manualshive.com logo in svg

Nomadix Access Gateways, User Manual, Page: 135 / 330

Share
Download
Nomadix Access Gateways User Manual Download Page 135

A

CCESS

 G

ATEWAY

System Administration

123

The tunnel server in this case is configured to authenticate users via another RADIUS server 
that handles a single realm. Since it handles a single realm, no realm information is needed for 
users and so must be stripped. In this case, it is stripped by the NSE, but it could easily have 
been stripped by the tunnel server, or by the tunnel server’s RADIUS server. This is by design 
and for maximum flexibility.

Also note that the “Local hostname” field is blank which means that the NSE’s default local 
hostname of “usg_lac” will be used by the NSE. This allows for setting the local hostname to 
any desired value other than the default. The L2TP peers exchange their local hostnames 
during tunnel negotiation.

1.

To add a RADIUS Service Profile, click on the appropriate 

Add

 button on the 

Realm-

Based Routing Settings

 screen.

The 

Add Realm Routing Policy 

screen appears:

2.

To make this entry the “active” entry, click on the 

Entry Active

 check box.

3.

To define a specific realm, choose the 

Specific Realm

 option and enter the destination in 

the 

Realm Name

 field. Alternatively, you can choose the 

Wildcard match

 option, then 

define your search options:

Prefix match only

Suffix match only

Match either

4.

Select the required 

RADIUS Service Profile

 from the pull-down menu.

5.

Click on the 

Strip off routing information

 check box if you want to remove the routing 

information.

6.

Click on the 

Add

 button to add this Realm Routing Policy.

7.

When you have completed the definition of your Realm Routing Policy, you can return to 
the previous screen (Realm-Based Routing Settings) by clicking on the 

Back to Main 

Realm-Based Routing Settings page

 link.

The screen below shows a realm routing policy that handles prefix-based usernames using 
a RADIUS service profile. Notice that “Specific Realm” is clicked and the “Realm name” 
is “cisp”. Also notice that “Prefix match only” is clicked and that the delimiter is “/”. This 
means that this realm routing policy will match usernames that are of the format “cisp/
username”.

Summary of Contents for Access Gateways

Page 1: ......

Page 2: ...e Inc All Rights Reserved Livingston Enterprises Inc Copyright 1992 Livingston Enterprises Inc All Rights Reserved The Regents of the University of Michigan and Merit Network Inc Copyright 1992 1995 A...

Page 3: ...222791 ES1222791 SE1222791 CH1222791 SG88575 00815828 2 AU2006207853 US6 789 110 Japan 3880856 Korea 559357 SG88483 00815982 3 EU1234425 validated in BE1234425 FI1234425 FR1234425 DE60029819 1 GB12344...

Page 4: ...rische Bauteile AVISO Riesgo de shock el ctrico No abrir No hay piezas configurables dentro CAUTION Read the instruction manual prior to operation ATTENTION Lire le mode d emploi avant utilisation ACH...

Page 5: ...ACCESS GATEWAY...

Page 6: ...This page intentionally left blank ACCESS GATEWAY...

Page 7: ...p Service Branding 5 NSE Core Functionality 6 Access Control 7 Bandwidth Management 8 Billing Records Mirroring 8 Bridge Mode 8 Command Line Interface 9 Credit Card 9 Dynamic Address Translation 9 Dyn...

Page 8: ...Unpacking the Access Gateway 26 Installation Workflow 27 Powering Up the System 28 Logging In to the Command Line Interface 29 The Management Interfaces CLI and Web 31 Making Menu Selections and Input...

Page 9: ...ptions Home Page Redirect 79 Enabling Intelligent Address Translation iNAT 80 Defining IPSec Tunnel Settings IPSec 82 Establishing Your Location Location 88 Managing the Log Options Logging 91 Enablin...

Page 10: ...n Assignments by Port Find by Port 158 Importing Port Location Assignments Import 159 Displaying the Port Location Mappings List 161 Subscriber Administration Menu 161 Adding Subscriber Profiles Add 1...

Page 11: ...n 216 Defining the MAC Filtering Options Mac Filtering 219 Rebooting the System Reboot 220 Adding a Route Route Add 221 Deleting a Route Route Delete 222 Establishing Session Rate Limiting Session Lim...

Page 12: ...268 Accounting Request 269 Selected Detailed Descriptions 270 Nomadix Vendor Specific Attributes 271 Setting Up the SSL Feature 273 Prerequisites 273 Obtain a Private Key File cakey pem 273 Installin...

Page 13: ...s section provides an overview and sample scenario for the Access Gateway s subscriber interface It also includes an outline of the authorization and billing processes utilized by the system and the N...

Page 14: ...Licensing All Nomadix Access Gateway products are powered by our patented and patent pending suite of embedded software called the Nomadix Service Engine NSE The Access Gateway employs our NSE core s...

Page 15: ...service or as an amenity to augment the main line of business for your venue Contains an advanced XML interface for accepting and processing XML commands allowing the implementation of a variety of se...

Page 16: ...ployment of broadband network services Our patented Dynamic Address Translation DAT functionality offers a true plug and play solution by enabling a seamless and transparent experience and the tools t...

Page 17: ...companies such as Cisco Checkpoint Nortel and Microsoft Nomadix iNAT feature allows multiple tunnels to be established to the same VPN server creating a seamless connection for all users on the netwo...

Page 18: ...eatures needed to successfully deploy public access networks These core features solve issues of connectivity security billing and roaming in a Wi Fi public access network The NSE s core package of fe...

Page 19: ...he source IP address of administrator logins A login is permitted only if a match is made with the master list contained within the NSE If a match is not made the login is denied even if a correct log...

Page 20: ...rs that have been previously defined by system administrators The NSE assumes control of billing transmissions and the saving of billing records By effectively mirroring the billing data the NSE can s...

Page 21: ...f billing records to multiple sources See also Secure Socket Layer SSL on page 17 Billing Records Mirroring on page 8 Dynamic Address Translation Dynamic Address Translation DAT enables transparent br...

Page 22: ...g Web page content for the centrally hosted portal page If you choose to use the EWS interface Nomadix Technical Support can provide you with sample scripts See also Contact Information on page 297 Ho...

Page 23: ...utilization of costly public IP addresses If the protocol type can be supported without the use of a public IP for example HTTP FTP our proven Dynamic Address Translation functionality continues to b...

Page 24: ...page 11 Internal Web Server The NSE offers an embedded Internal Web Server IWS to deliver Web pages stored in flash memory These Web pages are configurable by the system administrator by selecting va...

Page 25: ...n with a public pool address the NSE associates their MAC address with their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a private...

Page 26: ...ndard protocol that assures accurate synchronization to the millisecond of computer clock times in a network of computers NTP synchronizes the client s clock to the U S Naval Observatory master clocks...

Page 27: ...erminated at the NOC Network Operations Center See also Secure Management on page 16 RADIUS Client Nomadix offers an integrated RADIUS Remote Authentication Dial In User Service client with the NSE al...

Page 28: ...swords This Remember Me functionality creates a more efficient and better user experience in wireless networks The RADIUS Re Authentication buffer has been expanded to 720 hours allowing an even more...

Page 29: ...g typical examples ICMP PING from NOC to edge devices Telnet Telnet from NOC to edge devices Web Management HTTP access from NOC to edge devices SNMP SNMP GET from NOC to subscriber side device for ex...

Page 30: ...logs out or the customer s account expires while online and the goodbye page is enabled In addition the NSE also provides pre and post authentication redirects as well as one at session termination S...

Page 31: ...ly company to simultaneously support port based authentication using IEEE 802 1x and authentication mechanisms used by Smart Clients MAC based authentication is also available See also Access Control...

Page 32: ...IP connection to select PMS interfaces PMS Integration By integrating with a hotel s PMS your NSE powered product can post charges for Internet access directly to a guest s hotel bill In this case th...

Page 33: ...k that can take over if the primary device fails ensuring Wi Fi service remains uninterrupted Network Architecture Sample The Access Gateway can be deployed effectively in a variety of wireless and wi...

Page 34: ...ystem called WebHelp which is accessible through the Web Management Interface when a remote Internet connection is established following a successful installation WebHelp can be viewed on any platform...

Page 35: ...ation about WebHelp and other online documentation resources go to Online Documentation and Help on page 35 Notes Cautions and Warnings The following formats are used throughout this User Guide Genera...

Page 36: ...ACCESS GATEWAY 24 Introduction...

Page 37: ...Interface on page 29 Establishing the Start Up Configuration on page 36 Logging Out and Powering Down the System on page 44 Connecting the Access Gateway to the Customer s Network on page 44 Establish...

Page 38: ...NM or DB9 female to RJ45 6ft length Null Modem NM 1 Cable CATS5 standard 7 ft length 1 Cable CATS5 crossover 7 ft length 1 Screw 10 32 X 1 2 PH with internal washer 4 Screw 4 40 5 16 flathead 100 deg...

Page 39: ...The AG will then prompt you to reboot the system Connect the AG to the customer s network Power up the AG and log in via a Telnet session or the Web Management Interface Set the basic configuration p...

Page 40: ...wer up the system 1 Place the Access Gateway on a flat and stable work surface 2 Connect the power cord 3 Connect the DB9 serial cable between the Access Gateway s serial port or front Access RJ45 por...

Page 41: ...HyperTerminal settings 2 When connected to the Access Gateway a login prompt appears on your screen The default login user name is admin The password is admin Login names and passwords are case sensit...

Page 42: ...ACCESS GATEWAY 30 Installing the Access Gateway a license key from the Nomadix License Key Server you must accept the Nomadix End User License Agreement EULA...

Page 43: ...enu but you must enter su to access the Subscribers menu and sy to access the System menu because they both start with the letter s You may also do any of the following Enter b back or press Esc escap...

Page 44: ...y from the CLI you can then access the Access Gateway from its embedded Web Management Interface WMI The WMI is easier to use point and click and includes some items not found in the CLI You can use e...

Page 45: ...ACCESS GATEWAY Installing the Access Gateway 33 Note Your browser preferences or Internet options should be set to compare loaded pages with cached pages...

Page 46: ...essages subscriber other messages 72 Description of Service billing options Plan 140 Home Page URL 237 Host Name and Domain Name DNS settings 64 IP DNS Name passthrough addresses 237 Label billing opt...

Page 47: ...online documentation resources available from our corporate Web site www nomadix com include a full PDF version of this User Guide viewable with Acrobat Reader white papers technical notes and busines...

Page 48: ...ter and manage the Access Gateway securely Setting the SNMP Parameters optional The SNMP Simple Network Management Protocol parameters must be established before you can use an SNMP client for example...

Page 49: ...d operators where managers are permitted read write access and operators are restricted to read access only Once the logins have been assigned managers have the ability to perform all write commands S...

Page 50: ...2 1 Enter c configuration at the Access Gateway Menu The Configuration menu appears 2 Enter sn snmp 3 Enable the SNMP daemon as required The system displays any existing SNMP contact information and p...

Page 51: ...LOG protocol UDP is used to send all message logs generated by the Access Gateway to the specified server 1 Enter log logging at the Configuration menu The system displays the current logging status e...

Page 52: ...10 Enable disable System Log Save to file disabled enable Enable disable AAA Log disabled enable Enter AAA Log Number 0 7 0 2 Enter AAA Log Filter 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 N...

Page 53: ...able Enable Disable Port Reporting disabled enable Enable Disable Location Reporting disabled enable Enable Disable 500th Packet Count Reporting disabled enable System Log Enabled System Log Number 2...

Page 54: ...t now 3 When prompted enter the company s address line by line 6 lines 4 When prompted enter a valid email address for this company The system now displays the current network interface IP address the...

Page 55: ...the venu type that most reflects your location 1 Apartment 2 Bar Coffeeshot Restaurant 3 Convention Center 4 Corporate Guest Access 5 Education 6 Hospitality 7 Marina Camp Ground 8 Public Space 9 Pub...

Page 56: ...the System Use this procedure to log out and power down the Access Gateway 1 Enter l logout at the Access Gateway Menu Your serial session closes automatically 2 Turn off the Access Gateway and discon...

Page 57: ...ibers who are DHCP enabled The Access Gateway can relay the service through an external DHCP server or it can be configured to act as its own DHCP server Setting the DNS Options DNS Domain Name System...

Page 58: ...dress Translation DAT functionality DAT is automatically configured to facilitate plug and play access to subscribers who are misconfigured with static permanent IP addresses or subscribers that do no...

Page 59: ...e the following procedure to set the DNS configuration options 1 Enter c configuration at the Access Gateway Menu The Configuration menu appears 2 Enter dn dns at the Configuration menu The system dis...

Page 60: ...29 Enter Proxy DNS Port 1028 The system must be rebooted to function properly The DNS options have been established DNS will now convert subscriber browser URLs into the correct IP addresses automatic...

Page 61: ...cess Gateway s CLI or Web Management Interface under the Configuration menu snmp 3 All variables defined by Nomadix start with the following prefix iso org dod internet private enterprises nomadix 4 Y...

Page 62: ...ACCESS GATEWAY 50 Installing the Access Gateway...

Page 63: ...ly with any of the following interface options Using the Web Management Interface WMI Provides a powerful and flexible Web interface for network administrators Using an SNMP Manager Allows remote Wind...

Page 64: ...ically the same The only difference between the two interfaces is in the method used for making selections and applying your changes selections are checkable boxes and applying your changes is achieve...

Page 65: ...ws you to see and interact with the Access Gateway s Command Line Interface as if you were connected via the serial interface As with any remote connection the network interface IP address for the Acc...

Page 66: ...up the AAA Authentication Authorization and Accounting service options AAA Services are used by the Access Gateway to authenticate authorize and subsequently bill subscribers for their use of the cust...

Page 67: ...ACCESS GATEWAY System Administration 55 1 From the Web Management Interface click on Configuration then AAA The Authentication Authorization and Accounting Settings screen appears...

Page 68: ...ss 6 Enable or disable Print Billing Command as required This feature enables NSE to support Driverless Print servers If this feature is enabled you must enable the XML interface and enter the IP addr...

Page 69: ...to define a policy on a port The billing methods RADIUS Credit Card PMS L2TP Tunneling and the billing plans available on each port can now be individually configured This ability allows for having d...

Page 70: ...authorization mode you have the option of enabling or disabling the Usernames and New Subscribers features These features work in conjunction with each other to determine how new subscribers are hand...

Page 71: ...red refer to the table in Enabling AAA Services with the Internal Web Server on page 58 To enable SSL Support your Access Gateway s flash must include the server pem cakey pem and cacert pem certifica...

Page 72: ...You will need to open a merchant account with Authorize net Chainfusion or Datacenter Luxembourg before this feature can be used Please contact Nomadix Technical Support for assistance Refer to Conta...

Page 73: ...ur changes or click on the Reset button if you want to reset all the values to their previous state Enabling AAA Services with an External Web Server You are here because you want to enable the AAA Se...

Page 74: ...d by the NSE and EWS or IWS Portal Page to validate subscriber access This capability eliminates a vulnerability that was previously exploited to gain unauthorized Internet access at charge for use si...

Page 75: ...I and FTP SSH and SFTP and incorporates a master access control list that checks the source IP address of administrator logins A login is permitted only to the interfaces that have not been blocked an...

Page 76: ...ion If the required certificates are not resident on the flash an attempted https connection will generate an error syslog 1 From the Web Management Interface click on Configuration then Access Contro...

Page 77: ...re Web Management access from the subscriber side to the NSE WMI Default setting is enabled FTP Access enables disables blocking of FTP access from the subscriber side to the NSE Default setting is en...

Page 78: ...nge of IP addresses from the access control list you must now enter the ending IP address in the Access Control End IP field If you are removing a single IP address enter None in the Access Control En...

Page 79: ...firm Password 4 Click on the check box for Reboot after changes are saved to reboot the system when you submit your changes 5 Click on the Submit button to save your changes or click or the Reset butt...

Page 80: ...e performed either at a device pre staging center or by the field engineer 1 Establish a WAN connection and electronically accept the EULA 2 Setup RADIUS Server parameters go to Defining the Realm Bas...

Page 81: ...the Auto Configuration option and rebooting the device for example using SNMP See also Defining Automatic Configuration Settings Auto Configuration Setting Up Bandwidth Management Bandwidth Management...

Page 82: ...lick on the Reset button if you want to reset all the values to their previous state Establishing Billing Records Mirroring Bill Record Mirroring The Access Gateway can send copies of credit card tran...

Page 83: ...Management Interface click on Configuration then Bill Record Mirroring The Credit Card PMS Mirroring Settings screen appears 2 If you want to enable the billing records mirroring functionality for cre...

Page 84: ...s or click on the Reset button if you want to reset all the values to their previous state Managing the dhcp service options DHCP When a device connects to the network the DHCP server assigns it a dyn...

Page 85: ...s automatically configured to facilitate plug and play access to subscribers who are misconfigured with static permanent IP addresses or subscribers that do not have DHCP capability on their computers...

Page 86: ...x 7 If required enable the IP Upsell feature System administrators can set two different DHCP pools for the same physical LAN When DHCP subscribers select a service plan with a public pool address the...

Page 87: ...a valid DHCP Server IP address for the DHCP server 10 Enter the DHCP Server Netmask 11 Enter the starting and ending IP addresses for the DHCP address pool you want to use DHCP Pool Start IP DHCP Poo...

Page 88: ...Gateway can issue IP addresses to any DHCP enabled subscriber who enters the network Managing the DNS Options DNS DNS allows subscribers to enter meaningful URLs into their browsers instead of complic...

Page 89: ...reboot the system or click on the Reset button if you want to reset all the values to their previous state Managing the Dynamic DNS Options Dynamic DNS Use the following procedure to set the Dynamic...

Page 90: ...name field DDNS mapping is configured on the DynDNS org account Enter the user name for the DDNS server account in the Username field Enter the password name for the DDNS server account in the Passwor...

Page 91: ...ox for Reboot after changes are saved to reboot the system after saving your changes 8 Click Submit to save your changes and reboot the system or click Reset to reset all the values to their previous...

Page 92: ...easily 5 In the Redirection Frequency field specify the frequency in minutes for home page redirection This is the interval at which the subscriber is redirected to the solution provider s home page a...

Page 93: ...r disabling the following VPN protocols PPTP PPTP CALL ID IPSEC SIP 4 Click on the Submit button to save your options Use the iNAT Start and iNAT End fields to enter an IP address or range of IP addre...

Page 94: ...n IPSec The IPSec Tunnel Settings screen appears 2 Check the Enable IPsec checkbox to enable IPsec Note that you will have to reboot for IPsec to take effect 3 Click Submit to save the setting To add...

Page 95: ...table The IPSec Tunnel Peer Settings screen opens 2 Enter the IP address of the peer in the Tunnel Peer field 3 In the Peer Authentication Method section select one of the two peer authentication meth...

Page 96: ...Tunnel Settings screen 6 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel Settings screen Modifying an Existing IPSec Tunnel Peer 1 Click on the IPSec tunnel pe...

Page 97: ...uld like to add a security policy from the Tunnel peer IP address menu You must select a peer if the policy is using ESP or AH if the policy is a Discard or Bypass policy select none 3 In the Traffic...

Page 98: ...sk and the IP address of network interface for this policy The Local IP Subnet is the IP address of the local network secured by the IPSec tunnel The address can specify a host The Subnet Mask is the...

Page 99: ...the maximum life size in kbytes in the Maximum Lifesize field Enable the automatic renewal option by putting a check in the Automatic renewal checkbox The default setting is enabled 8 Click Add to add...

Page 100: ...sets up your location and the corresponding IP addresses for the network interface subscriber interface subnet and default gateway You must provide your full location information 1 From the Web Manage...

Page 101: ...ag number Subscribers traffic check the box Enable WAN 802 1Q header for Subscribers Traffic and if necessary enter the tag number Changing these settings could result in loss of connectivity Changing...

Page 102: ...Maximum Missed Responses allowed This is the number of echo requests that can be allowed to go without a response before the NSE determines that the PPP link is down This parameter can only set to wh...

Page 103: ...aving your changes 11 Click on the Submit button to save your changes and reboot the system or click on the Reset button if you want to reset all the values to their previous state Managing the Log Op...

Page 104: ...ACCESS GATEWAY 92 System Administration 1 From the Web Management Interface click on Configuration then Logging The Log Settings screen appears...

Page 105: ...flash directory of the NSE This setting abides by the other settings set for the syslogs like filters number and enable disable It is not required to input a server IP address if you intend to only s...

Page 106: ...58 2007 testlab S 192 168 2 4 3444 D 66 163 175 128 80 X 67 130 149 4 5004 non proxy 00 90 27 78 81 00 RADIUS IPASS 0U0000 INFO Access Gateway v2 4 113 LI OUT THU JUN 23 11 44 01 2007 testlab S 192 1...

Page 107: ...nter the subscriber tracking log number in the Subscriber Tracking Log Number field This is the syslog number to identify this syslog to your Server 3 Enter the IP address of the Syslog server that is...

Page 108: ...on to save your changes or click on the Reset button if you want to reset all the values to their previous state When logging is enabled log files and error messages are sent to these servers for futu...

Page 109: ...for MAC based Authentication purposes 7 Click Submit to save the settings or Reset to return the settings to the previous state Assigning Passthrough Addresses Passthrough Addresses The Access Gatewa...

Page 110: ...ce PMS The Access Gateway can be integrated with existing Property Management Systems For example by integrating with a hotel s PMS the Access Gateway can post charges for Internet access directly to...

Page 111: ...functionality allows hotels to seamlessly deploy wireless networks or alternatively use low cost wired access concentration equipment that either do not support port ID or do so in a proprietary forma...

Page 112: ...IP and Query Post interface MSI NH Hotels Protocol Technologies Ramesys ImagInn PMS OnQ System 21 Xeta Virtual XL Nomadix offers the following standards based interfaces generally used to establish a...

Page 113: ...ACCESS GATEWAY System Administration 101 1 From the Web Management Interface click on Configuration then PMS The Property Management System Settings screen appears...

Page 114: ...r Name and Room If you choose Micros Fidelio Post Only with TCP IP you must provide the Target IP Address and the Target Port Number If you choose Micros 1700 2000 3700 4700 8700 emulation you must pr...

Page 115: ...vious state PMS solutions such as Galaxy require this option to be enabled to work with Nomadix Micros POS emulation in wireless hospitality networks Some PMS systems send selection records as lastnam...

Page 116: ...tion Setting Up Port Locations Port Location Port Location allows you to establish the mode of operation for devices 1 From the Web Management Interface click on Configuration then Port Location The P...

Page 117: ...Access Gateway Go to In Room Port Mapping on page 107 to map rooms from the subscriber side of the Access Gateway 4 Select No Port Location Mapping if you are not using Port based access 5 If you are...

Page 118: ...r migration Enable box For cascading Tut and RFC1493 compliant systems click on the associated Cascading button The Cascading Support screen appears allowing you to enter the IP address and SNMP commu...

Page 119: ...or example http 219 57 108 103 1111 usg roommapping The Enter Network Password prompt appears Access Gateway multiple VLAN tagged systems can use the same tags and be placed on different Subscriber po...

Page 120: ...ccess mode you want to assign to this room Room Free Access Room For Charge Room Blocked 6 Click on the Submit button to save your changes 7 Repeat Steps 4 through 6 for each room see note If you leav...

Page 121: ...d packets with 802 1p priority bits already set it will pass the priority values through unaltered In Internal mode classification and resultant bit marking is performed via QoS policies that are defi...

Page 122: ...vice for the rule and then click Add Rule Once added rules will be displayed in the list above Defining the RADIUS Client Settings RADIUS Client The Access Gateway supports Remote Authentication Dial...

Page 123: ...d logs their activity including bytes transferred connect time etc The Access Gateway s RADIUS implementation also handles vendor specific attributes VSAs required by WISPs that want to enable more ad...

Page 124: ...Based Routing Settings Realm Based Routing on page 118 RADIUS Attributes on page 267 1 From the Web Management Interface click on Configuration then RADIUS Client The RADIUS Client Settings screen app...

Page 125: ...ccount access request click on the check box for Send NAS identifier then define the NAS identifier in the NAS identifier field 5 To send the NAS IP address with your account request click on the chec...

Page 126: ...ble RADIUS QoS Policies to assign a QoS policy to a user in their Radius Profile 17 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to...

Page 127: ...RADIUS Proxy Services as required by clicking on the appropriate check box 3 If you enabled RADIUS Proxy Services you must provide the Authentication Server Port and the Accounting Server Port refere...

Page 128: ...ecret key in the Authentication Secret Key field During the authentication process the server and client exchange secret keys The secret keys must match for communication between the server and the cl...

Page 129: ...RL VSA The Radius VSA for Redirect URL will be passed on to the Upstream NAS when enabled Enforce IP Upsell VSA The Radius VSA for Ip Upsell will be passed on to the Upstream NAS when enabled Enforce...

Page 130: ...to see configured RADIUS service profiles and Realm Routing Policies this will take you to the Realm Based Routing Settings screen See also Defining the Realm Based Routing Settings Realm Based Routin...

Page 131: ...ADIUS servers will return the L2TP tunnel parameters which the NSE will use to establish an L2TP tunnel Create a RADIUS service profile to a RADIUS server that will handle Prefix based users This is t...

Page 132: ...red by clicking on the Enable RADIUS Authentication Service check box 2 If you enabled the RADIUS Authentication Service enter the primary RADIUS authentication server IP address in the Primary IP fie...

Page 133: ...hen communicating accounting records 4 Enter a secret key in the Secret Key field for the primary RADIUS accounting server 5 Repeat Steps 1 through 4 for the secondary RADIUS accounting server if used...

Page 134: ...cies can reference the same RADIUS service or tunnel profile This policy references a RADIUS service profile so a realm match will result in an access request being sent to the RADIUS server s specifi...

Page 135: ...ke this entry the active entry click on the Entry Active check box 3 To define a specific realm choose the Specific Realm option and enter the destination in the Realm Name field Alternatively you can...

Page 136: ...ACCESS GATEWAY 124 System Administration...

Page 137: ...at are of the format username tcisp com Since this policy references a tunnel profile no RADIUS access requests will be sent to any RADIUS server In this case the NSE will use the L2TP tunnel paramete...

Page 138: ...ce realm information will be used by the NSE s L2TP tunnel feature to determine how to handle usernames that contain realm information The screen below shows an example of setting the routing mode to...

Page 139: ...x for SMTP Redirection Misconfigured to enable this feature for misconfigured subscribers 3 Click on the check box for SMTP Redirection Properly Configured to enable this feature for properly configur...

Page 140: ...lates network management over the Internet To do this you must set up the SNMP communities and identifiers For more information about SNMP see Using an SNMP Manager on page 52 1 From the Web Managemen...

Page 141: ...changes 5 Click on the Submit button to save your changes and reboot the system or click on the Reset button if you want to reset all the values to their previous state You can now use your SNMP clien...

Page 142: ...en appears 2 Click on the Add button to add a new public subnet The Add Public Subnets screen appears 3 Enter a valid IP address for this subnet in the Subnet field 4 Enter the subnet mask for this su...

Page 143: ...ion settings To view the summary listing go to the Web Management Interface click on Configuration then click on Summary To edit the Current Public DHCP Subnets table go to Managing the dhcp service o...

Page 144: ...32 System Administration The Summary of Configuration Settings screen appears partial screen shown here Setting the System Date and Time Time This procedure shows you how to set the system date and ti...

Page 145: ...are time or select External Time Server if you want to use NTP instead of the internal clock of the NSE If you select Internal Time enter the new date and time parameters in the relevant fields if req...

Page 146: ...RADIUS servers for example if the RADIUS server is setup for a time zone that is different from the Access Gateway 4 When finished click on the Submit button to save your changes or click on the Reset...

Page 147: ...or Select a condition type from the Add Condition menu and define the matching parameters Once added conditions will be displayed in the condition list 6 Select Remove to remove a condition from this...

Page 148: ...s Settings screen appears 2 If you want to enable this feature click on the check box for URL Filtering 3 Click on the Submit button to save your setting 4 If URL Filtering is enabled you can add or r...

Page 149: ...gration significantly expands this capability via the following means It allows the creation of multiple zones which are then constituted by groupings of multiple port locations These groupings can be...

Page 150: ...ce Port Locations This is where the port configuration for the zone is entered The data must be entered as a string between 1 and 128 characters in length The string must contain either an individual...

Page 151: ...perations Center and the edge device early VPN protocols such as PPTP have been widely discredited as a secure tunneling method As part of Nomadix commitment to provide outstanding carrier class netwo...

Page 152: ...agement traffic either originating at the NOC or from the edge device through the IPSec tunnel Alternatively AAA data such as RADIUS Authentication and Accounting traffic can be sent through the IPSec...

Page 153: ...rdware MAC address ARP is limited to a single physical network that supports hardware broadcasting To view the ARP Table go to the Web Management Interface click on Network Info then click on ARP The...

Page 154: ...urrently configured This table includes the assigned host names their corresponding IP addresses and any aliases that may be assigned to each host Hosts provide services to other computers that are li...

Page 155: ...as a listing which details the current status of each ICMP transmission element To view the ICMP Statistics go to the Web Management Interface click on Network Info then click on ICMP The ICMP Statist...

Page 156: ...ACCESS GATEWAY 144 System Administration The Network Interfaces screen appears...

Page 157: ...reaches its destination even though different packets may pass through different networks to get to the same location To view the IP Statistics go to the Web Management Interface click on Network Info...

Page 158: ...fo then click on Routing The Routing Tables screen appears Displaying the Active IP Connections Sockets You can display a table which provides a detailed listing of all currently active IP Internet Pr...

Page 159: ...Table Static Port Mapping You can display a table which provides a detailed listing of the currently active static port mapping scheme To view the Static Port Mapping Table go to the Web Management In...

Page 160: ...rotocol statistics which are presented as a detailed listing of all TCP elements and their current status TCP is a standard protocol that manages data transmissions across networks To view the TCP Sta...

Page 161: ...ort Location Menu The Port Location capabilities on the NSE have been enhanced It is now possible to define a policy on a port The billing methods RADIUS Credit Card PMS L2TP Tunneling and the billing...

Page 162: ...n a hotel or apartment building a floor number wing or building There may even be multiple ports assigned to a single room or location The Access Gateway uses a port location authorization table to ma...

Page 163: ...ent This procedure shows you how to add a port location assignment If you want to update an existing assignment go to Updating a Port Location Assignment 1 From the Web Management Interface click on P...

Page 164: ...Charge for Use additional configurations are available Refer to the Note Port based Policies should be enabled from the Configuration AAA page for these settings to take effect Choose Enable RADIUS B...

Page 165: ...e location file appears or click on the Reset button if you want to reset all the values to their previous state Updating a Port Location Assignment The procedure for updating a port location assignme...

Page 166: ...his action before deleting the requested port location 1 From the Web Management Interface click on Port Location then Delete by Location The Delete Port Location Assignments by Location screen appear...

Page 167: ...tton to delete the specified port location assignment or click on the Reset button if you want to reset the port value to its blank state Exporting Port Location Assignments Export This procedure show...

Page 168: ...f you want to review the details of a specific port location You can also find port locations based on their location or port 1 From the Web Management Interface click on Port Location then Find by De...

Page 169: ...rt 1 From the Web Management Interface click on Port Location then Find by Location The Find a Port Location Assignment by Location screen appears 2 In the Enter Location field enter the location of t...

Page 170: ...their description or location 1 From the Web Management Interface click on Port Location then Find by Port The Find a Port Location Assignment by Port screen appears 2 In the Enter Port field enter th...

Page 171: ...to import port location assignments from the flash location txt file Viewing the location txt File You can click on the View location txt link if you want to view the current contents of the file If...

Page 172: ...iverDelta subnet state description Location Locations are assigned as an alpha numeric or alpha numeric value unless a PMS interface is used in which case only numeric values can be used Port Any numb...

Page 173: ...dure shows you how to add subscriber profiles into a table of authorized users Three types of subscriber profiles are provided see the following sections for configuration information for the differen...

Page 174: ...ubscriber account type 3 Define the DHCP Address Type Public or Private only used when the IP Upsell feature is enabled otherwise leave this set to private 4 Enter a valid MAC Address for the subscrib...

Page 175: ...p Quality of Service QoS on page 109 for more information 14 Enable Countdown after login if you want the timeout amount to take effect after the user logins If the option is not enabled user timeouts...

Page 176: ...he device is connected to a specific VLAN 5 Enter a valid MAC Address for the device 6 Enter the IP Address of the device 7 Enter a valid Subnet address for this device 8 In the Username field enter a...

Page 177: ...ue which limits the number of subscribers that can be logged in through the account at any given time Group accounts can now be added via XML using the GROUP_ADD command The overall layout and behavio...

Page 178: ...Subnet address for this subscriber 5 In the Username field enter a user name for this subscriber 6 If you assigned a user name you must now assign a Password 7 In the Expiration Time field define the...

Page 179: ...to reset all the values to their previous state Displaying Current Subscriber Connections Current You can display a listing of all the subscribers currently connected to the system The list includes t...

Page 180: ...rocedure shows you how to delete a subscriber profile from the Access Gateway s database of authorized subscribers based on the profile s MAC address In the State field Valid denotes that the subscrib...

Page 181: ...User This procedure shows you how to delete a subscriber profile from the Access Gateway s database of authorized subscribers based on the profile s user name 1 From the Web Management Interface click...

Page 182: ...Interface click on Subscriber Administration then click on DHCP Leases The Currently Allocated DHCP Leases screen appears Deleting All Expired Subscriber Profiles Expired This procedure shows you how...

Page 183: ...ce click on Subscriber Administration then Find by MAC The Find a Subscriber Profile screen appears 2 In the Enter MAC Address field enter the MAC address of the subscriber you want to find 3 Click on...

Page 184: ...bscriber profile or click on the Reset button if you want to reset the Username value to its blank state Listing Subscriber Profiles by MAC Address List by MAC You can display the currently active dat...

Page 185: ...e list of Authorized Subscriber Profiles go to the Web Management Interface click on Subscriber Administration then click on List by User The Authorized Subscriber Profiles screen appears 1 indicates...

Page 186: ...ing messages or 320000 bytes when and if necessary the oldest records are purged to make room for new records If the logfile is disabled the current logfile is purged from the flash If this is re enab...

Page 187: ...database Current Table and a numerical breakdown of how the subscribers can utilize the system for example free access credit card etc The total number of user profiles stored in the Access Gateway s...

Page 188: ...WS to allow users online on a time X over period Y basis Standard billing plans where time X period Y can be used concurrently with X over Y plans For example multiple plans with flexible billing even...

Page 189: ...Subscriber Interface then Billing Options The Internal Billing Options Setup screen appears 2 Review the billing plans normal plans and X over Y plans that are currently active To view or edit a bill...

Page 190: ...ACCESS GATEWAY 178 System Administration The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan and type you selected...

Page 191: ...ACCESS GATEWAY System Administration 179 Sample of Internal Billing Options XoverY Plan Setup Screen Depending on the type of plan you want to set up go to Setting Up a Normal Billing Plan on page 180...

Page 192: ...g note 8 Click on the Submit this Plan button to save your changes and establish this billing plan Alternatively you can click on the Delete this Plan button if you want to delete this plan or click o...

Page 193: ...tate Setting Up an X over Y Billing Plan 1 If required click on the Enable check box to enable make active this billing plan 2 Define a label for this billing plan in the Label field 3 Enter a descrip...

Page 194: ...ation and Control Console ICC Setup The Nomadix ICC is a HTML pop up window that is presented to subscribers allowing them to select their bandwidth and billing plan options quickly and efficiently an...

Page 195: ...opportunity to display the elapsed count down time and one logo for intra session service branding This procedure allows you to set up how the ICC is displayed to subscribers For more information abo...

Page 196: ...ACCESS GATEWAY 184 System Administration 1 From the Web Management Interface click on Subscriber Interface then ICC Setup The ICC Setup screen appears...

Page 197: ...er s screen Choose one of the following options Upper Left Corner Upper Right Corner Lower Left Corner Lower Right Corner 6 Define how you want to display the subscriber session time Elapsed Time how...

Page 198: ...e image file you want to use for the button When assigning images for buttons refer to Pixel Sizes on page 188 When you have completed assigning all your redirect buttons click on the Submit button to...

Page 199: ...eters that buttons use see Assigning Buttons on page 185 with the addition of 3 three more These are Duration Defines how long the banner is displayed in the ICC Start Time This is an optional paramet...

Page 200: ...on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state 5 To return to the previous screen click on the Configure ICC link P...

Page 201: ...nguage Support The Access Gateway allows you to define the text displayed to your users by the Internal Web Server IWS without any HTML or ASP knowledge The language you select here will determine the...

Page 202: ...ntly 6 six pre translated language options If you want to have the ICC pre translated into Japanese and enter and display Japanese characters on the Web Management Interface and the subscriber s porta...

Page 203: ...1 Upload the required pages and images to the flash web directory using FTP Total file size of all pages and images cannot exceed 200 KB File names should be labeled using the 8 3 format 2 Go to WMI...

Page 204: ...b Page File Name This text box lets you add or remove the names of the web pages that you intend to serve to the end users Note The name of the web page has to be added in order for it to be served to...

Page 205: ...ACCESS GATEWAY System Administration 193 Defining the Subscriber s Login UI Login UI This procedure allows you to set up the presentation and content of the subscriber s login User Interface UI...

Page 206: ...ce click on Subscriber Interface then Login UI The Subscriber Login User Interface Settings screen appears 2 Define the messages you want subscribers to see when they log in Keep messages brief and to...

Page 207: ...nabled the Remember Me option define the duration in days in the Remember for how many days field 6 If required define a Help Hyperlink Message and a corresponding Help Hyperlink URL 7 Define the loca...

Page 208: ...er Login Screen Sample on page 197 12 If you made changes to the Image File Name or Partner Image File Name fields you must reboot the Access Gateway for your changes to take effect In this case click...

Page 209: ...Page can be defined either as a RADIUS VSA or be driven by the Access Gateway s Internal Web Server IWS Using the IWS option means that this functionality is available for other post paid billing mec...

Page 210: ...ACCESS GATEWAY 198 System Administration Freely configurable hypertext link in case the ISP wants to link the user back to a sign up help page Sample of Post Session UI Goodbye Page...

Page 211: ...ACCESS GATEWAY System Administration 199 1 From the Web Management Interface click on Subscriber Interface then Post Session UI The Subscriber Post Session User Interface Settings screen appears...

Page 212: ...ink in the Hyper Text Link URL field 5 Define the following Field Label Definitions for your Goodbye Page Session Summary IP Address Authen Type Start Time Stop Time Byte Sent Byte Received Go To 6 Cl...

Page 213: ...3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field values to their default state...

Page 214: ...age Field Label Definitions screen appears 2 Enter the definitions you want for each label in the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if...

Page 215: ...erface click on Subscriber Interface then Subscriber Errors 1 of 2 The Subscriber Page Error Message Definitions 1 of 2 screen appears 2 Enter the definitions you want for each error message in the co...

Page 216: ...ACCESS GATEWAY 204 System Administration If you want to reset all field values to their default state click on the Revert button 4 Repeat Steps 1 3 for page 2 of 2 see following screen...

Page 217: ...rocedure allows you to define how other subscriber messages are displayed 1 From the Web Management Interface click on Subscriber Interface then Subscriber Messages 1 of 3 The Subscriber Page Other Me...

Page 218: ...he corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field values...

Page 219: ...ACCESS GATEWAY System Administration 207 5 Repeat Steps 1 3 for page 3 of 3 see following screen...

Page 220: ...ARP Add The Add ARP Table Entries screen appears 1 Enter the IP Address of the entry you are adding 2 Enter the MAC Address of the entry you are adding 3 Define whether this entry is Static Will only...

Page 221: ...Mode option is enabled the Access Gateway is effectively transparent to the network in which it is located allowing clusters of switches especially Cisco Systems switch clusters to be managed using th...

Page 222: ...n the Submit button to save your changes or click on the Reset button if you want to reset the Enable option to its previous state Exporting Configuration Settings to the Archive File Export This proc...

Page 223: ...authentication settings to the archive txt file Importing the Factory Defaults Factory This procedure shows you how to replace the current authentication settings with the settings that were establis...

Page 224: ...ail Over Many large scale networks require fail over support for all devices in the public access network The Fail Over Options feature allows two Nomadix Gateways to act as siblings where one device...

Page 225: ...he Secondary will wait while not receiving messages from the Primary before it takes over 7 Click on the check box for Reboot after changes are saved 8 Click on the Submit button to save your changes...

Page 226: ...tory log fields include Message Administrator Operator action Login User name of the Administrator Operator IP Source IP address see note Establishing ICMP Blocking Parameters ICMP The Access Gateway...

Page 227: ...eature as required 3 You can Ping a host via the network port by entering either an IP address or DNS name of host This is the site that you want the ping to be sent to from the NSE 4 Click on the Sub...

Page 228: ...vels to differentiate between managers and operators where managers are permitted read write access and operators are restricted to read access only Once the logins have been assigned managers have th...

Page 229: ...allowed SSH Shell Access SSL Only managers can assign a username and password for the remote RADIUS testing login option 1 From the Web Management Interface click on System then Login The Login Name a...

Page 230: ...htm and can be accessed from the network side of the Access Gateway You must open a separate browser to utilize this feature The Framed IP field is configurable by the user and can be set to any IP ad...

Page 231: ...s to their previous state Defining the MAC Filtering Options Mac Filtering MAC Address filtering enhances Nomadix access control technology by allowing System Administrators to block malicious users b...

Page 232: ...n to add this address to the blocked list or click on the Remove button to remove this address from the list For advanced security see also Establishing Session Rate Limiting Session Limit on page 222...

Page 233: ...setting the gateway or router IP address by which the route s destination can be reached 1 From the Web Management Interface click on System then Route Add The Add Static Routes screen appears 2 Enter...

Page 234: ...ete Static Routes screen appears 2 Enter the Destination IP address of the route you want to delete from the routing table 3 Click on the Delete button to delete this route from the routing table or c...

Page 235: ...Defining the MAC Filtering Options Mac Filtering on page 219 Adding Static Ports Static Port Mapping Add Static Port Mapping allows the network administrator to setup a port mapping scheme that forwa...

Page 236: ...rnal device from any network side workstation 8 Optional Enable the Protect with Source IP based Access Control option Enabling this will only allow address in the source based access control list to...

Page 237: ...articular static IP typically private and mis configured and port number on the subscriber side of the Access Gateway The advantage for the network administrator is that free private IP addresses can...

Page 238: ...Interfaces The Subscriber Interfaces screen appears 2 Enable or disable the following items by clicking on the corresponding check box Block Subscriber Interface 1 Block Subscriber Interface 2 3 Clic...

Page 239: ...ike a router the Access Gateway continuously tracks subscriber IP and MAC settings eliminating the need for further sign ins and ensuring that subscriber usage and billing is recorded accurately The A...

Page 240: ...equired to pay Naturally subscribers expect to pay only for the services rendered to them In any environment billing is a complex process It requires accurate data collection and reconciliation a mean...

Page 241: ...nd deny service to those guests who have not paid Allowing the solution provider to bill subscribers for services rendered either directly on their hotel bill in the hotel scenario via a mailed invoic...

Page 242: ...subscribers on a local flash database By looking up subscribers on a remote database The Authentication module can support user name and MAC address authentication simultaneously Subscriber Login Sub...

Page 243: ...ning the time purchased Interaction with a Property Management System PMS and Web interfaces enabling administrators to edit the subscriber s input Only subscribers that are correctly identified and a...

Page 244: ...Provider s Portal Page Internal or External Web Server AG detects connection and verifies user against authorization table Lease time has expired Purchase more time Yes No Internet and local online s...

Page 245: ...rver Either method is transparent to the subscriber however the advantage of using the internal Web server is obvious no login redirection tasks and a faster response time for the subscriber Language...

Page 246: ...ddress The Access Gateway can be configured to allow access for specified MAC addresses In this model when a subscriber attempts to access the Internet the Access Gateway validates the subscriber s MA...

Page 247: ...user name and password are optional the MAC address will be substituted but in this event the service is not transferable between computers Credit card Enable the AAA services You have the choice of...

Page 248: ...f redirection options For information about configuring the ICC refer to Defining Languages Language Support on page 189 ICC Pop Up Window The ICC displays a HTML based applet in the form of a pop up...

Page 249: ...s System Administrators to define a simple HTML based pop up window for explicit logout that can be used as an alternative to the more fully featured ICC The pop up Logout Console can display the elap...

Page 250: ...ACCESS GATEWAY 238 The Subscriber Interface...

Page 251: ...G parameters Network Info Menu Displays the Network Info menu The items in this menu are used to monitor and review network connections routings protocols and network session statistics Port Location...

Page 252: ...used This feature allows administrators to block access from Telnet Web Management and FTP sources Auto Configuration Provides an effortless and rapid method for configuring devices for fast network...

Page 253: ...stablishes the Access Concentrator settings RADIUS Client This procedure sets up the RADIUS client RADIUS Proxy Establishes RADIUS proxies where different realms can be set up to directly channel RADI...

Page 254: ...or the interfaces IP Displays the IP performance statistics Routing Displays the routing tables and performance statistics Sockets Displays the active Internet connections Static Port Mapping Displays...

Page 255: ...signment based on a unique description Find by Location Finds a port location assignment based on a specified location Find by Port Finds a port location assignment based on a specified port Import Im...

Page 256: ...pecified user name List by MAC Displays a list of authorized subscriber profiles sorted by MAC address List by User Displays a list of authorized subscriber profiles sorted by user name Statistics Dis...

Page 257: ...d to subscribers page 1 of 3 Subscriber Messages 2 of 3 Defines how other general messages are displayed to subscribers page 2 of 3 Subscriber Messages 3 of 3 Defines how other general messages are di...

Page 258: ...s routing table Route Delete Deletes a route to a specific IP destination Session Limit Limits the number sessions any one user can take over a given time period and if necessary then blocks maliciou...

Page 259: ...users based on their MAC address Up to 50 MAC addresses can be blocked at any one time Reboot Reboots the Access Gateway Route Add Adds a route into the Access Gateway s routing table Route Delete De...

Page 260: ...Description Find port location assignments by description Port Location Find by Location Find port location assignments by location Port Location Find by MAC Find a subscriber profile by MAC address...

Page 261: ...tics Display the subscriber profile statistics Subscriber Admin Subnets Enable dynamic multiple subnet support Configuration Subscriber Buttons Define how control buttons are displayed to subscribers...

Page 262: ...its of Network Interface MAC MAC address is unique for each product MAC address is unique for each product Network Interface IP Subnet Mask Default Gateway IP DHCP Client Admin IP 10 0 0 10 255 255 25...

Page 263: ...al Authorization New Subscribers Credit Card Service Parameter Passing Usernames XML Disabled Enabled Enabled Enabled Disabled Enabled Disabled DNS Redirection SMTP Redirection SMTP Server IP Enabled...

Page 264: ...y Fail Over PERFORMANCE User Support Up to 50 users concurrently Throughput up to 20Mbits s As defined by RFC1242 Section 3 17 PHYSICAL 1U rack space in a 19 rack 10 00 L x 10 00 D x 1 73 H 254mm L x...

Page 265: ...01 A2 2003 IEC 61000 4 2 1995 A1 1998 A2 2000 IEC 61000 4 3 2006 IEC 61000 4 4 2004 IEC 61000 4 5 2005 IEC 61000 4 6 2007 IEC 61000 4 8 1993 A1 2000 IEC 61000 4 11 2004 EN 61000 3 3 1995 A1 2001 A2 20...

Page 266: ...lient IPSec for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port SNMPv2c Secure XML API Auto Configuration and Upgrades Syslog AAA log NETWORKING I...

Page 267: ...y Management Interface PMS PERFORMANCE User Support Up to 200 users concurrently Throughput up to 85Mbits s As defined by RFC1242 Section 3 17 PHYSICAL 1U rack space in a 19 rack 10 00 L x 10 00 D x 1...

Page 268: ...1950 CSA22 2 No 950 INTERFACES 3 x 10 100 Mbps Ethernet RJ 45 1 x DB9 serial for serial management and PMS interface LED INDICATORS ACT LINK and 10 100 for each Ethernet port Power NETWORK MANAGEMENT...

Page 269: ...Management Interface PMS PERFORMANCE User Support Up to 2000 users concurrently Throughput up to 100Mbits s As defined by RFC1242 Section 3 17 PHYSICAL 1U rack space in a 19 rack 16 85 L x 10 04 W x...

Page 270: ...61000 3 2 2000 CENELEC EN 61000 3 3 1995 A1 2001 UL Std 1950 CSA22 2 No 950 INTERFACES 3 x 10 100 Mbps Ethernet RJ 45 1 x DB9 serial for serial management and PMS interface LED INDICATORS ACT LINK an...

Page 271: ...ACCESS GATEWAY Quick Reference Guide 259 NETWORKING IEEE 802 3 3u IEEE 802 1d DHCP Server DHCP Relay RADIUS Client MD 5 PAP CHAP MS CHAPv1 v2 AG 5500 Specifications...

Page 272: ...put up to 750Mbits s As defined by RFC1242 Section 3 18 PHYSICAL 1U rack space in a 19 rack 17 24 L x 11 53 W x 1 73 H 438mm L x 292 0mm W x 44mm H Weight 8 8 lbs Weight 4 00 Kg OPERATING VOLTAGE 100...

Page 273: ...ive 2006 95 EC IEC 60950 1 2005 2nd Edition EN60950 1 2006 A11 2009 INTERFACES 2 x 10 100 1000 Mbps GigE RJ 45 LAN 1 x 10 100 1000 Mbps GigE RJ 45 WAN 1 x DB9 serial PMS Interface 1 x Front Access RJ...

Page 274: ...ACCESS GATEWAY 262 Quick Reference Guide NETWORKING IEEE 802 3 3u 3ab IEEE 802 1d DHCP Server DHCP Relay RADIUS Client MD 5 PAP CHAP MS CHAPv1 v2 AG 5600 Specifications...

Page 275: ...Added_in_memory_ta ble_ pending 00 00 0E 32 2 C BC Mar 31 18 43 54 nomad237 nomadix com INFO AAA 4208 AAA_Authentication Unsuccessful_Error 00 60 08 B4 20 6A Mar 31 21 34 21 nomad237 nomadix com INFO...

Page 276: ...Interface Updated_by_administrator Subscriber profile was updated AAA_Interface Removed_by_administrator Subscriber profile was manually removed from the authorization table Message Definition 2003 02...

Page 277: ...ACCESS GATEWAY Quick Reference Guide 265 Sample History Log A history log is generated by the Access Gateway which includes the system s activity Access Reboot and Uptime More listings...

Page 278: ...ata and place it on the clipboard Ctrl X Copy selected data to the clipboard Ctrl C Paste data from the clipboard into a document at the insertion point Ctrl V Copy the active window to the clipboard...

Page 279: ...granted and if so with what privileges When a subscriber attempts to access the service provider s network the Access Gateway delivers a Web page to the subscriber asking for a login name and password...

Page 280: ...scriptions Nomadix Vendor Specific Attributes Authentication Request Username Password Service Type NAS Port port number NAS Identifier Framed IP Address NAS IP Address NAS Port Type Acct Session ID L...

Page 281: ...wn Nomadix URL Redirection Nomadix IP Upsell Nomadix MaxBytesUp Nomadix MaxBytesDown Nomadix Net VLAN Nomadix Session Terminate End Of Day Nomadix Subnet Nomadix Expiration Accounting Request Username...

Page 282: ...ateway will set the subscriber expiration time to 0 which means access forever Log Off URL Allows for the placement of a log off URL for example 1 1 1 1 on an external portal page Idle Timeout The WMI...

Page 283: ...sent The precision is 2 minutes The Access Gateway will not send Interim messages more frequently than every 2 minutes Called Station ID This is the Media Access Control MAC address of the Access Gate...

Page 284: ...ess Gateway has the IP Upsell feature enabled Nomadix Volume Based Session Timeout This attribute allows you to terminate a session once a specified data volume has been reached Nomadix Session Termin...

Page 285: ...are based on obtaining a key from VeriSign Please contact Nomadix Technical Support if you want to use a different Certificate Authority For Nomadix technical support go to Contact Information on pag...

Page 286: ...a PC The procedure starts from the Cygwin Net Release Setup Program screen Click on the Next button The following screen appears Click on the Next button to display the next setup screen The example...

Page 287: ...GATEWAY Quick Reference Guide 275 Click on the Next button to display the next setup screen Click on the Next button to display the next setup screen Click on the Next button to display the next setup...

Page 288: ...please skip all packages except cygwin and openssl then click on the Next when you are done For the purposes of this document Nomadix used ftp planetmirror com At the time of this writing there are m...

Page 289: ...inform you that the installation process is completed At the pop up dialog click on the OK button Private Key Generation Create a directory from Root and put 5 random files a dat b dat c dat d dat and...

Page 290: ...ommand prompt from Windows then click on the OK button Go to the c cygwin bin directory and run the following command openssl genrsa rand file1 file2 file3 file4 file5 1024 cakey pem The following tab...

Page 291: ...P to the Access Gateway openssl openssl command genrsa A parameter for openssl to generate an RSA key Rand A parameter for openssl to generate a random number from the files list file1 file2 file5 The...

Page 292: ...280 Quick Reference Guide Here is the output of cakey pem Create a Certificate Signing Request CSR File Run the following command to generate the certificate signing request openssl req new key cakey...

Page 293: ...n Name in the Web Management Interface of the Access Gateway refer to the Access Gateway setup information later in this document Here is the output of server csr Create a Public Key File server pem V...

Page 294: ...282 Quick Reference Guide This is the procedure to get a 40 bit encryption or 128 bit Public Key from VeriSign With IE or Netscape go to www verisign com products site index html Select Buy for Secur...

Page 295: ...s in the server csr created in the previous step Open server csr and copy and paste all data into the edit box Select the purchase method and summit the required contact information When you receive a...

Page 296: ...gin FTP the cakey pem and server pem files into the Access Gateway platform s flash directory FTP to the Access Gateway by Netscape ftp username password Access Gateway Network IP flash Drag and drop...

Page 297: ...r logins secure logins or both When subscribers enter the Portal Page they can then choose either a regular login or a secure login To setup the Portal Page add the following For Regular Logins http A...

Page 298: ...This document describes the process used by the Access Gateway for mirroring billing records and is organized into the following sections Sending Billing Records on page 286 XML Interface on page 287...

Page 299: ...at Access Gateway to External Server USG RMTLOG_COMMAND ADD_REC REC_NUM max 4 characters REC_NUM USG_ID max 6 characters USG_ID PROPERTY_ID max 64 characters PROPERTY_ID DATE max 10 characters DATE TI...

Page 300: ...The XML string is a command sent by the External Server to the Access Gateway product In this case the acknowledgement received from the External Server forms the command The Access Gateway expects t...

Page 301: ...VALUE IP_ADDR 11 22 33 44 IP_ADDR ERROR_CODE 5 ERROR_CODE USG Format for each Field RESULT_VALUE OK or ERROR IP Standard IP format 123 123 123 123 ERROR_CODE1 for OK or any other number For more infor...

Page 302: ...ACCESS GATEWAY 290 Quick Reference Guide...

Page 303: ...ice the Access Gateway requires careful handling It should be positioned in a dust free and temperature controlled environment Never block the unit s ventilation holes and do not stack with other equi...

Page 304: ...ge settings or the message is generated by the system when it fails to locate the data it needs Error loading factory settings The system cannot find the default configuration file when attempting to...

Page 305: ...es are available to subscribers This message is displayed because you have disabled both the external DHCP relay and the system s DHCP service To make DHCP available to subscribers at least one of the...

Page 306: ...server If necessary test the communication with the ping command The DHCP relay is enabled with the correct IP address for the external DHCP server but the DHCP server is misconfigured Check the exte...

Page 307: ...to the Access Gateway incorrectly Re enter the correct URL The server that hosts the home page is down or the service provider if different from the host is not able to route to your page Check that t...

Page 308: ...This page intentionally left blank ACCESS GATEWAY 296 Troubleshooting...

Page 309: ...rk documentation to verify that the network components are functioning correctly If you cannot resolve the problem with your documentation resources try connecting to our corporate Web site We may hav...

Page 310: ...This page intentionally left blank ACCESS GATEWAY 298...

Page 311: ...An IEEE standard for providing a virtual LAN capability within a campus network 802 1Q establishes a standard format for frame tagging Layer 2 VLAN markings enabling the creation of VLANs that use equ...

Page 312: ...a fixed size 53 bytes each The cell used with ATM is relatively small compared to units used with older technologies The small constant cell size allows ATM equipment to transmit video audio and comp...

Page 313: ...vailable for reassignment to another device See also Dynamic IP Address IP Address Static IP Address and TCP IP DNS Domain Name System A system that maps meaningful domain names with complex numeric I...

Page 314: ...fer rates of 10 Mbps The Ethernet specification served as the basis for the IEEE 802 3 standard which specifies the physical and lower software layers Ethernet is one of the most widely implemented LA...

Page 315: ...FTP File Transfer Protocol A standard protocol used for copying and moving files quickly efficiently and securely across public and private networks An FTP site is one where files are available for do...

Page 316: ...In infrastructure mode wireless devices can communicate with each other or can communicate with a wired network When one AP is connected to a wired network and a set of wireless stations it is referre...

Page 317: ...between nodes Also referred to as WLAN See also Node LDAP Lightweight Directory Access Protocol Directories containing information such as names phone numbers and addresses are often stored on a varie...

Page 318: ...m on a computer NTP sends periodic time requests to servers obtaining server time stamps and using them to adjust the client s clock OFDM Orthogonal Frequency Division Multiplexing An FDM modulation t...

Page 319: ...a host and expects a response within a predetermined time This is useful when troubleshooting network transmission problems See also ICMP Portal A portal is a Web site The portal consists of a collect...

Page 320: ...word This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system RFC Request for Comments A series of notes about the Intern...

Page 321: ...s a wireless network SSL Secure Sockets Layer A protocol developed by Netscape for transmitting private documents via the Internet SSL works by using a private key to encrypt data that is transferred...

Page 322: ...to the login prompt of another host that you have access rights to See also Host Throughput The net data transfer rate between an information source and its destination using the maximum packet size w...

Page 323: ...calculated into UTC UTC was devised on January 1 1972 and is coordinated in Paris by the International Bureau of Weights and Measures UTC like GMT is set at 0 degrees longitude on the prime meridian...

Page 324: ...A Wi Fi Protected Access A Wi Fi standard that was designed to improve upon the security features of WEP The technology is designed to work with existing Wi Fi products that have been enabled with WEP...

Page 325: ...ode 8 209 C cautions 23 202 Certificate Signing Request 280 character lengths 34 CLI 9 Command Line Interface 9 inputting data 31 logging in 29 common problems 294 concurrent login 216 configurable po...

Page 326: ...215 importing factory settings 211 iNAT 10 80 Information and Control Console 8 11 182 236 assigning banners 187 assigning buttons 185 pixel sizes 188 time formats 189 inputting data 34 in room port m...

Page 327: ...aces 143 notes 23 202 NSE core functionality 6 NTP support 14 O optional NSE modules 20 High Availability Module 20 Hospitality Module 20 P PageFaults 95 passthrough addresses 97 PMS 98 PMS integratio...

Page 328: ...6 remote connections 51 routes 221 222 adding 221 deleting 222 routing tables 145 S secure administration 63 secure management 16 secure socket layer 17 security 5 serial cable connection 28 service b...

Page 329: ...tory 94 95 Log Filter 93 Save file 93 SYSLOG report 264 System Administration menu 51 System menu 208 System report log 93 System report log interval 93 T TCP statistics 148 technical support 297 cont...

Page 330: ...ACCESS GATEWAY 318...

Reviews:

No comments