LevelOne WHG-707 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of LevelOne WHG-707, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of LevelOne WHG-707 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of LevelOne WHG-707. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of LevelOne WHG-707 should contain:
- informations concerning technical data of LevelOne WHG-707
- name of the manufacturer and a year of construction of the LevelOne WHG-707 item
- rules of operation, control and maintenance of the LevelOne WHG-707 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of LevelOne WHG-707 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of LevelOne WHG-707, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the LevelOne service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of LevelOne WHG-707.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the LevelOne WHG-707 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    LevelOne Secure WLAN Control ler WHG - 31 1/315/401/50 5/515/707 User Manual[...]

  • Page 2

    Copyright The cont ents of th is publ ication ma y not be repr oduced in an y part or as a whole, s tored, tr anscr ibed in an inform ation retrie val s ystem, trans lated int o an y langua ge, or tr ansm itted in an y form or by any means , m echanical, magnetic , electr onic, opt ical, p hotocop ying, m anual, or otherw ise, with out the prior wr[...]

  • Page 3

    FCC CA UTI ON WHG - 3 11 This equipment ha s been teste d and proven to c omply with the limits for a class B digital device, pur suant to part 15 of the FCC Rules. These l imits are designe d to provide reas onable protectio n against har mful interferen ce in a r esiden tial install ation. T his equ ipment generat es uses and can r adiate radio f[...]

  • Page 4

    T able of Content s 1. Before Y ou Sta rt ................................................................................................... 8 1.1. Pr ef ac e .............................................................................................................................. 8 1.2. Document Conventions ...................................[...]

  • Page 5

    6.3. User Log in ....................................................................................................................... 94 6.3.1. An Exam ple of Us er Login ....................................................................................................... 94 6.3.2. Default Authentic ation ......................................[...]

  • Page 6

    1 1. 3. Client Mobilit y ................................................................................................................ 172 1 1.4. DNS Cache ................................................................................................................... 173 1 1.5. Dynamic Domain Name Service ....................................[...]

  • Page 7

    17.3. Account Roaming Out ................................................................................................... 266 17.4. Seamless Cross Gateway Roaming .............................................................................. 267 Appendix A. Certif icate S ettin gs fo r IE6 an d IE7 ..............................................[...]

  • Page 8

    8 1. Before You Start 1.1. Preface This W HG Controller Us er M anual is for W LAN s ervice pro viders or net work adm inistrator s to set up a net work environm ent using t he W HG Contr ollers . It contains step - by - step pr ocedur es and graphic ex am ples to guide MIS staff or indivi duals with basi c network s y stem k nowledge to com plete [...]

  • Page 9

    9 2. WHG Control lers Installati on Guide 2.1. WHG Con troller Cap acity T able Capacity WHG - 311 WHG - 3 15 WHG - 4 01 WHG - 505 W HG - 515 WHG - 707 Form Fact or 13" Mini - book 19”(1U) 19”(1U) 19” (1U) 19”(1U) 19”(1U) WAN 2 x GbE 2 x GbE 2 x GbE 2 x GbE 2 x GbE 2 x GbE , 2 x Com bo SFP LAN 8 x GbE 8 x GbE 2 x GbE 2 x GbE 4 x GbE [...]

  • Page 10

    10 2.2. WHG Contro ller Hard w are Over vi ew 2.2.1. WHG - 3 11 H a r dw a re 1 Quick Buttons  Reset: Pr ess and hold the Reset b utton f or over 3 s econds and stat us of LED on f ront pane l will star t to b link, r elease butto n at t his stag e to restarting the s ystem. Pr ess and h old the Res et but ton f or more than 1 0 seconds an d sta[...]

  • Page 11

    11 2.2.2. WHG - 315 Ha r dw ar e 1 LCD Display  Allows n etwork adminis trator to c heck impor tant syste m settings s uch as network interfac e, SZ conf igurati ons, etc. The nav igations buttons f rom left to right res pectiv ely are “ Sleep ” , “ Esc ” , “ Up ” , “ Down ” , and “ Enter ” . 2 Quick Buttons  Reset: Pr ess[...]

  • Page 12

    12 2.2.3. WHG - 401 H a r dw ar e 1 LED Indicator s There ar e three k inds of LED, Pow er , Status and Hard - d isk , to indic ate different status of the s ystem . 2 LCD Displa y Allows netw ork administrator to ch eck import ant system setti ngs such a s netw ork interface, S Z configurations , etc. T he navigat ion b u ttons from left to right [...]

  • Page 13

    13 2.2.4. WHG - 505 H a r dw ar e 1 LED Indicator s There ar e three k inds of LED, Pow er , Status and Hard - d isk , to indic ate different status of the s ystem . 2 LCD Display Allows n etwork adminis trator to c heck impor tant syste m settings s uch as network interfac e, SZ conf igurati ons, etc . The naviga tions but tons fr om lef t to righ[...]

  • Page 14

    14 2.2.5. WHG - 515 H a r dw ar e 1 LED Indicator s There ar e three k inds of LED, Pow er , Status and Ha rd - disk , to indicat e different status of the s ystem . 2 LCD Display Allows n etwork adminis trator to c heck impor tant syste m settings s uch as network interfac e, SZ conf igurati ons, etc . The naviga tions but tons fr om lef t to righ[...]

  • Page 15

    15 2.2.6. WHG - 707 H a r dw ar e 1 WAN1 / WAN 2 ( SF P ) T wo com bo WAN ports (SFP) ar e connec ted to the ext ernal net work , such as the ADSL Router f rom your ISP (Internet Service Provider ). 2 L AN 5 / L AN 6 ( S F P ) Client m achines c onnect t o W HG C ontroller via thes e LAN por ts (SF P). 3 LED Indicator s There ar e four k inds of LE[...]

  • Page 16

    16 2.3. Preparation b efore the Installatio n Before you start t he ins talla tion b y either f ollowing this User Man ual or the Qu ick Installat ion Guide, belo w is a s hort preparatio n list to do. 1. Unpack the W HG Control ler and go thr oug h the pack age chec klist. 2. Review the f ront panel an d the back panel and ide ntify eac h control [...]

  • Page 17

    17 2.4. Unpac king & In stalling 2.4.1. WHG - 3 11 Package & Installat ion  Package Checkl ist The standard p ackage of WHG - 3 11 includes:  W HG - 3 11 x 1  CD - ROM (with User’s Manua l and QIG) x 1  Qu ick Installati on Guide ( QIG) x 1  RS - 232 DB 9 Console Cab le x 1  Ethernet Cab le x 1  Power Adaptor (12V DC,[...]

  • Page 18

    18  Rack Mount ing Bracket (with Screw s) x 1 It is high ly recom mended to use a ll the su pplies in t he pac kage inste ad of s ubstitu ting any c omponents by other sup pliers to guarante e best performanc e.  Installation  Conn ect the po wer cor d to the power s ock et on the re ar panel.  Turn on ( | ) the p ower s witch on t he r[...]

  • Page 19

    19 connecti ng mor e wired cli ents ; or directl y to a clien t PC. The LED of port sh ould be on to in dicate a proper connecti on. 2.4.4. WHG - 505 Package & Installation  Package Checkl ist The standard p ackage of WHG - 505 include s:  W HG - 505 x 1  CD - R OM ( with User ’s Ma nual and QIG) x 1  Quick Installa tion Guide (QI[...]

  • Page 20

    20  E thernet Cab le x 1  Straight - t hrough Ether net Cab le x 1  Power Cord x 1  Rack Mount ing Bracket (with Screw s) x 1 It is high ly recom mended to use a ll the su pplies in t he pac kage inste ad of s ubstitu ting any c omponents by other sup pliers to guarante e best performanc e.  Installation  Conn ect the po wer cor d[...]

  • Page 21

    21 to an adm inistrator PC for configuri ng the W HG Controller s ystem . Connect a n Eth ernet cab le to the LAN1 or LAN2 Port o n the front p anel; co nnect th e other end of the Ether net cabl e to an AP f or ext ending wireless coverage, a s witch for conn ecting m ore wire d clients, or a client PC. The LED of this port s hould b e on to indic[...]

  • Page 22

    22 3. System Ov erview 3.1. S yste m C on cept If y ou hav e exper ienced o ther Le velOne W LAN W HG Controll er produc ts bef ore and are fa milia r wi th it s s ys t e m concept, you m ay skip th e conc ept desc ription below . Please p roceed to the ne xt section on ( Getting Starte d). W HG C ontroller is capa ble of managin g user auth entica[...]

  • Page 23

    23 Administr ator/Man ager m anuall y . Exter nal A uthentication Database is a user ac count database t hat is not built ins ide W HG Controlle r . Besid es Local databas e and On - dem and datab ase, W HG C ontr oller allo ws up to t hree a ddition al Externa l Authe ntication databases sim ultaneousl y . The t ypes of exter nal A uthentic ation [...]

  • Page 24

    24 ‘Polic y’, wh ich can be chos en to bound the net work behaviors of a Grou p. The adm inistrator can defin e the F irewall Pro file, Route Profile, Sc he dule Profi le and Max Sess ions in a Polic y . The f ollowing Figur e depic ts an ex ample r elations hip o f Service Z one, G roup and Polic y . In t his exam ple, Stu dents and fac ulties[...]

  • Page 25

    25 WHG Control ler in a Busi ness Head quart er WHG C ontroller in a Hotel – Capable of i ntegrating with DSLAM and PMS[...]

  • Page 26

    26 3.2. Service Zone Concept LevelOne S ervice Z ones ar e virtua l m achines that h as its’ own network interf ace, DHC P server , auth enticati on configurat ion, us er pages a s well as securit y and user polic y settings . By associat ing a unique VLAN T ag and SSID with a Ser vice Zone, adm inistrators can separate w ired network and wireles[...]

  • Page 27

    27  Multi subnet ne twork envir onment On the other hand, if the int ernal net work is a Multi subnets netw ork en vironment , Ta g - Based m odel will satisf y to your cond itions. In Ta g - Based m ode, eac h LAN por t will s erve traffic s from different Ser vice Zones ; a V LAN switc h or VLAN A P is required to tak e care of the VLAN t ags [...]

  • Page 28

    28 3.3. AP Management Concept AP Managem ent feature is desig ned not only for i nternal n etwork A P deployment, but also o verla y deplo y me nt at rem ote locations o ver the c loud. W HG Controllers c an mana ge fr om 30 to 500 Level One Acces s Points depen ding on m odel. F or overla y AP deplo yment, W HG Contr ollers es tablish a s ecure tu[...]

  • Page 29

    29 4. Getting S tart ed 4.1. Access ing W eb Management Interface W hen you have com pleted the hard ware inst allation of your W HG Contr oller , s ystem configuratio ns can b e perform ed via buil t - in W eb Managem ent Interf ace (WMI). Step 1. C onnect your PC t o an y of the LAN ports of yo ur W HG Controller . Step 2. Set the TCP/I P setti n[...]

  • Page 30

    30 After a s uccess ful login, a Hom e Page w ill appear on the screen. For the fir st tim e, if W HG Controller is not us ing a trusted SSL cer tificate , there w ill be a “Certificate Error” , because t he bro wser trea ts W HG Controll er as an illegal website. Please pr ess “Continue to this website” to continue. The default us er logi [...]

  • Page 31

    31 4.2. Home Page Hom e page lists f our butt ons Setu p Wizard, Qu ick Lin ks, S ystem Ov erview and M ain M enu respectivel y . Each butto n will b e descr ibed in d etail in t he follo wing s ection.[...]

  • Page 32

    32 4.2.1. Setup Wizard Using the c onfigurati on wizard Configura tion w izard pr ovides a fas t and eas y way to c onfigur e the W HG Control ler ’s s ystem tim e, chang e Administr ator pass word, WAN interfac es, as well as lo cal user ac counts. Follo w the instruct ions give n at each s tep to change the s ystem adm in pass word, se lect tim[...]

  • Page 33

    33 4.2.2. Quick Links The Quick Lin ks pro vide eight shortc ut links for administr ators to d irectl y access frequentl y used functi ons of the web m anagement i nterfac e. The ei ght f unctional l inks are: System Status , Local Use r M anagement , Policy Man agement , AP M anag ement , Online User Li st , On - demand Account Management , Au the[...]

  • Page 34

    34 4.2.3. System Overvie w This page displa ys im portant s ystem related inform ation that t he adm inistrator mig ht need to be a ware of at a gla nce, which inc ludes G eneral Sys tem s ettings, N etwork Interfac e and On line Us ers etc. A dro p - do wn m enu is a vaila ble for selecting t he inf orm ation ref resh rate f or this pag e.[...]

  • Page 35

    35 4.2.4. Main Me nu This f eature leads to al l the deta iled co nfigurat ion pag es on the W eb Managem ent Interf ace, allo wing you t o set various n etwork ing param eters , enable an d custom i ze network s ervices, m anage us er acc ounts and m onitor user status. A dminis tration f unctions ar e separ ated into 6 cat egories: S ystem , U se[...]

  • Page 36

    36 4.2.5. Online Hel p The Help button is at the upper ri ght corn er of the W HG Controll er displa y screen . Click Help f or the Online H elp window , and t hen click the h yperlink of the rele vant inf orm ation required. Online He lp Corner[...]

  • Page 37

    37 5. Initial Net work Setu p 5.1. Net w ork Requirem ent T ypi cally , in a net wor k environm ent, W HG C ontroller pl ay s the rol e of a gatew ay . O n a gate way device, a net work port lead ing upstre am to the I nter net or the back bone net work is c alled a ‘WAN port’ or an uplink port , whi le a network port used for br anching ou t t[...]

  • Page 38

    38 5.3. W AN1 & W A N2 Setup W HG Controllers ar e desi gned w ith 2 WAN ports f or load bala ncing a nd failo ver support. T o configure WAN por t settings , go to Mai n Menu > System > WAN1 / WAN2.  WAN 1 WAN1 port supports four c onnection types: Static , Dynamic , PPPoE and P PTP . Thes e connecti on types are enough to s upport m [...]

  • Page 39

    39 1492 b ytes. In th at case, you have to enter a sm aller num ber MT U number to meet the I SP’s network ing requirem ent.  Clamp M SS: Short f or Max imum Segment Size for a TCP connect ion. An end - to - end T CP conn ectio n over PPPo E will c onsum e additiona l overh ead out of each p ack et. At least 40 b ytes ar e used f or the addres[...]

  • Page 40

    40  Learn DNS Server A ddress During Negotiation : W hen this chec k box is selecte d, the Co ntroller will automat ically lear n the I P addr ess of DNS ser ver throu gh DHC P messages received.  Prefer red DN S Se rver: Statica lly des ignate the prim ary DNS s erver to b e used b y the s ystem.  Altern ate D NS Se rver: T he subs titute[...]

  • Page 41

    41 W hen both WAN1 and WAN2 are properl y configure d with uplink to the inter net, WAN failover and Lo ad Bal ancing feature bec omes availab le. Load Bala ncing: Administr ator c an sprea d the s ystem traff ic across W AN1 and WAN2 ports base d on perc en tage load, calcu lated using ses sion, b ytes, or pack ets. WAN Failover: Once enabled, whe[...]

  • Page 42

    42 In Port - Bas ed m ode each LAN por t can be m apped to an enab led S ervice Zon e or dis abled, th is m eans the maxim um number of Serv ice Zones available to prov ide ser vice is d eterm ined by the n umber of LAN ports on the Controll er . T rusted Por t : W hen a LAN por t is selec ted, cl ients un der this port wil l not re quire auth enti[...]

  • Page 43

    43 Select the mode for Isola tion: W hen enabled, ne twor k tr affic will be isola ted by V LAN tag, which m eans that inter - VLA N devices ar e seg regated f rom each other . Pleas e note th at this chec k option is not avai lable for WHG - 3 11 and W HG - 315 and are alwa ys enabled .[...]

  • Page 44

    44 5.6. L AN Pa rtition -- Serv ice Zone C onfigure Service Zone ; g o to: System >> Servic e Zones . A Servic e Zone is a log ical net work area to cov er certa in wired and wireless ne twork s in an or ganization s uch as SMB or bra nch offices . By ass ociating a unique VLAN T ag and S SID wit h a Ser vice Zone , adm inistrator s can separ[...]

  • Page 45

    45  Default A uthen Option: Def ault authent ication m etho d/server t hat is us ed withi n the Service Zo ne.  IP A dd ress: The IP v4 addr ess of this service zone interf ace.  IPv6 Address: The IP v6 addr ess of this serv ice zone interfac e.  Netw ork Alias: Administr ator m a y optiona lly set m any ali as networ k s egments f or a[...]

  • Page 46

    46 5.6.1. Planni ng Y our I nter nal N etw o r k  Simple network environment For m ost sim ple internal network , suc h as there are just on ly two su bnets. U sing P ort - Ba s ed model is a n e as y and better way . In Port - Ba sed m ode, each LA N port c an onl y serve traffic from one Service Zo ne . An ex ample of net work applic ation dia[...]

  • Page 47

    47 5.6.2. Configure Service Zone N etw o r k C onfigure Service Zone ; g o to: System >> Servic e Zones >> Servic e Zone Configuratio n . Router M ode NA T Mode  S ervice Zone Status: Each ser vice zone can be e nabled or disabl ed exc ept for the d efault ser vice zo ne.  S ervice Z one Nam e: The nam e of ser vice zone co uld be[...]

  • Page 48

    [...]

  • Page 49

    49 Item Descripti on DHCP Server 1 Start IP Address / End IP Address A range of I P ad dresses th at built - in DHCP server will as sign t o clients. N ote: please change the M anagement IP Address L ist accord ingly (at Sys tem Config uration > > System Infor mation >> Management IP Address List ) to permit the admini strator to access[...]

  • Page 50

    50 The adm inistrator can reser ve a l ist of s pecific I P addresses for s pecial devic e with certain MAC addr ess. Fill a set of IP address and MAC addres s as res erve, a dditional inf orm ation can be entere d in the Desc ripti on fie ld. C lick Apply to activate your settings. DHCP Lease Protection : W hen “Enable d” , when ever the S erv[...]

  • Page 51

    51 5.6.3. WISPr A ttri butes in Ser vice Zone W IS Pr or W ire less Internet Service Pro vider roam ing - Pr onounced "whisper , " W ISPr is a draft pr otocol subm itted to the W i - Fi Allia nce that a llo ws users to roam between wireless int ernet s ervice pro viders , in a fas hion sim ilar to that used to al low cel l phone us ers to[...]

  • Page 52

    52 5.7. I P v6 C onfigure Service Zone ; g o to: System >> IPv6 . System implem ents IPv6 f eature a nd suppor ts oper ating in IPv6 net work ing enviro nm ent. When IPv 6 is enab led, adminis trator m ay assign IPv4 I P addres s as well as I Pv6 addres s to eac h interf ace s uch as WAN1, WAN2, Def ault Service Zo ne, Ser vice Zon e1, etc . [...]

  • Page 53

    53  6 to4: 6to 4 is a n Interne t trans ition m echanis m for migrating f rom IPv4 to I Pv6, a system that al lows IP v6 pack ets to be trans m itted over an IPv4 ne twork (gener ally the IPv4 inter net) without the need to conf igure explicit tu nnels. 6 to4 opt ion can on ly be c hosen when the s elected W AN interfac e was s et with a static [...]

  • Page 54

    54 6. User Authentication a nd Grouping 6.1. Overvi ew of User Authentication Database • Built - in User Databa ses Local and On - dem and are Controll er ’s built - in user dat abases des igned t o house static an d tempor ary acc ounts respectiv ely . L ocal dat abase is ideal f or storin g long te rm ac counts f or instance e m ployee accoun[...]

  • Page 55

    55 Go to Mai n Menu > Us ers > Authen tication Click on t he server nam e to set the configura tion f or that part icular ser ver . After c ompleting and click ing Apply to save the set tings . Then go bac k to S ystem > Ser vice Z ones a nd enable or disab le an y server in each ser vice zone as you prefer . For eac h Ser vic e Zon e, one[...]

  • Page 56

    56 6.1.1. Configuri ng On - dema nd The adm inistrator can ena ble and c onf igure this a uthe ntication method to c reate on - dem and us er accou nts. This function is designe d for hotspot o wners to pr ovide tempor ary user s with f ree or pa id wireles s Intern et acces s in the hotspot en vironm ent. Major func tions inc lude acco unts creati[...]

  • Page 57

    57 system only; ne ver get onl ine a nd no need to go thr ough a uthentica tion. N etTicketGen is an ex ample of term inal server t hat is req uired to be conf igured her e bef ore it can operate with Co ntroller .  Expired A ccount Keep Days: W hen an Ondem and acc ount expir es, it wi ll remai n on the ondem and account list f or a cert ain am[...]

  • Page 58

    58  Receipt Heade r: Ther e are 3 rec eipt h eaders s upporte d b y the system . The entered cont ent wi ll be pr inted on the rec eipt. These he aders are optio nal.  Receipt Footer : The ent ered cont ent wi ll be pr inted on the receip t. This footer is opti onal.  Background Image : Y ou c an choos e to cust om ize the tick et b y uplo[...]

  • Page 59

    59 network .  Pri ce: T he unit pr ice of the res pective bil ling pla n.  Enable: Check the check box to ac tivate t he plan. D eac tivated bi lling pl ans can not be use d to ge nerate ondemand g uest acc ounts.  Quick A c count Creation: Check the c heck box to enable Q uick Account Cr eation . Static us ers with “Ondem and Accou nt P[...]

  • Page 60

    60 o Usage - time with No Expiration Time: Can access internet as lon g as account has remaining quot a (usable tim e). N eed to act ivate the p urchas ed acc ount with in a giv en tim e period b y loggin g in for the first t ime. Ideal f or short ter m usage. For exam ple in coffee s hops, airpor t term inals etc. O nly ded ucts quota while usi ng[...]

  • Page 61

    61[...]

  • Page 62

    62  Hotel Cut - off - time: Hotel C ut - off - time is the clock tim e (normall y check - out time) at which the on - dem and accou nt is cut off (made ex pired) b y the system on the f ollowin g da y or many days later . On t he acc ount creat ion UI of this p lan, oper ator c an enter a U nit valu e whic h is the number of da y s to C ut - off[...]

  • Page 63

    63 o V olume: Can access internet as long as acc ount val id with rem aining quota (tr affic volum e). Account expires when Valid P eriod has be en use d up or q uota dep leted. I deal for small q uantit y applica tions such as s ending/r eceiving m ail, transf erring a file et c. Count down of V ali d Per iod is c ontinu ous regardles s of logg in[...]

  • Page 64

    64 o Dura tion - time with Ela psed Time : Account ac tivated upon the account creati on tim e. Count do wn begins im mediate ly after account cr eated and is cont inuous r egardl ess of logging in or out. Ac count expires o nce the E lapsed T ime has b een reac hed. Ide al for pr ovidin g internet service imm ediatel y after ac count creat ion thr[...]

  • Page 65

    65 o Dura tion - time with Cut - off T ime: Cut - off Time is the c lock time at whic h the on - dem and account is cut off (m ade expired) by the s ystem on that da y . For exam ple a shopp ing m all clos ing hour is 23:00; operators selling on - dem and tick ets c an create use t his pla n to crea te tick et set to be Cut - off on 23:0 0. If an a[...]

  • Page 66

    66 o Dura tion - time with Begi n - and End Ti me: Define exp licitl y the Begin Time a nd End T ime of the account. Count down b egins imm ediately af ter account acti vation a nd expires whe n the End Time has been reac hed. Idea l for pr ovidin g internet service t hrou ghout a sp ecific per iod of ti m e. For exam ple during exhi bition e vents[...]

  • Page 67

    67[...]

  • Page 68

    68 5) External Paym ent Gatew ay This s ection is for m erchants to s et up an external pa yment gate way to acc ept pa y me nts in or der to provide wireless acces s service to end custom ers who wish t o pa y for the ser vice on - l ine. The f our options ar e A uthorize.Net , PayPal , Se cure Pa y , Wor ld P a y and D isable .[...]

  • Page 69

    69 6) On - dem and A c count Creation After at l east one plan is enabled, t he adm inistrator can ge nerate on - dem and use r acc ounts here . Click on the Create but ton of the desire d plan and an on - dem and user account will be c reated. After the account is create d, you can print the tick et wit h all of th e necess ar y on - dem and user [...]

  • Page 70

    70 Network operator ca n als o choose t o create ondem and acc ounts in batch. S im ply specif y the number of acc ount to be genera ted and click “ Create ” at th e bottom of the page. The cr eated accou nts can be expor ted as a tx t file or printe d via pre - conf igures P OS printer 7) On - dem and A c count List All create d On - d emand a[...]

  • Page 71

    71 o Online: the account is currentl y in use. o Expired: the account is not valid an y more, ev en there is rem aining qu ota to be u sed. o Out of Quota: the account has ex ceeded t he quot a limit. o Redeemed: the account ha s been applied for accoun t renewa l.  Delete Al l : This will del ete all on demand ac counts at once.  Delete : Th[...]

  • Page 72

    [...]

  • Page 73

    73 6.1.2. Configuri ng RADIUS Rem ote Aut henticat ion Di al In User Servic e (RADIU S) is a network ing pro tocol th at prov ides centr alized Authentic ation, A uthori zation, an d Acc ounting (A AA) m anagem ent for computer s to conn ect and us e a net work service. Choose “RADI US” from the A uthentica tion Database field. The Local VPN op[...]

  • Page 74

    [...]

  • Page 75

    75 Server . T o suppor t EA P - SIM a uthent ication, please enable this f eature a nd enter 8 02.1X Sett ings to conf igure the AP’s that supp ort ass ociated cl ients to authe nticate b y EAP - SI M. Username F ormat Select t he form at which the us er lo gin inf ormation is sent to the extern al RADIUS Server . Y ou m ay choos e to sen d user [...]

  • Page 76

    76 adminis trator t o make chang es in session characteri stics wi thout requi ring to acc ess Contr oller W MI t o ini tiate c hange. For ex ample, a network admi nistrat or may need to ter minate a session or change th e auth oriz ation attributes associated w ith a session. T his is possible thr ough R ADIUS D M & CoA messages. Adminis trato[...]

  • Page 77

    77 A ttributes Priori ty The drop do wn select ion lis t allo ws 3 opt io ns: Follow Server’ s Setting , Overw rite Se rver ’s Settin g and Set if not prese nted . If Follow Server’ s Setting is selected, s ystem will use the RADIU S attributes set in t he rem ote RADIU S server . If Ov erw rite Se rver ’s Setting is selected, s ystem will [...]

  • Page 78

    78 Protocol Password A uthent ication Pr otocol (P AP) . Accounting S e rvice Enable / D isable R ADIUS a ccountin g Accounting S e rver Enter the Ac counti ng Ser ver dom ain nam e or IP addre ss. Accounting P ort Enter the Port num ber us ed for ac counting Accounting Secret Key Secret Ke y used f or acc ounting. Note: The Authen tication Server [...]

  • Page 79

    [...]

  • Page 80

    80  N ame : Co nfigura ble text s tring d esignat ed as the m nem onic nam e of t his authentic ation opt ion .  Postfix: Is the text str ing e ntered as a post fix in t he acc ount field f or notif ying the Controll er which authent ication data base t his ac count belo ngs to.  Black List : System has built - in bl ack - list prof iles w[...]

  • Page 81

    81 to the orga nizatio n, group, or dom ain nam e (AD) of ex ternal dir ector y .  Binding T ype: This s pecifi es the bin ding t ype and sea rch sc ope for LD AP authenticati on with 4 bindin g types avai lable: U ser Ac count, A nonym ous , Specifie d DN and W indows AD.  Account A ttribute : The att ribute of LDAP accoun ts.  Attribute [...]

  • Page 82

    82  Usern ame For mat : W hen Compl ete o ption is check ed, both the us ernam e and p ostfix will be trans ferr ed to the server for auth enticati on. W hen O nly ID option is c heck ed, only the user name will be tr ansfer red to the external s erver for authe ntication .  Serv er: The I P addres s of t he extern al POP 3 Server .  Port [...]

  • Page 83

    83 login func tion. These s ettings will bec ome eff ective imm ediatel y after click ing the Apply button.  Serv er : T he IP address of the extern al NT Dom ain Server .  T ransparent Login: This f unction ref ers to W indows NT Dom ain singl e sign - on. W hen T rans parent L ogin is enabled, c lients will log into the s ystem autom atical[...]

  • Page 84

    84 The s ystem provides SI P prox y for SIP clients (devices or s oft clients) pass through NA T . Af ter enab le SIP prox y server , all SI P traffic can pa ss thr ough NA T wit h a sele ctive but f ixed WAN interf ace. If the SIP Registr ar setti ngs in SIP client is sam e as the syst em setting, when th e client try to acc ess the SIP Registrar [...]

  • Page 85

    85 The s ystem provides SI P prox y functiona lity , which al lows SI P clients to p ass throu gh NA T . W hen enabled, all SIP traffic can pas s throug h NA T via a fixed WAN inter face. The po licy rout e setting of SIP Authe nticatio n mus t be configured c areful ly bec ause it m ust c ooperate with the fixed WAN inter face f or SIP authentic a[...]

  • Page 86

    86 A warning m ess age can be custom ized at Main Men u > S ystem > Gen eral pag e which will be d ispla yed on the web browser of newl y connec ted users when a Service Z one ’s authenticat ion is u nder the Suspend s tatus. The purpos e of th is feature is to pre vent fur ther loa ding to th is Ser vice Zon e when network administ rator n[...]

  • Page 87

    87 6.2. Users Group Group prof iles are used t o divid e users b ased on r ole . A Gr oup prof ile can be desi gnated for differentiat ing a gr oup of user s with sim ilar stat uses e.g. Student , Staff, Gues t, etc. ; N etwork adm inistrator can de term ine which S ervice Zones are ac cessibl e to a certain Gr oup as wel l as the Pol icy that will[...]

  • Page 88

    88 6.2.1. A ssi gn users to a Group C onfigure Group set tings ; go to: Use r s >> Group . This s ection sho ws how t o group users, ho w to ru le eac h grouped user with d ifferent p olicy as he moves to differ ent service zone. The follo wing exam ples will help you bett er und erstand t his sect ion.[...]

  • Page 89

    89 In this ex ample, G roup 1 us ers ar e allowed t o acces s the i nternet i n 5 plac es; Servic e Zone 0,1,4,6, an d 8. The y must f ollow polic y 1 at Ser vice Z one 1, 6 a nd 8. The y are ruled b y Polic y 3 at Ser vice Zone 1 and b y Polic y 8 at Service Zo ne 4. In each aut henticat ion op tion, you c an ass ign a Gro up with each authentic a[...]

  • Page 90

    [...]

  • Page 91

    91 At Servic e Zone 1 , Group 1 user is ruled by Polic y 3. Group 2 is b y Policy 9 a nd Gr oup 3 is b y Polic y 1 1. Ot her Groups ar e not enab led to access Service Zon e 1.[...]

  • Page 92

    92 o Group Option: T he nam e of Group opt ions av ailable f or selec tion. o Enabled : Se lect E nabled t o allow clients of the en abled G roups t o log in to this Service Zo ne und er constraints of th e selected Polici es. Check Enabled of each ind ividua l Group t o assign it to the Servic e Zone listed. o Policy: Se lect a Polic y that the Gr[...]

  • Page 93

    93 6.2.3. QoS T raf fic Class and Bandw idt h Control Configure QoS; go to: Use rs >> Group >> QoS Prof ile .  QoS Profile: Set param eters f or traffic class ification. o T raff ic Class: A T r affic Class c an be chose n for a G roup of users . There are f our traffic c lasses: Vo i c e , Vid e o , Best - Effort and Background . Vo[...]

  • Page 94

    94 6.3. User Login 6.3.1. An Example of User Login Norm ally , users will be auth enticated b efore the y get net work ac cess through W HG C ontrol ler . This s ection pres ents the basic authentic ation f low for en d users . Pleas e mak e sur e that the W HG C ontr oller is conf igured pr operl y and network related set tings are done. 1. Open a[...]

  • Page 95

    [...]

  • Page 96

    96 6.3.2. Default A uthe ntica tion In each Ser vice Z one, ther e are different t ypes of authentic ation d atabase ( LOCA L, POP3, RADIUS, LDAP , NTDO MAIN, OND EMAND, and SIP) that are su pport ed b y the entire s ystem . There are u p to six authent ication ser vers c an be enab led, t wo of them cons tantly as O ndem and a nd SIP , and one of [...]

  • Page 97

    97 7. Polici es and Access Control 7.1. Policy C onfigure Polic y ; go to : Us er s >> Poli cy . W HG C ontroller s upports multipl e Policies , includ ing on e Global Policy and ind ividual Polic ies . Eac h Polic y consi sts of acces s control p rofiles that can b e config ured respec tivel y and app lied to a c ertain Group of users . Glob[...]

  • Page 98

    [...]

  • Page 99

    99 7.1.1. Firew all Firewall Pro file (Glo bal Po licy): C lick Setting for Fi rewall Prof ile . T he Firew all Conf igurat ion will appear . Click Predefine d and Custom Service Pr otocols to edit the protoc ol list . Click User F irewall Rules to edit t he rules . Machine Fi rewall Ru les – Input is for editing fire wall rules whic h will be en[...]

  • Page 100

    100 The Predef ined Service Protocols ca n not be deleted. Click Add to ad d a custom servic e protoco l. Th e Protocol Ty p e can be define d from a list of service b y protoc ols ( TCP/UDP/IC MP/IP ); a nd then define the Source Port (range) and Destination Port (range); cl ick Apply to save this protoc ol . If t he Protocol T ype is ICM P , it w[...]

  • Page 101

    101 Selecting t he Filter Rule N um ber 1 as an ex ample: o Rule Number: T his is the r ule se lected “1” . Rule N o. 1 has the h ighest pri orit y; rule No. 2 has the second pr iorit y , a nd so on. o Rule Nam e: T he rule nam e can be changed here. o Sourc e /Destination – I nterface/ Zone: There are ch oices of ALL , WAN 1 , WAN 2 , Def au[...]

  • Page 102

    102  Mach ine Firew all Rules – Input (Global Po licy Only) This c onfiguratio n page is for adm inistrator s to co nfigur e firewal l rules which will be enfor ced fr om the s ystems perspecti ve to filt er incom ing tr affics pass ing throug h WAN ports fr om exter nal network s.  Mach ine Firew all Rules – Output (Global Poli cy O nl y[...]

  • Page 103

    103[...]

  • Page 104

    104 7.1.2. Routing  Speci fic Route Profile: Clic k the bu tton of Setting for Specific Route P rofile , t he Spec ific Rou te Prof ile list will a ppea r . 7.1.2.1 Specific Route  Speci fic Route Profile : The Specif ic Def ault Route is use to co ntrol cli ents to access som e specific I P segm ent by the spec ified gateway . o Des tination[...]

  • Page 105

    105 7.1.3. Schedule  Schedule Pr ofile: Click Setting of Schedul e Profile to enter t he confi guration page. Select Enable t o show the Permitted Login Hours list. This f unction is used t o lim it the time when clients can l og in. C heck the desired tim e slots check box and c lick Apply to save the set tings. Thes e settings will b ecom e ef[...]

  • Page 106

    106 7.1.4. Session Limit T o pr event ill - be haved c lients or m alicious soft ware from us ing up the s ystem’s connec tion reso urces , the adminis trator can res tric t the num ber of concurr ent sessions that a us er can establ ish.  The maximum number of concurrent s essio ns (T CP and UDP) for each user c an be specifie d in th e Globa[...]

  • Page 107

    107 7.2. User Access Control W HG Controller su pports u ser acc ess c ontrol per ser vice zone, for the entire s ystem , or per authe nticati on ser ver . M A C Acce ss Control per Ser v ice Zone Go to Mai n Menu > System > Servic e Zones. Each Serv ice Zone ’s Wireles s Settings will be applied to APs t hat ar e mapped t o this s ervice z[...]

  • Page 108

    108 There ar e multipl e Black List pr ofiles a vailable. Adm inistrator can selec t one a nd enfor ce this b lack list on the desired aut henticat ion s erver . C lick Add User(s ) button to f ill in us ernam es ( postfix not re quired). W hen enforced o n an authent ication s erver , accounts in the b lack list will be d enied authent ication and[...]

  • Page 109

    109 Privilege IP Privilege IP/IPv6 Address List If there are work stations ins ide the m anag ed network that n eed to ac cess t he networ k without authent ication , enter the IP address es of t hese wor ks tations in the “ Grant ed Access by IP A ddres s” . The “Rem ark” f ield is no t necessar y but is useful to keep track . Contr oller [...]

  • Page 110

    110 Privilege M AC Privilege M A C A ddre ss List In additio n to the IP address , the MAC address of the work stations that need t o acc ess the net work without authent ication c an als o be set in t he “G ranted Acces s by M AC Address” . Cont roller a llows s pecif ic privi lege MA C addresses at m ost. W hen manuall y creating t he list, e[...]

  • Page 111

    111 7.3. Session Limit & Session Log Session Limit T o pr event ill - be haved c lients or m alicious soft ware from us ing up system ’s connect ion resour ces, adminis trators will have t o res trict the num ber of concur rent sess ions that a user c an esta blish.  The maximum number of concurrent sessions (T CP and UDP) f or each user c[...]

  • Page 112

    112  The following tab le shows an exam ple of th e sess ion log d ata. Jul 20 1 2:35: 05 2009 [Ne w]user1 @loc al TCP MAC=00: 09:6b :cd:83: 8c S IP=10.1. 1.37 S Port=16 26 D IP=203. 125.1 64.132 D Port= 80 Jul 20 1 2:35: 05 2009 [Ne w]user1 @loc al TCP MAC=00: 09:6b :cd:83: 8c S IP=10.1.1. 37 S Port=16 27 D IP=203. 125.16 4.132 DP ort= 80 Jul 2[...]

  • Page 113

    113 8. Users’ Login and Logout 8.1. Before User Login 8.1.1. Login w ith SSL C onfigure HTTP S ; go to: System >> G eneral . HTT PS (HTTP over SSL or HTT P Secure) by means of Secure Sock et La yer (SSL) or Transport La yer Security (TLS) encrypts an d decr ypts user page requ ests as well as the pages that are r etur ned by the W eb ser ve[...]

  • Page 114

    114 8.1.2. Inter nal Domain Name wit h Certifi cate C onfigure Internal Dom ain Nam e ; go to: Syst em >> G eneral >> Intern al Domain Name . Internal D om ain Name is the dom ain nam e of the W HG CONT ROLLER as seen on client m achines connec ted under ser vice zone. It m ust conf orm t o FQDN (F ully - Q ualified D om ain Name) stand[...]

  • Page 115

    115 Click “ Continue t o this website” to acc ess the user logi n page. T o Use Default Certifi cate: Click Use Defau lt Certi ficate to use th e defau lt certif icate and k ey . Cl ick restart t o validate the chang es.[...]

  • Page 116

    116 8.1.3. W alled Gar den C onfigure Walled Garden ; go to : Network >> W alled G arden . This f unction pro vides cer tain fr ee servic es for us ers to ac cess the websites listed here bef ore login and authent ication. Spec ific address es or dom ain nam es of the w ebsites c an be d efined in this list. Users without the network access r[...]

  • Page 117

    117 8.1.4. W alled G arden A D List C onfigure Walled Garden AD List ; go t o: N etwork >> Walled Gard en AD List . This f unction pro vides a dvertis ement web pages f or us ers to acc ess f ree advertis em ent websites l isted befor e login and authent ication. Adver tisem ent hyperl inks ar e displa yed on th e user ’s login pa ge. Clien[...]

  • Page 118

    118[...]

  • Page 119

    119 8.1.5. Mail Message C onfigure Mail Mes sage, g o to: Syst em >> Servi ce Zones . W hen enabled, th e system will a utomatic ally send an em ail to users if the y attem pt to send/r eceive the ir em ails using POP 3 em ail program (for ex ample, Micros oft Out look ) before the y are authen ticated. C lick Edit Mail Messag e to edit the m[...]

  • Page 120

    120 8.2. After User Lo gin 8.2.1. P ortal Home Page C onfigure Hom e Page Redi rect ; go t o: S ystem >> General . Portal URL functio n allows the net work adm inistr ator to s pecif y whether to red irect a user ’ s web browser to a specif ic webpage or not. W hen “Specific” is check ed, once a user l ogged in s ucc essf ully , user ?[...]

  • Page 121

    121 8.2.2. Idle Time r C onfigure Idle T i mer ; go to: Use rs >> Addi tional Con trol . If a user has idled with no net work ac tivities, the s yste m will aut omat ically kic k out the us er . The logout tim er can be set between 1~14 40 minut es, and the defau lt idle tim e is 10 m inutes.[...]

  • Page 122

    122 8.2.3. Multi ple Login C onfigure Idle Ti m er , go to : User s >> Addi tional Con trol . W hen enabled, a user can log in f rom different com puters with t he sam e account. (T his func tion doesn’t su pport On - demand us ers and RADIUS authentic ation.)[...]

  • Page 123

    123 8.2.4. Change Passw ord Privil ege C onfigure Local Us ers cha nge pas sword pr ivilege ; go to: U ser s >> Group >> Privilege .  P rivilege P rofile: o Change Pass word Privilege: W hen Chan ge Passw ord Priv ilege is enabled, the authe nticated users with in this G roup are allowe d to chang e their pass word via t he Login Suc[...]

  • Page 124

    124 8.2.5. P roxy Server C onfigure Prox y Server ; go to: N etwork >> Pro xy Ser ver . The s ystem provides a Bu ild - in Prox y Server and Exter nal Proxy Server func tion. Af ter succes sful authent ication, the clien ts’ will be r edirec ted back to the des ired prox y servers. Basicall y , a pr oxy ser ver can he lp clie nts acces s th[...]

  • Page 125

    125  Using Extran et Proxy Serv er The second s cenario is th at a prox y server is placed in t he Extranet ( such as D MZ), whic h all us ers fr om the Intranet or the Inter net are able to a cces s. For ex ample, the f ollowing d iagram s hows that a pr oxy ser ver of a n organizat ion in the DMZ will be used. Follow th e follo wing steps to c[...]

  • Page 126

    126 9. Local Are a AP M anagement All of the supp orted APs under m anagem ent of the s ystem will b e shown in t his ta ble and listed b y different A P type.[...]

  • Page 127

    127 9.1. Multi ple Type of A P Besides l etting users bei ng connec ted to t he W HG Controll er via wir ed Ether net ca ble, you c an conn ect A P to the W HG Controller t o extent t he net work acc ess b y wireles s. The WH G Controller can m anage multip le type of AP , such as, E AP100, EAP - 11 0 , EAP - 2 00 , EA P - 300 , EAP700, OW L400, OW[...]

  • Page 128

    128 9.2. Confi gure A P Templa te Configure AP T em plate; go to: Access Points >> Enter Local Area AP Managem ent >> Templates . The s ystem suppor ts up to three t em plates whic h include c onfig urations of APs. The a dminis trator can c onfig ure the setting to gether in the t emplate instead of log ging the A P managem ent inter f[...]

  • Page 129

    129  General: In th is sectio n, revise the Sub net M ask and Default Gatew ay here if desir ed. Conf igure the N T P Serve rs and Time Zone . In additi on, adm inistrator c an enable SY SLOG serv er to rec eive the l og from AP and enable SNM P read /write ab ility .  Wireless:  SSID Bro adcast: Select th is opti on to enab le the AP’s [...]

  • Page 130

    130 throughou t a ESS ( Extend ed Ser vice Set) and f or secure ex change of stati on’s securi ty cont ext between cur rent ac cess po int (A P) and ne w AP during handoff per iod.  Wireless Clien t Isol ation : T he default value is Di sabl ed . W hen “ Enabled” is selected , all the wireless clients will be isolated e ach ot her.  T r[...]

  • Page 131

    131 9.3. AP Disco ver y Configure Disco very AP; go to: Acce ss Points >> En ter Local Area AP Management >> D iscove ry . After AP tem plate conf igurat ion is com plete, us e this f unction to detect and sc an for all of the A Ps conn ected u nder the managed n etwork . Note that in Local A r ea AP Management the W HG C ontroller can [...]

  • Page 132

    132  Discov ery Resu lts: The n ewly disc overed A Ps will be liste d here. W hen the s ystem ’s Service Zon e is set to Ta g - bas ed mode, s ervice z ones als o can be assign ed here. After click ing Add , th e curr ent managem ent p age is directed to AP List, where t he newl y added A Ps will sh ow up in the A P List with a status of “co[...]

  • Page 133

    133 9.3.1. AP Background Di scover y Configure AP Back ground Dis cover y; go to: AP Management >> Enter Local Area AP Management >> Discovery .  Backgrou nd AP Dis cover y: Click Configure to enter Backgrou nd AP Dis cover y interf ace and pr oceed with relat ed conf iguratio n. The conf iguration is the sa m e as AP Discover y . W [...]

  • Page 134

    134 9.4. Manuall y add AP Add an A P Manuall y; go to: Acce ss Points >> Enter Lo cal Ar ea AP Management >> Adding . The adm inistrator can add supporte d APs into the Li st tab le m anuall y here. Sim ilar to the AP added after d isc overy , a manuall y added AP will sho w up with a status of "co nfigurin g" in the AP List i[...]

  • Page 135

    135 9.5. AP w ith Se rv ice Zone Configure AP with Servic e Zone; go to: System >> Se rvic e Zones >> Service Zone Configuration .  Service Zone Settings – Assigned IP Ad dress range for AP M anagement Under por t - based s ervice zone, each ser vice zone c an designat e an IP segm ent for IP addr ess ass ignment t o the managed AP[...]

  • Page 136

    136  Serv ic e Zone Setting s – A ccess Co ntrol for Service Zone All m anaged APs ( V AP) t hat be long to this ser vice zon e have sam e AC L ta ble. W hen t he status is Allow ed , only these clients whose MAC address es are liste d in this list can be al lowed to connect to the AP; on the other hand, wh en the stat us is D enied , th e cli[...]

  • Page 137

    137 9.6. AP Se curity Configure AP Securit y; go to: System >> Ser vice Zones .  Security: F or each s ervice zone, a dministr ators can s et up t he wirel ess sec urity pr ofile, inc luding A uthentication and Encryption .  A uthenti cation: Including Open S ystem , Share Ke y , W PA , W PA2 or WP A /WP A 2 Mixed .  E ncryption: [...]

  • Page 138

    138 9.7. Change ma nag ed A P setti ngs Configure AP settings in AP List; go to: Access Points >> Enter Local Area AP Man agement >> List . All of the A Ps under the m anagem ent of the W H G Controller will be sh own in the lis t. The A P can be edit ed by click ing the hyperl ink of AP Name and the AP status ca n be rev iewed b y clic[...]

  • Page 139

    139  General S etting: Click the link t o enter th e General Setting interface. Firm ware inform ation als o can be observed h ere.  LAN Setti ng: Click the link to enter the L AN S etting in terf ace. Adm inistrator c an rev ise the AP’s LAN IP settings including IP addre ss , Subnet Mask and Defa ult Gatew ay o f A P.  Wireless L AN: C[...]

  • Page 140

    140 AP Status Sum mar y includes AP N a m e , A P Ty p e , L AN Interf ace M AC address , Wireless Interfac e M AC address , Report Time , SSID , an d Number of A ssociated Clients . AP S tat us D etails inc lude S ystem Statu s , LAN S tatus , Wireless L AN Stat us , A ssociated Client Status and Local Log Status.[...]

  • Page 141

    141 9.8. AP O perati ons from AP Li st Configure AP List; go to: Acces s Points >> Enter Local Area AP Manage ment >> List . 9.8.1. Reboot, Ena ble, Disabl e and Delete the A P Select an y AP by check ing t he check box and the n clic k the butto n belo w to Reboot , Enable , Disable, D elete, Apply T emplate and Appl y Service Z one ( [...]

  • Page 142

    142 9.8.2. Appl y T empla te Select an y AP by check the chec kbox and then cl ick Apply T emplate ; selec t one tem plate to appl y to the AP .[...]

  • Page 143

    143 9.8.3. Apply Service Zon e (T ag - Based Onl y) Select an y AP by the check the check box and then c lic k Apply Ser vice Zone to select which S ervice Zones this AP associates to. For exam ple, if SZ 3 and SZ5 ar e selecte d for t his AP , then thes e tw o Service Zones will be a vailable under this AP . This A P will have t wo V APs with two [...]

  • Page 144

    144 9.9. Firm w are man ageme nt and upgr ade Configure Firm ware m anagem ent; go to: Acc ess Points >> Enter Local Area AP Management >> Firmwa re . The s ystem suppor ts the f irm ware managem ent of APs to up load ne w firm ware, delet e the exist ing f irmware, and download th e firm ware to managed A Ps. Note that the AP's fi[...]

  • Page 145

    145 9.10. WDS Management Configure WD S managem ent; go to: Access Points >> E nter Local Area AP Managemen t >> WD S Managem ent . WDS Man agement (W ir eless Distribut ion S ystem) is a func tion used t o connec t AP s (Acce ss Point s) wirel essly . The W DS managem ent f unction of the s ystem can he lp adm inistrator s to s etup a [...]

  • Page 146

    146 9.11. Rogue AP Dete ction Configure Rough A P Detection; go to: Acce ss Points >> Enter Local Area AP Manag ement >> Rogue AP Detection . It is des igned t o detect the no n - m anaged or possibl y malicio us AP in t he dep lo yed environm ent. It takes t he managed APs as s ensors to f ind o ut the no n - m anaged AP even if the AP[...]

  • Page 147

    147 Basicall y , all of the m anaged A P can becom e a Rogue AP sensor , but som e earlier version AP will not sup port this function, they will list in the Sensor L ist , b ut the y are not ava ilable for s election , so th e Sen sor L ist will list all of the managed A P . Sele c t the AP s and cl ick Apply . 3. Add the non - managed A P to the T[...]

  • Page 148

    148 9.12. AP Load Balanci ng Configure AP Load Ba lanci ng; go to: Ac cess Points >> Enter Local Area AP Ma nagement >> AP Load Balancing . It is a function to prevent managed APs f rom overload ing. W hen the s ystem det ects th e occ urrence of APs' associated - client n um bers exceedi ng a pred efined t hreshol d at circum s ta[...]

  • Page 149

    149 1. Setup the Interval Configure Interva l; go to: A ccess Points >>A P L oad Balancing . Go to: Access Points >>A P Load Balancing >> Configuration . Input an Interval , if you input “ 0”, it m eans “ Disabled ”, and s ystem will not enable the AP Load Balancing func tion. 2. Conf igure the Loadi ng of Threshold of eac[...]

  • Page 150

    150 Before set up the AP Load Bal ancing, you m ust disc overy the APs and appl y template f irst.  Note: For m ore detail of AP Managem ent, ple ase refer to the section of M anaging Wirel ess Net work . All of the managed AP can join to a ny of the Load B alanc ing Gro up, so the Device List will lis t all of th e managed AP . Select th e APs,[...]

  • Page 151

    151 10. Wide Area A P M anagement The W HG Control ler suppo rts the p lanning a nd m onitoring of Acces s Points de plo yed over c omplicat ed net work structur es such as the int ernet. I ntegrated with G oogle Map API, W ide Area A P Manag em ent provides intuiti ve graphical tools f or mappin g APs a t various ph ysical locatio ns and k eeping [...]

  • Page 152

    152 10.1. AP Discovery Discover c onnect ed APs ; go to: Acc ess Points >> Ente r Wid e A rea AP Manag emen t >> Discove ry . W ith the Discover y feature, adm inistrator can scan f or APs regardl ess of their ph ysical l ocation as long as their I P address c an be reac hed. A fter the discov ery proces s, ne wly found AP ’ s will be[...]

  • Page 153

    153 10.2. Manually add AP Add an in dividua l Acces s Points t o the m anaged list; g o to: Access Points >> Enter Wid e Area AP Manage ment >> A dding . Besides Di scov ery featur e that ca n searc h and list m ulti ple APs f or addin g to the managem ent list, A dding page allows adm inistrat or to dir ectl y add a singl e Acc ess Poi[...]

  • Page 154

    154 10.3. Manage AP Lists Manage A P lists; go to: A ccess Points >> E nter Wid e Area AP Man agement >> List . W hen an EAP - 200 is dis covered or added to the A P list, it can b e logica lly deplo yed into t he W HG Contr oller ’s managed ne twork regardle ss of its physica l location by t unnel s . Initiall y when an AP has be en [...]

