Nomadix AG 5500 User Manual Download Page 29 | Manualshive

Page: 29 / 338

Nomadix AG 5500 User Manual Download Page 29

AG 5500

Introduction

17

Secure Management

There are many different ways to configure, manage and monitor the performance and up-time
of network devices. SNMP, Telnet, HTTP and ICMP are all common protocols to accomplish
network management objectives. And within those objectives is the requirement to provide the
highest level of security possible.

While several network protocols have evolved that offer some level of security and data
encryption, the preferred method for attaining maximum security across all network devices is
to establish an IPSec tunnel between the NOC (Network Operations Center) and the edge
device (early VPN protocols such as PPTP have been widely discredited as a secure tunneling
method).

As part of Nomadix’ commitment to provide outstanding carrier-class network management
capabilities to its family of public access gateways, we offer secure management through the
NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption.
Establishing the IPSec tunnel not only allows for the secure management of the Nomadix
gateway using any preferred management protocol, but also the secure management of third
party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on
the subscriber side of the Nomadix gateway. See also,

“Enabling Secure Management {VPN

Tunnel}” on page 148

.

Two subsequent events drive the secure management function of the Nomadix gateway and the
devices behind it:

1.

Establishing an IPSec tunnel to a centralized IPSec termination server (for example,
Nortel Contivity). As part of the session establishment process, key tunnel parameters are
exchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).

2.

The exchange of management traffic, either originating at the NOC or from the edge
device through the IPSec tunnel. Alternatively, AAA data such as RADIUS
Authentication and Accounting traffic can be sent through the IPSec tunnel. See also,

“RADIUS-driven Auto Configuration” on page 15

.

The advantage of using IPSec is that all types of management traffic are supported, including
the following typical examples:

z

ICMP - PING from NOC to edge devices

z

Telnet - Telnet from NOC to edge devices

z

Web Management - HTTP access from NOC to edge devices

z

SNMP

z

SNMP GET from NOC to subscriber-side device (for example, AP)

z

SNMP SET from NOC to subscriber-side device (for example, AP)

z

SNMP Trap from subscriber-side device (for example, AP) to NOC

ag5500_userguide.book Page 17 Tuesday, June 5, 2007 7:31 PM

«
...
27
28
29
30
31
...
»

Summary of Contents for AG 5500

Page 1: ......

Page 2: ...ts Reserved Livingston Enterprises Inc Copyright 1992 Livingston Enterprises Inc All Rights Reserved The Regents of the University of Michigan and Merit Network Inc Copyright 1992 1995 All Rights Rese...

Page 3: ...36 894 EU1222791 BE1222791 FI1222791 FR1222791 DE60020588 6 GB1222791 NL1222791 ES1222791 SE1222791 CH1222791 SG88575 ZL00815828 2 US6 798 110 Japan 3880856 Korea 559357 SG88483 Zl00815982 3 EU1234425...

Page 4: ...elevision reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures z Reorient or relocat...

Page 5: ...uteile AVISO Riesgo de shock el ctrico No abrir No hay piezas configurables dentro CAUTION Read the instruction manual prior to operation ATTENTION Lire le mode d emploi avant utilisation ACHTUNG Lese...

Page 6: ...This page intentionally left blank AG 5500 vi...

Page 7: ...Access Control 7 Bandwidth Management 8 Bridge Mode 8 Command Line Interface 9 Dynamic Address Translation 9 Dynamic Transparent Proxy 9 End User Licensee Count 9 External Web Server Mode 10 Home Page...

Page 8: ...30 Installation Workflow 31 Powering Up the System 32 Logging In to the Command Line Interface 33 The Management Interfaces CLI and Web 35 Making Menu Selections and Inputting Data with the CLI 36 Men...

Page 9: ...me Page Redirect 89 Enabling Intelligent Address Translation iNAT 90 Defining IPSec Tunnel Settings IPSec 91 Establishing Your Location Location 97 Managing the Log Options Logging 102 Enabling MAC Au...

Page 10: ...gs List 175 Subscriber Administration Menu 176 Adding Subscriber Profiles Add 176 Displaying Current Subscriber Connections Current 179 Deleting Subscriber Profiles by MAC Address Delete by MAC 180 De...

Page 11: ...leting a Route Route Delete 239 Establishing Session Rate Limiting Session Limit 240 Adding Static Ports Static Port Mapping Add 241 Deleting Static Ports Static Port Mapping Delete 243 Blocking a Sub...

Page 12: ...ions 277 Nomadix Vendor Specific Attributes 279 Setting Up the SSL Feature 280 Prerequisites 280 Obtain a Private Key File cakey pem 280 Installing Cygwin and OpenSSL on a PC 281 Private Key Generatio...

Page 13: ...00 s subscriber interface It also includes an outline of the authorization and billing processes utilized by the system and the Nomadix Information and Control Console Chapter 4 Quick Reference Guide...

Page 14: ...gments Product Configuration and Licensing All Nomadix Access Gateway products including the AG 5500 are powered by our patented and patent pending suite of embedded software called the Nomadix Servic...

Page 15: ...nvestment to create new revenue streams z Enables you to provide Wi Fi access as a billable service or as an amenity to augment the main line of business for your venue z The AG 5500 contains an advan...

Page 16: ...d Dynamic Address Translation DAT functionality offers a true plug and play solution by enabling a seamless and transparent experience and the tools to acquire new customers on site DAT greatly reduce...

Page 17: ...0 provides fine grain management of DoS Denial of Service attacks through its Session Rate Limiting SRL feature and MAC filtering for improved network reliability 5 Step Service Branding A network ena...

Page 18: ...ackage of features includes z Access Control z Bandwidth Management z Bridge Mode z Command Line Interface z Dynamic Address Translation z Dynamic Transparent Proxy z End User Licensee Count z Externa...

Page 19: ...login is permitted only if a match is made with the master list contained within the NSE If a match is not made the login is denied even if a correct login name and password are supplied The access c...

Page 20: ...dwidth dynamically by the minute or on an hourly daily weekly or monthly basis and also adjust the pricing plan for their service see graphic Bridge Mode This feature allows complete and unconditional...

Page 21: ...are The NSE supports both PPTP and IPSec VPNs in a manner that is transparent to the user and that provides a more secure standard connection See also Transparent Connectivity on page 4 Dynamic Transp...

Page 22: ...If you choose to use the EWS interface Nomadix Technical Support can provide you with sample scripts See also Contact Information on page 305 Home Page Redirect The NSE supports a comprehensive HTTP...

Page 23: ...able pool of publicly routable IP addresses The same public IP address can be used as a source IP to support concurrent tunnels to different termination devices offering unmatched efficiency in the ut...

Page 24: ...ers See also z 5 Step Service Branding on page 5 z Logout Pop Up Window on page 13 z Information and Control Console ICC on page 254 Internal Web Server The NSE offers an embedded Internal Web Server...

Page 25: ...ool address the NSE associates their MAC address with their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a private pool address Thi...

Page 26: ...tocol that assures accurate synchronization to the millisecond of computer clock times in a network of computers NTP synchronizes the client s clock to the U S Naval Observatory master clocks Running...

Page 27: ...of the individual configuration files and their download frequency status are downloaded from an FTP server into the flash of the Nomadix device 2 Defines the automated login into the centralized FTP...

Page 28: ...RADIUS Proxy functionality is the ability to route RADIUS messages depending on the Network Access Identifier NAI Both prefix based for example ISP username ISP net and suffix based username ISP net N...

Page 29: ...lso the secure management of third party devices for example WLAN Access Points and 802 3 switches on private subnets on the subscriber side of the Nomadix gateway See also Enabling Secure Management...

Page 30: ...ize and enhance their product installations This feature allows the operator to use Nomadix popular XML API using the built in SSL certificate functionality in the NSE so that parameters passed betwee...

Page 31: ...ing an SNMP Manager on page 59 z Installing the Nomadix Private MIB on page 55 Tri Mode Authentication The NSE enables multiple authentication models providing the maximum amount of flexibility to the...

Page 32: ...such as finance yahoo com sports yahoo com etc The system administrator can dynamically add or remove up to 300 specific IP addresses and domain names to be filtered for each property Walled Garden T...

Page 33: ...ipped with a dedicated PMS port to facilitate connectivity with a customer s Property Management System Billing Records Mirroring NSE powered devices can send copies of credit card and optionally PMS...

Page 34: ...Billing Records Mirroring on page 21 High Availability Module The optional High Availability Module offers enhanced network uptime and service availability when delivering high quality Wi Fi service...

Page 35: ...the NSE s optional Hospitality Module our Meeting Room Scheduler MRS application can further enhance your product s integration into the hospitality environment The MRS allows hotel desk clerks to sc...

Page 36: ...oyed effectively in a variety of wireless and wired broadband environments where there are many users usually mobile who need high speed access to the Internet The following example shows a potential...

Page 37: ...m H Weight 6 61 lbs Weight 3 00Kg OPERATING VOLTAGE 100 to 240 VAC 50 60 Hz Auto Sensing POWER CONSUMPTION 65 watts ENVIRONMENTAL Operating temperature 5 C to 40 C Storage temperature 0 C to 70 C Oper...

Page 38: ...ower NETWORK MANAGEMENT Multi Level Administration Controls Integrated VPN Client IPSec for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port SNMPv2...

Page 39: ...5500 and you want to access information quickly and efficiently It contains all the information you will find in this User s Guide For more information about WebHelp and other online documentation re...

Page 40: ...This page intentionally left blank AG 5500 28 Introduction...

Page 41: ...ablishing the Start Up Configuration z Logging Out and Powering Down the System z Connecting the AG 5500 to the Customer s Network z Establishing the Basic Configuration for Subscribers z Archiving Yo...

Page 42: ...odem NM 1 Cable CATS5 standard 7 ft length 1 Cable CATS5 crossover 7 ft length 1 Screw 10 32 X 1 2 PH with internal washer 4 Screw 4 40 5 16 flathead 100 deg 8 Plastic bumper feet 4 Universal mounting...

Page 43: ...pt you to reboot the system Connect the AG 5500 to the customer s network Power up the AG 5500 and log in via a Telnet session or the Web Management Interface Set the basic configuration parameters fo...

Page 44: ...he AG 5500 and your laptop computer and to power up the system 1 Place the AG 5500 on a flat and stable work surface 2 Connect the power cord 3 Connect the DB9 serial cable between the AG 5500 s seria...

Page 45: ...a login prompt appears on your screen The default login user name is admin The password is admin Login names and passwords are case sensitive 3 Enter admin when prompted for a user name and password T...

Page 46: ...AG 5500 34 Installing the AG 5500...

Page 47: ...Network Info z Port location z Subscribers z System The AG 5500 supports various methods for managing the system remotely These include an embedded graphical Web Management Interface WMI an SNMP clien...

Page 48: ...access the CLI s Help screen When using the CLI if a procedure asks you to enter sn this means you must type sn and press the Enter key The system does not accept data or commands until you hit the En...

Page 49: ...AG 5500 Installing the AG 5500 37 Note Your browser preferences or Internet options should be set to compare loaded pages with cached pages...

Page 50: ...subscriber other messages 72 Description of Service billing options Plan 140 Home Page URL 237 Host Name and Domain Name DNS settings 64 IP DNS Name passthrough addresses 237 Label billing options pl...

Page 51: ...ion resources available from our corporate Web site www nomadix com include a full PDF version of this User s Guide viewable with Acrobat Reader version 4 0 or higher white papers technical notes and...

Page 52: ...manage the AG 5500 securely z Setting the SNMP Parameters optional The SNMP Simple Network Management Protocol parameters must be established before you can use an SNMP client for example HP OpenView...

Page 53: ...ibers to see the AG 5500 on the network Use this address when you need to make a network connection with the AG 5500 z Assigning the Subnet Mask The subnet mask defines the number of IP addresses that...

Page 54: ...nter lo login The system prompts you for the current login If this is the first time you are changing the login parameters since initializing the AG 5500 the default login name and password is admin 3...

Page 55: ...d identifiers The SNMP parameters include your contact information the get set communities and the IP address of the trap recipient Your SNMP manager needs this information to enable network managemen...

Page 56: ...nd you can terminate this procedure 3 Assign a valid ID number 0 7 to each server 4 Enter the IP addresses to identify the location of the system and AAA SYSLOG servers on the network the default for...

Page 57: ...nter System Report log number 0 7 0 2 Enter System Report log server IP 0 0 0 0 9 10 11 12 Enter System Report log Interval minutes 10 Enable disable Tracking log disabled enable Enter Tracking number...

Page 58: ...AG 5500 46 Installing the AG 5500 System Report log Save to file Disabled Tracking logging Enabled Tracking log number 1 Tracking log server IP 8 9 10 11 Tracking log Save to file Disabled...

Page 59: ...address the default address is 10 0 0 10 and prompts you for a valid address The network interface IP address is the public IP address that allows administrators to see the AG 5500 on the network Use...

Page 60: ...ip newzip Country country newcountry Please enter your email address em em com newmail email com Please select the venu type that most reflects your location 1 Apartment 2 Bar Coffeeshot Restaurant 3...

Page 61: ...lling area code 818 818 Please enter your network SSID Zone samplezonename The system must be reset to function properly Reboot yes no y Your new settings are displayed and the AG 5500 reboots When th...

Page 62: ...ween the AG 5500 and your computer Connecting the AG 5500 to the Customer s Network Use this procedure to connect the AG 5500 to the customer s network after the start up configuration parameters have...

Page 63: ...AG 5500 Installing the AG 5500 51 3 Connect the power cord and turn on the AG 5500 4 Go to Establishing the Basic Configuration for Subscribers on page 52 To Network To Subscribers Front Panel...

Page 64: ...this service on the AG 5500 you can either enable the DHCP relay routed to an external DHCP server IP address or you can enable the AG 5500 to act as its own DHCP server In both cases DHCP functionali...

Page 65: ...r Netmask Start IP End IP Lease Type IPUp 208 11 0 4 255 255 0 0 208 11 0 5 208 11 0 7 20 PRIV NO 10 0 0 4 255 255 255 0 10 0 0 5 10 0 0 250 30 PRIV NO Default IP Pool DHCP IP Pools Configuration 0 Sh...

Page 66: ...ers the default for the DNS primary address is 0 0 0 2 5 Enter the IP addresses for the DNS servers located at the customer s network operating center where DNS requests are sent 6 Enter y yes to rebo...

Page 67: ...file from the CD ROM you will be able to view and manage SNMP objects on your AG 5500 Procedure 1 Import the nomadix mib file into your SNMP client manager 2 Connect to the AG 5500 from a node on the...

Page 68: ...This page intentionally left blank AG 5500 56 Installing the AG 5500...

Page 69: ...nterface options z Using the Web Management Interface WMI Provides a powerful and flexible Web interface for network administrators z Using an SNMP Manager Allows remote Windows management using an SN...

Page 70: ...name and password To access any menu item from the WMI simply click on the item you want The corresponding work screen then appears in the right side frame From here you can control the features and s...

Page 71: ...These objects include hardware configuration parameters and performance statistics Managed objects are arranged into a virtual information database called a Management Information Base MIB SNMP enabl...

Page 72: ...he feature is mentioned in the body text Configuration Menu Defining the AAA Services AAA This procedure shows you how to set up the AAA Authentication Authorization and Accounting service options AAA...

Page 73: ...AG 5500 System Administration 61...

Page 74: ...sable the XML Interface as required XML eXtensible Markup Language is used by the AG 5500 s subscriber management module for port location and user administration Enabling the XML interface allows the...

Page 75: ...ith these variables sent to the server it can now send the XML command to bill the users properly Print Server IP needs to be entered as one of the XML server IP for the command to successfully comple...

Page 76: ...PMS billing and have a meeting room with a plan of 14 99 an hour with Credit Card billing In order for the port based policies to work you must enable Port Based Billing Policies See also Adding and U...

Page 77: ...e and you have the certificate files server pem cakey pem and cacert pem on the flash After selecting the Internal Web Server authorization mode you have the option of enabling or disabling the Userna...

Page 78: ...tions for obtaining certificates are provided by Nomadix 3 If you want to designate a portal page you must enable the Portal Page feature otherwise leave this feature disabled 4 If you enabled the Por...

Page 79: ...ll down menu You will need to open a merchant account with Authorize net Chainfusion or Datacenter Luxembourg before this feature can be used Please contact Nomadix Technical Support for assistance Re...

Page 80: ...lient Support as required if enabled your license key must support this feature 13 You can assign a session idle timeout parameter for subscribers see following note To assign an idle timeout simply e...

Page 81: ...ess for the External Web Server 4 Enter a valid External login page URL 5 You can assign a session idle timeout parameter for subscribers see following note To assign an idle timeout simply enter a nu...

Page 82: ...not been blocked and only if a match is made with the master Source IP list contained on the AG 5500 If a match is not made with the Source IP list the login is denied even if a correct login name an...

Page 83: ...AG 5500 System Administration 71 1 From the Web Management Interface click on Configuration then Access Control The Access Control screen appears...

Page 84: ...Access enables disables blocking of SSH shell access from the subscriber side to the NSE CLI Default setting is disabled 5 Click the check box for Access Control if you want to enable this feature th...

Page 85: ...access control list you must now enter the ending IP address in the Access Control End IP field If you are removing a single IP address enter None in the Access Control End IP field 10 Click on the R...

Page 86: ...guration The Autoconfiguration Settings screen appears 2 Enable or disable Autoconfiguration as required 3 If you enabled Autoconfiguration you must enter the following information into the correspond...

Page 87: ...he automated login into the centralized FTP server and the actual download process into the flash The Auto Configuration setup requires a few basic steps to be completed by both the field engineer and...

Page 88: ...ver with the configuration files 5 The following diagram shows a sample RADIUS configuration file meta file and illustration of the FTP server setup The Nomadix device will automatically initiate one...

Page 89: ...then Bandwidth Management The Bandwidth Management screen appears 2 If required click the check box for Bandwidth Management Enabled 3 If you enabled Bandwidth Management enter the uplink and downlin...

Page 90: ...ionally if the primary and secondary servers are down the AG 5500 can store up to 2 000 credit card transaction records When a connection is re established with either server the AG 5500 sends the sto...

Page 91: ...IP z URL z Secret Key 5 Repeat Step 4 for the secondary server if any and all carbon copy servers 6 Define the fail safe provisions including z Retransmit Method Alternate or do not alternate z Number...

Page 92: ...ility on their computer To enable this service on the AG 5500 you can either enable the DHCP relay routed to an external DHCP server IP address or you can enable the AG 5500 to act as its own DHCP ser...

Page 93: ...ith their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a private pool address This feature enables a competitive solution and is an...

Page 94: ...k on the Add button The Add DHCP Pools screen appears 9 Enter a valid DHCP Server IP address for the DHCP server 10 Enter the DHCP Server Netmask 11 Enter the starting and ending IP addresses for the...

Page 95: ...revious page 16 You must now reboot the system for the new settings to take effect Click the check box for Reboot after changes are saved then click on the Submit button to save your changes and reboo...

Page 96: ...imary secondary or tertiary third DNS server The AG 5500 utilizes whichever server is currently available Use the following procedure to set the DNS configuration options 1 From the Web Management Int...

Page 97: ...rt and a Proxy DNS Port 6 When finished you must reboot the system for the new settings to take effect Click on the check box for Reboot after changes are saved to reboot the system after saving your...

Page 98: ...Dynamic DNS Options Dynamic DNS These settings can be accessed under the following menus WMI Configuration z Go to Configuration Dynamic DNS CLI Configuration z Go to Configuration dyndns z Go to Conf...

Page 99: ...ol the vendor supports Server and Port to which the client sends updates to the DDNS server Account Information The Host Name is the DDNS name mapped to the client IP address DDNS mapping is configure...

Page 100: ...r the GRE Interface IP Address This is the IP of the local GRE interface on the AG 5500 5 Enter the GRE Interface Subnet Mask This is the subnet mask for the GRE connection 6 Enter the GRE Interface D...

Page 101: ...ected home page in the Home Page URL field 4 If required click on the check box for Parameter Passing Parameter passing allows the AG 5500 to track a subscriber s initial Web request usually their hom...

Page 102: ...protocol for example GRE IKE etc 1 From the Web Management Interface click on Configuration then iNAT The iNAT screen appears 2 Enable of disable the iNAT feature as required 3 If you enabled iNAT yo...

Page 103: ...uration IPSec to configure settings and Network Info IPSec to view IPSec Tunnel status The IPSEC Tunnel Settings screen appears To enable this feature click on the Enable IPSEC check box Enable disabl...

Page 104: ...er Peer Authentication Method z Choice of Pre shared key or X 509 certificates z Enter the Pre shared Key in the Shared Key text field if Pre shared Key is selected z Enter the filename of the private...

Page 105: ...rity Parameters z Encryption Algorithm at least one must be selected z Hash Algorithm at least one must be selected z Key Strength a k a Diffie Hellman either Group 1 768 bit or Group 2 1024 bit z Lif...

Page 106: ...AG 5500 94 System Administration IPSec Tunnel Security Policies...

Page 107: ...could specify a host z Subnet Mask This is the subnet mask of the remote network secured by the IPSec tunnel z Remote Port 0 is for all ports only if protocol is UDP or TCP z Local End z Choice of us...

Page 108: ...cryption algorithms z ESP AH select all acceptable authentication algorithms z Perfect Forward Secrecy Strength z Maximum Lifetime z Maximum Life size z Automatic renewal z Perfect Forward Secrecy che...

Page 109: ...s up your location and the corresponding IP addresses for the network interface subscriber interface subnet and default gateway You must provide your full location information 1 From the Web Managemen...

Page 110: ...AG 5500 98 System Administration...

Page 111: ...Network SSID Zone You must reboot the system if you make changes to any of the following IP settings You may lose your connection if you change the IP settings incorrectly using invalid IP addresses...

Page 112: ...PPP Authentication z Username This is the username for PPP based authentication required by your service provider z Password This is the password for PPP based authentication required by your service...

Page 113: ...to transmit data to the Internet 7 When finished you must reboot the system for the new settings to take effect Click on the check box for Reboot after changes are saved to reboot the system after sa...

Page 114: ...ation and Accounting functions You can enable either of these options 1 From the Web Management Interface click on Configuration then Logging The Log Settings screen appears Although the AAA and billi...

Page 115: ...AG 5500 System Administration 103...

Page 116: ...amed syslog txt in the flash directory of the NSE This setting abides by the other settings set for the syslogs like filters number and enable disable It is not required to input a server IP address i...

Page 117: ...2007 testlab S 192 168 2 4 3444 D 66 163 175 128 80 X 67 130 149 4 5004 non proxy 00 90 27 78 81 00 RADIUS IPASS 0U0000 INFO AG 5500 v2 4 113 LI OUT THU JUN 23 11 44 01 2007 testlab S 192 168 2 4 344...

Page 118: ...es to their previous state When logging is enabled log files and error messages are sent to these servers for future retrieval To see sample reports go to Sample SYSLOG Report on page 270 and Sample A...

Page 119: ...guration z Go to Configuration MAC authentication CLI Configuration z Go to configuration macauth SNMP Configuration z Go to nse aaa aaaMacAuth enterprises 3309 1 x 2 28 for MAC based Authentication c...

Page 120: ...will be expressed in the RADIUS username and password attributes The RADIUS server must use the same format Default setting is aa bb cc dd ee ff MAC Address Hex Alpha Case Specifies in the MAC addres...

Page 121: ...le this feature 3 In the MRS XML IP field enter the IP address of the machine that will process XML commands for the Meeting Room Scheduler MRS application 4 Click on the Submit button to save your ch...

Page 122: ...d to the broadband Internet service This is useful if solution providers want to openly promote selected services to all users even if they are not currently subscribing paying for access Allowing up...

Page 123: ...the pass through you want to add or remove from the system 4 If adding this pass through click on the Add button otherwise click on Remove to delete this pass through from the list The system only acc...

Page 124: ...settings a PMS must be connected to the AG 5500 via the serial port on the rear panel See also Connecting the AG 5500 to the Customer s Network on page 50 The AG 5500 can query most popular Property...

Page 125: ...S TSPS 1BT2 TEST RSI z Galaxy Post Only z Marriot z NH post paid only z Micros Fidelio Query Post Post Only and Post Only with TCP IP z Micros 1700 2000 3700 4700 8700 System Software Emulation 1 From...

Page 126: ...AG 5500 114 System Administration...

Page 127: ...st Name z OnQ Compliant Enable this option if you want to use Nomadix Micros POS emulation to query post to Hilton Corporation s OnQ PMS system The pre paid option requires hotel guests to pre pay for...

Page 128: ...ause some Property Management Systems do not allow you to enter characters you must enter these service descriptions as a numeric value only no characters or delimiters The numbers must be entered in...

Page 129: ...Setting Up Port Locations Port Location Port Location allows you to establish the mode of operation for devices 1 From the Web Management Interface click on Configuration then Port Location The Port...

Page 130: ...ct 802 1Q one way or 802 1Q two way VLAN IDs if you are using a device that understands VLAN IDs These options tell the AG 5500 that the device can process VLAN IDs to identify which port location the...

Page 131: ...ogin after migration Enable box For cascading Tut and RFC1493 compliant systems click on the associated Cascading button The Cascading Support screen appears allowing you to enter the IP address and S...

Page 132: ...xample http 219 57 108 103 1111 usg roommapping The Enter Network Password prompt appears AG 5500 multiple VLAN tagged systems can use the same tags and be placed on different Subscriber ports Althoug...

Page 133: ...ode you want to assign to this room z Room Free Access z Room For Charge z Room Blocked 6 Click on the Submit button to save your changes 7 Repeat Steps 4 through 6 for each room see note If you leave...

Page 134: ...t authenticates the customer with the RADIUS server applies associated attributes stored in that customer s profile and logs their activity including bytes transferred connect time etc The AG 5500 s R...

Page 135: ...AG 5500 System Administration 123 1 From the Web Management Interface click on Configuration then RADIUS Client The RADIUS Client Settings screen appears...

Page 136: ...nt to enable the URL redirection feature click on the check box for Enable URL Redirection 4 For a Network Access Server NAS if you want to send a NAS identifier with your account access request click...

Page 137: ...le WAN 802 1q Attribute To enable the default 802 1q tag click on the check box for Enable Default 802 1q Tag for System Traffic and if necessary enter the tag number see caution 13 Enable or disable...

Page 138: ...ent realms can be set up to directly channel RADIUS messages to the various RADIUS servers For additional RADIUS information see also z Defining the RADIUS Client Settings RADIUS Client on page 122 z...

Page 139: ...t to add a new Upstream RADIUS NAS for example an 802 11 Access Point on the subscriber side of the AG 5500 click on the Add button The Add Upstream RADIUS NAS screen appears 6 To make this entry the...

Page 140: ...ns 12 Repeat Steps 5 through 11 to add more Upstream RADIUS NAS definitions as required 13 To view your configured RADIUS Service Profiles and Realm Routing Policies click on the link Click here to se...

Page 141: ...s procedure when setting up RADIUS Service Profiles up to 10 and Realm based Routing Policies up to 50 For additional RADIUS information see also z Defining the RADIUS Client Settings RADIUS Client on...

Page 142: ...AG 5500 130 System Administration 1 From the Web Management Interface click on Configuration then RADIUS Routing The RADIUS Routing Settings screen appears...

Page 143: ...based users This is to handle users that will login with a username in the format type of ISP username In this case the delimiter is and what appears before it ISP is the realm name Create a RADIUS se...

Page 144: ...ent to continue The secret key is a valuable and necessary security measure 5 Repeat Steps 2 through 4 for the secondary RADIUS authentication server if used Accounting This category requires input fo...

Page 145: ...the data 4 Click on the Add button to add this RADIUS Service Profile 5 When you have completed the definition of your RADIUS Service Profile you can return to the previous screen RADIUS Routing Sett...

Page 146: ...henticating subscribers In this example it is checked and so realm information will be stripped leaving only the simple username and password to be passed to the tunnel server The tunnel server in thi...

Page 147: ...return to the previous screen RADIUS Routing Settings by clicking on the Back to Main RADIUS Routing Settings page link The screen below shows a realm routing policy that handles prefix based usernam...

Page 148: ...case is and a tunnel profile LNSOne is selected instead of a RADIUS service profile This means that this realm routing policy will match usernames that are of the format username tcisp com Since this...

Page 149: ...he Local hostname field is also blank is this example which means that the NSE will use the default value of usg_lac during tunnel negotiation Configure RADIUS Client The NSE RADIUS client must be set...

Page 150: ...500 138 System Administration The Realm Routing Policy you just created is added to the list Your new RADIUS Service Profiles are added to this list Your new Realm Routing Policies are added to this l...

Page 151: ...MTP Redirection Misconfigured to enable this feature for misconfigured subscribers 3 Click on the check box for SMTP Redirection Properly Configured to enable this feature for properly configured subs...

Page 152: ...etwork management over the Internet To do this you must set up the SNMP communities and identifiers For more information about SNMP see Using an SNMP Manager on page 59 1 From the Web Management Inter...

Page 153: ...nable network management over the Internet 4 When finished you must reboot the system for the new settings to take effect Click on the check box for Reboot after changes are saved to reboot the system...

Page 154: ...ublic access networks For example z Establish a maximum of 15 different DHCP pools for routable IP addresses at the same time z Establish a maximum of 10 different public IP subnets that will not be a...

Page 155: ...subnet mask for this subnet in the Subnet Mask field 5 Click on the Back to Main Subnet Configuration Page link to return to the previous screen Public Subnets Settings To edit the Current Public DHCP...

Page 156: ...y You can display a summary listing of all your current Configuration settings To view the summary listing go to the Web Management Interface click on Configuration then click on Summary The Summary o...

Page 157: ...he relevant fields z Year z Month 1 12 z Day 1 31 z Hour 0 23 z Minute 0 59 After entering new data for the final parameter minutes the system writes the information into its BIOS then displays the ne...

Page 158: ...for Hours and Minutes in the appropriate fields and define whether this time is plus or minus from the pull down menu 4 When finished click on the Submit button to save your changes or click on the R...

Page 159: ...as finance yahoo com sports yahoo com etc The system administrator can dynamically add or remove specific IP addresses and domain names to be filtered for each property 1 From the Web Management Inter...

Page 160: ...rred management protocol but also the secure management of third party devices for example WLAN Access Points and 802 3 switches on private subnets on the subscriber side of the Nomadix gateway The ad...

Page 161: ...ion Basic IPSec parameters must be entered by the system administrator to successfully establish the VPN session We recommend that you create different private subnets behind the VPN termination devic...

Page 162: ...P Address Resolution Protocol assignments ARP is used to dynamically bind a high level IP address to a low level physical hardware MAC address ARP is limited to a single physical network that supports...

Page 163: ...ress Translation DAT allows all users to obtain network access regardless of their computer s network settings To view the DAT Session Table go to the Web Management Interface click on Network Info th...

Page 164: ...red This table includes the assigned host names their corresponding IP addresses and any aliases that may be assigned to each host Hosts provide services to other computers that are linked to it by a...

Page 165: ...a standard Internet protocol that delivers error and control messages from hosts to message requestors These statistics are presented as a listing which details the current status of each ICMP transmi...

Page 166: ...isplay the network interfaces which are presented as a detailed listing of all interface communication elements and their current status To view the Network Interfaces go to the Web Management Interfa...

Page 167: ...er the network By using IP addressing Internet Protocol ensures that the data reaches its destination even though different packets may pass through different networks to get to the same location To v...

Page 168: ...ing You can display the current Routing Tables including any dynamically generated routes unreachable routes or wildcard routes To view the Routing Tables go to the Web Management Interface click on N...

Page 169: ...tions Sockets You can display a table which provides a detailed listing of all currently active IP Internet Protocol connections To view the Socket Table go to the Web Management Interface click on Ne...

Page 170: ...pping You can display a table which provides a detailed listing of the currently active static port mapping scheme To view the Static Port Mapping Table go to the Web Management Interface click on Net...

Page 171: ...ocol statistics which are presented as a detailed listing of all TCP elements and their current status TCP is a standard protocol that manages data transmissions across networks To view the TCP Statis...

Page 172: ...d listing of all UDP elements and their current status UDP is an Internet standard transport layer protocol It is a connectionless protocol which adds a level of reliability and multiplexing to the In...

Page 173: ...individually configured This ability allows for having different billing methods and billing plans on different ports of the NSE A practical application of this feature is to have a normal hotel room...

Page 174: ...AG 5500 162 System Administration...

Page 175: ...m or location The AG 5500 uses a port location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port Adding a Port Location Assignment...

Page 176: ...ailable Refer to the Note Port based Policies should be enabled from the Configuration AAA page for these settings to take effect z Choose Enable RADIUS Billing if you want RADIUS billing to be enable...

Page 177: ...the per port enable Tunneling parameter is set 7 Click on the Add button to save your changes the message Entry added or updated in the location file appears or click on the Reset button if you want t...

Page 178: ...nts The AG 5500 displays a warning and prompts you to confirm this action before deleting all the port locations currently assigned in the system 1 From the Web Management Interface click on Port Loca...

Page 179: ...ation of the port location assignment you want to delete 3 Click on the Delete button to delete the specified port location assignment or click on the Reset button if you want to reset the location va...

Page 180: ...ation then Delete by Port The Delete Port Location Assignments by Port screen appears 2 In the Port field enter the port of the assignment you want to delete 3 Click on the Delete button to delete the...

Page 181: ...red in flash location txt resident in the AG 5500 s flash memory 1 From the Web Management Interface click on Port Location then Export The Export Port Location Assignments screen appears 2 Click on t...

Page 182: ...m the Web Management Interface click on Port Location then Find by Description The Find a Port Location Assignment by Description screen appears 2 In the Enter Description field enter the description...

Page 183: ...From the Web Management Interface click on Port Location then Find by Location The Find a Port Location Assignment by Location screen appears 2 In the Enter Location field enter the location of the a...

Page 184: ...eir description or location 1 From the Web Management Interface click on Port Location then Find by Port The Find a Port Location Assignment by Port screen appears 2 In the Enter Port field enter the...

Page 185: ...ocation Assignments screen appears 2 Click on the Import button to import port location assignments from the flash location txt file If you have never exported port location assignments since installi...

Page 186: ...n assignments location port modem MAC address for RiverDelta subnet state description z Location Locations are assigned as an alpha numeric or alpha numeric value unless a PMS interface is used in whi...

Page 187: ...Mappings List You can display a listing of all port locations assigned to this system To view the listing of port location assignments go to the Web Management Interface click on Network Info then cl...

Page 188: ...to limit access to pre qualified users only For more information about subscriber access and billing options see the following sections z Authorization and Billing on page 246 z Subscriber Management...

Page 189: ...Database screen appears 2 Choose Subscriber or Device for this profile 3 Define the DHCP Address Type Public or Private only used when the IP Upsell feature is enabled otherwise leave this set to pri...

Page 190: ...er must re subscribe to the service 13 Enable or disable the Count down after Login feature as required 14 Enter an amount in the Paid field 15 The next two fields User Definable 1 and User Definable...

Page 191: ...their connection to the Internet was not completed By reviewing the byte statistics you can clearly see if the subscriber made a successful connection To view the list of Current Subscriber Connection...

Page 192: ...ubscriber Administration then Delete by MAC The Delete a Subscriber Profile by MAC screen appears 2 In the Enter MAC Address field enter the MAC address of the profile you want to delete 3 Click on th...

Page 193: ...k on Subscriber Administration then Delete by User The Delete a Subscriber Profile by User screen appears 2 In the Username field enter the user name of the profile you want to delete 3 Click on the D...

Page 194: ...to network devices DHCP leases define the amount of time that subscribers can utilize the system s DHCP service To view the list of Currently Allocated DHCP Leases go to the Web Management Interface c...

Page 195: ...red subscriber profiles from the AG 5500 s database of authorized subscribers Use this procedure when you want to clean up the subscriber database 1 From the Web Management Interface click on Subscrib...

Page 196: ...sponding to the MAC address Statistics include user name and password if any and the access time remaining for this subscriber 1 From the Web Management Interface click on Subscriber Administration th...

Page 197: ...responding to the user name Statistics include the subscriber s MAC address and the access time remaining for this subscriber 1 From the Web Management Interface click on Subscriber Administration the...

Page 198: ...ibers based on MAC addresses To view the list of Authorized Subscriber Profiles go to the Web Management Interface click on Subscriber Administration then click on List by MAC The Authorized Subscribe...

Page 199: ...rently active database of authorized subscribers based on their user names To view the list of Authorized Subscriber Profiles go to the Web Management Interface click on Subscriber Administration then...

Page 200: ...messages or 320000 bytes when and if necessary the oldest records are purged to make room for new records If the logfile is disabled the current logfile is purged from the flash If this is re enabled...

Page 201: ...es the number of subscribers currently in the database Current Table and a numerical breakdown of how the subscribers can utilize the system for example free access credit card etc The total number of...

Page 202: ...rver IWS to allow users online on a time X over period Y basis Standard billing plans where time X period Y can be used concurrently with X over Y plans For example multiple plans with flexible billin...

Page 203: ...AG 5500 System Administration 191 The Internal Billing Options Setup screen appears...

Page 204: ...active To view or edit a billing plan simply click on the View Edit Delete button opposite the corresponding plan The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup...

Page 205: ...AG 5500 System Administration 193 Sample of Internal Billing Options XoverY Plan Setup Screen...

Page 206: ...Define the DHCP Pool public or private see following note 8 Click on the Submit this Plan button to save your changes and establish this billing plan Alternatively you can click on the Delete this Pl...

Page 207: ...state Setting Up an X over Y Billing Plan 1 If required click on the Enable check box to enable make active this billing plan 2 Define a label for this billing plan in the Label field 3 Enter a descr...

Page 208: ...ternatively you can click on the Delete this Plan button if you want to delete this plan or click on the Reset button if you want to reset all the values to their previous state 12 Click on the Back b...

Page 209: ...rovide a choice of redirection options The AG 5500 also lets System Administrators define a simple HTML based pop up window for explicit Logout that can be used as an alternative to the more fully fea...

Page 210: ...AG 5500 198 System Administration...

Page 211: ...ld 4 Define the physical location where you want the Nomadix Logout Console to appear on the subscriber s screen Choose one of the following options z Upper Left Corner z Upper Right Corner z Lower Le...

Page 212: ...age z Target URL Where subscribers are sent when they click on the button z Image Name The representative image file you want to use for the button When assigning images for buttons refer to Pixel Siz...

Page 213: ...that buttons use see Assigning Buttons on page 200 with the addition of 3 three more These are z Duration Defines how long the banner is displayed in the ICC z Start Time This is an optional parameter...

Page 214: ...e definitions click on the check box for Reboot after changes are saved to reboot the AG 5500 4 When finished click on the Submit button to save your changes or click on the Reset button if you want t...

Page 215: ...s height z ISP Button 98 pixels width x 26 pixels height z Small buttons 45 pixels width x 26 pixels height Time Formats Use the following formats when defining times z Duration for Banners 1 through...

Page 216: ...e language you select here will determine the language encoding that the AG 5500 s Internal Web Server instructs the browser to use The available language options are z English z Chinese Big 5 z Frenc...

Page 217: ...nd display Japanese characters on the Web Management Interface and the subscriber s portal page choose the Japanese Shift_JIS option If you want to have the ICC displayed in English but enter and disp...

Page 218: ...ould be labeled using the 8 3 format 2 Go to WMI Subscriber Interface Local Web Server and add the names of the HTML or image files that were uploaded to the flash web directory 3 Reboot the NSE 4 The...

Page 219: ...added in order for it to be served to the end users Uploading the web page to the web directory is not sufficient Image File Name This text box lets you add or remove the names of the image files tha...

Page 220: ...in UI Login UI This procedure allows you to set up the presentation and content of the subscriber s login User Interface UI 1 From the Web Management Interface click on Subscriber Interface then Login...

Page 221: ...Click on the check box for Enable Remember Me option if you want to enable or disable this feature This option enables the AG 5500 to remember logins for a predetermined duration see next step 5 If y...

Page 222: ...ou may want to experiment before establishing these settings to ensure that your chosen color scheme is both presentable and readable to subscribers see notes If you click on the View Color Grid link...

Page 223: ...st reboot the AG 5500 for your changes to take effect In this case click on the check box for Reboot after changes are saved 12 Click on the Submit button to save your changes or click on the Reset bu...

Page 224: ...n means that this functionality is available for other post paid billing mechanisms for example post paid PMS if your product license supports PMS The IWS page displays the details of the user s conne...

Page 225: ...AG 5500 System Administration 213 1 From the Web Management Interface click on Subscriber Interface then Post Session UI The Subscriber Post Session User Interface Settings screen appears...

Page 226: ...If you enabled the Hypertext Link URL feature enter the URL for the link in the Hyper Text Link URL field 5 Define the following Field Label Definitions for your Goodbye Page z Session Summary z IP Ad...

Page 227: ...he Subscriber Page Control Button Definitions screen appears 2 Enter the definitions you want for each control button in the corresponding fields 3 Click on the Submit button to save your changes or c...

Page 228: ...scriber Labels This procedure allows you to define how the user interface UI field labels are displayed to subscribers 1 From the Web Management Interface click on Subscriber Interface then Subscriber...

Page 229: ...or each label in the corresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to rese...

Page 230: ...iber Errors 1 of 2 The Subscriber Page Error Message Definitions 1 of 2 screen appears 2 Enter the definitions you want for each error message in the corresponding fields 3 Click on the Submit button...

Page 231: ...AG 5500 System Administration 219 4 Repeat Steps 1 3 for page 2 of 2 see following screen...

Page 232: ...dure allows you to define how other subscriber messages are displayed 1 From the Web Management Interface click on Subscriber Interface then Subscriber Messages 1 of 3 The Subscriber Page Other Messag...

Page 233: ...orresponding fields 3 Click on the Submit button to save your changes or click on the Reset button if you want to reset all the values to their previous state If you want to reset all field values to...

Page 234: ...AG 5500 222 System Administration 5 Repeat Steps 1 3 for page 3 of 3 see following screen...

Page 235: ...hat supports hardware broadcasting This procedure shows you how to add an ARP table entry 1 From the Web Management Interface click on System then ARP Add The Add ARP Table Entries screen appears 1 En...

Page 236: ...ingle physical network that supports hardware broadcasting This procedure shows you how to delete an ARP table entry 1 From the Web Management Interface click on System then ARP Delete The Delete ARP...

Page 237: ...rators to effectively remove the AG 5500 from the network without physically disconnecting the unit You can still manage the AG 5500 when Bridge Mode is enabled but you have no other functionality If...

Page 238: ...the configuration settings and you are unsure of the effect that the changes will have You can restore the archived system configuration settings at any time with the import function 1 From the Web Ma...

Page 239: ...he network settings The network connection will be lost if this import function is performed To avoid a prolonged service interruption perform this procedure from the Command Line Interface via the se...

Page 240: ...n 2 Click on the Submit and Reboot button to replace the current system configuration settings with the factory default settings and reboot the AG 5500 Click here to view the current txt file Click he...

Page 241: ...ly 1 From the Web Management Interface click on System then FailOver The Fail Over screen appears 2 Enable or disable the Fail Over feature as required 3 If you enabled Fail Over define the Sibling St...

Page 242: ...the Web Management Interface and click on System then History The Uptime and Access Reboot History screen appears The Uptime field displays the time in days hours minutes and seconds that the system...

Page 243: ...ul end user troubleshooting feature and also required by certain smart clients for example GRIC 1 From the Web Management Interface click on System then ICMP The ICMP screen appears 2 Click on the che...

Page 244: ...on screen appears 2 Click on the OK button to replace the current system configuration settings with the settings contained in the archive txt file see notes above The archived configuration settings...

Page 245: ...managers have the ability to perform all write commands Submit Reset Reboot Add Delete etc but operators cannot change any system settings When this feature is enabled one manager and three operators...

Page 246: ...manager 4 In the Manager Password field enter a password for this manager 5 In the Confirm Password field enter the password again to confirm it Login names and passwords are case sensitive Use login...

Page 247: ...AG 5500_IP radtest testradius htm and can be accessed from the network side of the AG 5500 You must open a separate browser to utilize this feature The Framed IP field is configurable by the user and...

Page 248: ...MAC Filtering screen appears 2 Click on the check box for MAC Filtering to enable or disable this feature as required 3 Enter a MAC address in the MAC field then click on the Add button to add this a...

Page 249: ...ment Interface click on System then Reboot The Reboot Device screen appears 2 Click on OK to reboot the operating system The reboot procedure outlined on this page allows you to decide when to reboot...

Page 250: ...outer IP address by which the route s destination can be reached 1 From the Web Management Interface click on System then Route Add The Add Static Routes screen appears 2 Enter the Destination IP addr...

Page 251: ...b Management Interface click on System then Route Delete The Delete Static Routes screen appears 2 Enter the Destination IP address of the route you want to delete from the routing table 3 Click on th...

Page 252: ...ry then block malicious users 1 From the Web Management Interface click on System then Session Limit The Session Rate Limiting screen appears 2 Click on the check box for Session Rate Limiting to enab...

Page 253: ...00 The advantage for the network administrator is that free private IP addresses can be used to manage devices such as Access Points on the subscriber side of the AG 5500 without setting them up with...

Page 254: ...this field set to zero if you want to connect to the device from any TCP UDP port of a network side workstation 9 Select the protocol TCP or UDP from the pull down menu 10 Click on the Add button to a...

Page 255: ...ubscriber side of the AG 5500 without setting them up with public IP addresses This procedure shows you how to add static ports 1 From the Web Management Interface click on System then Static Port Map...

Page 256: ...r disable the following items by clicking on the corresponding check box z Block Subscriber Interface 1 z Block Subscriber Interface 2 3 Click on the Submit button to save your changes or click on the...

Page 257: ...ure billing Like a router the AG 5500 continuously tracks subscriber IP and MAC settings eliminating the need for further sign ins and ensuring that subscriber usage and billing is recorded accurately...

Page 258: ...ironment billing is a complex process It requires accurate data collection and reconciliation a means to validate and protect the data and an efficient method for collecting payments The AG 5500 offer...

Page 259: ...bill its guests for the high speed network services it provides track usage on the network and deny service to those guests who have not paid z Allowing the solution provider to bill subscribers for s...

Page 260: ...their user name and password z By looking up subscribers on a local flash database z By looking up subscribers on a remote database Subscriber Login Subscriber Management Accounting Billing Authentic...

Page 261: ...ty Management System PMS and Web interfaces enabling administrators to edit the subscriber s input Only subscribers that are correctly identified and authenticated are authorized to access the system...

Page 262: ...s Portal Page Internal or External Web Server AG 5500 detects connection and verifies user against authorization table Lease time has expired Purchase more time Yes No Internet and local online servic...

Page 263: ...ther method is transparent to the subscriber however the advantage of using the internal Web server is obvious no login redirection tasks and a faster response time for the subscriber Language Support...

Page 264: ...address The AG 5500 can be configured to allow access for specified MAC addresses In this model when a subscriber attempts to access the Internet the AG 5500 validates the subscriber s MAC address ag...

Page 265: ...user name and password are optional the MAC address will be substituted but in this event the service is not transferable between computers Credit card Enable the AAA services You have the choice of...

Page 266: ...of redirection options For information about configuring the ICC refer to Setting Up the Information and Control Console ICC Setup on page 197 ICC Pop Up Window The ICC displays a HTML based applet i...

Page 267: ...m Administrators to define a simple HTML based pop up window for explicit logout that can be used as an alternative to the more fully featured ICC The pop up Logout Console can display the elapsed cou...

Page 268: ...This page intentionally left blank AG 5500 256 The Subscriber Interface...

Page 269: ...LOG parameters Network Info Menu Displays the Network Info menu The items in this menu are used to monitor and review network connections routings protocols and network session statistics Port Locatio...

Page 270: ...net Web Management and FTP sources Auto Configuration Provides an effortless and rapid method for configuring devices for fast network roll outs Bandwidth Management Manages the bandwidth for subscrib...

Page 271: ...he Access Concentrator settings RADIUS Client With the appropriate product license the AG 5500 supports Remote Authentication Dial In User Service RADIUS This procedure sets up the RADIUS client RADIU...

Page 272: ...s and any assigned aliases ICMP Displays the ICMP Internet Control Message Protocol performance statistics Interfaces Displays statistics for the interfaces IP Displays the IP performance statistics R...

Page 273: ...ation assignments based on a specified port VLAN tag Export Exports specified port location assignments to the location txt file Find by Description Finds a port location assignment based on a unique...

Page 274: ...name DHCP Leases Sets up the current subscriber DHCP leases Expired Removes expired profiles Find by MAC Finds a subscriber profile based on a specified MAC address Find by User Finds a subscriber pro...

Page 275: ...Post Session UI Defines the post session Goodbye page Subscriber Buttons Defines how each of the subscriber s user interface control buttons are displayed Subscriber Labels Defines how the subscriber...

Page 276: ...r non authenticated users that are destined to addresses other than those defined in the pass through walled garden list Import Imports previously exported system configuration settings from an archiv...

Page 277: ...riber Admin Export Export configuration settings to the archive file System Export Export port location assignments to file Port Location Factory Import the factory default configuration settings Syst...

Page 278: ...ssion Limit Limits subscriber sessions System SMTP Set the SMTP redirection options Configuration SNMP Establish the SNMP parameters Configuration Sockets Display the active IP connections Network Inf...

Page 279: ...00 MAC address is unique for each product MAC address is unique for each product Network Interface IP Subscriber IP Subnet Mask Default Gateway IP DHCP Client Admin IP 10 0 0 10 10 0 0 11 255 255 255...

Page 280: ...uthorization New Subscribers Credit Card Service Parameter Passing Usernames XML Disabled Enabled Enabled Enabled Disabled Enabled Disabled DNS Redirection SMTP Redirection SMTP Server IP Enabled Disa...

Page 281: ...4207 AAA_Authentication Successful 00 10 5A 61 40 FF 12 hrs 0 min Mar 31 18 21 5 3 nomad2 37 nomadi x com INFO AAA 4106 AAA_lookup Added_in_memory_ table_ pending 00 00 0E 32 2C BC Mar 31 18 43 5 4 n...

Page 282: ...ookup Added_in_memory_table_pending Subscriber profile has been recognized and the AG 5500 is waiting to authenticate the user AAA_Interface Added_by_administrator Subscriber profile was manually adde...

Page 283: ...AG 5500 Quick Reference Guide 271 Sample History Log A history log is generated by the AG 5500 which includes the system s activity Access Reboot and Uptime More listings...

Page 284: ...and place it on the clipboard Ctrl X Copy selected data to the clipboard Ctrl C Paste data from the clipboard into a document at the insertion point Ctrl V Copy the active window to the clipboard Alt...

Page 285: ...be granted and if so with what privileges When a subscriber attempts to access the service provider s network the AG 5500 delivers a Web page to the subscriber asking for a login name and password Thi...

Page 286: ...t z Selected Detailed Descriptions z Nomadix Vendor Specific Attributes Authentication Request z Username z Password z Service Type z NAS Port port number z NAS Identifier z Framed IP Address z NAS IP...

Page 287: ...eout z Idle Timeout z EAP Packet used for 802 1x z Message Authenticator used for 802 1x z Acct Interim Interval z Nomadix VSAs z Nomadix Bw Up z Nomadix Bw Down z Nomadix URL Redirection z Nomadix IP...

Page 288: ...ctets z Acct Input Octets z Acct Output Packets z Acct Input Packets z Class z Nomadix VSAs z Nomadix Subnet z Nomadix URL Redirection z Nomadix IP Upsell z Acct Session Time Stop z Terminate Cause St...

Page 289: ...nding traffic through the AG 5500 the AG 5500 will immediately detect a Session Timeout However in the case of an Idle Timeout or an inactive subscriber Session Timeout the AG 5500 detects it via a cl...

Page 290: ...ct Request The AG 5500 has to send the following attributes in an Accounting Stop z Acct Output Packets number of packets sent by subscriber z Acct Input Packets number of packets received by subscrib...

Page 291: ...e user to receive a public address from a DHCP pool when the AG 5500 has the IP Upsell feature enabled Nomadix Volume Based Session Timeout This attribute allows you to terminate a session once a spec...

Page 292: ...ers browser We recommend that you use VeriSign all instructions in this document are based on obtaining a key from VeriSign Please contact Nomadix Technical Support if you want to use a different Cert...

Page 293: ...PC The procedure starts from the Cygwin Net Release Setup Program screen Click on the Next button The following screen appears Click on the Next button to display the next setup screen The example in...

Page 294: ...display the next setup screen Click on the Next button to display the next setup screen Click on the Next button to display the next setup screen Select a location and click on the Next button For th...

Page 295: ...nd openssl then click on the Next when you are done Click on the Next button to start the download process Wait for the download process to complete At the time of this writing there are more than 70...

Page 296: ...ide Click on the Next button to start the install process Wait for the install process to complete There will be a pop up dialog to inform you that the installation process is completed At the pop up...

Page 297: ...ory where you installed openssl exe Run the command prompt from Windows then click on the OK button Go to the c cygwin bin directory and run the following command openssl genrsa rand file1 file2 file3...

Page 298: ...s back to cakey pem when trying to FTP to the AG 5500 openssl openssl command genrsa A parameter for openssl to generate an RSA key Rand A parameter for openssl to generate a random number from the fi...

Page 299: ...AG 5500 Quick Reference Guide 287 Here is the output of cakey pem...

Page 300: ...ates or Province names do not exist in your country please repeat the Locality Name The Common Name is the name used in the AG 5500 AAA SSL Certificate Domain Name The Common Name in the Public Key mu...

Page 301: ...AG 5500 Quick Reference Guide 289 Here is the output of server csr...

Page 302: ...ificate Authority Generally you will need to send a Certificate Signing Request to the Certificate Authority CA and the CA will create a public key base on the certificate request This is the procedur...

Page 303: ...the existence of your business Please follow the instruction from VeriSign carefully In addition there is one section about generating a CSR however since you have already created the CSR in step 2 w...

Page 304: ...Select the purchase method and summit the required contact information When you receive an email from VeriSign with Secure Server ID Global Server ID if you create a 128 bit key that contains the Publ...

Page 305: ...AG 5500 Quick Reference Guide 293 The file server pem will look like this You have now finished the process of obtaining a public key...

Page 306: ...anagement Interface WMI go to Defining the AAA Services AAA on page 60 Setting Up the Portal Page System administrators can create login button s on the Portal Page and can setup http links for regula...

Page 307: ...This document describes the process used by the AG 5500 for mirroring billing records and is organized into the following sections z Sending Billing Records on page 295 z XML Interface on page 296 z...

Page 308: ...G 5500 to External Server USG RMTLOG_COMMAND ADD_REC REC_NUM max 4 characters REC_NUM USG_ID max 6 characters USG_ID PROPERTY_ID max 64 characters PROPERTY_ID DATE max 10 characters DATE TIME max 8 ch...

Page 309: ...mmand sent by the External Server to the AG 5500 product In this case the acknowledgement received from the External Server forms the command The AG 5500 expects the acknowledgement in the following f...

Page 310: ...IP_ADDR 11 22 33 44 IP_ADDR ERROR_CODE 5 ERROR_CODE USG Format for each Field RESULT_VALUE OK or ERROR IP Standard IP format 123 123 123 123 ERROR_CODE1 for OK or any other number For more information...

Page 311: ...ce the AG 5500 requires careful handling It should be positioned in a dust free and temperature controlled environment Never block the unit s ventilation holes and do not stack with other equipment un...

Page 312: ...settings or the message is generated by the system when it fails to locate the data it needs Error loading factory settings The system cannot find the default configuration file when attempting to res...

Page 313: ...re available to subscribers This message is displayed because you have disabled both the external DHCP relay and the system s DHCP service To make DHCP available to subscribers at least one of these f...

Page 314: ...server If necessary test the communication with the ping command The DHCP relay is enabled with the correct IP address for the external DHCP server but the DHCP server is misconfigured Check the exte...

Page 315: ...to the AG 5500 incorrectly Re enter the correct URL The server that hosts the home page is down or the service provider if different from the host is not able to route to your page Check that the serv...

Page 316: ...This page intentionally left blank AG 5500 304 Troubleshooting...

Page 317: ...etwork documentation to verify that the network components are functioning correctly If you cannot resolve the problem with your documentation resources try connecting to our corporate Web site We may...

Page 318: ...This page intentionally left blank AG 5500 306 Appendix A Technical Support...

Page 319: ...2 1Q An IEEE standard for providing a virtual LAN capability within a campus network 802 1Q establishes a standard format for frame tagging Layer 2 VLAN markings enabling the creation of VLANs that us...

Page 320: ...ts of a fixed size 53 bytes each The cell used with ATM is relatively small compared to units used with older technologies The small constant cell size allows ATM equipment to transmit video audio and...

Page 321: ...omes available for reassignment to another device See also Dynamic IP Address IP Address Static IP Address and TCP IP DNS Domain Name System A system that maps meaningful domain names with complex num...

Page 322: ...ctions Transactions may include generating orders invoices and payments and submitting inquiries Also known as Enterprise ESS Extended Service Set See infrastructure mode Ethernet A Local Area Network...

Page 323: ...ufacturer to support new protocols as they become standardized Forwarding Rate The maximum rate at which 64K packets can be delivered to their destination See also Packet Packet Switching Network pps...

Page 324: ...followed iNAT Intelligent Network Address Translation Nomadix iNAT feature creates an intelligent mapping of IP addresses and their associated VPN tunnels allowing multiple tunnels to be established...

Page 325: ...computer s network settings to provide them with seamless access to the broadband network Subscribers no longer need to alter their computer s settings See also Dynamic IP Address IP Address and Stati...

Page 326: ...eripheral devices to the network Each node on a network has a distinct name On the Internet a node is a host computer with a unique domain name and IP address See also Domain Name and IP Address NTP N...

Page 327: ...h adjust the format depending on the users viewing medium for example monitor size Ping Packet INternet Groper A program that transmits a signal to a host and expects a response within a predetermined...

Page 328: ...d password This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system RFC Request for Comments A series of notes about the...

Page 329: ...tifies a wireless network SSL Secure Sockets Layer A protocol developed by Netscape for transmitting private documents via the Internet SSL works by using a private key to encrypt data that is transfe...

Page 330: ...you to the login prompt of another host that you have access rights to See also Host Throughput The net data transfer rate between an information source and its destination using the maximum packet s...

Page 331: ...nd is calculated into UTC UTC was devised on January 1 1972 and is coordinated in Paris by the International Bureau of Weights and Measures UTC like GMT is set at 0 degrees longitude on the prime meri...

Page 332: ...ys WPA Wi Fi Protected Access A Wi Fi standard that was designed to improve upon the security features of WEP The technology is designed to work with existing Wi Fi products that have been enabled wit...

Page 333: ...ing subscriber interfaces 244 branding 5 bridge mode 8 225 C cautions 27 Certificate Signing Request 288 character lengths 38 CLI 9 Command Line Interface 9 inputting data 36 logging in 33 common prob...

Page 334: ...ing 231 ICMP statistics 153 importing configuration settings 232 importing factory settings 227 iNAT 11 90 Information and Control Console 8 12 197 254 assigning banners 201 assigning buttons 200 pixe...

Page 335: ...cture sample 24 network connections 50 Network Info menu 150 network interfaces 154 notes 27 Notifications iv NSE core functionality 6 NTP support 14 O optional NSE modules 21 Credit Card Module 22 Hi...

Page 336: ...oxy Accounting Logs 188 RADIUS Session History 188 rebooting 237 remember me 16 remote connections 57 routes 238 239 adding 238 deleting 239 routing tables 156 S secure administration 70 secure manage...

Page 337: ...05 user 305 Syslog History 105 106 Log Filter 104 Save file 104 SYSLOG report 270 System Administration menu 57 System menu 223 System report log 104 System report log interval 104 T TCP statistics 15...

Page 338: ...This page intentionally left blank AG 5500 326 Index...

Reviews:

No comments