manualshive.com logo in svg

Nomadix AG 2300, User Manual, Page: 117 / 294

Share
Download
Nomadix AG 2300 User Manual Download Page 117

 

A

CCESS 

G

ATEWAY

 

System Administration 

 105  

2. 

Select the tunnel peer IP address for which you would like to add a security policy from the 

Tunnel 

peer IP address 

menu. You must select a peer if the policy is using 

ESP 

or 

AH

; if the policy is a 

Discard 

or 

Bypass 

policy, select 

none

3. 

In the 

Traffic Selectors 

section, define a specific protocol by one of the following methods: 

 

Select a specific protocol from the 

Protocol 

menu. 

 

Enter a specific protocol number in the 

Protocol

 field. Protocol numbers are available at 

www.iana.org/assignments/protocol-numbers

. 

Next you will define selectors of the Security Policy. All selectors must match for the policy to be applied. 

4. 

Define the following selectors for the 

Remote End

 

Remote IP/Subnet 

– Enter the IP address of the remote network secured by the IPSec tunnel. The 

address can specify a host. 

 

Subnet Mask 

– Enter the subnet mask of the remote network secured by the IPSec tunnel. 

 

Remote UDP/TCP Port 

– Enter the port number; 

is for all ports (only if protocol is UDP or TCP). 

5. 

Security Policy can derive the settings for the Local End from the current Network IP settings of the 
unit. Select one of the following network options for the 

Local End

 

Use current Network Interface IP Address 

– Select this option if you would like to use the 

current network interface IP Address. Note that the network IP address is dynamic if DHCP or 
PPPoE client is enabled. This setting is the default setting. 

 

Use this static IP address/subnet 

– If you select this option you must also enter the 

Local 

IP/Subnet

, the 

Subnet Mask

, and the 

IP address of network interface for this policy

 

The 

Local IP/Subnet 

is the IP address of the local network secured by the IPSec tunnel. 

The address can specify a host. 

 

The 

Subnet Mask 

is the subnet mask of the local network secured by the IPSec tunnel. The 

address can specify a host. 

 

The 

IP address of network interface for this policy 

is the IP Address for the NSE inside 

an IPSec tunnel. The IP address must be within the Local LAN subnet or the same as the 
Local LAN IP address. IP address 0.0.0.0 disables the functionality. The default setting is 
0.0.0.0. 

6. 

Enter the port number in the 

Local UDP/TCP Port 

field; 

is for all ports (only if protocol is UDP or 

TCP). 

7. 

In the 

Security Parameters 

section, define the parameters of the security policy. The options are 

Discard

Bypass

ESP

, and 

AH

ESP 

is the default setting. 

 

Discard 

 

Bypass 

– Select the direction of the discard/bypass; the options are: 

In only

Out only

, or 

In 

and Out

Out only 

is the default setting. 

 

ESP 

– Select all the acceptable encryption algorithms by putting a check in the checkbox of 

each option; the options are: 

DES

3DES

, and 

NULL

3DES 

is the default setting. See 

Setting 

joint ESP and AH parameters

 on page 105 to set parameters that pertain to both ESP and AH 

polices. 

 

AH 

– See 

Setting joint ESP and AH parameters

 on page 105 to set parameters that pertain to 

both ESP and AH policies. 

Setting joint ESP and AH parameters 

These parameters affect both ESP and AH policies. 

1. 

Select all the 

Acceptable authentication algorithms 

by putting a check in the checkbox of each 

option; the options are: 

MD5

SHA

, and 

NULL

. The default settings are 

MD5 

and 

SHA

2. 

Select the 

Perfect Forward Secrecy Strength 

to enable PFS. PFS makes the keying material used 

in protecting the data independent of the keying material used for protecting the IKE exchanges. 

Summary of Contents for AG 2300

Page 1: ......

Page 2: ...s Reserved Livingston Enterprises Inc Copyright 1992 Livingston Enterprises Inc All Rights Reserved The Regents of the University of Michigan and Merit Network Inc Copyright 1992 1995 All Rights Reser...

Page 3: ...serial number in this box Patent Information Please see the Nomadix website for a list of US and foreign patents covering this product release Disclaimer Nomadix Inc makes no warranty either express o...

Page 4: ...tenter de demontre l appareil ATTENTION Lire le mode d emploi avant utilisation WARNUNG Nicht ffnen elektrische Bauteile ACHTUNG Lesen Sie das Handbuch bevor Sie das Ger t in Betrieb nehmen AVISO Ries...

Page 5: ...nding 5 NSE Core Functionality 7 Access Control 8 Bandwidth Management 8 Billing Records Mirroring 9 Bridge Mode 9 Class Based Queueing 9 Command Line Interface 12 Daylight Savings Time and IANA Time...

Page 6: ...ermination Redirect 21 Smart Client Support 21 SNMP Nomadix Private MIB 21 Static Port Mapping 21 Tri Mode Authentication 21 URL Filtering 21 Walled Garden 22 Web Management Interface 22 Weighted Fair...

Page 7: ...Your Location Information 44 Step 3 Retrieving Your License Key 44 Step 4 Configuring the System 45 Step 5 Configuring AG DHCP Server Settings 45 The Management Interfaces CLI and Web 47 Making Menu S...

Page 8: ...licy Operation 81 Group Bandwidth Limit Policy Current Table 82 Establishing Billing Records Mirroring Bill Record Mirroring 82 Class Based Queueing 84 Clustering Clustering 86 Configuring Destination...

Page 9: ...ation 142 Network Info Menu 144 Displaying ARP Table Entries ARP 144 Displaying DAT Sessions DAT 144 Displaying the Host Table Hosts 144 Displaying ICMP Statistics ICMP 145 Displaying the Network Inte...

Page 10: ...ions 170 Setting Up the Information and Control Console ICC Setup 175 Defining Languages Language Support 179 Enable Serving of Local Web Pages Local Web Server 181 Defining the Subscriber s Login UI...

Page 11: ...Configuring the Subscriber Management Models 213 Information and Control Console ICC 215 ICC Pop Up Window 215 Logout Console 215 Quick Reference Guide 216 Web Management Interface WMI Menus 217 Conf...

Page 12: ...ey Generation 254 Create a Certificate Signing Request CSR File 256 Create a Public Key File server pem 257 Setting Up Access Gateway for SSL Secure Login 259 Changing Settings in the WMI 259 Mirrorin...

Page 13: ...Access Gateway s functionality and features Refer to Product Specifications on page 228 for a list of Access Gateway Products that this document supports The Nomadix Access Gateway hardware is configu...

Page 14: ...bscriber interface It also includes an outline of the authorization and billing processes utilized by the system and the Nomadix Information and Control Console Chapter 5 Quick Reference Guide Contain...

Page 15: ...ete solution to a set of complex issues in the Enterprise Public LAN and Residential segments Product Configuration and Licensing All Nomadix Access Gateway products are powered by our patented and pa...

Page 16: ...scalable large public access deployments Provides capabilities for load balancing and fail over management across multiple ISPs Platform Reliability The Access Gateway is designed as a network applian...

Page 17: ...cess Method UAM IEEE 802 1x and Smart Clients for companies such as Adjungo Networks Boingo Wireless GRIC and iPass MAC based authentication is also available Security The patented iNAT Intelligent Ne...

