manualshive.com logo in svg

4IPNET HSG326, User Manual

The 4IPNET HSG326 is a cutting-edge network security gateway that ensures reliable connectivity. Setting up the device is a breeze with the included Quick Installation Manual. Easily download this comprehensive manual for free from our website manualshive.com, ensuring seamless installation and optimal performance for your network.

Share
Download
background image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

 

User’s  Manual 

 

V1.00.00

 

 
 

  HSG326

 

Wireless  Hotspot  Gateway 

 

 

 

Summary of Contents for HSG326

Page 1: ...User s Manual V1 00 00 HSG326 Wireless Hotspot Gateway ...

Page 2: ... 4IPNET INC Disclaimer 4IPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights nor the parent rights of others 4IPNET further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Trademarks 4IPN...

Page 3: ...3 4 2 1 Local User Database 23 4 2 2 On Demand User Database 26 4 2 3 The Guest Authentication Option 31 4 3 External Authentication Options 36 4 3 1 RADIUS 36 4 3 2 Social Media 39 Chapter 5 Group Attributes Policy Rules 41 5 1 Overview of the Concept 41 5 2 Practical Setups of Group and Policies 44 Chapter 6 Basic Service Zone Configuration 50 6 1 The Concept of Service Zone 50 6 2 Service Zone ...

Page 4: ...Demand Billing Plans 89 10 2 On Demand Billing Plan Types 90 10 2 1 Usage time with Expiration Time 90 10 2 2 Usage time with No Expiration Time 92 10 2 3 Hotel Cut off time 94 10 2 4 Volume 95 10 2 5 Duration time with Elapsed Time 97 10 2 6 Duration time with Cut off Time 99 10 2 7 Duration time with Begin and End Time 100 10 3 Terminal Server Setup 102 10 4 Customizing POS Tickets 112 10 5 Crea...

Page 5: ...NAT 177 2 Monitor IP 179 3 Walled Garden and Walled Garden Ad 180 4 Proxy Server 181 5 Local DNS Record 184 6 DDNS 185 7 Client Mobility 185 F Utilities 186 1 Administrator Account 186 2 Backup Restore 190 3 Certificates 192 4 Network Utilities 195 5 Restart 197 6 System Upgrade 197 G Status 198 1 System Summary 198 2 Interface 202 3 Monitor Users 204 4 Process Monitor 204 5 Logs Reports 205 6 Rep...

Page 6: ... 2 Data Link Layer and Layer 3 Network Layer 4ipnet HSG are suitable in Layer 2 network architecture if you want to develop a Layer 3 network we strongly recommend you choose 4ipnet WHG Controller series Layer 2 networks are relative simple network deployment topology that span physically under the LAN ports of 4ipnet HSG WHG we two deployment scenarios are illustrated below Layer 2 Network in Por...

Page 7: ... Layer 2 Network in Tag Based Mode Layer 3 networks not only span physically under the LAN ports of 4ipnet WHG it is also capable of reaching over different IP networks to manage remote sites with routable IP address via tunnels Layer 3 Network with tunnels ...

Page 8: ...d as an external RADIUS database for another 4ipnet HSG Wireless Hotspot Gateway for account roaming On Demand User is a type of user whose account credential is stored in the 4ipnet HSG Wireless Hotspot Gateway s built in database named On Demand The 4ipnet HSG Wireless Hotspot Gateway s On Demand database capacity varies with different model On Demand User is designed for short term usage purpos...

Page 9: ...will only service the maximum number of service zones based on the amount of physical LAN ports Tag Based mode dynamically maps a client to a service zone based on the VLAN ID tagged on the traffic packet Group is a user role profile which defines the accessibility of a user to different Service Zones and in turn defines the QoS properties as well as network policy when access is granted Each and ...

Page 10: ...picts the relationship between Service Zone Group and Policy In this example Students and faculties logging into Service Zone 1 will be governed by Policy A Guests only have access to Service Zone 3 and will be bounded by Policy C Faculties have the access to both Service Zone 1 and Service Zone 2 under two different policies Relationship of Service Zone Group and Policy Service Zone 1 Service Zon...

Page 11: ...teway to allow end user credit card self payment for On Demand accounts if needed Load SSL certificate for the Web Server before operation Monitor generated status pages and reports Perform other advanced setting for other specific application 1 3 1 Common Settings For the most commonly deployed scenarios in a standard network please refer to Chapters 3 to 6 Chapters 3 to 6 contain configuration t...

Page 12: ...HSG326 Wireless Hotspot Gateway ENGLISH 12 Customers with needs to fulfill specific applications integration with 3rd party devices customization etc please refer to Chapters 11 and beyond for advanced feature setup ...

Page 13: ...y PC connected to the LAN interface with the default IP address of 192 168 1 254 The default administrator account and password is Username admin Password admin Upon the first login the system prompts for the administrator to change password to enforce system security The password needs to be at least 6 characters long and include at least one alphabet and one number You may refer to part F of App...

Page 14: ...ess Hotspot Gateway ENGLISH 14 The WMI Welcome page is as shown below after a successful administrator login NOTE 1 To logout simply click the Logout icon on the upper right corner of the interface to return to the login screen ...

Page 15: ...a suitable network topology with resiliency capacity and survivability in mind Typically organization networks today are a combination of manageable wired and wireless LANs sometimes even remote LANs The main category of network topologies supported by 4ipnet HSG Wireless Hotspot Gateway is Layer 2 Topology Layer 2 Topology This network topology aims to build a managed Local Area Network LAN which...

Page 16: ...N Settings Configuration Path Main Menu System WAN The WAN port supports three connection configurations Static Dynamic and PPPoE These connection types are adequate enough to support most ISP The Physical Mode drop down list allows administrators to choose the speed and duplex of the WAN connection When Auto Negotiation is On the System chooses the highest performance transmission mode speed dupl...

Page 17: ...our ISP provides PPPoE Dialup connection then the ISP will issue you an account with a password You would need to enter the account credential in the WAN configuration page for dialing up to the ISP NOTE 1 When in doubt please consult your ISP provider regarding details of your subscribed uplink service 3 2 2 WAN Traffic Control The Uplink and Downlink bandwidth configured here is the bandwidth fo...

Page 18: ... connection administrator may specify up to three outbound sites as detection target for verifying whether the uplink service is alive or down The controller will periodically check the uplink status A field of warning message text may be customized by the administrator which will be displayed on the user s web browser when all three detection targets fail to respond ...

Page 19: ...TE 1 If HA feature is in Enabled status LAN1 will be transformed into a dedicated HA port and will not be able to service any Service Zone Configuration Path Main Menu System LAN Ports 3 3 1 Port Based Service Zone Port Based mode operates with the principle that each physical LAN port can be mapped to an enabled Service Zone or disabled from providing service Operating under port based mode there...

Page 20: ...ation mode operates under the principle that different Service Zones are identified by VLAN ID This means that Tag Based operation allows each physical LAN port to accept traffic for any enabled Service Zones Traffic handling will be processed internally according to the VLAN ID traffic packets carry ...

Page 21: ...o get network access 4ipnet HSG Wireless Hotspot Gateways support built in and external authentication databases All the authentication options are listed below Built in Authentication options Local with user credentials stored in the built in Local database On Demand with user credentials stored in the built in On Demand database Guest is an access option that allows users to access networks with...

Page 22: ... Hotspot Gateway The configurations of authentication options for Internal and External authentication are done separately The 2 external authentication servers RADIUS are customizable and can be enabled concurrently NOTE 1 Authentication Options may be selectively enabled or disabled to authenticate users in each Service Zone profile ...

Page 23: ... of authentication method checks the local database that stores user often the staff and credentials internally The Local user database is designed to store static accounts which will not be deleted unless manually performed by administrator Configuration Path Main Menu Users Internal Authentication Local Local User List Account generation Click Add User to create one or multiple accounts ...

