background image

A

CCESS

 G

ATEWAY

172

System Administration

The tunnel server in this case is configured to authenticate users via another RADIUS server 
that handles a single realm. Since it handles a single realm, no realm information is needed for 
users and so must be stripped. In this case, it is stripped by the NSE, but it could easily have 
been stripped by the tunnel server, or by the tunnel server’s RADIUS server. This is by design 
and for maximum flexibility.

Also note that the “Local hostname” field is blank which means that the NSE’s default local 
hostname of “usg_lac” will be used by the NSE. This allows for setting the local hostname to 
any desired value other than the default. The L2TP peers exchange their local hostnames 
during tunnel negotiation.

1.

To add a RADIUS Service Profile, click on the appropriate 

Add

 button on the 

Realm-

Based Routing Settings

 screen.

The 

Add Realm Routing Policy 

screen appears:

2.

To make this entry the “active” entry, click on the 

Entry Active

 check box.

3.

To define a specific realm, choose the 

Specific Realm

 option and enter the destination in 

the 

Realm Name

 field. Alternatively, you can choose the 

Wildcard match

 option, then 

define your search options:

Prefix match only

Suffix match only

Match either

4.

Select the required 

RADIUS Service Profile

 from the pull-down menu.

5.

Click on the 

Strip off routing information

 check box if you want to remove the routing 

information.

6.

Click on the 

Add

 button to add this Realm Routing Policy.

7.

When you have completed the definition of your Realm Routing Policy, you can return to 
the previous screen (Realm-Based Routing Settings) by clicking on the 

Back to Main 

Realm-Based Routing Settings page

 link.

The screen below shows a realm routing policy that handles prefix-based usernames using 
a RADIUS service profile. Notice that “Specific Realm” is clicked and the “Realm name” 
is “cisp”. Also notice that “Prefix match only” is clicked and that the delimiter is “/”. This 
means that this realm routing policy will match usernames that are of the format “cisp/
username”.

Summary of Contents for Access Gateway

Page 1: ......

Page 2: ...re Inc All Rights Reserved Livingston Enterprises Inc Copyright 1992 Livingston Enterprises Inc All Rights Reserved The Regents of the University of Michigan and Merit Network Inc Copyright 1992 1995 All Rights Reserved and includes source code covered by the Mozilla Public License Version 1 0 and OpenSSL This User Guide is protected by U S copyright laws You may not transmit copy modify or transl...

Page 3: ... Please see the Nomadix website for a list of US and foreign patents covering this product release Disclaimer Nomadix Inc makes no warranty either express or implied including but not limited to any implied warranties of merchantability and fitness for a particular purpose regarding the product described herein In no event shall Nomadix Inc be liable to anyone for special collateral incidental or ...

Page 4: ...trische Bauteile AVISO Riesgo de shock eléctrico No abrir No hay piezas configurables dentro CAUTION Read the instruction manual prior to operation ATTENTION Lire le mode d emploi avant utilisation ACHTUNG Lesen Sie das Handbuch bevor Sie das Gerät in Betrieb nehmen PRECAUCIÓN Leer el manual de instrucciones antes de poner en marcha el equipo 30851 Agoura Rd Suite 102 Agoura Hills CA 91301 USA hea...

Page 5: ...ess Control 9 Bandwidth Management 10 Billing Records Mirroring 10 Bridge Mode 10 Class Based Queueing 11 Command Line Interface 13 Credit Card 14 Dynamic Address Translation 14 Dynamic Transparent Proxy 14 End User Licensee Count 14 External Web Server Mode 15 Home Page Redirect 15 iNAT 15 Information and Control Console 16 Initial NSE Configuration 17 Internal Web Server 17 International Languag...

Page 6: ...le 28 Multiple Unit Clustering 29 Identifying the Resident Gateway in a Cluster Environment 29 Load Balancing and Link Failover 31 Definitions and Concepts 31 Load Balancing across Multiple Low Speed Links 34 Failover to Standby ISP Link 34 Separate Guest HSIA and Admin ISP Links with Failover Between Each ISP Link 35 Guest HSIA Failover Only to Admin Network 36 Sharing Guest HSIA Network and Hote...

Page 7: ... Options recommended 62 Assigning the Location Information and IP Addresses 65 Logging Out and Powering Down the System 67 Connecting the Access Gateway to the Customer s Network 67 Establishing the Basic Configuration for Subscribers 68 Setting the DHCP Options 69 DHCP Options from RFC 2132 70 DHCP Dynamic Enable and Disable 73 Setting the DNS Options 74 Archiving Your Configuration Settings 76 I...

Page 8: ...through Addresses 143 Assigning a PMS Service PMS 144 Setting Up Port Locations Port Location 151 Setting up Quality of Service QoS 157 Defining the RADIUS Client Settings RADIUS Client 158 Defining the RADIUS Proxy Settings RADIUS Proxy 163 Defining the Realm Based Routing Settings Realm Based Routing 167 Managing SMTP Redirection SMTP 176 Managing the SNMP Communities SNMP 177 Enabling Dynamic M...

Page 9: ... Profiles Add 216 Displaying Current Subscriber Connections Current 222 Deleting Subscriber Profiles by MAC Address Delete by MAC 223 Deleting Subscriber Profiles by User Name Delete by User 224 Displaying the Currently Allocated DHCP Leases DHCP Leases 225 Deleting All Expired Subscriber Profiles Expired 225 Finding Subscriber Profiles by MAC Address Find by MAC 226 Finding Subscriber Profiles by...

Page 10: ...ure 278 Rebooting the System Reboot 280 Routing Tables Routing 280 Establishing Session Rate Limiting Session Limit 282 Adding Static Ports Static Port Mapping Add 283 Deleting Static Ports Static Port Mapping Delete 284 Blocking a Subscriber Interface Subscriber Interfaces 285 Updating the Access Gateway Firmware Upgrade 286 Chapter 4 The Subscriber Interface 287 Overview 287 Authorization and Bi...

Page 11: ...elected Detailed Descriptions 339 Nomadix Vendor Specific Attributes 340 Setting Up the SSL Feature 342 Prerequisites 342 Obtain a Private Key File cakey pem 342 Installing Cygwin and OpenSSL on a PC 343 Private Key Generation 346 Create a Certificate Signing Request CSR File 349 Create a Public Key File server pem 350 Setting Up Access Gateway for SSL Secure Login 353 Setting Up the Portal Page 3...

Page 12: ...ACCESS GATEWAY xii ...

Page 13: ...his guide to take full advantage of the Access Gateway s functionality and features Refer to Product Specifications on page 315 for a list of Access Gateway Products that this document supports The Nomadix Access Gateway hardware is configured and controlled by Nomadix Service Engine NSE software The NSE 7 4 is the last Software Release that supports the AG2300 AG3100 and AG5500 NSE 8 0 series sof...

Page 14: ...thorization and billing processes utilized by the system and the Nomadix Information and Control Console Chapter 5 Quick Reference Guide Contains product reference information organized by topic and functionality It also contains a full listing of all product configuration elements sorted alphabetically and by menu Chapter 6 Troubleshooting Provides information to help you resolve common hardware ...

Page 15: ...ution to a set of complex issues in the Enterprise Public LAN and Residential segments Product Configuration and Licensing All Nomadix Access Gateway products are powered by our patented and patent pending suite of embedded software called the Nomadix Service Engine NSE The Access Gateway employs our NSE core software package and comes pre packaged with the option to purchase additional modules to...

Page 16: ...erage your existing network investment to create new revenue streams Enables you to provide Wi Fi access as a billable service or as an amenity to augment the main line of business for your venue Contains an advanced XML interface for accepting and processing XML commands allowing the implementation of a variety of service plans and offerings Offers three user friendly ways of remote management th...

Page 17: ...der In fact most users are reluctant to make changes to their computer s network settings and won t even bother This fact alone has prevented the widespread deployment of broadband network services Our patented Dynamic Address Translation DAT functionality offers a true plug and play solution by enabling a seamless and transparent experience and the tools to acquire new customers on site DAT great...

Page 18: ...gent Network Address Translation feature creates an intelligent mapping of IP Addresses and their associated VPN tunnels by far the most reliable multi session VPN passthrough to be tested against diverse VPN termination servers from companies such as Cisco Checkpoint Nortel and Microsoft Nomadix iNAT feature allows multiple tunnels to be established to the same VPN server creating a seamless conn...

Page 19: ...r s session As an alternative to the ICC a simple pop up window provides the opportunity to display a single logo 5 The Goodbye page is a post session page that can be defined either as a RADIUS VSA or be driven by the Internal Web Server IWS in the NSE Using the IWS option means that this functionality is also available for other post paid billing mechanisms for example post paid PMS ...

Page 20: ...The NSE s core package of features includes Access Control Bandwidth Management Billing Records Mirroring Bridge Mode Class Based Queueing Command Line Interface Credit Card Dynamic Address Translation Dynamic Transparent Proxy End User Licensee Count External Web Server Mode Home Page Redirect iNAT Information and Control Console Internal Web Server International Language Support IP Upsell Logout...

Page 21: ... IP address of administrator logins A login is permitted only if a match is made with the master list contained within the NSE If a match is not made the login is denied even if a correct login name and password are supplied The access control list supports up to 50 fifty entries in the form of a specific IP address or range of IP addresses The NSE also offers access control based on the interface...

Page 22: ...ers that have been previously defined by system administrators The NSE assumes control of billing transmissions and the saving of billing records By effectively mirroring the billing data the NSE can send copies of billing records to predefined carbon copy servers Additionally if the primary and secondary servers are not responding the NSE can store up to 2 000 billing records The NSE regularly at...

Page 23: ...ity Minimum Bandwidth Maximum Bandwidth Class based queueing does not apply rules to individual users You may use bandwidth limits to restrict individual users if desired Class based queueing does not provide application level layer 7 throttling or class of service Rules are applied when there is contention for bandwidth i e when link is saturated Use Case Property has 100 Mbps WAN Link In this sc...

Page 24: ...s then the Guest Room class could take 100 of the bandwidth 100Mbps If users are introduced into the Conference class Priority 1 and this creates contention then they will take bandwidth away from each of the other two classes until each reaches its minimum Example Illustration of Class Based Queueing The following diagram demonstrates the effect of Class Based Queueing with a saturated link of 20...

Page 25: ... unassigned subscribers will be completely starved for bandwidth In a mixed user environment care should be taken to ensure top priority classes have sensible maximum thresholds To take advantage of the class bandwidth queuing one should assign subscribers to a minimum bandwidth and specific class See also Class Based Queueing on page 105 Command Line Interface The Command Line Interface CLI is a ...

Page 26: ...uter s configuration settings or client side software The NSE supports both PPTP and IPSec VPNs in a manner that is transparent to the user and that provides a more secure standard connection See also Transparent Connectivity on page 5 Dynamic Transparent Proxy The NSE directs all HTTP and HTTPS proxy requests through an internal proxy which is transparent to subscribers no need for users to perfo...

Page 27: ... the authentication process This means that anyone will get redirected to a Web page to establish an account select a service plan and pay for access Home Page redirect enables redirection to a page after the authentication process for example to welcome a specific user to the service after the user has been identified by the authentication process See also Portal Page Redirect on page 19 iNAT Nom...

Page 28: ...lic access location Dynamically adjusts the mode of address translation during the user s session depending on the packet type Supports users with static private IP addresses for example 192 168 x x or public different subnet IP addresses without any changes to the client IP settings Dramatically heightens the reusability factor of costly public IP addresses Information and Control Console The Nom...

Page 29: ...urable and contains the customer s company logo or any other image file they desire To support PDAs and other hand held devices the NSE automatically formats the IWS pages to a screen size that is optimal for the particular device being used See also 5 Step Service Branding International Language Support International Language Support The NSE allows you to define the text displayed to your users b...

Page 30: ... for configuring up sell scenarios Users can be assigned WAN s of different bandwidth capabilities for example hotel guests with loyalty memberships can qualify for premium services Load Balancing NSE releases 8 2 and later provide load balancing as an optional module See Load Balancing and Link Failover on page 31 for a more complete description and typical use cases Logout Pop Up Window As an al...

Page 31: ...hat assures accurate synchronization to the millisecond of computer clock times in a network of computers NTP synchronizes the client s clock to the U S Naval Observatory master clocks Running as a continuous background client program on a computer NTP sends periodic time requests to servers obtaining server time stamps and using them to adjust the client s clock Portal Page Redirect The NSE conta...

Page 32: ...gateway and terminated at the NOC Network Operations Center See also Secure Management on page 21 NSE releases 8 2 and later provide a Radius VSA that supports assigning specific users to specific WAN interface See Defining Automatic Configuration Settings Auto Configuration on page 95 RADIUS Client Nomadix offers an integrated RADIUS Remote Authentication Dial In User Service client with the NSE ...

Page 33: ...pot location further supporting a Wi Fi wholesale model This functionality allows users to interact only with their chosen provider in a seamless and transparent manner Remember Me and RADIUS Re Authentication The NSE s Internal Web Server IWS stores encrypted login cookies in the browser to remember logins using usernames and passwords This Remember Me functionality creates a more efficient and b...

Page 34: ... Lifetimes etc 2 The exchange of management traffic either originating at the NOC or from the edge device through the IPSec tunnel Alternatively AAA data such as RADIUS Authentication and Accounting traffic can be sent through the IPSec tunnel See also RADIUS driven Auto Configuration on page 20 The advantage of using IPSec is that all types of management traffic are supported including the follow...

Page 35: ...and if necessary then block malicious users Session Termination Redirect Once connected to the public access network the NSE will automatically redirect the customer to a Web site for local or personalized services if the customer logs out or the customer s account expires while online and the goodbye page is enabled In addition the NSE also provides pre and post authentication redirects as well a...

Page 36: ...x is the only company to simultaneously support port based authentication using IEEE 802 1x and authentication mechanisms used by Smart Clients MAC based authentication is also available See also Access Control and Authentication Smart Client Support URL Filtering The NSE can restrict access to specified Web sites based on URLs defined by the system administrator URL filtering will block access to...

Page 37: ... Web Management Interface Nomadix Access Gateways can be managed remotely via the built in Web Management Interface where various levels of administration can be established See also Using the Web Management Interface WMI on page 80 ...

Page 38: ... business continuity In the event that one or more links fail traffic is seamlessly rerouted to the remaining surviving links without lapse of service When the failed links recover the NSE routes new connections toward the now working links until a normal balanced configuration is reached For details of the Load Balancing capabilities and sample use cases see Load Balancing and Link Failover on pa...

Page 39: ...ity with a customer s Property Management System High Availability Module The optional High Availability Module offers enhanced network uptime and service availability when delivering high quality Wi Fi service by providing Fail Over functionality This module allows a secondary Nomadix Access Gateway to be placed in the network that can take over if the primary device fails ensuring Wi Fi service ...

Page 40: ...an be deployed effectively in a variety of wireless and wired broadband environments where there are many users usually mobile who need high speed access to the Internet The following example shows a potential Hospitality application Phone Laptop DSL Modem PMS DSLAM PBX Router AG ...

Page 41: ... will distribute the subscribers MAC addresses according to a modulus calculation based on the last three bytes of the MAC address of the subscriber The result will determine which gateway will support that MAC address while the other gateways ignore the traffic for the MAC With the 8 3 release there is currently no failover in support of clustering This will be addressed in later releases The fol...

Page 42: ...ACCESS GATEWAY 30 Introduction The following graphic illustrates a clustering scenario with 12 000 users and three gateways ...

Page 43: ... For example a hotel may aggregate 5 x 1 5Mbps DSL connections together This means that a total of 7 5Mbps of bandwidth is available to be shared across all users but a single user can receive a maximum of 1 5Mbps All load balancing appliances as well as the Nomadix NSE support link aggregation In most cases link aggregation and load balancing is effectively the same thing Link Failover Link failo...

Page 44: ...vailability Detection Method and Time Load balancing and failover requires some form of monitoring of each ISP link to determine its availability for executing load balancing and failover decisions Generally link monitoring is accomplished by two different methods 1 Periodic probing of predefined hosts using HTTP or ICMP ping requests 2 Periodic DNS queries to the DNS servers provided by each ISP ...

Page 45: ...P link is down on the basis that providing a reduced HSIA service is better than no service at all when the main ISP link is down Alternatively the organization may have multiple ISP links and wants to be able to fully utilize all of them under normal conditions The Nomadix NSE supports both failover only and combined load balancing with failover 2 In some instances suitable high speed internet se...

Page 46: ...h free users connected to a lower quality link with link failover still available if the preferred link fails Some examples of typical common deployment scenarios are outlined below These are just examples and other deployment scenarios can be handled as well Load Balancing across Multiple Low Speed Links In this example an establishment has access to only low speed DSL based ISP circuits and wish...

Page 47: ...ISP circuits Under normal circumstances Guests will be connected to the Guest HSIA ISP and Hotel Admin users will connect to the Admin ISP If either link fails then failover to the other link will occur If the Guest HSIA link fails the guests will be connected to the Admin ISP link until the Guest HSIA link is restored If the Admin ISP link fails the Admin users will be connected to the Guest HSIA...

Page 48: ...e Guest HSIA network and Hotel Admin network The hotel wants the Admin network to be available as a back up link in case the Guest HSIA ISP link fails There is no back up for the Admin ISP network The Nomadix NSE is configured with link failover between the WAN port and port ETH2 which is connected to the hotel Admin network router ...

Page 49: ... Nomadix NSE in a similar method to the first scenario but both the guest HSIA network and the Hotel Admin network are connected to the NSE and share the aggregate bandwidth of the combined ISP links The Nomadix NSE is configured for load balancing and the back office router s MAC address is registered in as a device in the NSE with an appropriate bandwidth limit ...

Page 50: ...de domestic service provided by the local cable TV operator The hotel has a number of bill plan options including free to use and pay to use premium plans Under normal circumstances the hotel wants guests who have selected a free plan to use the low cost link and guests who have selected a premium service to use the higher cost business grade ISP connection If either link fails guest should fail o...

Page 51: ...ACCESS GATEWAY Introduction 39 ...

Page 52: ...you have an Internet connection to the Access Gateway and you want to access information quickly and efficiently It contains all the information you will find in this User Guide For more information about WebHelp and other online documentation resources go to Online Documentation and Help on page 57 Notes Cautions and Warnings The following formats are used throughout this User Guide General notes...

Page 53: ...edures Nomadix Access Gateway Installation Workflow The following flowchart illustrates the steps that are required to install and configure your Access Gateway successfully Review the installation workflow before attempting to install the Once you have installed your Access Gateway and established the configuration settings you should write the settings to an archive file If you ever experience p...

Page 54: ...AG and log in via a Telnet session or the Web Management Interface Set the basic configuration parameters for subscribers Network Connect the AG to a live network Use the DB9 serial cable 6 ft length between the AG s serial port and your computer Export your configuration settings to an archive file The AG is now ready for administrators to add delete or change unique subscriber profiles When prom...

Page 55: ... port or front Access RJ45 port and your computer 4 Turn on your computer and allow it to boot up 5 Turn on the Access Gateway User Manual and Documentation The Nomadix product user manuals product documentation and support files including MIB XML DTD and sample dictionary files are located at the following URL http www nomadix com current_releases php If you have any problems please contact our t...

Page 56: ...rd 1 EU Schuko CEE7 7 Power Cord 1 6 RJ45 DB9 Console Cable 2 Rack Mount Brackets 1 Bumper and Screw Kit Start Here 1 Unpack the Nomadix Access Gateway and place the product on a flat and stable work surface 2 Register the gateway for support services by completing and returning the Nomadix Gateway Registration Form hardcopy enclosed or obtain the form online at http www nomadix com registration 3...

Page 57: ... address is 172 30 30 172 6 Power up your computer and turn on the product You can then configure the WAN for a static IP address DHCP Client or PPPoE client using appropriate configuration guidelines that follow in order to obtain the license key Once the key has been obtained the web management interface WMI can be used to continue configuration LCD Messages Some Access Gateway hardware models a...

Page 58: ...E KEY INFORMATION INSTALLATION WILL NOW TRY TO CONTACT THE NOMADIX LICENSE KEY SERVER IN ORDER TO PROCEED THE NSE MUST BE ABLE TO CONNECT TO THE INTERNET DO YOU WANT TO CONFIGURE THE NSE S IP AND DNS SETTINGS yes no y Configuring minimal WAN interface connectivity parameters Configuration Mode static static dhcp pppoe Figure 1 Initial minimal WAN port configuration Select the desired configuration...

Page 59: ...e nomadix com DNS Server 1 Your primary DNS IP address DNS Server 2 DNS Server 3 0 0 0 0 Additional NAT IP addresses Disabled show all Show all WAN Interface configuration show interface name Show a single WAN Interface configuration modify interface name Modify a single WAN Interface configuration Type b to go back esc to abort for help Ethernet port WAN interface configuration Figure 3 WAN port ...

Page 60: ...ID 1 DNS Domain Name Your domain name DNS Server 1 Your primary DNS IP address DNS Server 2 DNS Server 3 0 0 0 0 Additional NAT IP addresses Disabled show all Show all WAN Interface configuration show interface name Show a single WAN Interface configuration modify interface name Modify a single WAN Interface configuration Type b to go back esc to abort for help Ethernet port WAN interface configur...

Page 61: ... Password PPP IP Configuation Mode dynamic dynamic static PPP Static IP Address 0 0 0 0 PPP Maximum TCP MSS 1452 WAN 802 1Q tagging Disabled VLAN ID 1 DNS Domain Name nomadix com DNS Server 3 0 0 0 0 Figure 6 Selecting PPPoE with dynamic IP configuration A WAN port summary page will then be displayed as shown in Figure 7 Port Name WAN Port Role wanIf Configuration Mode pppoe IP Address Your IP add...

Page 62: ...go to step 2 Step 1d PPPoE Static IP Client Configuration Use the same steps for configuring dynamic PPPoE shown in Figure 6 above but select static for PPP IP Configuration Mode and enter your IP address for PPP Static IP Address A summary page similar to Figure 7 above will be displayed If everything is correct in the summary type b ack to return to the previous menu and proceed to step 2 to ent...

Page 63: ...ves the license key from the Nomadix license key server then reboots PLEASE READ THE NOMADIX END USER LICENSE AGREEMENT AGREEMENT INCLUDED WITH THE NOMADIX PRODUCT BY USING THIS SOFTWARE YOU INDICATE YOUR ACCEPTANCE OF THE AGREEMENT I AGREE TO THE TERMS AND CONDITIONS OF THE NOMADIX END USER LICENSE AGREEMENT Y ES N O y The system will now try to contact the Nomadix License Key Server Please wait ...

Page 64: ...ver go to DHCP under the Configuration menu You can either modify the default DHCP pool or delete add another DHCP pool The total lease pool size recommendation is 75 more than the number of licensed subscribers DHCP Parameter Your Settings Default Values DHCP Services Disable no DHCP Relay Yes No If No skip to DHCP Server no DHCP Relay Server IP Address blank DHCP Relay Agent IP Address blank DHC...

Page 65: ...ters depending on the customer s network architecture The Access Gateway Menu is your starting point From here you access all the system administration items from the 5 five primary menus available Configuration Network Info Port location Subscribers System The Access Gateway supports various methods for managing the system remotely These include an embedded graphical Web Management Interface WMI ...

Page 66: ...ta or commands until you hit the Enter key Menu Organization Web Management Interface When you have successfully installed and configured the Access Gateway from the CLI you can then access the Access Gateway from its embedded Web Management Interface WMI The WMI is easier to use point and click and includes some items not found in the CLI You can use either interface depending on your preference ...

Page 67: ...ACCESS GATEWAY Installing the Access Gateway 55 Note Your browser preferences or Internet options should be set to compare loaded pages with cached pages ...

Page 68: ...Messages subscriber other messages 72 Description of Service billing options Plan 140 Home Page URL 237 Host Name and Domain Name DNS settings 64 IP DNS Name passthrough addresses 237 Label billing options plan 16 Location settings all fields 99 Partner Image File Name 12 Password adding subscriber profiles 128 Port Description finding ports by description 63 Redirection Frequency in minutes 2 147...

Page 69: ...on of this User Guide viewable with Acrobat Reader README files white papers technical notes and business cases Quick Reference Guide This section provides information to help you navigate and use the management interfaces CLI and Web quickly and efficiently It also contains the product specifications a listing of the factory default settings sample log reports listings of commands by menu and alp...

Page 70: ...P OpenView to manage and monitor the Access Gateway remotely Enabling the Logging Options recommended Servers must be assigned and set up if you want to create system and AAA billing log files and retrieve error messages generated by the Access Gateway When establishing the start up configuration for a new installation you are connected to the Access Gateway via a direct serial connection you do n...

Page 71: ...nd operators where managers are permitted read write access and operators are restricted to read access only Once the logins have been assigned managers have the ability to perform all write commands Submit Reset Reboot Add Delete etc but operators cannot change any system settings When Administration Concurrency is enabled one manager and three operators can access the Access Gateway at any one t...

Page 72: ...81 1 Enter c configuration at the Access Gateway Menu The Configuration menu appears 2 Enter sn snmp 3 Enable the SNMP daemon as required The system displays any existing SNMP contact information and prompts you to enter new information If this is the first time you have initialized the SNMP command since removing the Access Gateway from its box the system has no information to display there are n...

Page 73: ...ion The following are the steps are needed to configure the main WAN interface 1 Enter c configuration at the Access Gateway Menu The Configuration menu appears 2 Enter eth ethernet 1 After you have entered yes to the initial prompt enter mod int WAN or m i WAN modify interface WAN Note that modes and interface names are case sensitive The configuration then steps through the settings one by one 2...

Page 74: ...able either of these options When system logging is enabled the standard SYSLOG protocol UDP is used to send all message logs generated by the Access Gateway to the specified server 1 Enter log logging at the Configuration menu The system displays the current logging status enabled or disabled 2 Enable or disable the system and or AAA logging options as required If you enable either option go to S...

Page 75: ...em Log disabled enable Enter System Log Number 0 7 0 2 Enter System Log Filter 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Info 7 Debug Select an option from above 7 7 Enter System Log Server IP 255 255 255 255 10 10 10 10 Enable disable System Log Save to file disabled enable Enable disable AAA Log disabled enable Enter AAA Log Number 0 7 0 2 Enter AAA Log Filter 0 Emergency 1 Ale...

Page 76: ...racking Log Number 0 7 0 2 Enter Tracking Log Server IP 255 255 255 255 10 10 10 10 Enable disable Tracking Log Save to file disabled Enable Disable Name Reporting disabled enable Enable Disable Port Reporting disabled enable Enable Disable Location Reporting disabled enable Enable Disable 500th Packet Count Reporting disabled enable System Log Enabled System Log Number 2 System Log Filter 7 Syste...

Page 77: ...s part of the system s start up configuration otherwise the Access Gateway will not be visible on the network 1 Enter c configuration at the Access Gateway Menu The Configuration menu appears 2 Enter loc set Location options The system displays the Company Name If the name displayed is not correct or no name is entered enter it now 3 When prompted enter the company s address line by line 6 lines 4...

Page 78: ...er your site name sitename Coffee House Please enter your address Line 1 line1address newline1 Line 2 line2address newline2 City city newcity State state newstate Zip Postal Code zip newzip Country country newcountry Please enter your email address em em com newmail email com Please select the venue type that most reflects your location 1 Apartment 2 Bar Coffeeshot Restaurant 3 Convention Center 4...

Page 79: ...face is enabled based on your new configuration settings which are saved to the Access Gateway s on board flash memory Go to Logging Out and Powering Down the System on page 67 Logging Out and Powering Down the System Use this procedure to log out and power down the Access Gateway 1 Enter l logout at the Access Gateway Menu Your serial session closes automatically 2 Turn off the Access Gateway and...

Page 80: ...onfiguration and installed the unit onto the customer s network connect to the Access Gateway via Telnet You must now set up the basic configuration parameters for subscribers including Setting the DHCP Options DHCP Dynamic Host Configuration Protocol allows you to assign IP addresses automatically to subscribers who are DHCP enabled The Access Gateway can relay the service through an external DHC...

Page 81: ...d DHCP Clients disabled The Access Gateway s adaptive configuration technology provides Dynamic Address Translation DAT functionality DAT is automatically configured to facilitate plug and play access to subscribers who are misconfigured with static permanent IP addresses or subscribers that do not have DHCP capability on their computers DAT allows all users to obtain network access regardless of ...

Page 82: ...to subscribers who obtain their network configuration from the NSE via DHCP This capability only applies to the NSE s DHCP Server function There is no change to the NSE s operation as a DHCP client The options are configurable on a per pool basis Different sets of options can be configured for different pools A given DHCP option consists of an option code and a value RFC 2132 details the various a...

Page 83: ...ad 53 DHCP message type 255 end Unrecognized options Options 62 63 77 254 are unrecognized Some of these codes are legitimate and are defined in other RFCs while others are not defined These option codes are not explicitly disallowed on the NSE but the NSE is unaware of them that is it will make no attempt to validate either the code or the data It is the administrator s responsibility to ensure t...

Page 84: ...ACCESS GATEWAY 72 Installing the Access Gateway ...

Page 85: ...e Click Configuration DHCP Click the Server IP and Enable this DHCP Pool See box in Red below Note that DHCP enable disable is dynamic no reboot required Click Configuration DHCP A new column under existing DHCP Pools table for DHCP pool enable is introduced See box in Red below ...

Page 86: ...P Leases The DHCP leases Page displays all the current DHCP leases on the NSE Setting the DNS Options DNS allows subscribers to enter meaningful URLs into their browsers instead of complicated numeric IP addresses by automatically converting the URLs into the correct IP addresses You ...

Page 87: ... addresses for the DNS servers located at the customer s network operating center where DNS requests are sent 6 You must now reboot the system for your settings to take effect Enter y yes to reboot the Access Gateway Sample Screen Response Configuration dns NOTE If DHCP Client or PPPoE Client is enabled the Primary and Secondary DNS Server may not be configured since the DHCP PPPoE server may prov...

Page 88: ...ration Settings to the Archive File Export on page 268 Importing Configuration Settings from the Archive File Import on page 273 Installing the Nomadix Private MIB The Nomadix Private Management Information Base MIB allows you to view and manage SNMP objects on your Access Gateway To use the MIB you must obtain the appropriate nomadix mib file for your Access Gateway This file is available in the ...

Page 89: ...n the Access Gateway s CLI or Web Management Interface under the Configuration menu snmp 3 All variables defined by Nomadix start with the following prefix iso org dod internet private enterprises nomadix 4 You should now be able to define queries and set the SNMP values on your Access Gateway If necessary consult this User Guide or your SNMP client manager s documentation for further details We r...

Page 90: ...ACCESS GATEWAY 78 Installing the Access Gateway ...

Page 91: ...ely with any of the following interface options Using the Web Management Interface WMI Provides a powerful and flexible Web interface for network administrators Using an SNMP Manager Allows remote Windows management using an SNMP client manager for example HP OpenView However before you can use SNMP to access the Access Gateway you must set up the appropriate SNMP communities For more information ...

Page 92: ...responding work screen then appears in the right side frame From here you can control the features and settings related to your selection Although the appearance is very different from the Command Line Interface the information displayed to you is basically the same The only difference between the two interfaces is in the method used for making selections and applying your changes selections are c...

Page 93: ...ate These objects include hardware configuration parameters and performance statistics Managed objects are arranged into a virtual information database called a Management Information Base MIB SNMP enables managers and agents to communicate with each other for the purpose of accessing these MIBs and retrieving data See also Installing the Nomadix Private MIB on page 76 The following example shows ...

Page 94: ...eature is mentioned in the body text Configuration Menu Defining the AAA Services AAA This procedure shows you how to set up the AAA Authentication Authorization and Accounting service options AAA Services are used by the Access Gateway to authenticate authorize and subsequently bill subscribers for their use of the customer s network The Access Gateway currently supports several AAA models which ...

Page 95: ...ACCESS GATEWAY System Administration 83 ...

Page 96: ...ACCESS GATEWAY 84 System Administration ...

Page 97: ...r disable Print Billing Command as required This feature enables NSE to support Driverless Print servers If this feature is enabled you must enable the XML interface and enter the IP address for the XML interface Step 3 and Step 4 With Print Billing enabled print servers can bill subscribers rooms for printing their documents without them having to install printers The DNS name print server com wi...

Page 98: ... The billing methods RADIUS Credit Card PMS L2TP Tunneling and the billing plans available on each port can now be individually configured This ability allows for having different billing methods and billing plans on different ports identified by VLANs or SNMP Port Query of the concentrator A practical application of this feature is to have a normal hotel room with a plan A that is 9 99 for a day ...

Page 99: ...horized subscribers based on their MAC hardware address and user name if enabled By referring to its database record also known as an authorization table the Access Gateway instantly recognizes new subscribers on the network You can configure the Access Gateway to handle new subscribers in various ways see the table on this page With the IWS you also have the option of enabling SSL support After s...

Page 100: ...e feature provide the following supporting information Portal Page URL Parameter Passing enabled or disabled Parameter Signing including Method Parameters and Shared Secret Portal XML POST URL Portal XML Post Port Support GIS Clients enabled or disabled Block IWS Login Page enabled or disabled To enable SSL Support your Access Gateway s flash must include the server pem cakey pem and cacert pem ce...

Page 101: ...ng purposes The Access Gateway is configured to use Authorize net You will need to open a merchant account with Authorize net or Datacenter Luxembourg before this feature can be used Please contact Nomadix Technical Support for assistance Refer to Contact Information on page 365 9 If you enabled the Credit Card Service define which service you require Authorize net from the pull down menu 10 If th...

Page 102: ...tion System Reboot in the Web Management Interface 16 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state Enabling AAA Services with an External Web Server You are here because you want to enable the AAA Services with an External Web Server EWS In the EWS mode the Access Gateway redirects the subscriber s login re...

Page 103: ...ed by the NSE and EWS or IWS Portal Page to validate subscriber access This capability eliminates a vulnerability that was previously exploited to gain unauthorized Internet access at charge for use sites The signing feature can create a cryptographically strong signature that protects the sensitive portions of a URL redirection string i e NSE ID MAC address of the subscriber etc while letting the...

Page 104: ...s to interfaces Telnet WMI and FTP SSH and SFTP and incorporates a master access control list that checks the source IP address of administrator logins A login is permitted only to the interfaces that have not been blocked and only if a match is made with the master Source IP list contained on the Access Gateway If a match is not made with the Source IP list the login is denied even if a correct l...

Page 105: ...n 93 If the required certificates are not resident on the flash an attempted https connection will generate an error syslog 1 From the Web Management Interface click on Configuration then Access Control The Access Control screen appears ...

Page 106: ...ure Web Management access from the subscriber side to the NSE WMI Default setting is enabled FTP Access enables disables blocking of FTP access from the subscriber side to the NSE Default setting is enabled SFTP Access enables disables blocking of SFTP access from the subscriber side to the NSE Default setting is enabled SSH Shell Access enables disables blocking of SSH shell access from the subsc...

Page 107: ... address in the Access Control End IP field If you are removing a single IP address enter None in the Access Control End IP field 10 Click on the Remove button to remove the IP address or range of IP addresses from the list Defining Automatic Configuration Settings Auto Configuration The Access Gateway allows you to define parameters to enable the automatic configuration of the system See also RAD...

Page 108: ...onfiguration Settings screen appears 2 Enable or disable Autoconfiguration as required 3 If you enabled Autoconfiguration you must enter the following information into the corresponding fields RADIUS Authentication Name RADIUS Password Confirm Password 4 Click on the check box for Reboot after changes are saved to reboot the system when you submit your changes 5 Click on the Submit button to save ...

Page 109: ... automated login into the centralized FTP server and the actual download process into the flash The Auto Configuration setup requires a few basic steps to be completed by both the field engineer and the NOC administrator Administrative Steps to Enable Auto Config Typically these tasks are performed either at a device pre staging center or by the field engineer 1 Establish a WAN connection and elec...

Page 110: ...le and illustration of the FTP server setup The Nomadix device will automatically initiate one reboot to enable the new settings Configuration updates for network maintenance can be accomplished by simply enabling the Auto Configuration option and rebooting the device for example using SNMP See also Defining Automatic Configuration Settings Auto Configuration Setting Up Bandwidth Management Bandwi...

Page 111: ...eeds in Kbps in the appropriate fields 4 If required select Group Bandwidth Policies Bandwidth Management must be enabled before you can enable and specify Group Bandwidth Policies Note In NSE releases 8 2 and later the Bandwidth Management page only globally Enables and Disables Bandwidth Management and Group Bandwidth Policies Bandwidth settings themselves are set for each WAN interface in Ether...

Page 112: ...forementioned collection The subscriber authorized by the Access Accept is associated with the newly installed bandwidth policy ID and the bandwidth limits returned are invoked When the Access Accept for a subscriber contains a bandwidth policy ID already present on NSE the subscriber is associated with the existing group policy All subscribers that are now members of the group share the total ban...

Page 113: ...r subscriber and group bandwidth rates simultaneously for the same subscribers The RADIUS server must specify either per subscriber or group bandwidth attributes However in case a RADIUS Access Accept contains both individual and group bandwidth attributes the NSE will use the group attributes and ignore the per subscriber attributes Group Bandwidth Limit Policy Enable The Group Bandwidth feature ...

Page 114: ... Administration Group Bandwidth Limit Policy Current Table When the feature is enabled a group bandwidth policy ID column is displayed in the current table Once policies are instantiated policy information can be viewed via XML ...

Page 115: ...Gateway can also send copies of billing records to predefined carbon copy servers Additionally if the primary and secondary servers are down the Access Gateway can store up to 2 000 credit card transaction records When a connection is re established with either server the Access Gateway sends the stored information to the server no records are lost For more information about the bill record mirror...

Page 116: ...y identification code in the Property ID field 4 Enter the communication parameters for the primary server that is to be used for mirroring including Primary IP URL Secret Key 5 Repeat Step 4 for the secondary server if any and all carbon copy servers 6 Define the fail safe provisions including Retransmit Method Alternate or do not alternate The Access Gateway and the mirror servers must use the s...

Page 117: ...ueueing Nomadix Class Based Queueing provides a flexible way to control the bandwidth provided to individual groups of users classes Classes have both maximum and minimum bandwidth specifications You can add users to classes and apply attributes across entire classes Each class has 3 configurable attributes Priority Minimum Bandwidth Maximum Bandwidth Attributes are applied only when there is cont...

Page 118: ...ubclass is used to associate top level classes and subclasses Subscribers can only be assigned to sub classes Sub classes cannot access bandwidth greater than their assigned WAN link Top level classes can be assigned a priority of 1 through 8 Sub classes can be assigned a priority of 1 2 or 3 One is the highest priority Minimum bandwidths are respected regardless of priority Minimums maximum bandw...

Page 119: ...Estimator to evaluate traffic scenarios Given different loads per class the interface provides the estimated effective throughput You can use this tool to preview how bandwidth will be assigned based on Class Based Queueing structure and priority settings Assigning Users to a Class There are four ways to assign users to a particular class Radius ...

Page 120: ...covered in the 8 4 XML DTD documentation available from www nomadix com support Assigning a User to a Class using the Subscriber Administration menu The procedures for Adding Subscriber Profiles Subscriber Administration Add support adding a subscriber device or group account profile to a class See Adding Subscriber Profiles Add on page 216 Assigning a User to a Class Using Bill Plans Subscriber I...

Page 121: ...ion HTTP Redirect provides DNS triggered redirection of HTTP requests to one or more portal page URLs configured on the NSE Portal pages could include account status maps local information etc The NSE will intercept and respond to DNS queries containing configurable strings Subscribers requesting a website at that DNS will obtain a DNS response that contains a magic IP address which is the same va...

Page 122: ...irection response that contains the portal page URL followed by a query string The string will include various redirection parameters time stamped and signed if signing is enabled for that entry which it is not in this example The subscriber will follow the redirection string and will land on the portal page URL The portal will verify and analyze the query string and then will return the relevant ...

Page 123: ...GN signature SIGNED list of signed parameters METHOD signature method 1 From the Web Management Interface click on Configuration then Destination HTTP Redirection The Destination HTTP Redirection Settings screen appears 2 To enable Destination HTTP Redirection click on the Enabled check box The default setting is disabled You may create up to 20 portal pages 3 In the Portal Pages section enter the...

Page 124: ...k on the Reset button if you want to reset all the values to their previous state Portal page setting are saved to the table in Existing Portal Page entries section of the screen From that table you can edit or delete existing portal pages Managing the DHCP service options DHCP When a device connects to the network the DHCP server assigns it a dynamic IP address for the duration of the session Mos...

Page 125: ...ss Translation DAT functionality is automatically configured to facilitate plug and play access to subscribers who are misconfigured with static permanent IP addresses or subscribers that do not have DHCP capability on their computers DAT allows all users to obtain network access regardless of their computer s network settings By default the Access Gateway is configured to act as its own DHCP serv...

Page 126: ...ol address the Access Gateway associates their MAC address with their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a private pool address This feature enables a competitive solution and is an instant revenue generator for ISPs The IP Upsell functionality solves a number of connectivity problems especially with regard to L2TP and ...

Page 127: ...er a valid DHCP Server IP address for the DHCP server 10 Enter the DHCP Server Netmask 11 Enter the starting and ending IP addresses for the DHCP address pool you want to use DHCP Pool Start IP DHCP Pool Stop IP 12 Enter the DHCP Lease Minutes 13 Select Public Pool or Private Pool as required A public IP address will not be translated by DAT ...

Page 128: ...em or click on the Reset button if you want to reset all the values to their previous state The existing lease pool and lease table are deleted and the Access Gateway reboots The Access Gateway can issue IP addresses to any DHCP enabled subscriber who enters the network Enabling DNSSEC Support DNSSEC support adds authentication and integrity capability to DNS systems The DNSSEC feature in the NSE ...

Page 129: ...the DNS Options DNS DNS allows subscribers to enter meaningful URLs into their browsers instead of complicated numeric IP addresses by automatically converting the URLs into the correct IP addresses You can assign a primary secondary or tertiary third DNS server The Access Gateway utilizes whichever server is currently available Use the following procedure to set the DNS configuration options 1 Fr...

Page 130: ...and a Proxy DNS Port 6 When finished you must reboot the system for the new settings to take effect Click on the check box for Reboot after changes are saved to reboot the system after saving your changes 7 Click on the Submit button to save your changes and reboot the system or click on the Reset button if you want to reset all the values to their previous state Managing the Dynamic DNS Options D...

Page 131: ...g and dyndns org secure are supported The default setting is dyndns org secure In the Server field enter the server name to which the client sends updates to the DDNS server Select the port number for the server from the Port menu 4 Enter the Account Information Enter the host name which is the DDNS name that is mapped to the client IP address in the Hostname field DDNS mapping is configured on th...

Page 132: ...ct Specifications on page 315 for these details The NSE can now support up to five AG5800 WAN interfaces at once using completely independent network settings for each Each WAN port has independent Mode IP DNS iNAT Monitoring Additional NAT addresses 802 1Q tagging and bandwidth settings Roles for most ports those marked either EthX or AuxX are unrestricted that is each port can be set to WAN Netw...

Page 133: ...ACCESS GATEWAY System Administration 121 To view and configure WAN interfaces select Configuration Ethernet Ports WAN The Current Interfaces Settings screen appears which summarizes all WAN connections ...

Page 134: ...irect This procedure shows you how to redirect the subscriber s browser to a specified home page Subscribers may also be redirected to a page specified by the solution provider without any interaction with the authentication process You must configure DNS if you want to enter meaningful URLs instead of numeric IP addresses into any of the Access Gateway s configuration screens ...

Page 135: ...their home page easily 5 In the Redirection Frequency field specify the frequency in minutes for home page redirection This is the interval at which the subscriber is redirected to the solution provider s home page automatically 6 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state Enabling Intelligent Address Tra...

Page 136: ...ter iNAT settings are configured individually for each interface 1 From the Web Management Interface click on Configuration then iNAT NSE releases 8 2 and later only A list of current iNAT settings appears You can select a specific interface to change its iNAT configuration The iNAT screen appears 2 Enable or disable the iNAT feature as required 3 If you enabled iNAT you have the option of enablin...

Page 137: ...nge of IP addresses up to 50 then click on the Add button to add the IP address es or click on the Remove button to delete the IP address es from the database Defining IPSec Tunnel Settings IPSec 1 From the Web Management Interface click on Configuration then IPSec The IPSec Tunnel Settings screen appears 2 Check the Enable IPsec checkbox to enable IP Security Note that you will have to reboot for...

Page 138: ...nnel Peers You can add a new IPSec tunnel peer or modify the settings of an existing IPSec tunnel peer from the IPSec Tunnel Settings screen Adding a new IPSec tunnel peer 1 Click the Add button in the IPSec Tunnel Peers table The IPSec Tunnel Peer Settings screen opens 2 Enter the IP address of the peer in the Tunnel Peer field 3 Enter a Dead Peer Detection interval integer value in seconds 4 Sel...

Page 139: ...PSec tunnel peer to the IPSec Tunnel Peers table on the IPSec Tunnel Settings screen 8 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel Settings screen Modifying an Existing IPSec Tunnel Peer 1 Click on the IPSec tunnel peer link that you wish to modify in the IPSec Tunnel Peers table The IPSec Tunnel Peer Settings screen opens 2 Modify the settings as desire...

Page 140: ...would like to add a security policy from the Tunnel peer IP address menu You must select a peer if the policy is using ESP or AH if the policy is a Discard or Bypass policy select none 3 In the Traffic Selectors section define a specific protocol by one of the following methods Select a specific protocol from the Protocol menu Enter a specific protocol number in the Protocol field Protocol numbers...

Page 141: ...d the IP address of network interface for this policy The Local IP Subnet is the IP address of the local network secured by the IPSec tunnel The address can specify a host The Subnet Mask is the subnet mask of the local network secured by the IPSec tunnel The address can specify a host The IP address of network interface for this policy is the IP Address for the NSE inside an IPSec tunnel The IP a...

Page 142: ... Enter the maximum life size in kbytes in the Maximum Lifesize field Enable the automatic renewal option by putting a check in the Automatic renewal checkbox The default setting is enabled 8 Click Add to add the policy to the IPSec Security Policy table on the IPSec Tunnel Settings screen 9 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel Settings screen Modi...

