manualshive.com logo in svg

LevelOne WHG-311, User Manual, Page: 291 / 307

Share
Download
LevelOne WHG-311 User Manual Download Page 291

 

 

291 

Appendix C.   Policy Priority 

 

Global Policy, Service Zone Policy, Authentication Policy and User Policy 

WHG Controller supports multiple Policies, including one 

Global Policy

 and multiple individual 

Policy

 which can be 

assigned and bound to 

Group

Global Policy

 is the system’s universal policy and applied to all clients, while other 

individual Policy can be selected and defined to be applied to any Service Zone. On the other hand, 

Service Zone

 

also has a 

Default Policy

. For some authentication, such as Local, RADIUS and LDP, user can assign to different 

Group individually. The clients belonging to a Service Zone will be bound by an applied Policy. In addition, a Policy 

can be applied at a Group basis; a Group of users can be bound by a Policy. So one user may be applied different 

policy at the same time. Which policy is actually applied to this user? 

 

The Policy Priority must be: 

 

User Policy >> Authentication Policy >> Service Zone Policy >> Global Policy 

 

Now, let us discus different user policy type: 

o

 

For Local, RADIUS and LDAP, if these users are assigned to different Group individually, these users can be 

assigned to their Group. For example, a Local user, user01, is assigned to Group1 and the Local Authentication 

is assigned to Group2. If Group1 in Service Zone1 can be applied Policy1. Then user01 login to Service Zone1 

will get Policy1. This is a common case for users that can assign Group individually. 

o

 

For Local, RADIUS and LDAP, if these users do not assigned any Group individually, so they are same as other 

authentication server users that they can not assign to Group individually. For example, a POP3 user, pop01, 

the POP3 Authentication is assigned to Group1. If Group1 in Service Zone1 can be applied Policy1. Then pop01 

login to Service Zone1 will get Policy1. This is another common case for users that can assign Group by 

authentication server. 

o

 

If Authentication server also do not assign to a Group, then the user will applied the Service Zone Default Policy. 

For example, a Local user, user01, is assigned to Group 

None

 and the Local Authentication is also assigned to 

Group 

None

. If the Default Policy of Service Zone1 is applied Policy1. Then user01 login to Service Zone1 will 

get Policy1. 

o

 

If the Default Service Zone Policy is 

None

. Authentication server does not assign to a Group and user Group is 

None

 too. For example, a Local user, user01, is assigned to Group 

None

 and the Local Authentication is also 

assigned to Group 

None

. If the Default Policy of Service Zone1 is 

None

. Then user01 login to Service Zone1 will 

apply the Global Policy. 

So, the Global Policy has the lowest policy priority; on the other hand, the User Policy will be the highest one. 

 

Summary of Contents for WHG-311

Page 1: ...LevelOne Secure WLAN Controller WHG 311 315 401 505 515 707 User Manual...

Page 2: ...rademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners About 4ipnet The LevelOne Secure WLAN Controller series is powered by...

Page 3: ...wing measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the r...

Page 4: ...Accessing Web Management Interface 29 4 2 Home Page 31 4 2 1 Setup Wizard 32 4 2 2 Quick Links 33 4 2 3 System Overview 34 4 2 4 Main Menu 35 4 2 5 Online Help 36 5 Initial Network Setup 37 5 1 Networ...

Page 5: ...Template 128 9 3 AP Discovery 131 9 3 1 AP Background Discovery 133 9 4 Manually add AP 134 9 5 AP with Service Zone 135 9 6 AP Security 137 9 7 Change managed AP settings 138 9 8 AP Operations from...

Page 6: ...ogin Users 208 13 1 7 Session List 209 13 1 8 User Logs 210 13 1 9 Local User Monthly Network Usage 212 13 1 10 Logs 213 13 1 11 DHCP Lease 214 13 2 Notification 215 13 2 1 SMTP Settings 216 13 2 2 SY...

Page 7: ...ateway Roaming 267 Appendix A Certificate Settings for IE6 and IE7 269 Appendix B Network Configuration on PC User Login 278 Appendix C Policy Priority 291 Appendix D RADIUS Accounting 292 Appendix E...

Page 8: ...ler quickly It is recommended to start with the QIG and then refer to this manual for further details Some special topics are addressed separately in the Appendixes 1 2 Document Conventions Indicates...

Page 9: ...000 6000 10000 15000 On demand Accounts 3000 4000 5000 6000 10000 15000 Managed AP Capacity Local Wide Combined 30 50 150 200 250 500 LevelOne AP Model EAP 110 EAP 200 EAP 300 EAP 110 EAP 200 EAP 300...

Page 10: ...en when power supply is on Status Status LED is Blue Blinking indicates that system OS is booting up when lit up constantly indicates that the system is ready for operation Quick Restore This is used...

Page 11: ...ion reserved for future release 3 LED Displays Power Power LED lights up as constant green when power supply is on Status Status LED is Blue Blinking indicates that system OS is booting up when lit up...

Page 12: ...LED on front panel will start to blink before restarting the system Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will start to speed up blinking befor...

Page 13: ...f LED on front panel will start to blink before restarting the system Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will start to speed up blinking befo...

Page 14: ...The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the configuration console interface to cha...

Page 15: ...use 7 Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the configuration console in...

Page 16: ...ration changes such as WAN settings and admin password then refer to this manual later when you want to configure the system for specific application needs The recommended general steps for the config...

Page 17: ...e other end of the Ethernet cable to an xDSL cable modem or a switch hub of an internal network The LED of this port should be on to indicate a proper connection Connect an Ethernet cable to a LAN Por...

Page 18: ...roper connection 2 4 3 WHG 401 Package Installation Package Checklist The standard package of WHG 401 includes WHG 401 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 RS 232...

Page 19: ...ld be on to indicate a proper connection 3 Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an xDSL cable modem or a switch hub of an intern...

Page 20: ...t the other end of the Ethernet cable to an AP for extending wireless coverage a switch for connecting more wired clients or directly to a client PC The LED of port should be on to indicate a proper c...

Page 21: ...for extending wireless coverage a switch for connecting more wired clients or a client PC The LED of this port should be on to indicate a proper connection Start with this simple network topology to...

Page 22: ...etwork planning and to manipulate the configurations of WHG Controller to suit his own specific application It is sufficient for most of administrators to use the default configuration with minor WAN...

Page 23: ...rvice Zone is uniquely defined by a VLAN tag id under Tag Based and an associated SSID attribute When a managed access point MAP is added to a Service Zone through WHG Controller s AP Management featu...

Page 24: ...ple relationship of Service Zone Group and Policy The following Figure depicts an example using WHG Controller in managing network internet access in an academic campus environment Imagine the network...

Page 25: ...25 WHG Controller in a Business Headquarter WHG Controller in a Hotel Capable of integrating with DSLAM and PMS...

Page 26: ...s control profile of the Service Zone such as authentication security feature wireless encryption method traffic control and etc There are nine Service Zone profiles in total Default Service Zone and...

Page 27: ...Based mode each LAN port will serve traffics from different Service Zones a VLAN switch or VLAN AP is required to take care of the VLAN tags carried within the message frames An example of network ap...

Page 28: ...ng on model For overlay AP deployment WHG Controllers establish a secure tunnel between the managed AP and Controller Certain AP models with additional Ethernet ports can also provide wired network se...

Page 29: ...168 1 254 If you are connected to a Mgmt port WHG 401 WHG 505 WHG 515 please enter the mgmt port IP address 172 30 0 1 Step4 Enter the default administrator account and password admin to login Once lo...

Page 30: ...irst time if WHG Controller is not using a trusted SSL certificate there will be a Certificate Error because the browser treats WHG Controller as an illegal website Please press Continue to this websi...

Page 31: ...31 4 2 Home Page Home page lists four buttons Setup Wizard Quick Links System Overview and Main Menu respectively Each button will be described in detail in the following section...

Page 32: ...change the system admin password select time zone configure WAN1 interface and create local user account optional Upon completing the Setup Wizard procedures the system needs to be restarted to have t...

Page 33: ...tors to directly access frequently used functions of the web management interface The eight functional links are System Status Local User Management Policy Management AP Management Online User List On...

Page 34: ...system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down menu is available for...

Page 35: ...on the Web Management Interface allowing you to set various networking parameters enable and customize network services manage user accounts and monitor user status Administration functions are separa...

Page 36: ...ne Help The Help button is at the upper right corner of the WHG Controller display screen Click Help for the Online Help window and then click the hyperlink of the relevant information required Online...

Page 37: ...which are normally linked up to different routers or modems leading to ISP A gateway needs one WAN port only but if you want dual homing or dual uplink to add reliability and throughput the second WAN...

Page 38: ...The substitute DNS server used by the system This is an optional field Dynamic It is only applicable for the network environment where the DHCP server is available on the upstream network Click the Re...

Page 39: ...Select Static to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically PPTP Server IP Address Specify your ISP s PPTP server IP address Username The use...

Page 40: ...TCP connection over PPPoE will consume additional overhead out of each packet At least 40 bytes are used for the address Hence MSS must be smaller than MTU by at least 40 Dial on demand function unde...

Page 41: ...1 until WAN1 link is up again and vice versa This feature is not available to be used concurrently with Load Balancing WAN Connection Detection The system will periodically check to see if the Interne...

Page 42: ...determined by the number of LAN ports on the Controller Trusted Port When a LAN port is selected clients under this port will not require authentication regardless of the settings in the correspondin...

Page 43: ...tion When enabled network traffic will be isolated by VLAN tag which means that inter VLAN devices are segregated from each other Please note that this check option is not available for WHG 311 and WH...

Page 44: ...sources within the Service Zone will be controlled based on the access control profile of the Service Zone such as authentication security feature wireless encryption method traffic control and etc Th...

Page 45: ...interface and to some degree provide protection from possible attacks from LAN clients DHCP Pool Displays the DHCP pool range configured for this service zone VLAN Tag Tag Base only The VLAN tag numb...

Page 46: ...HG Controller in Port Based mode must be Layer 2 switches only Multi subnet network environment On the other hand if the internal network is a Multi subnets network environment Tag Based model will sa...

Page 47: ...rt Base Only Select Enable Auth Required or Disable When the option is Enabled clients under different LAN ports cannot ping each other When the option is Disabled clients under different LAN ports ca...

Page 48: ...address and select the preferred Subnet Mask Operation mode check the Enable box and click Apply button to activate the settings DHCP Server From the drop down menu DHCP server for this particular se...

Page 49: ...at if WINS server is applicable to this service zone Lease Time This is the time period that the IP addresses issued from the DHCP server are valid and available Ignore Client Name When enabled the sy...

Page 50: ...tection When Enabled whenever the Service Zone s built in DHCP server receives a DHCP request it will automatically bind the MAC address with an IP address permanently This means that once all the IP...

Page 51: ...t from a WISPr agent iPass WiFi Skype Boingo and etc to access your internet Make sure to Enable the HTTPS Protected Login field under System General in order for roaming software on the client s devi...

Page 52: ...External Interface Select the external interface of the device that will be configured with an IPv6 address Type Choose the desired way of your IPv6 connection Static Manually enter all the related I...

Page 53: ...mask Default Router The default router that routes packets from IPv6 to IPv4 network Preferred DNS Server The primary DNS server used for this connection Alternate DNS Server The substitute DNS serve...

Page 54: ...ccounts for instance employee accounts while On demand database is ideal for generating temporary accounts for guest usage External User Database System supports 4 types of external user databases POP...

Page 55: ...tim TaipeiRadius when multiple options are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if...

Page 56: ...postfix for on demand users Currency Select the desired monetary unit or specify other unit in the input field Group Name Select the desired group for on demand user WLAN ESSID The administrator can...