Page 18: ...itself at freely configurable intervals 4 The Information and Control Console ICC contains multiple opportunities for an operator to display its branding or the branding of partners during the user s...

Page 19: ...ing Bridge Mode Class Based Queueing Command Line Interface Dynamic Address Translation Dynamic Transparent Proxy End User Licensee Count External Web Server Mode Facebook Authentication Home Page Red...

Page 20: ...allows administrators to block access from Telnet Web Management and FTP sources Administration can now be performed after unblocking the interfaces for the Subscriber side of the NSE The Administrati...

Page 21: ...SE forwards any and all packets except those addressed to the NSE network interface The packets are unmodified and can be forwarded in both directions The Bridge Mode function is a very useful feature...

Page 22: ...80Mbps because it has a higher priority with 20Mbps taken by the Public class its minimum guarantee If however there were no users in the Public class then the Guest Room class could take 100 of the b...

Page 23: ...200 with upper bandwidth of 6M Two classes Class1 Priority 1 Minimum 400M Maximum 900M Class2 Priority 2 Minimum 200M Maximum 900M 100 subscribers with each limit are assigned to Class1 and 100 to Cla...

Page 24: ...ueueing concurrently with Weighted Fair Queueing the NSE will maintain the weighting when multiple WAN interfaces with Load Balancing are configured The upper bandwidth limit is constrained by the max...

Page 25: ...support calls than competitive products End User Licensee Count The NSE supports a range of simultaneous user counts depending on the Nomadix Access Gateway you choose In addition depending on your pl...

Page 26: ...define multiple instances to intercept the browser s request and replace it with freely configurable URLs Portal page redirect enables redirection to a portal page before the authentication process T...

Page 27: ...of VPN connectivity by misconfigured users thus reducing customer support costs and boosting customersatisfaction Maintains the security benefits of traditional address translation technologies while...

Page 28: ...ML or ASP knowledge The language you select determines the language encoding that the IWS instructs the browser to use The available language options are English Chinese Big 5 French German Japanese S...

Page 29: ...to make a single logical interface The network must be configured and support active LACP Link Aggregation will not allow throughput beyond the device supported throughput Logout Pop Up Window As an...

Page 30: ...driven Auto Configuration functionality utilizes the existing infrastructure of a mobile operator to provide an effortless and rapid method for configuring devices for fast network roll outs Once conf...

Page 31: ...DIUS Re Authentication The NSE s Internal Web Server IWS stores encrypted login cookies in the browser to remember logins using usernames and passwords This Remember Me functionality creates a more ef...

Page 32: ...ss clients by enabling the Internal Web Server IWS to display pages under a secure link important when transmitting AAA information in a wireless network when using RADIUS SSL requires service provide...

Page 33: ...The advantage for the network administrator is that free private IP addresses can be used to manage devices such as Access Points on the subscriber side of the NSE without setting them up with Public...

Page 34: ...cates bandwidth to individual users or groups in proportion to their individual or group bandwidth limits Weighted Fair Queueing provides a fall back in an over subscribed scenario Example Scenario Yo...

Page 35: ...range of Property Management System PMS interfaces to enable in room guest billing for High Speed Internet Access HSIA service This module also includes 2 Way PMS interface capability for in room bill...

Page 36: ...le The Access Gateway can be deployed effectively in a variety of wireless and wired broadband environments where there are many users usually mobile who need high speed access to the Internet The fol...

Page 37: ...uations should be avoided The cluster will distribute the subscribers MAC addresses according to a modulus calculation based on the last three bytes of the MAC address of the subscriber The result wil...

Page 38: ...ACCESS GATEWAY Introduction 26 The following graphic illustrates a clustering scenario with 12 000 users and three gateways...

Page 39: ...hird or more ISP link as a back up to the primary ISP link In the event that the primary link fails all traffic is re routed to the backup link until such time as the primary link becomes available Co...

Page 40: ...Load Balancing and Failure Considerations 1 Is load balancing or just ISP failover required 2 Is aggregation of multiple low speed links required 3 How reliable are different local ISP services 4 What...

Page 41: ...y link with free users connected to a lower quality link with link failover still available if the preferred link fails Some examples of typical common deployment scenarios are outlined below These ar...

Page 42: ...uest HSIA ISP and Hotel Admin users will connect to the Admin ISP If either link fails then failover to the other link will occur If the Guest HSIA link fails the guests will be connected to the Admin...

Page 43: ...een the WAN port and port ETH2 which is connected to the hotel Admin network router Sharing Guest HSIA Network and Hotel Admin Network Among Multiple ISP Links In this scenario multiple ISP links are...

Page 44: ...e domestic service provided by the local cable TV operator The hotel has a number of bill plan options including free to use and pay to use premium plans Under normal circumstances the hotel wants gue...

Page 45: ...lished following a successful installation WebHelp is HTML based and can be viewed in a browser WebHelp is useful when you have an Internet connection to the Access Gateway and you want to access info...

Page 46: ...used throughout this User Guide General notes and additional information that may be useful are indicated with a Note Cautions and warnings are indicated with a Caution Cautions and warnings provide i...

Page 47: ...ction provides installation instructions for the hardware and software components of the Access Gateway It also includes an overview of the management interface some helpful hints for system administr...

Page 48: ...nstallation Workflow The following flowchart illustrates the steps that are required to install and configure your Access Gateway successfully Review the installation workflow before attempting to ins...

Page 49: ...r and to power up the system 1 Place the Access Gateway on a flat and stable worksurface 2 Connect the power cord 3 Connect the RJ45 console cable between theAccess Gateway s Console port and the fema...

Page 50: ...le dictionary files are located at the following URL http www nomadix com support If you have any problems please contact our technical support team at 1 818 575 2590 or email support nomadix com This...

Page 51: ...s Flow Control 9600 8 None 1 None Subscriber side EthernetConnection Connect an Ethernet cable between the product s Eth1 port and your computer s Ethernet port 5 Setup a SSH client to establish a SSH...

Page 52: ...BE ABLE TO CONNECT TO THE INTERNET DO YOU WANT TO CONFIGURE THE NSE S IP AND DNS SETTINGS yes no y Configuring minimal WAN interface connectivity parameters Configuration Mode static static dhcp pppoe...

Page 53: ...AN Interface configuration Type b to go back esc to abort for help Ethernet port WAN interface configuration Figure 3 WAN port static IP configuration summary page If everything is correct in the summ...

Page 54: ...t configuration summary page If everything is correct in the summary type b ack to return to the previous menu and proceed to step 2 to enter location information Otherwise select an option from the E...

Page 55: ...CP Echo Request Interval 30 Maximum LCP Non responses 6 PPP Authentication User Name Your user name PPP Authentication Password Your password PPP IP Configuration Mode dynamic PPP Static IP Address 0...

Page 56: ...ings When finished with settings type b ack to return to the previous menu and go to step 2 Step 2 Entering Your Location Information You will be required to enter location information in order to obt...

Page 57: ...the AG and use the graphical Web Management Interface WMI you must disable subscriber side HTTP 1 Log in to the AG 2 Navigate to Configuration Access Control Interface 3 Press Enter until you reach Su...

Page 58: ...eway DHCP Parameter Your Settings Default Values DHCP Server Subnet Mask 255 255 255 0 DHCP Pool Start IP Address 10 0 0 12 DHCP Pool End IP Address 10 0 0 72 DHCP Lease Minutes 1440 An example of a b...

Page 59: ...criber Interface See also Menu Organization Web Management Interface on page 57 Making Menu Selections and Inputting Data with the CLI The CLI is character based It recognizes the fewest unique charac...

Page 60: ...essages subscriber other messages 72 Description of Service billing options Plan 140 Home Page URL 237 Host Name and Domain Name DNS settings 64 IP DNS Name passthrough addresses 237 Label billing opt...

Page 61: ...orates an online help system that is accessible from the main window Other online documentation resources available from our corporate Web site www nomadix com support include a full PDF version of th...

Page 62: ...the Access Gateway Assigning the Location Information and IPAddresses Connecting the Access Gateway to the Customer s Network Assigning the Network Interface IP Address This is the public IP address t...

Page 63: ...anagement over the Internet To do this you must set up the SNMP communities and identifiers For more information about SNMP see Using an SNMP Manager on page 65 If you want to use SNMP you must manual...

Page 64: ...t 3 After you have entered yes to the initial prompt enter mod int WAN or m i WAN modify interface WAN Note that modes and interface names are case sensitive The configuration then steps through the s...

Page 65: ...eway to the specified server 1 Enter log logging at the Configuration menu The system displays the current logging status enabled or disabled 2 Enable or disable the system and or AAA logging options...

Page 66: ...n option from above 6 7 Enter RADIUS History Log Server IP 255 255 255 255 10 10 10 10 Enable disable RADIUS History Log Save to file disabled enable Enable disable System Report Log disabled enable E...

Page 67: ...th local laws Consider routing communication through an IPSec tunnel Configuration Logging Out and Powering Down the System Use this procedure to log out and power down the Access Gateway 1 Enter l lo...

Page 68: ...y s adaptive configuration technology provides Dynamic Address Translation DAT functionality DAT is automatically configured to facilitate plug and play access to subscribers who are misconfigured wit...

Page 69: ...eration as a DHCP client The options are configurable on a per pool basis Different sets of options can be configured for different pools A given DHCP option consists of an option code and a value RFC...

Page 70: ...quested IP address 55 parameter request list 56 error message 57 maximum message size 60 vendor class identifier 61 client identifier Items generated automatically by the mechanism of DHCP message con...

Page 71: ...nagement Interface WMI See Ethernet Ports WAN on page 93 for WAN specific DNS configuration To set the DNS global configuration options 1 Enter c configuration at the Access Gateway Menu The Configura...

Page 72: ...Access Gateway Enter UDP DNS Redirection Port 1029 Enter Proxy UDP DNS Port 1028 Enable Disable DNSSEC enabled Host Name usg DNS Redirection Port Mode fixed UDP DNS Redirection Port 1029 Proxy UDP DNS...

Page 73: ...configuration settings you should write the settings to an archive file If you ever experience problems with the system your archived settings can be restored at any time Refer to the following proced...

Page 74: ...nagement Information Base 1 Import the nomadix mib file into your SNMP client manager 2 Connect to the Access Gateway froma node on the network that is accessible via the Access Gateway s network port...

Page 75: ...organized as they are listed under their respective Web Management Interface WMI menus Configuration Menu on page 68 Network Info Menu on page 144 Port Location Menu on page151 Subscriber Administrat...

Page 76: ...s functional command sets You can access the WMI from any Web browser Your browser preferences or Internet options should be set to compare loaded pages with cached pages To connect to the Web Managem...

Page 77: ...e These objects include hardware configuration parameters and performance statistics Managed objects are arranged into a virtual information database called a Management Information Base MIB SNMP enab...

Page 78: ...To access the Access Gateway s Web Management Interface use the Manager or Operator login user name and password you defined during the installation process refer to Assigning Login User Names and Pas...

Page 79: ...ble to you unless you have purchased the appropriate product license from Nomadix In this case the following statement will appear either immediately below the section heading or when the feature is m...

Page 80: ...rts several AAA models that are discussed in Subscriber Management on page 213 1 From the Web Management Interface click on Configuration then AAA The Authentication Authorization and Accounting Setti...

Page 81: ...er xmlcommand password xmlcommand post file addUser xml header Content Type text xml If you select Enable Authentication via IP Address enter the valid XML server address es Up to four addresses are s...

Page 82: ...ication if Portal Page External Web Server is not reachable by placing a check in that box 11 Enable or disable Port Based Billing Policies With Port Based Billing Policies enabled you can individuall...

Page 83: ...y maintains an internal database of authorized subscribers based on their MAC hardware address and user name if enabled By referring to its database record also known as an authorization table the Acc...

Page 84: ...HTTPS pages Instructions for obtaining certificates are provided by Nomadix To enable SSL Support your Access Gateway s flash must include the server pem cakey pem and cacert pem certificate files th...

Page 85: ...Server on page 71 New Subscribers must be enabled before enabling the PayPal and PMS options 7 If you enabled New Subscribers enable or disable the Relogin After Timeout option 8 You can now enable o...

Page 86: ...formation about parameter signing 5 Click on the Save button to save your changes click on Save then Reboot to reboot the Access Gateway and make the changes take effect immediately or click on the Re...

Page 87: ...e Server used must be configured to correctly parse and verify the signing information Documentation that includes guidelines for configuring a server to support signing can be obtained by contacting...

Page 88: ...Support In addition corresponding options to block https connections independent of http are included in the NSE s Access Control functionality for both the network and subscriber sides If the requir...

Page 89: ...this feature then clickon the Save button to save yourchanges If you enabled Access Control administrator access is restricted only to the IP addresses shown under the Currently Access is Permitted fo...

Page 90: ...4 Click on the Save button to save your changes click on Save then Reboot to reboot the Access Gateway and make the changes take effect immediately or click or the Restore button to reset all data to...

Page 91: ...ULA 2 Setup RADIUS Server parameters go to Defining the Realm Based Routing Settings Realm Based Routing on page 130 3 Set up Username and Password for RADIUS Authentication Administrative Steps to En...

Page 92: ...d in Kbps Kilobits per seconds for both upstream and downstream data transmissions With the ICC feature enabled subscribers can increase or decrease their own bandwidth dynamically and also adjust the...

Page 93: ...nteger between 1 and 16777215 inclusive 20 GROUP_BW_MAX_UP Defines the total upstream bandwidth allowed for the group in Kilobits per second Integer value 0 is interpreted as unlimited 21 GROUP_BW_MAX...

Page 94: ...ual limits at the same time Group Bandwidth Limit Policy Current Table When the feature is enabled a group bandwidth policy ID column is displayed in the Current Subscribers table Subscriber Administr...

Page 95: ...e Access Gateway and the mirror servers must use the same secret key 5 Repeat Step 4 for the secondary server if any and all carbon copyservers 6 Define the fail safe provisions including Retransmit M...

Page 96: ...Based Queueing 1 Click Configuration Class Based Queueing The Class Based Queueing screen appears 2 Click Enable and then Save to enable Class BasedQueueing 3 Click Add Class to add a class Class nam...

Page 97: ...ng structure and priority settings Assigning Users to a Class There are four ways to assign users to a particular class Radius XML Subscriber Administration menu Subscriber Interface menu Assigning a...

Page 98: ...25 To enable NSE Clustering 1 Click Configuration Clustering and click Enable 2 Enter integers for the Total number of gateways and the Gateway number must be from 2 to 256 with no gaps For example i...

Page 99: ...com The NSE will process the HTTP request and will analyze the Host header to find the redirection URL that corresponds to www example com which is portal1 myhotel com in this example The NSE will the...

Page 100: ...click on the Set Shared Secret check box If you enable this feature enter the shared secret text string in the Set Shared Secretfield 8 Click on the Save button to save the redirection settings or cli...

Page 101: ...Step 8 3 To route DHCP through an external server enable the DHCP Relay 4 If you enabled the DHCP Relay feature you must assign a valid DHCP Server IP address the default is 0 0 0 0 and a valid DHCP R...

Page 102: ...a public pool address the Access Gateway associates their MAC address with their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a pr...

Page 103: ...ots The Access Gateway can issue IP addresses to any DHCP enabled subscriber who enters the network Managing the DNS Options DNS DNS allows subscribers to enter meaningful URLs into their browsers ins...

Page 104: ...the Restore button if you want to reset all the values to their previous state Managing the Dynamic DNS Options Dynamic DNS Use the following procedure to set the Dynamic DNS options 1 From the Web Ma...

Page 105: ...ils The NSE can now support up to five AG5800 AG5900 WAN interfaces at once using completely independent network settings for each The AG5900 with optional Fiber Module could have 7 Each WANport has i...

Page 106: ...s and even Link Aggregation Groups Basic functionality is equivalent to IPv4 static port mapping except as follows The feature is provided by routing not NAT External computers will access the device...

Page 107: ...efix and interface address for the subscriber port you will use Network Info Interfaces 4 Based on that information configure the device s IPv6 settings Delegated prefixes are assigned in sequence sta...

Page 108: ...he ROUTE only needs to tell the network router that all traffic for 2001 428 4C05 80 60 should be sent to our WAN port IPv6 address Depending on the network you might need to add a similar IPv6 route...

Page 109: ...vidual ports The LAGs look and behave and are configured exactly like individual WAN and Sub ports Use the following steps to set up a LAG 1 Set the desired port to AGG mode 2 Assign the aggregated po...

Page 110: ...vable bandwidth To enable Fast Forwarding mode choose Configuration Fast Forwarding Check Enabled If you enable Fast Forwarding some counting statistics e g bytes sent received are updated somewhat le...

Page 111: ...into any of the Access Gateway s configuration screens 1 From the Web Management Interface click on Configuration then Home Page Redirect The Home Page Redirection Settings screen appears 2 Click on t...

Page 112: ...mode are notshown Each of the displayed ports has individual iNAT Subscriber tunnelsettings accessible by clicking on that port slink The interface allows easy deletion of any iNAT address range iNAT...

Page 113: ...igured WAN interface Three failures must occur before the system sets the port status to Unavailable and re assigns subscribers Monitoring may be configured for both the Monitoring Interval default is...

Page 114: ...ty 3 Check Enable NAT Traversal to allow packets to traverse NAT IPsec boundaries 4 Click Save to save the setting To add or modify IPsec tunnel peers see Managing IPSec Tunnel Peers on page 102 To ad...

Page 115: ...ilenamefield Enter the filename of the public certificate in the Certificate Filenamefield Note that the files must exist on flashfirst 6 In the IKE Channel Security Parameters section select the foll...

Page 116: ...table Restore to undo any changes you made to the peer settings and return the peer to its original settings 4 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel S...

Page 117: ...interface for this policy The Local IP Subnet is the IP address of the local network secured by the IPSec tunnel The address can specify ahost The Subnet Mask is the subnet mask of the local network s...

Page 118: ...nnel Settings screen 7 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel Settings screen Modifying an Existing IPSec Security Policy 1 Click on the IPSec security...

Page 119: ...d to that interface in accordance with the load balancing algorithm An NSE reboot will rebalance all subscribers Subscribers will use the IP address of their WANport or assigned additional NAT address...

Page 120: ...4 Enter a Network SSID Zone 5 Click Save to save your changes or click Restore if you want to reset all the values to their previous state Managing the Log Options Logging System logging creates log f...

Page 121: ...ng When system logging is enabled the standard SYSLOG protocol UDP is used to send all message logs generated by the Access Gateway to the specified SYSLOGserver 3 Enter a unique number between 0 and...

Page 122: ...ion SYSRPT ID 012345 IP 11 222 333 444 unresolved Subscribers 010 Additional Configuration System Report Log Interval This is the time interval in minutes between the system report syslogs Subscriber...

Page 123: ...ing for the syslogs from your NSE in the Subscriber Tracking Log Server IP field 4 Check the Subscriber Tracking Log save to file option to save the syslogs locally to the NSE flash Note Notrecommende...

Page 124: ...ptions are aa bb cc dd ee ff aa bb cc dd ee ff or aabbccddeeff The default setting isaa bb cc dd ee ff 6 Select the Case of Hex Alpha Characters This setting specifies in the MAC addresses in RADIUS u...

Page 125: ...e Access Gateway outputs a call accounting record to the PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room The Access Gateway offers post paid P...

Page 126: ...ied interoperability with a variety of Property Management Systems Encore FCS Galaxy GEAC GuestView Holodex AutoClerk Hilton 1 Hilton 2 Hotel Info Sys HIS Igets net Innquest LanMark LIBICA Logistics M...

Page 127: ...n 3 PMS Port Test Mode provides a utility to confirm that the PMS port is working To run the utility you must have the Nomadix supplied db9 rj45 adapter plugged into same device that you used to check...

Page 128: ...ck Disable Registration Number to suppress prompt for a registration number on guest login If you choose Micros Fidelio TCP IP you must provide the Target IP Address and the Target Port Number If you...

Page 129: ...e an Idle Timeout in minutes and an Idle Data Threshold in bytes These selections determine the thresholds when a post paid hotel guest will be automatically disconnected fromthe service 11 Property M...

Page 130: ...eset all the values to their previous state Based on the HOBIC interface standards Nomadix Inc has also certified interoperability with a number of other PMS and call accounting solutions such as Rame...

Page 131: ...ateway Go to In Room Port Mapping on page 120 to map rooms from the subscriber side of the Access Gateway For security reasons this feature should be disabled when in room port mapping from the subscr...

Page 132: ...lowing you to enter the IP address and SNMP community for the primary and all cascading devices connected to the site For RFC1493 compliant systems you have the additional option of defining the Uplin...

Page 133: ...2 Enter the following URL target format http Access Gateway IP address 1111 usg roommapping For example http 219 57 108 103 1111 usg roommapping The Enter Network Password prompt appears 3 Enter your...

Page 134: ...l mode classification and resultant bit marking is performed via QoS policies that are defined within the NSE The two modes can also be used in combination NSE provides support for DSCP Differentiated...

Page 135: ...GATEWAY System Administration 123 4 Select Add Policy to define a new QoS policy or select a link to a policy that is already defined in order to modify it The Add QoS Policy for Subscribers screen a...

Page 136: ...on page 139 Defining the RADIUS Client Settings RADIUS Client The Access Gateway supports Remote Authentication Dial In User Service RADIUS RADIUS is an authentication and accounting system used by ma...

Page 137: ...ess to the network are validated by RADIUS For additional RADIUS information see also Defining the RADIUS Proxy Settings RADIUS Proxy on page 128 Defining the Realm Based Routing Settings Realm Based...

Page 138: ...box for Enable URL Redirection 5 For a Network Access Server NAS if you want to send a NAS identifier with your account access request click on the check box for Send NAS identifier then definethe NAS...

Page 139: ...If required check the box for Enable RADIUS Subnet Attribute if you want to allocate a specific subnet to a user 13 If required check the box for Enable Goodbye URL if you want the system to display a...

Page 140: ...b Management Interface click on Configuration then RADIUS Proxy The RADIUS Proxy Settings screen appears 2 Enable or disable RADIUS Proxy Services as required by clicking on theappropriate check box 3...

Page 141: ...ck in the box of the Nomadix VSAs to be enforced by the Proxy for this entry Enforce Bandwidth Up VSA The Radius VSA for Bandwidth Up will be passed on to the Upstream NAS when enabled Enforce Bandwid...

Page 142: ...to see configured RADIUS service profiles and Realm Routing Policies this will take you to the Realm Based Routing Settings screen Defining the Realm Based Routing Settings Realm Based Routing Use thi...

Page 143: ...rs that will login with a username in the format type of ISP username In this case the delimiter is and what appears before it ISP is the realm name Create a RADIUS service profile for a RADIUS server...

Page 144: ...the authorization port in the Port field for the primary RADIUS authentication server This is the port the system uses when authorizing subscribers 4 Enter a secret key in the Secret Key field for th...

Page 145: ...licy for each realm that will be handled The realm routing policy will reference either a RADIUS service profile or a tunnel profile Many different realm routing policies can reference the same RADIUS...

Page 146: ...n the Add button to add this Realm Routing Policy 7 When you have completed the definition of your Realm Routing Policy you can return to the previous screen Realm Based Routing Settings by clicking o...

Page 147: ...rver including SMTP servers which support login authentication To the subscriber sending and receiving E mail is as easy as it s always been This function is transparent to subscribers 1 From the Web...

Page 148: ...an SNMP client manager for example HP OpenView SNMP is the standard protocol that regulates network management over the Internet To do this you must set up the SNMP communities and identifiers For mo...

Page 149: ...ess networks For example you can define the user s subnet via the management interfaces 1 From the Web Management Interface click on Configuration then Subnets The Public Subnets Settings screen appea...

Page 150: ...m Date and Time Time You can set the system time from local hardware or your choice of NTP server s The NSE supports automatic daylight Savings Time adjustment and official IANA iana org time zones Yo...

Page 151: ...its BIOS then displays the new date and time If you select External Time In the Server Timeout field enter the number of seconds before the NSE gives up on receiving a time response from the NTPserve...

Page 152: ...hat have been defined for this descriptor Select a condition type from the Add Condition menu and define the matching parameters Once added conditions will be displayed in the condition list 6 Select...

Page 153: ...g 4 If URL Filtering is enabled you can add or remove up to 300 addresses in theIP DNS Name field After entering the address you want to add simply click on the Add button the address will be added to...

Page 154: ...r login types 1 From the Web Management Interface click on Configuration then Zone Migration The Zone Migration Settings screen appears 2 Select Relogin after migration to enable the Zone Migration fe...

Page 155: ...ovides the option to require relogin after migration between ports that are within a given zone The default is Disabled Existing Zones Zones that have already been defined are listed here and can be e...

Page 156: ...slation DAT allows all users to obtain network access regardless of their computer s network settings To view the DAT Session Table go to the Web Management Interface click on Network Info then click...

Page 157: ...These statistics are presented as a listing that details the current status of each ICMP transmission element To view the ICMP Statistics go to the Web Management Interface click on Network Info then...

Page 158: ...With IP transmissions data is broken up into packets which are then sent over the network By using IP addressing Internet Protocol ensures that the data reaches its destination even though different...

Page 159: ...IP Usage To view the current NAT IP Address Usage go to the Web Management Interface click on Network Info then click on NAT IP Usage The NAT IP Usage summary screen appears Displaying the Routing Tab...

Page 160: ...anagement Interface click on Network Info then click on Sockets The Socket Table screen appears Displaying the Static Port Mapping Table Static Port Mapping You can display a table which provides a de...

Page 161: ...rotocol statistics which are presented as a detailed listing of all TCP elements and their current status TCP is a standard protocol that manages data transmissions across networks To view the TCP Sta...

Page 162: ...ailed listing of all UDP elements and their current status UDP is an Internet standard transport layer protocol It is a connectionless protocol that adds a level of reliability and multiplexing to the...

Page 163: ...n of 14 99 an hour with PayPal billing This feature is called Port based Policies Port based Policies must be enabled from the Configuration AAA page Adding and Updating Port Location Assignments Add...

Page 164: ...at the Location field consists only of numbers no alpha characters or symbols All alpha characters used for locations and descriptions are case sensitive 3 In the Port field enter the port the VLAN ID...

Page 165: ...arameter is set PayPal billing for a port is enabled only if PayPal Services is globally enabled AND the per port enable PayPal billing parameter is set PMS billing for a port is enabled only if PMS S...

Page 166: ...t Location Assignment by Description screen appears 2 In the Enter Description field enter the description of the assignment you want tofind The system ignores the case upper or lower of the character...

Page 167: ...ort location assignment based on its port This procedure is useful if you want to review the details of a specific port location You can also find port locations based on their description or location...

Page 168: ...n location txt file FTP to the Access Gateway s flash directory for example IP address flash location txt and upload the file See also Creating a location txt File on page 156 1 From the Web Managemen...

Page 169: ...ocation 1 charge for use and 2 blocked If you do not assign a conditional state the state is registered as No Charge by default Description Use a meaningful description for the assignment Displaying t...

Page 170: ...a conference room can communicate with each other without NSE intervention Subscribers can communicate with each other when on the same VLAN and the same IP subnet The NSE will not respond to any ARP...

Page 171: ...tration 159 Use the following steps to enable intra port communication 1 Click Port Location List Click on the Port number The Process Port Location Assignment screen appears 2 Click Allow Intra port...

Page 172: ...iber Type Profile on page 160 Adding a Device Type Profile on page 161 Adding a Group Type Profile on page 163 For more information about subscriber access and billing options see the following sectio...

Page 173: ...nutes for the subscriber s authorized access time When the assigned time expires the subscriber must re subscribe to the service 11 Enter an amount in the Paid field 12 The next two fields User Defina...

Page 174: ...able 1 and User Definable 2 are optional Usethese fields for simple notations about thedevice 11 Define the Min Upstream Bandwidth and Max Upstream Bandwidth range forthis device in Kbps 12 Define the...

Page 175: ...xpiration date for the group account 4 Define the DHCP Address Type Public or Private only used when the IP Upsell feature is enabled otherwise leave this set to private 5 Enter a valid Subnet address...

Page 176: ...a listing of all the subscribers currently connected to the system The list includes the MAC addresses of the subscribers their active state the individual expiration times port numbers if assigned b...

Page 177: ...y User This procedure shows you how to delete a subscriber profile from the Access Gateway s database of authorized subscribers based on the profile s user name To see a current listing of the subscri...

Page 178: ...iles from the Access Gateway s database of authorized subscribers Use this procedure when you want to clean up the subscriber database 1 From the Web Management Interface click on Subscriber Administr...

Page 179: ...subscriber s MAC address and the access time remaining for thissubscriber 1 From the Web Management Interface click on Subscriber Administration then Find by User The Find a Subscriber Profile screen...

Page 180: ...flash directory This log contains accounting messages exchanged with downstream servers and upstream NASs The size of the log file is limited to 2000 records accounting messages or 320000 bytes when...

Page 181: ...authorized subscribers The displayed list includes the number of subscribers currently in the database Current Table and a numerical breakdown of how the subscribers can utilize the system for example...

Page 182: ...s online on a time X over period Y basis Standard billing plans where time X period Y can be used concurrently with X over Y plans For example multiple plans with flexible billing event options can be...

Page 183: ...d X over Y plans that are currently active To view or edit a billing plan click the View Edit Delete button opposite the corresponding plan The Internal Billing Options Plan Setup or Internal Billing...

Page 184: ...ACCESS GATEWAY 172 System Administration...

Page 185: ...tion for this billing plan in the Description of Service field 4 If desired enable Facebook Login and specify a plan duration 5 Define the Pricing schemes for this billing plan rate per minute per hou...

Page 186: ...troduction Message Offer Message Policy Message 14 Define the Units of Access Minute Hour Day Week or Month you want tomake available to subscribers 15 If you want to allow free access to subscribers...

Page 187: ...op up window that is presented to subscribers allowing them to select their bandwidth and billing plan options quickly and efficiently and displays a dynamic time field to inform them of the time rema...

Page 188: ...ogout Console Enable one of thefollowing a ICC Information and ControlConsole b Nomadix Logout Console 4 If you enabled either ofthe ICC pop up options you can choose a unique name for the console Sim...

Page 189: ...e button and the mouse over text The mouse over text is the text that appears in the ICC s Message Bar when your mouse pointer rolls over a button image Target URL Where subscribers are sent when they...

Page 190: ...e parameters for your banner s Name Text Target URL Image Name see following note Duration secs Start Time Optional Stop Time Optional If you assign or change button images or banner images the Access...

Page 191: ...text displayed to your users by the Internal Web Server IWS without any HTML or ASP knowledge The language you select here will determine the language encoding that the Access Gateway s Internal Web S...

Page 192: ...into Japanese and enter and display Japanese characters on the Web Management Interface and the subscriber s portal page choose the Japanese Shift_JIS option If you want to have the ICC displayed in E...

Page 193: ...all pages and images cannot exceed 200 KB File names should be labeled using the 8 3 format The pages can now be served by referencing the URL http nseip 1111 web filename or at https nseip 1112 web f...

Page 194: ...erve to the end users Note The name of the web page has to be added in order for it to be served to the end users Uploading the web page to the web directory is not sufficient Image File Name This tex...

Page 195: ...ubscriber Interface then Login UI The Subscriber Login User Interface Settings screen appears 2 Define the messages you want subscribers to see when they log in Keep messages brief and to the point Av...

Page 196: ...must be defined using an IS0 4217 currency code for example USD for US Dollars GBP for Great British Pounds 9 Enter a numeric value for the Number of decimals for amount This field defines the number...

Page 197: ...o reboot the Access Gateway and make the changes take effect immediately or click on the Restore button if you want to reset all the values to their previous state If you made changes to the Image Fil...

Page 198: ...billing mechanisms for example post paid PMS if your product license supports PMS The IWS page displays the details of the user s connection such as IP address of the user Type of AAA Start Stop time...

Page 199: ...rred display options by checking the corresponding boxes Display IPAddress Display AuthenType Display StartTime Display StopTime Display Byte Sent Display Byte Received Display Hypertext Link URL 4 If...

Page 200: ...ubscriber Interface then Subscriber Buttons The Subscriber Page Control Button Definitions screen appears 2 Enter the definitions you want for each control button in the corresponding fields Only the...

Page 201: ...f you want to reset all field values to their default state click Restore Defaults Defining Subscriber Error Messages Subscriber Errors This procedure allows you to define how error messages are displ...

Page 202: ...ant to reset all field values to their default state click on the Restore Defaults button 4 Repeat Steps 1 3 for page 2 of 2 Defining Subscriber Messages Subscriber Messages This procedure allows you...

Page 203: ...ngfields 3 Click on the Save button to save your changes or click on the Clear Changes button if you want to reset all the values to their previousstate If you want to reset all field values to their...

Page 204: ...creen appears You can view delete or add new ARP table entries from this screen Configurable Gateway ARP Refresh Interval The NSE will periodically refresh its ARP cache entry for the gateway IP When...

Page 205: ...idge Mode allows complete and unconditional access to devices on the subscriber side of the Access Gateway When the Bridge Mode option is enabled the Access Gateway iseffectively transparent to the ne...

Page 206: ...Mode Passthrough Settings screen appears 2 Click on the check box for Bridge Mode to enable this feature The Access Gateway should be rebooted if this setting is changed 3 If you want the changes to...

Page 207: ...to replace the current system configuration settings with the factory default settings and reboot the Access Gateway Defining the Fail Over Options Fail Over Your product license may not support this...

Page 208: ...cess Reboot and Uptime activities The history log contains up to 500 entries Over 500 entries and each new log item removes the oldest entry in the list The latest entry is always at the top of thelis...

Page 209: ...by entering either an IP address or DNSname of host This is the site that you want the ping to be sent to from theNSE 4 Click on the Save button to save your changes or click on the Restore button to...

Page 210: ...e logins have been assigned managers have the ability to perform all write commands Submit Reset Reboot Add Delete etc but operators cannot change any system settings Administrative Concurrency may be...

Page 211: ...forget your password you will need to contact technical support See also Technical Support on page 347 6 If you enabled Administration Concurrency repeat steps 3 to 5 for an operator login and if des...

Page 212: ...gers Only If RADIUS is enabled you can enter a login name in theRADIUS Remote Test Login field For RADIUS logins the maximum number of characters for usernames is 96 The maximum number of characters f...

Page 213: ...ing on a remote host in the form of a PCAP formatted file Note that a utility that is capable of reading and displaying PCAP formatted files such as Wireshark is required in order to view theresults 1...

Page 214: ...pleting all your changes 1 From the Web Management Interface click on System then Reboot The RebootDevice screen appears 2 Click OK to reboot the operating system Routing Tables Routing This command a...

Page 215: ...address of the route you want to add to the routing table This is the Destination IP or Subnet that the Route is trying to reach with the prefix length to determine how large the subnet mightbe 3 Ente...

Page 216: ...e this feature as required 3 Enter values for the following session limiting parameters Mean Rate Burst Size Time Interval inseconds 4 Click on the Save button to save yourchanges For advanced securit...

Page 217: ...he Remote IP Address Leave this field set to zero if you want to connect to the internal device from any network sideworkstation 8 Optional Enable the Protect with Source IP based Access Control optio...

Page 218: ...Click on the Delete button to delete the static port or click on the Restore button to reset your changes to their previous state For more information about Static Port Mapping see also Displaying th...

Page 219: ...egrates this address with a PMS interface for secure billing Like a router the Access Gateway continuously tracks subscriber IP and MAC settings eliminating the need for further sign ins and ensuring...

Page 220: ...ateway offers powerful billing support functionality called Authentication Authorization and Accounting This feature also known as AAA employs a combination of command routines designed to create a fl...

Page 221: ...scribers on a local flash database By looking up subscribers on a remote database The Authentication module can support user name and MAC address authentication simultaneously The initial login page c...

Page 222: ...ized to access the system Once authorized the subscriber s activity is logged and billed through the Access Gateway s Accounting module The Accounting module fully supports the following functions Pay...

Page 223: ...a login interface between subscribers and the solution provider s network including the Internet The internal Web server is flashed into the system s memory and the login page is served directly from...

Page 224: ...e French German Japanese and Spanish Home Page Redirection The Access Gateway can be configured to redirect all valid subscribers to a Web portal or home page determined by the solution provider After...

Page 225: ...izes access to the Internet A possible scenario for using this model is to allow Internet access to administrative personnel in alllocations User Name and Password Each subscriber can choose a unique...

Page 226: ...ernal Authorization Enabled Enter PayPal s App Name Client ID Webhook ID set the proper secret code and select if you are using a Live Environment information obtained from your PayPal account If you...

Page 227: ...s a HTML based applet in the form of a pop up window from which subscribers can dynamically control their billing options and bandwidth and which allows service providers to display advertising banner...

Page 228: ...GATEWAY 216 The Subscriber Interface Quick Reference Guide This chapter contains product reference information organized by topic Use this chapter to locate the information you need quickly and effic...

Page 229: ...in this menu allow you to define how the subscriber interface is displayed to users and what information it contains System Menu Displays the System menu Items in this menu let you manage login names...

Page 230: ...ctionality exists IPSec IPsec is an end to end security scheme operating in the Internet Layer of the Internet Protocol Suite It can be used in protecting data flows between a pair of hosts host to ho...

Page 231: ...s or removes up to 300 specific IP addresses and domain names to be filtered for each property User Agent Filtering User agent Filtering is a capability that can filter software that is acting on beha...

Page 232: ...the displayed ports has individual iNAT Subscriber tunnel settings accessible by clicking on that port s link A new improved interface allows easy deletion of any iNAT address range Packet Capture Su...

Page 233: ...ole ICC for subscribers Language Support Defines the language to be displayed on the Web Management Interface and the subscriber s portal page Local Web Server Upload the required pages and images to...

Page 234: ...ts previously exported system configuration settings from an archive file Login Sets up the login name and password Mac Filtering Blocks malicious users based on their MAC address Up to 50 MAC address...

Page 235: ...tion System Current Display currently connected subscribers Subscriber Admin Clustering Set Clustering options Configuration DAT Display the DAT session table Network Info Delete All Delete all port l...

Page 236: ...performance statistics Network Info Language Support Define different languages Subscriber Interface List Display the room file Port Location List by MAC List the subscriber database sorted by MAC add...

Page 237: ...scriber profile statistics Subscriber Admin Subnets Enable dynamic multiple subnet support Configuration Subscriber Buttons Define how control buttons are displayed to subscribers Subscriber Interface...

Page 238: ...ubscriber IP Subnet Mask Default Gateway IP DHCP Client Admin IP 10 0 0 10 10 0 0 11 255 255 255 0 10 0 0 1 Enabled 172 30 30 172 Domain Host Name Primary DNS Secondary DNS Tertiary DNS nomadix AG3100...

Page 239: ...Usernames XML Disabled Enabled Disabled DNS Redirection SMTP Redirection SMTP Server IP Enabled Disabled 0 0 0 0 SNMP SNMP Get Community SNMP Set Community SNMP Trap IP Disabled public private 0 0 0...

Page 240: ...FORM Intel based System INTERFACE 1 RJ 45 WAN 3 RJ 45 ETH 1 12VDC Power Connector 1 RJ 45 Console 1 DB 9 Serial Connector 2 USB Connectors 1 Reset 1 Power Button POWER REQUIREMENTS Type Watts 12VDC 5A...

Page 241: ...IPSec Support PPTP Support Session Rate Limiting SRL User Agent Filtering Mac Address Filtering URL Filtering ICMP Blocking Proxy ARP for device to device communication BILLING PLAN ENABLEMENT RADIUS...

Page 242: ...EE 802 3 3u 3eb IEEE 802 1d DHCP Server DHCP Relay Multiple Subnet Support IP UPsell DHCP Client PPPoe Client INTELLIGENT ROAMING Realm Based Routing Zone Migration SERVICE PROVISIONING Home Page Redi...

Page 243: ...ce in a 19 rack 17 24 L x 11 53 W x 1 73 H 438mm L x 292 0mm W x 44mm H Weight 8 8 lbs Weight 4 00 Kg OPERATING VOLTAGE 100 240 VAC 50 60Hz Auto Sensing POWER CONSUMPTION 65 watts ENVIRONMENTAL Operat...

Page 244: ...J 45 LAN 1 x 10 100 1000 Mbps GigE RJ 45 WAN 1 x DB9 serial PMS Interface 1 x Front Access RJ 45 serial system console LED INDICATORS ACT LINK and 10 100 1000 for each Ethernet port Power NETWORK MANA...

Page 245: ...rnational Language Support External Web Server Mode Internal Web Server Mode Secure XML API over SSL Login Page Failover BILLING PLAN ENABLEMENT RADIUS Client RADIUS AAA Proxy Port Based Policies Port...

Page 246: ...ent QoS Tagging Group Bandwidth Management IP ADDRESS MANAGEMENT IEEE 802 3 3u 3ab IEEE 802 1d DHCP Server DHCP Relay Multiple Subnet Support IP UPsell DHCP Client PPPoE Client INTELLIGENT ROAMING Rea...

Page 247: ...15 000ft REGULATORY FCC Class A UL UL US and Canada CE EN 55022 2010 Class A EN 61000 3 2 2006 A1 2009 A2 2009 EN 61000 3 3 2008 EN55024 2010 IEC 61000 4 2 2008 IEC 61000 4 3 2006 A1 2007 A2 2010 IEC...

Page 248: ...irect HTTPS Redirect Portal Page Redirect Session Termination Redirect Information and Control Console Pop Up Explicit Logout Button International Language Support External Web Server Mode Internal We...

Page 249: ...ADVANCED SECURITY iNAT IPSec Support PPTP Support Session Rate Limiting SRL User Agent Filtering Mac Address Filtering URL Filtering ICMP Blocking Proxy ARP for device to device communication POLICY...

Page 250: ...sole DB9 serial port Property Management Interface POWER 100 240 VAC 50 60Hz 220 watts ENVIRONMENT Operating temperature 0 C to 40 C Storage temperature 20 C to 70 C Operating humidity 5 90 RH Storage...

Page 251: ...em MUST be powered down before inserting or removing the module Also it is highly recommended that the power cord be removed from the unit as a precaution Severe damage to the module and or the NSE co...

Page 252: ...ar 31 21 35 15 nomad237 nomadix com INFO AAA 4009 AAA Interface Updated_by_administrator 00 00 0 12 34 56 2 hrs 34 min Mar 31 21 36 05 nomad237 nomadix com INFO AAA 4006 AAA Interface Removed_by_admin...

Page 253: ...Info 1 2 3 4 INFO Access Gateway v51 4 126 DHCP ndxDHCPInit 0021 DHCP initialized 2003 02 10 11 25 53 Local2 Info 1 2 3 4 INFO Access Gateway v51 4 126 CLISRD 0206 Setting COM1 to 9600 baud 2003 02 1...

Page 254: ...ACCESS GATEWAY 242 Quick Reference Guide Sample History Log A history log is generated by the Access Gateway which includes the system s activity Access Reboot and Uptime More Listings...

Page 255: ...a and place it on the clipboard Ctrl X Copy selected data to the clipboard Ctrl C Paste data from the clipboard into a document at the insertion point Ctrl V Copy the active window to the clipboard Al...

Page 256: ...EWAY 244 Quick Reference Guide HyperTerminal Settings Use the following settings when establishing a HyperTerminal session Item Setting Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow co...

Page 257: ...s a Web page to the subscriber asking for a login name and password This information password is encrypted and sent across the network to the ISP s RADIUS server The RADIUS server decrypts the informa...

Page 258: ...ed for 802 1x Class Session Timeout Idle Timeout EAP Packet used for802 1x Message Authenticator used for802 1x Acct Interim Interval Nomadix VSAs Nomadix Bw Up Nomadix Bw Down Nomadix URL Redirection...

Page 259: ...t in the Access Gateway Web Management Interface WMI If the Radius server does not send a Session Timeout the Access Gateway will set the subscriber expiration time to 0 which means access forever Log...

Page 260: ...pt If this attribute is present the Access Gateway tries every Acct Interim Interval seconds to send a Radius Accounting Interim message for the specific subscriber If this attribute is not present or...

Page 261: ...e NSE will log the user out at midnight Nomadix Logoff Url 10 Passed in the Access Request to the Radius server This is a required attribute for WISPr Implementation is determined by the property owne...

Page 262: ...or Eth5 to identify what interface the user will try to send traffic on Nomadix Bw Class Name 27 Class name in dotted notation Nomadix MaxBytesTotal 28 Total amount of traffic up and down for a user...

Page 263: ...o use a different Certificate Authority For Nomadix technical support go to Contact Information on page 268 Obtain a Private Key File cakey pem To create a Private Key File you must install OpenSSL on...

Page 264: ...EWAY 252 Quick Reference Guide 2 Click Next The following screen appears 3 Click Next to display the next setup screen 4 Click Next to display the next setup screen 5 Click Next to display the next se...

Page 265: ...or the purposes of this document Nomadix used ftp planetmirror com 8 In the following screens skip all packages except cygwin and openssl then click Next when you are done At the time of this writing...

Page 266: ...ess is completed At the pop up dialog click OK Private Key Generation 1 Create a directory from Root and put 5 random files a dat b dat c dat d dat and e dat see note into the C cygwin bin directory o...

Page 267: ...mmended by VeriSign These files are entered in the key generation command as file1 file2 file3 file4 file5 Output to cakey pem The file that contains the private key You must have the file name cakey...

Page 268: ...a request new Defining a new request key from private key Output to server csr the output file 2 Fill in your company information If States or Province names do not exist in your country please repea...

Page 269: ...or Netscape go to www verisign com products site index html 2 Select Buy for Secure Site Service 3 Select Buy Now for 40 bit SSL Secure Server ID or 128 bit SSL Global Server ID Some older versions o...

Page 270: ...l data into the edit box 5 Select the purchase method and submit the required contact information For Expedited Service you will typically be able to get the Public Key by email within two days For Re...

Page 271: ...e settings in the Web Management Interface WMI go to Configuration Menu on page 68 Setting Up the Portal Page System administrators can create login button s on the Portal Page and can setup http link...

Page 272: ...ere is a message billing record in the message queue the system wakes up and performs the following tasks 1 Stores the billing record in the flash 2 Create an XML packet based on the new billing recor...

Page 273: ...regular string AMOUNT 234 34 TRANS_TYPE CC RESULT_VALUE OK or ERROR IP Standard IP address format 123 123 123 123 The packet after the HTTP headers added looks like this XML to Access Gateway The Acce...

Page 274: ...RMTLOG_ACK ACK_VALUE ERROR ACK_VALUE IP_ADDR 11 22 33 44 IP_ADDR ERROR_CODE 5 ERROR_CODE USG Format for each Field RESULT_VALUE OK or ERROR IP Standard IP format 123 123 123 123 ERROR_CODE1 for OK or...

Page 275: ...his chapter provides information to help you resolve common hardware and software problems It also contains a list of known error messages associated with the Management Interface General Hints and Ti...

Page 276: ...k the unit s ventilation holes and do not stack with other equipment unless correctly mounted in a rack If you suspect the unit is overheating check that the internal cooling fan is operating correctl...

Page 277: ...for these fields NFS client support not included This message is displayed when the system reboots and NFS clients are not supported No matching MAC address found in profile database The system could...

Page 278: ...h IP address specified If you specified a subnet is it correct If you suspect the subnet try using 255 255 255 0 The DHCP relay is disabled and the DHCP service settings in the Access Gateway are misc...

Page 279: ...you to diagnose and solve your problem if the problem is related to the Access Gateway Additionally you should check with your network documentation to verify that the network components are function...

Page 280: ...act Information You can contact us by Email fax telephone or regular mail Telephone 1 818 575 2590 E mail support nomadix com Fax 1 818 597 1502 Address Nomadix Inc 30851 Agoura Rd Suite 102 Agoura Hi...

Page 281: ...ithin a campus network 802 1Q establishes a standard format for frame tagging Layer 2 VLAN markings enabling the creation of VLANs that use equipment from multiple vendors 10 100 Ethernet See Ethernet...

Page 282: ...offer multi gigabit bandwidth See also Bandwidth and Packet Bandwidth The maximum speed at which data can be transmitted between computers across a network usually measured in bits per second bps If...

Page 283: ...ame on the World Wide Web See also DNS Internet and IP Address Driverless Print Servers Servers that can bill subscribers rooms for printing their documents without them having to install printers See...

Page 284: ...ach data stream and then combines many modulated carrier frequencies for transmission For example television transmitters use FDM to broadcast several channels at once FHSS Frequency Hopping Spread Sp...

Page 285: ...te See also Portal and URL Host Any computer that provides services to other computers that are linked to it by a network Generally the host is the more remote of the computers For example if a user i...

Page 286: ...me location See also Internet and IP Address Internet Service Provider The agency that provides you with access to the Internet Your Internet Service Provider ISP may be a large commercial organizatio...

Page 287: ...nt station can query or establish in the SNMP agent of a network device for example a router Standard minimal MIBs have been defined and vendors often have their own private enterprise MIBs In theory...

Page 288: ...8 bytes In IP networks packets are often called datagrams See also Forwarding Rate Packet Switching Network pps and Throughput Packet Switching Network Refers to protocols in which messages are divide...

Page 289: ...QoS can be characterized by several basic performance criteria including availability low downtime error performance response time and throughput lost calls or transmissions due to network congestion...

Page 290: ...lution provider is offering a solution that isn t readily available on the open market For example NOMADIX is a solution provider to its customers broadband network service providers and those custome...

Page 291: ...and a client command line utility You can log to files terminal devices logged on users or even forward to other syslog systems See also Daemon TCP Transmission Control Protocol Manages data into sma...

Page 292: ...based solely on the Earth s inconsistent rotation rate with highly accurate atomic time When atomic time and Earth time approach a one second difference a leap second is calculated into UTC UTC was de...

Page 293: ...adix Gateways WPA Wi Fi Protected Access A Wi Fi standard that was designed to improve upon the security features of WEP The technology is designed to work with existing Wi Fi products that have been...

Page 294: ...ACCESS GATEWAY 282 Glossary of Terms...

Reviews:

No comments