferred DNS Server and Default Gateway of WAN2 Port which should be applicable for the network environment You can enter up to three URLs and check Warning of Internet Disconnection to work with the WAN Failover function 26 WAN amp Failover D Mone Static IP Address IP Address dt subnet Mask dt Default Gateway fe Preferred ONS Server fs Alternate DNS Server fs Dynamic IP Address Probe Target URLA http o O EI Failover URLS http O WAN Failover d Warning of Internet Disconnection WAN2 Port
119. nguage JavaScript gt document write copyright lt script gt lt font gt lt td gt lt tr gt lt table gt lt div gt lt body gt lt html gt 12 If the page is successfully loaded an upload success page will show up Successtul You just uploaded page default_login_with_disclaimer html Preview Preview can be clicked to see the uploaded page Be may collect and store the following personal Lal information lj e mail address physical contact information credit card numbers and transactional information ased on Your activities on the Internet service provided by us If the information you provide cannot be erified ve may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your address or to answer additional questions to help verify your information o agree i disagree If user checks I agree and clicks Next then he she is prompted to fill in the login name and password User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In 4 User Name Password 73 If user checks I disagree and clicks Next a window will pop up to tell user that he she cannot log in Ve may collect and store the following personal liinformat ion e mail address physical contact information credit card numbers an
120. nnnnnnnnnnnnnnnnnonnnnnnnnnnnnnnnnnnnnnnnnrnnnrrrrrrrnnnnnnnnnnns 128 7 APPENDIX C WINDOWS SERVER 2000 2003 AD ssssssssssssssssssssnssssssssssssssssssssssssssssssssssesseees 137 8 APPENDIX D PROXY SETTING FOR HOTSPOT cccsssssssssssssssssssssssssssssssssssssssssssssesssssssssseeeees 141 9 APPENDIX E PROXY SETTING FOR ENTERPRISEG cccsssssssssssssssssssssssssssssssessssesssssssssseeeees 144 10 APPENDIX EB GLOSSAR Veco 148 1 Before You Start 1 1 Preface This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions of this manual in order to use the AMG 2000 for a better management of network system and user data 1 2 Document Convention For any caution or warning that requires special attention of readers a highlight box with the eye catching italic font is used as below Warning For security purposes you should immediately change the Administrator s password O Indicates that clicking this button will return to the homepage of this section Q Indicates that clicking this button will return to the previous page I Indicates that clicking this button will apply all of your settings f Indicates that clicking this button will clear what you set before these settings are applied 2 System Overview 2 1 Introduction AMG 2000 is a network access controller dedicatedly
121. o the company s website such as hitp www leve1 com If the home page function is disabled the user will be directed to the URL she he tries to connect originally e Access History IP Specify an IP address of the administrator s computer or a billing system to get billing history information of AMG 2000 with the predefined URLs as the following Traffic History https 10 2 3 213 status history 2005 02 17 N 2 3 https 10 2 3 213 status history 2005 02 1 Microsoft Internet Explorer File Edt View Favorites Tools Help a G Back dl la pl Search Favorites Media E 7 a la fDate TYPE Name IP MAC Packets In Bytes In Packets Out Bytes Out 0 2005 02 17 18 09 03 0800 LOGIN 222 8w 15300 tw 192 168 30 1859 00 00 F1 28 BF DS 0 0 0 0 On demand History https 10 2 3 213 status ondemand_history 2005 02 17 e https 110 2 3 213 status ondemard_ history 2005 02 17 Microsoft Internet Explorer File Edt view Favorites Tools Help r Qd O iz of Search lt gt Favorites Meda gt a er Address e https 10 2 3 213 statusfondemand_history 2005 02 17 x EJ co Links gt Date Sy tem Name Type Name IP MAC Packets In Bytes In Packets Ont Bytes OutExpiret ime Valid 2005 02 17 16 44 19 0800 GA WI300 Casper 213 Create_OD_User NTE 0 0 0 0 00 00 00 00 00 00 0 0 0 0 2005 02 17 16 44 57 0800 Qa Wi300 Casper 213 OD User Login N7E9 192 168 30 189 00 0c F1 28 BF p8 0 0 o 2005 02 17 16 45 22 0800 Q
122. ontinue Home Page hitp global leveli com n e g http fglobal levell com NTP Server ftock usno navy mil r e g tock usno navy mil DNS Server 168 935 1 1 x Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Choose itto set static IP address Choose itto obtain an IP address automatically For most cable modem users Choose itto setthe PPPoE Client s C PPPoE Client Username and Password For most DSL users Bae GZ gt Dynamic IP Address If this option is selected AMG 2000 will obtain IP settings from external DHCP server on network connected by WAN1 automatically Click Next to continue gt Static IP Address Set WAN Port s Static IP Address Enter the IP Address Subnet Mask and Default Gateway provided by your ISP or network administrator Click Next to continue gt PPPoE Client Set PPPoE Client s Information Enter the Username and Password provided by your ISP Click Next to continue Step 5 Set Authentication Methods Set the user s information in advance Enter an easily identified name as the postfix name in the Postfix field e g Local select a policy to assign to you can configure the policy routes firewall rules and login schedule for each policy later for now just use the default and choose an authentication method Click Next to continue Different inform