Page 24: ...ints which may be enforced to this account if the Account Span option is checked This is a useful attribute if used in complement with Multiple Login ideal to provide network access to a group of people for a specified amount of time for instance during a seminar event Account Import and Export The Local user database can import and export user credentials by using the Upload and Download function...

Page 25: ...pload failure and a warning message will be displayed Modifications to Account Credentials For existing user accounts further modification is possible simply by clicking the username hyperlink on the page to reconfigure account attributes Deleting Accounts Accounts in the Local user database may be deleted individually or entirely by selecting the Select All checkbox There will be a popup window a...

Page 26: ...ume constraints Ideal for deployment needs of Hotels Hotspot venues Enterprise visitor reception and more The On Demand Authentication option offers plenty of options for customization POS tickets can be customized to businesses needs and multiple payment options are also available on the HSG Wireless Hotspot Gateways Configuration Path Main Menu Users Internal Authentication On Demand ...

Page 27: ...ttings include the customization of POS Web tickets Payment Gateway options and etc When Terminal Servers such as the SDS200W are deployed for account generation remember to configure the IP and Port in Terminal Server configuration The HSG Wireless Hotspot Gateway can work in hand with Clickatell SMS server for On Demand accounts credentials to be sent to users via SMS message ...

Page 28: ...eway ENGLISH 28 With a set of Clickatell account Username Password the SMS Gateway can be configured to send SMS messages upon On Demand account creation The SMS service can be used for free access paid access with payment gateway integration ...

Page 29: ...wing or disallowing users to register for new accounts prior to account expiration To block valid accounts from requesting new accounts set option to Enabled With the SMS Gateway enabled the Billing Plan selection page will appear as such Note that the Billing Plan selection page may be customized if needed 2 Define account usage terms in Billing Plans Up to 10 billing plan profiles are available ...

Page 30: ...emand Accounts List houses all the existing On Demand accounts Each account s status quota etc will be displayed for reference On Demand account import export deletion and Admin Redeem are also performed on this page The status of On Demand accounts are defined as valid out of quota and expired NOTE 1 For more detailed information on the four major account types please refer to Appendix D 2 For mo...

Page 31: ...database but rather a specially designed option to allow a user to access and surf the network without any user account or password This feature allows the user to associate with a particular Service Zone enter a specified string of text which may be a social security number email etc defined by the administrator and use the network without actual authentication The terms of use as well as usage c...

Page 32: ...a questions on the login page for guest login where the access information from guest users would be collected and viewed in the Guest Information list Guest Access Time when set to Limited will enforce a usage time constraint based on MAC addresses If the Quota is set to 30 minutes each device may only be allowed 30 minutes of usage and a new session will only be possible once the Reactivation ti...

Page 33: ...client then has to activate this account within the activation time to extend his her usage time by clicking a link in the mail sent by the mail server Note that the activation is merely a timer and does not add to the account s Quota The Sender Name Email Subject Email Content are all customizable as soon as the SMTP server is ready SMTP server configuration is done by clicking the Assign SMTP Se...

Page 34: ...t Information list for administrators further analysis or marketing purposes Account names account emails gender birthdays and location on the Social Media Account List are downloadable for administrators data manipulation Guest Questionnaire answer sheets are displayed over following custom columns as well Administrators are able to download the collected guest information by clicking Download bu...

Page 35: ... as shown in the figure below Consequently after going through configurations from STEP 1 to STEP 3 end users will see that the an additional section for guest access will show on the Service Zone s login page By typing an email address and click login or by clicking Social Media Login button approving the terms and condition of free accessing public Wi Fi the guest users will be able to access th...

Page 36: ...rnal authentication is shown below NOTE 1 Please note that having configured the authentication options whether using built in or external databases they will need to be enabled in each enabled Service Zones individually 4 3 1 RADIUS Remote Authentication Dial In User Service RADIUS is a networking protocol that provides centralized Authentication Authorization and Accounting AAA management for co...

Page 37: ...ication 4ipnet HSG Wireless Hotspot Gateways support RADIUS authentication RADIUS class mapping and RADIUS transparent login with 802 1X Below is the detailed configuration page of RADIUS settings Attributes of the Primary RADIUS Server and Secondary RADIUS Server can be configured depending on service deployment ...

Page 38: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 38 ...

Page 39: ...reless Hotspot Gateway enabling different RADIUS accounts to be incorporated into different Groups 4 3 2 Social Media Social Media Login allows Wi Fi users to access internet without going through a tedious account registration process 4ipnet HSG Wireless Hotspot Gateway supports four kinds of social media accounts Line Facebook Google and Open ID All administrators have to do is to apply the corr...

Page 40: ...velopers site https developers line me channels and apply Line Login APP to get the app ID and app secret Facebook visit the website at Facebook developers site https developers facebook com and apply for Facebook Login APP to get the app ID and app secret Google visit the website at Google Developers Console https console developers google com and apply for Google API to get the client ID and sec...

Page 41: ...ir relationship with the Service Zone followed by practical setup processes on these three attributes 5 1 Overview of the Concept Group A Group is a set of users that admin considers they share some extent of similar characteristics i e role based For example in a university there are students the faculty staff and guests in general Therefore an IT staff may set up three Groups that distinguish th...

Page 42: ...ticated users of a certain Group to generate On Demand accounts in Controller s default template login success page Password change privilege to allow users to change their own passwords subsequent to a successful login in Controller s default template login success page Maximum Concurrent Sessions determines the number of concurrent log ins allowed per user 3 Service Zone accessibility The permis...

Page 43: ...ce a user from group 1 may be imposed by policy 1 in service zone 1 but policy 3 when he goes to service zone 3 Relationship Between Group Policy and Service Zones The first figure displays the relationship between group and policy and the attributes that can be defined in each category Admin can define the relationships between policy group and service zone from two points of view the view of map...

Page 44: ...summary of which Authentication Servers are used for each corresponding Group User Groups assigned to a Billing Plan for the On Demand Authentication Database are also shown here Group Settings Configuration Path Main Menu Users Groups Configuration The Group Configuration Group x table is for Policy settings to be defined for the Group Multiple Device Login except for On Demand can be enabled her...

Page 45: ... Gateway ENGLISH 45 Check the Status checkboxes to allow users of this Group to access the corresponding Service Zones To configure from a Service Zone s perspective please go to Access Permission and Authorization in Service Zone Settings ...

Page 46: ...icy Settings Configuration Path Main Menu Users Policies Policy Configuration 1 Select Policy allows administrator to choose which Policy Profile to configure 2 Firewall Profile is for defining service protocols user firewall rules and Layer 2 Firewall settings ...

Page 47: ... down list and start configuring each attribute by clicking Configure After the setting remember to always click Apply to save the changes made Note again that the Global Policy is the policy that applies to all users in all service zones that is not explicitly governed by a policy profile Schedule Configuration Path Main Menu Users Schedule The Schedule is the assignment of allowed user login per...

Page 48: ...pon creation or from the following path for existing accounts Users Authentication Local Configure Local User List username There is an Applied Group row for admin to determine the attribute On Demand accounts may be assigned a Group per account individually upon creation RADIUS users can have users assigned to different Groups based on RADIUS class The mapping can be configured at Users Authentic...

Page 49: ...26 Wireless Hotspot Gateway ENGLISH 49 The Policy enforcement priority is as follows Authentication is enabled Group Service Zone Mapping Global Policy Authentication is disabled Service Zone default Policy Global Policy ...

Page 50: ...its Service Zone administrator can flexibly separate the wired and wireless networks easily 6 2 Service Zone Setup 6 2 1 Tag based or Port based Service Zones 4ipnet HSG Wireless Hotspot Gateways offer two modes of physical LAN port to service zone mappings namely port based mode and tag based mode Intuitively as the name suggests Port based mode means that each LAN port services one or none Servi...

Page 51: ...t s say VAP with VLAN ID 15 Therefore the AP s traffic when forwarded back to the Controller will be mapped to Service Zone 1 with configurations set for staff access Configuration Mapping Configuration Path Main Menu System LAN Ports Admin can change the type of service zones There are some grayed out service zones because they have been disabled Therefore admin should first go to System Service ...

Page 52: ... to Tag based the correspondence of service zones and ports will be grayed out Each Service Zone will need to be assigned a unique VLAN ID ranging from 1 to 4096 Note that the Default Service Zone is designed to be tag less to manage Local Access Points and process untagged traffic ...

Page 53: ...ion in and out of the Controller Router mode is selected when using public IP or under circumstances where the downstream devices requires a routable IP address to upstream routers 6 2 3 Service Zone Network Interface Configuration Path Main Menu System Service Zones Configure IP address will act as the Controller IP to a user connected to this Service Zone Subnet mask defines the size of your Ser...

Page 54: ...s Configuration Path Main Menu System Service Zones Configure Dynamic Host Configuration Protocol DHCP is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers i e a scope configured for a given network 4ipnet HSG Wireless Hotspot Gateways supports independent DHCP settings for each Service Zone profile Options include Disable ...

Page 55: ...rminates 6 Click Apply to activate changes 6 2 5 Wireless Settings Configuration Path Main Menu System Service Zones Configure Beside LAN setting wireless can be enabled specify a desired SSID select the operation frequency 2 4G 5G or both For more details on wireless configuration please refer to part A in Appendix E of the User Manual 6 2 6 Authentication Options Configuration Path Main Menu Sys...

Page 56: ...ion of a desired landing page may be configured here When enabled the administrator can choose to set the URL of an opened browser after users initial login 3 MAC address authentication RADIUS MAC authentication feature once enabled if the connected device has its MAC address entered in the configured RADIUS Server the Controller will automatically authenticate and grant access immediately if auth...

Page 57: ...n establishing a direct connection between two networking nodes When this feature is enabled for service end users may configure a dial up connection setting with a valid username and password support only Local and RADIUS users Once the dial up connection has been established the user would have been authenticated successfully without further UAM login ...

Page 58: ...h Service Zone can be configured to have unique Login Pages or Message Pages There are 3 types of Login Pages The General Login Page PLM Open Type Login Page for Port Location Mapping free access and PMS Billing Plan Selection Page A Service Disclaimer page can be enabled if required These pages are fully customizable to give administrators complete flexibility Message Pages can also be customized...

Page 59: ...s easy customization The general layout has been set for the administrator but the contents can be customized to his preference A color theme and a logo can be uploaded and contents field such as Service Disclaimer text colors can entered within the template presentation layout Upload Your Own The Administrator has the option to upload a html file as the Login Page The Download HTML Sample File gi...

Page 60: ... knowledge of URL parameter utilization that works together with the Message Pages and should be organized carefully For more details on External Login Page customization please refer to Appendix B of the User Manual For a Preview of the custom page click Apply followed by the Preview button Similarly the four options are available for Message Pages ...

Page 61: ...way ENGLISH 61 Chapter 7 Advance Settings for Network Environment 7 1 Network Utilities Configure Network Utility go to Main Menu Utilities Network Utilities The system provides network utilities to help administrators manage the network easily ...

Page 62: ...dress or domain name VLAN ID Allows administrator to find out the VLAN ID of an IP or MAC address ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP Sniff With this feature the administrator can listen for packets from selected Interfaces The administrator can further filter the types of packets to capture by using tcpdum...

Page 63: ...ciation from time to time This section describes the ways in which user or device restrictions may be achieved Configuration Path Main Menu Users Black List The black list is a tool for user access control Each black list can hold specific user accounts that will be denied of network access The administrator can use the pull down menu to select the desired black list profile to edit ...

Page 64: ... related information in the Remark blank fields not required click Apply to add the users To remove a user from the black list select the user and click Delete to remove that user from the black list After the Black List is setup completed select the Black List in the desired Authentication Server for it to become effective ...

Page 65: ...ed for authentication of Built in RADIUS Server users roaming out Certificate Management gives a summary of certificates available and which are currently in use To enter settings click Edit icon on the top left corner of each category 7 3 1 System Certificate This is the certificate that identifies the system These certificates may be used for applications such as HTTPS login and etc The Controll...

Page 66: ...ded To view details of the certificate click the corresponding View button Click Get CERT and Get Key to download the certificate and public key onto your local disk To Upload a Certificate Private Key Intermediate CA click Browse select the appropriate files and click Upload Files ...

Page 67: ...CA certificate can be downloaded and used to sign certificates generated by the system Note that the system only allows one Internal Root CA to be created To upload an Internal Root CA click browse to select the Certificate and matching Private Key from your local disk and click Upload Files Once an Internal Root CA is uploaded generated details will be shown in the following format ...

Page 68: ...ificate Internally Issued Certificates can be generated on this page Note that an Internal Root CA needs to be created first before Internally Issued Certificates can be signed Certificate Information is an overview that displays all current Internally Issued Certificates To view details of the certificate click the corresponding View button ...

Page 69: ...ificate click the corresponding View button 7 4 Management Access Configuration path Main Menu System General Management IP Address On the 4ipnet HSG Wireless Hotspot Gateways the administrator can grant access to the web management interface by specifying a list specific IP addresses or ranges of IP addresses both from WAN or from LAN For example entering 192 168 3 1 and 192 168 1 0 24 means that...

Page 70: ...ss authority which may be created for management personnel to access their designated assigned areas of authority a necessary feature for large scale deployment requiring multiple management personnel This configuration path will lead to the page for assigning authority property and generation of other management accounts customizable to suit the needs of your network There is only one management ...

Page 71: ...ireless Hotspot Gateway ENGLISH 71 Step 1 Configure Password Safety Settings Password Safety can be enabled to protect the Web Management Interface from unauthorized personnel Note that these settings are disabled by default ...

Page 72: ...r or Operator Admin is classified under Super Group with all access and configuration authorities Only Super Group members can generate other administrative accounts Manager On Demand Manager and Operator Permission Settings for all administrative accounts can be customized With the exception of the Super Group members other administrative accounts can be configured to have read write or read only...

Page 73: ... contain constraints or rules which must be followed upon management account creation or password change 2 Admin List will display all existing management accounts and login status if this account is currently accessing the WMI 3 Admin account is the root account and may not be deleted or have its authority modified 8 2 Configuration Backup Restore Configuration path Main Menu Utilities Backup Res...

Page 74: ...o prevent the loss of WMI connection if this action is performed remotely 3 Resetting to factory default will erase all configurations and restore the controller to factory configuration This action also has additional options to keep critical settings 8 3 Firmware Upgrade Configuration path Main Menu Utilities System Upgrade The administrator can obtain the latest firmware from 4ipnet s website o...

Page 75: ...he upgrade process completes and the system needs to be restarted afterwards to activate the new firmware FTP firmware upgrade is also an option enter the FTP server IP address FTP server port and the FTP account name and password and lastly specify the complete firmware filename stored on the FTP server that will be used to upgrade the system Before performing an upgrade the system checks for ver...

Page 76: ...Select Restart the system in Regular mode click Apply to restart HSG Wireless Hotspot Gateway If the power needs to be turned off it is highly recommended to restart HSG Wireless Hotspot Gateway first and then turn off the power after completing the restart process The administrator may enter Reason for Restart for maintenance purposes NOTE 1 The connection of all online users of the system will b...

Page 77: ...on path Main Menu Status System Summary The system status page displays a table of contents including system firmware version report servers configured WAN optional settings User log profile system time and session control settings This overview is designed for main configuration items For detailed status please proceed to corresponding configuration pages ...

Page 78: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 78 ...

Page 79: ...tion provides the details of each of the network interfaces for the administrator to inspect including WAN1 Default SZ1 SZ4 Select the network interface that you are interested to see If the selected interface is enabled the corresponding network settings will be displayed Scrolling down the page the traffic statistics for different scales including traffic summary traffic of the day traffic of th...

