background image

Chapter 5. Multi-Service Providers

 

 

 

 

AirLive MW-2000S User’s Manual 

47

STEP 16

Click 

No. 1 

firewall rule to edit more firewall setting. 

 

 

 
 

STEP 17

Input the 

Rule name

, select 

Source

 Interface as 

O2

 and 

Destination

 Interface as 

WAN1

, then enable 

the 

Action

 to 

Pass

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 

Summary of Contents for MW-2000S

Page 1: ...MW 2000Sv2 Hotspot Management Gateway User s Manual ...

Page 2: ... household appliances and similar electrical equipment Harmonics Disturbances in supply systems caused by household appliances and similar electrical equipment Voltage fluctuations Information Technology equipment Immunity characteristics Limits And methods of measurement Manufacturer Importer Position Title Vice President OvisLink Corp 5F NO 6 Lane 130 Min Chuan RD Hsin Tien City Taipei County Ta...

Page 3: ... aplicables o exigibles de la Directiva 1999 5 CE pt Português Portuguese OvisLink Corp declara que este AirLive MW 2000S está conforme com os requisitos essenciais e outras disposições da Directiva 1999 5 CE el Ελληνική Greek ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ OvisLink Corp ΔΗΛΩΝΕΙ ΟΤΙ AirLive MW 2000S ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ sl Slovensko Sl...

Page 4: ...tart 29 5 3 Setup Internet Connection 30 5 4 Setup Service Zones 31 5 5 Setup Authentication Account 37 5 6 Setup AP Management 39 5 7 Setup Policy 41 Chapter 6 Multi Service Zones 52 6 1 Introduction 52 6 2 Before to start 54 6 3 Setup Internet Connection 55 6 4 Setup Service Zones 56 6 5 Setup Authentication Account 59 6 6 Setup AP Management 65 6 7 Setup Policy 67 Chapter 7 Web Interface Config...

Page 5: ...ies 148 7 5 1 Change Password 149 7 5 2 Backup Restore Setting 150 7 5 3 Firmware Upgrade 151 7 5 4 Restart 152 7 5 5 Network Utilities 152 7 6 Status 153 7 6 1 System Status 154 7 6 2 Interface Status 156 7 6 3 Routing Table 158 7 6 4 Current Users 159 7 6 5 Traffic History 160 7 6 6 Notification Configuration 162 7 7 Help 164 Appendix A Network Configuration on PC 165 Appendix B An Example of Us...

Page 6: ... Convention y For any caution or warning that requires special attention of readers a highlight box with the eye catching italic font is used as below Warning For security purposes you should immediately change the Administrator s password indicates that clicking this button will return to the homepage of this section indicates that clicking this button will return to the previous page indicates t...

Page 7: ...igure update and monitor all managed APs from a single secured interface and from there gain full control of the entire wireless network 2 2 System Concept MW 2000S is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external databases server Featured with user authentication and integrated with externa...

Page 8: ...on When user opens the web browser the MW 2000S will switch a window asking you to enter user name and password The login window can be customized to put company s logo or art design y Payment System MW 2000S is featured with Authorize Net and PayPal billing system so that users can easily pay the fee with credit cards or PayPal accounts for the Internet access y Personal Bandwidth Control When yo...

Page 9: ...address to each AP automatically y Template Configuration Default configurations for the AP can be defined in a template profile So after an AP is discovered by the security gateway you can apply the configuration template to each AP You no longer have to configure each AP independently Up to 3 configurations template can be defined y View AP Status View the wireless and LAN status and Disable or ...

Page 10: ...ode the data so that confidential information can not be stolen by intruder Since wireless data can be received by anyone with a wireless device the data encryption is even more important The current solution require administrator to set wireless encryption key on the wireless device The problem with this implementation is that when the key is known to one user the entire network security is in je...

Page 11: ...ndicate different status of the system y Status o For Normal Startup Flashing during system startup Steady ON to indicate the system is in Normal Operation modes o In Reset Operation Flashing Status LED is flashing if the Reset button is pressed for more than 3 sec and released in less than 10 sec When the Status LED starts flashing is the indication that the system has been successfully reset Ste...

Page 12: ... controlled port need to be authenticated to access network Clients connected to uncontrolled port don t need to be authenticated to access network and can access the web management interface Rear Panel y Reset Press this button to restart the system y Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s HyperTerm...

Page 13: ...sers to access the network via Private Port and the administrator can enter the administrative user interface to perform configurations via Private Port 4 Connect an Ethernet cable to the LAN1 LAN4 Port on the rear panel Connect the other end of the Ethernet cable to an AP or switch The LED of LAN1 LAN4 should be on to indicate a proper connection Note Authentication is required for the users to a...

Page 14: ... user accounts User Name operator Password airlive Each account owns the specific access right The network constructor can deploy the default system by admin account The system manager can change or create further authentication rule by manager account The operator just needs to create new account and print out the ticket for customer by operator account Following is the example to configure the s...

Page 15: ...ecessary data For more detail information please check chapter 7 1 3 WAN configuration 2 Select System Configuration Æ System Information configure the correct Time Zone and select to enable NTP server or set up time by manually 3 Select User Authentication Æ Policy Configuration to define Policy 1 with configuring specific Firewall Profile Route Profile and Schedule Profile ...

Page 16: ...st 2 Select User Authentication Æ Authentication Configuration Æ On demand User Æ Billing Plans click Edit button to define the related information based on your policy The contents include Pay for data or Pay for time Account Activation Account Valid Period and price 3 Select User Authentication Æ Policy Configuration Æ QoS Profile and click Setting button to define Traffic Class Total Downlink I...

Page 17: ... Printout to print ticket Following is the list to display the access right of MW 2000S feature per each account admin manager operator System Configuration Y Authentication Configuration Y Y Black List Configuration Y Y Policy Configuration Y Y User Authentication Additional Configuration Y Y Network Configuration Y Utility Y Status Y ...

Page 18: ...d 6 Save and Restart MW 2000S Click the System Configuration from the top menu and the System Configuration page will appear Then click on Configuration Wizard and click the Run Wizard button to start the wizard y Running the Wizard First a welcome screen that briefly introduces the 6 steps will appear Click Next to begin after reviewing these steps y Step 1 Change Admin s Password Enter a new pas...

Page 19: ...vice Provider Contact the ISP if the DNS IP Address is unknown Click Next to continue y Step 4 Select the Connection Type for WAN1 Port There are three types of WAN ports that can be selected Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type and click Next to continue Dynamic IP Address If this option is selected an appropriate IP address and related in...

Page 20: ...ase To add a user here enter the Username e g test Password e g test MAC optional to specify the valid MAC address of this user and assign it a policy or use the default Click the Add Now button to add the user Multiple users can be added in this page Click Next to continue Note The policy selected in this step is applied to this user only Per user policy setting takes over the group policy settin...

Page 21: ... continue y Restart When MW 2000S is restarting a Restarting now Please wait for a moment message will appear on the screen Please do not interrupt MW 2000S until the message has disappeared This indicates that a complete and successful restart process has finished Caution During every step of the wizard if you wish to go back to modify the settings please click the Back button to go back to the p...

Page 22: ...n realize how to install and configure MW 2000S If user needs to configure more MW 2000S feature please check Chapter 7 Web Interface Configuration to know more detail information User can follow the steps to configure basic Hotspot setting Chapter 4 1 Setup Internet Connection Chapter 4 2 Setup Default Service Zone Chapter 4 3 Setup User Configuration Chapter 4 4 How to create On demand account ...

Page 23: ...Chapter 4 Basic Hotspot Configuration AirLive MW 2000S User s Manual 18 Setup Flow ...

Page 24: ...nection User can configure WAN connecting type with Static IP Dynamic IP PPPoE or PPTP client based on the request STEP 2 If user applies two Internet connections the second line can be setup at WAN2 and enable Load balancing or Failover function at WAN Traffic Setting For more information to configure WAN port setting please check Chapter 7 1 3 Chapter 7 1 4 and Chapter 7 1 5 ...