123. ose Template Page to make a customized login page here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first Login Page Selection for Users CO Default Page Template Page C Uploaded Page CO External Page Template Page Setting Color for Title Background Select RGB values in hex mode Color for Title Text Select FGB values in hex mode Color for Page Background Select RGB values in hex mode Color for Page Text Select RGB values in hex mode Title ict O Welcome Welcome To User Login Page Information Please Enter Your Name and Password to Sign In Username Usemame sss Password Passwords Submit Submit SSCis Clear AA Remaining Remaining Copyright Copyrigt tt s S Preview 62 c Choose Uploaded Page and you can get the login page by uploading Click the Browse button to select the file for the login page upload Then click Submit to complete the upload process Login Page Selection for Users Default Page Template Page Uploaded Page C External Page Uploaded Page Setting File Name Browse Submit Existing Image Files Total Capacity 512 K Now Used 0K Upload Image Files Upload Images Browse Submit Prerje After the upload process is completed the new login page can be previewed by clicking Preview button at the bottom User Login Page Welcome To User Login Page Please Enter Your Use
124. out authentication AMG 2000 supports up to 10 external proxy servers Proxy Server T IP Mobility Properties lil can redirect traffic to external proxy server into builtin proxy Dynamic DNS AMG 2000 supports dynamic ONS DOMS feature IP Mobility System supports IP PMP Configuration 3 Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will External Proxy Server tem Server IP Port appear 10 Internal Proxy Server Built in Proxy Server O Enabled Disabled 4 Add your ISP s proxy Server IP and Port into External Proxy Server Setting 142 External Prowy Server 1 10 2 3 203 foo imernal Proxy Server Built in Proxy Server OEnable Disable 5 Enable Built in Proxy Server in Internal Proxy Server Setting External Proxy Server hem Server IP Pont 1 10 2 3 203 6588 aT Built in Proxy Server Enable Disable 6 Click Apply to save the settings 143 9 Appendix E Proxy Setting for Enterprises Enterprises usually isolate their Intranet and Internet by using a complex network architecture Many enterprises have their own proxy servers which are usually at intranet or DMZ under the firewall protection J S i Ss Desktop gt Gateway i i Access Point Access Point y Notebook Notebook 5 Router Firewall ore Switch YT2 Switch G Proxy Server Web Server Mail Server
125. ow of the AP Status Detail there are the related detailed information System Status LAN Status Wireless LAN Status Access Control Status and Associated Client Status AP Name AP Type LAN MAL Wireles LAN MAL Up Time Report Time 7 La SID Number of Associated Clients Remark 92 AP Status Summary MEVWOEY OO002 wWAP 0006 Py JA AA BLA AP Status Detail System Status LAN Status Wireless LAN Status Access Control Status Associated Client Status gt System Status The table shows the information about AP Name AP Status and Last Reporting Time System Information AP Name NEWOE 00002 AP Status Online Last Reporting Time 2006 06 28 10 27 37 gt LAN Status The table shows the information about IP Address Subnet Mask and Gateway LAN Interface IP Address 192 168 2 2 Subnet Mask 20202 Gateway 0 0 0 0 gt Wireless LAN Status The table shows all of the related wireless information Wireless Interface Up Time Oday Ohidinis2s SSID apmgt Beacon Interval ms 100 RTS Threshold zagr Channel 11 Transmission Rate Auto Preamble Type Long Preamble APP Enabled Security WEP gt Access Control Status The table shows the status of MAC of clients under the control of the AP 93 status Status 00 00 00 00 00 0 00 00 00 00 00 0 3 00 00 00 00 00 05 00 00 00 00 00 07 00 00 00 00 00 04 00 00 00 00 00 17 00 00 00 00 00 1 3 00 00 00 00 00 1 5 00 00 00 00 00 1 7
126. plying the setting the new logout success page can be previewed by clicking Preview button at the bottom of this page Logout Success Page Selection for Users CO Default Page Template Page CO Uploaded Page External Page External Page Setting External URL http Previa 83 e Credit Reminder The administrator can enable this function to remind the on demand users before their credit run out There are two kinds of reminder Volume and Time The default reminding trigger level for Volume is 1Mbyte and the level for Time is 5 minutes Volume Enabled Disable fi Mbyte Range 1 10 Default 1 Time Enabled Disable minutes Range 1 30 Default 5 Credit Reminder e POP3 Message If a user tries to retrieve mail from POP3 mail server before login the users will receive a welcome mail from AMG 2000 The administrator can edit the content of this welcome mail Edit Mail Message lt DOCTYPE HTML PUBLIC W3C DTD HTML 4 0 Transitional EN gt lt HTML gt lt HEAD gt lt META HTTP EQUIV Content Type CONTENT text htrml charset us ascii gt lt HEAD gt lt BODY gt lt DIV gt lt DIV gt lt FONT face Times New Roman size 6 gt lt STRONG gt Welcome lt STRONG gt lt FONT gt lt DIV gt lt DIV gt lt FONT sige 4 gt lt STRONG lt STRONG lt FONT gt Text e Enhance User Authentication With this function only the users with their MAC addres
127. point However in some situations the hotspot owners or MIS staff may want to display terms of use or announcement information before the login page Hotspot owners or MIS staff can design a new disclaimer announcement page and save the page in their local server After the agreement shown on the page is read users are asked whether they agree or disagree with the disclaimer By clicking agree users are able to log in If users choose to decline they will get a popup window saying they are unable to log in The basic design is to have the disclaimer and login function in the same page but with the login function hidden until users agree with the disclaimer Here we will supply the codes for this page Please note that the blue part is for the login feature the red part is 64 the disclaimer and the green part can be modified freely by administrators to suit the situation better Now the default is set to I disagree with the disclaimer Administrators can change the purple part to set agree as the default or set no default These codes should be saved in local storage with a name followed by html such as login_with_disclaimer html lt html gt lt head gt lt META HT TP EQUIV Pragma CONTENT no cache gt lt meta http equiv Content Type content text html charset utf 8 gt lt META HT TP EQUIV Cache Control CONTENT no cache gt lt link href include style css rel stylesheet type