Page 143: ...d the number of subscribers currently using each interface Higher bandwidth settings will mean more subscribers will be assigned to that interface The subscriber will use the assigned interface for all traffic If a WAN interface goes down the subscribers currently assigned to that interface will be re assigned to the remaining interfaces Once that interface is restored current subscribers will NOT...

Page 144: ...ts will be characterized as either Available or Unavailable If Load Balancing is configured to use Interface Monitoring but Monitoring itself is not configured the status will be Unknown Using Link state will provide a faster response but using Interface Monitoring will assure that there is internet access through that port before assigning subscribers to it Run Time Status gives a useful summary ...

Page 145: ...d sets up your location and the corresponding IP addresses for the network interface subscriber interface subnet and default gateway You must provide your full location information 1 From the Web Management Interface click on Configuration then Location The Location Settings screen appears ...

Page 146: ...ACCESS GATEWAY 134 System Administration ...

Page 147: ...ceives its IP address from a DHCP Server select DHCP Nothing else needs to be configured If the Access Gateway receives a static IP address enter the static IP address Subnet Mask and Gateway in the Static Configuration Parameters box Changing these settings could result in loss of connectivity You must reboot the system if you make changes to any of the following IP settings You may lose your con...

Page 148: ...ddress configuration mode for the NSE Setting this to Dynamic will obtain a dynamic IP address from PPPoE server similar to DHCP client Setting this to static will require manually configuring IP address in the text box Maximum TCP MSS Please note that this is the MSS not MTU The maximum value suggested by the RFC is 1452 7 Enter a valid IP address in the Network IP Address Field The IP addresses ...

Page 149: ... new settings to take effect Click on the check box for Reboot after changes are saved to reboot the system after saving your changes 12 Click on the Submit button to save your changes and reboot the system or click on the Reset button if you want to reset all the values to their previous state Managing the Log Options Logging System logging creates log files and error messages generated at the sy...

Page 150: ...ACCESS GATEWAY 138 System Administration 1 From the Web Management Interface click on Configuration then Logging The Log Settings screen appears ...

Page 151: ...e flash directory of the NSE This setting abides by the other settings set for the syslogs like filters number and enable disable It is not required to input a server IP address if you intend to only store the syslogs locally Please leave the IP address field blank for such cases The following Logs are available for configuration on the NSE AAA Log These logs record events related to Authenticatio...

Page 152: ...3 58 2007 testlab S 192 168 2 4 3444 D 66 163 175 128 80 X 67 130 149 4 5004 non proxy 00 90 27 78 81 00 RADIUS IPASS 0U0000 INFO Access Gateway v2 4 113 LI OUT THU JUN 23 11 44 01 2007 testlab S 192 168 2 4 3444 D 66 163 175 128 80 X 67 130 149 4 5004 non proxy 00 90 27 78 81 00 RADIUS IPASS 0U0000 Field formats explained LI IN Day Month Date Time Year NSE_Site_Name S Source_IP Port D Destination...

Page 153: ...Enter the subscriber tracking log number in the Subscriber Tracking Log Number field This is the syslog number to identify this syslog to your Server 3 Enter the IP address of the Syslog server that is listening for the syslogs from your NSE in the Subscriber Tracking Log Server IP field PageFaults are stored in the file named lograw txt in the flash directory and is not viewable on the web manage...

Page 154: ...tton to save your changes or click on the Reset button if you want to reset all the values to their previous state When logging is enabled log files and error messages are sent to these servers for future retrieval To see sample reports go to Sample SYSLOG Report on page 333 and Sample AAA Log on page 332 Enabling MAC Authentication MAC Authentication 1 From the Web Management Interface click on C...

Page 155: ...se for MAC based Authentication purposes 7 Click Submit to save the settings or Reset to return the settings to the previous state Assigning Passthrough Addresses Passthrough Addresses The Access Gateway allows up to 300 IP passthrough addresses and DNS names This feature allows users to pass through the Access Gateway and access predetermined services for example the redirected home page at the s...

Page 156: ...vice PMS The Access Gateway can be integrated with existing Property Management Systems For example by integrating with a hotel s PMS the Access Gateway can post charges for Internet access directly to a guest s hotel bill In this case the guest is billed only once The Access Gateway outputs a call accounting record to the PMS system whenever a subscriber purchases Internet service and decides to ...

Page 157: ...s functionality allows hotels to seamlessly deploy wireless networks or alternatively use low cost wired access concentration equipment that either do not support port ID or do so in a proprietary format that Nomadix does not currently support and still be able to bill directly to the room Nomadix has certified interoperability with a variety of Property Management Systems Encore FCS Galaxy GEAC G...

Page 158: ...nn PMS OnQ System 21 Xeta Virtual XL For Micros Fidelio FIAS Nomadix also supports a serial Redirector Service which provides a means to send FIAS command messages through the NSE XML interface Nomadix offers the following standards based interfaces generally used to establish an interface to any of the PMS systems that are not proprietary HOBIC RSI HOBIC TSPS HOBIC 1BT2 HOBIC TEST HOBIC OSPS ...

Page 159: ...ire from the available list or choose the ASCII Serial Printer option when a serial printer is connected to the Access Gateway s serial port you can choose only one of the listed options If you choose HOBIC RSI you must select the Type of Access For Marriott you can either choose Marriott or you can choose a type of WFB interface Post Only Query and Post or Name and Room The pre paid option requir...

Page 160: ...ch Last Name Only Skip First Char in Last Name OnQ Compliant Enable this option if you want to use Nomadix Micros POS emulation to query post to Hilton Corporation s OnQ PMS system 4 In the Miscellaneous Settings group you may enable phonetic name matching for WFB FOSSE MICROS and MICROS Fidelio This feature uses Metaphone3 to perform phonetic name matching between data supplied by the subscriber ...

Page 161: ...ACCESS GATEWAY System Administration 149 ...

Page 162: ...perty Management Systems do not allow you to enter characters you must enter these service descriptions as a numeric value only no characters or delimiters PMS solutions such as Galaxy require this option to be enabled to work with Nomadix Micros POS emulation in wireless hospitality networks Some PMS systems send selection records as lastname padded with white space ascii 0x20 on the right follow...

Page 163: ...on Port Location allows you to establish the mode of operation for devices If the phone number field required by the PMS is shorter than 15 characters only the first required number of characters will be supplied Based on the HOBIC interface standards Nomadix Inc has also certified interoperability with a number of other PMS and call accounting solutions such as Ramesys ImagInn Xeta Virtual XL and...

Page 164: ...ACCESS GATEWAY 152 System Administration 1 From the Web Management Interface click on Configuration then Port Location The Port Location Settings screen appears ...

Page 165: ... Access Gateway Go to In Room Port Mapping on page 155 to map rooms from the subscriber side of the Access Gateway 4 Select No Port Location Mapping if you are not using Port based access 5 If you are using an access concentration device that cannot handle VLAN IDs select one of the available Access Concentrator Query options Tut Systems Expresso Lucent DSL Terminator Tut MDU Lite Systems RFC1493 ...

Page 166: ...er migration Enable box For cascading Tut and RFC1493 compliant systems click on the associated Cascading button The Cascading Support screen appears allowing you to enter the IP address and SNMP community for the primary and all cascading devices connected to the site For RFC1493 compliant systems you have the additional option of defining the Uplink port From the Cascading Support screen you can...

Page 167: ...For example http 219 57 108 103 1111 usg roommapping The Enter Network Password prompt appears Access Gateway multiple VLAN tagged systems can use the same tags and be placed on different Subscriber ports Although it is technically possible to place two different VLAN tagged switches one on each Subscriber side that have the same VLAN tags designated this configuration can cause problems To avoid ...

Page 168: ...access mode you want to assign to this room Room Free Access Room For Charge Room Blocked 6 Click on the Submit button to save your changes 7 Repeat Steps 4 through 6 for each room see note If you leave your browser open the cookie that is placed on your system will allow you to go from room to room during the mapping process However if you close your browser the cookie is deleted and you will nee...

Page 169: ...ed packets with 802 1p priority bits already set it will pass the priority values through unaltered In Internal mode classification and resultant bit marking is performed via QoS policies that are defined within the NSE The two modes can also be used in combination 1 From the Web Management Interface click on Configuration then QoS The QoS Settings screen appears 2 Enable QoS Mode if you want to u...

Page 170: ... of Service for the rule and then click Add Rule Once added rules will be displayed in the list above Defining the RADIUS Client Settings RADIUS Client The Access Gateway supports Remote Authentication Dial In User Service RADIUS RADIUS is an authentication and accounting system used by many Internet Service Providers Nomadix offers an integrated RADIUS client allowing service providers to track o...

Page 171: ...nd logs their activity including bytes transferred connect time etc The Access Gateway s RADIUS implementation also handles vendor specific attributes VSAs required by WISPs that want to enable more advanced services and billing schemes such as a per device per month connectivity fee All subscribers attempting to gain access to the network are validated by RADIUS ...

Page 172: ...rom the Web Management Interface click on Configuration then RADIUS Client The RADIUS Client Settings screen appears 2 Under the Server Selection and Communication options choose the Default RADIUS Mode Disabled to disable RADIUS authentication Realm Based for Realm routing Fixed for routing to predefined RADIUS servers 3 Select the Default RADIUS Service Profile from the pull down menu 4 Enter a ...

Page 173: ...fier field 5 To send the NAS IP address with your account request click on the check box for Send NAS IP 6 To send a NAS port type with your account request click on the check box for Send NAS Port type then define the NAS port in the NAS Port Type field 7 To send the Framed IP address with your account request click on the check box for Send Framed IP 8 To enable Radius termination action enhance...

Page 174: ...required check the box for Enable Byte Count Reset On Account Start to reset the transmitted and received byte count for a subscriber once an accounting start is sent This function prevents counting Walled Garden traffic if the billing plan is using bytes sent received as a charge criterion 11 If required check the box for Enable RADIUS Subnet Attribute if you want to allocate a specific subnet to...

Page 175: ... idle time to count idle time in the session time of Radius accounting packets 16 Enable RADIUS QoS Policies to assign a QoS policy to a user in their Radius Profile 17 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state Defining the RADIUS Proxy Settings RADIUS Proxy A RADIUS Proxy allows the NSE to relay authent...

Page 176: ...e RADIUS Proxy Services as required by clicking on the appropriate check box 3 If you enabled RADIUS Proxy Services you must provide the Authentication Server Port and the Accounting Server Port references 4 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state See Adding an Upstream RADIUS NAS ...

Page 177: ...secret key in the Authentication Secret Key field During the authentication process the server and client exchange secret keys The secret keys must match for communication between the server and the client to continue The secret key is a valuable and necessary security measure 5 Enter a secret key in the Accounting Secret Key field 6 Select the Default RADIUS Service Profile from the pull down men...

Page 178: ...will be passed on to the Upstream NAS when enabled Enforce IP Upsell VSA The Radius VSA for Ip Upsell will be passed on to the Upstream NAS when enabled Enforce Subnet VSA The Radius VSA for Subnet will be passed on to the Upstream NAS when enabled Enforce QoS Policy VSA The Radius VSA for QoS Policy will be passed on to the Upstream NAS when enabled See also Defining Automatic Configuration Setti...

Page 179: ... to see configured RADIUS service profiles and Realm Routing Policies this will take you to the Realm Based Routing Settings screen See also Defining the Realm Based Routing Settings Realm Based Routing on page 167 Defining the Realm Based Routing Settings Realm Based Routing Use this procedure when setting up RADIUS Service Profiles up to 10 and Realm based Routing Policies up to 50 For additiona...

Page 180: ...hese RADIUS servers will return the L2TP tunnel parameters which the NSE will use to establish an L2TP tunnel Create a RADIUS service profile to a RADIUS server that will handle Prefix based users This is to handle users that will login with a username in the format type of ISP username In this case the delimiter is and what appears before it ISP is the realm name Create a RADIUS service profile f...

Page 181: ...ired by clicking on the Enable RADIUS Authentication Service check box 2 If you enabled the RADIUS Authentication Service enter the primary RADIUS authentication server IP address in the Primary IP field This field can also be populated by a DNS name to allow for changing the DNS resolution instead of having to change settings in the NSE when the IP of the Radius server changes 3 Enter the authori...

Page 182: ...when communicating accounting records 4 Enter a secret key in the Secret Key field for the primary RADIUS accounting server 5 Repeat Steps 1 through 4 for the secondary RADIUS accounting server if used Retransmission Options This category requires you to define the data retransmission method failover or round robin the retransmission frequency and how many retransmissions the system should attempt...

Page 183: ...icies can reference the same RADIUS service or tunnel profile This policy references a RADIUS service profile so a realm match will result in an access request being sent to the RADIUS server s specified in the RADIUS service profile In this case the RADIUS service profile RadiusPrefix is referenced and so the RADIUS server s defined therein will receive RADIUS access requests Notice that the chec...

Page 184: ...ake this entry the active entry click on the Entry Active check box 3 To define a specific realm choose the Specific Realm option and enter the destination in the Realm Name field Alternatively you can choose the Wildcard match option then define your search options Prefix match only Suffix match only Match either 4 Select the required RADIUS Service Profile from the pull down menu 5 Click on the ...

Page 185: ...ACCESS GATEWAY System Administration 173 ...

Page 186: ...hat are of the format username tcisp com Since this policy references a tunnel profile no RADIUS access requests will be sent to any RADIUS server In this case the NSE will use the L2TP tunnel parameters specified in the tunnel profile to establish a tunnel and pass the username password input to the tunnel server Again as before the username passed to the tunnel server will have realm information...

Page 187: ...nce realm information will be used by the NSE s L2TP tunnel feature to determine how to handle usernames that contain realm information The screen below shows an example of setting the routing mode to handle realm based usernames The Realm Routing Policy you just created is added to the list That covers the main steps for configuring an NSE to support L2TP tunneling Your new RADIUS Service Profile...

Page 188: ...ox for SMTP Redirection Misconfigured to enable this feature for misconfigured subscribers 3 Click on the check box for SMTP Redirection Properly Configured to enable this feature for properly configured subscribers If you enable SMTP redirection you must provide the IP address of the SMTP server 4 In the SMTP Server IP DNS field enter the address of the SMTP server you want to use 5 For SMTP serv...

Page 189: ...ulates network management over the Internet To do this you must set up the SNMP communities and identifiers For more information about SNMP see Using an SNMP Manager on page 81 1 From the Web Management Interface click on Configuration then SNMP The SNMP Settings screen appears 2 Click on the check box for SNMP Daemon to enable this functionality If you want to use SNMP you must manually turn on S...

Page 190: ... changes 5 Click on the Submit button to save your changes and reboot the system or click on the Reset button if you want to reset all the values to their previous state You can now use your SNMP client to manage the Access Gateway via the Internet Enabling Dynamic Multiple Subnet Support Subnets Nomadix dynamic multiple subnet support allows you to create flexible and cost effective IP pool solut...

Page 191: ...een appears 2 Click on the Add button to add a new public subnet The Add Public Subnets screen appears 3 Enter a valid IP address for this subnet in the Subnet field 4 Enter the subnet mask for this subnet in the Subnet Mask field 5 Click on the Back to Main Subnet Configuration Page link to return to the previous screen Public Subnets Settings ...

Page 192: ...tion settings To view the summary listing go to the Web Management Interface click on Configuration then click on Summary To edit the Current Public DHCP Subnets table go to Managing the DHCP service options DHCP on page 112 For additional information about the multiple subnet feature go to Contact Information on page 365 for Nomadix Technical Support ...

Page 193: ...System Administration 181 The Summary of Configuration Settings screen appears partial screen shown here Setting the System Date and Time Time This procedure shows you how to set the system date and time More listings ...

Page 194: ...ware time or select External Time Server if you want to use NTP instead of the internal clock of the NSE If you select Internal Time enter the new date and time parameters in the relevant fields if required Year Month 1 12 Day 1 31 Hour 0 23 Minute 0 59 After entering new data for the final parameter minutes the system writes the information into its BIOS then displays the new date and time ...

Page 195: ... RADIUS servers for example if the RADIUS server is setup for a time zone that is different from the Access Gateway 4 When finished click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state Setting up Traffic Descriptors Traffic Descriptors are a dependency of creating rules for a Quality of Service Policy The Traffic D...

Page 196: ...tor Select a condition type from the Add Condition menu and define the matching parameters Once added conditions will be displayed in the condition list 6 Select Remove to remove a condition from this descriptor 7 Select Add Descriptor to accept the parameters and conditions defined and add the descriptor to the descriptor list on the main page Setting Up URL Filtering URL Filtering The Access Gat...

Page 197: ...ss Settings screen appears 2 If you want to enable this feature click on the check box for URL Filtering 3 Click on the Submit button to save your setting 4 If URL Filtering is enabled you can add or remove up to 300 addresses in the IP DNS Name field After entering the address you want to add simply click on the Add button the address will be added to the displayed list Add or remove addresses as...

Page 198: ...igration significantly expands this capability via the following means It allows the creation of multiple zones which are then constituted by groupings of multiple port locations These groupings can be made up of any combination of desired ports port values do not have to be sequential in order to be grouped within a given zone The re login requirement can then be configured so that subscribers ca...

Page 199: ...ace Port Locations This is where the port configuration for the zone is entered The data must be entered as a string between 1 and 128 characters in length The string must contain either an individual numeric value 211 a comma separated list of numeric values 211 212 a range of numeric values with dash separated delimiters 211 899 a list of ranges of numeric values 211 300 301 899 or a comma separ...

Page 200: ...Operations Center and the edge device early VPN protocols such as PPTP have been widely discredited as a secure tunneling method As part of Nomadix commitment to provide outstanding carrier class network management capabilities to its family of public access gateways we offer secure management through the NSE s standards driven peer to peer IPSec tunneling with strong data encryption Establishing ...

Page 201: ...nagement traffic either originating at the NOC or from the edge device through the IPSec tunnel Alternatively AAA data such as RADIUS Authentication and Accounting traffic can be sent through the IPSec tunnel See also Defining Automatic Configuration Settings Auto Configuration on page 95 This procedure allows system administrators to establish the peer to peer IPSec connection Basic IPSec paramet...

Page 202: ...ardware MAC address ARP is limited to a single physical network that supports hardware broadcasting To view the ARP Table go to the Web Management Interface click on Network Info then click on ARP The ARP Table screen appears Displaying DAT Sessions DAT Dynamic Address Translation DAT allows all users to obtain network access regardless of their computer s network settings To view the DAT Session ...

Page 203: ...gured This table includes the assigned host names their corresponding IP addresses and any aliases that may be assigned to each host Hosts provide services to other computers that are linked to it by a network To view the Host Table go to the Web Management Interface click on Network Info then click on Hosts The Host Table screen appears Deleting DAT sessions will cause all misconfigured subscribe...

Page 204: ...hich details the current status of each ICMP transmission element To view the ICMP Statistics go to the Web Management Interface click on Network Info then click on ICMP The ICMP Statistics screen appears Displaying the Network Interfaces Interfaces You can display the network interfaces which are presented as a detailed listing of all interface communication elements and their current status To v...

Page 205: ...ACCESS GATEWAY System Administration 193 The Network Interfaces screen appears ...

Page 206: ... may be configured for both the Monitoring Interval default is 60 seconds and for three different methods as required by the network The default method Automatic will generate a random DNS query to each configured DNS server Receiving an Error back from the server s verifies full network connectivity Host Probing Ping A Host or IP address can be pinged to verify connectivity via ICMP response Host...

Page 207: ...iled listing of all IP elements and their current status With IP transmissions data is broken up into packets which are then sent over the network By using IP addressing Internet Protocol ensures that the data reaches its destination even though different packets may pass through different networks to get to the same location To view the IP Statistics go to the Web Management Interface click on Ne...

Page 208: ... the current IPSec Tunnel Status go to the Web Management Interface click on Network Info then click on IPSec Viewing NAT IP Address Usage NAT IP Usage To view the current NAT IP Address Usage go to the Web Management Interface click on Network Info then click on NAT IP Usage The NAT IP Usage summary screen appears ...

Page 209: ...es including any dynamically generated routes unreachable routes or wildcard routes To view the Routing Tables go to the Web Management Interface click on Network Info Routing NSE releases 8 2 and later or System Routing See Displaying the Routing Tables Routing for additional information for NSE releases 8 2 and later ...

Page 210: ...g In NSE releases 8 2 and later routing tables are available at System Routing The Routing Tables screen appears You will make all routing configuration additions and deletions from this screen This screen includes Active Routing Table which provides routing configuration details and the ability to delete routes ...

Page 211: ...ce and modification Add a New Static or Persistent Route Displaying the Active IP Connections Sockets You can display a table which provides a detailed listing of all currently active IP Internet Protocol connections To view the Socket Table go to the Web Management Interface click on Network Info then click on Sockets ...

Page 212: ... Table Static Port Mapping You can display a table which provides a detailed listing of the currently active static port mapping scheme To view the Static Port Mapping Table go to the Web Management Interface click on Network Info then click on Static Port Mapping The Static Port Mapping Table screen appears ...

Page 213: ...smission Control Protocol statistics which are presented as a detailed listing of all TCP elements and their current status TCP is a standard protocol that manages data transmissions across networks To view the TCP Statistics go to the Web Management Interface click on Network Info then click on TCP ...

Page 214: ...ou can display the UDP User Datagram Protocol statistics which are presented as a detailed listing of all UDP elements and their current status UDP is an Internet standard transport layer protocol It is a connectionless protocol which adds a level of reliability and multiplexing to the Internet Protocol IP ...

Page 215: ... L2TP Tunneling and the billing plans available on each port can now be individually configured This ability allows for having different billing methods and billing plans on different ports of the NSE A practical application of this feature is to have a normal hotel room with a plan A that is 9 99 for a day with PMS billing and have a meeting room with a plan of 14 99 an hour with Credit Card bill...

Page 216: ...in a hotel or apartment building a floor number wing or building There may even be multiple ports assigned to a single room or location The Access Gateway uses a port location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port Adding a Port Location Assignment Updating a Port Location Assignment ...

Page 217: ...then Add The Add Port Location Assignments screen appears 2 Enter a location identifier in the Location field Locations can be assigned as an alpha numeric or alpha numeric value unless a PMS interface is used see note 3 In the Port field enter the port the VLAN ID when using 802 1Q 2 way If you are using a PMS interface ensure that the Location field consists only of numbers no alpha characters o...

Page 218: ... enabled on this port Choose Enable PMS Billing if you want PMS based room billing to be enabled on this port Choose Enable Credit Card Billing if you want Credit Card based billing to be enabled on this port You can select any number of billing methods per port A specific billing plan can be assigned to a port or all the existing billing plans defined on the NSE can be enabled on the port Please ...

Page 219: ...currently assigned to the field To update a Port Location assignment simply update the fields with new values Deleting All Port Location Assignments Delete All This procedure shows you how to delete all port location assignments The Access Gateway displays a warning and prompts you to confirm this action before deleting all the port locations currently assigned in the system 1 From the Web Managem...

Page 220: ... Click on the Delete button to delete the specified port location assignment or click on the Reset button if you want to reset the location value to its blank state Deleting Port Location Assignments by Port Delete by Port This procedure shows you how to delete a port location assignment based on its port The Access Gateway prompts you to confirm this action before deleting the requested port loca...

Page 221: ... Location Assignments Export This procedure shows you how to export your current port location assignments to the location txt file The location txt file is stored in flash location txt resident in the Access Gateway s flash memory 1 From the Web Management Interface click on Port Location then Export The Export Port Location Assignments screen appears 2 Click on the Export button to export port l...

Page 222: ...f the assignment you want to find 3 Click on the Show button to view the specified port location assignment or click on the Reset button if you want to reset the description value to its blank state The requested port location is displayed Finding Port Location Assignments by Location Find by Location This procedure shows you how to find a port location assignment based on its location This proced...

Page 223: ...ue to its blank state The requested port location is displayed Finding Port Location Assignments by Port Find by Port This procedure shows you how to find a port location assignment based on its port This procedure is useful if you want to review the details of a specific port location You can also find port locations based on their description or location The system ignores the case upper or lowe...

Page 224: ...ort screen appears 2 In the Enter Port field enter the port you want to find 3 Click on the Show button to view the Process Port Location Assignments screen or click on the Reset button if you want to reset the port value to its blank state From this screen you can add update or delete port location assignments The port is the VLAN ID when using 802 1Q 2 way ...

Page 225: ...n to import port location assignments from the flash location txt file Viewing the location txt File You can click on the View location txt link if you want to view the current contents of the file If you have never exported port location assignments since installing the Access Gateway at this site the location txt is empty See also Exporting Port Location Assignments Export on page 209 You can cr...

Page 226: ...RiverDelta subnet state description Location Locations are assigned as an alpha numeric or alpha numeric value unless a PMS interface is used in which case only numeric values can be used Port Any number between 1 and 65535 Modem MAC Address MAC address of the modem being used Subnet Subscriber s subnet address State Possible states are 0 no charge for using this port location 1 charge for use and...

Page 227: ...n If enabled subscribers on a same port location for example a conference room can communicate with each other without NSE intervention Subscribers can communicate with each other when on the same VLAN and the same IP subnet The NSE will not respond to any ARP requests from the subscriber for other subscribers or hosts that are on the same port location subnet To enable intra port communication 1 ...

Page 228: ...s Add This procedure shows you how to add subscriber profiles into a table of authorized users Three types of subscriber profiles are provided see the following sections for configuration information for the different profile types Adding a Subscriber Type Profile on page 217 Adding a Device Type Profile on page 219 Adding a Group Type Profile on page 220 ...

Page 229: ...ment Models on page 294 Configuring the Subscriber Management Models on page 295 Adding a Subscriber Type Profile 1 From the Web Management Interface click on Subscriber Administration then Add The Add a Subscriber Profile to the Database screen appears 2 Choose the Subscriber account type 3 Define the DHCP Address Type Public or Private only used when the IP Upsell feature is enabled otherwise le...

Page 230: ... for this subscriber in the Class field Enter these values in the format top level class subclass top level class and subclass separated by a period See Class Based Queueing on page 11 and Class Based Queueing on page 105 14 Select a policy from the QoS Policy menu See Setting up Quality of Service QoS on page 157 for more information 15 Enable Countdown after login if you want the timeout amount ...

Page 231: ...r Device feature 4 Set the 802 1Q Device Port if the device is connected to a specific VLAN 5 Enter a valid MAC Address for the device 6 Enter the IP Address of the device 7 Enter a valid Subnet address for this device 8 In the Username field enter a user name for this device 9 The next two fields User Definable 1 and User Definable 2 are optional Use these fields for simple notations about the de...

Page 232: ...us state Adding a Group Type Profile Several changes have been made to improve the NSE s handling of group account administration Group accounts can now be configured with a maximum user value which limits the number of subscribers that can be logged in through the account at any given time Group accounts can now be added via XML using the GROUP_ADD command The overall layout and behavior of the W...

Page 233: ... the IP Upsell feature is enabled otherwise leave this set to private 4 Enter a valid Subnet address for this subscriber 5 In the Username field enter a user name for this subscriber 6 If you assigned a user name you must now assign a Password 7 In the Expiration Time field define the duration in hours and minutes for the subscriber s authorized access time When the assigned time expires the subsc...

Page 234: ... traffic redirected by the global SMTP redirect configuration Click on the Add button to add this subscriber to the database or click on the Reset button if you want to reset all the values to their previous state Displaying Current Subscriber Connections Current You can display a listing of all the subscribers currently connected to the system The list includes the MAC addresses of the subscriber...

Page 235: ... Address Delete by MAC This procedure shows you how to delete a subscriber profile from the Access Gateway s database of authorized subscribers based on the profile s MAC address In the State field Valid denotes that the subscriber has been authenticated Pending indicates that the subscriber is still waiting for authentication To see a current listing of the subscriber database sorted by MAC addre...

Page 236: ... User This procedure shows you how to delete a subscriber profile from the Access Gateway s database of authorized subscribers based on the profile s user name 1 From the Web Management Interface click on Subscriber Administration then Delete by User The Delete a Subscriber Profile by User screen appears 2 In the Username field enter the user name of the profile you want to delete 3 Click on the D...

Page 237: ...Web Management Interface click on Subscriber Administration then click on DHCP Leases The Currently Allocated DHCP Leases screen appears You can Delete Expired Leases or Delete All Leases Deleting All Expired Subscriber Profiles Expired This procedure shows you how to delete all expired subscriber profiles from the Access Gateway s database of authorized subscribers Use this procedure when you wan...

Page 238: ...ers based on the profile s MAC address Use this procedure when you want to see the statistics corresponding to the MAC address Statistics include user name and password if any and the access time remaining for this subscriber 1 From the Web Management Interface click on Subscriber Administration then Find by MAC The Find a Subscriber Profile screen appears 2 In the Enter MAC Address field enter th...

Page 239: ...Management Interface click on Subscriber Administration then Find by User The Find a Subscriber Profile screen appears 2 In the Enter Username field enter the user name of the subscriber you want to find 3 Click on the Show button to view this subscriber profile or click on the Reset button if you want to reset the Username value to its blank state Listing Subscriber Profiles by MAC Address List b...

Page 240: ...play the currently active database of authorized subscribers based on user names To view the list of Authorized Subscriber Profiles go to the Web Management Interface click on Subscriber Administration then click on List by User 1 indicates a subscriber added by Admin or XML useradd with no associated plans Click on a link to view the associated subscriber ...

Page 241: ...TEWAY System Administration 229 The Authorized Subscriber Profiles screen appears 1 indicates a subscriber added by Admin or XML useradd with no associated plans Click on a link to view the associated subscriber ...

Page 242: ...ting messages or 320000 bytes when and if necessary the oldest records are purged to make room for new records If the logfile is disabled the current logfile is purged from the flash If this is re enabled again only RADIUS accounting message sent received from that point in time forward will be stored in the log Enable Syslogs checkbox If enabled then the same information described above is sent t...

Page 243: ... database Current Table and a numerical breakdown of how the subscribers can utilize the system for example free access credit card etc The total number of user profiles stored in the Access Gateway s internal database is also shown To view the Subscriber Statistics go to the Web Management Interface click on Subscriber Administration then click on Statistics The Subscriber Statistics screen appea...

Page 244: ...WS to allow users online on a time X over period Y basis Standard billing plans where time X period Y can be used concurrently with X over Y plans For example multiple plans with flexible billing event options can be rolled out such as Plan A 24 hours 256kbit s downstream 128Kbit s upstream public IP address 15 charge Plan B 8 hours to be used over 5 days 512Kbit s downstream 256Kbit s upstream pr...

Page 245: ...ACCESS GATEWAY System Administration 233 1 From the Web Management Interface click on Subscriber Interface then Billing Options The Internal Billing Options Setup screen appears ...

Page 246: ...nd X over Y plans that are currently active To view or edit a billing plan click the View Edit Delete button opposite the corresponding plan The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan and type you selected ...

Page 247: ... set up go to Setting Up a Normal Billing Plan on page 235 Setting Up an X over Y Billing Plan on page 237 Setting Up a Normal Billing Plan 1 If required click on the Enable check box to enable make active this billing plan 2 Define a label for this billing plan in the Label field Each plan must have a unique label different from other plans ...

Page 248: ...lass Based Queueing on page 11 and Class Based Queueing on page 105 9 Click on the Submit this Plan button to save your changes and establish this billing plan Alternatively you can click on the Delete this Plan button if you want to delete this plan or click on the Reset button if you want to reset all the values to their previous state 10 Click on the Back button at any time to return to the Int...

Page 249: ... state Setting Up an X over Y Billing Plan 1 If required click on the Enable check box to enable make active this billing plan 2 Define a label for this billing plan in the Label field 3 Enter a description for this billing plan in the Description of Service field 4 Enter the cost the plan in the Plan Cost field 5 Enter a duration value for this plan in the Plan Duration X field 6 Define the time ...

Page 250: ...mation and Control Console ICC Setup The Nomadix ICC is a HTML pop up window that is presented to subscribers allowing them to select their bandwidth and billing plan options quickly and efficiently and displays a dynamic time field to inform them of the time remaining on their account The ICC also offers service providers an opportunity to display advertising banners and provide a choice of redir...

Page 251: ...e opportunity to display the elapsed count down time and one logo for intra session service branding This procedure allows you to set up how the ICC is displayed to subscribers For more information about the ICC go to Information and Control Console ICC on page 296 Logout Console Featured ICC ...

Page 252: ...ACCESS GATEWAY 240 System Administration 1 From the Web Management Interface click on Subscriber Interface then ICC Setup The ICC Setup screen appears ...

Page 253: ...ber s screen Choose one of the following options Upper Left Corner Upper Right Corner Lower Left Corner Lower Right Corner 6 Define how you want to display the subscriber session time Elapsed Time how much time has elapsed since the start of the session Time Remaining how much time is remaining for the session 7 You must now decide what you want the ICC to do if the subscriber closes it Choose one...

Page 254: ...ve image file you want to use for the button When assigning images for buttons refer to Pixel Sizes on page 244 When you have completed assigning all your redirect buttons click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state You can now assign the banners that you want to display to subscribers If you assign or cha...

Page 255: ...meters that buttons use see Assigning Buttons on page 241 with the addition of 3 three more These are Duration Defines how long the banner is displayed in the ICC Start Time This is an optional parameter that you set if you want to assign a start time for when the banner is displayed Stop Time This is an optional parameter that you set if you want to assign a stop time for when the displayed banne...

Page 256: ...k on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state 5 To return to the previous screen click on the Configure ICC link Pixel Sizes Use the following parameters when defining images for buttons and banners Banners 373 pixels width x 32 pixels height ISP Button 98 pixels width x 26 pixels height Small buttons 45 pixels ...

Page 257: ... Support The Access Gateway allows you to define the text displayed to your users by the Internal Web Server IWS without any HTML or ASP knowledge The language you select here will determine the language encoding that the Access Gateway s Internal Web Server instructs the browser to use The available language options are English Chinese Big 5 French German Small Buttons 45 x 26 pixels ISP Button 9...

Page 258: ...ote 1 From the Web Management Interface click on Subscriber Interface then Language Support The Language Support screen appears If running NSE releases 8 2 and later you can also change the language of the Web Management Interface See Selecting the language of the Web Management Interface on page 80 ...

Page 259: ... you want to have the ICC pre translated into Japanese and enter and display Japanese characters on the Web Management Interface and the subscriber s portal page choose the Japanese Shift_JIS option If you want to have the ICC displayed in English but enter and display Japanese characters on the Web Management Interface and the subscriber s portal page choose the Other option then choose one of th...

Page 260: ...oot 4 The pages can now be served by referencing the URL http nseip 1111 web filename or at https nseip 1112 web filename for preauthenticated end users 5 The post authentication pages and images are available at http nseip 3111 web filename These settings are available under Subscriber Interface Local Web Server menu Web Page File Name This text box lets you add or remove the names of the web pag...

Page 261: ...d to server to the end users Note The name of the image file has to be added in order for it to be served to the end users Uploading the image file to the web directory is not sufficient Defining the Subscriber s Login UI Login UI This procedure allows you to set up the presentation and content of the subscriber s login User Interface UI ...

Page 262: ...ace click on Subscriber Interface then Login UI The Subscriber Login User Interface Settings screen appears 2 Define the messages you want subscribers to see when they log in Keep messages brief and to the point Available message categories include Service Selection Message ...

Page 263: ...enabled the Remember Me option define the duration in days in the Remember for how many days field 6 If required define a Help Hyperlink Message and a corresponding Help Hyperlink URL 7 Define the location in the Locale field 8 Define the currency labeling for example in the Currency field 9 Enter a numeric value for the Number of decimals for amount This field defines the number of decimal places...

Page 264: ...ber Login Screen Sample on page 253 12 If you made changes to the Image File Name or Partner Image File Name fields you must reboot the Access Gateway for your changes to take effect In this case click on the check box for Reboot after changes are saved 13 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state You mu...

Page 265: ...e Page can be defined either as a RADIUS VSA or be driven by the Access Gateway s Internal Web Server IWS Using the IWS option means that this functionality is available for other post paid billing mechanisms for example post paid PMS if your product license supports PMS The IWS page displays the details of the user s connection such as IP address of the user Type of AAA Start Stop time Bytes sent...

Page 266: ...ACCESS GATEWAY 254 System Administration Freely configurable hypertext link in case the ISP wants to link the user back to a sign up help page Sample of Post Session UI Goodbye Page ...

Page 267: ...ACCESS GATEWAY System Administration 255 1 From the Web Management Interface click on Subscriber Interface then Post Session UI The Subscriber Post Session User Interface Settings screen appears ...

Page 268: ...link in the Hyper Text Link URL field 5 Define the following Field Label Definitions for your Goodbye Page Session Summary IP Address Authen Type Start Time Stop Time Byte Sent Byte Received Go To 6 Click on the Submit button to save your changes Alternatively you can click on the Reset button to reset all values to their previous state or click on the Revert button to revert all values to their d...

Page 269: ... 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field values to their default state click on the Revert button Defining Subscriber UI Labels Subscriber Labels This procedure allows you to define how the user interface UI field labels are displayed to subscribers Only the Login butto...

Page 270: ...Page Field Label Definitions screen appears 2 Enter the definitions you want for each label in the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field values to their default state click on the Revert button ...

Page 271: ...terface click on Subscriber Interface then Subscriber Errors 1 of 2 The Subscriber Page Error Message Definitions 1 of 2 screen appears 2 Enter the definitions you want for each error message in the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state There are 2 two pages of error messages a...

Page 272: ...ACCESS GATEWAY 260 System Administration If you want to reset all field values to their default state click on the Revert button 4 Repeat Steps 1 3 for page 2 of 2 see following screen ...

Page 273: ...procedure allows you to define how other subscriber messages are displayed 1 From the Web Management Interface click on Subscriber Interface then Subscriber Messages 1 of 3 The Subscriber Page Other Message Definitions 1 of 3 screen appears There are 3 three pages of subscriber messages available ...

Page 274: ...the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field values to their default state click on the Revert button 4 Repeat Steps 1 3 for page 2 of 3 see following screen ...

Page 275: ...ACCESS GATEWAY System Administration 263 5 Repeat Steps 1 3 for page 3 of 3 see following screen ...

Page 276: ...operations to a single screen See Adding and Deleting ARP Table Entries 1 From the Web Management Interface click on System then ARP Add The Add ARP Table Entries screen appears 1 Enter the IP Address of the entry you are adding 2 Enter the MAC Address of the entry you are adding 3 Define whether this entry is Static Will only last until the next reboot Persistent Will be written to the current tx...

Page 277: ...vel physical hardware MAC address ARP is limited to a single physical network that supports hardware broadcasting This procedure shows you how to delete an ARP table entry 1 From the Web Management Interface click on System then ARP Delete The Delete ARP Table Entries screen appears 2 Enter the IP address of the entry you want to delete 3 Click on the Delete button to delete this entry or click on...

Page 278: ...ill periodically refresh its ARP cache entry for the gateway IP When gateway redundancy is implemented via the use of multiple gateway devices with the same IP address the periodic refresh enables the NSE to quickly discover the new MAC address of the gateway You can set the refresh frequency on the Location page The frequency must be between 30 and 600 seconds 600 seconds is half of the ARP cache...

Page 279: ...he Access Gateway network interface The packets are unmodified and can be forwarded in both directions This is a very useful feature when troubleshooting your entire network as it allows administrators to effectively remove the Access Gateway from the network without physically disconnecting the unit You can still manage the Access Gateway when Bridge Mode is enabled but you have no other function...

Page 280: ...ur changes or click on the Reset button if you want to reset the Enable option to its previous state Exporting Configuration Settings to the Archive File Export This procedure shows you how to export the current system authentication settings to an archive file for future retrieval This function is useful if you want to change the configuration settings and you are unsure of the effect that the ch...

Page 281: ...t authentication settings to the archive txt file Importing the Factory Defaults Factory This procedure shows you how to replace the current authentication settings with the settings that were established at the factory You will need to reboot the system for some of the imported default settings to take effect Click here to view the archive txt file Click here to view the current txt file ...

Page 282: ...Fail Over Many large scale networks require fail over support for all devices in the public access network The Fail Over Options feature allows two Nomadix Gateways to act as siblings where one device will take up the users should the other device become disconnected from the network As part of this functionality the settings except IP addresses between the two devices will be synchronized automat...

Page 283: ...the Secondary will wait while not receiving messages from the Primary before it takes over 7 Click on the check box for Reboot after changes are saved 8 Click on the Submit button to save your changes or click on the Reset button to reset all values to their previous state Viewing the History Log History You can view a history log of the system s Access Reboot and Uptime activities The history log...

Page 284: ...story log fields include Message Administrator Operator action Login User name of the Administrator Operator IP Source IP address see note Establishing ICMP Blocking Parameters ICMP The Access Gateway includes the option to block all ICMP traffic from pending or non authenticated users that are destined to addresses other than those defined in the pass through The source IP displayed may be the so...

Page 285: ...feature as required 3 You can Ping a host via the network port by entering either an IP address or DNS name of host This is the site that you want the ping to be sent to from the NSE 4 Click on the Submit button to save your changes or click on the Reset button to reset all values to their previous state Importing Configuration Settings from the Archive File Import This procedure shows you how to ...

Page 286: ...evels to differentiate between managers and operators where managers are permitted read write access and operators are restricted to read access only Once the logins have been assigned managers have the ability to perform all write commands Submit Reset Reboot Add Delete etc but operators cannot change any system settings Administrative Concurrency may be enabled to further restrict the amount of ...

Page 287: ... allowed SSH Shell Access SSL Only managers can assign a username and password for the remote RADIUS testing login option 1 From the Web Management Interface click on System then Login The Login Name and Password screen appears 2 Click on the check box for Administration Concurrency if you want to assign concurrent Manager and Operator logins ...

Page 288: ...radius htm and can be accessed from the network side of the Access Gateway You must open a separate browser to utilize this feature The Framed IP field is configurable by the user and can be set to any IP address 7 Click on the check box for Radius Authentication Enable to enable the Centralized Authentication mechanism If chosen the system will first try to authenticate against the local database...

Page 289: ...es to their previous state Defining the MAC Filtering Options MAC Filtering MAC Address filtering enhances Nomadix access control technology by allowing System Administrators to block malicious users based on their MAC address Up to 600 MAC addresses can be blocked at any one time see caution For RADIUS logins the maximum number of characters for usernames is 96 The maximum number of characters fo...

Page 290: ...e this address from the list For advanced security see also Establishing Session Rate Limiting Session Limit on page 282 Utilizing Packet Capturing Packet Capture The Packet Capture feature provides NSE administrators with an on system utility to capture network traffic on each of the NSE network interfaces The captured network traffic will be accessible for FTP download and viewing on a remote ho...

Page 291: ... The button label will change to Stop indicating that a capture is in progress Click the button again to stop the capture 3 When a capture has been stopped the captured traffic can be viewed by clicking the Download link for the given interface 4 To modify capture settings click the Show button for the desired interface This will display the parameters that can be adjusted Filtering expressions mu...

Page 292: ...to configure static routes and pick the WAN interface for a specific destination network The display provides information on network routes and their system connections You can also add or delete routes from this screen To use this feature WAN Load Balancing must be enabled See Load Balancing on page 131 The reboot procedure outlined on this page allows you to decide when to reboot if you are maki...

Page 293: ...outing The Routing Tables screen appears You can view the routes associated with each physical NSE port by clicking on the tab for the port In the screen shot above only the WAN port is in use Adding a Route 1 On the Routing Tables screen scroll to Add a New Static or Persistent Route ...

Page 294: ... or click on the Reset button if you want to reset all the values to their previous state Deleting a Route To deleted a route click the Delete link in the routing table The route is immediately deleted Establishing Session Rate Limiting Session Limit Session Rate Limiting SRL significantly reduces the risk of Denial of Service attacks by allowing administrators to limit the number of DAT sessions ...

Page 295: ...rds packets received on a specific port to a particular static IP typically private and mis configured and port number on the subscriber side of the Access Gateway The advantage for the network administrator is that free private IP addresses can be used to manage devices such as Access Points on the subscriber side of the Access Gateway without setting them up with public IP addresses This procedu...

Page 296: ...button to add this static port or click on the Reset button to reset all values to their previous state For more information about Static Port Mapping see also Displaying the Static Port Mapping Table Static Port Mapping on page 200 Deleting Static Ports Static Port Mapping Delete on page 284 Deleting Static Ports Static Port Mapping Delete Static Port Mapping allows the network administrator to s...

Page 297: ... to delete 3 Click on the Delete button to delete the static port or click on the Reset button to reset your changes to their previous state For more information about Static Port Mapping see also Displaying the Static Port Mapping Table Static Port Mapping on page 200 Adding Static Ports Static Port Mapping Add on page 283 Blocking a Subscriber Interface Subscriber Interfaces The Access Gateway a...

Page 298: ...Wired Subscriber Interfaces 3 Click on the Submit button to save your changes or click on the Reset button to reset all values to their previous state Updating the Access Gateway Firmware Upgrade Upgrading the Access Gateway firmware is performed from the Access Gateway s Command Line Interface CLI only Refer to the Firmware Upgrade Procedure separate document available from Nomadix Technical Supp...

Page 299: ...ly records the subscriber s Media Access Control MAC address and integrates this address with a PMS interface for secure billing Like a router the Access Gateway continuously tracks subscriber IP and MAC settings eliminating the need for further sign ins and ensuring that subscriber usage and billing is recorded accurately The Access Gateway also eliminates configuration issues between the subscri...

Page 300: ...se the subscriber is required to pay Naturally subscribers expect to pay only for the services rendered to them In any environment billing is a complex process It requires accurate data collection and reconciliation a means to validate and protect the data and an efficient method for collecting payments The Access Gateway offers powerful billing support functionality called Authentication Authoriz...

Page 301: ...and deny service to those guests who have not paid Allowing the solution provider to bill subscribers for services rendered either directly on their hotel bill in the hotel scenario via a mailed invoice or directly to the subscriber s credit card account The following illustration shows the functional relationship between the Access Gateway s internal modules and the external support systems Launc...

Page 302: ...p subscribers on a local flash database By looking up subscribers on a remote database The Authentication module can support user name and MAC address authentication simultaneously Subscriber Login Subscriber Management Accounting Billing Authentication Internal User Database MAC Internal Web Server on flash for login pages External Web Server for login portal pages Internal Web Management Interfa...

Page 303: ...ining the time purchased Interaction with a Property Management System PMS and Web interfaces enabling administrators to edit the subscriber s input Only subscribers that are correctly identified and authenticated are authorized to access the system Once authorized the subscriber s activity is logged and billed through the Access Gateway s Accounting module The Accounting module fully supports the...

Page 304: ...n Provider s Portal Page Internal or External Web Server AG detects connection and verifies user against authorization table Lease time has expired Purchase more time Yes No Internet and local online services Reject Bill for goods and services and credit provider s bank account Accept PMS System Online purchases Browsing Login Page Billing Mirror Server Specify lease time required and choose a use...

Page 305: ...erver Either method is transparent to the subscriber however the advantage of using the internal Web server is obvious no login redirection tasks and a faster response time for the subscriber Language Support The Access Gateway s subscriber interface supports many Asian and European languages including English Chinese French German Japanese and Spanish Home Page Redirection The Access Gateway can ...

Page 306: ...address The Access Gateway can be configured to allow access for specified MAC addresses In this model when a subscriber attempts to access the Internet the Access Gateway validates the subscriber s MAC address against a MAC authorization table If the MAC address is verified the Access Gateway authorizes access to the Internet A possible scenario for using this model is to allow Internet access to...

Page 307: ...e user name and password are optional the MAC address will be substituted but in this event the service is not transferable between computers Credit card Enable the AAA services You have the choice of enabling the Access Gateway s internal authorization module or using an external credit card authorization server Internal Authorization Enabled Enter the credit card server s URL and IP address then...

Page 308: ...of redirection options For information about configuring the ICC refer to Defining Languages Language Support on page 245 ICC Pop Up Window The ICC displays a HTML based applet in the form of a pop up window from which subscribers can dynamically control their billing options and bandwidth and which allows service providers to display advertising banners and redirect their subscribers to predeterm...

Page 309: ...ws System Administrators to define a simple HTML based pop up window for explicit logout that can be used as an alternative to the more fully featured ICC The pop up Logout Console can display the elapsed count down time and one logo for intra session service branding Logout Console ...

Page 310: ...ACCESS GATEWAY 298 The Subscriber Interface ...

Page 311: ...OG parameters Network Info Menu Displays the Network Info menu The items in this menu are used to monitor and review network connections routings protocols and network session statistics Port Location Menu Displays the Port Location menu Items in this menu let you find add remove and update the Port Location Assignments for example VLAN tags Subscriber Administration Menu Displays the Subscriber A...

Page 312: ...lnet Web Management and FTP sources Auto Configuration Provides an effortless and rapid method for configuring devices for fast network roll outs Bandwidth Management Manages the bandwidth for subscribers defined in Kbps Kilobits per seconds for both upstream and downstream data transmissions Bill Record Mirroring Configures the Nomadix Access Gateway to send copies of billing records to external ...

Page 313: ...mat MAC address hex alpha case and RADIUS service profile Passthrough Addresses Establishes IP pass through addresses up to 300 PMS Enables one of the listed PMS options or allows you to disable the PMS feature Port Location Establishes the Access Concentrator settings RADIUS Client This procedure sets up the RADIUS client RADIUS Proxy Establishes RADIUS proxies where different realms can be set u...

Page 314: ...Dynamically adds or removes up to 300 specific IP addresses and domain names to be filtered for each property User Agent Filtering User agent Filtering is a capability that can filter software that is acting on behalf of a user such as browsers Zone Migration The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network e...

Page 315: ...tatistics for the interfaces IP Displays the IP performance statistics IPSEC IPsec is an end to end security scheme operating in the Internet Layer of the Internet Protocol Suite It can be used in protecting data flows between a pair of hosts host to host between a pair of security gateways network to network or between a security gateway and a host network to host Can be used in the transport lay...

Page 316: ...ctive static port mapping scheme TCP Displays the TCP performance statistics UDP Displays the UDP performance statistics Items Description Add Adds or updates port location assignments Delete All Deletes all port location assignments Use this command with caution Delete by Location Deletes port location assignments based on a specified location Delete by Port Deletes port location assignments base...

Page 317: ...S GATEWAY Quick Reference Guide 305 Import Imports specified port location assignments from the location txt file List Displays the port location file listing all port location assignments Items Description ...

Page 318: ...ber profile based on a specified user name List by MAC Displays a list of authorized subscriber profiles sorted by MAC address List by User Displays a list of authorized subscriber profiles sorted by user name RADIUS Session History These logs record RADIUS proxy accounting messages sent or received by the RADIUS proxy Statistics Displays the current subscriber profile statistics for example how m...

Page 319: ... the subscriber s user interface field labels are displayed Subscriber Errors 1 of 2 Defines how error messages are displayed to subscribers page 1 of 2 Subscriber Errors 2 of 2 Defines how error messages are displayed to subscribers page 2 of 2 Subscriber Messages 1 of 3 Defines how other general messages are displayed to subscribers page 1 of 3 Subscriber Messages 2 of 3 Defines how other genera...

Page 320: ... of the system s activity including Access Reboot and Uptime ICMP Sets up ICMP blocking for traffic from pending or non authenticated users that are destined to addresses other than those defined in the pass through walled garden list Import Imports previously exported system configuration settings from an archive file Login Sets up the login name and password Mac Filtering Blocks malicious users ...

Page 321: ...ARP table entry ARP Delete Deletes an ARP table entry Bridge Mode Enables the Bridge Mode option Export Exports the system s configuration settings to an archive file Factory Imports the factory default settings FailOver Sets up a sibling Nomadix Gateway allowing one device to take up the users should the other device become disconnected from the network History Displays a history log of the syste...

Page 322: ...ion Limit Limits the number sessions any one user can take over a given time period and if necessary then blocks malicious users Static Port Mapping Add Sets up static port mapping schemes Static Port Mapping Delete Deletes static port mapping schemes Subscriber Interfaces Blocks subscriber interfaces Syslog Displays syslog history System Utilization Displays system utilization information Upgrade...

Page 323: ...ts up a sibling Nomadix Gateway System Find by Description Find port location assignments by description Port Location Find by Location Find port location assignments by location Port Location Find by MAC Find a subscriber profile by MAC address Subscriber Admin Find by Port Find port location assignments by port Port Location Find by User Find a subscriber profile by user name Subscriber Admin Hi...

Page 324: ...g scheme System Statistics Display the subscriber profile statistics Subscriber Admin Subnets Enable dynamic multiple subnet support Configuration Subscriber Buttons Define how control buttons are displayed to subscribers Subscriber I face Subscriber Interfaces Blocks subscriber interfaces System Subscriber Labels Define how field labels are displayed Subscriber I face Subscriber Errors Define how...

Page 325: ...n firmware version AG3100 MAC address is unique for each product MAC address is unique for each product Network Interface IP Subscriber IP Subnet Mask Default Gateway IP DHCP Client Admin IP 10 0 0 10 10 0 0 11 255 255 255 0 10 0 0 1 Enabled 172 30 30 172 Domain Host Name Primary DNS Secondary DNS Tertiary DNS nomadix AG3100 0 0 0 2 0 0 0 0 0 0 0 0 DHCP Relay External DHCP Server IP DHCP Relay Age...

Page 326: ...nal Authorization New Subscribers Credit Card Service Parameter Passing Usernames XML Disabled Enabled Enabled Enabled Disabled Enabled Disabled DNS Redirection SMTP Redirection SMTP Server IP Enabled Disabled 0 0 0 0 SNMP SNMP Get Community SNMP Set Community SNMP Trap IP Disabled public private 0 0 0 0 System Administration Login User Name System Administration Password admin admin Function Defa...

Page 327: ...ty Fail Over PERFORMANCE User Support Up to 50 users concurrently Throughput up to 20Mbits s As defined by RFC1242 Section 3 17 PHYSICAL 1U rack space in a 19 rack 10 00 L x 10 00 D x 1 73 H 254mm L x 254mm D x 44mm H Weight 5 0 lbs Weight 2 27 Kg OPERATING VOLTAGE 100 240 VAC 50 60Hz Auto Sensing POWER CONSUMPTION 44 watts ...

Page 328: ...d 1950 CSA22 2 No 950 INTERFACES 3 x 10 100 Mbps Ethernet RJ 45 1 x DB9 serial for serial management and PMS interface LED INDICATORS ACT LINK and 10 100 for each Ethernet port Power NETWORK MANAGEMENT Multi Level Administration Controls Integrated VPN Client IPSec for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port SNMPv2c Secure XML API Auto ...

Page 329: ...MANCE 200 concurrent users or devices Throughput up to 230 Mbps as defined by RFC 1242 Section 3 17 PLATFORM Intel based System INTERFACE 1 RJ 45 WAN 3 RJ 45 ETH 1 12VDC Power Connector 1 RJ 45 Console 1 DB 9 Serial Connector 2 USB Connectors 1 Reset 1 Power Button POWER REQUIREMENTS Type Watts 12VDC 5A 60W Power Adapter Input AC 100 240V 50 60 HZ 6A ...

Page 330: ...ada CE Emissions CB Scheme CE Safety CONCURRENT USERS 200 devices ACCESS CONTROL AND AUTHENTICATION Tri Modal Authentication Authentication and Accounting AAA Walled Garden Group Accounts Universal Access Method over SSL IEEE 802 1x Smart Client Support Boingo IPass MAC Authentication Remember Me Log in ADVANCED SECURITY iNAT IPSec Support PPTP Support Session Rate Limiting SRL User Agent Filterin...

Page 331: ...NT Web Management Interface WMI Command Line Interface CLI Integrated VPN Client for Management Radius Driven Configuration Multi Level Admin Support Centralized Radius Authentication SMTP Redirection Access Control Bridge Mode SNMPv2c Syslog AAALog MEDIA ACCESS CONTROL CSMA CA PORTS 10 100 1000 Base T Ethernet RJ 45 UTP WAN5 10 10 100 1000 Base T Ethernet RJ 45 UTP LAN RJ 45 port for Serial Acces...

Page 332: ...ed Routing Zone Migration SERVICE PROVISIONING Home Page Redirect HTTP Redirect HTTPS Redirect Portal Page Redirect Session Termination Redirect Information and Control console Pop up explicit logout button International Language Support External Web Server Mode Internal Web Server Mode Secure XML API over SSL Login Page Failover USER TRUE PLUG AND PLAY Dynamic Address Translation AG2400 Specifica...

Page 333: ...y Management Interface PMS PERFORMANCE User Support Up to 200 users concurrently Throughput up to 85Mbits s As defined by RFC1242 Section 3 17 PHYSICAL 1U rack space in a 19 rack 10 00 L x 10 00 D x 1 73 H 254mm L x 254mm D x 44mm H Weight 5 0 lbs Weight 2 27 Kg OPERATING VOLTAGE 100 240 VAC 50 60Hz Auto Sensing POWER CONSUMPTION 44 watts ...

Page 334: ...d 1950 CSA22 2 No 950 INTERFACES 3 x 10 100 Mbps Ethernet RJ 45 1 x DB9 serial for serial management and PMS interface LED INDICATORS ACT LINK and 10 100 for each Ethernet port Power NETWORK MANAGEMENT Multi Level Administration Controls Integrated VPN Client IPSec for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port SNMPv2c Secure XML API Auto ...

Page 335: ... Management Interface PMS PERFORMANCE User Support Up to 2000 users concurrently Throughput up to 100Mbits s As defined by RFC1242 Section 3 17 PHYSICAL 1U rack space in a 19 rack 16 85 L x 10 04 W x 1 73 H 428mm L x 255mm W x 44mm H Weight 6 61 lbs Weight 3 00Kg OPERATING VOLTAGE 100 240 VAC 50 60Hz Auto Sensing POWER CONSUMPTION 64 watts ...

Page 336: ...N 61000 3 2 2000 CENELEC EN 61000 3 3 1995 A1 2001 UL Std 1950 CSA22 2 No 950 INTERFACES 3 x 10 100 Mbps Ethernet RJ 45 1 x DB9 serial for serial management and PMS interface LED INDICATORS ACT LINK and 10 100 for each Ethernet port Power NETWORK MANAGEMENT Multi Level Administration Controls Integrated VPN Client IPSec for secure connection to an NOC Access Control Lists Web Administration UI CLI...

Page 337: ... AVAILABLE NSE MODULES High Availability Fail Over Hospitality Module Property Management Interface PMS PERFORMANCE User Support Up to 2000 users concurrently Throughput up to 750Mbits s As defined by RFC1242 Section 3 18 PHYSICAL 1U rack space in a 19 rack 17 24 L x 11 53 W x 1 73 H 438mm L x 292 0mm W x 44mm H Weight 8 8 lbs Weight 4 00 Kg AG5500 Specifications ...

Page 338: ...E EN 55022 2006 A1 2007 EN 55024 1998 A1 2001 A2 2003 IEC 61000 4 2 1995 A1 1998 A2 2000 IEC 61000 4 3 2006 IEC 61000 4 4 2004 IEC 61000 4 5 2005 IEC 61000 4 6 2007 IEC 61000 4 8 1993 A1 2000 IEC 61000 4 11 2004 EN 61000 3 3 1995 A1 2001 A2 2005 Low Voltage Directive European Council Directive 2006 95 EC IEC 60950 1 2005 2nd Edition EN60950 1 2006 A11 2009 INTERFACES 2 x 10 100 1000 Mbps GigE RJ 4...

Page 339: ...stration Controls Integrated VPN Client IPSec for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port SNMPv2c Secure XML API Auto Configuration and Upgrades Syslog AAA log NETWORKING IEEE 802 3 3u 3ab IEEE 802 1d DHCP Server DHCP Relay RADIUS Client MD 5 PAP CHAP MS CHAPv1 v2 AG5600 Specifications ...

Page 340: ...ortal Page Redirect Session Termination Redirect Information and Control console Pop up Explicit Logout Button International Language Support External Web Server Mode Internal Web Server Mode Secure XML API over SSL Login Page Failover BILLING PLAN ENABLEMENT RADIUS Client RADIUS AAA Proxy Port Based Policies Port Mapping Local Database Credit Card Interface PMS Advanced XML Interface Bill Mirrori...

Page 341: ...n ADVANCED SECURITY iNAT IPSec Support PPTP Support Session Rate Limiting SRL User Agent Filtering Mac Address Filtering URL Filtering ICMP Blocking Proxy ARP for device to device communication POLICY BASED TRAFFIC SHAPING Bandwidth Management QoS Tagging Group Bandwidth Management IP ADDRESS MANAGEMENT IEEE 802 3 3u 3ab IEEE 802 1d DHCP Server DHCP Relay Multiple Subnet Support IP UPsell DHCP Cli...

Page 342: ...tion Access Control Bridge Mode SNMPv2c Syslog AAALog MEDIA ACCESS CONTROL CSMA CA PORTS 10 100 1000 Base T Ethernet RJ 45 UTP WAN 5 10 100 1000 Base T Ethernet RJ 45 UTP LAN Front access RJ 45 port for serial System Console DB9 serial port Property Management Interface POWER 100 240 VAC 50 60Hz 220 watts ENVIRONMENT Operating temperature 0 C to 40 C Storage temperature 20 C to 70 C Operating humi...

Page 343: ... 61000 4 6 2008 IEC 61000 4 8 2009 IEC 6100 4 11 2004 Australian Standard AZ NZS CISPR 22 2009 Class A CB Scheme PHYSICAL 1U rack space in a 19 rack 17 L x 12 W x 1 75 H 431mm L x 305 0mm W x 44 4mm H Weight 10 2 lbs Weight 4 6 Kg LED INDICATORS Power Indicator Status Indicator ACT LINK and 10 100 1000 for each Ethernet port PERFORMANCE User Support Up to 4000 users or devices concurrently Through...

Page 344: ...10 5A 61 40 FF 12 hrs 0 min Mar 31 18 21 53 nomad237 nomadix com INFO AAA 4106 AAA_lookup Added_in_memory_ta ble_ pending 00 00 0E 32 2 C BC Mar 31 18 43 54 nomad237 nomadix com INFO AAA 4208 AAA_Authentication Unsuccessful_Error 00 60 08 B4 20 6A Mar 31 21 34 21 nomad237 nomadix com INFO AAA 4007 AAA_Interface Added_by_administrat or 00 00 0 12 34 56 20 hrs 34 min Mar 31 21 35 15 nomad237 nomadix...

Page 345: ...ded_by_administrator Subscriber profile was manually added to the authorization table AAA_Interface Updated_by_administrator Subscriber profile was updated AAA_Interface Removed_by_administrator Subscriber profile was manually removed from the authorization table Message Definition 2003 02 10 11 25 53 Local2 Info 1 2 3 4 INFO Access Gateway v51 4 126 DHCP ndxDHCPInit 0021 DHCP initialized 2003 02 ...

Page 346: ...ACCESS GATEWAY 334 Quick Reference Guide Sample History Log A history log is generated by the Access Gateway which includes the system s activity Access Reboot and Uptime More listings ...

Page 347: ...data and place it on the clipboard Ctrl X Copy selected data to the clipboard Ctrl C Paste data from the clipboard into a document at the insertion point Ctrl V Copy the active window to the clipboard Alt Print Screen Copy the entire desktop image to the clipboard Print Screen Abort an action at any time Esc Go back to the previous screen b Access the Help screen Item Setting Bits per second 9600 ...

Page 348: ... granted and if so with what privileges When a subscriber attempts to access the service provider s network the Access Gateway delivers a Web page to the subscriber asking for a login name and password This information password is encrypted and sent across the network to the ISP s RADIUS server The RADIUS server decrypts the information and compares it against its list of valid users If the subscr...

Page 349: ...escriptions Nomadix Vendor Specific Attributes Authentication Request Username Password Service Type NAS Port port number NAS Identifier Framed IP Address NAS IP Address NAS Port Type Acct Session ID Log Off URL EAP Packet used for 802 1x Message Authenticator used for 802 1x State used tested for 802 1x Called Station ID Calling Station ID Authentication Reply Accept Reply Message Reject Message ...

Page 350: ...own Nomadix URL Redirection Nomadix IP Upsell Nomadix MaxBytesUp Nomadix MaxBytesDown Nomadix Net VLAN Nomadix Session Terminate End Of Day Nomadix Subnet Nomadix Expiration Accounting Request Username Acct Status Type Start Stop Update Acct Session ID Acct Output Octets Acct Input Octets Acct Output Packets Acct Input Packets Class Nomadix VSAs Nomadix Subnet Nomadix URL Redirection Nomadix IP Up...

Page 351: ...Gateway will set the subscriber expiration time to 0 which means access forever Log Off URL Allows for the placement of a log off URL for example 1 1 1 1 on an external portal page Idle Timeout The WMI allows the setting of a default timeout If the Radius server does not send an Idle Timeout in the Radius Access Accept the Access Gateway will use the default one to disconnect subscribers 0 means f...

Page 352: ... sent The precision is 2 minutes The Access Gateway will not send Interim messages more frequently than every 2 minutes Called Station ID This is the Media Access Control MAC address of the Access Gateway Calling Station ID This is the Media Access Control MAC address of the client s computer New Attributes in Acct Request The Access Gateway has to send the following attributes in an Accounting St...

Page 353: ...cess Gateway has the IP Upsell feature enabled Nomadix Volume Based Session Timeout This attribute allows you to terminate a session once a specified data volume has been reached Nomadix Session Terminate End Of Day This attribute allows business policies to terminate the session at midnight of every day Nomadix Subnet This attribute allows you to allocate a specific subnet to a user Nomadix Expir...

Page 354: ...t are based on obtaining a key from VeriSign Please contact Nomadix Technical Support if you want to use a different Certificate Authority For Nomadix technical support go to Contact Information on page 365 Obtain a Private Key File cakey pem To create a Private Key File you must install OpenSSL on your Windows 9x or NT operating system on a PC with Internet access Requirements for Certificate Sig...

Page 355: ...n a PC The procedure starts from the Cygwin Net Release Setup Program screen Click on the Next button The following screen appears Click on the Next button to display the next setup screen The example in this document is based on downloading the software with Netscape 4 75 ...

Page 356: ... GATEWAY 344 Quick Reference Guide Click on the Next button to display the next setup screen Click on the Next button to display the next setup screen Click on the Next button to display the next setup screen ...

Page 357: ...s please skip all packages except cygwin and openssl then click on the Next when you are done For the purposes of this document Nomadix used ftp planetmirror com At the time of this writing there are more than 70 packages to install Please ensure that you skip all of them except the two packages mentioned above ...

Page 358: ... inform you that the installation process is completed At the pop up dialog click on the OK button Private Key Generation Create a directory from Root and put 5 random files a dat b dat c dat d dat and e dat see note into the C cygwin bin directory or the directory where you installed openssl exe These random files can be any file type such as Word Excel etc Change the files to dat files shown abo...

Page 359: ...command prompt from Windows then click on the OK button Go to the c cygwin bin directory and run the following command openssl genrsa rand file1 file2 file3 file4 file5 1024 cakey pem The following table provides an explanation of the command elements ...

Page 360: ...TP to the Access Gateway openssl openssl command genrsa A parameter for openssl to generate an RSA key Rand A parameter for openssl to generate a random number from the files list file1 file2 file5 These five large random files are residing on the workstation large compressed log files recommended by VeriSign These files are entered in the key generation command as file1 file2 file3 file4 file5 Ou...

Page 361: ... Quick Reference Guide 349 Here is the output of cakey pem Create a Certificate Signing Request CSR File Run the following command to generate the certificate signing request openssl req new key cakey pem server csr ...

Page 362: ...in Name in the Web Management Interface of the Access Gateway refer to the Access Gateway setup information later in this document Here is the output of server csr Create a Public Key File server pem VeriSign Purchasing Process The signing process varies by Certificate Authority Generally you will need to send a Certificate Signing Request to the Certificate Authority CA and the CA will create a p...

Page 363: ...Y Quick Reference Guide 351 This is the procedure to get a 40 bit encryption or 128 bit Public Key from VeriSign With IE or Netscape go to www verisign com products site index html Select Buy for Secure Site Service ...

Page 364: ...is in the server csr created in the previous step Open server csr and copy and paste all data into the edit box Select the purchase method and summit the required contact information When you receive an email from VeriSign with Secure Server ID Global Server ID if you create a 128 bit key that contains the Public Key information cut and paste the key to paste it into a new file named server pem So...

Page 365: ...ure Login FTP the cakey pem and server pem files into the Access Gateway platform s flash directory FTP to the Access Gateway by Netscape ftp username password Access Gateway Network IP flash Drag and drop the cakey pem and server pem files into the directory Changing Settings in the WMI To change settings in the Web Management Interface WMI go to Configuration Menu on page 82 ...

Page 366: ...ar logins secure logins or both When subscribers enter the Portal Page they can then choose either a regular login or a secure login To setup the Portal Page add the following For Regular Logins http Access Gateway_ip 1111 usg login OS http after_login_finished_page html For Secure Logins https Certificate_DNS_Name 1112 usg login OS http after_login_finished_page html ...

Page 367: ...document describes the process used by the Access Gateway for mirroring billing records and is organized into the following sections Sending Billing Records on page 355 XML Interface on page 356 Establishing Billing Records Mirroring Bill Record Mirroring on page 103 Sending Billing Records When there is a message billing record in the message queue the system wakes up and performs the following t...

Page 368: ...mat Access Gateway to External Server USG RMTLOG_COMMAND ADD_REC REC_NUM max 4 characters REC_NUM USG_ID max 6 characters USG_ID PROPERTY_ID max 64 characters PROPERTY_ID DATE max 10 characters DATE TIME max 8 characters TIME ROOM_NUM max 20 characters ROOM_NUM AMOUNT max 10 characters AMOUNT TRANS_TYPE max 5 characters TRANS_TYPE USG Format for each field REC_NUM 00923 numbers only no alpha chara...

Page 369: ...t The XML string is a command sent by the External Server to the Access Gateway product In this case the acknowledgement received from the External Server forms the command The Access Gateway expects the acknowledgement in the following format External Server to Access Gateway USG COMMAND RMTLOG_ACK ACK_VALUE RESULT_VALUE ACK_VALUE IP_ADDR Server IP IP_ADDR ERROR_CODE ERROR_CODE ERROR_CODE USG ...

Page 370: ...VALUE IP_ADDR 11 22 33 44 IP_ADDR ERROR_CODE 5 ERROR_CODE USG Format for each Field RESULT_VALUE OK or ERROR IP Standard IP format 123 123 123 123 ERROR_CODE1 for OK or any other number For more information about Billing Records Mirroring see also Billing Records Mirroring on page 10 Establishing Billing Records Mirroring Bill Record Mirroring on page 103 Please contact Nomadix Technical Support f...

Page 371: ...vice the Access Gateway requires careful handling It should be positioned in a dust free and temperature controlled environment Never block the unit s ventilation holes and do not stack with other equipment unless correctly mounted in a rack If you suspect the unit is overheating check that the internal cooling fan is operating correctly The fan should run freely and silently at all times The powe...

Page 372: ...nge settings or the message is generated by the system when it fails to locate the data it needs Error loading factory settings The system cannot find the default configuration file when attempting to restore the factory settings Error occurred ARP entry not added The IP or MAC address is invalid Ensure that you input the correct format for these fields NFS client support not included This message...

Page 373: ...ces are available to subscribers This message is displayed because you have disabled both the external DHCP relay and the system s DHCP service To make DHCP available to subscribers at least one of these functions must be enabled x is ambiguous The system has more than one option it can display You must provide additional characters to narrow the system s choices down to just one xxx is invalid en...

Page 374: ...P server If necessary test the communication with the ping command The DHCP relay is enabled with the correct IP address for the external DHCP server but the DHCP server is misconfigured Check the external DHCP server settings for example is it configured to a routable class of IP addresses Are there enough IP address specified If you specified a subnet is it correct If you suspect the subnet try ...

Page 375: ...nto the Access Gateway incorrectly Re enter the correct URL The server that hosts the home page is down or the service provider if different from the host is not able to route to your page Check that the server is operational and that the home page can be accessed through your service provider if different DNS is misconfigured in the Access Gateway Check the DNS settings host domain and the primar...

Page 376: ...This page intentionally left blank ACCESS GATEWAY 364 Troubleshooting ...

Page 377: ...twork documentation to verify that the network components are functioning correctly If you cannot resolve the problem with your documentation resources try visiting our corporate Web site We may have new information posted here that addresses your issues If you are still having problems our friendly and experienced technical support team is always ready to assist you Contact Information You can co...

Page 378: ...This page intentionally left blank ACCESS GATEWAY 366 ...

Page 379: ...802 1Q An IEEE standard for providing a virtual LAN capability within a campus network 802 1Q establishes a standard format for frame tagging Layer 2 VLAN markings enabling the creation of VLANs that use equipment from multiple vendors 10 100 Ethernet See Ethernet AAA Authentication Authorization and Accounting A combination of commands used by Nomadix Gateways to authenticate authorize and subseq...

Page 380: ...f a fixed size 53 bytes each The cell used with ATM is relatively small compared to units used with older technologies The small constant cell size allows ATM equipment to transmit video audio and computer data over the same network and assures that no single type of data monopolizes the line ATM can offer multi gigabit bandwidth See also Bandwidth and Packet Bandwidth The maximum speed at which d...

Page 381: ...available for reassignment to another device See also Dynamic IP Address IP Address Static IP Address and TCP IP DNS Domain Name System A system that maps meaningful domain names with complex numeric IP addresses See also Domain Name and IP Address Domain Name A unique and meaningful name representing each addressable computing device on a dynamic network for example the Internet Some devices have...

Page 382: ...sfer rates of 10 Mbps The Ethernet specification served as the basis for the IEEE 802 3 standard which specifies the physical and lower software layers Ethernet is one of the most widely implemented LAN standards A newer version of Ethernet called 100Base T or Fast Ethernet supports data transfer rates of 100 Mbps The latest version Gigabit Ethernet supports data rates of 1 Gigabit 1 000 Mbps per ...

Page 383: ... FTP File Transfer Protocol A standard protocol used for copying and moving files quickly efficiently and securely across public and private networks An FTP site is one where files are available for downloading and uploading FTP sites usually require a secure login name and password to gain access Gateway Any device that provides a seamless connection between otherwise incompatible systems Gopher ...

Page 384: ...ructure mode wireless devices can communicate with each other or can communicate with a wired network When one AP is connected to a wired network and a set of wireless stations it is referred to as a Basic Service Set BSS An Extended Service Set ESS is a set of two or more BSSs that form a single subnetwork Most corporate wireless LANs operate in infrastructure mode because they require access to ...

Page 385: ... between nodes Also referred to as WLAN See also Node LDAP Lightweight Directory Access Protocol Directories containing information such as names phone numbers and addresses are often stored on a variety of incompatible systems LDAP provides a simple protocol that allows you to access and search these disparate directories over the Internet LDAP is commonly used for online billing applications MAC...

Page 386: ...am on a computer NTP sends periodic time requests to servers obtaining server time stamps and using them to adjust the client s clock OFDM Orthogonal Frequency Division Multiplexing An FDM modulation technique for transmitting large amounts of digital data over a radio wave OFDM works by splitting the radio signal into multiple smaller sub signals that are then transmitted simultaneously at differ...

Page 387: ... a host and expects a response within a predetermined time This is useful when troubleshooting network transmission problems See also ICMP Portal A portal is a Web site The portal consists of a collection of links to the most popular Web services on the Internet Generally speaking a portal is a door to the Internet See also Internet PPP Point to Point Protocol PPP has superseded SLIP as the standa...

Page 388: ...sword This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system RFC Request for Comments A series of notes about the Internet started in 1969 when the Internet was the ARPANET An RFC note can be submitted by anyone Each RFC is designated by an RFC number Once published an RFC never changes Any modifications to an origina...

Page 389: ...fies a wireless network SSL Secure Sockets Layer A protocol developed by Netscape for transmitting private documents via the Internet SSL works by using a private key to encrypt data that is transferred over the SSL connection Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information such as credit card numbers See also Pr...

Page 390: ... to the login prompt of another host that you have access rights to See also Host Throughput The net data transfer rate between an information source and its destination using the maximum packet size without loss Throughput is expressed as Megabits per second Mbps defined by RFC1242 Section 3 17 See also Forwarding Rate Mbps Packet Packet Switching Network pps and RFC TLS Transport Layer Security ...

Page 391: ...s calculated into UTC UTC was devised on January 1 1972 and is coordinated in Paris by the International Bureau of Weights and Measures UTC like GMT is set at 0 degrees longitude on the prime meridian VoIP Voice over IP An emerging technology for transporting integrated digital voice video and data over IP networks A major advantage of VoIP and Internet telephony is that it avoids the tolls charge...

Page 392: ...PA Wi Fi Protected Access A Wi Fi standard that was designed to improve upon the security features of WEP The technology is designed to work with existing Wi Fi products that have been enabled with WEP as a software upgrade to existing hardware but the technology includes two improvements over WEP Improved data encryption through the temporal key integrity protocol TKIP TKIP scrambles the keys usi...

Reviews: