LevelOne WHG-707 WLAN access point
Contents
1. Accessibility AddNew Add Remove Date Time Options Hardware Programs Control Poel Yag Display Fonts Game Internet Network Controllers Options Configures network c hardware and software se 3 e che Keyboard Modems Mouse Multimedia Microsoft Home Technical Support q I k F a y ODBC Data Passwords Power Sources 32bit Management Cn Aha xt ral MM Configures network hardware and sol a My Computer Network Configuration Identification 4ccess Control The following network components are installed E Client for Microsoft Networks gt AMD PONET Family Ethernet Adapter PCI 1S4 2 Cuello Adapter Primary Hetwork Logon Client for Microsoft Hetworks E Eile and Print Sharing Description TCP IP is the protocol ou use to connect to the Internet and wide area networks 3 Using DHCP If you want to use DHCP click on the IP Address tab and choose Obtain an IP Bindings l Advanced NetBIOS l OAS Configuration Gateway WINS Configuration IP Address address automatically and then click OK This An IF address can be automatically assigned to this computer is also the default setting of Windows Then IF Your nebwork does not automatically assign IP addresses ask pour network administrator for an address and then type it in the space below reboot the PC to make sure an IP address is obtained from WHG CONTROLLER2. s Ports SYSLOG Destinations gt SYSLOG Destinations Up to two external SYSLOG servers may be configured please enter the IP address and port number of the external SYSLOG server gt System Log This controls the enabling disabling of the SYSLOG logging feature When enabled the selected logs from Notification Settings will be sent to the SYSLOG server configured above However when disabled no logs will be sent to the SYSLOG server configured above 217 13 2 3 FTP Settings FTP Settings IP Address Port Anonymous Yes No FTP Destination Username Password FTP Setting Test Send Test Log gt FTP Destination Specify the IP address and port number of your FTP server If your FTP needs authentication enter the Username and Password The Send Test Log radio button can be used to send a test log for testing your current FTP destination settings 218 13 2 4 Notification Settings This configuration page allows the selection of log types to send either to preconfigured E mail SYSLOG Servers or FTP Server based on the chosen time Interval Monitor IP Report Users Log On demand Users Log Session Log Local Area AP Status Change Wide Area AP Status Change Wide Area AP Report CPU Loading Memory Usage Network Delay Network Traffic Associate Client VAP Traffic WDS Traffic Hardware Log HTTP Web Log DHCP Server Log DHCP Lease Log
3. cccccccccsececeeceeseeeceeeeseecesseeeeseuseseeessueesseeeessaees 267 Appendix A Certificate Settings for IEG and IEZ ccccssscceeeseeeeeeeeeeneeeeeneeneeneeeeeneeseeneneennens 269 Appendix B Network Configuration on PC amp User LOGIN cccissseeeesseeneeeeneeseeneeneeeeeneeeeenens 278 PDDENGIX C PONCY POCI sr a xcisaie tic wineiisistepauiecieuaousisuasauensawceanaeeaeens 291 Appendix D RADIUS ACCOUNTING 1 s111secceeseceeeneeeeeneesenseneenseeeenseneenseeeessesenessenseesenseesonnens 292 Appendix E VLAN Port Location Mapping and PMS Middleware 1 Before You Start 1 1 Preface This WHG Controller User Manual is for WLAN service providers or network administrators to set up a network environment using the WHG Controllers It contains step by step procedures and graphic examples to guide MIS Staff or individuals with basic network system knowledge to complete the installation Besides this document there is a Quick Installation Guide QIG which is for starting up WHG Controller quickly It is recommended to start with the QIG and then refer to this manual for further details Some special topics are addressed separately in the Appendixes 1 2 Document Conventions Apply Indicates that clicking this button will apply all of your settings Indicates that clicking this button will clear what you have set before the settings are applied The red asterisk indicates that information in this field is com
4. cccccccsecceececeeeceeecceeeceueeceeeceuceceeesseeeeeeessueessss 144 9 10 sa Bom ela rs GEM 1g Maer emnn een eee ete neneer nee renee nner eRe eae ett nee ce mre nce meee nner Rear en eer tant 145 9 11 ROGUE AF DGLECUON cereo a a a 146 9 12 AF Load Balancing cerrscene n a A ES 148 Wide Area AP Managemen lanian a a a 151 10 1 APF DISCOVO V oces a E 152 10 2 Manually add AP asigi a a toad cuatet de seietaeienalaale 153 10 3 Manage AP LISIS craro a a A 154 10 4 Manage Third PANY AP sieca a aa a iaai 156 10 5 MaD oe a O a 157 10 5 Register Key rom Google saiaren a a a a a N 158 NOS 2 Grede ANAND conan a a a 159 10533 Making APS Onyon Map wa cridateiuienn taco innate a adeno eee 160 105 4 Operations trom Map page vecai tinea tela leaden age wie EEEn 163 10 6 AP Operations TOM AP LIST 25 ccoranectemcitdenauenn attendee aie A beatae 164 10 7 WDS EiS Tiere a a a a neni 166 10 8 BACKUP OONN ran iemene meer an eT teers Reine ten gte ee erie ane erent ert mn ere meen n er nem et ee 167 10 9 Firmware Management ANd UPOLaCe cccccseccceeccceeeceucceececeueccueeceueecsueeeeeesseessusensess 168 IOO SOAP lee sted apaniecnsiausa te en raaee a A tani areata aise O 169 Networking Features Of a GatOWwaly sccssscccseeseceeneeseeneesenseesenseesenseesensensones 170 11 1 Dae caetetn rear ice satel ae fata nce tet a ani aerate attend S 170 11 2 AY AT gH ES leven E E ETE em eee nee ro gene ee ere enn MER RO ET Om
5. Download to File Send to POS The created accounts can be exported as a txt file or printed via pre configures POS printer 7 On demand Account List All created On demand accounts are listed and related information is also provided On demand Account List e Search Enter a keyword of a username or reference to be searched in the text filed and click this button to perform the search All usernames or reference matching the keyword will be listed e Username The login name of the account e Password The login password of the account e Remaining Quota The remaining time or volume or the cut off time until this account expires e Status The status of the account o Normal the account is not currently in use and also does not exceed the quota limit 70 o Online the account is currently in use o Expired the account is not valid any more even there is remaining quota to be used o Out of Quota the account has exceeded the quota limit o Redeemed the account has been applied for account renewal e Delete All This will delete all ondemand accounts at once e Delete This will delete the users individually 71 Redeem On demand Accounts Hello you are logged in via sp6z ondemand To log out please click the Logout button TTTIITT IT Login time 2009 06 02 11 11 ceceecese Remaining Time For Time and Volume accounts if they are almost out of quota they can use redeem function
6. Deletion Time Wanhan Time DT E Invalid m Valid Volume account lifespan Quota Up QU Activation Time Expiration Time AT ET Deletion Time Creation Time DT CT E Invalid gt Valid Duration time with Elapsed Time Account activated upon the account creation time Count down begins immediately after account created and is continuous regardless of logging in or out Account expires once the Elapsed Time has been reached Ideal for providing internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time Elapsed Time is the time interval for which the account is valid for internet access xx hrs yy mins Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 64 O Editing Billing Plan ae Counting Method Elapsed Time Begin and end Time Cut off Time Begin Time Upon Account Creation day s hr s min s Elapsed Time Range of day s 0 364 Range of hour s 0 23 Range of minis 0 59 they cannot all be zero Ome Range 0 100000 including two digits after decimal point e g 1 99 TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed
7. Internet Connection Wizard x Setting up your Internet connection If You have an Interet service provider account you can use your phone line and a modem to connect to it IF your computer it connected to a local area network LAN you can gain access to the Internet over the LAM How do you connect to the Internet connect through a phone line and a modem connect through a local area network LAN O OO lt Back f ne Cancel a Internet Connection Wizard x Local area network Internet configuration Select the method you would like to use to configure your proxy settings If you are not sure which option to select select automatic discovery or contact your network administrator Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatic Configuration I Automatic discovery of proxy server recommended I Use automatic configuration script Address T Manual Proxy Server lt Back d Next gt Cancel 279 6 7 1 Choose No and then click Next Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP Choose Start gt gt Control Panel gt gt Internet Option 280 Internet Connection Wizard Set Up Your Internet Mail Account n Internet mail program is installed on your computer Internet mail allows you to
8. WHG Controller Modem WHG311 Managed AP n ISP r Built it g External Account Auwthaent ina Digtbass 7 Load T e te Ralancieg oe A ioral p ETTE H aa Firewall Wlagderri lP Switch i ven bi TEF i o Manage a ee Switch F l ai i Cas q S I i ii Managed AP ga Ls ae si 5 a a k ae sA Location Two Mail Server r aS amp a ay Web Sereor ee we Si e App Sere XO staff Customer Area Access to Internal Network amp Internet Access to Internet Only Location One WHG Controller in a Business Headquarter am j 1 Telephone bine oes A415 Ethernet cable WHG Controller in a Hotel Capable of integrating with DSLAM and PMS 25 3 2 Service Zone Concept LevelOne Service Zones are virtual machines that has its own network interface DHCP server authentication configuration user pages as well as security and user policy settings By associating a unique VLAN Tag and SSID with a Service Zone administrators can separate wired network and wireless network into different logical networks isolated from one another Users attempting to access the resources within the Service Zone will be controlled based on the access control profile of the Service Zone such as authentication security feature wireless encryption method traffic control and etc There are nine Service Zone profiles in total Default Service Zone and Service Zones 1 8 Service Zone Se
9. General In this section revise the Subnet Mask and Default Gateway here if desired Configure the NTP Servers and Time Zone In addition administrator can enable SYSLOG server to receive the log from AP and enable SNMP read write ability SSID Broadcast Band Data Rate Preamble IAPP Wireless Client Isolation Transmit Power Wireless WMM Fragment Threshold RTS Threshold Beacon Interval ms Wireless Wireless EAP100 TEMPLATE1 Enabled 802 11b 802 11ig Auto Long Only Disabled Disabled Auto Enabled sails Default 2346 Range 256 2346 2346 Default 2346 Range 1 2346 100 Default 100 Range 100 500 x SSID Broadcast Select this option to enable the AP s SSID to broadcast in your network It is suggested to disable SSID broadcast feature when you have an authentication disabled network intended for private use E Band Depending on the AP model template you are editing there are different modes to select 802 11a 802 11b 802 11g 802 11a 802 11n 802 11b 802 11g and 802 11g 802 11n E Data Rate The default is set to Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of transmission speed or keep the default setting Auto to allow the Access Point to automatically use the fastest rate possible Preamble The length of the CRC Cyclic Redundancy Check bl
10. Allow Deny Disable The administrator can enter multiple MAC address entries by clicking the Add MACs button This MAC ACL list is enforced to the whole Controller Allow means that only the MAC addresses listed are allowed to access the Controller s network Deny means that the MAC addresses listed are not allowed to access the Controller s network Disable means that this MAC ACL list is not enforced and that there is not restriction on MAC addresses on the whole system Black List Go to Main Menu gt Users gt Black List 107 Black List Settings Select Black List 1 Blacklist1 Total 0 First Prev Next Last Page 1 1 Add User s There are multiple Black List profiles available Administrator can select one and enforce this black list on the desired authentication server Click Add User s button to fill in usernames postfix not required When enforced on an authentication server accounts in the black list will be denied authentication and network access Privilege Users Setup the Privilege IP Address List and Privilege MAC Address List The clients in the list can access the network without any login Privilege List IP Address List MAC Address List IPv6 Address List 108 Privilege IP Privilege IP IPv6 Address List If there are workstations inside the managed network that need to access the network without authentication enter the IP addresses of these workstations in the Granted Acce
11. Configure Configure Configure 15 2 Loading a Customized Login Page Custom Pages gt gt Login Page The administrator can use the default login page or get the customized login page by setting the template page uploading the page or downloading from a designated website After finishing the setting click Preview to see the login page e Custom Pages gt gt Login Page gt gt Default Page Choose Default Page to use the default login page Login Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page Default Page Setting Service Zone Default This is the default login page for users You could click Preview to preview the default login page Preview e Custom Pages gt gt Login Page gt gt Template Page Choose Template Page to make a customized login page Click Select to pick up a color and then fill in all of the blanks You can also upload a background image file for your template Click Preview to see the result first 231 Login Page Selection for Users Service Zone Default Default Page Uploaded Page Color for Title Background Color for Title Text Color for Page Background Color for Page Text Title Welcome Information Username Password Submit Cancel Remaining Copyright Remember Me Logo Image File Background Image File Template Page External Page Template Page Setting CCOOO
12. Send Detail Detail Detail Detail Detail Detail Detail Detail o R i Detail Interval 1 Hour M 1 Hour v 1 Hour M 1 Hour N A N A Daily Report Weekly Report Monthly Report N A 1 Hour hd N A 1 Hour v gt Detail Clicking this radio button allows the configuration SYSLOG attributes such as Tag Severity and Facility which will be assigned to the corresponding log to meet the filtering requirements on the SYSLOG Server Note The System Log option needs to be enabled under SYSLOG Settings in order to send the selected logs to the configured SYSLOG Servers 220 SYSLOG Destinations System Log Sending Logs to FTP SYSLOG Settings SYSLOG Server 1 SYSLOG Server 2 IP Address IP Address Enabled Disabled 10 23 1 101 Port 514 Port The following log types can be sent to external FTP servers configured in FTP Settings Users Log On demand Users Log Session Log HTTP Web Log DHCP Lease Log and System Report Click the desired log type and select the time interval for sending log Monitor IP Report Users Log On demand Users Log Session Log Local Area AP Status Change Wide Area AP Status Change Wide Area AP Report C CPU Loading Memory Usage Network Delay Network Traffic Associate Client VAP Traffic WDS Traffic Hardware Log HTTP Web Log DHCP Serv
13. because it is currently not the service hour for your account You have already logged in Sorry there is a system problem checking the information of your account XXX lt BR gt Please contact your network administrator Invalid username or password lt BR gt Please check your username and password and try again Cannot identify the policy for your account lt BR gt Please contact your network administrator User of this device the MAC address is not allowed to use this account lt BR gt Please contact your network administrator Sorry the external authentication server is currently unreachable lt BR gt Please contact your network administrator sorry you are not allowed to create a remote VPN connection Integer 1 4094 VLAN ID IP format Gateway activated IP address 242 External Logout Successful Page Variables Field Value Uid String Vlanid Integer 1 4094 Gwip IP format External On demand login successful page Variables Field Value Uid String Utype String LOCAL RADIUS ONDEMAND POP3 LDAP SIP NT Domain Umac MAC format separated by sessionlength byteamount idletimeout logouturl redeemurl Vlanid Gwip client_ip Sz Group Policy next_page max_uplink max_downlink Req_uplink Req_downlink session Integer Sec Integer byte Integer Sec String URL encoded String URL encoded Integer 1 4094 IP format IP for
14. displayed here DHCP Logs Statistics List DHCP Lease Log DHCP Lease List No IP Address MAC Address Host Name Vian Lease Expires 1 192 168 1 4 00 40 96 al af dd x30 ac4d2 g 2011 03 19 17 13 49 2 192 168 1 41 00 10 73 3b 73 3e AC109 NB 0 2011 03 19 16 32 35 3 192 166 1 76 0c 08 e0 04 80 cf g 2011 03 19 19 01 04 214 13 2 Notification Configure Notification go to Status gt gt Report amp Notification WHG CONTROLLER can automatically send various kinds of user and or system related reports to configured E mail addresses SYSLOG Servers or FTP Server Report and Notification SMTP Settings Configure SYSLOG Settings Configure FTP Settings Configure Notification Settings Configure System Report Show gt SMTP Settings Allows the configuration of 5 recipient E mail addresses and necessary mail server settings where various user related logs will be sent to gt SYSLOG Settings Allows the configuration of two external SYSLOG servers where selected users logs as well as system logs will be sent to gt FTP Settings Allows the configuration of an external FTP Server where selected users logs as well as system logs will be sent to gt Notification Settings Provides an overview of all the available user and system logs for selection Selected logs can be sent to the chosen location E mail SYSLOG FTP on customizable time intervals gt System Report Provides a graphical display
15. gt List AP in this Map Clicking this button will open a new page on your browser redirecting to the List tab page for displaying a list of APs in the Map gt List WDS in this Map Clicking this button will open a new page on your browser redirecting to the WDS List tab page for displaying a list of WDS links in the Map gt Delete this Map Delete the current map profile gt Add a New Map Click to add a new map profile gt Edit this Map Click to modify the current map s attribute settings gt Customize Image Administrator can upload desired images for each AP model that will be used as AP markers on the MAP 163 10 6 AP Operations from AP List Perform operations on managed APs go to After adding APs to the managed List the List page provides some operations for managing the listed AP s Total 1 First Prev Next Last Go to Page 1 Row per Page AP List Type All ka Status All k Tunnel IP Status Cc Type Name ae of AP Admin Web Pees CAPWAP User ajeno PE faassen oie g va Total 1 First Prey Next Last Go to Page Row per Page Add to Map Backup Config Restore Config Upgrade gt Goto The WHG Controller cannot directly configure Wide Area AP s settings remotely However the Goto button is a convenient link for accessing the remote AP s WMI Please note that the Goto button will only become active when the listed AP s status is Online AP List IP Status AP Admin Web n Type Name Tu
16. 208 13 1 7 Session List View Session List go to Status gt gt Session List This page allows the administrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may define the filter conditions and display only the results you desire Filter Protocol Source IP Port Destination IP Port Apply Filter Display Mode Total 21 First Prev Next Last Go to Page Row per Page Session List Protocol Source IP ion IP Port State Timeout 1 tcp 10 29 3 137 2037 10 0 5 233 ag TIME_WAIT 6 2 10 29 3 137 2652 10 0 5 233 E 80 TIME_WATT 68 a3 tcp 10 29 3 137 2653 10 0 5 233 80 TIME_WAIT 4 10 29 3 137 2047 10 0 5 233 20 SYN_RECV 10 29 3 137 2052 10 0 5 233 80 TIME_WAIT 10 29 3 137 2659 10 0 5 233 80 TIME_WAIT Ej 10 29 3 137 2661 10 0 5 233 80 TIME_WAIT Eg 10 29 3 137 2663 10 0 3 233 20 TIME_WAITT 68 EJ tcp 10 29 3 137 2054 10 0 5 233 80 TIME_WAIT 36 10 udp 10 0 5 196 137 10 0 255 255 137 UNREPLIED 10 u tcp 10 29 3 137 2651 10 0 5 233 80 TIME_WAIT 36 12 tcp 10 29 3 137 2648 10 0 5 233 80 TIME_WAIT 36 13 tcp 10 29 3 137 2656 10 0 5 233 80 SYN_RECV 30 a udp 10 0 5 233 JA77 a 168 95 1 1 s3 3 ASSURED 1 as 10 29 3 137 2662 10 0 5 233 80 TIME_WAIT
17. Access Points gt gt AP Load Balancing gt gt Group Configuration Group Configuration Group Status Loading Threshold You can choose the Loading Threshold of each group Also you can disable the AP group if the group is disabled this group of AP will not enable the Load Balancing function 3 Add the AP to the Group Configure AP to the Group go to Access Points gt gt AP Load Balancing gt gt Device List 149 Device List C Group Device Name MAC Address IP Address eer Loading Log 1 NEWDEV 00154 O0 1F D4 00 0C CD 192 168 0 2 Highest Offline View Ea None auto101 00 02 00 00 00 65 19 2 168 0 101 Highest Offline View None auto102 00 02 00 00 00 66 19 2 168 0 102 Highest Offline View None auto1i03 00 02 00 00 00 67 192 168 0 103 Highest Offline View None autoio4 00 02 00 00 00 68 19 7 168 0 104 Highest Offline View None autoi05 00 02 00 00 00 69 192 168 0 105 Highest Offline View None auto106 00 02 00 00 00 6A4 192 168 0 106 Highest Offline View none auto1lo07 00 02 00 00 00 66 192 168 0 107 Highest Offline View None autoi108 00 02 00 00 00 6C 192 168 0 108 Highest Offline View None auto109 00 02 00 00 00 6D 19 7 168 0 109 Highest Offline View gal Add to None Before setup the AP Load Balancing you must discovery the APs and apply template first gt gt Note For more detail of AP Management please refer to the section of Managing W
18. Authentication Settings Wireless Settings and Managed AP s in this Service Zone 45 5 6 1 Planning Your Internal Network Simple network environment For most simple internal network such as there are just only two subnets Using Port Based model is an easy and better way In Port Based mode each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below one Service Zone for Employees and one for Guests xDSL Cable i a Modem p 7 ISP internet lt a gt L2 Switch L2 Switch pe i J vlani G j u VLAN2 LS amp Managed APs amp aa N r aa a S gt D o C s gt gt a gt S AAY S Sy f ri E for Guests for Employees A The switches deployed under WHG Controller in Port Based mode must be Layer 2 switches only Multi subnet network environment On the other hand if the internal network is a Multi subnets network environment Tag Based model will satisfy to your conditions In Tag Based mode each LAN port will serve traffics from different Service Zones a VLAN switch or VLAN AP is required to take care of the VLAN tags carried within the message frames An example of network application diagram is shown as below more than two Service Zones for different departments xDSL Cable Modem lt n CGD for Guests for Employees A The switch deployed under WHG Controller in Tag Based mode must be a VLAN switch only 46 5 6
19. Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click User Firewall Rules to edit the rules Machine Firewall Rules Input is for editing firewall rules which will be enforced on traffics entering the WAN ports from the external network Machine Firewall Rules Output is for editing firewall rules which will be enforced on outgoing traffics from the internal network passing WAN ports DoS Protection allows the administrator to select which type of attack to block by clicking the Enable checkbox Global Policy Firewall Configuration Predefined and Custom Service Protocols Configure User Firewall Rules Configure Machine Firewall Rules Input Configure Machine Firewall Rules Output Configure DoS Protection Configure Firewall Profile Policy 1 Policy 2 and etc Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click User Firewall Rules to edit the rules Policy 1 Firewall Configuration Predefined and Custom Service Protocols User Firewall Rules Predefined Protocols Predefined and Custom Service Protocols There are predefined service protocols available for firewall rules editing Policy 1 Service Protocols List No Name Description g ALL ALL 1 ALL TCP TCP Source Port 0 65535
20. LevelOne Secure WLAN Controller WHG 311 315 401 505 515 707 User Manual Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission of LevelOne INC Disclaimer LevelOne does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others LevelOne further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Trademarks LevelOne is a registered trademark of Digital Data Communications Group Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners level EET Ey E E BA w Al amp One About 4ipnet The LevelOne Secure WLAN Controller series is powered by 4ipnet LevelOne is partnered with 4ipnet to deliver most feature rich product yet simple deployment in wireless networking infrastructure solution Aipnet is a leading provider of wireless networking solution software design house for manageable reliable and secure wireless access In an
21. Walled Garden Ad List Item 2 URL hitpvAvWww google com Topic Google a a Description Mo 1 Search Engine Walled Garden Ad List tem 3 URL httpviwww yahoo com Walled Garden Ad List URL Topic x tem Edit Display Description hitpvkKcafe com YK Cafe T Welcome to YK Cafe http Awww google com Google 2 Edit No 1 Search Engine Edit m http www yahoo com Yahoo 117 User Login Username password Remember Me YK Cafe welcome YK Cafe ra Google No 1 Search Engine wW Yahoo 118 8 1 5 Mail Message Configure Mail Message go to System gt gt Service Zones Group Permission for this Service 7one Default Policy in this Service Zone Email Message for Login Reminding Policy 1 Edit System Policies Enable Edit Mail Message Disable When enabled the system will automatically send an email to users if they attempt to send receive their emails using POP3 email program for example Microsoft Outlook before they are authenticated Click Edit Mail Message to edit the message in HTML format POP3 Email Message Editing Service Zone Default lt HTML gt lt HEAD gt lt HEAD gt lt BODY gt lt DIV gt gt lt DIV gt oar i lt FONT face Times New Roman size 6 gt lt STRONG gt Welcome lt STRONG gt lt FONT gt lt DIV gt lt DIV gt lt FONT size 4 gt lt STRONG gt lt STRONG gt lt FONT gt lt DIV gt 119 lt DOCTYPE HTML PUBL
22. When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Time specifies that the account is valid between the two time points ae ae Duration time Cut off Time account lifespan exapmle showing Cut off on 23 00 23 00 p gt Cut off Time Creation Time CT Deletion Time DT Invalid Valid Duration time with Begin and End Time Define explicitly the Begin Time and End Time of the account Count down begins immediately after account activation and expires when the End Time has been reached Ideal for providing internet service throughout a specific period of time For example during exhibition events or large conventions such as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will become expired and not able to use any more defined explicitly by the operator Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator
23. a nal ped ahred m Step 5 Confirm the Vendor specific Attribute has been added success Multivalued Attribute Information E eg Edit Dial in Profile Diahn Constraints IP Mulbdink Authentication Eneryption Advanced Attribute name Specily additional connection attributes to be retuned to the Remote albae number A ESS Servet a Athibute tomat DetetSting Genara ienai Minoso False RADIUS Standard Class03 PPP wendo come 31932 Max download upload traffic is 1 M Bytes Step 6 Follow the same steps to create other Vendor specific Attribute as you need 295 3 VSA configuration in RADIUS server FreeRADIUS This section will guide you through a VSA configuration using the operating system Fedora FreeRADIUS version 1 0 5 Before getting start open the shell of RADIUS server for example use Putty to access the Linux Host ra ts Pull Configuration Category Session Lagging Specify the destination you want ta connect to Terminal Keyboard Host Name or IF address Fort A 10 2 3 217 22 Features Connection type Window C Raw Telnet Alogin SSH Serial Appearance Behaviour Translation Saved Sessions Basic options for your PuTTY session Load save or delete a stored session Selection Colours Connection Data Frosy Telnet Alogin H SSH Serial Default
24. it is required that the merchant owners have a valid Authorize Net account gt Authorize Net Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable Authorize Net Payment Page Configuration Merchant Transaction Key Doo https secure authorize net gateway transact dll Payment Gateway URL Enable Disable Verify SSL Certificate m Test Mode O Enable Disable Try Test MD5 Hash Enable Disable Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net Test Mode In this mode merchants can post test transactions for free to check if the payment function works properly MD5 Hash If transaction responses need to be encrypted by the Payment Gateway enter and confirm a MD5 Hash Value and select a reactive mode The MD5 Hash security feature enables merchants to verify that the results of a transaction or transaction response received by their server were actually sent from the Authorize Net 253 gt Service Disclaimer Content Choose Billing Plan for Authorize Net Payment Page Clie
25. Gateway gt gt PayPal Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot owners should find the Identity Token of this PayPal account to continue PayPal Payment Page Configuration gt External Payment Gateway PayPal Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable PayPal Payment Page Configuration Business Account Doo Payment Gateway URL https www paypal com cgi bin webscr Identity Token SSS Enable Disable Verify SSL Certificate Currency USD U S Dollar Business Account The Login ID an email address that is associated with the PayPal Business Account Payment Gateway URL The default website address to post all transaction data Identity Token This is the key used by PayPal to validate all the transactions Verify SSL Certificate This is to help protect the system from accessing a website other than PayPal Currency The currency to be used for the payment transactions 25 7 gt Service Disclaimer Content Billing Configuration for Payment Page Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet servic
26. MD5 Hash to test the authenticity of the link It should contain one or more lowercase letters uppercase letters numbers and symbols It also should be between 8 16 characters Interface Port The port used by Net Retriever the default is 8324 MIID The ID of the Middleware ACID The ID of the Access WHG Controller the gateway Link Test Interval The time interval for the gateway to perform Link Test the default is 300 seconds Now the PMS Middleware connection is finished in the Access WHG Controller side In the PMS Middleware Net Retriever side it has to know the P address of Access WHG Controller Secret Key AC ID and MD ID configured in Middleware Connection Setup in order for the two interfaces to communicate to each other 4 Check or modify the Port Location Mapping profile If you want to check the room mapping information or you want to change any setting of the room mapping To configure Port Location Mapping List go to System gt gt Port Location Mapping The Port Location Mapping List displays all the profile entries with information such as its VLAN ID Room Num Location ID Port Type and Service Zone Clicking the Delete link can erase an individual Port Location Mapping profile Clicking Delete All button will erase all of the Port Location Mapping profiles 303 Search J phe kana Deran o w o m w m of me it ref mm it ref mm fit of mw fi of e e o
27. Map Goto Map Taipei ae m Goto AP _ Show Longitude and Latitude Longitude and Latitude _ Show Longitude and Latitude Save Modification List AP in this Map List AP in List AP in this Map Map List WDS in List WDS in this Map List WDS in this Map _ Delete This Map This _ Delete This Map The above screenshot is an example showing Taipei City with Map Name as Taipei Bridge Zoom Level of 14 and Normal Map Type 159 10 5 3 Marking APs on your Map If you have several APs deployed and listed in List under Wide Area AP Management their geographical location can be marked on a particular map Firstly go to the List tab page and click on the Edit button of the AP s that you wish to mark in the map In the AP configuration page set the coordinates Latitude and Longitude of this AP and the radius of signal coverage Device EAP200_Ext Device Name EAP200_Ext SNMP Community public modify snmp setting will reboot the AP Latitude 25 062636 85 85 Longitude 121 544688 180 180 Remark Radius of Coverage 0 x3 meters Name IP Camera Link 1 Description The security camaera connected to this AP URL http 10 3 24 234 Fill in the coordinates where you wish to mark this particular AP Link 1 Link 3 is for configuring a http link that will show up in the dialogue box on the map for referencing additional information related to this AP for instance the IP address of a IP surveillance camera connec
28. New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1630 DIP 67 18 163 154 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 387 SPort 1631 DIP 202 43 195 52 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1632 DIP 203 84 196 242 DPort 80 112 8 Users Login and Logout 8 1 Before User Login 8 1 1 Login with SSL Configure HTTPS go to HTTPS HTTP over SSL or HTTP Secure by means of Secure Socket Layer SSL or Transport Layer Security TLS encrypts and decrypts user page requests as well as the pages that are returned by the Web server This function will provide extra security upon client s login Enable to activate https encryption or disable to activate http non encryption login page System Name Administrator Contact Information Suspend Warning Message Internal Domain Name Disclaimer Page Portal URL User Log Access IP Address Management IP Address List SNMP HTTPS Certificate HTTPS Protected Login Time General Settings for the Entire System Sorry The service is suspended gateway example com Use the name on the security certificate FQDN of this device for internal use e g controller office name com O Enable Disable Specific Original None http www google com fe g http vw0 example com Enable Disable Defa
29. No output redirect user to login successful page User Logout Path LAN IP address or Internal Domain Name loginpages logoff shtml Input Field Required Value Description Uid Optional String User ID default is taken from cookie session Optional String Encoded string which contains some information of this session default is taken from cookie Output No output redirect user to logout successful page Remaining quota Credit balance Path LAN IP address or Internal Domain Name loginpages reminder shtml Input 245 Field Required Value Description myusername Required String User name mypassword Required String Password ret_url Optional String URL encoded Returned URL default is pop_reminder shtml command Optional String getValue If command is set to getValue the return URL would be ignored and the page would only print out the available quota Output lf command is set to getValue the output is simply value secs or bytes according to user type lf command is not set and there is no ret_url is presented client would be redirected to pop_reminder shtml page which shows remaining quota in our UI style If ret_url is presented client would be redirected to ret_url and gateway would add these four variables in URL Field Value Description msg String including Error messages Sorry this feature is available for on demand user only Sorry this username XXX is
30. System Report CPU Loading C CPU Temperature C Memory Usage C Network Traffic Online User Successful Login Session DHCP Lease C DNS Query Sending Logs to E mail 1 Notification Settings Receiver E mail Address es 2 3 4 5 N A N A N A N A N A N A SYSLOG Detail Detail Detail Test Detail Send Detail Send Detail Send Detail Send Detail Send Detail Send Detail Detail Detail Detail FIP Detail Detail Detail Detail Detail Detail Detail Interval 1 Hour 2 1 Hour M 1 Hour v 1 Hour v N A N A Daily Report Weekly Report Monthly Report N A 1 Hour N A 1 Hour v Daily Report Weekly Report Monthly Report The following log types can be sent to E mail addresses configured in SMTP Settings Monitor IP Report Users Log On demand Users Log Session Log The numbers 1 to 5 represents the corresponding E mail address configured in SMTP Settings click the desired E mail address profile 1 5 and select the time interval for sending report or log 219 Monitor IP Report Users Log On demand Users Log Session Log Local Area AP Status Change Notification Settings Receiver E mail Address es 2 3 41 5
31. The rule status will show on the list Check Active checkbox and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time 100 Policy 1 Firewall Rules Gate a Mow Rute Source Destination No Active Action Rule Name Service Schedule Operation Source Interface Destination Interface ANY ANY Edit 1 Block ALL Always In ees i ALL ALL Delete Selecting the Filter Rule Number 1 as an example Policy 1 Edit Filter Rule Rule Number 1 Rule Name f Source Destination Interface Zone ALL w Interface Zone ALL s Subnet Mask 0 0 0 0 0 w Subnet Mask 0 0 0 0 0 w MAC Address DO Service Protocol ALL k Schedule Always O Recurring One Time Action for Matched Packets Block Pass o Rule Number This is the rule selected 1 Rule No 1 has the highest priority rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN1 WAN2 Default and the named Service Zones to be applied for the traffic interface o Source Destination IP Address Domain Name Enter the source and destination IP addresses Do
32. The total number of packets received and sent by the user o Bytes In Bytes Out The total number of bytes received and sent by the user e Download Monthly Network Usage of Local User Click on the Download button for outputting the report manually to a local database Monthly Network Usage of Local User Month No of Entries Usage Data 2010 06 1 A warning message will then appear Click Save to download the record into txt format 212 13 1 10 Logs View Logs please go to Status gt gt Logs System Log oho ae UAMD Log onu Severin je WMI Configuration Log show This page displays the system s local log information since system boot up Administrators can examine the log entries of various events However since all these information are stored on volatile memory they will be lost during a restart reboot operation Therefore if the log information needs to be documented the administrator will need to make back up manually e System Log This page displays system related logs for event tracing e Web Log This page shows which of the web pages have been accessed on the Controllers built in web server e UAMD Log Displays the UAM related information output from the UAM daemon e CAPWAP Log This page shows the CAPWAP message communicated between the Controller and CAPWAP enabled APs e RADIUS Server Log This page displays the RADIUS messages that passes through the controller e WMI Configuration Log
33. Vendor ID of LevelOne is 31932 There must have other attribute to define the amount of traffic with Attribute Number and Attribute Value Attribute Name Attribute Number Attribute Value LevelOne Byte Amount To be defined by administrator for different user group LevelOne MaxByteln To be defined by administrator for different user group LevelOne MaxByteOut To be defined by administrator for different user group LevelOne Byte Amount 4GB To be defined by administrator for different user group LevelOne MaxByteln 4GB To be defined by administrator for different user group LevelOne MaxByteOut 4GB To be defined by administrator for different user group lf the amount of traffic is larger than 4 GB then the attribute of XXXX 4GB is for the carry For example if the amount is 5 GB you must set LevelOne Byte Amount 1048576 and LevelOne Byte Amount 4GB 1 On the other hand if administrator fills in all attributes it means that if any condition is reached the user will be kicked out from system For example if administrator set LevelOne Byte Amount 1048576 LevelOne MaxByteln 1048576 and LevelOne MaxByteOut 1048576 It means that whatever the downlink or uplink or total traffic exceeded the limit the user will be kicked out from system 292 2 VSA configuration in RADIUS server IAS Server This section will guide you through a VSA configuration in your external RADIUS se
34. e Group Name Select the desired group for on demand user e WLAN ESSID The administrator can enter the defined wireless ESSID in this field and it will be printed on the receipt for on demand users reference when accessing the Internet via wireless LAN service The ESSID given here should be ESSID of Service Zones that has enabled On demand database as an authentication server e Wireless Key The administrator can enter the defined wireless key such as WEP or WPA in the field The Wireless Key will be printed on the receipt for the on demand users reference when accessing the Internet via wireless LAN service e Remaining Volume Sync Interval While the on demand user is still logged in the system will update the billing notice of the login successful page by the time interval defined here e Terminal Server Terminal Configuration is a list of serial to Ethernet devices that communicate with the 56 system only never get online and no need to go through authentication NetTicketGen is an example of terminal server that is required to be configured here before it can operate with Controller Terminal Server Configuration Item Server IP Port Location Remark 8 9 10 e Expired Account Keep Days When an Ondemand account expires it will remain on the ondemand account list for a certain amount of time The number of days to retain an expired ondemand account can be speci
35. gt Service Zones Wireless Settings SSID SSIDO Open System ka i Authentication ar Security Enable 802 1 Authentication Encryption Status User Limit Range fram 1 to 32 T E Disable S E E Access Control MAC Address gt Security For each service zone administrators can set up the wireless security profile including Authentication and Encryption gt Authentication Including Open System Share Key WPA WPA2 or WPA WPA2 Mixed gt Encryption 7 WEP When Authentication is Open System or Share Key WEP will be enabled 7 WPA When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK it also can select Passphrase or HEX 7 WPA2 When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK it also can select Passphrase or HEX m WPA WPA2 Mixed When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK it also can select Passphrase or HEX 137 9 7 Change managed AP settings Configure AP settings in AP List go to Access Points gt gt Enter Local Area AP Management gt gt List All of the APs under the management of the WHG Controller will be shown in the list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be reviewed by clicking the hyperlink of Status AP Type EAP700 List AP Name hi Search AP List IF Address Status AP Name No of Client Service Zone MAC Addr
36. receive and send e mail messages To successfully set up your Internet mail account you must have already signed up for an e mail account with an Internet service provider and obtained important connection information If you are missing any information the wizard asks you to provide contact your Internet service provider Do you want to set up an Internet mail account now b lt Bac g O neo Cancel Internet Connection Wizard i Completing the Internet Connection Wizard You have successfully completed the Internet Connection wizard Your computer is now configured to connect to your Internet account O To connect to the Internet immediately select this box and then click Finish x After you close this wizard you can connect to the Internet at any time by double clicking the Internet Explorer icon on your desktop To close the wizard click Finish amp Control Panel File Edit O Address G Control Panel Help B P Search Kea Folders Ei view Favorites Tools EJ co a Accessibility Add Hardware Administrative Date and Time Options Tools Internet Options Display Folder Options D Mouse Network Phone and Power Options va Control Panel x GB Switch to Category View See Also Controllers Windows Update Help and Support Keyboard Connections 2 0 3 Printers and Regional and Scanners and Faxes Language Cameras Speech System Ta
37. the applied Service Zone s Custom Pages settings Welcome To Broadband Internet Service Service Agreement Please click the CONFIRM button to accept the terms and conditions above or click CANCEL to exit CONFIRM CANCEL gt When a user tries to access internet from a Block room the browser will show service unavailable page Service Not Available Notice Service for network access is currently not available Please contact administrator for further assistance 6 View the Event Login After the user select a billing plan and buy it to access Internet You can check the Middleware Event Log for information relating to users that have purchased accounts from VLAN mapped rooms To View Net Retriever Event Log go to Users gt gt Middleware gt gt Event Log 306 Authentication Black List 1 Group 1 Policy 1 Additional Control Middleware Main Menu gt Users gt Middleware Configuration gt Middleware Event Log Middleware Event Log e e e O NetRetriever Biling Log 2010 09 09 Room Cost Date Time Duan Description Name Bytes Used 10 20 20100909 161353 000000 Room number 10 plan 1 username On n ondemand password aj2 9zed price 20 HA i P N VWHG50020110601 307
38. 10 2 2 2 WHG 315 Hardware E Heo Sic WLAN Lonialzr lev el LIT LCD Display Allows network administrator to check important system settings such as network interface SZ configurations etc The navigations buttons from left to right respectively are Sleep Esc Up Down and Enter Quick Buttons Reset Press and hold the Reset button for over 3 seconds and status of LED on front panel will start to blink release button at this stage to restarting the system Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will turn from blinking to off release at this stage to reset the system to default configuration i Quick Restore This button is the firmware switch button Press this button while system is powering up and release when the Quick Restore LED lights up the system will switch to the other firmware image and boot up with that firmware i Quick VPN Function reserved for future release Quick Offload Function reserved for future release LED Displays Power Power LED lights up as constant green when power supply is on i Status Status LED is Blue Blinking indicates that system OS is booting up when lit up constantly indicates that the system is ready for operation i Quick Restore This is used to indicate that the system will now switch to the other F W partition for operation i Quick VPN Function reserved for future release i Quick Off
39. 100 1000 Base T RJ 45 are connected to the external eee network such as the ADSL Router from your ISP Internet Service Provider LAN1 LAN4 Client machines connect to WHG Controller via these LAN ports Wa 10 100 1000 Base T RJ 45 7 Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsofts Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc LED Indicators There are three kinds of LED Power Status and Hard disk to indicate different status of the system LCD Display Allows network administrator to check important system settings such as network interface SZ configurations etc The navigations buttons from left to right respectively are Esc Up Down and Enter Power Supply Socket Connecting the power cord to the built in open frame power supply Input 100 240 VAC 50 60 Hz Power On amp Power Off O Device Cooling Fan Don t block the cooling fans Leave enough open space for ventilation 15 2 3 Preparation before the Installation Before you start the installation by either following this User Manual or the Quick Installation Guide below is a short preparation list to do If you are using WHG Controller product for the first time it is recommended that you follow the Quick Installation Guide to start up the WHG Controller in
40. 2009 should be entered as 0709 Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor Card Code The three or four digit code assigned to a customer s credit card number found either on the front of the card at the end of the credit card number or on the back of the card E mail An email address may be provided along with the billing information of a transaction This is the customer s email address and should contain an symbol Customer ID This is an internal identifier for a customer that may be associated with the billing 255 information of a transaction This field may contain any format of information o First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name o Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name o Company The name of the company associated with the billing or shipping information entered on a given transaction o Address The address entered either in the billing or shipp
41. 4 3 WHG 401 Package amp Installation Package Checklist The standard package of WHG 401 includes WHG 401 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 e RS 232 DBY to RJ45 Console Cable x 1 Ethernet Cable x 1 Straight through Ethernet Cable x 1 Power Cord x 1 Rack Mounting Bracket with Screws x 1 f It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance Installation Connect the power cord to the power socket on the rear panel Turn on the power switch on the rear panel The Power LED should be on to indicate a proper connection Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection Connect an Ethernet cable to the Mgmt Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel Connect the other end of the Ethernet cable to an AP for extending wireless coverage a switch for 18 connecting more wired clients or directly to a client PC The LED of port should be on to indicate a proper connection 2 4 4 WHG 505 Package amp Installation
42. Client IP address MAC format separated by Client MAC address session String Encrypted session information include client IP address MAC address date and return URL You will need to parse the required parameters in your html code The following HTML code segment is an example of parsing oginurl parameter with a self define javascrip function 237 lt FORM action method post name form gt lt script language Javascript gt form action getVarFromURL window location href loginurl lt script gt lt INPUT type text name myusername size 25 gt lt INPUT type password name mypassword size 25 gt lt INPUT name button_submit type submit value Enter gt lt INPUT name button_clear type button value Clear gt lt FORM gt The following shows the corresponding self defined javascript function used to parse the oginurl parameter function getVarFromURL url name if name url return name name replace replace var regObj new RegExp amp name 4 amp var result regObj exec url if result null return else return decodeURIComponent result 1 An external page example that the user will see upon launching a browser highlighted in red you can see the URL parameters sent from the system 4 Exteranl Login Page Windows Internet Explore soj meu http 10
43. General Alternate Configuration You can get IP settings assigned automatically if your network supports OK This is also the default setting of Windows this capability Othenwse pou need to ask your network administrator for the appropriate IP settings Then reboot the PC to make sure an IP address CB cn iP eins tsa fe Obtain an IP address automaticall is obtained from WHG CONTROLLER 5 Using Specific IP Address If you want to use a Obtain ONS server address automatically specific IP address acquire the following Use the following DNS server addresses information from the network administrator the P SSS Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG CONTROLLER If your PC has been set up completely please inform the network administrator before proceeding to the following steps Internet Protocol TCP IP Properties Fs General 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS E You can get IP settings assigned automatically if your network support aris hi bility Otherwise d k k admini f Server field is empty select Using the a a A following DNS server addresses and enter the DNS Server address Then click OK IF address 5 2 Click Advanced to enter the Advanced TCP IP Subnet mask Settings window Default gateway Preferred ONS server Sl
44. LED on the front panel will start to soeed up blinking before resetting the system to default configuration Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc E i pe a ae Reserved for future use a i management use only it always will open WMI Web Management o homepage M WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplink connections to the external network such as the ADSL Router from your ISP Internet Service Provider 8 LANT LAN LAN1 LAN4 LAN4 Four Gigabit LAN ports for servicing LAN traffic 10 100 1000 Base T RJ 45 Power Supply Socket Connecting the power cord to the built in open frame power supply Input 100 240 VAC 50 60 Hz eae Device Cooling Fan Don t block the cooling fans Leave enough open space for ventilation s Powerswien Poweron TJE PowerON TO 14 2 2 6 WHG 707 Hardware SIRs i E Re oh bee WAN1 WAN2 SFP Two combo WAN ports SFP are connected to the external network such as the ADSL Router from your ISP Internet Service Provider 2 LAN5 LANG SFP Client machines connect to WHG Controller via these LAN ports SFP LED Indicators There are four kinds of LED WAN1 WAN2 LAN4 and LANS5 to indicate the ee WAN1 WAN2 Two WAN ports 10
45. Notification Configuration page the system will automatically send out the history information to that specified email address e Users Log All activities occur on the system within the nearest 72 hours are recorded in date and time order As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes Out of the user activities Users Log 2010 06 07 Date Type Name IP IPv6 MAC Pkts In Bytes In Pkts Out Bytes Out 210 e On demand User Log As shown in the following figure each line is a on demand user log record consisting of 13 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out 1st Login Expiration Time Account Valid Through and Remark of user activities On demand Users Log 2010 06 07 Date System Name Type Name IP IPv6 MAC PktsIn BytesIn Pkts Out Bytes Out activationtime 1st Login Expiration Time Account Valid Through e Roaming Out User Log As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming Out User Log 2010 06 07 Date Type Name NASID NASIP NASPort UserMAC SessionlD SessionTime BytesIn Bytes Out Pktsin Pkts Out Message Roaming In User Log As shown in the following figure e
46. Re ee ae AA AT 171 12 13 14 15 16 17 GHENT MOOI nenna a a a a a a 172 DNS Cahen E eae eee 173 Dynamic Domain Name S CIVICS aa cet is E A A ead 174 Portand IP FOwardiNgneascn aa a a a amare 175 Dynami AOUE eea a a a ih ultras Av mbna cemiuineatienine 176 System Management and Utilities ccccceccceeesecseeseeeeeneeneeneeeeeseesenneesennesseaes 179 12 1 See e AIA EEE E EA ncn AA E A E E A AE A A enn ge 179 12 1 1 INSU EEE EA E AE AT L E EEE EE A A ET A PT A AE ET EN AAE 179 t22 Manua SEWN ecean E Cee aac 180 12 2 ManagementiP serrera a 181 12 3 ACCESS HISO Posenin a E E aaatenacaaeadectietanarawten 182 12 4 ONI sc ec ata cat as ae cae cee es ae ap dae EE 183 12 5 CMANG GF ASS WO IC aac stedc tte ins Salas oes cigs OE 184 12 6 Backup Restore and Reset to Factory Defaullt ccccccccseccseeeeeeeeeeseeeseeeneeeneeeneeenes 185 12 7 Firmware Urade naene O danas aaternstaddsie 186 12 8 Restar onenei E a led al scadaduuart 187 12 9 NetWork TINY saioren cores E E A 188 1210 CENCE onepu EE EEE 190 2a 2AAOMUMISTFATON ACCOUN eers aean e tncsaanauaaiiea Oa 193 12142 MONIO Poraa n a a 196 T23 OGON Soenen AC E na A eee 197 System Status and Repotts 11cccceecccceeceeeeeseeneenseeeenseeeensesenseesenseesenseesensessenes 200 13 1 VEW E aS aka ee a a ee eee eee eee 200 okele System otai S e a e a eee 201 Io2 Merate Slas sienet AG a a aot ee BOA e ated elu riatath 203 ire ea irs EON sais
47. Server 3 Enable Disable Class Attribute Value Remark Group DM amp CoA Settings Under some circumstances it may be desirable for a network 75 administrator to make changes in session characteristics without requiring to access Controller WMI to initiate change For example a network administrator may need to terminate a session or change the authorization attributes associated with a session This is possible through RADIUS DM amp CoA messages Administrator can specify the white list of devices that the Controller deem as authentic message source RADIUS Client Device Settings Type IP Address Subnet Mask Secret Key SNMP Community DM amp CoA 10 0 0 0 255 255 0 0 16 x eoneccee Disable Roaming Out 192 168 0 0 255 255 0 0 16 v eeecccce ji f i 802 1X 10 0 5 39 255 255 255 255 32 v sieeenun DM amp CoA JE _ l Disable 255 255 255 255 32 v Devices configured here with correct shared key are allowed to issue to Controller change of authorization CoA messages which affect session authorization or disconnect messages DM which cause a session to be terminated immediately 76 The drop down selection list allows 3 options Follow Server s Setting Overwrite Server s Setting and Set if not presented Follow Servers Setting Follow Server s Setting lt Overwrite Servers Setting Set if not presented If Follow Serve
48. Settings Close window on exit O Always Never Only on clean exit Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADIUS Server Step 2 Login the Linux Host of the RADIUS server EJ L a C g vivian linux login as vivian vivian10 2 3 217 s password Last login 3 13 53 37 2008 from 10 29 2 97 wivianflinux 4 Step 3 Create a file dictionary LevelOne under the freeradius folder wiviand linux wi fusr sh Step 4 Edit and save the content of the file dictionary LevelOne as the following 296 4ipnet interger 4ipnet VENDOR F z R ATTRIBUTE interger 4ipnet ATTRIBUTE vt interger 4ipnet ATTRIBUTE rt a interger 4ipnet ATTRIBUTE 4Fipnet B interger 4ipnet ATTRIBUTE 4Fipnet MaxByteln 4G68 2 interger ipnet ATTRIBUTE 4ipnet MaxE In 4G5 ce interger 41ipnet Step 5 Edit the file dictionary under the folder freeradius vivian linus wi fusr share freeradius dictionary Step 6 Include dictionary LevelOne in the dictionary of RADIUS server Insert it in an incremental position that easy to find it again INCLUDE dictionary ascend INCLUDE dictionary bay INCLUDE dictionary bintec INCLUDE dictionary cabletron INCLUDE dictionary 4ipnet S INCLUDE dictionary cisca f 3 This is the
49. Status x AP Name EAP200_Ext E ymp AP Status Online l fy FOF Clients 0 g less info AP Statistic AFP Status ClientList WDS List Link IP Camera The security camaera connected to this AP e t 2 L HAE 010 Kinoway 14 BEET AP status Client List and WDS List information listed are collected from the remote AP via SNMP 162 10 5 4 Operations from Map page Goto Map Taipei bridge Goto AP OWL800_1 Show Coverage gt Goto Map When you have configured multiple map profiles this function allows switching between different maps gt Goto AP This function is for administrator to select an AP on the list and the map will shift to show the selected AP in the center of the map gt Show Coverage This button once pressed will display the signal coverage of all the APs on the map according the coverage radius set in each AP s profile under List tab page Show Longitude and Latitude Save Modification List APinthisMap List WDS in this Map AddaNewMap EditThisMap Customize Image gt Show Longitude and Latitude This function when pressed will display in a pop up window the longitude and latitude of the map s current center point gt Save Modification This function is for saving the changes made to the map and overwriting the maps profile attributes For instance if you have altered or panned the original map clicking this button will save the changes made
50. Wide Area AP Status Change Wide Area AP Report CPU Loading Detail Test Detail Detail Detail Detail Detail Detail SYSLOG Detail Detail Detail Detail Detail Detail Interval gt Detail Clicking this radio button allows the configuration of the E mail subject for the corresponding log gt Send Clicking this radio button sends a test log to the selected E mail address Sending Logs to SYSLOG The following log types can be sent to external SYSLOG servers configured in SYSLOG Settings Users Log On demand Users Log Session Log Hardware Log HTTP Web Log and DHCP Server Log Click the desired log type and select the time interval for sending log 1 Monitor IP Report Users Log Notification Settings Receiver E mail Address es Detail Test 2 3 4 5 On demand Users Log Session Log Local Area AP Status Change Wide Area AP Status Change Wide Area AP Report C CPU Loading Memory Usage C Network Delay Network Traffic Associate Client C VAP Traffic O WDS Traffic Hardware Log HTTP Web Log DHCP Server Log DHCP Lease Log N A N A N A N A N A Detail Send Detail Send Detail Send Detail Send SYSLOG Detail Detail Detail Send Detail
51. a near default state with minimum configuration changes such as WAN settings and admin password then refer to this manual later when you want to configure the system for specific Unpack the WHG Controller and go through the package checklist Review the front panel and the back panel and identify each control and network interface that is described in the Hardware amp Specification section Prepare Ethernet cables with RJ 45 connectors Prepare a PC with Web browser for accessing the Web Management Interface Identify an upstream device for WHG Controller to connect to in your network such as ADSL CABLE modem or other edge devices Collect the DNS server address provided by your ISP application needs The recommended general steps for the configuration are Set up system s Time Zone NTP server DNS server and WAN1 address Configure LAN address range for at least one Service Zone and enable its authentication The Default Service Zone is enabled to require authentication by the factory default Create user accounts to test the login page via wire line in the enabled Service Zone Try to generate on demand user and test the account Configure Wireless Settings of Service Zone then add in AP Configure more Service Zones base on your application Set up Group and Policy including Firewall rules and Session Limit Customize the portal login page and add walled garden Advertisement links if needed Set up Pa
52. aa a a Rn ia EE 120 8 2 2 TNS HMOT raine a E E E a a aE R 121 8 2 3 LETTE Ea a Th a a a A A EE EAE A E E AEEA A E A in err E oe 122 8 2 4 Change Password PrivilegGrsscssed iaee a a a a cha dcaanuncaubice jeua enue 123 8 2 5 Proxy SIV CP oie ct arte a decane Re A R e E R 124 Local Area AP Management 1 c1ssceescceseeneseeeneeenseenseeesseenseonseeesseeaseoneeoeseseaeens 126 9 1 Mu ltiple TYS OTAR ssrin a ete eee ee ee ee eee 127 9 2 GONnTGUIC AP Template sierra EE EER 128 9 3 AP DISCOV CRY coumenea e E rA T 131 9 3 1 AP Background DISCOVEl ys cd ncaa a a cos Vieanat ave day Deal 133 9 4 Manually add AR ecshintes aac rath aui ctcieieeeeie cm elecahasssaasceshec digest al cedahcas auieatectousee ares neustnee 134 9 5 APWE SERVICE ZONG airera staph edu cole Aa cee res Agatti ce ah cee iach etal eS 135 9 6 PA SO CUNILY seora E O Sencetuataa disc a a O E Mace a 137 9 7 Change managed AP settings ccccseccceccceeeceececeeecceeeceueeceeeceueeeucesueeeeeessueenseeseeesaas 138 9 8 AP Operations TOM Ale LIST sco artan cise scet atasennoasiedeutentababaon todos a ree 141 9 8 1 Reboot Enable Disable and Delete the AP 0 0 0 eee ec eccecceeceeceeceeeneeneeceeeeeeeeeeeeeeeesaeeneens 141 9 8 2 7416 kV Templalo ierrene a pele eh ern Re cre ean er me ee en ee 142 9 8 3 Apply Service Zone Tag Based Only cccccccccsssseceeceeeeeeeeeceeeseceeesseaeceesseeaseeesssaaeeeeeseeas 143 9 9 Firmware management ANd UPGLaCe
53. be configured from the WHG Controller s WMI This is because apart from personal or home usage most other environment typically needs more than one AP to service a lot of clients places like franchised hotspots multiple offices school campuses etc where in many of these environments it is required to cover both indoor and outdoor areas Therefore it is necessary to be able to manage multiple types of APs Indoor and Outdoor at the same time View AP Overview go to Access Points gt gt Enter Local Area AP Management gt gt Overview In the Overview page all of the supported AP type will be listed here AP Type List AP Type No of AP OnLine OffLine No of Client EAPIOO g 0 g g EAFP110 0 g 0 g EAP 200 g 0 a a EAPSOO g 0 0 0 EAP YOO g 0 g g OWL400 g 0 OWL410 g 0 g 0 OWL500 g 0 g o OWL510 0 0 0 g Because the WHG Controller can manage many different models of access points the easiest way to configure a lot of APs is by AP Template You can configure one template for each AP model and then apply this template to many managed APs at once 127 9 2 Configure AP Template Configure AP Template go to The system supports up to three templates which include configurations of APs The administrator can configure the setting together in the template instead of logging the AP management interface to set the configurations one by one Select the AP type if available and one of the three available templates and then clic
54. certificate store 4 certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections 4 certificate store is the system area where certificates are kept To continue click Mex 7 Select Automatically select the certificate store based on the type of certificate and then click Next 274 Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location For Place all certificates in the Following store Gertificabe store Browse 8 Click Finish Certificate Import Wizard Completing the Certificate Import Wizard You have successfully completed the Certificate Import wizard You have specified the Following settings Certificate Store Selected Automatically determined by t Content Certificate 215 9 Click Yes Security Warming x A You are about to install a certificate from a certification authority CA claiming to represent com sg Windows cannot a that the certificate is actually from 1 com sg You should confirm its origin by contacting z com Thumbprint shat CI Warning If you install this root certificate Windows will automatically trust any certificate is
55. client of Windows OS e ActiveX Component The ActiveX is a software component running inside Internet Explorer The ActiveX component can be checked by the following windows Manage Add ons View and manage add ons that are installed on your computer Disabling or deleting add ons might prevent some webpages from working correctly Show Add ons that have been used by Internet Explorer iy Name Publisher Status Type File A amp Google Script Object Google Inc Enabled ActiveX Control google gt Google Toolbar Helper Google Inc Enabled Browser Helper Object googlel S IExpress Enabled Browser Helper Object iexpres a Java Plug in 1 3 1 _02 Sun Microsystems Inc Enabled Activex Control ss dll a Java Plug in 1 5 0_10 Sun Microsystems Inc Enabled Activex Control ss dll S SearchAssistantoc Microsoft Corporation Enabled ActiveX Control shdocy 3 Shockwave Flash Object Adobe Systems Incorpora Enabled Activex Control Flashot 3 SS Helper Class Sun Microsystems Inc Enabled Browser Helper Object ssv dll amp Sun Java Console Sun Microsystems Inc Enabled Browser Extension ss dll TGSearch Enabled Activex Control TGSeart PNClient ipsec D Link Corporation Enabled ActiveX Control PNClie S windows Messenger Enabled Browser Extension XML Document Microsoft Corporation Enabled Activex Control msxmlz gt Settings Delete Activex Click an add on name above and Enabl Click the name of an and then cli
56. connection time Customer also needs to activate the issued account within a given time period by logging in for the first time Apply Usage time No Expiration account lifespan lt gt Activation Time Quota up QU AT Deletion Time Wanhan Time DT E Invalid gt Valid 61 Hotel Cut off time Hotel Cut off time is the clock time normally check out time at which the on demand account is cut off made expired by the system on the following day or many days later On the account creation UI of this plan operator can enter a Unit value which is the number of days to Cut off time according to customer stay time For example Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account Is cut off that allows user to continue to use the on demand account to access the Internet without paying additional fee Unit Price is a daily price of this billing plan Mainly used in hostel venues to provide internet service according to guests stay time Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Account Type Hotel Cut off time Hotel Cut off Time HH MM range 00 00 23 59 Account remains usable for 0 hour s after cut off per day Unit Price Range 0 100000 including two dig
57. effort to meet changing market demands at the least possible cost 4ipnet delivers a diverse array of turnkey high performance products and mission critical applications to bring reliability and manageability to increasingly complex wireless networks 4ipnet s complete WLAN infrastructure solution portfolio addresses the needs of different network operation environments ranging from the ISP to the SOHO with an emphasis on simplified network deployment centralized network management and enhanced network performance 4ipnet FCC CAUTION WHG 311 This equipment has been tested and proven to comply with the limits for a class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect
58. eve of me fit The Search field allows administrator to search for mapping entries according to VLAN ID Room Num Location ID or Service Zone Click the VLAN ID link to enter the Port Mapping Profile page for that entry You can change the Port Type or Service Zone of this room You also can check the present user account information Port Mapping Profile VLAN ID 101 Room Number 101 Port Type Free Room Description Service Zone aar Room Available User Name Password feho 8sk7g282 Plan Type TIME Plan Quota 5 hr s Remaining Quota 5 hrs User Account Status Online Reference roomN 101 5 Accessing Internet from a room After planning your VLAN network and completing all the Port Location Mapping settings you should verify whether the configurations are working properly According to the Port Type set when a user tries to access the internet from a VLAN mapped room the pages or messages displayed are as follows gt When a user tries to access internet from a Single User room the browser will show the Login page with a list of available plans and service agreement The Service Agreement body can be configured at the applied Service Zone s Custom Pages settings User may chose a billing plan click the Confirm button and the system 304 will display the generated account name and password If you already have a user account you can click the here link to login with the user account that you posse
59. factory default setting is needed for the logout interface click the Use Default Page button lt form acton usenogeout shtnwd metho post name E nter gt Input type text name mwusemame lt input type m sswond name mypassword gt lt input type submit na mes submit value Logout gt lt input type reset name clear value Clear lt Tonne 235 15 5 How External Page Operates Choose External Page if you desire to use an external web page for your custom pages Simply enter the URL of your external webpage click Preview button to check if it is reachable take a look at how your external webpage will be displayed then click Apply button Login Page Selection for Users Service Zone S71 Default Page Template Page Uploaded Page External Page External Page Setting Preview Main Menu gt System gt Service Zone gt Service Zone Configuration gt Login Page When a user connects to this Service Zone opens a web browser and attempts to access the internet the system will redirect the user to the external login page configured Gateway while redirecting users to the external web page will also send URL parameters required for the operation for instance user authentication Therefore each self defined external pages Login Logout Login Success Logout Success etc requires codes to handle URL parameters to and from the Gateway A simple example is illustrated below
60. fau de NTP Server 3 clock cuhk edu hk NTP Server 4 ntpsi1 pads ufrj br NTP Server 5 ntpi cs mu 07 AuU gt Manually set up Time 179 12 1 2 Manual Settings The time can also be manually configured by selecting Manually set up and then entering the date and time in these fields System Time 2010 06 02 18 21 16 Time Zone GMT 08 00 Taipei Time NTP Manually set up MHour Mminutel v Second 180 12 2 Management IP Configure Management IP go to Only PCs within this IP range on the list are allowed to access the system s web management interface For example 10 2 3 0 24 means that as long as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 the user can access the web management page Management IP Address List No Active IP Address Segment No Active IP Address Segment E 2 E 3 D D 4 oO Po s E s E S The default value is 0 0 0 0 0 0 0 0 It means that the WMI can be accessed by any IP address for security consideration please change this value before the system provides service 181 12 3 Access History IP Configure Access History IP go to Specify an IP address of the administrator s computer or a billing system to get billing history information of WHG CONTROLLER
61. http code google com apis maps fag_html keysystem How you use your key depends on what Maps API product or service you use Your key is valid for use within the entire family of Google Maps API solutions The following examples show how to use your key within the Maps API product family JavaScript Maps API Example Within the JavaScript Maps API place the key within the script tag when you load the API i Note you will need to replace the sensor parameter below with either an explicit true or false value script src http maps google com maps file apidamp v 2 amp sensor rue_or_fa setamp key ABQIAAAAKE _mMpRETPZUXaD rSpaUTBTQNSXwOwi t7VEiW QmsI2ki oN7BTEWP n 4 Wm See Loading the Maps API in the JavaScript Maps API documentation for more information 158 10 5 2 Create a Map Now return to the Map tab page in WHG Controller s WMI and Scroll down to the bottom of the page click on the Add a New Map button Add a New Map Distance Calculation From To Address Address Result 4 Google Maps Registration Key ABOIAAAAKT_mMpRETPZUXaDrSpaUTBTONSXw9wit7VEIW QmsIzRiVcN An editing page will open for configuration please fill in a Map Name for this map and its geographical location as defined by Longitude and Latitude remember to also fill in the Key issued by Google Finally choose the Zoom Level and Map Type and click the Save button Main Menu gt Outdoor Access Points gt
62. if no reply then resend the packet Primary Secondary RADIUS Server Authentication 3 Enter the domain name or IP address of your RADIUS Server erver Authentication Port Enter the Port number used for authentication Authentication Secret Key used for authentication Secret Key Authentication Select Challenge Handshake Authentication Protocol CHAP or 71 Accounting Service Enable Disable RADIUS accounting Accounting Server Enter the Accounting Server domain name or IP address Accounting Port Enter the Port number used for accounting Accounting Secret Password Authentication Protocol PAP Secret Key used for accounting Key Note The Authentication Server and Accounting Service operates in sets which means if the Authentication Server set under Primary RADIUS Server is unavailable then the system will refer to Secondary RADIUS Server setting without referencing the Accounting service settings under Primary 6 1 3 Configuring Local Local is the Controller s built in static user account database The number of user account supported will be different for different models Please refer to the specification details for capacity number of your WHG Controller model e ete Oooo m a e Name Configurable text string designated as the mnemonic name of this authentication option e Postfix Is the text string entered as a postfix in the account field for notifying the Controller which authenticati
63. keyword of a username to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed Del All Click on this button to delete all the users at once or click on Delete to delete the user individually Edit User If editing the content of individual user account is needed click the username of the desired user account to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Applied Group optional Enable Local VPN optional and Remark optional Click Apply to complete the modification Add User Upload User Download User Search Local User List Applied Group Password MAC Address Local VPN Enabled Del All Add User Click this button to enter into the Adding User s to the List interface Fill in the necessary information such as Username Password MAC Address and Remark Select a desired Group to apply to this local user account Check to enable Local VPN in the Enable Local VPN column if you wish to establish a VPN link between the Controller and user device using this local account Click Apply to complete adding the user s MAC address entered here means that a networking device can be bound with a local user as well Therefore user must login to system with a networking device PC that has this MAC address so this user can n
64. not found sorry this username XXX is out of quota Sorry this username XXX is expired Sorry this username XXX is redeemed Value Integer Sec Or Byte Remaining quota if user is time type the value is remaining or error no seconds if user is volume type the value remaining bytes 1 Account not found 246 2 Out of quota 3 Expired 4 Redeemed Uname String User name Type String includes On demand user billing type TIME Time type DATA Volume type CUTOFF Cut off type Change password Local User Path LAN IP address or Internal Domain Name loginpages user_change_password shtml Input Field Required Value Description Save Required 1 have to be 1 Opw Required String Old password Now Required String New password Npwc Required String Confirmed new password ret_url Required String URL encoded Return URL Output Client would be redirected to ret_url and gateway would add result in ret_url which indicates the result of changing password Field Value Description Result String including Result and error messages Change password successfully User password is incorrect Invalid password format Redeem On demand user Path LAN IP address or Internal Domain Name loginpages redeemuserlogin shtml 247 Input Field Required Value Description Uid Optional String Current user ID If not presented user name stored in cookie is the default value upassword Opti
65. not match the name of the site Do vou want to proceed 1 View Certificate 2 The User Login Page will appear User Login Username Password Remember Me 3 The user can now login normally 2 7 Appendix B Network Configuration on PC amp User Login Network Configuration on PC After WHG CONTROLLER is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup Windows 9x 2000 1 Choose Start gt gt Control Panel gt gt Internet Options 2 Choose the Connections tab and then click Setup 2 8 18 x File Edit view Favorites Tools Help Back Search Gyrolders Buistory AS G2 X A Ea Address aa Control Panel gt Go his P A Accessibility Add Remove Add Remove Administrative Date Time Options Hardware Programs Fonts Control Panel Internet Options Configures your Internet display and connections settings Folder Options Windows Update Windows 2000 Support oN A yy ne sty ww cE Sty m wt Keyboard Mouse Network and Phone and Power Options Dial up Co Modem a Awe 4 Printers Regional Scannersand Scheduled Sounds and Options Cameras Tasks Multimedia System Usersand YMware Tools Paccminr de z Configures your Internet display and connections settings g My Computer Internet Properties General Security Con
66. omd exs Running gt Sorin Charge 29759400E f 6415 Suvibchi Tic Precesess 47 HI zags 055 3 Execution of instructions given by the following Windows messages gt Close the Windows Internet Explorer gt Click Logout on Login Success page gt Click Back or Refresh of the same Internet Explorer browser page gt Enter a new URL in the same Internet Explorer browser page gt Open a URL from the other application e g email of Outlook that occupies this existing Internet Explorer Click Cancel if you do not intend to stop the IPSec VPN connection e Non supported OS and Browser Currently Windows Internet Explorer is the only browser supported by the system Windows XP and Windows 2000 are the only two supported OS along with this release 225 FAQ 1 How to clean IPSec client ANS Open a command prompt window and type the commands as follows C gt cd windir system32 C gt Clean_IPSEC bat or C gt cd windir system32 C gt ipsec2k exe stop 2 How to remove ActiveX component in clients computer ANS Uninstall and delete ActiveX component Close all Internet Explorer windows 3 Open a command prompt window and type the commands as follows C gt cd windir system32 C gt regsvr32 u VPNClient_1_5 0ocx C gt del VPNClient_1_5 ocx 3 What can do if unable establish IPSec connection for Windows XP SP1 ANS Disable Windows XP firewall 226 14 2 Remot
67. on Sign up for a Google Maps API key 1 Your relationship with Google Docs tony chen cipherium com tw My favorites Forum Terms FAQ Articles Blog How Do I Start 1 Sign up for a Google Maps API key 2 Read the Maps API Developer s Guide 3 Read the Maps API Reference 4 Join the announcements group to receive important updates enter email Join 1 1 Use of the Service is Subject to these Terms Your use of any of the Google Maps Google Earth APIs referred to in this document as the Maps API s or the Service is subject to the terms of a legal agreement between you and Google Inc whose principal place of business is at 1600 Amphitheatre Parkway Mountain View California 94043 United States Google This legal agreement is referred to as the Terms v have read and agree with the terms and conditions printable version Tip Signing up a key for hittp yourdomain com is usually the best practice as it will work for all subdomains and directories See this FAQ for more information Generate API Key Click the terms and condition check box and fill in your WHG Controller s WAN IP address Google will generate an API key for your WHG Controller Thank You for Signing Up for a Google Maps API Key Your key is ABQIAAAAKE_mMpRETPZUXaD rSpaUTBTONSXwOwi t7 EiW Qmsl2Ri oN7TBTEWPVnl 1 5GqXOpecOYJ AeFkFew6d Note for more information on the API key system consult
68. red asterisks are required to be filled in IP Address The IP address of the WAN1 port Subnet Mask The subnet mask of the WAN1 port Default Gateway The gateway of the WAN1 port Preferred DNS Server Statically designate the primary DNS server to be used by the system Y Y VV WV Alternate DNS Server The substitute DNS server used by the system This is an optional field Dynamic It is only applicable for the network environment where the DHCP server is available on the upstream network Click the Renew button to get an IP address automatically gt Learn DNS Server Address During Negotiation When this check box is selected the Controller will automatically learn the IP address of DNS server through DHCP messages received gt Preferred DNS Server Statically designate the primary DNS server to be used by the system gt Alternate DNS Server The substitute DNS server used by the system This is an optional field PPPoE If your ISP provides PPPoE Dialup connection then the ISP will issue you an account with a password You would need to enter the account credential in the WAN configuration page for dialing up to the ISP gt Username The username issued by your ISP as dial up account gt Password The dial up password issued by your ISP gt MTU Maximum Transmission Unit of a PPPoE frame The PPPoE protocol allows an Ethernet frame s size to be up to 1492 bytes but some ISP s network equipments may support a smaller f
69. same as the altiga dictionary H SINCLUDE dictionary cisco vpn3000 INCLUDE dictionary cisco vpnso00 INCLUDE dictionary cisco bhem INCLUDE dictionary colubris INCLUDE dictionary e amp r a Pan i l Step 7 Open the radius database 297 wiviani linux 4 mysql u root p radius Enter password Reading table information for completion of table and column names You can turn off this feature to get a quicker st with Welcome to the MySQL monitor Commands end with Your My50L connection id is 96 to server wersion Type help or h for help Type mysql gt Step 8 Insert VSA into RADIUS respond In this example the maximum download and upload in bytes for group03 users is 1MBytes mysql gt INSERT INTO radgroupreply GroupName Attribute op Value VALUES groupOs 4ipnet Byte amount 10468576 Query OF 1 raw affected U SEC exit Step 9 Thu Oct 30 14 26 41 2008 Info Starting reading cont 298 Appendix E VLAN Port Location Mapping and PMS Middleware This section introduces the Port Location Mapping feature This feature is designed for creating multiple VLAN divisions as if they were separate LAN ports under a Service Zone and mapping these VLANs to different locations individually This feature can be utilized to provide separate VLAN to separate clients in MTU MDU deployments where a VLAN switch is deployed under the
70. steps may be taken to provide a workaround or to bypass the issue 1 Open the IE7 browser and you will be redirected to the default login page If the certificate is not trusted the following page will appear Click Continue to this website ertificate t Or Nay patio blocked Go http www google com File Edit view Favorites Tools Help jy Favorites 299 Login Certificate Error Navigati X eee 3 There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information 2 The default User Login Page will appear and the users can then login normally File Edit view Favortes Took Help wy Favorites 59 g x 7 2 1 For installing a trusted certificate to solve the IE7 certificate issue please follow the instructions stated below 1 When the User Login page appears click Certificate Error at the top Go Pm cotta rer File Edit View Favorites Tools Help ng Favorites E Glogn x C Remember Me 2 Click View Certificate Login Windo
71. the List is enabled it will be assigned an available IP from the starting IP address set in checked Service Zone profile and applied with the selected template You can also set the channel of the AP would use A The scanning process may take a long time if the IP range assigned to scan is too wide 133 9 4 Manually add AP Add an AP Manually go to Access Points gt gt Enter Local Area AP Management gt gt Adding The administrator can add supported APs into the List table manually here Similar to the AP added after discovery a manually added AP will show up with a status of configuring in the AP List initially The system will attempt to configure the AP with the value specified A couple of minutes later the AP s status will become online or offline on the AP List The AP can also be added manually without being online Input the related data of the AP and select a Template After clicking Add the AP will be added to the managed list Y Y VV VV WV v Adding An AP to the List AP Type EAP100 AP Name Admin Password admin IP Address MAC Address Remark LJ Default Service Zone C1sz7 Template Applied TEMPLATE1 Channel 1 v AP Type The model type of the AP for adding to the List AP Name Mnemonic name of the specific AP Admin Password Password required for this AP IP Address IP address of the specified AP MAC Address MAC address of the specific AP Remark Some extra
72. the connected AP is under default settings Select Manual and fill in the IP address range if the connected APs IP address has been modified Click the Scan Now button and the APs matching the configured criteria will de displayed in the Discovery Results list below 131 Discovery Results The newly discovered APs will be listed here When the system s Service Zone is set to Tag based mode service zones also can be assigned here After clicking Add the current management page Is directed to AP List where the newly added APs will show up in the AP List with a status of configuring It may take a couple of minutes to see that the status of the newly added AP change from configuring to online or offline Discovery Results IP Address AP Name Template ee AP Type Service Zone Add MAC Address Password Channel 192 168 1 1 NEWDEW 00001 TEMPLATE1 00 47 03 14 CA 02 admin Auto gt AP Type The model type of the discovered APs gt IP Address IP address of the specified AP gt MAC Address MAC address of the specific AP gt AP Name Mnemonic name of the specific AP configurable gt Admin Password Password required for this AP configurable gt Template Administrator can select a template profile which will be applied to the added AP gt Channel The selected channel will be applied to the added AP gt Service Zone The item is only available for selecting service zone when Tag B
73. the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help WHG 315 WHG 401 WHG 505 WHG 515 WHG 707 These equipments has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense o_o MDa 2 1 2 3 2 4 3 1 3 9 4 1 4 2 TA 6 1 6 2 Table of Contents Before Yo Sla ansc a sant ai va wasice uk ace aae saceasaeceaes 8 PrE 1 gt eee teen a ere eter near a a are ean en ee ere eae Ren Pe eee 8 Document GOMV SMEONS 2 isons os njsrontcin ions aA 8 WHG Controllers Installation Guide c11 ccccscceeeeeeeeseeeeneeeenseeeneeeeneeeenseeeneesenees 9 WHG Controller Capacity Table riseire a a aa 9 WHG Controller Hardware OvervieW cccccscccsceceeeceseecseeeeeeceueesueetenetseeseueeseeetsneesaees 10 22 16 WAG a eg Fe 0 en
74. the external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button at the bottom of this page The user defined logout page must include the following HTML codes to provide the necessary fields for username and password lt form action userlogin shtml method post name Enter lt input type text name myusername lt input type password name mypassword lt input type submit name submit value Enter lt input type reset names clear values Clear gt lt form gt 234 15 4 Load a Customized Logout Page Custom Pages gt gt Logout Page The administrator can apply their own logout page in the menu As the process is similar to that of the Login Page please refer to the Login Page gt gt Uploaded Page instructions for more details Logout Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page Uploaded Page Setting File Name a Existing Image Files Total Capacity 512 K Now Used 0 K Upload Image Files Upload Images Browse Preview The different part is the HTML code of the user defined logout interface must include the following si Noi HTML code that the user can enter the username and password After the upload is completed the ote customized logout page can be previewed by clicking Preview at the bottom of this page If restore to
75. this specific authentication option 55 6 1 1 Configuring On demand The administrator can enable and configure this authentication method to create on demand user accounts This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment Major functions include accounts creation users monitoring list billing plan and external payment gateway support Authentication Server On demand User General Settings Configure Ticket Customization Configure Billing Plans Configure External Payment Gateway Configure On demand Account Creation Create On demand Account Batch Creation Create On demand Account List View 1 General Settings This is the common setting for the On demand User authentication option The generated on demand users and all accounts related information such as postfix and unit will be shown in this list General Settings None Susp Gap EUR Currency k KA Input other desired monetary unit e g AU 10min s 15min s 20min s e Postfix Postfix is used to inform the system which type of authentication database as account belongs to for authentication when multiple databases are concurrently in use Enter the string to be used as postfix for on demand users e Currency Select the desired monetary unit or specify other unit in the input field