Page 25: ...etup Default Service Zones STEP 1 System Configuration Æ Service Zones If user does not configure specific Service Zones each user will follow default zone For more detail configuration please check Chapter 7 1 7 Service Zones STEP 2 Select Authentication type as On demand User ...

Page 26: ...page or use Template Page Uploaded Page or External Page to customize the page For more detail information of customized page please check Appendix H Customizable Pages STEP 4 Take Template Page as example user can select to design color of text and background change the word of text and button change logo and replace the image file of background ...

Page 27: ...tup Authentication Account STEP 1 Enter User Authentication Æ Authentication Configuration select On demand User STEP 2 User can configure the advanced feature at main page of Authentication Server STEP 3 Click Configure button of General Settings and change Monetary Unit to EUR ...

Page 28: ...anual 23 STEP 4 Back to Authentication Server Configuration page click Configure button of Billing Plans to create the billing plans STEP 5 Create two plans with Time and Volume type specify the Quota and expired time and then click Apply to save the configuration ...

Page 29: ...ion Server Configuration page if user would like to enable Credit Card payment system user can click Create button of External Payment Gateway Select Authorize net or PayPal system based on user s request For more detail information of Authorize net and PayPal please check Appendix D and Appendix E ...

Page 30: ...rLive MW 2000S User s Manual 25 4 4 How to create On demand account STEP 1 Back to Authentication Server Configuration page and click Create button STEP 2 Enter On demand Account Creation page press Create button to generate a random account ...

Page 31: ...intout button the ticket can be printed out via ticket printer STEP 4 If Billing Plans is created several plans user can choose to generate the random account from ticket printer Click the Function key Selection button to choose the billing rule STEP 5 Basic Hotspot configuration is done ...

Page 32: ...ecting service with several service providers each service provider can design its own login page and connect to its own RADIUS server as the database of User Authentication Following steps offer the example of step by step configuration and in the example we will create a Multi Service Providers environment for Airport office worker O2 service provider and Orange service provider ...

Page 33: ...Chapter 5 Multi Service Providers AirLive MW 2000S User s Manual 28 Setup Flow ...

Page 34: ...uto detecting WLA 5000AP the WLA 5000AP device must be reset with default setting or MW 2000S will not succeed to detect WLA 5000AP 3 Do not power off MW 2000S and WLA 5000AP during auto configuring WLA 5000AP When MW 2000S starts to configure WLA 5000AP user may not power off MW 2000S or WLA 5000AP or it could damage WLA 5000AP and possibly can not rescue it back even restore the boot loader User...

Page 35: ...ction User can configure WAN connecting type with Static IP Dynamic IP PPPoE or PPTP client based on the request STEP 2 If user applies two Internet connections the second line can be setup at WAN2 and enable Load balancing or Failover function at WAN Traffic Setting For more information to configure WAN port setting please check Chapter 7 1 3 Chapter 7 1 4 and Chapter 7 1 5 ...

Page 36: ... Create the first Service Zone for Airport office worker You can check Chapter 7 1 7 for more information about Service Zones Service Zone SSID IP Subnet Authentication Policy Priority Airport Airport 192 168 11 x Local database Policy 1 Best Effort O2 O2 192 168 12 x RADIUS Policy 2 Background Orange Orange 192 168 13 x RADIUS Policy 3 Background ...

Page 37: ...Chapter 5 Multi Service Providers AirLive MW 2000S User s Manual 32 STEP 2 System Configuration Æ Service Zones Create the second Service Zone for O2 Service Provider ...

Page 38: ...r s Manual 33 STEP 3 Customize the Login Logout page User can choose to use the default page or use Template Page Uploaded Page or External Page to customize the page For more detail information of customized page please check Appendix H Customizable Pages ...

Page 39: ... Providers AirLive MW 2000S User s Manual 34 STEP 4 Take Template Page as example user can select to design color of text and background change the word of text and button change logo and replace the image file of background ...

Page 40: ...Chapter 5 Multi Service Providers AirLive MW 2000S User s Manual 35 STEP 5 System Configuration Æ Service Zones Create the third Service Zone for Orange Service Provider ...

Page 41: ...ge or use Template Page Uploaded Page or External Page to customize the page For more detail information of customized page please check Appendix H Customizable Pages STEP 7 Take Template Page as example user can select to design color of text and background change the word of text and button change logo and replace the image file of background ...

Page 42: ...tion and enable the setting Then click Server1 to enter the next step STEP 2 User can change Server Name Postfix Name or enable Black List select Local as Authentication Method and click Local User Setting button to enter Local User Setting page STEP 3 If user does not need to enable RADIUS Roaming Out or 802 1x Authentication just click Edit Local User List to check current user list or create ne...

Page 43: ... STEP 4 Click Add User to create new user STEP 5 Fill in Username Password and else information select a specific Service Zones then click Apply to save the setting For more detail information to setup local user please check Chapter 7 2 1 1 Authentication Method Local ...

Page 44: ...rvice with own billing system and user authentication database For more detail information to setup local user please check Chapter 7 2 1 3 Authentication Method RADIUS 5 6 Setup AP Management STEP 1 AP Management Æ AP Discovery Connect WLA 5000AP to MW 2000S Public Port and use AP Management function to auto detect and auto configure WLA 5000AP For more information please check Chapter 7 3 2 AP D...

Page 45: ...00S User s Manual 40 STEP 3 When MW 2000S detects the AP system will create the connection automatically so user can define AP s setting via MW 2000S STEP 4 Change AP Name select AirPort O2 and Orange Service Zone and click Add to modify WLA 5000AP ...

Page 46: ...r to reach the request Once the default setting is changing to block all connection the policy can be more easily that you just need to open the necessary connection User can follow the steps to configure the Policy rules for Multi Service Providers 1 Configure Global Policy to block all connection 2 Configure Policy 1 for Airport Service Zone to allow user accessing Internet 3 Configure Policy 2 ...

Page 47: ...l 42 STEP 1 Click User Authentication Æ Policy Configuration and select Global click Setting button of Firewall Profile to enter the setting STEP 2 Click Firewall Rules to configure the firewall setting STEP 3 Click No 1 firewall rule to edit more firewall setting ...

Page 48: ...ual 43 STEP 4 Input the Rule name select Source and Destination Interface as ALL and enable the Action as Block STEP 5 Enable the Active of first rule and click Apply to save the setting STEP 6 When Global Policy setting is done then to configure Policy 1 2 and 3 ...

Page 49: ...1 to enable the connection from Airport Service Zone to Internet and define the Traffic Class as Best Effort Click Setting button of Firewall Profile to enter the setting STEP 8 Click Firewall Rules to configure the firewall setting STEP 9 Click No 1 firewall rule to edit more firewall setting ...

Page 50: ...put the Rule name select Source Interface as Airport and Destination Interface as WAN1 then enable the Action to Pass STEP 11 Enable the Active of first rule and click Apply to save the setting STEP 12 Enter User Authentication Æ Policy Configuration and press QoS Profile button ...

Page 51: ...ation for Downlink and Uplink Click Apply to save the setting and finish the configuration of Policy 1 STEP 14 Configure Policy 2 to enable the connection from O2 Service Zone to Internet and define the Traffic Class as Background Click Setting button of Firewall Profile to enter the setting STEP 15 Click Firewall Rules to configure the firewall setting ...

Page 52: ...oviders AirLive MW 2000S User s Manual 47 STEP 16 Click No 1 firewall rule to edit more firewall setting STEP 17 Input the Rule name select Source Interface as O2 and Destination Interface as WAN1 then enable the Action to Pass ...

Page 53: ...and click Apply to save the setting STEP 19 Enter User Authentication Æ Policy Configuration and press QoS Profile button STEP 20 Select Background for Traffic Class and specify the total speed and the limitation for Downlink and Uplink Click Apply to save the setting and finish the configuration of Policy 2 ...

Page 54: ...3 to enable the connection from Orange Service Zone to Internet and define the Traffic Class as Background Click Setting button of Firewall Profile to enter the setting STEP 22 Click Firewall Rules to configure the firewall setting STEP 23 Click No 1 firewall rule to edit more firewall setting ...

Page 55: ...nput the Rule name select Source Interface as Orange and Destination Interface as WAN1 then enable the Action to Pass STEP 25 Enable the Active of first rule and click Apply to save the setting STEP 26 Enter User Authentication Æ Policy Configuration and press QoS Profile button ...

Page 56: ...er s Manual 51 STEP 27 Select Background for Traffic Class and specify the total speed and the limitation for Downlink and Uplink Click Apply to save the setting and finish the configuration of Policy 3 STEP 28 Multi Service Providers setting is complete ...

Page 57: ...packets priority Voice Video Best Effort and Background So user can deploy MW 2000S and create several Service Zones with different priority in order to make internal network more efficiency Following steps offer the example of step by step configuration In the example we will create a Multi Service Zones environment for Office Users Guest and IPCAM ...

Page 58: ...Chapter 6 Multi Service Zones AirLive MW 2000S User s Manual 53 Setup Flow ...

Page 59: ...uto detecting WLA 5000AP the WLA 5000AP device must be reset with default setting or MW 2000S will not succeed to detect WLA 5000AP 3 Do not power off MW 2000S and WLA 5000AP during auto configuring WLA 5000AP When MW 2000S starts to configure WLA 5000AP user may not power off MW 2000S or WLA 5000AP or it could damage WLA 5000AP and possibly can not rescue it back even restore the boot loader User...

Page 60: ...ion User can configure WAN connecting type with Static IP Dynamic IP PPPoE or PPTP client based on the request STEP 2 If user applies two Internet connections the second line can be setup at WAN2 and enable Load balancing or Failover function at WAN Traffic Setting For more information to configure WAN port setting please check Chapter 7 1 3 Chapter 7 1 4 and Chapter 7 1 5 ...

Page 61: ...s Create the first Service Zone for office worker You can check Chapter 7 1 7 for more information about Service Zones Service Zone SSID IP Subnet Authentication Policy Priority Office Office 192 168 11 x Local database Policy 1 Best Effort IPCAM IPCAM 192 168 12 x Disable Policy 2 Video Guest Guest 192 168 13 x On demand Policy 3 Background ...

Page 62: ...Chapter 6 Multi Service Zones AirLive MW 2000S User s Manual 57 STEP 2 System Configuration Æ Service Zones Create the second Service Zone for IP Camera ...

Page 63: ...Chapter 6 Multi Service Zones AirLive MW 2000S User s Manual 58 STEP 3 System Configuration Æ Service Zones Create the third Service Zone for Guest uses ...

Page 64: ...Live MW 2000S User s Manual 59 6 5 Setup Authentication Account STEP 1 Create Local database account for office worker Select Server1 as default server of authentication and enable the setting Then click Server1 to enter the next step ...

Page 65: ...lack List select Local as Authentication Method and click Local User Setting button to enter Local User Setting page STEP 3 If user does not need to enable RADIUS Roaming Out or 802 1x Authentication just click Edit Local User List to check current user list or create new local user STEP 4 Click Add User to create new user ...

Page 66: ...ave the setting For more detail information to setup local user please check Chapter 7 2 1 1 Authentication Method Local STEP 6 Setup On demand account for Guest user The account can be generated by randomly and specify part of limitation Click On demand User to enter the next step STEP 7 Click Configure button of Billing Plans to define the limitation for Guest account ...

Page 67: ... 62 STEP 8 Click Edit button to configure the setting STEP 9 Select Volume at Type the available Quota is 500Mbyes guest has to use the account in one day the account will be expired in 2 days and the price is free of charge Click Apply to save the configuration ...

Page 68: ...e MW 2000S User s Manual 63 STEP 10 Click Enable and then click Apply to save the setting STEP 11 Back to Authentication Server Configuration page click Create button of On demand Account Creation to create a random account for guest user ...

Page 69: ...Create button to create a new account STEP 13 When guest user receives the ticket he can input the username and password to pass the authentication and access Internet till he spends out the quota For more detail information to setup local user please check Chapter 7 2 1 6 Authentication Method ONDEMAND ...

Page 70: ...o MW 2000S Public Port and use AP Management function to auto detect and auto configure WLA 5000AP For more information please check Chapter 7 3 2 AP Discovery STEP 7 Select WLA 5000AP and press Scan Now to detect AP STEP 8 When MW 2000S detects the AP system will create the connection automatically so user can define AP s setting via MW 2000S ...

Page 71: ...P 9 Change AP Name select Office IPCAM and Guest Service Zone and click Add to modify WLA 5000AP STEP 10 Page will turn to AP List and WLA 5000AP will be configuring with the data we set when the configuration is done the table will be listed a new AP device in AP List ...

Page 72: ...ers 1 Configure Global Policy to block all connection 2 Configure Policy 1 for Office Service Zone to allow office user accessing Internet and the connection between MIS 192 168 11 11 and IPCAM 192 168 12 12 3 Configure Policy 2 for IPCAM Service Zone to allow the connection between IPCAM 192 168 12 12 and MIS 192 168 11 11 4 Configure Policy 3 for Guest Service Zone to allow user accessing Intern...

Page 73: ...s Manual 68 STEP 3 Click No 1 firewall rule to edit more firewall setting STEP 4 Input the Rule name select Source and Destination Interface as ALL and enable the Action as Block STEP 5 Enable the Active of first rule and click Apply to save the setting ...

Page 74: ...icy 1 to enable the connection from Office Service Zone to Internet the connection between MIS 192 168 11 11 and IPCAM 192 168 12 12 and define the Traffic Class as Best Effort Click Setting button of Firewall Profile to enter the setting STEP 8 Click Firewall Rules to configure the firewall setting STEP 9 Click No 1 firewall rule to edit more firewall setting ...

Page 75: ...Interface as Office and Destination Interface as WAN1 then enable the Action to Pass STEP 11 Enter the second rule and input the Rule name select Source Interface as Office and specify the IP address with 192 168 11 11 select Destination Interface as IPCAM and specify the IP address with 192 168 12 12 then enable the Action to Pass ...

Page 76: ...terface as IPCAM and specify the IP address with 192 168 12 12 select Destination Interface as Office and specify the IP address with 192 168 11 11 then enable the Action to Pass STEP 13 Enable the Active of rules and click Apply to save the setting STEP 14 Enter User Authentication Æ Policy Configuration and press QoS Profile button ...

Page 77: ...r Downlink and Uplink Click Apply to save the setting and finish the configuration of Policy 1 STEP 16 Configure Policy 2 to enable the connection between IPCAM 192 168 12 12 and MIS 192 168 11 11 and define the Traffic Class as Video Click Setting button of Firewall Profile to enter the setting STEP 17 Click Firewall Rules to configure the firewall setting ...

Page 78: ...ewall rule to edit more firewall setting STEP 19 Enter the first rule and input the Rule name select Source Interface as IPCAM and specify the IP address with 192 168 12 12 select Destination Interface as Office and specify the IP address with 192 168 11 11 then enable the Action to Pass ...

Page 79: ...rface as Office and specify the IP address with 192 168 11 11 select Destination Interface as IPCAM and specify the IP address with 192 168 12 12 then enable the Action to Pass STEP 21 Enable the Active of first rule and click Apply to save the setting STEP 22 Enter User Authentication Æ Policy Configuration and press QoS Profile button ...