128. provides a throughput up to 54 Mbps It also operates in the 2 4 GHz frequency band but uses a different radio technology in order to boost overall bandwidth VLAN Defines changes to Ethernet frames that will enable them to carry VLAN information It allows switches to assign end stations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks Four bytes have been added to the Ethernet frame for this purpose causing the maximum Ethernet frame length to increase from 1518 to 1522 bytes In these 4 bytes 3 bits allow for up to eight priority levels and 12 bits identify one of 4 094 different VLANs 802 3ac will define the specifics of these changes for Ethernet frames 802 1x 802 1x is a security standard for wired and wireless LANs It encapsulates EAP processes into Ethernet packets instead of using the protocol s native PPP Point to Point Protocol environment thus reducing some network overhead It also puts the bulk of the processing burden upon the client called a supplicant in 802 1x parlance and the authentication server such as a RADIUS letting the authenticator middleman simply pass the packets back and forth Because the authenticator does so little its role can be filled by a device with minimal processing power such as an access point on a wireless network 148 802 3ad 802 3ad is an IEEE standard for bonding or aggregating multiple Ethernet ports into one virtual interfa
129. r ISP and then Configure POP3 Server information Click Next to continue choose enable SSL or not Click Next to continue POPS Server Domain Names P Server Port Default 110 Enable SSL E gt RADIUS User RADIUS Enter RADIUS server IP Domain Name Step 5 Cont RADIUS authentication port accounting port and secret Configure RADIUS Server information Click Next to continue key Then choose to enable accounting service or RADIUS Server Domain NameIP not and choose the desired authentication o Authentication Port E Default 1812 method Accounting Port E Default 1813 Click Next to continue Secret Key Accounting Service Disabled Authentication Method FAF 5 15 gt LDAP User LDAP You can configure external LDAP user data base Step 5 Cont LDAP here Enter the LDAP Server Server Port Configure LDAP Server information Click Next to continue Base DN and Account Attribute Click Next to continue a Es il Server Port Po 7 Default 389 Base DN CH de de Account Attribute Default vid ax A gt NT Domain User NT Domain Step 5 Cont NT Domain When NT Domain is selected enter the information for Server IP Address and Configure NT Domain Server information Click Next to continue enable disable Transparent Login used to login AMG 2000 automatically when login to NT Server IP Address i
130. r Name and Password To Sign In E gp User Name Password ET nen 63 The user defined login page must include the following HTML codes to provide the necessary fields for username and password lt form action us erlogin s html method post name E nter gt lt input type text name myus ername lt input type password name mypassword lt input type submit name submit value Enter lt input type reset names clear value Clear gt lt form lf the user defined login page includes an image file the image file path in the HTML code must be the image file you will upload lt img src Images xx pg Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0 K Upload Image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732cn gif TO In AMG 2000 the end user first gets a login page when she he opens its web browser right after associating with an access
131. r Your User Name and Password To Sign In open an Internet browser and the default user login amp i webpage will appear on the Internet browser User Name test Local Type in user information of a valid user account le Password Assumes local user database is chosen in the F configuration wizard key in the username and password created and then click Submit button e g test Local for the username and test for the password 2 Login success page appearing means AMG 2000 has been installed and configured successfully Now you can browse the network or surf the Internet Hello testi Local EN A Please close this window or click this button to Thank you Login time 2006 10 12 12 8 6 3 But if you see the following screen with a sentence Sorry this feature is available for on demand user only it means you click the Remaining button by 8 orry this UTE mistake This button is only for on demand users and if is available for on demand user only you are not an on demand user please just click the Submit button 18 If you are an on demand user you can enter the username and password in the User Login Page and then click the Remaining button to know the remaining time or data quota of the account When an on demand user logs in successfully the following Login Successfully screen will appear and it is a little diff
132. re Settings Firmware Upgrade and Restart Status System User j Jt AP I Hetwork _ Configuration Authentication Management _ Utilities C a Change Password A a BackupRestore Settings Change Password Change the administration password Backup Restore Backup and restore system settings Administrator may also reset Firmware Upgrade Settings system settings to factory default po y Firmware Upgrade Update AMG 2000 firmware 4 Restart Restart Restan the syster Q 4 5 1 Change Password AMG 2000 supports three accounts with different access privileges You can log in as admin manager or operator The default password and access privilege for each account are as follow Admin The administrator can access all configuration pages of the AMG 2000 User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts but has no permission to change the settings of the profiles for Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create and print out the new on demand user accounts User Name operator Password operator The administrator can change the passwords here Please enter the current password and then enter the new password twice to verify Click Apply to activate this new password 111