  • Page 155

    155 AP’s tunnel set tings c an be c heck ed at “ Syst em >> M anagemen t ” page. On the W HG C ontroller side, the A P’s T unn el status will show gr een light indicat ing an act ive tunne l has been set up between W HG Controller a nd A P . Now the a dm inistrator can click “ Edi t ” and re - ent er the Tunnel Status page to as s[...]

  • Page 156

    156 10.4. Manage Third P arty AP Add a third party AP; go to: Access Points >> Enter Wid e Area AP Management >> List . Add thir d part y A P by s electing THIR DAP from Device T y pe. Add to AP List m anuall y by specif ying third p art y A P’s IP address, Nam e, and VLAN ID. Click Add to f inish addi ng and ch eck lists to List icon[...]

  • Page 157

    157 10.5. Map Configure m aps; go to: Acc ess Points >> Enter Wi de Area AP Management >> Ma p . The Map ta b page is imple m ented with Goog le Map API vers ion2 whic h allo ws adm inistr ators to vie w at a gl ance the whereabou ts of all of the A P’s under W ide Area A P Managem ent. This featur e is hel pful when it com es to ne t[...]

  • Page 158

    158 10.5.1. Regist er key from Google Before conf iguring your m aps, you will ne ed to reg ister the W HG C ontroller ’s IP addres s at Goo gle Maps and get a ke y from Google . Go to ht tp://code. googl e.com/int l/en/apis /maps/doc umentat ion/ja vascr ipt/v2/ or search for “G oogle Map API”, to enter the Google code page. Click on “ Sig[...]

  • Page 159

    159 10.5.2. Create a Map Now , retur n to th e Map tab page in W HG Control ler ’s W MI and Scrol l down to t he bott om of the page, c lick on the Add a New M ap button.  An editin g page w ill ope n for conf iguration, please f ill in a Map Name f or this m ap and its ge ogra phical loc ation as defined b y Longitude and Latitude , rem ember[...]

  • Page 160

    160 10.5.3. Marki ng A P s on your Map If y ou hav e severa l APs d eplo yed and listed in List un der W ide Area AP Ma nage m ent, their geogr aphic al loc ation can be m ark ed on a particu lar m ap. Firstly , g o t o the List tab pa ge and cl ick on the Ed it but ton of th e AP’s that you wish t o mark in the m ap. In the A P configurat ion pa[...]

  • Page 161

    161 The selec ted APs will sho w up as m ark er im ages on the m ap at the physica l coordinat es conf igured, as sho wn below . Y ou c an click on the A P icon to se e the dial ogue b ox for add ition al inform ation or links that you ha ve conf igured. Click the more info link for inform ation on AP statu s , Client List , WD S List a nd Links re[...]

  • Page 162

    162  AP status , Client L ist and WDS Li st inf ormation listed are collec ted fr om t he remote AP via SN MP .[...]

  • Page 163

    163 10.5.4. Opera tions fr om Map page  Goto Map: W hen you have c onfigured m ultipl e map pr ofiles, th is func tion allo ws switchi ng bet ween different m aps.  Goto A P: This f unction is f or adm inistrator t o sel ect an AP on the list, an d the m ap will s hift to s how th e selected AP in the cent er of the m ap.  Show Covera ge: [...]

  • Page 164

    164 10.6. AP Oper ations f rom A P List Perform operations on m anaged APs; go to : Acces s Points >> E nte r Wid e Area AP Man agement >> List . After add ing APs to the m anaged L ist, the L ist page provides s ome oper ations for m anaging t he listed AP’ s.  Goto: T he WHG Controller c annot direc tly conf igure W ide Are a AP [...]

  • Page 165

    165 chosen AP ’s configurat ion setti ngs usi ng a .db file stor e loca lly in adm inis trator PC or in t he W HG Controll er ’s mem ory .  Upgrade: Click ing this bu tton will open a popu p window where adm inistrator can upgrade t he chose n AP’s firm ware using a firmware f ile stor e locall y in adm inistr ator PC or in t he W HG Contr[...]

  • Page 166

    166 10.7. WDS L ist View the W DS link inf orm ation establish ed bet ween APs in W ide Area A P Managem ent; go to Acc ess Points >> Enter Wid e Area AP Manag ement >> WDS List . The W DS link if establish ed bet ween APs l isted in List will be l isted her e with r elated i nform ation such as the Band and Chan nel of the link , Secur[...]

  • Page 167

    167 10.8. Backup Config View previous ly saved backup f iles for W ide Area APs; go to: Ac cess Points >> Enter Wid e Area AP Managem ent >> Backup Config . Back ed up Config f iles c an be use d to rest ore an AP’s settings in List . W hen adm inistrator back ups an AP’s configurat ion set tings, a ll the bac kup f iles are list ed[...]

  • Page 168

    168 10.9. Firm w are m anagem ent a nd upgrad e Upload or view the det ails o f previous ly upload ed firm ware for upgrading APs; go to: Acc ess Poin ts >> Enter Wid e Area AP Manage ment >> F irmwar e . The W HG Contr oller can store AP’s fir m ware in its’ built - in m emor y . Und er t he Firm ware tab page adm inistr ator ca n [...]

  • Page 169

    169 10.10. C AP W AP Enable CP A W AP auto - dis cover y feature f or supporte d AP’s; go t o: Acces s Points >> Enter Wi de A re a AP Managem ent >> CAPW AP . CAPWAP is a standard int eropera ble prot ocol that enables a W HG Contr oller to manage a c ollect ion of w ireless access points.  Status: T he configurat ion s tatus of C[...]

  • Page 170

    170 11. Networking Feature s of a Gateway 11.1. DMZ C onfigure DMZ ; go t o: Network >> N AT >> D MZ (Demilit arized Zone) . The s ystem suppor ts spec ific sets of Interna l IP address (LAN) to External I P address (WAN) m apping in the Static Assignm ents. The Exter nal IP Addres s of the Autom atic WAN IP Ass ignm ent is the IP addr [...]

  • Page 171

    171 11.2. Virtual Server C onfigure Virtual Server ; go to: Network >> N AT >> Pub lic Acc essible Serv er . This f unction allo ws the adm inistrator to s et virtual servers , so that c lient de vices outsid e the m anaged net work can access these ser vers with in the m anaged n etwork . Different virt ual servers can be conf igured f[...]

  • Page 172

    172 11.3. Clie nt Mob ility C onfigure IP Plug and Play ; go to: Network >> Client Mobility . W HG CON T ROLLE R supports IP PNP function : u s er s c an login an d acces s netw ork with an y IP address setting. At the user end, a s tatic I P address can be used to co nnect to th e system . Regar dless of what the IP addres s us ed at the use[...]

  • Page 173

    173 11.4. DNS Cache C onfigure DNS Cac he ; go t o: Network >> DNS Cache . The adm inistrator could st aticall y assign D omain Nam e to I P mappings f or all cl ients c onnected t o the W HG Controll er ’s LAN net work . This feature ca n be used to redir ect clie nts to preferr ed IP address f or cert ain Dom ain Nam es.[...]

  • Page 174

    174 11.5. Dynamic Domain Name Serv ice C onfigure Dynam ic Dom ain Nam e Service ; g o to: Net wo rk >> DDNS . Before act ivating th is f unction, you m ust have your Dynam ic DNS hos tnam e regis tered with a D ynamic D NS provider . W HG CONTROLLER supports D NS func tion t o alias the d ynam ic IP addres s for the WAN port to a static doma[...]

  • Page 175

    175 11.6. Port and IP Forw ard ing C onfigure Port an d IP Redirec t ; go to: Network >> N AT >> Port and IP Forwar ding . This f unction allo ws the adm inistrator to s et spec if ic sets of the I P addresses at m ost for r edirection pur pose. W hen the user attempts to conn ect to a d estinat ion I P addre ss listed here, the c onnec[...]

  • Page 176

    176 11.7. Dynamic Route Configure Dynam ic Route; go to : Network >> Dynam ic Route . The f unction sup port s thre e d ynamic r outing prot ocol s : RIP , O SPF an d IS - IS.  RIP Confi guration : It is a dynam ic r outing protoco l used i n local and wide area n etwork s. Y ou can c onfigur e each interf ace to be Pass ive, s upportive v[...]

  • Page 177

    177 routing inf orm ation.  T im eout T imer : Routes are onl y kept in th e routin g tabl e for a lim ited am ount of ti m e. A s pecial Timeout tim er is s tarted wh enever a r oute is installe d in the routing t able. W henever the router receives another RI P R esp onse with infor mation abo ut that ro ute, the r oute is cons idered “r efr[...]

  • Page 178

    178 a group of ph ysically con nected c omputer s or sim ilar devic es. Y ou c an conf igure e ach inter face Circ uit T ype to Level 1 or L evel 2.  Net ID: It is the I SO addr ess Network Entity T itle (N ET ). The NET is us ed just l ike an I P address to uniqu ely ident ify a rout er on the inter - netwo rk.  Cir cuit Ty pe: Level 1 s yst[...]

  • Page 179

    179 12. System M anagement and Uti lities 12.1. System T ime C onfigure Sy ste m T ime ; go to: Syst em >> Gen eral . 12.1.1. NTP NTP (Network Ti me Protocol) com munic ation prot ocol can be used to s ynchronize the s ystem tim e with rem ote tim e server . Please sp ecif y the local t ime zone and the I P address of at least o ne NTP server[...]

  • Page 180

    180 12.1.2. Manual S ettings The tim e can also b e m anually conf igured b y selec ting Manually s et up and then entering t he dat e and tim e in these fie lds.[...]

  • Page 181

    181 12.2. Management IP C onfigure Managem ent IP ; go to: Syst em >> Gene ral . Only PCs within t his IP range o n the l ist are al lowed t o acces s the s ystem's web m anagem ent interface . For exam ple, 10.2.3. 0/24 m eans that as long as an adm inistrat or is using a com puter with the I P addres s range of 10.2.3.0/ 24, he or she [...]

  • Page 182

    182 12.3. Access History IP C onfigure Access History IP ; go to: Syst em >> Gene ral . Specif y an IP address of th e administr ator ’ s com puter or a billi ng syst em to get b illing h istory inf orm ation of W HG CONTROLLER with the pr edef ined UR Ls. T he file n ame f orm at is “ yyyy - mm - dd”. An exam ple is pr ovide d as f oll[...]

  • Page 183

    183 12.4. S NMP C onfigure SNMP ; go to: Syst em >> Genera l . If this f unction is enabled, the S NMP Managem ent IP and the C omm unity can be assigne d to acc ess the S N M P Configura tion List of the syst em.[...]

  • Page 184

    184 12.5. Change Pass wo rd C onfigure Change Pass word ; go to: U tilities >> Pas sw ord Change . There ar e three le vels of authorit ies: admi n , man ager or operator . The def ault usernam es and pas swords are as follo ws: A dmin: The a dm inistrator can ac cess all config uration pages of W HG CONTROLLER . User Nam e: admi n Password: [...]

  • Page 185

    185 12.6. Backup / Restore and Reset to Factory Defaul t C onfigure Back up / Restor e and Reset to Fact ory Def ault ; go to: Utilities >> Back up & Restore . This f unction is use d to bac k up/restor e the W HG CONTROLLER setti ngs. Also, W HG CON T ROLLE R can be restored to the f actor y default set tings here.  Backup System Sett[...]

  • Page 186

    186 12.7. Firm w are U pgrade C onfigure Firm ware Upgra de ; go to : Ut ilities >> System Upgrade . The adm inistrator can do wnload t he latest f irm ware from website an d upgrad e the s ystem her e. Click Brow se to search f or the f irmware file and cl ick Apply f or the f irmware upgr ade. It m ight tak e a few minutes bef ore the upgr [...]

  • Page 187

    187 12.8. Restart C onfigure Restart ; go to: Ut ilities >> Rest art . This f unction allo ws the adm inistrator to s afel y restart W HG CON T ROLLE R , and the pr ocess m ight tak e approxim atel y three m inutes . Click YE S to rest art W HG CONT ROLLER ; clic k NO to go back to th e previous sc reen. If the pow er needs to be tur ned off,[...]

  • Page 188

    188 12.9. Ne t w ork U tility C onfigure Network Utilit y ; go to: Ut ilities >> Network Utilit ies . The s ystem provides som e network utilities to he lp adm inistrator s manage t he ne twork easily .[...]

  • Page 189

    189 Item Descripti on W ake - on - L AN It allows t he s ystem to r emotely boot up a p ower - do wn com puter with Wake - On - LAN featur e enabled i n its BIO S and it is c onnect to an y servic e zone. Enter the MAC Addr ess of the desired de vice an d click Wake Up button t o execut e this f unction. IPv4  P ing: It allows adm inistr ator to[...]

  • Page 190

    190 12.10. Certificate C onfigure Certif icat e Ut ilit y ; go to: Utility >> Certificat e . AC can is sue cert ificates to APs t hat it m anages in its pr ivate net work . Adm inistrator can s ign certif icates issues b y the syst em’s root CA a nd load th ese cer tificat es to m anaged APs . These APs will b e used in verif ying the iden [...]

  • Page 191

    191  Create System’s Root C A Administr ator can create a root C A f or pri vate use. The created r oot C A c ertif icate can be downlo aded a nd used to sign certif icates generat ed by the s ystem . The cr eated root C A will b e displa yed in the table belo w .  Signing Certific ates with Syste m Root CA W hen a root CA has been c reated[...]

  • Page 192

    192 The generated certificat e will be listed in the My Issue Certificat e table. C ertificat e and k ey can b e do wnload ed with Get Cert , G et key butt on.  Uploading Certifi cate or T rusted CA Apart from s elf signed cer tificate and s ystem’s root C A, adm inistrators can also upload other cert ificates signe d by other CA entities or T[...]

  • Page 193

    193 12.11. Adm inist rator Acc ount Configure operator accou nts; go to: U tilities >> Administra tor Account . W HG C ontroller has thre e k inds of perm anent m anagem ent acc ount: admin , ma nager or operator . T he d efault usernam es and pass words show as f ollo ws: A dmin: The a dm inistrator can ac cess all config uration pages of W [...]

  • Page 194

    194  Create A dmin Account Different oper ator accou nts and their pas sword c an be specif ied here. Group her e are au thorizati on profi les that will be applie d to this operator acc ount, each G roup prof ile can s pec ify whic h SZ this account c an acc ess and t he Maps that this o perator can acce ss. Administr ator can enter th e desire[...]

  • Page 195

    195  Configure operator Group profile Group all owed SZ and Ma p can be configur ed her e. In this c onfigur ation page, adm inistrator c an spec ify wh ich S ervice Z one an d Ma p are a llowed to be access ed b y the operator that belongs to th is Gr oup. This f eature a llow s the adm inistrator to cr eate m ulti - level pri vilege acc ounts [...]

  • Page 196

    196 12.12. Monitor IP Configure Monitor ing 3 rd Part y IP; go to: Network >> Monitor IP . W HG CON T ROLLE R will send o ut a pac ket period icall y to monitor t he con nection status of the IP addresses on the list. On each m onitor ed item with a W EB s erver running, a dm inistrators m a y add a l ink f or the eas y access by entering t h[...]

  • Page 197

    197 12.13. Console Interf ace Via this port to enter the c o nsole int erface f or the adminis trator to ha ndle th e probl ems and situatio ns occurr ed during operatio n. 1. In order t o connect to the c onsole por t of W HG CONTROLLER , a co nsole, m odem cable and a term inal simulatio n progr am , such as the H yper T erm inal are nee de d. 2.[...]

  • Page 198

    198  Utilities f or ne tw ork debuggi ng The cons ole inter face pr ovides s everal utilities t o assis t the A dminist rator to ch eck the s ystem conditions and to debu g an y problem s. The utiliti es are des cribed as f ollows:  Ping h ost (IP): By send ing IC MP echo reques t to a spe cified hos t and wait for the res ponse to tes t the [...]

  • Page 199

    199 The user nam e is “adm in” and the d efault password is also “adm in”, which is the sam e as f or the web managem ent interf ace. Pas sword ca n also b e change d here. I f adm inistrat ors for get the pass word an d are unab le to log in the m anagem ent interf ace f rom the web or the r emote end of the SSH, th ey can sti ll use the n[...]

  • Page 200

    200 13. System Sta tus and Re ports 13.1. View the S t atu s This s ection inclu des System Status , Interface S tatus , Hardw are , Routing T able , Online User s , Ses sion List , User Log s , Logs , DHC P Lease , and E- m ail & S yslog to pr ovide s ystem status inform ation and onl ine user status.[...]

  • Page 201

    201 13.1.1. System Status V iew S ystem Status ; go to: Status >> Sy stem . This s ection provi des an o vervie w of the s ystem for the adm inistr ator .[...]

  • Page 202

    202 The desc ription of the ab ove - m entioned tab le is as follo ws: Item Descripti on Firmware V ersion The prese nt firmw are versio n of W HG CONTROLLER Build The current build number . Sy stem Name The system name. The default is W HG CONTROLLER Portal URL The page t he users ar e directe d to after initial login success. Sy slog server - Sys[...]

  • Page 203

    203 13.1.2. Interface Status V iew Interfac e Status ; go to : Status >> Interface . This s ection provi des an o vervie w of the i nterfac e for the a dm inistrator i ncluding WA N 1 , WAN 2 , SZ Default, SZ1 ~ SZ8 .[...]

  • Page 204

    204 The desc ription of the ab ove - m entioned tab le is as f ollo ws: Item Descripti on Select Int erface From the dro p - down me nu, admini s trators c an selec t which interface s tatus to display . WA N 1 Mode Operating mode of th is interface. MAC Add re ss The MA C address of t he WAN 2 port. IP A ddress The IPv 4 address of the WAN2 port. [...]

  • Page 205

    205 13.1.3. HW V iew Hardwar e Status ; go to: Status >> HW . This tab pa ge disp la y s the system ’s hardware us age inf ormation.[...]

  • Page 206

    206 13.1.4. Routing T abl e V iew Routin g T able ; go to: Status >> Routing Ta b l e >> IPv4/IP v6 Ta b l e . All th e Pol icy Rout e rules and Glob al Policy Ro ute rules will be l isted her e. Also it will s how th e System Route rules spec ified b y each i nterf ace. • • • IPv 4 Routing T able IPv6 Routing T able  Policy 1 [...]

  • Page 207

    207 13.1.5. Onli ne Users V iew Online Users, go to: Status >> Online U sers . In this pa ge, all on line us ers’ i nform ation is d ispla yed. Adm inistrators can for ce out a s pecific o nline us er b y click ing the hyper link of Kick Out and chec k the us er acc ess A P status b y click ing the hyp erlink of the AP nam e for Access From[...]

  • Page 208

    208 13.1.6. Non - Login User s V iew Non - Logi n Users ; go to: Status >> Non - Login Users . This page s hows us ers that have acq uired a n IP address from the s ystem ’s DHCP server but h ave not yet be en authent icated. This f eature is des igned for adminis trators to keep trac k of s y stem s resour ces f rom being exha usted. The l[...]

  • Page 209

    209 13.1.7. Sessi on List V iew Session List ; go to: Status >> Session List . This page a llows th e adm inistrator to insp ect ses sions c urrentl y establis hed betwe en a c lient and t he s ystem. Eac h result dis plays t he IP and Port values of the So urce an d Destinat ion. Y o u m ay define th e filter conditi ons and displ ay only th[...]

  • Page 210

    210 13.1.8. User Logs V iew Traffic History , go t o: Status >> Use rs Log . This page is us ed to chec k the tr affic histor y of W HG CONT ROLLER . The h istory of each da y will b e saved separate ly in the D RAM f or at least 3 da ys (72 full h ours ). The s ystem als o keeps a cum ulated record of the tr affic data gener ated b y each us[...]

  • Page 211

    211  On - demand User Log As sho wn in th e fol lowing f igure, each l ine is a on - demand user log recor d consis ting of 13 fields , Date , Syste m Name , Ty p e , Name , IP , M AC , P kts In , B ytes In , Pkts Out, Bytes Out, 1st L ogin Expiration T ime , Account V alid Through and Re mark , of user acti vit ies.  Roaming Out Us er Log As[...]

  • Page 212

    212 13.1.9. Local Us er Monthly Netw ork Usage V iew Local Us er Month l y Network Usage ; go to: Status >> User Logs .  Monthly Network Us age of Local User The s ystem k eeps a cum ulated recor d of the traffic dat a generat ed b y each Local user in the lat est 2 ca lendar months . As shown in t he fol lowing fi gure, eac h line in a m [...]

  • Page 213

    213 13.1.10. Logs V iew Logs ; pl ease go to : St atus >> Logs . This page d ispla ys the s ystem ’s local log infor m ation since s ystem boot up. Admini strators can exam ine the l og entries of vario us eve nts. H owever , s ince a ll thes e infor mat ion are stor ed on volatil e mem ory , the y wi ll be los t durin g a restart/r eboot o[...]

  • Page 214

    214 13.1.11. DHCP L ease V iew DHCP Lease ; go to: Status >> DHCP L ease . The DHC P IP lease st atisti cs c an be viewed after c licking on Show Statist ics List in this p age.  Statistics of offe red list V alid lease coun ts of the Last 10 Minutes, Hour s and D a ys are show n here. The header 1 ~ 1 0 are un it multiplier , for inst anc[...]

  • Page 215

    215 13.2. No tificatio n C onfigure Notif ication ; g o to: Status >> Repor t & Notification . W HG CON T ROLLE R can autom aticall y send vari ous k inds of us er and/or system related r eports t o conf igured E- mail addres ses, SYSLO G Servers , or FT P Server .  SMTP Settings : Allo ws the conf iguration of 5 recipie nt E - m ail a[...]

  • Page 216

    216 13.2.1. SM TP Settings  Receiv er E - ma il A ddress (1 ~ 5): U p to 5 E- mail addr esses can be set up here to rec eive not ificatio ns.  Send er E - mai l Address: The e - m ail addres s of the ad m inistrator in char ge of the m onitoring. This will sho w up as the s ender ’s e - ma il.  SM TP Server: Enter th e IP address of the [...]

  • Page 217

    217 13.2.2. SYSLOG Setting s  SYSLOG Destinations: Up to two ext ernal S YSLOG servers m ay be configur ed, pleas e enter t he IP address an d port num ber of the ex ternal SYSLOG s erver .  System Log: This contro ls the enab ling/dis abling of the S YSLOG logging f eature. W hen enabled, th e selected logs f rom “N otification Se ttings?[...]

  • Page 218

    218 13.2.3. FTP Settings  FTP Des tination: Specify the I P address and p ort n um ber of your FT P server . If your FT P needs authent ication, ent er the Usernam e and Pas sword. The “Send T est Log” r adio but ton can be us ed to send a test log f or testin g your cur rent FT P destination s etti ngs.[...]

  • Page 219

    219 13.2.4. Notifi cation S ettings This c onfiguratio n page al lows the s electi on of log t ype s to send, either t o preconf igured E - m ail, SYSLOG Servers or FT P Server b ased on t he c hosen tim e Interv al.  Sending Logs to E - mail The f ollowing log types can be sen t to E - m ail addr esses c onfigured in “SMT P Setti ngs”: Mo n[...]

  • Page 220

    220  Detail: C licking th is rad io button al lows the c onf iguration of the E - mail s ubject f or the corr espondi ng log.  Send: Click ing th is radi o button s ends a tes t log to the s elected E - m ail addres s.  Sending Logs to SYSLOG The f ollowing log types can be sen t to exter nal S YSLOG s ervers c onfigured i n “SYS LOG Set[...]

  • Page 221

    221  Sending Logs to FTP The f ollowing log types can be sen t to exter nal FT P ser vers conf igured in “ FTP Settings ”: Users Log, On - demand Us ers Log, Sess ion Log, HT TP W eb Log, DHC P Lease Log, and S ystem Report. Clic k the des ired log type a nd selec t the tim e int erval for sending log. Detail : C licking t his rad io button [...]

  • Page 222

    222 13.2.5. S y stem Repor t The f unction provi des the g raphica l statistic s inf ormation of CPU Lo ading, C PU T em perature, Mem or y Usage and etc. This page d ispla ys system s tatus and resour ce us ages in a plotted gr aph. I t can sho w the tot al DHC P Lease number of all Serv ice Zo ne and eac h Serv ice Zone.  Item: Select the t yp[...]

  • Page 223

    223 14. Virtual Private Ne twork ( VP N) 14.1. Local VPN The s ystem is equippe d wi th IPSec VPN f eature. T o ut ilize IPSec VPN s upporte d by M icrosof t W indows X P SP2 (with patc h) an d W indows 20 00 oper ating s ystem s, the s ystem im plem ents IPSec VPN tun neling t ech nolog y between cl ient ’ s windo ws dev ices and the s ystem its[...]

  • Page 224

    224 tunnels b etween t hem . If the conn ection is down, the A ctiveX com ponent will det ect the br oken l ink and decom pose the IPS ec tun nel. Once the IPSec VPN tunnel was bui lt, all sent pack ets will be encr ypted. W ithout connecti ng to the or igina l IPSec VPN tunne l, a cli ent has no alternat ive wa y to gain network connec tion be yon[...]

  • Page 225

    225 This patc h also f ixes the problem of suppor ting act ive m ode FTP inside IP Sec VP N tunnel of W indows XP SP2. Please U P D AT E clients ’ W indows XP SP2 with this pat ch. • The T ermination of A c tiveX The Acti veX com ponent for IPSec VPN is runnin g in par allel with t he web p age of “Login Success ”. T o ensure that the built[...]

  • Page 226

    226 • FAQ (1) Ho w to clean I PSec c lient? ANS: Open a c omm and prompt w indow and t ype th e comm ands as f ollows. C: > cd %windir% syst em32 C: > Clean _IPSEC.b at or C: > cd %w indir% s ystem32 C: > ipsec 2k.exe stop (2) Ho w to rem ove Acti veX com ponent in c lient ’ s com puter? ANS: ① Uninst all and d elete A[...]

  • Page 227

    227 14.2. Re mote VPN C onfigure Rem ote VPN ; go to: N etwork >> VPN >> R emote VPN . W HG CON T ROLLE R support R emote VPN f or user login to s ystem from remote area. Af ter the us er is login to system from the outside network of WAN, the user will feel that it is look like logi n to W HG CONT ROLLER under the service zone loc a ll[...]

  • Page 228

    228 14.3. Site - to - Site VP N C onfigure Site - to - Site V PN ; go to: Network >> VPN >> Site - to - Site VPN . W HG CON T ROLLE R support Si te - to - Sit e VPN f or m ore than 2 W HG CONTRO LLE R crea te VPN tun nel to each other ov er the WAN net work . For exam ple, if ther e are 2 W HG CONT ROLLER , you c an creat e a V PN tun n[...]

  • Page 229

    229 Such as “1 92.168. 1 1.0/ 24” of WHG CONT ROLLER _ A >> “192. 168.1 1 1. 0/24” of WHG CONT ROLLER _B, afte r the tunnel is created, the users with in these two subnet s can r each eac h oth er . Yo u c an create more t han one VPN tu nnel, but t he IP segment m apping c an not be ov erlap t hat same IP segment has more than on e r[...]

  • Page 230

    230 15. C ustomiza tion of Portal Pages 15.1. Customizable Pages C onfigure Custom izable Pa ges; go t o: S ystem >> Se rvice Zones . There ar e several users’ login and logout pa ges for each s ervice zo ne that ca n be custom ized b y administr ators . Go to Sys te m Conf iguratio n >> Servi ce Zone >> Conf igure >> Auth[...]

  • Page 231

    231 15.2. Loading a Cus tom ized Lo gin Page  Custom Pa ges >> Login Page The adm inistrator can use the def ault logi n page or get the custom ized log in page b y setting the tem plat e page, uploading the pa ge or do wnloading f rom a designated websit e. After finish ing the settin g, click Preview t o see the login page.  Custom Pa[...]

  • Page 232

    232  Custom Pa ges >> Login Page > > Uploaded P age Choose Uploa ded Page an d upload a login page t o the bu ilt - in HT TP server .[...]

  • Page 233

    233 The user - defined login pag e m ust include the follow ing HT ML c odes to pro vide t he necess ary fi elds for us er name and p asswor d. And if the user - def ined logi n page inc ludes a n image f ile, the im age file path in the H TML code must be the image f ile to be up loaded. Remote VPN : <img src=image s/xx.jpg ” > Default S e[...]

  • Page 234

    234 15.3. Using an Exte rnal Login Pa ge  Custom Pa ges >> Login Pages >> External Page Choose the Exte rnal Pag e s election and get the login page from a design ated website. In t he Ext ernal Pag e Setting, en ter the U RL of the externa l login page and t hen cl ick Apply . After app lying the se tting, t he new lo gin page c an [...]

  • Page 235

    235 15.4. Load a Cust omi zed Logout P age  Custom Pages >> Logout Page The adm inistrator can app ly their o wn log out pag e in the m enu. As the proc ess is sim ilar to that of the Lo gin Page, ple ase ref er to the “ Login P age >> U ploaded Page” ins truct ions for m ore detai ls.  Note: The different par t is the HTML co[...]

  • Page 236

    236 15.5. How Exter nal Page Operates Choose Ext ernal Pag e if you des ire to use an ext ernal web page f or your cus tom pages. S impl y enter the U RL of your externa l webpage, clic k Preview button to check if it is r eachabl e, take a look at h ow your externa l webp age will b e dis pla yed, t hen c lick Apply button. Mai n Menu>System>[...]

  • Page 237

    237 The URL parameters sent b y the Gate way to th e exter nal login page ar e as fo ll ow s: Field Va l u e Descripti on loginurl String (UR L encoded) The URL which sha ll be subm itted when user login. rem ainingurl String (UR L encoded) The URL which sha ll be subm itted when user want to get rem aining quot a. vlanid Integer ( 1 ~ 409 4) VLAN [...]

  • Page 238

    238 <FORM ac tion="" m ethod= "post" nam e="form "> <script lan guage ="Javasc ript"> form .action = getV arFr omURL(w indow .l ocation. href, ' loginurl') ; </scri pt> <INP UT type ="t ext" nam e="m yuser nam e" si ze=" 25 "> <INPUT type =&qu[...]

  • Page 239

    239  U RL V ariables fr om Gat eway This s ection displ ays all the URL parameter s that are s ent fr om the G atewa y to the various exter nal pages . • Exter nal Login Page: V a riables : Field Va l u e Descripti on loginurl String (UR L encoded) The URL which sha ll be subm itted when user login . rem ainingurl String (UR L encoded) The URL[...]

  • Page 240

    240 Change_ pass wd_url String (UR L encoded) The URL which sha ll be subm itted when user want to change password. (Onl y available f or LOCAL user) ondemand_c reatio n_url String (UR L encoded) The URL which sha ll be subm itted when user want to create on - dem and user . ( Onl y available for LO CAL us er) Vlani d Integer ( 1~ 409 4) VLAN ID Gw[...]

  • Page 241

    241 (Only av ailable for RADIU S user ) W ISPR - BILLING - TIME String, f orm at: HH:MM W ISPr Bill ing - Time attribute ( Only availab le for RAD IUS user ) sessio n Strin g Encrypted s ession inform ation • Extern al Erro r Page: V a riables: Field Va l u e Descripti on msg String, inclu des: The s ystem is bus y . Pleas e tr y again later . Ca[...]

  • Page 242

    242 because it is cur rentl y not the service h our for your accou nt. Y ou ha ve a lready log ged in. Sorry , t here is a s y stem problem check ing the inf orm ation of your account (X XX) .<BR>Pleas e contact your net work administrator . I nvalid user nam e or password. <BR> Please che ck your usernam e and pas sword a nd try again.[...]

  • Page 243

    243 • Exter nal Logout Successful Page: V ariabl es: Field Va l u e Descripti on Uid Strin g User ID ( postfix is includ ed) Vlani d Integer ( 1~409 4) VLAN ID Gwip IP format Gatewa y activate d IP addres s • External O n - demand login succ essful page: V a riables: Field Va l u e Description Uid String User ID (p ostfix is included) Utype Str[...]

  • Page 244

    244 • Exter nal Logout Fail Page: V a riables: Field Va l u e Descripti on Uid Strin g User ID Gwip IP format Gat eway act ivated WAN IP address Vlani d Integer ( 1~409 4) VLAN ID[...]

  • Page 245

    245 1. URL V ariabl es to G ateway This s ection pres ents the par ameter s that need to b e sent back to the G atewa y for the vario us exter nal p ages. Pat h : is the URL destinat ion; Input : the p aram eters requir ed to sen d back ; Output : the feedback from system . • User Logi n: Path: (LAN IP addres s or Intern al Dom ain Nam e) /log in[...]

  • Page 246

    246 Field Required Va l u e Descripti on myusernam e Required Strin g User nam e mypassw ord Required Strin g Password ret_url Optional String (UR L encoded) Returned UR L, def ault is pop_rem inder .shtm l comm and Optional Strin g getV alu e: If com m and is set to “ge tV alu e”, the return URL would be ignored, and the pa ge would onl y prin[...]

  • Page 247

    247 - 2: Out of quota. - 3: Expir ed. - 4: Redeem ed. Unam e Strin g User name Typ e String, inclu des: TIME: Time t y pe DA T A: V olum e type CUTOFF: Cut - off type On - demand us er billin g t ype • Change password (Loc al User): Path: (LAN IP addres s or Intern al Dom ain Nam e) /log inpages /user_chang e_pass word.s htm l Input: Field Requir[...]

  • Page 248

    248 Input: Field Required Va l u e Descripti on Uid Optional Strin g Current user ID (If not presente d, user nam e stored in c ookie is t he default valu e) upass word Optional Strin g Current user pass word (If not prese nted, pas sword stored in c ookie is t he default valu e) myusernam e Required Strin g Redeem user ID mypassw ord Required Stri[...]

  • Page 249

    249 Redeem user logi n alread y . Had been redeem ed befor e. User run ou t of quo ta. Maxim um allowabl e tim e is exceeded . Maxim um allowabl e m emory space is ex ceeded. Wrong postf ix please c heck it. This ac count is exp ired. • On - demand ac count creation (Loca l User) Path: (LAN IP addres s or Intern al Dom ain Nam e) /log inpages /Us[...]

  • Page 250

    250 price, duration, serial num ber number is account s /n.[...]

  • Page 251

    251 15.6. Disclaimer Page Configure Discl aimer Page; go to: Syst em >> Se rvic e Zone >> Service Zone Configur ation >> Disclaime r Page . Before th e configur ation of the D isclaim er Page, Di sclaim er Page m us t be enabl ed first ; click on Enab le Disclaime r Page t o redir ect to Gen eral Setti ngs: Syst em >> Genera[...]

  • Page 252

    252[...]

  • Page 253

    253 16. Payment Gateway s 16.1. Payments vi a Authorize. Net C onfigure Payments v ia Au thorize.N et ; go to: User >> Authe ntication >> On - demand User >> External P ayment Gateway >> Autho rize.Net . Before set ting up “ Author ize.Net”, it is r equired t hat th e mer chant owners h ave a valid Authorize.N et accou n[...]

  • Page 254

    254  Service Di sclaimer Content/ Choos e Billing P lan for A uthorize.Net Payme nt Page/Client’ s Purchasing Record o Serv ice Dis claimer Conte nt o View s ervice agreem ents a nd fees f or the s tand ard pa yment gatewa y services her e as wel l as adding ne w or edit ing ser vices dis claimer . o Choose Billing Plan for Authorize.Ne t Paym[...]

  • Page 255

    255  A uthorize.Net Payment Page Fie lds Configura tion/ Authorize.Net Pay ment Page Remark Content  A uthorize.Net Payment Page Fi elds Configur ation o Item: Check the box to sho w this item on the custom er ’s payment interf ace. o Displayed T ext: Enter what nee ds to be s hown f or this field. o Require d: Check the box t o indicat e t[...]

  • Page 256

    256 inform ation of a tr ansact ion. This field m ay con tain an y form at of inform ation. o First Nam e: T he first nam e of a c ustom er assoc iated with the bill ing or shi pping addr ess of a transactio n. In the case when John D oe plac es an ord er , enter John i n the Firs t Nam e field in dicating this custom er ’s name. o Last Nam e: T [...]

  • Page 257

    257 16.2. Payments vi a PayPal C onfigure Payments via P ayPal ; go t o: User >> Authentication >> On - demand User >> Extern al Paym en t Gateway >> Pa yPal . Before set ting up “ Pa yPal”, it is re quired t hat the hotspot o wners ha ve a val id Pa yPal “Busi ness Ac count”. After ope ning a Pa yPal B usiness Accou[...]

  • Page 258

    258  Service Dis claim er Content / Billing Confi guration for P ayment Page Service Di sclaimer Content: V i ew the ser vice a greem ent and fees for the s tand ard pa y ment gate way services as wel l as add or edit the service d isclaim er content here. Choose Bi lling Plan for PayPal Pay m ent Page: The se 10 pla ns are t he plans in Billing[...]

  • Page 259

    259 16.3. Payments vi a SecurePay C onfigure Payments via S ecurePa y; go to: User >> Authenticati on >> On - demand Users >> Extern al Payment Gateway >> Se curePa y . Before set ting up “Sec ureP ay”, it is r equired that the hots pot owners have a va lid Secure Pay “Merc hant A ccount” from its official websit e. [...]

  • Page 260

    260 P a y. Curren cy: The curr enc y to be used f or the p ayment tra nsactions .  Service Dis claimer Conte nt View the ser vice agr eem ent and f ees for the standard pa y men t gate wa y services as we ll as add or edit the servic e discla im er content her e.  Sec urePay Payment Page Bil ling Configur ation These 10 pl ans are the p lans [...]

  • Page 261

    261 16.4. Payments vi a WorldPay C onfigure Payments via Wor ldPa y ; go to: Use r >> Authentica tion >> On - demand Users >> Extern al Payment Gateway >> World Pay .  W orldP ay Payment Page Configur ation Install ation ID: The ID of the as socia ted Merc hant Ac count. Payment Gatew ay URL: T he def ault websit e of pos[...]

  • Page 262

    262 The m essage content will be disp layed as a s pecia l notic e to en d custom ers. Before set ting up “W orldPay”, it is req uired th at the hot spot o wners ha ve a valid W orldPa y “Mercha nt Accoun t” f rom its official webs ite: R BS WorldPa y: Merchant Services & Pa yment Proc essing, goi ng to rbsworldpay .com >> support[...]

  • Page 263

    263 STEP ⑦ . Select th e Save Ch anges b utton STEP ⑧ . Input Insta llation ID and P ayment G ate way URL in gate way UI.  Installat ion ID: 2009test  URL : h ttps://select. wp3.rbs wo rldpa y .com /wcc/pur chase Note: The WAN IP of gate way must be rea l IP .[...]

  • Page 264

    264 17. Additional A pplications 17.1. Upload / Do w nload L ocal Use rs A ccounts C onfigure Upload / Down load Loc al Users Accoun ts ; go to: User >> Authentication >> Option >> Lo cal >> Local User List .  Upload Us er: Clic k U pload User to enter t he Upload User from File interfac e. Click the Brow se b utton to se[...]

  • Page 265

    265 17.2. Backup / Restore and Upload Ne w On - dema nd Users Ac counts C onfigure Back up / Res tore On - dem and Users Account s ; go to: Use r s >> Authentica tion >> On - demand User >> On - demand Acc ount List .  Backup Current A ccounts: Use th is funct ion to creat e a .txt f ile with all curr ent us er acc ount infor m[...]

  • Page 266

    266 17.3. Account Roami ng Out Configure Notif ication; g o to: Users >> Authentic ation >> Local >> Configure . In som etime, W HG C ontroll er ’ s built in L ocal dat abase can act as a RAD IUS ser ver f or Roam ing Out fr om other system . The Local User d atabas e will ac t as the RADI US user database.  Account Roaming O[...]

  • Page 267

    267 17.4. Seamless Cross Gate w ay Roami ng Configure Notif ication; g o to: Network >> Client Mobili ty >> Cross G ateway Roaming . W HG Controllers s upports seam less inter - Contro ller roam ing with up to 15 other Controll ers in a star lik e topolo gy . The Mast er Node m eans th at this C ontrol ler will b e at the cent er of the[...]

  • Page 268

    268[...]

  • Page 269

    269 Appendix A. C ertificate Settings fo r IE6 and IE7  Certific ate s etting f or the c ompan y w ith Certificate Authority  Backgr oun d infor mation Any webs ite or high - value Web Applications will req uire a clie nt to acc ess their websites via Secur e Sock ets Layer (SS L). The br owser will aut om atically ask for a public S SL c ert[...]

  • Page 270

    270 trusted m edia to insta ll this c ertificate ( as trust ed CA) in each em plo yee’ s com puter , and in th e m eantime export th is certif icate to t he W HG CONTROLL ER . In som e circum st ance, the compan y without Certif icate Authorit y ma y follow t he s teps state d belo w to a void error m essage. W hen in th e LAN env ironm ent of th[...]

  • Page 271

    271  Certific ate s etting f or Inte rnet Explore r 7 For IE7, r egardin g certif icate iss ues cause d b y certifica te publisher not b eing trus ted b y IE7, the f ollowin g steps may be tak en to pr ovide a work around or to bypass th e issue. (1) O pen the I E7 bro wser , a nd you wil l be red irected to th e defau lt lo gin page . If t he c[...]

  • Page 272

    272 For insta lling a trus ted cer tific ate to solv e the IE7 c ertifi cate issue, please f ollow t he instruc tions s tated be low . (1) W hen the User L ogin p age appe ars, c lick “ Certif icate Erro r” at the top. (2) Clic k “ V iew Certific ate” . (3) Clic k “Certification pa th” .[...]

  • Page 273

    273 (4) Selec t root c ertificati on, an d then cl ick “ V iew Certific ate” . (5) Clic k “ Install Certif icate” .[...]

  • Page 274

    274 (6) Clic k “ Next” . (7) Selec t “Auto matically s elect t he certif icate st ore b ased on th e type o f certif icate” , an d then c lick “Next” .[...]

  • Page 275

    275 (8) Clic k “Finish” .[...]

  • Page 276

    276 (9) Clic k “ Y es” . (10) Click “OK” . (11) Launch a ne w IE7 bro wser . The cer tificate is now tr usted via IE7 acc ording t o the ke y symbo l shown a t top next to t he addr ess f ield.[...]

  • Page 277

    277  Certific ate s etting f or Inte rnet Explore r 6 For issues relati ng to IE6 c ertif icate error, the following inform ation pro vides th e step to tak e when the certific ate publisher is not tr usted b y IE6. (1) Open an IE6 browse r , the Secur ity Alert m es sage will b e appear ed if the cer tificate is not truste d. Click “Yes” to[...]

  • Page 278

    278 Appen dix B. Networ k Con figura tion on PC & Us er Logi n  Network Configurati on on PC After W HG CONT ROLLER is installed, th e follo wing co nfigurations m ust be set up on the PC: Internet Connection Setup and TCP/IP N etwork Setup .  Internet Connec tion Setup  Windo ws 9x/2000 1) Choose Start >> Control Panel >> [...]

  • Page 279

    279 3) Choose “ I w ant to set up my Inte rnet connecti on manually , or I w ant to connect through a loc al A rea network (L A N )” , and then click Next . 4) Choose “ I connect thr ough a local area network (LAN ) ” and then click Next . 5) DO NOT choose an y option in the follo wing LAN window f or Internet conf iguration , and jus t cli[...]

  • Page 280

    280 6) Choose “No” and then clic k Next . 7) Fina ll y , clic k Finish to exit t he Internet Connection W izard . No w , t he set up is complete d.  Windows X P 1) Choose Start >> Control Panel >> Interne t Option .[...]

  • Page 281

    281 2) Choose the Connections tab, and t hen click Setup . 3) W hen the Welco me to the New Connection Wizard window ap pears , click Next . 4) Choose “Connect to the Internet” and then click Next .[...]

  • Page 282

    282 5) Choose “ Set up my connection m anually ” and then click Next . 6) Choose “ Connect using a broadband connecti on that is always on ” and then c lick Next . 7) Fina ll y , clic k Finish to exit t he Connection Wizard . N ow , the s etup is com pleted.[...]

  • Page 283

    283  TCP/IP Network Setup If the op erating s ystem of the PC i n use is W indows 95/98/ME /2000/X P , keep the default settings without a ny changes t o directl y start/res tart the s ystem. W ith the f actor y default sett ings, dur ing the process of star ting the s ys t e m , WHG CONTROLLE R with DHCP function will autom atical ly assign an [...]

  • Page 284

    284 3) Using DHCP: If you want t o use DH CP, c lick on the IP Address tab an d choose “ Obtain an IP address au tomatic ally” , and th en click OK . T his is also the defaul t setting of W indows. T hen, reboot the PC to m ake s ure an IP a ddress is obtained f rom W HG CONTROLLER . 4) Using Sp ecific IP Addres s: If you want to us e a spec if[...]

  • Page 285

    285 4.2) Clic k on the G ateway tab . Enter the gat ewa y address of W HG CONTROLLER in the “ New gatew ay” field an d click Ad d . T hen, click OK . 4.3) Clic k on DNS Configurati on tab. If the DNS Server f ield is em pty , s elect “Enab le DNS” and enter DNS Ser ver a ddress . Clic k Add , and then c lick OK to com plete the configurat i[...]

  • Page 286

    286 2) Right c lick on th e Local Area Connec tion icon and select “ Properties ” . 3) Select “ Interne t Protocol (TCP/IP)” and then click Prop erties . Now, you c an choose to use DHCP or a s pecif ic IP addr ess . 4) Using DHCP: If you want t o use DH CP, ch oose “Obt ain an IP add ress autom atically” , and then click OK . T his is [...]

  • Page 287

    287 5) Using Sp ecific IP Addres s: If you want to us e a spec ific IP address , acquir e the f ollowing inf orm ation fr om the net work adm inistr ato r: the I P Address , Subn et Mask and DN S Serv er addres s provid ed b y your ISP and th e Gatew ay addr ess of WHG CONTROLLER . If your P C has bee n set up complet ely, p lease infor m the n etw[...]

  • Page 288

    288 5.4) Enter the gat ewa y address of W HG CONTROLLER in th e “ Gatew ay” f ield , a nd then click Add . Af ter back to the I P S ettings tab, click OK to com plete th e configurat ion.  Check the TCP/IP S etup of Win dow XP 1) Select St art >> Control Panel >> Netw ork Connection . 2) Right c lick on th e Local Area Connec tio[...]

  • Page 289

    289 Now, you can cho ose to us e DHC P or a s pecific IP addres s. 4) Using DHCP: If you want t o use DH CP, ch oose “Obt ain an IP add ress aut omaticall y” a nd c lick OK . T his is als o the def ault setting of W indows. Then, reboo t the P C to m ake s ure an IP addres s is obtain ed from W HG CONTROLLER . 5) Using Sp ecific IP Addres s: If[...]

  • Page 290

    290 5.3) Click on the IP Settings tab and clic k Add bel ow the “Default gatew ays” colum n and the T C P / I P Gatew ay A ddress windo w will a ppear . 5.4) Enter t he gatewa y address of W HG CONTROLLER in th e “ Gatew ay” f ield , a nd then click Add . Af ter back to the IP Se ttings tab, c lick OK to finish the conf iguration.[...]

  • Page 291

    291 Appen dix C. Policy Prior ity  Global Policy , S ervice Zone P olicy , A uthe ntication Polic y and User Polic y W HG C ontroll er supports mult iple Po licies, includi ng one Global Policy and multiple ind ividual Policy whic h can be assign ed and boun d to G rou p . Global Poli cy is the sys tem’s universal p olic y and app lied to al l[...]

  • Page 292

    292 Appen dix D. RADIUS A ccoun ting This s ection is tr ying to or ganize the basic c onfigur ation with RADIU S serv er to wor k with VS A. The aim is trying to c ontrol th e m aximum usage (upload; downl oad or u pload + downlo ad tr affic) of clients in each session. This VS A will send f rom RADIUS server t o gate way along with an Access - Ac[...]

  • Page 293

    293 2. VSA configuration i n RADIUS server (IAS Server) This section will guid e you thr ough a VS A c onf iguration in your externa l RADIU S server . Bef ore gettin g start, please acc ess your extern al RA DIUS ser ver ’s desk top directl y or rem otel y from other PC. Step 1 Assum e there are a lread y have use rs in R ADIUS Se rver As sum e [...]

  • Page 294

    [...]

  • Page 295

    295 Step 5 Confirm the V endor - specif ic Attribut e has been adde d succ ess Step 6 Follow th e sam e steps to c reate oth er V endor - specific A ttribute as you nee d.[...]

  • Page 296

    296 3. VS A confi gurati on in RADIUS ser ver (Fre eRADIUS) This s ection wil l guide you throug h a V S A c onfigura tion us ing the op erating s ystem “Fedora” F reeRADI US ver sion 1.0.5. Bef ore gett ing start , open the shell of RADIU S server , for ex ample, us e Putty to acc ess the L inux Hos t: Step 1 Assum e there are a lread y have u[...]

  • Page 297

    297 Administr ator als o can ad d other a ttributes as the t able stated in Section 2 with sa m e format. Step 5 Edit the f ile “dicti onar y” under t he folder “ freer adius”. Step 6 Include “d ictionar y . LevelO ne ” in the dicti onar y of RADI US serv er . Inser t it in an incr emental pos ition th at eas y to find it aga in. Step 7[...]

  • Page 298

    298 Step 8 Insert VS A into RA DIUS re spond. In this ex ample, t he m aximum download and uploa d in b ytes for group03 users is 1MB yt es . Step 9 Restart R ADIUS to get your settings acti vated.[...]

  • Page 299

    299 Appen dix E. VLAN Por t Loca tion M apping and P MS Mid dlewar e This s ection introd uces the Port Loc ation Map ping f eature. This f eature is design ed for creating m ultiple V LAN divisions (as if the y were separ ate LAN por ts) under a Serv ice Zon e and mappin g these VLANs to different lo cations individual ly . This f eature c an be u[...]

  • Page 300

    300 2. Por t Loca tion Mappi ng C onfigure Port Locat ion M apping ; go to: Syst em > >Port Location M apping>> Configure . Administr ator cou ld use Port Loc ation Map ping feat ure to map a loc ation ( such as a hotel ro om ) to a VLAN port of VLAN s witch or a D SLAM dev ice. Eac h Room is mapped t o a VLAN T ag. And eac h Room can b[...]

  • Page 301

    301  M ultiple U ser is th e port t ype used f or room s with m any user s for example dorm itor y applicat ions. If the user ope ns a brows er and t ries to ac cess in ternet, a user log in page without billing plan opti ons will be displa yed. The user needs to bu y acc ounts fr om the fr ont dorm office in order to l ogin. The room with t hi [...]

  • Page 302

    302  Port Loca tion Mapping Setup – Create One From: Set the Ph ysical LA N port o n the gate way to provide Port Locat ion Ma pping Ser vice. Port T ype: The default s tat e of the ro oms , it ma y be: F ree, Block , Singl e User , Multiple User . Service Zone : The ser vice zone pr ofile used to pr ovid e internet service to this room . VLAN[...]

  • Page 303

    303  Connection Se tup: Enter t he Secret, I nterf ace Port, M I ID, AC I D, and L ink T es t Interval for Middle ware connec tion.  Sec ret: The secr et ke y between G uest S ervice D evice a nd PM S M iddl eware for c hallenge and response ( MD5 Hash) to te st the auth enticit y of the link . It should co ntain o ne or mor e lowercase lette[...]

  • Page 304

    304 The Searc h field a llows ad m inistrator to sear ch for mapping e ntri es accor ding to VLAN ID, Room Num /Location ID or Service Z one. C lick the VL AN I D link to enter the Port M apping Pr ofile page for that entr y . Y ou can change th e Port T ype or Service Z one of this room . Y ou a lso can check the pres ent user account inform ation[...]

  • Page 305

    305 will displ ay the ge nerate d acc ount name and pass word. If you alread y have a user ac count, you can c lick the “ here ” l ink to lo gin with t he user account t hat you posses s.   W hen a user tries to ac ces s internet from a “ Mu ltiple User ” r oom , the bro wser wi ll sho w the Login p age without billing pl ans opti ons[...]

  • Page 306

    306  W hen a user tries to ac cess inter net fr om a “ Free ” room , the browser will s how servic e agreem ent page, sim ply by click ing CO NFIRM an d t he user can ac cess th e int ernet. The Service Agreem ent bod y can be c onf igured at the applie d Serv ice Zone ’s Custom Pages sett ings.  W hen a user tries t o acces s intern et[...]

  • Page 307

    307  P/N : V WHG500201 10601[...]