Page 80: ...rules will be listed here It provides a fast reference window for the administrator to see the routing rules enforcements for users belonging to different Policies It also shows the System Route rules specified for each network interface IPv6 are available for Global policy and the rules configured there will also be shown in the IPv6 routing table page along with System interface settings for IPv...

Page 81: ...nt in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days are shown here The header 1 10 are unit multipliers for instance the number under column 2 indicates the expired count in the last 20 minutes hours days the number under column 3 indicated the expired count in the last 30 minutes hours days and so o...

Page 82: ...y tunneled site There are 2 modes to select from Select Detail to display more information such as Pkts In Out Bytes In Out and etc Administrators can force out a specific online user by clicking Kick Out and check the user access wireless status A Search tool is available for searching IP or MAC address of specific online user Click Refresh to update the current users list or you can select the t...

Page 83: ... LAN or remotely tunneled site This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the client s MAC Address IP Address and associated VLAN ID Service Zone as well as wireless status if the client uses wireless connection 9 2 3 Roaming Out Users Configuration path Main Menu Status Monitor Users Roaming Out Users This page shows the user...

Page 84: ... path Main Menu Status Sessions This page allows the administrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may define the filter conditions and display only the results you desire ...

Page 85: ...hows the account and IP of the person that has made changes to Controllers WMI configurations Local Monthly Usage This page shows the aggregated statistics for Local users showing the transmitted traffic for the month Local Web Log This page shows which of the web pages have been accessed on the Controllers built in web server On Demand User Billing Report Log This page displays a summary of On De...

Page 86: ... 100 to display per page Select the Begin and End date from the calendar to filter unwanted User Events After the Begin and End dates are selected click Display to display all User Events within the selected dates The Download button downloads the displayed User Events into a comma separated txt file Save as a new file with csv extension to sort the downloaded data into cells The Clear button dele...

Page 87: ... ENGLISH 87 9 4 Reports Notification Configuration path Main Menu Status Reporting HSG Wireless Hotspot Gateway can automatically send various kinds of user and or system related reports to configured E mail addresses SYSLOG Servers or FTP Server ...

Page 88: ...e configuration of two external SYSLOG servers where selected users logs as well as system logs will be sent to FTP Settings Allows the configuration of an external FTP Server where selected users logs as well as system logs will be sent to Notification Settings Provides an overview of all the available users and system logs for selection Selected logs can be sent to the chosen location E mail SYS...

Page 89: ... Apply to activate Plan The number of the selected Billing Plan profile Plan Type The account type chosen for this plan Different account types have different properties A suitable account type should be selected that will best meet guest usage requirements Quota The usage terms on how much or how long an On Demand users are allowed to access the network Price The unit price of the respective bill...

Page 90: ...when Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On Demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation will ...

Page 91: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 91 ...

Page 92: ...ccount expires only when quota is depleted Quota is the total period of time xx days yy hrs zz mins during which On Demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeem Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation will result in acc...

Page 93: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 93 ...

Page 94: ...t off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the On Demand account to access the Internet without paying additional fee Number of Devices is to define the number of allowed simultaneous logged in devices per account Unit Price is a daily price of this billing pla...

Page 95: ...0 2 4 Volume Users can access internet as long as account is valid with remaining quota traffic volume Account expires when Valid Period is used up or quota is depleted This is ideal for small quantity applications such as sending receiving mail transferring a ...

Page 96: ... expiration Expiration is the valid time period for using After this time period the account expires even with quota remaining Quota is the total Mbytes 1 1000000 during which On Demand users are allowed to access the network Number of devices is to define the number of allowed simultaneous logged in devices per account 0 unlimited Unit Price is the unit price of this plan Group will be the applie...

Page 97: ...ns immediately after account is created and is continuous regardless of logging in or out Account expires once the Elapsed Time is reached This is ideal for providing internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time ...

Page 98: ...nt is valid for internet access xx hrs yy mins Number of Devices is to define the number of allowed simultaneous logged in devices per account Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information ...

Page 99: ...e Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to account creation time Cut off Time is the clock time when the account will expire Number of Devices is to define the number of allowed simultaneous logged in devices per account Price is the unit price o...

Page 100: ...s Hotspot Gateway ENGLISH 100 10 2 7 Duration time with Begin and End Time The Begin Time and End Time of the account are defined explicitly Count down begins immediately after account activation and expires when the End Time has ...

Page 101: ... AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will expire defined explicitly by the operator Number of Devices is to define the number of allowed simultaneous logged in devices per account Price is the unit price of this plan Group will be the applie...

Page 102: ...SDS200W is an innovative product 4ipnet offers to facilitate the communication between 4ipnet hotspot gateway and serial POS printer It is mainly used to have the connected printer fast print necessary account information extracted from a 4ipnet hotspot gateway for a user who would like to access the Internet or managed networks making provisioning of wired or wireless connection easier and more u...

Page 103: ...mber 2 ENTER Print a ticket of billing Number 1 with Number 2 units For example 8 asterisk 3 ENTER is equal to create an On Demand account of billing plan 8 with 3 units and have the POS printer print out the corresponding ticket That is the quota that billing plan 8 grants is multiplied by 3 FUNC 1 ENTER To print out the information of SDS200W including 1 its IP address 2 the firmware version and...

Page 104: ...ER To lock the keypad excluding the TAS and the Reset button In Lock Mode the Status indicator will enter into special flashing Press asterisk ENTER again to disable the function and the LED indicator Status will go back to short illuminated intervals or long illuminated intervals LED Indicators Power When the power adapter is connected Power will become constantly on when disconnected the light t...

Page 105: ...ing to uplink device after step 4 Afterwards Status will go to step 2 Ethernet Ethernet turns into constantly on when an Ethernet cable is connected Ethernet blinks when the system detects wired traffic passing Ethernet It is constantly off when no cable is connected WLAN WLAN behaves similarly as Ethernet becoming constantly on when wireless connectivity is enabled not necessarily connected It ju...

Page 106: ... illuminated intervals Amplitude Fast Flashing t Amplitude Constantly on Amplitude Constantly off t Amplitude Special flashing t t Amplitude Short illuminated intervals t Ride Side Panel 1 Kensington Lock Be used to lock the device to a pole 2 Restart Reset Press once to reboot the system Hold for five seconds to make SDS200W set back to factory default settings 3 TAS Terminal Auto Setup TAS Press...

Page 107: ... a POS printer to a power adaptor provided in the package and turn on the power switch situated on the left side of the device 4 Connect a POS printer to the Console port of SDS200W by a RS 232 cable provided within the POS printer package Left Side Panel 1 Console Serial port for connecting to a POS printer 2 Ethernet RJ 45 Ethernet port Serial port for connecting to the uplink gateway via wire 3...

Page 108: ... be printed out Managing SDS200W on the Web Management Interface SDS200W is designed specifically to operate in conjunction with all 4ipnet Gateways Controllers including both HSG and WHG series If you are not using default settings before connecting SDS200W to your 4ipnet Gateway Controller some configurations steps are required Go to the Web Management Interface WMI for SDS200W s relevant config...

Page 109: ... the POS Printer Serial Settings To make a POS printer properly functions with SDS200W set up serial settings in advance in Console on SDS200W s WMI Printing On Demand Tickets for Your Customers Operators have two ways of printing On Demand account tickets for their customers One is to go onto the WMI of 4ipnet Gateway Controller and create one or more See the manual of the 4ipnet Gateway Controll...

Page 110: ...rticularly designed to establish a quick connection without previous setting Manual setup To connect SDS200W manually to a 4ipnet Gateway Controller connect the SDS200W to the 4ipnet Gateway Controller via an Ethernet cable Enter the Network Settings and make sure they match what is determined on the controller The change will take effect after 1 clicking Save and 2 rebooting the system After SDS2...

Page 111: ...anual HSG326 Wireless Hotspot Gateway ENGLISH 111 When the settings are done completely on the 4ipnet Gateway Controller side go to SDS200W s WMI and check if every uplink setting matches that on the controller ...

Page 112: ...ls the SDS200W will always have the printer print out if the connection is successful or it failed Please make sure beforehand that the Ethernet cable is plugged in Note The SDS100 can be set up the same way but it does not support wireless connections Wired TAS uses port 5000 as the default value The controller has to set the port to the right number as well Additionally when trying to deploy TAS...

Page 113: ...lect the desired language for the configured ticket template WHG supports English French German Japanese Spanish Simplified Chinese and Traditional Chinese For accounts generated with the SDS200W passwords are random but the administrator has the option of selecting between a 4 character and a 8 character password Select the appropriate Ticket Type depending on the configured billing plan ...

Page 114: ...u may start customizing your POS ticket from the window below manually typing or by inserting parameters from the drop down list as shown in the above example Once this is done you may start assigning Billing Plans and Ticket Templates for your Terminal Servers ...

Page 115: ...unt especially for mobile devices which require typing on small keyboards and are not easy on the eyes Log in credentials including your Username Password Usage quota Price and etc are all embedded in the QR code Simply associate with the SSID scan QR Code and you are ready to surf the internet Configuring your web ticket to support QR Code The ticket needs to be customized in order to support the...

Page 116: ...d Billing Plan the corresponding ticket template needs to be customized to support QR Code 1 The width needs to be changed to 3 default value 2 2 The parameter needs to be added by typing in qr on the template or select qr from the drop down menu and click Insert Parameters ...

Page 117: ...reate multiple accounts for an enabled billing plan in batch and send them to POS printer for generating physical ticket printout for sale Administrator can choose to use random generated Usernames and Passwords or custom create them when creating batch On Demand accounts For random generated passwords they can be short 4 characters or long 8 characters Note Only 4ipnet PRT200 thermal printers sup...

Page 118: ...GLISH 118 When creating custom Usernames the Prefix and Postfix will be kept constant while the Serial Number for the accounts will have single increments The generated accounts may be downloaded for safe keeping or sent to printer for batch printout ...

Page 119: ...ly used PayPal is used as an illustration example below Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot owners should find the Identity Token of this PayPal account to continue PayPal Payment Page Configuration Fill in the necessary merchant account credentials in the Payment Page Configuration...

Page 120: ...llowed for end users to self purchase through the payment gateway The service disclaimer can be customized by configuring Web Page Customization Subsequently after the configuration of your external payment gateway the login page will be shown with a hyperlink which guides the end user step by step to ...

Page 121: ...ter buying a new account online and eliminate the risk of forgetting his her username and password at the next time of login administrators may choose to integrate SMS gateway with the payment gateway Upon successful set up the Number of SMS Quota field will be available Account buyers enter a cellphone number after paying a fee for the account online ...

Page 122: ...ge also supports customization with templates uploading html or using an external page An example of what will be displayed when External Payment Gateway is used with SMS Gateway is shown below PMS Self Service After planning your VLAN network and completing all the Port Location Mapping settings you should verify whether the configurations are working properly According to the Port Type set when ...

Page 123: ...lable plans and service agreement The Service Agreement body can be configured at the applied Service Zone s Custom Pages settings User may choose a billing plan click the Confirm button and the system will display the generated account name and password If you already have a user account you can click the here link to login with the user account that you possess ...

Page 124: ...n depth support regarding compatibility and technical evaluation on your telecom operator please contact 4ipnet support team 11 2 WISPr for ISP Roaming Configuration path Main Menu System Service Zones Service Zone Configuration WISPr or Wireless Internet Service Provider roaming Pronounced whisper is a draft protocol submitted to the Wi Fi Alliance that allows users to roam between wireless inter...

Page 125: ...ble to block users from that particular WISPr roaming agent to access your internet For example if you fill in ipassconnect the iPass clients will be denied roaming access in your network WISPr Location ID These attributes which enable wireless hotspot providers to customize their web portals are based on the client device location and are RADIUS vendor specific attributes VSAs WISPr Location Name...

Page 126: ...pplication offers the ability to refer to a single central Controller for account credential lookup during the authentication process and is ideal for enterprises or businesses with multiple branch offices To use Local user database as the RADIUS database of another Controller Configuration path Main Menu Users Internal Authentication Local To use On Demand user database as the RADIUS database of ...

Page 127: ...Roaming out feature for Local or On Demand click the RADIUS Client Device Settings hyperlink The redirected page allows the administrator to specify the Controller IP which is allowed to behave as a RADIUS client and authenticate against this Controller s enabled user databases ...

Page 128: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 128 NOTE 1 Please make sure that the user database postfixes are configured without conflicting with one another over the two Controllers ...

Page 129: ... the DNS server address provided by your ISP Installation 1 Connect the power adaptor or power cord to the power socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN Uplink Port Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate ...

Page 130: ...d attempts to access the internet the system will address the user to the external login page configured Gateway while addressing users to the external web page will also send URL parameters required for the operation for instance user authentication Therefore each self defined external page Login Logout Login Success Logout Success etc requires codes to handle URL parameters to and from the Gatew...

Page 131: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 131 The diagram below explains how External Page operates using user login logout flow as illustration Login ...

Page 132: ...iption loginurl String URL encoded The URL to be submitted when a user logs in remainingurl String URL encoded The URL to be submitted when a user wants to get remaining quota vlanid Integer 1 4094 VLAN ID iface Integer 0 8 Service Zone ID 0 for default service zone gwip IP format Gateway activated WAN IP address gwmac MAC format Gateway activated WAN MAC address ...

Page 133: ...th a self defined javascript function FORM action method post name form script language Javascript form action getVarFromURL window location href loginurl script INPUT type text name myusername size 25 INPUT type password name mypassword size 25 INPUT name button_submit type submit value Enter INPUT name button_clear type button value Clear FORM The following shows the corresponding self defined j...

Page 134: ...er page to function properly 1 External Login Page Variables Field Value Description loginurl String URL encoded The URL to be submitted when a user logs in remainingurl String URL encoded The URL to be submitted when a user wants to get remaining quota vlanid Integer 1 4094 VLAN ID iface Integer 0 8 Service Zone ID 0 for default service zone gwip IP format Gateway activated WAN IP address client_...

Page 135: ...o create an On Demand user Only available for LOCAL users vlanid Integer 1 4094 VLAN ID gwip IP format Gateway activated WAN IP address client_ip IP format Client IP address ipv6_addr IPv6 format Client IPv6 address sz Integer Service Zone ID group Integer Group index policy Integer Policy index available_plan billing plan usage billing plan usage For local user to create on demand user max_uplink...

Page 136: ...okie Invalid IP address Please check the IP address and try again Invalid MAC address Please check the MAC address and try again Sorry your account is not usable because the authentication option is currently disabled BR Please contact your network administrator Sorry your account is not usable because the authentication option associated with the postfix is not found BR Please contact your networ...

Page 137: ... Original User ID 4 External Logout Successful Page Variables Field Value Description uid String User ID postfix is included original_uid String Original User ID vlanid Integer 1 4094 VLAN ID gwip IP format Gateway activated IP address used_time Integer User s Used time 5 External On Demand login successful page Variables Field Value Description uid String User ID postfix is included original_uid ...

Page 138: ...ser ID gwip IP format Gateway activated WAN IP address vlanid Integer 1 4094 VLAN ID External Page Design Variables This page collects and shows all the variables that are can be accepted by the Controller from the external pages Some are mandatory The destination path is also specified for designer reference 1 User Login Path LAN IP address or Internal Domain Name loginpages userlogin shtml Input...

Page 139: ...es username user account Required String User name mypassword alternative variables passwd password pass Required String Password ret_url Optional String URL encoded Returned URL default is pop_reminder shtml command Optional String getValue If command is set to getValue the return URL would be ignored and the page would only print out the available quota Output If command is set to getValue the o...

Page 140: ...name String User name Type String includes TIME Time type DATA Volume type CUTOFF Cut off type On Demand user billing type 4 Change Password Path LAN IP address or Internal Domain Name loginpages user_change_password shtml Input Field Required Value Description Save Required 1 has to be 1 Opw Required String Old password Npw Required String New password Npwc Required String Confirmed new password ...

Page 141: ...ypassword alternative variables passwd password pass Required String Redeem user password ret_url Optional String URL encoded Return URL login successful page is the default value Output If no ret_url is presented client would be led to the login successful page and in addition a JavaScript window would pop up and show the result If ret_url is presented client would be returned to ret_url and gate...

Page 142: ...10 Billing Plan No random Optional Integer A random number this number is to prevent quick click issue in IE 6 0 ret_url Optional String URL encoded Return URL Output If no ret_url is presented the client would be led to a ticket page in our UI style If ret_url is presented client would return to ret_url and receive the result containing created On Demand account information Field Value Descriptio...

Page 143: ...entralized management and monitoring of your enterprise network including Linux Unix and Windows servers apps databases and network boxes HYPERIC HQ ENTERPRISE Aimed at the datacenter Hyperic s software is built to manage and monitor all layers of Web infrastructures including hardware middleware virtualization and Web and open applications It also offers trending and analysis It supports Apache J...

Page 144: ...nuation of a project that started in 1998 http www wireshark org inSSIDer for wireless scanning frequency analyzer inSSIDer is a useful tool for scanning the air for nearby AP signals and in depth frequency channel analysis of deployment site You can Inspect your Wi Fi and surrounding networks Scan and filter hundreds of nearby access points Troubleshoot competing access points and clogged Wi Fi c...

Page 145: ...Duration time Buy the time interval for a valid account Define the time interval for usage Count down begins when account activated and expires when the expiration time date reached Usage time Users can access internet as long as account valid with remaining quota and need to activate the purchased account within a given time period by logging in Usage time accounts have the option of selecting Wi...

Page 146: ...al HSG326 Wireless Hotspot Gateway ENGLISH 146 Volume Users can access internet as long as account is valid with remaining quota and need to activate the purchased account within a given time period by logging in ...

Page 147: ...l expire Account automatically activates when it is created Unit is the number of days to execute Cut off For example Unit 2 days Cut off Time 10 00 then account will expire at 10 00AM two days after creation Account usability disabled once Cut off time has been reached unless it has been granted a Grace Period Primarily used in hotel venues to provide internet service according to guests stay tim...

Page 148: ... within valid time interval Count down begins once account activates and expires when Expiration Time is reached Duration time accounts can be further classified into Elapsed Time Relative to Activation Time which is the account creation time Account expires when the Expiration Time has been reached Begin End Time ...

Page 149: ...ess Hotspot Gateway ENGLISH 149 Define explicitly the Begin Time and End Time of the account Account expires when the End Time has been reached Cut off Time Define explicitly the clock time to Cut off within the day of creation ...

Page 150: ...ccounts of the same type but with various quotas this may be achieved via the Unit field Network operator is able to multiply the quota by an integer ranging from 1 to 9 in the Unit field Please note that only Usage time Volume and Duration Elapsed time account types support multiple unit quota generation for a single account ...

Page 151: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 151 ...

Page 152: ...r login success it will redirect to the Main Menu page Main Menu is the link that leads to all the configuration pages in the Web Management Interface A screenshot of the main menu is captured below the iconic button on the top row will redirect to configuration pages relating to its category ...

Page 153: ... configuration It includes General Information WAN Configurations LAN Ports Service Zones and etc 1 General System Name This is a mnemonic name you can give to the controller Once configured it will show on the web browser s frame Contact Information This is the email cell phone or other means of contact ...

Page 154: ...ed user logs can only be accessed via the entered IP Pre Login Page A HTML customizable pre portal page before landing the Login Page UAM Filter The Universal Access Method Filter drops non browser http requests from user agents before authentication to prevent system overloading from excessive traffic Management IP Address List This configuration button allows the network administrator to enter a...

Page 155: ...ss Dynamic This option enables the WAN interface to be assigned with an IP address automatically by upstream DHCP server PPPoE This is the option of connecting WAN interface to your ISP network via PPP protocol please select this option if your subscribed network service uses PPP PPTP This is the option of connecting WAN interface to your ISP network via PPP tunneling protocol please select this o...

Page 156: ... the servicing WAN interface Target for Detecting Internet Connection This section of the configuration page enables the administrator to specify external targets to check for uplink status 4 LAN Ports A Service Zone in the system by default contains wired and wireless coverage areas in the organization When Port Based mode is enabled each physical LAN port can be set individually to map to a spec...

Page 157: ...ontrast under Tag Based mode Service Zones will be distinguished by VLAN tagging instead of physical LAN ports 5 Service Zones The table will list the Service Zones and related settings Click the Service Zone Name will go to the service zone configuration page ...

Page 158: ...Service Zone when in Tag based mode In Port based mode administrators have 3 options Disabled Authentication Required and Enable Inter LAN Port Isolation Select Enable or Disable When the option is Enabled clients under different LAN ports cannot ping each other When the option is Disabled clients under different LAN ports can ping each other Inter VLAN Isolation Tag Based 2 clients within the sam...

Page 159: ...may optionally set many alias network segments for a service zone This feature can allow a single service zone to be seen as many service zones also hide the IP address of a Service Zone s network interface and to some degree provide protection from possible attacks from LAN clients Click the Configure button to enter the Network Alias List page Fill in the desired alias IP address and select the ...

Page 160: ...ion Management IP Address List to permit the administrator to access the HSG WIRELESS HOTSPOT GATEWAY admin page after the default IP address of the network interface is changed Preferred DNS Server The primary DNS server that is used by this Service Zone Alternate DNS Server The substitute DNS server that is used by this Service Zone Domain Name Enter the domain name for this service zone WINS Se...

Page 161: ... activate your settings DHCP Lease Protection When Enabled whenever the Service Zone s built in DHCP server receives a DHCP request it will automatically bind the MAC address with an IP address permanently This means that once all the IP addresses have been assigned it will be bound with the MAC address that first acquired this IP Subsequent devices with new MAC address will be unable to acquire a...

Page 162: ...rity tab system support different security type such as Open WEP WPA Personal and WPA Enterprise Under Advance tab administrator can enable or disable Broadcast SSID and IAPP feature also the Receiving RSSI Threshold can be adjusted here System can ensure connected stations have quality connection speeds a station will not ...

Page 163: ...ients to a desired number Authentication Settings The system supports several authentication options namely Local On Demand RADIUS and Guest Free All authentication option can be enabled and applied concurrently This is to be emphasized in the next section Users Page Customization Each Service Zone can be configured to have unique Login Pages or Message Pages These pages are fully customizable to ...

Page 164: ...olicies Configuration Privilege Lists Configuration and Additional Controls 1 Groups The Group Overview page gives a summary of which Authentication Servers are used for the corresponding Group Group options and Zone Permission Configuration Policy Assignment can be defined respectively to enforce the access management for different groups of users in different Service Zones The correspondence can...

Page 165: ... at Number of devices which are allowed to login Multiple device login for the On Demand authentication option can be configured at selected Billing Plans 2 Internal Authentication The system supports multiple authentication options which include both internal and external databases Internal Authentication databases include Local On Demand and Guest ...

Page 166: ...he specific user account when multiple options are concurrently in use To manipulate Local accounts go to Configure for Local User List The On Demand Authentication option is typically used for short term usage such as public hotspots Settings related to the On Demand Authentication option can be configured here such as Billing Plan profiles POS ticket customization Terminal Server list External P...

Page 167: ...ithout any user account or password This feature allows the user to associate with a particular Service Zone enter guest email or a specified string of text by guest questionnaire which may be social security number etc defined by the administrator and use the network without actual authentication The accounts can have limited or limited access time and guest users can be bound to a User Group to ...

Page 168: ...k sent by email is clicked by the user By enabling Social Media Login and entering the Social Media ID and secret registered from Social Media Sites guest users could directly login with their already own social media accounts Selected guest information would be collected from Social Media sites and displayed in Guest Information page 3 External Authentication External Authentication servers can b...

Page 169: ...ultiple accounts using the Batch Create function Before accounts can be created at least one Billing Plan needs to be set up and activated Accounts can be created with random Usernames and Passwords or created manually up to 8 characters Usernames and Passwords can also be created manually for batch creation eg Prefix ABC Postfix DEF Serial Number 0001 ...

Page 170: ...ted on this page The list also allows administrators to manipulate On Demand accounts such as restoring deleting accounts and Admin Redeem 5 Schedule The Administrator gets to set different Login Hour permissions to be applied to User Groups in enabled Service Zones To apply the configured Schedule Profile go to Groups Configuration ...

Page 171: ...groups within a certain Service Zone A group of users within different Service Zones can be applied with different policies For example sales can be applied with different network access right while accessing from sales department region or finance department region Select Policy The number of different policy profiles available depends on the model type Firewall Profile Firewall profile specifies...

Page 172: ...sted on the blacklist is not allowed to log into the system the client s access will be denied The administrator may select one blacklist from the drop down menu and this blacklist will be applied to this specific authentication option Note that names on the Blacklists can be configured to be case insensitive 8 Privilege Lists The Privilege function supports two types of privilege list based on IP...

Page 173: ...inistrator can control user session such as idle timeout in User Session Control Three functions are provided in Built in RADIUS Server Settings such as session timeout In Customization the administrator can upload certificate to the system Remaining Time Reminder provides remaining time information to clients on the screen The administrator can manage the access control to the system via clients ...

Page 174: ...e idle criteria are reached Successive accumulation of idle intervals exceeding the Idle time configure above will induce an idle timeout action where the user will be logged out Traffic Direction for Idle Timeout The user s activity inspection may be checked as uplink or both Threshold for Idle Traffic Detection Designate the threshold where traffic flow smaller than the value configured will be ...

Page 175: ...the timeout range may be configured here manually Please configure this attribute carefully Idle Timeout For users authenticated via build in RADIUS server could be account roaming user the idle timeout range may be configured here manually Please configure this attribute carefully Interim Update For users authenticated via build in RADIUS server could be account roaming user the accounting interv...

Page 176: ...tspot Gateway ENGLISH 176 can set to refresh every 10 15 20 minutes to show the updated remaining quota MAC Access Control List MAC ACL The administrator may configure restraining measures to MAC address either MAC allow or deny list ...

Page 177: ...s specific sets of Internal IP address LAN to External IP address WAN mapping in the Static Assignments The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN that will change dynamically if WAN Interface is Dynamic When Assign WAN IP Automatically is checked the entered Internal IP Address under will be bound to the WAN interface Each Static Assignm...

Page 178: ...essible Servers allow the administrator to set virtual servers so that client devices outside the managed network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the servic...

Page 179: ...n Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply 2 Monitor IP Multiple IP addresses can be defined in the Monitor IP function System can monitor these IP based network devices and periodically report online status via email bas...

Page 180: ...ervices for users to access the websites listed here before login and authentication Specific addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website IP Address or Domain Name in the list and click Apply to save the settings The Walled Garden List c...

Page 181: ...configuration Note that entries selected as Walled Garden Ad must be a URL and cannot be an IP address with prefix Note that both the checkboxes of walled garden and advertisement check should be checked for enabling walled garden advertisement feature 4 Proxy Server The system provides a Built in Proxy Server and External Proxy Server function After successful authentication the clients will be d...

Page 182: ...trates how a proxy server of an ISP is used Follow the following steps to complete the proxy configuration Step 1 Log into the system by using the admin account Step 2 Network Proxy Server Web Proxy Settings page Enable the Built in Proxy Server Click Apply to save the settings Step 3 Enable Proxy Server Settings in Internet Options on Client Stations ...

Page 183: ...l in the appropriate IP address of the Proxy Server and the utilized port Follow the following steps to complete the proxy configuration Step 1 Log in to the system by using the admin account Step 2 Network Proxy Server Web Proxy Settings Select External for Proxy Server Add the IP address and port number of the Proxy server into External Proxy Servers setting Click Apply to save the settings Step...

Page 184: ...l clients connected to the HSG Wireless Hotspot Gateway s LAN network This feature can be used to dispatch clients to preferred IP address for certain Domain Names NOTE By Enabling the Proxy Server clients are required to manually check Proxy Server Settings on client stations Internet Options To apply Transparent Proxy please use Port and IP forwarding ...

Page 185: ...teway s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply DDNS Enable or disable this function Provider Select the DNS provider Host name The IP address domain name of the WAN port Username E mail The register ID username or e mail for the DNS provider Password Key ...

Page 186: ...n account for the administrator is admin The admin password of the system can be changed here by clicking the admin Name and entering the original password and new password The default admin password of the system is admin The Elementary School s Name field may also be entered for security purposes in case the admin username or password has been forgotten Noted that Email and Elementary School s N...

Page 187: ...ponsibility Password Complexity enables the admin to limit how the passwords the sub admins use should be formed Min password Length sets a limit on the minimum length of a password string Min password Category allows an admin to define how complex the passwords of the sub admins are required Below shows what each number stands for Number Definition 0 passwords will not be checked ...

Page 188: ...type in strings again Password expiration if enabled this is a function for admins to decide the number of days the password will expire in A valid period can be defined for each password counting from the first login When a password expires the operator will need to setup a new password for future use Expired passwords cannot be reused Password Limits if enabled it is to determine how many utiliz...

Page 189: ...mail to the assigned email address Note that an SMTP Server needs to be setup for the system to send email reminders There are 6 categories a sub admin can fall into Super Group Manager Operator OnDemand Manager Custom1 Custom2 and Custom3 Click configure at the right of the drop down list to see and modify the differences Be aware that the authority limits of Super Group are unchangeable Create a...

Page 190: ...nd the state of each sub admin Please note that only the created sub admins can be deleted Check the boxes to Lock or Unlock to forbid certain sub admins to access the management page Besides admin can also click the hyperlinks in the name column to edit admins sub admins related settings 2 Backup Restore This is used to backup and restore system settings System factory default can also ...

Page 191: ...disk of the management console A backup file will keep the current system settings as well as the local user accounts A backup file can be restored to the system by clicking Browse button to choose the backup file and then clicking Restore button to execute the process Backup can be done periodically over FTP Enable this feature by clicking on the Configure button under Period Backup ...

Page 192: ...r remote access Reset to Factory Default Click Reset to load the factory default settings of the controller Remote Sync Status WHG311 WHG315 When Enabled 2 controllers can synchronize their settings remotely on the LAN network 3 Certificates On this tab administrators have the ability to manage the system certificate create Root CA sign certificates from Root CA and upload certificate The Used By ...

Page 193: ...xample com that cannot be removed but allows certificates to be uploaded To view details of the certificate click the corresponding View button Click Get CERT and Get Key to download the certificate and public key onto your local disk Internal Root CA The administrator can generate a root CA for private use The created root CA certificate can be downloaded and used to sign certificates generated b...

Page 194: ...ot CA certificate may also be uploaded with a matching Private Key Internally Issued Certificates When an Internal Root CA needs to be created Internally Issued Certificates can be signed The generated certificate will be listed and the certificate key pair can be ...

Page 195: ...ned by other CA entities or Trusted CAs into the system These trusted root CA certificates are intended for the Controller to recognize and trust certificates of External Payment Gateway and or CAPWAP capable APs To upload a Trusted CA click browse and upload a trusted CA certificate from your local disk into the System 4 Network Utilities Some network utilities such as web based Ping Trace Route ...

Page 196: ...o a destination using IP address or Host domain name ARPing Allows the administrator to send ARP request for a specific IP address or domain name ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP Sniff With this feature the administrator can listen for packets from selected Interfaces The administrator can further filter...

Page 197: ...e system web management interface again 6 System Upgrade The administrator can download the latest firmware from website and upgrade the system here Click Browse to search for the firmware file and click Apply for the firmware upgrade It may take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to activate the new firmware When the resource of the ...

Page 198: ...ss There will be a prompt confirmation message appearing to notify the administrator to restart the system after successful firmware upgrade Firmware upgrade may take up to several minutes please wait for the confirmation message The system must be rebooted before resetting to factory defaults after firmware upgrade G Status Status Provides information for System Status Interface Status Hardware S...

Page 199: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 199 ...

Page 200: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 200 ...

Page 201: ...ystem is set to align Preferred DNS Server IP address of the preferred DNS Server Alternate DNS Server IP address of the alternate DNS Server Proxy Server Enabled disabled displays if the system is currently using the proxy server Start Page URL The preset URL upon users initial successful login SNMP Enabled Disabled Warning of Internet Disconnection Enabled Disabled Idle Timeout The minutes allow...

Page 202: ...ress to which the traffic history or user s traffic history information will be sent Click See Reports for the following available reports sorted by interface Network Traffic CPU Load Memory Usage Storage Usage Online Users Successful Logins Sessions DHCP Leases and DNS Queries The reports can also be customized to your preference by selecting the Time range and Interval These reports can be sent ...

Page 203: ...ion mode of the SZ MAC Address The MAC address of the SZ IP Address The IP address of the SZ Subnet Mask The Subnet Mask of the SZ Service Zone DHCP Scope Default SZ1 SZ4 Status Enable disable stands for status of the DHCP server in Default Service Zone WINS IP Address The WINS server IP on DHCP server N A means that it is not configured Start IP Address The start IP address of the DHCP IP range E...

Page 204: ...eer controllers On Demand Roaming Out User On Demand users authenticated at external controllers via RADIUS protocol Non Login Local User Obtained IP address but has not yet authenticated Local Users MAC Login Devices Disconnected MAC authenticated devices need not be re plugged physically and can be MAC authenticated on the MAC Login Devices List 4 Process Monitor The Process Monitor is a network...

Page 205: ...on Therefore if the log information needs to be documented the administrator will need to make back up manually Configuration Change Log This page shows the account and IP of the person that has made changes to Controllers WMI configurations Local Monthly Usage The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months Each line in a monthl...

Page 206: ... information output from the UAM daemon User Events Displays all user related information customizable to administrator s preference The Download button downloads the displayed User Events into a comma separated txt file which can be imported into cells MS Excel Note that different User Types contain different user information Categories will be left blank if inapplicable to the User Type Applicab...

Page 207: ...t and Message Wireless Log Displays all wireless related information 6 Reporting HSG WIRELESS HOTSPOT GATEWAY can automatically send various kinds of user and or system related reports to configured E mail addresses SYSLOG Servers or FTP Server Notification Settings Page This configuration page allows the selection of log types to send either to preconfigured E mail SYSLOG Servers or FTP Server ba...

Page 208: ...gured in SMTP Settings Click the desired E mail address profile 1 5 and select the time interval for sending a report or log Detail Clicking this radio button allows the configuration of the E mail subject for the corresponding log Send Clicking this radio button sends a test log to the selected E mail address ...

Page 209: ...selected logs to the configured SYSLOG Servers Sending Logs to FTP The following log types can be sent to external FTP servers configured in FTP Settings Local Users Log On Demand Users Log Trial Users Log Roaming Out Users Log Roaming In Users Log External User Log Session Log On Demand Billing Report Log Wide Area AP Report Local HTTP Web Log HTTP Web Log Configuration Change Log DHCP Lease Log ...

Page 210: ... your FTP server If your FTP needs authentication enter the Username and Password The Send Test File button can be used to send a test log for testing your current FTP destination settings SMTP Settings Allows the configuration of 5 recipient E mail addresses and necessary mail server settings where various user related logs will be sent to ...

Page 211: ...lable for general use Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use a UNIX login and password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 Pegasus uses CRAM MD5 or Login but which method to be used can not be configured Sender E mai...

Page 212: ...ing feature When enabled the selected logs from Notification Settings will be sent to the SYSLOG server configured above However when disabled no logs will be sent to the SYSLOG server configured above 7 Session List This page allows the administrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination ...

Page 213: ...umber under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of IP Expired IP leased to clients that have expired in the Last 10 Minutes Hours and Days are shown here The header 1 10 are the unit multipliers For instance the number under column 2 indicates the expired count in the last 20 minutes hours days the number under column 3 indicates the expired co...

Page 214: ...erver and related information of the client using this IP address is displayed here 9 Routing Table The routing table lists all IPv4 Route rules The System Route rules are shown here as well The Policy Route rule has higher priority than the Global Policy route rule and the System Route rule has the lowest priority ...

Page 215: ...lobal Policy System Shows the information of the system administration Destination The destination IP address of the device Subnet Mask The Subnet Mask IP address of the port Gateway The Gateway IP address of the port Interface The choice of interface network including WAN1 WAN2 Default or the named Service Zones to be applied for the traffic interface P N V10000201601020 ...

Page 216: ...User s Manual HSG326 Wireless Hotspot Gateway ENGLISH 216 ...

Reviews:

No comments

Related manuals for HSG326

ABB ARR600 Quick Start Manual preview
ARR600
Brand: ABB Pages: 4
BAPI 50387 Installation & Operating Instructions preview
50387
Brand: BAPI Pages: 4
ADTRAN Atlas 830 Quick Start Manual preview
Atlas 830
Brand: ADTRAN Pages: 2
PalmMicro PA168V Setup Manual preview
PA168V
Brand: PalmMicro Pages: 16
ADTRAN SMART/RG SR905ac User Manual preview
SMART/RG SR905ac
Brand: ADTRAN Pages: 111
Arris Touchstone TG862G User Manual preview
Touchstone TG862G
Brand: Arris Pages: 48
ABB Cassia DODGE User Manual preview
Cassia DODGE
Brand: ABB Pages: 22
Peak IPEH-004020 User Manual preview
IPEH-004020
Brand: Peak Pages: 73
AudioCodes MediaPack 1 Series Quick Setup Manual preview
MediaPack 1 Series
Brand: AudioCodes Pages: 10
AudioCodes MediaPack MP-112 User Manual preview
MediaPack MP-112
Brand: AudioCodes Pages: 622
Zoom IG-4160 Specifications preview
IG-4160
Brand: Zoom Pages: 2
AMX NXB-CCG-K NetLinx Clear Connect Installation Manual preview
NXB-CCG-K NetLinx Clear Connect
Brand: AMX Pages: 2
AMX NXR-ZGW-PRO Operation/Reference Manual preview
NXR-ZGW-PRO
Brand: AMX Pages: 5
AMX NetLinx NXR-ZGW Operation/Reference Manual preview
NetLinx NXR-ZGW
Brand: AMX Pages: 42
AMX NetLinx NXR-ZGW-PRO Operation/Reference Manual preview
NetLinx NXR-ZGW-PRO
Brand: AMX Pages: 46
TEKTELIC Communications T0004978 User Manual preview
T0004978
Brand: TEKTELIC Communications Pages: 20
Fluke 3502 FC Getting Started Manual preview
3502 FC
Brand: Fluke Pages: 20
ZyXEL Communications VMG3625-T50B Quick Start Manual preview
VMG3625-T50B
Brand: ZyXEL Communications Pages: 2

Brands by name

Popular brands

Load more brands