Page 57: ...ount expires it will remain on the ondemand account list for a certain amount of time The number of days to retain an expired ondemand account can be specified here Delete All Expired Accounts A click...

Page 58: ...l information that will appear at the bottom of the receipt Preview Click Preview button the ticket will be shown including the information of username and password with the selected background Print...

Page 59: ...a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only deducts quota while using however the count down to Expiration T...

Page 60: ...ota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after r...

Page 61: ...61...

Page 62: ...ample Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to us...

Page 63: ...Mbytes 1 1000000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period...

Page 64: ...g internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time Elapsed...

Page 65: ...te ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for us...

Page 66: ...h as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be act...

Page 67: ...67...

Page 68: ...for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The four options are Author...

Page 69: ...y the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer Plan The number of the specific plan Account Type The account type ch...

Page 70: ...ed and related information is also provided Search Enter a keyword of a username or reference to be searched in the text filed and click this button to perform the search All usernames or reference ma...

Page 71: ...lid any more even there is remaining quota to be used o Out of Quota the account has exceeded the quota limit o Redeemed the account has been applied for account renewal Delete All This will delete al...

Page 72: ...f account Time account must redeem with Time account Volume account must redeem with Volume account only When the remaining quota is insufficient the user can add up the quota by purchasing an additio...

Page 73: ...d and applied here it tells the Controller that the accounts on the selected black list should be denied authentication Group The Group profile that will govern the users authenticated via this authen...

Page 74: ...74 Item Description External RADIUS Server Related Settings 802 1X Authentication Enable Disable 802 1X authentications for users authenticating through this...

Page 75: ...external RADIUS server if the external RADIUS server needs this Accounting Delay Time This attribute indicates how many seconds the client has been trying to send this record for and can be subtracted...

Page 76: ...tributes associated with a session This is possible through RADIUS DM CoA messages Administrator can specify the white list of devices that the Controller deem as authentic message source Devices conf...

Page 77: ...t if not present the following attributes will be required Redirection URL URL of Start page Billing Class Of Service Text string used to indicate service used for the visitor access Session Terminate...

Page 78: ...Name Configurable text string designated as the mnemonic name of this authentication option Postfix Is the text string entered as a postfix in the account field for notifying the Controller which aut...

Page 79: ...ord MAC Address optional Applied Group optional Enable Local VPN optional and Remark optional Click Apply to complete the modification Add User Click this button to enter into the Adding User s to the...

Page 80: ...database that will be used for account validation when an authentication request is received Click the button Configure for further configuration Enter the information for the primary server and or th...

Page 81: ...the text string entered as a postfix in the account field for notifying the Controller which authentication database this account belongs to Black List System has built in black list profiles where sp...

Page 82: ...e of this authentication option Postfix Is the text string entered as a postfix in the account field for notifying the Controller which authentication database this account belongs to Black List Syste...

Page 83: ...ransparent login mode however it requires support from Windows Server need to install additional logon script on Windows Server 6 1 7 Configuring SIP SIP Session Initiation Protocol is a protocol for...

Page 84: ...gure Dynamic Domain Name Service go to Users Authentication SIP SIP SIP authentication supports 4 Trusted SIP Registrar IP Address The IP address of the Trusted SIP Registrar Remark The administrator...

Page 85: ...eed for authentication for that Service Zone Go to Main Menu System Service Zones Disabling the need to authenticate means that all users accessing the network via this Service Zone will not need to b...

Page 86: ...users of this service zone will be disconnected and request to re authenticate Once you have enabled the need to authenticate for a Service Zone which types of authentication servers allowed can be co...

Page 87: ...users belonging to a certain Group profile may be allowed to access many Service Zones and be govern by different policies under different Service Zone depending on how the network administrator setup...

Page 88: ...figure Group settings go to Users Group This section shows how to group users how to rule each grouped user with different policy as he moves to different service zone The following examples will help...

Page 89: ...each authentication option you can assign a Group with each authentication option All users login with same authentication server will belong to same Group But there are some exceptions In Local Auth...

Page 90: ...le the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1 Policy Select a Policy that the Group will be app...

Page 91: ...91 At Service Zone 1 Group 1 user is ruled by Policy 3 Group 2 is by Policy 9 and Group 3 is by Policy 11 Other Groups are not enabled to access Service Zone 1...

Page 92: ...led of each individual Group to assign it to the Service Zone listed o Policy Select a Policy that the Group will be applied with when accessing this Service Zone o To Zone Permission Configuration Cl...

Page 93: ...nging to this Group The Individual Maximum Downlink cannot exceed the value of Group Total Downlink o Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an indiv...

Page 94: ...ror because the browser treats WHG Controller as an illegal website b Please press Continue to this website to continue c The default user login page will appear in the browser 2 Enter the username an...

Page 95: ...ing quota 3 Successful The Login Successful page appearing means you are connected to the network and Internet now Note When On demand accounts are used the system will display more information as sho...

Page 96: ...adius when multiple options are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if BostonLdap...

Page 97: ...hentication database is LDAP the Attribute Group Mapping function will be available to allow the administrator to assign a Group for LDAP attribute therefore a Policy applied to this Group will be map...

Page 98: ...rofile Specific Route Profile Schedule Profile and Maximum Concurrent Sessions Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules Speci...

Page 99: ...affics from the internal network passing WAN ports DoS Protection allows the administrator to select which type of attack to block by clicking the Enable checkbox Firewall Profile Policy 1 Policy 2 an...

Page 100: ...or just use the Predefined Service Protocols you will need to enable the Firewall Rule to apply these protocols o Firewall Rules Click the number of Filter Rule No to edit individual rules and click...

Page 101: ...rted but Domain name filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific...

Page 102: ...ules Output Global Policy Only This configuration page is for administrators to configure firewall rules which will be enforced from the systems perspective to filter outgoing traffics passing through...

Page 103: ...103...

Page 104: ...ed and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway...

Page 105: ...configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save t...

Page 106: ...ted port privileged users and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users When the number of a user s sessions reaches the session limit t...

Page 107: ...ly the MAC addresses listed are allowed to access this service zone wirelessly Denied means that the MAC addresses listed are not allowed to access this service zone wirelessly Each MAC entry can also...

Page 108: ...server Click Add User s button to fill in usernames postfix not required When enforced on an authentication server accounts in the black list will be denied authentication and network access Privileg...

Page 109: ...nting privileges to just IP addresses administrator could also specify IP and MAC address sets in this Privilege IP Address List It is more secure to specify both the IP and MAC address of a privilege...

Page 110: ...s Controller allows specific privilege MAC addresses at most When manually creating the list enter the MAC address the format is xx xx xx xx xx xx as well as the remark not necessary These settings wi...

Page 111: ...peration Session Log The system can record connection details of each user accessing the Internet called session log The log data can be sent out to a specified SYSLOG Server Email Box or FTP Server b...

Page 112: ...MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80 Jul 20 12 35 06 2009 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 Jul 20...

Page 113: ...HTTP Secure by means of Secure Socket Layer SSL or Transport Layer Security TLS encrypts and decrypts user page requests as well as the pages that are returned by the Web server This function will pr...

Page 114: ...domain name Configure Certificate go to Users Additional Control Certificate Upload Certificate A data record used for authenticating network entities such as a server or a client A certificate conta...

Page 115: ...115 Click Continue to this website to access the user login page To Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes...

Page 116: ...websites listed here before login and authentication Specific addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to e...

Page 117: ...ent websites listed before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Edit...

Page 118: ...118...

Page 119: ...ce Zones When enabled the system will automatically send an email to users if they attempt to send receive their emails using POP3 email program for example Microsoft Outlook before they are authentic...

Page 120: ...user logged in successfully user s web browser will be redirected to the specified URL as set in the test box such as http www google com regardless of the original homepage set in their computers Wh...

Page 121: ...e Idle Timer go to Users Additional Control If a user has idled with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and the de...

Page 122: ...tiple Login Configure Idle Timer go to Users Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS a...

Page 123: ...lege go to Users Group Privilege Privilege Profile o Change Password Privilege When Change Password Privilege is enabled the authenticated users within this Group are allowed to change their password...

Page 124: ...ection presents basic examples for configuring the proxy server settings of WHG CONTROLLER Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment o...

Page 125: ...g diagram shows that a proxy server of an organization in the DMZ will be used Follow the following steps to complete the proxy configuration Step 1 Log in the system by using the admin account Step 2...

Page 126: ...126 9 Local Area AP Management All of the supported APs under management of the system will be shown in this table and listed by different AP type...

Page 127: ...eeds more than one AP to service a lot of clients places like franchised hotspots multiple offices school campuses etc where in many of these environments it is required to cover both indoor and outdo...

Page 128: ...igured AP to the template Select the desired AP from Copy Setting s From list and click apply to copy the selected AP s configuration to the template If copy is not desired please select NONE then cli...

Page 129: ...are editing there are different modes to select 802 11a 802 11b 802 11g 802 11a 802 11n 802 11b 802 11g and 802 11g 802 11n Data Rate The default is set to Auto Available range is from 1 to 54Mbps Th...

Page 130: ...essed with higher priority Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet Set the maximum packet si...

Page 131: ...dresses of the APs he she wishes to discover Or the alternative is to reset the AP to default setting for discovery To discover AP AP Type Choose the type of AP you wish to discover Interface Select w...

Page 132: ...AP Name Mnemonic name of the specific AP configurable Admin Password Password required for this AP configurable Template Administrator can select a template profile which will be applied to the added...

Page 133: ...covery When Background AP Discovery function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Adding AP to the L...

Page 134: ...of the AP and select a Template After clicking Add the AP will be added to the managed list AP Type The model type of the AP for adding to the List AP Name Mnemonic name of the specific AP Admin Pass...

Page 135: ...ly discovered AP is added into the service zone Under tag based service zone only default service zone will designate an IP segment for IP address assignment to the managed AP when the newly discovere...

Page 136: ...listed in this list can be allowed to connect to the AP on the other hand when the status is Denied the clients whose MAC addresses are listed in the list will be denied to connect to the AP When Disa...

Page 137: ...tion WEP When Authentication is Open System or Share Key WEP will be enabled WPA When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK it also can select Passphrase o...

Page 138: ...shown in the list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be reviewed by clicking the hyperlink of Status AP Name Click AP Name and enter the interface about r...

Page 139: ...nk to enter the LAN Setting interface Administrator can revise the AP s LAN IP settings including IP address Subnet Mask and Default Gateway of AP Wireless LAN Click the link to enter the Wireless int...

Page 140: ...ame AP Type LAN Interface MAC address Wireless Interface MAC address Report Time SSID and Number of Associated Clients AP Status Details include System Status LAN Status Wireless LAN Status Associated...

Page 141: ...Points Enter Local Area AP Management List 9 8 1 Reboot Enable Disable and Delete the AP Select any AP by checking the checkbox and then click the button below to Reboot Enable Disable Delete Apply Te...

Page 142: ...142 9 8 2 Apply Template Select any AP by check the checkbox and then click Apply Template select one template to apply to the AP...

Page 143: ...will have two VAPs with two SSIDs according to two Service Zones for clients to associate If a user connected to one SSID for example SSID3 of this AP and wishing to access the Internet then this use...

Page 144: ...k Browse to select the file and then click Upload Configure Firmware upgrade go to Access Points Enter Local Area AP Management Upgrade List The uploaded firmware will be listed here File Name The nam...

Page 145: ...associated WDS Tree WDS Update Update the WDS connection with the following operations Add Add a new WDS connection with a Child AP not in the WDS and a Parent AP from the AP List A new WDS Tree will...

Page 146: ...el Encryption and found time 1 Setup the Detection Interval Configure Detection Interval go to Access Points Rogue AP Detection General Configuration Input a Detection Interval if you input 0 it will...

Page 147: ...managed AP to the Trust List Configure Trust AP List go to Access Points Rogue AP Detection Trusted AP Configuration After the AP detection is finished All of the non managed AP will show in the List...

Page 148: ...ances other APs in the same group are still below the threshold the balancing function will be activated to decrease the overloading APs transmit power and increase other available APs transmit power...

Page 149: ...ancing function 2 Configure the Loading of Threshold of each Group Configure Group Configuration go to Access Points AP Load Balancing Group Configuration You can choose the Loading Threshold of each...

Page 150: ...o any of the Load Balancing Group so the Device List will list all of the managed AP Select the APs chose a Group and click Apply The APs will join into this group If the overloading is happened you c...

Page 151: ...s at various physical locations and keeping track of these devices Under Wide Area AP management you can choose to simply monitor AP s status via SNMP or logically incorporate LevelOne APs into the WH...

Page 152: ...specified range will not be listed after discovery Login ID Password Fill in the Login ID and Password of the target AP s management interface this will allow the administrator to remotely configure t...

Page 153: ...s Point to the management list Simply configure the devices IP address name and login credentials set a SNMP community string and click the Add button Device Type The device type of Wide Area APs Devi...

Page 154: ...t this AP is only being monitored via SNMP If you wish to create a tunnel between this AP and the WHG Controller click the Edit button to proceed with necessary configurations In the AP s tunnel confi...

Page 155: ...ministrator can click Edit and re enter the Tunnel Status page to assign a Service Zone to this tunnel managed AP VAP status will display all the enabled VAP on the remote EAP 200 with their respectiv...

Page 156: ...lists to List icon Check and Manage List of third Party AP go to Access Points Enter Wide Area AP Management List Manage this third party AP from the Type Lists Edit its AP Attribute and Administrati...

Page 157: ...then these APs can be tagged or marked on the Google Map API to show its geographical location as shown below Procedure to create a Map Step 1 Get a Public IP Address from your ISP and configure this...

Page 158: ...get a key from Google Go to http code google com intl en apis maps documentation javascript v2 or search for Google Map API to enter the Google code page Click on Sign up for a Google Maps API key Cli...

Page 159: ...ll open for configuration please fill in a Map Name for this map and its geographical location as defined by Longitude and Latitude remember to also fill in the Key issued by Google Finally choose the...

Page 160: ...is particular AP Link 1 Link 3 is for configuring a http link that will show up in the dialogue box on the map for referencing additional information related to this AP for instance the IP address of...

Page 161: ...e physical coordinates configured as shown below You can click on the AP icon to see the dialogue box for additional information or links that you have configured Click the more info link for informat...

Page 162: ...162 AP status Client List and WDS List information listed are collected from the remote AP via SNMP...

Page 163: ...ve Modification This function is for saving the changes made to the map and overwriting the maps profile attributes For instance if you have altered or panned the original map clicking this button wil...

Page 164: ...e related links and customize marker or icon images that will be displayed on the map Edit Tunnel Status Only applicable to EAP 200 APs Click this button to setup a secure tunnel between the WHG Contr...

Page 165: ...ministrator PC or in the WHG Controller s memory Upgrade Clicking this button will open a popup window where administrator can upgrade the chosen AP s firmware using a firmware file store locally in a...

Page 166: ...ea AP Management go to Access Points Enter Wide Area AP Management WDS List The WDS link if established between APs listed in List will be listed here with related information such as the Band and Cha...

Page 167: ...ea AP Management Backup Config Backed up Config files can be used to restore an AP s settings in List When administrator backups an AP s configuration settings all the backup files are listed at the B...

Page 168: ...nt Firmware The WHG Controller can store AP s firmware in its built in memory Under the Firmware tab page administrator can upload new AP firmware to the WHG Controller s memory allowing for easy remo...

Page 169: ...file selected here Template This configuration item allows the administrator to specify which of the VAP profiles on the AP are allowed DTF Distributed Traffic Forwarding once it is discovered and man...

Page 170: ...if WAN1 Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN1 interface Each Static Assignment could...

Page 171: ...ese servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local...

Page 172: ...be performed through WHG CONTROLLER IP PNP When IP PNP is enabled a PC with a static IP address can still access the network even the system enables built in DHCP server No TCP IP reconfiguration is n...

Page 173: ...Network DNS Cache The administrator could statically assign Domain Name to IP mappings for all clients connected to the WHG Controller s LAN network This feature can be used to redirect clients to pr...

Page 174: ...WHG Controller s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply...

Page 175: ...irection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP A...

Page 176: ...kets both uses broadcast and multicast AUTH AUTH Allows the authenticating of RIP neighbors The authentication method none means that no authentication is used for RIP and it is the default method The...

Page 177: ...been administratively grouped together Area 0 known as the backbone area resides at the top level of the hierarchy and provides connectivity to the non backbone areas numbered 1 2 Stub Area Are areas...

Page 178: ...ntity Title NET The NET is used just like an IP address to uniquely identify a router on the inter network Circuit Type Level 1 systems route within an area when the destination is outside an area the...

Page 179: ...neral 12 1 1 NTP NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least o...

Page 180: ...180 12 1 2 Manual Settings The time can also be manually configured by selecting Manually set up and then entering the date and time in these fields...

Page 181: ...r is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 1...

Page 182: ...rator s computer or a billing system to get billing history information of WHG CONTROLLER with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History...

Page 183: ...183 12 4 SNMP Configure SNMP go to System General If this function is enabled the SNMP Management IP and the Community can be assigned to access the SNMP Configuration List of the system...

Page 184: ...profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user a...

Page 185: ...tem Settings Click Backup to create a db database backup file and save it on disk Restore System Settings Click Browse to search for a db database backup file created by WHG CONTROLLER and click Resto...

Page 186: ...wards to activate the new firmware FTP firmware upgrade is also an option enter the FTP server IP address FTP server port and the FTP account name and password and lastly specify the complete firmware...

Page 187: ...ely three minutes Click YES to restart WHG CONTROLLER click NO to go back to the previous screen If the power needs to be turned off it is highly recommended to restart WHG CONTROLLER first and then t...

Page 188: ...188 12 9 Network Utility Configure Network Utility go to Utilities Network Utilities The system provides some network utilities to help administrators manage the network easily...

Page 189: ...ng It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not Trace Route 6 It allows administrator to find out the real path of packets from the ga...

Page 190: ...hat it manages in its private network Administrator can sign certificates issues by the system s root CA and load these certificates to managed APs These APs will be used in verifying the identity and...

Page 191: ...ertificates generated by the system The created root CA will be displayed in the table below Signing Certificates with System Root CA When a root CA has been created the Create Root CA option in the d...

Page 192: ...cate or Trusted CA Apart from self signed certificate and system s root CA administrators can also upload other certificates signed by other CA entities or Trusted CAs into the system Select Upload Ce...

Page 193: ...r account it does not have the permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the co...

Page 194: ...pplied to this operator account each Group profile can specify which SZ this account can access and the Maps that this operator can access Administrator can enter the desired user account name and pas...

Page 195: ...longs to this Group This feature allows the administrator to create multi level privilege accounts with flexibility to meet the deployment and management needs When an operator logs into the system wi...

Page 196: ...the setting Monitoring 3 rd Party AP go to Network Monitor IP If you are using 3 rd party AP you can use Monitor IP function to monitor the AP connection status Because WHG CONTROLLER can not manage...

Page 197: ...oxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of WHG CONTROLLER is connected properly the co...

Page 198: ...administrator is unable to use Web Management Interface via browser for the system failed inexplicitly The administrator can choose this utility and set it into safe mode which enables him to manage t...

Page 199: ...nsole management interface and set the administrator s password again Although it does not require a username and password for the connection via the serial port the same management interface can be a...

Page 200: ...ts 13 1 View the Status This section includes System Status Interface Status Hardware Routing Table Online Users Session List User Logs Logs DHCP Lease and E mail Syslog to provide system status infor...

Page 201: ...201 13 1 1 System Status View System Status go to Status System This section provides an overview of the system for the administrator...

Page 202: ...s are allowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function currently being used or not Load Balancing Enabled Disabled stands for the function currently being...

Page 203: ...203 13 1 2 Interface Status View Interface Status go to Status Interface This section provides an overview of the interface for the administrator including WAN1 WAN2 SZ Default SZ1 SZ8...

Page 204: ...e day Displays traffic information of the day in a table Traffic of the month Displays traffic information of the in a table Traffic of the top 10 Shows the top 10 traffic of the day records Service Z...

Page 205: ...205 13 1 3 HW View Hardware Status go to Status HW This tab page displays the system s hardware usage information...

Page 206: ...Policy 1 n Shows the information of the individual Policy from 1 to n Global Policy Shows the information of the Global Policy System Shows the information of the system administration Destination Th...

Page 207: ...user account name IP Address The IP address of this user MAC Address The MAC address of this user Pkts In Out Number of packets received sent by this user Bytes In Out Number of Bytes received sent by...

Page 208: ...address from the system s DHCP server but have not yet been authenticated This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the client...

Page 209: ...ist This page allows the administrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may defin...

Page 210: ...for limited time frame please manually copy and save the traffic history information for backup purpose If the Receiver E mail Address es has been entered under the Notification Configuration page th...

Page 211: ...sisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In User Log As shown in the following fi...

Page 212: ...System Name Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the use...

Page 213: ...make back up manually System Log This page displays system related logs for event tracing Web Log This page shows which of the web pages have been accessed on the Controllers built in web server UAMD...

Page 214: ...the number under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days...

Page 215: ...to SYSLOG Settings Allows the configuration of two external SYSLOG servers where selected users logs as well as system logs will be sent to FTP Settings Allows the configuration of an external FTP Ser...

Page 216: ...Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMv1 is not currently available for g...

Page 217: ...ddress and port number of the external SYSLOG server System Log This controls the enabling disabling of the SYSLOG logging feature When enabled the selected logs from Notification Settings will be sen...

Page 218: ...on Specify the IP address and port number of your FTP server If your FTP needs authentication enter the Username and Password The Send Test Log radio button can be used to send a test log for testing...

Page 219: ...sen time Interval Sending Logs to E mail The following log types can be sent to E mail addresses configured in SMTP Settings Monitor IP Report Users Log On demand Users Log Session Log The numbers 1 t...

Page 220: ...ers Log On demand Users Log Session Log Hardware Log HTTP Web Log and DHCP Server Log Click the desired log type and select the time interval for sending log Detail Clicking this radio button allows t...

Page 221: ...Report Click the desired log type and select the time interval for sending log Detail Clicking this radio button allows the specification of the FTP server folder where the logs sent will be stored on...

Page 222: ...It can show the total DHCP Lease number of all Service Zone and each Service Zone Item Select the type of report you wish to see Available report types are CPU Loading CPU Temperature Memory Usage Net...

Page 223: ...ion difficulty from IPSec VPN users At the client side the IPSec VPN implementation of the system is based on ActiveX and the built in IPSec VPN client of Windows OS ActiveX Component The ActiveX is a...

Page 224: ...ICMP Ping and PORT command of FTP can not work in Windows XP SP2 The forced termination through CTRL ALT DEL Task Manager of the Internet Explorer will stop the running of ActiveX It causes that IPSec...

Page 225: ...ent computer Once Windows service is resumed go through the login process again 2 Termination of the Internet Explorer Task from Windows Task Manager Do NOT terminate this VPN task of Internet Explore...

Page 226: ...top 2 How to remove ActiveX component in client s computer ANS Uninstall and delete ActiveX component Close all Internet Explorer windows Open a command prompt window and type the commands as follows...

Page 227: ...re look like the settings in Service Zone It also can setup the SIP WAN Interface Authentication Options Group Permission Applied Policy and customizable Login Page After Remote VPN is enabled when yo...

Page 228: ...tunnel to each other over the WAN network For example if there are 2 WHG CONTROLLER you can create a VPN tunnel to let a subnet of one WHG CONTROLLER to access the subnet of another WHG CONTROLLER Fir...

Page 229: ...68 111 0 24 of WHG CONTROLLER_B after the tunnel is created the users within these two subnets can reach each other You can create more than one VPN tunnel but the IP segment mapping can not be overla...

Page 230: ...logout pages for each service zone that can be customized by administrators Go to System Configuration Service Zone Configure Authentication Settings Custom Pages Click the button of Configure the se...

Page 231: ...nated website After finishing the setting click Preview to see the login page Custom Pages Login Page Default Page Choose Default Page to use the default login page Custom Pages Login Page Template Pa...

Page 232: ...232 Custom Pages Login Page Uploaded Page Choose Uploaded Page and upload a login page to the built in HTTP server...

Page 233: ...tton to select the file to upload Then click Submit to complete the upload process Next enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page...

Page 234: ...nated website In the External Page Setting enter the URL of the external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button at th...

Page 235: ...instructions for more details Note The different part is the HTML code of the user defined logout interface must include the following HTML code that the user can enter the username and password After...

Page 236: ...l login page configured Gateway while redirecting users to the external web page will also send URL parameters required for the operation for instance user authentication Therefore each self defined e...

Page 237: ...o get remaining quota vlanid Integer 1 4094 VLAN ID gwip IP format Gateway activated WAN IP address client_ip IP format Client IP address umac MAC format separated by Client MAC address session String...

Page 238: ...clear type button value Clear FORM The following shows the corresponding self defined javascript function used to parse the loginurl parameter function getVarFromURL url name if name url return name n...

Page 239: ...ession String Encrypted session information include client IP address MAC address date and return URL External Login Successful Page Variables Field Value Description Uid String User ID postfix is inc...

Page 240: ...n link rate Req_uplink Integer b s Minimum up link rate Req_downlink Integer b s Minimum down link rate next_page String Client redirection URL CLASS String RADUIS CLASS attribute Only available for R...

Page 241: ...g or open a website to get a Cookie Invalid IP address Please check the IP address and try again Invalid MAC address Please check the MAC address and try again Sorry your account is not usable because...

Page 242: ...nd password and try again Cannot identify the policy for your account BR Please contact your network administrator User of this device the MAC address is not allowed to use this account BR Please cont...

Page 243: ...er s quota of time type byteamount Integer byte On demand user s quota of volume type idletimeout Integer Sec Idle timeout logouturl String URL encoded Logout URL redeemurl String URL encoded Redeem U...

Page 244: ...244 External Logout Fail Page Variables Field Value Description Uid String User ID Gwip IP format Gateway activated WAN IP address Vlanid Integer 1 4094 VLAN ID...

Page 245: ...sword session Optional String Encoded string which contains some information of this session default is taken from cookie Output No output redirect user to login successful page User Logout Path LAN I...

Page 246: ...no ret_url is presented client would be redirected to pop_reminder shtml page which shows remaining quota in our UI style If ret_url is presented client would be redirected to ret_url and gateway wou...

Page 247: ...pw Required String Old password Npw Required String New password Npwc Required String Confirmed new password ret_url Required String URL encoded Return URL Output Client would be redirected to ret_url...

Page 248: ...o ret_url is presented client would be redirected to login successful page and in addition a JavaScript window would pop up and show the result If ret_url is presented client would be redirected to re...

Page 249: ...r this number is to prevent quick click issue in IE 6 0 ret_url Optional String URL encoded Return URL Output If no ret_url is presented the client would be redirected to a ticket page in our UI style...

Page 250: ...250 price duration serial number number is account s n...

Page 251: ...ngs System General Disclaimer Page Go to System Service Zone Service Zone Configuration Disclaimer Page Disclaimer Pages Login Page The administrator can use the default disclaimer page or get the cus...

Page 252: ...252...

Page 253: ...sed by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from ac...

Page 254: ...igured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed o Client s Purchasing Record o Starting Invoice Number An invoice number may be provided...

Page 255: ...ormat of MMYY For example an expiration date of July September 2009 should be entered as 0709 o Card Type This value indicates the level of match between the Card Code entered on a transaction and the...

Page 256: ...address of a transaction This may be entered as either a two character abbreviation or the full text name of the state o Zip The ZIP code represents the five or nine digit postal code associated with...

Page 257: ...Pal account to continue PayPal Payment Page Configuration External Payment Gateway PayPal Payment Page Configuration Business Account The Login ID an email address that is associated with the PayPal B...

Page 258: ...ent Page Remark Content Client s Purchasing Record Invoice Number An invoice number may be provided as additional information against a transaction This is a reference field that may contain any kind...

Page 259: ...ave a valid SecurePay Merchant Account from its official website Payment Page Configuration Merchant ID The ID that is associated with the Business Account Password This is the key used by Secure Pay...

Page 260: ...tandard payment gateway services as well as add or edit the service disclaimer content here SecurePay Payment Page Billing Configuration These 10 plans are the plans in Billing Configuration and the d...

Page 261: ...The default website of posting all transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payme...

Page 262: ...to the Merchant Interface Login url www rbsworldpay com support index php page login c WW Select Business Gateway Formerly WorldPay Click Merchant Interface Username user2009 Password user2009 STEP Se...

Page 263: ...lect the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway UI Installation ID 2009test URL https select wp3 rbsworldpay com wcc purchase Note The WAN IP of gateway must...

Page 264: ...to select the text file for uploading user accounts then click Upload to complete the upload process When uploading a file any format error or duplicated username will terminate the uploading process...

Page 265: ...tion to create a txt file with all current user account information and then save it on disk Restore Accounts After the current user accounts have backup you can restore all these accounts to another...

Page 266: ...l be available to define the authorized device with IP address Subnet Mask and Secret Key Click the hyperlink Roaming Out 802 1x Client Device Settings to enter the Roaming Out 802 1x Client Device Se...

Page 267: ...at are connected to the Master node Master AP their users can only roam with the Master node Master Node Master node can roam with many slave nodes Contains 15 entries where network administrator can...

Page 268: ...268...

Page 269: ...lished certificate authority To avoid the error message in the browser a company should have its own Certificate Authority CA The IT department must therefore install the SSL certificate for each norm...

Page 270: ...e to the WHG CONTROLLER In some circumstance the company without Certificate Authority may follow the steps stated below to avoid error message When in the LAN environment of the office instead of a w...

Page 271: ...IE7 the following steps may be taken to provide a workaround or to bypass the issue 1 Open the IE7 browser and you will be redirected to the default login page If the certificate is not trusted the f...

Page 272: ...trusted certificate to solve the IE7 certificate issue please follow the instructions stated below 1 When the User Login page appears click Certificate Error at the top 2 Click View Certificate 3 Clic...

Page 273: ...273 4 Select root certification and then click View Certificate 5 Click Install Certificate...

Page 274: ...274 6 Click Next 7 Select Automatically select the certificate store based on the type of certificate and then click Next...

Page 275: ...275 8 Click Finish...

Page 276: ...276 9 Click Yes 10 Click OK 11 Launch a new IE7 browser The certificate is now trusted via IE7 according to the key symbol shown at top next to the address field...

Page 277: ...the following information provides the step to take when the certificate publisher is not trusted by IE6 1 Open an IE6 browser the Security Alert message will be appeared if the certificate is not tru...

Page 278: ...PC After WHG CONTROLLER is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup Internet Connection Setup Windows 9x 2000 1 Choose Start C...

Page 279: ...nually or I want to connect through a local Area network LAN and then click Next 4 Choose I connect through a local area network LAN and then click Next 5 DO NOT choose any option in the following LAN...

Page 280: ...280 6 Choose No and then click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP 1 Choose Start Control Panel Internet Option...

Page 281: ...281 2 Choose the Connections tab and then click Setup 3 When the Welcome to the New Connection Wizard window appears click Next 4 Choose Connect to the Internet and then click Next...

Page 282: ...Set up my connection manually and then click Next 6 Choose Connect using a broadband connection that is always on and then click Next 7 Finally click Finish to exit the Connection Wizard Now the setup...

Page 283: ...PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If che...

Page 284: ...fic IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the...

Page 285: ...and click Add Then click OK 4 3 Click on DNS Configuration tab If the DNS Server field is empty select Enable DNS and enter DNS Server address Click Add and then click OK to complete the configuratio...

Page 286: ...IP and then click Properties Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and then click OK This is also the...

Page 287: ...ely please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty selec...

Page 288: ...o the IP Settings tab click OK to complete the configuration Check the TCP IP Setup of Window XP 1 Select Start Control Panel Network Connection 2 Right click on the Local Area Connection icon and sel...

Page 289: ...following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG CONTROLLER If your PC has been set up comple...

Page 290: ...Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of WHG CONTROLLER in the Gateway field and then click Add After back to the IP Set...

Page 291: ...p2 If Group1 in Service Zone1 can be applied Policy1 Then user01 login to Service Zone1 will get Policy1 This is a common case for users that can assign Group individually o For Local RADIUS and LDAP...

Page 292: ...in this example the Vendor ID of LevelOne is 31932 There must have other attribute to define the amount of traffic with Attribute Number and Attribute Value Attribute Name Attribute Number Attribute V...

Page 293: ...or remotely from other PC Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADIUS Server Assume there are...

Page 294: ...te Add a new Vendor specific attribute Step 4 Add a new attribute under Vendor specific Set Vendor Code 31932 Set it conforms to the RADIUS RFC Configure Attribute Set Vendor assigned attribute number...

Page 295: ...295 Step 5 Confirm the Vendor specific Attribute has been added success Step 6 Follow the same steps to create other Vendor specific Attribute as you need...

Page 296: ...S server for example use Putty to access the Linux Host Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RA...

Page 297: ...tated in Section 2 with same format Step 5 Edit the file dictionary under the folder freeradius Step 6 Include dictionary LevelOne in the dictionary of RADIUS server Insert it in an incremental positi...

Page 298: ...298 Step 8 Insert VSA into RADIUS respond In this example the maximum download and upload in bytes for group03 users is 1MBytes Step 9 Restart RADIUS to get your settings activated...

Page 299: ...rovides seamless integration between the gateway and the popular High Speed Internet Access HSIA hardware and Front Office System FOS software Each Port Location Mapping entry can be configured to pro...

Page 300: ...et in this room without any charge If you do not want to provide any internet access right in the rooms you may change the Port type of the rooms to Block If the user opens a browser and tries to acce...

Page 301: ...teway to provide Port Location Mapping Service Port Type The default state of the rooms it may be Free Block Single User Multiple User Service Zone The service zone profile used to provide internet se...

Page 302: ...is room The VLAN Tags configured in Port Location Mapping must not conflict with any of the VLAN Tags that has been assigned to each Service Zone When you have finished creating Port Location Mapping...

Page 303: ...the PMS Middleware connection is finished in the Access WHG Controller side In the PMS Middleware Net Retriever side it has to know the IP address of Access WHG Controller Secret Key AC ID and MD ID c...

Page 304: ...rk and completing all the Port Location Mapping settings you should verify whether the configurations are working properly According to the Port Type set when a user tries to access the internet from...

Page 305: ...you can click the here link to login with the user account that you possess When a user tries to access internet from a Multiple User room the browser will show the Login page without billing plans op...

Page 306: ...ied Service Zone s Custom Pages settings When a user tries to access internet from a Block room the browser will show service unavailable page 6 View the Event Login After the user select a billing pl...

Page 307: ...307 P N VWHG50020110601...

Reviews:

No comments