76. to configure the relation between Group and Service Zone 90 Group Permission Configuration amp Policy Assignment Service Zone 71 To Zone Permission Group Option Enabled Policy COTIA ten Group 1 Policy 3 i Group 1 Groun 2 Group 3 Policy 11 Group 3 Group 4 d Group 4 Group 5 Fi Group 5 Group 6 P Group 6 Group 7 Fi Group 7 Group amp Fi Group g User Grou Policy 11 Service Zone 1 At Service Zone 1 Group 1 user is ruled by Policy 3 Group 2 is by Policy 9 and Group 3 is by Policy 11 Other Groups are not enabled to access Service Zone 1 91 Group Permission Configuration amp Policy Assignment Service Zone Default To Zone Permission Group Option Enabled Policy A Group 1 Group 1 Group 2 Group 2 Group 3 Group 3 Group 4 Group 4 Group 5 Group 5 Group 6 Group 6 Group 7 Group 7 Group 8 Group 8 Group 9 Group 9 Group 10 Group 10 Group Option The name of Group options available for selection Enabled Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under constraints of the selected Policies Check Enabled of each individual Group to assign it to the Service Zone listed Policy Select a Policy that the Group will be applied with when accessing this Service Zone To Zone Permission Configuration Click the hyperlink in the To Zone Permission Configuration column to enter Zone Permission Configuration amp Policy Assignment interface which is based on t
77. to extend their quota After the user has get or buy a new account they just need to click the Redeem button in the login success page input the new account Name and Password and then click Enter This new account s quota will be extended to the original account But Redeem function can only redeem to same type of account Time account must redeem with Time account Volume account must redeem with Volume account only When the remaining quota is insufficient the user can add up the quota by purchasing an additional account Please enter the new username and password in the Redeem Page and click Enter button to merge the two accounts so that there will be more quota for the original account gt Note gt Note Redeem Welcome to Redeem Page Please enter the username and password to Redeem Username sd Se eae The maximum session time data transfer is 24305 days 9 999 999 Mbytes If the redeem amount exceeds this number the system will automatically reject the redeem process Hotel Cut off and Duration Time accounts do not support redeem function 72 6 1 2 Configuring RADIUS Remote Authentication Dial In User Service RADIUS is a networking protocol that provides centralized Authentication Authorization and Accounting AAA management for computers to connect and use a network service Choose RADIUS from the Authentication Database field The Local VPN option c
78. used to provide internet service to this room VLAN ID The VLAN ID to be designated to this room Room Number Location ID The room number mapping to this VLAN ID Room Description Location Name Additional reference or remark information of this room A The VLAN Tags configured in Port Location Mapping must not conflict with any of the VLAN Tags that has been assigned to each Service Zone When you have finished creating Port Location Mapping profiles go back to the Port Location Mapping page the Port Location Mapping List displays all the profile entries with information such as its VLAN ID Room Num Location ID Port Type and Service Zone 3 PMS Middleware For hospitality application Now let us begin to configure the PMS Middleware Net Retriever connection Configure Middleware Connection Setup go to Users gt gt Middleware gt gt Connection Setup gt Middleware Configuration Middleware Configuration Connection Setup Event Log Event Log Record all the Middleware Event Log gt Middleware Connection Setup 302 Connection Setup Interface Port 6324 Middleware ID MI ID Pa 9999 Access Controller ID AC ID 1 9999 Link Test Interval 60 600 seconds Connection Setup Enter the Secret Interface Port MI ID AC ID and Link Test Interval for Middleware connection Secret The secret key between Guest Service Device and PMS Middleware for challenge and response
79. which of the certificates will be used during CAPWAP negotiation between AC and AP If the certificate selected is invalid the negotiation will be unsuccessful and the AP will not be automatically added in the managed List gt WHG Access Controller IP List The AC can statically designate other CAPWAP supported ACs as backup AC for CAPWAP APs in case it can no longer provide service The No designates the priority of these backup ACs to the AP in the event that the original AC is down the AP will first attempt to join the No 1 backup AC and so on 169 11 Networking Features of a Gateway 11 1 DMZ Configure DMZ go to The system supports specific sets of Internal IP address LAN to External IP address WAN mapping in the Static Assignments The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN1 that will change dynamically if WAN1 Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN1 interface Each Static Assignment could be bound with the chosen External Interface WAN1 or WANZ2 There are specific sets of static Internal IP Address and External IP Address available Enter Internal and External IP Addresses as a set After the setup accessing the WAN will be mapped to access the Internal IP Address These settings will become effective immediately after clicking the Apply button A
80. with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History https 10 2 3 213 status history 2005 02 17 J https 10 2 3 213 status history 2005 02 1 T Microsoft Internet Explorer Fle Edt View Favorites Tools Help Qad x 2 A Search cy Favorkes eP Meda Oe G Date TYFE Name IP war Packets In Bytes In Packets Out Brtes Out 2005 02 17 18 09 03 0800 LOGIN aaagwl 300 tw 192 168 30 189 00 0C F1 28 BF pea 0 0 0 0 On demand History https 10 2 3 213 status ondemand_history 2005 02 17 J https 10 2 3 21 3 status ondemand hisbory 2005 02 17 Microsoft Internet Explorer Edt Yiew Favorites Tools Help gt a als Search S Favorites Wf Media 6 J a E Date Sys tem Name Type Name IP Mar Packets In Bytes In Packets Out Bytes OutExplret ime Valid 2003 02 17 16 44 19 0800 OA W1300 Casper 213 Create_OD User N7E9 0 0 0 0 00 00 00 00 00 00 0 0 0 2005 02 17 16 44 57 0800 QA W1300 Casper 213 OD User Login NTEQ 192 168 30 189 00 0C F1 28 BF pa U 0 2005 02 17 16 45 22 0800 QA W1300 Casper 213 OD_User_Logout NTE 192 168 30 189 00 00 F1 28 5BF Da 32 14499 30 182 12 4 SNMP Configure SNMP go to If this function is enabled the SNMP Management IP and the Community can be assigned to access the SNMP Configuration List of the system SNMP Configuration List Item Manager IP Address Community 1 192 168 1 54 2 192 168 1 214 183 12 5 Change Pa
81. 00 Select RGB values in hex mode FFFFFF Select RGB values in hex mode FFFFFF Select RGB values in hex mode 000000 Select RGB values in hex mode User Login Page Welcome To User Login Page Please Enter Your Name and Password to Sign In username Fassword Submit Clear Remaining Copyright c Remember Me Preview and Edit the Image File Preview and Edit the Image File Preview Custom Pages gt gt Login Page gt gt Uploaded Page Choose Uploaded Page and upload a login page to the built in HTTP server Login Page Selection for Users Service Zone Default Default Page Uploaded Page File Name Total Capacity 512 K Now Used K Upload Images Template Page External Page Uploaded Page Setting OCO Existing Image Files Upload Image Files Browse Preview 232 The user defined login page must include the following HTML codes to provide the necessary fields for user name and password lt form action userlogin shtml method post name Enter lt input type text name myusername lt input type password name mypassword input type submit name submit value Enter lt input type reset names clear values Clear gt lt form gt And if the user defined login page includes an image file the image file path in the HTML code must be the image file to be uploaded Remote VPN lt img src images xx
82. 15 and are always enabled 43 5 6 LAN Partition Service Zone Configure Service Zone go to A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices By associating a unique VLAN Tag and SSID with a Service Zone administrators can separate wired network and wireless network into different logical zones Users attempting to access the resources within the Service Zone will be controlled based on the access control profile of the Service Zone such as authentication security feature wireless encryption method traffic control and etc There are up to nine Service Zones to be utilized by default they are named as Default SZ1 SZ8 as shown in the table below Service Zone Settings SSID Applied Policy IP Address Service Sar Network Zone Name i erau Alias icici Authen IPv6 Address ryp Option diii Policy 1 192 168 1 254 Default N A None Server 1 2001 CB46 5359 1 71 QA 707 Policy 1 172 21 0 254 S 1 N A WEP Server 1 2001 CB46 5359 2 1 Tag Based Mode Service Zone Settings l SSID a IP Address Service as Network Zone Default i DHCP Pool WLAN Alias Name separ Authen IPv6 Address ryp Option at i Policy 1 192 168 1 254 pr e 192 168 1 1 Default N A 192 168 1 100 None Ae i 2001 CB46 5359 1 1 QA 707 Policy 1 172 21 0 254 172 21 0 1 N A 172 21 0 100 WEP Server 15991 0846 5359 2 1 Port Based Mode VLAN Tag DHCP Pool Details Status
83. 16 10 29 3 137 2660 10 0 5 233 E J TIME_WAIT a 10 29 3 137 2604 10 0 5 233 80 ESTABLISHED 199 18 10 29 3 137 2655 10 0 5 233 80 TIME_WATT tcp 10 29 3 137 2650 10 0 5 233 E TIME_WAIT 10 29 3 137 2646 10 0 5 233 TIME_WAIT Total 21 First Prev Next Last Go to Page T Row per Page 209 13 1 8 User Logs View Traffic History go to Status gt gt Users Log This page is used to check the traffic history of WHG CONTROLLER The history of each day will be saved separately in the DRAM for at least 3 days 72 full hours The system also keeps a cumulated record of the traffic data generated by each user in the latest 2 calendar months Users Log Date Size Byte 2010 06 07 70 2010 06 06 70 2010 06 05 70 On demand Users Log Date Size Byte 2010 06 07 125 2010 06 06 125 2010 06 05 125 Roaming Out User Log Date Size Byte 2010 06 07 106 2010 06 06 106 2010 06 05 106 Roaming In User Log Date Size Byte 2010 06 07 112 2010 06 06 112 2010 06 05 112 SIP Call Usage Log Date Call Count 2010 06 07 0 2010 06 06 0 2010 06 05 0 Monthly Network Usage of Local User Month No of Entries Usage Data 2010 06 0 Download Since the history is saved in the system for limited time frame please manually copy and save the traffic AN history information for backup purpose If the Receiver E mail Address es has been entered under the
84. 2 1 1 32 1 0 0 9 0 8 0 7 0 6 0 5 0 4 03 0 2 0 1 0 04 10 00 10 05 10 10 10 15 10 20 10 25 10 30 10 35 10 40 10 45 10 50 10 55 MAXIMUM MINIMUM AVERAGE LAST w CPU 2 00 0 00 0 40 0 00 gt Item Select the type of report you wish to see Available report types are CPU Loading CPU Temperature Memory Usage Network Traffic Online User Successful Login Session DHCP Lease and DNS Query gt Time For selecting the time scale of the displayed graph The reports can be displayed on hourly daily weekly monthly or yearly basis 222 14 Virtual Private Network VPN 14 1 Local VPN The system is equipped with IPSec VPN feature To utilize IPSec VPN supported by Microsoft Windows XP SP2 with patch and Windows 2000 operating systems the system implements IPSec VPN tunneling technology between client s windows devices and the system itself regardless of wired or wireless network By pushing down ActiveX to the client s Windows device from the system no extra client software is required to be installed except ActiveX in which a so called clientless IPSec VPN setting is then configured automatically At the end of this setup a build in IPSec VPN feature will be enabled and ready to serve once it is launched for setup The goal of this design is to eliminate the configuration difficulty from IPSec VPN users At the client side the IPSec VPN implementation of the system is based on ActiveX and the built in IPSec VPN
85. 2 Configure Service Zone Network Configure Service Zone go to System gt gt Service Zones gt gt Service Zone Configuration Inter LAN Port Isolation Enable Auth Required Disable Subnet Mask 255 255 0 0 Network Alias List Enable DHCP Server DHCP Server Configuration Configure DHCP Server i i Reserved IP Address List DHCP Lease Protection O Enable Disable Router Mode Subnet Mask 255 255 0 0 Network Alias List Enable DHCP Server DHCP Server Configuration DHCP Server z Reserved IP Address List Configure DHCP Lease Protection Enable Disable NAT Mode gt Service Zone Status Each service zone can be enabled or disabled except for the default service zone gt Service Zone Name The name of service zone could be input here gt Network Interface O VLAN Tag Tag Base Only The VLAN tag number that is mapped to the Service Zone O Inter LAN Port Isolation Port Base Only Select Enable Auth Required or Disable When the option is Enabled clients under different LAN ports cannot ping each other When the option is Disabled clients under different LAN ports can ping each other When the option is Auth Required clients under different LAN ports cannot ping each other unless both of them has successfully authenticated O Operation Mode Contains NAT mode and Router mode When NAT mode is chosen service zone runs in NAT mode When Router mode is chosen this service z
86. 2 3 230 ExternalPage login htm Ploginurl https whg501 4ipnet com loginpages userlogin shtml remainingurl https whg5014ipnet com l v p x Google se O P 025 B ARRE Y nPee ES EEA BZ QR QR z de RHEE ElAcer p AEAEE v Exteranl Login Page H my AP 22e6 IRO Login Username Password Torn Ree Renan 238 URL Variables from Gateway This section displays all the URL parameters that are sent from the Gateway to the various external pages Description The URL which shall be submitted when user login The URL which shall be submitted when user want to get remaining quota VLAN ID Gateway activated WAN IP address Client IP address Client MAC address Encrypted session information include client IP address MAC address date and return URL Description User ID postfix is included Authentication server name External Login Page Variables Field Value loginurl String URL encoded remainingurl String URL encoded vlanid Integer 1 4094 gwip IP format client_ip IP format umac MAC format separated by session String External Login Successful Page Variables Field Value Uid String Utype String LOCAL RADIUS ONDEMAND POP3 LDAP SIP NT Domain Umac MAC format separated by sessionlength byteamount idletimeout acct interim interval logouturl 239 Integer Sec Integer Bytes Intege
87. 46 5 6 2 Configure Service Zone Network cccccceccsssseeceeceeeeeeeeecaeeeeeeeceesseceeseeaaseeesessaaeeeesseeegeeeeesaas 47 5 6 3 WISPr Attributes in Service ZONGC ccccccseccceccceseeeeescceseeeeescceseeeeeseceseeceescceseceessccsseeeeesocess 51 IP Oe ciate EE A TAA AEE sass tea ce Secale ates ate oa nadine nee ea eee ee eae teenie 52 User Authentication and Group lind c1 sscceessecseeseneenseeeesseseenseseeseesenseesensessoaes 54 Overview of User Authentication Database ccccccccccccseecceeeeseeeesseeeeseeeesseeeeseesaeeeesaes 54 6 1 1 COMTGUEING ONC eM VAC xia acess chet ate ise auedee ated My 56 6 1 2 COMHQUEIIG RADIUS 2x starts ec ctoe high a a ae detest einaeae 73 6 1 3 COMMUN LOCA hanee a a a eae ee diel atene ee eee ateleee 78 6 1 4 COMIC EDAP isanne rc tede dete esau iagscielwigi E E ee eer tease tee 79 6 1 5 COMNGUFING POP S auen E E dela E ee eee erie ede 81 6 1 6 Coniguring NT DOM Alipin E ae ieee nt E Gasiends arte 82 6 1 7 CONNOUNNO SIP ronis e e E E E E ENNE 83 6 1 8 Choosing Your Networks Authentication method cccccccccseeeeeeseeeeeeseeeeeeeeeeseessaeeeeesseeeesens 85 Joers roU as sateen a a A salty dai ete Satan 87 6 2 1 PAS SIU SESS TO AiO Wy siete eat asc eared wh sa aad ale del aati od ape andes tana oatine 88 6 2 2 Permission ID SERVICE ZOMG iisa ec silee ache eats i Riese ne sat a A sere ae 90 6 2 3 QoS Traffic Class and Bandwidth Control c c
88. A drop down menu is available for selecting the information refresh rate for this page System Overview BH system gt Access Points System Time 2011 06 13 14 36 20 0800 Total Managed QO Up Time 25 days 2 59 Down 0 F W Version 5 00 00 Associated Clients 0 ey Network Interfaces gt Wide Area APs IP Address Status Total Managed oO WANI 172 28 0 254 Down Down 0 WAN 118 168 240 65 Down Active WDS Links 0 Backup Links 0 IP Address SSID Status Disconnected Links M testsz0 192 168 1 254 szO0ssid Enabled S71 172 21 0 254 SSID1 Enabled s53 Users SZ 172 22 0 254 SSID Disabled Z3 172 23 0 254 SSID3 Disabled ee SZ4 172 24 0 254 SSID4 Disabled S75 172 25 0 254 SSID5 Disabled Sz6 172 26 0 254 SSID6 Disabled Q VPN Sessions SZ7 172 27 0 254 SSID7 Disabled Local VPN S78 172 28 0 254 SSID8 Disabled Remote VPN 0 Refresh every 650 seconds 34 4 2 4 Main Menu This feature leads to all the detailed configuration pages on the Web Management Interface allowing you to set various networking parameters enable and customize network services manage user accounts and monitor user status Administration functions are separated into 6 categories System Users Access Points Network Utilities and Status g gt s5 p gt 9 P 6 System Users Access Points Network Utilities Status Welcome to System Main Menu This Administrative Web Interface allows you to set various networking parameters to customize network service
89. AN feature enabled in its BIOS and it is connect to any service zone Enter the MAC Address of the desired device and click Wake Up button to execute this function Ping It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not i Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name ARPing Allows the administrator to send ARP request for a specific IP address or domain name ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP IPv6 a Ping It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not Trace Route 6 It allows administrator to find out the real path of packets from the gateway to a destination using IPv6 address or Host domain name Neighbor Discovery The administrator can use this feature to learn about IPv6 Neighbor nodes that are on the same IP segment or domain name Neighbor Cache a node manages the information about its neighbors in the Neighbor Cache This feature allows the administrator to view the information stored on system s neighbor cache With this feature the administrator can listen for packets from selected Interfaces The administrator can further filter the types of packets to capture by using tcpdump commands under th
90. Cancel _ ICMP and Active Mode FTP In Windows XP SP2 without patching by KB889527 it will drop ICMP packets from IPSec tunnel This problem can be fixed by upgrading patch KB889527 Before enabling IPSec VPN function on client devices please access the patch from Microsofts web at http support microsoft com default aspx scid kb en us 889527 224 This patch also fixes the problem of supporting active mode FTP inside IPSec VPN tunnel of Windows XP SP2 Please UPDATE clients Windows XP SP2 with this patch e The Termination of ActiveX The ActiveX component for IPSec VPN is running in parallel with the web page of Login Success To ensure that the built in IPSec VPN tunnel is always alive unless clients decide to close the session and to disconnect from WHG CONTROLLER the following conditions or behaviors which may cause the Internet Explorer to stop the ActiveX should be avoided 1 The crash of Internet Explorer on running ActiveX If it happens please reboot the client computer Once Windows service is resumed go through the login process again 2 Termination of the Internet Explorer Task from Windows Task Manager Do NOT terminate this VPN task of Internet Explorer Windows Task Manager eil gt Fie Options View VWindoves Help Apphcations procesare Performance Meteorking Task Status t untithed Pink Fuumimineg hipa Hipa peiyaebetloge pees isan main he Rimning GI ctra INDD S Systema
91. Destination Port 0 65535 2 ALL UDP UDP Source Port 0 65535 Destination Port 0 65535 3 ALL ICMP ICMP Type Any Code Any A FTP TCP UDP Destination Port 20 21 5 HTTP TCP UDP Destination Port 80 6 HTTPS TCP UDP Destination Port 443 7 POPS TCP Destination Port 110 g SMTP TCP Destination Port 25 g DHCP UDP Destination Port 67 68 10 DNS TCP UDP Destination Port 53 The administrator is able to add new custom service protocols by clicking Add and delete the added protocols with Select All and Delete operations 99 A The Predefined Service Protocols can not be deleted Click Add to add a custom service protocol The Protocol Type can be defined from a list of service by protocols TCP UDP ICMP IP and then define the Source Port range and Destination Port range click Apply to save this protocol Add Service Protocol Protocol Type i Source Port Destination Port If the Protocol Type is ICMP it will need to define Type and Code Add Service Protocol Protocol Type Type Code lf the Protocol Type is IP it will need to define Protocol Number Add Service Protocol Name Protocol Type IP w Protocol Number Rules After the custom protocol is defined or just use the Predefined Service Protocols you will need to enable the Firewall Rule to apply these protocols o Firewall Rules Click the number of Filter Rule No to edit individual rules and click Apply to save the settings
92. Disable 12345 Apply demo VAP Status ESSID VLAN ID Mapped Service 7one A 10 changel None Default A210 change2 1001 Default A 10 change3 1002 Default 155 10 4 Manage Third Party AP Add a third party AP go to Add third party AP by selecting THIRDAP from Device Type Add to AP List manually by specifying third party AP s IP address Name and VLAN ID Click Add to finish adding and check lists to List icon Add an AP Device Type 3rd Party AP Device IP 192 168 1 1 Device Name 3rdAPO01 Check and Manage List of third Party AP go to Access Points gt gt Enter Wide Area AP Management gt gt List Manage this third party AP from the Type Lists Edit its AP Attribute and Administration from the column Go to Map icon The added third party AP could be placed on Google Map feature and all map function Create graphical reports for data traffics passing through this third party AP Configure third party AP to maps go to Access Points gt gt Enter Wide Area AP Management gt gt Map AP List None Type Name Tunnel Status AP Admin Web AP Attribute CAPWAP 3rd Party AP jhe a Home Page Goto 156 10 5 Map Configure maps go to Access Points gt gt Enter Wide Area AP Management gt gt Map The Map tab page is implemented with Google Map API version2 which allows administrators to view at a glance the whereabouts of all of the AP s under Wide Area AP Management This feature
93. From Click Refresh is to update the current users list or you can select the time interval for automatic refresh from the drop down box in the lower right corner of this page Online Users List Username Pkts In Out SZ VLAN Method aoe trom iii Auth Idi Kick IF Address MAC Address Bytes In Out Group Policy Renae cer E t Total 0 First Prey Next Last Refresh Disable EE EE eee The user account name IP Address The IP address of this user MAC Address The MAC address of this user Pkts In Out Number of packets received sent by this user Bytes In Out Number of Bytes received sent by this user SZ VLAN Service Zone and VLAN which this user is associated to Group Policy The Group and Policy this user is applied to The authentication method used by this user eS Reese From Tee ti maraga Aewien ie worsened Keron Riso can oti onare 207 13 1 6 Non Login Users View Non Login Users go to Status gt gt Non Login Users This page shows users that have acquired an IP address from the system s DHCP server but have not yet been authenticated This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the clients MAC Address IP Address and associated VLAN ID Service Zone as well as Associated AP if the client uses wireless connection Non Login Users List MAC Address IP Address VLAN ID Service Zone Associated AP Refresh
94. IC W3C DTD HTML 4 0 Transitional EN gt nm lt META HTTP EQUIV Content Type CONTENT text html charset us ascii gt lt 8 2 After User Login 8 2 1 Portal Home Page Configure Home Page Redirect go to System gt gt General Portal URL function allows the network administrator to specify whether to redirect a user s web browser to a specific webpage or not When Specific is checked once a user logged in successfully user s web browser will be redirected to the specified URL as set in the test box such as http www google com regardless of the original homepage set in their computers Specific Original None Portal URL http G www google com fe g htto www example com When Original is selected once a user logged in successfully user s web browser will be redirected to the homepage URL as set in his browser configurations When None is selected once a user logged in successfully user s web browser will not be redirected to any URL 120 8 2 2 Idle Timer Configure Idle Timer go to Users gt gt Additional Control lf a user has idled with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and the default idle time is 10 minutes Additional Control Idle Timeout minutes 1 1440 Idle Timeout Check Direction Uplink Uplink amp Downlink User Session Control C Enable Authen
95. IP Interface Configuration The system provides SIP proxy functionality which allows SIP clients to pass through NAT When enabled all SIP traffic can pass through NAT via a fixed WAN interface The policy route setting of SIP Authentication must be configured carefully because it must cooperate with the fixed WAN interface for SIP authentication SIP Transparent Proxy can be activated in both NAT and Router mode SIP Authentication must support in either mode For users logging in through SIP authentication a group can be chosen to govern SIP traffic The policy s login schedule profile will be ignored for SIP authentication Specific route and firewall rules of the chosen group will be applied to SIP traffic 6 1 8 Choosing Your Networks Authentication method For each Service Zone network administrator can choose to enable or disable the need for authentication for that Service Zone Go to Main Menu gt System gt Service Zones Authentication Settings Authentication Required For the Zone MAC Authentication Configuration Enable Disable Suspend 4 Configure Disabling the need to authenticate means that all users accessing the network via this Service Zone will not need to be authenticated before gaining access to the internet however this way means that all users under this Service Zone will not be able to be enforced with different policies Authentication Settings Auth
96. IP address Subnet Mask 4 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the P Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG CONTROLLER f If your PC has been set up completely please inform the network administrator before proceeding to the following steps 4 1 Click on the IP Address tab and choose E 2 gt Specify an IP address Enter the IP Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IP Address Address Subnet Mask and then click OK An IP address can be automatically assigned to this computer If pour network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below 284 4 2 4 3 Click on the Gateway tab Enter the gateway address of WHG CONTROLLER in the New gateway field and click Add Then click OK Click on DNS Configuration tab If the DNS Server field is empty select Enable DNS and enter DNS Server address Click Add and then click OK to complete the configuration Check the TCP IP Setup of Window 2000 1 Select Start gt gt Control Panel gt gt Network and Dial up Connections 285 TCP IP Properties Ed Ed Advanced NetBIOS Gateway WINS Configuration IP Address Bindings OAS Configuration Th
97. IP registrar responds with a YES call is established through WHG 707 83 SIP Proxy Authentication Server Trusted SIP Registrar a SIP Proxy E Server f Wireless Wired Network Network 3 WiFi Phone 301 1 Making A Call 301 gt 303 2 Get Authenticated 3 Call Established SIP Softphone 303 The system provides SIP proxy for SIP clients devices or soft clients pass through NAT After enable SIP proxy server all SIP traffic can pass through NAT with a selective but fixed WAN interface If the SIP Registrar settings in SIP client is same as the system setting when the client try to access the SIP Registrar system will let this client login automatically and all SIP traffic can pass through Configure Dynamic Domain Name Service go to Users gt gt Authentication gt gt SIP Authentication Server SIP e SIP SIP authentication supports 4 Trusted SIP Registrar e IP Address The IP address of the Trusted SIP Registrar e Remark The administrator can enter extra information in this field for remark e Group A Group option can be applied to the clients who login with SIP Authentication Be noted that the specific route of the applied Policy for the selected Group cannot conflict with the assigned WAN interface for SIP authentication SIP Interface Configuration To configure Dynamic Domain Name Service go to System gt gt Service Zones gt gt Service Zone Configuration 84 S
98. Item Name This is the item information to describe the product for example Internet Access O Email Header Enter the information that should appear in the header of the invoice 254 gt Authorize Net Payment Page Fields Configuration Authorize Net Payment Page Remark Content No Credit Card Number Authorize Net Payment Page Fields Configuration Displayed Text Required Credit Card Number Credit Card Expiration Date Credit Card Expiration Date Card Type Visa American Express Master Card Discover E mail D Maddress D city A Zip Zip o Phone A Fax Fax LI Displayed text fileds must be filled Authorize Net Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If gt Authorize Net Payment Page Fields Configuration O O O Item Check the box to show this item on the customer s payment interface Displayed Text Enter what needs to be shown for this field Required Check the box to indicate this item as a required field Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types Credit Card Expiration Date Month and year expiration date of the credit card This should be entered in the format of MMYY For example an expiration date of July September
99. L certificate there will be a Certificate Error because the browser treats WHG Controller as an illegal website Please press Continue to this website to continue The default user login page will then appear in the browser Lertittcale Error Navigation Blocked Windows Inlernel Explore 0S E hetps jj192 168 1 254 OOOO e i Fle Edt Yew Favorites Took Help 3 There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Securty certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information 30 4 2 Home Page Home page lists four buttons Setup Wizard Quick Links System Overview and Main Menu respectively Each button will be described in detail in the following section Logout 7Help Quick Links System Overview Main Menu 31 4 2 1 Setup Wizard Using the configuration wizard Configuration wizard provides a fast and easy way to configure the WHG Controller s system time change Administrator password WAN interfaces
100. Multicast to deliver RIP packets both uses broadcast and multicast gt AUTH AUTH Allows the authenticating of RIP neighbors The authentication method none means that no authentication is used for RIP and it is the default method The two modes of authentication on an interface for which RIP authentication is enabled plain text authentication and MD5 authentication gt Advertise am Default Gateway Inform neighboring nodes that this controller is the default gateway gt Advertise Global Policy Route Inform neighboring nodes the Global Policy route on this controller gt Redistribute OSPF Check this option to enable using RIP to distribute routing information acquired via OSPF gt RIP Timer Update timer Specify the time in seconds when the system will request for immediate update in 176 routing information Timeout Timer Routes are only kept in the routing table for a limited amount of time A special Timeout timer is started whenever a route is installed in the routing table Whenever the router receives another RIP Response with information about that route the route is considered refreshed and its Timeout timer is reset When this timer expires the route is marked as invalid Garbage Collection Timer Specify the time in seconds before erasing invalid route from the routing table e OSPF Configuration It is an adaptive routing protocol for Internet Protocol IP networks You can conf
101. N A 192 168 1 1 192 168 1 100 Configure Enabled 1 172 21 0 1 172 21 0 100 Configure Enabled LAN Port Mapping Details Status Enabled Enabled e Service Zone Name Mnemonic name of the Service Zone SSID The SSID that is associated with the Service Zone e WLAN Encryption Data encryption method for wireless networks within the Service Zone e Applied Policy The policy that is applied to the Service Zone 44 Default Authen Option Default authentication method server that is used within the Service Zone IP Address The IPv4 address of this service zone interface IPv6 Address The IPv6 address of this service zone interface Network Alias Administrator may optionally set many alias network segments for a service zone This feature can allow a single service zone to be seen as many service zones also hide the IP address of a Service Zone s network interface and to some degree provide protection from possible attacks from LAN clients DHCP Pool Displays the DHCP pool range configured for this service zone VLAN Tag Tag Base only The VLAN tag number that is mapped to the Service Zone LAN Port Mapping Port Base only The physical port that is mapped to this service zone indicated by green light icon Status Each Service Zone can be enabled or disabled Details Configurable detailed settings for each Service Zone Click Configure button to configure each Service Zone Basic Settings SIP Interface Configuration
102. Package Checklist The standard package of WHG 505 includes WHG 505 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 e RS 232 DBY to RJ45 Console Cable x 1 Ethernet Cable x 1 Straight through Ethernet Cable x 1 Power Cord x 1 Rack Mounting Bracket with Screws x 1 It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance Installation 1 Connect the power cord to the power socket on the rear panel 2 Turnon the power switch on the rear panel The Power LED should be on to indicate a proper connection 3 Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection 4 Connect an Ethernet cable to the Mgmt Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel Connect the other end of the Ethernet cable to an AP for extending wireless coverage a switch for connecting more wired clients or directly to a client PC The LED of port should be on to indicate a proper connection 2 4 5 WHG 515 Package amp Installation Package Checklist The standard package of WHG 505 includ
103. Pay Disable WorldPay Payment Page Configuration Installation ID Payment Gateway URL https select wp3 rbsworldpay com wec purchas Currency GBP Pound Sterling w I Service Disclaimer Content We may collect and store the following personal information Physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by uz Choose Billing Plan for WorldPay Payment Page Plan Enable Disable Quota Price 1 Enable Disable 2 Enable Disable 3 Enable Disable 4 Enable Disable 5 Enable Disable 6 Enable Disable 7 Enable Disable 3 Enable Disable 9 Enable Disable 10 Enable Disable WorldPay Payment Page Remark Content You mast fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card gt WorldPay Payment Page Configuration Installation ID The ID of the associated Merchant Account Payment Gateway URL The default website of posting all transaction data Currency The currency to be used for the payment transactions gt Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here gt WorldPay Payment Page Billing Configuration These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt WorldPay Pay
104. Policy each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users The clients belonging to a Service Zone will also be bound by an applied Policy In addition a Policy can be applied at a Group basis a Group of users can be bound by a Policy The same Group can be applied with different Policies within different Service Zones Policy Configuration Policy 1 Select Policy Firewall Profile Specific Route Profile Schedule Profile Maximum Concurrent Sessions sessions per user e Select Policy Select Policy 1 Policy n to set the Firewall Profile Specific Route Profile Schedule Profile and Maximum Concurrent Sessions e Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules e Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this gateway settings include default gateway e Schedule Profile The Schedule table in a 7X24 format is used to control the clients login time When Schedule is enabled clients applied policies are only allowed to login the system at the time which is checked in the applied policy e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client 98 7 1 1 Firewall Firewall Profile Global Policy
105. Pr Session Terminate Time attribute Only available for RADIUS user WISPr Session Terminate End Of Day attribute O or 1 to indicate termination rule Only available for RADIUS user WISPr Billing Class Of Service attribute Only available for RADIUS user WISPr Location ID attribute Only available for RADIUS user WISPr Location Name attribute WISPR BILLING TIME session External Error Page Variables Field msg Only available for RADIUS user String format WISPr Billing Time attribute Only HH MM available for RADIUS user String Encrypted session information Value Description String includes Error message The system is busy Please try again later Cannot find session related information lt BR gt Please enable the Cookie in the browser setting or open a website to get a Cookie Invalid IP address Please check the IP address and try again Invalid MAC address Please check the MAC address and try again Sorry your account is not usable because the authentication option is currently disabled lt BR gt Please contact your network administrator Sorry your account is not usable because the authentication option associated with the postfix is not found lt BR gt Please contact your network administrator Sorry you are not allowed to log in because your account is currently on the Black List Sorry you are not allowed to log in 241 Vianid Gwip
106. Pv6 address e Type Choose the desired way of your IPv6 connection gt Static Manually enter all the related IPv6 information Red asterisk are mandatory fields IPv6 Setting Status Enable Disable External Interface WAN1 WAN Static Use the following IPv settings IPv6 Address Po Prefix Length p Default Gateway Doo Preferred DNS Server Po Alternate DNS Server ee 6to4 go6 Pv6 Address Enter the desired IPv6 IP address Prefix Length Set the desired length of your IPv6 mask Type Default Gateway The IPv6 default gateway of the selected interface Preferred DNS Server The primary DNS server used for this connection Alternate DNS Server The substitute DNS server used for this connection 52 gt 6to4 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6 a system that allows IPv6 packets to be transmitted over an IPv4 network generally the IPv4 internet without the need to configure explicit tunnels 6to4 option can only be chosen when the selected WAN interface was set with a static IPv4 address Static Use the following IPv6 settings 6to4 Mode Automatic Configured mpe Prefix Length H Preferred DNS Server 2O22 Alternate DNS Server 2 O O20000 O go6 Mode Select Automatic if you do not have a specified default router or choose Configured to assign a default router to forward packet from IPv6 network to IPv4 n
107. Service Zone VLAN Service Zone WLAN for Staff for Guests Service Zone VLAN Service Zone VLAN tor Staff tor Guests Port Based Tag Based In Port Based mode each LAN port can be mapped to an enabled Service Zone or disabled this means the maximum number of Service Zones available to provide service is determined by the number of LAN ports on the Controller LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAN Port pues p a N LAN4 LANS LAN Trusted Port None Trusted Port When a LAN port is selected clients under this port will not require authentication regardless of the settings in the corresponding Service Zone profile this LAN port maps to In Tag Based mode Service Zones are mapped to VLAN tags This means that each LAN port can service any service zone traffic 42 LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Notice Under Tag Based mode Service Zones will be distinguished by VLAN tagging instead of physical LAN ports LANI LAN LANS LANS LAN4 LANG Select the mode for Isolation Enabled Disabled Select the mode for Isolation When enabled network traffic will be isolated by VLAN tag which means that inter VLAN devices are segregated from each other Please note that this check option is not available for WHG 311 and WHG 3
108. T ET tT Login time 2009 06 02 11 26 gt gt Note When On demand accounts are used the system will display more information as shown below Hello you are logged in via 3p6z ondemand To log out please click the Logout button Login time 2009 06 02 11 11 E E S a8 EES eos TES Remaining Time Hour Min st sec Redeem 95 6 3 2 Default Authentication In each Service Zone there are different types of authentication database LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP that are supported by the entire system There are up to six authentication servers can be enabled two of them constantly as Ondemand and SIP and one of them can be set as the Default Authentication so that users do not have to type in the postfix string while entering username during login A postfix is used to inform the system which authentication option to be used for authenticating an account e g bob BostonLdap or tinm TaipeiRadius when multiple options are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if BostonLdap is the postfix of the default option Bob can login as bob without having to type in bob BostonLdap 6 3 3 Login with Postfix Set a postfix that is easy to relate e g Local user login with which authentication server The acceptable charact
109. This page shows the account and IP of the person that has made changes to Controllers WMI configurations 213 13 1 11 DHCP Lease View DHCP Lease go to Status gt gt DHCP Lease The DHCP IP lease statistics can be viewed after clicking on Show Statistics List in this page e Statistics of offered list Valid lease counts of the Last 10 Minutes Hours and Days are shown here The header 1 10 are unit multiplier for instance the number under column 2 indicates the lease count in the last 20 minutes hours days the number under column 3 indicated the lease count in the last 30 minutes hours days and so on e Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days are shown here The header 1 10 are unit multiplier for instance the number under column 2 indicates the expired count in the last 20 minutes hours days the number under column 3 indicated the expired count in the last 30 minutes hours days and so on Statistics of offered list 1 2 3 4 D 6 Fi go 9 10 Last 10 Minutes 1 g g g g g 0 g g g Last 10 Hours 0 2 a2 3 1 0 g 1 2 2 Last 10 Days 31 0 g 0 g 0 g 0 g 0 Statistics of expired list 1 2 3 4 3 6 F go g 10 Last 10 Minutes 0 g g 0 g g 0 g 0 g Last 10 Hours g a 1 0 g 0 g a 2 1 Last 10 Days 10 g g 0 g g 0 g 0 g Refresh Disable e DHCP Lease List Valid IP addresses issued from the DHCP Server and related information of the client using this IP address is
110. Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Time specifies that the account is valid between the two time points ae cae Duration time Elapsed Time account lifespan a Elapsed Time ET Creation Time CT Deletion Time DT gt Invalid 1 Valid Duration time with Cut off Time Cut off Time is the clock time at which the on demand account is cut off made expired by the system on that day For example a shopping mall closing hour is 23 00 operators selling on demand tickets can create use this plan to create ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to account creation time Cut off Time is the clock time when the account will expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 65 O Editing Billing Plan m Counting Method Elapsed Time Begin and end Time Cut off Time Begin Time Upon Account Creation Cut off Time HH MM range 00 00 23 59 ome Range 0 100000 including two digits after decimal point e g 1 99 ne TIP
111. Unmodified option is selected the system will send the username to Default Auth Server set in 802 1X configuration page for authentication This attribute is the string identifying the NAS originating the access request System will send this value to the external RADIUS server if the external RADIUS server needs this Indicates the type of physical port the network access server is using to authenticate the user System will send this value to the external RADIUS server if the external RADIUS server needs this This attribute indicates how many seconds the client has been trying to send this record for and can be subtracted from the time of arrival on the server to find the approximate time of the event generating this Accounting Request Network transit time is ignored A RADIUS attribute with configurable range from 1 11 Each value represents different kinds of service The administrator can set the kind of service preferred by users and notify the RADIUS server this way 1 Login Framed Callback Login Callback Framed Outbound Administrative NAS Prompt Authenticate Only Callback NAS Prompt Call Check Callback Administrative 2 3 4 5 6 7 8 9 0 i This function is to assign a Group to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes logs into the system via the RADIUS server each client will be mapped to an assigned Group RADIUS Group Mapping
112. Wizard our broadband connection should already be configured and ready to use IF your connection is not working properly check the following link To close this wizard click Finish cae Cf fran 282 TCP IP Network Setup If the operating system of the PC in use is Windows 95 98 ME 2000 XP keep the default settings without any changes to directly start restart the system With the factory default settings during the process of starting the system WHG CONTROLLER with DHCP function will automatically assign an appropriate IP address and related information for each PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checking the TCP IP setup or using the static IP in the LAN1 LAN2 or LAN3 LAN4 section is desired please follow these steps Check the TCP IP Setup of Window 9x ME 1 Choose Start gt gt Control Panel gt gt Network 2 Click on the Configuration tab and select TCP IP gt gt AMD PCNET Family Ethernet Adapter PCI ISA and then click Properties Now you can choose to use DHCP or a specific IP address 283 J Control Panel X Eile Edit View Go Favorites Help e gt 0y 2 9 x l Back Forward Up Cut Copy Paste Undo Delete Properties Views Address fe Control Panel 7
113. able Disable 4 Enable Disable 5 Enable Disable 6 Enable Disable 7 Enable Disable g Enable Disable 9 Enable Disable 10 Enable Disable SecurePay Payment Page Remark Content You mast fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card gt Payment Page Configuration Merchant ID The ID that is associated with the Business Account Password This is the key used by Secure Pay to validate all the transactions Payment Gateway URL The default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Secure 259 Pay Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here SecurePay Payment Page Billing Configuration These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers 260 16 4 Payments via WorldPay Configure Payments via WorldPay go to User gt gt Authentication gt gt On demand Users gt gt External Payment Gateway gt gt WorldPay External Payment Gateway Authorize Net PayPal SecurePay World
114. ach line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserlP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In User Log 2010 06 07 Date Type Name NASID NASIP NASPot UserMAC UsernP SessionlD Sessionlime BytesiIn Bytes Out Pktsin Pkts Out Message SIP Call Usage Log The log provides the login and logout activities of SIP clients device and soft clients such as Start Time Caller Callee and Duration seconds SIP Call Usage Log Start Time Caller Callee Duration seconds 211 13 1 9 Local User Monthly Network Usage View Local User Monthly Network Usage go to Status gt gt User Logs e Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months As shown in the following figure each line in a monthly network usage of local user record consists of 6 fields System Name Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities Monthly Report 2007 11 Username Connection Time Usage Packets In Bytes In Packets Out Bytes Out uzerl 8 mins 42 secs 195 66 JE 02 23K user 1 min 43 secs ATE 23 1H 21 3E 12 1H Total 2 First Previous Next Last o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Out
115. address the system s will use the obtained IP as its WAN address Modem to ISP PC connecting to the system s LAN port By default the system s wall issue an IP address in the range of 192 168 1 x to the PC at LAWN port A simple network diagram for the initial setup 21 3 System Overview 3 1 System Concept If you have experienced other LevelOne WLAN WHG Controller products before and are familiar with its system concept you may skip the concept description below Please proceed to the next section on Getting Started WHG Controller is capable of managing user authentication authorization and accounting AAA The user account information is stored in the local database or a specified external database server Featured with user authentication and integrated with external payment gateway WHG Controllers allows users to easily pay the fee and enjoy the Internet service using credit cards through Authorize Net PayPal SecurePay or WorldPay With centralized AP management feature the administrator does not need to worry about how to manage multiple wireless access point devices WHG Controllers and LevelOne APs combined provides flexible network solution which supports overlay deployment where traffics from remote sites are tunnelled back and centrally controlled by WHG Controller Furthermore WHG Controller introduces the concept of Service Zones multiple virtual networks each with its own definable access
116. ae ace AN ceitcnacateas E E ats ate MDS E uae au ete detoen ese sssaueaasa ts 205 toka ROUNO I r ena te en ne ara ee ee eee Pane nee ens 206 TSiO OMMNMG IS CNS arses ta sci erste seen aa a estate dalitattctetas 207 T3565 dNOM EOOIMWISCIS oaan a aa N a nine mnivai ies 208 Tock DESSE eene a e eee So ee 209 kS US 2c 0 S eee en ne eee caer eee ere 210 13 1 9 Local User Monthly Network USage cccccccsssseeeeeceeeseceeecaesseceeseaeaseeeeesaaseeeesseeaeeeeesaaaaes 212 ST MES as et ct tet ae ara ae ra Se al td 213 is DAGE LEISO iaca aeebeaathadsaaetaiseasencegartutseanstheds uaseeicenaiteatel en duaeteancetes 214 13 2 NOUN GALON sigegen pT E DEE a a EE A E T EDER 215 13 2 1 SMTP Settings xia ate boca ot cd atacand donald dyad ic icnnen dude gee Manana NAMANA A AAE EE NENANA E main 216 Da Sy 6S EL EWS fu oro meme eer E a eee ne rc ne eer a ee ero 217 13 2 3 Pile SEUNS soeren N N maarteiuia nr wiladeliarea aaa N 218 1324 NOMEAN SENINGS sienciies eater aa N ave deiner eE EA 219 12 9 OVS em AEDO ear e armen ed pao a be a a a a A 222 Virtual Private Network VPN 1 0 scssssescessensceneenseenecnsenseonscnseeneonseeseonesnesoneans 223 14 1 LOCAL VE NE Raerernee ramen pee rei eer Meas PeGnE Sete rn te Run a one ae ene Reem or a anne en ee eer renee ee 223 14 2 RSI VPN ata a as ec ce ic ane at ene ue ee ee ae es ia teil ae 227 14 3 SITETIO Ste VPN aeccaneir a E a eee nieces aeiabnetle 228 Customization Of Portal Pags ic
117. all chents include login clients and privilege clients Session List Display detailed user access records on daily basis History record of up to 3 days is kept in User Logs the system Logs Display system syslog messages DHCP Lease Display the information of DHCP Lease status The system can send various reports via up to 3 email accounts such as Monitor IP report Report amp Notification sas Users log and Session Log The external SYSLOG server and FIP server are configured here 200 13 1 1 System Status View System Status go to Status gt gt System This section provides an overview of the system for the administrator System Setting Overview Firmware Version Build System Name Portal URL SYSLOG server 1 SYSLOG server 2 Proxy Server Warning of Internet Disconnection WAN Failover Load Balancing SNMP Retained Days User Logs Receiver E mail Address es NTP Server System Time Time Idle Time Out User Session Control Multiple Login Preferred DNS Server DNS Alternate DNS Server 201 WHG http www google com N AIN YA N AN A Disabled Disabled Disabled Disabled Disabled 3 days N A N A N A tock usno navy mil 2010 06 18 17 18 28 0800 10 Mints Disabled 168 95 1 1 N A The description of the above mentioned table is as follows Warning of Internet Disconnection Description pee oo The IP address and port number of the external Syslog Server N A m
118. an be enabled or disabled for the entire Authentication Database Authentication Option Server 1 Postfix raius i Black List None M Authentication Database Enable Local VPN Fi e Name Configurable text string designated as the mnemonic name of this authentication option e Postfix Is the text string entered as a postfix in the account field for notifying the Controller which authentication database this account belongs to e Black List System has built in black list profiles where specific user accounts can be listed When selected and applied here it tells the Controller that the accounts on the selected black list should be denied authentication e Group The Group profile that will govern the users authenticated via this authentication option e Enable Local VPN When checked users authenticating with this authentication option will have a VPN tunnel established automatically between the Controller and the user s client device e Authentication Database Select the authentication database that will be used for account validation when an authentication request is received Click the button of Configure for further configuration The RADIUS server sets the external authentication server that houses user accounts Enter the information for the primary server and or the secondary server the secondary server is not required The fields with red asterisk are necessary information These settings will become effective immediately af
119. an only roam with the master node Fill in master node s IP address and common shared secret to establish roaming tunnel between the master node and slave node 267 Disable Master Node Slave Node 268 Appendix A Certificate Settings for IE6 and IE7 Certificate setting for the company with Certificate Authority gt Background information Any website or high value Web Applications will require a client to access their websites via Secure Sockets Layer SSL The browser will automatically ask for a public SSL certificate from the website and check if it is valid The public SSL Certificate consists of the public key and identity information which can be signed by any established certificate authority e g VeriSign The certificate authority guarantees that the public key belongs to the named entity Usually website s security certificate may encounter problem only if the security certificate presented to the browser has not been signed by any certificate authority which can be trusted As long as the SSL function is enabled in the WHG CONTROLLER there must be a public SSL certificate signed by an established certificate authority To avoid the error message in the browser a company should have its own Certificate Authority CA The IT department must therefore install the SSL certificate for each normal user when deploying the WHG CONTROLLER gt Secure Certificate setting for both IE6 and IE7 For the company w
120. and apply System Time 2011 05 09 17 14 31 Time Zone GMT 08 00 Taipei v NTP NTP Server 1 tock usno navy mil e g tock usno navy mil Time NTP Server 2 ntpi fau de NTP Server 3 clock cuhk edu hk NTP Server 4 ntpsi pads ufrj br NTP Server 5 ntpi cs mu 0Z AU Manually set up Manually set system time and apply System Time 2011 05 09 17 14 31 Time Zone GMT 08 00 Taipei v Time NTP Manually set up 2011 Year 05 v Month 09 Day 16 Hour 23 Minute 00 Second 37 5 3 WANT amp WAN2 Setup WHG Controllers are designed with 2 WAN ports for load balancing and failover support To configure WAN port settings go to Main Menu gt System gt WAN1 WAN2 gt WANI WAWN1 port supports four connection types Static Dynamic PPPoE and PPTP These connection types are enough to support most ISP WAN1 Interface Setting Static Use the following IP settings Dynamic IP settings assigned automatically Renew V Leam DNS Server Address During Negotiation Preferred DNS Server 168 95 1 1 is Alternate DNS Server PPPoE D PPTP Depending on ISP or the upstream device the WAN port connects you only need to select one connection type for the port For example if your ISP is Cable modem issuing Dynamic address then you would select Dynamic connection when setting up the WAN ports Static Manually specifying the IP address of the WAN Port The fields with
121. as well as local user accounts Follow the instructions given at each step to change the system admin password select time zone configure WAN1 interface and create local user account optional Upon completing the Setup Wizard procedures the system needs to be restarted to have the settings take effect The system is ready for operation after restart with minimal configurations Running the Wizard Click Setup Wizard button from the Home page and the Setup Wizard page will appear Please read tips provided for each step to complete the configuration Home DOLogout Help Setup Wizard General New Password eeeee Verify Password eceeee Time Zone GMT 08 00 Taipei 32 4 2 2 Quick Links The Quick Links provide eight shortcut links for administrators to directly access frequently used functions of the web management interface The eight functional links are System Status Local User Management Policy Management AP Management Online User List On demand Account Management Authentication Configuration and Firmware Management fHome OLogout Help Quick Links Sere states oo Local User Management On demand Account Management Policy Management Authentication Configuration 33 4 2 3 System Overview This page displays important system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc
122. ased mode is selected gt Add The administrator can click Add button to register the APs to the List for management Input the desired name and password for the AP Select one template preferred channel check the Add checkbox and then click Add button to add it under the managed list When the AP is added it will show up in the list below and be given a new IP address depending on which service Zone it belongs to e g 192 168 10 1 AP List IP Address Status AP Name No of Client Service 7one MAC Address Channel 192 168 10 1 Configuring NEWDEV 00001 0 Default 00 47 03 14 CA 02 NA 132 9 3 1 AP Background Discovery Configure AP Background Discovery go to AP Management gt gt Enter Local Area AP Management gt gt gt Background AP Discovery Click Configure to enter Background AP Discovery interface and proceed with related configuration Discovery Settings AP Type EAP100 Interface Default Factory Default Admin Setti iai IP Address 192 168 1 1 min Settings Us oO a Discover Login ID admin Password admin Manual Background AP Discovery Status Disabled Discovery Results IP Address AP Name Template AP Type Service Zone Add MAC Address Password Channel The configuration is the same as AP Discovery When Background AP Discovery function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Adding AP to
123. atically and then click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from WHG CONTROLLER 286 9 Network and Dial up Connections la x Fie Edit View Favorites Tools Advanced Help Back gt search GyFolders CHnistory AG GE X wy Eee Address a Network and Dial up Connections gt Go os gz in L adhe Make New Local Area Network and Dial Connection emenn up Connections Disable Status Local Area Connection ee Shortaue Type LAN Connection Status Enabled AMD PCNET Family PCI Ethernet Adapter g Displays the properties of the selected connection Local Area Connection Properties q z 4 General Connect uzing BS AMD PENET Family PEI Ethernet Adapter Components checked are used by this connection w Cii b etwork s ent for Microsoft H Habbor bicrosott Hekmork s Internet Protocol TCP IP Transmission Control Protocolelnterniet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Install Description Uninstall Show icon in taskbar when connected Internet Protocol TCP IP Properties General You can get F settings assigned automatically if your network supports thi capability Othenwise you need to ask your network adm
124. ation Policy gt gt Service Zone Policy gt gt Global Policy Now let us discus different user policy type o For Local RADIUS and LDAP if these users are assigned to different Group individually these users can be assigned to their Group For example a Local user user01 is assigned to Group1 and the Local Authentication is assigned to Group2 If Group1 in Service Zone1 can be applied Policy1 Then user01 login to Service Zonet will get Policy1 This is acommon case for users that can assign Group individually o For Local RADIUS and LDAP if these users do not assigned any Group individually so they are same as other authentication server users that they can not assign to Group individually For example a POP3 user pop01 the POPS Authentication is assigned to Group1 If Group1 in Service Zone1 can be applied Policy1 Then pop01 login to Service Zone1 will get Policy1 This is another common case for users that can assign Group by authentication server o lf Authentication server also do not assign to a Group then the user will applied the Service Zone Default Policy For example a Local user user01 is assigned to Group None and the Local Authentication is also assigned to Group None If the Default Policy of Service Zone is applied Policy1 Then user01 login to Service Zone will get Policy1 o If the Default Service Zone Policy is None Authentication server does not assign to a Group and user Group is None too For example a Local
125. ault gateways column and the ae TCP IP Gateway Address window will appear DHCP Enabled Add Edit Remove Default gateways Interface metric Cancel 287 5 4 Enter the gateway address of WHG CONTROLLER in the Gateway field and then click Add After back to the IP Settings tab click OK to complete the configuration Check the TCP IP Setup of Window XP Select Start gt gt Control Panel gt gt Network 1 Connection 2 Right click on the Local Area Connection icon and select Properties Click on the General tab and choose Internet Protocol TCP IP and then click Properties 3 288 TCP IP Gateway Address ajx W Automatic metric Catt D es ee Gateway Metric amp Control Panel File Edit Help ew a gt wi Search Key Folders fi Address Control Panel Accessibility Add Hardware Options Folder Options Display View Favorites Tools Vg Control Panel R G Switch to Category view See Also Administrative Date and Time Tools gt 9 Game Internet Controllers Options b Phone and Power Options Modem 2 Scheduled Sounds and Tasks Audio Devices gt Windows Update Help and Support Keyboard Network Connections Printers and Faxes yg U LS Speech System Taskbar and User Accounts YMware Tools Regional and Scanners and Language Cameras s N
126. ault image or none Click Browse to select the image file and then click upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended e Twin Ticket Enable this function to print duplicate receipts e Remark Enter any additional information that will appear at the bottom of the receipt e Preview Click Preview button the ticket will be shown including the information of username and password with the selected background Print the ticket here Billing Plans Billing plan profiles defines the terms and conditions of guest internet access Click Edit button to enter the configuration page of a selected Billing Plan profile Once you have finished configuring a billing plan profile go back to the screen of Billing Plans check the Enable checkbox and click Apply to activate Billing Plans Account wp Quick Account Function Type Creation 1 day s 1 hr s 1 min s of connection a Usage time quota with expiration g G e Plan The number of the specific plan e Account Type The account type chosen for this plan Different account types have different properties A suitable account type should be selected that will best meet guest usage requirements e Quota The usage terms on how much or how long an On demand users are allowed to access the 58 network e Price The unit price of the respective billing plan e Enable Check the check
127. beacon signal is transmitted between the access point and the wireless network 130 9 3 AP Discovery Configure Discovery AP go to Access Points gt gt Enter Local Area AP Management gt gt Discovery After AP template configuration is complete use this function to detect and scan for all of the APs connected under the managed network Note that in Local Area AP Management the WHG Controller can only manage APs that are connected to its LAN ports Therefore the AP discovery function is for adding locally connected APs to its management list The administrator must know the local IP addresses of the APs he she wishes to discover Or the alternative is to reset the AP to default setting for discovery Discovery Settings AP Type EAP100 Interface Default Factory Default IP Address 192 168 1 1 Se E E Login ID admin Discover Password admin Manual Scan Now Background AP Discovery Status Disabled Configure Discovery Results IP Address AP Name Template AP Type Service Zone MAC Address Password Channel Total 0 First Prev Next Last e To discover AP gt AP Type Choose the type of AP you wish to discover Add gt Interface Select which interface to scan For example if Default is selected all of the APs connected under default service zone matching the selected AP type will be scanned and listed gt Admin Settings Used to Discover Select Factory Default when
128. box to activate the plan Deactivated billing plans cannot be used to generate ondemand guest accounts e Quick Account Creation Check the checkbox to enable Quick Account Creation Static users with Ondemand Account Privilege an attribute in Group profile enabled can see Quick Account Creation checked billing plans and can generate ondemand accounts e Group Group assignment of on demand users associated with the respective billing plan e Function Click the button Edit to configure the respective billing plan profile Ondemand Account Types o Usage time with Expiration Time Can access internet as long as account valid with remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only deducts quota while using however the count down to Expiration Time is continuous regardless of logging in or out Account expires when Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time per
129. cccccceccececcecceccecccucceccececcuccuccecuccueaeceecaueueaes 93 70 11 6 3 BSS WO INN eesin E aedaeee det 94 6 3 1 AE Xample Of USS LOJI nenirn st a ctceu each sate a a a 94 6 3 2 BBY re ULL AN als al lerc de ae terre eerie rere gtr nei ian sree OT aren eee O te ere 96 6 3 3 Hoe alga 11 A POST Xaser ane re eee te 96 POLICIES a d ACCESS CONTI Ol cissi 97 7 1 POUC cessi cits Goa aaa boa ania ns ochadacas N th ovaaaglenstadeaiapsraddienkiand 97 7 1 1 FG Weal saa dat Neer tie iat re erat ad cath Oi il e een A 99 7 1 2 POU UMC E N E EE E ET A A N EA 104 T13 CCU e e e E E st seenececuete 105 7 1 4 CSO E MMM es ee r E E E 106 7 2 WSEr ACCESS CONTO leion E E aonabasanate easeaste amd aocanaiartnee 107 7 3 SESSION Limit amp SESSION LOG misiris nae a aa aa aa aaa aaa aae 111 Users LOGIN and LOJOUT sss a a a 113 8 1 Before User Kogira ene en Co ea 113 8 1 1 PO GIM WIT S Olein aceasta eaaa r EE 113 8 1 2 Internal Domain Name with Certificate ccccccccccccssseceeceeceecseeeeseeeeceeseeeeeesaeeeesseeeesseaes 114 8 1 3 WalleGG arden ar 116 8 1 4 Waled Garden AD Uistes crescent aut Ans states aiancdcttacseaituedeeavncebetie danwlcenanatenre aedlcietea dant cen bcis 117 8 1 5 Mail MESSAGE srono has tuuslenesieeco ten Yuan evnmuisd a a Nanwie cub ntenadas teaalauatet 119 8 2 PATS NS Or ON ers eect at eel St a oe tile waa ae ere See rare ee eee eg te 120 8 2 1 Portal Home PAG Ci ssie ae a e AE E aE AE aE
130. ccount Configure operator accounts go to Utilities gt gt Administrator Account WHG Controller has three kinds of permanent management account admin manager or operator The default usernames and passwords show as follows Admin The administrator can access all configuration pages of WHG Controller and has all modification and access privilege User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user account it does not have the permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator NGI To logout simply click the Logout icon on the upper right corner of the interface to return to the login ote screen Besides permanent Administrator Manager and Operator accounts different operator accounts can be created with different levels of authority and access for managing the Service Zones and APs they are in charge of 193 Generate Admin Account a Apply admin 10 0 5 228 00 26 2D 85 35 2E Super Group Utilitties MlaUser shtml ee e Create Admin Account Different operator accounts and their password can be specified here Group here are aut
131. ck Enable or Disable efene Activex control above and Disable then click Delete Download new add ons for Internet Explorer Learn more about add ons Windows Internet Explorer From the Tools menu click on Internet Options Select the Programs tab and click Manage add ons button to enter the Manage add ons dialogue box where you can see VPNClient ipsec is enabled During the first time login to WHG CONTROLLER with Local VPN Internet Explorer will ask clients to download an ActiveX component of IPSec VPN Once this ActiveX component is downloaded it will run in parallel with the Login Success Page after the page being brought up successfully The ActiveX component helps set up individual IPSec VPN tunnels between clients and WHG CONTROLLER and check the validity of IPSec VPN 223 tunnels between them If the connection is down the ActiveX component will detect the broken link and decompose the IPSec tunnel Once the IPSec VPN tunnel was built all sent packets will be encrypted Without connecting to the original IPSec VPN tunnel a client has no alternative way to gain network connection beyond this IPSec VPN feature supported by WHG CONTROLLER directly solves possible data security leak problem between clients and the system via either wireless or wired connections without extra hardware or client software installed Limitations The limitation on the client side due to ActiveX and Windows OS includes gt Internet Connec
132. ckbox and then click the button below to Reboot Enable Disable Delete Apply Template and Apply Service Zone Tag Based the selected AP if desired AP Type EAP700 List AP Name hd Search AP List IP Address Status AP Name No of Client Service Zone MAC Address Channel Online 192 168 10 1 Enabled EAP700 0 0 Default 00 A7 03 14 CA 02 4 192 168 1 232 Offline EAP700 1 0 Default 12 34 56 78 32 12 NA 192 168 10 32 Offline EAP 700 2 0 Default 12 34 56 72 32 41 NA Reboot Enable Disable Delete Apply Template Total 3 141 9 8 2 Apply Template Select any AP by check the checkbox and then click Apply Template select one template to apply to the AP TEMPLATE Template TEMPLATE1 Band 802 11b 802 11g Subnet Mask 233 293 734 0 Gateway 197 168 1 254 Note If the Band of the template cannot match current Channel the Channel will be changed to Auto 142 9 8 3 Apply Service Zone Tag Based Only Select any AP by the check the checkbox and then click Apply Service Zone to select which Service Zones this AP associates to For example if SZ3 and SZ5 are selected for this AP then these two Service Zones will be available under this AP This AP will have two VAPs with two SSIDs according to two Service Zones for clients to associate If a user connected to one SSID for example SSID3 of this AP and wishing to access the Internet then this user must log into Service Zones SZ8 fi
133. control profiles This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services The following portion of this section explains the basic concepts of WHG Controller With the understanding of these concepts the administrator will be able to do more advanced network planning and to manipulate the configurations of WHG Controller to suit his own specific application It is sufficient for most of administrators to use the default configuration with minor WAN DNS address changes for simple deployments Gateway is a network node where a small network attaches to a bigger network WHG Controller is a kind of gateway in a network environment hence it has those features a typical gateway has such as NAT DHCP DMZ Firewall and etc Conventionally the bigger network is referred as the gateway s WAN side or upstream network while the small network is referred as the gateway s LAN side The Ethernet ports leading to the WAN side network is called WAN ports The Ethernet ports leading to the LAN side network is called LAN ports Local User is a type of user with its account credential stored in a built in database named Local within WHG Controller The WHG Controller s Local database capacity varies with different model A local user account does not have an expiration date once they are created If administrator wishes to terminate the account he must remove it manually
134. cope for LDAP authentication with 4 binding types available User Account Anonymous Specified DN and Windows AD e Account Attribute The attribute of LDAP accounts e Attribute Group Mapping The administrator can specify the mapping of specific LDAP attributes name and value to Group profiles When enabled users login into the network with an LDAP account will have his her user group determined based on the LDAP attribute the account carries 6 1 5 Configuring POP3 Choose POP3 from the Authentication Database field Except Local authentication the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database Authentication Option radius ame ne te a Authentication Database POPS Configure or ce O e Name Configurable text string designated as the mnemonic name of this authentication option e Postfix Is the text string entered as a postfix in the account field for notifying the Controller which authentication database this account belongs to e Black List System has built in black list profiles where specific user accounts can be listed When selected and applied here it tells the Controller that the accounts on the selected black list should be denied authentication e Group The Group profile that will govern the users authenticated via this authentication option e Enable Local VPN When checked users authenticating with this authenticatio
135. ddress used at the user end authentication can still be performed through WHG CONTROLLER e IP PNP When IP PNP is enabled a PC with a static IP address can still access the network even the system enables built in DHCP server No TCP IP reconfiguration is needed e Cross Gateway Roaming Configure this gateway to Master or Slave In Master mode you may also need to input the Slave IP and Secret Key In Slave Mode input Master IP and Key 7 Master Node While configure Master Node one master could active up to 15 Slave node setting Cross Gateway Roaming Mode Disable Master Node Slave Node Status Node List Slave Nodes Setting No Active Remote IP Address Secret Key Remark 1 oO Slave Node While configure Slave Node enter its master node setting Cross Gateway Roaming Mode Disable Master Node Slave Node Status Node List Master Node Setting Remote IP Address fe Remark 172 11 4 DNS Cache Configure DNS Cache go to The administrator could statically assign Domain Name to IP mappings for all clients connected to the WHG Controller s LAN network This feature can be used to redirect clients to preferred IP address for certain Domain Names DNS Cache Setting DNS Time to Live 120 seconds 0 604800 i e up to 7 days DNS Cache No IP Address Domain Name 1 y 2 4 E 5 Ee 173 11 5 Dynamic Domain Name Service Configure Dynamic Domain Name Service
136. de Area APs go to Access Points gt gt Enter Wide Area AP Management gt gt Backup Config Backed up Config files can be used to restore an AP s settings in List When administrator backups an AP s configuration settings all the backup files are listed at the Backup Config tab page and can be downloaded to a local storage device or deleted from WHG Controller s memory Backup Config Device Type Version Size Backup Time File Name Action Download EAP200 1 50 00 35367 2010 12 15 11 32 44 EAP200_ext_20101211 Delete 167 10 9 Firmware management and upgrade Upload or view the details of previously uploaded firmware for upgrading APs go to Access Points gt gt Enter Wide Area AP Management gt gt Firmware The WHG Controller can store AP s firmware in its built in memory Under the Firmware tab page administrator can upload new AP firmware to the WHG Controller s memory allowing for easy remote AP upgrade and restore operations from the AP List page The AP firmware listed under this page can be downloaded or deleted from WHG Controller memory if desired Firmware FileName i Firmware List File Name Device Type Version Size Actions 168 10 10 CAPWAP Enable CPAWAP auto discovery feature for supported AP s go to Access Points gt gt Enter Wide Area AP Management gt gt CAPWAP CAPWAP is a standard interoperable protocol that enables a WHG Controller to manage a collection of wireless access p
137. designed to move information efficiently within a computer network 177 a group of physically connected computers or similar devices You can configure each interface Circuit Type to Level 1 or Level 2 IS IS Configuration Enable IS IS Enable Disable Basic Configuration Router Level Interface Status Circuit Type WAN1 Enabled WAN2 Disabled Default Enabled SZ1 Disabled SZ Disabled S73 Disabled sz4 Disabled sz5 Disabled SZ6 Disabled S77 Disabled sz8 Disabled Net ID It is the ISO address Network Entity Title NET The NET is used just like an IP address to uniquely identify a router on the inter network Circuit Type Level 1 systems route within an area when the destination is outside an area they route toward a Level 2 system Level 2 intermediate systems route between areas and toward other routing domains The level type of each network interface can be assigned 178 12 System Management and Utilities 12 1 System Time Configure System Time go to System gt gt General 12 1 1 NTP NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically Universal Time is Greenwich Mean Time GMT System Time 2010 06 02 18 21 16 Time Fone NTP Server 1 tock usno navy mil fe 9 tock usno navy mil NTP Server 2 ntpi
138. e load calculated using session bytes or packets Enable Load Balancing WAN1 Weight 50 Range 1 99 E Warning of Internet Disconnection i ec WAN Failover Once enabled whenever WAN1 is down WAN2 will service the traffics originally handled by WAN1 until WAN1 link is up again and vice versa This feature is not available to be used concurrently with Load Balancing E Enable Load Balancing Enable WAN Failover E Warning of Internet Disconnection WAN Connection Detection The system will periodically check to see if the Internet uplink connection is down by seeing if it can get responses from three target sites Target for detecting Internet connection Connection Detection E Enable Load Balancing E Enable WAN Failover Warning of Internet Disconnection When Internet connection is down the system will display the message as Sorry The service is temporarily unavailable Warning of Internet Disconnection When check box is checked the entered message will be displayed on clients web browser when outbound internet connection is down 5 5 LAN Port amp Service Zone Mapping WHG Controllers support 2 types of VLAN modes Port Based and Tag Based Go to Main Menu gt System gt LAN Port Mapping 41 ISP DSL Cable mp P I DSL Cable i re ved Modem WANI WANT p d Pe i Mn T E lis Taa w gt z Ey i a i aT 5 n Loyer Swiich a E lover Switch AD VLAN Switen
139. e Expression field o When the administrator is executing any Network Utilities features the status of the operation is displayed here The operation result is displayed here 189 12 10 Certificate Configure Certificate Utility go to AC can issue certificates to APs that it manages in its private network Administrator can sign certificates issues by the system s root CA and load these certificates to managed APs These APs will be used in verifying the identity and authenticity of CAPWAP discovery requests between AP and AC Certificate Utility Create Root CA w Certificate Signed Information Common Name fo Email Address fe Country Name State or Province Name fe Locality Name OoOo Organization Name fs Organization Unit Name Key Type Key Length 512 w Certificate Information CERT e Download Hae Subject Issuer Walid Date Delete My Root CA Default Certificate Root CA N A N A N A Default C US5 ST US L CA O EXAMPLE ING C US ST US L CA O EXAMPLE INC 2020 08 13 Get Key Certificate CN gateway example com CN gateway example com 10 36 37 Get CERT My Issue Certificate N A N A N A N A Trust CA N A N A N A N A Get CERT Download Certificate m Get Key Download Key 190 e Create System s Root CA Administrator can create a root CA for private use The created root CA certificate can be downloaded and used to sign certificates generated by the system CERT 7 T rame O Sibe ee My Ro
140. e VPN Configure Remote VPN go to WHG CONTROLLER support Remote VPN for user login to system from remote area After the user is login to system from the outside network of WAN the user will feel that it is look like login to WHG CONTROLLER under the service zone locally They also can be applied Policy and are controlled by system to access the network Remote VPN for the Entire System Remote VPN Status Enable Disable Se Start IP Address 192 168 6 1 _ Support up to 100 connections SIP Configuration Enable O WAN Interface WANI Auth Option Auth Database Postfix Default Enable Server 1 LOCAL local Authentication Options Server 2 POP3 pop3 O Server 3 RADIUS radius Server 4 LDAP ldap C Group Permission Configuration EDERE Applied Policy to Remote Client Policy 1 Remote VPN Login Page All settings are look like the settings in Service Zone It also can setup the SIP WAN Interface Authentication Options Group Permission Applied Policy and customizable Login Page After Remote VPN is enabled when you browse the home page with the WAN IP you will get the Remote VPN login page input the enabled authentication options username and password then you will login success to system After Remote VPN is enabled the default home page will be the Remove VPN login page If you want to A access the WMI of WHG CONTROLLER please input login shtml after the WAN IP For example it may be http 192 168 X X login
141. e Zones for different departments xDSL Cable Modem G tarnet SPT Intern for Guests for Employees AN The switch deployed under Controller in Tag Based mode must be a VLAN switch only 27 3 3 AP Management Concept AP Management feature is designed not only for internal network AP deployment but also overlay deployment at remote locations over the cloud WHG Controllers can manage from 30 to 500 LevelOne Access Points depending on model For overlay AP deployment WHG Controllers establish a secure tunnel between the managed AP and Controller Built in External WHG 2 Account 2 3 l eN Authentication i Database ee K Server Optional Controller Modem 2 SS Balancing lt nal GF ww Switch Firewall Modem Managed AP ra Access to Internal Network amp Internet Mail Server Web Server dy pajauuny App Server i QS Router Ji io am 6 6 e Tie Q n QA Managed AP N A Access to Internal Network amp Internet Receptionist A S TORTE A js Over internal L3 devices Location 1 Certain AP models with additional Ethernet ports can also provide wired network service When managed remotely over the internet the APs wired user traffic can be forwarded into the internet without having to be tunneled back and centrally forwarded by the AC This feature is an example of Distributed Traffic Forwarding DTF 28 4 Getting Started 4 1 Accessing Web Managem
142. e available to allow the administrator to assign a Group for LDAP attribute therefore a Policy applied to this Group will be mapped to a user Group of a LDAP attribute When the type of database is Local the Group selection function will be available to allow the administrator to assign a Group to each user one by one Global Policy Global is the system s universal policy including Firewall Rules Specific Routes Profile and Maximum Concurrent Session which will be applied to all users unless the user has been regulated and applied with another Policy Policy Configuration Global Policy Select Policy Global w Firewall Profile Specific Route Profile Maximum Concurrent Sessions 300 v sessions per user e Select Policy Select Global to set the Firewall Profile Specific Route Profile and Maximum Concurrent Session e Firewall Profile Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules e Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this gateway settings include default gateway e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client 97 Policy 1 Policy n Beside Global Policy there are Policy1 to Policy n different models have different number of
143. e client authentication depending on how the administrator sets it up If a Service Zone requires user authentication the client will be prompted for the login in first before using the network services no matter whether the client is connecting to its SSID wirelessly or a switch port via wired line Group is a group of user accounts sharing the same access privileges QoS properties and network policies Each client account belongs to a Group Each Group may or may not be allowed to access a particular Service Zone depending on the how the administrator define its access mapping If the administrator does not assign a new account to any specific Group the account belongs to a catch all group named None by default Policy is for defining rules privileges or properties for managing users Each user group is bound by a Policy within a given Service Zone The same group may or may not be bound to the same policy in different Service zones There are two tiers of Policies The first tier is a policy named Global Policy The Global Policy is a base policy which will be applied to all users if not applied with another policy The second tier is called Group Policy or simply 23 Policy which can be chosen to bound the network behaviors of a Group The administrator can define the Firewall Profile Route Profile Schedule Profile and Max Sessions in a Policy The following Figure depicts an example relationship of Service Z
144. e first gateway in the Installed Gateway list will be the default The address order in the list will be the order in which these machines are used New gateway fT C ap Installed gateways Remove Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IF Address TCP IP Properties Dijgshle DNS Host Domain DAS Server Search Order C a gt Benove Domain Sufis Search Order ET loi x Ele Edit Tools Help Back A Search G4Folders history ie GSK A View Favorites Date Time Folder Options Fonts Display lt a Poio g Control Panel Py Se as O Game Internet Keyboard Mouse Network and Dial up Controllers Connections Options Connects to other computers 5 networks and the Internet W Windows Update Phone and Power Options Printers windows 2000 Support Z Pp Modem Connections EE SP S Z Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia System Users and VMware Tools gt Connects to other computers networks and the Internet My Computer Wy 2 3 4 Right click on the Local Area Connection icon and select Properties Select Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or a specific IP address Using DHCP If you want to use DHCP choose Obtain an IP address autom
145. e provided by us If the information you provide cannot be verified Wwe may Choose Billing Plan for PayPal Payment Page Plan Enable Disable Quota Price 1 Enable Disable 1 1 Mbyte s of traffic volume quota 20 2 Enable Disable 9 hr s 59 min s of connection time quota with expiration 57 3 Enable Disable 4 Enable Disable 3 Enable Disable 6 Enable Disable 7 Enable Disable 3 Enable Disable 9 Enable Disable 10 Enable Disable Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here Choose Billing Plan for PayPal Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt Client s Purchasing Record PayPal Payment Page Remark Content Client s Purchasing Record Starting Invoice Number Hotspot 0000000 Cl Change the Number Description Item Name Internet Access Title for Message to Seller Special Note to Seller PayPal Payment Page Remark Content A FPayment is accepted via PayPal PayPal enables you to send payments securely online using PayPal account a credit card or bank account Clicking on Buy Now button Client s Purchasing Record Invoice Number An invoice number may be provided as additional information against a transaction This is a reference field that may contain any kind of information Description Ent
146. e provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follows Please select utility Y Y V V qqqqqqaqaqqaqqaqqqaqaqqqaqqaqgqaqqqqqqqaqaqga k Trace routing path Display interface settings Display routing table Display ARP table Display system up time Check service status W Set device into safe mode W Synchronize clock with NIP server W Print the kernel ring buffer W W X J Hain menu Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status Trace routing path Trace and inquire the routing path to a specific target Display interface settings It displays the information of each network interface setting including the MAC address IP address and Netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed Display system up time The system live time time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If the administrator is unable to use Web Management Interface via browser for the system failed inexplicitly The administrator can choose this utility and set it into safe mode which enables h
147. e security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage amp Continue to this website not recommended More information b Please press Continue to this website to continue c The default user login page will appear in the browser User Login Username Password Remember Me 2 Enter the username and password for example we use a local user account test local here and then click Submit button lf the Remember Me check box is checked the browser will remember this user s name and password so that he she can just click Submit next time he she wants to login Check the Remember Me box to store the username and password on the current computer in order to automatically login to the system at next login Then click the Submit button The Remaining button on the User Login Page is for on demand users only where they can check their 94 Remaining quota User Login test local Remaining Remember Me 3 Successful The Login Successful page appearing means you are connected to the network and Internet now Hello you are logged in via test local To log out please click the Logout button ttt cee oe LEELLE LEE E EE
148. eans Syslog server System Log E that it is not configured The IP address and port number of the external Syslog Server N A means Syslog server On demand Users Log o that it is not configured Enabled disabled stands for that the system is currently using the proxy Proxy Server server or not Enabled Disabled stands for the connection at WAN is normal or abnormal Internet Connection Detection and all online users are allowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function currently being used or not Load Balancing Enabled Disabled stands for the function currently being used or not Enabled disabled stands for the current status of the SNMP management function User Logs The maximum number of days for the system to retain the users Retained Days information Receiver Email The email address to which the traffic history or user s traffic history Address es information will be sent NTP Server The network time server that the system is set to align System Time J 3 4 D 3 D O The system time is shown as the local time The minutes allowed for the users to be inactive before their account expires automatically User Session Control D O 5 _ Enabled disabled stands for the current setting to allow disallow multiple logins form the same account Preferred DNS IP address of the preferred DNS Server Server Alternate DNS IP add
149. ect the network in daily operation Session Log The system can record connection details of each user accessing the Internet called session log The log data can be sent out to a specified SYSLOG Server Email Box or FTP Server based on pre defined interval time gt The following table shows the fields of a session log record DOO 2 Date and Time The date and time that the session is established Session Type New This is the newly established session Blocked This session is blocked by a Firewall rule Username The account name with postfix of the user It shows N A if the user or device does not need to log in with a username For example the user or device is on a non authenticated port or on the privileged MAC IP list Note Only 31 characters are available for the combination of Session Type plus Username Please change the account name accordingly if the name is not identifiable in the record 111 gt The following table shows an example of the session log data Jul 20 12 35 05 2009 Jul 20 12 35 05 2009 Jul 20 12 35 06 2009 Jul 20 12 35 06 2009 Jul 20 12 35 07 2009 Jul 20 12 35 09 2009 Jul 20 12 35 10 2009 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1626 DIP 203 125 164 132 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1627 DIP 203 125 164 132 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80
150. elect Interface l display Operating mode of this interface ee e i E l IPv6 Prefix The prefix of IPv6 address Displays daily monthly and all time graphical summary of the TX and Rx rate Traffic Summary for this interface Traffic of the day Displays traffic information of the day in a table Traffic of the month Displays traffic information of the in a table Traffic of the top 10 Shows the top 10 traffic of the day records The operation mode of the default SZ Service Zone MAC Address The MAC address of the default SZ Default SZ1 SZ8 IP Address The IP address of the default SZ Subnet Mask The Subnet Mask of the default SZ Status Enable disable stands for status of the DHCP server in Default Service Zone Service Zone WINS IP Address The WINS server IP on DHCP server N A means that it is not configured Server Start IP Address The start IP address of the DHCP IP range End IP address The end IP address of the DHCP IP range Minutes of the lease time of the IP address 204 13 1 3 HW View Hardware Status go to Status gt gt HW This tab page displays the system s hardware usage information Hardware Information CPU 0 00 Memory 11 71 Disk Usage 5 98 Refresh Disable 205 13 1 4 Routing Table View Routing Table go to Status gt gt Routing Table gt gt IPv4 IPv6 Table All the Policy Route rules and Global Policy Route rules will be listed here Also it will s
151. eless LAN Click the link to enter the Wireless interface Wireless SSID Broadcast Enabled K Channel Auto Band 802 11b 802 11g Data Rate Auto Fragment Threshold 2346 S Default 2346 Range from 256 to 2346 RTS Threshold 2346 Default 2346 Range from i to 2546 Beacon Interval ms i anan Default 100 Range from 100 to 500 Preamble Long Only sl Transmit Power Highest v Wireless Q0S WMM Enabled x Wireless Client Isolation Disabled IAPP Disabled Status After clicking the hyperlink in the Status column there are two areas of information shown AP Status Summary and AP Status Details 139 AP Status Summary includes AP Name AP Type LAN Interface MAC address Wireless Interface MAC address Report Time SSID and Number of Associated Clients AP Status Details include System Status LAN Status Wireless LAN Status Associated Client Status and Local Log Status AP Status Summary AP Name EAP OO 0 AP Type EAP 700 LAN Interface MAC Address O0 A7 03 14 CA 02 irele er O nila 00 A7 03 14 CA 03 MAC Address Report Time 2010 09 13 11 14 08 SSID SSIDO Service Zone Default Number of Associated Clients 0 AP Status Details system LAN Interface Wireless Interface Associated Clients Local Log Status 140 9 8 AP Operations from AP List Configure AP List go to 9 8 1 Reboot Enable Disable and Delete the AP Select any AP by checking the che
152. en click Apply to complete the settings In the other system such as another WHG Controller setup its RADIUS server to this WHG Controller with same postfix then the local user in this WHG Controller can login success from another WHG Controller by RADIUS authentication 266 17 4 Seamless Cross Gateway Roaming Configure Notification go to Client Mobility IP PNP Enable Disable Cross Gateway Roaming WHG Controllers supports seamless inter Controller roaming with up to 15 other Controllers in a star like topology The Master Node means that this Controller will be at the center of the roaming cluster and its users can roan with all the Slave nodes The Slave Node are Controllers that are connected to the Master node Master AP their users can only roam with the Master node Cross Gateway Roaming Mode Disable Master Node Slave Node Status Node List Master Node Master node can roam with many slave nodes Contains 15 entries where network administrator can specify the slave nodes that will perform roaming with this master node Fill in the IP address and common secret key Check the Active check box and apply to enable roaming tunnel between the master node and slave node Cross Gateway Roaming Mode Disable Master Node Slave Node Status Node List Slave Nodes Setting No Active Remote IP Address Secret Key Remark 1 j 10 0 5 143 123123 additional info 2 3 Slave Node Slave node c
153. ent Interface When you have completed the hardware installation of your WHG Controller system configurations can be performed via built in Web Management Interface WMI Step 1 Connect your PC to any of the LAN ports of your WHG Controller Step 2 Set the TCP IP settings on your PC to Obtain an IP address automatically Step 3 Launch a web browser and enter the WHG Controller s default LAN IP address 192 168 1 254 If you are connected to a Mgmt port WHG 401 WHG 505 WHG 515 please enter the mgmt port IP address 172 30 0 1 CS https 192 168 1 254 Step4 Enter the default administrator account and password admin to login Once logged into the WMI the system s Home Page will be displayed Username admin Password eeeceee OLogout Help Setup Wizard Quick Links Swi n Overview If your PC is connecting to the LAN port and you can t get the Administrator s login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the built in DHCP Server 2 The IP address and the default gateway are not under the same network segment Please use default IP address such as 192 168 1 xx in your network and then try again 29 After a successful login a Home Page will appear on the screen OLogout Help Setup Wizard Quick Links Sci Overview For the first time if WHG Controller is not using a trusted SS
154. entication Required For D Enab zom P the Zone nanie isable uspen MAC Authentication Configuration Configure Enabling the need to authenticate means that any user accessing this Service Zone will need to be authenticated first before gaining access to the internet The users Group will be determined depending on which type of authentication server this user belongs to and therefore different authentication server s users in the authentication required Service Zone can be bounded with different policies as set in Service Zone Group Mappings Authentication Settings Authentication Required For the Zone MAC Authentication Configuration Enable Disable Suspend Configure Suspending a Service Zone s need to authenticate means that no newly connected users are allowed to access this service Zone until it is configured back to either enabled or disabled by the network administrator 85 A warning message can be customized at Main Menu gt System gt General page which will be displayed on the web browser of newly connected users when a Service Zone s authentication is under the Suspend status Suspend Warning Message Sorry The service is suspended gt gateway example com v Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com The purpose of this feature is to prevent further loading
155. er Log DHCP Lease Log System Report C CPU Loading CPU Temperature C Memory Usage C Network Traffic Online User Successful Login U Session DHCP Lease C DNS Query Notification Settings Receiver E mail Address es 2 3 4 2 N A N A N A N A N A N A Detail Test Detail Send Detail Send Detail Send Detail Send Detail Send _ Detail Send SYSLOG Detail Detail Detail Detail Detail Detail Detail Detail Interval 1 Hour v Daily Report Weekly Report Monthly Report C Daily Report 1 Weekly Report Monthly Report Detail Clicking this radio button allows the specification of the FTP server folder where the logs sent will be stored on the FTP server Note The outputted log files to the FTP server will be named according to the format Topic_ ExtraDesc_ SystemName_ Date_Time txt For example HTTPWebLog_ GW1_ 2010 10 15 0800 txt 221 13 2 5 System Report The function provides the graphical statistics information of CPU Loading CPU Temperature Memory Usage and etc This page displays system status and resource usages in a plotted graph It can show the total DHCP Lease number of all Service Zone and each Service Zone System Report Item CPU Loading Time 1 Hour 2 0 1 9 1 8 1 7 1 6 1 5 1 4 1 3 1
156. er account will be created After the account is created you can print the ticket with all of the necessary on demand user s information including the username and password If no Billing plan is enabled accounts cannot be created by clicking Create button Please goes back to Billing Note Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer On demand Account Creation Plan Account Type Quota Price Status Function 1 Volume 1 1 Mbyte s of traffic volume quota 20 Enabled 2 Usage time 9 hris 59 mints of connection time quota with expiration 57 Enabled e Plan The number of the specific plan e Account Type The account type chosen for this plan Different account types have different properties A Suitable account type should be selected that will best meet guest usage requirements e Quota The usage terms on how much or how long an On demand users are allowed to access the network e Price The unit price of the respective billing plan e Status Show whether the billing plan is enabled or disabled e Function Press Create button for the desired plan an On demand user account will be created and then click Printout to print a receipt which will contain this on demand user s information On demand Account Creation Plan Account Type Quota Price Status Function 1 Vol
157. er ne eer ee me eee ee eee 10 2 2 2 sd Feo To x Fe Rh gt 2 Reena ne eer ee ee eee ee 11 2 2 3 WECG A0THIrOWA G meee ime Per ere ee se ene edt me ee aN ee ee eee nn eet ee eee 12 2 2 4 sign eos O ha a HardWare mete ee ne er oe ene eee ee 13 2 2 5 WEG SITO a Fe RO hs gt Rare eae eee ere eee nee ero eer 14 2 2 6 WAG 707 HAW al G aiea a Sess elas ie E lila Ree ah ote test 15 Preparation before the Installation cccsscccseccceecceeeceueeceeeceeeecsuceseeecueeeeeesseeesseesseeens 16 Unpacking Sc MSTA MG sastiat cs osmer cone toch ded anit ied le lad tere Oa cal nnd Aout ita ce 17 2 4 1 WHG 311 Package amp INStallation c cc cccccccsseeceeceeeeeeseeeeeeeseeseeesseeeesseeeeeessaseeessaeeeesnegeeeeseess 17 2 4 2 WHG 315 Package amp Installation cccccccccsseseeeceseeeeceeeeeeeeeeseeeeeeeeeeeseeeeeseaseeessaneeessaeeessaees 17 2 4 3 WHG 401 Package amp INSTANATION iiveunccisrinewytseicoveiaurucWavacccguiditcuecetocudevelouguaeraavanestebimenetanitousdde 18 2 4 4 WHG 505 Package amp Installation cccccccccssssceeceeeeeeeeeeeeeeseeseeeseeeeeeseaeeeessaseeessaneeeenaaeeeesaess 19 2 4 5 WHG 515 Package amp Installation ccccccccccssseceeceeseeeceeeeeesseeseeeeseeeeeseaseeessaueeessaneeeesaeeeesnens 19 2 4 6 WHG 707 Package amp Installation sx ccsccus nsnciias sinasiceyeacanudeihiuaicawmacne esianacieg bana desis iueilennneunguen jewndeoenens 20 System OvervieW Sasccansate t
158. er the product service description e g wireless access service Title for Message to Seller Enter the information that will appear in the header of the PayPal payment page PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of Rate Plan For example it can describe the cautions for making a payment via PayPal 258 16 3 Payments via SecurePay Configure Payments via SecurePay go to User gt gt Authentication gt gt On demand Users gt gt External Payment Gateway gt gt SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable SecurePay Payment Page Configuration Merchant ID Merchant Password Payment Gateway URL Verify SSL Certificate Currency AUD Australian Dollar i Service Disclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Choose Billing Plan for SecurePay Payment Page Plan Enable Disable Quota Price 1 Enable Disable 1 1 Mbytels of traffic volume quota 20 2 Enable Disable 9 hris 59 min s of connection time quota with expiration 57 3 En
159. erminate the uploading process and no account will be uploaded Please correct the format in the uploading file or delete the duplicated user account in the database and then try again Local VPN Enabled Username Password MAC Address 1 enable 0 disabled e ey Uuser3 user3 00 00 00 00 00 00 3 user3 1 f Applied Group Remark Download User Use this function to create a txt file with all built in user account information and then save it on disk Download User to File Applied Group Username Password MAC Local VPN Enabled Address Remark 1 test 1234 None 264 17 2 Backup Restore and Upload New On demand Users Accounts Configure Backup Restore On demand Users Accounts go to Users gt gt Authentication gt gt On demand User gt On demand Account List Backup Current Accounts Use this function to create a txt file with all current user account information and then save it on disk Restore Accounts After the current user accounts have backup you can restore all these accounts to another system Click Restore Accounts to enter the Restore On demand User Account interface Click the Browse button to select the text file for restore the user accounts and then click Submit to complete the restore process On demand Account List Username Password Remaining Quota Status Group Reference External ID Delete All woe i er hrf a ae Group oye emSnc2n2 1 days 1 hris 1 minis Expired 34 Del
160. ers are numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Beside the Default Authentication all other authentication server users need to key in postfix in username during login in order for the Controller to recognize which authentication server to authenticate against 96 7 Policies and Access Control 7 1 Policy Configure Policy go to WHG Controller supports multiple Policies including one Global Policy and individual Policies Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users Global Policy is the system s universal policy and applied to all clients while other individual Policy can be selected and defined to be applied to any Service Zone The clients belonging to a Service Zone will be bound by an applied Policy In addition a Policy can be applied at a Group basis a Group of users can be bound by a Policy The same Group can be applied with different Policies within different Service Zones When the type of authentication database is RADIUS the Class Group Mapping function will be available to allow the administrator to assign a Group for a RADIUS class attribute therefore a Policy applied to this Group will be mapped to a user Group of a RADIUS class attribute When the type of authentication database is LDAP the Attribute Group Mapping function will b
161. es WHG 515 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 e RS 232 DBY to RJ45 Console Cable x 1 19 Ethernet Cable x 1 Straight through Ethernet Cable x 1 Power Cord x 1 Rack Mounting Bracket with Screws x 1 It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance Installation Connect the power cord to the power socket on the rear panel Turn on the power switch on the rear panel The Power LED should be on to indicate a proper connection Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection Connect an Ethernet cable to the Mgmt Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel Connect the other end of the Ethernet cable to an AP for extending wireless coverage a switch for connecting more wired clients or directly to a client PC The LED of port should be on to indicate a proper connection 2 4 6 WHG 707 Package amp Installation Package Checklist The standard package of WHG 707 includes WHG 707 x 1 CD ROM with User s Manual a
162. ess Channel 192 168 10 1 Configuring EAP 700 Tony 0 Default 00 47 03 14 C4 02 4 192 168 1 232 Offline EAP 700 1 0 Default 12 34 56 78 32 12 NA 192 168 10 32 Offline EAP 700 2 0 Default 12 34 56 72 92 41 NA Reboot Enable Disable Delete Apply Template Total 3 e AP Name Click AP Name and enter the interface about related settings There are four kinds of settings General Settings LAN Interface Setting and Wireless Interface Setting Click the hyperlink to proceed with the configuration of that category General Settings AP Name EAP 00 0 General Firmware 1 10 01 LAN Interface Settings IP Address 192 168 10 1 LAN Gateway 192 168 1 254 Wireless Interface Settings Channel Auto Wireless LAN Data Rate Auto 138 gt General Setting Click the link to enter the General Setting interface Firmware information also can be observed here Name Admin Password NTP SNMP SYSLOG Remark Firmware General Settings EAP700 0 LELEL Time Zone GMT 08 00 Taipei Taiwan NTP Server 1 tick stdtime gov tw NTP Server 2 tock stdtime gov tw Disabled v Disabled v 1 10 01 gt LAN Setting Click the link to enter the LAN Setting interface Administrator can revise the AP s LAN IP settings including IP address Subnet Mask and Default Gateway of AP LAN IP Address 192 168 10 1 Subnet Mask 255 255 0 0 Default Gateway 192 168 1 254 Primary DNS 192 168 1 254 Secondary DNS gt Wir
163. estes cate ccue treet eaten tne atten bocta treet ieeee ete tnceete ene 22 SY SLCMM CONCE Dbsecncte sata aise teed cranedatabade es a eat neeteteeeataeaad 22 Sence ZONE CONCEP saris EE E EISERES 26 AP Management Gone eDl arse a a soak taal cai Sane it aac 28 GOING Starless a aaae 29 Accessing Web Management Interface cccccccseecceeccececeececeeeceeeceueeseuecaeessaeessusenaess 29 Home PAGE soaren E E EEEE 31 4 2 1 SEUD VWI ZAI E EE EE EE en eas N EN 32 4 2 2 QUICK EMRS Aie a E a A 33 4 2 3 SVSIEMMOVEIVICW sirean a anced san auacoantaianahienautedlaneat ann oucueddtahelaaciavasaesouceamanede 34 4 2 4 AYE a MERU duien aE rt en a Pre eo er nee oe 35 4 2 5 Ga tap beret re etry tr CS NR NT ON FR tN 36 INIT INCTWOLK SetU D ra a aa 37 Network FCOUIFCINICIIE sitomnicva tore Grav aa a E Otel cael camneal ocdaiged 3 Managing SyStem Date Ge TINE weteiex cov car scoeenas a E oideewaazersesaneactexisaceid 37 WANT ze VIAN SOT Dic sec oe cscitn en Stee a a done Sauten eb ean dee a Sebtehda dees aa 38 WAN TaM COMTO serei a whecaaceane ne au aan Sacarnatearweuta ey tec erate eantmaretaeet 40 LAN Port amp Service ZONE Mapping ccccccecceceseeceeeecseeececeeseeessueeeseueesseeeesesesseeessaees 41 LAN Parution SeMnViC ZOMG asics orcas nah a ueass Paes eden nanan det aee Rommenty Ddaaeame 44 5 6 1 Planning Your Internal NEtwork ccccscccccceseeeeeceeeeeecseeeeesseeseeeesaueeeeseueeesseaeeeessaseeesseneeessaeeees
164. ete 265 17 3 Account Roaming Out Configure Notification go to In sometime WHG Controller s built in Local database can act as a RADIUS server for Roaming Out from other system The Local User database will act as the RADIUS user database e Account Roaming Out amp 802 1X Authentication When Account Roaming Out is enabled the link of this function will be available to define the authorized device with IP address Subnet Mask and Secret Key Account Roaming Out 807 1 Authentication Default Auth Server No Type Local User Database Settings Local User List Enable Disable Local user database will be used as authentication database for roaming out users Enable Disable Local user database will be used as internal RADIUS database for 802 1xX enabled LAN devices such as AP and switch RADIUS Client Device Settings 802 1X Auth Setting Disable The Auth server is for username only with ID e g useri RADIUS Client Device Settings IP Address Subnet Mask Secret Key SNMP Community 1 Roaming Out 192 168 1 7 255 255 255 255 32 2 802 1x v 192 168 1 8 255 255 255 255 32 3 DM amp CoA kr 255 255 255 255 V39 M Click the hyperlink Roaming Out amp 802 1x Client Device Settings to enter the Roaming Out amp 802 1x Client Device Settings interface Choose Roaming Out and key in the Roaming Out client s IP address and network mask and th
165. etwork IPv6 Address Enter the desired IPv6 IP address Prefix Length Set the desired length of your IPv6 mask Default Router The default router that routes packets from IPv6 to IPv4 network Preferred DNS Server The primary DNS server used for this connection Alternate DNS Server The substitute DNS server used for this connection gt go6 go6 is a platform that connects the world to the new Internet with IPv6 products community and services You may choose this connection option if you have a registered account Static Use the following IPv6 settings 6to4 gos Type Server Address Po Assign Broker Address Enable Disable Username Username of your go 6 account Password Password of your go6 account Server Address The servicing go6 server address Preferred DNS Server The primary DNS server used for this connection Alternate DNS Server The substitute DNS server used for this connection Assign Broker Address Select Enable if you wish to use tunnel broker service Broker Address The address of your broker 53 6 User Authentication and Grouping 6 1 Overview of User Authentication Database e Built in User Databases Local and On demand are Controller s built in user databases designed to house static and temporary accounts respectively Local database is ideal for storing long term accounts for instance employee accounts while On demand database is ideal for ge
166. etwork Connections File Edit Tools Advanced Help Back 7 3 Search gt Folders v P EH Address Network Connections View Favorites lt v 8 gt LAN or High Speed Internet g nabled E a AMD PCNET Family PCI Ethern Network Tasks R ocal Area Connection fl Create anew connection device X Repair this connection Set up a home or small Disable office network Status Disable this network i Repair Bridge Connections mij Rename this connection view status of this connection Change settings of this E connection Create Shortcut Other Places G Control Panel My Network Places Local Area Connection Properties 4 dyvanced General Authentication Connect using BS AMD PCNET Family PCI Ethernet Adapter This connection uses the following thems El Client for Microsoft Networks m File and Printer Sharing for Microsoft Networks mmm Internet Protocol TCP IP Install Description Uninstall L Foris D Transmission Control Protocolelntemnet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Internet Protocol TCP IP Properties Obtain an IP address automatically and click
167. fied here e Delete All Expired Accounts A click of the Delete button will delete all expired accounts on the Ondemand account list and recycle these accounts ready for new account generation 2 Ticket Customization On demand account ticket can be customized here and previewed on the screen Ticket Customization Receipt Header 1 Welcome Receipt Header 2 Receipt Header 3 Receipt Footer 1 Thank You Receipt Footer 2 Receipt Footer 3 Remark None Background Image Default Image D Uploaded Image Edit Number of Tickets 162 Remark Remark2 57 3 SN XXXXXX Welcome Username xxxx ondemand Password XXXXXXXXX Plan Account Type 1 Usage time Quota xx hr s xx min s Total Price 1 99 Reference Customer xxx External ID shared Wireless Key None Open System Your account is activated at 7A Your first time login must be done before 2011 05 11 15 45 db You have to login before Zk The account will be expired in after account activation _ Thank You e Receipt Header There are 3 receipt headers supported by the system The entered content will be printed on the receipt These headers are optional e Receipt Footer The entered content will be printed on the receipt This footer is optional e Background Image You can choose to customize the ticket by uploading your own background image for the ticket or choose the def
168. figuration 4 Port Location Mapping Configuration Fort Location Mapping Status fo Enable Disable Port Location Mapping Setup 299 2 Port Location Mapping Configure Port Location Mapping go to System gt gt Port Location Mapping gt gt Configure Create Batch From LAN1 v Port Type Free Service Zone Default v VLAN ID Start Number of VLAN Start Room NUM Location ID Room NUM Location ID Prefix Room NUM Location ID Postfix Apply Change All Port Type Port Type Free v Service Zone Default v Create One From LAN1 Port Type Free v Service Zone Default v VLAN ID 1 4094 Room Number Location ID Room Description Location Name Apply Administrator could use Port Location Mapping feature to map a location such as a hotel room to a VLAN port of VLAN switch or a DSLAM device Each Room is mapped to a VLAN Tag And each Room can be assign to different Service Zone to get different policy Furthermore according to your application you can configure the different rooms to different Port Type Single User Multiple User Free or Block Free this port type means the user can access internet in this room without any charge If you do not want to provide any internet access right in the rooms you may change the Port type of the rooms to Block If the user opens a browser and tries to access internet it will pop up a Blocking message to notify the user Single User port ty
169. for Login Page please refer to External Login Page Parameters for URL parameter relating to other pages such as Login Success Page and etc Therefore it is important that your external pages are designed by someone with good knowledge of URL parameter utilization Diagram below explains how External Page operates using user login flow as illustration 236 External Web Server Gateway ww ial j Mi i warns sor Opens Brower Gateway redirects user and sends necessary URL parameters URL Parameters to external login page External login Page is sent to the client User enters Username and Password and submit External Login Page sends user login credentials back to Gateway for authentication URL Parameters Gateway authenticates the user credentials against its authentication servers Redirectclient to login success page URL Parameters or login fail page according to result Sends Login success page or Login fail page to client as instructed by the Gateway Sees Login Success Page if Authentication pass Sees Login Fail Page if Authentication fails The URL parameters sent by the Gateway to the external login page are as follows String URL encoded The URL which shall be submitted when user login remainingurl String URL encoded The URL which shall be submitted when user want to get remaining quota Integer 1 4094 VLAN ID IP format Gateway activated WAN IP address IP format
170. for the Port Settings administrator to handle the problems and situations occurred during operation 1 In order to connect to the console port of WHG Bite per second 9600 x CONTROLLER a console modem cable and a terminal simulation program such as the Hyper Data bits E Terminal are needed 2 f a Hyper Terminal is used please set the parameters Ro Mone as 9600 8 None 1 None l Stop bits as Flow control Mone Restore Defaults caret too _ f The main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of WHG CONTROLLER is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system where the welcome screen or main menu should appear If the welcome screen or main menu of the console still does not pop up please check the connection of the cables and the settings of the terminal simulation program lease Haad functions La Le gagad Wqqqqqqai qak Utilities tor ne Fn qebucaine w Change admin password W Reload factory default H Mostart Restart W w 197 Utilities for network debugging The console interfac
171. from the database A local database can be used as an external RADIUS database for another WHG Controller product for account roaming On demand User is a type of user with its account credential stored in a built in database named On demand within WHG Controller The WHG Controller s On demand database capacity varies with different model On demand User is used for short term usage purpose it has an expiration period An on demand account record will be recycled for creating new on demand account if it has expired for over 15 days or has been deleted by the 22 Administrator Manager manually External Authentication Database is a user account database that is not built inside WHG Controller Besides Local database and On demand database WHG Controller allows up to three additional External Authentication databases simultaneously The types of external Authentication databases supported are RADIUS POP3 LDAP including Active Directory and NTDomain Win2K s NTDS The database of another WHG Controller device can be used as an external RADIUS database External Authentication Database is useful for implementing account roaming for example multiple WHG Controller devices in multiple campuses can share one common external database A user needs only one account in the common database to access the network from different campuses Service Zone is a logic partition of WHG Controller s LAN network The concept of Service Zone is si
172. function After successful authentication the clients will be redirected back to the desired proxy servers Basically a proxy server can help clients access the network resources more quickly This section presents basic examples for configuring the proxy server settings of WHG CONTROLLER Outgoing Proxy Traffic Proxy Server Enable Build in Disable Build in External Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet For example the following diagram shows that a proxy server of an ISP will be used ee Cable Modem Gateway i Acecss Point T ISP Proxy Server Follow the following steps to complete the proxy configuration Step 1 Log into the system by using the admin account Step 2 Network gt gt Proxy Server gt gt External Proxy Servers page Enable the Built in Proxy Server Click Apply to save the settings Outgoing Proxy Traffic Proxy Server Enable Build in Disable Build in External 124 Using Extranet Proxy Server The second scenario is that a proxy server is placed in the Extranet such as DMZ which all users from the Intranet or the Internet are able to access For example the following diagram shows that a proxy server of an organization in the DMZ will be used Gateway i i Access Point Access Point NW Notebook Notebook Q Follow the follo
173. g Plan No random Optional Integer A random number this number is to prevent quick click issue in IE 6 0 ret_url Optional String URL encoded Return URL Output If no ret_url is presented the client would be redirected to a ticket page in our UI style If ret_url is presented client would be redirected to ret_url and receive the result containing created on demand account information Field Value Result String the format is separated by 4 username password expiretime usage 249 Description lf ret_url is presented the client would be redirected to ret_url page and carry the result valuable expiretime is account expiration time which is a Linux time stamp and duration is account duration time and the unit is day serial price number is account s n duration serial number 250 15 6 Disclaimer Page Configure Disclaimer Page go to System gt gt Service Zone gt gt Service Zone Configuration gt gt Disclaimer Page Before the configuration of the Disclaimer Page Disclaimer Page must be enabled first click on Enable Disclaimer Page to redirect to General Settings System gt gt General gt gt Disclaimer Page Note Please Enable Disclaimer Page 4 General Settings for the Entire System System Name O O eee Information Suspend Warning Message Sorry The service is suspended lgateway example com Use the name on the security certificate FQDN of this device f
174. gateway to provide VLAN connection to individual rooms The Port Location Mapping feature is also commonly used in hospitality venues to manage the internet service for their guest rooms and public areas In addition it can operate in conjunction with third party hospitality applications and has been tested with the Net Retriever middleware which provides seamless integration between the gateway and the popular High Speed Internet Access HSIA hardware and Front Office System FOS software Each Port Location Mapping entry can be configured to provide charged single or multiple user free or blocked internet service at the location corresponding to the entry s VLAN Tag Please note that for charged service to work it is required that least one or more On demand Billing Plans are created allowing the user to choose a desired plan to pay for their internet access i Nik For more detail of On demand Billing Plan configuration please refer to the section of On demand ote Users 7 Enabling Port Location Mapping The Port Location Mapping feature allows each Service Zone to own multiple VLANs as if each VLAN is a port in order to identify where the clients are coming from Before the configuration of the PMS Middleware or adding VLANs to a Service Zone the Port Mapping feature must be enabled first go to System gt gt Port Location Mapping Note Please enable Port Location Mapping Status and restart the system for Middleware con
175. go to Before activating this function you must have your Dynamic DNS hostname registered with a Dynamic DNS provider WHG CONTROLLER supports DNS function to alias the dynamic IP address for the WAN port to a static domain name allowing the administrator to easily access WHG Controller s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply Dynamic DNS DDNS O Enable Disable Provider DynDNS orgiDynamic Username E mail DO e DDNS Enable or disable this function e Provider Select the DNS provider e Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider To apply for free Dynamic DNS service you may go to gt gt Note http www dyndns com services dns dyndns howto html 174 11 6 Port and IP Forwarding Configure Port and IP Redirect go to This function allows the administrator to set specific sets of the IP addresses at most for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destinatio
176. go to The system provides some network utilities to help administrators manage the network easily Wake on LAN Ping Trace Route Network Utilities MAC e g XX XXIKXIKXIKXI XX Wake Up IP Domain Name Ping IF Domain Name stop IPv4a EE ARPing IP Domain Name Interface WANI ARP Table IPv6 Ping6 O e Trace Route 6 oars chan Neighbor Discovery Neighbor Cache Sniff Status Result Show E IP Domain Name Ping _ 1P Domain Name Stop 1P Domain Name Interface WANI Show Usage The Sniff tool is for the administrator to capture packets from the selected Interface The Packet count field is for telling how many packets to capture If the information of link layer is to be displayed check the Link Layer box If the packet information ts to be displayed in hexadecimal format check the Hex box To further filter the types of packets please enter the filtering Expression below following the syntax of Linux tcpdump command Example 1 to capture only TCP related packets occurring at port 23 type tcp port 23 Example 2 to capture only ARP related packets type in arp Example 3 to capture only ICMP related packets type in icmp Interface WANI Packet 1000 1 1000 Link Layer E Hex Expression Capture Stop 188 EE Wake on LAN It allows the system to remotely boot up a power down computer with Wake On L
177. hared by clients within this Group o Individual Maximum Uplink Defines the maximum uplink bandwidth allowed for an individual client belonging to this Group The Individual Maximum Uplink cannot exceed the value of Group Total Uplink o Individual Request Uplink Defines the guaranteed minimum bandwidth allowed for an individual client belonging to this Group The Individual Request Uplink cannot exceed the value of Group Total Uplink and Individual Maximum Uplink 93 6 3 User Login 6 3 1 An Example of User Login Normally users will be authenticated before they get network access through WHG Controller This section presents the basic authentication flow for end users Please make sure that the WHG Controller is configured properly and network related settings are done 1 Open an Internet browser and try to connect to any website in this example we try to connect to www google com a For the first time if the WHG Controller is not using a trusted SSL certificate there will be a Certificate Error because the browser treats WHG Controller as an illegal website gt Certificate Error Navigation Blocked Windows Internet Explorer iG http tiwww google com File Edit View Favorites Tools Help w y Certificate Error Navigation Blocked x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority Th
178. he APs Login ID and Password Then click Discover button If the new AP has been discovered it will appear in the following Discovery Results list gt Device Results The discovery new APs will be listed here The administrator can click Add to register the APs to the List for management When the discovery process is complete the APs found will be listed under Device Results table Here the administrator can specify the individual APs Device Name and SNMP Community string Click the Add button and the discovered APs will be added into List 152 10 2 Manually add AP Add an individual Access Points to the managed list go to Access Points gt gt Enter Wide Area AP Management gt gt Adding Besides Discovery feature that can search and list multiple APs for adding to the management list Adding page allows administrator to directly add a single Access Point to the management list Simply configure the devices IP address name and login credentials set a SNMP community string and click the Add button Add an AP Device Type Device IP f Device Name fF Password SNMP Community Device Type The device type of Wide Area APs Device IP The IP address of the AP to add to the management list Device Name The mnemonic name given to this AP device Login ID The Device s management interface login name Password The Device s management interface login password Y Y VV V WV SNMP Community The SNMP Read Community
179. he device requesting for an IP address On the other hand when disabled is selected the system will record the device s name when issuing IP addresses The devices name Host Name can be seen under DHCP Lease tab DHCP Server 2 Enable Disable When Enabled an additional DHCP server can be configured to assign IP address to clients associated to the alias IP of this Service Zone The configurable fields are the same as DHCP Server 1 Reserved IP Address List Each service zone can reserve specific IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients Click the Configure button to edit the Reserved IP List 49 Enable DHCP Serer DHCP Server DHCP Server Configuration Configure The administrator can reserve a list of specific IP addresses for special device with certain MAC address Fill a set of IP address and MAC address as reserve additional information can be entered in the Description field Click Apply to activate your settings Reserved IP Address List Service Zone S71 No Reserved IP Address MAC Address Description 1 Ld 2 3 E DHCP Lease Protection When Enabled whenever the Service Zone s built in DHCP server receives a DHCP request it will automatically bind the MAC address with an IP address permanently This means that once all the IP address has been assigned once it will be bound with the MAC address tha
180. he role of Group to configure the relation between Group and Zone 92 6 2 3 QoS Traffic Class and Bandwidth Control Configure QoS go to gt QoS Profile Set parameters for traffic classification Group 1 Traffic Configuration Traffic Class Group Total Downlink Individual Maximum Downlink lo Mbps Unlimit 0 Range 1 999 Individual Request Downlink Group Total Uplink Individual Maximum Uplink lo Mbps Unlimit 0 Range 1 999 Individual Request Uplink o Traffic Class A Traffic Class can be chosen for a Group of users There are four traffic classes Voice Video Best Effort and Background Voice and Video traffic will be placed in the high priority queue When Best Effort or Background is selected more bandwidth management options such as Downlink and Uplink Bandwidth will appear o Group Total Downlink Defines the maximum bandwidth allowed to be shared by clients within this Group o Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client belonging to this Group The Individual Maximum Downlink cannot exceed the value of Group Total Downlink o Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client belonging to this Group The Individual Request Downlink cannot exceed the value of Group Total Downlink and Individual Maximum Downlink o Group Total Uplink Defines the maximum uplink bandwidth allowed to be s
181. he settings Once the AP has completed the reboot process the tunnel will be in effect as shown in the APs Status gt gt Overview page 154 9 LAN Interface MAC Address IP Address 10 0 4 72 Subnet Mask 255 255 0 0 Gateway 10 0 1 1 Q GRE Tunnel Status Remote IP 10 0 5 199 Key 12345 00 1F D4 00 75 EF AP Status Profile BSSID ESSID Security Online Name Type Clients VAP 1 00 1F D4 00 75 F1 EAP200 1 None 0 Active Last RTT 0 001194 s AP s tunnel settings can be checked at System gt gt Management page System Log GRE Tunnel Trap Disable Enable Server IP Disable Enable SYSLOG Server IP Server Port SYSLOG Level Error Disable Enable Remote IP 10 0 5 199 Key 12345 On the WHG Controller side the AP s Tunnel status will show green light indicating an active tunnel has been set up between WHG Controller and AP Now the administrator can click Edit and re enter the Tunnel Status page to assign a Service Zone to this tunnel managed AP VAP status will display all the enabled VAP on the remote EAP 200 with their respective ESSID and VLAN ID An enabled Service Zone can be applied to each VAP entry and users associated to ESSID of this VAP will be governed by the applied service zone as if under the WHG Controller s managed internal network Status Key Profile Name VAP 1 VAP VAP 3 demo Tunnel Configuration Enable
182. horization profiles that will be applied to this operator account each Group profile can specify which SZ this account can access and the Maps that this operator can access Generate Admin Account Name IY office Confirm Password Configure Croup rop 2 ply Croup 3 Croup 4 Administrator can enter the desired user account name and password select an authorization Group profile and Apply The created operator account password group and status will be shown in the Admin List below 194 Generate Admin Account ooe O e Apply mame Pessword m mac Grow ss moe e om jerome o om m om eor ae admin 10 0 5 228 00 26 20 85 35 2E Super Group Utltes MlaUser shtml TT e Configure operator Group profile Group allowed SZ and Map can be configured here Overview NY _office EU Office Osaka_ office In this configuration page administrator can specify which Service Zone and Map are allowed to be accessed by the operator that belongs to this Group This feature allows the administrator to create multi level privilege accounts with flexibility to meet the deployment and management needs When an operator logs into the system with a created account he will only be able to access the Service Zone profiles checked in the Group profile he belongs to and he can only see the Map and only the APs marked on the checked Maps in the managed AP list 195 12 12 Monitor IP Configure Monito
183. how the System Route rules specified by each interface Policy 1 Destination Subnet Mask Gateway Interface Policy 2 Destination Subnet Mask Gateway Interface Policy 3 Destination Subnet Mask Gateway Interface Global Policy Destination Subnet Mask Gateway Interface Interface Destination Subnet Mask Gateway Interface 192 168 1 0 209 200 2000 0 0 0 0 Default 192 168 11 0 255 255 299 0 0 0 0 0 S71 10 0 0 0 259 295 0 0 0 0 0 0 WAN 1 System Destination Subnet Mask Gateway Interface 0 0 0 0 0 0 0 0 10 0 1 1 WAN IPv4 Routing Table System Destination Prefix Gateway Interface IPv6 Routing Table Policy 1 n Shows the information of the individual Policy from 1 to n Global Policy Shows the information of the Global Policy System Shows the information of the system administration gt Destination The destination IP address of the device gt Subnet Mask The Subnet Mask IP address of the port gt Gateway The Gateway IP address of the port gt Interface The choice of interface network including WAN1 WAN2 Default or the named Service Zones to be applied for the traffic interface 206 13 1 5 Online Users View Online Users go to Status gt gt Online Users In this page all online users information is displayed Administrators can force out a specific online user by clicking the hyperlink of Kick Out and check the user access AP status by clicking the hyperlink of the AP name for Access
184. however it requires support from Windows Server need to install additional logon script on Windows Server Please refer to the User s Manual for more information e Server The IP address of the external NT Domain Server e Transparent Login This function refers to Windows NT Domain single sign on When Transparent Login is enabled clients will log into the system automatically after they have logged into the NT domain which means that clients only need to log in once o Enable Local VPN Check the checkbox to enable local VPN under transparent login mode When enabled local VPN connection will be automatically created under transparent login mode For the local VPN to work under transparent login mode however it requires support from Windows Server need to install additional logon script on Windows Server 6 1 7 Configuring SIP SIP Session Initiation Protocol is a protocol for making real time calls over IP network Currently most of the SIP extensions address audio communication Controller can act like a SIP Proxy Server that forwards end point requests and responses In other words SIP Proxy server needs to log in the trusted registrar to verify identities of 2 clients After enabling SIP proxy server all SIP traffic pass through NAT with a selective but fixed WAN interface In this example client extension 301 is trying to call 303 Controller asks an external trusted SIP registrar to verify both identities After S
