manualshive.com logo in svg

Nomadix AG-2000W, User Manual, Page: 111 / 254

Share
Download
Nomadix AG-2000W User Manual Download Page 111

N

OMADIX

 AG-2000

W

™ / AG-2000

WA

System Administration

107

Enabling Secure Management {VPN Tunnel}

There are many different ways to configure, manage and monitor the performance 

and up-time of network devices. SNMP, Telnet, HTTP and ICMP are all common 

protocols to accomplish network management objectives. And within those objectives 
is the requirement to provide the highest level of security possible.

While several network protocols have evolved that offer some level of security and 

data encryption, the preferred method for attaining maximum security across all 
network devices is to establish an IPSec tunnel using 3DES between the NOC 

(Network Operations Center) and the edge device (early VPN protocols such as PPTP 

have been widely discredited as a secure tunneling method).

As part of Nomadix’ commitment to provide outstanding carrier-class network 

management capabilities to its family of public access gateways, we offer secure 

management through the NSE’s standards-driven, peer-to-peer IPSec tunneling with 
strong data encryption. Establishing the IPSec tunnel not only allows for the secure 

management of the Nomadix gateway using any preferred management protocol, but 

also the secure management of third party devices (for example, WLAN Access 
Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix 

gateway.

The advantage of using IPSec is that all types of management traffic are supported, 
including the following typical examples:

‹

ICMP - PING from NOC to edge devices

‹

Telnet - Telnet from NOC to edge devices

‹

Web Management - HTTP access from NOC to edge devices

‹

SNMP 

Œ

SNMP GET from NOC to subscriber-side device (for example, AP)

Œ

SNMP SET from NOC to subscriber-side device (for example, AP)

Œ

SNMP Trap from subscriber-side device (for example, AP) to NOC

Several standard configuration options have been pre-set in the AG-2000w that will 

be accepted from the IPSec termination server. These are:

‹

Hash algorithm: MD-5, SHA

‹

Phase 2 encryption: 3DES

‹

Diffie-Hellman: Group 2

‹

Security Association Lifetime (Default 28800 seconds)

‹

Perfect Forward Secrecy (PFS)

 

At the time of this writing, the VPN Tunnel menu item is still in 

development and may not appear in your product.

Summary of Contents for AG-2000W

Page 1: ......

Page 2: ...Rights Reserved Go Ahead Software Inc Copyright 1999 Go Ahead Software Inc All Rights Reserved Livingston Enterprises Inc Copyright 1992 Livingston Enterprises Inc All Rights Reserved The Regents of t...

Page 3: ...names are marks of their respective holders Product Information Telephone 1 818 597 1500 Fax 1 818 597 1502 For technical support information see the Appendix in this User s Guide Write your product s...

Page 4: ...ht inches 20cm between the radiator and your body This transmitter must not be co located or operated in conjunction with any other antenna or transmitter NOTIFICATIONS This device complies with Part...

Page 5: ...Licensing 11 Key Features and Benefits 12 Transparent Connectivity 12 Local Content and Services 13 Access Control and Authentication 13 Security 13 Billing Enablement 13 5 Step Service Branding 14 NS...

Page 6: ...h the AG 2000w 29 PMS Integration 29 Billing Records Mirroring 29 Credit Card Module 30 Wholesale Roaming Module 30 High Availability Module 30 Network Architecture Sample 31 Product Specifications 32...

Page 7: ...Control 71 Defining Automatic Configuration Settings Auto Configuration 73 Enabling Auto Configuration 74 Setting Up Bandwidth Management Bandwidth Management 76 Establishing Billing Records Mirrorin...

Page 8: ...Finding Subscriber Profiles by MAC Address Find by MAC 124 Finding Subscriber Profiles by User Name Find by User 125 Listing Subscriber Profiles by MAC Address List by MAC 126 Listing Subscriber Profi...

Page 9: ...ce 175 Overview 175 Authorization and Billing 176 The AAA Structure 177 Process Flow AAA 178 Internal and External Web Servers 179 Language Support 179 Home Page Redirection 179 Subscriber Management...

Page 10: ...Installing Cygwin and OpenSSL on a PC 207 Private Key Generation 211 Create a Certificate Signing Request CSR File 214 Create a Public Key File server pem 215 Setting Up AG 2000w for SSL Secure Login...

Page 11: ...essful installation Chapter 3 The Subscriber Interface This chapter provides an overview and sample scenario for the AG 2000w s subscriber interface It also includes an outline of the authorization an...

Page 12: ...ferent purposes Mobility Productivity increases when people have access to data in any location within the operating range of the WLAN Management decisions based on real time information can significa...

Page 13: ...11g the AG 2000wa also supports the 802 11a wireless standard within the 5 GHz band Ensuring Compatibility The AG 2000w is compatible with most popular operating systems including Macintosh Linux and...

Page 14: ...l transmissions allowing you to transfer large files quickly or even watch a movie in MPEG format over your network without any noticeable delays In addition to its compatibility with 802 11a AG 2000w...

Page 15: ...es WAN Connectivity T1 E1 Cable Satellite ADSL SDSL VDSL ISDN User Connectivity Supports IEEE 802 11a b g Product Configuration and Licensing All Nomadix Access Gateway products including the AG 2000w...

Page 16: ...provider In fact most users are reluctant to make changes to their computer s network settings and won t even bother This fact alone has prevented the widespread deployment of broadband network servi...

Page 17: ...slation feature creates an intelligent mapping of IP Addresses and their associated VPN tunnels by far the most reliable multi session VPN passthrough to be tested against diverse VPN termination serv...

Page 18: ...o the individual user as part of the RADIUS Reply message the URL is received by the NSE or set to re display itself at freely configurable intervals 4 The Information and Control Console ICC contains...

Page 19: ...Dynamic Address Translation Dynamic Transparent Proxy End User Licensee Count External Web Server Mode Home Page Redirect iNAT Information and Control Console Internal Web Server International Languag...

Page 20: ...ock access from Telnet Web Management and FTP sources Bandwidth Management The NSE optimizes bandwidth by limiting bandwidth usage symmetrically or asymmetrically on a per device MAC address User basi...

Page 21: ...application not available with the AG 2000w See also The Management Interfaces CLI and Web on page 43 Dynamic Address Translation Dynamic Address Translation DAT enables transparent broadband network...

Page 22: ...e comprehensive Nomadix XML API to implement more complex billing plans Recycle existing Web page content for the centrally hosted portal page If you choose to use the EWS interface Nomadix Technical...

Page 23: ...a freely definable pool of publicly routable IP addresses The same public IP address can be used as a source IP to support concurrent tunnels to different termination devices offering unmatched effici...

Page 24: ...heir subscribers See also 5 Step Service Branding on page 14 Logout Pop Up Window on page 21 Information and Control Console ICC on page 182 Internal Web Server The NSE offers an embedded Internal Web...

Page 25: ...ublic pool address the NSE associates their MAC address with their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a private pool addr...

Page 26: ...et standard protocol that assures accurate synchronization to the millisecond of computer clock times in a network of computers NTP synchronizes the client s clock to the U S Naval Observatory master...

Page 27: ...of the individual configuration files and their download frequency status are downloaded from an FTP server into the flash of the Nomadix device 2 Defines the automated login into the centralized FTP...

Page 28: ...le Wi Fi model allowing multiple providers to service one location See also RADIUS Client on page 23 Remember Me and RADIUS Re Authentication The NSE s Internal Web Server IWS stores encrypted login c...

Page 29: ...n Lifetimes etc 2 The exchange of management traffic either originating at the NOC or from the edge device through the IPSec tunnel Alternatively AAA data such as RADIUS Authentication and Accounting...

Page 30: ...Limiting SRL significantly reduces the risk of Denial of Service attacks by allowing administrators to limit the number sessions any one user can take over a given time period and if necessary then b...

Page 31: ...ationship on the back end For example in addition to supporting the secure browser based Universal Access Method UAM via SSL Nomadix is the only company to simultaneously support port based authentica...

Page 32: ...Walled Garden within the Internet where unauthenticated users can be granted or denied access to sites of your choosing Web Management Interface Nomadix Access Gateways can be managed remotely via th...

Page 33: ...teways are equipped with a dedicated PMS port to facilitate connectivity with a customer s Property Management System Billing Records Mirroring NSE powered devices can send copies of credit card and o...

Page 34: ...e service providers to share a HotSpot location further supporting a Wi Fi wholesale model This functionality allows users to interact only with their chosen provider in a seamless and transparent man...

Page 35: ...chitecture Sample The AG 2000w is an ideal solution for single cell Public access environments Other Nomadix products for example HotSpot Gateway and Universal Subscriber Gateway II are more suited to...

Page 36: ...nd Control Console Global Roaming Support MEDIA ACCESS CONTROL CSMA CA PORTS 10 100Base T Ethernet RJ 45 UTP WIRELESS 802 11b Specifications Frequency band 2 4GHz 2 4835GHz Data Rates 11 5 5 2 1 Mbps...

Page 37: ...Limiting ANTENNA TYPE 802 11b g 2dBi 802 11a 3dBi AUTHENTICATION Internal data base Universal Access Method UAM using SSL Smart Client Support Adjungo Networks Boingo Wireless iPass GRIC IEEE 802 1x...

Page 38: ...TTE EN301328 EN301893 EN301489 1 EN301489 17 VCCI Class B Telec UL 1950 CSA22 2 No 950 T V GS EN60950 For further information on the certifications for the AG 2000w product visit http www nomadix com...

Page 39: ...ithin 0 9dB tolerance in room temperature 11b TX Power Specification Typical 18dBm at 11 5 5 2 1Mbps at room temperature 25 degree C ALC loop to control transmit power within 0 9dB tolerance in room t...

Page 40: ...to the AG 2000w and you want to access information quickly and efficiently It contains all the information you will find in this User s Guide For more information about WebHelp and other online docum...

Page 41: ...ting the system Logging in to the Command Line Interface Establishing the AG 2000w s start up configuration Establishing the basic configuration for subscribers Archiving your configuration settings I...

Page 42: ...wer entry module 1 Power supply 1 Power supply AC cord 1 Plastic anchor 2 Wall mounting screws 2 Rubber feet 4 Protective cardboard ends 2 AG 2000w or AG 2000wa unit 1 End User License Agreement EULA...

Page 43: ...lt DHCP address Log in to the Command Line Interface Establish your AG 2000w s start up configuration settings Network Connect the AG 2000w to a live network Export your configuration settings to an a...

Page 44: ...2000w on a flat and stable work surface 2 Connect the system see graphic including the power cord and adapter and Ethernet cable A straight through cable is required when connecting the AG 2000w to a...

Page 45: ...and 90 feet 1 to 30 meters Position your devices so that the number of walls or ceilings is minimized 2 Be aware of the direct line between each device For example A wall that is 1 5 feet thick half a...

Page 46: ...172 30 30 172 or its default DHCP address 2 When connected to the AG 2000w a login prompt appears on your screen The default login user name is admin The password is admin Login names and passwords ar...

Page 47: ...em menu because they both start with the letter s You may also do any of the following Enter b back or press Esc escape to return to a previous menu Press Esc to abort an action at any time Press Ente...

Page 48: ...bedded Web Management Interface WMI The WMI is easier to use point and click and includes some items not found in the CLI You can use either interface depending on your preference The following compos...

Page 49: ...l Messages subscriber other messages 72 Description of Service billing options Plan 140 Home Page URL 237 Host Name and Domain Name DNS settings 64 IP DNS Name passthrough addresses 237 Label billing...

Page 50: ...chnical notes and business cases The PDF version of this User s Guide and associated README files are also available on the Accessories CD ROM supplied with your AG 2000w Quick Reference Guide This ma...

Page 51: ...generated by the AG 2000w Assigning the Network Interface IP Address This is the public IP address that allows administrators and subscribers to see the AG 2000w on the network Use this address when...

Page 52: ...ng for this feature is disabled 1 Enter sy system at the AG Menu The System menu appears 2 Enter lo login The system prompts you for the current login If this is the first time you are changing the lo...

Page 53: ...and identifiers The SNMP parameters include your contact information the get set communities and the IP address of the trap recipient Your SNMP manager needs this information to enable network managem...

Page 54: ...the IP addresses to identify the location of the system and AAA SYSLOG servers on the network the default for both is 0 0 0 0 When logging is enabled log files and error messages are sent to these se...

Page 55: ...nistrators to see the AG 2000w on the network Use this address when you need to make a network connection with the AG 2000w see note 5 When prompted enter a valid network interface IP address After as...

Page 56: ...r network interface IP 10 0 0 10 192 168 0 2 Enter subnet mask 255 255 255 0 255 255 255 192 Enter default gateway IP 10 0 0 1 172 30 30 172 The system must be reset to function properly Reboot yes no...

Page 57: ...for the duration of the session Most users have DHCP capability on their computer To enable this service on the AG 2000w you can either enable the DHCP relay routed to an external DHCP server IP addre...

Page 58: ...5 208 11 0 7 20 PRIV NO 10 0 0 4 255 255 255 0 10 0 0 5 10 0 0 250 30 PRIV NO Default IP Pool DHCP IP Pools Configuration 0 Show IP Pools 1 Add a new IP Pool 2 Modify an IP Pool 3 Remove an IP Pool 4...

Page 59: ...ent domain the default is nomadix 3 Enter a valid domain name the Internet domain that DNS requests will utilize 4 Enter the host name the DNS name of the AG 2000w The host name must not contain any s...

Page 60: ...Host Name newhostname Primary DNS 20 21 22 23 Secondary DNS 21 22 23 24 Tertiary DNS 22 23 24 25 Rebooting The DNS options have been established DNS will now convert subscriber browser URLs into the...

Page 61: ...etwork that is accessible via the AG 2000w s network port Be sure to enable the SNMP daemon on the AG 2000w available on the CLI or Web Management Interface under the Configuration menu snmp 3 All var...

Page 62: ...NOMADIX AG 2000W AG 2000WA 58 Installing the AG 2000w Notes Use this page for your notes...

Page 63: ...ireless standards while the AG 2000wa also operates in the 5 GHz spectrum supporting the 802 11a wireless standard at speeds up to 54 Mbps effectively eliminating interference by other devices that ma...

Page 64: ...ace CLI Choose an interface connection based on your preference Using the Web Management Interface WMI The Web Management Interface WMI is a graphical version of the Command Line Interface comprised o...

Page 65: ...lished you can connect to the AG 2000w via the Internet using an SNMP client manager for example HP OpenView SNMP is the standard protocol used in the Network Management NM system This system contains...

Page 66: ...G 2000w s Web Management Interface use the Manager or Operator login user name and password you defined during the installation process refer to Assigning Login User Names and Passwords on page 48 Abo...

Page 67: ...s AAA Services are used by the AG 2000w to authenticate authorize and subsequently bill subscribers for their use of the customer s network The AG 2000w currently supports several AAA models which are...

Page 68: ...ce as required XML eXtensible Markup Language is used by the AG 2000w s subscriber management module for port location and user administration Enabling the XML interface allows the AG 2000w to accept...

Page 69: ...or disable the Origin Server OS parameter encoding for Portal Page and EWS feature as required 10 Select the authorization mode you want to use Internal Web Server External Web Server 11 Depending on...

Page 70: ...feature and you have the certificate files server pem cakey pem and cacert pem on the flash After selecting the Internal Web Server authorization mode you have the option of enabling or disabling the...

Page 71: ...4 If you enabled the Portal Page feature provide the following supporting information Portal Page URL Parameter Passing enabled or disabled Portal XML POST URL Portal XML Post Port Support GIS Clients...

Page 72: ...either Authorize net or Chainfusion selected from a pull down menu You will need to open a merchant account with Authorize net Chainfusion or Datacenter Luxembourg before this feature can be used Ple...

Page 73: ...Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state Enabling AAA Services with an External Web Server You are here because you...

Page 74: ...simply enter a numeric value in seconds in the Subscriber Idle Timeout box the default is 1200 6 Click on the Submit button to save your changes or click on the Reset button if you want to reset all t...

Page 75: ...000w If a match is not made with the Source IP list the login is denied even if a correct login name and password are supplied The access control list for source IPs supports up to 50 fifty entries in...

Page 76: ...ntrol Start IP field If you are removing a range of IP addresses from the access control list you must now enter the ending IP address in the Access Control End IP field If you are removing a single I...

Page 77: ...ion then Auto Configuration The Autoconfiguration Settings screen appears 2 Enable or disable Autoconfiguration as required 3 If you enabled Autoconfiguration you must enter the following information...

Page 78: ...Defines the automated login into the centralized FTP server and the actual download process into the flash The Auto Configuration setup requires a few basic steps to be completed by both the field eng...

Page 79: ...an FTP server with the configuration files The following diagram shows a sample RADIUS configuration file meta file and illustration of the FTP server setup The Nomadix device will automatically initi...

Page 80: ...iguration then Bandwidth Management The Bandwidth Management screen appears 2 If required click the check box for Bandwidth Management Enabled 3 If you enabled Bandwidth Management enter the uplink an...

Page 81: ...rs Additionally if the primary and secondary servers are down the AG 2000w can store up to 2 000 credit card transaction records When a connection is re established with either server the AG 2000w sen...

Page 82: ...ng Primary IP URL Secret Key 5 Repeat Step 4 for the secondary server if any and all carbon copy servers 6 Define the fail safe provisions including Retransmit Method Alternate or do not alternate Num...

Page 83: ...000w to act as its own DHCP server In both cases DHCP functionality is necessary if you want to automatically assign IP addresses to subscribers 1 From the Web Management Interface click on Configurat...

Page 84: ...s for the same physical LAN When DHCP subscribers select a service plan with a public pool address the AG 2000w associates their MAC address with their public IP address for the duration of the servic...

Page 85: ...the Add button The Add DHCP Pools screen appears 8 Enter a valid DHCP Server IP address for the DHCP server 9 Enter the DHCP Server Netmask 10 Enter the starting and ending IP addresses for the DHCP...

Page 86: ...check box for Reboot after changes are saved then click on the Submit button to save your changes and reboot the system or click on the Reset button if you want to reset all the values to their previ...