133. reas where provide Wi Fi service for mobility users HotSpot is usually implemented without complex network architecture and using some proxy server which provide by Internet Service Providers ADSL Cable Modem Access Point ISP Proxy Server Notebook In Hotspots mobility users usually enable their proxy setting of the browsers such as IE Firefox or the others so we need to set some proxy configuration in the Gateway Please follow the steps to complete the proxy configuration 1 Login Gateway by using admin 2 Click the Network Configuration from top menu and the homepage of the Network Configuration will appear 141 Configuration Authentication ELE EU E Network Configuration j Network Address AMG 2000 provides 3 types of network address translation OM e Translation Demilitarized zone Public Accessible Server and IPiPort Redirect Monitor P List Privilege List System provides Privilege IP Address List and Privilege MAC Address List System will MOT authenticate those listed devices P System can monitor up to 40 network devices online status with an option to add them as public access servers via HTTP or HTTPS Ia Even under MAT mode after added the devices as public access Pros Server Properties servers the devices can be accessed by clicking the hypertext Up to 20 hosts URL could be defined in walled Garden List Clients eee may access these URL with
134. rs networks and the Internet My Computer Lo Check the TCP IP Setup of Window 2000 1 2 Click the right button of the mouse on Local Area 4 1 Connection icon and then select Properties Select Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or specific IP address please proceed to the following steps Using DHCP If want to use DHCP please choose Obtain an IP address automatically and click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from AMG 2000 4 2 Using Specific IP Address If you want to use specific IP address you have to ask the network administrator for the information of the AMG 2000 IP address Subnet Mask New gateway and DNS 134 Select Start gt Control Panel gt Network and Dial up Connections EJ Network and Dial up Connections 18 x File Edit View Favorites Tools Advanced Help Back Qsearch LyFolders CHristory AS GF X A Edy Address ay Network and Dial up Connections fad Go d L Make New Network and Dial Connection up Connections Disable Status Local Area Connection A Type LAN Connection Delete R Status Enabled AMD PCNET Family PCI Ethernet Adapter a Displays the properties of the selected connection Local Area Connection Properties rd x General
135. rule will be enabled Action There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing Protocol There are three protocols to select TCP UDP and ICMP or choose ALL to use all three protocols 58 Source MAC Address The MAC address of the source IP address This is for specific MAC address filter Source Destination Interface There are four interfaces to choose ALL WAN1 WAN2 LAN1 4 and Private LAN Source Destination IP Enter the source and destination IP addresses Source Destination Subnet Mask Enter the source and destination subnet masks Source Destination Start End Port Enter the range of source and destination ports Specific Route Profile Click the hyperlink of Setting for Specific Route Profile the Specific Route Profile list will appear Profile Name Global Specific Route Profile Destination Gateway Route ttem IP Address Subnet Netmask IP Address 1 aaa 2 255 255 255 255 32 3 255 255 255 255 32 4 asar aa 5 O EA ESE 265 255 255 266 132 v 7 EA EI 8 ss 255 255 255 265 32 sd 255 255 255 265 32 pe 10 255 265 255 265 32 AI Profile Name The profile name can be changed here Destination IP Address The destination IP address of the host or the network Destination Subnet Netmask Select a destination subnet netmask of the host or the network Gateway IP Address The I
136. rver LAN1 4 DHCP Server Configuration e LAN1 4 LAN1 4 Configuration Operation Mode NAT IF Address 192 168 1 254 Subnet Mask 255 255 255 0 Disable DHCP Server O Enable DHCP Server CO Enable DHCP Relay 28 LAN1 4 Configuration Operation Mode NAT LAN1 4 IF Address 192 168 1 254 Subnet Wask 255 255 255 0 Operation Mode Choose one of the two modes NAT mode and Router mode by the requirements IP Address Enter the desired IP address for the LAN1 LAN4 port Subnet Mask Enter the desired subnet mask for the LAN1 LAN4 port DHCP Server Configuration There are three methods to set the DHCP server Disable DHCP Server Enable DHCP Server and Enable DHCP Relay 1 Disable DHCP Server Disable DHCP Server function Disable DHCP Server Enable DHCP Server Enable DHCP Relay DHCP Server Configuration 2 Enable DHCP Server Choose Enable DHCP Sever function and set the appropriate configuration for the DHCP server The fields with red asterisk are required Please fill in these fields C Disable DHCP Server Enable DHCP Server DHCP Scope Start IP Address 192 168 1 1 End IP Address fi 92 168 1 100 169 95 1 1 Preferred DNS Server DHCP Server Configuration Alternate ONS Server Domain Marne Level com WINS Server F Lease Time E Day Reserved IP Address List CO Enable DHCP Relay DHCP Scope Enter the Start IP Address and the End
137. s enabled If you already have a DHCP server running on your network you must disable one of the two DHCP servers If you 150 run more than one DHCP server on your network you will experience network errors such as conflicting IP addresses Diversity Antenna A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce interference DMZ Demilitarized Zone A computer or small subnetwork that sits between a trusted internal network such as a corporate private LAN and an distrusted external network such as the public Internet Typically the DMZ contains devices accessible to Internet traffic such as Web HTTP servers FTP servers SMTP e mail servers and DNS servers The term comes from military use meaning a buffer area between two enemies DNS A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses A DNS server converts a name like mywebsite com to a series of numbers like 107 22 55 26 Every website has its own specific IP address on the Internet Domain Name The unique name that identifies an Internet site Domain Names always have 2 or more parts separated by dots The part on the left is the most specific and the part on the right is the most general A given machine may have more than one Domain Name but a
138. sed space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login success page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0 K Upload Image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732en gif 7 d Choose the External Page selection and you can get the login success page e from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new login success page can be previewed by clicking Preview button at the bottom of this page Login Success Page Selection for Users Default Page Template Page CO Uploaded Page External Page External Page Setting External URL http Preview Login Success Page for on demand The administrator can use the default login success page for On Demand or get the customized login success page for on demand by setting the template page uploading the page or downloading from the specific website After finishing the setting you can click Preview to see the login success page for On Demand 78 a Choose Default Page to use the default login success page for on demand Login Success Page Selection for on demand Us
139. ses in this list can log into AMG 2000 There will only be 40 users allowed in this MAC address list User authentication is still required for these users Please enter the Permit MAC Address List to fill in these MAC addresses select Enable and then click Apply MAC Address Control Enabled Disabled tem MAC Address tem MAC Address 1 Fo 2 3 4 Caution The format of the MAC address IS XX XX XX XX XX XX OF XX XX XX XX XX XX 84 4 3 AP Management AMG 2000 supports to manage up to 12 access points AP and they can be configured in this section This section includes the following functions AP List AP Discovery Manual Configuration Template Settings Firmware Management and AP Upgrade System NU Wa AP i Network fi Configuration AM Authentication Management Configuration R ee Oo ao BE PL ae P Managemen pi AF List C He a AP Management Utilities Status The list shows the current AP summary including type name IP AP List MAC and online status It also provide the operation for each AP on reboot enable disable delete apply a new template and to do Manual Configuration further examination or detailed configuration AP Discovery This discovery function is to detect the Unmanaged APs within LANs and assign the desired IFs for the future management With the AP access information administrator is able to manually or automati
140. sold for volume users e Authentication Method Local User Setting Choose Local User in the Authentication Method field the hyperlink besides the pull down menu will become Local User Setting 39 Authentication Server Server 1 server Status Enabled Black List Local User Authentication Method Local User Setting Policy TER TD IO Main Clear Click the hyperlink to get in for further configuration Local User Setting Edit Local User List Radius Roaming Out C Enable Disable 902 1x Authentication C Enable Disable Edit Local User List Click this to enter the Local User List screen and click the individual Username to edit that account Ea Policy Username Password MAC Del All Remark Mone Anderson A123 Delete Mone Mary 44001 Delete Total First Previous Mest Last Add User Click Add User to enter the Add User interface Fill in the necessary information such as Username Password MAC optional and Remark optional Then select a desired Policy and click Apply to complete adding the user or users 40 Add User MAC User anderson has been added User Man has been added Add User MAC LIEU eae ae Sa ae See eee ae eae Policy Remark Mone Mone yt Mi 1 ll 114 ALL Mone yt Upload User Click this to enter the Upload User interface Click the Browse button to select the text file for the user account upload Then c
141. style4 gt I agree lt span gt lt td gt lt tr gt lt tr gt lt td align left gt lt input name selection value 2 checked type radio gt lt td gt lt td gt lt span class style4 gt I disagree lt span gt lt td gt lt tr gt lt table gt lt td gt lt tr gt lt tr gt lt td height 30 gt lt table width 110 height 20 border 0 align center cellpadding 2 gt lt tr gt lt td width 45 align center valign middle gt lt input name next_button type button value Next onclick javascript check_agree Enter gt lt td gt lt tr gt 70 lt table gt lt td gt lt tr gt lt tr gt lt td height 20 gt amp nbsp lt td gt lt tr gt lt table gt lt div align center gt lt table name login id login width 497 height 328 border 0 align center cellpadding 2 cellspacing 0 background images userlogin gif gt lt tr gt lt td height 146 colspan 2 gt amp nbsp lt td gt lt tr gt lt tr gt lt td width 43 height 53 gt amp nbsp lt td gt lt td gt lt input type text name myusername size 20 gt lt td gt lt tr gt lt tr gt lt td height 42 gt amp nbsp lt td gt lt td gt lt input type password name mypassword size 20 gt lt td gt lt tr gt lt tr gt lt td colspan 2 gt lt div align center gt lt a onclick javascript if Before_Submit Enter Enter submit onMouseOut MM_swaplmgRestore onMouseOver MM_
142. swaplmage Image3 images submit0 gif 1 gt lt img src images submit gif name Image3 width 124 height 38 border 0 gt lt a gt lt a onclick cancel_ onclick Enter onMouseOut MM_swaplmgRestore onMouseOver MM_swaplmage Image5 images clear0 gif 1 gt lt img src images clear1 gif name Image5 width 124 height 38 border 0 gt lt a gt lt a onclick javascript if Before_Submit Enter reminder_onclick Enter onMouseOut MM_swaplmgRestore onMouseOver MM_swaplmage Image4 images remaining0 gif 1 gt lt img src images remaining gif name Image4 width 124 height 38 border 0 gt lt a gt lt div gt lt td gt lt tr gt lt table gt 71 lt table gt lt tr gt lt td width 100 gt lt font color 808080 size 2 gt lt script language JavaScript gt if creditcardenable Enabled document write lt a href loginpages credit_agree shtml gt Click here to purchase by Credit Card Online lt a gt lt script gt lt font gt lt td gt lt tr gt lt table gt lt div gt lt form gt lt form action reminder shtml method post name Reminder gt lt input type hidden name myusername value gt lt input type hidden name mypassword value gt lt form gt lt br gt lt div align center gt lt table gt lt tr gt lt td width 100 gt lt font color 808080 size 2 gt lt script la
143. system up time Check Service status Set device into safe mode aynchronize clock with NTP server Print the kernel ring buffer Hain menu Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status Trace routing path Trace and inquire the routing path to a specific target Display interface settings It displays the information of each network interface setting including the MAC address IP address and netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed Display system up time The system live time time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If administrator is unable to use Web Management Interface via the browser for the system failed inexplicitly Administrator can choose this utility and set AMG 2000 into safe mode then administrator can management this device with browser again Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring
144. t WPA Mixed If you want to use TKIP and AES encryption type at the same time you can choose this security type Select 802 1x or WPA PSK security type and enter the related information below security Type Security WPA PSK security Type Security 02 1x WIP AZ Mixed WPA PSK PassphraselP5K Passphrase APA Mixed 02 1 Radius Server IP Fort i912 Secret 91 gt Access Control Setting In this function when the status is Enabled only these clients which MAC addresses are listed in the list can be allowed to connect AMG 2000 When Disabled is selected all clients can connect AMG 2000 The default is Disabled Access Control Status Ena ble d Y Disabled Enabled MAC Address List 00 00 00 00 00 00 2 00 00 00 00 00 00 a pooooowo ww0 4 poomooooooo 5 00 00 00 00 00 00 i 00 00 00 00 00 00 7 00 00 00 00 00 00 a 00 00 00 00 00 00 a 00 00 00 00 00 00 19 po w D0 0 00 00 11 00 00 00 00 00 00 12 00 00 00 00 00 00 13 00 00 00 00 00 00 14 00 00 00 00 00 00 15 00 00 00 00 00 00 16 00 00 00 00 00 00 17 00 00 00 00 00 00 18 00 00 00 00 00 00 19 00 00 00 00 00 00 20 00 00 00 00 00 00 Status After clicking the hyperlink of Status you can see the basic information of the AP including AP Name AP Type LAN MAC Wireless LAN MAC Up Time Report Time SSID Number of Associated Clients and Remark In the bel
145. t Users Traffic History and Notification SAAE to dii eens status information and online user status li User ser W AP 3 if Network Wi Configuration _ ri Authentication A K _Management_ z Configuration _ Utiittioa status 4 System Status Interface Status Current Users i Traffic History HAT IS Se i Notification Configuration System Status Interface Status Current Users Traffic History Notification Configuration Status Display current systern settings Display WAN 1 WAN 2 LANT 4 Private LAN configurations and status Display online user information including Username IP MAC packet count byte count and idle time Administrator may also kick out any on line user fram here Display detail Usage information by day A minimum of 3 days of history can be logged in the system volatile memory There are three email accounts available to be set for receiving Monitor IF report Traffic History On demand User Log and AP status change External SYSLOG server can be configured here 80 4 6 1 System Status This section provides an overview of the system for the administrator System Status Current Firmware Version System Name Home Page Syslog server Traffic History Syslog server On demand User log Proxy Server Friendly Logout Warning of Internet Disconnection WAN Failover Remote Management IP Management SNMP 1 01 01 A
146. tailed information will be documented here By default the On demand user database is empty Search On demand Users List Username Password Benen Status Expire Time Delete All Time folume 2005 06 02 DHS3P ER4S43FE 2 hour 2 hour 17 23 39 Delete 2005 06 05 gz Wib2aga 2 hour 2 hour 11 45 96 Delete Total 2 First Previous Next Last gt Search Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search All usernames matching the keyword will be listed Username The login name of the on demand user Password The login password of the on demand user Remain Time Volume The total time Volume that the user can use currently Y Y V WV Status The status of the account Normal indicates that the account is not in use and not overdue Online indicates that the account Is in use and not overdue Expire indicates that the account is overdue and cannot be used gt Expire Time The expiration time of the account gt Delete All This will delete all the users at once gt Delete This will delete the users individually Billing Configuration Click this to enter the Billing Configuration page In the Billing Configuration screen Administrator may configure up to 10 billing plans Billing Configuration Valid Plan Status Type Expired into Diirati n Price weenie Volume 499 Mbyte ogg days 1 EEEE hours EEE days lo Disabled f Time 59
147. tely after clicking the Apply button 48 Primary LDAP Server server F n Hame lF Fort efault 389 Base ON ge dee dee Account Attribute pm uid Secondary LDAP Server server P EAN Por Base ON PO Account Attribute Server IP Enter the IP address or domain name of the LDAP server Port Enter the Port of the LDAP server and the default value is 389 Base DN Enter the distinguished name of the LDAP server Account Attribute Enter the account attribute of the LDAP server Authentication Method NT Domain Choose NTDomain in the Authentication Method field the hyperlink beside the pull down menu will become NT Domain Setting Authentication Server Server 1 Server Name Server ss server name Server Status Enabled Postfix lr its postfix name Black List Mone Authentication Method NTDomain MT Domain Setting Local User Policy Click the hyperlink for further configuration Enter the server IP address and enable disable the transparent login function These settings will become effective immediately after clicking the Apply button Domain Controller Server IF address e Transparent Login f Enable Disable 49 Server IP address Enter the server IP address of the domain controller Transparent Login If the function is enabled when users log into the Windows domain they will log into AMG 2000 automatically 4 2 2 Black List Configuration The administrator can
148. tem WA Us aa i Network Configuration Auth ation Management Configuration oe User Authentication User Authentication Black List Configuration System provides 3 authentication sewers Each server allows only one type of authentication method and one Black List Profile An authentication policy may be assigned to any policy System Policy Configuration supports the following external authentication servers POP3 S a Authentication RADIUS LOAF and NT Domain Configuration system also has embedded user database storing 2500 user accounts for local user group 500 and On demand user group F000 System may print out On demand User accounts information using an external printer By default the On demand user database is empty Additional Configuration system supports 5 Black List profiles for used within the Black List Configuration authentication server On demand users are NOT bounded by the Black List System provides 8 policies each policy can apply independent Policy Configuration firewall profile specific route profile login schedule profile and bandwidth policy Users will be logged out automatically after being idle for a specified period of time Multiple login of the same user account could be enabled or disabled not available to On demand Users Additional Configuration System provides Friendly Logout options Login Page and Logout
149. tem will NOT authenticate those listed devices System can monitor up to 40 network devices online status with an option to add them as public access servers via HTTP or HTTPS Even Under MAT mode after added the devices as public access servers the devices can be accessed by clicking the hypertext Up to 20 hosts URL could be defined in Walled Garden List Clients may access these URL without authentication AMG 2000 supports up to 10 external proxy servers System can redirect traffic to external proxy server into built in proxy Server AMG 2000 supports dynamic OMS DONS feature System supports IF PMP Configuration Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will External Proxy Server appear tem Server IP Port Internal Proxy Server Built in Proxy Server O Enabled Disabled Add your proxy Server IP and Port into External Proxy Server Setting 145 External Prowy Server tem Server IP Port 10 2 3 203 literal Proxy Server Built in Proxy Server O Enable Disable 5 Disable Built in Proxy Server in Internal Proxy Server Setting External Proxy Server item Server IP Port Tels 6506 Internal Proxy Server Built in Proxy Server Enabled Disabled 146 6 Click Apply to save the settings Warning f your proxy server is down it will make the user authentication operat
150. the End IP Address of this DHCP block These fields define the IP address range that will be assigned to the Private LAN clients Preferred DNS Server The primary DNS server for the DHCP Alternate DNS Server The substitute DNS server for the DHCP Domain Name Enter the domain name WINS Server IP Enter the IP address of WINS server Lease Time Choose the time to change the DHCP Reserved IP Address List For reserved IP address settings in detail please click the hyperlink of Reserved IP Address f you want to use the Reserved IP Address List function click on the Reserved IP Address List on the management interface Then the setup of the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and some description not compulsory When finished click Apply to complete the setup 32 Reserved IP Address List Private LAN tem Reserved IP Address MAC Description 1 o GE 10 Jr Jpf __ Total 40 First Prev Next Last Enable DHCP Relay If you want to enable this function you must specify other DHCP Server IP address See the following figure CO Disable DHCP Server o DHCP Server Enable DHCP Server Configuration G Enable DHCP Relay DHCP Serer IP 33 4 2 User Authentication This section includes the following functions Authentication Configuration Black List Configuration Policy Configuration and Additional Configuration Sys
151. the IP addresses listed in the Monitor IP List The Monitor IP result page shown as below will appear In the Result column green light means the IP address is alive and reachable On the other hand red light means the IP address is not reachable now The administrator can understand the some networking devices by Monitor IP result this feature No IP Address Result 1 10 171 1 129 a 2 10 171 1 130 a 3 1 234 On each monitored item with a WEB server running you may add a link for the easy access by selecting a protocol http or https and click the Add button After clicking Add button the IP address will become a hyperlink and then the administrator can easily access the host when the administrator is from WAN interface and the system is running in NAT mode by clicking the hyperlink Click the Del button to remove this link setting 107 Monitor IP List tem Protocol IP Address Link item Protocol IP Address Link 1 6 ee 10171 1 1 25 Del 2 http gt 110 171 1 130 Add El ala EE 3 rtp 123 Add 4 mt Aa s http Add 6 lie Po Add 7 ite gt PET ite saa a http Rad 10 mE poo ada 11 http gt 12 hip F fs E Add 13 Pip gt 14 hip gt dadi Add T E Ez 15 aip 2 16 ig Add hi Add 1 Pip 2 AN elf fee Add Phy pa 4 19 Pip gt Add 20 m z r D a Total40 First Prev 4 4 4 Walled Garden List This
152. the firmware information here General Settings Name INEWDEv 00002 Admin Password F 234 Remark Firmware 1 20 87 gt LAN Interface Setting Click LAN to enter the LAN Settings page Input the data of LAN including IP Address Subnet Mask and Default Gateway of the AP LAN Settings IP Address F 927 168 2 2 Subnet Mask 255 255 255 0 Default bateway 0 0 0 0 gt Wireless Interface Setting Click Wireless LAN to enter the Wireless Interface Setting page The data of Properties and Security need to be filled in SID SSID Broadcast Channel Transmission Mode Transmission Rate CTS Protection Properties Fragment Threshold RTS Threshold Beacon Interval ms Preamble Type APP Security Type Security WEP Properties Wireless lapmat Enable a Mixed Anto Default Auto Range from 7 to 54 Mbps Disable Default Disable 2346 Default 2346 Range from 256 to 23461 2347 Default 23 Range from O to 2347 100 Default 100 Range from 20 to 1024 msec Long Y Default Long Enable Default Enable Disable M 802 1 Authentication Authentication Type Both e SSID The SSID is the unique name shared among all APs in a wireless network The SSID must be the same for all APs in the wireless network It is case sensitive and has a maximum length of 32 bytes e SSID Broadcast Select this option to enable the SSID to