185. ial port the same A management interface can be accessed via SSH Therefore we recommend you to immediately change the WHG CONTROLLER Admin username and password after logging in the system for the first time Reload factory default Choosing this option will reset the system configuration to the factory defaults Restart WHG CONTROLLER Choosing this option will restart WHG CONTROLLER 199 13 System Status and Reports 13 1 View the Status This section includes System Status Interface Status Hardware Routing Table Online Users Session List User Logs Logs DHCP Lease and E mail amp Syslog to provide system status information and online user status Status System Display current settings of the system Interface Display the current settings of all network interfaces Hardware Display current CPU amd memory usage List all Policy Route rules and Global Policy Route rules The System Route rules are shown here as well The Policy Route rule has higher priority than the Global Policy route rule The System Route rule has the lowest priority Routing Table Display the information of the online users Content of the information includes Username IP Address MAC Address Packet Count In Out Byte Count In Out and idle time Administrator can remove the online user via clicking the Logout button in each record Online Users Display the information of the current sessions of
186. ic attribute Group3_Unlimited Properties Settings Specify the conditions that connection requests must match Policy conditions ale BE ls tt 2x wWingdows Groups ae z Hana Giu Dial n Constraints IF bieti Authentication Encryption Advanced Specify addition Add Attribute Access Server Attributes To add an attribute to the Profile select the attribute and then click Add Add H Mame Generate Class Class Framed Protoce Service Type To add an attribute that is not listed select the Vendor Specific attribute IF connection rege associated profile D Edit Profile Unless individual Attribute policy controls acc Allowed Certificate 0 1D Microsoft Specifies the certificate purpose or usage object identifiers h Generate Class Aktribute Microsoft Species whether LAS automatically generates the class al If a connection rer Generate Session Timeout Microsoft Species whether 45 automatically generates the session C Deny remote Ignore U er Dialin Properties Microsoft Specifies that the user s dial in properties are ignored hace ee 4 M5 Quarantine lPFilter Microsoft Specifies the IP traffic filter that is used by the Routing anc MS Quarantine Session T imeout Microsoft Species the time in seconds that the connection can rer Tunnel Tag Microsoft Description not yet defined USR 4CCM T ype U S Robotics Inc Description not yet defined USRA AT Call lnput Filte
187. ice zone Please note that Controller should be in the same subnet as the DHCP server DHCP Server DHCP Server Reserved IP Address List Configure 48 DHCP Server Configuration for Service Zone S71 Start IP Address 172 21 0 1 End IP Address 172 21 0 100 Preferred DNS Server 172 21 0 254 Alternate DNS Server Hl DHCP Pool 1 Domain Name domain com WINS Server Lease Time 2 minutes 10080 minutes 7 days Ignore Client Name Enable Disable DHCP Pool 2 eEnable Disable O D a DHCP Server 1 Start IP Address End IP A range of IP addresses that built in DHCP server will assign to clients Note please Address change the Management IP Address List accordingly at System Configuration gt gt System Information gt gt Management IP Address List to permit the administrator to access the WHG CONTROLLER admin page after the default IP address of the network interface is changed Preferred DNS Server The primary DNS server that is used by this Service Zone Alternate DNS Server The substitute DNS server that is used by this Service Zone Enter the domain name for this service zone WINS Server The IP address of the WINS Windows Internet Naming Service server that if WINS server is applicable to this service zone Lease Time This is the time period that the IP addresses issued from the DHCP server are valid and available Ignore Client Name When enabled the system will not record the name of t
188. ick to restart 115 8 1 3 Walled Garden Configure Walled Garden go to iNetwork gt gt Walled Garden This function provides certain free services for users to access the websites listed here before login and authentication Specific addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website IP Address or Domain Name in the list and click Apply to save the settings Walled Garden List Add Walled Garden List No Active Domain Name IP Address Remark Total 0 40 First Prey Next Last Goto Page Row per Page 116 8 1 4 Walled Garden AD List Configure Walled Garden AD List go to Network gt gt Walled Garden AD List This function provides advertisement web pages for users to access free advertisement websites listed before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Walled Garden Ad List URL Topic Item Edit Display Description m e Edit Click Edit to add a new item or make changes Click Apply the items will be added and shown in the list e Display Choose Display to display advertisement hyperlinks on the login pages Walled Garden Ad List Item 1 URL http Awww yEcafe com Topic YK Cafe Description Welcome to YK Cafe a cy
189. ients or directly to a client PC The LED of port should be on to indicate a proper connection 2 4 2 WHG 315 Package amp Installation Package Checklist The standard package of WHG 315 includes WHG 315 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 e RS 232 DB9 Console Cable x 1 Ethernet Cable x 1 Power Cord x 1 17 Rack Mounting Bracket with Screws x 1 i It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance Installation Connect the power cord to the power socket on the rear panel Turn on the power switch on the rear panel The Power LED should be on to indicate a proper connection Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection Connect an Ethernet cable to a LAN Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel Connect the other end of the Ethernet cable to an AP for extending wireless coverage a switch for connecting more wired clients or directly to a client PC The LED of port should be on to indicate a proper connection 2
190. igure each interface Area Stub and authentication OSPF Configuration Enable OSPF Enable Disable Basic Configuration Interface Status Area Stub AUTH wan Enables C o WAN2 Disabled OOO o Default Enabled OoOo C sz1 Disabled o E sz2 Disabled o E S723 Disabled fe o S75 Disabled o i E sz6 Disabled o E sz7 Disabled o c sza Disabled o E Advanced Options Advertise i am default gateway Pi Advertise global policy route Redistribute RIP F gt Area An Area is a set of networks and hosts within a routing domain that have been administratively grouped together Area 0 known as the backbone area resides at the top level of the hierarchy and provides connectivity to the non backbone areas numbered 1 2 gt Stub Area Are areas through which or into which AS external advertisements are not flooded gt AUTH Allows the authenticating of OSPF neighbors The authentication method none means that no authentication is used for OSPF and it is the default method With MD5 authentication enter the MD5 password the password does not pass over the network gt Advertise am Default Gateway Inform neighboring nodes that this controller is the default gateway gt Advertise Global Policy Route Inform neighboring nodes the Global Policy route on this controller gt Redistribute RIP Check this option to enable using OSPF to distribute routing information acquired via RIP e ISIS Configuration It is a routing protocol
191. im to manage this device with browser again Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand Main menu Go back to the main menu Change admin password Besides supporting the use of console management interface through the connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password 198 The username is admin and the default password is also admin which is the same as for the web management interface Password can also be changed here If administrators forget the password and are unable to log in the management interface from the web or the remote end of the SSH they can still use the null modem to connect the console management interface and set the administrator s password again Although it does not require a username and password for the connection via the ser
192. information to be filled in for this AP if desired Service Zone Tag Based only This item is only shown when Tag Based mode is selected in System Configuration gt gt LAN Port Mapping Select the name of Service Zone such as Default SZ7 etc And it is only for Multi VAP AP only Template Applied The template which will be applied to the added AP Channel The selected channel will be applied to the added AP 134 9 5 AP with Service Zone Configure AP with Service Zone go to System gt gt Service Zones gt gt Service Zone Configuration Service Zone Settings Assigned IP Address range for AP Management Assigned IP Address for AP Management Start IP Address 192 168 0 1 IP Range 7 End IP Address 192 168 0 190 Under port based service zone each service zone can designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the service zone Under tag based service zone only default service zone will designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the selected service zones Service Zone Settings Managed AP in this Service Zone All managed APs that belong to this service zone are listed here for reference Managed AP s in this Service Zone IP Address AP Type AP Name Status MAC Address 192 168 10 1 ma nline EAP700 EAP700 EAP 700 Enable 00 A47 03 14 CA 02 Service Zone Set
193. ing Flood attack LAN Subnets Fj 102 Validate TCP flags Drop IGMP Drop fragmented UDP Scan Nimda Scan Code Red Port Scan Detection Block Martian Address Block Connections from WAN Machine Drop packets with bad TCP flags This can prevent possible NMAP Null Scan and Xmas attacks LAN Subnets Machine LAN Subnets Drop IGMP Packets i Machine Drop fragmented UDP packets This can prevent LAN Subnets Teardrop attacks a Machine Drop packets containing the signature of L computer worm Nimda me LAN Subnets O Machine Drop packets containing the signature of L computer worm Code Red mp LAN Subnets F If a source address sends multiple packets to Machine C different ports in a short time Port Scan Detection engine will drop the excessive TCP or UDP an packets to protect this system LAN Subnets L Drop packets from WAN interface whose source Machin address is a so called Martian Address an Machine L address that is reserved including any address within 0 0 0 0 8 10 0 0 0 8 127 0 0 0 8 LAN Subnets 172 16 0 0 12 192 168 0 0 16 or 224 0 0 0 4 O Allow connections initiated from LAN subnet and block TCP UDP connections initiated fram LAN Subnets Internet WAN 103 7 1 2 Routing gt Specific Route Profile Click the button of Setting for Specific Route Profile the Specific Route Profile lis
194. ing information of a given transaction o City The city is associated with either the billing address or shipping address of a transaction o State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state o Zip The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits o Country The country is associated with both the billing and shipping address of a transaction This may be entered as either an abbreviation or full value o Phone A phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number o Fax Afax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code and number Authorizie Net Payment Page Remark Content Enter additional details for the transaction such as Tax Freight and Duty Amounts Tax Exempt status anda Purchase Order Number if applicable 256 16 2 Payments via PayPal Configure Payments via PayPal go to User gt gt Authentication gt gt On demand User gt gt External Payment
195. inistrator for the appropriate IP settings Use the following IF address IP address Subnet mask Dehaull gateway Obtain ONS server address automatically Use the following DNS server addresses Prefered DHS sernrer Alternate WAS server 5 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG CONTROLLER A If your PC has been set up completely please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address and Internet Protocol TCP IP Properties 2 x enter the P address Subnet mask lf the DNS Aene i z Yoy can get F settings assigned automatically if your network supports GG Server field is em pty select Using the this capability Othenvise you need to ask your network administrator for the appropriate IP settings following DNS server addresses and enter Obs aes ddress automatically the DNS Server address Then click OK 5 2 Click Advanced to enter the Advanced ee Subnet mask TCP IP Settings window Default gateway Prefered ONS server Alternate DHS server Ok Cancel zjx 5 3 Click on the IP Settings tab and click Add ie UI IP Settings ONS WINS Options below the Def
196. iod for using After this time period even with remaining quota the account will still expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan oo ea ee Expiration Time With Expiration Time No Expiration Time day s hr s mints i Range of day s 0 364 Range of hour s 0 23 Range of mins 0 59 they cannot all be zero Annani First time login must be done within days Activation hour s Range of hours 0 23 they cannot both be zero After activation account will be expired in Valid Period r p Must be larger than 0 Oom Range 0 100000 including two digits after decimal point e g 1 99 ewe ae ete TIP If the Account Type is Usage Time Customer can access internet as long as the account is valid within the valid period with remaining quota connection time Customer also needs to activate the issued account within a given time period by logging in for the first time a cae 59 Quota up QW Activation Time Elapsed Time Creation Time Ralalion Tima CT Dm invalid Ea Valid Usage time Expiration Time account lifespan Heenreis i Quota Up QU e Activation Time Elapsed Time AT Creation Time Deletion Time CT DT my Invalid E Valid Usage time with No Expiration Time Can acces
197. ion Database Authentication Option radius3 Oooo as E em ws O mean O e Name Configurable text string designated as the mnemonic name of this authentication option e Postfix Is the text string entered as a postfix in the account field for notifying the Controller which authentication database this account belongs to e Black List System has built in black list profiles where specific user accounts can be listed When selected and applied here it tells the Controller that the accounts on the selected black list should be denied authentication e Group The Group profile that will govern the users authenticated via this authentication option e Enable Local VPN When checked users authenticating with this authentication option will have a VPN tunnel established automatically between the Controller and the user s client device e Authentication Database Select the authentication database that will be used for account validation when an authentication request Is received Click the button Configure for further configuration Enter the server IP address and enable disable the transparent 82 login function These settings will become effective immediately after clicking the Apply button Domain Controller Enable Disable windows 2000 2003 or above E Enable Local VPN Transparent Login Note When enabled Local VPN connection will be automatically created under Transparent Login mode For the Local VPN to work
198. ired The blanks with red asterisk are necessary information which should be filled in These settings will become effective immediately after clicking the Apply button Primary LDAP Server Server Domain Name IP Address Port e g 389 for LDAP 636 for LDAPS Service Protocol LDAP LDAPS LDAP StartTLsS Base DN e g cn users dc domain dc com Binding Type User Account Y Account Attribute UID CN Secondary LDAP Server Server Port Service Protocol LDAP LDAPS LDAP StartTLS Base DN Binding Type User Account Y Account Attribute UID CN Group Mapping Attribute Group Mapping Map LDAP Attributes to Group e Server The IP address of the external LDAP server e Port The authentication port of the external LDAP server e Service Protocol The protocol used to communicate with the external LDAP server can be LDAP LDAPS or LDAP StartTLS depending on the protocol type supported on your LDAP server e Base DN The Base DN Distinguished Name is the LDAP search base telling which part of the external directory tree to search from Think of the Base DN as the top of the directory for your LDAP users although it may not always be the top of the directory itself The search base may be something equivalent 80 to the organization group or domain name AD of external directory e Binding Type This specifies the binding type and search s
199. ireless Network All of the managed AP can join to any of the Load Balancing Group so the Device List will list all of the managed AP Select the APs chose a Group and click Apply The APs will join into this group If the overloading is happened you can check the Power Level from this List It will record the changing process such as Highest to High Low to Medium gt gt Note Itis strongly recommended that don t choose different type of AP to create the Load Balance Group 150 10 Wide Area AP Management The WHG Controller supports the planning and monitoring of Access Points deployed over complicated network structures such as the internet Integrated with Google Map API Wide Area AP Management provides intuitive graphical tools for mapping APs at various physical locations and keeping track of these devices Under Wide Area AP management you can choose to simply monitor AP s status via SNMP or logically incorporate LevelOne APs into the WHG Controllers managed network via tunnels AP models supported for Wide Area AP management include OWL800 EAP 200 EAP 110 EAP 300 and 3rd party AP Please note that different WHG models may support different LevelOne AP models please refer to datasheet for AP models supported eS s5 4 D i Z Network Utilities Status System Users Main Menu gt Access Points Welcome to AP Management System The AP Management System is a Web interface managemen
200. is helpful when it comes to network planning and management Once the administrator has added APs to the managed list then these APs can be tagged or marked on the Google Map API to show its geographical location as shown below Goto Map Taipei_Office ri Goto AP OWL800 v Show Coverage 2 5 i i i it a HS z gt ee Lane 342 Lending Rd Lane 397 Longing Rd jeri ana 7 J mee an pra i 2 1883288 mi Lane 328 Longuiang R Rd hmmm minea Am 2 i fi hi mp X bs Lane 377 LongJ Rd BENS poe RO Kindergarten Als A Drs 2 FE oe lio f SS va en eee E a i oes oo z Se ae e WuChang Ly 3 8 Tinie tee 5S Vasa at fol isa S am A Tp i fH 430 ER FEREN B t an 1 E a F ji eid M OVAN PO AE fy KIAL M Jok i el i ry he Maing WAN n i ther A ial 16 ast LERA Hee gn Wh BRAVO a a i RR A miL E BURGER EE pr _ Lane 292 U ngJiang Ra Pizza Hut y Lane 402 F ang North e ichocolate EA Piza nut e28 Google M3pdats 20411 King Show Longitude and Latitude PE TE E E E and Latitude _ Save Modification _ Save Modification List AP i in List AP in this Map List AP in this Map re iai in _ List WDS in this Map _ List WDS in this Map _ Delete This Map This _ Delete This Map Procedure to create a Map Step 1 Get a Public IP Address fro
201. is xx Xx xx xXx Xx Xx aS well as the remark not necessary These settings will become effective immediately after clicking Apply Granted Access by MAC Address No MAC Address Remark 1 sd f 2 y f Permitting specific MAC addresses to have network access rights without going through standard authentication process under service zone may cause security problems 110 7 3 Session Limit amp Session Log Session Limit To prevent ill behaved clients or malicious software from using up system s connection resources administrators will have to restrict the number of concurrent sessions that a user can establish gt The maximum number of concurrent sessions TCP and UDP for each user can be specified in each Policy profile which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones will follow Global policies session limit gt When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to the SYSLOG server specified in the Email amp SYSLOG gt Since this basic protection mechanism may not be able to protect the system from all malicious DoS attacks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in the network deployment to prot
202. ith its own Certificate Authority CA the certificate of the company should be trusted by all his employees computers and the certificate should be delivered through a trusted media For example the MIS staff should install the CA certificate in each computer The company CA will issue a certificate for the WHG CONTROLLER and export it to the WHG CONTROLLER Note If the WHG CONTROLLER is installed in a company the administrator can create a certificate using software instead of purchasing a public trusted certificate Certificate setting for the company without Certificate Authority For a company that does not have its own Certificate Authority CA the administrators should first apply for a trusted certificate or create one by using certificate software Second the administrators should use some 269 trusted media to install this certificate as trusted CA in each employee s computer and in the meantime export this certificate to the WHG CONTROLLER In some circumstance the company without Certificate Authority may follow the steps stated below to avoid error message When in the LAN environment of the office instead of a wireless environment administrators may already have recognized certificates in the system which the CA must be verified as secured 2 0 Certificate setting for Internet Explorer 7 For IE7 regarding certificate issues caused by certificate publisher not being trusted by IE7 the following
203. its after decimal point e g 1 99 TIP The Hotel Cut off time Account Type is designed for hotel applications and conforms to check in out scenario For cut off applications within one day for example the account expires upon bookstore s closing hour 11PM please select Duration Time One day stay in Hotel terms is counted from a customer s check in time to the check out time on the following day When a tenant checks in for one or multiple days the operator can generate an account ticket based on the number of the over night stay The account will be cut off on the specified cut off time mormally the hotel s check out time after the number of nights specified Since guests may hang around in the lobby for a short while after checking out the hotel may want to specify a Grace period for their tenants Apply Hotel Cut off time account lifespan 3 night stay example 24 00 PM 24 00 PM 24 00 PM D E Cut off Time Check out time Perse him Deletion Time DT Invalid Valid 62 Hotel Cut off time account lifespan 3 night stay example with Grace Period 24 00 PM 24 00 PM 24 00 PM gt Grace Period a Cut off Time Check out time ane hin Deletion Time DT EE invalid Valid Volume Can access internet as long as account valid with remaining quota traffic volume Account expires when Valid Period has been used up or quota depleted Ideal for small quantity application
204. jpg gt Default Service Zone lt img src images0 xx jpg gt Service Zone 1 Service Zone 2 Service Zone 3 Service Zone 4 lt img src images1 xx jpg gt lt img src images2 xx jpg gt lt img src images3 xx jpg gt lt img src images4 xx jpg gt Click the Browse button to select the file to upload Then click Submit to complete the upload process Next enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login page click the Use Default Page bution to restore it to default After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file After the upload process is completed and applied the new login page can be previewed by clicking Preview button at the button 233 15 3 Using an External Login Page e Custom Pages gt gt Login Pages gt gt External Page Login Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page External Page Setting External URL http Choose the External Page selection and get the login page from a designated website In the External Page Setting enter the URL of
205. k Edit to have the Template Editing page Template Selection AP Type EAP100 Template Name TEMPLATE1 Input the template Name and Remark for easy reference and memorization An easy way to configure a template is to copy the configuration of an already configured AP to the template Select the desired AP from Copy Setting s From list and click apply to copy the selected AP s configuration to the template If copy is not desired please select NONE then click the button of Configure to proceed with manual template configuration Template Editing EAP100 TEMPLATE1 Configure gt Template Editing The administrator can set the template configuration manually or copy the configurations from a specific existing managed AP by Copy Settings From option Click Configure button to have detailed configurations Name The name shown for this particular template Copy Settings From Select a pre configured existing AP and click Apply to save its settings as the template settings Remark The remark or additional information for this template profile e Template Configuration To configure a template manually please click the Configure button 128 gt Subnet Mask Default Gateway NTP SNMP SYSLOG Reset General EAP100 TEMPLATE1 255 255 0 0 192 168 1 254 Time Zone GMT 08 00 Taipei Taiwan NTP Server 1 tick stdtime gov tw NTP Server 2 tock stdtime gov tw Disabled Disabled
206. ld at circumstances other APs in the same group are still below the threshold the balancing function will be activated to decrease the overloading APs transmit power and increase other available APs transmit power this will let other available APs have more chance to be associated The system can divide the managed APs into groups define the group threshold and a time interval which will trigger the AP load balancing General Configuration Ti Interval Disabled Group Configuration Status ENE Edit AP Type Lust Device List a Group Device Name MAC Address IP Address ppt Loading Log tddte None AP Load Balancing Page General Configuration Interval lo O 999 O Disable Editing General Configuration Page Group Configuration Group Status Loading Threshold Editing Group Configuration Page 148 1 Setup the Interval Configure Interval go to Access Points gt gt AP Load Balancing General Configuration Interval 1 minutes Edit Group Configuration Status 1 3 Edit AP Type EAP100 Device List Group Device Name MAC Address IP Address spine Loading Log Go to Access Points gt gt AP Load Balancing gt gt Configuration Input an Interval if you input 0 it means Disablea and system will not enable the AP Load Balancing function General Configuration Interval O 999 O Disable 2 Configure the Loading of Threshold of each Group Configure Group Configuration go to
207. lick the Edit is to change the WDS connection settings for the associated WDS Tree e WDS Update Update the WDS connection with the following operations gt Add Add a new WDS connection with a Child AP not in the WDS and a Parent AP from the AP List A new WDS Tree will be added if the selected Parent AP is not in any of the current WDS Trees Click Edit is to change the WDS connection settings for the new added WDS Tree gt Move Update a WDS connection with a Child AP from WDS and a Parent AP which could be anymore from WDS and the previous WDS connection of the Child AP to the previous Parent AP will be deleted gt Delete All the WDS connections of the selected AP will be deleted including the WDS connections to its Child APs and the Child APs without wired connection will become unreachable 145 9 11 Rogue AP Detection Configure Rough AP Detection go to Access Points gt gt Enter Local Area AP Management gt gt Rogue AP It is designed to detect the non managed or possibly malicious AP in the deployed environment It takes the managed APs as sensors to find out the non managed AP even if the AP uses the same SSID with managed AP s It shows the AP s BSSID ESSID Type Channel Encryption and found time General Configuration Interval Disabled Edit Sensor List Configuration Sensors 0 1 Edit Trusted AP Configuration Status 0 40 Edit esso W C Rogue AP List L No Rogue AP BSSID ESSID Type Channel Encryp
208. load Function reserved for future release WAN1 WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplink connections to the external network such as the ADSL Router from your ISP Internet Service Provider ae LAN1 LAN8 Eight Gigabit LAN ports for servicing LAN traffic 10 100 1000 Base T RJ 45 Used for system storage please do not remove during operation Function Reserved for future use Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsofts Hyper Terminal to login to the configuration console interface to change admin password or monitor system Status etc 11 2 2 3 WHG 401 Hardware 0 0 0 0 0 8 e r Pal el el pea seototete eo ve ie a at d o P Indicators There are three kinds of LED Power Status and Hard disk to indicate OOT amaan N LCD Display Allows network administrator to check important system settings such as network interface SZ configurations etc The navigation buttons from left to right respectively are pe E Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsofts Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc Press and hold the Reset button for about 5 seconds and status of LED on front panel will start to blink before restarting the system P
209. ly learn the IP address of DNS server through DHCP messages received gt Preferred DNS Server Statically designate the primary DNS server to be used by the system gt Alternate DNS Server The substitute DNS server used by the system This is an optional field 5 4 WAN Traffic Control WAN Bandwidth The entire system s uplink and downlink bandwidth can be customized Go to Main Menu gt System gt WAN Traffic WAN Traffic Settings V Enable Bandwidth limitation on WAN Available Bandwidth 2000000 Kbps Range 10 2000000 on WAN Interface ps Range 10 000 Downlink 2000000 Kbps Range 10 2000000 The Uplink and Downlink bandwidth configured here is the combined bandwidth for WAN1 and WAN2 However please note that the actual bandwidth is still bounded by the network speed of your ISP operator For instance the network speed of your ISP is limited to 1Gbps then the total throughput will not be greater than 1Gbps even if you configure 2Gbps on the Controller WAN Failover amp Load Balancing 40 When both WAN1 and WAN2 are properly configured with uplink to the internet WAN failover and Load Balancing feature becomes available Target for detecting Internet connection Connection Detection i IP Domain Name E Enable Load Balancing E Enable WAN Failover E Warning of Internet Disconnection Load Balancing Administrator can spread the system traffic across WAN1 and WAN2 ports based on percentag
210. m your ISP and configure this address to WAN interface Step 2 Apply for a Google Maps Registration key Step 3 Click Add a New Map button on the Map page Configure Map Name and registration key Step 4 Discover APs and Add these AP to managed List Step 5 From the List page add some APs to the created Map The necessary steps required to configure your map with AP information are described in the subsequent sections 157 10 5 1 Register key from Google Before configuring your maps you will need to register the WHG Controller s IP address at Google Maps and get a key from Google Go to http code google com intl en apis maps documentation javascript v2 or search for Google Map API to enter the Google code page Google code Google Maps JavaScript API V2 Deprecated What is the Google Maps Javascript API Note The Google Maps Javascript API Version 2 has been officially deprecated as of May 19 2010 The V2 API will continue to work as per our deprecation policy but we encourage you to migrate your code to version 3 of the Maps Javascript API The Google Maps API lets you embed Google Maps in your own web pages with JavaScript The API provides a number of utilities for manipulating maps just like on the http maps google com web page and adding content to the map through a variety of services allowing you to create robust maps applications on your website Qian nn far a Canale Mane ADI baw x Click
211. main Host filtering is supported but Domain name filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Service Protocol There are defined protocols in the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy are applied the firewall rule only within the time checked There are three options Always Recurring and One Time Recurring is set with the hours within a week o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing 101 Machine Firewall Rules Input Global Policy Only This configuration page is for administrators to configure firewall rules which will be enforced from the systems perspective to filter incoming traffics passing through WAN ports from external networks Policy MFIR Firewall Rules Create a New Rule Source Destination No Active Action Rule Name Service Schedule Operation Source Interface Destination Interface Total 0 First Prey Next Last Create a New Rule Machine Firewall Rules Output Global Policy Only This configuration page is for administrators to configure firewall rules which will be enforced from the systems perspective to filter outgoing traffics passing through WAN ports fr
212. mat Integer Integer Integer String Integer b s Integer b s Integer b s Integer b s String 243 Description User ID postfix is included VLAN ID Gateway activated IP address Description User ID postfix is included Authentication server name Client MAC address On demand user s quota of time type On demand user s quota of volume type Idle timeout Logout URL Redeem URL VLAN ID Gateway activated WAN IP address Client IP address Service Zone ID Group index Policy index Client redirection URL Maximum up link rate Maximum down link rate Minimum up link rate Minimum down link rate Encrypted session information External Logout Fail Page Variables Field Uid Gwip Vlanid Value String IP format Integer 1 4094 244 Description User ID Gateway activated WAN IP address VLAN ID 1 URL Variables to Gateway This section presents the parameters that need to be sent back to the Gateway for the various external pages Path is the URL destination Input the parameters required to send back Output the feedback from system User Login Path LAN IP address or Internal Domain Name loginpages userlogin shtml Input Field Required Value Description myusername Required String User ID mypassword Required String User password session Optional String Encoded string which contains some information of this session default is taken from cookie Output
213. me 2009 06 16 03 7 F 0G 82 Fe i E 7 00 03 7F 0C 82 F4 AB00 4 AP 6 NONE 44 09 24 IDG C 2 O04F D4 00 00 14 CPE100 APTEST AP 6 WEP aoe a EA 2009 06 18 A AT e A 3 0A11 43 08 09 56 Cip AP AP 6 NONE 14 09 24 _ e 2009 06 16 4 AT 3 E 7 et mn A C 4 06 11 43 08 09 56 Cip Cherry AP 6 PA 44 09 24 a D 5 2009 06 16 a A7 n 5 A Wi A 5 0E 11 43 08 09 56 Cip psk P 6 PA 14 09 24 a m iii 2009 06 16 A Ee ETT fi Wy C 6 00 11 43 08 09 56 Cip wep AP 6 VEP 11 09 24 Cl 7 00 06 19 00 48 D3 EAP100 1 AP 6 NONE ogsnes 11 08 21 j C 8 O06 06 19 00 AB D3 EAP100 tag1 AP 6 NONE eee Add to Trusted AP List Delete lf there are some APs that are trusted by administrator or these APs are just temporary usage So you can add these APs to the Trust List and then system will ignore these APs and will not show in the Rogue AP List again Also you can check which AP had added to trust list by the Trusted AP List Trusted AP List NO BSSID Remark 1 OA14 A3 08 0956 Cip AP 2 0E 11 A3 08 09 56 Cip psk 3 oo ttazo80e56 Cip wep 4 06 11 A3 08 0956 Cip Cherry 5 5 7 g g 10 i 44 147 9 12 AP Load Balancing Configure AP Load Balancing go to Access Points gt gt Enter Local Area AP Management gt gt AP Load It is a function to prevent managed APs from overloading When the system detects the occurrence of APs associated client numbers exceeding a predefined thresho
214. ment Page Remark Content 261 The message content will be displayed as a special notice to end customers Before setting up WorldPay it is required that the hotspot owners have a valid WorldPay Merchant Account from its official website RBS WorldPay Merchant Services amp Payment Processing going to rbsworldpay com gt gt support center gt gt account login STEP Log in to the Merchant Interface gt Login url www rosworldpay com support index php page login amp c WW gt Select Business Gateway Formerly WorldPay gt Click Merchant Interface gt Username user2009 gt Password user2009 STEP Select Installations from the left hand navigation STEP Choose an installation and select the Integration Setup button for the specific environment gt Installation ID 239xxx i i l 3 STEP Check the Enable Payment Response checkbox STEPO Enter the Payment Response URL gt URL lt wpdisplay item MC_callback gt STEP Check the Enable the Shopper Response 262 Reports Chee curreatt upto 12 Get 025 4 08 Merchant MERTHANTIOTAM Switch to Production Copyright RBS ple 2008 L LL j F cwpdsplay temsMe callback i d te gt o Sa Tu ame STEP Select the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway UI gt Installation ID 2009test gt URL https select wp3 rbsworldpay c
215. milar to the concept of virtual LAN VLAN which can be used to group the network traffic or network services for clients on the same VLAN segment regardless of the clients physical locations That is several VLAN segments may be in service at one physical network location as well as devices belonging to one VLAN segment may spread across multiple physical locations Each Service Zone can also be viewed a virtual machine of WHG Controller because each Service Zone can define its own customized login portal page and its own gateway properties such as LAN IP address DHCP on off and address range The feature of Multiple Service Zone is also useful to service multiple hotspot franchises in shopping malls or airport terminals by a single WHG Controller A Service Zone is uniquely defined by a VLAN tag id under Tag Based and an associated SSID attribute When a managed access point MAP is added to a Service Zone through WHG Controller s AP Management feature by the administrator the associated SSID will be activated in the MAP along with the VLAN tag of the corresponding Service Zone For example in the following Figure 2 the administrator plans three logical Service Zones for an academic campus The first Service Zone with SSID Student and VLAN tag 1 is for students The second with SSID Faculty and VLAN tag 2 for faculties The third SSID Guest and VLAN tag 3 for guests A Service Zone may or may not requir
216. n Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply Port and IP Forwarding Destination Translated to Destination No Type Remark IP Address Port IP Address Port e Oo Io oo cl hee wm 2 Co Joo oo ol hee Lm 175 11 7 Dynamic Route Configure Dynamic Route go to Network gt gt Dynamic Route The function supports three dynamic routing protocols RIP OSPF and IS IS RIP OSPF ISIS Dynamic Route Settings e RIP Configuration It is a dynamic routing protocol used in local and wide area networks You can configure each interface to be Passive supportive version and authentication RIP Configuration Basic Configuration Enable RIP Enable Disable Status WANI1 Enabled WAN2 Disabled Default Enabled SZ1 Disabled SZi2 Disabled S23 Disabled S74 Disabled 75 Disabled S76 Disabled S77 Disabled Sz8 Disabled Advertise i am default gateway Advertise global policy route Redistribute OSPF RIP Timer Passive Version AUTH a z z a z a a z a a a Advanced Options d d E Update timer 300k 30 600 secconds Time out timer 180 30 600 secconds Garbage collect timer 120 30 600 secconds gt Passive RIP packets will not be sent from network interfaces that are checked as Passive gt Version Select the RIP version for this interface RIPv1 uses broadcast to deliver RIP packets RIPv2 uses
217. n option will have a VPN tunnel established automatically between the Controller and the user s client device e Authentication Database Select the authentication database that will be used for account validation when an authentication request Is received Click the button of Configure for further configuration Enter the information for the primary server and or the secondary server the secondary server is not required The fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button 81 External POPS Server Related Settings Complete e g userl companyname com a Only ID e g useri Primary POPS Server Secondary POP3 Server ooo e SSL Connection E Enable e Username Format When Complete option is checked both the username and postfix will be transferred to the server for authentication When Only ID option is checked only the username will be transferred to the external server for authentication e Server The IP address of the external POPS Server e Port The authentication port of the external POPS Server e SSL Connection The system supports POP3S Check the check box beside to Enable SSL Connection to POPS 6 1 6 Configuring NT Domain Choose NT Domain from the Authentication Database field Except Local authentication the Local VPN option in other authentication option only can be enabled or disabled for the entire Authenticat
218. nd QIG x 1 Quick Installation Guide QIG x 1 e RS 232 DB9 Console Cable x 1 Ethernet Cable x 2 Power Cord x 1 Rack Mounting Bracket with Screws x 1 It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance Installation 1 Connect the power cord to the power socket on the rear panel 2 Turn onthe power switch on the rear panel 3 Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection 4 Connect an Ethernet cable to the LAN Ports on the front panel connect the other end of the Ethernet cable 20 to an administrator PC for configuring the WHG Controller system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel connect the other end of the Ethernet cable to an AP for extending wireless coverage a switch for connecting more wired clients or a client PC The LED of this port should be on to indicate a proper connection Start with this simple network topology to set up WHG Controller for the first time it helps to plan a more sophisticated network topology to suits your specific application needs later The system s WFAN port connecting to a device upstream such as a modem to the ISP If the ISP issues dynamic
219. nd status of LED on front panel will start to blink before restarting the system Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will start to soeed up blinking before resetting the system to default configuration casks S For management use only it always will open WMI Web Management Interface homepage 7 WAN1 WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplink connections to the external network such as the ADSL Router from your ISP Internet Service Provider Bo LAN1 LAN2 Two Gigabit LAN ports for servicing LAN traffic 10 100 1000 Base T RJ 45 Power Supply Socket Connecting the power cord to the built in open frame power supply Input 100 240 VAC 50 60 Hz Power On amp Power Off O 3 Device Cooling Fan Don t block the cooling fans Leave enough open space for ventilation 13 2 2 5 WHG 515 Hardware fy Indicators There are three kinds of LED Power Status and Hard disk to indicate O eteonsanseeasen LCD Display Allows network administrator to check important system settings such as network interface SZ configurations etc The navigations buttons from left to Pf right respectively are Esc Up Down and Enter Press and hold the Reset button for about 5 seconds and status of LED on front panel will start to blink before restarting the system Press and hold the Reset button for more than 10 seconds and status of
220. nerating temporary accounts for guest usage Authentication Settings a S E j o o l e External User Database System supports 4 types of external user databases POP3 RADIUS LDAP NT Domain and 4 SIP voice video servers Authentication Option Server 2 Postfix LDAP NT Domain Group selection applied to clients login with SIP authentication re Concurrently only one server is allowed to be set as Local or NIDOMAIN authentication method ote simultaneously For example you can set two RADIUS authentication servers simultaneously e Authentication Option Configuration 54 Go to Main Menu gt Users gt Authentication Click on the server name to set the configuration for that particular server After completing and clicking Apply to save the settings Then go back to System gt Service Zones and enable or disable any server in each service zone as you prefer For each Service Zone one of the authentication servers can be set as default users can log into the default authentication server without the postfix to allow faster login process Server 1 4 There are 5 authentication databases Local User POP3 RADIUS LDAP and NT Domain to select from Authentication Option Server 1 Posttix Black List Authentication Database Group NT Domain Name Set a name for the authentication option by using numbers 0 9 alphabets a z or A Z dash underline _ space and dot only The length of thi
221. nnel Status a e E AP Attribute MAC of Users Event Log bi 10 0 4 72 Online EAP200 EAP200_Ext Edt VAP Overview Edit 00 1F D4 00 75 EF 0 WDS Link Overview 10 3 2 123 Un Sync System Upgrade OWLS800 OWL800_annex N A Reboot Edit 0 WDS Link Status Associated Clients Delete AddtoMap Backup Config Restore Config Upgrade Event Log The drop down list on the column header is for specifying which WMI page to go to gt Edit AP Attribute Click this button to enter the AP s attribute editing page where administrator can specify the Device Name and SNMP community If the AP is to be marked on a map this page also allows administrator to configure the geographical location coverage related links and customize marker or icon images that will be displayed on the map gt Edit Tunnel Status Only applicable to EAP 200 APs Click this button to setup a secure tunnel between the WHG Controller and the listed EAP 200 Once the tunnel has been established the AP can be seen as logically connected under the WHG Controllers managed network and can be applied a Service Zone gt Delete Remove the checked AP from the List gt Add to Map Clicking this button will open a popup window Administrator can Mark the selected APs on the Map chosen from the drop down list If no map profile has been configured there will be no available map to choose in the drop down list gt Backu
222. nt s Purchasing Record Plan 1 H co Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Choose Billing Plan for Authorize Net Payment Page Enable Disable Quota Price Enable Disable 1 1 Mbyte s of traffic volume quota 20 Enable Disable 9 hris 59 min s of connection time quota with expiration 57 Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Client s Purchasing Record Starting Invoice Number Hotspot oo00000 Change the Number Description Item Name s E mail Header o Service Disclaimer Content O View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer O Choose Billing Plan for Authorize Net Payment Page O These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed O Client s Purchasing Record O Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it O Description
223. o specific an IP Address if you select IP Address you may need io fill the IP address of the gateway 104 7 1 3 Schedule gt Schedule Profile Click Setting of Schedule Profile to enter the configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save the settings These settings will become effective immediately after clicking Apply Enable Disable Policy 1 Permitted Login Hours HOUR SUN MON TUE WED THU FRI SAT 00 00 00 59 01 00 01 59 02 00 02 59 03 00 03 59 04 00 04 59 105 7 1 4 Session Limit To prevent ill behaved clients or malicious software from using up the system s connection resources the administrator can restrict the number of concurrent sessions that a user can establish gt The maximum number of concurrent sessions TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users When the number of a user s sessions reaches the session limit the user will be implicitly susoended upon receipt of any new connection request In this case a record will be logged to a Syslog server Since this basic protection mechanism may not be able to protect the system f
224. ock for communication between the Access Point and roaming wireless adapters Select either Short Preamble or Long Preamble IAPP Inter Access Point Protocol is designed for the enforcement of unique association 129 throughout a ESS Extended Service Set and for secure exchange of station s security context between current access point AP and new AP during handoff period Wireless Client Isolation The default value is Disabled When Enabled is selected all the wireless clients will be isolated each other Transmit Power The default is Auto Select from the range or keep the default setting Auto to allow the Access Point to automatically adjust transmit power based on AP s loading Wireless QoS WMM Select Enabled will allow the packets with QoS WMM processed with higher priority Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet Set the maximum packet size here packets larger than the configured threshold will be fragmented before transmission RTS Threshold Request To Send When a packet size has reached or exceeded the configured threshold the computer will need to send a request to send message to the AP The computer will wait for a CTS Clear To Send message before sending data Beacon Interval ms Enter a value between 20 and 1000 msec The default value is 100 milliseconds The entered time means how often the
225. of system status and resources usage based on selected time intervals 215 13 2 1 SMTP Settings SMTP Settings Receiver E mail Address 1 Receiver E mail Address 2 Receiver E mail Address 3 Receiver E mail Address 4 Receiver E mail Address 5 Sender E mail Address SMTP Server SMTP Auth Method None X gt Receiver E mail Address 1 5 Up to 5 E mail addresses can be set up here to receive notifications gt Sender E mail Address The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail gt SMTP Server Enter the IP address of the sender s SMTP server gt SMTP Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMvVt1 is not currently available for general use o Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5d or Login but which method to be used can not be configured 216 13 2 2 SYSLOG Settings SYSLOG Settings SYSLOG Enabled Disabled SYSLOG Server1 IPAddress Pote SYSLOG Server2 IPAddress
226. oints CAPWAP Settings Status Enable Disable Restore Configuration nines Se EAP300 Enable Disable Enable Disable VAP CAPWAP GRE Tunnel Service Zone 1 F map to 2 map to Template f 4 map to 3 map to 6 map to map to a map to Certificate DEFAULT gt Status The configuration status of CAPWAP function Click Enable to open the Access WHG Controller to allow CAPWAP supported AP s to automatically add to the managed AP List gt Restore Configuration Currently EAP 200 and EAP 300 are the AP models that support the CAPWAP feature Once an AP is added to the list and is manually configured its configuration profile can be backed up in the AC memory and will be selectable in the drop down menu When a configuration profile is selected here whenever an AP of this model is automatically discovered and added to the managed List that AP will be configured with the configuration profile selected here gt Template This configuration item allows the administrator to specify which of the VAP profiles on the AP are allowed DTF Distributed Traffic Forwarding once it is discovered and managed by the AC It enables the administrator to statically assign which VAPs are to be tunneled back to AC and what SZ they service unassigned VAPs will service by DTF where the client traffic will not be tunneled back to AC but directly to the internet instead gt Certificate This configuration item allows the administrator to select
227. olicy Configuration Service Zone Default Default Service Zone S71 Policy 3 571 Service Zone S72 52Z2 Service Zone S73 F S73 Service Zone Policy 8 sz4 Service Zone SZ5 F 5275 Service Zone 526 Service Zone S77 d Policy 1 SZF Service Zone 528 Remote VPN o Remote VPN User Group 2 User Grou 3 ai in in p Fi Serice Zone 6 Serice Zone 1 access the internet Serice Zone 2 Disabled service Zone 4 88 In this example Group 1 users are allowed to access the internet in 5 places Service Zone 0 1 4 6 and 8 They must follow policy 1 at Service Zone 1 6 and 8 They are ruled by Policy 3 at Service Zone 1 and by Policy 8 at Service Zone 4 In each authentication option you can assign a Group with each authentication option All users login with same authentication server will belong to same Group Authentication Option Server 1 Postfix focal i Black List Authentication Database Group But there are some exceptions In Local Authentication each user can assign to different Group one by one In RADIUS Authentication the users can assign to different Group by Class Group Mapping In LDAP Authentication the users can assign to different Group by Attribute Group Mapping 89 6 2 2 Permission in Service Zone Configure Group settings go to User Authentication gt gt Group A Group can be allowed to access one Service Zone or multiple Service Zone
228. om the internal network Policy MFOR Firewall Rules Create a New Rule Source Destination No Active Action Rule Name Service Schedule Operation Source Interface Destination Interface Total 0 First Prev Next Last Create a New Rule DoS Protection Global Policy Only This configuration page is for administrators to configure which types of DoS attack to block This feature is enforced from the systems perspective to block DoS attacks coming from the external network DoS Protection Name Remark Coverage Enable If a packet is received on the interface which is not used to forward the traffic to the source of Reverse Path Filter the packet it will be dropped Packets with Machine amp LAN Subnets Fj spoofed source IP addresses will be dropped Prohibit Source Route Drop packets carrying source router options Machine amp LAN Subnets F TCP protocol stack sends out syncookies when ai the syn backlog queue of a socket overflows This a oe Enable TCP SYN cookies i to prevent against the common SYN Flood ji attack Drop all ICMP ECHO and TIMESTAMP requests via Drop Broadcast ICMP broadcast multicast This can prevent Smurf Machine F attack Machine Drop fragmented ICMP Packet This can Drop fragmented ICMP Packet a eos revent Ping of Death attack j a LAN Subnets F Drop ICMP requests if more than 20 ICMP Machine Limit ICMP Requests requests received per second This can prevent P
229. om wcc purchase External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable WorldPay Payment Page Configuration Installation ID Payment Gateway URL https select wp3 rbsworldpay com wec purchas Currency GBP Pound Sterling Note The WAN IP of gateway must be real IP 263 17 Additional Applications 17 1 Upload Download Local Users Accounts Configure Upload Download Local Users Accounts go to User gt gt Authentication gt gt Option gt gt Local gt gt Local Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process Note 1 The format of each line in the file is Username Password MAC Address Applied Group Remark Local VPN Enabled without quotes There must be no space between the fields and commas The MAC Address field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts in the embedded database that are also defined in the data file will not be replaced by the new ones Note 2 If users need to use Local VPN please set Local VPN Enabled field to 1 Note 3 Only 09 AvwZ aez and _ are acceptable for password field Upload User from File File Name pros When uploading a file any format error or duplicated username will t
230. on database this account belongs to e Black List System has built in black list profiles where specific user accounts can be listed When selected and applied here it tells the Controller that the accounts on the selected black list should be denied authentication e Group The Group profile that will govern the users authenticated via this authentication option e Authentication Database Select the authentication database that will be used for account validation when an authentication request is received Click the button Configure for further configuration Local User Database Settings Local User List Enable Disable Account Roaming Out i f Local user database will be used as authentication database for roaming out users Enable Disable 02 1X Authentication Local user database will be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch RADIUS Client Device Settings Local User List The link will redirect to Local User List page where all Local users on the Controller s built in Local database will be displayed The page has an Upload User button for importing a list of user account from a text file and a Download User button 78 for exporting all local user accounts into a text file Clicking on each user account leads to a page for configuring the individual local account Local user account can be assigned a Group and applied Local VPN individually Search Enter a
231. onal String Current user password lf not presented password stored in cookie is the default value myusername Required String Redeem user ID mypassword Required String Redeem user password ret_url Optional String URL encoded Return URL login successful page is the default value Output If no ret_url is presented client would be redirected to login successful page and in addition a JavaScript window would pop up and show the result If ret_url is presented client would be redirected to ret_url and gateway would add an additional variable rmsg to indicate redeem procedure result Field Value Description rmsg String including Result and error messages Redeem process completed Original user name can not be found from the database Redeem user name can not be found from the database Original user password is incorrect Redeem user password is incorrect Original user type and ondemand user type do not match Original user has not login 248 Redeem user login already Had been redeemed before User run out of quota Maximum allowable time is exceeded Maximum allowable memory space is exceeded Wrong postfix please check it This account is expired On demand account creation Local User Path LAN IP address or Internal Domain Name loginpages UserAuthentication OnDemandRecept shtml Input Field Required Value Description buttonNo Required Integer 1 10 Billin
232. one Group and Policy In this example Students and faculties logging into Service Zone 1 will be governed by Policy A Guests only have the access of Service Zone 3 and will be bounded by Policy C Faculties have the access to both Service Zone 1 and Service Zone 2 under two Service Zone 1 Service Zone 2 Service Zone 3 different policies An example relationship of Service Zone Group and Policy The following Figure depicts an example using WHG Controller in managing network internet access in an academic campus environment Imagine the network administrator may wish to set different privileges and bandwidth limits for staff students and professors he could use several Service Zones of WHG Controller one for staff one for students and one for the professors He also uses one zone for some shared servers in the diagram There traffic of students professors and guests can be segregated by thereby different VLAN segments Nip Tunnel ia Internet Eia or WAN Access Point __L2 Switch WAN in ee WHG Controller 3 Wired Traffic OTF me m E 4ipnet Service Zone Professor a Access Point 4ipnet E Website ao ih i ate Access Point oe SSID tL F SG wr oy fi Student s ssip Professor service Zone SSID Convention Center Service Zone Stalf Service Zone Student Remote Campus An example of managed network in a Campus environment 24
233. one runs in Router mode O IP Address The IP Address of this service zone O Subnet Mask The subnet Mask of this service zone 47 O IPv6 Settings The IPv6 Address and configuration of this service zone When IPv6 enabled O Network Alias List Administrator may optionally set many alias network segments for a service zone This feature can allow a single service zone to be seen as many service zones also hide the IP address of a Service Zone s network interface and to some degree provide protection from possible attacks from LAN clients Click the Configure button to enter the Network Alias List page Network Alias List for Service Zone SZ1 No IP Address Subnet Mask Operation Mode Enable 1 Doo 255 255 255 255 32 d 2 f 255 255 255 255 32 aie O 3 OoOo 255 255 255 255 32 C d 255 255 255 255 32 ae oO 5 D 255 255 255 255 32 aN o Fill in the desired alias IP address and select the preferred Subnet Mask Operation mode check the Enable box and click Apply button to activate the settings DHCP Server From the drop down menu DHCP server for this particular service zone may be Disabled Enabled or Relayed Please note that when Enable DHCP Relay is enabled fill in the IP address of the external DHCP Server and the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this serv
234. or internal use e g controller office name com Internal Domain Name Disclaimer Page Go to System gt gt Service Zone gt gt Service Zone Configuration gt gt Disclaimer Page Disclaimer Pages gt gt Login Page The administrator can use the default disclaimer page or get the customized page by setting the template page uploading the page or downloading from a designated website After finishing the setting click Preview to see the login page e Custom Pages gt gt Disclaimer Page gt gt Default Page Select the type of Disclaimer Page to use the default page Disclaimer Page Type Default Page Template Page Uploaded Page External Page Default Page Setting Service Zone S71 This is the default disclaimer page for users You could click Preview to preview the default disclaimer page Preview 4 251 Authentication Required Welcome to broadband Internet access a service Before you proceed please acknowledge that 1 There may be interruptions to the service due to technical reasons beyond our control 2 We are not responsible for the accuracy and appropriateness of the information or material contained on v 252 16 Payment Gateways 16 1 Payments via Authorize Net Configure Payments via Authorize Net go to User gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt Authorize Net Before setting up Authorize Net
235. ot CA Default Certificate a 2021 03 18 CN 4ipnet com CN d4ipnet com 15 17 07 Default C US ST U5 L CA O EXAMPLE ING C U5 ST U5 L CA O EXAMPLE INC Certificate CN gateway example com CN gateway example com e Signing Certificates with System Root CA When a root CA has been created the Create Root CA option in the drop down list will become Signed by Root CA Certificate information entered and Applied will be used to generate an issued certificate from root CA Certificate Utility Signed by Root CA v Pt Certificate Signed Information Email Address Country Name e 191 The generated certificate will be listed in the My Issue Certificate table Certificate and key can be downloaded with Get Cert Get key button My Issue Certificate CERTI CN EAP com CN 4ipnet com e Uploading Certificate or Trusted CA Apart from self signed certificate and system s root CA administrators can also upload other certificates signed by other CA entities or Trusted CAs into the system Select Upload Certificate to browse and upload a selected Certificate and Key into the System Certificate Utility Upload Certiicate fie Upload Certificate Certificate Oooo i cs Certification Path Verification O Enable Disable Select Upload Trust CA to browse and upload a trusted CA certificate into the System Certificate Utility Uplead Tost CA Eo Apply 192 12 11 Administrator A
236. ot login with other networking device Adding User s to the List MAC Address No Username Password XK KX KX XX KX XX Group Remark Enable Local VPN ee 1 6 1 4 Configuring LDAP The Lightweight Directory Access Protocol LDAP is an application protocol for reading and editing directories over an IP network 79 Authentication Option Server 4 name are eo ww D Name Configurable text string designated as the mnemonic name of this authentication option e Postfix Is the text string entered as a postfix in the account field for notifying the Controller which authentication database this account belongs to e Black List System has built in black list profiles where specific user accounts can be listed When selected and applied here it tells the Controller that the accounts on the selected black list should be denied authentication e Group The Group profile that will govern the users authenticated via this authentication option e Enable Local VPN When checked users authenticating with this authentication option will have a VPN tunnel established automatically between the Controller and the user s client device e Authentication Database Select the authentication database that will be used for account validation when an authentication request is received Click the button Configure for further configuration Enter the information for the primary server and or the secondary server the secondary server is not requ
237. ount Password The dial up password issued by your ISP PPTP Connection ID Dial on demand function under PP TP If this function is enabled a Maximum Idle Time will be available for input a value When the idle time is reached the system will automatically disconnect itself gt WAN2 If you want to use a second Internet feed select one of the three connection types for your WAN2 port Static Dynamic and PPPoE Please note that WAN load balancing and WAN failover features are only available when WAN2 is configured WAN Interface Setting None Static Use the following IP settings Dynamic IP settings assigned automatically PPPoE Static Manually specifying the IP address of the WAN Port The fields with red asterisks are required to be filled in Y VV V WV IP Address The IP address of the WAN1 port Subnet Mask The subnet mask of the WAN1 port Default Gateway The gateway of the WAN1 port Preferred DNS Server Statically designate the primary DNS server to be used by the system Alternate DNS Server The substitute DNS server used by the system This is an optional field Dynamic It is only applicable for the network environment where the DHCP server is available on the upstream network Click the Renew button to get an IP address automatically 39 gt Learn DNS Server Address During Negotiation When this check box is selected the Controller will automatically learn the IP address of DNS server th
238. p Config Clicking this button will open a popup window where administrator can backup the chosen AP s configuration settings into a db file store in the WHG Controller s memory The Backup up files are listed under Backup Config tab page for download or deletion gt Restore Config Clicking this button will open a popup window where administrator can restore the 164 chosen AP s configuration settings using a db file store locally in administrator PC or in the WHG Controller s memory Upgrade Clicking this button will open a popup window where administrator can upgrade the chosen AP s firmware using a firmware file store locally in administrator PC or in the WHG Controller s memory under Firmware tab page 165 10 7 WDS List View the WDS link information established between APs in Wide Area AP Management go to Enter Wide Area AP Management gt gt WDS List WDS List Peer AP Band Channel Security TX Power Link Speed SNR TX Bytes TX Packets STP STATUS EAPSOO 10 0 5 150 17 dBm 129M 68 10175524 14 752 Forwarding ng 1 WEP Active 00 1F D4 77 66 56 Disabled EAP300 10_0_5_91 129M 66 3283 76 Forwarding 1 WEP Active 00 1F D6 67 93 01 Disabled The WDS link if established between APs listed in List will be listed here with related information such as the Band and Channel of the link Security settings if any and the Transmit Power Byte Packets etc 166 10 8 Backup Config View previously saved backup files for Wi
239. pe is used mainly for hospitality application to charge a single user If the user opens a browser and tries to access internet a page with disclaimer and billing plan options will be displayed User can select the desired plan and click confirm button to purchase an account The account cost will be sent to the PMS and added to the hotel bill via the configured middleware The room with this port type only allows one user at most to access the network within the room 300 Multiple User is the port type used for rooms with many users for example dormitory applications If the user opens a browser and tries to access internet a user login page without billing plan options will be displayed The user needs to buy accounts from the front dorm office in order to login The room with this port type allows more than one user to access the network within the room Now let us begin to configure the Port Mapping There are three main groups of operations that can be performed in this configuration page Create Batch Change All Port Type and Create One You can create the Room Mapping by batch processing if you wish to create a contiguous VLAN Tag and Room number gt Port Location Mapping Setup Create Batch a Number of VLAN Start Room NUM Location ID Room NUM Location ID Prefix Room NUM Location ID Postfix e From Set the Physical LAN port on the gateway to provide Port Location Mapping Service e Port Type The defaul
240. pulsory Log out the system Help Access Online Help interface Access Home interface A amp A Represents essential steps actions or messages that should not be ignored Note Contains related information that corresponds to a topic 2 WHG Controllers Installation Guide 251s Form Factor WAN LAN Local Accounts On demand Accounts Managed AP Capacity Local amp Wide Combined LevelOne AP Model Monitored IP Service Zones User Groups User Policies WHG 311 13 Mini book 2xXGbE 100 Default 8 8 Global 12 WHG 315 19 1U 2xXGbE 100 Default 8 8 Global 12 WHG Controller Capacity Table WHG 401 19 1U 2 xGbE 200 Default 8 16 Global 24 WHG 505 19 1U 2xXGbE 200 Default 8 24 Global 40 WHG 515 19 1U 2xXGbE 250 Default 8 24 Global 40 WHG 707 19 1U 2x GbE 2x Combo SFP 4x GbE 2 x SFP 15000 15000 500 Default 8 24 Global 40 2 2 WHG Controller Hardware Overview 2 2 1 WHG 311 Hardware Reset Status REV REV Power REV REV REV REV Quick Buttons Reset Press and hold the Reset button for over 3 seconds and status of LED on front panel will start to blink release button at this stage to restarting the system Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will turn from blinking to off release at this stage to reset the system to default config
241. r s Setting is selected system will use the RADIUS attributes set in the remote RADIUS server If Overwrite Server s Setting is selected system will use the RADIUS attributes set below If Set if not presented is selected system will use the RADIUS attribute settings below if the configured remote RADIUS server presents no attributes RADIUS Standard Attributes Session Time Out Forced logout once timeout period reached Idle Time Out Implicitly logout when inactivity timeout period Attributes Priority reached Acct Interim Interval The time interval to send accounting updates WISPr Vendor Specific Attributes Default from the drop down menu is to follow external Server settings If you select to overwrite or set if not present the following attributes will be required Redirection URL URL of Start page e Billing Class Of Service Text string used to indicate service used for the visitor access Session Terminate on Billing Time When enabled the session will terminate in the Billing Time set Session Terminate Time Never This means that RADIUS sessions will only terminate when a user logouts gets kicked out or session idled timeout Bandwidth Setting It will follow the Bandwidth settings of the Group profile set for this authentication server Bandwidth Setting The number of resends before Retransmission treating this transaction as fail Settings Timeout The time in seconds to wait for reply from RADIUS server
242. r Sec Integer Sec String URL encoded Client MAC address RADIUS user session length Only available for RADIUS user RADIUS user volume limit Only available for RADIUS user Idle timeout RADIUS accounting interim update interval Only available for RADIUS user The URL which shall be submitted when user want to logout Change_passwd_url ondemand_creation_url Vianid Gwip client_ip SZ Group Policy max_uplink max_downlink Req_uplink Req_downlink next_page CLASS WISPR SESSION TERMINATE T ME WISPR SESSION TERMINATE E ND OF DAY WISPR BILLING CLASS OF SER VICE WISPR LOCATION ID WISPR LOCATION NAME String URL encoded String URL encoded Integer 1 4094 IP format IP format Integer Integer Integer Integer b s Integer b s Integer b s Integer b s String String String format YYYY MM DDThh mm ssTZD Integer 0 1 String String String 240 The URL which shall be submitted when user want to change password Only available for LOCAL user The URL which shall be submitted when user want to create on demand user Only available for LOCAL user VLAN ID Gateway activated WAN IP address Client IP address service Zone ID Group index Policy index Maximum up link rate Maximum down link rate Minimum up link rate Minimum down link rate Client redirection URL RADUIS CLASS attribute Only available for RADIUS user WIS
243. r U S Robotics Inc Description not yet defined USA AT Call Output Filter US Robotics Inc Description not yet defined USR AT Input Filter US Robotics Inc Description not yet defined USA AT Output Filter US Robotics Inc Description not yet defined USR AT ATMF Input Filter U S Robotics Inc Description not yet defined USA 4T ATMP Output Filter U S Robotics Inc Description not yet defined USA AT ip lnput Filter U S Robotics Ine Description not yet defined a 4 9 A Step 4 Add a new attribute under Vendor specific Set Vendor Code 31932 Set it conforms to the RADIUS RFC Configure Attribute Set Vendor assigned attribute number 10 Set Attribute format Hexadecimal Set Attribute Value 1000000 294 Polk fied Aithia riirn ce Verdor Specie Vernlir S pete Minbote irina Nendo Seeciic Wehrethes LAS shinatak generates dee clase af ETEEN ERNE SLT Webel bed LAS diuloevaiboselky piniad Aha ors ee Ua i TATEA i Hove ip 5 F are Spends network aocess Seve vendor Daea thet cha ery dia peties are naed A e n i tha IP faiie Sia Ghat is usad bp te Alouting anc is Select bom bet J oe Doe the ime jn secoeds thatthe commection car et Diniga YSA RFC cornplinnt f etceoreecy eg __ 88110 raed pid cheelareeal an H oro pet defined eae F l yt ate L nok pet defined ee Berrdiwe pn mot pet dH ors rc ped dates Ee bn not pet dehned bn mot pet defined Dn reat pet damed
244. rame size of than 38 1492 bytes In that case you have to enter a smaller number MTU number to meet the ISP s networking requirement Clamp MSS Short for Maximum Segment Size for a TCP connection An end to end TCP connection over PPPoE will consume additional overhead out of each packet At least 40 bytes are used for the address Hence MSS must be smaller than MTU by at least 40 Dial on demand function under PPPoE If this function is enabled a Maximum Idle Time will be available for input a value When the idle time is reached the system will automatically disconnect itself Learn DNS Server Address During Negotiation When this check box is selected the Controller will automatically learn the IP address of DNS server through DHCP messages received Preferred DNS Server Statically designate the primary DNS server to be used by the system Alternate DNS Server The substitute DNS server used by the system This is an optional field PPTP Although not a popular method PPTP protocol for dialup connections is adapted by some ISPs in European Countries Your PPTP ISP will issue you an account with a password as well as the PPTP server address gt Y Y VV WV Type Select Static or DHCP Select Static to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically PPTP Server IP Address Specify your ISP s PPTP server IP address Username The username issued by your ISP as dial up acc
245. ress and hold the Reset button for more than 10 seconds and status of LED on the front panel will start to speed up blinking before resetting the system to default configuration G For management use only it always will open WMI Web Management Interface homepage WAN1 WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplink connections to the external network such as the ADSL Router from your ISP Internet Service Provider 8 LAN1 LAN2 Two Gigabit LAN ports for servicing LAN traffic 10 100 1000 Base T Ru 45 Power On amp Power Off O a Device Cooling Fan Don t block the cooling fans Leave enough open space for ventilation Power Supply Socket Connecting the power cord to the built in open frame power supply Input 100 240 VAC 50 60 Hz 12 2 2 4 WHG 505 Hardware fy Indicators There are three kinds of LED Power Status and Hard disk to indicate P amaaan LCD Display Allows network administrator to check important system settings such as network interface SZ configurations etc The navigations buttons from left to right respectively are Esc Up Down and Enter Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsofts Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc Press and hold the Reset button for about 5 seconds a
246. ress of the alternate DNS Server Server 202 13 1 2 Interface Status View Interface Status go to Status gt gt Interface This section provides an overview of the interface for the administrator including WAN1 WAN2 SZ Default SZ1 SZ8 Network Interface Select Interface WAN1 v Mode STATIC MAC Address 00 90 0B 18 58 41 IP Address 10 0 4 72 WANI Subnet Mask 255 255 0 0 IPv6 Address IPv6 Prefix today 08 27 10 rx 2 09 MiB rx 967 01 MiB tx 3 53 MiB tx 148 91 MiB all time z 5 62 MiB z 1 09 GiB rx 969 11 MiB 1 34 kbit s 105 81 kbit s tx 152 43 MiB Aog 940 1 10 GiB ug since 08 27 10 rx 969 11 MiB tx 152 43 MiB 1 10 GiB erx at 3 62 kbit s Traffic summary kbit s 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 OF 08 09 day rx tx 06 27 10 967 01 MiB 148 91 total MiB 1 09 GiB avg rate Orx mtx 105 81 kbit s EEE Traffic of the day 08 30 10 2 09 MiB 3 53 MiB 5 62 MiB 1 34 kbit s estimated 5 MiB 7 MiB 12 MiB month rx tx total avg rate Orx mtx Traffic of the Month Aug 10 969 11 MiB 152 43 MiB 1 10 GiB 3 62 kbit s EE estimated 1 00 GiB 160 MiB 1 15 GiB day rx tx total avg rate Traffic of the top 10 1 08 27 10 967 01 MiB 148 91 MiB 1 09 GiB 105 81 kbit s BE 203 The description of the above mentioned table is as follows Se a From the drop down menu administrators can select which interface status to S
247. ring a Party IP go to Network gt gt Monitor IP WHG CONTROLLER will send out a packet periodically to monitor the connection status of the IP addresses on the list On each monitored item with a WEB server running administrators may add a link for the easy access by entering the IP select the Protocol to http or https and then click Create After clicking Create button the IP address will become a hyperlink and administrators can easily access the host by clicking the hyperlink remotely Click the Delete button to remove the setting Monitor IP List No Protocol IP Address Hyperlink Remark O Monitoring 3 Party AP go to Network gt gt Monitor IP If you are using 3 party AP you can use Monitor IP function to monitor the AP connection status Because WHG CONTROLLER can not manage these APs Monitor IP is a better way to monitor the AP connection status WHG CONTROLLER will send out a packet periodically to monitor the connection status of the IP addresses on the list If the monitored IP address does not respond the system will send an e mail to notify the administrator that such destination is not reachable After entering the necessary information click Apply to save the settings Click Monitor Now to check the current status of all the monitored IP The system supports monitoring on 200 IP addresses listed in the Monitor IP List 196 12 13 Console Interface Via this port to enter the console interface
248. rom all malicious DoS attacks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in network deployment to maintain network operation 106 7 2 User Access Control WHG Controller supports user access control per service zone for the entire system or per authentication server MAC Access Control per Service Zone Go to Main Menu gt System gt Service Zones Each Service Zone s Wireless Settings will be applied to APs that are mapped to this service zone There is a MAC Access Control section where the administrator can specify up to 10 MAC addresses which can be allowed denied to access this service zone wirelessly Wireless Settings Open System T Authentication a Security E Enable 802 1X Authentication 32 Range from 1 to 32 Disable Disable Access Control Disable Disable MAC Address Disable Disable Disable Disable Disable Disable Access Control Status Disable means there is no limitation as to what MAC address are allowed or not allowed to access this service zone Allowed means that only the MAC addresses listed are allowed to access this service zone wirelessly Denied means that the MAC addresses listed are not allowed to access this service zone wirelessly Each MAC entry can also be enabled or disabled on the list separately MAC Access Control for the entire system Go to Main Menu gt Users gt Additional Control gt MAC ACL Access Control List
249. rough DHCP messages received gt Preferred DNS Server Statically designate the primary DNS server to be used by the system gt Alternate DNS Server The substitute DNS server used by the system This is an optional field PPPoE If your ISP provides PPPoE Dialup connection then the ISP will issue you an account with a password You would need to enter the account credential in the WAN configuration page for dialing up to the ISP gt Username The username issued by your ISP as dial up account gt Password The dial up password issued by your ISP gt MTU Maximum Transmission Unit of a PPPoE frame The PPPoE protocol allows an Ethernet frame s size to be up to 1492 bytes but some ISP s network equipments may support a smaller frame size of than 1492 bytes In that case you have to enter a smaller number MTU number to meet the ISP s networking requirement gt Clamp MSS Short for Maximum Segment Size for a TCP connection An end to end TCP connection over PPPoE will consume additional overhead out of each packet At least 40 bytes are used for the address Hence MSS must be smaller than MTU by at least 40 gt Dial on demand function under PPPoE If this function is enabled a Maximum Idle Time will be available for input a value When the idle time is reached the system will automatically disconnect itself gt Learn DNS Server Address During Negotiation When this check box is selected the Controller will automatical
250. rst Service Zone Name SSID WLAN Encryption 0 Default SsiDo None F a S73 SSID3 None F 15 S75 SSID5 None Check the checkbox to select the available Service Zones from the list Click Apply to finish the settings A 1 This function only support in Tag Base mode 2 Notall AP types support this feature only Multi VAP AP can Apply Service Zone in Tag Based mode 143 9 9 Firmware management and upgrade Configure Firmware management go to The system supports the firmware management of APs to upload new firmware delete the existing firmware and download the firmware to managed APs Note that the AP s firmware version must be one that has been integrated Firmware Upload displays the current version of the AP s firmware New firmware can be uploaded here to update the current firmware To upload click Browse to select the file and then click Upload Firmware Upload FileName List File Name AP Type Version Size Actions Checksum dipnet_EAP300_2 10 00 EN E_1 24 a Download 1 4225 rom EAP300 2 10 4174016 A ci aeda4652996191867fadb92dd5a5a Delete Configure Firmware upgrade go to Access Points gt gt Enter Local Area AP Management gt gt Upgrade gt List The uploaded firmware will be listed here File Name The name of the AP firmware has been uploaded Checksum The automatically detected security identification of the firmware AP Type The AP type of the firmware Version The ver
251. rver Before getting start please access your external RADIUS server s desktop directly or remotely from other PC Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADIUS Server Assume there are already have Policies and assigned Groups to belong these Policies in RADIUS Server Step 2 Run Internet Authentication Server Open Remote Access Policies Select a Policy Right click and scroll down to its properties page Recycle Bin Getif 2 3 1 RADIUS Server Desktop td Ed File Action View Help Axon 145 Log Viewer s Q x j i RADIUS Clients SF RADIUS MAC Ethereal Internet se ihove cress ioni Sf stressuses_it_st AGERE REICAE ra ag Remote access Policies EP Employee igh _s12h H Connection Request Processing E Groupl_Idle3m_SessionSm g ze Groupe Sessioni 2m as amp Kiwi Logfile Internet i Group4 IdleSm MNAS ID match cipher viewer Iniormatin Groups M45 ID match other Connections to Microsoft Routing and Delete Ef Connections to other access servers Rename TE 4 Properes Daemon up3_Unlirnited Se coc SLEPT ETTORE l Move Up Move Down Active Director Let g Certification Authority Desktop r r F Ed Opens property sheet For the current selection Command Services Fomor 293 Step 3 Edit Profile Select the Advanced Tag Add a new attribute Add a new Vendor specif
252. s such as sending receiving mail transferring a file etc Count down of Valid Period is continuous regardless of logging in or out Quota is the total Mbytes 1 1000000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time period for using After this time period even with remaining quota the account will still expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information m Range 1 1000000 Hi First time login must be done within day s Activation hour s Range of hour s 0 23 they cannot both be zero r After activation account will be expired in day s Valid Period said p y s Must be larger than 0 Ome Range 0 100000 including two digits after decimal point e g 1 99 TIP If the Account Type is Volume Customer can access internet as long as the account is valid within the valid period with remaining quota traffic volume Customer also needs to activate the issued account within a given time period by logging in for the first time Apply Volume account lifespan pn nrenrcrnenomaincel ipl Quota up QU Activation Time Expiration Time AT
253. s Also WHG CONTROLLER can be restored to the factory default settings here Backup System Settings Restore System Settings File Name E L Keep WAN1 setting and Management IP Address List Reset to the Factory Default O Reset e Backup System Settings Click Backup to create a db database backup file and save it on disk File Download l x Do vou want to open or save this file 4 Hame 20050303 db kasd Type Data Base File From 10 2 3 70 con sve IV Always ask before opening this type of file While files from the ntemnet can be useful some files can potentially harm your computer IF you do not trust the source do not open or save this file What s the risk e Restore System Settings Click Browse to search for a db database backup file created by WHG CONTROLLER and click Restore to restore to the same settings at the time when the backup file was saved The option of Keep WAN1 setting and Management IP Address List can be selected to retain WAN1 setting for remote access e Reset to Factory Default Click Reset to load the factory default settings of WHG CONTROLLER 185 12 7 Firmware Upgrade Configure Firmware Upgrade go to The administrator can download the latest firmware from website and upgrade the system here Click Browse to search for the firmware file and click Apply for the firmware upgrade It might take a few minutes before the upgrade process completes and the system need
254. s Moreover a Group can be applied different Policies within different Service Zones Remote VPN is considered as a zone where clients log into the system via remote VPN Group Configuration Group 1 Select Group QoS Profile Privilege Profile Zone Permission Configuration amp Policy Assignment Group 1 To Group Permission Zone Name Enabled Policy Configuration Service Zone Default Default Service Zone S71 Szi Service Zone SZ2 SZ2 Service Zone SZ3 SZ3 Service Zone S74 SZ4 Service Zone S75 575 Service Zone SZ6 S26 Service Zone S77 SEF Service Zone SZ8 SZ8 Remote VPN Remote VPN gt Zone Name The name of Service Zones and Remote VPN gt Enabled Select Enabled to allow clients of this Group to log into the selected Service Zones For example the above figure shows that users in Group 1 can access network Services via every Service Zone as well as Remote VPN under constraints of Policy 1 gt Policy Select a Policy that the Group will be applied with when accessing respective Service Zones gt To Group Permission Configuration The relation between Group and Service Zone is many to many every Group can access network services via more than one Service Zone and meanwhile each Service Zone can serve more than one Group Click the hyperlink in the To Group Permission Configuration column to enter the Group Configuration interface which is based on the role of Service Zone
255. s to manage user accounts and to monitor user status Functions are separated into 6 main categories system Users Access Points Network Utilities and Status 35 4 2 5 Online Help The Help button is at the upper right corner of the WHG Controller display screen Click Help for the Online Help window and then click the hyperlink of the relevant information required Home Logout Help Online Help Corner 36 5 Initial Network Setup 5 1 Network Requirement Typically in a network environment WHG Controller plays the role of a gateway On a gateway device a network port leading upstream to the Internet or the backbone network is called a WAN port or an uplink port while a network port used for branching out to the service the clients downstream is referred as LAN port WHG Controller consists of two WAN ports which are normally linked up to different routers or modems leading to ISP A gateway needs one WAN port only but if you want dual homing or dual uplink to add reliability and throughput the second WAN port lets you achieve that goal 5 2 Managing System Date amp Time Go to Main Menu gt System gt General page The system time can be configured manually or calibrated automatically through external NTP Servers Accurate system time is critical when it comes to billing and online payment Calibrate system time using NTP servers fill in at least one valid NTP server address
256. s field is up to 40 characters This name is used for the administrator to identify the authentication options easily such as HQ RADIUS Postfix A postfix is used to inform the system which authentication option to be used for authenticating an account e g bob BostonLdap or tin TaipeiRadius when multiple options are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if BostonLdap is the postfix of the default option Bob can login as bob without having to type in bob BostonLdap Set a postfix that is easy to distinguish e g Local and the server numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Black List There are 10 sets of black lists provided by the system A user account listed in the black list is not allowed to log into the system the client s access will be denied The administrator may select one or None black list from the drop down menu and this black list will be applied to this specific authentication option Authentication Database Click Configure button to enter the configuration page For example select Local from the drop down list box and then click Configure button to enter the Local User Database Settings Then click the hyperlink of Local User List Group Select one Group from the drop down list box for
257. s internet as long as account has remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only deducts quota while using Account expires only when quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeem Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 60 Editing Billing Plan Expiration Time With Expiration Time No Expiration Time day s hr s mints Quota Range of day s 0 364 Range of hour s 0 23 Range of minis 0 59 they cannot all be zero Amat First time login must be done within day s Activation hour s Range of hour s 0 23 they cannot both be zero Range 0 100000 including two digits after decimal point e g 1 99 TIP If the Account Type is Usage Time Customer can access internet as long as the account is valid within the valid period with remaining quota
258. s to be restarted afterwards to activate the new firmware FTP firmware upgrade is also an option enter the FTP server IP address FIP server port and the FTP account name and password and lastly specify the complete firmware filename stored on the FTP server that will be used to upgrade the system System Firmware Upgrade a Server IP Server Port Upgrade by FTP Username Password File Name Note For better maintenance we strongly recommend you backup system settings before upgrading firmware 1 Firmware upgrade may cause the loss of some data Please refer to the release notes for the limitation f before upgrading 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or restart process It may damage the system and cause malfunction 186 12 8 Restart Configure Restart go to This function allows the administrator to safely restart WHG CONTROLLER and the process might take approximately three minutes Click YES to restart WHG CONTROLLER click NO to go back to the previous screen If the power needs to be turned off it is highly recommended to restart WHG CONTROLLER first and then turn off the power after completing the restart process Do you want to RESTART the system The connection of all online users of the system will be disconnected when system is in the process of LN restarting 187 12 9 Network Utility Contigure Network Utility
259. shtml 227 14 3 Site to Site VPN Configure Site to Site VPN go to Network gt gt VPN gt gt Site to Site VPN WHG CONTROLLER support Site to Site VPN for more than 2 WHG CONTROLLER create VPN tunnel to each other over the WAN network For example if there are 2 WHG CONTROLLER you can create a VPN tunnel to let a subnet of one WHG CONTROLLER to access the subnet of another WHG CONTROLLER Remote Site Configuration Name IP Address Pre shared Key Edit Delete Add A Remote Site Local Site Configuration Local Host Subnet Local Interface Remote VPN Gateway Remote Host Subnet Edit Delete First you need to add a Remote Site with remote subnet Remote VPN Gateway IP Address fe Authentication Method Pre shared Key fe i Encryption AES256 Phasel Proposa Authentication SHA 1 Diffie Hellman Group Group 1 D Group 2 U Group 5 IKE Life Time The time is a 5 digit number e g 36h stands for 1 day and 12 hours DPD Delay second Dead Peer Detection DPD Timeout 15 second Remote Subnet No Network sd N The IPSec settings in both sites must be same And then create a Local Site with subnet for mapping to the remote site 228 Local Site Information Local Interface WANT Remote VPN Gateway t Hos Add a New Hast Local Host Subnet Host Subnet Remote Host Subnet Encryption Authentication Key 5 Life Time The time is a 5 digit number e g 36h stands for 1 day and 12 ho
260. sion of the firmware Size The file size of the firmware Download Click Download to save the selected firmware to a local disk VV VV VV WV Delete Click Delete to delete the selected firmware from the system AP Upgrade Select the APs which need to be upgraded and select the upgrade version of firmware and click Upgrade to upgrade firmware AP Type EAP700 List Name Type Version ae Next Version Selection EAP 700 0 EAP 700 1 10 01 N A 1 10 Ei 144 9 10 WDS Management Configure WDS management go to Access Points gt gt Enter Local Area AP Management gt gt WDS WDS Management Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup a Tree structure of WDS network Default Settings for Newly Added WDS Tree Security WEP 152bits Channel 56 Edit WDS Status WDS Tree Security Channel Edit Refresh Interval 10 seconds ka No WDS operation has been done WDS Update The Parent AP of this new connection The Child AP of this new connection The Parent AP of this updated connection The Child AP of this updated connection and the connection to the previous Parent AP will be deleted The AP selected including all the Child APs of it will be deleted e WDS Status Status shows the added APs in the WDS Tree with the Security and Channel settings The WDS could be set up more than one tree C
261. skbar and Modem D Sounds and Audio Devices User Accounts VMware Tools Scheduled Tasks 2 Choose the Connections tab and then click Internet Properties Setup General Security Privacy Content Connections Programs Advanced To set up an Internet connection click Setup Dial up and Virtual Private Network settings Add Remove Choose Settings iF you need to configure a proxy server For a connection Settings Never dial a connector Dial whenever a network connection is not present Always dial my default connection Current Mone Local 4rea Network LAN settings LAM Settings do not apply to dial up connections LAM Settings Choose Settings above For dial up settings 3 When the Welcome to the New Connection New Connection Wizard Wizard window appears click Next Welcome to the New Connection Wizard This wizard helps you Connect to the Internet Connect to a private network such as your workplace network Set up a home or small office network To continue click Next 4 Choose Connect to the Internet and then click Next New Connection Wizard Network Connection Type What do you want to do Connect to the Internet Pou can browse the Web and read email C Connect to the network at my workplace Connect to a business network using dial up or YPN s0
262. ss Welcome to Broadband Internet Service Please choose from the following service selection Plan Price 2 hr s of connection time quota with 20 expiration 3 min s of connection time quota with 99 expiration Walid until 7 08 the following day T rts of connection time quota with 21 expiration Valid until 00 00 the following day 350 Service Agreement Please kindly note that there will be no refund once connectivity is confirmed Please click CONFIRM to accept the usage charge or CANCEL to exit The selected service charge will be posted directly into your guest folio CANCEL Ifyou already have an user account please click here to login Hello you are logged in via 8m 7m ondemand password a32597zed ptes EELEE HEE To log out please click the Logout button Sat 888808 8 eeeeeeeee Login time 2010 09 09 16 13 Remaining Time Hour 59 Min 53 When a user tries to access internet from a Multiple User room the browser will show the Login page without billing plans options to select The User will need to buy accounts from the front desk or reception to login 305 User Login Username Password Login Remaining Remember Me gt When a user tries to access internet from a Free room the browser will show service agreement page simply by clicking CONFIRM and the user can access the internet The Service Agreement body can be configured at
263. ss by IP Address The Remark field is not necessary but is useful to keep track Controller allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply In addition to granting privileges to just IP addresses administrator could also specify IP and MAC address sets in this Privilege IP Address List It is more secure to specify both the IP and MAC address of a privileged client that requires no authentication Please note the bandwidth of a client in the Privilege IP Address List will be bounded by the bandwidth limit in the configured QoS Profile However the bandwidth of a client in the Privilege MAC Address List will not be bounded at all Backup IP Privilege List Restore IP Privilege List Search IP Granted Access by IP Address Src ene Backup IPv6 Privilege List Restore IPv6 Privilege List Search IPv6 Granted Access by IPv6 Address ep T Permitting specific IP addresses to have network access rights without going through standard authentication process under service zone may cause security problems 109 Privilege MAC Privilege MAC Address List In addition to the IP address the MAC address of the workstations that need to access the network without authentication can also be set in the Granted Access by MAC Address Controller allows specific privilege MAC addresses at most When manually creating the list enter the MAC address the format
264. sse cincea aaa aaa aab 230 15 1 Customizable Fade S iauna aece Ss eet antes tan anne eat a sdam eats 230 15 2 Loading a Customized LOGIN Pade sis225 c65 5 ected atheist sia lesa eisleeie cas 231 15 3 Using MAN External Login Page secasses r tc ba cL hah ed oan lee 234 15 4 Load a Customized Logout Page cccceccccsececeeeeeceeeeceeeeceeeeeseueeseueeeseeeesseessaeesseeesens 235 15 5 How External Page Operate cccccccccsececeeececeeeeseeesecessueeeseueessaeeeseueesueeseesesseeeesees 236 15 6 Disclaimer TeAG Corie Se tesplentdichaienstina tale eiciestewnsaubed anionlaladao S 251 Payment GAC Way S sssrin Aaaa 253 16 1 Payments via AuthoriZe Net cccccccceeeceeeceeececccececeeccaeeceeeeeeeueeeueseueseeeseeeseeenseeseeeses 253 16 2 Paviment Via PIPRA a E ta aenieaminuise radian piena mica dpa 25 16 3 Payments via SECUS Pay cccseccsceeccceeecceeeeceeeesoeececseeecceeecoueecceneseceeescseeeseeesceeeeses 259 16 4 Payments Vick VV ORIG AY iemieso a e 261 Additional ADDI CAUONS srcicicctescenereencseavctastedattusobsctednus date ddendedusceedcisnanddeensatweees 264 17 1 Upload Download Local Users Accounts ccccseeccseeeceeeseeeeseeecaeeeseueeseeeseeesaneesaees 264 17 2 Backup Restore and Upload New On demand Users ACCOUNTS ccseceeeeeeeeeeeees 265 17 3 Account Roaming Out a A E atte ade hesewe es Satan eis etna Leet E et eatee 266 17 4 Seamless Cross Gateway ROAMING
265. ssword Configure Change Password go to There are three levels of authorities admin manager or operator The default usernames and passwords are as follows Admin The administrator can access all configuration pages of WHG CONTROLLER User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts but without permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator The administrator can change the passwords here Please enter the current password and then enter the new password twice to verify Click Apply to activate this new password gt gt Note Only login with admin can change password Admin Password Original New Verify a Change Manager Password New Verify a ax Change Operator Password New Verify G If the administrator s password is lost the administrator s password still can be changed through the text mode management interface at the serial console port 184 12 6 Backup Restore and Reset to Factory Default Configure Backup Restore and Reset to Factory Default go to This function is used to backup restore the WHG CONTROLLER setting
266. string used for status access 153 10 3 Manage AP Lists Manage AP lists go to When an EAP 200 is discovered or added to the AP list it can be logically deployed into the WHG Controller s managed network regardless of its physical location by tunnels Initially when an AP has been successfully added to the List it s Tunnel Status will show a red light indicating that no tunnel is established and that this AP is only being monitored via SNMP If you wish to create a tunnel between this AP and the WHG Controller click the Edit button to proceed with necessary configurations AP List Type All i Status All Tunnel IP Status Cl Type Name of lessen AP Admin Web Atteibute CAPWAP EAP200 10 0 5 150 Online l l 1 C EAF 300 10 0 5 150 System Overview N A 00 1F D6 6 7 93 00 i EAP300 10 0 5 91 Online 3 2 C EAP300 10 0 591 System Overview N A 00 iF D4 770053 0 In the AP s tunnel configuration page check Enable set a numerical authentications key between WHG Controller and AP Click Apply to create tunnel EAP300 10_0_5_150 Tunnel Configuration Status Enable Disable Key EAP300 10 0 5_150 VAP Status Profile Name ESSID VLAN ID Mapped Service 7one VAP 1 EAP300 1 None Default A new window will automatically open and display the tunnel settings on the AP side which is passed from the WHG Controller Click the Reboot link to apply and activate t
267. sued by this CA Installing a certificate with an unconfirmed thumbprint is a security risk IF you click Yes you acknowledge this risk Do you want to install this certificate Cej 10 Click OK This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to Issued by alid from 2009 2 27 bo 2019 2 25 11 Launch a new IE7 browser The certificate is now trusted via IE7 according to the key symbol shown at top next to the address field veir a Go a T Fle Edt View Favortes Tools Help i Favorites 39 login x User Login Cl Remember Me 276 Certificate setting for Internet Explorer 6 For issues relating to IE6 certificate error the following information provides the step to take when the certificate publisher is not trusted by IE6 1 Open an IE6 browser the Security Alert message will be appeared if the certificate is not trusted Click Yes to proceed Security Alert Information you exchange with this site cannot be viewed or changed by others However there iz a problem with the site s secuinty certificate ak The security certificate was sued by a company you have not chosen to trust View the certificate to determine whether you want to trust the certifying authority i The secunty certificate date is valid The name on the security certificate ts invalid or does
268. t first acquired this IP subsequent devices with new MAC address will be unable to acquire an IP address When Disabled DHCP server will operate as usual assigning available IP addresses upon DHCP request Enable DHCP Server DHCP Server Configuration DHCP Server Reserved IP Address List Configure DHCP Lease Protection 50 5 6 3 WISPr Attributes in Service Zone WISPr or Wireless Internet Service Provider roaming Pronounced whisper WISPr is a draft protocol submitted to the Wi Fi Alliance that allows users to roam between wireless internet service providers in a fashion similar to that used to allow cell phone users to roam between carriers A RADIUS server is used to authenticate the subscriber s credentials To configure WISPr attributes in Service Zone go to System gt gt Service Zones gt gt WISPr Configuration If a RADIUS server has been configured the WISPr attributes used during RADIUS authentication can be defined here in this Service Zone WISPr Configuration WISPr Smart Client Enabled Disabled Enabled Disabled Smart Client Black List Separate by comma ISO Country Code e g US E 164 Country Code e g 1 WISPr Location ID E 164 Area Code e g 408 Network SSID ZONE e g MYWIFI Hostpot Operator e g MYISP WISPr Location Name Location e g Lobby_of_Airport WISPr Billing Time O 0O HEMM gt WISPr Smart Client Select Enable if you wish to allo
269. t state of the rooms it may be Free Block Single User Multiple User e Service Zone The service zone profile used to provide internet service to the corresponding room or location e VLAN ID Start The starting VLAN ID e Number of VLAN The total number of VLAN e Start Room Number Location ID The start room number e Room NUM Location ID Prefix The prefix of room number e Room NUM Location ID Postfix The postfix of room number After you have created the VLAN Tag and Room number mapping you can change the Port Type for all entries in a particular Service Zone gt Port Location Mapping Setup Change All Port Type Change All Port Type Port Type Free hi Service Zone Port Type The Port Type that will be applied to all of the mapping entries it may be Free Block Single User Multiple User Service Zone Select to change the Port Type of which Service Zone If you want to create the Room Mapping with noncontiguous VLAN Tag and Room number then you can create them individually 301 gt Port Location Mapping Setup Create One Create One From LAN1 Port Type Free v Service Zone Default v VLAN ID 1 4094 Room Number Location ID Room Description Location Name From Set the Physical LAN port on the gateway to provide Port Location Mapping Service Port Type The default state of the rooms it may be Free Block Single User Multiple User Service Zone The service zone profile
270. t system lt is able to manage the both local area and wide area APs Enter Local Area AP Management Enter Wide Area AP Management 151 10 1 AP Discovery Discover connected APs go to Access Points gt gt Enter Wide Area AP Management gt gt Discovery With the Discovery feature administrator can scan for APs regardless of their physical location as long as their IP address can be reached After the discovery process newly found AP s will be listed under Device Results allowing administrators to add it to the managed AP List Discovery AP Device Type OWLsOo0 Start IP Address End IP Address Admin Settings Used to Discover A E Login ID admin Password admin Discover Device Results Device Type IP Address Device Name SNMP Community F gt Start End IP address Administrator need to specify the IP address range for AP discovery and the specified IP address can be external or internal network IP addresses This is useful when scanning for multiple devices connected to the managed network APs with an IP address that is not within the specified range will not be listed after discovery gt Login ID Password Fill in the Login ID and Password of the target AP s management interface this will allow the administrator to remotely configure the AP s SNMP community gt Discover When the administrator tries to discover a new AP select the Device Type Second enter the current IP range of t
271. t will appear 7 1 2 1 Specific Route gt Specific Route Profile The Specific Default Route is use to control clients to access some specific IP segment by the specified gateway Global Policy Specific Routes Destination Gateway Route No IP Address Subnet Netmask IP Address 2 Doo y 255 255 255 255 32 y o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that are just entered and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination 7 1 2 2 Default Gateway gt Default Gateway The default gateway of WAN1 WAN2 or a desired IP address can be defined in each Policy except Global Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway Policy 1 Specific Default Route Enable Default Gateway es Policy 1 Specific Routes Destination Gateway Route No IP Address Subnet Netmask IP Address o Enable Check Enable box to activate this function or uncheck to inactivate it o Default Gateway It may be WAN1 Default Gateway WAN2 Default Gateway or t
272. ted to this AP or the URL of the Venue Website where this AP is deployed Administrator can upload customized thumbnail image shown in the map After configuring all the necessary settings and uploading your images click Save button and return to AP List page Check the AP s that you wish to mark in the map and click the Add to Map button choose the name of the map on which you wish to mark these APs and click OK button AP List IP Status AP Admin Web P Type Name Tunnel Status AP Attribute MAC of Users Event Log i 10 0 4 72 Online e 7 EAP200 EAP200_Ext Edt Goto Edit 00 1F D4 00 75 EF 0 Delete Backup Config Restore Config Upgrade 4 160 Add to Map Mozilla Firefox The selected APs will show up as marker images on the map at the physical coordinates configured as shown below Goto Map Taipei_Bridge wll s9 mal lt a gt ml ERRA m E fe 4 He EARS 8 1063 I A a a el You can click on the AP icon to see the dialogue box for additional information or links that you have configured Click the more info link for information on AP status Client List WDS List and Links related to this AP Goto Map Taipei_Bridge Goto AP EAP200_Ext Show Coverage AP Name EAP200_ Ext ka l AP Status Online of Clients 0 more info 161 4 Goto Map Taipei_Bridge d Goto AP EAP200_Ext l AP Detail
273. tent Connections Programs Advanced 2 Dial up settings Add Renna Sebhings E Dial whenever a network connection is mot present x Use the Internet Connection Wizard to connect your computer to the Internet f Hever dial a connection Always dial my default connection Seb Default Local Area Network LANI settings LAN Settings OK Cancel Apply MuUrheht Hone 3 4 5 Choose I want to set up my Internet connection manually or want to connect through a local Area network LAN and then click Next Choose I connect through a local area network LAN and then click Next DO NOT choose any option in the following LAN window for Internet configuration and just click Next Internet Connection Wizard 5 Welcome to the Internet Connection Wizard The Internet Connection wizard helps you connect your computer to the Internet You can use this wizard to set up a new or existing Internet account want to sign up for a new Internet account My telephone line is connected to my modem want to transfer my existing Internet account to this computer My telephone line is connected to my modem want to set up my Internet connection manually or want to connect through a local area network LAN To leave your Internet settings unchanged click Cancel To learn more about the Internet click Tutorial Tutorial
274. ter clicking the Apply button 73 Enable Disable 802 1 Settings Leave Unmodified Complete a g userig postiix Only ID e g useri O se 19 Default 19 Range 0 35 Follow Server s Setting hi 240 Minutes Range 5 1440 mins Minutes Range 1 120 mins 0 is disable Session Terminate on Billing Time Session Terminate Time Enable Disable Retransmission Settings Authentication Server 10 0 5 39 Domain NameIP Address Authentication Port 1812 Default 1912 Authentication Protocol CHAP Accounting Service Enable Disable Accounting Server 10 0 5 39 Domain Name IP Address Accounting Service Enable Disable Accounting Server Domain Name IP Address Accounting Port Accounting Secret Key External RADIUS Server Related Settings 802 1X Authentication Enable Disable 802 1X authentications for users authenticating through this 74 Username Format NAS Identifier NAS Port Type Accounting Delay Time Service Type Class Group Mapping server To support EAP SIM authentication please enable this feature and enter 802 1X Settings to configure the AP s that support associated clients to authenticate by EAP SIM Select the format which the user login information is sent to the external RADIUS Server You may choose to send username in Complete userID Postfix Only ID or Leave Unmodified Please note that if Leave
275. ternate DNS server 289 5 3 Click on the IP Settings tab and click Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of WHG CONTROLLER in the Gateway field and then click Add After back to the IP Settings tab click OK to finish the configuration 290 Advanced ICP IP Settings IP Settings DNS WINS Options IF addresses IF address Subnet mask DHCP Enabled Cancel TCP IP Gateway Address Automatic metric Appendix C Policy Priority Global Policy Service Zone Policy Authentication Policy and User Policy WHG Controller supports multiple Policies including one Global Policy and multiple individual Policy which can be assigned and bound to Group Global Policy is the system s universal policy and applied to all clients while other individual Policy can be selected and defined to be applied to any Service Zone On the other hand Service Zone also has a Default Policy For some authentication such as Local RADIUS and LDP user can assign to different Group individually The clients belonging to a Service Zone will be bound by an applied Policy In addition a Policy can be applied at a Group basis a Group of users can be bound by a Policy So one user may be applied different policy at the same time Which policy is actually applied to this user The Policy Priority must be User Policy gt gt Authentic
276. the Policy that will govern the user Therefore users belonging to a certain Group profile may be allowed to access many Service Zones and be govern by different policies under different Service Zone depending on how the network administrator setup the Group Service Zone mapping Configure Group settings go to Group Configuration Group 1 Select Group QoS Profile Privilege Profile Zone Permission Configuration amp Policy Assignment Group 1 To Group Permission Zone Name Enabled Policy eo S a Service Zone Default Default Service Zone SZ1 SZ1 Service Zone SZ2 S22 Service Zone S73 S23 Service Zone SZ4 SZ4 Service Zone S75 75 Service Zone SZ6 S26 Service Zone SZ7 SZ7 Service Zone S78 578 Remote VPN Remote VPN Screenshot above illustrates an example for Group 1 By checking the Enable check box of corresponding Service Zone it means that users from Group 1 are allowed to access these Service Zones allowed authentication Policy that will be applied can also be selected here 87 6 2 1 Assign users to a Group Configure Group settings go to This section shows how to group users how to rule each grouped user with different policy as he moves to different service zone The following examples will help you better understand this section fone Permission Configuration amp Policy Assignment Group 1 To Group Permission Zone Name Enabled P
277. tication options using On demand and Multiple Login l RADIUS databases will not support this function Charge Traffic to from Hosts in Walled Garden List O Enable Disable 121 8 2 3 Multiple Login Configure Idle Timer go to Users gt gt Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication Additional Control Idle Timeout minutes 1 1440 Idle Timeout Check Direction uplink Uplink amp Downlink User Session Control Enable Authentication options using On demand and Multiple Login RADIUS databases will mot support this function Charge Traffic to from Hosts in Walled Garden List OEnable Disable 122 8 2 4 Change Password Privilege Configure Local Users change password privilege go to Users gt gt Group gt gt Privilege gt Privilege Profile Group 1 Privilege Configuration Ondemand Account Privilege Enable Disable Change Password Privilege Enable Disable o Change Password Privilege When Change Password Privilege is enabled the authenticated users within this Group are allowed to change their password via the Login Success Page A This function is not applicable for on demand users 123 8 2 5 Proxy Server Configure Proxy Server go to Network gt gt Proxy Serven The system provides a Build in Proxy Server and External Proxy Server
278. tificate Utility Upload Certificate Upload Certificate private Key es S certificate Ge Certification Path Verification Enable Disable Without a valid certificate users may encounter the following problem in IE7 when they try to open the login page Certificate Error Navigation Blocked Windows Internet Explorer iG http www google com File Edit view Favorites Tools Help w ar G Certificate Error Navigation Blocked x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage amp Continue to this website not recommended More information 114 Click Continue to this website to access the user login page To Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes Main Menu gt Users gt Additional Control gt Certificate gt Use Default Certification You just overwrote the setting with default KEY amp default CA file You should restart the system to activate this Cl
279. tings SSID for Service Zone All managed APs that belong to this service zone will be set with the Service Zone s SSID Wireless Settings SSID SSIDO Open System v Authentication o Security Enable 802 1X Authentication Encryption None v Status Disable v User Limit 32 Range from 1 to 32 1 Disable 2 Disable v ARS ee 3 Disable y 4 Disable v MAC Address 5 Disable 6 Disable v 7 Disable g Disable v 9 Disable 10 Disable v 135 Service Zone Settings Access Control for Service Zone All managed APs VAP that belong to this service zone have same ACL table When the status is Allowed only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP on the other hand when the status is Denied the clients whose MAC addresses are listed in the list will be denied to connect to the AP When Disabled is selected any clients can connect to the AP The default is Disabled Wireless Settings SSID SSIDO Open System hi Authentication o Security Enable 802 1 Authentication Encryption None Status Disable User Limit 32 Range from 1 to 32 1 Disable 3 Disable 3 Disable 4 Disable MAC Address 5 Disable 6 Disable 7 Disable g Disable 9 Disable 10 Disable o User Limit Limit the number of users connected to an AP managed under this Service Zone Not all AP types support this option 136 9 6 AP Security Configure AP Security go to System gt
280. tion Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through gt Without patch ICMP Ping and PORT command of FTP can not work in Windows XP SP2 gt The forced termination through CTRL ALT DEL Task Manager of the Internet Explorer will stop the running of Activex It causes that IPSec tunnel cannot be cleared properly at client device A reboot of client device is needed to clear the IPSec tunnel gt The crash of Windows Internet Explorer may cause the same result Internet Connection Firewall In Windows XP and Windows XP SP1 the Internet Connection Firewall is not compatible with IPSec Internet Connection Firewall will drop packets from tunneling of IPSec VPN Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2 i anor ee al ot ee Ethernet Status Ethernet Properties General Support General Authentication Advanced Connection Internet Connection Firewall Status Connected Protect my computer and network by limiting or preventing Burst 5 days 04 59 39 access to this computer from the Internet Speed 100 0 Mbps Lear more about Internet Connection Firewall lnternet Connection Sharing Allow other network users to connect through this Activity computer s Internet connection A Recewed Packets 45 176 579 Learn more about Internet Connection Sharing C L oK Jh
281. tion Report Time Add to Trusted AP List 1 Setup the Detection Interval Configure Detection Interval go to Access Points gt gt Rogue AP Detection gt gt General Configuration General Configuration Detection Interval E j 0 999 0 Disable Input a Detection Interval if you input 0 it will Disable this function and system will not enable the Rogue AP Detection function 2 Let the managed AP be the sensor Configure Rogue AP Sensor go to Access Points gt gt Rogue AP Detection gt gt Sensor List Configuration Before setup the AP sensor you must discovery the APs and apply template first gt gt Note For more detail of AP Management please refer to the section of Managing Wireless Network 146 Basically all of the managed AP can become a Rogue AP sensor but some earlier version AP will not support this function they will list in the Sensor List but they are not available for selection so the Sensor List will list all of the managed AP Select the APs and click Apply AP Type x Sensor List C Name MAC Address IP Address Log m yes 00151 00 1F 04 00 06 13 192 166 0 151 Views 3 Add the non managed AP to the Trust List Configure Trust AP List go to Access Points gt gt Rogue AP Detection gt gt Trusted AP Configuration After the AP detection is finished All of the non managed AP will show in the List Rogue AP List C No Rogue AP BSSID ESSID Type Channel Encryption Report Ti
282. to input additional information 66 Editing Billing Plan Counting Method Elapsed Time Begin and end Time Cut off Time Reference ac the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Time specifies that the account is valid between the two time points Duration time Begin and end Time account lifespan _ Begin Time End Time N Deletion Time Wanhan Time DT EE Invalid gt Valid 67 Duration time Begin and end Time account lifespan gt Begin Time End Time Creation Time Ralajiap Time CT E Invalid m Valid 5 External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The four options are Authorize Net PayPal SecurePay WorldPay and Disable External Payment Gateway Disable Authorize Net PayPal SecurePay WorldPay 68 6 On demand Account Creation After at least one plan is enabled the administrator can generate on demand user accounts here Click on the Create button of the desired plan and an on demand us
283. to this Service Zone when network administrator needs to make changes to the Service Zone configurations Once the configuration change is done and suspend is changed back to enable currently online users of this service zone will be disconnected and request to re authenticate Once you have enabled the need to authenticate for a Service Zone which types of authentication servers allowed can be configured in the same page Auth Option Auth Database Postfix Default Enable Server 1 LOCAL ro 7 pE 2 E POP3 qo E v a Authentication Options Server 3 RADIUS i 7 Server 4 LDAP ldap v On demand User ONDEMAND o od E v a SIP SIP N A All of the pre configured authentication servers can be seen here Under the Enable column check the authentication servers that you wish to allow access to this service zone In other words if an authentication server is checked here its users can access this service zone after a successful login One authentication server can be selected as Default this means that users of this authentication server can omit the postfix during login 86 6 2 Users Group Group profiles are used to divide users based on role A Group profile can be designated for differentiating a group of users with similar statuses e g Student Staff Guest etc Network administrator can determine which Service Zones are accessible to a certain Group as well as
284. ttings R VLAN ER SSID Applied Policy IP Address ee MAr Peci DHCP Pool Details Name WLAN Default Authen IPv6 Alias Encryption Option Address Tag SSIBO Policy 1 1927 168 1 254 Default 192 168 1 1 1 WA 192 168 1 100 Server 1 N A Enabled SSID1 Policy 1 172 21 0 254 EZ STi N A 172 221 0 1 Simple network environment 1 2 21 0 100 Disabled For most simple internal network such as there are just only two subnets Using Port Based model is an easy and beiter way In Port Based mode configurable in Port Location Mapping tab page each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below one Service Zone for Employees and one for Guests xDSL Cable stl Modem E N g5 internet 2 ISPI lt gt ee L2 i L2 Switch gt o amp T ba l i C f Tn P j n p 3 5 we Ps My cra for Guests ge AN The switches deployed under Controller in Port Based mode must be Layer 2 switches only 26 Multi subnet network environment On the other hand if the internal network is a Multi subnets network environment Tag Based model will satisfy to your conditions In Tag Based mode each LAN port will serve traffics from different Service Zones a VLAN switch or VLAN AP is required to take care of the VLAN tags carried within the message frames An example of network application diagram is shown as below more than two Servic
285. ult CERT Enable Disable System Time 2011 03 18 19 20 57 Time Zone NTP Server 1 tock usno navy mil e 9 tock usno nevy mil NTP Server 2 ntpl fau de 113 8 1 2 Internal Domain Name with Certificate Configure Internal Domain Name go to System gt gt General gt gt Internal Domain Name Internal Domain Name is the domain name of the WHG CONTROLLER as seen on client machines connected under service zone It must conform to FQDN Fully Qualified Domain Name standard A user on client machine can use this domain name to access WHG CONTROLLER instead of its IP address In addition when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain name Configure Certificate go to Users gt gt Additional Control gt gt Certificate Upload Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA certificates You can apply for a SSL certificate at CAs such as VeriSign After Create Root CA please select Upload Certificate Click Browse to select the file and upload it Click Apply to complete the upload process Cer
286. ume 1 1 Mbytes of traffic volume quota 20 Enabled d gt Creating an On demand Account Plan Account Type 1 Usage time Quota 2 mints of connection time quota with expiration Username Password System created Creation Valid Period After activation the account will be expired in 1 day s Oo w em Add a reference related to this account for example the customer s External ID Enter an external ID such as Library ID No Please confirm the information and press Create button to create an account 69 SN 015042 Welcome Username 7862 ondemand Password 7k84mp62 Plan Account Type 1 Usage time Total Price 1 Reference plani External ID lessio SSIDO 4 Shared Wireless Key None Open System a You have to login before 2011 05 13 14 32 a ly The account will be expired in 1 day s after account i Thank You Network operator can also choose to create ondemand accounts in batch Simply specify the number of account to be generated and click Create at the bottom of the page On demand Account Batch Creation Number of I t i Plan Account Type Quota Price Group PERE 1 Usage time 2 day s of connection time quota 1 Group 1 5 2 Volume 50000 Mbyte s of traffic volume quota 1 Group 1 3 Hotel Cut off tir Valid until 2 03 the following day 2 Group 1 T Success Users have been successfully created
287. uration Quick Restore This button is the firmware switch button Press this button while system is powering up and release when the Quick Restore LED lights up the system will switch to the other firmware image and boot up with that firmware i Quick VPN Function reserved for future release i Quick Offload Function reserved for future release LED Displays Power Power LED lights up as constant green when power supply is on Status Status LED is Blue Blinking indicates that system OS is booting up when lit up constantly indicates that the system is ready for operation i Quick Restore This is used to indicate that the system will now switch to the other F W partition for operation i Quick VPN Function reserved for future release i Quick Offload Function reserved for future release WAN1 WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplink connections to the external network such as the ADSL Router from your ISP Internet Service Provider 4 LAN1 LAN8 Eight Gigabit LAN ports for servicing LAN traffic 10 100 1000 Base T RJ 45 aaa Used for system storage please do not remove during operation Function Reserved for future use N Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsofts Hyper Terminal to login to the configuration console interface to change admin password or monitor system Status etc
288. urs J Enable Rekey Rekey Margin b mwl The time is a 5 digit number e g 36h stands for 1 day and 12 hours Phase Proposal Rekey Enable PFS PFS Group Perfect Forward Secrecy Such as 192 168 11 0 24 of WHG CONTROLLER_A gt gt 192 168 111 0 24 of WHG CONTROLLER _B after the tunnel is created the users within these two subnets can reach each other A You can create more than one VPN tunnel but the IP segment mapping can not be overlap that same IP segment has more than one routing rule 229 15 Customization of Portal Pages 15 1 Customizable Pages Configure Customizable Pages go to There are several users login and logout pages for each service zone that can be customized by administrators Go to System Configuration gt gt Service Zone gt gt Configure gt gt Authentication Settings Custom Pages Click the button of Configure the setup page will appear Click the radio button of page selections to have further configuration Disclaimer Page Login Page Port Location Mapping Free Login Page Port Location Mapping Charge Login Page Logout Page Custom Pages Login Success Page Login Failed Page Login Success Page for On demand User Logout Success Page Logout Failed Page Now let us discus two examples Login Page and Logout Page 230 Configure Configure Configure Configure Configure Configure Configure
289. user user01 is assigned to Group None and the Local Authentication is also assigned to Group None If the Default Policy of Service Zone1 is None Then user01 login to Service Zone1 will apply the Global Policy So the Global Policy has the lowest policy priority on the other hand the User Policy will be the highest one 291 Appendix D RADIUS Accounting This section is trying to organize the basic configuration with RADIUS server to work with VSA The aim is trying to control the maximum usage upload download or upload download traffic of clients in each session This VSA will send from RADIUS server to gateway along with an Access Accept packet In other words when the external RADIUS server accepts the request it will not only reply with an Access Accept and it will also carry a maximum value in bytes that each user is allowed to transfer This value may be the maximum upload traffic download traffic or the summation of each user s download plus upload traffic in bytes Gateway will check this value every minute if the user is reached this value gateway will stop the session of this user and send a Stop to RADIUS server 1 Description This Attribute is available to allow vendors to support their own extended Attributes not suitable for general usage It MUST not affect the operation of the RADIUS protocol The standard Attribute Type of VSA is 26 Also we need to know the Vendor ID in this example the
290. utomatic WAN IP Assignment Enable External IP Address External Interface Internal IP Address Remark O WANI St tstsidC Static Assignments No External IP Address External Interface Internal IP Address Remark ODO DO 3 O O Do 170 11 2 Virtual Server Configure Virtual Server go to Network gt gt NAT gt gt Public Accessible Server This function allows the administrator to set virtual servers so that client devices outside the managed network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the service s type In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button Public Accessible Server No S beilt Local Server IP Address ea Type Enable Remark OTC 2 OF Oa Cy ee C7 Otc gt Od 7 eaa ef a m7 Tc gt EJ Oo oD ore o UOT 171 11 3 Client Mobility Configure IP Plug and Play go to WHG CONTROLLER supports IP PNP function users can login and access network with any IP address setting Client Mobility IP PNP Enable Disable Cross Gateway Roaming At the user end a static IP address can be used to connect to the system Regardless of what the IP a
291. w customers with a roaming account from a WISPr agent iPass WiFi Skype Boingo and etc to access your internet Make sure to Enable the HTTPS Protected Login field under System gt gt General in order for roaming software on the client s device to work properly gt Smart Client Black List Fill in the WISPr agent names and enable to block users from that particular WISPr roaming agent to access your internet For example if you fill in ipassconnect the iPass clients will be denied roaming access in your network gt WISPr Location ID These attributes which enable wireless hotspot providers to customize their web portals are based on the client device location and are RADIUS vendor specific attributes VSAs gt WISPr Location Name These attributes which enable wireless hotspot providers to customize their web portals are based on the client device location and are RADIUS vendor specific attributes VSAs gt WISPr Billing Time Set RADIUS account billing time 51 5 7 IPv6 Configure Service Zone go to System implements IPv6 feature and supports operating in IPv6 networking environment When IPv6 is enabled administrator may assign IPv4 IP address as well as IPv6 address to each interface such as WAN1 WAN2 Default Service Zone Service Zone1 etc e Status Enable or Disable the use of IPv6 addressing standard e External Interface Select the external interface of the device that will be configured with an I
292. wing steps to complete the proxy configuration Step 1 Log in the system by using the admin account ore Switch P G Router Z Firewall Step 2 Network gt gt Proxy Server gt gt External Proxy Servers page Select External for Proxy Server Add the IP address and port number of the Proxy server into External Proxy Servers setting Click Apply to save the settings Proxy Server External Proxy Server Outgoing Proxy Traffic 125 Enable Build in Disable Build in External External Proxy 10 166 1 100 External Proxy Port 6596 9 Local Area AP Management All of the supported APs under management of the system will be shown in this table and listed by different AP type c gt 55 9 P eZ System Users NCCeSSIPOINES Network Utilities Status Main Menu gt Access Points Welcome to AP Management System The AP Management System is a Web interface management system lt is able to manage the both local area and wide area APs Enter Local Area AP Management Enter Wide Area AP Management 126 9 1 Multiple Type of AP Besides letting users being connected to the WHG Controller via wired Ethernet cable you can connect AP to the WHG Controller to extent the network access by wireless The WHG Controller can manage multiple type of AP such as EAP100 EAP 110 EAP 200 EAP 300 EAP700 OWL400 OWL410 OWL500 and OWL510 Almost all the settings of these Local Area APs can
293. ws Internet Explorer File Edit View Favorbes Tools Help We Favorites go logn x D Untrusted Certificate The security certificate presented by this website was not issued by a trusted certificate authority This problem might indicate an attempt to fool you or intercept any data you send to We recommend that you close this About certificate errors View certificates Cl Remember Me 3 Click Certification path 272 Certificate Information This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to Issued by Walid from 2009 2 27 to 2019 2 25 Certificate status This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store 5 Click Install Certificate 273 Certificate General Details Certification Path Certificate Information This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to Issued by Walid from 2009 2 27 to 2019 2 25 6 Click Next Certificate Import Wizard Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists From your disk to a
294. yment gateway if you want to use credit card for the on demand accounts Load SSL certificate for the Web Server before operation Monitor the status pages and reports generated Perform other advanced setting for your specific application 16 2 4 Unpacking amp Installing 2 4 1 WHG 311 Package amp Installation Package Checklist The standard package of WHG 311 includes WHG 311 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 RS 232 DB9 Console Cable x 1 Ethernet Cable x 1 Power Adaptor 12VDC 2A x 1 It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance Installation Connect the power adaptor to the power socket on the rear panel The Power LED should be on to indicate a proper connection Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection Connect an Ethernet cable to a LAN Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel Connect the other end of the Ethernet cable to an AP for extending wireless coverage a switch for connecting more wired cl
295. you can work tom home a field office or another location Set up a home or small office network Connect to an existing home or small office network or set up a new one Set up an advanced connection Connect directly to another computer using Your serial parallel or infrared port or set up this computer so that other computers can connect bo i Ca e 281 5 Choose Set up my connection manually and New Connection Wizard then click Next Getting Ready The wizard i preparing to set up your Internet connection How do you want to connect to the Internet nternet service providers ISPs See will need your account name password and a phone number for your ISF For a broadband account you won t need a phone number O Use the CD got from an ISP dE 6 Choose Connect using a broadband New Connection Wizard connection that is always on and then click Intemet Connection How do vou want to connect to the Internet A Next O Connect using a dial up modem This type of connection uses a modem and a regular or ISON phone line O Connect using a broadband connection that requires a user name and password This i a high speed connection using either a DSL or cable modem Your SP may refer to this type of connection as PPPoE Cra e 7 Finally click Finish to exit the Connection RemaGonnection dNigand Wizard Now the setup is completed Completing the New Connection
Download Pdf Manuals
Related Search