Page 80: ...h the configuration of Policy 2 STEP 24 Configure Policy 3 to enable the connection from Guest Service Zone to Internet and define the Traffic Class as Background Click Setting button of Firewall Profile to enter the setting STEP 25 Click Firewall Rules to configure the firewall setting STEP 26 Click No 1 firewall rule to edit more firewall setting ...

Page 81: ... the Rule name select Source Interface as Guest and Destination Interface as WAN1 and then enable the Action to Pass STEP 28 Enable the Active of first rule and click Apply to save the setting STEP 29 Enter User Authentication Æ Policy Configuration and press QoS Profile button ...

Page 82: ... s Manual 77 STEP 30 Select Background for Traffic Class and specify the total speed and the limitation for Downlink and Uplink Click Apply to save the setting and finish the configuration of Policy 3 STEP 31 Multi Service Providers setting is complete ...

Page 83: ...gs Interface Status WAN1 Configuration Policy Configuration Manual Configuration Monitor IP List Firmware Upgrade Routing Table WAN2 Configuration Additional Configuration Template Settings Walled Garden List Restart Current Users WAN Traffic Settings Firmware Management Proxy Server Properties Network Utilities Traffic History Private LAN Configuration AP Upgrade Dynamic DNS Notification Configur...

Page 84: ...ion includes the following functions Configuration Wizard System Information WAN1 Configuration WAN2 Configuration WAN Traffic Settings Private LAN Configuration and Service Zone 7 1 1 Configuration Wizard Please refer to 3 2 Quick Software Configuration for the detailed description of Configuration Wizard ...

Page 85: ...on LAN ports A user on client machine can use this domain name to access MW 2000S instead of its IP address In addition when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain name y Home Page Enter the website of a Web Server to be the homepage When users log in successfully they will be directed to...

Page 86: ...ss range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page y SNMP If the function is enabled the Manager IP and the community can be assigned to access the management information base MIB of the system y User Logon SSL Enable to activate https e...

Page 87: ...ired fields to be filled in IP address the IP address of the WAN1 port Subnet mask the subnet mask of the network WAN1 port connects to Default gateway a gateway of the network WAN1 port connects to Preferred DNS Server The primary DNS server is used by the system Alternate DNS Server The substitute DNS server is used by the system This is an optional field y Dynamic IP address It is only applicab...

Page 88: ...the system will automatically disconnect itself y PPTP Client Set WAN1 port to connect to external PPTP server to establish PPTP VPN tunnel Select STATIC to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically The fields with red mark are required Please fill in these fields There is a Dial on demand function under PPTP If this function is enabled a...

Page 89: ... port The red asterisks indicate required fields to be filled in IP address the IP address of the WAN2 port Subnet mask the subnet mask of the network WAN2port connects to Default gateway a gateway of the network WAN2 port connects to Preferred DNS Server The primary DNS server is used by the system Alternate DNS Server The substitute DNS server is used by the system This is an optional field y Dy...

Page 90: ...PoE Client When selecting PPPoE to connect to the network please set the User Name and Password There is a Dial on demand function under PPPoE If this function is enabled Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself ...

Page 91: ...hrough WAN1 Range 1 99 by default it is 50 Base The weight ratio between WAN1 and WAN2 can be based on Sessions Packets or Bytes Packets and Bytes are based on historic data New connection sessions will be distributed between WAN1 and WAN2 by a weight ratio using random number y Enable WAN Failover Normally a Service Zone uses WAN1 as it primary WAN interface When enabled and WAN2 is available WAN...

Page 92: ...ration Mode Choose one of the two modes NAT mode and Router mode by the requirements IP Address Enter the desired IP address for the uncontrolled port Subnet Mask Enter the desired subnet mask for the uncontrolled port y DHCP Server Configuration There are three methods to set the DHCP server 1 Disable DHCP Server Disable DHCP Server function 2 Enable DHCP Server Choose Enable DHCP Sever function ...

Page 93: ...r the IP address of WINS Lease Time Choose the time to change the DHCP Reserved IP Address List Enter the related Reserved IP Address MAC and some description not compulsory and click Apply to complete the setup 3 Enable DHCP Relay If enabling this function is desired specifying other DHCP Server IP address is desired See the following figure y SIP Interface Configuration The system provides SIP p...

Page 94: ...fic control etc There are up to five Service Zones to be utilized by default they are named as Default SZ1 SZ2 SZ3 and SZ4 as shown in the table below Service Zone Name Mnemonic name of the Service Zone VLAN Tag The VLAN tag number that is mapped to the Service Zone SSID The SSID that is associated with the Service Zone WLAN Encryption Data encryption method for wireless networks within the Servic...

Page 95: ...rt IP Address End IP Address A range of IP addresses that built in DHCP server will assign to clients Note please change the Management IP Address List accordingly at System ConfigurationÆ System Information Æ Management IP Address List to permit the administrator to access the MW 2000S admin page after the default IP address of the network interface is changed o Preferred DNS Server The primary D...

Page 96: ...the chosen policy will be applied to SIP traffic 3 Service Zone Settings Authentication Settings Authentication Status When enabled users must be authenticated before they get access to the network within this Service Zone Authentication Options There are total seven types of authentication database LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP that are supported by the entire system For each S...

Page 97: ...oft Outlook before they are authenticated Click Edit Mail Message to edit the message in HTML format 4 Service Zone Settings Wireless Settings Set SSID Each service zone can be mapped with its own SSID Access Point Security For each service zone administrators can set up the wireless security profile including Authentication and Encryption 5 Service Zone Settings Managed AP in this Service Zone Al...

Page 98: ...e Configuration AirLive MW 2000S User s Manual 93 7 2 User Authentication This section includes the following functions Authentication Configuration Black List Configuration Policy Configuration and Additional Configuration ...

Page 99: ...In addition there are two servers On demand User and SIP are selected by the system For the Authentication Settings of each Service Zone please see 5 1 7 Service Zones y Server Name There are several authentication options supported by MW 2000S Server 1 to Server 4 On demand User and SIP Click the hyperlink of the respective Server Name to configure the authentication server y Auth Method There ar...

Page 100: ...ack lists provided by the system A user account listed in the black list is not allowed to log into the system the client s access will be denied The administrator may select one black list from the drop down menu and this black list will be applied to this specific authentication option y Authentication Database The system supports five types of authentication database that are Local POP3 RADIUS ...

Page 101: ... MAC and Remark Select a desired Policy and choose whether to enable Local VPN Only Username and Password are required information Check the desired service zone s in Service Zones area it means that the client is able to log in the system via the checked service zone s The rest are optional For the Policy configuration please check section on Policy Configuration Click Apply to complete adding th...

Page 102: ...Address Applied Policy Remark Local VPN enabled There must be no spaces between the fields and commas The MAC field can be omitted but the trailing comma must be retained When adding user accounts by uploading a file the existing accounts in the embedded database will not be replaced by the new y Download User Use this function to create a txt file with all built in user account information and th...

Page 103: ...xplanation above in the section for Roaming Out and the section for 802 1X Authentication Click the hyperlink Roaming out 802 1X Client Device Settings to enter the Roaming out 802 1X Client Device Settings interface Choose the desired type Disable Roaming Out or 802 1X and key in the 802 1x client s IP address and network mask and then click Apply to complete the settings 802 1x Authentication Wh...

Page 104: ...rs are not allowed y Black List There are five sets of the black lists Select one of them or choose None For details please refer to 5 2 2 Black List y Authentication Database There are five authentication methods Local POP3 RADIUS LDAP and NT Domain to configure from Select the desired method and then click the link besides the pull down menu for more advanced configuration Local authentication m...

Page 105: ...or backing up each other The system functions as a RADIUS authenticator for external RADIUS servers Click the hyperlink Configure for further configuration The RADIUS server sets the external authentication for clients Enter the related information for the primary RADIUS server and or the secondary RADIUS server the secondary server is not required Information must be entered for fields with red a...

Page 106: ...rver for authentication On the other hand when Only ID option is checked only the username will be transferred to the external RADIUS server for authentication y NAS Identifier The Network Access Server NAS Identifier of the system for the external RADIUS server y Class Policy Mapping This function applies the selected policy to specific clients grouped by the RADIUS class attribute The clients wi...

Page 107: ...ings will be effective immediately after clicking the Apply button y Server The IP address of the external LDAP Server y Port The authentication port of the external LDAP Server y Base DN The Distinguished Name for the navigation path of LDAP account y Account Attribute The attribute of LDAP accounts y LDAP Policy Mapping This function is to apply selected policy to certain clients grouped by LDAP...

Page 108: ...tion by an external NT Domain authentication database y Server The IP address of the external NT Domain Server y Transparent Login Transparent Login means Windows NT Domain single sign on When Transparent Login is enabled clients will log in the system automatically after they have logged in the NT domain Thus clients only need to log in once ...

Page 109: ...atabase to be used for authentication when multiple databases are concurrently in use Enter the postfix used for on demand users y Monetary Unit Select the desired monetary unit or specified the unit by users y WLAN ESSID The administrator can enter the defined wireless ESSID in this field and it will be printed on the receipt for on demand users reference when accessing the Internet via wireless ...

Page 110: ...ader There are two receipt headers supported by the system The entered content will be printed on the receipt These headers are optional y Receipt Footer The entered content will be printed on the receipt This footer is optional y Preview Click Preview button the ticket will be shown including the information of username and password with the selected background Print the ticket here ...

Page 111: ...nable button and then the plan is activated y Plan The number of the specific plan y Type This is the type of the plan based on which it defines how the account can be used y Quota The limit on how On demand users are allowed to access the network o Time Total period of time xx hrs yy mins during which On demand users are allowed to access the network o Volume Total traffic volume xx Mbytes up to ...

Page 112: ...for end users Authorize Net Payment Page Configuration Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect t...

Page 113: ...e These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Client s Purchasing Record Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change ...

Page 114: ...t of MMYY For example an expiration date of July September 2009 should be entered as 0709 Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor Card Code The three or four digit code assigned to...

Page 115: ... phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number Fax A fax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code a...

Page 116: ...ed Enable Disable Choose to enable or cancel the plan Quota The usage time or condition of each plan Price The price charged for this plan Client s Purchasing Record PayPal Payment Page Remark Content Client s Purchasing Record Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following trans...

Page 117: ... the on demand user s information including the username and password Note If no Billing plan is enabled accounts cannot be created by clicking Create button Please goes back to Billing Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer y Plan Th...

Page 118: ...e login name of the user y Password The login password of the user y Remaining Quota The remaining time or volume that the user can continue to use to access the network y Status The status of the account Normal the account is not currently in use and also does not exceed the quota limit Online the account is currently in use Expired the account is not valid any more even there is remaining quota ...

Page 119: ...s through NAT with a selective but fixed WAN interface Administrator will be able to add trusted SIP Registrars up to four of them A policy can be chosen to govern SIP traffic y SIP SIP authentication supports 4 Trusted SIP Registrar y IP Address The IP address of the Trusted SIP Registrar y Remark The administrator can enter extra information in this field for remark y Policy The Policy applied t...

Page 120: ...ct the desired black list y Select Black List There are 5 lists to select from for the desired black list y Name Set the black list name and it will show on the drop down box above y Add User to List Click the hyperlink to add users to the selected black list After entering the usernames in the Username blanks and the related information in the Remark blank not required click Apply to add the user...

Page 121: ...al a policy can be applied on a per user basis When the type of method is NT Domain or ONDEMAND a policy is applied to the whole user database When the type of method is RADIUS a policy is mapped to a user group of a RADIUS class The Class Policy Mapping function will be available to let the administrator assign a policy for a RADIUS Class attribute When the type of method is LDAP a policy is appl...

Page 122: ...o on Each firewall rule is defined by source Destination a Service out of the policy s Service List and a Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced it can be set to Always Recurring or One Time Attention Filter Rule Item 1 is the highest priority Filter Rule Item 2 is the second priority and so on Rule Item This is the rule selec...

Page 123: ...re are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway IP Address The destination IP address of the host or th...

Page 124: ...maximum bandwidth allowed to share by clients within the same policy Individual Maximum Downlink It defines the maximum bandwidth allowed for an individual client the Individual Maximum Downlink can not exceed the value of Total Downlink Individual Request Downlink It defines the guaranteed minimum bandwidth allowed for an individual client the Individual Request Downlink can not exceed the value ...

Page 125: ...y Select Policy Select Global to set the Firewall Profile Specific Route Profile and Privilege Profile Firewall Profile Click the hyperlink of Setting for Firewall Profile the Firewall Profiles list will appear Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active to enable that rule Predefined and Cus...

Page 126: ...le is enforced it can be set to Always Recurring or One Time Specific Route Profile Click the button of Setting for Specific Route Profile the Specific Route Profile list will appear The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway IP Addre...

Page 127: ...n of Setting for Privilege Profile the Specific Route Profile list will appear Maximum Concurrent Sessions The concurrent sessions for each user it can be restricted by administrator When a user reaches the session limit this user will be implicitly suspended from any new connection for a fixed time period ...

Page 128: ...ort On demand users and RADIUS authentication y Roaming Out Timer Session Timeout The time that the user can access the network while roaming When the time is up the user will be kicked out automatically Idle Timeout If a user has idled with no network activities the system will automatically kick out the user Interim Update The system will update the users current status and usage according to th...

Page 129: ...r Volume is 1Mbyte and the level for Time is 5 minutes y Enhance User Authentication With this function only the users with their MAC addresses in this list can log into MW 2000S There are 40 users maximum allowed in this MAC address list User authentication is still required for these users Please enter the Permit MAC Address List to fill in these MAC addresses select Enable and then click Apply ...

Page 130: ...anual 125 7 3 AP Management MW 2000S supports to manage up to 12 access points AP and they can be configured in this section This section includes the following functions AP List AP Discovery Manual Configuration Template Settings Firmware Management and AP Upgrade ...

Page 131: ...list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status Check any AP and then click the button below to Reboot Enable Disable and Delete the checked AP if desired Click Apply Template to select one template to apply to the AP Click Apply Service Zone to setup one Service Zone to the AP ...

Page 132: ...gs There four kinds of settings General Settings LAN Interface Setting Wireless Interface Setting and Access Control Setting Click the hyperlink to go on the configuration General Setting Click Setting to enter the General Setting interface Revise the AP Name Admin Password and Remark if desired Firmware information can also be observed here ...

Page 133: ...anual 128 LAN Setting Click LAN to enter the LAN Setting interface Input the data of LAN including IP address Subnet Mask and Default Gateway of AP Wireless LAN Click Wireless LAN to enter the Wireless interface The data of Properties and Security need to be filled ...

Page 134: ...sion speed is desired or keep the default setting Auto to make the Access Point automatically use the fastest rate possible y 802 11 Protection Choose to enable or disable this function from the drop down box y Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet y RTS Threshold Enter the desired RTS Thr...

Page 135: ...ntication Type Open System Shared Key or Both Key Length 64 bits or 128 bits Key Index Key1 Key4 and then input the Key Check 802 1x Authentication to enable this function and enter the related data if necessary y WPA WPA is Wi Fi s encryption method that protects unauthorized network access by verifying network users through a server Select 802 1x or WPA PSK security type and enter the related in...

Page 136: ...fault is Disabled y Status After clicking the hyperlink of Status the basic information of the AP including AP Name AP Type LAN MAC LAN MAC Wireless LAN MAC Up Time Report Time SSID Number of Associated Clients and Remark can be observed In the below of the AP Status Detail there are related detailed information System Status LAN Status Wireless LAN Status Access Control Status and Associated Clie...

Page 137: ...P Address Subnet Mask and Gateway Wireless LAN Status The table shows all of the related wireless information Access Control Status The table shows the status of MAC of clients under the control of the AP Associated Client Status The table shows the clients connecting to the AP and the related information of the client ...

Page 138: ...n the list below If one of the IP addresses intended is used a warning message will show up In this case please change the IP range on Base IP or Pool Size and then click Discover again Input the desired name and password for the AP Select one template and then click Add to add it under the managed list About the template please see 5 3 4 Template When the matched AP is discovered it will show up ...

Page 139: ...ce and AP Access configuration is the same as the settings mentioned above When Auto Discovery Status function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Add AP is enabled it will be assigned an available IP from the IP pool set within the interfaces and applied with the selected template ...

Page 140: ...model that can be copied to every AP and not necessary to configure the AP individually There are three templates provided Click Edit to go on configuration Before configure the template copy the configuration mode of an AP to the template by selecting a Source AP and without configuring the template from the beginning administrators can also revise some settings for demand If copy is not desired ...

Page 141: ...ce Configuration AirLive MW 2000S User s Manual 136 After entering the interface revise the configuration for demand and change administrator s password if desired About other function settings please refer to 5 3 1 AP List ...

Page 142: ... s Manual 137 7 3 5 Firmware Management Here AP s firmware can be uploaded and the present firmware can be downloaded deleted 7 3 6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware and click Apply to upgrade firmware ...

Page 143: ...e MW 2000S User s Manual 138 7 4 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties Dynamic DNS IP Mobility and VPN Termination ...

Page 144: ... to define mandatory external to internal IP mapping hence a user on WAN side network can access the private machine via the external IP similar to DMZ usage in firewall product There are 40 sets of static Internal IP Address and External IP Address available If a host needs a static IP address to access the network through WAN port set a static IP for the host These settings will become effective...

Page 145: ...col In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button y Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses maximum for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected t...

Page 146: ... to access the network without getting authenticated enter the IP addresses of these workstations in this list The Remark blank is not necessary to be filled in but is useful in record keeping MW 2000S allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply Warning Permitting specific IP addresses to have network access rights without going t...

Page 147: ...is list MW 2000S allows 100 privilege MAC addresses at most It is possible to manually create the list by entering the MAC address the format is xx xx xx xx xx xx as well as entering the remark not required These settings will become effective immediately after clicking Apply Warning Permitting specific MAC addresses to have network access rights without going through standard authentication proce...

Page 148: ...ly and these settings will become effective immediately Click Monitor to check the current status of all the monitored IPs Green light means online and red light means offline The system provides 40 monitor IP address fields on the Monitor IP List On each monitored item with a WEB server running administrators may add a link for the easy access by selecting a protocol http or https and click the A...

Page 149: ...ted Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website IP Address or Domain Name in the list and these settings will become effective immediately after clicking Apply Caution To use the domain name the MW 2000S has to connect to DNS se...

Page 150: ...matching then the end users will no be able to reach the login page and thus unable to access the network If there is a matching then the end users will be directed to the system first for authentication After a successful authentication the end users will be redirected back to the desired proxy servers depending on various situations y Internal Proxy Server MW 2000S has a built in proxy server If...

Page 151: ... If the DHCP is activated at WAN port this function will also update the newest IP address regularly to the DNS server These settings will become effective immediately after clicking Apply y DDNS Enabling or disabling of this function y Provider Select a DNS provider y Host name The IP address domain name of the WAN port y Username E mail The register ID username or e mail for the DNS provider y P...

Page 152: ...nel from the end user s computer through the local wireless network through the Internet all the way to the corporate servers and database Local VPN The Entire System Local VPN allows to create the VPN tunnel between a user s device and MW 2000S to encrypt the data transmission In addition only when this function is enabled Active here do users of the entire system are able to use Local VPN Local ...

Page 153: ...figuration AirLive MW 2000S User s Manual 148 7 5 Utilities This section provides four utilities to customize and maintain the system including Change Password Backup Restore Setting Firmware Upgrade Restart and Network Utilities ...

Page 154: ...the user accounts but has no permission to change the settings of the profiles for Firewall Specific Route and Schedule User Name manager Password airlive Operator The operator can only access the configuration page of Create On demand User to create and print out the new on demand user accounts User Name operator Password airlive The administrator can change the passwords here Please enter the cu...

Page 155: ...fault settings here y Backup current system setting Click Backup to create a db database backup file and save it on disk y Restore system setting Click Browse to search for a db database backup file created by MW 2000S and click Restore to restore to the same settings at the time the backup file was created y Resetting to the factory default settings Click Reset to load the factory default setting...

Page 156: ...It might be a few minutes before the upgrade process completes and the system needs to be restarted to make the new firmware effective Warning 1 Firmware upgrade may cause the loss of some of the data Please refer to the release notes for the limitation before upgrading the firmware 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or the re...

Page 157: ...s This function allows the administrators to manage functions including Wake on LAN Ping Trace Route and showing ARP Table by entering IP or Domain Name Wake on LAN It allows the system to remotely boot up a power down computer with Wake On LAN feature enabled and is on the LAN side Enter the MAC Address of the desired device and click Wake Up button to execute this function Ping It allows adminis...

Page 158: ...on AirLive MW 2000S User s Manual 153 7 6 Status This section includes System Status Interface Status Routing Table Current Users Traffic History and Notification Configuration to provide system status information and online user status ...

Page 159: ...Chapter 7 Web Interface Configuration AirLive MW 2000S User s Manual 154 7 6 1 System Status This section provides an overview of the system for the administrator ...

Page 160: ...etection and all online users are allowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function is currently being used or not SNMP Enabled disabled stands for the current status of the SNMP management function Retained Days The maximum number of days for the system to retain the users information History Email To The email address to which the traffic history or u...

Page 161: ...nfiguration AirLive MW 2000S User s Manual 156 7 6 2 Interface Status This section provides an overview of the interface for the administrator including WAN1 WAN2 LAN1 4 LAN1 4 DHCP Server Private LAN and Private LAN DHCP Server ...

Page 162: ...it is not configured Start IP Address The start IP address of the DHCP IP range End IP address The end IP address of the DHCP IP range LAN1 4 DHCP Server Lease Time Minutes of the lease time of the IP address Mode The mode of the private port MAC Address The MAC address of the private port IP Address The IP address of the private port Private LAN Subnet Mask The Subnet Mask of the private port Sta...

Page 163: ...s the information of the individual Policy from 1 to 12 y Global Policy Shows the information of the Global Policy y System Shows the information of the system administration Destination The destination IP address of the device Subnet Mask The Subnet Mask IP address of the port Gateway The Gateway IP address of the port Interface The choice of interface network including WAN1 WAN2 Default or the n...

Page 164: ...ation including Username IP MAC Pkts In Bytes In Pkts Out Bytes Out Idle Location and Kick Out will be shown Administrators can force out a specific online user by clicking the hyperlink of Logout and check the user access AP status by clicking the hyperlink of the AP name for Location Click Refresh is to update the current users list ...

Page 165: ...please manually copy and save the information before restarting If the History Email has been entered under the Notification Configuration page the system will automatically send out the history information to that email address y Traffic History As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes O...

Page 166: ... in Bytes Out Pkts In Pkts Out and Message of user activities y SIP Call Usage Log The log provides the login and logout activities of SIP clients device and soft clients such as Start Time Caller Callee and Duration seconds y Monthly Network Usage of Local User The system will record the network usage of local users every month In addition the data will be stored locally for up to two months and ...

Page 167: ... Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour A trial email is provided by the system for validation In addition the system supports recording Syslog of Traffic History On demand User Log and Session Log via external Syslog servers In addition the Session Log can be sent to a specified...

Page 168: ...rdized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5 or Login but which method to be used can not be configured y Syslog Configuration There are 2 types of Syslog supported Sy...

Page 169: ...ace Configuration AirLive MW 2000S User s Manual 164 7 7 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of the items to get the information ...

Page 170: ...urations must be set up on the PC Internet Connection Setup and TCP IP Network Setup y Internet Connection Setup Windows 9x 2000 1 Choose Start Æ Control Panel Æ Internet Options 2 Choose the Connections label and then click Setup 3 Choose I want to set up my Internet connection manually or I want to connect through a local Area network LAN and then click Next ...

Page 171: ...n PC AirLive MW 2000S User s Manual 166 4 Choose I connect through a local area network LAN and click Next 5 DO NOT choose any option in the following LAN window for Internet configuration and just click Next 6 Choose No and click Next ...

Page 172: ...irLive MW 2000S User s Manual 167 7 Finally click Finish to exit the Internet Connection Wizard Now the set up has been completed Windows XP 1 Choose Start Æ Control Panel Æ Internet Option 2 Choose the Connections label and then click Setup ...

Page 173: ...ation on PC AirLive MW 2000S User s Manual 168 3 Click Next when Welcome to the New Connection Wizard screen appears 4 Choose Connect to the Internet and then click Next 5 Choose Set up my connection manually and then click Next ...

Page 174: ...nfiguration on PC AirLive MW 2000S User s Manual 169 6 Choose Connect using a broadband connection that is always on and then click Next 7 Finally click Finish to exit the Connection Wizard Now you have completed the setup ...

Page 175: ...related information for each PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If you want to check the TCP IP setup or use the static IP in the LAN1 LAN2 or LAN3 LAN4 section please follow the following steps Check the TCP IP Setup of Window 9x ME 1 Choose...

Page 176: ...m MW 2000S 4 Using Specific IP Address If you want to use specific IP address you have to ask the network administrator for the information of MW 2000S IP address Subnet Mask New gateway and DNS server address Note If your PC has been set up completed please inform the network administrator before proceeding to the following steps y Please choose Specify an IP address and enter the information giv...

Page 177: ...00S in the New gateway and then click Add and OK y Choose DNS Configuration label If the DNS Server column is blank please click Enable DNS and then enter the DNS address or the DNS address provided by ISP Then click Add and click OK Check the TCP IP Setup of Window 2000 1 Select Start Æ Control Panel Æ Network and Dial up Connections ...

Page 178: ...ies 3 Select Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or specific IP address please proceed to the following steps 4 Using DHCP If want to use DHCP please choose Obtain an IP address automatically and click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from MW 2000S ...

Page 179: ...our PC has been set up completed please inform the network administrator before proceeding to the following steps y Please choose Use the following IP address and enter the information given from the network administrator in IP address and Subnet mask If the DNS Server column is blank please choose Using the following DNS server addresses and then enter the DNS address or the DNS address provided ...

Page 180: ... the Default Gateways column and the TCP IP Gateway Address window will appear Enter the gateway address of MW 2000S in the Gateway of TCP IP Gateway Address window and then click Add After back to the IP Settings label click OK to finish Check the TCP IP Setup of Window XP 1 Select Start Æ Control Panel Æ Network Connection ...

Page 181: ...General label and choose Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or specific IP address please proceed to the following steps 4 Using DHCP If want to use DHCP please choose Obtain an IP address automatically and click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from MW 2000S ...

Page 182: ...r PC has been set up completed please inform the network administrator before proceeding to the following steps y Please choose Use the following IP address and enter the information given from the network administrator in IP address and Subnet mask If the DNS Server column is blank please choose Using the following DNS server addresses and then enter the DNS address or the DNS address provided by...

Page 183: ...se the IP Settings label and click Add below the Default Gateways column and the TCP IP Gateway Address window will appear Enter the gateway address of MW 2000S in the Gateway of TCP IP Gateway Address window and then click Add After back to the IP Settings label click OK to finish ...

Page 184: ...n Internet browser and try to connect to any website in this example we try to connect to www google com a For the first time if the MW 2000S is not using a trusted SSL certificate for more information please see 4 2 4 Additional Configuration there will be a Certificate Error because the browser treats MW 2000S as an illegal website b Please press Continue to this website to continue c The defaul...

Page 185: ...on will take you to the website where you originally want to visit or the home page that is configured in the system Note When On demand accounts are used for example we use q77z ondemand here the system will display more information as shown below y Remaining usage The remaining quota of this On demand account that the user can surf the Internet ...

Page 186: ...username for example we use 6uh3 ondemand here and password in the Redeem Page and click ENTER button to merge the two accounts so that there will be more quota for the original account in this case we add up additional quota of 200M bytes Note The maximum session time data transfer is 24305 days 9 999 999 Mbyte If the redeem amount exceeds this number the system will automatically reject the rede...

Page 187: ...cenario 1 No matter where they stay in the office all users should be divided into two groups Employee and Guest for the purpose of authentication differences 2 Each service zone must setup its own SSID to let users to access the wireless network using the specific SSID The system will give a unique Session ID to authenticated users when they start new sessions 3 Both groups of Employees and Guest...

Page 188: ...able the Service Zone and set up other basic information 3 Configure the SSID and other settings which will be applied to the managed APs in this Service Zone 4 Enable the Authentication Status select the default Authentication Option and customize the Login Page and other pages ...

Page 189: ... AirLive MW 2000S User s Manual 184 5 Choose the appropriate Policy which will be applied to this Service Zone Finished Configuration Service Zone Settings The table will summarize the current configuration and status for each Service Zone ...

Page 190: ...epting Payments via Authorize Net This section is to show independent Hotspot owners how to configure related settings in order to accept credit card payments via Authorize Net making the Hotspot an e commerce environment for end users to pay for and obtain Internet access using their credit cards ...

Page 191: ...e Net account If you are looking for a merchant account or Internet payment gateway to process transactions you can fill out the Inquiry Form on http www authorize net solutions merchantsolutions merchantinquiryform 1 2 Configure MW 2000S using an Authorize Net account Please log in MW 2000S User Authentication Æ Authentication Configuration Æ Click the server On demand User Æ External Payment Gat...

Page 192: ...se log in Authorize Net Click Settings and Profile Æ Go to the Security section Æ click MD5 Hash Æ Enter New Hash Value Confirm Hash Value Æ Click Submit Required Card Code If the Card Code is set up as a required field please log in Authorize Net Æ Click Settings and Profile Æ Go to the Security section Æ click Card Code Verification Æ Check the Does NOT Match N box Æ Click Submit Required Addres...

Page 193: ...d an unsettled transaction please log in Authorize Net Click Unsettled Transactions Æ Locate the specific transaction record on the List of Unsettled Transactions Æ Click the Trans ID number Æ Confirm and click Void Note To find the on demand account name click Show Itemized Order Information in the Order Information section Æ Username can be found in the Item Description b To remove the specific ...

Page 194: ...on section Æ Username and Password can be found in the Item Description 2 4 Send An Email Receipt to A Customer If a valid email address is provided MW 2000S will automatically send the customer an email receipt for each successful transaction via Authorize Net To change the information on the receipt for customer please log in MW 2000S User Authentication Æ Authentication Configuration Æ Click th...

Page 195: ...Client s Purchasing Record section of the page Æ Check the Change the Number box Æ A location specific ID for example Hotspot A can be used as the first part of Starting Invoice Number Æ Confirm and click Apply b Please log in Authorize Net Æ Click Search and Download Æ Specify the transaction period or ALL Settled Unsettled in Settlement Date section Æ Go to Transaction section Æ Enter the first ...

Page 196: ...epting Payments via PayPal This section is to show independent Hotspot owners how to configure related settings in order to accept payments via PayPal making the Hotspot an e commerce environment for end users to pay for and obtain Internet access using their PayPal accounts or credit cards ...