153. tion Accounting Service Select this to enable or disable the Accounting Service for accounting capabilities Authentication Protocol There are two methods CHAP and PAP for selection 47 Click the hyperlink of Edit Policy Mapping for further configuration In Class Attribute filed enter the class attribute according to the setting of Radius server and assign a policy The class attribute could be a character string using numbers 0 to 9 alphabets a to z or Ato Z dash underline _ and dat all other letters are not allowed These settings will become effective immediately after clicking the Apply button Policy Mapping Server 1 C Enable Disable No Class Attribute Policy Remark CO HS Mm nh amp tw Bo Authentication Method LDAP Choose LDAP in the Authentication Method field the hyperlink beside the pull down menu will become LDAP Setting Authentication Server Server 1 Server Name Servert ts server name Server Status Disabled Posttix Posts ls postfix name Black List Mone j Authentication Method LDAP w LDAF Setting Local User Policy POPS Radius LDAP CAE Noonan Clear Click the hyperlink for further configuration Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red star are necessary information These settings will become effective immedia
154. two versions of POP The first called POP2 became a standard in the mid 80 s and requires SMTP to send messages The newer version POP3 can be used with or without SMTP POP3 Post Office Protocol 3 A standard protocol used to retrieve e mail stored on a mail server Port 1 The connection point on a computer or networking device used for plugging in a cable or an adapter 2 The virtual connection point through which a computer uses a specific application on a server PPPoE Point to Point Protocol over Ethernet PPPoE relies on two widely accepted standards PPP and Ethernet PPPoE is a specification for connecting the users on an Ethernet to the Internet through a common broadband medium 155 such as a single DSL line wireless device or cable modem All the users over the Ethernet share a common connection so the Ethernet principles supporting multiple users in a LAN combine with the principles of PPP which apply to serial connections PPTP Point to Point Tunneling Protocol A new technology for creating Virtual Private Networks VPNs developed jointly by Microsoft Corporation U S Robotics and several remote access vendor companies known collectively as the PPTP Forum A VPN is a private network of computers that uses the public Internet to connect some nodes Because the Internet is essentially an open network the Point to Point Tunneling Protocol PPTP is used to ensure that messages transmitted from one VPN node to
155. uter to automatically decrypt the information so it can 89 be read Select Authentication Type Open System Shared Key or Both Key Length 64 bits or 128 bits Key Index Key1 Key4 and then input the Key Check 802 1x Authentication to enable this function and enter the related data if necessary Security Type WEP Y F 802 1x Authentication Authentication Type Bon y Key Length 64 bits key Format asen Key Index key WEP key keo S Security Keyz ken ti tsti Cs CC Keys ao Key fey Radius Server IP A 7 202 1x Port lie Secret VAS WPA WPA is Wi FP s encryption method that protects unauthorized network access by verifying network users through a server Select 802 1x or WPA PSK security type and enter the related information below security Type PAFA bl WPA PSK Security a WEES Fassphrasel PSK TRIP Passphrase security Type WPA 802 1x Radius Serer Security IF sina Port EE Secret 90 WPA2 Wi Fi Protected Access version 2 The follow on security method to WPA for Wi Fi networks that provides stronger data protection and network access control Select 802 1x or WPA PSK security type and enter the related information below WPA2 only can use AES encryption type security Type securi ity WPA PSK AES Security Type Security 802 1x APA MWPA PSK Passphrase P5k Passphrase WYP AS 802 1 Radius Server IF Port i812 Secre
156. ven by the Wizard to enter the required information step by step After saving and restarting AMG 2000 it is ready to use There will be 6 steps as listed below 1 Change Admin s Password Choose System s Time Zone Set System Information Select the Connection Type for WAN Port Set Authentication Methods Save and Restart AMG 2000 SS Y 2 5919 Please follow the following steps to complete the quick configuration 1 Use the network cable of the 10 100BaseT to connect a PC to one of the LAN1 LAN4 port and then start a browser such as Microsoft IE or Firefox Next enter the gateway IP address as the web management interface s URL the default is https 192 168 2 254 In the opened webpage you will see the login screen Enter admin the default username and password in the User Name and Password column Click Enter to log in English Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In amp ES User Name E ANG 2000 AP Management Tas Gateway ENTER Caution If you can t get the login screen the reasons may be 1 The PC was set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please use default IP address such as 192 168 2 xx in your network and then try it again For the PC configuration on PC please refer to 6 Appendix B
157. y 94001 Delete Total First Previous Mest Last Search Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search All usernames matching the keyword will be listed Add User Upload User Download User Policy Username Password MAC Del All Remark Mone Wary 94001 Delete Total d First Previous Mex Last Del All This will delete all the users at once Delete This will delete the users individually Edit User If you want to edit the content of individual user account click the username of the desired user account to enter the Edit Profile page for that particular user and then modify or add any desired information such as Username Password MAC option Policy and Remark optional Then click Apply to complete the modification 43 User Profile MAC Poly Remark Radius Roaming Out 802 1x Authentication Enable the two function separately and the hyperlink of Radius Client List Local User Setting Edit Local User List Radius Roaming Out f Enable Disable 802 1 Authentication Enable Disable Radius Client List Click the hyperlink of Radius Client List to enter the Radius Client Configuration page Choose the desired type Disable Roaming Out or 802 1x and key in the related data and then click Apply to complete the settings Radius Client Configuration Mo Type IP Address segment Secret 1 Roaming out
Download Pdf Manuals
Related Search