Page 87: ...ign a primary secondary or tertiary third DNS server The AG 2000w utilizes whichever server is currently available Use the following procedure to set the DNS configuration options 1 From the Web Manag...

Page 88: ...ver 5 When finished you must reboot the system for the new settings to take effect Click on the check box for Reboot after changes are saved to reboot the system after saving your changes 6 Click on t...

Page 89: ...the redirected home page in the Home Page URL field 4 If required click on the check box for Parameter Passing Parameter passing allows the AG 2000w to track a subscriber s initial Web request usually...

Page 90: ...etween the private and public address domains The Nomadix iNAT engine performs a defined mode of network address translation based on packet type and protocol for example GRE IKE etc 1 From the Web Ma...

Page 91: ...tart and iNAT End fields to enter an IP address or range of IP addresses up to 50 then click on the Add button to add the IP address es or click on the Remove button to delete the IP address es from t...

Page 92: ...ses for the network interface subnet and default gateway You must provide your full location information 1 From the Web Management Interface click on Configuration then Location The Location Settings...

Page 93: ...efault gateway is the IP address of the router that the AG 2000w uses to transmit data to the Internet 7 When finished you must reboot the system for the new settings to take effect Click on the check...

Page 94: ...fied SYSLOG server 3 Enter a unique number between 0 and 7 in the System Log Number field This ID number is assigned to the System Log Server 4 Enter a valid IP address in the System Log Server IP fie...

Page 95: ...even if they are not currently subscribing paying for access 1 From the Web Management Interface click on Configuration then Passthrough Addresses The Passthrough Address Settings screen appears 2 If...

Page 96: ...RADIUS server along with associated attributes for each user When a customer connects into the network the RADIUS client authenticates the customer with the RADIUS server applies associated attribute...

Page 97: ...ng on page 95 RADIUS Attributes on page 200 1 From the Web Management Interface click on Configuration then RADIUS Client The RADIUS Client Settings screen appears 2 Under the Server Selection options...

Page 98: ...pe then define the NAS port in the NAS Port Type field 10 To send the Framed IP address with your account request click on the check box for Send Framed IP 11 If required check the box for Enable Sess...

Page 99: ...up RADIUS Service Profiles up to 10 and Realm based Routing Policies up to 50 For additional RADIUS information see also Defining the RADIUS Client Settings RADIUS Client on page 92 RADIUS Attributes...

Page 100: ...thentication This category requires input for enabling RADIUS authentication and requires you to define IP addresses ports and secret keys for the primary and secondary RADIUS servers the secondary se...

Page 101: ...and returning a response to the client indicating that it has received the request 9 To enable the accounting service for your RADIUS functionality click on the check box for Enable RADIUS Accounting...

Page 102: ...vice Profile you can return to the previous screen RADIUS Routing Settings by clicking on the Back to Main RADIUS Routing Settings page link The RADIUS Service Profile you just created is added to the...

Page 103: ...nly Suffix match only Match either 22 Select the required RADIUS Service Profile from the pull down menu 23 Click on the Strip off routing information check box if you want to remove the routing infor...

Page 104: ...W AG 2000WA 100 System Administration 26 The Realm Routing Policy you just created is added to the list Your new RADIUS Service Profiles are added to this list Your new Realm Routing Policies are adde...

Page 105: ...box for SMTP Redirection Misconfigured to enable this feature for misconfigured subscribers 3 Click on the check box for SMTP Redirection Properly Configured to enable this feature for properly confi...

Page 106: ...egulates network management over the Internet To do this you must set up the SNMP communities and identifiers For more information about SNMP see Using an SNMP Manager on page 61 1 From the Web Manage...

Page 107: ...o enable network management over the Internet 4 When finished you must reboot the system for the new settings to take effect Click on the check box for Reboot after changes are saved to reboot the sys...

Page 108: ...gs Summary You can display a summary listing of all your current Configuration settings To view the summary listing go to the Web Management Interface click on Configuration then click on Summary The...

Page 109: ...C Universal Coordinated Time based on the ISO 8601 standard UTC is used in conjunction with RADIUS servers for example if the RADIUS server is setup for a time zone that is different from the AG 2000w...

Page 110: ...rchy such as finance yahoo com sports yahoo com etc The system administrator can dynamically add or remove specific IP addresses and domain names to be filtered for each property 1 From the Web Manage...

Page 111: ...PSec tunneling with strong data encryption Establishing the IPSec tunnel not only allows for the secure management of the Nomadix gateway using any preferred management protocol but also the secure ma...

Page 112: ...exchange of management traffic either originating at the NOC or from the edge device through the IPSec tunnel Alternatively AAA data such as RADIUS Authentication and Accounting traffic can be sent t...

Page 113: ...click on the appropriate check box 5 For the remote end of the tunnel enter the peer IP address in the Peer IP field 6 Enter the IP address of the Remote IP Subnet 7 Enter the Subnet Mask for the remo...

Page 114: ...e screen appears Displaying DAT Sessions DAT The AG 2000w provides plug and play access to subscribers who are misconfigured with static permanent IP addresses or subscribers that do not have DHCP fun...

Page 115: ...able go to the Web Management Interface click on Network Info then click on Hosts The Host Table screen appears Displaying ICMP Statistics ICMP You can display the current ICMP Internet Control Messag...

Page 116: ...You can display the network interfaces which are presented as a detailed listing of all interface communication elements and their current status To view the Network Interfaces go to the Web Manageme...

Page 117: ...nt status With IP transmissions data is broken up into packets which are then sent over the network By using IP addressing Internet Protocol ensures that the data reaches its destination even though d...

Page 118: ...ables Routing You can display the current Routing Tables including any dynamically generated routes unreachable routes or wildcard routes To view the Routing Tables go to the Web Management Interface...

Page 119: ...e Web Management Interface click on Network Info then click on Sockets The Socket Table screen appears Displaying the Static Port Mapping Table Static Port Mapping You can display a table which provid...

Page 120: ...trol Protocol statistics which are presented as a detailed listing of all TCP elements and their current status TCP is a standard protocol that manages data transmissions across networks To view the T...

Page 121: ...a detailed listing of all UDP elements and their current status UDP is an Internet standard transport layer protocol It is a connectionless protocol which adds a level of reliability and multiplexing...

Page 122: ...rmation about subscriber access and billing options see the following sections Authorization and Billing on page 176 Subscriber Management on page 179 Subscriber Management Models on page 180 Configur...

Page 123: ...rd 11 In the Expiration Time field define the duration in hours and minutes for the subscriber s authorized access time When the assigned time expires the subscriber must re subscribe to the service 1...

Page 124: ...aims that their connection to the Internet was not completed By reviewing the byte statistics you can clearly see if the subscriber made a successful connection To view the list of Current Subscriber...

Page 125: ...click on Subscriber Administration then Delete by MAC The Delete a Subscriber Profile by MAC screen appears 2 In the Enter MAC Address field enter the MAC address of the profile you want to delete 3 C...

Page 126: ...rface click on Subscriber Administration then Delete by User The Delete a Subscriber Profile by User screen appears 2 In the Username field enter the user name of the profile you want to delete 3 Clic...

Page 127: ...on Subscriber Administration then click on DHCP Leases The Currently Allocated DHCP Leases screen appears Deleting All Expired Subscriber Profiles Expired This procedure shows you how to delete all e...

Page 128: ...tics corresponding to the MAC address Statistics include user name and password if any and the access time remaining for this subscriber 1 From the Web Management Interface click on Subscriber Adminis...

Page 129: ...istics corresponding to the user name Statistics include the subscriber s MAC address and the access time remaining for this subscriber 1 From the Web Management Interface click on Subscriber Administ...

Page 130: ...he currently active database of authorized subscribers based on MAC addresses To view the list of Authorized Subscriber Profiles go to the Web Management Interface click on Subscriber Administration t...

Page 131: ...ribers based on user names You can display the currently active database of authorized subscribers based on their user names To view the list of Authorized Subscriber Profiles go to the Web Management...

Page 132: ...ist includes the number of subscribers currently in the database Current Table and a numerical breakdown of how the subscribers can utilize the system for example free access credit card etc The total...

Page 133: ...lling options for use with the Internal Web Server IWS based on Billing plans including pricing and bandwidth Messages displayed to subscribers including an Introduction Message Offer Message and Poli...

Page 134: ...NOMADIX AG 2000W AG 2000WA 130 System Administration 1 From the Web Management Interface click on Subscriber Interface then Billing Options The Internal Billing Options Setup screen appears...

Page 135: ...active To view or edit a billing plan simply click on the Show Change button opposite the corresponding plan The Internal Billing Options Plan Setup screen appears for the billing plan you selected Pl...

Page 136: ...heir previous state 11 Click on the Back button at any time to return to the Internal Billing Options Setup previous screen 12 Repeat Steps 2 through 11 for each billing plan You can enable make activ...

Page 137: ...evious state Setting Up the Information and Control Console ICC Setup The Nomadix Information and Control Console ICC is a HTML pop up window that is presented to subscribers allowing them to select t...

Page 138: ...ace then ICC Setup The ICC Setup screen appears 2 If you want subscribers to see the ICC pop up window click on the check box for Display ICC Information and Control Console to enable this feature 3 I...

Page 139: ...ing Buttons 6 When assigning the redirect buttons that will appear in the ICC you can define one ISP Logo Button large button and up to 8 smaller buttons Button 2 through Button 9 with the following p...

Page 140: ...click on the Reset button if you want to reset all the values to their previous state 9 You can now assign the banners that you want to display to subscribers Assigning Banners 10 From the Subscriber...

Page 141: ...d banner closes When assigning images and times for banners refer to Pixel Sizes on page 138 and Time Formats on page 138 11 Define the parameters for your banner s Name Text Target URL Image Name see...

Page 142: ...th x 32 pixels height ISP Button 98 pixels width x 26 pixels height Small buttons 45 pixels width x 26 pixels height Time Formats Use the following formats when defining times Duration for Banners 1 t...

Page 143: ...ASP knowledge The language you select here will determine the language encoding that the AG 2000w s Internal Web Server instructs the browser to use The available language options are English Chinese...

Page 144: ...d enter and display Japanese characters on the Web Management Interface and the subscriber s portal page choose the Japanese Shift_JIS option If you want to have the ICC displayed in English but enter...

Page 145: ...ber s Login UI Login UI This procedure allows you to set up the presentation and content of the subscriber s login User Interface UI 1 From the Web Management Interface click on Subscriber Interface t...

Page 146: ...to remember logins for a predetermined duration see next step 5 If you enabled the Remember Me option define the duration in days in the Remember for how many days field 6 If required define a Help H...

Page 147: ...Image File Name field 12 If you made changes to the Image File Name or Partner Image File Name fields you must reboot the AG 2000w for your changes to take effect In this case click on the check box...

Page 148: ...NOMADIX AG 2000W AG 2000WA 144 System Administration Subscriber Login Screen Sample The following sample shows a subscriber login screen...

Page 149: ...Buttons The Subscriber Page Control Button Definitions screen appears 2 Enter the definitions you want for each control button in the corresponding fields 3 Click on the Submit button to save your cha...

Page 150: ...nt Interface click on Subscriber Interface then Subscriber Labels The Subscriber Page Field Label Definitions screen appears 2 Enter the definitions you want for each label in the corresponding fields...

Page 151: ...ors This procedure allows you to define how error messages are displayed to subscribers 1 From the Web Management Interface click on Subscriber Interface then Subscriber Errors 1 of 2 The Subscriber P...

Page 152: ...n the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field val...

Page 153: ...This procedure allows you to define how other subscriber messages are displayed 1 From the Web Management Interface click on Subscriber Interface then Subscriber Messages 1 of 3 The Subscriber Page Ot...

Page 154: ...e in the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field...

Page 155: ...NOMADIX AG 2000W AG 2000WA System Administration 151 5 Repeat Steps 1 3 for page 3 of 3 see following screen...

Page 156: ...network that supports hardware broadcasting This procedure shows you how to add an ARP table entry 1 From the Web Management Interface click on System then ARP Add The Add ARP Table Entries screen ap...

Page 157: ...ed to a single physical network that supports hardware broadcasting This procedure shows you how to delete an ARP table entry 1 From the Web Management Interface click on System then ARP Delete The De...

Page 158: ...administrators to effectively remove the AG 2000w from the network without physically disconnecting the unit You can still manage the AG 2000w when Bridge Mode is enabled but you have no other functi...

Page 159: ...to change the configuration settings and you are unsure of the effect that the changes will have You can restore the archived system configuration settings at any time with the import function 1 From...

Page 160: ...0w If you restore the factory default configuration settings you will no longer be able to access the AG 2000w remotely However you always have the option of using the import function to restore syste...

Page 161: ...ry log go to the Web Management Interface and click on System then History The Uptime and Access Reboot History screen appears The Uptime field displays the time in days hours minutes and seconds that...

Page 162: ...he Import Configuration screen appears 2 Click on the OK button to replace the current system configuration settings with the settings contained in the archive txt file see notes above The archived co...

Page 163: ...been assigned managers have the ability to perform all write commands Submit Reset Reboot Add Delete etc but operators cannot change any system settings When this feature is enabled one manager and th...

Page 164: ...password and instruct the AG 2000w to send a RADIUS access request to the RADIUS server following the same basic rules as if the request was from a user The URL for the test page is http AG 2000w_IP...

Page 165: ...MAC address Up to 50 MAC addresses can be blocked at any one time see caution 1 From the Web Management Interface click on System then MAC Filtering The MAC Filtering screen appears 2 Click on the ch...

Page 166: ...eb Management Interface click on System then Ping The Ping a host via the network port screen appears 2 Enter an IP address in the IP address of host to ping field 3 Click on the Submit button to ping...

Page 167: ...Web Management Interface click on System then Reboot The Reboot Device screen appears 2 Click on OK to reboot the operating system The reboot procedure outlined on this page allows you to decide when...

Page 168: ...teway or router IP address by which the route s destination can be reached 1 From the Web Management Interface click on System then Route Add The Add Static Routes screen appears 2 Enter the Destinati...

Page 169: ...om the Web Management Interface click on System then Route Delete The Delete Static Routes screen appears 2 Enter the Destination IP address of the route you want to delete from the routing table 3 Cl...

Page 170: ...if necessary then block malicious users 1 From the Web Management Interface click on System then Session Limit The Session Rate Limiting screen appears 2 Click on the check box for Session Rate Limit...

Page 171: ...the AG 2000w The advantage for the network administrator is that free private IP addresses can be used to manage devices such as Access Points on the subscriber side of the AG 2000w without setting th...

Page 172: ...ence Leave this field set to zero if you want to connect to the device from any TCP UDP port of a network side workstation 9 Select the protocol TCP or UDP from the pull down menu 10 Click on the Add...

Page 173: ...ts on the subscriber side of the AG 2000w without setting them up with public IP addresses This procedure shows you how to add static ports 1 From the Web Management Interface click on System then Sta...

Page 174: ...stration Updating the AG 2000w Firmware Upgrade Upgrading the AG 2000w firmware is performed from the AG 2000w s Command Line Interface CLI only Refer to the Firmware Upgrade Procedure separate docume...

Page 175: ...settings and optimize transmissions and wireless security See also Why Choose Wireless on page 8 Offering Speed and Efficiency on page 10 Optimizing Performance on page 10 Installation Considerations...

Page 176: ...you experience a high packet error rate Setting the fragment length too low may result in poor performance 8 Define the RTS Length between 256 and 2346 This value should remain at its default setting...

Page 177: ...key identifier in the fields corresponding to to the four keys Key 1 Key 2 Key 3 Key 4 16 If you made any changes to this screen click on the check box for Reboot after changes are saved 17 Click on...

Page 178: ...NOMADIX AG 2000W AG 2000WA 174 System Administration Notes Use this page for your notes...

Page 179: ...tinuously tracks subscriber IP and MAC settings eliminating the need for further sign ins and ensuring that subscriber usage and billing is recorded accurately The AG 2000w also eliminates configurati...

Page 180: ...n any environment billing is a complex process It requires accurate data collection and reconciliation a means to validate and protect the data and an efficient method for collecting payments The AG 2...

Page 181: ...are MAC address By validating their user name and password By looking up subscribers on a local flash database By looking up subscribers on a remote database The initial login page can be presented in...

Page 182: ...r s Portal Page Internal or External Web Server AG 2000w detects connection and verifies user against authorization table Lease time has expired Purchase more time Yes No Internet and local online ser...

Page 183: ...Language Support The AG 2000w s subscriber interface supports many Asian and European languages including English Chinese French German Japanese and Spanish Home Page Redirection The AG 2000w can be c...

Page 184: ...thorization table If the MAC address is verified the AG 2000w authorizes access to the Internet A possible scenario for using this model is to allow Internet access to administrative personnel in all...

Page 185: ...rvice The user name and password are optional the MAC address will be substituted but in this event the service is not transferable between computers Credit card Enable the AAA services You have the c...

Page 186: ...nd provide a choice of redirection options For information about configuring the ICC refer to Setting Up the Information and Control Console ICC Setup on page 133 ICC Pop Up Window The ICC displays a...

Page 187: ...ons and display the configuration settings and set the system date and time SNMP and SYSLOG parameters Network Info Displays the Network Info menu The items in this menu are used to monitor and review...

Page 188: ...Web Management and FTP sources Auto Configuration Provides an effortless and rapid method for configuring devices for fast network roll outs Bandwidth Management Allows system administrators to manag...

Page 189: ...ons SNMP Establishes the SNMP parameters Summary Displays a summary listing of all configuration settings Time Allows you to set the system date and time URL Filtering Allows system administrator to d...

Page 190: ...MAC Allows you to delete a subscriber based on a specific MAC address Delete by User Allows you to delete a subscriber based on a specific user name DHCP Leases Sets up the current subscriber DHCP lea...

Page 191: ...ncy Subscriber Buttons Allows you to define how each of the subscriber s user interface control buttons are displayed Subscriber Labels Allows you to define how the subscriber s user interface field l...

Page 192: ...ssword MAC Filtering Enhances Nomadix access control technology by allowing system administrators to block malicious users based on their MAC address Ping Allows you to ping test a host via the networ...

Page 193: ...settings System Find by MAC Find a subscriber profile by MAC address Subscriber Admin Find by User Find a subscriber profile by user name Subscriber Admin History Display the system s history log Syst...

Page 194: ...Delete Deletes a static port mapping scheme System Statistics Display the subscriber profile statistics Subscriber Admin Subscriber Buttons Define how control buttons are displayed to subscribers Subs...

Page 195: ...nique for each product Network Interface IP Subnet Mask Default Gateway IP DHCP Client Admin IP 10 0 0 10 255 255 255 0 10 0 0 1 Enabled 172 30 30 172 Wireless Setings SSID SSID Broadcast Channel Rate...

Page 196: ...abled 2 0 0 0 0 AAA Services Internal Authorization New Subscribers Credit Card Service Parameter Passing Usernames XML Disabled Enabled Enabled Enabled Disabled Enabled Disabled DNS Redirection SMTP...

Page 197: ...ion and Control Console Global Roaming Support MEDIA ACCESS CONTROL CSMA CA PORTS 10 100Base T Ethernet RJ 45 UTP WIRELESS 802 11b Specifications Frequency band 2 4GHz 2 4835GHz Data Rates 11 5 5 2 1...

Page 198: ...ssion Limiting ANTENNA TYPE 802 11b g 2dBi 802 11a 3dBi AUTHENTICATION Internal data base Universal Access Method UAM using SSL Smart Client Support Adjungo Networks Boingo Wireless iPass GRIC IEEE 80...

Page 199: ...CE R TTE EN301328 EN301893 EN301489 1 EN301489 17 VCCI Class B Telec UL 1950 CSA22 2 No 950 T V GS EN60950 For further information on the certifications for the AG 2000w product visit http www nomadi...

Page 200: ...wer within 0 9dB tolerance in room temperature 11b TX Power Specification Typical 18dBm at 11 5 5 2 1Mbps at room temperature 25 degree C ALC loop to control transmit power within 0 9dB tolerance in r...

Page 201: ...INFO AG_AAA 4007 AAA_Interface Added_by_administrator 00 00 0 12 34 56 20 hrs 34 min Mar 31 21 35 15 nomad237 nomadix com INFO AG_AAA 4009 AAA Interface Updated_by_administrator 00 00 0 12 34 56 2 hrs...

Page 202: ...includes the system s activity Access Reboot and Uptime 2003 02 10 11 25 53 Local2 Info 1 2 3 4 INFO AG v1 3 028 DHCP ndxDHCPInit 0021 DHCP initialized 2003 02 10 11 25 53 Local2 Info 1 2 3 4 INFO AG...

Page 203: ...ed data and place it on the clipboard Ctrl X Copy selected data to the clipboard Ctrl C Paste data from the clipboard into a document at the insertion point Ctrl V Copy the active window to the clipbo...

Page 204: ...can all be stored in a RADIUS database RADIUS works in conjunctions with NAS Network Access Server devices to determine if access to the service network should be granted and if so with what privileg...

Page 205: ...ill instruct the NAS to deny access to the network The Nomadix AG 2000w RADIUS functionality can be broken down into the following categories Authentication Request Authentication Reply Accounting Req...

Page 206: ...or 802 1x Class Session Timeout Idle Timeout EAP Packet used for 802 1x Message Authenticator used for 802 1x Acct Interim Interval Nomadix VSAs Nomadix Bw Up Nomadix Bw Down Nomadix URL Redirection N...

Page 207: ...e Acct Session ID Acct Output Octets Acct Input Octets Acct Output Packets Acct Input Packets Class Nomadix VSAs Nomadix URL Redirection Nomadix IP Upsell Acct Session Time Stop Terminate Cause Stop N...

Page 208: ...the AG 2000w will immediately detect a Session Timeout However in the case of an Idle Timeout or an inactive subscriber Session Timeout the AG 2000w detects it via a clean up function that is currentl...

Page 209: ...nloads are performed Nomadix URL Redirection This attribute allows the administrator to redirect the user to a page of the administrators choice each time the user logs in Nomadix IP Upsell This attri...

Page 210: ...server ID from different Certificate Authorities CAs such as VeriSign The Certificate Authority sets this qualification criterion 3 You will need to generate your own Private Key and Certificate Sign...

Page 211: ...kstation large compressed log files recommended by VeriSign These files are put in as file1 file2 file3 file4 file5 in the key generation command Downloading Cygwin There are several sources for obtai...

Page 212: ...NOMADIX AG 2000W AG 2000WA 208 Quick Reference Guide The following screen appears Click on the Next button to display the next setup screen Click on the Next button to display the next setup screen...

Page 213: ...Guide 209 Click on the Next button to display the next setup screen Click on the Next button to display the next setup screen Select a location and click on the Next button For the purposes of this d...

Page 214: ...following screens please skip all packages except cygwin and openssl then click on the Next when you are done At the time of this writing there are more than 70 packages to install Please ensure that...

Page 215: ...og to inform you that the installation process is completed At the pop up dialog click on the OK button Private Key Generation Create a directory from Root and put 5 random files a dat b dat c dat d d...

Page 216: ...lements openssl openssl command genrsa A parameter for openssl to generate an RSA key Rand A parameter for openssl to generate a random number from the files list file1 file2 file5 These five large ra...

Page 217: ...e than 80 characters If you are creating multiple keys please output them into different directories and save them as different names However if you saving them as a different namse you must change th...

Page 218: ...ation If States or Province names do not exist in your country please repeat the Locality Name The Common Name is the name used in the AG AAA SSL Certificate Domain Name The Common Name in the Public...

Page 219: ...process varies by Certificate Authority Generally you will need to send a Certificate Signing Request to the Certificate Authority CA and the CA will create a public key base on the certificate reque...

Page 220: ...to proof the existence of your business Please follow the instruction from VeriSign carefully In addition there is one section about generating a CSR however since you have already created the CSR in...

Page 221: ...edit box Select the purchase method and summit the required contact information When you receive an email from VeriSign with Secure Server ID Global Server ID if you create a 128 bit key that contain...

Page 222: ...r SSL Secure Login FTP the cakey pem and server pem files into the AG 2000w platform s flash directory FTP to the AG 2000w by Netscape ftp username password AG_Network_IP flash Drag and drop the cakey...

Page 223: ...previously defined by system administrators The AG 2000w assumes control of billing transmissions and saving billing records By effectively mirroring the billing data the AG 2000w can send copies of b...

Page 224: ...a string of XML commands according to specifications HTTP headers are added to the XML packets that are built as the billing mirroring information is sent to the external server in HTTP compliant XML...

Page 225: ...re for authentication RESULT_VALUE OK or ERROR IP Standard IP address format 123 123 123 123 The packet after the HTTP headers added looks like this XML to AG 2000w The AG 2000w accepts a single line...

Page 226: ...ple of a Negative Acknowledgement AG COMMAND RMTLOG_ACK ACK_VALUE ERROR ACK_VALUE IP_ADDR 11 22 33 44 IP_ADDR ERROR_CODE 5 ERROR_CODE AG Format for each Field RESULT_VALUE OK or ERROR IP Standard IP f...

Page 227: ...Management Interface CLI and Web All messages are listed alphabetically Error Message Cause AAA must be enabled before adding a subscriber to the profile database You are attempting to add a subscribe...

Page 228: ...have made changes to the system s configuration that requires you to reboot before your changes become effective Warning before using this command you must FTP a valid boot image to the flash When upg...

Page 229: ...erver Check the IP address for the external DHCP server If necessary test the communication with the ping command The DHCP relay is enabled with the correct IP address for the external DHCP server but...

Page 230: ...ntered into the AG 2000w incorrectly Re enter the correct URL The server that hosts the home page is down or the service provider if different from the host is not able to route to your page Check tha...

Page 231: ...your network documentation to verify that the network components are functioning correctly If you cannot resolve the problem with your documentation resources try connecting to our corporate Web site...

Page 232: ...NOMADIX AG 2000W AG 2000WA 228 Technical Support Notes Use this page for your notes...

Page 233: ...Hz band 802 1Q An IEEE standard for providing a virtual LAN capability within a campus network 802 1Q establishes a standard format for frame tagging Layer 2 VLAN markings enabling the creation of VLA...

Page 234: ...ress ARP is limited to a single physical network that supports hardware broadcasting ATM Asynchronous Transfer Mode A network technology based on transferring data in cells or packets of a fixed size...

Page 235: ...ng IP addresses automatically to devices connected on a TCP IP network When a new device connects to the network the DHCP server assigns an IP address from a list of its available addresses The device...

Page 236: ...ternet Both parties use online services to conduct business transactions Transactions may include generating orders invoices and payments and submitting inquiries Also known as Enterprise ESS Extended...

Page 237: ...modem manufacturer to support new protocols as they become standardized Forwarding Rate The maximum rate at which 64K packets can be delivered to their destination See also Packet Packet Switching Net...

Page 238: ...re widely followed iNAT Intelligent Network Address Translation Nomadix iNAT feature creates an intelligent mapping of IP addresses and their associated VPN tunnels allowing multiple tunnels to be est...

Page 239: ...es their computer s network settings to provide them with seamless access to the broadband network Subscribers no longer need to alter their computer s settings See also Dynamic IP Address IP Address...

Page 240: ...sary IP address translations NAT provides a type of firewall by hiding its internal IP addresses Additionally NAT enables companies to use more internal IP addresses because the addresses are only use...

Page 241: ...e all the packets forming a message arrive at its destination they are recompiled into the original message Most modern Wide Area Network WAN protocols including TCP IP X 25 and Frame Relay are based...

Page 242: ...set up time and the speed of fault detection and correction Service providers may guarantee a particular level of QoS defined by a service level agreement to their subscribers QoS enabled hardware an...

Page 243: ...endors are considered to be solution providers when they provide products and or services that meet their customer s specific needs Normally a solution provider is offering a solution that isn t readi...

Page 244: ...ork is to the Internet Subnet Address The subnet portion of an IP address that is dedicated to the subnet In a subnetted network the host portion of an IP address is split into a subnet portion and a...

Page 245: ...data across a Virtual Private Network VPN It does this by embedding its own network protocol within the TCP IP packets carried by the Internet See also TCP IP and VPN ToS Type of Service A field with...

Page 246: ...ovide the same level of security as that of a wired LAN LANs are inherently more secure than WLANs because LANs are somewhat protected by the physicalities of their structure having some or all of the...

Page 247: ...tion system to ensure that only authorized network users can access the network It should be noted that WPA is an interim standard that will be replaced with the IEEE s 802 11i standard upon its compl...

Page 248: ...NOMADIX AG 2000W AG 2000WA 244 Glossary of Terms Notes Use this page for your notes...

Page 249: ...nt 76 Basic configuration 53 benefits and features 12 billing 13 176 process overview 176 billing log options 90 billing options 129 billing records mirroring 219 billing records mirroring 29 77 bridg...

Page 250: ...ry log 157 198 home page redirect 18 home page redirection 85 179 host name 55 83 hosts table 111 HPR 18 85 I ICC 20 133 182 ICMP statistics 111 IEEE standards 10 importing 158 importing configuration...

Page 251: ...Info menu 110 network interfaces 112 Nomadix private MIB 27 NSE core functionality 15 NTP support 22 O online Help 36 optional NSE modules 29 Credit Card Module 30 High Availability Module 30 P partit...

Page 252: ...subnet mask setting up 51 89 subscriber configuring management models 181 management 179 models 180 Subscriber Administration 118 Subscriber Interface 129 175 subscriber messages 149 subscriber profi...

Page 253: ...dating firmware 170 URL filtering 27 106 V VPN tunneling 107 W walled garden 28 Web Management Interface 28 60 menu organizatiion 44 overview 43 Web servers 179 wireless configuration 171 WMI menu org...

Page 254: ...NOMADIX AG 2000W AG 2000WA 250 Index This page intentionally blank...

Reviews:

No comments