Page 197: ...r a PayPal Business Account and login Here is a link https www paypal com cgi bin webscr cmd _registration run Step 2 Edit necessary settings in Website Payment Preferences Click Profile Æ Click Website Payment Preferences in the Selling Preferences section Administrators should scroll down to edit each setting as shown in the table below To activate all the changes please click Save at the end of...

Page 198: ... other URL Payment Data Transfer On Block Non encrypted Website Payment Off PayPal Account Optional Off Contact Telephone Number Off Click Save 1 2 Configure MW 2000S with a PayPal Business Account Please log in MW 2000S User Authentication Æ Authentication Configuration Æ Click the server On demand User Æ External Payment Gateway Æ Click Configure Æ Select PayPal ...

Page 199: ...og in PayPal after saving the above settings Æ Click Profile Æ Click Website Payment Preferences in the Selling Preferences section Æ Scroll down to the section Payment Data Transfer optional Copy the Identity Token in the above page to the section PayPal Payment Page Configuration of MW 2000S 1 3 Requirements for Building a Secure PayPal based E Commerce Site To deploy the PayPal function properl...

Page 200: ...emand Account List Æ Click View Æ Click Delete on the record with the account ID Click Delete All to delete all users at once 2 2 Find the username and password for a specific customer a To find the username please log in PayPal Æ Click History Æ Locate the specific payment listing in the activity history log Æ Click Details of the payment listing Æ Username can be found in the Item Title field b ...

Page 201: ... 3 Reporting During normal operation the following steps will be necessary to generate transaction reports 3 1 Transaction activity during a period Please log in PayPal Æ Click History Æ Choose activity type from the Show field as the search criteria Æ Specify the dates From and To fields for the period Æ Click Search 3 2 Search for the transaction details for a specific customer Please log in Pay...

Page 202: ...User s Manual 197 Appendix F Examples of Making Payments for End Users 1 Making Payments via Authorize Net Step 1 Click the link below the login window to pay for the service by credit card via Authorize Net Step 2 Choose I agree to accept the terms of use and click Next ...

Page 203: ...form and Click Submit to send out this transaction There will be a confirm dialog box Step 4 Please confirm the data and the click OK to go on the transaction or click Cancel to revise the data or cancel this transaction After clicking OK there will be another dialog box showing up to confirm this transaction again ...

Page 204: ...ancel this transaction Step 6 Click Start Internet Access to use the Internet access service Note The clients must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If clients choose to enter the e mail addresses clients will receive confirmation letters for reference ...

Page 205: ...00 2 Making Payments via PayPal Step 1 Click the link below the login window to pay for the service via PayPal Step 2 Choose I agree to accept the terms of use and click Next Step 3 Please fill out the form and Click Submit to send out this transaction There will be a confirm dialog box ...

Page 206: ...Appendix F Examples of Making Payments for End Users AirLive MW 2000S User s Manual 201 Step 4 You will be redirected to PayPal website to complete the payment process ...

Page 207: ...l enables you to send payments securely online using PayPal account a credit card or bank account Clicking on Buy Now button you will be redirected to PayPal s site to make payment Please do not manually close the browser when you reach PayPal s payment confirmation page It takes about 30 seconds or more before you are automatically redirected back to our website with a set of Login ID and Passwor...

Page 208: ...tablish IPSec VPN tunnels between local user s Windows devices on local wired or wireless network and MW 2000S itself for the purpose of traffic protection on local networks By pushing down ActiveX Control to the user s browser from MW 2000S the system will be able to install a so called clientless IPSec VPN ...

Page 209: ...tion Flow a As usual enter username and password in the User Login Page b For the first time if the user has never used Local VPN feature Windows IE browser 6 0 or above will display an alert message to ask the user whether she or he wants to install the add on software ...

Page 210: ...0S User s Manual 205 c Click on the alert message and then choose the Install ActiveX Control to install the software d After the software is installed well the system will try to establish the IPSec VPN tunnel for the user automatically ...

Page 211: ...ecured by IPSec VPN 2 ActiveX Control component The ActiveX Control is a software component running inside Internet Explorer The ActiveX Control component can be checked by the following windows From Windows Internet Explorer click Manage add ons button inside Programs page under Tools to show the add ons programs list You can see VPNClient ipsec was enabled ...

Page 212: ...OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2 2 ICMP and Active Mode FTP On Windows XP SP2 without patching by KB889527 it will drop ICMP packets from IPSec tunnel This problem can be fixed by upgrading patch KB889527 Before enabling IPSec VPN function on client device please access the patch from Microsoft s web at http support microsoft com default aspx s...

Page 213: ...ternet Explorer Open a URL from the other application e g email of Outlook that occupies this existing Internet Explorer That shall all cause the termination of IPSec VPN tunneling if user chooses to click Yes The user has to log in again to regain the network access Suggestion Click Cancel if you do not intend to stop the IPSec VPN connection yet 4 Non supported OS and Browser In current version ...

Page 214: ...n of page selections to have further configuration 1 Custom PagesÆ Login Page The administrator can use the default login page or get the customized login page by setting the template page uploading the page or downloading from the specific website After finishing the setting click Preview to see the login page y Custom PagesÆ Login PageÆ Default Page Choose Default Page to use the default login p...

Page 215: ... MW 2000S User s Manual 210 y Custom PagesÆ Login Page ÆUploaded Page Choose Uploaded Page and upload a login page The user defined login page must include the following HTML codes to provide the necessary fields for username and password ...

Page 216: ...e login page click the Use Default Page button to restore it to default After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file After the upload process is completed and applied the new login page can be previewed by clicking Preview button at the button y Custom PagesÆ Login Pages ÆExternal Page Choose the Exter...

Page 217: ...eeded for the logout interface click the Use Default Page button 3 Custom PagesÆ Login Success Page The users can apply their own Login Success page in the menu As the process is similar to that of the Login Page please refer to the Login Page instructions for more details yCustom PagesÆ Login Success PageÆ Default Page Choose Default Page to use the default login success page y Custom PagesÆ Logi...

Page 218: ...process After the upload process is completed and applied the new login success page can be previewed by clicking Preview button at the bottom y Custom PagesÆ Login Success PageÆ External Page Choose the External Page selection and get the login success page from the specific website In the External Page Setting enter URL of the external login page and then click Apply After applying the setting t...

Page 219: ...e please refer to the Login Page instructions for more details y Custom PagesÆ Login Success Page for On demand UsersÆ Default Page Choose Default Page to use the default login success page for Instant account y Custom PagesÆ Login Success Page for On demand UsersÆ Template Page Choose Template to make a customized login success for Instant account Click Select to pick up a color and then fill in ...

Page 220: ...Click the Browse button to select the file for the login success page for Instant upload Then click Submit to complete the upload process y Custom PagesÆ Login Success Pages for On demand UsersÆ External Page Choose the External Page selection and get the login success page from the specific website In the External Page Setting enter URL of the external login page and then click Apply After applyi...

Page 221: ...se Default Page to use the default logout success page y Custom PagesÆ Logout Success PageÆTemplate Page Choose Template Page to make a customized logout success page Click Select to pick up a color and then fill in all of the blanks Click Preview to see the result first y Custom PagesÆ Logout Success PageÆ Uploaded Page Choose Uploaded Page and get the logout success page to upload Click the Brow...

Page 222: ...nal Page Choose the External Page selection and get the logout success page from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new logout success page can be previewed by clicking Preview button at the bottom of this page ...

Page 223: ...he newly established session Blocked This session is blocked by a Firewall rule Username The account name with postfix of the user It shows N A if the user or device does not need to log in with a username For example the user or device is on a non authenticated port or on the privileged MAC IP list Note Only 31 characters are available for the combination of Session Type plus Username Please chan...

Page 224: ...iven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of MW 2000S is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the ter...

Page 225: ...pecified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their bootup messages instead of copying the messages by hand Main menu Go back to the main menu y Change admin pass...

Reviews: